Vulnerabilities > Linux > Linux Kernel > 5.4.2

DATE CVE VULNERABILITY TITLE RISK
2024-01-08 CVE-2021-3600 Out-of-bounds Write vulnerability in multiple products
It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations.
local
low complexity
linux canonical fedoraproject redhat CWE-787
7.8
2024-01-08 CVE-2022-2586 Use After Free vulnerability in multiple products
It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted.
local
low complexity
linux canonical CWE-416
7.8
2024-01-08 CVE-2022-2588 Double Free vulnerability in multiple products
It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0.
local
low complexity
linux canonical CWE-415
7.8
2024-01-08 CVE-2022-2602 Use After Free vulnerability in multiple products
io_uring UAF, Unix SCM garbage collection
local
high complexity
linux canonical CWE-416
7.0
2024-01-05 CVE-2023-34324 Resource Exhaustion vulnerability in multiple products
Closing of an event channel in the Linux kernel can result in a deadlock. This happens when the close is being performed in parallel to an unrelated Xen console action and the handling of a Xen console interrupt in an unprivileged guest. The closing of an event channel is e.g.
network
low complexity
xen linux CWE-400
4.9
2024-01-02 CVE-2023-7192 Memory Leak vulnerability in multiple products
A memory leak problem was found in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c in the Linux Kernel.
local
low complexity
linux redhat CWE-401
4.4
2023-12-21 CVE-2023-6546 Race Condition vulnerability in multiple products
A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel.
local
high complexity
linux fedoraproject redhat CWE-362
7.0
2023-12-19 CVE-2023-6931 Out-of-bounds Write vulnerability in multiple products
A heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component can be exploited to achieve local privilege escalation. A perf_event's read_size can overflow, leading to an heap out-of-bounds increment or write in perf_read_group(). We recommend upgrading past commit 382c27f4ed28f803b1f1473ac2d8db0afc795a1b.
local
high complexity
linux debian CWE-787
7.0
2023-12-19 CVE-2023-6932 Use After Free vulnerability in Linux Kernel
A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation. A race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread. We recommend upgrading past commit e2b706c691905fe78468c361aaabc719d0a496f1.
local
high complexity
linux CWE-416
7.0
2023-12-09 CVE-2023-50431 Unspecified vulnerability in Linux Kernel
sec_attest_info in drivers/accel/habanalabs/common/habanalabs_ioctl.c in the Linux kernel through 6.6.5 allows an information leak to user space because info->pad0 is not initialized.
local
low complexity
linux
5.5