Lucene search
+L

163 matches found

cve
cve
added 2021/12/15 6:5 p.m.1468 views

CVE-2021-0920

CVE-2021-0920 is confirmed with concrete details in the connected sources: a race condition in unix_scm_to_skb within af_unix.c can trigger a use-after-free, potentially enabling local privilege escalation on the Android kernel. The vulnerability affects the Linux kernel used in Android (via the ...

6.9CVSS7.1AI score0.00811EPSS
In wild
cve
cve
added 2021/07/07 11:20 a.m.865 views

CVE-2021-22555

CVE-2021-22555 is a Linux kernel heap out-of-bounds write vulnerability in net/netfilter/x_tables.c, dating to 2.6.19-rc1. The issue allows a local attacker to gain privileges or cause a DoS via heap memory corruption in the username space. Public sources in the connected docs confirm the vulnera...

8.3CVSS8.3AI score0.78684EPSS
In wild
cve
cve
added 2021/07/20 6:1 p.m.806 views

CVE-2021-33909

CVE-2021-33909 affects the Linux kernel’s filesystem layer (fs/seq_file.c) across 3.16–5.13.x, with fixed releases in 5.13.4 and via patches noted in downstream advisories. The root cause is a size_t-to-int conversion that permits an integer overflow during seq buffer allocations, enabling an Out...

7.8CVSS7.9AI score0.09729EPSS
cve
cve
added 2021/05/14 10:57 p.m.694 views

CVE-2021-33033

The connected sources confirm CVE-2021-33033 affects the Linux kernel up to 5.11.14, with a use-after-free in cipso_v4_genopt (net/ipv4/cipso_ipv4.c) due to mishandled CIPSO/CALIPSO DOI refcounting, enabling writing an arbitrary value. Exploitation would be local. Remediation is to upgrade to a f...

7.8CVSS7.5AI score0.00566EPSS
cve
cve
added 2021/05/11 12:0 a.m.665 views

CVE-2020-24587

CVE-2020-24587 is referenced in the Amazon Linux 2 kernel advisory for Kernel-5.10-2022-002. The connected document confirms a flaw in the Linux kernel 802.11 wifi fragmentation handling where fragments encrypted under different keys can be reassembled and decrypted, enabling an attacker within w...

2.6CVSS6.2AI score0.02592EPSS
In wild
cve
cve
added 2021/03/30 8:35 p.m.628 views

CVE-2021-29650

CVE-2021-29650 affects the Linux kernel prior to 5.11.11. The netfilter subsystem (net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h) may omit a full memory barrier when a new table value is assigned, enabling a local attacker to trigger a DoS/panic in netfilter. The issue is docume...

5.5CVSS6.1AI score0.00413EPSS
cve
cve
added 2021/05/11 12:0 a.m.621 views

CVE-2020-24588

The CVE-2020-24588 entry relates to the 802.11 Wi‑Fi fragmentation/ A‑MSDU handling issue where the plaintext QoS header flag isn’t authenticated, enabling an attacker to inject packets by sending non‑SSP A‑MSDU frames (FragAttacks). Connected Astra Linux advisories describe this as a variant of ...

3.5CVSS6.4AI score0.03537EPSS
cve
cve
added 2021/04/08 12:0 a.m.618 views

CVE-2021-29154

CVE-2021-29154 affects the Linux kernel BPF JIT implementation (arch/x86 net/bpf_jit_comp.c and bpf_jit_comp32.c). Connected advisories (e.g., ALAS2KERNEL-5.4-2022-003) confirm a local privilege escalation due to incorrect computation of branch displacements in the BPF JIT, enabling arbitrary cod...

7.8CVSS8AI score0.00931EPSS
cve
cve
added 2021/05/14 10:57 p.m.612 views

CVE-2021-33034

CVE-2021-33034 is a use-after-free in Linux kernel before 5.12.4 in net/bluetooth/hci_event.c when destroying an hci_chan, enabling arbitrary writes. Affected: Linux kernel before 5.12.4 (Bluetooth HCI driver). Mitigation: upgrade to 5.12.4 or later (ChangeLog-5.12.4).

7.8CVSS7.5AI score0.00819EPSS
cve
cve
added 2021/10/01 11:46 p.m.600 views

CVE-2021-41864

CVE-2021-41864 affects the Linux kernel (pre-5.14.12) in prealloc_elems_and_freelist() within kernel/bpf/stackmap.c. An unprivileged local user can trigger an eBPF multiplication overflow, causing an out-of-bounds write and potential memory corruption or system crash. The issue is fixed in Linux ...

