Linux
Products by Linux Sorted by Most Security Vulnerabilities since 2018
@Linux_Kernel Tweets
Sun Oct 07 15:49:01 +0000 2012
Mon Oct 01 00:19:02 +0000 2012
Mon Oct 01 00:19:01 +0000 2012
Mon Sep 24 01:49:03 +0000 2012
Mon Sep 24 01:49:02 +0000 2012
By the Year
In 2021 there have been 155 vulnerabilities in Linux with an average score of 6.6 out of ten. Last year Linux had 117 security vulnerabilities published. That is, 38 more vulnerabilities have already been reported in 2021 as compared to last year. However, the average CVE base score of the vulnerabilities in 2021 is greater by 0.41.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2021 | 155 | 6.59 |
| 2020 | 117 | 6.18 |
| 2019 | 266 | 6.30 |
| 2018 | 144 | 6.25 |
It may take a day or so for new Linux vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Linux Security Vulnerabilities
An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6
CVE-2021-42252
7.8 - High
- October 11, 2021
An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs because a certain comparison uses values that are not memory sizes.
The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write
CVE-2021-42008
7.8 - High
- October 05, 2021
The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access.
Memory Corruption
prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel through 5.14.9
CVE-2021-41864
7.8 - High
- October 02, 2021
prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel through 5.14.9 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write.
Integer Overflow or Wraparound
A flaw was found in the KVM's AMD code for supporting SVM nested virtualization
CVE-2021-3653
8.8 - High
- September 29, 2021
A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "int_ctl" field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. This flaw affects Linux kernel versions prior to 5.14-rc7.
AuthZ
A flaw was found in the Linux kernel
CVE-2021-20317
4.4 - Medium
- September 27, 2021
A flaw was found in the Linux kernel. A corrupted timer tree caused the task wakeup to be missing in the timerqueue_add function in lib/timerqueue.c. This flaw allows a local attacker with special user privileges to cause a denial of service, slowing and eventually stopping the system while running OSP.
Improper Initialization
arch/mips/net/bpf_jit.c in the Linux kernel before 5.4.10 can generate undesirable machine code when transforming unprivileged cBPF programs
CVE-2021-38300
7.8 - High
- September 20, 2021
arch/mips/net/bpf_jit.c in the Linux kernel before 5.4.10 can generate undesirable machine code when transforming unprivileged cBPF programs, allowing execution of arbitrary code within the kernel context. This occurs because conditional branches can exceed the 128 KB limit of the MIPS architecture.
loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6
CVE-2021-41073
7.8 - High
- September 19, 2021
loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer, as demonstrated by using /proc/<pid>/maps for exploitation.
Improper Privilege Management
A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13.
CVE-2021-40490
7 - High
- September 03, 2021
A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13.
Race Condition
An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54
CVE-2021-21781
3.3 - Low
- August 18, 2021
An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54. The latest version (5.11-rc4) seems to still be vulnerable. A userland application can read the contents of the sigpage, which can leak kernel memory contents. An attacker can read a processs memory at a specific offset to trigger this vulnerability. This was fixed in kernel releases: 4.14.222 4.19.177 5.4.99 5.10.17 5.11
Use of Uninitialized Resource
A flaw was found in the Linux kernel netfilter implementation in versions prior to 5.5-rc7
CVE-2021-3635
4.4 - Medium
- August 13, 2021
A flaw was found in the Linux kernel netfilter implementation in versions prior to 5.5-rc7. A user with root (CAP_SYS_ADMIN) access is able to panic the system when issuing netfilter netflow commands.
Buffer Overflow
A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add()
CVE-2021-3573
6.4 - Medium
- August 13, 2021
A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their privileges on the system. This flaw affects the Linux kernel versions prior to 5.13-rc5.
Race Condition
net/nfc/llcp_sock.c in the Linux kernel before 5.12.10
CVE-2021-38208
5.5 - Medium
- August 08, 2021
net/nfc/llcp_sock.c in the Linux kernel before 5.12.10 allows local unprivileged users to cause a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call.
NULL Pointer Dereference
arch/x86/kvm/mmu/paging_tmpl.h in the Linux kernel before 5.12.11 incorrectly computes the access permissions of a shadow page
CVE-2021-38198
5.5 - Medium
- August 08, 2021
arch/x86/kvm/mmu/paging_tmpl.h in the Linux kernel before 5.12.11 incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault.
arch/powerpc/perf/core-book3s.c in the Linux kernel before 5.12.13, on systems with perf_event_paranoid=-1 and no specific PMU driver support registered
CVE-2021-38200
5.5 - Medium
- August 08, 2021
arch/powerpc/perf/core-book3s.c in the Linux kernel before 5.12.13, on systems with perf_event_paranoid=-1 and no specific PMU driver support registered, allows local users to cause a denial of service (perf_instruction_pointer NULL pointer dereference and OOPS) via a "perf record" command.
NULL Pointer Dereference
drivers/usb/host/max3421-hcd.c in the Linux kernel before 5.13.6
CVE-2021-38204
6.8 - Medium
- August 08, 2021
drivers/usb/host/max3421-hcd.c in the Linux kernel before 5.13.6 allows physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations.
Dangling pointer
drivers/net/ethernet/xilinx/ll_temac_main.c in the Linux kernel before 5.12.13
CVE-2021-38207
7.5 - High
- August 08, 2021
drivers/net/ethernet/xilinx/ll_temac_main.c in the Linux kernel before 5.12.13 allows remote attackers to cause a denial of service (buffer overflow and lockup) by sending heavy network traffic for about ten minutes.
Classic Buffer Overflow
fs/nfsd/trace.h in the Linux kernel before 5.13.4 might
CVE-2021-38202
7.5 - High
- August 08, 2021
fs/nfsd/trace.h in the Linux kernel before 5.13.4 might allow remote attackers to cause a denial of service (out-of-bounds read in strlen) by sending NFS traffic when the trace event framework is being used for nfsd.
Out-of-bounds Read
fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which
CVE-2021-38199
6.5 - Medium
- August 08, 2021
fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by arranging for those servers to be unreachable during trunking detection.
net/sunrpc/xdr.c in the Linux kernel before 5.13.4
CVE-2021-38201
7.5 - High
- August 08, 2021
net/sunrpc/xdr.c in the Linux kernel before 5.13.4 allows remote attackers to cause a denial of service (xdr_set_page_base slab-out-of-bounds access) by performing many NFS 4.2 READ_PLUS operations.
Buffer Overflow
drivers/net/ethernet/xilinx/xilinx_emaclite.c in the Linux kernel before 5.13.3 makes it easier for attackers to defeat an ASLR protection mechanism
CVE-2021-38205
3.3 - Low
- August 08, 2021
drivers/net/ethernet/xilinx/xilinx_emaclite.c in the Linux kernel before 5.13.3 makes it easier for attackers to defeat an ASLR protection mechanism because it prints a kernel pointer (i.e., the real IOMEM pointer).
Access of Uninitialized Pointer