13692 matches found
CVE-1999-0524
CVE-1999-0524 is an ICMP information-disclosure vulnerability where ICMP replies reveal (1) netmask and (2) timestamp to arbitrary hosts. Connected reports link it to multiple products (e.g., Nutanix AHV advisories NXSA‑AHV series and ABB M2M Gateway plugin) and describe the issue as an informati...
CVE-2018-13405
CVE-2018-13405 involves the Linux kernel inode_init_owner() logic where, in a scenario with an SGID directory and a writably user who is not in that group, a local user could create a plain file with the SGID group ownership and executable bits, effectively escalating privileges. Connected docume...
CVE-2020-36776
In the Linux kernel, CVE-2020-36776 concerns the slab OOB issue in thermal/cpufreq_cooling. The vulnerability is triggered in cpu_power_to_freq() when the EM table does not contain a suitable power entry (power below OPP0), leading to a negative index read. The documented fix returns the lowest a...
CVE-2018-20856
CVE-2018-20856 : Linux kernel before 4.18.7 contains a use-after-free in block/blk-core.c__blk_drain_queue() when an error case is mishandled. This could allow a local attacker to cause a denial of service or, potentially, execute arbitrary code. The issue was addressed in the 4.18.7 patch releas...
CVE-2020-24587
CVE-2020-24587 is referenced in the Amazon Linux 2 kernel advisory for Kernel-5.10-2022-002. The connected document confirms a flaw in the Linux kernel 802.11 wifi fragmentation handling where fragments encrypted under different keys can be reassembled and decrypted, enabling an attacker within w...
CVE-2024-26875
The CVE-2024-26875 entry affects Linux kernel media: pvrusb2, where risk came from a use-after-free in pvr2_context_set_notify due to a race with pvr2_context_disconnect involving a disconnect_flag. The provided fix moves the disconnect_flag assignment to after all code in pvr2_context_disconnect...
CVE-2019-3846
CVE-2019-3846 affects the upstream kernel’s Marvell mwifiex wireless kernel driver. The description documents a memory corruption flaw that could allow privilege escalation when connecting to a malicious wireless network. Connected sources confirm this is within the mwifiex driver and describe th...
CVE-2023-4622
CVE-2023-4622 is a Linux kernel use-after-free in af_unix (unix_stream_sendpage) where the code accesses the peer’s skb without holding the queue lock, enabling a local privilege escalation through a race with garbage collection. Public analyses in connected advisories (e.g., Astra Linux, ALAS2 l...
CVE-2023-4623
CVE-2023-4623 describes a use-after-free in the Linux kernel’s net/sched sch_hfsc subsystem that can enable local privilege escalation. The issue occurs when a class uses a link-sharing curve (HFSC_FSC) and has a parent without one; init_vf() may call vttree_insert() on the parent, but update_vf(...
CVE-2019-17666
CVE-2019-17666 affects the Linux kernel Realtek rtlwifi driver (rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c). The root cause is a missing upper-bound check that leads to a buffer overflow. Impact stated in sources includes memory corruption and potential remote code execution, wit...
CVE-2021-46948
CVE-2021-46948 relates to the Linux kernel: the sfc: farch patch fixes TX queue lookup in TX event handling. The issue occurred because TXQ label was used as the basis for queue lookup, which could cause efx_channel_get_tx_queue() to return NULL and trigger panics. The vulnerability has been reso...
CVE-2021-46925
CVE-2021-46925 affects the Linux kernel in the net/smc path. The issue is a race between smc_cdc_tx_handler() and smc_release() that can lead to a kernel panic or use-after-free when smc_cdc_tx_handler() accesses an smc_sock that has already been freed. The provided description documents a crash ...
CVE-2023-4206
CVE-2023-4206 is a use-after-free vulnerability in the Linux kernel net/sched: cls_route (route handling) caused by route4_change() copying the entire tcf_result into a new filter. On update, tcf_unbind_filter() is invoked on the old instance, decreasing the parent class’ filter_cnt and potential...
CVE-2010-3904
CVE-2010-3904 is a Linux kernel flaw in the RDS implementation where rds_page_copy_user does not validate user-space addresses, enabling local privilege escalation via crafted sendmsg/recvmsg calls. Affected: Linux kernels prior to 2.6.36; fixed in later kernel releases (e.g., Red Hat/CentOS advi...
CVE-2021-46910
CVE-2021-46910 relates to the Linux kernel’s kmap_local(): when CONFIG_DEBUG_KMAP_LOCAL=y, per-CPU fixmap slots are doubled, causing the fixmap region to grow downwards and potentially collide with the virtual DT mapping. The documented impact is a local exploit path leading to kernel instability...
CVE-2021-46912
The CVE-2021-46912 entry describes a Linux kernel vulnerability where tcp_allowed_congestion_control is global and writable, allowing cross-namespace leakage. A fix was applied to make tcp_allowed_congestion_control readonly in non-init netns, addressing the per-net IPv4 congestion control sysctl...
CVE-2020-12888
CVE-2020-12888 affects the Linux kernel VFIO PCI driver (through 5.6.13) and arises from improper handling of accesses to disabled MMIO space. A local attacker or a guest VM with VFIO access could trigger a denial of service or crash by exploiting writes/reads to disabled memory regions. Connecte...
CVE-2023-52440
CVE-2023-52440 affects the ksmbd component of the Linux kernel. Root cause: a slub overflow in ksmbd_decode_ntlmssp_auth_blob() when authblob->SessionKey.Length exceeds CIFS_KEY_SIZE, enabling overflow during key exchange (cifs_arc4_crypt copies from SessionKey). The fix introduces bounds prot...
CVE-2019-11478
CVE-2019-11478 describes a DoS in the Linux kernel TCP SACK handling where the TCP retransmission queue can fragment, leading to degraded performance or denial of service when processing crafted SACK sequences. The initial entry notes a fixed commit f070ef2ac66716357066b683fb0baf55f8191a2e and st...
CVE-2019-15505
CVE-2019-15505 affects the technisat-usb2 media driver in Linux kernels up to 5.2.9. The issue arises from improper validation of incoming IR packets, leading to a heap buffer over-read. An attacker capable of adding USB devices (potentially via remote USB technologies like usbip/usbredir) could ...
CVE-2022-25636
CVE-2022-25636 affects the Linux kernel (5.4–5.6.10) via an out-of-bounds heap write in net/netfilter/nf_dup_netdev.c related to nf_tables_offload. This enables local privilege escalation. The connected documents confirm the affected range and the heap OOB write, but do not provide a detailed fix...
CVE-2023-52441
CVE-2023-52441 affects the Linux kernel ksmbd path and is resolved by a patch that fixes an out-of-bounds condition in init_smb2_rsp_hdr(). When a client sends an SMB2 negotiate request followed by an SMB1 negotiate request, init_smb2_rsp_hdr is invoked for the SMB1 path because need_neg is false...
CVE-2022-3564
CVE-2022-3564 is a high-severity Linux kernel vulnerability involving a use-after-free in the Bluetooth subsystem, specifically the function l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c . Connected advisories (CentOS, AlmaLinux, AlmaLinux-RT, Astra Linux, and others) confirm the same weak...
CVE-2021-46931
CVE-2021-46931 involves the Linux kernel mlx5e path (net/mlx5e, mlx5_core) where a TX-timeout-recovery flow calls mlx5e_tx_reporter_dump_sq() with a void* that is actually a mlx5e_tx_timeout_ctx*. The mismatch corrupts stack state and can trigger a kernel panic/stack overflow. The fix adds a wrap...
CVE-2019-14821
CVE-2019-14821 is a Linux kernel KVM issue: an out-of-bounds access in the Coalesced MMIO write path can occur if a host user controls the MMIO ring buffer indices (ring->first/ring->last). A local attacker with /dev/kvm access could crash the host kernel or potentially escalate privileges ...
CVE-2021-29154
CVE-2021-29154 affects the Linux kernel BPF JIT implementation (arch/x86 net/bpf_jit_comp.c and bpf_jit_comp32.c). Connected advisories (e.g., ALAS2KERNEL-5.4-2022-003) confirm a local privilege escalation due to incorrect computation of branch displacements in the BPF JIT, enabling arbitrary cod...
CVE-2021-29650
CVE-2021-29650 affects the Linux kernel prior to 5.11.11. The netfilter subsystem (net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h) may omit a full memory barrier when a new table value is assigned, enabling a local attacker to trigger a DoS/panic in netfilter. The issue is docume...
CVE-2019-14835
The CVE-2019-14835 entry describes a buffer overflow in Linux kernel vhost functionality (virtqueue buffers translated to IOVs) during VM live migration. A privileged guest user could pass descriptors with invalid length while migration is underway, potentially causing a host privilege escalation...
CVE-2019-15902
CVE-2019-15902 describes a backporting error that reintroduced Spectre-v1 in ptrace_get_debugreg() due to swapped lines during cherry-picking. Affected Linux kernels include 4.4.x (up to 4.4.190), 4.9.x (up to 4.9.190), 4.14.x (up to 4.14.141), 4.19.x (up to 4.19.69), and 5.2.x (up to 5.2.11). Th...
CVE-2019-14283
CVE-2019-14283 affects the Linux kernel up to version 5.2.2, where floppy drive handling in set_geometry() in drivers/block/floppy.c fails to validate sect and head, enabling an integer overflow and out-of-bounds read. This can be triggered by an unprivileged local user when a floppy is present (...
CVE-2021-46908
CVE-2021-46908 is a Linux kernel issue where the bpf permission flag for mixed signed bounds arithmetic was incorrect, enabling a vulnerability path that was mitigated by bypass_spec_v1 handling instead of allow_ptr_leaks. Connected advisories (e.g., SUSE-SU-2024:1465-1 / SUSE-SU-2024:1489-1) des...
CVE-2020-24588
The CVE-2020-24588 entry relates to the 802.11 Wi‑Fi fragmentation/ A‑MSDU handling issue where the plaintext QoS header flag isn’t authenticated, enabling an attacker to inject packets by sending non‑SSP A‑MSDU frames (FragAttacks). Connected Astra Linux advisories describe this as a variant of ...
CVE-2021-33034
CVE-2021-33034 is a use-after-free in Linux kernel before 5.12.4 in net/bluetooth/hci_event.c when destroying an hci_chan, enabling arbitrary writes. Affected: Linux kernel before 5.12.4 (Bluetooth HCI driver). Mitigation: upgrade to 5.12.4 or later (ChangeLog-5.12.4).
CVE-2023-52435
CVE-2023-52435 affects the Linux kernel’s net/ skb_segment() and can overflow MSS when computing mss = mss * partial_segs, risking a crash (e.g., GSO_BY_FRAGS) and triggering NULL pointer dereferences in some traces. The fix adds a guard to ensure the new MSS is smaller than GSO_BY_FRAGS, prevent...
CVE-2021-46952
Summary (CVE-2021-46952): In the Linux kernel, NFS with UDP transport was vulnerable to a shift-out-of-bounds due to a garbage UDP retrans timeout being passed to xprt_calc_majortimeo. If retrans is >= 64, the mount fails with an error, preventing exploitation. The fix is a patch to validate U...
CVE-2023-1206
CVE-2023-1206 describes a hash collision flaw in the Linux kernel’s IPv6 connection lookup table that can allow a local attacker or a user with high bandwidth to cause significant CPU spike (up to 95%) on the server accepting IPv6 connections. Connected advisories show this CVE being addressed in...
CVE-2021-41864
CVE-2021-41864 affects the Linux kernel (pre-5.14.12) in prealloc_elems_and_freelist() within kernel/bpf/stackmap.c. An unprivileged local user can trigger an eBPF multiplication overflow, causing an out-of-bounds write and potential memory corruption or system crash. The issue is fixed in Linux ...
CVE-2019-17133
CVE-2019-17133 affects Linux kernel up to 5.3.2, where cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c fails to reject an oversized SSID IE, causing a Buffer Overflow. The available connected docs confirm the vulnerability and its impact but do not provide a specific patched version or reme...
CVE-2021-46949
CVE-2021-46949 concerns the Linux kernel sfc (Solarflare) network driver path: farch TX queue lookup during TX flush done handling. The root cause is starting TXQ processing from a TXQ instance number (qid) rather than a TXQ type, which could cause efx_get_tx_queue() to return NULL and trigger pa...
CVE-2020-25705
CVE-2020-25705 is a Linux kernel ICMP handling flaw that lets an off-path attacker bypass UDP source port randomization and rapidly scan open UDP ports. Affected products include various kernel versions and embedded/Linux-based devices; remediation is via kernel updates (e.g., CentOS/AlmaLinux ad...
CVE-2021-46950
The CVE-2021-46950 entry concerns a Linux kernel data corruption issue in md/raid1(bitmaps): when ending a failed write request, bitmap bits could be cleared, causing corruption. The vulnerability arises in the failure handling path of raid1_end_write_request, where the I/O might be retried (R1BI...
CVE-2014-0196
CVE-2014-0196 affects the Linux kernel (through 3.14.3) specifically the n_tty_write function in drivers/tty/n_tty.c. The flaw permits a local user to trigger a race condition between read and write operations with long strings in the LECHO & !OPOST case, enabling denial of service (memory corrup...
CVE-2026-31431
CVE-2026-31431 is a local privilege escalation in the Linux kernel’s algif_aead/AF_ALG path. The root cause is an in-place operation bug in the AEAD handling, which can be exercised via AF_ALG sockets with the authencesn algorithm and splice() to corrupt the kernel page cache of readable files wi...
CVE-2023-4194
CVE-2023-4194 affects the Linux kernel TUN/TAP network devices. A type confusion in initialization of tun/tap sockets could let a local user bypass network filters and access resources. The description notes patches for CVE-2023-1076 were incomplete; upstream commits (tun_chr_open/tun_open and re...
CVE-2025-21877
CVE-2025-21877 (Linux kernel, usbnet gl620a) affects the usbnet implementation in the kernel where GenelInK_bind() fails to verify that the device actually provides the endpoints it requests. This can lead to a mismatch when an artificially manufactured endpoint is encountered, as Syzbot observed...
CVE-2021-46945
CVE-2021-46945 concerns the Linux kernel ext4 filesystem. The vulnerability causes a kernel panic when the filesystem is mounted with errors=panic, prior to a specific commit. After the patch 014c9caa29d3, remounting a filesystem with abort no longer panics, and the behavior is restored to what i...
CVE-2021-46935
CVE-2021-46935 : Linux kernel binder vulnerability where async_free_space accounting for empty parcels leaked up to 8 bytes per 8-byte-or-smaller async transaction. Root cause: after a patch fixing visibility (Android binder buffer moved out of user space), the free operation didn’t add back size...
CVE-2023-42754
CVE-2023-42754 is a vulnerability in the Linux kernel IPv4 stack: a NULL pointer dereference where skb may not be bound to a device before __ip_options_compile if the skb is re-routed by ipvs. The impact is a local crash under CAP_NET_ADMIN. Public details in connected advisories reaffirm the iss...
CVE-2023-39194
CVE-2023-39194 – The Apollo/CVE entry documents a flaw in the Linux kernel XFRM subsystem: during processing of state filters, an out-of-bounds read past the end of an allocated buffer can be triggered by a local attacker with CAP_NET_ADMIN privileges, potentially leading to information disclosur...
CVE-2021-3347
CVE-2021-3347 is a Linux kernel use-after-free in PI futex fault handling that could allow a local user to crash the kernel or escalate privileges. Multiple connected advisories confirm the issue and indicate fixes have been released across distributions (e.g., generic kernel updates and kernel l...