U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:o:linux:linux_kernel:4.9.325:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 2,012 matching records.
Displaying matches 941 through 960.
Vuln ID Summary CVSS Severity
CVE-2022-28356

In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c.

Published: April 02, 2022; 5:15:09 PM -0400
V4.0:(not available)
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2021-3847

An unauthorized access to the execution of the setuid file with capabilities flaw in the Linux kernel OverlayFS subsystem was found in the way user copying a capable file from a nosuid mount into another mount. A local user could use this flaw to escalate their privileges on the system.

Published: April 01, 2022; 7:15:10 PM -0400
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2020-35501

A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the audit subsystem

Published: March 30, 2022; 12:15:08 PM -0400
V4.0:(not available)
V3.1: 3.4 LOW
V2.0: 3.6 LOW
CVE-2022-27950

In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a memory leak exists for a certain hid_parse error condition.

Published: March 28, 2022; 12:15:16 AM -0400
V4.0:(not available)
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2022-0494

A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality.

Published: March 25, 2022; 3:15:10 PM -0400
V4.0:(not available)
V3.1: 4.4 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2022-0330

A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system.

Published: March 25, 2022; 3:15:10 PM -0400
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2022-0322

A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS).

Published: March 25, 2022; 3:15:09 PM -0400
V4.0:(not available)
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2021-4203

A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information.

Published: March 25, 2022; 3:15:09 PM -0400
V4.0:(not available)
V3.1: 6.8 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2022-0854

A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space.

Published: March 23, 2022; 4:15:10 PM -0400
V4.0:(not available)
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2021-4197

An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system.

Published: March 23, 2022; 4:15:10 PM -0400
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2021-4150

A use-after-free flaw was found in the add_partition in block/partitions/core.c in the Linux kernel. A local attacker with user privileges could cause a denial of service on the system. The issue results from the lack of code cleanup when device_add call fails when adding a partition to the disk.

Published: March 23, 2022; 4:15:10 PM -0400
V4.0:(not available)
V3.1: 5.5 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2021-4149

A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial of service (DOS) due to a deadlock problem.

Published: March 23, 2022; 4:15:09 PM -0400
V4.0:(not available)
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2021-4148

A vulnerability was found in the Linux kernel's block_invalidatepage in fs/buffer.c in the filesystem. A missing sanity check may allow a local attacker with user privilege to cause a denial of service (DOS) problem.

Published: March 23, 2022; 4:15:09 PM -0400
V4.0:(not available)
V3.1: 5.5 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2022-27666

A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat.

Published: March 23, 2022; 2:15:06 AM -0400
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2022-1011

A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation.

Published: March 18, 2022; 2:15:12 PM -0400
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2021-45868

In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file.

Published: March 18, 2022; 3:15:06 AM -0400
V4.0:(not available)
V3.1: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2022-26966

An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device.

Published: March 12, 2022; 5:15:08 PM -0500
V4.0:(not available)
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2022-0516

A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obtain unauthorized memory write access. This flaw affects Linux kernel versions prior to 5.17-rc4.

Published: March 10, 2022; 12:44:56 PM -0500
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2022-0433

A NULL pointer dereference flaw was found in the Linux kernel's BPF subsystem in the way a user triggers the map_get_next_key function of the BPF bloom filter. This flaw allows a local user to crash the system. This flaw affects Linux kernel versions prior to 5.17-rc1.

Published: March 10, 2022; 12:44:55 PM -0500
V4.0:(not available)
V3.1: 5.5 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2021-4095

A NULL pointer dereference was found in the Linux kernel's KVM when dirty ring logging is enabled without an active vCPU context. An unprivileged local attacker on the host may use this flaw to cause a kernel oops condition and thus a denial of service by issuing a KVM_XEN_HVM_SET_ATTR ioctl. This flaw affects Linux kernel versions prior to 5.17-rc1.

Published: March 10, 2022; 12:44:53 PM -0500
V4.0:(not available)
V3.1: 5.5 MEDIUM
V2.0: 1.9 LOW