Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:linux:linux_kernel:5.9.0:rc4:*:*:*:*:*:*
  • CPE Name Search: true
There are 964 matching records.
Displaying matches 21 through 40.
Vuln ID Summary CVSS Severity
CVE-2021-38160

** DISPUTED ** In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE: the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; the length validation was added solely for robustness in the face of anomalous host OS behavior.

Published: August 07, 2021; 12:15:06 AM -0400
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2021-3655

A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory.

Published: August 05, 2021; 5:15:13 PM -0400
V3.1: 3.3 LOW
V2.0: 2.1 LOW
CVE-2021-3679

A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service.

Published: August 05, 2021; 4:15:09 PM -0400
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2021-34556

In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack.

Published: August 02, 2021; 1:15:07 AM -0400
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2021-35477

In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store operation does not necessarily occur before a store operation that has an attacker-controlled value.

Published: August 02, 2021; 12:15:07 AM -0400
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2021-37576

arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e.

Published: July 26, 2021; 6:15:08 PM -0400
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2021-29657

arch/x86/kvm/svm/nested.c in the Linux kernel before 5.11.12 has a use-after-free in which an AMD KVM guest can bypass access control on host OS MSRs when there are nested guests, aka CID-a58d9166a756. This occurs because of a TOCTOU race condition associated with a VMCB12 double fetch in nested_svm_vmrun.

Published: July 22, 2021; 1:15:09 PM -0400
V3.1: 7.4 HIGH
V2.0: 6.9 MEDIUM
CVE-2021-37159

hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free.

Published: July 21, 2021; 11:16:20 AM -0400
V3.1: 6.4 MEDIUM
V2.0: 4.4 MEDIUM
CVE-2021-33909

fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05.

Published: July 20, 2021; 3:15:09 PM -0400
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2021-22555

A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space

Published: July 07, 2021; 8:15:08 AM -0400
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2021-35039

kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature Verification, aka CID-0c18f29aae7c. Without CONFIG_MODULE_SIG, verification that a kernel module is signed, for loading via init_module, does not occur for a module.sig_enforce=1 command-line argument.

Published: July 06, 2021; 9:15:07 PM -0400
V3.1: 7.8 HIGH
V2.0: 6.9 MEDIUM
CVE-2021-28691

Guest triggered use-after-free in Linux xen-netback A malicious or buggy network PV frontend can force Linux netback to disable the interface and terminate the receive kernel thread associated with queue 0 in response to the frontend sending a malformed packet. Such kernel thread termination will lead to a use-after-free in Linux netback when the backend is destroyed, as the kernel thread associated with queue 0 will have already exited and thus the call to kthread_stop will be performed against a stale pointer.

Published: June 29, 2021; 8:15:08 AM -0400
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2021-33624

In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack, aka CID-9183671af6db.

Published: June 23, 2021; 12:15:07 PM -0400
V3.1: 4.7 MEDIUM
V2.0: 4.7 MEDIUM
CVE-2021-32078

An Out-of-Bounds Read was discovered in arch/arm/mach-footbridge/personal-pci.c in the Linux kernel through 5.12.11 because of the lack of a check for a value that shouldn't be negative, e.g., access to element -2 of an array, aka CID-298a58e165e4.

Published: June 17, 2021; 11:15:07 AM -0400
V3.1: 7.1 HIGH
V2.0: 6.6 MEDIUM
CVE-2021-34693

net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized.

Published: June 14, 2021; 6:15:20 PM -0400
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2021-0129

Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access.

Published: June 09, 2021; 4:15:08 PM -0400
V3.1: 5.7 MEDIUM
V2.0: 2.7 LOW
CVE-2021-3564

A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kernel versions starting from 3.13.

Published: June 08, 2021; 8:15:11 AM -0400
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2020-36385

An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c.

Published: June 07, 2021; 8:15:08 AM -0400
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2021-3491

The io_uring subsystem in the Linux kernel allowed the MAX_RW_COUNT limit to be bypassed in the PROVIDE_BUFFERS operation, which led to negative values being usedin mem_rw when reading /proc/<PID>/mem. This could be used to create a heap overflow leading to arbitrary code execution in the kernel. It was addressed via commit d1f82808877b ("io_uring: truncate lengths larger than MAX_RW_COUNT on provide buffers") (v5.13-rc1) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. It was introduced in ddf0322db79c ("io_uring: add IORING_OP_PROVIDE_BUFFERS") (v5.7-rc1).

Published: June 03, 2021; 10:15:07 PM -0400
V3.1: 8.8 HIGH
V2.0: 7.2 HIGH
CVE-2021-3489

The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux kernel did not check that the allocated size was smaller than the ringbuf size, allowing an attacker to perform out-of-bounds writes within the kernel and therefore, arbitrary code execution. This issue was fixed via commit 4b81ccebaeee ("bpf, ringbuf: Deny reserve of buffers larger than ringbuf") (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. It was introduced via 457f44363a88 ("bpf: Implement BPF ring buffer and verifier support for it") (v5.8-rc1).

Published: June 03, 2021; 10:15:07 PM -0400
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH