7807 matches found
CVE-2006-5757
Race condition in the __find_get_block_slow function in the ISO9660 filesystem in Linux 2.6.18 and possibly other versions allows local users to cause a denial of service (infinite loop) by mounting a crafted ISO9660 filesystem containing malformed data structures.
CVE-2006-6053
The ext3fs_dirhash function in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via an ext3 stream with malformed data structures.
CVE-2006-6058
The minix filesystem code in Linux kernel 2.6.x before 2.6.24, including 2.6.18, allows local users to cause a denial of service (hang) via a malformed minix file stream that triggers an infinite loop in the minix_bmap function. NOTE: this issue might be due to an integer overflow or signedness err...
CVE-2007-2764
The embedded Linux kernel in certain Sun-Brocade SilkWorm switches before 20070516 does not properly handle a situation in which a non-root user creates a kernel process, which allows attackers to cause a denial of service (oops and device reboot) via unspecified vectors.
CVE-2007-2875
Integer underflow in the cpuset_tasks_read function in the Linux kernel before 2.6.20.13, and 2.6.21.x before 2.6.21.4, when the cpuset filesystem is mounted, allows local users to obtain kernel memory contents by using a large offset when reading the /dev/cpuset/tasks file.
CVE-2007-3843
The Linux kernel before 2.6.23-rc1 checks the wrong global variable for the CIFS sec mount option, which might allow remote attackers to spoof CIFS network traffic that the client configured for security signatures, as demonstrated by lack of signing despite sec=ntlmv2i in a SetupAndX request.
CVE-2008-3831
The i915 driver in (1) drivers/char/drm/i915_dma.c in the Linux kernel 2.6.24 on Debian GNU/Linux and (2) sys/dev/pci/drm/i915_drv.c in OpenBSD does not restrict the DRM_I915_HWS_ADDR ioctl to the Direct Rendering Manager (DRM) master, which allows local users to cause a denial of service (memory c...
CVE-2010-1643
mm/shmem.c in the Linux kernel before 2.6.28-rc3, when strict overcommit is enabled, does not properly handle the export of shmemfs objects by knfsd, which allows attackers to cause a denial of service (NULL pointer dereference and knfsd crash) or possibly have unspecified other impact via unknown ...
CVE-2011-4594
The __sys_sendmsg function in net/socket.c in the Linux kernel before 3.1 allows local users to cause a denial of service (system crash) via crafted use of the sendmmsg system call, leading to an incorrect pointer dereference.
CVE-2012-2384
Integer overflow in the i915_gem_do_execbuffer function in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 3.3.5 on 32-bit platforms allows local users to cause a denial of service (out-of-bounds write) or possibly have unspecifi...
CVE-2012-6539
The dev_ifconf function in net/socket.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
CVE-2012-6546
The ATM implementation in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
CVE-2013-2894
drivers/hid/hid-lenovo-tpkbd.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_LENOVO_TPKBD is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device.
CVE-2013-4254
The validate_event function in arch/arm/kernel/perf_event.c in the Linux kernel before 3.10.8 on the ARM platform allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by adding a hardware event to an event group led by a software event.
CVE-2014-2039
arch/s390/kernel/head64.S in the Linux kernel before 3.13.5 on the s390 platform does not properly handle attempted use of the linkage stack, which allows local users to cause a denial of service (system crash) by executing a crafted instruction.
CVE-2014-5045
The mountpoint_last function in fs/namei.c in the Linux kernel before 3.15.8 does not properly maintain a certain reference count during attempts to use the umount system call in conjunction with a symlink, which allows local users to cause a denial of service (memory consumption or use-after-free)...
CVE-2014-8480
The instruction decoder in arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel before 3.18-rc2 lacks intended decoder-table flags for certain RIP-relative instructions, which allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via a crafted ap...
CVE-2014-9892
The snd_compr_tstamp function in sound/core/compress_offload.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize a timestamp data structure, which allows attackers to obtain sensitive information via a crafted applica...
CVE-2015-0572
Multiple race conditions in drivers/char/adsprpc.c and drivers/char/adsprpc_compat.c in the ADSPRPC driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service (zero-value write)...
