Lucene search
K
LinuxLinux Kernel5.5.0

68 matches found

CVE
CVE
added 2023/01/17 12:0 a.m.305 views

CVE-2022-41858

The CVE-2022-41858 entry concerns a NULL pointer dereference in the Linux kernel slip driver path, specifically detaching in sl_tx_timeout (drivers/net/slip/slip.c). The connected Astra Linux bulletin reiterates the same description for the Linux kernel 5.x variant, confirming the vulnerability i...

7.1CVSS6.6AI score0.00275EPSS
CVE
CVE
added 2024/02/22 4:13 p.m.304 views

CVE-2023-52443

CVE-2023-52443 affects the Linux kernel AppArmor parser. A packed profile containing a name like ":samba-dcerpcd" can be treated as only a namespace, causing tmpname to be NULL while tmpns remains non-NULL, which leads to a NULL dereference in aa_alloc_profile during unpack_profile/a a_unpack pat...

5.5CVSS6.3AI score0.0024EPSS
CVE
CVE
added 2021/03/22 4:53 p.m.303 views

CVE-2021-28972

CVE-2021-28972 affects the Linux kernel RPA PCI Hotplug driver (drivers/pci/hotplug/rpadlpar_sysfs.c) up to version 5.11.8. It is a user‑tolerable buffer overflow caused by improper handling of drc_name termination in add_slot_store/remove_slot_store, allowing userspace to write into the kernel s...

7.2CVSS7.3AI score0.00858EPSS
CVE
CVE
added 2024/05/01 5:17 a.m.297 views

CVE-2024-26934

CVE-2024-26934: Linux kernel USB core deadlock in usb_deauthorize_interface() when sysfs attribute callbacks hold a parent device lock. Affected: drivers/usb/core/sysfs.c (interface_authorized_store) acquiring parent device lock; fix uses sysfs_break_active_protection() to avoid waiting for the c...

7.8CVSS6.4AI score0.0019EPSS
CVE
CVE
added 2023/03/27 12:0 a.m.290 views

CVE-2023-0179

CVE-2023-0179 is a Linux kernel Netfilter vulnerability involving a buffer overflow in the NFT payload path that could leak stack/heap addresses and enable local privilege escalation via arbitrary code execution. Connected advisories confirm a fix in the Linux kernel: Astra Linux describes correc...

7.8CVSS8.1AI score0.01944EPSS
CVE
CVE
added 2022/08/29 2:3 p.m.283 views

CVE-2022-0850

CVE-2022-0850 affects the Linux kernel’s ext4 filesystem by an information leak via the ext4_extent_header to userspace. The connected sources corroborate a kernel information leak (information disclosure) in ext4_extent_header and note fixes in various distributions:CloudLinux/CSLAs reference “e...

7.1CVSS6.8AI score0.00408EPSS
CVE
CVE
added 2019/12/08 1:1 a.m.273 views

CVE-2019-19448

CVE-2019-19448 is a use-after-free in Linux kernel’s Btrfs code (try_merge_free_space in fs/btrfs/free-space-cache.c). It can be triggered by mounting a crafted Btrfs image and performing operations followed by a syncfs, due to a pointer alias between left and right data structures. Affected: Lin...

7.8CVSS7AI score0.02143EPSS
CVE
CVE
added 2023/04/25 10:44 p.m.267 views

CVE-2023-0045

The CVE-2023-0045 entry concerns the Linux kernel Spectre v2 mitigation for prctl-based task toggling. The underlying issue is that IBPB is not issued immediately during the prctl syscall; ib_prctl_set updates TIFs and SPEC_CTRL MSR, but IBPB is only emitted on the next schedule after TIF checks....

7.5CVSS6.4AI score0.02399EPSS
CVE
CVE
added 2024/02/20 6:34 p.m.255 views

CVE-2023-52438

CVE-2023-52438 concerns a Linux kernel use-after-free in the binder shrinker path. The issue arises because the mmap read lock is held during the shrinker’s callback, making alloc->vma unsafe to access when munmap races with shrink. The fix downgrades or avoids the unsafe path by isolating the...

7.8CVSS7.4AI score0.00295EPSS
CVE
CVE
added 2024/02/22 4:21 p.m.252 views

CVE-2023-52444

CVE-2023-52444 : In Linux kernel f2fs, a dirent corruption risk during cross-directory rename (dir/.. links) was fixed. The issue arose in f2fs_rename() when the sourceDir and targetDir differ and a whiteout is not present; a missing f2fs_set_link() could fail to update the ".." inumber, causing ...

7.8CVSS7.6AI score0.00245EPSS
CVE
CVE
added 2020/04/02 6:0 p.m.248 views

CVE-2020-8835

CVE-2020-8835 affects Linux kernel 5.5.0 and newer, with backports to 5.4.x. The issue is in the BPF verifier (kernel/bpf/verifier.c): it truncates 64-bit values to 32-bit for 32-bit operations, causing the verifier’s checked bounds to diverge from actual execution. This can lead to out-of-bounds...

7.8CVSS7.2AI score0.0606EPSS
CVE
CVE
added 2022/03/25 6:2 p.m.232 views

CVE-2021-4202

CVE-2021-4202 is a use-after-free in the NFC Controller Interface (NCI) path of the Linux kernel (nci_request in net/nfc/nci/core.c). A local attacker with user privileges could trigger a data race while the device is being removed, leading to privilege escalation. Connected advisories confirm th...

7CVSS7.1AI score0.00357EPSS
CVE
CVE
added 2019/11/29 3:55 p.m.208 views

CVE-2019-19377

CVE-2019-19377 concerns Linux kernel 5.0.21 where mounting a crafted btrfs image, performing actions, and unmounting can trigger a use-after-free in btrfs_queue_work (fs/btrfs/async-thread.c). Connected Nessus advisories for Unity Linux (UTSA-2026-004393) reiterate this, tying the issue to kernel...

7.8CVSS7.1AI score0.034EPSS
CVE
CVE
added 2021/06/29 11:30 a.m.175 views

CVE-2021-28691

Summary (CVE-2021-28691) In the Linux kernel Xen hypervisor integration, xen-netback may suffer a use-after-free when tearing down the backend. The root cause is that the RX task thread can be freed if the frontend triggers a thread stop during backend teardown, leading to a stale pointer being u...

7.8CVSS7.3AI score0.00361EPSS
CVE
CVE
added 2023/02/26 12:0 a.m.172 views

CVE-2023-26607

CVE-2023-26607 affects the Linux kernel, with an out-of-bounds read in ntfs_attr_find (fs/ntfs/attrib.c) reported for kernel 6.0.8. The connected documents confirm the issue and align on the impacted component and root cause, but do not provide a vendor/product patch version or explicit remediati...

7.1CVSS6.4AI score0.00608EPSS
CVE
CVE
added 2022/09/14 12:0 a.m.152 views

CVE-2022-3202

CVE-2022-3202 involves a NULL pointer dereference in diFree() within fs/jfs/inode.c of the Linux kernel’s Journaled File System (JFS). The underlying cause is a NULL pointer dereference, which could allow a local attacker to crash the system or leak kernel internal information. The CVE is associa...

7.1CVSS6.5AI score0.00244EPSS
CVE
CVE
added 2024/04/10 6:56 p.m.104 views

CVE-2021-47194

CVE-2021-47194 : Linux kernel vulnerability in cfg80211 where switching from P2P_GO to ADHOC via NL80211_CMD_SET_INTERFACE failed to call cfg80211_stop_ap, allowing in-use data to be re-initialized (e.g., sdata->assigned_chanctx_list) while still in assigned_vifs, corrupting the linked list. D...

7.8CVSS6.4AI score0.00249EPSS
CVE
CVE
added 2024/04/28 1:0 p.m.91 views

CVE-2022-48654

The CVE-2022-48654 entry concerns a Linux kernel netfilter issue: nfnetlink_osf (nf_osf_find) could incorrectly return true on a mismatch, causing copying of uninitialized memory in nft_osf and leaking stale kernel stack data to userspace. Connected Astra Linux advisory mirrors this vulnerability...

5.5CVSS6.2AI score0.00238EPSS
Total number of security vulnerabilities68