CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Linux : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2022-41222 416 2022-09-21 2022-09-28
0.0
None ??? ??? ??? ??? ??? ???
mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is not held during a PUD move.
2 CVE-2022-41218 416 2022-09-21 2022-09-30
0.0
None ??? ??? ??? ??? ??? ???
In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release.
3 CVE-2022-40768 668 +Info 2022-09-18 2022-09-21
0.0
None ??? ??? ??? ??? ??? ???
drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.
4 CVE-2022-40476 476 DoS 2022-09-14 2022-09-17
0.0
None ??? ??? ??? ??? ??? ???
A null pointer dereference issue was discovered in fs/io_uring.c in the Linux kernel before 5.15.62. A local user could use this flaw to crash the system or potentially cause a denial of service.
5 CVE-2022-40307 416 2022-09-09 2022-10-02
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free.
6 CVE-2022-40133 416 DoS +Priv 2022-09-09 2022-09-14
0.0
None ??? ??? ??? ??? ??? ???
A use-after-free(UAF) vulnerability was found in function 'vmw_execbuf_tie_context' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).
7 CVE-2022-39842 190 Overflow Bypass 2022-09-05 2022-10-02
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu_write in drivers/video/fbdev/pxa3xx-gcu.c, the count parameter has a type conflict of size_t versus int, causing an integer overflow and bypassing the size check. After that, because it is used as the third argument to copy_from_user(), a heap overflow may occur.
8 CVE-2022-39190 400 DoS 2022-09-02 2022-09-08
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain.
9 CVE-2022-39189 2022-09-02 2022-09-08
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations.
10 CVE-2022-39188 362 2022-09-02 2022-10-02
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs.
11 CVE-2022-38457 416 DoS +Priv 2022-09-09 2022-09-14
0.0
None ??? ??? ??? ??? ??? ???
A use-after-free(UAF) vulnerability was found in function 'vmw_cmd_res_check' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).
12 CVE-2022-38096 476 DoS +Priv 2022-09-09 2022-09-14
0.0
None ??? ??? ??? ??? ??? ???
A NULL pointer dereference vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).
13 CVE-2022-36946 DoS 2022-07-27 2022-10-02
0.0
None ??? ??? ??? ??? ??? ???
nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len.
14 CVE-2022-36879 2022-07-27 2022-10-02
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice.
15 CVE-2022-36402 190 DoS Overflow +Priv 2022-09-16 2022-09-20
0.0
None ??? ??? ??? ??? ??? ???
An integer overflow vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).
16 CVE-2022-36280 787 DoS +Priv 2022-09-09 2022-09-15
0.0
None ??? ??? ??? ??? ??? ???
An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).
17 CVE-2022-36123 DoS +Priv 2022-07-29 2022-09-04
0.0
None ??? ??? ??? ??? ??? ???
The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss). This allows Xen PV guest OS users to cause a denial of service or gain privileges.
18 CVE-2022-33744 DoS 2022-07-05 2022-10-02
1.9
None Local Medium Not required None None Partial
Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS) of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory pages.
19 CVE-2022-24448 909 2022-02-04 2022-05-12
1.9
None Local Medium Not required Partial None None
An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor.
20 CVE-2022-3303 362 DoS 2022-09-27 2022-09-29
0.0
None ??? ??? ??? ??? ??? ???
A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition
21 CVE-2022-3239 416 2022-09-19 2022-09-21
0.0
None ??? ??? ??? ??? ??? ???
A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.
22 CVE-2022-3202 476 +Info 2022-09-14 2022-09-16
0.0
None ??? ??? ??? ??? ??? ???
A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in Journaled File System (JFS)in the Linux kernel. This could allow a local attacker to crash the system or leak kernel internal information.
23 CVE-2022-3176 416 2022-09-16 2022-09-17
0.0
None ??? ??? ??? ??? ??? ???
