Vulnerabilities (CVE)

Filtered by vendor Canonical Subscribe
Filtered by product Ubuntu Linux
Total 4101 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-20169 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2024-03-04 7.2 HIGH 6.8 MEDIUM
An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.
CVE-2022-2586 2 Canonical, Linux 2 Ubuntu Linux, Linux Kernel 2024-02-28 N/A 7.8 HIGH
It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted.
CVE-2023-5536 1 Canonical 1 Ubuntu Linux 2024-02-28 N/A 6.4 MEDIUM
A feature in LXD (LP#1829071), affects the default configuration of Ubuntu Server which allows privileged users in the lxd group to escalate their privilege to root without requiring a sudo password.
CVE-2022-2588 2 Canonical, Linux 2 Ubuntu Linux, Linux Kernel 2024-02-28 N/A 7.8 HIGH
It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0.
CVE-2023-1032 2 Canonical, Linux 2 Ubuntu Linux, Linux Kernel 2024-02-28 N/A 5.5 MEDIUM
The Linux kernel io_uring IORING_OP_SOCKET operation contained a double free in function __sys_socket_file() in file net/socket.c. This issue was introduced in da214a475f8bd1d3e9e7a19ddfeb4d1617551bab and fixed in 649c15c7691e9b13cbe9bf6c65c365350e056067.
CVE-2022-2602 2 Canonical, Linux 2 Ubuntu Linux, Linux Kernel 2024-02-28 N/A 7.0 HIGH
io_uring UAF, Unix SCM garbage collection
CVE-2022-2585 2 Canonical, Linux 2 Ubuntu Linux, Linux Kernel 2024-02-28 N/A 7.8 HIGH
It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free.
CVE-2023-45866 6 Apple, Bluproducts, Canonical and 3 more 16 Ipad Os, Iphone Os, Iphone Se and 13 more 2024-02-28 N/A 6.3 MEDIUM
Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.
CVE-2022-3328 1 Canonical 2 Snapd, Ubuntu Linux 2024-02-28 N/A 7.0 HIGH
Race condition in snap-confine's must_mkdir_and_open_with_perms()
CVE-2021-3600 4 Canonical, Fedoraproject, Linux and 1 more 4 Ubuntu Linux, Fedora, Linux Kernel and 1 more 2024-02-28 N/A 7.8 HIGH
It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use this to possibly execute arbitrary code.
CVE-2023-2640 1 Canonical 1 Ubuntu Linux 2024-02-28 N/A 7.8 HIGH
On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs", an unprivileged user may set privileged extended attributes on the mounted files, leading them to be set on the upper files without the appropriate security checks.
CVE-2023-3777 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2024-02-28 N/A 7.8 HIGH
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. When nf_tables_delrule() is flushing table rules, it is not checked whether the chain is bound and the chain's owner rule can also release the objects in certain circumstances. We recommend upgrading past commit 6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8.
CVE-2023-44216 7 Amd, Apple, Canonical and 4 more 16 Ryzen 5 7600x, Ryzen 7 4800u, M1 Mac Mini and 13 more 2024-02-28 N/A 5.3 MEDIUM
PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification, aka a GPU.zip issue. For example, attackers can sometimes accurately determine text contained on a web page from one origin if they control a resource from a different origin.
CVE-2023-31026 6 Canonical, Citrix, Linux-kvm and 3 more 6 Ubuntu Linux, Hypervisor, Kernel Virtual Machine and 3 more 2024-02-28 N/A 5.5 MEDIUM
NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a NULL-pointer dereference may lead to denial of service.
CVE-2023-3297 2 Canonical, Linux 3 Accountsservice, Ubuntu Linux, Linux Kernel 2024-02-28 N/A 7.8 HIGH
In Ubuntu's accountsservice an unprivileged local attacker can trigger a use-after-free vulnerability in accountsservice by sending a D-Bus message to the accounts-daemon process.
CVE-2023-31018 8 Canonical, Citrix, Linux and 5 more 9 Ubuntu Linux, Hypervisor, Linux Kernel and 6 more 2024-02-28 N/A 5.5 MEDIUM
NVIDIA GPU Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause a NULL-pointer dereference, which may lead to denial of service.
CVE-2023-1523 1 Canonical 2 Snapd, Ubuntu Linux 2024-02-28 N/A 10.0 CRITICAL
Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the snap sandbox after the snap exits. Graphical terminal emulators like xterm, gnome-terminal and others are not affected - this can only be exploited when snaps are run on a virtual console.
CVE-2023-3567 3 Canonical, Linux, Redhat 3 Ubuntu Linux, Linux Kernel, Enterprise Linux 2024-02-28 N/A 7.1 HIGH
A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information.
CVE-2023-32629 1 Canonical 1 Ubuntu Linux 2024-02-28 N/A 7.8 HIGH
Local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovl_copy_up_meta_inode_data skip permission checks when calling ovl_do_setxattr on Ubuntu kernels
CVE-2023-40283 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2024-02-28 N/A 7.8 HIGH
An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled.