13804 matches found
CVE-2004-1235
CVE-2004-1235 documents a race condition in the Linux kernel (load_elf_library and binfmt_aout paths used by uselib) affecting 2.4 (through 2.429-rc2) and 2.6 (through 2.6.10). Exploitation allows a local user to execute arbitrary code by manipulating the VMA descriptor. The initial description p...
CVE-2009-1336
CVE-2009-1336 affects the Linux kernel (before 2.6.23) in the NFS client path. The issue is that a structure member that stores the maximum NFS filename length is not properly initialized, related to the encode_lookup function. This allows local users to trigger a denial of service (OOPS) by usin...
CVE-2009-2695
CVE-2009-2695 affects the Linux kernel before 2.6.31-rc7, where mmap operations targeting page zero and other low memory addresses are not properly prevented. This enables local privilege escalation via NULL pointer dereference vulnerabilities, linked to (1) SELinux’s allow_unconfined_mmap_low se...
CVE-2010-4251
CVE-2010-4251 affects the Linux kernel up to version 2.6.34. The vulnerability lies in the socket backlog handling in net/core/sock.c, which allows remote attackers to cause memory exhaustion DoS by sending大量 network traffic (e.g., UDP via netperf). The issue is addressed by the 2.6.34 changelog ...
CVE-2011-5321
The vulnerability CVE-2011-5321 affects the Linux kernel up to version 3.1.0, specifically the tty_open function in drivers/tty/tty_io.c, where a driver-lookup failure can lead to a NULL pointer dereference and system crash via crafted access to /dev/pts devices. Local users can cause a denial of...
CVE-2012-2121
CVE-2012-2121 affects the KVM component of the Linux kernel prior to 3.3.4. The vulnerability stems from improper management of the relationships between memory slots and the iommu, enabling guest OS users (with administrative access inside the guest) to trigger hotplug/hotunplug operations on de...
CVE-2013-3301
CVE-2013-3301 affects the Linux kernel ftrace implementation up to version before 3.8.8. Local users with CAP_SYS_ADMIN can write to either set_ftrace_pid or set_graph_function and trigger an lseek, leading to a NULL pointer dereference and possible system crash or other impact. Multiple connecte...
CVE-2013-4162
CVE-2013-4162 : In the Linux kernel (IPv6 UDP implementation), the function udp_v6_push_pending_frames in net/ipv6/udp.c calls an incorrect function for pending data. This yields a local denial of service (BUG and system crash) when a crafted application uses UDP_CORK via setsockopt. Affected ver...
CVE-2013-6368
CVE-2013-6368 affects the KVM subsystem in the Linux kernel up to version 3.12.5, enabling local users to gain privileges or trigger a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address. The connected advisories for MiracleLinux, Unity Linux, and E...
CVE-2013-7265
CVE-2013-7265 affects the Linux kernel; the pn_recvmsg function in net/phonet/datagram.c updates a length value before the associated data structure is initialized, enabling local users to read sensitive kernel stack memory via recvfrom/recvmmsg/recvmsg calls. Impact is a local information leak. ...
CVE-2013-7281
CVE-2013-7281 affects the Linux kernel’s dgram_recvmsg in net/ieee802154/dgram.c and allows local users to leak kernel stack memory by updating a length value without initializing an associated data structure. The issue is fixed in kernel 3.12.4 (patch referenced in changelog), with exposure via ...
CVE-2014-8086
CVE-2014-8086 : A race condition in the Linux kernel’s ext4_file_write_iter (fs/ext4/file.c) up to version 3.17 can enable a local attacker to cause a denial of service (file unavailability) by racing a write action with an F_SETFL O_DIRECT flag operation. Affected software is the Linux kernel be...
CVE-2015-8952
CVE-2015-8952 : The mbcache feature in the Linux kernel’s ext2/ext4 implementations mishandles xattr block caching, enabling a local attacker to cause a denial of service (soft lockup) in environments with many attributes (as demonstrated by Ceph and Samba). The vulnerability is present in kernel...
