Ubuntu Linux Kernel vulnerabilities

5 known vulnerabilities affecting ubuntu/linux_kernel.

Total CVEs

5

CISA KEV

1

actively exploited

Public exploits

2

Exploited in wild

1

Severity breakdown

HIGH4MEDIUM1

Vulnerabilities

Page 1 of 1

CVE-2021-3492HIGHCVSS 7.8≥ 5.8 kernel, < 5.8.0-50.56≥ 5.4 kernel, < 5.4.0-72.802021-04-17

CVE-2021-3492 [HIGH] CWE-401 CVE-2021-3492: Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly hand Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (kernel memory exhaustion) or gain privileges via executing

CVE-2021-3493HIGHCVSS 7.8KEVPoC≥ 5.8 kernel, < 5.8.0-50.56≥ 5.4 kernel, < 5.4.0-72.80+2 more2021-04-17

CVE-2021-3493 [HIGH] CWE-270 CVE-2021-3493: The overlayfs implementation in the linux kernel did not properly validate with respect to user name The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain

CVE-2019-15794MEDIUMCVSS 6.7PoC≥ 5.3 kernel, < 5.3.0-24.26≥ 5.0 kernel, < 5.0.0-37.402020-04-24

CVE-2019-15794 [MEDIUM] CWE-672 CVE-2019-15794: Overlayfs in the Linux kernel and shiftfs, a non-upstream patch to the Linux kernel included in the Overlayfs in the Linux kernel and shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, both replace vma->vm_file in their mmap handlers. On error the original value is not restored, and the reference is put for the file to which vm_file points. On upstream kernels this is not an issue, as no callers dere

CVE-2008-4395HIGHCVSS 8.3≤ 2.6.262008-11-06

CVE-2008-4395 [HIGH] CWE-119 CVE-2008-4395: Multiple buffer overflows in the ndiswrapper module 1.53 for the Linux kernel 2.6 allow remote attac Multiple buffer overflows in the ndiswrapper module 1.53 for the Linux kernel 2.6 allow remote attackers to execute arbitrary code by sending packets over a local wireless network that specify long ESSIDs.

CVE-2006-7229HIGHCVSS 7.5v2.6.152007-11-15

CVE-2006-7229 [HIGH] CWE-399 CVE-2006-7229: The skge driver 1.5 in Linux kernel 2.6.15 on Ubuntu does not properly use the spin_lock and spin_un The skge driver 1.5 in Linux kernel 2.6.15 on Ubuntu does not properly use the spin_lock and spin_unlock functions, which allows remote attackers to cause a denial of service (machine crash) via a flood of network traffic.