Canonical

Ubuntu 18.04 LTS

1647 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2021-4149

Exploit
  • EPSS 0.11%
  • Veröffentlicht 23.03.2022 20:15:09
  • Zuletzt bearbeitet 21.11.2024 06:37:00

A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial of service (DOS) due to a deadlock problem.

7.8

CVE-2022-27666

Medienbericht
  • EPSS 0.8%
  • Veröffentlicht 23.03.2022 06:15:06
  • Zuletzt bearbeitet 21.11.2024 06:56:08

A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation ...

7.8

CVE-2022-1011

  • EPSS 0.21%
  • Veröffentlicht 18.03.2022 18:15:12
  • Zuletzt bearbeitet 21.11.2024 06:39:51

A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation.

5.5

CVE-2021-45868

Exploit
  • EPSS 0.22%
  • Veröffentlicht 18.03.2022 07:15:06
  • Zuletzt bearbeitet 21.11.2024 06:33:10

In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file.

4.4

CVE-2021-39711

  • EPSS 0.11%
  • Veröffentlicht 16.03.2022 15:15:11
  • Zuletzt bearbeitet 21.11.2024 06:20:04

In bpf_prog_test_run_skb of test_run.c, there is a possible out of bounds read due to Incorrect Size Value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Produ...

7.8

CVE-2021-39685

  • EPSS 1.01%
  • Veröffentlicht 16.03.2022 15:15:10
  • Zuletzt bearbeitet 21.11.2024 06:20:00

In various setup methods of the USB gadget subsystem, there is a possible out of bounds write due to an incorrect flag check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not nee...

7.8

CVE-2021-39698

  • EPSS 0.03%
  • Veröffentlicht 16.03.2022 15:15:10
  • Zuletzt bearbeitet 21.11.2024 06:20:02

In aio_poll_complete_work of aio.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Produc...

8.8

CVE-2022-27223

  • EPSS 0.32%
  • Veröffentlicht 16.03.2022 00:15:09
  • Zuletzt bearbeitet 21.11.2024 06:55:26

In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not validated and might be manipulated by the host for out-of-array access.

5.6

CVE-2022-23960

  • EPSS 0.23%
  • Veröffentlicht 13.03.2022 00:15:07
  • Zuletzt bearbeitet 21.11.2024 06:49:32

Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then,...

5.5

CVE-2022-26966

  • EPSS 0.03%
  • Veröffentlicht 12.03.2022 22:15:08
  • Zuletzt bearbeitet 21.11.2024 06:54:52

An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device.