Linux Linux

Do you want an email whenever new security vulnerabilities are reported in any Linux product?

Products by Linux Sorted by Most Security Vulnerabilities since 2018

Linux Kernel2311 vulnerabilities

Linux Acrn7 vulnerabilities

Linux Kernel5 vulnerabilities

Linux Tizen5 vulnerabilities

Linux Mac802113 vulnerabilities

Linux Kernel Rt1 vulnerability

Linux Mptcp Protocol1 vulnerability

Util Linux1 vulnerability

Known Exploited Linux Vulnerabilities

The following Linux vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Linux Kernel Race Condition Vulnerability Linux Kernel contains a race condition vulnerability within the n_tty_write function that allows local users to cause a denial-of-service or gain privileges via read and write operations with long strings. CVE-2014-0196 May 12, 2023
Linux Kernel Improper Input Validation Vulnerability Linux Kernel contains an improper input validation vulnerability in the Reliable Datagram Sockets (RDS) protocol implementation that allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls. CVE-2010-3904 May 12, 2023
Linux Kernel Use-After-Free Vulnerability Linux kernel contains a use-after-free vulnerability that allows for privilege escalation to gain ring0 access from the system user. CVE-2023-0266 March 30, 2023
Linux Kernel Privilege Escalation Vulnerability The overlayfs stacking file system in Linux kernel does not properly validate the application of file capabilities against user namespaces, which could lead to privilege escalation. CVE-2021-3493 October 20, 2022
Linux Kernel Improper Input Validation Vulnerability The get_user and put_user API functions of the Linux kernel fail to validate the target address when being used on ARM v6k/v7 platforms. This allows an application to read and write kernel memory which could lead to privilege escalation. CVE-2013-6282 September 15, 2022
Linux Kernel Integer Overflow Vulnerability Linux kernel fb_mmap function in drivers/video/fbmem.c contains an integer overflow vulnerability which allows for privilege escalation. CVE-2013-2596 September 15, 2022
Linux Kernel Privilege Escalation Vulnerability Linux kernel fails to check all 64 bits of attr.config passed by user space, resulting to out-of-bounds access of the perf_swevent_enabled array in sw_perf_event_destroy(). Explotation allows for privilege escalation. CVE-2013-2094 September 15, 2022
Linux Kernel Privilege Escalation Vulnerability The futex_requeue function in kernel/futex.c in Linux kernel does not ensure that calls have two different futex addresses, which allows local users to gain privileges. CVE-2014-3153 May 25, 2022
Linux Kernel Privilege Escalation Vulnerability Linux kernel contains an improper initialization vulnerability where an unprivileged local user could escalate their privileges on the system. This vulnerability has the moniker of "Dirty Pipe." CVE-2022-0847 April 25, 2022
Linux Kernel Privilege Escalation Vulnerability Linux Kernel contains a flaw in the packet socket (AF_PACKET) implementation which could lead to incorrectly freeing memory. A local user could exploit this for denial-of-service or possibly for privilege escalation. CVE-2021-22600 April 11, 2022
Linux Kernel Race Condition Vulnerability Race condition in mm/gup.c in the Linux kernel allows local users to escalate privileges. CVE-2016-5195 March 3, 2022
Linux Kernel Improper Privilege Management Vulnerability Kernel/ptrace.c in Linux kernel mishandles contains an improper privilege management vulnerability which allows local users to obtain root access. CVE-2019-13272 December 10, 2021

By the Year

In 2024 there have been 60 vulnerabilities in Linux with an average score of 6.5 out of ten. Last year Linux had 282 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Linux in 2024 could surpass last years number. Last year, the average CVE base score was greater by 0.00

Year Vulnerabilities Average Score
2024 60 6.52
2023 282 6.52
2022 311 6.41
2021 173 6.58
2020 120 6.16
2019 277 6.36
2018 156 6.34

It may take a day or so for new Linux vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Linux Security Vulnerabilities

A use-after-free flaw was found in the Linux kernel's Memory Management subsystem when a user wins two races at the same time with a fail in the mas_prev_slot function

CVE-2024-1312 4.7 - Medium - February 08, 2024

A use-after-free flaw was found in the Linux kernel's Memory Management subsystem when a user wins two races at the same time with a fail in the mas_prev_slot function. This issue could allow a local user to crash the system.

Dangling pointer

A flaw was found in the Linux kernel's NVMe driver

CVE-2023-6356 7.5 - High - February 07, 2024

A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a denial of service.

NULL Pointer Dereference

A flaw was found in the Linux kernel's NVMe driver

CVE-2023-6535 7.5 - High - February 07, 2024

A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service.

NULL Pointer Dereference

A flaw was found in the Linux kernel's NVMe driver

CVE-2023-6536 7.5 - High - February 07, 2024

A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service.

NULL Pointer Dereference

A race condition was found in the Linux kernel's media/dvb-core in dvbdmx_write() function

CVE-2024-24864 4.7 - Medium - February 05, 2024

A race condition was found in the Linux kernel's media/dvb-core in dvbdmx_write() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.

Race Condition

A race condition was found in the Linux kernel's bluetooth device driver in {min,max}_key_size_set() function

CVE-2024-24860 5.3 - Medium - February 05, 2024

A race condition was found in the Linux kernel's bluetooth device driver in {min,max}_key_size_set() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.

Race Condition

A race condition was found in the Linux kernel's drm/exynos device driver in exynos_drm_crtc_atomic_disable() function

CVE-2024-22386 4.7 - Medium - February 05, 2024

A race condition was found in the Linux kernel's drm/exynos device driver in exynos_drm_crtc_atomic_disable() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.

Race Condition

A race condition was found in the Linux kernel's sound/hda device driver in snd_hdac_regmap_sync() function

CVE-2024-23196 4.7 - Medium - February 05, 2024

A race condition was found in the Linux kernel's sound/hda device driver in snd_hdac_regmap_sync() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.

Race Condition

A race condition was found in the Linux kernel's scsi device driver in lpfc_unregister_fcf_rescan() function

CVE-2024-24855 4.7 - Medium - February 05, 2024

A race condition was found in the Linux kernel's scsi device driver in lpfc_unregister_fcf_rescan() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.

Race Condition

A race condition was found in the Linux kernel's net/bluetooth device driver in conn_info_{min,max}_age_set() function

CVE-2024-24857 6.8 - Medium - February 05, 2024

A race condition was found in the Linux kernel's net/bluetooth device driver in conn_info_{min,max}_age_set() function. This can result in integrity overflow issue, possibly leading to bluetooth connection abnormality or denial of service.

Race Condition

A race condition was found in the Linux kernel's net/bluetooth in {conn,adv}_{min,max}_interval_set() function

CVE-2024-24858 5.3 - Medium - February 05, 2024

A race condition was found in the Linux kernel's net/bluetooth in {conn,adv}_{min,max}_interval_set() function. This can result in I2cap connection or broadcast abnormality issue, possibly leading to denial of service.

Race Condition

A race condition was found in the Linux kernel's net/bluetooth in sniff_{min,max}_interval_set() function

CVE-2024-24859 4.8 - Medium - February 05, 2024

A race condition was found in the Linux kernel's net/bluetooth in sniff_{min,max}_interval_set() function. This can result in a bluetooth sniffing exception issue, possibly leading denial of service.

Race Condition

A race condition was found in the Linux kernel's media/xc4000 device driver in xc4000 xc4000_get_frequency() function

CVE-2024-24861 6.3 - Medium - February 05, 2024

A race condition was found in the Linux kernel's media/xc4000 device driver in xc4000 xc4000_get_frequency() function. This can result in return value overflow issue, possibly leading to malfunction or denial of service issue.

Race Condition

A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel

CVE-2023-6240 6.5 - Medium - February 04, 2024

A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt ciphertexts or forge signatures, limiting the services that use that private key.

Side Channel Attack

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation

CVE-2024-1085 7.8 - High - January 31, 2024

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_setelem_catchall_deactivate() function checks whether the catch-all set element is active in the current generation instead of the next generation before freeing it, but only flags it inactive in the next generation, making it possible to free the element multiple times, leading to a double free vulnerability. We recommend upgrading past commit b1db244ffd041a49ecc9618e8feb6b5c1afcdaa7.

Dangling pointer

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation

CVE-2024-1086 7.8 - High - January 31, 2024

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.

Dangling pointer

A flaw was found in the Linux kernel's memory deduplication mechanism

CVE-2024-0564 6.5 - Medium - January 30, 2024

A flaw was found in the Linux kernel's memory deduplication mechanism. The max page sharing of Kernel Samepage Merging (KSM), added in Linux kernel version 4.4.0-96.119, can create a side channel. When the attacker and the victim share the same host and the default setting of KSM is "max page sharing=256", it is possible for the attacker to time the unmap to merge with the victim's page. The unmapping time depends on whether it merges with the victim's page and additional physical pages are created beyond the KSM's "max page share". Through these operations, the attacker can leak the victim's page.

Side Channel Attack

Use After Free vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (bluetooth modules) allows Local Execution of Code

CVE-2024-21803 7.8 - High - January 30, 2024

Use After Free vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (bluetooth modules) allows Local Execution of Code. This vulnerability is associated with program files https://gitee.Com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/af_bluetooth.C. This issue affects Linux kernel: from v2.6.12-rc2 before v6.8-rc1.

Dangling pointer

Transmit requests in Xen's virtual network protocol can consist of multiple parts

CVE-2023-46838 7.5 - High - January 29, 2024

Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any of them may be of zero length, i.e. carry no data at all. Besides a certain initial portion of the to be transferred data, these parts are directly translated into what Linux calls SKB fragments. Such converted request parts can, when for a particular SKB they are all of length zero, lead to a de-reference of NULL in core networking code.

NULL Pointer Dereference

A race condition was found in the Linux Kernel

CVE-2023-6200 7.5 - High - January 28, 2024

A race condition was found in the Linux Kernel. Under certain conditions, an unauthenticated attacker from an adjacent network could send an ICMPv6 router advertisement packet, causing arbitrary code execution.

Race Condition

A null pointer dereference flaw was found in the hugetlbfs_fill_super function in the Linux kernel hugetlbfs (HugeTLB pages) functionality

CVE-2024-0841 7.8 - High - January 28, 2024

A null pointer dereference flaw was found in the hugetlbfs_fill_super function in the Linux kernel hugetlbfs (HugeTLB pages) functionality. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.

NULL Pointer Dereference

Integer Overflow or Wraparound vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (md, raid, raid5 modules)

CVE-2024-23307 7.8 - High - January 25, 2024

Integer Overflow or Wraparound vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (md, raid, raid5 modules) allows Forced Integer Overflow.

Integer Overflow or Wraparound

NULL Pointer Dereference vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (net, bluetooth modules) allows Overflow Buffers

CVE-2024-22099 5.5 - Medium - January 25, 2024

NULL Pointer Dereference vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (net, bluetooth modules) allows Overflow Buffers. This vulnerability is associated with program files /net/bluetooth/rfcomm/core.C. This issue affects Linux kernel: v2.6.12-rc2.

NULL Pointer Dereference

In the Linux kernel before 6.4.12

CVE-2023-51042 7.8 - High - January 23, 2024

In the Linux kernel before 6.4.12, amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c has a fence use-after-free.

Dangling pointer

An issue was discovered in ksmbd in the Linux kernel before 6.6.10

CVE-2024-22705 7.8 - High - January 23, 2024

An issue was discovered in ksmbd in the Linux kernel before 6.6.10. smb2_get_data_area_len in fs/smb/server/smb2misc.c can cause an smb_strndup_from_utf16 out-of-bounds access because the relationship between Name data and CreateContexts data is mishandled.

Out-of-bounds Read

In the Linux kernel before 6.4.5

CVE-2023-51043 7 - High - January 23, 2024

In the Linux kernel before 6.4.5, drivers/gpu/drm/drm_atomic.c has a use-after-free during a race condition between a nonblocking atomic commit and a driver unload.

Dangling pointer

In the Linux kernel before 6.5.9

CVE-2023-46343 5.5 - Medium - January 23, 2024

In the Linux kernel before 6.5.9, there is a NULL pointer dereference in send_acknowledge in net/nfc/nci/spi.c.

NULL Pointer Dereference

copy_params in drivers/md/dm-ioctl.c in the Linux kernel through 6.7.1 can attempt to allocate more than INT_MAX bytes, and crash

CVE-2024-23851 5.5 - Medium - January 23, 2024

copy_params in drivers/md/dm-ioctl.c in the Linux kernel through 6.7.1 can attempt to allocate more than INT_MAX bytes, and crash, because of a missing param_kernel->data_size check. This is related to ctl_ioctl.

In btrfs_get_root_ref in fs/btrfs/disk-io.c in the Linux kernel through 6.7.1, there can be an assertion failure and crash

CVE-2024-23850 5.5 - Medium - January 23, 2024

In btrfs_get_root_ref in fs/btrfs/disk-io.c in the Linux kernel through 6.7.1, there can be an assertion failure and crash because a subvolume can be read out too soon after its root item is inserted upon subvolume creation.

In rds_recv_track_latency in net/rds/af_rds.c in the Linux kernel through 6.7.1

CVE-2024-23849 5.5 - Medium - January 23, 2024

In rds_recv_track_latency in net/rds/af_rds.c in the Linux kernel through 6.7.1, there is an off-by-one error for an RDS_MSG_RX_DGRAM_TRACE_MAX comparison, resulting in out-of-bounds access.

off-by-five

In the Linux kernel through 6.7.1

CVE-2024-23848 5.5 - Medium - January 23, 2024

In the Linux kernel through 6.7.1, there is a use-after-free in cec_queue_msg_fh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c.

Dangling pointer

An out-of-bounds read vulnerability was found in Netfilter Connection Tracking (conntrack) in the Linux kernel

CVE-2023-39197 7.5 - High - January 23, 2024

An out-of-bounds read vulnerability was found in Netfilter Connection Tracking (conntrack) in the Linux kernel. This flaw allows a remote user to disclose sensitive information via the DCCP protocol.

Out-of-bounds Read

A use-after-free flaw was found in the __ext4_remount in fs/ext4/super.c in ext4 in the Linux kernel

CVE-2024-0775 7.1 - High - January 22, 2024

A use-after-free flaw was found in the __ext4_remount in fs/ext4/super.c in ext4 in the Linux kernel. This flaw allows a local user to cause an information leak problem while freeing the old quota file names before a potential failure, leading to a use-after-free.

Dangling pointer

A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic() on the socket

CVE-2023-6531 7 - High - January 21, 2024

A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic() on the socket that the SKB is queued on.

Race Condition

A flaw was found in the Netfilter subsystem in the Linux kernel

CVE-2024-0607 6.6 - Medium - January 18, 2024

A flaw was found in the Netfilter subsystem in the Linux kernel. The issue is in the nft_byteorder_eval() function, where the code iterates through a loop and writes to the `dst` array. On each iteration, 8 bytes are written, but `dst` is an array of u32, so each element only has space for 4 bytes. That means every iteration overwrites part of the previous element corrupting this array of u32. This flaw allows a local user to cause a denial of service or potentially break NetFilter functionality.

A denial of service vulnerability due to a deadlock was found in sctp_auto_asconf_init in net/sctp/socket.c in the Linux kernels SCTP subsystem

CVE-2024-0639 5.5 - Medium - January 17, 2024

A denial of service vulnerability due to a deadlock was found in sctp_auto_asconf_init in net/sctp/socket.c in the Linux kernels SCTP subsystem. This flaw allows guests with local user privileges to trigger a deadlock and potentially crash the system.

Improper Locking

A denial of service vulnerability was found in tipc_crypto_key_revoke in net/tipc/crypto.c in the Linux kernels TIPC subsystem

CVE-2024-0641 5.5 - Medium - January 17, 2024

A denial of service vulnerability was found in tipc_crypto_key_revoke in net/tipc/crypto.c in the Linux kernels TIPC subsystem. This flaw allows guests with local user privileges to trigger a deadlock and potentially crash the system.

Improper Locking

An out-of-bounds memory write flaw was found in the Linux kernels Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination

CVE-2024-0646 7.8 - High - January 17, 2024

An out-of-bounds memory write flaw was found in the Linux kernels Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Memory Corruption

A memory leak flaw was found in the Linux kernels io_uring functionality in how a user registers a buffer ring with IORING_REGISTER_PBUF_RING

CVE-2024-0582 7.8 - High - January 16, 2024

A memory leak flaw was found in the Linux kernels io_uring functionality in how a user registers a buffer ring with IORING_REGISTER_PBUF_RING, mmap() it, and then frees it. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Dangling pointer

Rejected reason: Do not use this CVE as it is duplicate of CVE-2023-6932

CVE-2024-0584 - January 16, 2024

Rejected reason: Do not use this CVE as it is duplicate of CVE-2023-6932

An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel

CVE-2024-0565 7.4 - High - January 15, 2024

An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service.

Integer underflow

A use-after-free flaw was found in the Linux Kernel

CVE-2024-0562 7.8 - High - January 15, 2024

A use-after-free flaw was found in the Linux Kernel. When a disk is removed, bdi_unregister is called to stop further write-back and waits for associated delayed work to complete. However, wb_inode_writeback_end() may schedule bandwidth estimation work after this has completed, which can result in the timer attempting to access the recently freed bdi_writeback.

Dangling pointer

A Null pointer dereference problem was found in ida_free in lib/idr.c in the Linux Kernel

CVE-2023-6915 5.5 - Medium - January 15, 2024

A Null pointer dereference problem was found in ida_free in lib/idr.c in the Linux Kernel. This issue may allow an attacker using this library to cause a denial of service problem due to a missing check at a function return.

NULL Pointer Dereference

An issue was discovered in drivers/input/input.c in the Linux kernel before 5.17.10

CVE-2022-48619 5.5 - Medium - January 12, 2024

An issue was discovered in drivers/input/input.c in the Linux kernel before 5.17.10. An attacker can cause a denial of service (panic) because input_set_capability mishandles the situation in which an event code falls outside of a bitmap.

An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family); While creating a new netfilter table

CVE-2023-6040 7.8 - High - January 12, 2024

An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family); While creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function enables an attacker to achieve out-of-bounds access.

Out-of-bounds Read

A flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading to a cgroup blkio memory leakage problem

CVE-2024-0443 5.5 - Medium - January 12, 2024

A flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading to a cgroup blkio memory leakage problem. When a cgroup is being destroyed, cgroup_rstat_flush() is only called at css_release_work_fn(), which is called when the blkcg reference count reaches 0. This circular dependency will prevent blkcg and some blkgs from being freed after they are made offline. This issue may allow an attacker with a local access to cause system instability, such as an out of memory error.

Exposure of Resource to Wrong Sphere

An issue was discovered in the Linux kernel before 6.6.8

CVE-2023-51780 7 - High - January 11, 2024

An issue was discovered in the Linux kernel before 6.6.8. do_vcc_ioctl in net/atm/ioctl.c has a use-after-free because of a vcc_recvmsg race condition.

Dangling pointer

An issue was discovered in the Linux kernel before 6.6.8

CVE-2023-51782 7 - High - January 11, 2024

An issue was discovered in the Linux kernel before 6.6.8. rose_ioctl in net/rose/af_rose.c has a use-after-free because of a rose_accept race condition.

Dangling pointer

An issue was discovered in the Linux kernel before 6.6.8

CVE-2023-51781 7 - High - January 11, 2024

An issue was discovered in the Linux kernel before 6.6.8. atalk_ioctl in net/appletalk/ddp.c has a use-after-free because of an atalk_recvmsg race condition.

Dangling pointer

A vulnerability was found in vhost_new_msg in drivers/vhost/vhost.c in the Linux kernel

CVE-2024-0340 5.5 - Medium - January 09, 2024

A vulnerability was found in vhost_new_msg in drivers/vhost/vhost.c in the Linux kernel, which does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This issue can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file.

The Linux kernel io_uring IORING_OP_SOCKET operation contained a double free in function __sys_socket_file() in file net/socket.c

CVE-2023-1032 5.5 - Medium - January 08, 2024

The Linux kernel io_uring IORING_OP_SOCKET operation contained a double free in function __sys_socket_file() in file net/socket.c. This issue was introduced in da214a475f8bd1d3e9e7a19ddfeb4d1617551bab and fixed in 649c15c7691e9b13cbe9bf6c65c365350e056067.

Double-free

It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations

CVE-2021-3600 7.8 - High - January 08, 2024

It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use this to possibly execute arbitrary code.

Out-of-bounds Read

It was discovered that when exec'ing

CVE-2022-2585 7.8 - High - January 08, 2024

It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free.

Dangling pointer

It was discovered that a nft object or expression could reference a nft set on a different nft table

CVE-2022-2586 7.8 - High - January 08, 2024

It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted.

Dangling pointer

It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter

CVE-2022-2588 7.8 - High - January 08, 2024

It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0.

Double-free

io_uring UAF

CVE-2022-2602 7 - High - January 08, 2024

io_uring UAF, Unix SCM garbage collection

Dangling pointer

Closing of an event channel in the Linux kernel can result in a deadlock

CVE-2023-34324 4.9 - Medium - January 05, 2024

Closing of an event channel in the Linux kernel can result in a deadlock. This happens when the close is being performed in parallel to an unrelated Xen console action and the handling of a Xen console interrupt in an unprivileged guest. The closing of an event channel is e.g. triggered by removal of a paravirtual device on the other side. As this action will cause console messages to be issued on the other side quite often, the chance of triggering the deadlock is not neglectable. Note that 32-bit Arm-guests are not affected, as the 32-bit Linux kernel on Arm doesn't use queued-RW-locks, which are required to trigger the issue (on Arm32 a waiting writer doesn't block further readers to get the lock).

Resource Exhaustion

A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel

CVE-2023-6270 7 - High - January 04, 2024

A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on `struct net_device`, and a use-after-free can be triggered by racing between the free on the struct and the access through the `skbtxq` global queue. This could lead to a denial of service condition or potential code execution.

