Vulnerabilities > Linux > Linux Kernel > 5.12.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-24 | CVE-2020-26558 | Improper Authentication vulnerability in multiple products Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. | 4.2 |
| 2021-05-21 | CVE-2021-31440 | This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.11.15. | 7.0 |
| 2021-05-14 | CVE-2021-33034 | Use After Free vulnerability in multiple products In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. | 7.8 |
| 2021-05-11 | CVE-2021-32606 | Use After Free vulnerability in multiple products In the Linux kernel 5.11 through 5.12.2, isotp_setsockopt in net/can/isotp.c allows privilege escalation to root by leveraging a use-after-free. | 7.8 |
| 2021-05-11 | CVE-2020-24586 | The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. | 3.5 |
| 2021-05-11 | CVE-2020-24587 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. | 2.6 |
| 2021-05-11 | CVE-2020-24588 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. | 3.5 |
| 2021-05-11 | CVE-2020-26147 | An issue was discovered in the Linux kernel 5.8.9. | 5.4 |
| 2021-05-10 | CVE-2021-32399 | Race Condition vulnerability in multiple products net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller. | 7.0 |
| 2021-05-06 | CVE-2021-31829 | Incorrect Authorization vulnerability in multiple products kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a. | 5.5 |