13804 matches found
CVE-2010-4160
The CVE-2010-4160 issue is present in the Linux kernel before 2.6.36.2, involving multiple integer overflows in the PPPoL2TP and IPoL2TP sendmsg paths (pppol2tp_sendmsg and l2tp_ip_sendmsg). The vulnerability can allow local users to trigger a denial of service through heap memory corruption and ...
CVE-2010-4656
CVE-2010-4656 affects the Linux kernel’s USB iowarrior driver (drivers/usb/misc/iowarrior.c). The root cause is improper buffer/memory allocation in iowarrior_write, enabling a heap-based buffer overflow via a long report from a malicious device. This aligns with openSUSE/SUSE advisories noting a...
CVE-2011-2203
CVE-2011-2203 affects the Linux kernel (2.6.x) as cited in MiracleLinux AXSA:2012-220:01. The hfs_find_init function can crash the kernel (NULL pointer dereference) and trigger a kernel OOPs when mounting an HFS filesystem with a malformed MDB extent record, enabling a local DoS. The MiracleLinux...
CVE-2013-0268
The CVE-2013-0268 issue affects the Linux kernel, specifically the msr_open function in arch/x86/kernel/msr.c, vulnerable before version 3.7.6. The vulnerability allows local unprivileged users to bypass capability restrictions and gain root by running a crafted application (msr32.c). Affected co...
CVE-2013-0913
CVE-2013-0913 affects the i915 DRM driver in the Linux kernel up to version 3.8.3. The vulnerability is an integer overflow in drivers/gpu/drm/i915/i915_gem_execbuffer.c, which can be triggered by a crafted relocation-copy sequence and may lead to a heap-based buffer overflow, potentially enablin...
CVE-2013-2851
CVE-2013-2851 is a concrete vulnerability in the Linux kernel: a format-string flaw in the register_disk function (block/genhd.c) that affects kernels up to 3.9.4. It enables a local attacker with root access to gain privileges by writing format specifiers to /sys/module/md_mod/parameters/new_arr...
CVE-2014-3185
CVE-2014-3185 affects the Linux kernel’s Whiteheat USB Serial Driver (drivers/usb/serial/whiteheat.c). The vulnerability allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) by presenting a crafted USB device that suppli...
CVE-2015-0274
The CVE-2015-0274 entry references the Linux kernel XFS flaw: before 3.15, the XFS implementation uses an old size value during remote attribute replacement, allowing a local attacker with XFS access to trigger a denial of service (transaction overrun/data corruption) and potentially escalate pri...
CVE-2016-3713
CVE-2016-3713 affects the Linux kernel up to version 4.6.0 (fixed in 4.6.1). The vulnerability lies in msr_mtrr_valid() in arch/x86/kvm/mtrr.c, which incorrectly supports MSR 0x2f8 and allows a guest OS user to read or write the kvm_arch_vcpu data structure. Impact includes potential information ...
CVE-2017-17856
CVE-2017-17856 affects the Linux kernel kernel/bpf/verifier.c up to version 4.14.8. It enables local users to cause a denial of service via memory corruption due to lack of stack-pointer alignment enforcement. The provided documents do not include exploitation details or a remediation patch/versi...
CVE-2021-46977
CVE-2021-46977 : Linux kernel KVM VMX: Disable preemption when probing user return MSRs. The issue arises when probing a user return MSR via RDMSR/WRMSR if the MSR has a per-CPU value and a preemption occurs between the read and write, potentially corrupting the host value after rescheduling on a...
CVE-2021-47595
CVE-2021-47595 affects the Linux kernel net/sched sch_ets. The vulnerability arises when the ETS qdisc changes (ets_qdisc_change) cause list_del corruption, leading to kernel BUG checks (invalid opcode in list_debug.c) and a system crash. The provided traces show the crash occurs in ets_qdisc_cha...
