U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:linux:linux_kernel:4.5:rc2:*:*:*:*:*:*
  • CPE Name Search: true
There are 1,790 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2022-1973

A use-after-free flaw was found in the Linux kernel in log_replay in fs/ntfs3/fslog.c in the NTFS journal. This flaw allows a local attacker to crash the system and leads to a kernel information leak problem.

Published: August 05, 2022; 1:15:08 PM -0400
V3.1: 7.1 HIGH
V2.0:(not available)
CVE-2022-1012

A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem.

Published: August 05, 2022; 12:15:11 PM -0400
V3.1: 9.1 CRITICAL
V2.0:(not available)
CVE-2022-36123

The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss). This allows Xen PV guest OS users to cause a denial of service or gain privileges.

Published: July 29, 2022; 10:15:08 AM -0400
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2022-36946

nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len.

Published: July 27, 2022; 4:15:08 PM -0400
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2022-36879

An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice.

Published: July 27, 2022; 12:15:10 AM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2022-1671

A NULL pointer dereference flaw was found in rxrpc_preparse_s in net/rxrpc/server_key.c in the Linux kernel. This flaw allows a local attacker to crash the system or leak internal kernel information.

Published: July 26, 2022; 1:15:08 PM -0400
V3.1: 7.1 HIGH
V2.0:(not available)
CVE-2022-1651

A memory leak flaw was found in the Linux kernel in acrn_dev_ioctl in the drivers/virt/acrn/hsm.c function in how the ACRN Device Model emulates virtual NICs in VM. This flaw allows a local privileged attacker to leak unauthorized kernel information, causing a denial of service.

Published: July 26, 2022; 1:15:08 PM -0400
V3.1: 7.1 HIGH
V2.0:(not available)
CVE-2020-36558

A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault.

Published: July 21, 2022; 12:15:10 AM -0400
V3.1: 5.1 MEDIUM
V2.0:(not available)
CVE-2020-36557

A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of ttys could lead to a use-after-free.

Published: July 21, 2022; 12:15:09 AM -0400
V3.1: 5.1 MEDIUM
V2.0:(not available)
CVE-2021-33656

When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.

Published: July 18, 2022; 11:15:08 AM -0400
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2021-4135

A memory leak vulnerability was found in the Linux kernel's eBPF for the Simulated networking device driver in the way user uses BPF for the device such that function nsim_map_alloc_elem being called. A local user could use this flaw to get unauthorized access to some data.

Published: July 14, 2022; 4:15:08 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2022-2380

The Linux kernel was found vulnerable out of bounds memory access in the drivers/video/fbdev/sm712fb.c:smtcfb_read() function. The vulnerability could result in local attackers being able to crash the kernel.

Published: July 13, 2022; 3:15:09 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2022-2318

There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges.

Published: July 06, 2022; 3:15:08 PM -0400
V3.1: 5.5 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2022-33744

Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS) of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory pages.

Published: July 05, 2022; 9:15:08 AM -0400
V3.1: 4.7 MEDIUM
V2.0: 1.9 LOW
CVE-2022-2078

A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly to run code.

Published: June 30, 2022; 9:15:08 AM -0400
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2022-1852

A NULL pointer dereference flaw was found in the Linux kernel’s KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU.

Published: June 30, 2022; 9:15:08 AM -0400
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2022-34495

rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free.

Published: June 26, 2022; 12:15:07 PM -0400
V3.1: 5.5 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2022-34494

rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free.

Published: June 26, 2022; 12:15:07 PM -0400
V3.1: 5.5 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2022-33981

drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.

Published: June 18, 2022; 12:15:08 PM -0400
V3.1: 3.3 LOW
V2.0: 2.1 LOW
CVE-2022-32981

An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. There is a buffer overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating point registers.

Published: June 10, 2022; 4:15:08 PM -0400
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM