U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:linux:linux_kernel:5.15:rc2:*:*:*:*:*:*
  • CPE Name Search: true
There are 724 matching records.
Displaying matches 61 through 80.
Vuln ID Summary CVSS Severity
CVE-2022-42721

A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code.

Published: October 13, 2022; 8:15:09 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2022-42720

Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-free conditions to potentially execute code.

Published: October 13, 2022; 8:15:09 PM -0400
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2022-41674

An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c.

Published: October 13, 2022; 8:15:09 PM -0400
V3.1: 8.1 HIGH
V2.0:(not available)
CVE-2022-42719

A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code.

Published: October 13, 2022; 7:15:11 PM -0400
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2022-42703

mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.

Published: October 09, 2022; 7:15:09 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2022-41850

roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress.

Published: September 30, 2022; 2:15:12 AM -0400
V3.1: 4.7 MEDIUM
V2.0:(not available)
CVE-2022-41849

drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect.

Published: September 30, 2022; 2:15:12 AM -0400
V3.1: 4.2 MEDIUM
V2.0:(not available)
CVE-2022-41848

drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_detach.

Published: September 30, 2022; 2:15:11 AM -0400
V3.1: 4.2 MEDIUM
V2.0:(not available)
CVE-2022-3303

A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition

Published: September 27, 2022; 7:15:15 PM -0400
V3.1: 4.7 MEDIUM
V2.0:(not available)
CVE-2022-2785

There exists an arbitrary memory read within the Linux Kernel BPF - Constants provided to fill pointers in structs passed in to bpf_sys_bpf are not verified and can point anywhere, including memory not owned by BPF. An attacker with CAP_BPF can arbitrarily read memory from anywhere on the system. We recommend upgrading past commit 86f44fcec22c

Published: September 23, 2022; 7:15:09 AM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2022-41218

In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release.

Published: September 21, 2022; 3:15:08 AM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2022-3239

A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.

Published: September 19, 2022; 4:15:12 PM -0400
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2022-40768

drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.

Published: September 18, 2022; 1:15:08 AM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2022-40476

A null pointer dereference issue was discovered in fs/io_uring.c in the Linux kernel before 5.15.62. A local user could use this flaw to crash the system or potentially cause a denial of service.

Published: September 14, 2022; 5:15:10 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2022-2977

A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after-free and create a situation where it may be possible to escalate privileges on the system.

Published: September 14, 2022; 5:15:10 PM -0400
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2022-3202

A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in Journaled File System (JFS)in the Linux kernel. This could allow a local attacker to crash the system or leak kernel internal information.

Published: September 14, 2022; 11:15:11 AM -0400
V3.1: 7.1 HIGH
V2.0:(not available)
CVE-2022-40133

A use-after-free(UAF) vulnerability was found in function 'vmw_execbuf_tie_context' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).

Published: September 09, 2022; 11:15:15 AM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2022-3077

A buffer overflow vulnerability was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way it handled the I2C_SMBUS_BLOCK_PROC_CALL case (via the ioctl I2C_SMBUS) with malicious input data. This flaw could allow a local user to crash the system.

Published: September 09, 2022; 11:15:14 AM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2022-38457

A use-after-free(UAF) vulnerability was found in function 'vmw_cmd_res_check' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).

Published: September 09, 2022; 11:15:14 AM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2022-38096

A NULL pointer dereference vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).

Published: September 09, 2022; 11:15:14 AM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)