13804 matches found
CVE-2024-49953
CVE-2024-49953 affects the Linux kernel mlx5e driver (IPsec path). The issue is a crash caused by calling __xfrm_state_delete() twice: in xfrm_state_delete the km.state is not checked in the driver’s delayed work, which can allow xfrm_state_check_expire() to reset a state that is already XFRM_STA...
CVE-2024-50026
CVE-2024-50026 affects the Linux kernel SCSI wd33c93 path. A regression from the commit that moved scsi_pointer from hostdata->connected to private command data caused an oops in wd33c93_intr() because hostdata->connected is not valid during selection. The fix retrieves the current scsi_poi...
CVE-2024-50030
CVE-2024-50030 refers to a Linux kernel vulnerability in drm/xe/ct where a use-after-free (UAF) could occur due to fence/timeout interactions. The fix serializes with the completion side by grabbing ct->lock after the wait to ensure correct ordering of dependent loads/stores and to prevent UAF...
CVE-2024-50111
CVE-2024-50111 affects LoongArch Linux kernel where unaligned access can trigger in irq-enabled context; do_ale() may call get_user(), causing sleep and BUG: sleeping function called from invalid context. The fix described in the unpatched Nessus entry is to enable IRQ handling for unaligned acce...
CVE-2024-53115
Technical details for CVE-2024-53115 are not publicly disclosed in the provided connected documents. The initial description mentions a kernel fix for a null pointer dereference in vmw_framebuffer_surface_create_handle, but no product/version specifics or exploit info are given here. Monitor for ...
CVE-2024-53154
Technical details for CVE-2024-53154 are not provided in the connected documents. The initial description mentions a NULL check added in applnco_probe for clk-apple-nco in the Linux kernel.
CVE-2024-53228
Technical details about CVE-2024-53228 are not publicly provided in the supplied documents; only a high-level summary of the fix (riscv kvm out-of-bounds check) is present. Monitor for updates.
CVE-2024-56710
CVE-2024-56710 is a Linux kernel vulnerability involving a memory leak in the ceph Direct I/O path. The bvecs array allocated in iter_get_bvecs_alloc() can leak and leave pages pinned if ceph_alloc_sparse_ext_map() fails. The fix moves sparse_ext allocation earlier (and applies a similar adjustme...
CVE-2024-56725
CVE-2024-56725 : In the Linux kernel, the octeontx2-pf driver (otx2_dcbnl.c) contained an unchecked error pointer after calling otx2_mbox_get_rsp, potentially leading to a NULL-pointer dereference if the function returned an error. The public description and connected Astra Linux bulletin confirm...
CVE-2024-57801
CVE-2024-57801 affects the Linux kernel in the mlx5e driver: during unload, a use-after-free can occur when accessing rpriv->netdev or walking rpriv->tc_ht for a vport representor that is not fully loaded. The root cause is missing checks when restoring TC rules for the vport representor, l...
CVE-2024-57993
CVE-2024-57993 (Linux kernel) affects the HID thrustmaster driver. The issue arose from a type mismatch between a USB pipe and the transfer endpoint triggered by the hid-thrustmaster driver. A patch was applied to thrustmaster_probe that adds an endpoint type check to fix this warning. The vulner...
CVE-2025-21836
CVE-2025-21836 affects the Linux kernel io_uring/kbuf component. The issue arises when upgrading, where IORING_REGISTER_PBUF_RING can re-use an old io_buffer_list previously published for a legacy buffer, potentially breaking the requirement that most fields stay stable after publish. The fix is ...
CVE-2025-21885
CVE-2025-21885 concerns the Linux kernel bnxt_re RDMA driver. The description notes a kernel panic when nvme target uses use_srq, caused by incorrect handling of page details for SRQs created by kernel consumers (kernel-space SRQs require explicit page size/shift configuration as well). The issue...
CVE-2025-21894
The CVE-2025-21894 issue affects Linux kernel ENETC, where Virtual Functions (VFs) do not support HWTSTAMP_TX_ONESTEP_SYNC because only the PF can access PMa_SINGLE_STEP registers. The result is a crash when VFs attempt one-step timestamping, as illustrated by the kernel crash trace. A fix has be...
CVE-2025-21936
CVE-2025-21936 affects the Linux kernel Bluetooth subsystem. The vulnerability arises from not checking the return value of mgmt_alloc_skb() in mgmt_device_connected(), leading to a potential null pointer dereference. The connected Azure/Tenable Nessus entries reference the advisory and state tha...
CVE-2025-22001
CVE-2025-22001 affects the Linux kernel, in the Compute Acceleration Framework (accel/qaic). The issue is an integer overflow in qaic_validate_req(), triggered by user-supplied 64-bit values via qaic_attach_slice_bo_ioctl(); the patch adds a check_add_overflow() to prevent wrapping. The provided ...
CVE-2025-22012
CVE-2025-22012 concerns a Linux kernel issue where a change in arm64 dts for qcom SDM845/850 could affect pagetable walker cache coherency. The vulnerability description states that this led to lock-ups and resets on some devices (e.g., Yoga C630) while others (Dragonboard 845c) were unaffected. ...
