Linux Kernel Linux Kernel

Do you want an email whenever new security vulnerabilities are reported in Linux Kernel?

By the Year

In 2023 there have been 18 vulnerabilities in Linux Kernel with an average score of 6.6 out of ten. Last year Linux Kernel had 309 security vulnerabilities published. Right now, Linux Kernel is on track to have less security vulnerabilities in 2023 than it did last year. However, the average CVE base score of the vulnerabilities in 2023 is greater by 0.14.

Year Vulnerabilities Average Score
2023 18 6.57
2022 309 6.44
2021 161 6.48
2020 120 6.16
2019 271 6.35
2018 150 6.29

It may take a day or so for new Linux Kernel vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Linux Kernel Security Vulnerabilities

A use-after-free flaw was found in io_uring/filetable.c in io_install_fixed_file in the io_uring subcomponent in the Linux Kernel during call cleanup

CVE-2023-0469 5.5 - Medium - January 26, 2023

A use-after-free flaw was found in io_uring/filetable.c in io_install_fixed_file in the io_uring subcomponent in the Linux Kernel during call cleanup. This flaw may lead to a denial of service.

Dangling pointer

A use-after-free flaw was found in io_uring/poll.c in io_poll_check_events in the io_uring subcomponent in the Linux Kernel due to a race condition of poll_refs

CVE-2023-0468 4.7 - Medium - January 26, 2023

A use-after-free flaw was found in io_uring/poll.c in io_poll_check_events in the io_uring subcomponent in the Linux Kernel due to a race condition of poll_refs. This flaw may cause a NULL pointer dereference.

Dangling pointer

A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel

CVE-2023-0394 5.5 - Medium - January 26, 2023

A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash.

NULL Pointer Dereference

A NULL pointer dereference vulnerability in the Linux kernel NVMe functionality, in nvmet_setup_auth()

CVE-2023-0122 7.5 - High - January 17, 2023

A NULL pointer dereference vulnerability in the Linux kernel NVMe functionality, in nvmet_setup_auth(), allows an attacker to perform a Pre-Auth Denial of Service (DoS) attack on a remote machine. Affected versions v6.0-rc1 to v6.0-rc3, fixed in v6.0-rc4.

NULL Pointer Dereference

In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration

CVE-2022-47929 5.5 - Medium - January 17, 2023

In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands. This affects qdisc_graft in net/sched/sch_api.c.

NULL Pointer Dereference

A flaw was found in the Linux kernel

CVE-2022-41858 7.1 - High - January 17, 2023

A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information.

Dangling pointer

In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5

CVE-2023-23559 7.8 - High - January 13, 2023

In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition.

Integer Overflow or Wraparound

A flaw NULL Pointer Dereference in the Linux kernel NTFS3 driver function attr_punch_hole() was found

CVE-2022-4842 5.5 - Medium - January 12, 2023

A flaw NULL Pointer Dereference in the Linux kernel NTFS3 driver function attr_punch_hole() was found. A local user could use this flaw to crash the system.

NULL Pointer Dereference

A use-after-free flaw was found in the Linux kernel MCTP (Management Component Transport Protocol) functionality

CVE-2022-3977 7.8 - High - January 12, 2023

A use-after-free flaw was found in the Linux kernel MCTP (Management Component Transport Protocol) functionality. This issue occurs when a user simultaneously calls DROPTAG ioctl and socket close happens, which could allow a local user to crash the system or potentially escalate their privileges on the system.

Dangling pointer

A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver

CVE-2022-3628 6.6 - Medium - January 12, 2023

A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device. This can allow a local user to crash the system or escalate their privileges.

Classic Buffer Overflow

cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4

CVE-2023-23454 5.5 - Medium - January 12, 2023

cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).

Object Type Confusion

atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4

CVE-2023-23455 5.5 - Medium - January 12, 2023

atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).

Object Type Confusion

A flaw named "EntryBleed" was found in the Linux Kernel Page Table Isolation (KPTI)

CVE-2022-4543 5.5 - Medium - January 11, 2023

A flaw named "EntryBleed" was found in the Linux Kernel Page Table Isolation (KPTI). This issue could allow a local attacker to leak KASLR base via prefetch side-channels based on TLB timing for Intel systems.

Side Channel Attack

There exists a use-after-free vulnerability in the Linux kernel through io_uring and the IORING_OP_SPLICE operation

CVE-2022-4696 7.8 - High - January 11, 2023

There exists a use-after-free vulnerability in the Linux kernel through io_uring and the IORING_OP_SPLICE operation. If IORING_OP_SPLICE is missing the IO_WQ_WORK_FILES flag, which signals that the operation won't use current->nsproxy, so its reference counter is not increased. This assumption is not always true as calling io_splice on specific files will call the get_uts function which will use current->nsproxy leading to invalidly decreasing its reference counter later causing the use-after-free vulnerability. We recommend upgrading to version 5.10.160 or above

Dangling pointer

A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel

CVE-2022-4379 7.5 - High - January 10, 2023

A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allows an attacker to conduct a remote denial

Dangling pointer

A use-after-free flaw caused by a race among the superblock operations in the gadgetfs Linux driver was found

CVE-2022-4382 6.4 - Medium - January 10, 2023

A use-after-free flaw caused by a race among the superblock operations in the gadgetfs Linux driver was found. It could be triggered by yanking out a device that is running the gadgetfs side.

Dangling pointer

A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks

CVE-2022-2196 8.8 - High - January 09, 2023

A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past commit 2e7eab81425a

Insecure Default Initialization of Resource

A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables

CVE-2022-4378 7.8 - High - January 05, 2023

A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Memory Corruption

An issue was discovered in the Linux kernel 5.10.x before 5.10.155

CVE-2022-47946 5.5 - Medium - December 23, 2022

An issue was discovered in the Linux kernel 5.10.x before 5.10.155. A use-after-free in io_sqpoll_wait_sq in fs/io_uring.c allows an attacker to crash the kernel, resulting in denial of service. finish_wait can be skipped. An attack can occur in some situations by forking a process and then quickly terminating it. NOTE: later kernel versions, such as the 5.15 longterm series, substantially changed the implementation of io_sqpoll_wait_sq.

Dangling pointer

An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2

CVE-2022-47943 8.1 - High - December 23, 2022

An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is an out-of-bounds read and OOPS for SMB2_WRITE, when there is a large length in the zero DataOffset case.

Out-of-bounds Read

An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2

CVE-2022-47938 6.5 - Medium - December 23, 2022

An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2misc.c has an out-of-bounds read and OOPS for SMB2_TREE_CONNECT.

Out-of-bounds Read

An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2

CVE-2022-47939 9.8 - Critical - December 23, 2022

An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2pdu.c has a use-after-free and OOPS for SMB2_TREE_DISCONNECT.

Dangling pointer

An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.18 before 5.18.18

CVE-2022-47940 8.1 - High - December 23, 2022

An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.18 before 5.18.18. fs/ksmbd/smb2pdu.c lacks length validation in the non-padding case in smb2_write.

Out-of-bounds Read

An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2

CVE-2022-47941 7.5 - High - December 23, 2022

An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2pdu.c omits a kfree call in certain smb2_handle_negotiate error conditions, aka a memory leak.

Memory Leak

An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2

CVE-2022-47942 8.8 - High - December 23, 2022

An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is a heap-based buffer overflow in set_ntacl_dacl, related to use of SMB2_QUERY_INFO_HE after a malformed SMB2_SET_INFO_HE command.

Memory Corruption

A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device

CVE-2022-4662 5.5 - Medium - December 22, 2022

A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system.

Non-exit on Failed Initialization

An issue was discovered in the Linux kernel before 6.0.11

CVE-2022-47518 7.8 - High - December 18, 2022

An issue was discovered in the Linux kernel before 6.0.11. Missing validation of the number of channels in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when copying the list of operating channels from Wi-Fi management frames.

Memory Corruption

An issue was discovered in the Linux kernel before 6.0.11

CVE-2022-47519 7.8 - High - December 18, 2022

An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211_P2P_ATTR_OPER_CHANNEL in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger an out-of-bounds write when parsing the channel list attribute from Wi-Fi management frames.

Memory Corruption

An issue was discovered in the Linux kernel before 6.0.11

CVE-2022-47520 7.1 - High - December 18, 2022

An issue was discovered in the Linux kernel before 6.0.11. Missing offset validation in drivers/net/wireless/microchip/wilc1000/hif.c in the WILC1000 wireless driver can trigger an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet.

Out-of-bounds Read

An issue was discovered in the Linux kernel before 6.0.11

CVE-2022-47521 7.8 - High - December 18, 2022

An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211_P2P_ATTR_CHANNEL_LIST in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when parsing the operating channel attribute from Wi-Fi management frames.

Memory Corruption

An issue was discovered in the Linux kernel through 5.16-rc6

CVE-2022-3104 5.5 - Medium - December 14, 2022

An issue was discovered in the Linux kernel through 5.16-rc6. lkdtm_ARRAY_BOUNDS in drivers/misc/lkdtm/bugs.c lacks check of the return value of kmalloc() and will cause the null pointer dereference.

NULL Pointer Dereference

An issue was discovered in the Linux kernel through 5.16-rc6

CVE-2022-3105 5.5 - Medium - December 14, 2022

An issue was discovered in the Linux kernel through 5.16-rc6. uapi_finalize in drivers/infiniband/core/uverbs_uapi.c lacks check of kmalloc_array().

NULL Pointer Dereference

An issue was discovered in the Linux kernel through 5.16-rc6

CVE-2022-3106 5.5 - Medium - December 14, 2022

An issue was discovered in the Linux kernel through 5.16-rc6. ef100_update_stats in drivers/net/ethernet/sfc/ef100_nic.c lacks check of the return value of kmalloc().

NULL Pointer Dereference

An issue was discovered in the Linux kernel through 5.16-rc6

CVE-2022-3107 5.5 - Medium - December 14, 2022

An issue was discovered in the Linux kernel through 5.16-rc6. netvsc_get_ethtool_stats in drivers/net/hyperv/netvsc_drv.c lacks check of the return value of kvmalloc_array() and will cause the null pointer dereference.

NULL Pointer Dereference

An issue was discovered in the Linux kernel through 5.16-rc6

CVE-2022-3108 5.5 - Medium - December 14, 2022

An issue was discovered in the Linux kernel through 5.16-rc6. kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c lacks check of the return value of kmemdup().

Unchecked Return Value

An issue was discovered in the Linux kernel through 5.16-rc6

CVE-2022-3110 5.5 - Medium - December 14, 2022

An issue was discovered in the Linux kernel through 5.16-rc6. _rtw_init_xmit_priv in drivers/staging/r8188eu/core/rtw_xmit.c lacks check of the return value of rtw_alloc_hwxmits() and will cause the null pointer dereference.

NULL Pointer Dereference

An issue was discovered in the Linux kernel through 5.16-rc6

CVE-2022-3111 5.5 - Medium - December 14, 2022

An issue was discovered in the Linux kernel through 5.16-rc6. free_charger_irq() in drivers/power/supply/wm8350_power.c lacks free of WM8350_IRQ_CHG_FAST_RDY, which is registered in wm8350_init_charger().

NULL Pointer Dereference

An issue was discovered in the Linux kernel through 5.16-rc6

CVE-2022-3112 5.5 - Medium - December 14, 2022

An issue was discovered in the Linux kernel through 5.16-rc6. amvdec_set_canvases in drivers/staging/media/meson/vdec/vdec_helpers.c lacks check of the return value of kzalloc() and will cause the null pointer dereference.

NULL Pointer Dereference

An issue was discovered in the Linux kernel through 5.16-rc6

CVE-2022-3113 5.5 - Medium - December 14, 2022

An issue was discovered in the Linux kernel through 5.16-rc6. mtk_vcodec_fw_vpu_init in drivers/media/platform/mtk-vcodec/mtk_vcodec_fw_vpu.c lacks check of the return value of devm_kzalloc() and will cause the null pointer dereference.

