U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Linux kernel
  • Search Type: Search All
There are 3,617 matching records.
Displaying matches 61 through 80.
Vuln ID Summary CVSS Severity
CVE-2022-3107

An issue was discovered in the Linux kernel through 5.16-rc6. netvsc_get_ethtool_stats in drivers/net/hyperv/netvsc_drv.c lacks check of the return value of kvmalloc_array() and will cause the null pointer dereference.

Published: December 14, 2022; 4:15:11 PM -0500
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2022-3106

An issue was discovered in the Linux kernel through 5.16-rc6. ef100_update_stats in drivers/net/ethernet/sfc/ef100_nic.c lacks check of the return value of kmalloc().

Published: December 14, 2022; 4:15:11 PM -0500
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2022-3105

An issue was discovered in the Linux kernel through 5.16-rc6. uapi_finalize in drivers/infiniband/core/uverbs_uapi.c lacks check of kmalloc_array().

Published: December 14, 2022; 4:15:11 PM -0500
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2022-3104

An issue was discovered in the Linux kernel through 5.16-rc6. lkdtm_ARRAY_BOUNDS in drivers/misc/lkdtm/bugs.c lacks check of the return value of kmalloc() and will cause the null pointer dereference.

Published: December 14, 2022; 4:15:11 PM -0500
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2022-44689

Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability.

Published: December 13, 2022; 2:15:13 PM -0500
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2022-23523

In versions prior to 0.8.1, the linux-loader crate uses the offsets and sizes provided in the ELF headers to determine the offsets to read from. If those offsets point beyond the end of the file this could lead to Virtual Machine Monitors using the `linux-loader` crate entering an infinite loop if the ELF header of the kernel they are loading was modified in a malicious manner. This issue has been addressed in 0.8.1. The issue can be mitigated by ensuring that only trusted kernel images are loaded or by verifying that the headers do not point beyond the end of the file.

Published: December 13, 2022; 3:15:10 AM -0500
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2022-4269

A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action "mirred") a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in use (TCP or SCTP) does a retransmission, resulting in a denial of service condition.

Published: December 05, 2022; 11:15:10 AM -0500
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2022-45869

A race condition in the x86 KVM subsystem in the Linux kernel through 6.1-rc6 allows guest OS users to cause a denial of service (host OS crash or host OS memory corruption) when nested virtualisation and the TDP MMU are enabled.

Published: November 30, 2022; 12:15:11 AM -0500
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2022-4129

A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service.

Published: November 28, 2022; 5:15:11 PM -0500
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2022-4128

A NULL pointer dereference issue was discovered in the Linux kernel in the MPTCP protocol when traversing the subflow list at disconnect time. A local user could use this flaw to potentially crash the system causing a denial of service.

Published: November 28, 2022; 5:15:11 PM -0500
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2022-4127

A NULL pointer dereference issue was discovered in the Linux kernel in io_files_update_with_index_alloc. A local user could use this flaw to potentially crash the system causing a denial of service.

Published: November 28, 2022; 5:15:11 PM -0500
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2022-45934

An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.

Published: November 26, 2022; 11:15:10 PM -0500
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2022-45919

An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is a disconnect after an open, because of the lack of a wait_event.

Published: November 26, 2022; 9:15:16 PM -0500
V3.1: 7.0 HIGH
V2.0:(not available)
CVE-2022-45888

An issue was discovered in the Linux kernel through 6.0.9. drivers/char/xillybus/xillyusb.c has a race condition and use-after-free during physical removal of a USB device.

Published: November 24, 2022; 11:15:09 PM -0500
V3.1: 6.4 MEDIUM
V2.0:(not available)
CVE-2022-45887

An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call.

Published: November 24, 2022; 11:15:09 PM -0500
V3.1: 4.7 MEDIUM
V2.0:(not available)
CVE-2022-45886

An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free.

Published: November 24, 2022; 11:15:09 PM -0500
V3.1: 7.0 HIGH
V2.0:(not available)
CVE-2022-45885

An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected.

Published: November 24, 2022; 11:15:09 PM -0500
V3.1: 7.0 HIGH
V2.0:(not available)
CVE-2022-45884

An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops.

Published: November 24, 2022; 11:15:09 PM -0500
V3.1: 7.0 HIGH
V2.0:(not available)
CVE-2022-42896

There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url

Published: November 23, 2022; 10:15:10 AM -0500
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2022-42895

There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url

Published: November 23, 2022; 10:15:10 AM -0500
V3.1: 6.5 MEDIUM
V2.0:(not available)