Vulnerabilities > Linux > Linux Kernel > 4.19.102

DATE CVE VULNERABILITY TITLE RISK
2021-02-10 CVE-2020-16120 Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if, for example, unprivileged user namespaces were allowed.
local
low complexity
linux canonical
2.1
2021-02-01 CVE-2021-3348 Use After Free vulnerability in multiple products
nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after-free that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup, aka CID-b98e762e3d71.
4.4
2021-01-29 CVE-2021-3347 Use After Free vulnerability in multiple products
An issue was discovered in the Linux kernel through 5.10.11.
local
low complexity
linux debian fedoraproject CWE-416
7.8
2021-01-19 CVE-2021-3178 Path Traversal vulnerability in multiple products
fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS.
network
low complexity
linux fedoraproject debian CWE-22
6.5
2021-01-13 CVE-2020-28374 Path Traversal vulnerability in multiple products
In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3.
network
low complexity
linux fedoraproject debian CWE-22
8.1
2021-01-05 CVE-2020-36158 Classic Buffer Overflow vulnerability in multiple products
mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.
local
low complexity
linux fedoraproject debian netapp CWE-120
6.7
2020-12-15 CVE-2020-29569 Use After Free vulnerability in multiple products
An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x.
local
low complexity
xen linux netapp debian CWE-416
8.8
2020-12-15 CVE-2020-27777 Missing Authorization vulnerability in multiple products
A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication.
local
low complexity
linux redhat CWE-862
6.7
2020-12-11 CVE-2020-27786 Use After Free vulnerability in multiple products
A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue.
local
low complexity
linux redhat netapp CWE-416
7.8
2020-12-09 CVE-2020-29661 Improper Locking vulnerability in multiple products
A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.
7.8