Linux Kernel Linux Kernel

Do you want an email whenever new security vulnerabilities are reported in Linux Kernel?

By the Year

In 2022 there have been 218 vulnerabilities in Linux Kernel with an average score of 6.5 out of ten. Last year Linux Kernel had 161 security vulnerabilities published. That is, 57 more vulnerabilities have already been reported in 2022 as compared to last year. However, the average CVE base score of the vulnerabilities in 2022 is greater by 0.02.

Year Vulnerabilities Average Score
2022 218 6.51
2021 161 6.48
2020 119 6.15
2019 267 6.29
2018 145 6.27

It may take a day or so for new Linux Kernel vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Linux Kernel Security Vulnerabilities

A race condition flaw was found in the Linux kernel sound subsystem due to improper locking

CVE-2022-3303 4.7 - Medium - September 27, 2022

A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition

Race Condition

off-by-one in io_uring module.

CVE-2022-3103 7.8 - High - September 26, 2022

off-by-one in io_uring module.

off-by-five

There exists an arbitrary memory read within the Linux Kernel BPF - Constants provided to fill pointers in structs passed in to bpf_sys_bpf are not verified and

CVE-2022-2785 5.5 - Medium - September 23, 2022

There exists an arbitrary memory read within the Linux Kernel BPF - Constants provided to fill pointers in structs passed in to bpf_sys_bpf are not verified and can point anywhere, including memory not owned by BPF. An attacker with CAP_BPF can arbitrarily read memory from anywhere on the system. We recommend upgrading past commit 86f44fcec22c

Out-of-bounds Read

mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB

CVE-2022-41222 4.7 - Medium - September 21, 2022

mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is not held during a PUD move.

Dangling pointer

In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10

CVE-2022-41218 5.5 - Medium - September 21, 2022

In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release.

Dangling pointer

A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV cards

CVE-2022-3239 7.8 - High - September 19, 2022

A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.

Dangling pointer

drivers/scsi/stex.c in the Linux kernel through 5.19.9

CVE-2022-40768 5.5 - Medium - September 18, 2022

drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.

Exposure of Resource to Wrong Sphere

An integer overflow vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'

CVE-2022-36402 5.5 - Medium - September 16, 2022

An integer overflow vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).

Integer Overflow or Wraparound

There exists a use-after-free in io_uring in the Linux kernel

CVE-2022-3176 7.8 - High - September 16, 2022

There exists a use-after-free in io_uring in the Linux kernel. Signalfd_poll() and binder_poll() use a waitqueue whose lifetime is the current task. It will send a POLLFREE notification to all waiters before the queue is freed. Unfortunately, the io_uring poll doesn't handle POLLFREE. This allows a use-after-free to occur if a signalfd or binder fd is polled with io_uring poll, and the waitqueue gets freed. We recommend upgrading past commit fc78b2fc21f10c4c9c4d5d659a685710ffa63659

Dangling pointer

A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices

CVE-2022-2977 7.8 - High - September 14, 2022

A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after-free and create a situation where it may be possible to escalate privileges on the system.

Dangling pointer

A null pointer dereference issue was discovered in fs/io_uring.c in the Linux kernel before 5.15.62

CVE-2022-40476 5.5 - Medium - September 14, 2022

A null pointer dereference issue was discovered in fs/io_uring.c in the Linux kernel before 5.15.62. A local user could use this flaw to crash the system or potentially cause a denial of service.

NULL Pointer Dereference

A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in Journaled File System (JFS)in the Linux kernel

CVE-2022-3202 7.1 - High - September 14, 2022

A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in Journaled File System (JFS)in the Linux kernel. This could allow a local attacker to crash the system or leak kernel internal information.

NULL Pointer Dereference

An out-of-bounds access issue was found in the Linux kernel sound subsystem

CVE-2022-3170 7.8 - High - September 13, 2022

An out-of-bounds access issue was found in the Linux kernel sound subsystem. It could occur when the 'id->name' provided by the user did not end with '\0'. A privileged local user could pass a specially crafted name through ioctl() interface and crash the system or potentially escalate their privileges on the system.

Out-of-bounds Read

An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map

CVE-2022-2905 5.5 - Medium - September 09, 2022

An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map. This flaw allows a local user to gain unauthorized access to data.

Out-of-bounds Read

An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'

CVE-2022-36280 5.5 - Medium - September 09, 2022

An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).

Memory Corruption

A flaw was found in the Linux kernels driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices

CVE-2022-2964 7.8 - High - September 09, 2022

A flaw was found in the Linux kernels driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes.

Memory Corruption

A buffer overflow vulnerability was found in the Linux kernel Intels iSMT SMBus host controller driver in the way it handled the I2C_SMBUS_BLOCK_PROC_CALL case (

CVE-2022-3077 5.5 - Medium - September 09, 2022

A buffer overflow vulnerability was found in the Linux kernel Intels iSMT SMBus host controller driver in the way it handled the I2C_SMBUS_BLOCK_PROC_CALL case (via the ioctl I2C_SMBUS) with malicious input data. This flaw could allow a local user to crash the system.

Classic Buffer Overflow

A NULL pointer dereference vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'

CVE-2022-38096 5.5 - Medium - September 09, 2022

A NULL pointer dereference vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).

NULL Pointer Dereference

A use-after-free(UAF) vulnerability was found in function 'vmw_cmd_res_check' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'

CVE-2022-38457 5.5 - Medium - September 09, 2022

A use-after-free(UAF) vulnerability was found in function 'vmw_cmd_res_check' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).

Dangling pointer

A use-after-free(UAF) vulnerability was found in function 'vmw_execbuf_tie_context' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'

CVE-2022-40133 5.5 - Medium - September 09, 2022

A use-after-free(UAF) vulnerability was found in function 'vmw_execbuf_tie_context' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).

Dangling pointer

A flaw was found in the Linux kernel

CVE-2022-3169 5.5 - Medium - September 09, 2022

A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request of the NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET through the device file of the driver, resulting in a PCIe link disconnect.

Improper Input Validation

An issue was discovered in the Linux kernel through 5.19.8

CVE-2022-40307 4.7 - Medium - September 09, 2022

An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free.

Dangling pointer

An issue was discovered in the Linux kernel before 5.19

CVE-2022-39842 7.8 - High - September 05, 2022

An issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu_write in drivers/video/fbdev/pxa3xx-gcu.c, the count parameter has a type conflict of size_t versus int, causing an integer overflow and bypassing the size check. After that, because it is used as the third argument to copy_from_user(), a heap overflow may occur.

Integer Overflow or Wraparound

An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17

CVE-2022-39189 7.8 - High - September 02, 2022

An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations.

An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6

CVE-2022-39190 5.5 - Medium - September 02, 2022

An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain.

Resource Exhaustion

An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19

CVE-2022-39188 4.7 - Medium - September 02, 2022

An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs.

Race Condition

An integer coercion error was found in the openvswitch kernel module

CVE-2022-2639 7.8 - High - September 01, 2022

An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Memory Corruption

An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message

CVE-2022-2663 5.3 - Medium - September 01, 2022

An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured.

A flaw was found in vDPA with VDUSE backend

CVE-2022-2308 6.5 - Medium - September 01, 2022

A flaw was found in vDPA with VDUSE backend. There are currently no checks in VDUSE kernel driver to ensure the size of the device config space is in line with the features advertised by the VDUSE userspace application. In case of a mismatch, Virtio drivers config read helpers do not initialize the memory indirectly passed to vduse_vdpa_get_config() returning uninitialized memory from the stack. This could cause undefined behavior or data leaks in Virtio drivers.

Use of Uninitialized Resource

An issue was discovered in the Linux kernel through 5.16-rc6

CVE-2022-3078 5.5 - Medium - September 01, 2022

An issue was discovered in the Linux kernel through 5.16-rc6. There is a lack of check after calling vzalloc() and lack of free after allocation in drivers/media/test-drivers/vidtv/vidtv_s302m.c.

NULL Pointer Dereference

A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges

CVE-2022-1729 7 - High - September 01, 2022

A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc.

Race Condition

A vulnerability was found in the Linux kernel

CVE-2020-27784 5.5 - Medium - September 01, 2022

A vulnerability was found in the Linux kernel, where accessing a deallocated instance in printer_ioctl() printer_ioctl() tries to access of a printer_dev instance. However, use-after-free arises because it had been freed by gprinter_free().

Dangling pointer

Found Linux Kernel flaw in the i740 driver

CVE-2022-3061 5.5 - Medium - September 01, 2022

Found Linux Kernel flaw in the i740 driver. The Userspace program could pass any values to the driver through ioctl() interface. The driver doesn't check the value of 'pixclock', so it may cause a divide by zero error.

