Lucene search
K
LinuxLinux Kernel

14062 matches found

CVE
CVE
added 2021/01/29 4:56 p.m.581 views

CVE-2021-3347

CVE-2021-3347 is a Linux kernel use-after-free in PI futex fault handling that could allow a local user to crash the kernel or escalate privileges. Multiple connected advisories confirm the issue and indicate fixes have been released across distributions (e.g., generic kernel updates and kernel l...

7.8CVSS7.5AI score0.01377EPSS
CVE
CVE
added 2024/02/27 9:44 a.m.581 views

CVE-2021-46935

CVE-2021-46935 : Linux kernel binder vulnerability where async_free_space accounting for empty parcels leaked up to 8 bytes per 8-byte-or-smaller async transaction. Root cause: after a patch fixing visibility (Android binder buffer moved out of user space), the free operation didn’t add back size...

5.5CVSS5.2AI score0.00229EPSS
CVE
CVE
added 2023/10/09 5:57 p.m.580 views

CVE-2023-39194

CVE-2023-39194 – The Apollo/CVE entry documents a flaw in the Linux kernel XFRM subsystem: during processing of state filters, an out-of-bounds read past the end of an allocated buffer can be triggered by a local attacker with CAP_NET_ADMIN privileges, potentially leading to information disclosur...

4.4CVSS5.8AI score0.00417EPSS
CVE
CVE
added 2024/02/27 6:40 p.m.576 views

CVE-2021-46953

The CVE-2021-46953 issue affects the Linux kernel ACPI GTDT driver. If a probe fails due to invalid firmware properties, the driver may unmap an interrupt it mapped earlier without verifying that the mapping succeeded, and if the firmware reports an interrupt number overlapping the GIC SGI range,...

6.7CVSS6.7AI score0.00241EPSS
CVE
CVE
added 2019/09/04 6:9 p.m.575 views

CVE-2019-15917

CVE-2019-15917 concerns a use-after-free in the Linux kernel before 5.0.5. The bug occurs when hci_uart_register_dev() fails in hci_uart_set_proto() within drivers/bluetooth/hci_ldisc.c, potentially after a local Bluetooth UART device setup. Affected: Linux kernel versions prior to 5.0.5. Impact ...

7CVSS7.4AI score0.00668EPSS
CVE
CVE
added 2024/02/27 6:53 a.m.575 views

CVE-2021-46918

CVE-2021-46918 is a Linux kernel vulnerability in the IDXDMA/DMAR DMA engine where MSIX permission entries were not cleared on device shutdown. The issue arose because MSIX entries were left enabled and pasid entries remained programmed when the device shut down, potentially enabling persistence ...

5.5CVSS6.3AI score0.00193EPSS
CVE
CVE
added 2023/10/09 5:57 p.m.574 views

CVE-2023-39193

CVE-2023-39193 affects the Linux kernel Netfilter SCTP path, where sctp_mt_check fails to validate the flag_count field, enabling a local attacker with CAP_NET_ADMIN to trigger an out-of-bounds read that can crash the system or cause information disclosure. Connected advisories (Red Hat, AlmaLinu...

6.1CVSS6.9AI score0.00415EPSS
CVE
CVE
added 2025/04/01 3:47 p.m.570 views

CVE-2025-21971

CVE-2025-21971 in the Linux kernel net_sched subsystem: creation of a Qdisc class with classid TC_H_ROOT (0xFFFFFFFF) could terminate traversal early during qdisc tree walk, causing incorrect root backlog statistics and potential CRASH in DRR. The fix prevents creating any Qdisc class with TC_H_R...

5.5CVSS7.1AI score0.00187EPSS
CVE
CVE
added 2021/01/13 3:7 a.m.568 views

CVE-2020-28374

CVE-2020-28374 affects the Linux kernel’s SCSI target (LIO) code, specifically drivers/target/target_core_xcopy.c, where insufficient identifier checking could let a remote attacker read or write files via directory traversal in an XCOPY request. Affected component is the Linux kernel prior to 5....

8.1CVSS7.8AI score0.06563EPSS
CVE
CVE
added 2019/06/03 9:58 p.m.566 views

CVE-2019-12614

CVE-2019-12614 affects Linux kernels up to 5.1.6 in the PowerPC pseries dlpar.c: a NULL pointer dereference triggered by unchecked kstrdup of prop->name can allow a local attacker to crash the system via a crafted request. The issue is confirmed in the initial description and corroborated by c...

4.7CVSS6.4AI score0.00623EPSS
CVE
CVE
added 2019/02/15 3:0 p.m.565 views

CVE-2019-6974

CVE-2019-6974 affects the Linux kernel KVM subsystem: a race in kvm_ioctl_create_device() mishandles reference counting, enabling a local user with access to /dev/kvm to cause a use-after-free, potentially crashing the guest or escalating privileges. The issue is fixed in kernel 4.20.8 and relate...

8.1CVSS7.7AI score0.16523EPSS
CVE
CVE
added 2024/02/27 6:40 p.m.565 views

CVE-2021-46938

CVE-2021-46938 affects the Linux kernel in the device-mapper (dm-mq) path for request-based mapped devices. When loading a device-mapper table, if the allocation/initialization of blk_mq_tag_set for the device fails, a subsequent dev_remove can trigger a double free during cleanup because the poi...

7.8CVSS7.2AI score0.00248EPSS
CVE
CVE
added 2022/03/25 12:0 a.m.565 views

CVE-2022-0435

CVE-2022-0435 is a Linux kernel TIPc stack overflow issue. The vulnerability occurs in TIPc domain record handling when a peer sends a domain with more than 64 members, enabling a remote attacker with access to the TIPc network to crash the system and potentially escalate privileges. Connected ad...

9CVSS9AI score0.67994EPSS
CVE
CVE
added 2022/03/18 12:0 a.m.565 views

CVE-2022-1011

CVE-2022-1011: A use-after-free vulnerability in the Linux kernel FUSE implementation when a user triggers write(), enabling local privilege escalation. Affected component is the FUSE filesystem in the kernel; impact is unauthorized access to data from FUSE mounts and potential escalation. Connec...

7.8CVSS7.7AI score0.01169EPSS
CVE
CVE
added 2024/01/31 12:14 p.m.562 views

CVE-2024-1086

CVE-2024-1086 is a use-after-free in Linux kernel nf_tables (netfilter). The vulnerability stems from nft_verdict_init() allowing positive values as drop errors in the hook verdict, enabling nf_hook_slow() to trigger a double-free when NF_DROP is issued with a drop error resembling NF_ACCEPT. Exp...

7.8CVSS8.1AI score0.28058EPSS
In wild
CVE
CVE
added 2020/05/09 8:16 p.m.561 views

CVE-2020-12770

CVE-2020-12770 arises from the Linux kernel sg_write path in the SCSI generic (sg) driver not releasing internal resources in a specific error path because sg_remove_request is not called. This root cause is cited in multiple sources (e.g., ALAS2KERNEL-5.4-2022-012) and is described as a local-ac...

6.7CVSS6.7AI score0.00586EPSS
CVE
CVE
added 2024/02/27 6:53 a.m.561 views

CVE-2021-46917

CVE-2021-46917 is a Linux kernel vulnerability tied to the dmaengine: idxd subsystem. The issue stems from a pre-release silicon erratum workaround where a wq reset did not clear WQCFG registers, leaking into upstream code and risking clobbering registers on future devices. The documented fix rep...

5.5CVSS5.3AI score0.00225EPSS
CVE
CVE
added 2022/02/04 10:29 p.m.559 views

CVE-2021-4154

CVE-2021-4154 is a Linux kernel use-after-free in cgroup v1 parsing (cgroup1_parse_param) that allows local privilege escalation via the fsconfig parameter, potentially enabling container breakout and system DoS. Affected component: kernel/cgroup/cgroup-v1.c in the Linux kernel. Root cause: use-a...

8.8CVSS8.1AI score0.01206EPSS
CVE
CVE
added 2024/02/27 6:53 a.m.559 views

CVE-2021-46919

CVE-2021-46919 is a Linux kernel vulnerability in dmaengine/idxd where WQ size could be changed while the device was enabled. The fix changes the state check to ensure the WQ size is only modifiable when the device is disabled, addressing a race between device state and WQ configuration. Connecte...

5.5CVSS5.3AI score0.00222EPSS
CVE
CVE
added 2023/09/13 4:11 p.m.557 views

CVE-2023-4155

CVE-2023-4155 describes a vulnerability in the Linux kernel’s KVM AMD SEV implementation. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race that causes the VMGEXIT handler to be invoked recursively. If the handler is called multiple times, this can lead to a ...

5.6CVSS6.2AI score0.00158EPSS
CVE
CVE
added 2023/10/03 2:33 a.m.555 views

CVE-2023-5345

CVE-2023-5345 : A use-after-free in the Linux kernel kernel’s fs/smb/client component can enable local privilege escalation. Specifically, an error in smb3_fs_context_parse_param frees ctx->password but does not set it to NULL, risking a double-free scenario. The issue is documented in the CVE...

7.8CVSS7.7AI score0.0047EPSS
CVE
CVE
added 2024/02/27 6:46 p.m.554 views

CVE-2021-46954

CVE-2021-46954 affects the Linux kernel net/sched IPv4 path. When act_mirred attempts to fragment IPv4 packets that were previously reassembled by act_ct, sch_frag used a temporary dst_entry, which was later treated as an rtable pointer in the fragment/MTU flow. This caused a stack out-of-bounds ...

7.1CVSS6.7AI score0.0023EPSS
CVE
CVE
added 2024/02/27 6:40 p.m.553 views

CVE-2021-46942

CVE-2021-46942 relates to the Linux kernel io_uring shared sqpoll cancellation hang. The root cause is an incorrect accounting of inflight requests when cancelling sqpoll contexts that share a sqpoll, caused by per-task counters that can count more requests than are present in the io_uring contex...

5.5CVSS5.3AI score0.00193EPSS
CVE
CVE
added 2023/10/09 5:57 p.m.550 views

CVE-2023-39192

CVE-2023-39192 : A flaw in the Linux kernel Netfilter xt_u32 module allows a local privileged attacker to trigger an out-of-bounds read by crafting improper values in the xt_u32 structure. The root cause is missing validation of fields in xt_u32, leading to crash or information disclosure. Impact...

6.7CVSS6.9AI score0.00397EPSS
CVE
CVE
added 2024/02/27 9:36 a.m.546 views

CVE-2021-46921

CVE-2021-46921 affects the Linux kernel’s locking/qrwlock code. The vulnerability arises in queued_write_lock_slowpath while the wait_lock is held: a reader can observe values before the writer has truly acquired the lock, due to an ordering gap between atomic_cond_read_acquire() and the subseque...

5.5CVSS6AI score0.00228EPSS
CVE
CVE
added 2023/11/01 7:1 p.m.546 views

CVE-2023-1192

CVE-2023-1192 denotes a use-after-free in CIFS smb2_is_status_io_timeout() within the Linux kernel, where memory freed during a system call and CIFS’ later access to that memory can trigger a denial of service. The connected advisories confirm this UAF issue exists in kernel CIFS code and link it...

6.5CVSS7AI score0.01094EPSS
CVE
CVE
added 2025/02/27 2:18 a.m.546 views

CVE-2025-21765

CVE-2025-21765 is a Linux kernel IPv6 issue where ip6_default_advmss() reads net structures that could disappear without proper protection. The root cause is missing RCU protection in ip6_default_advmss(), which could enable read-time inconsistency. The vulnerability is documented as a Local, Low...

5.5CVSS6.5AI score0.00207EPSS
CVE
CVE
added 2018/01/03 6:0 a.m.545 views

CVE-2017-18017

CVE-2017-18017 affects the Linux kernel’s tcpmss_mangle_packet in net/netfilter/xt_TCPMSS.c. When xt_TCPMSS is used in an iptables action, a remote attacker can trigger a use-after-free and memory corruption, leading to a denial of service. Affected versions are Linux kernel before 4.11, and 4.9....

10CVSS9.5AI score0.52189EPSS
CVE
CVE
added 2021/05/10 9:19 p.m.542 views

CVE-2021-32399

CVE-2021-32399 affects the Linux kernel’s Bluetooth HCI handling, specifically a race condition in removal of the HCI controller implemented in net/bluetooth/hci_request.c up to version 5.12.2. The connected Astra Linux entry references the same race condition in the Linux kernel, and a dated Lin...

7CVSS7AI score0.00691EPSS
CVE
CVE
added 2022/06/02 8:51 p.m.542 views

CVE-2022-32250

CVE-2022-32250 : A local privilege-escalation vulnerability in the Linux kernel affects net/netfilter/nf_tables_api.c (up to 5.18.1). An incorrect NFT_STATEFUL_EXPR check leads to a use-after-free, allowing a local user with namespace creation capability to escalate to root. Affected: Linux kerne...

7.8CVSS7.5AI score0.03134EPSS
CVE
CVE
added 2024/02/27 9:44 a.m.541 views

CVE-2021-46933

The CVE-2021-46933 issue affects the Linux kernel USB gadget f_fs component. It occurred when ffs_data_clear was invoked indirectly via ffs_fs_kill_sb/ffs_ep0_release, causing eventfd_ctx_put to be called multiple times and leading to a refcount underflow. The documented fix zeroes out ffs_eventf...

5.5CVSS6.1AI score0.00233EPSS
CVE
CVE
added 2024/02/22 4:13 p.m.537 views

CVE-2024-26590

Summary (CVE-2024-26590) : In the Linux kernel, the EROFS filesystem’s per-file compression format handling could become inconsistent when a crafted image uses an algorithm type not listed in sbi->available_compr_algs. This could trigger a NULL pointer dereference if the corresponding decompre...

5.5CVSS6AI score0.00222EPSS
CVE
CVE
added 2019/11/29 2:5 p.m.534 views

CVE-2019-14901

CVE-2019-14901 is a heap overflow in the Marvell WiFi driver (mwifiex) of the Linux kernel, affecting all 3.x/4.x prior to 4.18.0. It can allow a remote attacker to crash the system (DoS) or potentially execute code with root privileges, impacting confidentiality and integrity. Public advisories ...

10CVSS9.7AI score0.16908EPSS
CVE
CVE
added 2021/06/23 3:37 p.m.531 views

CVE-2021-33624

CVE-2021-33624 affects the Linux kernel prior to 5.12.13, where the eBPF verifier in kernel/bpf/verifier.c could mispredict branches (e.g., due to type confusion), allowing an unprivileged BPF program to read arbitrary kernel memory locations via a side-channel attack. Several connected advisorie...

4.7CVSS5.6AI score0.00922EPSS
CVE
CVE
added 2021/03/07 4:22 a.m.527 views

CVE-2021-27365

CVE-2021-27365 affects the Linux kernel iSCSI subsystem. The issue is a heap overflow in iSCSI data handling where certain iSCSI data structures lack proper length checks and can exceed PAGE_SIZE; an unprivileged, local user can send a Netlink message (up to the maximum Netlink message length) an...

7.8CVSS7.5AI score0.02079EPSS
CVE
CVE
added 2022/03/25 6:3 p.m.527 views

CVE-2022-0995

CVE-2022-0995 is an out-of-bounds memory write in the Linux kernel’s watch_queue event notification subsystem that can overwrite kernel state and may allow a local user to gain privileged access or cause a denial of service. Connected sources indicate affected kernel lines include 5.x series with...

7.8CVSS6.6AI score0.06197EPSS
CVE
CVE
added 2022/01/18 4:51 p.m.526 views

CVE-2021-4083

CVE-2021-4083 is a read-after-free in Linux kernel Unix domain socket GC triggered by a race between close() and fget(). Affected kernels are prior to 5.16-rc4. Local users could crash the system or escalate privileges. Affected products include upstream kernel and Linux distributions (Astra Linu...

7CVSS6.9AI score0.0031EPSS
CVE
CVE
added 2024/02/27 9:43 a.m.526 views

CVE-2021-46928

CVE-2021-46928 affects the Linux kernel on parisc: a trap7 (Instruction access rights) could leave the cr19 IIR register with a stale value. The patch fixes this by overwriting the stale IIR with the constant 0xbaadf00d when the trap occurs, preventing confusing dump values. The issue arises beca...

5.5CVSS6.2AI score0.00225EPSS
CVE
CVE
added 2024/02/27 9:44 a.m.526 views

CVE-2021-46937

The connected Nessus entry confirms CVE-2021-46937 affects the Linux kernel DAMON debugfs interface: repeated writes to the target_ids file increase pid reference counts without corresponding decreases, causing a memory leak of struct pid. The issue is fixed by a kernel patch that decrements PID ...

5.5CVSS6.1AI score0.00222EPSS
CVE
CVE
added 2024/02/27 6:40 p.m.526 views

CVE-2021-46947

CVE-2021-46947 is a Linux kernel issue in the sfc (Solarflare) driver where efx->xdp_tx_queue_count can reflect too many uninitialized slots after probing, risking a NULL pointer dereference (e.g., when running ethtool -S). The root cause is that xdp_tx_queue_count starts at num_possible_cpus(...

