3.12.71

DATE	CVE	VULNERABILITY TITLE	RISK
2021-07-20	CVE-2021-33909	Integer Overflow or Wraparound vulnerability in multiple products fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05. local low complexity linux fedoraproject debian netapp oracle sonicwall CWE-190	7.8
2021-07-09	CVE-2021-3612	Out-of-bounds Write vulnerability in multiple products An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. local low complexity linux redhat fedoraproject debian oracle netapp CWE-787	7.8
2021-06-23	CVE-2021-33624	Type Confusion vulnerability in multiple products In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack, aka CID-9183671af6db. local high complexity linux debian CWE-843	4.7
2021-06-14	CVE-2021-34693	Missing Initialization of Resource vulnerability in multiple products net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized. local low complexity linux debian CWE-909	5.5
2021-05-28	CVE-2021-20239	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A flaw was found in the Linux kernel in versions before 5.4.92 in the BPF protocol. local low complexity linux redhat fedoraproject CWE-119	3.3
2021-05-28	CVE-2021-20292	Use After Free vulnerability in multiple products There is a flaw reported in the Linux kernel in versions before 5.9 in drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. local low complexity linux fedoraproject redhat debian CWE-416	6.7
2021-05-26	CVE-2020-25669	Use After Free vulnerability in multiple products A vulnerability was found in the Linux Kernel where the function sunkbd_reinit having been scheduled by sunkbd_interrupt before sunkbd being freed. local low complexity linux debian netapp CWE-416	7.8
2021-05-24	CVE-2020-26558	Improper Authentication vulnerability in multiple products Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. high complexity bluetooth fedoraproject debian linux intel CWE-287	4.2
2021-05-14	CVE-2021-33034	Use After Free vulnerability in multiple products In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. local low complexity linux fedoraproject debian CWE-416	7.8
2021-05-12	CVE-2021-23134	Use After Free vulnerability in multiple products Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers to elevate their privileges. local low complexity linux fedoraproject debian CWE-416	7.8