Vulnerabilities > Linux > Linux Kernel > 5.4.40

DATE CVE VULNERABILITY TITLE RISK
2021-05-26 CVE-2020-25670 Use After Free vulnerability in multiple products
A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free which might lead to privilege escalations.
local
low complexity
linux fedoraproject netapp debian CWE-416
7.8
2021-05-26 CVE-2020-25671 Use After Free vulnerability in multiple products
A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after-free which might lead to privilege escalations.
local
low complexity
linux fedoraproject netapp debian CWE-416
7.8
2021-05-24 CVE-2020-26558 Improper Authentication vulnerability in multiple products
Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session.
4.2
2021-05-14 CVE-2021-33034 Use After Free vulnerability in multiple products
In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409.
local
low complexity
linux fedoraproject debian CWE-416
7.8
2021-05-12 CVE-2021-23134 Use After Free vulnerability in multiple products
Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers to elevate their privileges.
local
low complexity
linux fedoraproject debian CWE-416
7.8
2021-05-11 CVE-2020-24586 The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. 2.9
2021-05-11 CVE-2020-24587 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key.
1.8
2021-05-11 CVE-2020-24588 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated.
3.5
2021-05-11 CVE-2020-26147 An issue was discovered in the Linux kernel 5.8.9.
high complexity
linux debian arista siemens
3.2
2021-05-06 CVE-2021-31829 Incorrect Authorization vulnerability in multiple products
kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a.
local
low complexity
linux fedoraproject debian CWE-863
5.5