In 2015, 86 Linux kernel CVEs were published, sourced from the NIST National Vulnerability Database. Of these, 1 was rated Critical, 20 High severity . Compared to 2014's 140 CVEs, 2015 represented a decrease of 39% year-on-year. August was the most active month, with 20 CVEs published.
Monthly CVE Breakdown — 2015
CVEs published per month with severity breakdown
August (20) was the most active month in 2015. Together the top months account for a significant share of 2015's 86 total CVEs. February (1) had the lowest volume.
Severity Distribution — 2015
Breakdown across 86 CVEs
56% Medium · 23% High · 1% Critical.
Monthly Counts — 2015
CVE counts by month and severity
August was the most active month with 20 CVEs — 23% of 2015's total. February (1) had the lowest volume.
| Month | Total | Critical | High | Medium | Low | Share of year |
|---|---|---|---|---|---|---|
| January | 4 | 0 | 1 | 1 | 2 |
5%
|
| February | 1 | 0 | 0 | 1 | 0 |
1%
|
| March | 14 | 0 | 4 | 6 | 4 |
16%
|
| April | 4 | 0 | 1 | 2 | 1 |
5%
|
| May | 9 | 0 | 2 | 5 | 2 |
10%
|
| June | 4 | 0 | 4 | 0 | 0 |
5%
|
| July | 1 | 0 | 0 | 1 | 0 |
1%
|
| August | 20 | 0 | 5 | 12 | 3 |
23%
|
| September | 1 | 0 | 0 | 1 | 0 |
1%
|
| October | 10 | 0 | 1 | 8 | 1 |
12%
|
| November | 9 | 1 | 1 | 6 | 1 |
10%
|
| December | 9 | 0 | 1 | 5 | 3 |
10%
|
| Total | 86 | 1 | 20 | 48 | 17 |
All CVEs — 2015
86 CVEs
| CVE ID | Package | Severity | CVSS | Published | Description | |
|---|---|---|---|---|---|---|
| CVE-2015-5053 | linux | High | 10.0 | 2015-11-24 | The host memory mapping path feature in the NVIDIA GPU graphics driver R346 before 346.87 and R352 before 352.41 for Li… | |
| CVE-2015-8104 | linux | Critical | 10.0 | 2015-11-16 | The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a deni… | |
| CVE-2015-3036 | linux | High | 10.0 | 2015-05-21 | Stack-based buffer overflow in the run_init_sbus function in the KCodes NetUSB module for the Linux kernel, as used in … | |
| CVE-2015-1421 | linux | High | 10.0 | 2015-03-16 | Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel before 3.18.… | |
| CVE-2015-3331 | linux | High | 9.3 | 2015-05-27 | The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in the Linux kernel before 3.19.3 does not … | |
| CVE-2015-4001 | linux | High | 9.0 | 2015-06-07 | Integer signedness error in the oz_hcd_get_desc_cnf function in drivers/staging/ozwpan/ozhcd.c in the OZWPAN driver in … | |
| CVE-2015-4002 | linux | High | 9.0 | 2015-06-07 | drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 does not ensure that certain … | |
| CVE-2015-4004 | linux | High | 8.5 | 2015-06-07 | The OZWPAN driver in the Linux kernel through 4.0.5 relies on an untrusted length field during packet parsing, which al… | |
| CVE-2013-7445 | linux | High | 7.8 | 2015-10-16 | The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution… | |
| CVE-2015-5364 | linux | High | 7.8 | 2015-08-31 | The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 do not properly consider yielding … |
2015 Linux Kernel CVE Highlights
-
Volume without critical severity
Despite high CVE volume, 2015 produced only 1 Critical-rated vulnerability. 56% of 2015 CVEs are Medium severity. This means the surge in raw numbers does not represent a proportional surge in high-severity risk.
-
Monthly variation
CVE publication in 2015 was uneven across months. August was the most active with 20 CVEs. February (1) had the lowest volume. Monthly spikes typically correspond to coordinated batches of backfilled CVEs being processed at once.