Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:o:linux:linux_kernel:3.14:rc2:*:*:*:*:*:*
There are 996 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2020-35499

A NULL pointer dereference flaw in Linux kernel versions prior to 5.11 may be seen if sco_sock_getsockopt function in net/bluetooth/sco.c do not have a sanity check for a socket connection, when using BT_SNDMTU/BT_RCVMTU for SCO sockets. This could allow a local attacker with a special user privilege to crash the system (DOS) or leak kernel internal information.

Published: February 19, 2021; 3:15:12 PM -0500
V3.1: 6.7 MEDIUM
V2.0: 7.2 HIGH
CVE-2020-12364

Null pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before version Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access.

Published: February 17, 2021; 9:15:15 AM -0500
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2020-12363

Improper input validation in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access.

Published: February 17, 2021; 9:15:15 AM -0500
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2020-12362

Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an escalation of privilege via local access.

Published: February 17, 2021; 9:15:15 AM -0500
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2021-26932

An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c.

Published: February 16, 2021; 9:15:13 PM -0500
V3.1: 5.5 MEDIUM
V2.0: 1.9 LOW
CVE-2021-26931

An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially being at least under the influence of guests (such as out of memory conditions), it isn't correct to assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c.

Published: February 16, 2021; 9:15:12 PM -0500
V3.1: 5.5 MEDIUM
V2.0: 1.9 LOW
CVE-2021-26930

An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful mapping, and hence subsequent operations trying to access space that wasn't mapped. In another case, internal state would be insufficiently updated, preventing safe recovery from the error. This affects drivers/block/xen-blkback/blkback.c.

Published: February 16, 2021; 8:15:13 PM -0500
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2020-16120

Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if, for example, unprivileged user namespaces were allowed. It was possible to have a file not readable by an unprivileged user to be copied to a mountpoint controlled by the user, like a removable device. This was introduced in kernel version 4.19 by commit d1d04ef ("ovl: stack file ops"). This was fixed in kernel version 5.8 by commits 56230d9 ("ovl: verify permissions in ovl_path_open()"), 48bd024 ("ovl: switch to mounter creds in readdir") and 05acefb ("ovl: check permission to open real file"). Additionally, commits 130fdbc ("ovl: pass correct flags for opening real directory") and 292f902 ("ovl: call secutiry hook in ovl_real_ioctl()") in kernel 5.8 might also be desired or necessary. These additional commits introduced a regression in overlay mounts within user namespaces which prevented access to files with ownership outside of the user namespace. This regression was mitigated by subsequent commit b6650da ("ovl: do not fail because of O_NOATIMEi") in kernel 5.11.

Published: February 10, 2021; 3:15:15 PM -0500
V3.1: 4.4 MEDIUM
V2.0: 2.1 LOW
CVE-2021-26708

A local privilege escalation was discovered in the Linux kernel before 5.10.13. Multiple race conditions in the AF_VSOCK implementation are caused by wrong locking in net/vmw_vsock/af_vsock.c. The race conditions were implicitly introduced in the commits that added VSOCK multi-transport support.

Published: February 05, 2021; 9:15:18 AM -0500
V3.1: 7.0 HIGH
V2.0: 6.9 MEDIUM
CVE-2021-3348

nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after-free that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup, aka CID-b98e762e3d71.

Published: January 31, 2021; 11:15:14 PM -0500
V3.1: 7.0 HIGH
V2.0: 4.4 MEDIUM
CVE-2021-3347

An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.

Published: January 29, 2021; 12:15:12 PM -0500
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2021-3178

** DISPUTED ** fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this attack; see also the exports(5) no_subtree_check default behavior.

Published: January 19, 2021; 2:15:13 AM -0500
V3.1: 6.5 MEDIUM
V2.0: 5.5 MEDIUM
CVE-2020-28374

In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore.

Published: January 12, 2021; 11:15:12 PM -0500
V3.1: 8.1 HIGH
V2.0: 5.5 MEDIUM
CVE-2020-36158

mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.

Published: January 05, 2021; 12:15:10 AM -0500
V3.1: 6.7 MEDIUM
V2.0: 7.2 HIGH
CVE-2020-29569

An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.

Published: December 15, 2020; 12:15:14 PM -0500
V3.1: 8.8 HIGH
V2.0: 7.2 HIGH
CVE-2020-27777

A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel.

Published: December 15, 2020; 12:15:14 PM -0500
V3.1: 6.7 MEDIUM
V2.0: 7.2 HIGH
CVE-2020-29661

A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.

Published: December 09, 2020; 12:15:31 PM -0500
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2020-29660

A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.

Published: December 09, 2020; 12:15:31 PM -0500
V3.1: 4.4 MEDIUM
V2.0: 2.1 LOW
CVE-2020-29534

An issue was discovered in the Linux kernel before 5.9.3. io_uring takes a non-refcounted reference to the files_struct of the process that submitted a request, causing execve() to incorrectly optimize unshare_fd(), aka CID-0f2122045b94.

Published: December 03, 2020; 3:15:11 PM -0500
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2020-14381

A flaw was found in the Linux kernel’s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Published: December 03, 2020; 12:15:12 PM -0500
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM