13804 matches found
CVE-2010-0008
CVE-2010-0008 affects the Linux kernel SCTP implementation prior to 2.6.23. The vulnerability in sctp_rcv_ootb allows remote attackers to cause a denial of service (infinite loop) via an Out Of The Blue (OOTB) chunk or a zero-length chunk. This CVE is also referenced in MiracleLinux AXSA-2010-166...
CVE-2010-2955
The CVE-2010-2955 issue affects the Linux kernel before 2.6.36-rc3-next-20100831, specifically the cfg80211_wext_giwessid function in net/wireless/wext-compat.c, which fails to initialize certain structure members. This enables a local attacker to exploit an off-by-one error in ioctl_standard_iw_...
CVE-2011-2183
CVE-2011-2183 targets the Linux kernel’s Kernel SamePage Merging (KSM) feature. When KSM is enabled, a race in scan_get_next_rmap_item in mm/ksm.c can allow a local user to trigger a NULL pointer dereference, potentially crashing the kernel or causing other unspecified impact. Affected: Linux ker...
CVE-2011-2495
CVE-2011-2495 affects the Linux kernel prior to 2.6.39.4. The issue is in fs/proc/base.c where access to /proc/#####/io is insufficiently restricted, allowing local users to poll a file and infer sensitive I/O statistics (e.g., length of another user’s password). The MiracleLinux advisories refer...
CVE-2011-3359
CVE-2011-3359 affects the Linux kernel (pre-2.6.39), specifically the b43 wireless driver. The dma_rx path does not allocate receive buffers properly, enabling remote attackers to crash the system via a crafted frame (DoS). Affected code is in drivers/net/wireless/b43/dma.c. Remediation: upgrade ...
CVE-2013-2850
CVE-2013-2850: Heap-based buffer overflow in the Linux kernel’s iSCSI target subsystem (iscsi_add_notunderstood_response in drivers/target/iscsi/iscsi_target_parameters.c) affects kernel versions up to 3.9.4. The flaw can allow remote attackers to trigger memory corruption and OOPS, with potentia...
CVE-2013-3231
CVE-2013-3231 affects the Linux kernel prior to 3.9-rc7. The llc_ui_recvmsg function in net/llc/af_llc.c does not initialize a certain length variable, enabling local users to leak sensitive information from kernel stack memory via crafted recvmsg or recvfrom syscalls. This is a local information...
CVE-2014-2672
CVE-2014-2672 : A race condition in the Linux kernel’s ath9k driver (ath_tx_aggr_sleep in drivers/net/wireless/ath/ath9k/xmit.c) before 3.13.7 can be triggered by a high volume of network traffic, enabling remote attackers to cause a denial of service (system crash). Public sources in connected d...
CVE-2014-9710
CVE-2014-9710 affects the Linux kernel’s Btrfs xattr handling prior to 3.19. The vulnerability arises because the visible xattr state may not be consistent with a requested replacement, enabling local attackers to bypass ACLs and gain privileges through standard filesystem operations during an xa...
CVE-2019-18812
CVE-2019-18812 corresponds to a memory-leak vulnerability in the Linux kernel’s sof_dfsentry_write() (sound/soc/sof/debug.c). The issue, present in kernel builds up to 5.3.9, can be exploited to cause a denial of service via memory consumption. The connected Nessus advisories (Unity Linux UTSA-20...
CVE-2021-46980
The CVE-2021-46980 item concerns Linux kernel USB Type-C UCSI: the code previously retrieved only the first 4 power data objects (PDOs) due to a 16-byte MESSAGE_IN limit. This could cause an out-of-bounds access in ucsi_psy_get_voltage_now() when a PD source advertises more than 4 PDOs (up to 7 a...
CVE-2021-46993
CVE-2021-46993 — Linux kernel sched: out-of-bounds access in uclamp bucket calculation. Util-clamp places tasks into buckets based on clamp values; with, e.g., 20 buckets, bucket size computed as 1024/20=51 can map a clamp of 1024 to bucket id 20, while valid indexes are 0–19, causing OOB access....
CVE-2021-46994
CVE-2021-46994 concerns the Linux kernel, specifically the can: mcp251x CAN driver. The vulnerability arises when resuming from suspend: since commit 8ce8c0abcba3, the driver queues work via priv->restart_work even if the interface was not previously enabled. This can lead to a NULL pointer de...
CVE-2021-47071
CVE-2021-47071 in the Linux kernel affects the uio_hv_generic path. If vmbus_establish_gpadl() fails, the recv/gpadl paths are not updated, and the error-path free in hv_uio_cleanup() may not release the associated buffer, causing a memory leak. The description in the initial document confirms th...
CVE-2021-47267
CVE-2021-47267 affects the Linux kernel USB gadget code: if a gadget driver calls usb_assign_descriptors() with a NULL super-speed-plus descriptor and the system runs at 10Gbps, a null pointer dereference can crash the kernel when a 10Gbps device port, cable, and host port are detected. The docum...
CVE-2021-47405
CVE-2021-47405 affects the Linux kernel HID usbhid subsystem. The issue is a memory leak from unsent raw_report buffers when a USB HID device is removed; a patch/fix has been released in the kernel to address this. The CVSS metrics in the initial record show a MEDIUM base score (5.5) with LOCAL a...
CVE-2021-47599
CVE-2021-47599 covers a Linux kernel bug in btrfs: during pruning/moving devices, btrfs_show_devname() could fail to find devices and emit a warning. The fix updates the device list handling so latest_dev->name is shown reliably in /proc/self/mounts, with devices kept alive under RCU protectio...
CVE-2021-47623
CVE-2021-47623 affects the PowerPC path in the Linux kernel where unmapping a fixmap entry via __set_fixmap() (FIXMAP_PAGE_CLEAR) ends up calling map_kernel_page(), which fails if invoked a second time for the same page. The connected documents confirm the root cause in arch/powerpc/mm/pgtable.c ...
CVE-2021-47644
CVE-2021-47644 affects the Linux kernel where the “media: staging: media: zoran” code path was updated to move videodev allocation out of zr36057_init() and create new handling functions for zr->video_dev. The change fixes a memory leak in zr->video_dev and improves code readability. The vu...
CVE-2021-47645
CVE-2021-47645 affects the Linux kernel media subsystem (staging: media: zoran). The root cause is a miscalculated buffer index in zoran_reap_stat_com when tmp_dcim=1, which can lead to a NULL pointer dereference. Patches were applied to correct the calculation and add a defensive check to preven...
CVE-2022-2308
CVE-2022-2308 describes a vulnerability in the Linux kernel’s vDPA with the VDUSE backend. The VDUSE kernel driver does not validate that the device config space size matches the features advertised by the VDUSE userspace app, causing Virtio config read helpers to pass uninitialized memory to vdu...
CVE-2022-48631
The CVE-2022-48631 issue affects the Linux kernel’s ext4 extents parsing. Specifically, ext4_ext_binsearch_idx() could operate on an extent header with eh_depth > 0 when eh_entries is 0, leading to garbage indices and kernel crash (BUG at fs/ext4/extents.c:2258) observed in the provided traces...
CVE-2022-48699
The CVE-2022-48699 issue affects the Linux kernel sched/debug path, where a dentry is leaked by using debugfs_remove(debugfs_lookup()) in update_sched_domain_debugfs. The root cause is improper dentry reference counting, which can, under hotplug stress, lead to memory exhaustion. The available fi...
CVE-2022-48981
CVE-2022-48981 is a Linux kernel vulnerability related to DRM SHMEM: the error-path handling in drm/shmem-helper and the ownership of references in drm_gem_shmem_mmap() can cause a use-after-free of a GEM object. The root cause is that drm_gem_shmem_mmap() does not own a reference, potentially fr...
CVE-2022-49000
CVE-2022-49000 – Linux kernel (iommu/vt-d) refcount leak fix . The issue stems from for_each_pci_dev() implemented via pci_get_device(); the returned pci_dev’s reference count is incremented, but input dev is not always decremented, leading to a potential refcount leak. The patch adds a pci_dev_p...
CVE-2022-49031
The CVE-2022-49031 issue affects Linux kernel iio: health: afe4403, where an OOB read occurs in afe4403_read_raw due to out-of-bounds access to afe4403_channel_leds when channels exceed the array. The fix moves the chan->address access before using it, preventing the out-of-bounds read. The ac...
CVE-2022-49292
CVE-2022-49292 is tied to the Linux kernel ALSA oss PCM buffer allocation overflow. The vulnerability occurs when snd_pcm_plug_alloc() may allocate an oversized temporary buffer during data conversion if hardware parameters allow larger-than-expected period/buffer sizes, risking an INT_MAX overfl...
CVE-2022-49381
CVE-2022-49381 (Linux kernel, jffs2) The issue arises from a memory leak in jffs2_sum_init() when jffs2_iget() or d_make_root() in jffs2_do_fill_super() return an error; allocated resources are not released, leading to kmemleak reports. The provided connected descriptions explain that the leak is...
CVE-2022-49467
CVE-2022-49467 is a Linux kernel issue: a memory‑leak in the DRM MSM driver during mdp5_crtc_cursor_set() caused by incorrect handling in drm_gem_object_lookup/drm_gem_object_get and cursor_bo when msm_gem_get_and_pin_iova fails. Affected components/impact are within the kernel’s DRM subsystem (d...
CVE-2022-49733
CVE-2022-49733 affects the Linux kernel ALSA: oss subsystem (snd_pcm_oss) with a race in snd_pcm_oss_sync() triggered via SNDCTL_DSP_SYNC. The issue arises because snd_pcm_oss_make_ready() is invoked before acquiring the params_lock, creating a window where another thread can reconfigure the stre...
CVE-2023-23586
CVE-2023-23586 affects the Linux kernel io_uring subsystem. A time namespace vvar page can be leaked into a process via a page fault because timens_install’s single-thread check ignores io_uring io_worker threads; when the time namespace is destroyed, the vvar page may remain and a subsequent pag...
CVE-2023-3867
In CVE-2023-3867, the Linux kernel ksmbd SMB2 session setup function smb2_sess_setup could perform an out-of-bounds read when a compound SMB2 request contains a second payload, enabling an OOB read while processing the first payload. The issue is tied to not handling the case where smb2 session s...
CVE-2023-52825
CVE-2023-52825 — Linux kernel (drm/amdkfd) race condition fix . A race in vram buffer unref (prange->svm_bo) could occur in both the MMU callback and a callback after migrating to system RAM, across async tasks. The issue allowed a potential use-after-free in the AMDGPU SVM path. The vulnerabi...
CVE-2023-52855
CVE-2023-52855: Linux kernel USB-DWC2 driver race condition. When _dwc2_hcd_urb_enqueue() and _dwc2_hcd_urb_dequeue() run concurrently, urb->hcpriv can be NULL-checked before urb->hcpriv is assigned NULL, enabling a NULL dereference in dwc2_hcd_urb_dequeue. The connected documents confirm t...
CVE-2023-53087
The CVE-2023-53087 issue affects the Linux kernel’s DRM driver path drm/i915/active. It centers on misuse of non-idle barriers treated as fence trackers within a composite tracker, where a barrier deletion may be attempted concurrently without honoring its return value. This can leave a tracker s...
CVE-2024-26770
CVE-2024-26770 concerns the Linux kernel HID for the Nvidia Shield: a missing null-pointer check in LED initialization (led init path) could dereference NULL after devm_kasprintf() returns NULL. The issue arises during LED initialization within the Nvidia Shield HID handling; the CVSSv3.1 vector ...
CVE-2024-26798
CVE-2024-26798 : Linux kernel fbcon font restore regression fix. The commit a5a923038d70 initially restored old font data on vc_resize() failure but only for user fonts; system/internal fonts were left unreverted, causing a subsequent fbcon_do_set_font() to fail restoration and potentially crash ...
CVE-2024-27418
CVE-2024-27418 affects the Linux kernel net: mctp component. The vulnerability is a memory leak: mctp_local_output currently frees the skb only on success, risking skb leakage if mctp_local_output fails in certain states because ownership isn’t transferred until routing occurs. The fix is to have...
CVE-2024-35799
CVE-2024-35799 relates to the Linux kernel, specifically the DRM/AMD display path. The issue occurs when disabling a stream encoder, where a function invoked during disable no longer exists. The fix adds a null-check for the function declaration in the disable-stream encoder path to prevent a cra...
CVE-2024-35813
CVE-2024-35813 affects the Linux kernel mmc/core component. Root cause: a negative index is used when accessing idatas[i-1] without ensuring i > 0, leading to an out-of-bounds access. The fixed commit adds a proper check to prevent the negative index. The vulnerability’s practical impact is de...
CVE-2024-35926
CVE-2024-35926 : In the Linux kernel, the crypto IA A group fixes an async_disable descriptor leak in the iaa_compress/decompress paths. The root cause was that disable_async paths did not free idxd descriptors, leaking resources in tests where req->dst is null. A patch adds a proper free, res...
CVE-2024-36021
CVE-2024-36021 affects the Linux kernel net driver for hns3, causing a kernel crash when a devlink reload occurs during PF initialization. The root cause is devlink reload accessing hardware resources before the hardware is initialized. A patch fixes this by taking devl_lock during initialization...
CVE-2024-36026
CVE-2024-36026 affects the Linux kernel DRM/AMD PM path (drm/amd/pm). The issue causes random hangs during S4 stress tests when using SMU v13.0.4/11, as GC/RLC/PMFW can enter an invalid state and trigger hard hangs. A workaround implemented in the patch adds a GFX reset just before sending the MP...
CVE-2024-36912
CVE-2024-36912 (Linux kernel) affects the hv: vmbus component. The fix adds a decryption-status field to struct vmbus_gpadl to track the decrypted state of buffers, enabling callers of vmbus_establish_gpadl() and vmbus_teardown_gpadl() to decide whether to free or leak pages instead of returning ...
CVE-2024-38562
CVE-2024-38562 affects the Linux kernel wifi nl80211 implementation. The vulnerability arises from improper address calculations after memory allocation for the channels array: before using request->channels[], request->n_channels must be set, and address computations for memory after the c...
CVE-2024-40920
CVE-2024-40920 affects the Linux kernel net: bridge: mst component. Root cause: br_mst_set_state was converted to RCU to avoid a VLAN use-after-free, but the vlan group dereference helper was not updated, triggering suspicious RCU usage. The fix switches to the vlan group RCU deref helper to addr...
CVE-2024-41051
CVE-2024-41051 affects the Linux kernel cachefiles subsystem. When queuing ondemand_object_worker() to reopen an object, cachefiles_object may be freed if the related erofs is unmounted, causing a use-after-free if ondemand_object_worker() runs after object free. The fix requires canceling or wai...
CVE-2024-42140
The CVE-2024-42140 issue affects the Linux kernel following kexec crash handling on riscv. The root cause is a deadlock when kexec crash code runs in interrupt context, caused by acquiring the irqdesc spinlock and deactivating irqchip in irq_set_irqchip_state(). The fix removes the unnecessary ir...
CVE-2024-42142
CVE-2024-42142 affects the Linux kernel mlx5 E-switch ingress ACL handling. The bug creates an ingress ACL only when vport metadata match and prio tag are enabled, but the active-backup lag feature also requires it, risking a panic when dropping rules if the ACL doesn’t exist. The fix creates the...
CVE-2024-43876
CVE-2024-43876 affects the Linux kernel PCIe RCAR driver. The issue concerns demoting the WARN() in rcar_pcie_wakeup() to dev_warn_ratelimited() to reduce backtrace verbosity when a PCIe link issue is detected. The advisory explains a scenario with ASM1062 PCIe/SATA controllers where link state t...