CVE-2026-31664

A flaw was found in the Linux kernel's xfrm subsystem. This vulnerability arises because the buildpolexpire function does not clear trailing padding bytes within the xfrmuserpolexpire structure. Consequently, these uninitialized padding bytes, which contain kernel heap memory contents, are sent t...

CVE-2023-53068

In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: Limit packet length to skb-len Packet length retrieved from descriptor may be larger than the actual socket buffer length. In such case the cloned skb passed up the network stack will leak kernel memory content...

CVE-2023-53062 net: usb: smsc95xx: Limit packet length to skb->len

In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc95xx: Limit packet length to skb-len Packet length retrieved from descriptor may be larger than the actual socket buffer length. In such case the cloned skb passed up the network stack will leak kernel memory conten...

CVE-2024-0340

A vulnerability was found in vhostnewmsg in drivers/vhost/vhost.c in the Linux kernel, which does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhostnewmsg function. This issue can allow local privileged users to read...

CVE-2020-27674

An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS users to gain guest OS privileges by modifying kernel memory contents, because invalidation of TLB entries is mishandled during use of an INVLPG-like attack technique...

CVE-2018-1118

The Linux kernel does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhostnewmsg function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file...

CVE-2018-1118

Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhostnewmsg function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-ne...

Microsoft Windows Kernel Mode Driver CVE-2015-1679 Local Information Disclosure Vulnerability

Description Microsoft Windows is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information such as kernel memory contents. This may aid in launching further attacks. Technologies Affected Microsoft Windows 7 for 32-bit Systems SP...

Microsoft Windows Kernel Mode Driver CVE-2015-1676 Local Information Disclosure Vulnerability

Description Microsoft Windows is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information such as kernel memory contents. This may aid in launching further attacks. Technologies Affected Microsoft Windows 7 for 32-bit Systems SP...

CVE-2007-1865

The ipv6getsockoptsticky function in the kernel in Red Hat Enterprise Linux RHEL Beta 5.1.0 allows local users to obtain sensitive information kernel memory contents via a negative value of the len parameter. NOTE: this issue has been disputed in a bug comment, stating that "len is ignored when...

Buffer overflow

The ipv6getsockoptsticky function in the kernel in Red Hat Enterprise Linux RHEL Beta 5.1.0 allows local users to obtain sensitive information kernel memory contents via a negative value of the len parameter. NOTE: this issue has been disputed in a bug comment, stating that "len is ignored when...

Mandrake Linux Security Advisory : madwifi-source (MDKSA-2007:132)

The 802.11 network stack in MadWifi prior to 0.9.3.1 would alloa remote attackers to cause a denial of service system hang via a crafted length field in nested 802.3 Ethernet frames in Fast Frame packets, which results in a NULL pointer dereference CVE-2007-2829. The athbeaconconfig function in...

CVE-2007-2875

Integer underflow in the cpusettasksread function in the Linux kernel before 2.6.20.13, and 2.6.21.x before 2.6.21.4, when the cpuset filesystem is mounted, allows local users to obtain kernel memory contents by using a large offset when reading the /dev/cpuset/tasks file...