U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:o:linux:linux_kernel:5.8:rc2:*:*:*:*:*:*
  • CPE Name Search: true
There are 1,953 matching records.
Displaying matches 1,401 through 1,420.
Vuln ID Summary CVSS Severity
CVE-2021-28375

An issue was discovered in the Linux kernel through 5.11.6. fastrpc_internal_invoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages, aka CID-20c40794eb85. This is a related issue to CVE-2019-2308.

Published: March 15, 2021; 1:15:13 AM -0400
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2021-3411

A flaw was found in the Linux kernel in versions prior to 5.10. A violation of memory access was found while detecting a padding of int3 in the linking state. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Published: March 09, 2021; 3:15:13 PM -0500
V4.0:(not available)
V3.1: 6.7 MEDIUM
V2.0: 4.6 MEDIUM
CVE-2021-20268

An out-of-bounds access flaw was found in the Linux kernel's implementation of the eBPF code verifier in the way a user running the eBPF script calls dev_map_init_map or sock_map_alloc. This flaw allows a local user to crash the system or possibly escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Published: March 09, 2021; 1:15:15 PM -0500
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2021-27365

An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message.

Published: March 07, 2021; 12:15:13 AM -0500
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2021-27364

An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages.

Published: March 07, 2021; 12:15:13 AM -0500
V4.0:(not available)
V3.1: 7.1 HIGH
V2.0: 3.6 LOW
CVE-2021-27363

An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables.

Published: March 06, 2021; 11:15:13 PM -0500
V4.0:(not available)
V3.1: 4.4 MEDIUM
V2.0: 3.6 LOW
CVE-2020-25639

A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality in versions prior to 5.12-rc1 in the way the user calls ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC. This flaw allows a local user to crash the system.

Published: March 04, 2021; 5:15:13 PM -0500
V4.0:(not available)
V3.1: 4.4 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2021-20194

There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y , CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered). As result of BPF execution, the local user can trigger bug in __cgroup_bpf_run_filter_getsockopt() function that can lead to heap overflow (because of non-hardened usercopy). The impact of attack could be deny of service or possibly privileges escalation.

Published: February 23, 2021; 6:15:13 PM -0500
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2021-20226

A use-after-free flaw was found in the io_uring in Linux kernel, where a local attacker with a user privilege could cause a denial of service problem on the system The issue results from the lack of validating the existence of an object prior to performing operations on the object by not incrementing the file reference counter while in use. The highest threat from this vulnerability is to data integrity, confidentiality and system availability.

Published: February 23, 2021; 12:15:13 PM -0500
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0: 6.1 MEDIUM
CVE-2021-26934

An issue was discovered in the Linux kernel 4.18 through 5.10.16, as used by Xen. The backend allocation (aka be-alloc) mode of the drm_xen_front drivers was not meant to be a supported configuration, but this wasn't stated accordingly in its support status entry.

Published: February 16, 2021; 9:15:13 PM -0500
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2021-26932

An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c.

Published: February 16, 2021; 9:15:13 PM -0500
V4.0:(not available)
V3.1: 5.5 MEDIUM
V2.0: 1.9 LOW
CVE-2021-26931

An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially being at least under the influence of guests (such as out of memory conditions), it isn't correct to assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c.

Published: February 16, 2021; 9:15:12 PM -0500
V4.0:(not available)
V3.1: 5.5 MEDIUM
V2.0: 1.9 LOW
CVE-2021-26930

An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful mapping, and hence subsequent operations trying to access space that wasn't mapped. In another case, internal state would be insufficiently updated, preventing safe recovery from the error. This affects drivers/block/xen-blkback/blkback.c.

Published: February 16, 2021; 8:15:13 PM -0500
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2020-16120

Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if, for example, unprivileged user namespaces were allowed. It was possible to have a file not readable by an unprivileged user to be copied to a mountpoint controlled by the user, like a removable device. This was introduced in kernel version 4.19 by commit d1d04ef ("ovl: stack file ops"). This was fixed in kernel version 5.8 by commits 56230d9 ("ovl: verify permissions in ovl_path_open()"), 48bd024 ("ovl: switch to mounter creds in readdir") and 05acefb ("ovl: check permission to open real file"). Additionally, commits 130fdbc ("ovl: pass correct flags for opening real directory") and 292f902 ("ovl: call secutiry hook in ovl_real_ioctl()") in kernel 5.8 might also be desired or necessary. These additional commits introduced a regression in overlay mounts within user namespaces which prevented access to files with ownership outside of the user namespace. This regression was mitigated by subsequent commit b6650da ("ovl: do not fail because of O_NOATIMEi") in kernel 5.11.

Published: February 10, 2021; 3:15:15 PM -0500
V4.0:(not available)
V3.1: 4.4 MEDIUM
V2.0: 2.1 LOW
CVE-2021-26708

A local privilege escalation was discovered in the Linux kernel before 5.10.13. Multiple race conditions in the AF_VSOCK implementation are caused by wrong locking in net/vmw_vsock/af_vsock.c. The race conditions were implicitly introduced in the commits that added VSOCK multi-transport support.

Published: February 05, 2021; 9:15:18 AM -0500
V4.0:(not available)
V3.1: 7.0 HIGH
V2.0: 6.9 MEDIUM
CVE-2021-3348

nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after-free that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup, aka CID-b98e762e3d71.

Published: January 31, 2021; 11:15:14 PM -0500
V4.0:(not available)
V3.1: 7.0 HIGH
V2.0: 4.4 MEDIUM
CVE-2021-3347

An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.

Published: January 29, 2021; 12:15:12 PM -0500
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2021-3178

fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this attack; see also the exports(5) no_subtree_check default behavior

Published: January 19, 2021; 2:15:13 AM -0500
V4.0:(not available)
V3.1: 6.5 MEDIUM
V2.0: 5.5 MEDIUM
CVE-2020-28374

In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore.

Published: January 12, 2021; 11:15:12 PM -0500
V4.0:(not available)
V3.1: 8.1 HIGH
V2.0: 5.5 MEDIUM
CVE-2020-36158

mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.

Published: January 05, 2021; 12:15:10 AM -0500
V4.0:(not available)
V3.1: 6.7 MEDIUM
V2.0: 7.2 HIGH