Vulnerabilities > Linux > Linux Kernel > 5.4.2

DATE CVE VULNERABILITY TITLE RISK
2021-10-02 CVE-2021-41864 Integer Overflow or Wraparound vulnerability in multiple products
prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write.
local
low complexity
linux fedoraproject netapp debian CWE-190
7.8
2021-09-29 CVE-2021-3653 Missing Authorization vulnerability in multiple products
A flaw was found in the KVM's AMD code for supporting SVM nested virtualization.
local
low complexity
linux redhat debian CWE-862
8.8
2021-09-20 CVE-2021-38300 arch/mips/net/bpf_jit.c in the Linux kernel before 5.4.10 can generate undesirable machine code when transforming unprivileged cBPF programs, allowing execution of arbitrary code within the kernel context.
local
low complexity
linux netapp debian
7.8
2021-09-03 CVE-2021-40490 Race Condition vulnerability in multiple products
A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13.
local
high complexity
linux fedoraproject debian netapp CWE-362
7.0
2021-08-13 CVE-2021-3573 Race Condition vulnerability in multiple products
A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info().
local
high complexity
linux redhat fedoraproject CWE-362
6.4
2021-08-13 CVE-2021-3635 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A flaw was found in the Linux kernel netfilter implementation in versions prior to 5.5-rc7.
local
low complexity
linux redhat fedoraproject CWE-119
4.9
2021-08-08 CVE-2021-38198 arch/x86/kvm/mmu/paging_tmpl.h in the Linux kernel before 5.12.11 incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault.
local
low complexity
linux debian
2.1
2021-08-08 CVE-2021-38199 fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by arranging for those servers to be unreachable during trunking detection.
low complexity
linux netapp debian
3.3
2021-08-08 CVE-2021-38200 NULL Pointer Dereference vulnerability in Linux Kernel
arch/powerpc/perf/core-book3s.c in the Linux kernel before 5.12.13, on systems with perf_event_paranoid=-1 and no specific PMU driver support registered, allows local users to cause a denial of service (perf_instruction_pointer NULL pointer dereference and OOPS) via a "perf record" command.
local
low complexity
linux CWE-476
2.1
2021-08-08 CVE-2021-38202 Out-of-bounds Read vulnerability in multiple products
fs/nfsd/trace.h in the Linux kernel before 5.13.4 might allow remote attackers to cause a denial of service (out-of-bounds read in strlen) by sending NFS traffic when the trace event framework is being used for nfsd.
network
low complexity
linux netapp CWE-125
5.0