Linux Kernel Linux Kernel

Do you want an email whenever new security vulnerabilities are reported in Linux Kernel?

By the Year

In 2022 there have been 114 vulnerabilities in Linux Kernel with an average score of 6.7 out of ten. Last year Linux Kernel had 159 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Linux Kernel in 2022 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2022 is greater by 0.21.

Year Vulnerabilities Average Score
2022 114 6.73
2021 159 6.52
2020 118 6.16
2019 267 6.29
2018 145 6.27

It may take a day or so for new Linux Kernel vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Linux Kernel Security Vulnerabilities

An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms

CVE-2022-32981 7.8 - High - June 10, 2022

An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. There is a buffer overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating point registers.

Classic Buffer Overflow

A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user()

CVE-2022-1998 7.8 - High - June 09, 2022

A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user(). A local user could use this flaw to crash the system or potentially escalate their privileges on the system.

Dangling pointer

The Linux kernel before 5.17.9

CVE-2022-32296 3.3 - Low - June 05, 2022

The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used.

Side Channel Attack

net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1

CVE-2022-32250 7.8 - High - June 02, 2022

net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.

Dangling pointer

A use-after-free flaw was found in the Linux kernels io_uring subsystem in the way a user sets up a ring with IORING_SETUP_IOPOLL with more than one task completing submissions on this ring

CVE-2022-1786 7.8 - High - June 02, 2022

A use-after-free flaw was found in the Linux kernels io_uring subsystem in the way a user sets up a ring with IORING_SETUP_IOPOLL with more than one task completing submissions on this ring. This flaw allows a local user to crash or escalate their privileges on the system.

Dangling pointer

With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva

CVE-2022-1789 6.8 - Medium - June 02, 2022

With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference.

NULL Pointer Dereference

A flaw out of bounds memory write in the Linux kernel UDF file system functionality was found in the way user triggers some file operation

CVE-2022-1943 5.5 - Medium - June 02, 2022

A flaw out of bounds memory write in the Linux kernel UDF file system functionality was found in the way user triggers some file operation which triggers udf_write_fi(). A local user could use this flaw to crash the system or potentially

Memory Corruption

Linux Kernel could allow a local attacker to execute arbitrary code on the system

CVE-2022-1652 7.8 - High - June 02, 2022

Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.

Dangling pointer

An out-of-bounds read flaw was found in the Linux kernels TeleTYpe subsystem

CVE-2022-1462 6.3 - Medium - June 02, 2022

An out-of-bounds read flaw was found in the Linux kernels TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory.

Race Condition

The root cause of this vulnerability is

CVE-2022-1419 7.8 - High - June 02, 2022

The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of *drm_vgem_gem_object *(created in *vgem_gem_dumb_create*) concurrently, and *vgem_gem_dumb_create *will access the freed drm_vgem_gem_object.

Dangling pointer

A use-after-free flaw was found in the Linux kernels pipes functionality in how a user performs manipulations with the pipe post_one_notification() after free_pipe_info()

CVE-2022-1882 7.8 - High - May 26, 2022

A use-after-free flaw was found in the Linux kernels pipes functionality in how a user performs manipulations with the pipe post_one_notification() after free_pipe_info() that is already called. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Dangling pointer

An issue was discovered in the Linux Kernel

CVE-2022-1678 7.5 - High - May 25, 2022

An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients.

A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c

CVE-2022-1734 7 - High - May 18, 2022

A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine.

Dangling pointer

Integer Overflow or Wraparound vulnerability in io_uring of Linux Kernel

CVE-2022-1116 7.8 - High - May 17, 2022

Integer Overflow or Wraparound vulnerability in io_uring of Linux Kernel allows local attacker to cause memory corruption and escalate privileges to root. This issue affects: Linux Kernel versions prior to 5.4.189; version 5.4.24 and later versions.

Integer Overflow or Wraparound

Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root

CVE-2022-29581 7.8 - High - May 17, 2022

Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions.

