In 2020, 132 Linux kernel CVEs were published, sourced from the NIST National Vulnerability Database. Of these, 0 were rated Critical, 42 High severity . Compared to 2019's 305 CVEs, 2020 represented a decrease of 57% year-on-year. September was the most active month, with 22 CVEs published.
Monthly CVE Breakdown — 2020
CVEs published per month with severity breakdown
September (22) was the most active month in 2020. Together the top months account for a significant share of 2020's 132 total CVEs. March (1) had the lowest volume.
Severity Distribution — 2020
Breakdown across 132 CVEs
66% Medium · 32% High · 0% Critical.
Monthly Counts — 2020
CVE counts by month and severity
September was the most active month with 22 CVEs — 17% of 2020's total. March (1) had the lowest volume.
| Month | Total | Critical | High | Medium | Low | Share of year |
|---|---|---|---|---|---|---|
| January | 7 | 0 | 2 | 5 | 0 |
5%
|
| February | 12 | 0 | 4 | 8 | 0 |
9%
|
| March | 1 | 0 | 0 | 1 | 0 |
1%
|
| April | 18 | 0 | 7 | 11 | 0 |
14%
|
| May | 21 | 0 | 4 | 17 | 0 |
16%
|
| June | 8 | 0 | 2 | 6 | 0 |
6%
|
| July | 5 | 0 | 1 | 3 | 1 |
4%
|
| August | 2 | 0 | 2 | 0 | 0 |
2%
|
| September | 22 | 0 | 6 | 16 | 0 |
17%
|
| October | 7 | 0 | 2 | 5 | 0 |
5%
|
| November | 18 | 0 | 5 | 11 | 2 |
14%
|
| December | 11 | 0 | 7 | 4 | 0 |
8%
|
| Total | 132 | 0 | 42 | 87 | 3 |
All CVEs — 2020
132 CVEs
| CVE ID | Package | Severity | CVSS | Published | Description | |
|---|---|---|---|---|---|---|
| CVE-2020-29569 | linux | High | 8.8 | 2020-12-15 | An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block … | |
| CVE-2020-25661 | linux | High | 8.8 | 2020-11-05 | A Red Hat only CVE-2020-12351 regression issue was found in the way the Linux kernel's Bluetooth implementation handled… | |
| CVE-2019-15793 | linux | High | 8.8 | 2020-04-24 | In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, several location… | |
| CVE-2020-14305 | linux | High | 8.1 | 2020-12-02 | An out-of-bounds memory write flaw was found in how the Linux kernel’s Voice Over IP H.323 connection tracking function… | |
| CVE-2020-27786 | linux | High | 7.8 | 2020-12-11 | A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissio… | |
| CVE-2020-29661 | linux | High | 7.8 | 2020-12-09 | A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allow… | |
| CVE-2020-14351 | linux | High | 7.8 | 2020-12-03 | A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local att… | |
| CVE-2020-29534 | linux | High | 7.8 | 2020-12-03 | An issue was discovered in the Linux kernel before 5.9.3. io_uring takes a non-refcounted reference to the files_struct… | |
| CVE-2020-14381 | linux | High | 7.8 | 2020-12-03 | A flaw was found in the Linux kernel’s futex implementation. This flaw allows a local attacker to corrupt system memory… | |
| CVE-2020-14386 | linux | High | 7.8 | 2020-09-16 | A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from un… |
2020 Linux Kernel CVE Highlights
-
Volume without critical severity
Despite high CVE volume, 2020 produced only 0 Critical-rated vulnerabilities. 66% of 2020 CVEs are Medium severity. This means the surge in raw numbers does not represent a proportional surge in high-severity risk.
-
Monthly variation
CVE publication in 2020 was uneven across months. September was the most active with 22 CVEs. March (1) had the lowest volume. Monthly spikes typically correspond to coordinated batches of backfilled CVEs being processed at once.