42 Linux Kernel CVEs in January 2024
Full month · Source: NIST NVD
In January 2024, 42 Linux kernel CVEs were published, sourced from the NIST National Vulnerability Database. Of these, 23 were rated High severity and 19 Medium. CVE-2024-1086 was confirmed as actively exploited in the wild and added to the CISA Known Exploited Vulnerabilities catalog. January's 42 CVEs represent 1% of all 2024 Linux kernel CVEs , up from December's 11 (a 282% month-over-month increase) .
Actively Exploited CVEs — January 2024
1 CVE in CISA KEVCVE-2024-1086 is the only Linux kernel CVE from January 2024 confirmed as actively exploited in the wild. It carries a CVSS score of 7.8 (High severity) and is listed in the CISA Known Exploited Vulnerabilities catalog.
| CVE ID | Severity | CVSS | Published | Description | |
|---|---|---|---|---|---|
| CVE-2024-1086 | High KEV | 7.8 | 2024-01-31 | A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploite… |
| CVE ID | Package | Severity | CVSS | Published | Description | |
|---|---|---|---|---|---|---|
| CVE-2024-1085 | linux | High | 7.8 | 2024-01-31 | A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local p… | |
| CVE-2024-1086 | linux | High KEV | 7.8 | 2024-01-31 | A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local p… | |
| CVE-2024-21803 | linux | High | 7.8 | 2024-01-30 | Use After Free vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (bluetooth modules) allows Local Execution… | |
| CVE-2024-0841 | linux | High | 7.8 | 2024-01-28 | A null pointer dereference flaw was found in the hugetlbfs_fill_super function in the Linux kernel hugetlbfs (HugeTLB p… | |
| CVE-2024-23307 | linux | High | 7.8 | 2024-01-25 | Integer Overflow or Wraparound vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (md, raid, raid5 modules) … | |
| CVE-2024-22705 | linux | High | 7.8 | 2024-01-23 | An issue was discovered in ksmbd in the Linux kernel before 6.6.10. smb2_get_data_area_len in fs/smb/server/smb2misc.c … | |
| CVE-2023-51042 | linux | High | 7.8 | 2024-01-23 | In the Linux kernel before 6.4.12, amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c has a fence use-… | |
| CVE-2021-33631 | linux | High | 7.8 | 2024-01-18 | Integer Overflow or Wraparound vulnerability in openEuler kernel on Linux (filesystem modules) allows Forced Integer Ov… | |
| CVE-2024-0646 | linux | High | 7.8 | 2024-01-17 | An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user… | |
| CVE-2024-0582 | linux | High | 7.8 | 2024-01-16 | A memory leak flaw was found in the Linux kernel’s io_uring functionality in how a user registers a buffer ring with IO… | |
| CVE-2024-0562 | linux | High | 7.8 | 2024-01-15 | A use-after-free flaw was found in the Linux Kernel. When a disk is removed, bdi_unregister is called to stop further w… | |
| CVE-2021-3600 | linux | High | 7.8 | 2024-01-08 | It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit… | |
| CVE-2022-2588 | linux | High | 7.8 | 2024-01-08 | It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the … | |
| CVE-2023-6200 | linux | High | 7.5 | 2024-01-28 | A race condition was found in the Linux Kernel. Under certain conditions, an unauthenticated attacker from an adjacent … | |
| CVE-2023-39197 | linux | High | 7.5 | 2024-01-23 | An out-of-bounds read vulnerability was found in Netfilter Connection Tracking (conntrack) in the Linux kernel. This fl… |