U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:linux:linux_kernel:5.15:-:*:*:*:*:*:*
  • CPE Name Search: true
There are 724 matching records.
Displaying matches 121 through 140.
Vuln ID Summary CVSS Severity
CVE-2022-33743

network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further processing to nevertheless be freed.

Published: July 05, 2022; 9:15:08 AM -0400
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2022-34918

An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c.

Published: July 04, 2022; 5:15:07 PM -0400
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2022-2078

A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly to run code.

Published: June 30, 2022; 9:15:08 AM -0400
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2022-1852

A NULL pointer dereference flaw was found in the Linux kernel’s KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU.

Published: June 30, 2022; 9:15:08 AM -0400
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2022-34495

rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free.

Published: June 26, 2022; 12:15:07 PM -0400
V3.1: 5.5 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2022-34494

rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free.

Published: June 26, 2022; 12:15:07 PM -0400
V3.1: 5.5 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2022-33981

drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.

Published: June 18, 2022; 12:15:08 PM -0400
V3.1: 3.3 LOW
V2.0: 2.1 LOW
CVE-2022-32981

An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. There is a buffer overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating point registers.

Published: June 10, 2022; 4:15:08 PM -0400
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2022-1998

A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user(). A local user could use this flaw to crash the system or potentially escalate their privileges on the system.

Published: June 09, 2022; 11:15:09 AM -0400
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2022-32296

The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 ("Double-Hash Port Selection Algorithm") of RFC 6056.

Published: June 05, 2022; 6:15:08 PM -0400
V3.1: 3.3 LOW
V2.0: 2.1 LOW
CVE-2022-32250

net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.

Published: June 02, 2022; 5:15:07 PM -0400
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2022-1943

A flaw out of bounds memory write in the Linux kernel UDF file system functionality was found in the way user triggers some file operation which triggers udf_write_fi(). A local user could use this flaw to crash the system or potentially

Published: June 02, 2022; 10:15:34 AM -0400
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2022-1652

Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.

Published: June 02, 2022; 10:15:32 AM -0400
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2022-1882

A use-after-free flaw was found in the Linux kernel’s pipes functionality in how a user performs manipulations with the pipe post_one_notification() after free_pipe_info() that is already called. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Published: May 26, 2022; 1:15:08 PM -0400
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2022-1734

A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine.

Published: May 18, 2022; 1:15:08 PM -0400
V3.1: 7.0 HIGH
V2.0: 4.4 MEDIUM
CVE-2022-29581

Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions.

Published: May 17, 2022; 1:15:08 PM -0400
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2022-30594

The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag.

Published: May 12, 2022; 1:15:06 AM -0400
V3.1: 7.8 HIGH
V2.0: 4.4 MEDIUM
CVE-2022-1353

A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information.

Published: April 29, 2022; 12:15:08 PM -0400
V3.1: 7.1 HIGH
V2.0: 3.6 LOW
CVE-2022-1195

A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a local attacker with a user privilege to cause a denial of service (DOS) when the mkiss or sixpack device is detached and reclaim resources early.

Published: April 29, 2022; 12:15:08 PM -0400
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2022-1048

A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Published: April 29, 2022; 12:15:08 PM -0400
V3.1: 7.0 HIGH
V2.0: 6.9 MEDIUM