14031 matches found
CVE-2024-50165
CVE-2024-50165 concerns the Linux kernel BPF subsystem. The vulnerability arises in bpf_parse_param() where param->string was not preserved, risking a kmalloc leak if the string is later freed. The fix is to preserve the value of param->string so it can be freed correctly, preventing memory...
CVE-2024-56563
CVE-2024-56563: In the Linux kernel, the ceph MDS cred-check path leaks credentials due to get_current_cred() refcount increment without a matching put_cred() in ceph_mds_check_access(). Impact is confidentiality HIGH; exploit would be local with LOW privileges and no user interaction. The issue ...
CVE-2024-56784
Technical details for CVE-2024-56784 are not provided in the connected documents. The initial description notes a Linux kernel drm/amd/display fix, but explicit affected versions, root cause specifics, exploitability, or remediation are not disclosed here. Monitor for updates.
CVE-2024-57978
CVE-2024-57978 refers to a Linux kernel vulnerability in the media: imx-jpeg driver. The issue arises in detach_pm() where, if jpeg->pd_dev[i] is an error pointer, passing it to pm_runtime_suspended() can trigger an Oops. The description notes that existing checks cover error pointers and NULL...
CVE-2024-58006
CVE-2024-58006 : In the Linux kernel, the PCI Domain (dwc) endpoint driver could allow changing a BAR’s size/flags via pci_epc_set_bar() without clearing the previous BAR, if the new BAR config matches the old. This could cause the inbound address translation range to become smaller than the host...
CVE-2025-21946
The CVE-2025-21946 entry affects the Linux kernel ksmbd component; the issue is a slab-out-of-bounds in parse_sec_desc() caused by offsets (osidoffset, gsidoffset, dacloffset) exceeding the smb_ntsd structure, and by not verifying the subauth array size when validating a SID. The connected Astra ...
CVE-2025-22059
CVE-2025-22059 describes a Linux kernel UDP receive memory accounting overflow due to wraparounds in sk_rmem_alloc. The issue arises when sk_rcvbuf is set large (e.g., INT_MAX) and skb sizes are added unconditionally to sk_rmem_alloc, combined with signed/unsigned misalignment, enabling multiple ...
CVE-2025-37746
CVE-2025-37746 affects the Linux kernel (perf/dwc_pcie). During platform_device_register, using struct device pci_dev as platform_data caused a kmemdup copy of pci_dev; accessing the duplicated device leads to list corruption since the mutex content (e.g., list, magic) remains identical to the or...
CVE-2025-37764
CVE-2025-37764 affects the Linux kernel (drm/imagination/powervr): a vulnerability causing firmware memory leaks during firmware image processing, leading to leaks on module unload and in failure paths during module load. The fix releases memory used for firmware image processing results and dest...
CVE-2025-37912
CVE-2025-37912 affects the Linux kernel ICE driver. The root cause is a missing null pointer check on the value returned by ice_get_vf_vsi(), which could lead to using a NULL VSI pointer in ice_vc_add_fdir_fltr(). The fix, described in commit baeb705fd6a7 ("ice: always check VF VSI pointer values...
CVE-2025-37913
Summary: CVE-2025-37913 affects the Linux kernel’s net_sched/qfq when a netem child qdisc can cause the parent enqueue callback to be reentrant, risking memory corruption from adding the same classifier twice. The root cause is a double list add in the class when reentry occurs; the fix adds a gu...
CVE-2025-37920
CVE-2025-37920 affects the Linux kernel in the AF_XDP path. The issue is a race condition in the generic RX path when multiple sockets share the same xsk_buff_pool (shared umem), with RX queues being socket-exclusive and FILL queues sharable. The fix moves the rx_lock from xsk_socket to the share...
CVE-2025-37933
CVE-2025-37933 is a Linux kernel vulnerability affecting the octeon_ep driver. The issue occurs when the host loses heartbeat messages from the device and the driver’s device-specific stop function (ndo_stop) frees resources; if the driver is unloaded during this window, resources may be freed tw...
CVE-2025-37946
CVE-2025-37946 concerns the Linux kernel, specifically the s390 PCI subsystem. The issue arises from a duplicate pci_dev_put() in disable_slot() when a PF has child VFs, introduced during a change that added a lock to zpci_dev state. The extra pci_dev_put() can lead to a use-after-free if the pci...
CVE-2025-37953
CVE-2025-37953 affects the Linux kernel sch_htb component. The issue stems from a regression caused when htb_qlen_notify() and htb_deactivate() interactions could leave prt pointers NULL, enabling a NULL pointer dereference path via htb_next_rb_node() and in certain qlen/dequeue_backlog sequences...
CVE-2025-37974
CVE-2025-37974: Linux kernel s390/pci vulnerability where zpci_create_device() may return an error pointer that is not checked before dereferencing it as a struct zpci_dev in __clp_add(); the fix adds a missing check so the device is not added to the scan_list, preventing the previous behavior. T...
CVE-2025-38049
CVE-2025-38049 (Linux kernel) : In x86 resctrl, allocation of the cleanest CLOSID could dereference NULL on platforms without LLC occupancy counters, causing a NULL pointer dereference when creating a new control group. The issue arises from code that searched for the CLOSID with the fewest dirty...
CVE-2004-1073
The CVE-2004-1073 entry affects the Linux kernel (2.4.x up to 2.4.27 and 2.6.x up to 2.6.8). It is caused by the open_exec path of the execve functionality (exec.c), where the interpreter (PT_INTERP) handling can allow local users to read non-readable ELF binaries. The description specifies local...
CVE-2006-2932
CVE-2006-2932 is a regression in the restore_all code path of the 4/4GB split support for non-hugemem kernels in Red Hat Enterprise Linux 4 (Desktop/Enterprise) that allows a local user to cause a denial of service (panic) via unspecified vectors. The issue is documented in Red Hat advisories RHS...
CVE-2008-0598
CVE-2008-0598 affects the Linux kernel 2.6.9, 2.6.18 (and likely other versions) via the 32-bit/64-bit emulation. The issue allows local attackers to read uninitialized memory through crafted binaries, indicating a local, unauthenticated attack with LOW complexity and complete confidentiality imp...
CVE-2008-1375
CVE-2008-1375 describes a race condition in the Linux kernel’s directory notification subsystem (dnotify). It affects Linux kernel 2.6.x before 2.6.24.6, and 2.6.25 before 2.6.25.1. Successful exploitation could allow local users to cause a denial of service (OOPS) and possibly gain privileges vi...
CVE-2008-2812
CVE-2008-2812 affects the Linux kernel prior to 2.6.25.10, with NULL pointer dereferences in tty handling (notably in drivers/net/ such as hamradio, irda, ppp, slip, wan, and wireless components) potentially enabling local privilege escalation or a system crash. The issue arises from missing chec...
CVE-2009-0322
CVE-2009-0322 affects the Linux kernel Dell RBU (Remote BIOS Update) driver: reading zero bytes from image_type or packet_size under /sys/devices/platform/dell_rbu/ can cause a local DoS (system crash). Concrete references in connected advisories show affected kernels include 2.6.27.x (before 2.6...
CVE-2009-0778
CVE-2009-0778 affects the Linux kernel prior to 2.6.25 when configured as a router with a REJECT route. The icmp_send code in net/ipv4/icmp.c can mishandle the Protocol Independent Destination (DST) cache, potentially leaking DST state and allowing remote attackers to cause a denial of service (c...
CVE-2009-4031
CVE-2009-4031 affects the KVM x86 emulator (arch/x86/kvm/emulate.c) in the Linux kernel prior to 2.6.32-rc8-next-20091125. The do_insn_fetch path could interpret instructions longer than valid, failing to enforce the 15-byte limit per instruction, which guest OS users can abuse to cause a denial ...
CVE-2010-0298
Summary: CVE-2010-0298 affects the x86 emulator in KVM 83, where CPL/IOPL checks are not applied to CPL3 memory accesses, enabling a guest OS user to crash the guest or gain privileges via an IO port or MMIO region (related to CVE-2010-0306). What is affected: KVM/x86 emulator code in affected Li...
CVE-2010-1087
CVE-2010-1087 affects the Linux kernel family 2.6.x up to 2.6.33-rc5. The vulnerability is in nfs_wait_on_request (fs/nfs/pagelist.c) and can cause a denial of service (kernel OOPS) via unknown vectors related to truncating a file and an operation that is not interruptible. The impact is a DoS on...
CVE-2010-1146
The CVE-2010-1146 entry concerns the Linux kernel (2.6.33.2 and earlier) where, if a ReiserFS filesystem exists, read/write access to the .reiserfs_priv directory is not restricted. Local attackers could exploit this by modifying extended attributes or ACLs, demonstrated by deleting a file under ...
CVE-2011-1771
CVE-2011-1771 affects the Linux kernel up to version 2.6.38, specifically the cifs_close function in fs/cifs/file.c. If a local user opens a CIFS file with the O_DIRECT flag, it can trigger a NULL pointer dereference (and BUG), causing a denial of service or unspecified impact. Mitigation: upgrad...
CVE-2011-3638
CVE-2011-3638 affects the Linux kernel’s ext4 extents handling. The vulnerability occurs in fs/ext4/extents.c where a modified extent may not be marked_dirty during certain extent-splitting paths, enabling a local attacker to trigger a denial of service (kernel crash) through ext4 unmount/mount o...
CVE-2011-4326
CVE-2011-4326 affects the Linux kernel’s UDP fragment handling for IPv6 when UDP Fragmentation Offload (UFO) is enabled. Specifically, the vulnerability lies in udp6_ufo_fragment in net/ipv6/udp.c, allowing remote attackers to crash the system by sending fragmented IPv6 UDP packets to a bridge. T...
CVE-2012-0044
CVE-2012-0044 is an integer overflow in drm_mode_dirtyfb_ioctl() within Linux kernel drivers/gpu/drm/drm_crtc.c, vulnerable before 3.1.5. The flaw allows local users to gain privileges or trigger memory corruption/DoS via a crafted ioctl. Public sources (including MiracleLinux AXSA-2012-646:05) c...
CVE-2012-0045
CVE-2012-0045 relates to the Linux kernel KVM 32-bit syscall emulation. A flaw in arch/x86/kvm/emulate.c where the 0f05 (syscall) opcode is not handled correctly allows a user in a 32-bit guest to crash the guest OS (denial of service). Public references in the provided connected documents confir...
CVE-2012-0957
CVE-2012-0957 affects the Linux kernel prior to 3.4.16. The override_release function in kernel/sys.c can let a local user leak kernel stack memory by calling uname with the UNAME26 personality. This is a local-privilege scenario; no remote vector is described in the provided documents. Affected ...
CVE-2012-4461
CVE-2012-4461 overview: The Linux kernel KVM subsystem (pre-3.6.9) on hosts using qemu userspace without XSAVE is vulnerable. A local attacker can trigger a denial of service (kernel OOPS) by calling KVM_SET_SREGS to enable the X86_CR4_OSXSAVE bit in the guest CR4, then issuing KVM_RUN. The conne...
CVE-2012-6712
The CVE-2012-6712 issue affects the Linux kernel prior to 3.4, where a buffer overflow in the Intel Wireless iwlwifi driver (iwl-agn-sta.c) can cause memory corruption. Exploitation details are not provided in the documents, but the vulnerability is documented across multiple feeds with reference...
CVE-2013-4592
CVE-2013-4592: Memory leak in Linux kernel
CVE-2014-4322
CVE-2014-4322 affects the Linux kernel 3.x QSEECOM driver. The qseecom.c ioctl logic does not validate certain offset, length, and base values, enabling a crafted application to escalate privileges or trigger memory corruption. Affected component: drivers/misc/qseecom.c in the QSEECOM driver used...
CVE-2016-2854
CVE-2016-2854 concerns the AUFS module in the Linux kernel (versions 3.x/4.x), which does not properly maintain POSIX ACL xattr data. This can allow a local attacker to gain privileges by exploiting a group-writable setgid directory. The connected documents confirm the vulnerability and its local...
CVE-2018-11412
CVE-2018-11412 affects the Linux kernel versions 4.13–4.16.11, where ext4_read_inline_data() in fs/ext4/inline.c copies data with a length that can be untrusted in certain crafted filesystem layouts (storing system.data in a dedicated inode). This can enable out-of-bounds memory access leading to...
CVE-2020-36779
CVE-2020-36779 affects the Linux kernel i2c stm32f7 driver. The issue is a PM reference leak where pm_runtime_get_sync increments the usage count on return even when it fails, in stm32f7_i2c_xx functions (local attack vector). The patch replaces the problematic path with pm_runtime_resume_and_get...
CVE-2021-47020
CVE-2021-47020 is a Linux kernel vulnerability in the SoundWire subsystem. The issue is a memory leak in the stream config error path for soundwire: stream: when stream config fails, the master runtime releases slave_runtimes from the slave_rt_list but the slave runtime is not added to that list ...
CVE-2021-47105
CVE-2021-47105 : In the Linux kernel, the ice: xsk path had a bug where cleaning the SW ring NULLed xdp_buff but did not return the buffers to the xsk pool. This caused buffers in the umem to leak and become unusable. The fix adds a missing xsk_buff_free() in the cleanup path and ensures only the...
CVE-2021-47168
CVE-2021-47168 affects the Linux kernel NFS code, specifically filelayout_decode_layout. The bug stems from sizeof(struct nfs_fh) being two bytes larger than the actual NFS_MAXFHSIZE buffer, risking memory corruption. The fix changes the size to match NFS_MAXFHSIZE (the buffer for ->data[]) an...
CVE-2021-47182
The CVE-2021-47182 entry concerns the Linux kernel scsi_mode_sense() implementation. Affected component: scsi core. Issues: improper handling of the MODE SENSE(10) allocation length field (16-bit, truncating lengths >255) and buffer length adjustments that could corrupt memory when len is too ...
CVE-2021-47211
CVE-2021-47211 refers to a Linux kernel vulnerability in ALSA: usb-audio where snd_usb_find_clock_source could return a null cs_desc, risking a null pointer dereference. The fix adds a null check before dereferencing the clock source descriptor. The portrait of affected code points to the ALSA us...
CVE-2021-47235
CVE-2021-47235 affects the Linux kernel net/ethernet path: ec_bhf_remove() uses priv (netdev private data) after free_netdev() is called, enabling a use-after-free. The fixed sequence moves free_netdev() to occur after the PCI I/O unmaps (pci_iounmap) of priv, preventing access to freed memory. D...
CVE-2021-47280
CVE-2021-47280 is a Linux kernel vulnerability affecting drm_getunique() in the DRM subsystem. A time-of-check-to-time-of-use (TOCTOU) error occurs by reading file_priv->master before acquiring the device master mutex, allowing a master pointer to be used after the original object may have bee...
CVE-2021-47362
CVE-2021-47362 affects the Linux kernel’s drm/amd/pm power management code. The vulnerability occurs during DPM initialization when set_power_state reads values from the current state; if current state is not populated, this can lead to a NULL pointer dereference. The ATCS/ACPI path for PCI speed...
CVE-2021-47401
CVE-2021-47401 concerns a Linux kernel vulnerability in the ipack: ipoctal path where the tty driver name was allocated on the stack, enabling a stack information leak to user space. The issue arises because the tty device name could be revealed after registration, and another driver copied the p...