Vulnerabilities > Linux > Linux Kernel > 4.1.41

DATE CVE VULNERABILITY TITLE RISK
2020-09-16 CVE-2020-10768 Unspecified vulnerability in Linux Kernel
A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl() function, where it can be used to enable indirect branch speculation after it has been disabled.
local
low complexity
linux
5.5
2020-09-15 CVE-2020-10767 Unspecified vulnerability in Linux Kernel
A flaw was found in the Linux kernel before 5.8-rc1 in the implementation of the Enhanced IBPB (Indirect Branch Prediction Barrier).
local
low complexity
linux
5.5
2020-09-15 CVE-2020-10766 Unspecified vulnerability in Linux Kernel
A logic bug flaw was found in Linux kernel before 5.8-rc1 in the implementation of SSBD.
local
low complexity
linux
5.5
2020-09-15 CVE-2020-14385 Incorrect Calculation of Buffer Size vulnerability in multiple products
A flaw was found in the Linux kernel before 5.9-rc4.
local
low complexity
linux debian canonical CWE-131
5.5
2020-09-15 CVE-2020-14314 A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing.
local
low complexity
linux debian canonical starwindsoftware
5.5
2020-09-15 CVE-2020-14331 A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur.
low complexity
linux redhat
6.6
2020-09-13 CVE-2020-25285 NULL Pointer Dereference vulnerability in multiple products
A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812.
local
high complexity
linux debian canonical CWE-476
6.4
2020-09-13 CVE-2020-25284 Incorrect Authorization vulnerability in multiple products
The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe.
local
high complexity
linux debian opensuse CWE-863
4.1
2020-09-09 CVE-2020-25212 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products
A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452.
local
high complexity
linux debian opensuse canonical CWE-367
7.0
2020-09-09 CVE-2020-25211 Classic Buffer Overflow vulnerability in multiple products
In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.
local
low complexity
linux debian fedoraproject CWE-120
6.0