Summary
Detail | |||
---|---|---|---|
Vendor | Linux | First view | 2012-05-17 |
Product | Linux Kernel | Last view | 2023-11-23 |
Version | 3.2.72 | Type | Os |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:o:linux:linux_kernel |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
7.8 | 2023-11-23 | CVE-2023-5972 | A null pointer dereference flaw was found in the nft_inner.c functionality of netfilter in the Linux kernel. This issue could allow a local user to crash the system or escalate their privileges on the system. |
7.8 | 2023-11-14 | CVE-2023-6111 | A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The function nft_trans_gc_catchall did not remove the catchall set element from the catchall_list when the argument sync is true, making it possible to free a catchall set element many times. We recommend upgrading past commit 93995bf4af2c5a99e2a87f0cd5ce547d31eb7630. |
5.5 | 2023-11-09 | CVE-2023-6039 | A use-after-free flaw was found in lan78xx_disconnect in drivers/net/usb/lan78xx.c in the network sub-component, net/usb/lan78xx in the Linux Kernel. This flaw allows a local attacker to crash the system when the LAN78XX USB device detaches. |
6.4 | 2023-11-09 | CVE-2023-39198 | A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation. |
5.5 | 2023-11-06 | CVE-2023-5090 | A flaw was found in KVM. An improper check in svm_set_x2apic_msr_interception() may allow direct access to host x2apic msrs when the guest resets its apic, potentially leading to a denial of service condition. |
4.3 | 2023-11-03 | CVE-2023-47233 | The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this "could be exploited in a real world scenario." This is related to brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c. |
7 | 2023-11-03 | CVE-2023-1476 | A use-after-free flaw was found in the Linux kernel’s mm/mremap memory address space accounting source code. This issue occurs due to a race condition between rmap walk and mremap, allowing a local user to crash the system or potentially escalate their privileges on the system. |
8.1 | 2023-11-03 | CVE-2023-1194 | An out-of-bounds (OOB) memory read flaw was found in parse_lease_state in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. When an attacker sends the CREATE command with a malformed payload to KSMBD, due to a missing check of `NameOffset` in the `parse_lease_state()` function, the `create_context` object can access invalid memory. |
8.8 | 2023-11-01 | CVE-2023-5178 | A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation in case that the attacker already has local privileges. |
6.5 | 2023-11-01 | CVE-2023-1193 | A use-after-free flaw was found in setup_async_work in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. This issue could allow an attacker to crash the system by accessing freed work. |
6.5 | 2023-11-01 | CVE-2023-1192 | A use-after-free flaw was found in smb2_is_status_io_timeout() in CIFS in the Linux Kernel. After CIFS transfers response data to a system call, there are still local variable points to the memory region, and if the system call frees it faster than CIFS uses it, CIFS will access a free memory region, leading to a denial of service. |
4.7 | 2023-10-29 | CVE-2023-46862 | An issue was discovered in the Linux kernel through 6.5.9. During a race with SQ thread exit, an io_uring/fdinfo.c io_uring_show_fdinfo NULL pointer dereference can occur. |
7 | 2023-10-27 | CVE-2023-46813 | An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access to MMIO registers. Incorrect access checking in the #VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses could lead to arbitrary write access to kernel memory (and thus privilege escalation). This depends on a race condition through which userspace can replace an instruction before the #VC handler reads it. |
7.8 | 2023-10-25 | CVE-2023-5717 | A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation. If perf_read_group() is called while an event's sibling_list is smaller than its child's sibling_list, it can increment or write to memory locations outside of the allocated buffer. We recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06. |
7.8 | 2023-10-23 | CVE-2023-5633 | The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user could potentially use this flaw to escalate their privileges. |
7.8 | 2023-10-16 | CVE-2023-45898 | The Linux kernel before 6.5.4 has an es1 use-after-free in fs/ext4/extents_status.c, related to ext4_es_insert_extent. |
9.1 | 2023-10-16 | CVE-2023-40791 | extract_user_to_sg in lib/scatterlist.c in the Linux kernel before 6.4.12 fails to unpin pages in a certain situation, as demonstrated by a WARNING for try_grab_page. |
9.8 | 2023-10-15 | CVE-2023-45871 | An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU. |
6.4 | 2023-10-14 | CVE-2023-45863 | An issue was discovered in lib/kobject.c in the Linux kernel before 6.2.3. With root access, an attacker can trigger a race condition that results in a fill_kobj_path out-of-bounds write. |
7.5 | 2023-10-14 | CVE-2023-45862 | An issue was discovered in drivers/usb/storage/ene_ub6250.c for the ENE UB6250 reader driver in the Linux kernel before 6.2.5. An object could potentially extend beyond the end of an allocation. |
5.5 | 2023-10-13 | CVE-2023-42752 | An integer overflow flaw was found in the Linux kernel. This issue leads to the kernel allocating `skb_shared_info` in the userspace, which is exploitable in systems without SMAP protection since `skb_shared_info` contains references to function pointers. |
4.4 | 2023-10-09 | CVE-2023-39194 | A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing of state filters, which can result in a read past the end of an allocated buffer. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, potentially leading to an information disclosure. |
6 | 2023-10-09 | CVE-2023-39193 | A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the flag_count field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. |
6 | 2023-10-09 | CVE-2023-39192 | A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds read by setting the size fields with a value beyond the array boundaries, leading to a crash or information disclosure. |
6 | 2023-10-09 | CVE-2023-39189 | A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode controlled opt_num field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
16% (302) | CWE-416 | Use After Free |
10% (185) | CWE-476 | NULL Pointer Dereference |
8% (156) | CWE-362 | Race Condition |
6% (126) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
6% (119) | CWE-200 | Information Exposure |
6% (112) | CWE-787 | Out-of-bounds Write |
5% (100) | CWE-125 | Out-of-bounds Read |
4% (89) | CWE-20 | Improper Input Validation |
4% (87) | CWE-401 | Failure to Release Memory Before Removing Last Reference ('Memory L... |
3% (58) | CWE-399 | Resource Management Errors |
3% (58) | CWE-264 | Permissions, Privileges, and Access Controls |
2% (51) | CWE-190 | Integer Overflow or Wraparound |
1% (26) | CWE-415 | Double Free |
1% (26) | CWE-189 | Numeric Errors |
1% (23) | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
1% (22) | CWE-269 | Improper Privilege Management |
1% (21) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
1% (20) | CWE-667 | Insufficient Locking |
0% (12) | CWE-17 | Code |
0% (11) | CWE-772 | Missing Release of Resource after Effective Lifetime |
0% (10) | CWE-665 | Improper Initialization |
0% (10) | CWE-284 | Access Control (Authorization) Issues |
0% (9) | CWE-770 | Allocation of Resources Without Limits or Throttling |
0% (9) | CWE-369 | Divide By Zero |
0% (8) | CWE-755 | Improper Handling of Exceptional Conditions |
SAINT Exploits
Description | Link |
---|---|
Linux kernel __sock_diag_rcv_msg Netlink message privilege elevation | More info here |
Ubuntu overlayfs privilege elevation | More info here |
Linux kernel futex_requeue privilege elevation | More info here |
Linux Dirty COW Local File Overwrite | More info here |
ExploitDB Exploits
id | Description |
---|---|
35370 | Linux Kernel libfutex Local Root for RHEL/CentOS 7.0.1406 |
34923 | Linux Kernel remount FUSE Exploit |
34134 | Linux Kernel ptrace/sysret - Local Privilege Escalation |
33824 | Linux Kernel <= 3.13 - Local Privilege Escalation PoC (gid) |
33516 | Linux kernel 3.14-rc1 <= 3.15-rc4 - Raw Mode PTY Local Echo Race Condition... |
33336 | Linux Kernel 3.3-3.8 - SOCK_DIAG Local Root Exploit |
32926 | Linux group_info refcounter - Overflow Memory Corruption |
31574 | Linux ARM - Local Root Exploit |
31347 | linux 3.4+ local root (CONFIG_X86_X32=y) |
31346 | Linux 3.4+ Arbitrary write with CONFIG_X86_X32 |
26131 | Linux kernel perf_swevent_init - Local root Exploit |
OpenVAS Exploits
id | Description |
---|---|
2013-09-18 | Name : Debian Security Advisory DSA 2469-1 (linux-2.6 - privilege escalation/denial ... File : nvt/deb_2469_1.nasl |
2012-12-26 | Name : CentOS Update for kernel CESA-2012:1580 centos6 File : nvt/gb_CESA-2012_1580_kernel_centos6.nasl |
2012-12-26 | Name : RedHat Update for kernel RHSA-2012:1580-01 File : nvt/gb_RHSA-2012_1580-01_kernel.nasl |
2012-12-26 | Name : Ubuntu Update for linux USN-1669-1 File : nvt/gb_ubuntu_USN_1669_1.nasl |
2012-12-26 | Name : Ubuntu Update for linux-ti-omap4 USN-1670-1 File : nvt/gb_ubuntu_USN_1670_1.nasl |
2012-12-26 | Name : Ubuntu Update for linux USN-1671-1 File : nvt/gb_ubuntu_USN_1671_1.nasl |
2012-12-26 | Name : Ubuntu Update for linux-ti-omap4 USN-1673-1 File : nvt/gb_ubuntu_USN_1673_1.nasl |
2012-12-26 | Name : Ubuntu Update for linux USN-1677-1 File : nvt/gb_ubuntu_USN_1677_1.nasl |
2012-12-26 | Name : Ubuntu Update for linux-lts-backport-oneiric USN-1678-1 File : nvt/gb_ubuntu_USN_1678_1.nasl |
2012-12-26 | Name : Ubuntu Update for linux-ti-omap4 USN-1679-1 File : nvt/gb_ubuntu_USN_1679_1.nasl |
2012-12-18 | Name : Fedora Update for kernel FEDORA-2012-20240 File : nvt/gb_fedora_2012_20240_kernel_fc16.nasl |
2012-12-06 | Name : CentOS Update for kernel CESA-2012:1540 centos5 File : nvt/gb_CESA-2012_1540_kernel_centos5.nasl |
2012-12-06 | Name : RedHat Update for kernel RHSA-2012:1540-01 File : nvt/gb_RHSA-2012_1540-01_kernel.nasl |
2012-12-06 | Name : Ubuntu Update for linux-ec2 USN-1653-1 File : nvt/gb_ubuntu_USN_1653_1.nasl |
2012-12-04 | Name : Fedora Update for kernel FEDORA-2012-19337 File : nvt/gb_fedora_2012_19337_kernel_fc17.nasl |
2012-12-04 | Name : Ubuntu Update for linux USN-1644-1 File : nvt/gb_ubuntu_USN_1644_1.nasl |
2012-12-04 | Name : Ubuntu Update for linux-ti-omap4 USN-1645-1 File : nvt/gb_ubuntu_USN_1645_1.nasl |
2012-12-04 | Name : Ubuntu Update for linux USN-1646-1 File : nvt/gb_ubuntu_USN_1646_1.nasl |
2012-12-04 | Name : Ubuntu Update for linux-ti-omap4 USN-1647-1 File : nvt/gb_ubuntu_USN_1647_1.nasl |
2012-12-04 | Name : Ubuntu Update for linux USN-1648-1 File : nvt/gb_ubuntu_USN_1648_1.nasl |
2012-12-04 | Name : Ubuntu Update for linux-ti-omap4 USN-1649-1 File : nvt/gb_ubuntu_USN_1649_1.nasl |
2012-12-04 | Name : Ubuntu Update for linux USN-1650-1 File : nvt/gb_ubuntu_USN_1650_1.nasl |
2012-12-04 | Name : Ubuntu Update for linux USN-1651-1 File : nvt/gb_ubuntu_USN_1651_1.nasl |
2012-12-04 | Name : Ubuntu Update for linux-lts-backport-oneiric USN-1652-1 File : nvt/gb_ubuntu_USN_1652_1.nasl |
2012-11-29 | Name : Fedora Update for kernel FEDORA-2012-18691 File : nvt/gb_fedora_2012_18691_kernel_fc16.nasl |
Information Assurance Vulnerability Management (IAVM)
id | Description |
---|---|
2015-A-0150 | Multiple Security Vulnerabilities in Juniper Networks CTPView Severity: Category I - VMSKEY: V0061073 |
Snort® IPS/IDS
Date | Description |
---|---|
2020-11-19 | Linux kernel af_packet tpacket_rcv integer overflow attempt RuleID : 56052 - Type : OS-LINUX - Revision : 1 |
2020-11-19 | Linux kernel af_packet tpacket_rcv integer overflow attempt RuleID : 56051 - Type : OS-LINUX - Revision : 1 |
2019-09-26 | Google Android Kernel local denial of service attempt RuleID : 51291 - Type : OS-MOBILE - Revision : 1 |
2019-09-26 | Google Android Kernel local denial of service attempt RuleID : 51290 - Type : OS-MOBILE - Revision : 1 |
2017-11-21 | Linux kernel nfsd nfsd4_layout_verify out of bounds read attempt RuleID : 44638 - Type : PROTOCOL-RPC - Revision : 1 |
2017-11-21 | Linux kernel nfsd nfsd4_layout_verify out of bounds read attempt RuleID : 44637 - Type : PROTOCOL-RPC - Revision : 1 |
2017-08-24 | Linux kernel SCTP invalid chunk length denial of service attempt RuleID : 43692 - Type : OS-LINUX - Revision : 1 |
2017-07-18 | Linux kernel NFSv3 malformed WRITE arbitrary memory read attempt RuleID : 43189 - Type : PROTOCOL-RPC - Revision : 2 |
2017-07-18 | Linux kernel NFSv2 malformed WRITE arbitrary memory read attempt RuleID : 43188 - Type : PROTOCOL-RPC - Revision : 2 |
2017-01-18 | Linux net af_packet.c tpacket version race condition use after free attempt RuleID : 41028 - Type : OS-LINUX - Revision : 2 |
2017-01-18 | Linux net af_packet.c tpacket version race condition use after free attempt RuleID : 41027 - Type : OS-LINUX - Revision : 2 |
2016-11-30 | Linux kernel madvise race condition attempt RuleID : 40566 - Type : OS-LINUX - Revision : 2 |
2016-11-30 | Linux kernel madvise race condition attempt RuleID : 40565 - Type : OS-LINUX - Revision : 2 |
2016-11-30 | Linux kernel madvise race condition attempt RuleID : 40564 - Type : OS-LINUX - Revision : 2 |
2016-11-30 | Linux kernel madvise race condition attempt RuleID : 40563 - Type : OS-LINUX - Revision : 2 |
2016-11-30 | Linux kernel madvise race condition attempt RuleID : 40562 - Type : OS-LINUX - Revision : 2 |
2016-11-30 | Linux kernel madvise race condition attempt RuleID : 40561 - Type : OS-LINUX - Revision : 2 |
2016-11-30 | Linux kernel madvise race condition attempt RuleID : 40560 - Type : OS-LINUX - Revision : 2 |
2016-11-30 | Linux kernel madvise race condition attempt RuleID : 40543 - Type : OS-LINUX - Revision : 2 |
2016-11-30 | Linux kernel madvise race condition attempt RuleID : 40542 - Type : OS-LINUX - Revision : 2 |
2018-05-23 | Linux Kernel Challenge ACK provocation attempt RuleID : 40063-community - Type : OS-LINUX - Revision : 5 |
2016-10-11 | Linux Kernel Challenge ACK provocation attempt RuleID : 40063 - Type : OS-LINUX - Revision : 5 |
2016-09-17 | Linux Kernel USBIP out of bounds write attempt RuleID : 39894 - Type : OS-LINUX - Revision : 4 |
2016-09-17 | Linux Kernel USBIP out of bounds write attempt RuleID : 39893 - Type : OS-LINUX - Revision : 4 |
2016-03-29 | Linux kernel SCTP INIT null pointer dereference attempt RuleID : 38346 - Type : OS-LINUX - Revision : 2 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2019-01-17 | Name: The remote Fedora host is missing one or more security updates. File: fedora_2019-509c133845.nasl - Type: ACT_GATHER_INFO |
2019-01-17 | Name: The remote Fedora host is missing one or more security updates. File: fedora_2019-f812c9fb22.nasl - Type: ACT_GATHER_INFO |
2019-01-15 | Name: The remote Fedora host is missing one or more security updates. File: fedora_2019-337484d88b.nasl - Type: ACT_GATHER_INFO |
2019-01-15 | Name: The remote Fedora host is missing one or more security updates. File: fedora_2019-b0f7a7b74b.nasl - Type: ACT_GATHER_INFO |
2019-01-14 | Name: The remote Virtuozzo host is missing multiple security updates. File: Virtuozzo_VZA-2016-104.nasl - Type: ACT_GATHER_INFO |
2019-01-14 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2019-1145.nasl - Type: ACT_GATHER_INFO |
2019-01-11 | Name: The remote Virtuozzo host is missing a security update. File: Virtuozzo_VZA-2018-072.nasl - Type: ACT_GATHER_INFO |
2019-01-11 | Name: The remote Virtuozzo host is missing multiple security updates. File: Virtuozzo_VZA-2018-075.nasl - Type: ACT_GATHER_INFO |
2019-01-11 | Name: The remote Virtuozzo host is missing a security update. File: Virtuozzo_VZA-2018-077.nasl - Type: ACT_GATHER_INFO |
2019-01-11 | Name: The remote Virtuozzo host is missing a security update. File: Virtuozzo_VZA-2018-085.nasl - Type: ACT_GATHER_INFO |
2019-01-11 | Name: The remote Virtuozzo host is missing a security update. File: Virtuozzo_VZA-2018-086.nasl - Type: ACT_GATHER_INFO |
2019-01-11 | Name: The remote Virtuozzo host is missing a security update. File: Virtuozzo_VZA-2018-088.nasl - Type: ACT_GATHER_INFO |
2019-01-11 | Name: The remote Virtuozzo host is missing a security update. File: Virtuozzo_VZA-2018-089.nasl - Type: ACT_GATHER_INFO |
2019-01-10 | Name: The remote Amazon Linux 2 host is missing a security update. File: al2_ALAS-2019-1145.nasl - Type: ACT_GATHER_INFO |
2019-01-10 | Name: The remote device is affected by multiple vulnerabilities. File: juniper_space_jsa10917_183R1.nasl - Type: ACT_GATHER_INFO |
2019-01-10 | Name: The remote device is affected by multiple vulnerabilities. File: juniper_space_jsa10917_184R1.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing one or more security updates. File: fedora_2018-0edb45d9db.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing one or more security updates. File: fedora_2018-1621b2204a.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing one or more security updates. File: fedora_2018-272cf2f9f4.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing one or more security updates. File: fedora_2018-2c6bd93875.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing one or more security updates. File: fedora_2018-3857a8b41a.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-50075276e8.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing one or more security updates. File: fedora_2018-5453baa4af.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing one or more security updates. File: fedora_2018-5904d0794d.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-5926c0ffc8.nasl - Type: ACT_GATHER_INFO |