Product:

Linux_kernel

(Linux)
Repositories https://github.com/torvalds/linux
https://github.com/mjg59/linux
https://github.com/stoth68000/media-tree
https://github.com/acpica/acpica
https://github.com/derrekr/android_security
#Vulnerabilities 4822
Date Id Summary Products Score Patch Annotated
2021-01-13 CVE-2020-28374 In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore. Debian_linux, Fedora, Linux_kernel 8.1
2021-01-14 CVE-2020-16119 Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0.182.191 and 3.2.0-149.196. Ubuntu_linux, Debian_linux, Linux_kernel 7.8
2021-01-26 CVE-2020-35513 A flaw incorrect umask during file or directory modification in the Linux kernel NFS (network file system) functionality was found in the way user create and delete object using NFSv4.2 or newer if both simultaneously accessing the NFS by the other process that is not using new NFSv4.2. A user with access to the NFS could use this flaw to starve the resources causing denial of service. Linux_kernel, Enterprise_linux 4.9
2021-01-29 CVE-2021-3347 An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458. Debian_linux, Fedora, Linux_kernel 7.8
2021-02-17 CVE-2021-26934 An issue was discovered in the Linux kernel 4.18 through 5.10.16, as used by Xen. The backend allocation (aka be-alloc) mode of the drm_xen_front drivers was not meant to be a supported configuration, but this wasn't stated accordingly in its support status entry. Fedora, Linux_kernel 7.8
2021-03-04 CVE-2020-25639 A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality in versions prior to 5.12-rc1 in the way the user calls ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC. This flaw allows a local user to crash the system. Fedora, Linux_kernel, Enterprise_linux, Messaging_realtime_grid, Openshift_container_platform 4.4
2021-03-09 CVE-2021-20268 An out-of-bounds access flaw was found in the Linux kernel's implementation of the eBPF code verifier in the way a user running the eBPF script calls dev_map_init_map or sock_map_alloc. This flaw allows a local user to crash the system or possibly escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Linux_kernel 7.8
2021-03-15 CVE-2021-28375 An issue was discovered in the Linux kernel through 5.11.6. fastrpc_internal_invoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages, aka CID-20c40794eb85. This is a related issue to CVE-2019-2308. Fedora, Linux_kernel, Cloud_backup, Solidfire_baseboard_management_controller_firmware 7.8
2021-03-20 CVE-2021-28950 An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A "stall on CPU" can occur because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1. Debian_linux, Fedora, Linux_kernel 5.5
2021-03-20 CVE-2021-28951 An issue was discovered in fs/io_uring.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (deadlock) because exit may be waiting to park a SQPOLL thread, but concurrently that SQPOLL thread is waiting for a signal to start, aka CID-3ebba796fa25. Fedora, Linux_kernel, A250_firmware, Aff_500f_firmware, Cloud_backup, Fas_500f_firmware, Solidfire_baseboard_management_controller_firmware 5.5