CVE-2016-8660
CVE-2016-8660 affects the Linux kernel XFS subsystem up to version 4.8.2. A local attacker can trigger a denial of service (fdatasync failure and system hang) by using the vfs syscall group in the Trinity program, due to a page lock order bug in the XFS seek hole/data implementation. The root cau...
CVE-2017-5549
CVE-2017-5549 affects the Linux kernel prior to 4.9.5. The vulnerability exists in klsi_105_get_line_state (drivers/usb/serial/kl5kusb105.c) where, on a failure to read the line status, uninitialized heap memory contents are placed into a log entry. This can allow a local attacker to read sensiti...
CVE-2018-11508
CVE-2018-11508 affects the Linux kernel’s compat_get_timex implementation in kernel/compat.c, allowing a local attacker to disclose kernel memory via adjtimex, with affected versions up to but before 4.16.9. The issue’s public fixes are documented in ChangeLog-4.16.9 and Ubuntu security advisorie...
CVE-2019-18813
CVE-2019-18813 is tied to a memory leak in the Linux kernel’s dwc3_pci_probe() (drivers/usb/dwc3/dwc3-pci.c). The issue is present in kernel versions up to 5.3.9 and allows a remotely-triggered denial of service by causing memory consumption when platform_device_add_properties() fails. The connec...
CVE-2021-20219
CVE-2021-20219: Linux kernel DoS in n_tty_receive_char_special (drivers/tty/n_tty.c). Local attacker with unprivileged user can delay the loop (ldata->read_head changes) due to a missing sanity check, impacting availability. The initial doc does not specify affected kernel versions, patches, o...
CVE-2021-47023
CVE-2021-47023 is rejected/not used and not an active vulnerability entry.
CVE-2021-47483
CVE-2021-47483 affects the Linux kernel regmap subsystem (regcache_rbtree). The issue is a double-free in error handling when a reallocation fails, causing rbnode->block to reference freed memory. The fix moves the rbnode->block assignment to immediately after a successful reallocation, ens...
CVE-2022-3077
CVE-2022-3077 : A buffer overflow vulnerability in the Linux kernel Intel iSMT SMBus host controller driver, exposed via I2C_SMBUS (I2C_SMBUS_BLOCK_PROC_CALL) with malicious input. Local users can crash the system. Documents consistently reference this CVE in multiple advisories/plugins (e.g., Mi...
CVE-2022-48659
CVE-2022-48659 is a Linux kernel issue localized to mm/slub where kmalloc() can fail with an OOM, and the fix ensures create_unique_id() returns a proper errno instead of triggering BUG_ON(). The result is a kernel BUG at mm/slub.c:5893 in the failing path, with the stack showing sysfs_slab_add →...
CVE-2022-48771
The CVE-2022-48771 issue affects the Linux kernel drm/vmwgfx: a failing usercopy of the fence_rep object can leave a stale file descriptor entry because put_unused_fd() isn’t released; this can let userland reference a dangling file descriptor and enable use-after-free scenarios. The fix defers t...
CVE-2022-48956
The CVE-2022-48956 issue is a Linux kernel use-after-free vulnerability in IPv6 handling, specifically in ip6_fragment() with a problematic assumption about rcu_read_lock() ownership. The flaw enables a use-after-free in the UDP path (ip6_dst_idev and ip6_fragment) as shown in the syzbot KASAN re...
CVE-2022-48990
CVE-2022-48990 affects the Linux kernel (drm/amdgpu) where a use-after-free could occur during GPU recovery due to fw_fence not being initialized before amdgpu_job_free_cb frees a job. The publicly provided details state the fix is in drm/amdgpu: fix use-after-free during gpu recovery, addressing...