Dangling pointer

A use-after-free flaw was found in the Linux kernels Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages

CVE-2022-1679 7.8 - High - May 16, 2022

A use-after-free flaw was found in the Linux kernels Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Dangling pointer

The Linux kernel before 5.17.2 mishandles seccomp permissions

CVE-2022-30594 7.8 - High - May 12, 2022

The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag.

Incorrect Default Permissions

A NULL pointer dereference flaw was found in the Linux kernels X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection

CVE-2022-1516 5.5 - Medium - May 05, 2022

A NULL pointer dereference flaw was found in the Linux kernels X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the system.

Dangling pointer

An issue was discovered in the Linux kernel through 5.17.5

CVE-2022-29968 7.8 - High - May 02, 2022

An issue was discovered in the Linux kernel through 5.17.5. io_rw_init_file in fs/io_uring.c lacks initialization of kiocb->private.

Missing Initialization of Resource

A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem

CVE-2022-1015 6.6 - Medium - April 29, 2022

A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue.

Memory Corruption

A use-after-free flaw was found in the Linux kernels sound subsystem in the way a user triggers concurrent calls of PCM hw_params

CVE-2022-1048 7 - High - April 29, 2022

A use-after-free flaw was found in the Linux kernels sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Race Condition

A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio

CVE-2022-1195 5.5 - Medium - April 29, 2022

A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a local attacker with a user privilege to cause a denial of service (DOS) when the mkiss or sixpack device is detached and reclaim resources early.

Dangling pointer

A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel

CVE-2022-1353 7.1 - High - April 29, 2022

A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information.

In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring timeouts

CVE-2022-29582 7 - High - April 22, 2022

In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace; however, the race condition perhaps can only be exploited infrequently.

Dangling pointer

In the Linux kernel through 3.1 there is an information disclosure issue

CVE-2011-4917 5.5 - Medium - April 18, 2022

In the Linux kernel through 3.1 there is an information disclosure issue via /proc/stat.

A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem

CVE-2022-1280 6.3 - Medium - April 13, 2022

A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service (DoS) or a kernel information leak.

Dangling pointer

drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel before 5.16.12 has a double free related to rtrs_clt_dev_release.

CVE-2022-29156 7.8 - High - April 13, 2022

drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel before 5.16.12 has a double free related to rtrs_clt_dev_release.

Double-free

The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring

CVE-2022-28893 7.8 - High - April 11, 2022

The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state.

Dangling pointer

jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition.

CVE-2022-28796 7 - High - April 08, 2022

jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition.

Dangling pointer

usb_8dev_start_xmit in drivers/net/

CVE-2022-28388 7.8 - High - April 03, 2022

usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free.

Double-free

mcba_usb_start_xmit in drivers/net/

CVE-2022-28389 7.8 - High - April 03, 2022

mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free.

Double-free

ems_usb_start_xmit in drivers/net/

CVE-2022-28390 7.8 - High - April 03, 2022

ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.

Double-free

In the Linux kernel before 5.17.1

CVE-2022-28356 7.5 - High - April 02, 2022

In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c.

An unauthorized access to the execution of the setuid file with capabilities flaw in the Linux kernel OverlayFS subsystem was found in the way user copying a capable file

CVE-2021-3847 7.8 - High - April 01, 2022

An unauthorized access to the execution of the setuid file with capabilities flaw in the Linux kernel OverlayFS subsystem was found in the way user copying a capable file from a nosuid mount into another mount. A local user could use this flaw to escalate their privileges on the system.

Improper Preservation of Permissions

An integer overflow flaw was found in the Linux kernels virtio device driver code in the way a user triggers the vhost_vdpa_config_validate function

CVE-2022-0998 7.8 - High - March 30, 2022

An integer overflow flaw was found in the Linux kernels virtio device driver code in the way a user triggers the vhost_vdpa_config_validate function. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Integer Overflow or Wraparound

A flaw was found in the Linux kernels implementation of audit rules, where a syscall

CVE-2020-35501 3.4 - Low - March 30, 2022

A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the audit subsystem

AuthZ

A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation

CVE-2022-1055 7.8 - High - March 29, 2022

A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5

Dangling pointer

In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11

CVE-2022-27950 5.5 - Medium - March 28, 2022

In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a memory leak exists for a certain hid_parse error condition.

Memory Leak

A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64

CVE-2022-0435 8.8 - High - March 25, 2022

A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network.

Memory Corruption

A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel

CVE-2022-0494 4.4 - Medium - March 25, 2022

A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality.

Information Disclosure

A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD

CVE-2022-0500 7.8 - High - March 25, 2022

A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux kernels BPF subsystem due to the way a user loads BTF. This flaw allows a local user to crash or escalate their privileges on the system.

Buffer Overflow

An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS)

CVE-2021-4157 8 - High - March 25, 2022

An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system.

Buffer Overflow

A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in the Linux kernel

CVE-2021-4202 7 - High - March 25, 2022

A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race problem while the device is getting removed, leading to a privilege escalation problem.

Race Condition

A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel

CVE-2021-4203 6.8 - Medium - March 25, 2022

A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information.

Race Condition

A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access

CVE-2022-0322 5.5 - Medium - March 25, 2022

A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS).

Incorrect Type Conversion or Cast

A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU

CVE-2022-0330 7.8 - High - March 25, 2022

A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system.

Improper Preservation of Permissions

An out-of-bounds (OOB) memory write flaw was found in the Linux kernels watch_queue event notification subsystem

CVE-2022-0995 7.1 - High - March 25, 2022

An out-of-bounds (OOB) memory write flaw was found in the Linux kernels watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system.

Memory Corruption

A use-after-free flaw was found in the add_partition in block/partitions/core.c in the Linux kernel

CVE-2021-4150 5.5 - Medium - March 23, 2022

A use-after-free flaw was found in the add_partition in block/partitions/core.c in the Linux kernel. A local attacker with user privileges could cause a denial of service on the system. The issue results from the lack of code cleanup when device_add call fails when adding a partition to the disk.

Dangling pointer

An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process

CVE-2021-4197 7.8 - High - March 23, 2022

An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system.

authentification

A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an improper lock operation in btrfs

CVE-2021-4149 5.5 - Medium - March 23, 2022

A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial of service (DOS) due to a deadlock problem.

Improper Locking

A memory leak flaw was found in the Linux kernels DMA subsystem, in the way a user calls DMA_FROM_DEVICE

CVE-2022-0854 5.5 - Medium - March 23, 2022

A memory leak flaw was found in the Linux kernels DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space.

Memory Leak

A vulnerability was found in the Linux kernel's block_invalidatepage in fs/buffer.c in the filesystem

CVE-2021-4148 5.5 - Medium - March 23, 2022

A vulnerability was found in the Linux kernel's block_invalidatepage in fs/buffer.c in the filesystem. A missing sanity check may allow a local attacker with user privilege to cause a denial of service (DOS) problem.

Improper Validation of Integrity Check Value

A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c

CVE-2022-27666 7.8 - High - March 23, 2022

A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat.

Memory Corruption

A use-after-free flaw was found in the Linux kernels FUSE filesystem in the way a user triggers write()

CVE-2022-1011 7.8 - High - March 18, 2022

A use-after-free flaw was found in the Linux kernels FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation.

Dangling pointer

Memory leak in icmp6 implementation in Linux Kernel 5.13+

CVE-2022-0742 7.5 - High - March 18, 2022

Memory leak in icmp6 implementation in Linux Kernel 5.13+ allows a remote attacker to DoS a host by making it go out-of-memory via icmp6 packets of type 130 or 131. We recommend upgrading past commit 2d3916f3189172d5c69d33065c3c21119fe539fc.

Memory Leak

In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk)

CVE-2021-45868 5.5 - Medium - March 18, 2022

In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file.