CVE-2016-6156
Race condition in the ec_device_ioctl_xcmd function in drivers/platform/chrome/cros_ec_dev.c in the Linux kernel before 4.7 allows local users to cause a denial of service (out-of-bounds array access) by changing a certain size value, aka a "double fetch" vulnerability.
CVE-2016-9754
The ring_buffer_resize function in kernel/trace/ring_buffer.c in the profiling subsystem in the Linux kernel before 4.6.1 mishandles certain integer calculations, which allows local users to gain privileges by writing to the /sys/kernel/debug/tracing/buffer_size_kb file.
CVE-2017-0576
An elevation of privilege vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Ke...
CVE-2017-12168
The access_pmu_evcntr function in arch/arm64/kvm/sys_regs.c in the Linux kernel before 4.8.11 allows privileged KVM guest OS users to cause a denial of service (assertion failure and host OS crash) by accessing the Performance Monitors Cycle Count Register (PMCCNTR).
CVE-2017-8069
drivers/net/usb/rtl8150.c in the Linux kernel 4.9.x before 4.9.11 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual p...
CVE-2018-20510
The print_binder_transaction_ilocked function in drivers/android/binder.c in the Linux kernel 4.14.90 allows local users to obtain sensitive address information by reading "*from *code *flags" lines in a debugfs file.
CVE-2021-47083
In the Linux kernel, the following vulnerability has been resolved: pinctrl: mediatek: fix global-out-of-bounds issue When eint virtual eint number is greater than gpio number,it maybe produce 'desc[eint_n]' size globle-out-of-bounds issue.
CVE-2021-47198
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine An error is detected with the following report when unloading the driver:"KASAN: use-after-free in lpfc_unreg_rpi+0x1b1b" The NLP_REG_LOGIN_SEND nlp_flag is set in lpfc_reg...
CVE-2021-47215
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: kTLS, Fix crash in RX resync flow For the TLS RX resync flow, we maintain a list of TLS contextsthat require some attention, to communicate their resync informationto the HW.Here we fix list corruptions, by protecting th...
CVE-2021-47241
In the Linux kernel, the following vulnerability has been resolved: ethtool: strset: fix message length calculation Outer nest for ETHTOOL_A_STRSET_STRINGSETS is not accounted for.This may result in ETHTOOL_MSG_STRSET_GET producing a warning like: calculated message payload length (684) not suffici...
CVE-2021-47256
In the Linux kernel, the following vulnerability has been resolved: mm/memory-failure: make sure wait for page writeback in memory_failure Our syzkaller trigger the "BUG_ON(!list_empty(&inode->i_wb_list))" inclear_inode: kernel BUG at fs/inode.c:519!Internal error: Oops - BUG: 0 [#1] SMPModules ...
CVE-2021-47263
In the Linux kernel, the following vulnerability has been resolved: gpio: wcd934x: Fix shift-out-of-bounds error bit-mask for pins 0 to 4 is BIT(0) to BIT(4) however we ended up with BIT(n - 1)which is not right, and this was caught by below usban check UBSAN: shift-out-of-bounds in drivers/gpio/gp...
CVE-2021-47294
In the Linux kernel, the following vulnerability has been resolved: netrom: Decrease sock refcount when sock timers expire Commit 63346650c1a9 ("netrom: switch to sock timer API") switched to usesock timer API. It replaces mod_timer() by sk_reset_timer(), anddel_timer() by sk_stop_timer(). Function...
CVE-2021-47325
In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Fix arm_smmu_device refcount leak in address translation The reference counting issue happens in several exception handling pathsof arm_smmu_iova_to_phys_hard(). When those error scenarios occur, thefunction forgets...
CVE-2021-47333
In the Linux kernel, the following vulnerability has been resolved: misc: alcor_pci: fix null-ptr-deref when there is no PCI bridge There is an issue with the ASPM(optional) capability checking function.A device might be attached to root complex directly, in this case,bus->self(bridge) will be N...
CVE-2021-47364
In the Linux kernel, the following vulnerability has been resolved: comedi: Fix memory leak in compat_insnlist() compat_insnlist() handles the 32-bit version of the COMEDI_INSNLISTioctl (whenwhen CONFIG_COMPAT is enabled). It allocates memory totemporarily hold an array of struct comedi_insn conver...
