13804 matches found
CVE-2025-22107
CVE-2025-22107 - Linux kernel (net: dsa: sja1105) Root cause: in sja1105_table_delete_entry, deleting the last element in the table incorrectly calls memmove over an out-of-bounds element, and the number of elements moved should be size - i - 1. This leads to touching an out-of-bounds memory loca...
CVE-2025-23140
CVE-2025-23140 affects the Linux kernel PCI Endpoint Test driver. The issue arose when devm_request_irq() failed in pci_endpoint_test_request_irq(): some IRQs were not released, leaving /proc/irq entries and triggering a WARN in fs/proc/generic.c (remove_proc_entry). The root cause is that pci_en...
CVE-2025-37755
CVE-2025-37755 relates to the Linux kernel: net: libwx path where page_pool_dev_alloc_pages could return NULL, with a WARN_ON(!page) yet the code continued to use the NULL pointer, potentially crashing. The description notes this is addressed by a kernel fix equivalent to a prior commit (net: fec...
CVE-2025-37944
CVE-2025-37944 affects the Linux kernel wifi stack (ath12k). The root cause is in ath12k_dp_mon_srng_process, which incorrectly uses ath12k_hal_srng_src_get_next_entry to fetch entries from the destination ring. This misapplied function leads to invalid memory access, risking data corruption or c...
CVE-2025-37948
CVE-2025-37948 affects the Linux kernel arm64 and is fixed by adding a BHB mitigation in the epilogue of BPF programs (cBPF) loaded via seccomp. The vulnerability arises when a classic cBPF program manipulates the branch history to influence speculative execution. The published details indicate t...
CVE-2003-0127
CVE-2003-0127 affects the Linux kernel 2.2.x before 2.2.25 and 2.4.x before 2.4.21. A local attacker can gain root privileges by using ptrace to attach to a child process spawned by the kernel. The description explicitly states the root cause is the kernel module loader’s handling of ptrace with ...
CVE-2007-3380
The CVE-2007-3380 vulnerability affects the Linux kernel 2.6.15 Distributed Lock Manager (DLM). A remote attacker who can connect to the DLM port can cause a denial of service, potentially blocking DLM operations and affecting lock services. Connected advisories (RHSA-2007:0940, RHBA-2007:0861, E...
CVE-2007-4573
CVE-2007-4573 - Linux kernel IA32 system call emulation on x86_64 : A flaw in IA32 emulation on 64-bit Linux kernels (2.4.x and 2.6.x up to 2.6.22.7) can allow a local unprivileged user to gain privileges by triggering an out-of-bounds access to the system call table via the %RAX register after t...
CVE-2009-0675
CVE-2009-0675 affects the Linux kernel up to version 2.6.28.6, where the skfp_ioctl function in drivers/net/skfp/skfddi.c incorrectly allows SKFP_CLR_STATS requests when CAP_NET_ADMIN is absent rather than present, enabling local users to reset driver statistics (inverted logic). The vulnerabilit...
CVE-2009-2903
The CVE-2009-2903 entry concerns a memory leak in the Linux kernel appletalk subsystem. When the appletalk and ipddp modules are loaded but the ipddp device is not found, remote attackers can trigger memory consumption leading to a denial of service. The issue affects 2.4.x up to 2.4.37.6 and 2.6...
CVE-2010-0622
CVE-2010-0622 affects the Linux kernel’s wake_futex_pi path in kernel/futex.c. The advisory notes that kernels before 2.6.33-rc7 fail to handle certain unlock operations for Priority Inheritance futexes, allowing local users to trigger a denial of service (OOPS) and potentially other impacts via ...
CVE-2010-4169
CVE-2010-4169 is a Linux kernel use-after-free in mm/mprotect.c, vulnerable before 2.6.37-rc2. Local users can trigger a denial of service via an mprotect syscall. The MiracleLinux advisory AXSA:2011-80:02 confirms the issue among kernel fixes; remediation is to upgrade to kernel 2.6.37-rc2 or ne...
CVE-2011-0712
Technical details about CVE-2011-0712 are not publicly provided in the supplied documents. Monitor for updates in connected advisories; no confirmed affected products, versions, or fixes are stated here.
CVE-2011-1163
Vulnerability: CVE-2011-1163 affects the Linux kernel (fs/partitions/osf.c) where osf_partition mishandles an invalid number of partitions, potentially allowing local attackers to read kernel heap memory via partition-table parsing vectors. Affected: Linux kernel versions prior to 2.6.38. Root ca...
CVE-2011-1478
CVE-2011-1478 affects the Linux kernel’s GRO napi_reuse_skb path: it does not reset certain structure members in net/core/dev.c, enabling a remote attacker to trigger a NULL pointer dereference via a malformed VLAN frame and cause a denial of service. The vulnerability is present in kernels befor...
CVE-2011-1593
CVE-2011-1593 affects the Linux kernel before 2.6.38.4, where multiple integer overflows in the next_pidmap function (kernel/pid.c) allow a local user to crash the system via crafted getdents or readdir calls. The connected advisories confirm the affected component and the root cause (integer ove...
CVE-2012-2133
The CVE-2012-2133 issue is a use-after-free in the Linux kernel before 3.3.6 involving hugetlbfs when huge pages are enabled. A local user could crash the system or potentially escalate privileges by interacting with quota data during a umount operation, due to improper handling of quota data in ...
CVE-2012-2372
CVE-2012-2372 affects the Linux kernel (3.7.4 and earlier). The vulnerability is in the rds_ib_xmit function (net/rds/ib_send.c) and can allow local users to cause a denial of service (BUG_ON and kernel panic) by establishing an RDS connection with the source IP equal to the IPoIB interface’s own...
CVE-2013-1763
CVE-2013-1763 affects the Linux kernel pre-3.7.10, where an array index error in net/core/sock_diag.c (__sock_diag_rcv_msg) could allow a local attacker to gain privileges via a large family value in a Netlink message. The impact is a local privilege escalation with full confidentiality/integrity...
CVE-2013-1796
CVE-2013-1796 affects the Linux kernel KVM MSR_KVM_SYSTEM_TIME handling: the kvm_set_msr_common path in arch/x86/kvm/x86.c does not ensure time_page alignment for MSR_KVM_SYSTEM_TIME when the kernel is
CVE-2013-1819
CVE-2013-1819 affects the Linux kernel prior to 3.7.6. The vulnerability resides in fs/xfs/xfs_buf.c: _xfs_buf_find does not validate block numbers, which can allow local users to mount an XFS filesystem with an invalid extent map and trigger a NULL pointer dereference, causing a denial of servic...
CVE-2013-7264
The CVE-2013-7264 issue affects the Linux kernel up to version 3.12.3, specifically the l2tp_ip_recvmsg function in net/l2tp/l2tp_ip.c. The vulnerability arises because a length value is updated before ensuring that the associated data structure is initialized, enabling a local attacker to leak k...
CVE-2014-3534
CVE-2014-3534 (Linux kernel, s390) : The vulnerability in arch/s390/kernel/ ptrace.c allows a local user to bypass restrictions on address-space control with PTRACE_POKEUSR_AREA, gaining read/write access to kernel memory and potentially elevation of privileges via a crafted ptrace call. Affected...
CVE-2015-4170
CVE-2015-4170 describes a race condition in the Linux kernel’s tty shutdown path: in ldsem_cmpxchg() within drivers/tty/tty_ldsem.c, allowing a local user to trigger a deadlock (ldsem_down_read/ldsem_down_write) by starting a new tty thread during shutdown of a previous one. The affected codebase...
CVE-2016-2545
CVE-2016-2545 : Affected component is the Linux kernel; specifically the snd_timer_interrupt handler in sound/core/timer.c. The issue (pre-4.4.1) fails to maintain a linked list correctly, enabling local attackers to trigger a race condition via a crafted ioctl that can crash the system (denial o...
