U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:o:linux:linux_kernel:2.4.18:pre4:*:*:*:*:*:*
  • CPE Name Search: true
There are 2,688 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2022-33981

drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.

Published: June 18, 2022; 12:15:08 PM -0400
V3.1: 3.3 LOW
V2.0: 2.1 LOW
CVE-2022-32981

An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. There is a buffer overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating point registers.

Published: June 10, 2022; 4:15:08 PM -0400
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2022-32296

The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used.

Published: June 05, 2022; 6:15:08 PM -0400
V3.1: 3.3 LOW
V2.0: 2.1 LOW
CVE-2022-32250

net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.

Published: June 02, 2022; 5:15:07 PM -0400
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2022-1789

With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference.

Published: June 02, 2022; 10:15:33 AM -0400
V3.1: 6.8 MEDIUM
V2.0: 6.9 MEDIUM
CVE-2022-1786

A use-after-free flaw was found in the Linux kernel’s io_uring subsystem in the way a user sets up a ring with IORING_SETUP_IOPOLL with more than one task completing submissions on this ring. This flaw allows a local user to crash or escalate their privileges on the system.

Published: June 02, 2022; 10:15:33 AM -0400
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2022-1652

Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.

Published: June 02, 2022; 10:15:32 AM -0400
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2022-1419

The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of *drm_vgem_gem_object *(created in *vgem_gem_dumb_create*) concurrently, and *vgem_gem_dumb_create *will access the freed drm_vgem_gem_object.

Published: June 02, 2022; 10:15:32 AM -0400
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2022-1882

A use-after-free flaw was found in the Linux kernel’s pipes functionality in how a user performs manipulations with the pipe post_one_notification() after free_pipe_info() that is already called. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Published: May 26, 2022; 1:15:08 PM -0400
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2022-1734

A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine.

Published: May 18, 2022; 1:15:08 PM -0400
V3.1: 7.0 HIGH
V2.0: 4.4 MEDIUM
CVE-2022-30594

The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag.

Published: May 12, 2022; 1:15:06 AM -0400
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2022-29968

An issue was discovered in the Linux kernel through 5.17.5. io_rw_init_file in fs/io_uring.c lacks initialization of kiocb->private.

Published: May 02, 2022; 12:15:10 AM -0400
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2022-1353

A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information.

Published: April 29, 2022; 12:15:08 PM -0400
V3.1: 7.1 HIGH
V2.0: 3.6 LOW
CVE-2022-1195

A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a local attacker with a user privilege to cause a denial of service (DOS) when the mkiss or sixpack device is detached and reclaim resources early.

Published: April 29, 2022; 12:15:08 PM -0400
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2022-1048

A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Published: April 29, 2022; 12:15:08 PM -0400
V3.1: 7.0 HIGH
V2.0: 6.9 MEDIUM
CVE-2022-1015

A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue.

Published: April 29, 2022; 12:15:08 PM -0400
V3.1: 6.6 MEDIUM
V2.0: 4.6 MEDIUM
CVE-2022-29582

In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace; however, the race condition perhaps can only be exploited infrequently.

Published: April 22, 2022; 12:15:09 PM -0400
V3.1: 7.0 HIGH
V2.0: 6.9 MEDIUM
CVE-2011-4917

In the Linux kernel through 3.1 there is an information disclosure issue via /proc/stat.

Published: April 18, 2022; 1:15:11 PM -0400
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2022-29156

drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel before 5.16.12 has a double free related to rtrs_clt_dev_release.

Published: April 13, 2022; 3:15:28 AM -0400
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2022-28893

The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state.

Published: April 11, 2022; 1:15:07 AM -0400
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH