Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ubuntu_linux
(Canonical)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-08-23 | CVE-2021-3975 | A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection could use this flaw to perform a denial of service attack by causing the libvirt daemon to crash. | Ubuntu_linux, Debian_linux, Fedora, Ontap_select_deploy_administration_utility, Codeready_linux_builder, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_ibm_z_systems_eus, Enterprise_linux_for_power_little_endian, Enterprise_linux_for_power_little_endian_eus, Enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions, Enterprise_linux_server_tus, Libvirt | 6.5 | ||
| 2022-08-29 | CVE-2022-1184 | A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service. | Ubuntu_linux, Debian_linux, Linux_kernel, Enterprise_linux | 5.5 | ||
| 2022-09-02 | CVE-2022-39176 | BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len. | Bluez, Ubuntu_linux, Debian_linux | 8.8 | ||
| 2022-09-02 | CVE-2022-39177 | BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c. | Bluez, Ubuntu_linux, Debian_linux | 8.8 | ||
| 2023-03-27 | CVE-2023-1380 | A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur when assoc_info->req_len data is bigger than the size of the buffer, defined as WL_EXTRA_BUF_MAX, leading to a denial of service. | Ubuntu_linux, Debian_linux, Linux_kernel, H300s_firmware, H410c_firmware, H410s_firmware, H500s_firmware, H700s_firmware, Enterprise_linux | 7.1 | ||
| 2023-03-27 | CVE-2023-0179 | A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution. | Ubuntu_linux, Fedora, Linux_kernel, Codeready_linux_builder, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_power_little_endian, Enterprise_linux_for_power_little_endian_eus, Enterprise_linux_for_real_time, Enterprise_linux_for_real_time_for_nfv, Enterprise_linux_server, Enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions | 7.8 | ||
| 2023-04-13 | CVE-2023-1326 | A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate privilege. It is extremely unlikely that a system administrator would configure sudo to allow unprivileged users to perform this class of exploit. | Apport, Ubuntu_linux | 7.8 | ||
| 2023-04-26 | CVE-2023-1786 | Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege. | Cloud\-Init, Ubuntu_linux, Fedora | 5.5 | ||
| 2023-05-31 | CVE-2023-2612 | Jean-Baptiste Cayrou discovered that the shiftfs file system in the Ubuntu Linux kernel contained a race condition when handling inode locking in some situations. A local attacker could use this to cause a denial of service (kernel deadlock). | Ubuntu_linux | 4.7 | ||
| 2023-07-05 | CVE-2023-31248 | Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace | Ubuntu_linux, Debian_linux, Fedora, Linux_kernel | 7.8 |