Linux Kernel
Known Exploited Linux Kernel Vulnerabilities
The following Linux Kernel vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| Linux Kernel Race Condition Vulnerability | Linux Kernel contains a race condition vulnerability within the n_tty_write function that allows local users to cause a denial-of-service or gain privileges via read and write operations with long strings. CVE-2014-0196 | May 12, 2023 |
| Linux Kernel Improper Input Validation Vulnerability | Linux Kernel contains an improper input validation vulnerability in the Reliable Datagram Sockets (RDS) protocol implementation that allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls. CVE-2010-3904 | May 12, 2023 |
| Linux Kernel Use-After-Free Vulnerability | Linux kernel contains a use-after-free vulnerability that allows for privilege escalation to gain ring0 access from the system user. CVE-2023-0266 | March 30, 2023 |
| Linux Kernel Privilege Escalation Vulnerability | The overlayfs stacking file system in Linux kernel does not properly validate the application of file capabilities against user namespaces, which could lead to privilege escalation. CVE-2021-3493 | October 20, 2022 |
| Linux Kernel Improper Input Validation Vulnerability | The get_user and put_user API functions of the Linux kernel fail to validate the target address when being used on ARM v6k/v7 platforms. This allows an application to read and write kernel memory which could lead to privilege escalation. CVE-2013-6282 | September 15, 2022 |
| Linux Kernel Integer Overflow Vulnerability | Linux kernel fb_mmap function in drivers/video/fbmem.c contains an integer overflow vulnerability which allows for privilege escalation. CVE-2013-2596 | September 15, 2022 |
| Linux Kernel Privilege Escalation Vulnerability | Linux kernel fails to check all 64 bits of attr.config passed by user space, resulting to out-of-bounds access of the perf_swevent_enabled array in sw_perf_event_destroy(). Explotation allows for privilege escalation. CVE-2013-2094 | September 15, 2022 |
| Linux Kernel Privilege Escalation Vulnerability | The futex_requeue function in kernel/futex.c in Linux kernel does not ensure that calls have two different futex addresses, which allows local users to gain privileges. CVE-2014-3153 | May 25, 2022 |
| Linux Kernel Privilege Escalation Vulnerability | Linux kernel contains an improper initialization vulnerability where an unprivileged local user could escalate their privileges on the system. This vulnerability has the moniker of "Dirty Pipe." CVE-2022-0847 | April 25, 2022 |
| Linux Kernel Privilege Escalation Vulnerability | Linux Kernel contains a flaw in the packet socket (AF_PACKET) implementation which could lead to incorrectly freeing memory. A local user could exploit this for denial-of-service or possibly for privilege escalation. CVE-2021-22600 | April 11, 2022 |
| Linux Kernel Race Condition Vulnerability | Race condition in mm/gup.c in the Linux kernel allows local users to escalate privileges. CVE-2016-5195 | March 3, 2022 |
| Linux Kernel Improper Privilege Management Vulnerability | Kernel/ptrace.c in Linux kernel mishandles contains an improper privilege management vulnerability which allows local users to obtain root access. CVE-2019-13272 | December 10, 2021 |
By the Year
In 2024 there have been 0 vulnerabilities in Linux Kernel . Kernel did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Kernel vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Linux Kernel Security Vulnerabilities
The pit_ioport_read function in the Programmable Interval Timer (PIT) emulation in i8254.c in KVM 83 does not properly use the pit_state data structure, which
CVE-2010-0309
- February 12, 2010
The pit_ioport_read function in the Programmable Interval Timer (PIT) emulation in i8254.c in KVM 83 does not properly use the pit_state data structure, which allows guest OS users to cause a denial of service (host OS crash or hang) by attempting to read the /dev/port file.
Configuration
The get_instantiation_keyring function in security/keys/keyctl.c in the KEYS subsystem in the Linux kernel before 2.6.32-rc5 does not properly maintain the reference count of a keyring, which
CVE-2009-3624
- November 02, 2009
The get_instantiation_keyring function in security/keys/keyctl.c in the KEYS subsystem in the Linux kernel before 2.6.32-rc5 does not properly maintain the reference count of a keyring, which allows local users to gain privileges or cause a denial of service (OOPS) via vectors involving calls to this function without specifying a keyring by ID, as demonstrated by a series of keyctl request2 and keyctl list commands.
Cryptographic Issues
Stack-based buffer overflow in the parse_tag_11_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving a crafted eCryptfs file, related to not ensuring
CVE-2009-2406
- July 31, 2009
Stack-based buffer overflow in the parse_tag_11_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving a crafted eCryptfs file, related to not ensuring that the key signature length in a Tag 11 packet is compatible with the key signature buffer size.
Buffer Overflow
Buffer overflow in the RTL8169 NIC driver (drivers/net/r8169.c) in the Linux kernel before 2.6.30
CVE-2009-1389
- June 16, 2009
Buffer overflow in the RTL8169 NIC driver (drivers/net/r8169.c) in the Linux kernel before 2.6.30 allows remote attackers to cause a denial of service (kernel memory corruption and crash) via a long packet.
Buffer Overflow
Integer underflow in the e1000_clean_rx_irq function in drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel before 2.6.30-rc8, the e1000e driver in the Linux kernel, and Intel Wired Ethernet (aka e1000) before 7.5.5
CVE-2009-1385
- June 04, 2009
Integer underflow in the e1000_clean_rx_irq function in drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel before 2.6.30-rc8, the e1000e driver in the Linux kernel, and Intel Wired Ethernet (aka e1000) before 7.5.5 allows remote attackers to cause a denial of service (panic) via a crafted frame size.
Numeric Errors
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Linux Kernel or by Linux? Click the Watch button to subscribe.
