Linux
Products by Linux Sorted by Most Security Vulnerabilities since 2018
@Linux_Kernel Tweets
Sun Oct 07 15:49:01 +0000 2012
Mon Oct 01 00:19:02 +0000 2012
Mon Oct 01 00:19:01 +0000 2012
Mon Sep 24 01:49:03 +0000 2012
Mon Sep 24 01:49:02 +0000 2012
By the Year
In 2021 there have been 63 vulnerabilities in Linux with an average score of 6.4 out of ten. Last year Linux had 117 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Linux in 2021 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2021 is greater by 0.15.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2021 | 63 | 6.35 |
| 2020 | 117 | 6.21 |
| 2019 | 266 | 6.29 |
| 2018 | 140 | 6.25 |
It may take a day or so for new Linux vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Linux Security Vulnerabilities
net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller.
CVE-2021-32399
7 - High
- May 10, 2021
net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller.
Race Condition
kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading to disclosure of stack content
CVE-2021-31829
5.5 - Medium
- May 06, 2021
kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a. The specific concern is not protecting the BPF stack area against speculative loads. Also, the BPF stack can contain uninitialized data that might represent sensitive information previously operated on by the kernel.
AuthZ
An out-of-bounds (OOB) memory access flaw was found in x25_bind in net/x25/af_x25.c in the Linux kernel version v5.12-rc5
CVE-2020-35519
7.8 - High
- May 06, 2021
An out-of-bounds (OOB) memory access flaw was found in x25_bind in net/x25/af_x25.c in the Linux kernel version v5.12-rc5. A bounds check failure allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Out-of-bounds Read
A flaw was found in the Linux kernel in versions before 5.12
CVE-2021-3501
7.1 - High
- May 06, 2021
A flaw was found in the Linux kernel in versions before 5.12. The value of internal.ndata, in the KVM API, is mapped to an array index, which can be updated by a user process at anytime which could lead to an out-of-bounds write. The highest threat from this vulnerability is to data integrity and system availability.
Memory Corruption
A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation
CVE-2021-23133
7 - High
- April 22, 2021
A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network service privileges to escalate to root or from the context of an unprivileged user directly if a BPF_CGROUP_INET_SOCK_CREATE is attached which denies creation of some SCTP socket.
Race Condition
An issue was discovered in the Linux kernel through 5.11.x
CVE-2021-29155
5.5 - Medium
- April 20, 2021
An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations.
Out-of-bounds Read
An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4
CVE-2021-3506
7.1 - High
- April 19, 2021
An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability.
Out-of-bounds Read
An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf
CVE-2020-36322
5.5 - Medium
- April 14, 2021
An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950.
Insufficient Cleanup
BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements
CVE-2021-29154
7.8 - High
- April 08, 2021
BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c.
Command Injection
An issue was discovered in the Linux kernel through 5.11.11
CVE-2021-30178
5.5 - Medium
- April 07, 2021
An issue was discovered in the Linux kernel through 5.11.11. synic_get in arch/x86/kvm/hyperv.c has a NULL pointer dereference for certain accesses to the SynIC Hyper-V context, aka CID-919f4ebc5987.
NULL Pointer Dereference
An issue was discovered in the Linux kernel before 5.7
CVE-2020-36313
7.8 - High
- April 07, 2021
An issue was discovered in the Linux kernel before 5.7. The KVM subsystem allows out-of-range access to memslots after a deletion, aka CID-0774a964ef56. This affects arch/s390/kvm/kvm-s390.c, include/linux/kvm_host.h, and virt/kvm/kvm_main.c.
Dangling pointer
An issue was discovered in the Linux kernel before 5.9
CVE-2020-36311
5.5 - Medium
- April 07, 2021
An issue was discovered in the Linux kernel before 5.9. arch/x86/kvm/svm/sev.c allows attackers to cause a denial of service (soft lockup) by triggering destruction of a large SEV VM (which requires unregistering many encrypted regions), aka CID-7be74942f184.
An issue was discovered in the Linux kernel before 5.8.10
CVE-2020-36312
5.5 - Medium
- April 07, 2021
An issue was discovered in the Linux kernel before 5.8.10. virt/kvm/kvm_main.c has a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure, aka CID-f65886606c2d.
Memory Leak
An issue was discovered in the Linux kernel before 5.8
CVE-2020-36310
5.5 - Medium
- April 07, 2021
An issue was discovered in the Linux kernel before 5.8. arch/x86/kvm/svm/svm.c allows a set_memory_region_test infinite loop for certain nested page faults, aka CID-e72436bc3a52.
Infinite Loop
The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values
CVE-2021-28688
6.5 - Medium
- April 06, 2021
The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable. XSA-365 was classified to affect versions back to at least 3.11.
Improper Initialization
An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists
CVE-2021-30002
6.2 - Medium
- April 02, 2021
An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b.
Missing Release of Resource after Effective Lifetime
An issue was discovered in the Linux kernel before 5.11.11
CVE-2021-29650
5.5 - Medium
- March 30, 2021
An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf.
An issue was discovered in the Linux kernel before 5.11.11
CVE-2021-29648
5.5 - Medium
- March 30, 2021
An issue was discovered in the Linux kernel before 5.11.11. The BPF subsystem does not properly consider that resolved_ids and resolved_sizes are intentionally uninitialized in the vmlinux BPF Type Format (BTF), which can cause a system crash upon an unexpected access attempt (in map_create in kernel/bpf/syscall.c or check_btf_info in kernel/bpf/verifier.c), aka CID-350a5c4dd245.
Improper Restriction of Excessive Authentication Attempts
An issue was discovered in the Linux kernel before 5.11.11
CVE-2021-29649
5.5 - Medium
- March 30, 2021
An issue was discovered in the Linux kernel before 5.11.11. The user mode driver (UMD) has a copy_process() memory leak, related to a lack of cleanup steps in kernel/usermode_driver.c and kernel/bpf/preload/bpf_preload_kern.c, aka CID-f60a85cad677.
Memory Leak
An issue was discovered in the Linux kernel before 5.11.11
CVE-2021-29646
5.5 - Medium
- March 30, 2021
An issue was discovered in the Linux kernel before 5.11.11. tipc_nl_retrieve_key in net/tipc/node.c does not properly validate certain data sizes, aka CID-0217ed2848e8.