Linux Kernel Security Vulnerabilities and Issues — Linux Kernel CVE List

Lucene search

LinuxLinux Kernel

17 matches found

CVE•added 2021/06/23 4:15 p.m.•464 views

CVE-2021-33624

In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack, aka CID-9183671af6db.

4.7CVSS5.6AI score0.00429EPSS

CVE•added 2021/06/07 12:15 p.m.•429 views

CVE-2020-36385

An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c.

7.8CVSS7.5AI score0.00055EPSS

CVE•added 2021/06/04 2:15 a.m.•388 views

CVE-2021-3490

The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in the Linux kernel did not properly update 32-bit bounds, which could be turned into out of bounds reads and writes in the Linux kernel and therefore, arbitrary code execution. This issue was fixed via commit 049c4e13714e ("bpf: Fix ...

7.8CVSS8.1AI score0.03994EPSS

CVE•added 2021/06/14 10:15 p.m.•311 views

CVE-2021-34693

net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized.

5.5CVSS5.8AI score0.00048EPSS

CVE•added 2021/06/04 2:15 a.m.•307 views

CVE-2021-3489

The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux kernel did not check that the allocated size was smaller than the ringbuf size, allowing an attacker to perform out-of-bounds writes within the kernel and therefore, arbitrary code execution. This issue was fixed via commit 4b81ccebaeee (...

7.8CVSS8.1AI score0.00089EPSS

CVE•added 2021/06/08 12:15 p.m.•300 views

CVE-2021-3564

A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kernel versions starting from 3.13.

5.5CVSS6.2AI score0.00021EPSS

CVE•added 2021/06/04 2:15 a.m.•293 views

CVE-2021-3491

The io_uring subsystem in the Linux kernel allowed the MAX_RW_COUNT limit to be bypassed in the PROVIDE_BUFFERS operation, which led to negative values being usedin mem_rw when reading /proc//mem. This could be used to create a heap overflow leading to arbitrary code execution in the kernel. It was...

8.8CVSS8.2AI score0.00008EPSS

CVE•added 2021/06/07 8:15 p.m.•247 views

CVE-2020-36386

An issue was discovered in the Linux kernel before 5.8.1. net/bluetooth/hci_event.c has a slab out-of-bounds read in hci_extended_inquiry_result_evt, aka CID-51c19bf3d5cf.

7.1CVSS6.6AI score0.0005EPSS

CVE•added 2021/06/01 2:15 p.m.•137 views

CVE-2021-3543

A flaw null pointer dereference in the Nitro Enclaves kernel driver was found in the way that Enclaves VMs forces closures on the enclave file descriptor. A local user of a host machine could use this flaw to crash the system or escalate their privileges on the system.

7.2CVSS6.5AI score0.00098EPSS

CVE•added 2021/06/24 12:15 p.m.•132 views

CVE-2020-28097

The vgacon subsystem in the Linux kernel before 5.8.10 mishandles software scrollback. There is a vgacon_scrolldelta out-of-bounds read, aka CID-973c096f6a85.

5.9CVSS6.3AI score0.00147EPSS

CVE•added 2021/06/02 11:15 a.m.•117 views

CVE-2020-10742

A flaw was found in the Linux kernel. An index buffer overflow during Direct IO write leading to the NFS client to crash. In some cases, a reach out of the index after one memory allocation by kmalloc will cause a kernel panic. The highest threat from this vulnerability is to data confidentiality a...

6CVSS6.5AI score0.00051EPSS

CVE•added 2021/06/29 12:15 p.m.•114 views

CVE-2021-28691

Guest triggered use-after-free in Linux xen-netback A malicious or buggy network PV frontend can force Linux netback to disable the interface and terminate the receive kernel thread associated with queue 0 in response to the frontend sending a malformed packet. Such kernel thread termination will l...

7.8CVSS7.3AI score0.00036EPSS

CVE•added 2021/06/07 8:15 p.m.•103 views

CVE-2019-25045

An issue was discovered in the Linux kernel before 5.0.19. The XFRM subsystem has a use-after-free, related to an xfrm_state_fini panic, aka CID-dbb2483b2a46.

7.8CVSS7AI score0.00139EPSS

CVE•added 2021/06/17 3:15 p.m.•97 views

CVE-2021-32078

An Out-of-Bounds Read was discovered in arch/arm/mach-footbridge/personal-pci.c in the Linux kernel through 5.12.11 because of the lack of a check for a value that shouldn't be negative, e.g., access to element -2 of an array, aka CID-298a58e165e4.

7.1CVSS6.7AI score0.00117EPSS

CVE•added 2021/06/07 8:15 p.m.•75 views

CVE-2018-25015

An issue was discovered in the Linux kernel before 4.14.16. There is a use-after-free in net/sctp/socket.c for a held lock after a peel off, aka CID-a0ff660058b8.

7.8CVSS7.4AI score0.00054EPSS

CVE•added 2021/06/07 8:15 p.m.•68 views

CVE-2020-36387

An issue was discovered in the Linux kernel before 5.8.2. fs/io_uring.c has a use-after-free related to io_async_task_func and ctx reference holding, aka CID-6d816e088c35.

7.8CVSS7.3AI score0.00057EPSS

CVE•added 2021/06/22 12:15 p.m.•64 views

CVE-2010-2525

A flaw was discovered in gfs2 file system’s handling of acls (access control lists). An unprivileged local attacker could exploit this flaw to gain access or execute any file stored in the gfs2 file system.

7.8CVSS7.6AI score0.00139EPSS