Total
219 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-3545 | 3 Debian, Linux, Netapp | 12 Debian Linux, Linux Kernel, H300s and 9 more | 2024-02-28 | N/A | 7.8 HIGH |
A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211045 was assigned to this vulnerability. | |||||
CVE-2022-36123 | 2 Linux, Netapp | 11 Linux Kernel, H300s, H300s Firmware and 8 more | 2024-02-28 | N/A | 7.8 HIGH |
The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss). This allows Xen PV guest OS users to cause a denial of service or gain privileges. | |||||
CVE-2021-3998 | 2 Gnu, Netapp | 12 Glibc, H300s, H300s Firmware and 9 more | 2024-02-28 | N/A | 7.5 HIGH |
A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data. | |||||
CVE-2021-4204 | 4 Debian, Linux, Netapp and 1 more | 13 Debian Linux, Linux Kernel, H300s and 10 more | 2024-02-28 | N/A | 7.1 HIGH |
An out-of-bounds (OOB) memory access flaw was found in the Linux kernel's eBPF due to an Improper Input Validation. This flaw allows a local attacker with a special privilege to crash the system or leak internal information. | |||||
CVE-2022-1973 | 3 Fedoraproject, Linux, Netapp | 12 Fedora, Linux Kernel, H300s and 9 more | 2024-02-28 | N/A | 7.1 HIGH |
A use-after-free flaw was found in the Linux kernel in log_replay in fs/ntfs3/fslog.c in the NTFS journal. This flaw allows a local attacker to crash the system and leads to a kernel information leak problem. | |||||
CVE-2022-2961 | 3 Fedoraproject, Linux, Netapp | 12 Fedora, Linux Kernel, H300s and 9 more | 2024-02-28 | N/A | 7.0 HIGH |
A use-after-free flaw was found in the Linux kernel’s PLP Rose functionality in the way a user triggers a race condition by calling bind while simultaneously triggering the rose_bind() function. This flaw allows a local user to crash or potentially escalate their privileges on the system. | |||||
CVE-2022-2964 | 3 Linux, Netapp, Redhat | 12 Linux Kernel, H300s, H300s Firmware and 9 more | 2024-02-28 | N/A | 7.8 HIGH |
A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes. | |||||
CVE-2022-34918 | 4 Canonical, Debian, Linux and 1 more | 13 Ubuntu Linux, Debian Linux, Linux Kernel and 10 more | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c. | |||||
CVE-2022-32250 | 4 Debian, Fedoraproject, Linux and 1 more | 13 Debian Linux, Fedora, Linux Kernel and 10 more | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free. | |||||
CVE-2022-30594 | 3 Debian, Linux, Netapp | 21 Debian Linux, Linux Kernel, 8300 and 18 more | 2024-02-28 | 4.4 MEDIUM | 7.8 HIGH |
The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. | |||||
CVE-2022-29824 | 5 Debian, Fedoraproject, Netapp and 2 more | 24 Debian Linux, Fedora, Active Iq Unified Manager and 21 more | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well. | |||||
CVE-2022-1678 | 2 Linux, Netapp | 26 Linux Kernel, Active Iq Unified Manager, Bootstrap Os and 23 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients. | |||||
CVE-2022-1011 | 6 Debian, Fedoraproject, Linux and 3 more | 38 Debian Linux, Fedora, Linux Kernel and 35 more | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation. | |||||
CVE-2021-4197 | 5 Broadcom, Debian, Linux and 2 more | 14 Brocade Fabric Operating System Firmware, Debian Linux, Linux Kernel and 11 more | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system. | |||||
CVE-2021-45868 | 2 Linux, Netapp | 17 Linux Kernel, H300e, H300e Firmware and 14 more | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file. | |||||
CVE-2022-28893 | 3 Debian, Linux, Netapp | 22 Debian Linux, Linux Kernel, H300e and 19 more | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state. | |||||
CVE-2022-29968 | 3 Fedoraproject, Linux, Netapp | 13 Fedora, Linux Kernel, H300s and 10 more | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
An issue was discovered in the Linux kernel through 5.17.5. io_rw_init_file in fs/io_uring.c lacks initialization of kiocb->private. | |||||
CVE-2022-1998 | 4 Fedoraproject, Linux, Netapp and 1 more | 13 Fedora, Linux Kernel, H300s and 10 more | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user(). A local user could use this flaw to crash the system or potentially escalate their privileges on the system. | |||||
CVE-2022-29581 | 4 Canonical, Debian, Linux and 1 more | 19 Ubuntu Linux, Debian Linux, Linux Kernel and 16 more | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. | |||||
CVE-2022-1734 | 3 Debian, Linux, Netapp | 18 Debian Linux, Linux Kernel, H300e and 15 more | 2024-02-28 | 4.4 MEDIUM | 7.0 HIGH |
A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine. |