Vulnerabilities > Linux > Linux Kernel > 4.14.79

DATE CVE VULNERABILITY TITLE RISK
2024-06-21 CVE-2024-36270 NULL Pointer Dereference vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: netfilter: tproxy: bail out if IP has been disabled on the device syzbot reports: general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f] [..] RIP: 0010:nf_tproxy_laddr4+0xb7/0x340 net/ipv4/netfilter/nf_tproxy_ipv4.c:62 Call Trace: nft_tproxy_eval_v4 net/netfilter/nft_tproxy.c:56 [inline] nft_tproxy_eval+0xa9a/0x1a00 net/netfilter/nft_tproxy.c:168 __in_dev_get_rcu() can return NULL, so check for this.
local
low complexity
linux CWE-476
5.5
2024-06-21 CVE-2024-38627 Double Free vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: stm class: Fix a double free in stm_register_device() The put_device(&stm->dev) call will trigger stm_device_release() which frees "stm" so the vfree(stm) on the next line is a double free.
local
low complexity
linux CWE-415
7.8
2024-06-21 CVE-2024-38630 Use After Free vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger When the cpu5wdt module is removing, the origin code uses del_timer() to de-activate the timer.
local
low complexity
linux CWE-416
7.8
2024-06-21 CVE-2024-38633 NULL Pointer Dereference vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: serial: max3100: Update uart_driver_registered on driver removal The removal of the last MAX3100 device triggers the removal of the driver.
local
low complexity
linux CWE-476
5.5
2024-06-20 CVE-2021-4439 Improper Validation of Array Index vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: isdn: cpai: check ctr->cnr to avoid array index out of bound The cmtp_add_connection() would add a cmtp session to a controller and run a kernel thread to process cmtp. __module_get(THIS_MODULE); session->task = kthread_run(cmtp_session, session, "kcmtpd_ctr_%d", session->num); During this process, the kernel thread would call detach_capi_ctr() to detach a register controller.
local
low complexity
linux CWE-129
7.8
2024-06-20 CVE-2022-48732 Off-by-one Error vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix off by one in BIOS boundary checking Bounds checking when parsing init scripts embedded in the BIOS reject access to the last byte.
local
low complexity
linux CWE-193
7.8
2024-06-20 CVE-2022-48733 Use After Free vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free after failure to create a snapshot At ioctl.c:create_snapshot(), we allocate a pending snapshot structure and then attach it to the transaction's list of pending snapshots.
local
low complexity
linux CWE-416
7.8
2024-06-20 CVE-2022-48734 Improper Locking vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock between quota disable and qgroup rescan worker Quota disable ioctl starts a transaction before waiting for the qgroup rescan worker completes.
local
low complexity
linux CWE-667
5.5
2024-06-20 CVE-2022-48735 Use After Free vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Fix UAF of leds class devs at unbinding The LED class devices that are created by HD-audio codec drivers are registered via devm_led_classdev_register() and associated with the HD-audio codec device.
local
low complexity
linux CWE-416
7.8
2024-06-20 CVE-2022-48740 Double Free vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: selinux: fix double free of cond_list on error paths On error path from cond_read_list() and duplicate_policydb_cond_list() the cond_list_destroy() gets called a second time in caller functions, resulting in NULL pointer deref.
local
low complexity
linux CWE-415
7.8