Vulnerabilities > Linux > Linux Kernel > 5.4.217

DATE CVE VULNERABILITY TITLE RISK
2023-01-09 CVE-2022-2196 Insecure Default Initialization of Resource vulnerability in multiple products
A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1.
local
low complexity
linux debian CWE-1188
8.8
2023-01-05 CVE-2022-4378 Out-of-bounds Write vulnerability in Linux Kernel
A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables.
local
low complexity
linux CWE-787
7.8
2022-12-18 CVE-2022-47518 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in the Linux kernel before 6.0.11.
local
low complexity
linux debian netapp CWE-787
7.8
2022-12-18 CVE-2022-47519 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in the Linux kernel before 6.0.11.
local
low complexity
linux debian netapp CWE-787
7.8
2022-12-18 CVE-2022-47520 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in the Linux kernel before 6.0.11.
local
low complexity
linux debian netapp CWE-125
7.1
2022-12-07 CVE-2022-3643 Injection vulnerability in multiple products
Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets.
local
low complexity
linux debian CWE-74
6.5
2022-12-07 CVE-2022-42328 Improper Locking vulnerability in multiple products
Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328).
local
low complexity
linux debian CWE-667
5.5
2022-12-07 CVE-2022-42329 Improper Locking vulnerability in multiple products
Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328).
local
low complexity
linux debian CWE-667
5.5
2022-11-30 CVE-2022-45869 Race Condition vulnerability in Linux Kernel
A race condition in the x86 KVM subsystem in the Linux kernel through 6.1-rc6 allows guest OS users to cause a denial of service (host OS crash or host OS memory corruption) when nested virtualisation and the TDP MMU are enabled.
local
low complexity
linux CWE-362
5.5
2022-11-28 CVE-2022-4127 NULL Pointer Dereference vulnerability in Linux Kernel
A NULL pointer dereference issue was discovered in the Linux kernel in io_files_update_with_index_alloc.
local
low complexity
linux CWE-476
5.5