Vulnerabilities > Linux > Linux Kernel > 2.1.44

DATE CVE VULNERABILITY TITLE RISK
2022-12-07 CVE-2022-42328 Improper Locking vulnerability in multiple products
Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328).
local
low complexity
linux debian CWE-667
5.5
2022-12-07 CVE-2022-42329 Improper Locking vulnerability in multiple products
Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328).
local
low complexity
linux debian CWE-667
5.5
2022-11-30 CVE-2022-45869 Race Condition vulnerability in Linux Kernel
A race condition in the x86 KVM subsystem in the Linux kernel through 6.1-rc6 allows guest OS users to cause a denial of service (host OS crash or host OS memory corruption) when nested virtualisation and the TDP MMU are enabled.
local
low complexity
linux CWE-362
5.5
2022-11-28 CVE-2022-4127 NULL Pointer Dereference vulnerability in Linux Kernel
A NULL pointer dereference issue was discovered in the Linux kernel in io_files_update_with_index_alloc.
local
low complexity
linux CWE-476
5.5
2022-11-25 CVE-2022-45884 Use After Free vulnerability in multiple products
An issue was discovered in the Linux kernel through 6.0.9.
local
high complexity
linux netapp CWE-416
7.0
2022-11-25 CVE-2022-45885 Use After Free vulnerability in multiple products
An issue was discovered in the Linux kernel through 6.0.9.
local
high complexity
linux netapp CWE-416
7.0
2022-11-25 CVE-2022-45887 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
An issue was discovered in the Linux kernel through 6.0.9.
local
high complexity
linux netapp CWE-772
4.7
2022-11-25 CVE-2022-45888 Use After Free vulnerability in multiple products
An issue was discovered in the Linux kernel through 6.0.9.
high complexity
linux netapp CWE-416
6.4
2022-11-23 CVE-2022-42896 Use After Free vulnerability in Linux Kernel
There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit  https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url
low complexity
linux CWE-416
8.8
2022-11-04 CVE-2022-43945 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow.
network
low complexity
linux netapp CWE-770
7.5