NULL Pointer Dereference

An issue was discovered in the Linux kernel through 5.16-rc6

CVE-2022-3114 5.5 - Medium - December 14, 2022

An issue was discovered in the Linux kernel through 5.16-rc6. imx_register_uart_clocks in drivers/clk/imx/clk.c lacks check of the return value of kcalloc() and will cause the null pointer dereference.

NULL Pointer Dereference

An issue was discovered in the Linux kernel through 5.16-rc6

CVE-2022-3115 5.5 - Medium - December 14, 2022

An issue was discovered in the Linux kernel through 5.16-rc6. malidp_crtc_reset in drivers/gpu/drm/arm/malidp_crtc.c lacks check of the return value of kzalloc() and will cause the null pointer dereference.

NULL Pointer Dereference

Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains

CVE-2022-42328 5.5 - Medium - December 07, 2022

Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329).

Improper Locking

Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains

CVE-2022-42329 5.5 - Medium - December 07, 2022

Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329).

Improper Locking

A flaw was found in the Linux kernel Traffic Control (TC) subsystem

CVE-2022-4269 5.5 - Medium - December 05, 2022

A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action "mirred") a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in use (TCP or SCTP) does a retransmission, resulting in a denial of service condition.

Deadlock

A race condition in the x86 KVM subsystem in the Linux kernel through 6.1-rc6

CVE-2022-45869 5.5 - Medium - November 30, 2022

A race condition in the x86 KVM subsystem in the Linux kernel through 6.1-rc6 allows guest OS users to cause a denial of service (host OS crash or host OS memory corruption) when nested virtualisation and the TDP MMU are enabled.

Race Condition

A NULL pointer dereference issue was discovered in the Linux kernel in io_files_update_with_index_alloc

CVE-2022-4127 5.5 - Medium - November 28, 2022

A NULL pointer dereference issue was discovered in the Linux kernel in io_files_update_with_index_alloc. A local user could use this flaw to potentially crash the system causing a denial of service.

NULL Pointer Dereference

An issue was discovered in the Linux kernel through 6.0.10

CVE-2022-45934 7.8 - High - November 27, 2022

An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.

Integer Overflow or Wraparound

An issue was discovered in the Linux kernel through 6.0.10

CVE-2022-45919 7 - High - November 27, 2022

An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is a disconnect after an open, because of the lack of a wait_event.

Dangling pointer

An issue was discovered in the Linux kernel through 6.0.9

CVE-2022-45884 7 - High - November 25, 2022

An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops.

Race Condition

An issue was discovered in the Linux kernel through 6.0.9

CVE-2022-45885 7 - High - November 25, 2022

An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected.

Race Condition

An issue was discovered in the Linux kernel through 6.0.9

CVE-2022-45886 7 - High - November 25, 2022

An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free.

Race Condition

An issue was discovered in the Linux kernel through 6.0.9

CVE-2022-45887 4.7 - Medium - November 25, 2022

An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call.

Race Condition

An issue was discovered in the Linux kernel through 6.0.9

CVE-2022-45888 6.4 - Medium - November 25, 2022

An issue was discovered in the Linux kernel through 6.0.9. drivers/char/xillybus/xillyusb.c has a race condition and use-after-free during physical removal of a USB device.

Race Condition

There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function

CVE-2022-42895 6.5 - Medium - November 23, 2022

There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url

Access of Uninitialized Pointer

There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may

CVE-2022-42896 8.8 - High - November 23, 2022

There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url

Dangling pointer

Use After Free vulnerability in Linux Kernel allows Privilege Escalation

CVE-2022-3910 7.8 - High - November 22, 2022

Use After Free vulnerability in Linux Kernel allows Privilege Escalation. An improper Update of Reference Count in io_uring leads to Use-After-Free and Local Privilege Escalation. When io_msg_ring was invoked with a fixed file, it called io_fput_file() which improperly decreased its reference count (leading to Use-After-Free and Local Privilege Escalation). Fixed files are permanently registered to the ring, and should not be put separately. We recommend upgrading past commit https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679 https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679

Dangling pointer

A double-free flaw was found in the Linux kernels NTFS3 subsystem in how a user triggers remount and umount simultaneously

CVE-2022-3238 7.8 - High - November 14, 2022

A double-free flaw was found in the Linux kernels NTFS3 subsystem in how a user triggers remount and umount simultaneously. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Double-free

An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel

CVE-2022-3903 4.6 - Medium - November 14, 2022

An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the resources, causing denial of service or potentially crashing the system.

