15 Linux Kernel CVEs in April 2021
Full month · Source: NIST NVD
In April 2021, 15 Linux kernel CVEs were published, sourced from the NIST National Vulnerability Database. Of these, 8 were rated High severity and 7 Medium. CVE-2021-3493 was confirmed as actively exploited in the wild and added to the CISA Known Exploited Vulnerabilities catalog. April's 15 CVEs represent 9% of all 2021 Linux kernel CVEs , down from March's 32 (a 53% month-over-month decrease) .
Actively Exploited CVEs — April 2021
1 CVE in CISA KEVCVE-2021-3493 is the only Linux kernel CVE from April 2021 confirmed as actively exploited in the wild. It carries a CVSS score of 7.8 (High severity) and is listed in the CISA Known Exploited Vulnerabilities catalog.
| CVE ID | Severity | CVSS | Published | Description | |
|---|---|---|---|---|---|
| CVE-2021-3493 | High KEV | 7.8 | 2021-04-17 | The overlayfs implementation in the linux kernel did not properly validate with respect to user nam… |
| CVE ID | Package | Severity | CVSS | Published | Description | |
|---|---|---|---|---|---|---|
| CVE-2021-1076 | linux | High | 7.8 | 2021-04-21 | NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvldd… | |
| CVE-2021-3493 | linux | High KEV | 7.8 | 2021-04-17 | The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting … | |
| CVE-2021-3492 | linux | High | 7.8 | 2021-04-17 | Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring… | |
| CVE-2021-29154 | linux | High | 7.8 | 2021-04-08 | BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them… | |
| CVE-2020-36313 | linux | High | 7.8 | 2021-04-07 | An issue was discovered in the Linux kernel before 5.7. The KVM subsystem allows out-of-range access to memslots after … | |
| CVE-2021-3506 | linux | High | 7.1 | 2021-04-19 | An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in version… | |
| CVE-2021-31795 | linux | High | 7.0 | 2021-04-24 | The PowerVR GPU kernel driver in pvrsrvkm.ko through 2021-04-24 for the Linux kernel, as used on Alcatel 1S phones, all… | |
| CVE-2021-23133 | linux | High | 7.0 | 2021-04-22 | A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalati… | |
| CVE-2021-30002 | linux | Medium | 6.2 | 2021-04-02 | An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/… | |
| CVE-2021-29155 | linux | Medium | 5.5 | 2021-04-20 | An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirable out-of-bounds sp… | |
| CVE-2020-36322 | linux | Medium | 5.5 | 2021-04-14 | An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. … | |
| CVE-2020-36311 | linux | Medium | 5.5 | 2021-04-07 | An issue was discovered in the Linux kernel before 5.9. arch/x86/kvm/svm/sev.c allows attackers to cause a denial of se… | |
| CVE-2021-30178 | linux | Medium | 5.5 | 2021-04-07 | An issue was discovered in the Linux kernel through 5.11.11. synic_get in arch/x86/kvm/hyperv.c has a NULL pointer dere… | |
| CVE-2020-36312 | linux | Medium | 5.5 | 2021-04-07 | An issue was discovered in the Linux kernel before 5.8.10. virt/kvm/kvm_main.c has a kvm_io_bus_unregister_dev memory l… | |
| CVE-2020-36310 | linux | Medium | 5.5 | 2021-04-07 | An issue was discovered in the Linux kernel before 5.8. arch/x86/kvm/svm/svm.c allows a set_memory_region_test infinite… |