CVE-2022-49035
CVE-2022-49035 in the Linux kernel affects media: s5p_cec by not consistently limiting msg.len to CEC_MAX_MSG_SIZE. Root cause is the len check not enforced in all code paths, potentially enabling a corner-case that could impact availability (per CVSS: LOCAL, HIGH impact to availability; I/I/C = ...
CVE-2022-49135
CVE-2022-49135 : In the Linux kernel, the vulnerability related to a memory leak in the drm/amd/display path has been resolved. The root cause was failure to release resources on the error handling path, leading to a memory leak. The fix adds a kfree call on the error path to ensure proper resour...
CVE-2022-49168
The CVE-2022-49168 entry concerns a Linux kernel bug in the btrfs repair path. The issue occurred when the repair submission failed and the code attempted to clean up the repair bio simultaneously with endio, creating potential use-after-free and NULL dereference conditions due to racing with bio...
CVE-2022-49228
CVE-2022-49228 relates to the Linux kernel and a bug in BTF decl_tag handling during function tagging in BPF. The issue arises when btf_decl_tag_resolve() checks a function type’s func_proto; the code attempted to access func_proto’s vlen for a type 3 function prototype, which was out of range an...
CVE-2022-49314
The CVE-2022-49314 issue is a Linux kernel resource leak in tty/icom_probe: if pci_read_config_dword fails, resources allocated earlier are recycled by pci_release_regions() and pci_disable_device(). The connected Astra Linux advisory reiterates the fix for linux-5.10/5.15 series kernels and mirr...
CVE-2022-49787
Summary (CVE-2022-49787): In the Linux kernel, the mmc: sdhci-pci fix prevents a memory leak by ensuring proper PCI device reference counting. The root cause is that pci_get_device() increases the pci_dev reference count and may not be balanced with pci_dev_put() before amd_probe() returns; the f...
CVE-2022-50066
Summary: CVE-2022-50066 affects the Linux kernel’s net/atlantic driver (Aquantia) where the final iteration of a for loop can dereference an out-of-bounds aq_vec entry, causing a UBSAN array-index-out-of-bounds condition. The issue manifests as index 8 being out of range for aq_vec_s *[8] in aq_n...
CVE-2023-0240
CVE-2023-0240 relates to a logic error in Linux kernel io_uring that can trigger a use-after-free, enabling local privilege escalation. Specifically, in io_prep_async_work, the code may incorrectly use the init_cred or a previous identity if the final io_grab_identity returns false, causing refer...
CVE-2023-52916
CVE-2023-52916 affects the Linux kernel’s media: aspeed driver. When displaying 1600x900 and memory is tight, the macro block capture can cause a system crash due to a memory overwrite; the issue is tied to an 8x8 block sizing, fixed by aligning the src-buf height to 8. The CVSS v3.1 base score i...
CVE-2023-53016
CVE-2023-53016 concerns a potential deadlock in the Linux kernel Bluetooth rfcomm path. The issue arises when rfcomm_sock_connect holds the sk lock while waiting for the rfcomm lock, and rfcomm_sock_release may hold the rfcomm lock and attempt to acquire the sk lock, creating a deadlock scenario....
CVE-2023-53090
CVE-2023-53090 affects the Linux kernel DRM/AMDKFD component (kfd_wait_on_events). The vulnerability arises because the kfd_event_waiter structure allocated by alloc_event_waiters() does not initialize its event field. If copy_from_user() fails in kfd_wait_on_events(), the code frees the previous...
CVE-2023-53146
The CVE-2023-53146 issue affects the Linux kernel’s media driver for the dw2102 I2C transfer path. In dw2102_i2c_transfer, the code can read msg[i].buf even when it is null if msg[i].len is zero, allowing a null pointer dereference before the fix. The vulnerability is mitigated by adding a check ...
CVE-2024-26688
CVE-2024-26688 — affected component: Linux kernel hugetlbfs . The vulnerability is a NULL pointer dereference in hugetlbfs_fill_super() triggered when configuring a hugetlb filesystem via fsconfig() with an invalid pagesize. The issue happens because ctx->hstate may be set to NULL in hugetlbfs...
CVE-2024-27400
CVE-2024-27400 affects the Linux kernel: drm/amdgpu, specifically amdgpu_ttm_move(). The issue is with move/ notification ordering—notifications must be sent before the actual move so DMA-buf and VM move notifications have the correct order; after a move, the old location becomes unavailable. The...
CVE-2024-35868
CVE-2024-35868 is a Linux kernel vulnerability related to the SMB/CIFS client: it fixes a potential use-after-free in cifs_stats_proc_write() by skipping sessions that are tearing down (status SES_EXITING). The issue is addressed in Linux kernel updates; multiple Red Hat advisories (RHSA-2026:053...
CVE-2024-35980
The CVE-2024-35980 issue affects the Linux kernel on arm64 when KVM is involved. The root cause is a TLBI RANGE operand sorting bug: the value passed to TLBI RANGE was not correctly derived during live migration, causing incomplete TLB flushing and potential crashes on the destination VM or misse...
CVE-2024-35990
CVE-2024-35990 (Linux kernel) involves a locking fix for the xilinx_dpdma DMA channel to address not-held locks in chan->lock and chan->vchan.lock. The attached Astra Linux bulletin and initial entry describe a fix that prevents lockdep warnings by adding missing locks around xilinx_dpdma_c...
CVE-2024-35998
The CVE-2024-35998 entry corresponds to a Linux kernel fix for a potential deadlock in CIFS (smb3) related to lock ordering in cifs_sync_mid_result. Coverity identified a thread deadlock caused by acquiring TCP_Server_Info.srv_lock while holding TCP_Server_Info.mid_lock. The connected Astra/Tence...
CVE-2024-36918
The CVE-2024-36918 issue affects the Linux kernel’s BPF bloom filter map: a missing check allowed value sizes that overflow int, risking kernel crashes. A patch rejects values above KMALLOC_MAX_SIZE during bloom filter creation; this aligns bloom map protection with other map types. The vulnerabi...
CVE-2024-38552
The CVE-2024-38552 issue affects the Linux kernel DRM/AMD display path, specifically the color transformation function. A potential index out-of-bounds can occur when i exceeds TRANSFER_FUNC_POINTS, risking buffer overflow in output_tf->tf_pts.red/green/blue. The fix adds a bounds check for i,...
CVE-2024-38591
CVE-2024-38591 affects the Linux kernel RDMA/hns driver. The issue is a deadlock in SRQ handling during asynchronous events: xa_lock for the SRQ table may be required in AEQ, and the patch uses xa_store_irq() / xa_erase_irq() to avoid deadlock. Documentation confirms the vulnerability is resolved...
CVE-2024-39468
CVE-2024-39468 affects the Linux kernel CIFS/SMB client: a deadlock in smb2_find_smb_tcon() can occur due to holding the cifs_tcp_ses_lock when invoking cifs_put_smb_ses(). The fix releases/correctly unlocks cifs_tcp_ses_lock before calling cifs_put_smb_ses(), avoiding the deadlock. References in...
CVE-2024-39485
The CVE-2024-39485 issue affects the Linux kernel media: v4l subsystem, specifically the async notifier: the notifier_entry was not re-initialised after unregister, leaving dangling pointers. The documented fix is to reinitialise the notifier_entry (e.g., via list_del_init()) so the notifier_entr...
CVE-2024-40900
CVE-2024-40900 affects the Linux kernel cachefiles path: a use-after-free can occur where requests are not removed from cache->reqs during flushing, allowing access to freed REQ objects in a concurrent flush scenario. The described sequence shows a freed req being accessed by cachefiles_ondema...
CVE-2024-40981
CVE-2024-40981 – Linux kernel batman-adv : The vulnerability centers on batman-adv’s originator handling in batadv_purge_orig_ref(), where empty buckets can lead to soft lockups (CPU 0 stuck for long periods). The root cause is not publicly disclosed in the provided documents, but the fix is desc...