Dangling pointer

A memory leak problem was found in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c in the Linux Kernel

CVE-2023-7192 4.4 - Medium - January 02, 2024

A memory leak problem was found in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c in the Linux Kernel. This issue may allow a local attacker with CAP_NET_ADMIN privileges to cause a denial of service (DoS) attack due to a refcount overflow.

Memory Leak

A use-after-free flaw was found in the netfilter subsystem of the Linux kernel

CVE-2024-0193 6.7 - Medium - January 02, 2024

A use-after-free flaw was found in the netfilter subsystem of the Linux kernel. If the catchall element is garbage-collected when the pipapo set is removed, the element can be deactivated twice. This can cause a use-after-free issue on an NFT_CHAIN object or NFT_OBJECT object, allowing a local unprivileged user with CAP_NET_ADMIN capability to escalate their privileges on the system.

Dangling pointer

A null pointer dereference vulnerability was found in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() in drivers/net/wireless/ath/ath10k/wmi-tlv.c in the Linux kernel

CVE-2023-7042 5.5 - Medium - December 21, 2023

A null pointer dereference vulnerability was found in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() in drivers/net/wireless/ath/ath10k/wmi-tlv.c in the Linux kernel. This issue could be exploited to trigger a denial of service.

NULL Pointer Dereference

A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel

CVE-2023-6546 7 - High - December 21, 2023

A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system.

Race Condition

A heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component

CVE-2023-6931 7 - High - December 19, 2023

A heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component can be exploited to achieve local privilege escalation. A perf_event's read_size can overflow, leading to an heap out-of-bounds increment or write in perf_read_group(). We recommend upgrading past commit 382c27f4ed28f803b1f1473ac2d8db0afc795a1b.

Memory Corruption

A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation

CVE-2023-6932 7 - High - December 19, 2023

A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation. A race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread. We recommend upgrading past commit e2b706c691905fe78468c361aaabc719d0a496f1.

Dangling pointer

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation

CVE-2023-6817 7.8 - High - December 18, 2023

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The function nft_pipapo_walk did not skip inactive elements during set walk which could lead double deactivations of PIPAPO (Pile Packet Policies) elements, leading to use-after-free. We recommend upgrading past commit 317eb9685095678f2c9f5a8189de698c5354316a.

Dangling pointer

A null pointer dereference vulnerability was found in dpll_pin_parent_pin_set() in drivers/dpll/dpll_netlink.c in the Digital Phase Locked Loop (DPLL) subsystem in the Linux kernel

CVE-2023-6679 5.5 - Medium - December 11, 2023

A null pointer dereference vulnerability was found in dpll_pin_parent_pin_set() in drivers/dpll/dpll_netlink.c in the Digital Phase Locked Loop (DPLL) subsystem in the Linux kernel. This issue could be exploited to trigger a denial of service.

NULL Pointer Dereference

sec_attest_info in drivers/accel/habanalabs/common/habanalabs_ioctl.c in the Linux kernel through 6.6.5

CVE-2023-50431 5.5 - Medium - December 09, 2023

sec_attest_info in drivers/accel/habanalabs/common/habanalabs_ioctl.c in the Linux kernel through 6.6.5 allows an information leak to user space because info->pad0 is not initialized.

An out-of-bounds memory access flaw was found in the io_uring SQ/CQ rings functionality in the Linux kernel

CVE-2023-6560 5.5 - Medium - December 09, 2023

An out-of-bounds memory access flaw was found in the io_uring SQ/CQ rings functionality in the Linux kernel. This issue could allow a local user to crash the system.

Buffer Overflow

A null pointer dereference vulnerability was found in nft_dynset_init() in net/netfilter/nft_dynset.c in nf_tables in the Linux kernel

CVE-2023-6622 5.5 - Medium - December 08, 2023

A null pointer dereference vulnerability was found in nft_dynset_init() in net/netfilter/nft_dynset.c in nf_tables in the Linux kernel. This issue may allow a local attacker with CAP_NET_ADMIN user privilege to trigger a denial of service.

NULL Pointer Dereference

An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel

CVE-2023-6606 7.1 - High - December 08, 2023

An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.

Out-of-bounds Read

An out-of-bounds read vulnerability was found in smb2_dump_detail in fs/smb/client/smb2ops.c in the Linux Kernel

CVE-2023-6610 7.1 - High - December 08, 2023

An out-of-bounds read vulnerability was found in smb2_dump_detail in fs/smb/client/smb2ops.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.

