CVE-2024-6387

A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.

CVE-2022-2602

io_uring UAF, Unix SCM garbage collection

CVE-2022-3328

Race condition in snap-confine's must_mkdir_and_open_with_perms()

CVE-2022-2586

It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted.

CVE-2022-2588

It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0.

CVE-2022-28652

~/.config/apport/settings parsing is vulnerable to "billion laughs" attack

CVE-2022-2585

It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free.

CVE-2021-3600

It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use this to possibly execute arbitrary code.

CVE-2023-1032

The Linux kernel io_uring IORING_OP_SOCKET operation contained a double free in function __sys_socket_file() in file net/socket.c. This issue was introduced in da214a475f8bd1d3e9e7a19ddfeb4d1617551bab and fixed in 649c15c7691e9b13cbe9bf6c65c365350e056067.

CVE-2022-28658

Apport argument parsing mishandles filename splitting on older kernels resulting in argument spoofing

CVE-2022-28655

is_closing_session() allows users to create arbitrary tcp dbus connections

CVE-2022-28656

is_closing_session() allows users to consume RAM in the Apport process

CVE-2022-28657

Apport does not disable python crash handler before entering chroot

CVE-2022-28654

is_closing_session() allows users to fill up apport.log