Vendor Linux

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Type »

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Access Vector »

The approach a vulnerability it becomes important to use the expected access vector. This is typically via the network, local, or physically even.

Authentication »

To exploit a vulnerability a certail level of authentication might be required. Vulnerabilities without such a requirement are much more popular.

User Interaction »

Some attack scenarios require some user interaction by a victim. This is typical for phishing, social engineering and cross site scripting attacks.

C3BM Index »

Our unique C3BM Index (CVSSv3 Base Meta Index) cumulates the CVSSv3 Meta Base Scores of all entries over time. Comparing this index to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB »

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD »

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

Vendor »

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research »

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Exploit Market Volume »

Our unique calculation of exploit prices makes it possible to forecast the expected exploit market volume. The calculated prices for all possible 0-day expoits are cumulated for this task. Comparing the volume to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

🔴 CTI Activities »

Our unique Cyber Threat Intelligence aims to determine the ongoing research of actors to anticipiate their acitivities. Observing exploit markets on the Darknet, discussions of vulnerabilities on mailinglists, and exchanges on social media makes it possible to identify planned attacks. Monitored actors and activities are classified whether they are offensive or defensive. They are also weighted as some actors are well-known for certain products and technologies. And some of their disclosures might contain more or less details about technical aspects and personal context. The world map highlights active actors in real-time.

Affected Products (29): Board-TNK (1), CPU (1), DeepOfix (1), Enterprise Server (1), Heartbeat (2), Kernel (2534), LibThai (1), MySQL (1), MySQLDatabase Admin Tool (1), News-TNK (1), Nslookup (1), OCF Resource Agents (1), ONOS (8), ONOS SDN Controller (1), Sblim-sfcb (2), Traceroute Script (1), UMIP (2), XEN (1), Xen (122), Xen Elf Parser (3), cups-filters (5), foomatic (1), heartbeat (2), libvchan (1), nfs-utils (3), php Download Manager (1), php User Base (1), sblim-sfcb (4), xen (5)

