Linux : Security Vulnerabilities, CVEs, CVSS score between 3 and 3.99
A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak.
Max CVSS
3.3
EPSS Score
0.05%
Published
2023-03-23
Updated
2023-05-03
A flaw was found in the Linux Kernel. The tls_is_tx_ready() incorrectly checks for list emptiness, potentially accessing a type confused entry to the list_head, leaking the last byte of the confused field that overlaps with rec->tx_ready.
Max CVSS
3.3
EPSS Score
0.04%
Published
2023-03-27
Updated
2023-04-05
drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.
Max CVSS
3.3
EPSS Score
0.06%
Published
2022-06-18
Updated
2022-11-05
The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 ("Double-Hash Port Selection Algorithm") of RFC 6056.
Max CVSS
3.3
EPSS Score
0.05%
Published
2022-06-05
Updated
2022-09-28
An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor.
Max CVSS
3.3
EPSS Score
0.05%
Published
2022-02-04
Updated
2022-05-12
A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function j1939_session_destroy of the file net/can/j1939/transport.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211932.
Max CVSS
3.5
EPSS Score
0.05%
Published
2022-10-21
Updated
2024-03-21
A vulnerability was found in Linux Kernel. It has been declared as problematic. This vulnerability affects the function vsock_connect of the file net/vmw_vsock/af_vsock.c. The manipulation leads to memory leak. The complexity of an attack is rather high. The exploitation appears to be difficult. It is recommended to apply a patch to fix this issue. VDB-211930 is the identifier assigned to this vulnerability.
Max CVSS
3.3
EPSS Score
0.05%
Published
2022-10-21
Updated
2024-03-21
A vulnerability was found in Linux Kernel and classified as problematic. Affected by this issue is the function rlb_arp_xmit of the file drivers/net/bonding/bond_alb.c of the component IPsec. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211928.
Max CVSS
3.5
EPSS Score
0.04%
Published
2022-10-21
Updated
2022-10-24
In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small.
Max CVSS
3.5
EPSS Score
0.05%
Published
2021-12-25
Updated
2023-02-24
net/netfilter/nf_conntrack_standalone.c in the Linux kernel before 5.12.2 allows observation of changes in any net namespace because these changes are leaked into all other net namespaces. This is related to the NF_SYSCTL_CT_MAX, NF_SYSCTL_CT_EXPECT_MAX, and NF_SYSCTL_CT_BUCKETS sysctls.
Max CVSS
3.3
EPSS Score
0.04%
Published
2021-08-08
Updated
2021-08-12
drivers/net/ethernet/xilinx/xilinx_emaclite.c in the Linux kernel before 5.13.3 makes it easier for attackers to defeat an ASLR protection mechanism because it prints a kernel pointer (i.e., the real IOMEM pointer).
Max CVSS
3.3
EPSS Score
0.05%
Published
2021-08-08
Updated
2022-01-04
A flaw was found in the Linux kernel in versions before 5.4.92 in the BPF protocol. This flaw allows an attacker with a local account to leak information about kernel internal addresses. The highest threat from this vulnerability is to confidentiality.
Max CVSS
3.3
EPSS Score
0.04%
Published
2021-05-28
Updated
2022-08-05
A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory.
Max CVSS
3.3
EPSS Score
0.05%
Published
2021-08-05
Updated
2022-10-27
An issue was discovered in the Linux kernel before 5.8.6. drivers/media/cec/core/cec-api.c leaks one byte of kernel memory on specific hardware to unprivileged users, because of directly assigning log_addrs with a hole in the struct.
Max CVSS
3.3
EPSS Score
0.04%
Published
2023-09-18
Updated
2023-09-19
A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the audit subsystem
Max CVSS
3.6
EPSS Score
0.04%
Published
2022-03-30
Updated
2022-12-02
An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore can grant unintended write access, aka CID-17839856fd58.
Max CVSS
3.6
EPSS Score
0.06%
Published
2020-11-28
Updated
2023-11-09
An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.
Max CVSS
3.3
EPSS Score
0.06%
Published
2020-11-28
Updated
2020-12-02
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets.
Max CVSS
3.5
EPSS Score
0.21%
Published
2021-05-11
Updated
2023-04-01
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.
Max CVSS
3.5
EPSS Score
0.12%
Published
2021-05-11
Updated
2023-04-01
Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-d10dcb615c8e.
Max CVSS
3.3
EPSS Score
0.05%
Published
2019-11-18
Updated
2022-11-07
llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-3a359798b176.
Max CVSS
3.3
EPSS Score
0.05%
Published
2019-10-01
Updated
2019-10-25
base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21.
Max CVSS
3.3
EPSS Score
0.05%
Published
2019-10-01
Updated
2022-03-31
atalk_create in net/appletalk/ddp.c in the AF_APPLETALK network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-6cc03e8aa36c.
Max CVSS
3.3
EPSS Score
0.05%
Published
2019-10-01
Updated
2019-10-25
ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-e69dbd4619e7.
Max CVSS
3.3
EPSS Score
0.05%
Published
2019-10-01
Updated
2019-10-25
ax25_create in net/ax25/af_ax25.c in the AF_AX25 network module in the Linux kernel 3.16 through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-0614e2b73768.
Max CVSS
3.3
EPSS Score
0.05%
Published
2019-10-01
Updated
2022-10-07