Divide By Zero

A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only shared memory mappings

CVE-2022-2590 7 - High - August 31, 2022

A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only shared memory mappings. This flaw allows an unprivileged, local user to gain write access to read-only memory mappings, increasing their privileges on the system.

Race Condition

A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously

CVE-2022-3028 7 - High - August 31, 2022

A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket.

Race Condition

There is a sleep-in-atomic bug in /net/nfc/netlink.c

CVE-2022-1975 5.5 - Medium - August 31, 2022

There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by simulating a nfc device from user-space.

A flaw was found in the Linux kernels implementation of IO-URING

CVE-2022-1976 7.8 - High - August 31, 2022

A flaw was found in the Linux kernels implementation of IO-URING. This flaw allows an attacker with local executable permission to create a string of requests that can cause a use-after-free flaw within the kernel. This issue leads to memory corruption and possible privilege escalation.

Dangling pointer

A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete

CVE-2022-1974 4.1 - Medium - August 31, 2022

A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN privilege to leak kernel information.

Dangling pointer

A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled

CVE-2022-1263 5.5 - Medium - August 31, 2022

A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service.

NULL Pointer Dereference

A flaw was found in the Linux kernels KVM when attempting to set a SynIC IRQ

CVE-2022-2153 5.5 - Medium - August 31, 2022

A flaw was found in the Linux kernels KVM when attempting to set a SynIC IRQ. This issue makes it possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service.

NULL Pointer Dereference

A NULL pointer dereference flaw was found in the Linux kernels Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol

CVE-2022-1205 4.7 - Medium - August 31, 2022

A NULL pointer dereference flaw was found in the Linux kernels Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system.

NULL Pointer Dereference

An issue found in linux-kernel that leads to a race condition in rose_connect()

CVE-2022-1247 7 - High - August 31, 2022

An issue found in linux-kernel that leads to a race condition in rose_connect(). The rose driver uses rose_neigh->use to represent how many objects are using the rose_neigh. When a user wants to delete a rose_route via rose_ioctl(), the rose driver calls rose_del_node() and removes neighbours only if their count and use are zero.

Race Condition

An out-of-bounds read flaw was found in the Linux kernels io_uring module in the way a user triggers the io_read() function with some special parameters

CVE-2022-1508 6.1 - Medium - August 31, 2022

An out-of-bounds read flaw was found in the Linux kernels io_uring module in the way a user triggers the io_read() function with some special parameters. This flaw allows a local user to read some memory out of bounds.

Out-of-bounds Read

A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free

CVE-2022-1016 5.5 - Medium - August 29, 2022

A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker.

Dangling pointer

A use-after-free vulnerabilitity was discovered in drivers/net/hamradio/6pack.c of linux

CVE-2022-1198 5.5 - Medium - August 29, 2022

A use-after-free vulnerabilitity was discovered in drivers/net/hamradio/6pack.c of linux that allows an attacker to crash linux kernel by simulating ax25 device using 6pack driver from user space.

Dangling pointer

A flaw was found in the Linux kernel

CVE-2022-1199 7.5 - High - August 29, 2022

A flaw was found in the Linux kernel. This flaw allows an attacker to crash the Linux kernel by simulating amateur radio from the user space, resulting in a null-ptr-deref vulnerability and a use-after-free vulnerability.

NULL Pointer Dereference

An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpc_rdma.c in the Linux Kernel

CVE-2022-0812 4.3 - Medium - August 29, 2022

An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpc_rdma.c in the Linux Kernel. This flaw allows an attacker with normal user privileges to leak kernel information.

A vulnerability was found in linux kernel, where an information leak occurs

CVE-2022-0850 7.1 - High - August 29, 2022

A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to userspace.

A flaw was found in the Linux kernels io_uring implementation

CVE-2022-1043 8.8 - High - August 29, 2022

A flaw was found in the Linux kernels io_uring implementation. This flaw allows an attacker with a local account to corrupt system memory, crash the system or escalate privileges.

Dangling pointer

A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernels filesystem sub-component

CVE-2022-1184 5.5 - Medium - August 29, 2022

A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernels filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service.

Dangling pointer

A use-after-free flaw was found in the Linux kernels Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol

CVE-2022-1204 5.5 - Medium - August 29, 2022

A use-after-free flaw was found in the Linux kernels Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system.

Dangling pointer

A use-after-free flaw was found in the Linux kernels PLP Rose functionality in the way a user triggers a race condition by calling bind while simultaneously triggering the rose_bind() function

CVE-2022-2961 7 - High - August 29, 2022

A use-after-free flaw was found in the Linux kernels PLP Rose functionality in the way a user triggers a race condition by calling bind while simultaneously triggering the rose_bind() function. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Dangling pointer

An out-of-bounds read vulnerability was discovered in linux kernel in the smc protocol stack

CVE-2022-0400 7.5 - High - August 29, 2022

An out-of-bounds read vulnerability was discovered in linux kernel in the smc protocol stack, causing remote dos.

Out-of-bounds Read

A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel

CVE-2022-0480 5.5 - Medium - August 29, 2022

A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating System Interface (POSIX) file locks.

Allocation of Resources Without Limits or Throttling

A denial of service (DOS) issue was found in the Linux kernels smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return

CVE-2022-0168 4.4 - Medium - August 26, 2022

A denial of service (DOS) issue was found in the Linux kernels smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system.

NULL Pointer Dereference

A flaw was found in the Linux kernel

CVE-2022-0171 5.5 - Medium - August 26, 2022

A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV).

Insufficient Cleanup

A flaw was found in the way the dumpable flag setting was handled when certain SUID binaries executed its descendants

CVE-2021-3864 7 - High - August 26, 2022

A flaw was found in the way the dumpable flag setting was handled when certain SUID binaries executed its descendants. The prerequisite is a SUID binary that sets real UID equal to effective UID, and real GID equal to effective GID. The descendant will then have a dumpable value set to 1. As a result, if the descendant process crashes and core_pattern is set to a relative value, its core dump is stored in the current directory with uid:gid permissions. An unprivileged local user with eligible root SUID binary could use this flaw to place core dumps into root-owned directories, potentially resulting in escalation of privileges.

A flaw was found in the Linux kernel

CVE-2021-3669 5.5 - Medium - August 26, 2022

A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS.

Resource Exhaustion

A heap-based buffer overflow was found in the Linux kernel's LightNVM subsystem

CVE-2022-2991 6.7 - Medium - August 25, 2022

A heap-based buffer overflow was found in the Linux kernel's LightNVM subsystem. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. This vulnerability allows a local attacker to escalate privileges and execute arbitrary code in the context of the kernel. The attacker must first obtain the ability to execute high-privileged code on the target system to exploit this vulnerability.

Memory Corruption

A race condition was found in the Linux kernel's watch queue due to a missing lock in pipe_resize_ring()

CVE-2022-2959 7 - High - August 25, 2022

A race condition was found in the Linux kernel's watch queue due to a missing lock in pipe_resize_ring(). The specific flaw exists within the handling of pipe buffers. The issue results from the lack of proper locking when performing operations on an object. This flaw allows a local user to crash the system or escalate their privileges on the system.

Race Condition

A flaw was found in the Linux kernels implementation of reading the SVC RDMA counters

CVE-2021-4218 5.5 - Medium - August 24, 2022

A flaw was found in the Linux kernels implementation of reading the SVC RDMA counters. Reading the counter sysctl panics the system. This flaw allows a local attacker with local access to cause a denial of service while the system reboots. The issue is specific to CentOS/RHEL.

Improper Initialization

A flaw use after free in the Linux kernel NILFS file system was found in the way user triggers function security_inode_alloc to fail with following call to function nilfs_mdt_destroy

CVE-2022-2978 7.8 - High - August 24, 2022

A flaw use after free in the Linux kernel NILFS file system was found in the way user triggers function security_inode_alloc to fail with following call to function nilfs_mdt_destroy. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.

Dangling pointer

A flaw in the Linux kernel's implementation of RDMA communications manager listener code

CVE-2021-4028 7.8 - High - August 24, 2022

A flaw in the Linux kernel's implementation of RDMA communications manager listener code allowed an attacker with local access to setup a socket to listen on a high port allowing for a list element to be used after free. Given the ability to execute code, a local attacker could leverage this use-after-free to crash the system or possibly escalate privileges on the system.

Dangling pointer

A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel

CVE-2021-4037 7.8 - High - August 24, 2022

A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not. This vulnerability is similar to the previous CVE-2018-13405 and adds the missed fix for the XFS.

A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size

CVE-2021-4155 5.5 - Medium - August 24, 2022

A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them.

Incorrect Calculation of Buffer Size

A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures

CVE-2021-4159 4.4 - Medium - August 24, 2022

A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel.

An out-of-bounds (OOB) memory access flaw was found in the Linux kernel's eBPF due to an Improper Input Validation

CVE-2021-4204 7.1 - High - August 24, 2022

An out-of-bounds (OOB) memory access flaw was found in the Linux kernel's eBPF due to an Improper Input Validation. This flaw allows a local attacker with a special privilege to crash the system or leak internal information.

Memory Corruption

A flaw was found in the Linux kernel's implementation of Pressure Stall Information

CVE-2022-2938 7.8 - High - August 23, 2022

A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is disabled by default, it could allow an attacker to crash the system or have other memory-corruption side effects.

Dangling pointer

A flaw was found in the Linux kernels memory deduplication mechanism

CVE-2021-3714 7.5 - High - August 23, 2022

A flaw was found in the Linux kernels memory deduplication mechanism. Previous work has shown that memory deduplication can be attacked via a local exploitation mechanism. The same technique can be used if an attacker can upload page sized files and detect the change in access time from a networked service to determine if the page has been merged.

A memory overflow vulnerability was found in the Linux kernels ipc functionality of the memcg subsystem

CVE-2021-3759 5.5 - Medium - August 23, 2022

A memory overflow vulnerability was found in the Linux kernels ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times, creating semaphores. This flaw allows a local user to starve the resources, causing a denial of service. The highest threat from this vulnerability is to system availability.

Resource Exhaustion

A flaw was found in the Linux kernel

CVE-2021-3736 5.5 - Medium - August 23, 2022

A flaw was found in the Linux kernel. A memory leak problem was found in mbochs_ioctl in samples/vfio-mdev/mbochs.c in Virtual Function I/O (VFIO) Mediated devices. This flaw could allow a local attacker to leak internal kernel information.

Memory Leak

A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker to cause a denial of service

CVE-2021-3764 5.5 - Medium - August 23, 2022

A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat from this vulnerability is to system availability.

Memory Leak

An out-of-bounds memory access flaw was found in the Linux kernel Intels iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input data

CVE-2022-2873 5.5 - Medium - August 22, 2022

An out-of-bounds memory access flaw was found in the Linux kernel Intels iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input data. This flaw allows a local user to crash the system.

Incorrect Calculation of Buffer Size

A NULL pointer dereference flaw was found in the Linux kernels IEEE 802.15.4 wireless networking subsystem in the way the user closes the LR-WPAN connection

CVE-2021-3659 5.5 - Medium - August 22, 2022

A NULL pointer dereference flaw was found in the Linux kernels IEEE 802.15.4 wireless networking subsystem in the way the user closes the LR-WPAN connection. This flaw allows a local user to crash the system. The highest threat from this vulnerability is to system availability.

NULL Pointer Dereference

Dm-verity is used for extending root-of-trust to root filesystems

CVE-2022-2503 6.7 - Medium - August 12, 2022

Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates. We recommend upgrading past commit 4caae58406f8ceb741603eee460d79bacca9b1b5

authentification

A flaw was found in KVM

CVE-2022-1158 7.8 - High - August 05, 2022

A flaw was found in KVM. When updating a guest's page table entry, vm_pgoff was improperly used as the offset to get the page's pfn. As vaddr and vm_pgoff are controllable by user-mode processes, this flaw allows unprivileged local users on the host to write outside the userspace region and potentially corrupt the kernel, resulting in a denial of service condition.

Dangling pointer

A use-after-free flaw was found in the Linux kernel in log_replay in fs/ntfs3/fslog.c in the NTFS journal

CVE-2022-1973 7.1 - High - August 05, 2022

A use-after-free flaw was found in the Linux kernel in log_replay in fs/ntfs3/fslog.c in the NTFS journal. This flaw allows a local attacker to crash the system and leads to a kernel information leak problem.

Dangling pointer

A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size

CVE-2022-1012 8.2 - High - August 05, 2022

A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem.

Memory Leak

The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss)

CVE-2022-36123 7.8 - High - July 29, 2022

The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss). This allows Xen PV guest OS users to cause a denial of service or gain privileges.

nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14

CVE-2022-36946 7.5 - High - July 27, 2022

nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len.

An issue was discovered in the Linux kernel through 5.18.14

CVE-2022-36879 5.5 - Medium - July 27, 2022

An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice.

A memory leak flaw was found in the Linux kernel in acrn_dev_ioctl in the drivers/virt/acrn/hsm.c function in how the ACRN Device Model emulates virtual NICs in VM

CVE-2022-1651 7.1 - High - July 26, 2022

A memory leak flaw was found in the Linux kernel in acrn_dev_ioctl in the drivers/virt/acrn/hsm.c function in how the ACRN Device Model emulates virtual NICs in VM. This flaw allows a local privileged attacker to leak unauthorized kernel information, causing a denial of service.

Memory Leak

A NULL pointer dereference flaw was found in rxrpc_preparse_s in net/rxrpc/server_key.c in the Linux kernel

CVE-2022-1671 7.1 - High - July 26, 2022

A NULL pointer dereference flaw was found in rxrpc_preparse_s in net/rxrpc/server_key.c in the Linux kernel. This flaw allows a local attacker to crash the system or leak internal kernel information.

NULL Pointer Dereference

io_uring use work_flags to determine which identity need to grab

CVE-2022-2327 7.8 - High - July 22, 2022

io_uring use work_flags to determine which identity need to grab from the calling process to make sure it is consistent with the calling process when executing IORING_OP. Some operations are missing some types, which can lead to incorrect reference counts which can then lead to a double free. We recommend upgrading the kernel past commit df3f3bb5059d20ef094d6b2f0256c4bf4127a859

Double-free

A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault.

CVE-2020-36558 5.1 - Medium - July 21, 2022

A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault.

Race Condition

A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of ttys could lead to a use-after-free.

CVE-2020-36557 5.1 - Medium - July 21, 2022

A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of ttys could lead to a use-after-free.

Race Condition

When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO

CVE-2021-33655 6.7 - Medium - July 18, 2022

When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds.

Memory Corruption

When setting font with malicous data by ioctl cmd PIO_FONT

CVE-2021-33656 6.8 - Medium - July 18, 2022

When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.

Memory Corruption

A memory leak vulnerability was found in the Linux kernel's eBPF for the Simulated networking device driver in the way user uses BPF for the device such

CVE-2021-4135 5.5 - Medium - July 14, 2022

A memory leak vulnerability was found in the Linux kernel's eBPF for the Simulated networking device driver in the way user uses BPF for the device such that function nsim_map_alloc_elem being called. A local user could use this flaw to get unauthorized access to some data.

Memory Leak

The Linux kernel was found vulnerable out of bounds memory access in the drivers/video/fbdev/sm712fb.c:smtcfb_read() function

CVE-2022-2380 5.5 - Medium - July 13, 2022

The Linux kernel was found vulnerable out of bounds memory access in the drivers/video/fbdev/sm712fb.c:smtcfb_read() function. The vulnerability could result in local attackers being able to crash the kernel.

Memory Corruption

Linux kernel through 3.1

CVE-2011-4916 5.5 - Medium - July 12, 2022

Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /dev/pts/ and /dev/tty*.

Information Disclosure

There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux

CVE-2022-2318 5.5 - Medium - July 06, 2022

There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges.

Dangling pointer

Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains

CVE-2022-33742 7.1 - High - July 05, 2022

Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).

Information Disclosure

network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way

CVE-2022-33743 7.8 - High - July 05, 2022

network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further processing to nevertheless be freed.

Arm guests can cause Dom0 DoS

CVE-2022-33744 4.7 - Medium - July 05, 2022

Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS) of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory pages.

Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains

CVE-2022-33741 7.1 - High - July 05, 2022

Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).

Information Disclosure

Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains

CVE-2022-33740 7.1 - High - July 05, 2022

Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).

Information Disclosure

Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains

CVE-2022-26365 7.1 - High - July 05, 2022

Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).

Information Disclosure

An issue was discovered in the Linux kernel through 5.18.9

CVE-2022-34918 7.8 - High - July 04, 2022

An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c.

Object Type Confusion

A NULL pointer dereference flaw was found in the Linux kernels KVM module

CVE-2022-1852 5.5 - Medium - June 30, 2022

A NULL pointer dereference flaw was found in the Linux kernels KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU.

NULL Pointer Dereference

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Canonical Ubuntu Linux or by Linux? Click the Watch button to subscribe.

Linux
Vendor

Linux Kernel
Product

subscribe