Linux Linux

Do you want an email whenever new security vulnerabilities are reported in any Linux product?

Products by Linux Sorted by Most Security Vulnerabilities since 2018

Linux Kernel980 vulnerabilities

Linux Acrn7 vulnerabilities

Linux Tizen5 vulnerabilities

Linux Mac802113 vulnerabilities

@Linux_Kernel Tweets

Linux kernel 3.6.1 ( stable) has been released - http://t.co/vhc5dozz #linux #kernel
Sun Oct 07 15:49:01 +0000 2012

Linux kernel next-20120928 ( linux-next) has been released - http://t.co/vhc5dozz #linux #kernel
Mon Oct 01 00:19:02 +0000 2012

Linux kernel 3.6 ( mainline) has been released - http://t.co/vhc5dozz #linux #kernel
Mon Oct 01 00:19:01 +0000 2012

Linux kernel next-20120921 ( linux-next) has been released - http://t.co/vhc5dozz #linux #kernel
Mon Sep 24 01:49:03 +0000 2012

Linux kernel 3.6-rc7 ( mainline) has been released - http://t.co/vhc5dozz #linux #kernel
Mon Sep 24 01:49:02 +0000 2012

By the Year

In 2021 there have been 124 vulnerabilities in Linux with an average score of 6.7 out of ten. Last year Linux had 117 security vulnerabilities published. That is, 7 more vulnerabilities have already been reported in 2021 as compared to last year. However, the average CVE base score of the vulnerabilities in 2021 is greater by 0.51.

Year Vulnerabilities Average Score
2021 124 6.68
2020 117 6.18
2019 266 6.30
2018 144 6.25

It may take a day or so for new Linux vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Linux Security Vulnerabilities

hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED state

CVE-2021-37159 7.8 - High - July 21, 2021

hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free.

Double-free

fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations

CVE-2021-33909 7.8 - High - July 20, 2021

fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05.

Classic Buffer Overflow

An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1

CVE-2021-3612 7.8 - High - July 09, 2021

An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Buffer Overflow

Improper authorization vulnerability in Tizen factory reset policy prior to Firmware update JUL-2021 Release

CVE-2021-25433 5.5 - Medium - July 08, 2021

Improper authorization vulnerability in Tizen factory reset policy prior to Firmware update JUL-2021 Release allows untrusted applications to perform factory reset using dbus signal.

AuthZ

Improper input validation vulnerability in Tizen bootloader prior to Firmware update JUL-2021 Release

CVE-2021-25434 9.8 - Critical - July 08, 2021

Improper input validation vulnerability in Tizen bootloader prior to Firmware update JUL-2021 Release allows arbitrary code execution using param partition in wireless firmware download mode.

Improper Input Validation

Improper input validation vulnerability in Tizen FOTA service prior to Firmware update JUL-2021 Release

CVE-2021-25436 9.8 - Critical - July 08, 2021

Improper input validation vulnerability in Tizen FOTA service prior to Firmware update JUL-2021 Release allows arbitrary code execution via Samsung Accessory Protocol.

Improper Input Validation

Improper access control vulnerability in Tizen FOTA service prior to Firmware update JUL-2021 Release

CVE-2021-25437 9.8 - Critical - July 08, 2021

Improper access control vulnerability in Tizen FOTA service prior to Firmware update JUL-2021 Release allows attackers to arbitrary code execution by replacing FOTA update file.

AuthZ

Improper input validation vulnerability in Tizen bootloader prior to Firmware update JUL-2021 Release

CVE-2021-25435 9.8 - Critical - July 08, 2021

Improper input validation vulnerability in Tizen bootloader prior to Firmware update JUL-2021 Release allows arbitrary code execution using recovery partition in wireless firmware download mode.

Improper Input Validation

A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c

CVE-2021-22555 7.8 - High - July 07, 2021

A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space

Memory Corruption

kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature Verification, aka CID-0c18f29aae7c

CVE-2021-35039 7.8 - High - July 07, 2021

kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature Verification, aka CID-0c18f29aae7c. Without CONFIG_MODULE_SIG, verification that a kernel module is signed, for loading via init_module, does not occur for a module.sig_enforce=1 command-line argument.

Improper Verification of Cryptographic Signature

ACRN before 2.5 has a devicemodel/hw/pci/xhci.c NULL Pointer Dereference for a trb pointer.

CVE-2021-36146 7.5 - High - July 02, 2021

ACRN before 2.5 has a devicemodel/hw/pci/xhci.c NULL Pointer Dereference for a trb pointer.

NULL Pointer Dereference

The Device Model in ACRN through 2.5 has a devicemodel/core/mem.c use-after-free for a freed rb_entry.

CVE-2021-36145 7.5 - High - July 02, 2021

The Device Model in ACRN through 2.5 has a devicemodel/core/mem.c use-after-free for a freed rb_entry.

Dangling pointer

ACRN before 2.5 has a hw/pci/virtio/virtio.c vq_endchains NULL Pointer Dereference.

CVE-2021-36143 7.5 - High - July 02, 2021

ACRN before 2.5 has a hw/pci/virtio/virtio.c vq_endchains NULL Pointer Dereference.

NULL Pointer Dereference

An issue was discovered in ACRN before 2.5

CVE-2021-36148 7.8 - High - July 02, 2021

An issue was discovered in ACRN before 2.5. dmar_free_irte in hypervisor/arch/x86/vtd.c allows an irte_alloc_bitmap buffer overflow.

Classic Buffer Overflow

An issue was discovered in ACRN before 2.5

CVE-2021-36147 7.5 - High - July 02, 2021

An issue was discovered in ACRN before 2.5. It allows a devicemodel/hw/pci/virtio/virtio_net.c virtio_net_ping_rxq NULL pointer dereference for vq->used.

NULL Pointer Dereference

The polling timer handler in ACRN before 2.5 has a use-after-free for a freed virtio device

CVE-2021-36144 7.5 - High - July 02, 2021

The polling timer handler in ACRN before 2.5 has a use-after-free for a freed virtio device, related to devicemodel/hw/pci/virtio/*.c.

Dangling pointer

Guest triggered use-after-free in Linux xen-netback A malicious or buggy network PV frontend

CVE-2021-28691 7.8 - High - June 29, 2021

Guest triggered use-after-free in Linux xen-netback A malicious or buggy network PV frontend can force Linux netback to disable the interface and terminate the receive kernel thread associated with queue 0 in response to the frontend sending a malformed packet. Such kernel thread termination will lead to a use-after-free in Linux netback when the backend is destroyed, as the kernel thread associated with queue 0 will have already exited and thus the call to kthread_stop will be performed against a stale pointer.

Dangling pointer

The vgacon subsystem in the Linux kernel before 5.8.10 mishandles software scrollback

CVE-2020-28097 5.9 - Medium - June 24, 2021

The vgacon subsystem in the Linux kernel before 5.8.10 mishandles software scrollback. There is a vgacon_scrolldelta out-of-bounds read, aka CID-973c096f6a85.

Out-of-bounds Read

In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g

CVE-2021-33624 4.7 - Medium - June 23, 2021

In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack, aka CID-9183671af6db.

Side Channel Attack

A flaw was discovered in gfs2 file systems handling of acls (access control lists)

CVE-2010-2525 7.8 - High - June 22, 2021

A flaw was discovered in gfs2 file systems handling of acls (access control lists). An unprivileged local attacker could exploit this flaw to gain access or execute any file stored in the gfs2 file system.

AuthZ

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. Privacy Policy
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.