CVE-2022-49238
CVE-2022-49238 concerns the Linux kernel ath11k driver for QCA6390/WCN6855. The issue arises when disconnecting from an AP: a commit sequence intended to fix a firmware crash ended up skipping all peer deletion, leaving peer->sta set and then used, causing a use-after-free. The log shows a use...
CVE-2022-49778
CVE-2022-49778 concerns the Linux kernel on arm64 where pmd_user_accessible_page() incorrectly treated non-leaf PMDs as leaf, causing a decrease of file_map_count for non-leaf PMDs during collapse of huge pages and triggering a BUG_ON() in mm/page_table_check.c. The provided connected documents c...
CVE-2022-49862
CVE-2022-49862 concerns the Linux kernel TIPC subsystem. The issue arises in tipc_nl_compat_name_table_dump_header where the msg->req TLV length is not properly validated, following a prior change intended to fix uninit-value behavior when TLV_GET_DATA_LEN() can be negative. This can lead to i...
CVE-2022-49911
In CVE-2022-49911, the Linux kernel's netfilter ipset hash:net,iface type could exhaust memory because it did not enforce the documented limit of storing more than 64 networks with distinct interfaces in a single set. The issue is addressed by applying the documented restriction (max 64 interface...
CVE-2023-32252
CVE-2023-32252 affects the Linux kernel ksmbd (the in-kernel SMB server). The flaw occurs in the handling of SMB2_LOGOFF commands due to improper validation of a pointer before access. This can allow an attacker to trigger a denial-of-service on the affected system. The description and connected ...
CVE-2023-3397
CVE-2023-3397 is a race between lmLogClose and txEnd in the Linux kernel’s JFS, allowing a local attacker to crash the system or leak kernel info. Connected entries show Root:Debian-13, -11, -12 patches for rootio-linux with multiple fixed versions; patches indicate remediation has been applied i...
CVE-2023-52584
CVE-2023-52584 refers to a Linux kernel issue in the spmi: mediatek driver where a use‑after‑free occurs on device removal: the pmif driver clocks are freed after spmi_controller, but the clocks are accessed via devres, leading to UAF. The documented fix uses an unmanaged clk_bulk_get() and frees...
CVE-2023-52975
CVE-2023-52975 affects the Linux kernel SCSI/iscsi_tcp component. A use-after-free (UAF) can occur during iSCSI session logout if another task accesses the shost ipaddress attribute, triggering KASAN reports. The issue has concrete fixes in the Linux kernel (e.g., commits in the referenced reposi...
CVE-2023-53100
CVE-2023-53100 affects the Linux kernel ext4 inline data handling. The issue arises in ext4_update_inline_data when ext4_xattr_shift_entries changes i_inline_off, causing an incorrect inline offset and, during get_max_inline_xattr_value_size, an entry that leads to free calculations becoming nega...
CVE-2023-53108
CVE-2023-53108 – Linux kernel (net/iucv) : The vulnerability arises from incorrect sizing of iucv_irq_data, which must be 4 bytes larger. The under-allocation can permit a Redzone/heap corruption (dma-kmalloc-64) during iucv_init/cpu hotplug flow, with objects showin g incomplete frees in the obs...
CVE-2024-26647
CVE-2024-26647 affects the Linux kernel DRM/AMD display component. In link_set_dsc_pps_packet(), a dereference of struct display_stream_compressor *dsc could occur (dsc->ctx->logger) before a NULL pointer check, enabling a potential crash when the dsc pointer is NULL. The issue has been fix...
CVE-2024-26822
CVE-2024-26822 relates to the Linux kernel SMB client automounts. The issue occurs when uid, gid and cruid are not specified, which can cause the automount context to reuse values from the parent mount. The fix is to dynamically set uid, gid and cruid in the filesystem context used for automounts...
