Vulnerabilities > Linux > Linux Kernel > 4.15.9

DATE CVE VULNERABILITY TITLE RISK
2024-06-20 CVE-2021-4439 Improper Validation of Array Index vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: isdn: cpai: check ctr->cnr to avoid array index out of bound The cmtp_add_connection() would add a cmtp session to a controller and run a kernel thread to process cmtp. __module_get(THIS_MODULE); session->task = kthread_run(cmtp_session, session, "kcmtpd_ctr_%d", session->num); During this process, the kernel thread would call detach_capi_ctr() to detach a register controller.
local
low complexity
linux CWE-129
7.8
2024-06-20 CVE-2022-48732 Off-by-one Error vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix off by one in BIOS boundary checking Bounds checking when parsing init scripts embedded in the BIOS reject access to the last byte.
local
low complexity
linux CWE-193
7.8
2024-06-20 CVE-2022-48733 Use After Free vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free after failure to create a snapshot At ioctl.c:create_snapshot(), we allocate a pending snapshot structure and then attach it to the transaction's list of pending snapshots.
local
low complexity
linux CWE-416
7.8
2024-06-20 CVE-2022-48734 Improper Locking vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock between quota disable and qgroup rescan worker Quota disable ioctl starts a transaction before waiting for the qgroup rescan worker completes.
local
low complexity
linux CWE-667
5.5
2024-06-20 CVE-2022-48735 Use After Free vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Fix UAF of leds class devs at unbinding The LED class devices that are created by HD-audio codec drivers are registered via devm_led_classdev_register() and associated with the HD-audio codec device.
local
low complexity
linux CWE-416
7.8
2024-06-20 CVE-2022-48740 Double Free vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: selinux: fix double free of cond_list on error paths On error path from cond_read_list() and duplicate_policydb_cond_list() the cond_list_destroy() gets called a second time in caller functions, resulting in NULL pointer deref.
local
low complexity
linux CWE-415
7.8
2024-06-20 CVE-2022-48741 NULL Pointer Dereference vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: ovl: fix NULL pointer dereference in copy up warning This patch is fixing a NULL pointer dereference to get a recently introduced warning message working.
local
low complexity
linux CWE-476
5.5
2024-06-20 CVE-2022-48742 Use After Free vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink() While looking at one unrelated syzbot bug, I found the replay logic in __rtnl_newlink() to potentially trigger use-after-free. It is better to clear master_dev and m_ops inside the loop, in case we have to replay it.
local
low complexity
linux CWE-416
7.8
2024-06-20 CVE-2022-48743 Out-of-bounds Write vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: net: amd-xgbe: Fix skb data length underflow There will be BUG_ON() triggered in include/linux/skbuff.h leading to intermittent kernel panic, when the skb length underflow is detected. Fix this by dropping the packet if such length underflows are seen because of inconsistencies in the hardware descriptors.
local
low complexity
linux CWE-787
5.5
2024-06-20 CVE-2022-48756 NULL Pointer Dereference vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable The function performs a check on the "phy" input parameter, however, it is used before the check. Initialize the "dev" variable after the sanity check to avoid a possible NULL pointer dereference. Addresses-Coverity-ID: 1493860 ("Null pointer dereference")
local
low complexity
linux CWE-476
5.5