CVE-2025-22057
CVE-2025-22057 : In the Linux kernel, the fix for an issue with decreasing cached dst counters in dst_release was incomplete when CONFIG_DST_CACHE is enabled and OvS tunnels are used, potentially leading to a kernel NULL page fault during dst cache destruction. The upstream patch moves the decrem...
CVE-2025-22125
CVE-2025-22125 : Linux kernel md/raid1, raid10 could ignore IO flags (notably REQ_IDLE, and related flags) when blk-wbt is enabled, causing degraded write performance. The issue is fixed by preserving IO flags from the master bio (commit f51d46d0e7cb: “md: add support for REQ_NOWAIT”). Applicable...
CVE-2025-37773
CVE-2025-37773 : In the Linux kernel, the virtiofs subsystem was updated to fix a NULL source-name in the filesystem context source name check. In fuzzing-like scenarios, the source name may be NULL, potentially triggering a kernel panic. The connected advisories confirm the issue and describe th...
CVE-2025-37787
CVE-2025-37787 affects the Linux kernel in the mv88e6xxx DSA driver. The issue arises when unbinding the driver: a NULL devlink global region pointer is passed to devlink_region_destroy(), causing a NULL-tolerant crash. The root cause is that some devlink regions (MV88E6XXX_REGION_STU and MV88E6X...
CVE-2025-37793
CVE-2025-37793 affects the Linux kernel ASoC: Intel avs driver. The vulnerability arises when avs_component_probe() dereferences a NULL from devm_kasprintf() if memory allocation fails, leading to a NULL pointer dereference. A fix was implemented in the kernel to check for NULL from devm_kasprint...
CVE-2007-6206
CVE-2007-6206 affects the Linux kernel (2.4.x and 2.6.x up to 2.6.24-rc3). The issue lies in the do_coredump function in fs/exec.c, where the core dump file’s UID is not changed if a core dump already exists in the same location when a root-owned process dumps a core. This behavior could allow a ...
CVE-2008-1673
The CVE-2008-1673 vulnerability affects the Linux kernel ASN.1 BER decoding in CIFS and ip_nat_snmp_basic modules (and gxsnmp). Root cause: improper validation of ASN.1 BER lengths, enabling a remote attacker to crash the system or execute arbitrary code via: (1) a length greater than the working...
CVE-2010-0307
CVE-2010-0307 affects the Linux kernel (x86_64) prior to 2.6.32.8 where load_elf_binary in fs/binfmt_elf.c may call SET_PERSONALITY before confirming the ELF interpreter exists, enabling a local DoS via a 32-bit process launching a 64-bit one and triggering a segmentation fault (flush_old_exec re...
CVE-2010-2240
CVE-2010-2240 affects the Linux kernel via the do_anonymous_page function in mm/memory.c, where improper separation of the stack and heap allows context-dependent attackers to execute arbitrary code by writing to the bottom page of a shared memory segment, demonstrated by a memory-exhaustion atta...
CVE-2010-2959
The CVE-2010-2959 issue affects the Linux kernel CAN subsystem, specifically the can/bcm.c implementation, due to an integer overflow vulnerability. This flaw can allow local attackers to execute arbitrary code or cause a system crash (DoS) via crafted CAN traffic. Public advisories confirm vulne...
CVE-2010-3849
CVE-2010-3849 affects the Linux kernel’s econet_sendmsg path (net/econet/af_econet.c) prior to 2.6.36.2, when an Econet address is configured. A local user can trigger a denial of service by issuing a sendmsg with a NULL remote address, causing a NULL pointer dereference and OOPS. The correspondi...
CVE-2010-4346
The vulnerability CVE-2010-4346 affects the Linux kernel: install_special_mapping in mm/mmap.c before 2.6.37-rc6 does not call security_file_mmap as expected, allowing local users to bypass mmap_min_addr restrictions and potentially trigger NULL pointer dereference via a crafted assembly-language...
CVE-2011-1082
CVE-2011-1082 affects the Linux kernel prior to 2.6.38. The flaw is in fs/eventpoll.c where epoll file descriptors may be placed inside other epoll data structures without proper validation of closed loops or deep chains. This can let a local user cause a denial of service (deadlock or stack memo...
CVE-2012-3511
The CVE-2012-3511 entry maps to the Linux kernel issue in mm/madvise.c: madvise_remove contains race conditions that can be exploited locally to trigger use-after-free and kernel crash, resulting in denial of service via munmap or close. Affected lineage includes kernels before 3.4.5; patches add...
CVE-2013-0914
The CVE-2013-0914 issue affects the Linux kernel (before 3.8.4) where the function flush_signal_handlers in kernel/signal.c preserves the sa_restorer field across an exec. This behavior enables local users to bypass ASLR via a crafted application using sigaction. Exploitation details are not prov...
CVE-2013-1792
The CVE-2013-1792 entry is valid and has concrete details in connected documents: a race condition in the Linux kernel’s install_user_keyrings() (security/keys/process_keys.c) allows local users to trigger a NULL pointer dereference and crash via concurrent keyctl calls. The vulnerability affects...