CVE-2024-26917
CVE-2024-26917 affects the Linux kernel SCSI/FCoE path. The vulnerability stems from reverting a commit that changed spin lock usage for FCoE devices (from bh to irqsave), which caused interrupts to be lost for FCoE devices. The problem was introduced in the patch set around scsi: fcoe: Fix poten...
CVE-2024-26942
CVE-2024-26942 (Linux kernel) affects the qcom at803x PHY driver (at8031) in the Linux kernel. The root cause is a NULL dereference where the private data (priv) is referenced before it has been allocated during the driver’s rework/split, causing a kernel panic when probing at8031. The fix ensure...
CVE-2024-35815
CVE-2024-35815: In the Linux kernel, a vulnerability in fs/aio arose because the first kiocb_set_cancel_fn() argument could point to a struct kiocb not embedded in struct aio_kiocb, causing req->ki_ctx to be read around the IOCB_AIO_RW test depending on compiler behavior. The fix guarantees th...
CVE-2024-39509
CVE-2024-39509 is a Linux kernel local vulnerability in HID core: implement() where a WARN_ON() was considered superfluous and removed to prevent syzkaller warnings in hid-core.c/hid_output_report. The issue arises when writing a value into a field of smaller size; the value is already masked and...
CVE-2024-41075
CVE-2024-41075 affects the Linux kernel cachefiles subsystem. The vulnerability arises in copen/cread handling, where insufficient consistency checks could permit a malicious process to complete arbitrary open/read requests, potentially crashing the system. The fixed approach adds explicit checks...
CVE-2024-43841
CVE-2024-43841 affects the Linux kernel wifi/virt_wifi path. The vulnerability allowed a reported successful connection to be reported even when the SSID from user space differed from what virt_wifi advertised, because the SSID was not checked (only BSSID was validated). A fix was implemented in ...
CVE-2024-45019
CVE-2024-45019 affects the Linux kernel component net/mlx5e. The issue involves the required use of the state lock during the tx timeout reporter; a prior change removed the lock to fix another issue, which could risk deadlocks. The patch restores the lock at a later point when calling mlx5e_safe...
CVE-2024-46836
CVE-2024-46836 in the Linux kernel affects usb: gadget: aspeed_udc. The issue is a missing bound check for the endpoint index, which may allow an out-of-bounds access to the endpoint array if the host manipulates the index. Descriptions and Nessus references confirm this bound-check root cause an...
CVE-2024-47686
The CVE-2024-47686 item concerns a Linux kernel vulnerability in the ep93xx clock driver. The root cause is an off-by-one in ep93xx_div_recalc_rate() where the psc->div[] array length (psc->num_div) did not correctly guard reads; the condition must be >= rather than > to prevent an ou...
CVE-2024-47714
CVE-2024-47714 affects the Linux kernel module for MT7996 WiFi (mt76). The vulnerability stems from using hweight8 on a 16-bit chainmask, causing incorrect tx_ant values (band 2); without the patch, tx_ant could become -1, triggering a KASAN stack-out-of-bounds condition in mt7996_mcu_add_sta. Th...
CVE-2024-47732
The Connected documents confirm CVE-2024-47732 affects the Linux kernel and concerns a potential use-after-free in crypto: iaa (free_device_compression_mode freeing device_mode, which is later passed to iaa_compression_modes[i]->free()). The OSV entries summarize the vulnerability as resolved ...
CVE-2024-49852
CVE-2024-49852 affects Linux kernel SCSI/ELX libefc code, where a use-after-free occurs in efc_nport_vport_del() due to dereferencing nport after its release. The root cause is that kref_put() may call nport->release (_efc_nport_free()) which frees nport, but the code subsequently dereferences...
CVE-2024-49908
CVE-2024-49908: In the Linux kernel, the AMDGPU display driver (amdgpu_dm) had a missing null check for theafb in amdgpu_dm_update_cursor, risking a null pointer dereference. The fix adds a null check and moves the check to the point of use (line where afb is accessed). Affects drm/amd/display co...