CVE-2017-16534
CVE-2017-16534 affects the Linux kernel before 4.13.6, specifically the cdc_parse_cdc_header function in drivers/usb/core/message.c. A crafted USB device can trigger an out-of-bounds read, causing a local denial of service (system crash) and potentially other impact. The advisory notes this is a ...
CVE-2017-16996
The CVE-2017-16996 entry affects the Linux kernel (up to version 4.14.8) in kernel/bpf/verifier.c, where register truncation mishandling is the root cause. This allows local users to trigger memory corruption and potentially other impacts described as a denial of service. The vulnerability is res...
CVE-2021-4442
CVE-2021-4442 – The Linux kernel TCP stack vulnerability described as: a syzkaller repro could cause RCV_SEQ to be advanced after data restoration in the receive queue, enabling an out-of-order or invalid sequence handling when TCP_QUEUE_SEQ is used on non-empty queues. The connected documents (A...
CVE-2021-47065
CVE-2021-47065: Technical details (affected product/versions, impact, fix) are not provided in the supplied documents. Monitor official updates for the vulnerability specifics and patch availability.
CVE-2021-47126
The CVE-2021-47126 entry is a real Linux kernel vulnerability: a KASAN slab-out-of-bounds read in IPv6 route handling (fib6_nh_flush_exceptions / fib6_nh_get_excptn_bucket) that can read 8 bytes from a fault address. It was fixed in the kernel (HEAD commit 90c911ad) and details show a slab-out-of...
CVE-2021-47131
CVE-2021-47131 affects the Linux kernel net/tls offload path. The vulnerability occurs when a netdev with TLS offload goes down and then up while a TLS context is still referenced, risking use-after-free after a data flow resumes. Fixes keep the TLS context alive until normal destruction and add ...
CVE-2021-47177
CVE-2021-47177 is a kernel-level issue in the Linux IOMMU VT-d subsystem where iommu_device_sysfs_add() leaked sysfs state on error. The published description and connected advisories state that the leak occurs in alloc_iommu() and that the sysfs entry must be cleaned on subsequent errors; a fix ...
CVE-2021-47348
The CVE-2021-47348 issue affects the Linux kernel, specifically the DRM AMD display path. The root cause is HDCP over-read/corruption due to reading 8 bytes instead of the targeted 5 bytes for a field; this could yield a corrupted value if trailing bytes are non-zero. The fix introduces a properl...
CVE-2021-47372
CVE-2021-47372 is a Linux kernel use-after-free in the macb driver. The issue arises from plat_dev->dev->platform_data being released by platform_device_unregister() and subsequently using pclk and hclk, leading to use-after-free in macb_remove. The fixed sequence avoids using the clk devic...
CVE-2022-48630
CVE-2022-48630 affects the Linux kernel crypto: qcom-rng. The issue is an infinite loop in qcom_rng_read() when max is not a multiple of WORD_SZ, caused by removing a break in the else branch. The fix re-adds the break (a simple patch) to avoid looping. The vulnerability was demonstrated/tested o...
CVE-2022-48704
CVE-2022-48704 affects the Linux kernel’s DRM/Radeon path. The vulnerability stems from a race/flush issue where the radeon lockup work queue may not be fully flushed before the system enters D3hot, potentially leading to a kernel Oops and a stall in GPU work processing. The described fix adds a ...
CVE-2022-49026
CVE-2022-49026 is a Linux kernel use-after-free in the e100 driver (e100_xmit_prepare) when skb mapping fails. The patch removes a harmful free, preventing UAF if the upper layer resends the skb. Reported in multiple advisories and OSS docs, the issue affects the kernel networking transmit path; ...
CVE-2022-49053
CVE-2022-49053 affects the Linux kernel scsi: target: tcmu component. The vulnerability arises from tcmu_try_get_data_page() returning a data page pointer without properly holding a reference under the cmdr_lock, which can allow the page to be freed by tcmu_blocks_release(), creating a use-after-...