Link to Vendor Website: https://www.kernel.org/

PublishedBaseTempVulnerabilityProdExpRemCTICVE
06/17/20213.53.4Linux Kernel personal-pci.c out-of-bounds readOperating SystemNot DefinedOfficial Fix0.50CVE-2021-32078
06/15/20214.34.1Linux Kernel Data Structure bcm.c information disclosureOperating SystemNot DefinedOfficial Fix0.15CVE-2021-34693
06/09/20215.55.5Linux Kernel HCI Device Initialization Subsystem use after freeOperating SystemNot DefinedNot Defined0.06CVE-2021-3564
06/08/20215.55.3Linux Kernel io_uring.c io_async_task_func use after freeOperating SystemNot DefinedOfficial Fix0.06CVE-2020-36387
06/08/20213.53.4Linux Kernel Bluetooth hci_event.c hci_extended_inquiry_result_evt out-of-bounds readOperating SystemNot DefinedOfficial Fix0.16CVE-2020-36386
06/08/20215.55.3Linux Kernel XFRM Subsystem xfrm_state_fini use after freeOperating SystemNot DefinedOfficial Fix0.15CVE-2019-25045
06/08/20215.55.3Linux Kernel socket.c use after freeOperating SystemNot DefinedOfficial Fix0.08CVE-2018-25015
06/07/20215.55.3Linux Kernel ucma.c ucma_migrate_id use after freeOperating SystemNot DefinedOfficial Fix0.74CVE-2020-36385
06/04/20217.57.2Linux Kernel eBPF RINGBUF bpf_ringbuf_reserve out-of-bounds writeOperating SystemNot DefinedOfficial Fix0.10CVE-2021-3489
06/04/20217.57.2Linux Kernel io_uring Subsystem mem heap-based overflowOperating SystemNot DefinedOfficial Fix0.20CVE-2021-3491
06/04/20217.57.2Linux Kernel eBPF ALU32 Bounds Tracking out-of-bounds readOperating SystemNot DefinedOfficial Fix0.08CVE-2021-3490
06/02/20216.86.8Linux Kernel Direct IO Write buffer overflowOperating SystemNot DefinedNot Defined0.06CVE-2020-10742
06/02/20214.34.3Linux Kernel Nitro Enclaves Driver null pointer dereferenceOperating SystemNot DefinedNot Defined0.23CVE-2021-3543
05/28/20214.34.1Linux Kernel BPF information disclosureOperating SystemNot DefinedOfficial Fix0.05CVE-2021-20239
05/28/20217.26.9Linux Kernel Nouveau DRM Subsystem nouveau_sgdma.c nouveau_sgdma_create_ttm use after freeOperating SystemNot DefinedOfficial Fix0.10CVE-2021-20292
05/28/20214.34.1Linux Kernel sysctl Subsystem rh_features uninitialized pointerOperating SystemNot DefinedOfficial Fix0.06CVE-2020-10774
05/27/20218.88.8Linux Kernel verifier.c alu_limit out-of-bounds writeOperating SystemNot DefinedNot Defined0.00CVE-2021-33200
05/27/20215.75.5Linux Kernel Packet out-of-bounds readOperating SystemNot DefinedOfficial Fix0.06CVE-2021-20177
05/26/20217.67.3Linux Kernel JFS Filesystem memory corruptionOperating SystemNot DefinedOfficial Fix0.06CVE-2020-27815
05/26/20215.55.0Linux Kernel KVM memory corruptionOperating SystemProof-of-ConceptOfficial Fix0.06CVE-2021-22543
05/26/20214.84.8Linux Kernel Sockets llcp_sock_connect resource consumptionOperating SystemNot DefinedNot Defined0.00CVE-2020-25673
05/26/20215.55.5Linux Kernel llcp_sock_connect use after freeOperating SystemNot DefinedNot Defined0.07CVE-2020-25671
05/26/20215.55.5Linux Kernel llcp_sock_bind use after freeOperating SystemNot DefinedNot Defined0.11CVE-2020-25670
05/26/20215.55.3Linux Kernel Global Variable con_font_op use after freeOperating SystemNot DefinedOfficial Fix0.06CVE-2020-25668
05/26/20215.55.3Linux Kernel sunkbd_reinit use after freeOperating SystemNot DefinedOfficial Fix0.05CVE-2020-25669
05/26/20213.53.4Linux Kernel llcp_sock_connect memory leakOperating SystemNot DefinedOfficial Fix0.06CVE-2020-25672
05/21/20218.88.4Linux Kernel eBPF calculationOperating SystemNot DefinedOfficial Fix0.11CVE-2021-31440
05/18/20215.55.3Linux Kernel Nosy Driver use after freeOperating SystemNot DefinedOfficial Fix0.00CVE-2021-3483
05/15/20215.55.3Linux Kernel Bluetooth hci_event.c use after freeOperating SystemNot DefinedOfficial Fix0.00CVE-2021-33034
05/15/20215.55.3Linux Kernel DOI Definition cipso_ipv4.c cipso_v4_genopt use after freeOperating SystemNot DefinedOfficial Fix0.08CVE-2021-33033
05/15/20218.88.4Linux Kernel Block Subsystem blk_cleanup_queue use after freeOperating SystemNot DefinedOfficial Fix0.00CVE-2019-25044
05/13/20213.53.5Linux Kernel spk_ttyio_receive_buf2 null pointer dereferenceOperating SystemNot DefinedNot Defined0.07CVE-2020-27830
05/13/20217.87.5Linux Kernel NFC Socket use after freeOperating SystemNot DefinedOfficial Fix0.22CVE-2021-23134
05/12/20218.88.8Linux Kernel isotp.c isotp_setsockopt use after freeOperating SystemProof-of-ConceptNot Defined0.07CVE-2021-32606
05/12/20214.34.3Linux Kernel WEP/WPA/WPA2/WPA3 injectionOperating SystemNot DefinedNot Defined0.06CVE-2020-26147
05/11/20214.64.4Linux Kernel HCI Controller hci_request.c race conditionOperating SystemNot DefinedOfficial Fix0.31CVE-2021-32399
05/11/20214.33.9Linux Kernel syscall numeric conversionOperating SystemProof-of-ConceptOfficial Fix0.00CVE-2020-28588
05/07/20217.17.1Linux Kernel af_x25.c x25_bind out-of-bounds readOperating SystemNot DefinedNot Defined0.13CVE-2020-35519
05/07/20216.36.0Linux Kernel Multi-device Driver Module dm-ioctl.c list_devices out-of-bounds writeOperating SystemNot DefinedOfficial Fix0.07CVE-2021-31916
05/07/20212.62.5Linux Kernel BPF Stack verifier.c information disclosureOperating SystemNot DefinedOfficial Fix0.07CVE-2021-31829
05/06/20215.55.3Linux Kernel KVM API out-of-bounds writeOperating SystemNot DefinedOfficial Fix0.14CVE-2021-3501
04/23/20217.97.6Linux Kernel SCTP Socket socket.c sctp_destroy_sock race conditionOperating SystemNot DefinedOfficial Fix0.18CVE-2021-23133
04/22/20214.03.6Linux Kernel Spectre Mitigation verifier.c information disclosureOperating SystemProof-of-ConceptOfficial Fix0.05CVE-2021-29155
04/20/20217.16.8Linux Kernel f2fs module node.c out-of-bounds readOperating SystemNot DefinedOfficial Fix0.00CVE-2021-3506
04/14/20215.75.5Linux Kernel Filesystem fuse_do_getattr denial of serviceOperating SystemNot DefinedOfficial Fix0.07CVE-2020-36322
04/09/20218.87.9Linux Kernel BPF JIT Compiler Remote Privilege EscalationOperating SystemProof-of-ConceptOfficial Fix0.08CVE-2021-29154
04/07/20213.53.4Linux Kernel SynIC Hyper-V hyperv.c synic_get null pointer dereferenceOperating SystemNot DefinedOfficial Fix0.09CVE-2021-30178
04/07/20215.55.3Linux Kernel KVM Subsystem kvm-s390.c unknown vulnerabilityOperating SystemNot DefinedOfficial Fix0.09CVE-2020-36313
04/07/20213.53.4Linux Kernel kvm_main.c kvm_io_bus_unregister_dev memory leakOperating SystemNot DefinedOfficial Fix0.10CVE-2020-36312
04/07/20213.53.4Linux Kernel SEV VM sev.c denial of serviceOperating SystemNot DefinedOfficial Fix0.07CVE-2020-36311

Do you want to use VulDB in your project?

Use the official API to access entries easily!