Canonical

Ubuntu 20.04 LTS

3473 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.6

CVE-2022-21499

  • EPSS 0.18%
  • Veröffentlicht 09.06.2022 21:15:07
  • Zuletzt bearbeitet 21.11.2024 06:44:50

KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is...

0

CVE-2022-1966

  • EPSS 0.04%
  • Veröffentlicht 06.06.2022 18:15:08
  • Zuletzt bearbeitet 07.11.2023 03:42:21

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-32250. Reason: This candidate is a duplicate of CVE-2022-32250. Notes: All CVE users should reference CVE-2022-32250 instead of this candidate. All references and descriptions in...

3.3

CVE-2022-32296

  • EPSS 0.07%
  • Veröffentlicht 05.06.2022 22:15:08
  • Zuletzt bearbeitet 21.11.2024 07:06:07

The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 ("Double-Hash Port Selection Algorithm") of RFC 6056.

7.8

CVE-2022-32250

Exploit
  • EPSS 1.31%
  • Veröffentlicht 02.06.2022 21:15:07
  • Zuletzt bearbeitet 21.11.2024 07:06:01

net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.

6.9

CVE-2022-1789

  • EPSS 0.02%
  • Veröffentlicht 02.06.2022 14:15:33
  • Zuletzt bearbeitet 21.11.2024 06:41:28

With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference.

6.3

CVE-2022-1462

Exploit
  • EPSS 0.05%
  • Veröffentlicht 02.06.2022 14:15:32
  • Zuletzt bearbeitet 21.11.2024 06:40:46

An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc functi...

7.8

CVE-2022-1652

  • EPSS 0.75%
  • Veröffentlicht 02.06.2022 14:15:32
  • Zuletzt bearbeitet 21.11.2024 06:41:10

Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to exe...

7

CVE-2022-1734

Exploit
  • EPSS 0.08%
  • Veröffentlicht 18.05.2022 17:15:08
  • Zuletzt bearbeitet 21.11.2024 06:41:21

A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine.

7.8

CVE-2022-1116

Exploit
  • EPSS 0.17%
  • Veröffentlicht 17.05.2022 17:15:08
  • Zuletzt bearbeitet 21.11.2024 06:40:04

Integer Overflow or Wraparound vulnerability in io_uring of Linux Kernel allows local attacker to cause memory corruption and escalate privileges to root. This issue affects: Linux Kernel versions prior to 5.4.189; version 5.4.24 and later versions.

7.8

CVE-2022-29581

Exploit
  • EPSS 0.19%
  • Veröffentlicht 17.05.2022 17:15:08
  • Zuletzt bearbeitet 21.11.2024 06:59:20

Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions.