Linux Kernel Kernel vulnerabilities

CVE-2022-2785 [MEDIUM] CWE-125 CVE-2022-2785: There exists an arbitrary memory read within the Linux Kernel BPF - Constants provided to fill point There exists an arbitrary memory read within the Linux Kernel BPF - Constants provided to fill pointers in structs passed in to bpf_sys_bpf are not verified and can point anywhere, including memory not owned by BPF. An attacker with CAP_BPF can arbitrarily read memory from anywhere on the system. We recommend upgrading past commit 86f44fcec22c

CVE-2021-22600 [MEDIUM] CWE-415 CVE-2021-22600: A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user th A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755

CVE-2020-14386 [MEDIUM] CWE-250 CVE-2020-14386: A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.

CVE-2020-10781 [MEDIUM] CWE-732 CVE-2020-10781: A flaw was found in the Linux Kernel before 5.8-rc6 in the ZRAM kernel module, where a user with a l A flaw was found in the Linux Kernel before 5.8-rc6 in the ZRAM kernel module, where a user with a local account and the ability to read the /sys/class/zram-control/hot_add file can create ZRAM device nodes in the /dev/ directory. This read allocates kernel memory and is not accounted for a user that triggers the creation of that ZRAM device. With t

CVE-2020-10768 [MEDIUM] CWE-440 CVE-2020-10768: A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl() function, where it can be used to A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl() function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as being 'force disabled' when it is not and opens the system to Spectre v2 attacks. The highest threat from this vulnerability is to confidentiality.

CVE-2020-10766 [MEDIUM] CWE-440 CVE-2020-10766: A logic bug flaw was found in Linux kernel before 5.8-rc1 in the implementation of SSBD. A bug in th A logic bug flaw was found in Linux kernel before 5.8-rc1 in the implementation of SSBD. A bug in the logic handling allows an attacker with a local account to disable SSBD protection during a context switch when additional speculative execution mitigations are in place. This issue was introduced when the per task/process conditional STIPB switching

CVE-2020-14304 [MEDIUM] CWE-460 CVE-2020-14304: A memory disclosure flaw was found in the Linux kernel's ethernet drivers, in the way it read data f A memory disclosure flaw was found in the Linux kernel's ethernet drivers, in the way it read data from the EEPROM of the device. This flaw allows a local user to read uninitialized values from the kernel memory. The highest threat from this vulnerability is to confidentiality.

CVE-2020-14314 [MEDIUM] CWE-125 CVE-2020-14314: A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 fil A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.

CVE-2020-14385 [MEDIUM] CWE-131 CVE-2020-14385: A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading to a denial of service. The highest

CVE-2020-10767 [MEDIUM] CWE-440 CVE-2020-10767: A flaw was found in the Linux kernel before 5.8-rc1 in the implementation of the Enhanced IBPB (Indi A flaw was found in the Linux kernel before 5.8-rc1 in the implementation of the Enhanced IBPB (Indirect Branch Prediction Barrier). The IBPB mitigation will be disabled when STIBP is not available or when the Enhanced Indirect Branch Restricted Speculation (IBRS) is available. This flaw allows a local attacker to perform a Spectre V2 style attack w

CVE-2020-1749 [HIGH] CWE-319 CVE-2020-1749: A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints

CVE-2020-10732 [LOW] CWE-908 CVE-2020-10732: A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an a A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.

CVE-2019-14898 [HIGH] CWE-362 CVE-2019-14898: The fix for CVE-2019-11599, affecting the Linux kernel before 5 The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user could use this flaw to obtain sensitive information, cause a denial of service, or possibly have other unspecified impacts by triggering a race condition with mmget_not_zero or get_task_mm calls.

CVE-2019-11599 [HIGH] CWE-667 CVE-2019-11599: The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanis The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm