CISA Catalog
Data sourced from the official CISA Known Exploited Vulnerabilities Catalog. Federal agencies are required to remediate these vulnerabilities by the due date per BOD 22-01.
KEV Entries
1,619
Ransomware Use
327
Overdue
1,615
Vendors
266
Products
655
26 results · Page 1/2
Linux Kernel Improper Authentication Vulnerability
Linux · Kernel
Linux Kernel contains an improper authentication vulnerability which could allow for privilege escalation via the cgroups v1 release_agent feature.
Required Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability
Linux · Kernel
Linux Kernel contains an incorrect resource transfer between spheres vulnerability that could allow for privilege escalation.
Required Action
"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Linux Kernel Integer Overflow Vulnerability
Linux · Kernel
Linux Kernel contains an integer overflow vulnerability in the create_elf_tables() function which could allow an unprivileged local user with access to SUID (or otherwise privileged) binary to escalate their privileges on the system.
Required Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Linux Kernel Heap Out-of-Bounds Write Vulnerability
Linux · Kernel
Linux Kernel contains a heap out-of-bounds write vulnerability that could allow an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space.
Required Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Linux Kernel Time-of-Check Time-of-Use (TOCTOU) Race Condition Vulnerability
Linux · Kernel
Linux kernel contains a time-of-check time-of-use (TOCTOU) race condition vulnerability that has a high impact on confidentiality, integrity, and availability.
Required Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Linux Kernel Improper Ownership Management Vulnerability
Linux · Kernel
Linux Kernel contains an improper ownership management vulnerability, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.
Required Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Linux Kernel Out-of-Bounds Read Vulnerability
Linux · Kernel
Linux Kernel contains an out-of-bounds read vulnerability in the USB-audio driver that allows a local, privileged attacker to obtain potentially sensitive information.
Required Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Linux Kernel Out-of-Bounds Access Vulnerability
Linux · Kernel
Linux Kernel contains an out-of-bounds access vulnerability in the USB-audio driver that allows an attacker with physical access to the system to use a malicious USB device to potentially manipulate system memory, escalate privileges, or execute arbitrary code.
Required Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Linux Kernel Use of Uninitialized Resource Vulnerability
Linux · Kernel
The Linux kernel contains a use of uninitialized resource vulnerability that allows an attacker to leak kernel memory via a specially crafted HID report.
Required Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Linux Kernel Out-of-Bounds Write Vulnerability
Linux · Kernel
Linux kernel contains an out-of-bounds write vulnerability in the uvc_parse_streaming component of the USB Video Class (UVC) driver that could allow for physical escalation of privilege.
Required Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Linux Kernel PIE Stack Buffer Corruption Vulnerability
Linux · Kernel
Linux kernel contains a position-independent executable (PIE) stack buffer corruption vulnerability in load_elf_ binary() that allows a local attacker to escalate privileges.
Required Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Linux Kernel Heap-Based Buffer Overflow Vulnerability
Linux · Kernel
Linux kernel contains a heap-based buffer overflow vulnerability in the legacy_parse_param function in the Filesystem Context functionality. This allows an attacker to open a filesystem that does not support the Filesystem Context API and ultimately escalate privileges.
Required Action
Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.
Linux Kernel Use-After-Free Vulnerability
Linux · Kernel
Linux Kernel contains a use-after-free vulnerability in the nft_object, allowing local attackers to escalate privileges.
Required Action
Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.
Linux Kernel Use-After-Free Vulnerability
Linux · Kernel
Linux kernel contains a use-after-free vulnerability in the netfilter: nf_tables component that allows an attacker to achieve local privilege escalation.
Required Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Linux Kernel Race Condition Vulnerability
Linux · Kernel
Linux Kernel contains a race condition vulnerability within the n_tty_write function that allows local users to cause a denial-of-service (DoS) or gain privileges via read and write operations with long strings.
Required Action
The impacted product is end-of-life and should be disconnected if still in use.
Linux Kernel Improper Input Validation Vulnerability
Linux · Kernel
Linux Kernel contains an improper input validation vulnerability in the Reliable Datagram Sockets (RDS) protocol implementation that allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls.
Required Action
The impacted product is end-of-life and should be disconnected if still in use.
Linux Kernel Use-After-Free Vulnerability
Linux · Kernel
Linux kernel contains a use-after-free vulnerability that allows for privilege escalation to gain ring0 access from the system user.
Required Action
Apply updates per vendor instructions.
Linux Kernel Privilege Escalation Vulnerability
Linux · Kernel
The overlayfs stacking file system in Linux kernel does not properly validate the application of file capabilities against user namespaces, which could lead to privilege escalation.
Required Action
Apply updates per vendor instructions.
Linux Kernel Improper Input Validation Vulnerability
Linux · Kernel
The get_user and put_user API functions of the Linux kernel fail to validate the target address when being used on ARM v6k/v7 platforms. This allows an application to read and write kernel memory which could lead to privilege escalation.
Required Action
Apply updates per vendor instructions.
Linux Kernel Integer Overflow Vulnerability
Linux · Kernel
Linux kernel fb_mmap function in drivers/video/fbmem.c contains an integer overflow vulnerability that allows for privilege escalation.
Required Action
Apply updates per vendor instructions.
Linux Kernel Privilege Escalation Vulnerability
Linux · Kernel
Linux kernel fails to check all 64 bits of attr.config passed by user space, resulting to out-of-bounds access of the perf_swevent_enabled array in sw_perf_event_destroy(). Explotation allows for privilege escalation.
Required Action
Apply updates per vendor instructions.
Linux Kernel Privilege Escalation Vulnerability
Linux · Kernel
The futex_requeue function in kernel/futex.c in Linux kernel does not ensure that calls have two different futex addresses, which allows local users to gain privileges.
Required Action
Apply updates per vendor instructions.
Linux Kernel Privilege Escalation Vulnerability
Linux · Kernel
Linux kernel contains an improper initialization vulnerability where an unprivileged local user could escalate their privileges on the system. This vulnerability has the moniker of "Dirty Pipe."
Required Action
Apply updates per vendor instructions.
Linux Kernel Privilege Escalation Vulnerability
Linux · Kernel
Linux Kernel contains a flaw in the packet socket (AF_PACKET) implementation which could lead to incorrectly freeing memory. A local user could exploit this for denial-of-service (DoS) or possibly for privilege escalation.
Required Action
Apply updates per vendor instructions.
Linux Kernel Race Condition Vulnerability
Linux · Kernel
Race condition in mm/gup.c in the Linux kernel allows local users to escalate privileges.
Required Action
Apply updates per vendor instructions.
