Total
582 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-39131 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-24 | 5.5 Medium |
| In camera driver, there is a possible memory corruption due to improper locking. This could lead to local denial of service in kernel. | ||||
| CVE-2022-42775 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-23 | 5.5 Medium |
| In camera driver, there is a possible memory corruption due to improper locking. This could lead to local denial of service in kernel. | ||||
| CVE-2021-41141 | 2 Debian, Teluu | 2 Debian Linux, Pjsip | 2025-04-23 | 5.9 Medium |
| PJSIP is a free and open source multimedia communication library written in the C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In various parts of PJSIP, when error/failure occurs, it is found that the function returns without releasing the currently held locks. This could result in a system deadlock, which cause a denial of service for the users. No release has yet been made which contains the linked fix commit. All versions up to an including 2.11.1 are affected. Users may need to manually apply the patch. | ||||
| CVE-2022-39358 | 1 Metabase | 1 Metabase | 2025-04-23 | 6.5 Medium |
| Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, and 1.42.6, it was possible to circumvent locked parameters when requesting data for a question in an embedded dashboard by constructing a malicious request to the backend. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, and 1.42.6. | ||||
| CVE-2022-42329 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-04-23 | 5.5 Medium |
| Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329). | ||||
| CVE-2022-42328 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-04-23 | 6.2 Medium |
| Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329). | ||||
| CVE-2022-20566 | 1 Google | 1 Android | 2025-04-21 | 7.8 High |
| In l2cap_chan_put of l2cap_core, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-165329981References: Upstream kernel | ||||
| CVE-2017-6348 | 1 Linux | 1 Linux Kernel | 2025-04-20 | N/A |
| The hashbin_delete function in net/irda/irqueue.c in the Linux kernel before 4.9.13 improperly manages lock dropping, which allows local users to cause a denial of service (deadlock) via crafted operations on IrDA devices. | ||||
| CVE-2022-4129 | 3 Fedoraproject, Linux, Redhat | 5 Fedora, Layer 2 Tunneling Protocol, Enterprise Linux and 2 more | 2025-04-14 | 5.5 Medium |
| A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service. | ||||
| CVE-2021-43395 | 5 Illumos, Joyent, Omniosce and 2 more | 5 Illumos, Smartos, Omnios and 2 more | 2025-04-14 | 5.5 Medium |
| An issue was discovered in illumos before f859e7171bb5db34321e45585839c6c3200ebb90, OmniOS Community Edition r151038, OpenIndiana Hipster 2021.04, and SmartOS 20210923. A local unprivileged user can cause a deadlock and kernel panic via crafted rename and rmdir calls on tmpfs filesystems. Oracle Solaris 10 and 11 is also affected. | ||||
| CVE-2015-3212 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Enterprise Mrg and 1 more | 2025-04-12 | N/A |
| Race condition in net/sctp/socket.c in the Linux kernel before 4.1.2 allows local users to cause a denial of service (list corruption and panic) via a rapid series of system calls related to sockets, as demonstrated by setsockopt calls. | ||||
| CVE-2015-8339 | 1 Xen | 1 Xen | 2025-04-12 | N/A |
| The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly hand back pages to a domain, which might allow guest OS administrators to cause a denial of service (host crash) via unspecified vectors related to domain teardown. | ||||
| CVE-2015-8539 | 4 Canonical, Linux, Redhat and 1 more | 6 Ubuntu Linux, Linux Kernel, Enterprise Linux and 3 more | 2025-04-12 | 7.8 High |
| The KEYS subsystem in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c. | ||||
| CVE-2016-2549 | 1 Linux | 1 Linux Kernel | 2025-04-12 | N/A |
| sound/core/hrtimer.c in the Linux kernel before 4.4.1 does not prevent recursive callback access, which allows local users to cause a denial of service (deadlock) via a crafted ioctl call. | ||||
| CVE-2015-8952 | 1 Linux | 1 Linux Kernel | 2025-04-12 | N/A |
| The mbcache feature in the ext2 and ext4 filesystem implementations in the Linux kernel before 4.6 mishandles xattr block caching, which allows local users to cause a denial of service (soft lockup) via filesystem operations in environments that use many attributes, as demonstrated by Ceph and Samba. | ||||
| CVE-2014-9066 | 2 Opensuse, Xen | 2 Opensuse, Xen | 2025-04-12 | N/A |
| Xen 4.4.x and earlier, when using a large number of VCPUs, does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and host crash) via a large number of read requests, a different vulnerability than CVE-2014-9065. | ||||
| CVE-2016-6786 | 1 Linux | 1 Linux Kernel | 2025-04-12 | 7.0 High |
| kernel/events/core.c in the performance subsystem in the Linux kernel before 4.0 mismanages locks during certain migrations, which allows local users to gain privileges via a crafted application, aka Android internal bug 30955111. | ||||
| CVE-2015-4176 | 1 Linux | 1 Linux Kernel | 2025-04-12 | N/A |
| fs/namespace.c in the Linux kernel before 4.0.2 does not properly support mount connectivity, which allows local users to read arbitrary files by leveraging user-namespace root access for deletion of a file or directory. | ||||
| CVE-2016-8660 | 1 Linux | 1 Linux Kernel | 2025-04-12 | N/A |
| The XFS subsystem in the Linux kernel through 4.8.2 allows local users to cause a denial of service (fdatasync failure and system hang) by using the vfs syscall group in the trinity program, related to a "page lock order bug in the XFS seek hole/data implementation." | ||||
| CVE-2016-6787 | 1 Linux | 1 Linux Kernel | 2025-04-12 | 7.0 High |
| kernel/events/core.c in the performance subsystem in the Linux kernel before 4.0 mismanages locks during certain migrations, which allows local users to gain privileges via a crafted application, aka Android internal bug 31095224. | ||||