Vulnerabilities > Kernel
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-21 | CVE-2022-0563 | Information Exposure Through an Error Message vulnerability in multiple products A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. | 1.9 |
| 2021-07-30 | CVE-2021-37600 | Integer Overflow or Wraparound vulnerability in multiple products ** DISPUTED ** An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. | 1.2 |
| 2020-05-26 | CVE-2020-10751 | Insufficient Verification of Data Authenticity vulnerability in multiple products A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. | 3.6 |
| 2018-11-27 | CVE-2018-17953 | Unspecified vulnerability in Kernel Linux-Pam 1.3.0 A incorrect variable in a SUSE specific patch for pam_access rule matching in PAM 1.3.0 in openSUSE Leap 15.0 and SUSE Linux Enterprise 15 could lead to pam_access rules not being applied (fail open). | 9.3 |
| 2018-03-07 | CVE-2018-7738 | Unspecified vulnerability in Kernel Util-Linux In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion. | 7.2 |
| 2017-08-23 | CVE-2015-5224 | Unspecified vulnerability in Kernel Util-Linux The mkostemp function in login-utils in util-linux when used incorrectly allows remote attackers to cause file name collision and possibly other attacks. | 7.5 |
| 2017-04-11 | CVE-2016-5011 | The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset. | 4.9 |
| 2017-03-31 | CVE-2014-9114 | Command Injection vulnerability in multiple products Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code. | 7.2 |
| 2017-02-07 | CVE-2016-2779 | Permissions, Privileges, and Access Controls vulnerability in Kernel Util-Linux 2.24.21 runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. | 7.2 |
| 2015-11-09 | CVE-2015-5218 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable. | 2.1 |