13803 matches found
CVE-2024-26606
CVE-2024-26606 affects the Linux kernel binder subsystem. In (e)poll mode, a binder thread that issues a BINDER_WRITE_READ without a read buffer may later rely on epoll_wait to process responses, but if the epoll/wakeup signaling is not triggered for the thread’s own enqueued work, the thread can...
CVE-2020-36775
CVE-2020-36775 affects the Linux kernel’s f2fs subsystem. The vulnerability was tied to a potential deadlock in the f2fs_write_compressed_pages() path, mitigated by using f2fs_trylock_op() (consistent with the approach used in f2fs_write_single_data_page()) to avoid deadlocks. The concrete fix is...
CVE-2024-36978
In CVE-2024-36978, a Linux kernel local privilege escalation risk arises from an out-of-bounds write in net: sched: sch_multiq (multiq_tune). The bug occurs because q->bands is assigned to qopt->bands after kmalloc, and the old q->bands may be erroneously used, leading to an out-of-bound...
CVE-2019-25160
CVE-2019-25160 is about netlabel: fix out-of-bounds memory accesses in the Linux kernel. The Connected documents specify two array OOB accesses: one in cipso_v4_map_lvl_valid() and another in netlbl_bitmap_walk(). The fixes are described as straightforward, and backport guidance notes that netlbl...
CVE-2023-52474
CVE-2023-52474: In the Linux kernel, fixes were applied for IB/hfi1 user SDMA multi-iovec handling to correct data handling across iovecs and to address related mmu_rb cache pinning issues. The description notes two root bugs: 1) user_sdma_txadd() could over-read an iovec by not honoring iov_len ...
CVE-2011-3188
CVE-2011-3188 affects the Linux kernel prior to 3.1, where IPv4 and IPv6 sequence numbers/Fragment IDs are generated with a modified MD4. This predictable value generation enables remote attackers to cause DoS or hijack sessions by crafting packets. The vulnerability is mitigated by upgrading the...
CVE-2021-46906
CVE-2021-46906 — Linux kernel HID (usbhid) info leak fix : The vulnerability arises in hid_submit_ctrl where report->size of zero caused transfer_buffer_length to be calculated as 16384, enabling an information leak. The root cause is the calculation in hid_report_len() not handling a zero-siz...
CVE-2013-2094
CVE-2013-2094 affects the Linux kernel: the perf_swevent_init code in kernel/events/core.c uses an incorrect integer type, enabling a local, unprivileged user to escalate privileges via a crafted perf_event_open call. The issue leads to out-of-bounds access of perf_swevent_enabled and has been fi...
CVE-2021-4197
CVE-2021-4197 is a Linux kernel vulnerability in the cgroup process migration permission checks. A local attacker could escalate privileges due to incorrect permission validation for cgroup-associated processes (affecting both cgroup v1 and v2). The issue is described across multiple sources as a...
CVE-2023-3079
Summary (CVE-2023-3079) : A type confusion in V8 in Google Chrome prior to 114.0.5735.110 can allow remote code execution via a crafted HTML page, with heap corruption as the underlying issue. The vulnerability affects Chrome’s Chromium-based rendering stack (V8 engine) and is rated High severity...
CVE-2023-0266
CVE-2023-0266 is a use-after-free in the Linux kernel’s ALSA PCM subsystem. The vulnerability arises because SNDRV_CTL_IOCTL_ELEM_READ32/WRITE32 paths lack proper locking, enabling a use‑after‑free that can lead to privilege escalation to ring0 from a system user. Affected material points to the ...
CVE-2021-22555
CVE-2021-22555 is a Linux kernel heap out-of-bounds write vulnerability in net/netfilter/x_tables.c, dating to 2.6.19-rc1. The issue allows a local attacker to gain privileges or cause a DoS via heap memory corruption in the username space. Public sources in the connected docs confirm the vulnera...
CVE-2022-0185
CVE-2022-0185 is a Linux kernel vulnerability in the legacy_parse_param path of the Filesystem Context API. It is a heap-based buffer overflow in parameter length verification that can be triggered by an unprivileged local user when opening a filesystem that falls back to legacy handling, enablin...
CVE-2013-6282
The CVE-2013-6282 issue affects the Linux kernel on ARM v6k/v7 where get_user and put_user do not validate certain addresses, enabling an unprivileged user to read/write arbitrary kernel memory. Exploitation was reported in the wild on Android devices in late 2013. Affected kernel versions includ...
CVE-2021-33909
CVE-2021-33909 affects the Linux kernel’s filesystem layer (fs/seq_file.c) across 3.16–5.13.x, with fixed releases in 5.13.4 and via patches noted in downstream advisories. The root cause is a size_t-to-int conversion that permits an integer overflow during seq buffer allocations, enabling an Out...
CVE-2019-14816
CVE-2019-14816 is a Linux kernel heap-based buffer overflow in the mwifiex (Marvell) wifi driver that affects all versions up to, but excluding, 5.3. It enables a local attacker to crash the system or potentially execute arbitrary code via the Marvell wifi chip driver; affected scope is the kerne...
CVE-2019-11477
CVE-2019-11477 (SACK Panic) is a Linux kernel TCP vulnerability where crafted SACK blocks can trigger an integer overflow, potentially causing a kernel crash and DoS. CVE-2019-11478/11479 describe related DoS via SACK handling and low MSS. In practice, Arista discloses affected products (EOS, Clo...
CVE-2013-2596
CVE-2013-2596 is an integer overflow in the Linux kernel’s fb_mmap implementation (fbmem.c) up to version 3.8.9. It enables a local user to map kernel memory via /dev/graphics/fb0 mmap2, gaining privileges (Motochopper demonstration). Connected advisories (e.g., CentOS RHSA-2016:0450, F5 SOL11353...
CVE-2024-26589
CVE-2024-26589 pertains to a Linux kernel flaw in the BPF flow keys handling. For PTR_TO_FLOW_KEYS, check_flow_keys_access() used a fixed offset while the code allowed a variable offset ALU operation, enabling an out-of-bounds access when the program loaded flow_keys and added a variable offset. ...
CVE-2024-26602
CVE-2024-26602 affects the Linux kernel’s membarrier path. The fix targets the sys_membarrier interface by introducing a lock on the path to serialize accesses and prevent extremely high call frequency, which could otherwise cause global slowdowns. Affected component: sched/membarrier. Root cause...
CVE-2019-14814
CVE-2019-14814 affects the Linux kernel Marvell WiFi driver (mwifiex) - a heap-based buffer overflow in the Marvell WiFi chip driver, present in all kernel versions up to but excluding 5.3. This can allow local users to crash the system or, potentially, execute arbitrary code. Public advisories (...
CVE-2024-26586
CVE-2024-26586 (Linux kernel) : The issue is a stack corruption risk in mlxsw spectrum ACL TCAM handling when there are more than 16 ACLs in an ACL group. In Spectrum-2+ ASICs, firmware reports a larger ACL count than the PAGT register can hold, risking stack corruption during forwarding. The fix...
CVE-2024-26583
CVE-2024-26583 affects the Linux kernel TLS path. The issue is a race between async crypto notify completion and socket close, where the submitting thread could exit before the crypto handler finishes, risking touching data after it has been freed. The fix routes around this by reducing complex l...
CVE-2023-32233
CVE-2023-32233 concerns a use-after-free in Netfilter nf_tables in the Linux kernel (through 6.3.1) when processing batch requests. Unprivileged local users can exploit this to perform arbitrary reads/writes in kernel memory, enabling local privilege escalation to root. The root cause is mishandl...
CVE-2023-52434
CVE-2023-52434 affects Linux kernel SMB/CIFS: the vulnerability is in smb2_parse_contexts() used by SMB2_open (mount.cifs path). Root cause: insufficient validation of offsets/lengths before dereferencing create contexts, enabling an out-of-bounds access that could trigger a kernel oops when serv...
CVE-2023-52439
CVE-2023-52439 is a Linux kernel UIO subsystem use-after-free vulnerability. The issue occurs in a race between core-1 (uio_unregister_device) and core-2 (uio_open) where device_unregister frees idev, then core-2 may still access idev, leading to use-after-free and potential double free of idev v...
CVE-2021-46939
CVE-2021-46939 affects the Linux kernel where tracing changes to trace_clock_global() could deadlock due to recursive locking during tracing; the fix uses a trylock and retry semantics to avoid blocking. Public details in connected advisories (MiracleLinux UTSA, Nessus plugin) describe the same i...
CVE-2023-42753
CVE-2023-42753 is a Linux kernel netfilter nftables/IPSET issue caused by a missing IP_SET_HASH_WITH_NET0 macro, leading to incorrect CIDR_POS calculations and potential slab out-of-bounds access. Local unprivileged users could trigger memory corruption or crashes; privilege escalation is possibl...
CVE-2019-10639
CVE-2019-10639 affects Linux kernel 4.x (from 4.1) and 5.x prior to 5.0.8, enabling remote information exposure by deriving a KASLR kernel image offset from IP ID values for UDP/ICMP traffic. An attacker could force traffic to attacker-controlled IPs to obtain hashing key information and expose t...
CVE-2019-16746
CVE-2019-16746 : A buffer overflow in the Linux kernel (net/wireless/nl80211.c) can occur through improper bounds checking of variable-length elements in a beacon head, enabling potential arbitrary code execution or a system crash. The issue affects Linux kernels up to at least 5.2.17, with repor...
CVE-2018-5391
CVE-2018-5391 affects the Linux kernel (3.9+) via FragmentSmack: IP fragment reassembly can be exploited to exhaust CPU and cause DoS. Citrix/Arista/CentOS advisories describe affected products and kernel updates; CentOS/RH advisories list patched versions and note the vulnerability stems from fr...
CVE-2024-26582
CVE-2024-26582 (Linux kernel) : The vulnerability lies in the TLS path where tls_decrypt_sg does not take a reference on the pages from clear_skb. Consequently, the put_page() in tls_decrypt_done can free those pages, enabling a use-after-free when reading from a partially read skb in process_rx_...
CVE-2024-26585
CVE-2024-26585 — Linux kernel TLS race : The vulnerability arises from a race between scheduling crypto work and socket close in TLS handling. The submitter thread (recvmsg/sendmsg) may exit as soon as the async crypto handler calls complete; the fix reorders scheduling the work before complete()...
CVE-2019-10638
The CVE-2019-10638 entry concerns the Linux kernel IT: the IP ID values used for connectionless protocols (UDP/ICMP) in kernels prior to 5.1.7. The underlying issue is weak hashing of IP IDs, enabling an attacker to track a host across networks by correlating IDs and potentially obtain the hashin...
CVE-2021-46941
CVE-2021-46941 concerns the Linux kernel usb dwc3 core. The description states the issue arises in the DRD mode switch sequence for the controller: missing CoreSoftReset before switching modes and missing Host/DGPU resets (GCTL.CoreSoftReset and DCTL.CSftRst) caused lockups on HiKey960 and simila...
CVE-2020-10711
The CVE-2020-10711 entry concerns a NULL pointer dereference in the Linux kernel SELinux subprocess during CIPSO category bitmap import. Affected are kernel versions before 5.7; processing the CIPSO restricted bitmap tag in cipso_v4_parsetag_rbm sets a security attribute indicating the bitmap exi...
CVE-2021-33033
The connected sources confirm CVE-2021-33033 affects the Linux kernel up to 5.11.14, with a use-after-free in cipso_v4_genopt (net/ipv4/cipso_ipv4.c) due to mishandled CIPSO/CALIPSO DOI refcounting, enabling writing an arbitrary value. Exploitation would be local. Remediation is to upgrade to a f...
CVE-2021-46929
CVE-2021-46929 describes a Linux kernel SCTP use-after-free related issue in endpoint destruction, resolved by delaying endpoint free with call_rcu() and moving sock_put/ep free into sctp_endpoint_destroy_rcu(). The patch ensures the endpoint (ep) remains alive under rcu_read_lock during certain ...
CVE-2021-46940
CVE-2021-46940 is a Linux kernel vulnerability in the perf/turbostat timer path. The bug stems from index conversion in tools/power turbostat where idx_to_offset() returns a 32-bit int while MSR_PKG_ENERGY_STAT is a 32-bit unsigned value, causing negative interpretation and triggering a guard in ...
CVE-2021-46915
The CVE-2021-46915 issue is in the Linux kernel’s netfilter nft_limit code. nft_limit_init attempted to divide a 64-bit value by a 64-bit expectation but used div_u64 (dividing 64-bit by 32-bit), risking a divide error. The fix changes nft_limit_init to use the correct 64-bit division function (d...
CVE-2021-46909
Mode C (normal, concrete details available) CVE-2021-46909 affects the Linux kernel PCI subsystem (ARM) and is resolved by a PCI interrupt/mapping fix in ARM: footbridge. The root cause was that after commit 30fdfb929e82, the kernel started mapping PCI IRQs whenever a PCI driver is probed via pci...
CVE-2015-1593
CVE-2015-1593 affects the Linux kernel: on 64-bit platforms, the stack randomization (ASLR) feature uses incorrect data types for bitwise left-shift results, making it easier to predict the stack top address and bypass ASLR. The issue is tied to functions such as randomize_stack_top in fs/binfmt_...
CVE-2021-46927
CVE-2021-46927 concerns Linux kernel Nitro Enclaves memory mapping. After commit 5b78ed24e8ec, a call to get_user_pages() can trigger an mmap assertion when setting enclave memory regions. The fix switches to get_user_pages_unlocked() for enclave memory region setup, mirroring patterns like mmap_...
CVE-2017-1000251
CVE-2017-1000251 affects the Linux kernel Bluetooth subsystem (BlueZ) in L2CAP processing, causing a stack buffer overflow when handling configuration responses. Affected range includes kernels from 2.6.32 up to 4.13.1. Exploitation could crash the system or, in some deployments, allow remote cod...
CVE-2019-14284
CVE-2019-14284 affects the Linux kernel prior to 5.2.3, where floppy.c can suffer a division-by-zero in setup_format_params. Two consecutive ioctls can trigger a DOs: the first ioctl sets geometry (.sect/.rate) such that F_SECT_PER_TRACK becomes zero; the second triggers the floppy format operati...
CVE-2020-36777
CVE-2020-36777 is a Linux kernel issue where media: dvbdev had a memory leak in dvb_media_device_free(), documented as freeing dvbdev->adapter->conn before NULL-ing it. The connected MiracleLinux advisory (AXSA-2024-8481:17) lists this CVE among others and confirms a fix/vendor advisory. Th...
CVE-2022-0492
CVE-2022-0492 is a Linux kernel local-privilege-escalation flaw in the cgroups v1 release_agent handling (function cgroup_release_agent_write in kernel/cgroup/cgroup-v1.c). The issue arises because releasing the release_agent does not enforce proper capabilities, enabling a local attacker to esca...
CVE-1999-0524
CVE-1999-0524 is an ICMP information-disclosure vulnerability where ICMP replies reveal (1) netmask and (2) timestamp to arbitrary hosts. Connected reports link it to multiple products (e.g., Nutanix AHV advisories NXSA‑AHV series and ABB M2M Gateway plugin) and describe the issue as an informati...
CVE-2021-3773
CVE-2021-3773 is a netfilter information-disclosure vulnerability in the Linux kernel that could allow a network-connected attacker to infer the OpenVPN connection endpoint. The issue is described as an information leak through netfilter, enabling reconnaissance for further attacks. Exploitation ...
CVE-2021-46936
CVE-2021-46936 affects the Linux kernel (net: fix use-after-free in tw_timer_handler). The flaw allowed use-after-free on net->mib.net_statistics when destroying a net namespace if inflight time-wait timers exist; it is triggered during path of timer handling and ip/mib teardown. The fix reloc...