5.5CVSS5AI score0.00193EPSS
CVE
CVE
added 2022/02/16 6:35 p.m.525 views

CVE-2021-3752

Mode C: CVE-2021-3752 is a Linux kernel use-after-free vulnerability in the Bluetooth L2CAP path caused by a race between connect and disconnect. The flaw can allow a local attacker to crash the system or escalate privileges. Connected documents confirm this CVE is discussed in Debian advisories ...

7.9CVSS7.2AI score0.01736EPSS
CVE
CVE
added 2023/11/06 10:56 a.m.524 views

CVE-2023-5090

CVE-2023-5090: A flaw in Linux kernel KVM (svm_set_x2apic_msr_interception) enables direct access to host x2apic MSRs when a guest resets its APIC, potentially causing denial of service. Connected advisories (Astra Linux, IBM Guardium bulletin, Amazon ALAS) reference this CVE as part of Linux ker...

6CVSS6.7AI score0.00234EPSS
CVE
CVE
added 2023/01/12 12:0 a.m.523 views

CVE-2023-23454

CVE-2023-23454 affects the Linux kernel cbq_classify (net/sched/sch_cbq.c) up to version 6.1.4, enabling a local attacker to trigger a slab-out-of-bounds read via type confusion (non-negative values may be misinterpreted as TC_ACT_SHOT), causing denial of service. Connected advisories reference s...

5.5CVSS6AI score0.00312EPSS
CVE
CVE
added 2023/07/24 3:19 p.m.522 views

CVE-2023-3567

CVE-2023-3567 is a use-after-free vulnerability in Linux kernel code (vc_screen.c: vcs_read in vc_screen) that can allow a local attacker to crash the system or leak kernel information. Connected advisories (Astra Linux, CIRCL sighting, and Amazon Linux advisories) confirm the same UAF issue and ...

7.1CVSS7AI score0.00455EPSS
CVE
CVE
added 2024/02/27 9:43 a.m.521 views

CVE-2021-46923

CVE-2021-46923: Rejected reason; this CVE entry is not used.

5.5CVSS6.1AI score0.00211EPSS
CVE
CVE
added 2017/10/04 1:0 a.m.519 views

CVE-2017-1000253

CVE-2017-1000253 is a Linux kernel PIE stack buffer corruption vulnerability in load_elf_binary() that can allow local privilege escalation when PIE is used and memory mapping overlaps the stack region. The issue stems from not accounting for space for the entire binary, causing later PT_LOAD seg...

7.8CVSS7.3AI score0.10695EPSS
In wild
CVE
CVE
added 2008/10/20 5:0 p.m.518 views

CVE-2008-4609

CVE-2008-4609 is a TCP state-exhaustion DoS vulnerability demonstrated by sockstress. It was described as affecting the TCP implementation in Linux, BSD-based platforms, Windows, Cisco products, and probably others. The issue enables a remote attacker to exhaust connection state, potentially rend...

7.1CVSS8.8AI score0.32123EPSS
CVE
CVE
added 2023/04/12 11:16 a.m.518 views

CVE-2023-1829

CVE-2023-1829 affects the Linux kernel tcindex subsystem. A use-after-free can occur in tcindex_delete when filters are not properly deactivated for a perfect-hash underlying structure, potentially enabling local privilege escalation to root. The flaw is tied to the traffic control index filter (...

7.8CVSS7.8AI score0.01029EPSS
CVE
CVE
added 2020/02/06 12:6 a.m.516 views

CVE-2020-8648

CVE-2020-8648 is a use-after-free in the Linux kernel’s n_tty_receive_buf_common function (drivers/tty/n_tty.c), affecting kernel builds up to 5.5.2. It is a local vulnerability; exploitation could crash the kernel (DoS), with CVSS notes indicating local access and high impact on availability. Co...

7.1CVSS7AI score0.00661EPSS
CVE
CVE
added 2020/06/09 12:40 p.m.515 views

CVE-2020-10757

CVE-2020-10757 affects the Linux kernel (post 4.5-rc1) where mremap mishandles DAX Huge Pages, enabling a local attacker with DAX storage access to escalate privileges. Connected advisories (RHEL/CentOS, Amazon Linux 2, IBM QRadar-related entries) confirm kernel patches/fixes are available and re...

7.8CVSS7.5AI score0.00992EPSS
Total number of security vulnerabilities14062