CVE-2021-47397
In the Linux kernel, the following vulnerability has been resolved: sctp: break out if skb_header_pointer returns NULL in sctp_rcv_ootb We should always check if skb_header_pointer's return is NULL beforeusing it, otherwise it may cause null-ptr-deref, as syzbot reported: KASAN: null-ptr-deref in r...
CVE-2021-47499
In the Linux kernel, the following vulnerability has been resolved: iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove When ACPI type is ACPI_SMO8500, the data->dready_trig will not be set, thememory allocated by iio_triggered_buffer_setup() will not be freed, and causememory l...
CVE-2021-47526
In the Linux kernel, the following vulnerability has been resolved: serial: liteuart: Fix NULL pointer dereference in ->remove() drvdata has to be set in _probe() - otherwise platform_get_drvdata()causes null pointer dereference BUG in _remove().
CVE-2021-47540
In the Linux kernel, the following vulnerability has been resolved: mt76: mt7915: fix NULL pointer dereference in mt7915_get_phy_mode Fix the following NULL pointer dereference in mt7915_get_phy_moderoutine adding an ibss interface to the mt7915 driver. [ 101.137097] wlan0: Trigger new scan to find...
CVE-2021-47585
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix memory leak in __add_inode_ref() Line 1169 (#3) allocates a memory chunk for victim_name by kmalloc(),but when the function returns in line 1184 (#4) victim_name allocatedby line 1169 (#3) is not freed, which will lead t...
CVE-2021-47587
In the Linux kernel, the following vulnerability has been resolved: net: systemport: Add global locking for descriptor lifecycle The descriptor list is a shared resource across all of the transmit queues, andthe locking mechanism used today only protects concurrency across a giventransmit queue bet...
CVE-2022-48647
In the Linux kernel, the following vulnerability has been resolved: sfc: fix TX channel offset when using legacy interrupts In legacy interrupt mode the tx_channel_offset was hardcoded to 1, butthat's not correct if efx_sepparate_tx_channels is false. In that case,the offset is 0 because the tx que...
CVE-2022-48648
In the Linux kernel, the following vulnerability has been resolved: sfc: fix null pointer dereference in efx_hard_start_xmit Trying to get the channel from the tx_queue variable here is wrongbecause we can only be here if tx_queue is NULL, so we shouldn'tdereference it. As the above comment in the ...
CVE-2022-48706
In the Linux kernel, the following vulnerability has been resolved: vdpa: ifcvf: Do proper cleanup if IFCVF init fails ifcvf_mgmt_dev leaks memory if it is not freed beforereturning. Call is made to correct return statementso memory does not leak. ifcvf_init_hw does not takecare of this so it is ne...
CVE-2022-48717
In the Linux kernel, the following vulnerability has been resolved: ASoC: max9759: fix underflow in speaker_gain_control_put() Check for negative values of "priv->gain" to prevent an out of boundsaccess. The concern is that these might come from the user via:-> snd_ctl_elem_write_user()-> ...
CVE-2022-48740
In the Linux kernel, the following vulnerability has been resolved: selinux: fix double free of cond_list on error paths On error path from cond_read_list() and duplicate_policydb_cond_list()the cond_list_destroy() gets called a second time in caller functions,resulting in NULL pointer deref. Fix t...
CVE-2022-48849
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: bypass tiling flag check in virtual display case (v2) vkms leverages common amdgpu framebuffer creation, andalso as it does not support FB modifier, there is no needto check tiling flags when initing framebuffer when vi...
CVE-2022-48933
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix memory leak during stateful obj update stateful objects can be updated from the control plane.The transaction logic allocates a temporary object for this purpose. The ->init function was called for this...
CVE-2022-49108
In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: Fix memory leaks on probe Handle the error branches to free memory where required. Addresses-Coverity-ID: 1491825 ("Resource leak")
CVE-2022-49230
In the Linux kernel, the following vulnerability has been resolved: mt76: mt7915: fix possible memory leak in mt7915_mcu_add_sta Free allocated skb in mt7915_mcu_add_sta routine in case of failures.