Dangling pointer

In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12

CVE-2022-27223 8.8 - High - March 16, 2022

In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not validated and might be manipulated by the host for out-of-array access.

out-of-bounds array index

An issue was discovered in the Linux kernel before 5.16.12

CVE-2022-26966 5.5 - Medium - March 12, 2022

An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device.

drivers/bluetooth/virtio_bt.c in the Linux kernel before 5.16.3 has a memory leak (socket buffers have memory allocated but not freed).

CVE-2022-26878 5.5 - Medium - March 11, 2022

drivers/bluetooth/virtio_bt.c in the Linux kernel before 5.16.3 has a memory leak (socket buffers have memory allocated but not freed).

Missing Release of Resource after Effective Lifetime

A NULL pointer dereference flaw was found in the Linux kernel's BPF subsystem in the way a user triggers the map_get_next_key function of the BPF bloom filter

CVE-2022-0433 5.5 - Medium - March 10, 2022

A NULL pointer dereference flaw was found in the Linux kernel's BPF subsystem in the way a user triggers the map_get_next_key function of the BPF bloom filter. This flaw allows a local user to crash the system. This flaw affects Linux kernel versions prior to 5.17-rc1.

NULL Pointer Dereference

A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel

CVE-2022-0516 7.8 - High - March 10, 2022

A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obtain unauthorized memory write access. This flaw affects Linux kernel versions prior to 5.17-rc4.

A NULL pointer dereference was found in the Linux kernel's KVM when dirty ring logging is enabled without an active vCPU context

CVE-2021-4095 5.5 - Medium - March 10, 2022

A NULL pointer dereference was found in the Linux kernel's KVM when dirty ring logging is enabled without an active vCPU context. An unprivileged local attacker on the host may use this flaw to cause a kernel oops condition and thus a denial of service by issuing a KVM_XEN_HVM_SET_ATTR ioctl. This flaw affects Linux kernel versions prior to 5.17-rc1.

NULL Pointer Dereference

A flaw was found in the io-workqueue implementation in the Linux kernel versions prior to 5.15-rc1

CVE-2021-4023 5.5 - Medium - March 10, 2022

A flaw was found in the io-workqueue implementation in the Linux kernel versions prior to 5.15-rc1. The kernel can panic when an improper cancellation operation triggers the submission of new io-uring operations during a shortage of free space. This flaw allows a local user with permissions to execute io-uring requests to possibly crash the system.

A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values

CVE-2022-0847 7.8 - High - March 10, 2022

A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.

Improper Initialization

A NULL pointer dereference flaw was found in the btrfs_rm_device function in fs/btrfs/volumes.c in the Linux Kernel

CVE-2021-3739 7.1 - High - March 10, 2022

A NULL pointer dereference flaw was found in the btrfs_rm_device function in fs/btrfs/volumes.c in the Linux Kernel, where triggering the bug requires CAP_SYS_ADMIN. This flaw allows a local attacker to crash the system or leak kernel internal information. The highest threat from this vulnerability is to system availability.

NULL Pointer Dereference

A security issue was found in Linux kernels OverlayFS subsystem where a local attacker who has the ability to mount the TmpFS filesystem with OverlayFS can abuse a logic bug in the overlayfs code

CVE-2021-3732 5.5 - Medium - March 10, 2022

A security issue was found in Linux kernels OverlayFS subsystem where a local attacker who has the ability to mount the TmpFS filesystem with OverlayFS can abuse a logic bug in the overlayfs code which can inadvertently reveal files hidden in the original mount.

st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows

CVE-2022-26490 7.8 - High - March 06, 2022

st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters.

Classic Buffer Overflow

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization

CVE-2021-3656 8.8 - High - March 04, 2022

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "virt_ext" field, this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape.

AuthZ

A flaw was found in the Linux kernel

CVE-2021-3428 5.5 - Medium - March 04, 2022

A flaw was found in the Linux kernel. A denial of service problem is identified if an extent tree is corrupted in a crafted ext4 filesystem in fs/ext4/extents.c in ext4_es_cache_extent. Fabricating an integer overflow, A local attacker with a special user privilege may cause a system crash problem which can lead to an availability threat.

Integer Overflow or Wraparound

An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel

CVE-2021-3743 7.1 - High - March 04, 2022

An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability.

Out-of-bounds Read

A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which

CVE-2021-3744 5.5 - Medium - March 04, 2022

A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808.

Memory Leak

A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page

CVE-2021-3640 7 - High - March 03, 2022

A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system.

Dangling pointer

A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget()

CVE-2021-4002 4.4 - Medium - March 03, 2022

A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data.

Memory Leak

A vulnerability was found in the Linux kernels cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function

CVE-2022-0492 7.8 - High - March 03, 2022

A vulnerability was found in the Linux kernels cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.

authentification

.A flaw was found in the

CVE-2021-3609 7 - High - March 03, 2022

.A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux kernel allows for local privilege escalation to root.

Race Condition

A flaw was found in the "Routing decision" classifier in the Linux kernel's Traffic Control networking subsystem in the way it handled changing of classification filters

CVE-2021-3715 7.8 - High - March 02, 2022

A flaw was found in the "Routing decision" classifier in the Linux kernel's Traffic Control networking subsystem in the way it handled changing of classification filters, leading to a use-after-free condition. This flaw allows unprivileged local users to escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Dangling pointer

A flaw was found in the Linux SCTP stack

CVE-2021-3772 6.5 - Medium - March 02, 2022

A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses.

Improper Validation of Integrity Check Value

An issue was discovered in the Linux kernel through 5.16.11

CVE-2020-36516 5.9 - Medium - February 26, 2022

An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session.

Use of a Broken or Risky Cryptographic Algorithm

net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10

CVE-2022-25636 7.8 - High - February 24, 2022

net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload.

Improper Privilege Management

An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10

CVE-2022-25375 5.5 - Medium - February 20, 2022

An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory.

Exposure of Resource to Wrong Sphere

A flaw use after free in the Linux kernel Management Component Transport Protocol (MCTP) subsystem was found in the way user triggers

CVE-2022-0646 7.8 - High - February 18, 2022

A flaw use after free in the Linux kernel Management Component Transport Protocol (MCTP) subsystem was found in the way user triggers cancel_work_sync after the unregister_netdev during removing device. A local user could use this flaw to crash the system or escalate their privileges on the system. It is actual from Linux Kernel 5.17-rc1 (when mctp-serial.c introduced) till 5.17-rc5.

Dangling pointer

A flaw was found in s390 eBPF JIT in bpf_jit_insn in arch/s390/net/bpf_jit_comp.c in the Linux kernel

CVE-2021-20320 5.5 - Medium - February 18, 2022

A flaw was found in s390 eBPF JIT in bpf_jit_insn in arch/s390/net/bpf_jit_comp.c in the Linux kernel. In this flaw, a local attacker with special user privilege can circumvent the verifier and may lead to a confidentiality problem.

Information Disclosure

A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS

CVE-2021-20321 4.7 - Medium - February 18, 2022

A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system.

Race Condition

A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to

CVE-2021-20322 7.4 - High - February 18, 2022

A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well.

Use of Insufficiently Random Values

An out-of-bounds (OOB) memory write flaw was found in the NFSD in the Linux kernel

CVE-2021-4090 7.1 - High - February 18, 2022

An out-of-bounds (OOB) memory write flaw was found in the NFSD in the Linux kernel. Missing sanity may lead to a write beyond bmval[bmlen-1] in nfsd4_decode_bitmap4 in fs/nfsd/nfs4xdr.c. In this flaw, a local attacker with user privilege may gain access to out-of-bounds memory, leading to a system integrity and confidentiality threat.

Memory Corruption

A flaw was found in the KVM's AMD code for supporting the Secure Encrypted Virtualization-Encrypted State (SEV-ES)

CVE-2021-4093 8.8 - High - February 18, 2022

A flaw was found in the KVM's AMD code for supporting the Secure Encrypted Virtualization-Encrypted State (SEV-ES). A KVM guest using SEV-ES can trigger out-of-bounds reads and writes in the host kernel via a malicious VMGEXIT for a string I/O instruction (for example, outs or ins) using the exit reason SVM_EXIT_IOIO. This issue results in a crash of the entire system or a potential guest-to-host escape scenario.

