27 Linux Kernel CVEs in February 2022
Full month · Source: NIST NVD
In February 2022, 27 Linux kernel CVEs were published, sourced from the NIST National Vulnerability Database. Of these, 11 were rated High severity and 15 Medium. CVE-2022-0185 was confirmed as actively exploited in the wild and added to the CISA Known Exploited Vulnerabilities catalog. February's 27 CVEs represent 8% of all 2022 Linux kernel CVEs , up from January's 11 (a 145% month-over-month increase) .
Actively Exploited CVEs — February 2022
1 CVE in CISA KEVCVE-2022-0185 is the only Linux kernel CVE from February 2022 confirmed as actively exploited in the wild. It carries a CVSS score of 8.4 (High severity) and is listed in the CISA Known Exploited Vulnerabilities catalog.
| CVE ID | Severity | CVSS | Published | Description | |
|---|---|---|---|---|---|
| CVE-2022-0185 | High KEV | 8.4 | 2022-02-11 | A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Files… |
| CVE ID | Package | Severity | CVSS | Published | Description | |
|---|---|---|---|---|---|---|
| CVE-2021-4154 | linux | High | 8.8 | 2022-02-04 | A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel's cgroup v1 par… | |
| CVE-2022-0185 | linux | High KEV | 8.4 | 2022-02-11 | A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functi… | |
| CVE-2022-25636 | linux | High | 7.8 | 2022-02-24 | net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a… | |
| CVE-2022-0646 | linux | High | 7.8 | 2022-02-18 | A flaw use after free in the Linux kernel Management Component Transport Protocol (MCTP) subsystem was found in the way… | |
| CVE-2022-25265 | linux | High | 7.8 | 2022-02-16 | In the Linux kernel through 5.16.10, certain binary files may have the exec-all attribute if they were built in approxi… | |
| CVE-2021-3760 | linux | High | 7.8 | 2022-02-16 | A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat to confident… | |
| CVE-2022-24958 | linux | High | 7.8 | 2022-02-11 | drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev->buf release. | |
| CVE-2022-0615 | linux | High | 7.5 | 2022-02-25 | Use-after-free in eset_rtp kernel module used in ESET products for Linux allows potential attacker to trigger denial-of… | |
| CVE-2021-20322 | linux | High | 7.4 | 2022-02-18 | A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functiona… | |
| CVE-2021-4090 | linux | High | 7.1 | 2022-02-18 | An out-of-bounds (OOB) memory write flaw was found in the NFSD in the Linux kernel. Missing sanity may lead to a write … | |
| CVE-2021-3752 | linux | High | 7.1 | 2022-02-16 | A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket a… | |
| CVE-2022-21814 | linux | Medium | 6.1 | 2022-02-07 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel driver package, where improper handling of i… | |
| CVE-2022-21813 | linux | Medium | 6.1 | 2022-02-07 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel driver, where improper handling of insuffici… | |
| CVE-2020-36516 | linux | Medium | 5.9 | 2022-02-26 | An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID … | |
| CVE-2022-25375 | linux | Medium | 5.5 | 2022-02-20 | An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget… |