Linux Linux

Do you want an email whenever new security vulnerabilities are reported in any Linux product?

Products by Linux Sorted by Most Security Vulnerabilities since 2018

Linux Kernel1168 vulnerabilities

Linux Acrn7 vulnerabilities

Linux Tizen5 vulnerabilities

Linux Mac802113 vulnerabilities

@Linux_Kernel Tweets

Linux kernel 3.6.1 ( stable) has been released - http://t.co/vhc5dozz #linux #kernel
Sun Oct 07 15:49:01 +0000 2012

Linux kernel next-20120928 ( linux-next) has been released - http://t.co/vhc5dozz #linux #kernel
Mon Oct 01 00:19:02 +0000 2012

Linux kernel 3.6 ( mainline) has been released - http://t.co/vhc5dozz #linux #kernel
Mon Oct 01 00:19:01 +0000 2012

Linux kernel next-20120921 ( linux-next) has been released - http://t.co/vhc5dozz #linux #kernel
Mon Sep 24 01:49:03 +0000 2012

Linux kernel 3.6-rc7 ( mainline) has been released - http://t.co/vhc5dozz #linux #kernel
Mon Sep 24 01:49:02 +0000 2012

By the Year

In 2022 there have been 114 vulnerabilities in Linux with an average score of 6.7 out of ten. Last year Linux had 173 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Linux in 2022 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2022 is greater by 0.16.

Year Vulnerabilities Average Score
2022 114 6.73
2021 173 6.57
2020 118 6.16
2019 268 6.30
2018 145 6.27

It may take a day or so for new Linux vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Linux Security Vulnerabilities

An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms

CVE-2022-32981 7.8 - High - June 10, 2022

An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. There is a buffer overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating point registers.

Classic Buffer Overflow

A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user()

CVE-2022-1998 7.8 - High - June 09, 2022

A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user(). A local user could use this flaw to crash the system or potentially escalate their privileges on the system.

Dangling pointer

The Linux kernel before 5.17.9

CVE-2022-32296 3.3 - Low - June 05, 2022

The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used.

Side Channel Attack

net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1

CVE-2022-32250 7.8 - High - June 02, 2022

net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.

Dangling pointer

A use-after-free flaw was found in the Linux kernels io_uring subsystem in the way a user sets up a ring with IORING_SETUP_IOPOLL with more than one task completing submissions on this ring

CVE-2022-1786 7.8 - High - June 02, 2022

A use-after-free flaw was found in the Linux kernels io_uring subsystem in the way a user sets up a ring with IORING_SETUP_IOPOLL with more than one task completing submissions on this ring. This flaw allows a local user to crash or escalate their privileges on the system.

Dangling pointer

A flaw out of bounds memory write in the Linux kernel UDF file system functionality was found in the way user triggers some file operation

CVE-2022-1943 5.5 - Medium - June 02, 2022

A flaw out of bounds memory write in the Linux kernel UDF file system functionality was found in the way user triggers some file operation which triggers udf_write_fi(). A local user could use this flaw to crash the system or potentially

Memory Corruption

An out-of-bounds read flaw was found in the Linux kernels TeleTYpe subsystem

CVE-2022-1462 6.3 - Medium - June 02, 2022

An out-of-bounds read flaw was found in the Linux kernels TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory.

Race Condition

The root cause of this vulnerability is

CVE-2022-1419 7.8 - High - June 02, 2022

The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of *drm_vgem_gem_object *(created in *vgem_gem_dumb_create*) concurrently, and *vgem_gem_dumb_create *will access the freed drm_vgem_gem_object.

Dangling pointer

With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva

CVE-2022-1789 6.8 - Medium - June 02, 2022

With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference.

NULL Pointer Dereference

Linux Kernel could allow a local attacker to execute arbitrary code on the system

CVE-2022-1652 7.8 - High - June 02, 2022

Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.

Dangling pointer

A use-after-free flaw was found in the Linux kernels pipes functionality in how a user performs manipulations with the pipe post_one_notification() after free_pipe_info()

CVE-2022-1882 7.8 - High - May 26, 2022

A use-after-free flaw was found in the Linux kernels pipes functionality in how a user performs manipulations with the pipe post_one_notification() after free_pipe_info() that is already called. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Dangling pointer

An issue was discovered in the Linux Kernel

CVE-2022-1678 7.5 - High - May 25, 2022

An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients.

A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c

CVE-2022-1734 7 - High - May 18, 2022

A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine.

Dangling pointer

Integer Overflow or Wraparound vulnerability in io_uring of Linux Kernel

CVE-2022-1116 7.8 - High - May 17, 2022

Integer Overflow or Wraparound vulnerability in io_uring of Linux Kernel allows local attacker to cause memory corruption and escalate privileges to root. This issue affects: Linux Kernel versions prior to 5.4.189; version 5.4.24 and later versions.

Integer Overflow or Wraparound

Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root

CVE-2022-29581 7.8 - High - May 17, 2022

Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions.

Dangling pointer

A use-after-free flaw was found in the Linux kernels Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages

CVE-2022-1679 7.8 - High - May 16, 2022

A use-after-free flaw was found in the Linux kernels Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Dangling pointer

The Linux kernel before 5.17.2 mishandles seccomp permissions

CVE-2022-30594 7.8 - High - May 12, 2022

The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag.

Incorrect Default Permissions

A NULL pointer dereference flaw was found in the Linux kernels X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection

CVE-2022-1516 5.5 - Medium - May 05, 2022

A NULL pointer dereference flaw was found in the Linux kernels X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the system.

Dangling pointer

An issue was discovered in the Linux kernel through 5.17.5

CVE-2022-29968 7.8 - High - May 02, 2022

An issue was discovered in the Linux kernel through 5.17.5. io_rw_init_file in fs/io_uring.c lacks initialization of kiocb->private.

Missing Initialization of Resource

A use-after-free flaw was found in the Linux kernels sound subsystem in the way a user triggers concurrent calls of PCM hw_params

CVE-2022-1048 7 - High - April 29, 2022

A use-after-free flaw was found in the Linux kernels sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Race Condition

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.