CVE-2024-42076
The CVE-2024-42076 entry relates to the Linux kernel net/can/j1939 path, where j1939_send_one() allocated a full frame but did not initialize unused data, enabling a kernel-infoleak via raw_recvmsg() paths observed by syzbot. The root cause is uninitialized memory in the frame allocation (Bytes 1...
CVE-2024-42107
CVE-2024-42107 affects the Linux kernel ice driver’s PTP support. The issue is a race between ice_ptp_extts_event() and ice_ptp_release() that can dereference a NULL pointer (ptp_clock_event called with NULL) after the PTP clock has been released, causing a kernel panic. The documented fix is to ...
CVE-2024-42318
The CVE-2024-42318 issue lies in the Linux kernel Landlock integration: when a process’s cred struct is replaced, the cred_prepare LSM hook is normally invoked, but in a specific case involving KEYCTL_SESSION_TO_PARENT the cred_transfer hook is used. Landlock only implements cred_prepare, so cred...
CVE-2024-46726
CVE-2024-46726 (Linux kernel, drm/amd/display) fixes overflow/overrun in index calculations (vmid0p72_idx, vnom0p8_idx, vmax0p9_idx) to prevent array size overflow. The patch resolves 3 OVERRUNs and 1 INTEGER_OVERFLOW reported by Coverity; affected AMD display path. Remediation is to apply the up...
CVE-2024-46732
CVE-2024-46732 affects the Linux kernel DRM/AMD display path. The root cause was failing to assign linear_pitch_alignment in VM environments, which could lead to a divide-by-zero error. The fix is to assign linear_pitch_alignment in VM contexts; multiple stable-kernel commits (c984debc133e and re...
CVE-2024-46736
CVE-2024-46736 relates to the Linux kernel SMB (CIFS) client path smb2_rename_path handling. The issue arises when smb2_set_path_attr() is called with a valid cfile and returns -EINVAL; the reference to @cfile is dropped by a prior smb2_compound_op(), which can lead to a double put of @cfile. The...
CVE-2024-46739
The CVE-2024-46739 issue is in the Linux kernel (uio_hv_generic) and affects hv_uio_rescind for VM Bus channels. Root cause: the primary_channel pointer is NULL for primary channels and rescind callbacks are meant for primary channels only, leading to a NULL pointer dereference. The fix retrieves...
CVE-2024-46823
CVE-2024-46823 is a Linux kernel issue resolved by removing a locally scoped device_name array used as a driver name in kunit_device_register, which caused a KASAN-enabled kernel panic. The fix passes the device name directly into kunit_device_register as an ASCII string, addressing an out-of-sco...
CVE-2024-46843
CVE-2024-46843 concerns the Linux kernel SCSI/UFS path. The issue arises when removing the ufshcd driver from a UFS device, potentially causing a kernel panic if ufshcd_async_scan fails during ufshcd_probe_hba before a SCSI host is added. The fix is to guarantee the SCSI host is removed only if i...
CVE-2024-47751
CVE-2024-47751 affects the Linux kernel PCI Kirin driver, where kirin_pcie_parse_port() could access beyond pcie->gpio_id_reset/MAX_PCI_SLOTS due to num_slots handling. The fix changes the condition to pcie->num_slots + 1 >= MAX_PCI_SLOTS and moves the increment of num_slots below the ch...
CVE-2024-50207
Technical details about CVE-2024-50207 (ring-buffer reader locking issue in the Linux kernel) are not provided in the connected documents. Available sources mention the vulnerability and upstream fixes in general terms but do not specify affected versions, exploitability, or precise remediation s...
CVE-2024-53062
Technical details for CVE-2024-53062 are not provided in the supplied documents. Monitor official advisories for patches and affected products; no root-cause, impact, or remediation details are available here.
CVE-2024-53167
CVE-2024-53167 (Linux kernel) relates to an unregister path in NFS/pNFS block layout where unmounting a pNFS SCSI layout-enabled NFS could dereference a NULL block_device if no device could be attached to pnfs_block_dev. The root cause is a premature dereference during unregistration after the nf...