7.8CVSS7.5AI score0.0038EPSS
cve
cve
added 2021/05/26 10:30 a.m.598 views

CVE-2021-22543

CVE-2021-22543 is described in connected advisories as a local privilege-escalation through KVM and improper handling of VM_IO|VM_PFNMAP VMAs, which can bypass RO checks and allow reading/writing guest memory by a privileged VM operator. Technical details across sources indicate the vulnerability...

8.7CVSS7.6AI score0.0066EPSS
cve
cve
added 2021/01/29 4:56 p.m.583 views

CVE-2021-3347

CVE-2021-3347 is a Linux kernel use-after-free in PI futex fault handling that could allow a local user to crash the kernel or escalate privileges. Multiple connected advisories confirm the issue and indicate fixes have been released across distributions (e.g., generic kernel updates and kernel l...

7.8CVSS7.5AI score0.01377EPSS
cve
cve
added 2021/01/13 3:7 a.m.574 views

CVE-2020-28374

CVE-2020-28374 affects the Linux kernel’s SCSI target (LIO) code, specifically drivers/target/target_core_xcopy.c, where insufficient identifier checking could let a remote attacker read or write files via directory traversal in an XCOPY request. Affected component is the Linux kernel prior to 5....

8.1CVSS7.8AI score0.06563EPSS
cve
cve
added 2021/05/10 9:19 p.m.546 views

CVE-2021-32399

CVE-2021-32399 affects the Linux kernel’s Bluetooth HCI handling, specifically a race condition in removal of the HCI controller implemented in net/bluetooth/hci_request.c up to version 5.12.2. The connected Astra Linux entry references the same race condition in the Linux kernel, and a dated Lin...

7CVSS7AI score0.00691EPSS
cve
cve
added 2021/03/07 4:22 a.m.536 views

CVE-2021-27365

CVE-2021-27365 affects the Linux kernel iSCSI subsystem. The issue is a heap overflow in iSCSI data handling where certain iSCSI data structures lack proper length checks and can exceed PAGE_SIZE; an unprivileged, local user can send a Netlink message (up to the maximum Netlink message length) an...

7.8CVSS7.5AI score0.02079EPSS
cve
cve
added 2021/06/23 3:37 p.m.533 views

CVE-2021-33624

CVE-2021-33624 affects the Linux kernel prior to 5.12.13, where the eBPF verifier in kernel/bpf/verifier.c could mispredict branches (e.g., due to type confusion), allowing an unprivileged BPF program to read arbitrary kernel memory locations via a side-channel attack. Several connected advisorie...

4.7CVSS5.6AI score0.00922EPSS
cve
cve
added 2021/03/07 4:3 a.m.524 views

CVE-2021-27364

CVE-2021-27364 is a Linux kernel issue affecting the iSCSI libiscsi/iscsi subsystem (out-of-bounds read in the libiscsi module leading to possible kernel memory disclosure or crash). Connected advisories confirm related CVEs (27363, 27365) in the same area affecting sessions/handles and heap over...

7.1CVSS7AI score0.00957EPSS
cve
cve
added 2021/07/26 9:35 p.m.520 views

CVE-2021-37576

CVE-2021-37576: Linux kernel on the PowerPC/KVM path (arch/powerpc/kvm/book3s_rtas.c) allows KVM guest OS users to cause host memory corruption via rtas_args.nargs. Affected: Linux kernel up to 5.13.5 for PowerPC; CVE-ID appears in multiple advisories (e.g., Astra Linux, Cloud Foundry mentions). ...

7.8CVSS7.5AI score0.00575EPSS
cve
cve
added 2021/03/20 7:55 p.m.507 views

CVE-2021-28950

CVE-2021-28950 affects the Linux kernel FUSE path: the issue is in fs/fuse/fuse_i.h and causes a stall on the CPU when a retry loop keeps selecting the same bad inode. A patch-level fix exists in kernel releases up to 5.11.8 and later (addresses the underlying bad-inode handling in FUSE); some so...

5.5CVSS6.2AI score0.0036EPSS
cve
cve
added 2021/05/24 5:22 p.m.500 views

CVE-2020-26558

CVE-2020-26558: Bluetooth Core 2.1–5.2 Passkey entry/mitm reflection vulnerability. Nearby attacker could identify the Passkey during pairing by reflecting public key and authentication evidence, enabling completion of authenticated pairing with the correct Passkey. Astra Linux bulletin repeats t...

