U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:linux:linux_kernel:5.15:rc2:*:*:*:*:*:*
  • CPE Name Search: true
There are 726 matching records.
Displaying matches 161 through 180.
Vuln ID Summary CVSS Severity
CVE-2022-0330

A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system.

Published: March 25, 2022; 3:15:10 PM -0400
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2022-0322

A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS).

Published: March 25, 2022; 3:15:09 PM -0400
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2021-4203

A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information.

Published: March 25, 2022; 3:15:09 PM -0400
V3.1: 6.8 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2021-4202

A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race problem while the device is getting removed, leading to a privilege escalation problem.

Published: March 25, 2022; 3:15:09 PM -0400
V3.1: 7.0 HIGH
V2.0: 6.9 MEDIUM
CVE-2022-0854

A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space.

Published: March 23, 2022; 4:15:10 PM -0400
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2021-4197

An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system.

Published: March 23, 2022; 4:15:10 PM -0400
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2021-4150

A use-after-free flaw was found in the add_partition in block/partitions/core.c in the Linux kernel. A local attacker with user privileges could cause a denial of service on the system. The issue results from the lack of code cleanup when device_add call fails when adding a partition to the disk.

Published: March 23, 2022; 4:15:10 PM -0400
V3.1: 5.5 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2021-4149

A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial of service (DOS) due to a deadlock problem.

Published: March 23, 2022; 4:15:09 PM -0400
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2022-27666

A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat.

Published: March 23, 2022; 2:15:06 AM -0400
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2022-1011

A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation.

Published: March 18, 2022; 2:15:12 PM -0400
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2022-0742

Memory leak in icmp6 implementation in Linux Kernel 5.13+ allows a remote attacker to DoS a host by making it go out-of-memory via icmp6 packets of type 130 or 131. We recommend upgrading past commit 2d3916f3189172d5c69d33065c3c21119fe539fc.

Published: March 18, 2022; 8:15:07 AM -0400
V3.1: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2021-45868

In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file.

Published: March 18, 2022; 3:15:06 AM -0400
V3.1: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2022-27223

In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not validated and might be manipulated by the host for out-of-array access.

Published: March 15, 2022; 8:15:09 PM -0400
V3.1: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2022-26966

An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device.

Published: March 12, 2022; 5:15:08 PM -0500
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2022-26878

drivers/bluetooth/virtio_bt.c in the Linux kernel before 5.16.3 has a memory leak (socket buffers have memory allocated but not freed).

Published: March 11, 2022; 2:15:08 AM -0500
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2022-0847

A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.

Published: March 10, 2022; 12:44:57 PM -0500
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2022-0516

A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obtain unauthorized memory write access. This flaw affects Linux kernel versions prior to 5.17-rc4.

Published: March 10, 2022; 12:44:56 PM -0500
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2022-0433

A NULL pointer dereference flaw was found in the Linux kernel's BPF subsystem in the way a user triggers the map_get_next_key function of the BPF bloom filter. This flaw allows a local user to crash the system. This flaw affects Linux kernel versions prior to 5.17-rc1.

Published: March 10, 2022; 12:44:55 PM -0500
V3.1: 5.5 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2021-4095

A NULL pointer dereference was found in the Linux kernel's KVM when dirty ring logging is enabled without an active vCPU context. An unprivileged local attacker on the host may use this flaw to cause a kernel oops condition and thus a denial of service by issuing a KVM_XEN_HVM_SET_ATTR ioctl. This flaw affects Linux kernel versions prior to 5.17-rc1.

Published: March 10, 2022; 12:44:53 PM -0500
V3.1: 5.5 MEDIUM
V2.0: 1.9 LOW
CVE-2022-26490

st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters.

Published: March 05, 2022; 11:15:07 PM -0500
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM