13804 matches found
CVE-2024-35945
CVE-2024-35945 (Linux kernel) is reported as resolved in OSV entries for Root:Ubuntu 22.04 via ROOT-OS-UBUNTU-2204-CVE-2024-35945, with multiple fixed ROOT rootio-linux versions available. Other OSVs (ROOT-OS-DEBIAN-11-CVE-2024-35945, ROOT-OS-DEBIAN-12-CVE-2024-35945) also indicate patches in roo...
CVE-2024-38560
The CVE-2024-38560 entry concerns Linux kernel SCSI (bfa) code. A vulnerable path copies nbytes from userspace into a kernel buffer without guaranteeing a NUL terminator, enabling an OOB read when sscanf is applied. The issue is fixed by replacing memdup_user with memdup_user_nul to ensure proper...
CVE-2024-39371
CVE-2024-39371 affects the Linux kernel io_uring path. The issue arises in io_file_can_poll() when a forced ASYNC request has a bad or unassigned file descriptor, potentially triggering a NULL pointer dereference via the forced async preparation path. The vulnerability is demonstrated in the trac...
CVE-2024-40994
CVE-2024-40994 is a Linux kernel issue: in the ptp subsystem, an integer overflow in max_vclocks_store on 32‑bit systems when doing 4 * max can occur. The documented fix changes the allocation to use kcalloc() to prevent the overflow. The Azure Nessus entry confirms the vulnerability affects an A...
CVE-2024-43840
CVE-2024-43840 is a Linux kernel vulnerability where, when BPF_TRAMP_F_CALL_ORIG is set, the trampoline passed an address to __bpf_tramp_enter/exit() via R0 that could exceed 48 bits. The trampoline code used emit_addr_mov_i64(), assuming vmalloc()-space addresses, causing the address to be trunc...
CVE-2024-43897
CVE-2024-43897 (Linux kernel) : The issue stems from improper validation of GSO (TCP/TSO) input in virtio_net_hdr processing. The kernel’s net/virtio_net_hdr_to_skb checks for checksum fields (csum_start and csum_offset) were insufficient for GSO segs, allowing a bad input path to reach skb_check...
CVE-2024-45020
Linux kernel CVE-2024-45020 fix: a kernel verifier crash in BPF stacksafe() caused by invalid memory access when evaluating stack slots during sched-ext, mitigated by adding an i >= cur->allocated_stack guard. The issue occurs when cur->allocated_stack > old->allocated_stack, riski...
CVE-2024-46760
CVE-2024-46760 concerns the Linux kernel wifi driver rtw88 (usb) where RX status handling could dereference a NULL pointer if USB replies arrive before the device is fully initialized. The root cause is initiation of USB REQs (usb_submit_urb) before rtw_dev setup completes, allowing races with in...
CVE-2024-46834
CVE-2024-46834 concerns a Linux kernel issue in the ethtool path where the max channel check can be skipped if the indirection table cannot be fetched or memory allocation fails. The vulnerability can allow a driver’s indirection table to contain out-of-bounds channel IDs, potentially leading to ...
CVE-2024-50104
Technical details for CVE-2024-50104 are not publicly provided in the supplied documents; monitor for official advisories or patches.
CVE-2024-50177
CVE-2024-50177 concerns the Linux kernel amdgpu display driver (DML2.1). The issue is a UBSAN shift-out-of-bounds triggered when programming phantom pipes and cursor_width is explicitly set to 0, causing an overflow in 32-bit size calculations. The published fix adds a guard to validate cursor wi...
CVE-2024-50263
Technical details for CVE-2024-50263 are not publicly provided in the supplied connected documents. Monitor for updates from vendors (Ubuntu/Astra) and follow official advisories for patches.
CVE-2024-50276
CVE-2024-50276 affects the Linux kernel net driver for vertexcom mse102x. The issue was a potential double-free of TX skb: the TX skb scope is broader than mse102x_tx_frame_spi(), so if the TX skb needs expansion, the code must free the temporary skb, not the original TX skb. Failing to do so cou...
CVE-2024-50294
CVE-2024-50294 affects the Linux kernel (rxrpc subsystem). The issue arises when a call is aborted between queuing for connection and the I/O thread handling it, causing a race where the abort may be prioritized and the call removed from local->new_client_calls by rxrpc_disconnect_client_call(...
CVE-2024-53111
CVE-2024-53111 affects the Linux kernel on 32-bit platforms, in the mremap path (mm/mremap: fix address wraparound in move_page_tables). The bug could misdetect success when copying PTEs due to a wraparound in len + old_addr
CVE-2025-21677
CVE-2025-21677 is a Linux kernel vulnerability where a PFCP device is attached to the wrong network namespace, causing the device to remain alive after the namespace is removed. The root cause is pfcp_newlink() linking the PFCP device to dev_net(dev) instead of the correct net, allowing a UDP tun...
CVE-2025-21815
CVE-2025-21815 affects the Linux kernel, specifically the memory management path in mm/compaction (isolate_freepages_block). The issue stems from a UBSAN shift-out-of-bounds warning caused by (1UL <
CVE-2025-21888
Technical details about CVE-2025-21888 are not provided in the supplied Connected documents. Public disclosures in these sources reference the CVE among broader Ubuntu kernel advisories, but do not expose affected products, impact, or fixes here. Monitor for updates.
CVE-2025-21924
The CVE affects the Linux kernel net/ hns3/ hclge_ptp code path. During ptp initialization, if hclge_ptp_get_cycle returns an error, the clock could remain unregistered and not freed. The fix adds a call to hclge_ptp_destroy_clock to unregister and free the clock when ptp_cycle acquisition fails,...
CVE-2025-22042
CVE-2025-22042 concerns the Linux kernel component ksmbd, where a missing bounds check for the create lease context was fixed. The vulnerability is described as a local-privilege scenario with low attack complexity and a high impact on availability, based on the provided CVSS vector (LOCAL, LOW c...
CVE-2025-22070
The CVE-2025-22070 issue affects the Linux kernel 9P client (9p/v9fs) where mkdir could crash a mounted 9p tree when posixacl is used. Root cause: v9fs_vfs_mkdir_dotl() incorrectly passes a NULL fid to v9fs_set_create_acl(), leading to a NULL pointer dereference in v9fs_set_acl and subsequent ACL...
CVE-2025-23135
The CVE-2025-23135 issue is in the Linux kernel for RISC-V KVM teardown. The root cause is an ordering flaw during module removal: aia_exit is invoked before kvm_exit, which can leave IRQ state inconsistent (percpu IRQ 31 still enabled) and prevent the KVM module from re-insertion. The published ...
CVE-2025-37820
CVE-2025-37820 : In the Linux kernel, xen-netfront may dereference a NULL result from xdp_convert_buff_to_frame() if the function fails to convert an XDP buffer to a frame. The return value may be NULL due to memory constraints, internal errors, or invalid data, and failing to check it can cause ...
CVE-2025-37831
Affected software: Linux kernel cpufreq subsystem on Apple SoCs. Issue: cpufreq_cpu_get_raw() may return NULL when the target CPU is not present in policy->cpus mask, and apple_soc_cpufreq_get_rate() does not check for this, leading to a NULL pointer dereference. Root cause: missing NULL check...
CVE-2025-37853
Mode C: CVE-2025-37853 affects the Linux kernel DRM/AMDKFD debugfs hang_hws interface for MES path, where a NULL pointer dereference (dqm->packet_mgr not set up) can crash the kernel during MES GPU reset testing. The advisory notes the issue is resolved by skipping MES for now and that MES han...
CVE-2025-37886
CVE-2025-37886 relates to the Linux kernel: the pds_core code previously allocated a wait_context on the stack in pdsc_adminq_post(), which could be freed before the completion handler finished, risking a use-after-free and kernel crash when the adminq interrupt arrived late. The fix, as describe...
CVE-2025-37957
CVE-2025-37957 describes a Linux kernel KVM/VMX issue where, if a VM enters SMM via KVM_SMI and then encounters invalid instructions leading to exceptions, forcing a vCPU reset during SHUTDOWN interception can trigger a WARN in kvm_vcpu_reset due to the vCPU being in SMM. The root cause is omissi...
CVE-2025-37982
CVE-2025-37982 affects the Linux kernel wifi driver wl1251 (wl1251_tx_work path). The vulnerability is a memory leak: when wl1251_ps_elp_wakeup fails with -ETIMEDOUT, the skb dequeued from tx_queue is lost. The advisory/connected Azure Nessus entry confirms the fix: the skb must be re-queued back...
CVE-2008-0007
CVE-2008-0007 affects the Linux kernel prior to 2.6.22.17. Certain drivers register a fault handler that does not perform proper range checks, allowing a local attacker to access kernel memory via an out-of-range offset. The MiracleLinux/Nessus entry confirms the issue and lists affected kernel v...
CVE-2009-2847
CVE-2009-2847 affects the Linux kernel: do_sigaltstack in kernel/signal.c on 64-bit systems fails to clear certain padding bytes, enabling local users to read sensitive data from the kernel stack via sigaltstack. Affected: Linux kernel versions 2.4–2.4.37 and 2.6 up to 2.6.31-rc5. Impact: local i...
CVE-2009-4138
CVE-2009-4138 affects Linux kernels with the FireWire OHCI driver (drivers/firewire/ohci.c) prior to 2.6.32-git9. In packet-per-buffer mode, a local user can trigger a NULL pointer dereference via an ioctl associated with receiving an ISO packet with a zero payload-length field, potentially leadi...
CVE-2010-2226
CVE-2010-2226 affects the Linux kernel: the xfs_swapext function in fs/xfs/xfs_dfrag.c does not properly validate file descriptors passed to the SWAPEXT ioctl, enabling a local user with write access to swap a file into another and gain read access. The issue is present in kernel versions before ...
CVE-2010-2943
CVE-2010-2943 affects the Linux kernel's XFS implementation up to version 2.6.34, where inode allocation B-trees are not consulted before reading inode buffers. This allows remote authenticated users to read unlinked files or read/overwrite disk blocks that were previously allocated to an unlinke...
CVE-2010-2954
The CVE-2010-2954 issue affects the Linux kernel IRDA stack: irda_bind in net/irda/af_irda.c may dereference a NULL pointer when irda_open_tsap fails, causing local denial of service (kernel panic) via repeated unsuccessful binds on AF_IRDA (PF_IRDA) sockets. Affected software is the Linux kernel...
CVE-2010-4078
CVE-2010-4078 affects the Linux kernel before 2.6.36-rc6, where the sisfb_ioctl function in drivers/video/sis/sis_main.c fails to properly initialize a structure member. This allows local users to leak potentially sensitive information from kernel stack memory via the FBIOGET_VBLANK ioctl. Connec...
CVE-2013-1929
The CVE-2013-1929 issue is a heap-based buffer overflow in the tg3_read_vpd function of the Linux kernel (drivers/net/ethernet/broadcom/tg3.c) prior to 3.8.6. It allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via crafted Vital ...
CVE-2013-2899
CVE-2013-2899 concerns the Linux kernel HID subsystem: the file drivers/hid/hid-picolcd_core.c is vulnerable through kernel version 3.11 when CONFIG_HID_PICOLCD is enabled. The issue allows physically proximate attackers to cause a denial of service via a crafted device, manifested as a NULL poin...
CVE-2013-4483
The issue CVE-2013-4483 affects the Linux kernel (ipc/util.c: ipc_rcu_putref) where reference count handling is flawed in versions prior to 3.10. This local denial of service can be triggered by a crafted application, leading to memory consumption or system crash. Public advisories (e.g., Unity L...
CVE-2013-6381
CVE-2013-6381 describes a buffer overflow in the Linux kernel’s qeth_snmp_command function (drivers/s390/net/qeth_core_main.c) up to version 3.12.1, allowing local users to cause a denial of service (and potentially other impact) via an SNMP ioctl with an incompatible length. Connected documents ...
CVE-2013-7266
CVE-2013-7266 affects the Linux kernel code path in drivers/isdn/mISDN/socket.c up to version 3.12.3. The function mISDN_sock_recvmsg does not consistently validate length against the related data structure, enabling local attackers to read kernel memory via (1) recvfrom, (2) recvmmsg, or (3) rec...
CVE-2014-3940
CVE-2014-3940 affects the Linux kernel up to version 3.14.5, where hugetlb handling during hugepage migration can enable local users to trigger a race condition that may lead to memory corruption or a system crash. The issue is tied to the code paths in fs/proc/task_mmu.c and mm/mempolicy.c and i...
CVE-2014-4027
CVE-2014-4027 affects the Linux kernel prior to 3.14. The flaw is in the rd_build_device_space function (drivers/target/target_core_rd.c), where a data structure is not properly initialized, enabling local users to read sensitive information from ramdisk_mcp memory by abusing access to a SCSI ini...
CVE-2014-4611
CVE-2014-4611 concerns an integer overflow in the LZ4 implementation used in Yann Collet LZ4 prior to r118 and in the Linux kernel’s lz4_decompress.c (linux kernel before 3.15.2) on 32-bit platforms. A crafted Literal Run can trigger improper handling, enabling context-dependent attackers to caus...
CVE-2015-4036
CVE-2015-4036: An array index error in Linux kernel before 4.0 in drivers/vhost/scsi.c (tcm_vhost_make_tpg, renamed to vhost_scsi_make_tpg) can allow local guest OS users to cause a denial of service (memory corruption) or potentially other impact via a crafted VHOST_SCSI_SET_ENDPOINT IOCTL. Expl...
CVE-2015-5257
Affected software: Linux kernel before 4.2.4. Vulnerable component: drivers/usb/serial/whiteheat.c. Root cause: crafted USB device triggers a NULL pointer dereference in the WhiteHEAT USB serial driver, leading to denial of service (OOPS) on a physically proximate attacker. Impact: local DoS with...
CVE-2020-36788
CVE-2020-36788 affects the Linux kernel DRM/Nouveau: when nouveau_bo_init() fails, the underlying memory may be freed twice due to a use-after-free in the BO init path. The description explains that nouveau_bo_init() delegates to ttm_bo_init(), and on failure ttm_bo_init() calls a destructor that...
CVE-2021-4439
Mode C: The connected Nessus/OpenVAS entries confirm CVE-2021-4439 affects the Linux kernel isdn/capi/kcapi.c and relates to cmtp session handling. The root cause is an array-index-out-of-bounds when detaching a controller that is not yet attached, triggering an out-of-bounds access (-1) in a 32-...
CVE-2021-47172
CVE-2021-47172 concerns the Linux kernel iio: adc: ad7124 driver. The vulnerability is a potential overflow caused by non sequential channel numbering (holes in channel indices) which can overflow the storage used for channel data. The bug was introduced while addressing ordering of child nodes a...
CVE-2021-47402
CVE-2021-47402 affects the Linux kernel’s net: sched: flower (cls_flower). The issue arises from a use-after-free when filters are deleted concurrently due to missing RCU protection during fl_walk() iteration after a patch refactor. The provided advisories state that fl_walk() must obtain the RCU...
CVE-2022-48879
CVE-2022-48879 concerns a Linux kernel vulnerability within the EFI/Runtime Services path. The issue arises when runtime services are not supported or disabled, causing the runtime services workqueue to never be allocated, which could lead to a NULL pointer dereference if the code attempts to des...