13804 matches found
CVE-2010-4175
Technical details for CVE-2010-4175 are not provided in the supplied documents; monitor for updates.
CVE-2010-4527
The CVE-2010-4527 entry concerns the Linux kernel OSS sound driver (load_mixer_volumes in sound/oss/soundcard.c). It arises because a name field is not guaranteed to end with a NUL, enabling a local user to trigger a buffer overflow via SOUND_MIXER_SETLEVELS, with potential to escalate privileges...
CVE-2011-3353
CVE-2011-3353 : In the Linux kernel, a buffer/length handling issue in fuse_notify_inval_entry (fs/fuse/dev.c) before 3.1 can allow a local attacker mounting a FUSE filesystem to trigger a BUG_ON and system crash, i.e., local denial of service. Public advisories (e.g., OpenSUSE, Red Hat/Oracle/Li...
CVE-2012-4398
The CVE-2012-4398 issue affects the Linux kernel (kernel/kmod.c) where the __request_module function in versions before 3.4 does not set a certain killable attribute, enabling local attackers to trigger a denial of service (memory consumption) via a crafted application. The connected advisories i...
CVE-2013-0231
CVE-2013-0231 is discussed in connected advisories as affecting the Xen PCI backend: the pciback_enable_msi function in drivers/xen/pciback/conf_space_capability_msi.c on Linux kernels 2.6.18 and 3.8 allows guest OS users with PCI device access to trigger a denial of service by generating a large...
CVE-2013-2141
CVE-2013-2141 affects the Linux kernel; the do_tkill function in kernel/signal.c of kernels before 3.8.9 does not initialize a data structure, enabling local attackers to read sensitive kernel memory via crafted tkill/tgkill calls. Affected contexts are documented in MiracleLinux/OpenVAS advisori...
CVE-2013-2893
Summary of CVE-2013-2893 from provided sources : The Linux kernel HID subsystem (through version 3.11) with CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF enabled is vulnerable to a denial of service via a crafted USB HID device. The issue manifests as a heap-based out-of-bounds ...
CVE-2014-0206
CVE-2014-0206 is an array index error in aio_read_events_ring (fs/aio.c) of the Linux kernel up to version 3.15.1. It enables local users to read sensitive data from kernel memory by supplying a large head value. The provided connected documents confirm the affected file and vulnerability type bu...
CVE-2014-4667
CVE-2014-4667 affects the Linux kernel: the sctp_association_free function in net/sctp/associola.c before version 3.15.2 fails to properly manage a specific backlog value, enabling remote attackers to trigger a denial of service (socket outage) via a crafted SCTP packet. The vulnerability is root...
CVE-2014-5207
CVE-2014-5207 affects the Linux kernel up to version 3.16.1. The flaw occurs in fs/namespace.c where clearing MNT_NODEV, MNT_NOSUID, MNT_NOEXEC and changing MNT_ATIME_MASK during a remount of a bind mount is not properly restricted, allowing local users to gain privileges, interfere with backups/...
CVE-2014-9729
CVE-2014-9729 affects the Linux kernel’s UDF filesystem implementation (fs/udf/inode.c: udf_read_inode). The issue is the function’s failure to ensure data-structure size consistency, enabling a local attacker to crash the system via a crafted UDF image. The vulnerability exists in kernel version...
CVE-2014-9730
CVE-2014-9730 affects the Linux kernel’s UDF support. The function udf_pc_to_char in fs/udf/symlink.c relies on unused component lengths, enabling a local attacker to trigger a denial of service (system crash) by mounting a crafted UDF image. The vulnerability is fixed in kernel 3.18.2 (see Chang...
CVE-2015-4004
The CVE-2015-4004 issue affects the OZWPAN driver in the Linux kernel up to version 4.0.5. The flaw stems from parsing crafted packets using an untrusted length field, allowing remote attackers to read kernel memory (information disclosure) or trigger a denial of service (out-of-bounds read and s...
CVE-2015-8324
CVE-2015-8324 affects the ext4 driver in the Linux kernel prior to 2.6.34. The issue arises from incomplete tracking of initialization for certain ext4 data structures, enabling physically proximate attackers to trigger a denial of service (NULL pointer dereference and panic) via a crafted USB de...
CVE-2016-6130
CVE-2016-6130 is a race condition in the Linux kernel's sclp_ctl_ioctl_sccb path (drivers/s390/char/sclp_ctl.c) prior to 4.6 that can allow local users to disclose kernel memory by altering a length field (double fetch). The vulnerability is described as a local information-disclosure due to memo...
CVE-2016-8636
The CVE-2016-8636 issue affects the Linux kernel’s mem_check_range path in drivers/infiniband/sw/rxe/rxe_mr.c, where an integer overflow can occur. This vulnerability in Soft RoCE (RDMA over InfiniBand) allows local users to trigger memory corruption, potentially cause a denial of service, and ma...
CVE-2017-17053
CVE-2017-17053 affects the Linux kernel, specifically the init_new_context code path in arch/x86/include/asm/mmu_context.h, for kernels built with CONFIG_MODIFY_LDT_SYSCALL=y. Before 4.12.10, errors from LDT table allocation when forking a new process are not handled correctly, enabling a local a...
CVE-2018-10840
CVE-2018-10840 describes a heap-based buffer overflow in the Linux kernel’s ext4 xattr handling: fs/ext4/xattr.c:ext4_xattr_set_entry(). An attacker could exploit this by operating on a mounted crafted ext4 image, potentially leading to kernel memory corruption. Connected feeds confirm multiple v...
CVE-2019-0145
CVE-2019-0145 : Buffer overflow in the i40e driver for Intel(R) Ethernet 700 Series Controllers, affecting versions before 7.0. An authenticated local user can potentially escalate privileges. The vulnerability arises in the i40e driver implementation and is documented in multiple advisories refe...
CVE-2020-36780
Mode C: The CVE-2020-36780 issue concerns the Linux kernel i2c Sprd driver. The root cause is a reference leak where pm_runtime_get_sync increments the device PM reference count on return even when the operation failed, in sprd_i2c_master_xfer() and sprd_i2c_remove(). The fix replaces the increme...
CVE-2021-46996
CVE-2021-46996 corresponds to a memleak in the Linux kernel nftables netfilter code, specifically in the userdata error path when creating new objects. The fixed description states that the patch releases an object name if userdata allocation fails, addressing a memory leak in the userdata error ...
CVE-2021-47080
CVE-2021-47080 pertains to the Linux kernel RDMA core. Affected: Linux kernel builds where user_entry_size is supplied by the user and later used as a denominator to compute the number of entries. If the user supplies 0, a divide-by-zero triggers a kernel panic (observed in ib_uverbs_handler_UVER...
CVE-2021-47138
In CVE-2021-47138, the Linux kernel cxgb4 driver is vulnerable because hardware registers for the server TID base can hold invalid values when the adapter is in a bad state (e.g., AER fatal error). Reading these values during filter clearing could cause out-of-bounds memory access. The fix uses t...
CVE-2021-47379
The CVE-2021-47379 entry describes a kernel vulnerability in the Linux blk-cgroup subsystem related to a use-after-free (UAF) in the block I/O scheduler. The issue arises when destroying the blkcg policy hierarchy, where the BFQ/BLK MQ path can trigger a use-after-free during queue initialization...
CVE-2021-47458
CVE-2021-47458 affects the ocfs2 mount path in the Linux kernel. It occurs when mounting ocfs2 with o2cb or pcmk on kernels built with Fortify Source, due to non-null-terminated strings in the disk representation being treated as null-terminated by strlcpy, triggering a buffer overflow and a fort...
CVE-2021-47576
CVE-2021-47576 concerns the Linux kernel SCSI subsystem, specifically the scsi_debug driver. The issue is a use-after-free (UAF) caused by insufficient validation of the block descriptor length in resp_mode_select(), leading to a KASAN crash (Read of size 1) in resp_mode_select() and related SCSI...
CVE-2022-20108
CVE-2022-20108 concerns a vulnerability in the voice service where an out-of-bounds write occurs due to a stack-based buffer overflow. The consequence is local escalation of privilege to System level, with no user interaction required for exploitation. Public details consistently describe this as...
CVE-2022-48688
CVE-2022-48688 covers a Linux kernel i40e driver issue where removing modules after an offline ethtool test could crash the kernel. The root cause reported is that the driver frees the client instance incorrectly; during recursive removal (e.g., irdma removing i40e), i40e_lan_del_device dereferen...
CVE-2022-48938
CVE-2022-48938 affects the Linux kernel CDC-NCM path. The issue arises when a broken device provides an extreme offset (e.g., 0xFFF0) with a plausible fragment length, allowing an integer overflow in the existing sanity check. The description states that both offset and offset + len must be check...
CVE-2022-49229
CVE-2022-49229 affects the Linux kernel: when unregistering a physical PTP clock that has attached virtual clocks, the kernel now unregisters the virtual clocks as well to prevent a fault. The issue could trigger a page fault in ptp_vclock_read and lead to an OOPs trace, as shown in the provided ...
CVE-2022-49308
The CVE-2022-49308 entry describes a Linux kernel extcon overflow/NULL dereference vulnerability that could cause an Oops when sysfs state_show() runs before driver data is set. The root cause is extcon device creation occurring before drvdata is initialized, leading to an edev NULL dereference d...
CVE-2022-49407
CVE-2022-49407 concerns the Linux kernel, in the dlm subsystem, where an invalid read could occur when mis-casting between plock_op and plock_xop structures during lock/file operations. The root cause was a misplacement of a field (the callback) that allowed an unsafe cast, enabling a read of fie...
CVE-2022-49923
The CVE affects the Linux kernel nxp-nci path (nfc: nxp-nci: Fix potential memory leak in nxp_nci_send). The root cause is that nxp_nci_send() frees the allocated skb only on nxp_nci_i2c_write() failure; when the write succeeds, nxp_nci_i2c_write() does not free the skb, causing a memory leak. A ...
CVE-2023-2019
CVE-2023-2019 : A flaw in the Linux kernel netdevsim device driver’s event scheduling due to improper management of a reference count. This can enable a local attacker to cause a denial-of-service on the system. The description and references in the connected docs point to a kernel-level issue; n...
CVE-2023-23001
CVE-2023-23001 affects Linux kernel prior to 5.16.3, where a misinterpretation of regulator_get’s return value in drivers/scsi/ufs/ufs-mediatek.c treats an error pointer as NULL in the error case. This may lead to improper handling in that path. The vulnerability is addressed by the Linux kernel ...
CVE-2023-46343
CVE-2023-46343 concerns the Linux kernel up to version 6.5.9, with a NULL pointer dereference in send_acknowledge (net/nfc/nci/spi.c). Affected component: kernel. Root cause: NULL pointer dereference in send_acknowledge. Explicit impact details in the provided metrics show Confidentiality and Int...
CVE-2023-52771
CVE-2023-52771 affects the Linux kernel CXL stack. The issue is a race between delete_endpoint() teardown and parent unregistration, which can impact the cxl_mem/cxl_port topology during port removal. The provided description states two fixes: (1) acquire a reference on the parent to prevent use‑...
CVE-2023-52984
CVE-2023-52984 affects the Linux kernel PHY code for DP83822 family: DP83825/DP83826 devices can dereference a NULL private data pointer because probe() initializes only the DP83822 path and interrupt setup is shared. The fix adds a NULL-pointer check/verifies the pointer before use, preventing t...
CVE-2023-53107
CVE-2023-53107 concerns the Linux kernel veth/XDP path, specifically a use-after-free in XDP_REDIRECT triggered via AF_XDP. The root cause was a bug in veth_xdp_rcv_skb introduced by commit 718a18a0c8a6 that could call kmalloc to expand headroom when headroom
CVE-2024-26751
CVE-2024-26751 affects the Linux kernel on ARM (ep93xx) where the gpiod_lookup_table lacks a terminator. If gpio_find() is passed a con_id not present in the table, it may loop indefinitely and trigger an oops. The available connected documents confirm the issue and describe the fix as adding a t...
CVE-2024-26807
CVE-2024-26807 is a Linux kernel issue in the cadence-quadspi driver where the runtime suspend/resume paths incorrectly retrieve a spi_controller pointer via dev_get_drvdata, potentially using a cqspi_st instead of a spi_controller. This mismatch can cause memory corruption and kernel crashes dur...
CVE-2024-35829
CVE-2024-35829 affects the Linux kernel DRM Lima heap allocator. The issue is a memleak in lima_heap_alloc where, if lima_vm_map_bo fails, allocated resources were not properly deallocated, leading to memory leaks. Connected advisories (Astra Linux, Unity Nessus entry) confirm the same root cause...
CVE-2024-36003
CVE-2024-36003: Linux kernel ice driver deadlock in ice_reset_vf() due to lock order between VF config_lock and LAG mutex when ICE_VF_RESET_LOCK is involved. Connected advisories describe the issue as a possible circular locking dependency triggered on VF creation/removal, enabling a deadlock bet...
CVE-2024-38384
CVE-2024-38384 (Linux kernel) - The blk-cgroup subsystem had a race where reordering WRITE to the lqueued field with a READ of bisc->lnode.next inside __blkcg_rstat_flush() could corrupt a local list. The issue could occur anytime __blkcg_rstat_flush() runs, especially during blk_cgroup_bio_st...
CVE-2024-39301
CVE-2024-39301 affects the Linux kernel’s 9P client code path. The issue arises in p9_client_rpc() where, if p9_check_errors() fails early, req->rc.tag may not be initialized, yet trace_9p_client_res() attempts to print it. The root cause is an uninitialized value in the 9P client RPC path, tr...
CVE-2024-39505
CVE-2024-39505 relates to the Linux kernel drm/komeda code where komeda_pipeline_get_state() may return an error-valued pointer. The fix requires checking the pointer for negative or NULL values before dereferencing. The vulnerability impact is STATED as potential denial of service or corruption ...
CVE-2024-40915
The CVE-2024-40915 issue affects the Linux kernel on riscv, where __kernel_map_pages() (a debugging page-table helper) used __set_memory() to flip the valid bit of page-table entries. __set_memory() takes init_mm’s semaphore and can sleep, but __kernel_map_pages() may be called in atomic context,...
CVE-2024-40928
CVE-2024-40928 – Linux kernel ethtool statistics fix : The issue arises from a null function pointer in ethtool_get_phy_stats when performing phy stats ioctl. The patch fixes the error handling by returning -EOPNOTSUPP when ops->get_ethtool_phy_stats is NULL, preventing a null-dereference in n...
CVE-2024-42147
CVE-2024-42147 affects the Linux kernel crypto: hisilicon/debugfs path. During zip probe, debugfs initialization failure could cause the error branch to release_regs, and the regs uninitialization could release multiple times. The root cause is an uninitialized regs path when debugfs init fails, ...
CVE-2024-43824
The CVE CVE-2024-43824 affects the Linux kernel PCI Express endpoint code (pci_epf_test). The vulnerability arises from use of cached epc_features in pci_epf_test_core_init() instead of querying via pci_epc_get_features(), removing a NULL check that was deemed redundant. The change relies on epc_...