Vulnerabilities > Linux > Linux Kernel > 3.18.34

DATE CVE VULNERABILITY TITLE RISK
2022-09-30 CVE-2022-41849 Use After Free vulnerability in multiple products
drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect.
high complexity
linux debian CWE-416
4.2
2022-09-30 CVE-2022-41850 Use After Free vulnerability in multiple products
roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress.
local
high complexity
linux debian CWE-416
4.7
2022-09-27 CVE-2022-3303 Improper Locking vulnerability in multiple products
A race condition flaw was found in the Linux kernel sound subsystem due to improper locking.
local
high complexity
linux debian CWE-667
4.7
2022-09-23 CVE-2022-2785 Out-of-bounds Read vulnerability in Linux Kernel
There exists an arbitrary memory read within the Linux Kernel BPF - Constants provided to fill pointers in structs passed in to bpf_sys_bpf are not verified and can point anywhere, including memory not owned by BPF.
local
low complexity
linux CWE-125
5.5
2022-09-21 CVE-2022-41218 Use After Free vulnerability in multiple products
In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release.
local
low complexity
linux debian CWE-416
5.5
2022-09-19 CVE-2022-3239 Use After Free vulnerability in Linux Kernel
A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV cards.
local
low complexity
linux CWE-416
7.8
2022-09-18 CVE-2022-40768 Use of Uninitialized Resource vulnerability in multiple products
drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.
local
low complexity
linux fedoraproject debian CWE-908
5.5
2022-09-14 CVE-2022-40476 NULL Pointer Dereference vulnerability in Linux Kernel
A null pointer dereference issue was discovered in fs/io_uring.c in the Linux kernel before 5.15.62.
local
low complexity
linux CWE-476
5.5
2022-09-09 CVE-2022-2905 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map.
local
low complexity
linux redhat debian CWE-125
5.5
2022-09-09 CVE-2022-36280 Out-of-bounds Write vulnerability in multiple products
An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'.
local
low complexity
linux debian CWE-787
5.5