Product:

Linux_kernel

(Linux)
Date Id Summary Products Score Patch Annotated
2021-06-23 CVE-2021-33624 In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack, aka CID-9183671af6db. Debian_linux, Linux_kernel 4.7
2022-01-06 CVE-2021-28714 Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process them. There are some measures taken for avoiding to pile up too much data, but those can be bypassed by the guest: There is a timeout how long the client side of an... Debian_linux, Linux_kernel 6.5
2022-01-06 CVE-2021-28715 Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process them. There are some measures taken for avoiding to pile up too much data, but those can be bypassed by the guest: There is a timeout how long the client side of an... Debian_linux, Linux_kernel 6.5
2022-02-20 CVE-2022-25375 An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory. Debian_linux, Linux_kernel 5.5
2022-05-12 CVE-2022-30594 The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. Debian_linux, Linux_kernel, 8300_firmware, 8700_firmware, A400_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500s_firmware, H700s_firmware, Hci_compute_node, Solidfire\,_enterprise_sds_\&_hci_storage_node, Solidfire_\&_hci_management_node 7.8
2022-06-05 CVE-2022-32296 The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 ("Double-Hash Port Selection Algorithm") of RFC 6056. Linux_kernel 3.3
2022-09-09 CVE-2022-40307 An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free. Debian_linux, Linux_kernel 4.7
2023-03-19 CVE-2022-48423 In the Linux kernel before 6.1.3, fs/ntfs3/record.c does not validate resident attribute names. An out-of-bounds write may occur. Linux_kernel 7.8
2023-08-07 CVE-2023-20811 In IOMMU, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03692061; Issue ID: DTV03692061. Android, Linux_kernel 6.7
2023-08-07 CVE-2023-20810 In IOMMU, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03692061; Issue ID: DTV03692061. Android, Linux_kernel 4.4