There exists a use-after-free in io_uring in the Linux kernel. Signalfd_poll() and binder_poll() use a waitqueue whose lifetime is the current task. It will send a POLLFREE notification to all waiters before the queue is freed. Unfortunately, the io_uring poll doesn't handle POLLFREE. This allows a use-after-free to occur if a signalfd or binder fd is polled with io_uring poll, and the waitqueue gets freed. We recommend upgrading past commit fc78b2fc21f10c4c9c4d5d659a685710ffa63659
24 CVE-2022-3170 125 2022-09-13 2022-09-16
0.0
None ??? ??? ??? ??? ??? ???
An out-of-bounds access issue was found in the Linux kernel sound subsystem. It could occur when the 'id->name' provided by the user did not end with '\0'. A privileged local user could pass a specially crafted name through ioctl() interface and crash the system or potentially escalate their privileges on the system.
25 CVE-2022-3169 20 DoS 2022-09-09 2022-09-14
0.0
None ??? ??? ??? ??? ??? ???
A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request of the NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET through the device file of the driver, resulting in a PCIe link disconnect.
26 CVE-2022-3103 193 2022-09-26 2022-09-28
0.0
None ??? ??? ??? ??? ??? ???
off-by-one in io_uring module.
27 CVE-2022-3078 476 2022-09-01 2022-09-07
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in the Linux kernel through 5.16-rc6. There is a lack of check after calling vzalloc() and lack of free after allocation in drivers/media/test-drivers/vidtv/vidtv_s302m.c.
28 CVE-2022-3077 120 Overflow 2022-09-09 2022-09-15
0.0
None ??? ??? ??? ??? ??? ???
A buffer overflow vulnerability was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way it handled the I2C_SMBUS_BLOCK_PROC_CALL case (via the ioctl I2C_SMBUS) with malicious input data. This flaw could allow a local user to crash the system.
29 CVE-2022-3061 369 2022-09-01 2022-09-07
0.0
None ??? ??? ??? ??? ??? ???
Found Linux Kernel flaw in the i740 driver. The Userspace program could pass any values to the driver through ioctl() interface. The driver doesn't check the value of 'pixclock', so it may cause a divide by zero error.
30 CVE-2022-3028 362 2022-08-31 2022-10-02
0.0
None ??? ??? ??? ??? ??? ???
A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket.
31 CVE-2022-2991 787 Exec Code Overflow 2022-08-25 2022-08-30
0.0
None ??? ??? ??? ??? ??? ???
A heap-based buffer overflow was found in the Linux kernel's LightNVM subsystem. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. This vulnerability allows a local attacker to escalate privileges and execute arbitrary code in the context of the kernel. The attacker must first obtain the ability to execute high-privileged code on the target system to exploit this vulnerability.
32 CVE-2022-2978 416 2022-08-24 2022-08-30
0.0
None ??? ??? ??? ??? ??? ???
A flaw use after free in the Linux kernel NILFS file system was found in the way user triggers function security_inode_alloc to fail with following call to function nilfs_mdt_destroy. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.
33 CVE-2022-2977 416 2022-09-14 2022-09-17
0.0
None ??? ??? ??? ??? ??? ???
A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after-free and create a situation where it may be possible to escalate privileges on the system.
34 CVE-2022-2964 787 2022-09-09 2022-09-15
0.0
None ??? ??? ??? ??? ??? ???
A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes.
35 CVE-2022-2961 416 2022-08-29 2022-09-02
0.0
None ??? ??? ??? ??? ??? ???
A use-after-free flaw was found in the Linux kernel’s PLP Rose functionality in the way a user triggers a race condition by calling bind while simultaneously triggering the rose_bind() function. This flaw allows a local user to crash or potentially escalate their privileges on the system.
36 CVE-2022-2959 362 2022-08-25 2022-08-30
0.0
None ??? ??? ??? ??? ??? ???
A race condition was found in the Linux kernel's watch queue due to a missing lock in pipe_resize_ring(). The specific flaw exists within the handling of pipe buffers. The issue results from the lack of proper locking when performing operations on an object. This flaw allows a local user to crash the system or escalate their privileges on the system.
37 CVE-2022-2938 416 Mem. Corr. 2022-08-23 2022-08-29
0.0
None ??? ??? ??? ??? ??? ???
A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is disabled by default, it could allow an attacker to crash the system or have other memory-corruption side effects.
38 CVE-2022-2905 125 2022-09-09 2022-09-15
0.0
None ??? ??? ??? ??? ??? ???
An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map. This flaw allows a local user to gain unauthorized access to data.
39 CVE-2022-2873 131 2022-08-22 2022-08-25
0.0
None ??? ??? ??? ??? ??? ???
An out-of-bounds memory access flaw was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input data. This flaw allows a local user to crash the system.
40 CVE-2022-2785 125 2022-09-23 2022-09-26
0.0
None ??? ??? ??? ??? ??? ???
There exists an arbitrary memory read within the Linux Kernel BPF - Constants provided to fill pointers in structs passed in to bpf_sys_bpf are not verified and can point anywhere, including memory not owned by BPF. An attacker with CAP_BPF can arbitrarily read memory from anywhere on the system. We recommend upgrading past commit 86f44fcec22c
41 CVE-2022-2663 Bypass 2022-09-01 2022-10-02
0.0
None ??? ??? ??? ??? ??? ???
An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured.
42 CVE-2022-2639 787 2022-09-01 2022-09-07
0.0
None ??? ??? ??? ??? ??? ???
An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system.
43 CVE-2022-2590 362 +Priv 2022-08-31 2022-09-08
0.0
None ??? ??? ??? ??? ??? ???
A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only shared memory mappings. This flaw allows an unprivileged, local user to gain write access to read-only memory mappings, increasing their privileges on the system.
44 CVE-2022-2503 287 Bypass 2022-08-12 2022-08-17
0.0
None ??? ??? ??? ??? ??? ???
Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates. We recommend upgrading past commit 4caae58406f8ceb741603eee460d79bacca9b1b5
45 CVE-2022-2380 787 2022-07-13 2022-07-20
0.0
None ??? ??? ??? ??? ??? ???
The Linux kernel was found vulnerable out of bounds memory access in the drivers/video/fbdev/sm712fb.c:smtcfb_read() function. The vulnerability could result in local attackers being able to crash the kernel.
46 CVE-2022-2327 415 2022-07-22 2022-07-29
0.0
None ??? ??? ??? ??? ??? ???
io_uring use work_flags to determine which identity need to grab from the calling process to make sure it is consistent with the calling process when executing IORING_OP. Some operations are missing some types, which can lead to incorrect reference counts which can then lead to a double free. We recommend upgrading the kernel past commit df3f3bb5059d20ef094d6b2f0256c4bf4127a859
47 CVE-2022-2308 908 2022-09-01 2022-09-13
0.0
None ??? ??? ??? ??? ??? ???
A flaw was found in vDPA with VDUSE backend. There are currently no checks in VDUSE kernel driver to ensure the size of the device config space is in line with the features advertised by the VDUSE userspace application. In case of a mismatch, Virtio drivers config read helpers do not initialize the memory indirectly passed to vduse_vdpa_get_config() returning uninitialized memory from the stack. This could cause undefined behavior or data leaks in Virtio drivers.
48 CVE-2022-2153 476 DoS 2022-08-31 2022-10-02
0.0
None ??? ??? ??? ??? ??? ???
A flaw was found in the Linux kernel’s KVM when attempting to set a SynIC IRQ. This issue makes it possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service.
49 CVE-2022-1976 416 Mem. Corr. 2022-08-31 2022-10-01
0.0
None ??? ??? ??? ??? ??? ???
A flaw was found in the Linux kernel’s implementation of IO-URING. This flaw allows an attacker with local executable permission to create a string of requests that can cause a use-after-free flaw within the kernel. This issue leads to memory corruption and possible privilege escalation.
50 CVE-2022-1975 2022-08-31 2022-09-07
0.0
None ??? ??? ??? ??? ??? ???
There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by simulating a nfc device from user-space.
Total number of vulnerabilities : 197   Page : 1 (This Page)2 3 4
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.