Out-of-bounds Read

A null pointer dereference flaw was found in the nft_inner.c functionality of netfilter in the Linux kernel

CVE-2023-5972 7.8 - High - November 23, 2023

A null pointer dereference flaw was found in the nft_inner.c functionality of netfilter in the Linux kernel. This issue could allow a local user to crash the system or escalate their privileges on the system.

NULL Pointer Dereference

A buffer overflow vulnerability was found in the NVM Express (NVMe) driver in the Linux kernel

CVE-2023-6238 6.7 - Medium - November 21, 2023

A buffer overflow vulnerability was found in the NVM Express (NVMe) driver in the Linux kernel. Only privileged user could specify a small meta buffer and let the device perform larger Direct Memory Access (DMA) into the same buffer, overwriting unrelated kernel memory, causing random kernel crashes and memory corruption.

Classic Buffer Overflow

A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality

CVE-2023-6176 4.7 - Medium - November 16, 2023

A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configuration, which could allow a local user to crash the system or escalate their privileges on the system.

NULL Pointer Dereference

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation

CVE-2023-6111 7.8 - High - November 14, 2023

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The function nft_trans_gc_catchall did not remove the catchall set element from the catchall_list when the argument sync is true, making it possible to free a catchall set element many times. We recommend upgrading past commit 93995bf4af2c5a99e2a87f0cd5ce547d31eb7630.

Dangling pointer

A race condition was found in the QXL driver in the Linux kernel

CVE-2023-39198 6.4 - Medium - November 09, 2023

A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation.

Dangling pointer

A use-after-free flaw was found in lan78xx_disconnect in drivers/net/usb/lan78xx.c in the network sub-component

CVE-2023-6039 5.5 - Medium - November 09, 2023

A use-after-free flaw was found in lan78xx_disconnect in drivers/net/usb/lan78xx.c in the network sub-component, net/usb/lan78xx in the Linux Kernel. This flaw allows a local attacker to crash the system when the LAN78XX USB device detaches.

Dangling pointer

A flaw was found in KVM

CVE-2023-5090 5.5 - Medium - November 06, 2023

A flaw was found in KVM. An improper check in svm_set_x2apic_msr_interception() may allow direct access to host x2apic msrs when the guest resets its apic, potentially leading to a denial of service condition.

Improper Handling of Exceptional Conditions

The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code

CVE-2023-47233 4.3 - Medium - November 03, 2023

The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this "could be exploited in a real world scenario." This is related to brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c.

Dangling pointer

A use-after-free flaw was found in the Linux kernels mm/mremap memory address space accounting source code

CVE-2023-1476 7 - High - November 03, 2023

A use-after-free flaw was found in the Linux kernels mm/mremap memory address space accounting source code. This issue occurs due to a race condition between rmap walk and mremap, allowing a local user to crash the system or potentially escalate their privileges on the system.

Dangling pointer

An out-of-bounds (OOB) memory read flaw was found in parse_lease_state in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel

CVE-2023-1194 8.1 - High - November 03, 2023

An out-of-bounds (OOB) memory read flaw was found in parse_lease_state in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. When an attacker sends the CREATE command with a malformed payload to KSMBD, due to a missing check of `NameOffset` in the `parse_lease_state()` function, the `create_context` object can access invalid memory.

Out-of-bounds Read

A use-after-free flaw was found in smb2_is_status_io_timeout() in CIFS in the Linux Kernel

CVE-2023-1192 6.5 - Medium - November 01, 2023

A use-after-free flaw was found in smb2_is_status_io_timeout() in CIFS in the Linux Kernel. After CIFS transfers response data to a system call, there are still local variable points to the memory region, and if the system call frees it faster than CIFS uses it, CIFS will access a free memory region, leading to a denial of service.

Dangling pointer

A use-after-free flaw was found in setup_async_work in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel

CVE-2023-1193 6.5 - Medium - November 01, 2023

A use-after-free flaw was found in setup_async_work in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. This issue could allow an attacker to crash the system by accessing freed work.

Dangling pointer

A race condition occurred between the functions lmLogClose and txEnd in JFS, in the Linux Kernel, executed in different threads

CVE-2023-3397 6.3 - Medium - November 01, 2023

A race condition occurred between the functions lmLogClose and txEnd in JFS, in the Linux Kernel, executed in different threads. This flaw allows a local attacker with normal user privileges to crash the system or leak internal kernel information.

Race Condition

A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe/TCP subsystem in the Linux kernel

CVE-2023-5178 9.8 - Critical - November 01, 2023

A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation.

