Linux Acrn
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Linux Acrn.
By the Year
In 2026 there have been 0 vulnerabilities in Linux Acrn. Acrn did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 1 | 9.80 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 6 | 7.55 |
| 2020 | 0 | 0.00 |
| 2019 | 1 | 0.00 |
It may take a day or so for new Acrn vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Linux Acrn Security Vulnerabilities
Linux kernel: IPv6 seg6 init invalid unregister path (CVE-2024-38612)
CVE-2024-38612
9.8 - Critical
- June 19, 2024
In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix invalid unregister error path The error path of seg6_init() is wrong in case CONFIG_IPV6_SEG6_LWTUNNEL is not defined. In that case if seg6_hmac_init() fails, the genl_unregister_family() isn't called. This issue exist since commit 46738b1317e1 ("ipv6: sr: add option to control lwtunnel support"), and commit 5559cea2d5aa ("ipv6: sr: fix possible use-after-free and null-ptr-deref") replaced unregister_pernet_subsys() with genl_unregister_family() in this error path.
NULL Pointer Dereference
An issue was discovered in ACRN before 2.5
CVE-2021-36148
7.8 - High
- July 02, 2021
An issue was discovered in ACRN before 2.5. dmar_free_irte in hypervisor/arch/x86/vtd.c allows an irte_alloc_bitmap buffer overflow.
Classic Buffer Overflow
An issue was discovered in ACRN before 2.5
CVE-2021-36147
7.5 - High
- July 02, 2021
An issue was discovered in ACRN before 2.5. It allows a devicemodel/hw/pci/virtio/virtio_net.c virtio_net_ping_rxq NULL pointer dereference for vq->used.
NULL Pointer Dereference
ACRN before 2.5 has a devicemodel/hw/pci/xhci.c NULL Pointer Dereference for a trb pointer.
CVE-2021-36146
7.5 - High
- July 02, 2021
ACRN before 2.5 has a devicemodel/hw/pci/xhci.c NULL Pointer Dereference for a trb pointer.
NULL Pointer Dereference
The Device Model in ACRN through 2.5 has a devicemodel/core/mem.c use-after-free for a freed rb_entry.
CVE-2021-36145
7.5 - High
- July 02, 2021
The Device Model in ACRN through 2.5 has a devicemodel/core/mem.c use-after-free for a freed rb_entry.
Dangling pointer
The polling timer handler in ACRN before 2.5 has a use-after-free for a freed virtio device
CVE-2021-36144
7.5 - High
- July 02, 2021
The polling timer handler in ACRN before 2.5 has a use-after-free for a freed virtio device, related to devicemodel/hw/pci/virtio/*.c.
Dangling pointer
ACRN before 2.5 has a hw/pci/virtio/virtio.c vq_endchains NULL Pointer Dereference.
CVE-2021-36143
7.5 - High
- July 02, 2021
ACRN before 2.5 has a hw/pci/virtio/virtio.c vq_endchains NULL Pointer Dereference.
NULL Pointer Dereference
The Device Model in ACRN before 2019w25.5-140000p relies on assert calls in devicemodel/hw/pci/core.c and devicemodel/include/pci_core.h (instead of other mechanisms for propagating error information or diagnostic information), which might
CVE-2019-18844
- November 13, 2019
The Device Model in ACRN before 2019w25.5-140000p relies on assert calls in devicemodel/hw/pci/core.c and devicemodel/include/pci_core.h (instead of other mechanisms for propagating error information or diagnostic information), which might allow attackers to cause a denial of service (assertion failure) within pci core. This is fixed in 1.2. 6199e653418e is a mitigation for pre-1.1 versions, whereas 2b3dedfb9ba1 is a mitigation for 1.1.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Linux Acrn or by Linux? Click the Watch button to subscribe.