Object Type Confusion

The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow

CVE-2022-43945 7.5 - High - November 04, 2022

The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Allocation of Resources Without Limits or Throttling

An issue was discovered in the Linux kernel through 6.0.6

CVE-2022-44032 6.4 - Medium - October 30, 2022

An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4000_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cmm_open() and cm4000_detach().

Race Condition

An issue was discovered in the Linux kernel through 6.0.6

CVE-2022-44034 6.4 - Medium - October 30, 2022

An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/scr24x_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between scr24x_open() and scr24x_remove().

Race Condition

An issue was discovered in the Linux kernel through 6.0.6

CVE-2022-44033 6.4 - Medium - October 30, 2022

An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4040_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cm4040_open() and reader_detach().

Race Condition

drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1

CVE-2022-43750 7.8 - High - October 26, 2022

drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor's internal memory.

Memory Corruption

A flaw was found in the KVM's AMD nested virtualization (SVM)

CVE-2022-3344 5.5 - Medium - October 25, 2022

A flaw was found in the KVM's AMD nested virtualization (SVM). A malicious L1 guest could purposely fail to intercept the shutdown of a cooperative nested guest (L2), possibly leading to a page fault and kernel panic in the host (L0).

Expected Behavior Violation

A vulnerability was found in Linux Kernel

CVE-2022-3649 7 - High - October 21, 2022

A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211992.

Buffer Overflow

A vulnerability, which was classified as problematic, has been found in Linux Kernel

CVE-2022-3646 4.3 - Medium - October 21, 2022

A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function nilfs_attach_log_writer of the file fs/nilfs2/segment.c of the component BPF. The manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211961 was assigned to this vulnerability.

Improper Resource Shutdown or Release

A vulnerability, which was classified as critical, was found in Linux Kernel

CVE-2022-3640 8.8 - High - October 21, 2022

A vulnerability, which was classified as critical, was found in Linux Kernel. Affected is the function l2cap_conn_del of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211944.

Buffer Overflow

A vulnerability classified as problematic has been found in Linux Kernel

CVE-2022-3633 3.3 - Low - October 21, 2022

A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function j1939_session_destroy of the file net/can/j1939/transport.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211932.

Memory Leak

A vulnerability, which was classified as critical, has been found in Linux Kernel

CVE-2022-3635 7 - High - October 21, 2022

A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 is the identifier assigned to this vulnerability.

Buffer Overflow

A vulnerability, which was classified as critical, was found in Linux Kernel

CVE-2022-3636 7.8 - High - October 21, 2022

A vulnerability, which was classified as critical, was found in Linux Kernel. This affects the function __mtk_ppe_check_skb of the file drivers/net/ethernet/mediatek/mtk_ppe.c of the component Ethernet Handler. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211935.

Buffer Overflow

A vulnerability has been found in Linux Kernel and classified as problematic

CVE-2022-3637 5.5 - Medium - October 21, 2022

A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function jlink_init of the file monitor/jlink.c of the component BlueZ. The manipulation leads to denial of service. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211936.

Improper Resource Shutdown or Release

A vulnerability was found in Linux Kernel and classified as problematic

CVE-2022-3624 3.3 - Low - October 21, 2022

A vulnerability was found in Linux Kernel and classified as problematic. Affected by this issue is the function rlb_arp_xmit of the file drivers/net/bonding/bond_alb.c of the component IPsec. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211928.

Memory Leak

A vulnerability was found in Linux Kernel

CVE-2022-3625 7.8 - High - October 21, 2022

A vulnerability was found in Linux Kernel. It has been classified as critical. This affects the function devlink_param_set/devlink_param_get of the file net/core/devlink.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211929 was assigned to this vulnerability.

Buffer Overflow

A vulnerability was found in Linux Kernel

CVE-2022-3629 3.3 - Low - October 21, 2022

A vulnerability was found in Linux Kernel. It has been declared as problematic. This vulnerability affects the function vsock_connect of the file net/vmw_vsock/af_vsock.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211930 is the identifier assigned to this vulnerability.

Memory Leak

A vulnerability was found in Linux Kernel

CVE-2022-3630 5.5 - Medium - October 21, 2022

A vulnerability was found in Linux Kernel. It has been rated as problematic. This issue affects some unknown processing of the file fs/fscache/cookie.c of the component IPsec. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211931.

Memory Leak

A vulnerability was found in Linux Kernel

CVE-2022-3621 6.5 - Medium - October 20, 2022

A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_bmap_lookup_at_level of the file fs/nilfs2/inode.c of the component nilfs2. The manipulation leads to null pointer dereference. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211920.

NULL Pointer Dereference

A vulnerability was found in Linux Kernel

CVE-2022-3623 7.5 - High - October 20, 2022

A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function follow_page_pte of the file mm/gup.c of the component BPF. The manipulation leads to race condition. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211921 was assigned to this vulnerability.

Race Condition

A vulnerability has been found in Linux Kernel and classified as problematic

CVE-2022-3619 4.3 - Medium - October 20, 2022

A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function l2cap_recv_acldata of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211918 is the identifier assigned to this vulnerability.

Memory Leak

An out-of-bounds memory write flaw was found in the Linux kernels Kid-friendly Wired Controller driver

CVE-2022-3577 7.8 - High - October 20, 2022

An out-of-bounds memory write flaw was found in the Linux kernels Kid-friendly Wired Controller driver. This flaw allows a local user to crash or potentially escalate their privileges on the system. It is in bigben_probe of drivers/hid/hid-bigbenff.c. The reason is incorrect assumption - bigben devices all have inputs. However, malicious devices can break this assumption, leaking to out-of-bound write.

Memory Corruption

A flaw was found in the Linux kernels networking code

CVE-2022-3586 5.5 - Medium - October 19, 2022

A flaw was found in the Linux kernels networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed) into a child qdisc. This flaw allows a local, unprivileged user to crash the system, causing a denial of service.

Dangling pointer

A vulnerability was found in Linux Kernel

CVE-2022-3606 5.5 - Medium - October 19, 2022

A vulnerability was found in Linux Kernel. It has been classified as problematic. This affects the function find_prog_by_sec_insn of the file tools/lib/bpf/libbpf.c of the component BPF. The manipulation leads to null pointer dereference. It is recommended to apply a patch to fix this issue. The identifier VDB-211749 was assigned to this vulnerability.

NULL Pointer Dereference

A vulnerability was found in Linux Kernel

CVE-2022-3594 7.5 - High - October 18, 2022

A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function intr_callback of the file drivers/net/usb/r8152.c of the component BPF. The manipulation leads to logging of excessive data. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211363.

Improper Resource Shutdown or Release

A vulnerability was found in Linux Kernel

CVE-2022-3595 5.5 - Medium - October 18, 2022

A vulnerability was found in Linux Kernel. It has been rated as problematic. Affected by this issue is the function sess_free_buffer of the file fs/cifs/sess.c of the component CIFS Handler. The manipulation leads to double free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211364.

Double-free

A vulnerability has been found in Linux Kernel and classified as problematic

CVE-2022-3567 7.1 - High - October 17, 2022

A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function inet6_stream_ops/inet6_dgram_ops of the component IPv6 Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211090 is the identifier assigned to this vulnerability.

Race Condition

A vulnerability, which was classified as problematic, was found in Linux Kernel

CVE-2022-3566 7.1 - High - October 17, 2022

A vulnerability, which was classified as problematic, was found in Linux Kernel. This affects the function tcp_getsockopt/tcp_setsockopt of the component TCP Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. The identifier VDB-211089 was assigned to this vulnerability.

Race Condition

A vulnerability, which was classified as critical, has been found in Linux Kernel

CVE-2022-3565 8 - High - October 17, 2022

A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function del_timer of the file drivers/isdn/mISDN/l1oip_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211088.

Buffer Overflow

A vulnerability classified as problematic has been found in Linux Kernel

CVE-2022-3563 5.7 - Medium - October 17, 2022

A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function read_50_controller_cap_complete of the file tools/mgmt-tester.c of the component BlueZ. The manipulation of the argument cap_len leads to null pointer dereference. It is recommended to apply a patch to fix this issue. VDB-211086 is the identifier assigned to this vulnerability.

NULL Pointer Dereference

A vulnerability classified as critical was found in Linux Kernel

CVE-2022-3564 7.1 - High - October 17, 2022

A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087.

Buffer Overflow

A vulnerability classified as critical has been found in Linux Kernel

CVE-2022-3541 7.8 - High - October 17, 2022

A vulnerability classified as critical has been found in Linux Kernel. This affects the function spl2sw_nvmem_get_mac_address of the file drivers/net/ethernet/sunplus/spl2sw_driver.c of the component BPF. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211041 was assigned to this vulnerability.

Buffer Overflow

A vulnerability, which was classified as problematic, has been found in Linux Kernel

CVE-2022-3543 5.5 - Medium - October 17, 2022

A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function unix_sock_destructor/unix_release_sock of the file net/unix/af_unix.c of the component BPF. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211043.

Improper Resource Shutdown or Release

A vulnerability, which was classified as problematic, was found in Linux Kernel

CVE-2022-3544 5.5 - Medium - October 17, 2022

A vulnerability, which was classified as problematic, was found in Linux Kernel. Affected is the function damon_sysfs_add_target of the file mm/damon/sysfs.c of the component Netfilter. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211044.

Improper Resource Shutdown or Release

A vulnerability has been found in Linux Kernel and classified as critical

CVE-2022-3545 7.8 - High - October 17, 2022

A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211045 was assigned to this vulnerability.

Buffer Overflow

A vulnerability was found in Linux Kernel

CVE-2022-3533 5.7 - Medium - October 17, 2022

A vulnerability was found in Linux Kernel. It has been rated as problematic. This issue affects the function parse_usdt_arg of the file tools/lib/bpf/usdt.c of the component BPF. The manipulation of the argument reg_name leads to memory leak. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211031.

Improper Resource Shutdown or Release

A vulnerability classified as critical has been found in Linux Kernel

CVE-2022-3534 8 - High - October 17, 2022

A vulnerability classified as critical has been found in Linux Kernel. Affected is the function btf_dump_name_dups of the file tools/lib/bpf/btf_dump.c of the component libbpf. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211032.

Dangling pointer

A vulnerability classified as problematic was found in Linux Kernel

CVE-2022-3526 7.5 - High - October 16, 2022

A vulnerability classified as problematic was found in Linux Kernel. This vulnerability affects the function macvlan_handle_frame of the file drivers/net/macvlan.c of the component skb. The manipulation leads to memory leak. The attack can be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211024.

Memory Leak

A vulnerability was found in Linux Kernel

CVE-2022-3523 5.3 - Medium - October 16, 2022

A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is an unknown function of the file mm/memory.c of the component Driver Handler. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211020.

Dangling pointer

A vulnerability was found in Linux Kernel

CVE-2022-3524 5.5 - Medium - October 16, 2022

A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211021 was assigned to this vulnerability.

Improper Resource Shutdown or Release

A vulnerability has been found in Linux Kernel and classified as problematic

CVE-2022-3521 2.5 - Low - October 16, 2022

A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function kcm_tx_work of the file net/kcm/kcmsock.c of the component kcm. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211018 is the identifier assigned to this vulnerability.

Race Condition

Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-free conditions to potentially execute code.

CVE-2022-42720 7.8 - High - October 14, 2022

Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-free conditions to potentially execute code.

Dangling pointer

In the Linux kernel 5.8 through 5.19.x before 5.19.16

CVE-2022-42722 5.5 - Medium - October 14, 2022

In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers able to inject WLAN frames into the mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon protection of P2P devices.

NULL Pointer Dereference

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Debian Linux or by Linux? Click the Watch button to subscribe.

Linux
Vendor

Linux Kernel
Product

subscribe