Dangling pointer

An issue was discovered in the Linux kernel through 6.5.9

CVE-2023-46862 4.7 - Medium - October 29, 2023

An issue was discovered in the Linux kernel through 6.5.9. During a race with SQ thread exit, an io_uring/fdinfo.c io_uring_show_fdinfo NULL pointer dereference can occur.

NULL Pointer Dereference

An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access to MMIO registers

CVE-2023-46813 7 - High - October 27, 2023

An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access to MMIO registers. Incorrect access checking in the #VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses could lead to arbitrary write access to kernel memory (and thus privilege escalation). This depends on a race condition through which userspace can replace an instruction before the #VC handler reads it.

A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component

CVE-2023-5717 7.8 - High - October 25, 2023

A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation. If perf_read_group() is called while an event's sibling_list is smaller than its child's sibling_list, it can increment or write to memory locations outside of the allocated buffer. We recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06.

Memory Corruption

The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface

CVE-2023-5633 7.8 - High - October 23, 2023

The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user could potentially use this flaw to escalate their privileges.

Dangling pointer

extract_user_to_sg in lib/scatterlist.c in the Linux kernel before 6.4.12 fails to unpin pages in a certain situation

CVE-2023-40791 6.3 - Medium - October 16, 2023

extract_user_to_sg in lib/scatterlist.c in the Linux kernel before 6.4.12 fails to unpin pages in a certain situation, as demonstrated by a WARNING for try_grab_page.

The Linux kernel before 6.5.4 has an es1 use-after-free in fs/ext4/extents_status.c

CVE-2023-45898 7.8 - High - October 16, 2023

The Linux kernel before 6.5.4 has an es1 use-after-free in fs/ext4/extents_status.c, related to ext4_es_insert_extent.

Dangling pointer

An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3

CVE-2023-45871 7.5 - High - October 15, 2023

An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU.

Incorrect Calculation of Buffer Size

An issue was discovered in lib/kobject.c in the Linux kernel before 6.2.3

CVE-2023-45863 6.4 - Medium - October 14, 2023

An issue was discovered in lib/kobject.c in the Linux kernel before 6.2.3. With root access, an attacker can trigger a race condition that results in a fill_kobj_path out-of-bounds write.

Memory Corruption

An issue was discovered in drivers/usb/storage/ene_ub6250.c for the ENE UB6250 reader driver in the Linux kernel before 6.2.5

CVE-2023-45862 5.5 - Medium - October 14, 2023

An issue was discovered in drivers/usb/storage/ene_ub6250.c for the ENE UB6250 reader driver in the Linux kernel before 6.2.5. An object could potentially extend beyond the end of an allocation.

Allocation of Resources Without Limits or Throttling

An integer overflow flaw was found in the Linux kernel

CVE-2023-42752 5.5 - Medium - October 13, 2023

An integer overflow flaw was found in the Linux kernel. This issue leads to the kernel allocating `skb_shared_info` in the userspace, which is exploitable in systems without SMAP protection since `skb_shared_info` contains references to function pointers.

Integer Overflow or Wraparound

A flaw was found in the Netfilter subsystem in the Linux kernel

CVE-2023-39189 6 - Medium - October 09, 2023

A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode controlled opt_num field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure.

Out-of-bounds Read

A flaw was found in the XFRM subsystem in the Linux kernel

CVE-2023-39194 4.4 - Medium - October 09, 2023

A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing of state filters, which can result in a read past the end of an allocated buffer. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, potentially leading to an information disclosure.

Out-of-bounds Read

A flaw was found in the Netfilter subsystem in the Linux kernel

CVE-2023-39193 6 - Medium - October 09, 2023

A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the flag_count field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure.

Out-of-bounds Read

A flaw was found in the Netfilter subsystem in the Linux kernel

CVE-2023-39192 6 - Medium - October 09, 2023

A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds read by setting the size fields with a value beyond the array boundaries, leading to a crash or information disclosure.

Out-of-bounds Read

A flaw was found in the IPv4 Resource Reservation Protocol (RSVP) classifier in the Linux kernel

CVE-2023-42755 5.5 - Medium - October 05, 2023

A flaw was found in the IPv4 Resource Reservation Protocol (RSVP) classifier in the Linux kernel. The xprt pointer may go beyond the linear part of the skb, leading to an out-of-bounds read in the `rsvp_classify` function. This issue may allow a local user to crash the system and cause a denial of service.

Out-of-bounds Read

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.