Out-of-bounds Read

In the Linux kernel through 5.16.10, certain binary files may have the exec-all attribute if they were built in approximately 2003 (e.g

CVE-2022-25265 7.8 - High - February 16, 2022

In the Linux kernel through 5.16.10, certain binary files may have the exec-all attribute if they were built in approximately 2003 (e.g., with GCC 3.2.2 and Linux kernel 2.4.20). This can cause execution of bytes located in supposedly non-executable regions of a file.

Improper Control of Dynamically-Managed Code Resources

An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10

CVE-2022-25258 4.6 - Medium - February 16, 2022

An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. The USB Gadget subsystem lacks certain validation of interface OS descriptor requests (ones with a large array index and ones associated with NULL function pointer retrieval). Memory corruption might occur.

NULL Pointer Dereference

A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel

CVE-2021-3753 4.7 - Medium - February 16, 2022

A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_ioctl (KDSETMDE). The highest threat from this vulnerability is to data confidentiality.

Race Condition

A flaw was found in the Linux kernel

CVE-2021-3760 7.8 - High - February 16, 2022

A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat to confidentiality, integrity, and system availability.

Dangling pointer

A flaw in netfilter could

CVE-2021-3773 9.8 - Critical - February 16, 2022

A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks.

A use-after-free flaw was found in the Linux kernels Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition

CVE-2021-3752 7.1 - High - February 16, 2022

A use-after-free flaw was found in the Linux kernels Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Dangling pointer

A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image

CVE-2022-0617 5.5 - Medium - February 16, 2022

A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2.

NULL Pointer Dereference

In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3

CVE-2021-44879 5.5 - Medium - February 14, 2022

In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL pointer dereference.

NULL Pointer Dereference

A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length

CVE-2022-0185 8.4 - High - February 11, 2022

A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.

Integer Overflow or Wraparound

An information leak flaw was found due to uninitialized memory in the Linux kernel's TIPC protocol subsystem

CVE-2022-0382 5.5 - Medium - February 11, 2022

An information leak flaw was found due to uninitialized memory in the Linux kernel's TIPC protocol subsystem, in the way a user sends a TIPC datagram to one or more destinations. This flaw allows a local user to read some kernel memory. This issue is limited to no more than 7 bytes, and the user cannot control what is read. This flaw affects the Linux kernel versions prior to 5.17-rc1.

Missing Initialization of Resource

The check_alu_op() function in kernel/bpf/verifier.c in the Linux kernel through v5.16-rc5 did not properly update bounds while handling the mov32 instruction, which

CVE-2021-45402 5.5 - Medium - February 11, 2022

The check_alu_op() function in kernel/bpf/verifier.c in the Linux kernel through v5.16-rc5 did not properly update bounds while handling the mov32 instruction, which allows local users to obtain potentially sensitive address information, aka a "pointer leak."

Exposure of Resource to Wrong Sphere

drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev->buf release.

CVE-2022-24958 7.8 - High - February 11, 2022

drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev->buf release.

Release of Invalid Pointer or Reference

An issue was discovered in the Linux kernel before 5.16.5

CVE-2022-24959 5.5 - Medium - February 11, 2022

An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yam_siocdevprivate in drivers/net/hamradio/yam.c.

Memory Leak

A vulnerability was found in the Linux kernel's eBPF verifier when handling internal data structures

CVE-2022-0264 5.5 - Medium - February 04, 2022

A vulnerability was found in the Linux kernel's eBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel. This flaws affects kernel versions < v5.16-rc6

Improper Handling of Exceptional Conditions

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Linux Kernel or by Linux? Click the Watch button to subscribe.

Linux
Vendor

Linux Kernel
Product

subscribe