Total
83 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-4911 | 6 Canonical, Debian, Fedoraproject and 3 more | 38 Ubuntu Linux, Debian Linux, Fedora and 35 more | 2025-04-30 | N/A | 7.8 HIGH |
| A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges. | |||||
| CVE-2021-44142 | 6 Canonical, Debian, Fedoraproject and 3 more | 23 Ubuntu Linux, Debian Linux, Fedora and 20 more | 2025-04-23 | 9.0 HIGH | 8.8 HIGH |
| The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root. | |||||
| CVE-2017-1000410 | 3 Debian, Linux, Redhat | 9 Debian Linux, Linux Kernel, Enterprise Linux Desktop and 6 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of uninitialized stack variables that may be returned to an attacker in their uninitialized state. By manipulating the code flows that precede the handling of these configuration messages, an attacker can also gain some control over which data will be held in the uninitialized stack variables. This can allow him to bypass KASLR, and stack canaries protection - as both pointers and stack canaries may be leaked in this manner. Combining this vulnerability (for example) with the previously disclosed RCE vulnerability in L2CAP configuration parsing (CVE-2017-1000251) may allow an attacker to exploit the RCE against kernels which were built with the above mitigations. These are the specifics of this vulnerability: In the function l2cap_parse_conf_rsp and in the function l2cap_parse_conf_req the following variable is declared without initialization: struct l2cap_conf_efs efs; In addition, when parsing input configuration parameters in both of these functions, the switch case for handling EFS elements may skip the memcpy call that will write to the efs variable: ... case L2CAP_CONF_EFS: if (olen == sizeof(efs)) memcpy(&efs, (void *)val, olen); ... The olen in the above if is attacker controlled, and regardless of that if, in both of these functions the efs variable would eventually be added to the outgoing configuration request that is being built: l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS, sizeof(efs), (unsigned long) &efs); So by sending a configuration request, or response, that contains an L2CAP_CONF_EFS element, but with an element length that is not sizeof(efs) - the memcpy to the uninitialized efs variable can be avoided, and the uninitialized variable would be returned to the attacker (16 bytes). | |||||
| CVE-2017-1000407 | 4 Canonical, Debian, Linux and 1 more | 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more | 2025-04-20 | 6.1 MEDIUM | 7.4 HIGH |
| The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic. | |||||
| CVE-2022-0847 | 7 Fedoraproject, Linux, Netapp and 4 more | 39 Fedora, Linux Kernel, H300e and 36 more | 2025-04-08 | 7.2 HIGH | 7.8 HIGH |
| A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system. | |||||
| CVE-2021-3560 | 4 Canonical, Debian, Polkit Project and 1 more | 7 Ubuntu Linux, Debian Linux, Polkit and 4 more | 2025-04-03 | 7.2 HIGH | 7.8 HIGH |
| It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2023-6536 | 3 Debian, Linux, Redhat | 17 Debian Linux, Linux Kernel, Codeready Linux Builder Eus and 14 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service. | |||||
| CVE-2023-6535 | 2 Linux, Redhat | 16 Linux Kernel, Codeready Linux Builder Eus, Codeready Linux Builder Eus For Power Little Endian Eus and 13 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service. | |||||
| CVE-2023-6356 | 3 Debian, Linux, Redhat | 17 Debian Linux, Linux Kernel, Codeready Linux Builder Eus and 14 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a denial of service. | |||||
| CVE-2022-1011 | 6 Debian, Fedoraproject, Linux and 3 more | 38 Debian Linux, Fedora, Linux Kernel and 35 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation. | |||||
| CVE-2022-0516 | 5 Debian, Fedoraproject, Linux and 2 more | 31 Debian Linux, Fedora, Linux Kernel and 28 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obtain unauthorized memory write access. This flaw affects Linux kernel versions prior to 5.17-rc4. | |||||
| CVE-2022-0492 | 6 Canonical, Debian, Fedoraproject and 3 more | 30 Ubuntu Linux, Debian Linux, Fedora and 27 more | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
| A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly. | |||||
| CVE-2022-0435 | 5 Fedoraproject, Linux, Netapp and 2 more | 37 Fedora, Linux Kernel, H300e and 34 more | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network. | |||||
| CVE-2022-0330 | 4 Fedoraproject, Linux, Netapp and 1 more | 46 Fedora, Linux Kernel, H300e and 43 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system. | |||||
| CVE-2022-0207 | 2 Ovirt, Redhat | 5 Vdsm, Enterprise Linux, Virtualization and 2 more | 2024-11-21 | N/A | 4.7 MEDIUM |
| A race condition was found in vdsm. Functionality to obfuscate sensitive values in log files that may lead to values being stored in clear text. | |||||
| CVE-2021-45417 | 5 Advanced Intrusion Detection Environment Project, Canonical, Debian and 2 more | 7 Advanced Intrusion Detection Environment, Ubuntu Linux, Debian Linux and 4 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow. | |||||
| CVE-2021-3752 | 6 Debian, Fedoraproject, Linux and 3 more | 27 Debian Linux, Fedora, Linux Kernel and 24 more | 2024-11-21 | 7.9 HIGH | 7.1 HIGH |
| A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | |||||
| CVE-2021-3744 | 5 Debian, Fedoraproject, Linux and 2 more | 24 Debian Linux, Fedora, Linux Kernel and 21 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808. | |||||
| CVE-2021-3669 | 5 Debian, Fedoraproject, Ibm and 2 more | 24 Debian Linux, Fedora, Spectrum Copy Data Management and 21 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS. | |||||
| CVE-2021-3659 | 3 Fedoraproject, Linux, Redhat | 17 Fedora, Linux Kernel, Codeready Linux Builder and 14 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| A NULL pointer dereference flaw was found in the Linux kernel’s IEEE 802.15.4 wireless networking subsystem in the way the user closes the LR-WPAN connection. This flaw allows a local user to crash the system. The highest threat from this vulnerability is to system availability. | |||||