CVE-2022-49304
CVE-2022-49304 concerns a deadlock in the Linux kernel’s serial driver path (drivers/tty/serial) specifically in sa1100_set_termios(). The issue stems from a lock-order conflict: thread1 holds sport->port.lock while waiting on del_timer_sync(), while a timer handler running in thread2 also nee...
CVE-2022-49611
The CVE-2022-49611 entry refers to a Linux kernel x86 speculation mitigation: Fill RSB on vmexit for IBRS to prevent RSB underflow/poisoning. The description notes mitigation is implemented in the kernel and documents tribal knowledge about RSB attacks. Connected Nessus/OpenVAS entries for EulerO...
CVE-2023-3389
CVE-2023-3389 (Linux kernel io_uring UAF) : A use-after-free in the io_uring subsystem can be exploited to achieve local privilege escalation. The issue involves racing a io_uring cancel poll request with a linked timeout, which can trigger a UAF in an hrtimer. Impact is local privilege escalatio...
CVE-2023-3865
CVE-2023-3865 affects the ksmbd component of the Linux kernel (smb2_write). Root cause: ksmbd_smb2_check_message does not validate hdr->NextCommand; if NextCommand > Offset+Length of smb2 write, an oversized length allows an out-of-bounds read in smb2_write. Implication: out-of-bounds read ...
CVE-2023-52631
CVE-2023-52631 affects the Linux kernel NTFS3 path. The issue is a NULL dereference in ntfs_load_attr_list() caused by a 32-bit overflow in size calculation (le32_to_cpu(attr->res.data_size) + 1023), which can yield zero and make kmalloc return ZERO_SIZE_PTR, leading to a crash on memcpy. The ...
CVE-2023-53018
CVE-2023-53018 affects the Linux kernel Bluetooth stack. If hci_cmd_sync_queue() fails in hci_le_terminate_big() or hci_le_big_terminate(), the memory pointed to by d is not freed, causing a memory leak. A patch adds a release path in the error flow to fix this. Exploitation details are not provi...
CVE-2023-53042
CVE-2023-53042 : In the Linux kernel, the drm/amd/display component was vulnerable when writing DRR registers (e.g., OTG_V_TOTAL_MIN) in the same frame as a pipe commit, which could cause underflow. The issue has been resolved by preventing DRR from being set on a pipe commit. The available conne...
CVE-2023-53071
CVE-2023-53071 affects the Linux kernel WiFi driver mt76. The root cause was calling ieee80211_unregister_hw unconditionally when probing a mt7921e PCI card without firmware, which could lead to a NULL pointer dereference on driver removal. The fix ensures mt76_unregister_device is invoked only f...
CVE-2023-53073
CVE-2023-53073 documents a Linux kernel issue in perf/x86/amd/core where the unhandled overflow status bits were not consistently masked when the loop continued after x86_perf_event_set_period() could return 0. This caused a warning and an inconsistency because the 'handled' counter could be incr...
CVE-2023-53083
Summary (CVE-2023-53083) : This Linux kernel vulnerability concerns NFSD’s page handling during splice reads. When a splice result ends with a partial page, nfsd_splice_actor may place that partial page in rq_pages and later fill the remainder in a subsequent call, causing the page to be added ag...
CVE-2024-26706
The CVE-2024-26706 entry documents a parisc Linux kernel vulnerability where random data corruption could occur in the exception handler when accessing user space memory if the compiler reuses a different register than the one defined for the error code. The fix extends the __ex_table by three wo...
CVE-2024-26747
CVE-2024-26747 : Linux kernel patch fixes a NULL pointer dereference in usb: roles. The usb_role_switch driver saves the parent module reference; if the parent device is removed before the usb_role_switch device is released, dereferencing the now-NULL module pointer causes a crash. The fix stores...