CVE-2013-2232
CVE-2013-2232 affects the Linux kernel prior to 3.10. The vulnerable code is the ip6_sk_dst_check function in net/ipv6/ip6_output.c; it lets a local user cause a denial-of-service (system crash) by using an AF_INET6 socket to connect to an IPv4 interface. A remedy is the upstream patch applied in...
CVE-2013-2888
CVE-2013-2888 : The Linux kernel HID subsystem contains multiple array index errors in drivers/hid/hid-core.c that can be triggered by a crafted HID device providing an invalid Report ID. The vulnerability allows physically proximate attackers to execute arbitrary code or cause a denial of servic...
CVE-2013-6383
The CVE-2013-6383 issue is real in the Linux kernel up to version 3.11.7: the aac_compat_ioctl function in drivers/scsi/aacraid/linit.c does not require CAP_SYS_RAWIO, allowing local users to bypass access restrictions via a crafted ioctl. Affected: Linux kernel prior to 3.11.8 (notably seen in a...
CVE-2014-7826
CVE-2014-7826 affects the Linux kernel up to 3.17.2, where kernel/trace/trace_syscalls.c in the ftrace subsystem mishandles private syscall numbers. This can allow a local user to gain privileges or cause a denial of service via an crafted application (invalid pointer dereference). Connected advi...
CVE-2014-9728
CVE-2014-9728 concerns the Linux kernel UDF filesystem before 3.18.2, where missing validation of certain lengths in fs/udf/inode.c and fs/udf/symlink.c can enable a local attacker to trigger a denial of service via a crafted UDF image, potentially causing a buffer over-read and system crash. The...
CVE-2015-4001
CVE-2015-4001 family affects the OZWPAN driver in the Linux kernel (drivers/staging/ozwpan/ozhcd.c and related ozusbsvc1.c parsing paths) up to kernel 4.0.5. Root cause is integer signedness and length-field handling flaws in the OZWPAN stack, enabling remote attackers to cause denial of service ...
CVE-2015-8709
CVE-2015-8709 affects the Linux kernel, specifically the code path in kernel/ptrace.c up to version 4.4.1. The issue arises from how uid and gid mappings are handled when establishing a user namespace, allowing a local user to gain privileges by waiting for a root process to enter that namespace ...
CVE-2015-8944
CVE-2015-8944 concerns the Linux kernel up to version 4.7 (as used in Android on Nexus 6/7 devices before 2016-08-05). The ioresources_init function in kernel/resource.c uses weak permissions for /proc/iomem, allowing local users to read this file and obtain sensitive information. The description...
CVE-2018-13098
CVE-2018-13098 applies to the Linux kernel’s F2FS implementation, specifically fs/f2fs/inode.c up to version 4.17.3. The issue is a denial-of-service condition caused by a slab out-of-bounds read and a BUG when FI_EXTRA_ATTR is set in an inode of a modified F2FS image. Connected Nessus advisories...
CVE-2019-15793
CVE-2019-15793 concerns a shiftfs issue in Ubuntu’s patched Linux kernel (5.0/5.3). The bug translated user/group IDs to init_user_ns instead of the lower filesystem’s s_user_ns, risking bypass of discretionary access control. Consequence: local attacker could exploit the mis-translation to acces...
CVE-2021-46997
CVE-2021-46997 is rejected/not used; not an active vulnerability entry.
CVE-2021-47119
CVE-2021-47119 (Linux kernel/ext4) involves a memory leak in ext4_fill_super where buffer head references (and the page referenced by b_data) are not freed by kill_bdev. The issue arises when block sizes differ: sb_set_blocksize() kills current buffers/page cache via kill_bdev and then rereads th...
CVE-2021-47203
The CVE-2021-47203 entry describes a Linux kernel vulnerability in the lpfc SCSI driver (lpfc_drain_txq) where, on a failed attempt to pass requests to the adapter, a local failure message (fail_msg) is set and jobs may be added to the completions list, risking list corruption. The fixed behavior...
CVE-2022-4127
CVE-2022-4127 : A NULL pointer dereference in the Linux kernel function io_files_update_with_index_alloc can allow a local user to crash the system, causing a denial of service. The vulnerability affects the kernel and is documented across multiple sources (NVD/OSV/CNVD, Nessus/NASL entries). Som...
CVE-2022-47938
Technical details are not publicly provided in the supplied documents. CVE-2022-47938 concerns ksmbd in the Linux kernel 5.15–5.19 before 5.19.2, with an out-of-bounds read during SMB2_TREE_CONNECT; monitor for updates.
CVE-2022-48666
CVE-2022-48666 affects the Linux kernel and is a use-after-free in the SCSI core (scsi: core: Fix a use-after-free). The issue arises from two .exit_cmd_priv implementations that use resources tied to the SCSI host; the fix waits in scsi_remove_host() until the tag set is freed to ensure resource...
CVE-2022-48687
CVE-2022-48687 affects the Linux kernel SRv6 HMAC configuration. The vulnerability stems from the SECRETLEN length being decoupled from SECRET, allowing invalid combinations (e.g., secret="", secretlen=64) that an attacker can craft via netlink to trigger an out-of-bounds read of up to 64 bytes p...