4.3CVSS6.1AI score0.00872EPSS
cve
cve
added 2021/03/07 3:55 a.m.495 views

CVE-2021-27363

CVE-2021-27363 affects the Linux kernel iSCSI subsystem. A flaw leaks the iSCSI transport’s kernel address via the sysfs handle (/sys/class/iscsi_transport/$TRANSPORT_NAME/handle), enabling a local attacker to leak the iscsi_transport pointer and potentially end arbitrary iSCSI connections. Conne...

4.4CVSS5.8AI score0.00711EPSS
Web
cve
cve
added 2021/06/07 12:0 a.m.494 views

CVE-2020-36385

CVE-2020-36385 is a use-after-free in the Linux kernel prior to 5.10, specifically in drivers/infiniband/core/ucma.c where the ctx is reachable via the ctx_list in certain ucma_migrate_id paths when ucma_close is called. This vulnerability affects the Linux kernel before 5.10; a fix is referenced...

7.8CVSS7.5AI score0.01476EPSS
cve
cve
added 2021/03/20 9:41 p.m.471 views

CVE-2020-27171

The vulnerability CVE-2020-27171 affects Linux kernels before 5.11.8. The issue is in kernel/bpf/verifier.c, where an off-by-one error enables integer underflow that can trigger out-of-bounds speculation in pointer arithmetic, allowing side-channel leakage of kernel memory and defeating Spectre m...

6CVSS6.6AI score0.00577EPSS
cve
cve
added 2021/07/21 12:0 a.m.467 views

CVE-2021-37159

CVE-2021-37159 affects the Linux kernel driver hso_free_net_device() in drivers/net/usb/hso.c. The code calls unregister_netdev without verifying NETREG_REGISTERED, causing use-after-free and double-free scenarios. Affected kernel versions include up to 5.13.4; the issue is mitigated by upgrading...

6.4CVSS6.7AI score0.00391EPSS
cve
cve
added 2021/04/20 12:0 a.m.466 views

CVE-2021-29155

CVE-2021-29155 is a Linux kernel issue affecting the eBPF verifier path (kernel/bpf/verifier.c) that allows speculative-out-of-bounds memory accesses to leak kernel memory via side-channels. The description from connected documents ties the vulnerability to Spectre mitigations and notes that a lo...

5.5CVSS6.1AI score0.01071EPSS
cve
cve
added 2021/11/02 10:13 p.m.466 views

CVE-2021-43267

The CVE-2021-43267 issue affects the Linux kernel up to version 5.14.16 in the TIPC crypto path (net/tipc/crypto.c). The vulnerability arises from insufficient validation of user-supplied sizes for the MSG_CRYPTO message type, enabling remote attackers to potentially corrupt memory or escalate pr...

9.8CVSS6.8AI score0.5758EPSS
cve
cve
added 2021/06/04 1:40 a.m.458 views

CVE-2021-3490

Technical details about CVE-2021-3490 are not publicly provided in the supplied documents. Monitor for updates.

7.8CVSS8.1AI score0.27477EPSS
cve
cve
added 2021/04/14 12:0 a.m.453 views

CVE-2020-36322

The CVE-2020-36322 issue affects the Linux kernel FUSE filesystem implementation, where fuse_do_getattr() could call make_bad_inode() in inappropriate situations, potentially causing a system crash. The vulnerability is tied to the FUSE path and was partially addressed by a fix, with the incomple...

5.5CVSS6.3AI score0.00378EPSS
cve
cve
added 2021/12/22 12:0 a.m.453 views

CVE-2021-44733

CVE-2021-44733 is a use-after-free in the Linux kernel TEE subsystem (drivers/tee/tee_shm.c) that can occur during freeing of a shared memory object due to a race in tee_shm_get_from_id. Affects Linux kernels up to 5.15.11; exploitation could lead to denial of service and, in some configurations,...

7CVSS7.3AI score0.00694EPSS
cve
cve
added 2021/07/09 10:33 a.m.451 views

CVE-2021-3612

CVE-2021-3612 is an out-of-bounds memory write flaw in the Linux kernel joystick subsystem exploitable by a local user via the JSIOCSBTNMAP ioctl. The advisory notes potential system crash and possible privilege escalation. Affected disclosures reference pre-5.13.2 revisions (e.g., fixes upstream...

7.8CVSS7.8AI score0.00687EPSS
cve
cve
added 2021/10/28 3:13 a.m.441 views

CVE-2021-43056

CVE-2021-43056 affects the Linux kernel for POWERPC (Power8) prior to 5.14.15. The root cause is a bug in arch/powerpc/kvm/book3s_hv_rmhandlers.S handling of SRR1 values, which can allow a malicious KVM guest to crash the host (availability impact). The issue is documented across multiple sources...

5.5CVSS5.8AI score0.00343EPSS
cve
cve
added 2021/05/11 12:0 a.m.436 views

CVE-2020-24586

CVE-2020-24586 describes a fragmentation cache issue in the Linux kernel Wi‑Fi stack: received fragments are not cleared from memory on reconnect, enabling an attacker within Wi‑Fi range to inject arbitrary packets or exfiltrate data when fragments encrypted with WEP/CCMP/GCMP are involved. Conne...

3.5CVSS6.2AI score0.05765EPSS
cve
cve
added 2021/09/29 7:41 p.m.435 views

CVE-2021-3653

The CVE-2021-3653 issue affects the KVM hypervisor AMD code dealing with SVM nested virtualization. The root cause is improper validation of the int_ctl field in the VMCB provided by an L1 guest, which could allow a malicious L1 to enable AVIC for an L2 guest. Consequences stated across connected...

8.8CVSS8.3AI score0.00413EPSS
cve
cve
added 2021/08/05 7:54 p.m.427 views

CVE-2021-3679

CVE-2021-3679 affects the Linux kernel tracing subsystem (trace ring buffer) prior to 5.14-rc3. The flaw arises in how a user uses the trace ring buffer, enabling a privileged local attacker (CAP_SYS_ADMIN) to starve CPU resources and cause denial of service. The connected documents consistently ...

5.5CVSS6.1AI score0.00734EPSS
cve
cve
added 2021/08/05 8:48 p.m.424 views

CVE-2021-3655

CVE-2021-3655 is a Linux kernel SCTP vulnerability (present in kernels prior to affected fixes) where missing size validations on inbound SCTP packets may allow reading uninitialized memory. The initial description and connected advisories confirm the issue exists in the Linux kernel SCTP impleme...

3.3CVSS5.4AI score0.00308EPSS
cve
cve
added 2021/05/12 10:45 p.m.423 views

CVE-2021-23134

CVE-2021-23134 is a Linux kernel NFC LLCP use-after-free in nfc sockets (pre-5.12.4). The issue arises from refcount handling during bind/connect fixes, enabling a local attacker with CAP_NET_RAW to trigger a crash or memory corruption. A related CVE discussion confirms the fix: after nfc_llcp_lo...

7.8CVSS7.5AI score0.00343EPSS
cve
cve
added 2021/08/18 2:37 p.m.422 views

CVE-2021-21781

CVE-2021-21781 is a local-information-disclosure vulnerability in the Linux kernel’s ARM SIGPAGE handling, where SIGPAGE may not be fully initialised and can leak kernel memory contents when read by a userland process. Affected: Linux kernel ARM SIGPAGE implementation (v5.4.66/v5.4.54) with fixes...

4CVSS4.7AI score0.00496EPSS
cve
cve
added 2021/01/05 4:25 a.m.417 views

CVE-2020-36158

CVE-2020-36158 is a Linux kernel vulnerability in the Marvell mwifiex WiFi driver (join.c) that allows a long SSID to trigger a buffer overflow, potentially leading to system crash or arbitrary code execution. Affected trees include kernels up to 5.10.4; upstream patch (commit 5c455c5ab332) adds ...

8.8CVSS7.7AI score0.02209EPSS
cve
cve
added 2021/12/25 1:5 a.m.415 views

CVE-2021-45485

CVE-2021-45485 affects the Linux kernel IPv6 path: net/ipv6/output_core.c exposes an information leak due to how a hash table is used, enabling IPv6 source address-based observation. Impact is partial confidentiality exposure; no integrity/availability impact stated. Affected: Linux kernel prior ...

7.5CVSS7.2AI score0.03585EPSS
cve
cve
added 2021/05/27 12:0 a.m.413 views

CVE-2021-33200

CVE-2021-33200 affects the Linux kernel’s eBPF verifier (kernel/bpf/verifier.c) where incorrect limits for pointer arithmetic operations allow out-of-bounds reads/writes in kernel memory, enabling local privilege escalation to root. The issue exists in kernels up to 5.12.7 (upstream). The root ca...

7.8CVSS7.5AI score0.00377EPSS
cve
cve
added 2021/02/01 3:43 a.m.407 views

CVE-2021-3348

CVE-2021-3348 is a race condition in the Linux kernel’s nbd.c driver (ndb_queue_rq) that can trigger a use-after-free during NBD device setup. The vulnerability is locally exploitable by a user with access to an NBD device, potentially causing a crash or memory corruption and, per Debian’s adviso...

7CVSS6.7AI score0.00251EPSS
cve
cve
added 2021/05/11 7:40 p.m.406 views

CVE-2020-26147

CVE-2020-26147: Linux kernel 5.8.9 vulnerability where fragmented frames reassembly can occur with plaintext fragments under WEP/CCMP/GCMP, allowing packet injection or selective fragment exfiltration. Connected advisories indicate fixes are provided via updated kernels (e.g., ALAS2KERNEL advisor...

5.4CVSS6.3AI score0.07604EPSS
cve
cve
added 2021/08/07 3:31 a.m.405 views

CVE-2021-38160

CVE-2021-38160 affects the Linux kernel “virtio_console” driver. In drivers/char/virtio_console.c, if an untrusted device supplies a buf->len value larger than the destination buffer, data corruption or loss can occur. The issue is fixed in Linux kernel 5.13.4 (ChangeLog-5.13.4). The vendor no...

7.8CVSS7.8AI score0.00395EPSS
cve
cve
added 2021/10/20 12:0 a.m.405 views

CVE-2021-42739

CVE-2021-42739 is a heap/buffer overflow in the Linux kernel’s FireWire FireDTV driver (firedtv-avc.c, firedtv-ci.c) caused by avc_ca_pmt failing to perform proper bounds checking. It affects the kernel’s FireWire path and can lead to memory corruption, crashes, or potentially privilege escalatio...

6.7CVSS7.1AI score0.0044EPSS
cve
cve
added 2021/04/06 11:28 p.m.398 views

CVE-2020-36311

CVE-2020-36311 affects the Linux kernel prior to 5.9. In arch/x86/kvm/svm/sev.c, destroying a large SEV VM (unregistering many encrypted regions) can trigger a denial of service (soft lockup). The connected advisories confirm the issue and point to a fix in kernel 5.9 (and changelog indicating th...

5.5CVSS6AI score0.00335EPSS
cve
cve
added 2021/03/17 12:0 a.m.395 views

CVE-2021-28660

CVE-2021-28660 affects the Realtek RTL8188EU WiFi driver (drivers/staging/rtl8188eu/os_dep/ioctl_linux.c) in the Linux kernel and is caused by writing beyond the end of the ssid[] array in rtw_wx_set_scan. The Connected documents confirm this exact issue across multiple advisories (e.g., Debian L...

8.8CVSS7.6AI score0.01316EPSS
cve
cve
added 2021/06/04 1:40 a.m.394 views

CVE-2021-3489

CVE-2021-3489 concerns the Linux kernel eBPF RINGBUF: the bpf_ringbuf_reserve() function could allocate a size larger than the ringbuf, enabling out-of-bounds writes and potential arbitrary code execution. The issue was fixed by commit 4b81ccebaeee ("bpf, ringbuf: Deny reserve of buffers larger t...

7.8CVSS8.1AI score0.0055EPSS
cve
cve
added 2021/11/17 12:0 a.m.392 views

CVE-2021-43976

CVE-2021-43976 affects the Linux kernel, specifically the Marvell mwifiex_usb_recv() function in drivers/net/wireless/marvell/mwifiex/usb.c. A local attacker with access to a crafted USB device can trigger a denial of service (skb_over_panic). The advisory notes the vulnerability exists in kernel...

4.6CVSS6AI score0.00643EPSS
cve
cve
added 2021/08/13 12:0 a.m.388 views

CVE-2021-3573

CVE-2021-3573 is a local-use-after-free vulnerability in the Linux kernel Bluetooth HCI subsystem (function hci_sock_bound_ioctl) where a race between ioct HCIUNBLOCKADDR and hci_unregister_dev() and calls such as hci_sock_blacklist_add()/del(), hci_get_conn_info(), and hci_get_auth_info() can le...

6.9CVSS6.7AI score0.0037EPSS
cve
cve
added 2021/03/23 5:45 p.m.386 views

CVE-2021-3444

CVE-2021-3444 affects the Linux kernel’s eBPF verifier, where mod32 destination register truncation can be mishandled when the source is known to be zero. This enables a local attacker loading BPF programs to read kernel memory (information disclosure) and potentially perform out-of-bounds writes...

7.8CVSS7.5AI score0.0061EPSS
Total number of security vulnerabilities163