Lucene search

K
LinuxLinux Kernel

10926 matches found

CVE
CVE
added 2011/09/06 3:55 p.m.69 views

CVE-2011-2700

Multiple buffer overflows in the si4713_write_econtrol_string function in drivers/media/radio/si4713-i2c.c in the Linux kernel before 2.6.39.4 on the N900 platform might allow local users to cause a denial of service or have unspecified other impact via a crafted s_ext_ctrls operation with a (1) V4...

2.1CVSS6.7AI score0.00065EPSS
Web
CVE
CVE
added 2012/06/21 11:55 p.m.69 views

CVE-2011-4913

The rose_parse_ccitt function in net/rose/rose_subr.c in the Linux kernel before 2.6.39 does not validate the FAC_CCITT_DEST_NSAP and FAC_CCITT_SRC_NSAP fields, which allows remote attackers to (1) cause a denial of service (integer underflow, heap memory corruption, and panic) via a small length v...

7.8CVSS8.1AI score0.00953EPSS
CVE
CVE
added 2013/06/07 2:3 p.m.69 views

CVE-2013-2146

arch/x86/kernel/cpu/perf_event_intel.c in the Linux kernel before 3.8.9, when the Performance Events Subsystem is enabled, specifies an incorrect bitmask, which allows local users to cause a denial of service (general protection fault and system crash) by attempting to set a reserved bit.

4.7CVSS5AI score0.00022EPSS
CVE
CVE
added 2013/04/22 11:41 a.m.69 views

CVE-2013-3235

net/tipc/socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure and a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

4.9CVSS5.6AI score0.00076EPSS
CVE
CVE
added 2013/12/14 6:8 p.m.69 views

CVE-2013-6376

The recalculate_apic_map function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (host OS crash) via a crafted ICR write operation in x2apic mode.

5.2CVSS5.8AI score0.00123EPSS
CVE
CVE
added 2014/08/18 11:15 a.m.69 views

CVE-2014-5206

The do_remount function in fs/namespace.c in the Linux kernel through 3.16.1 does not maintain the MNT_LOCK_READONLY bit across a remount of a bind mount, which allows local users to bypass an intended read-only restriction and defeat certain sandbox protection mechanisms via a "mount -o remount" c...

7.2CVSS7.9AI score0.00043EPSS
CVE
CVE
added 2016/05/02 10:59 a.m.69 views

CVE-2014-9717

fs/namespace.c in the Linux kernel before 4.0.2 processes MNT_DETACH umount2 system calls without verifying that the MNT_LOCKED flag is unset, which allows local users to bypass intended access restrictions and navigate to filesystem locations beneath a mount by calling umount2 within a user namesp...

6.1CVSS6.1AI score0.00041EPSS
CVE
CVE
added 2016/10/16 9:59 p.m.69 views

CVE-2015-8953

fs/overlayfs/copy_up.c in the Linux kernel before 4.2.6 uses an incorrect cleanup code path, which allows local users to cause a denial of service (dentry reference leak) via filesystem operations on a large file in a lower overlayfs layer.

5.5CVSS5.2AI score0.00071EPSS
CVE
CVE
added 2016/06/13 1:59 a.m.69 views

CVE-2016-2066

Integer signedness error in the MSM QDSP6 audio driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (memory corruption) via a crafted application that...

7.8CVSS7.3AI score0.00241EPSS
CVE
CVE
added 2016/08/07 9:59 p.m.69 views

CVE-2016-5340

The is_ashmem_file function in drivers/staging/android/ashmem.c in a certain Qualcomm Innovation Center (QuIC) Android patch for the Linux kernel 3.x mishandles pointer validation within the KGSL Linux Graphics Module, which allows attackers to bypass intended access restrictions by using the /ashm...

7.8CVSS7.1AI score0.00022EPSS
CVE
CVE
added 2016/12/28 7:59 a.m.69 views

CVE-2016-9755

The netfilter subsystem in the Linux kernel before 4.9 mishandles IPv6 reassembly, which allows local users to cause a denial of service (integer overflow, out-of-bounds write, and GPF) or possibly have unspecified other impact via a crafted application that makes socket, connect, and writev system...

7.8CVSS7.4AI score0.00051EPSS
CVE
CVE
added 2021/06/07 8:15 p.m.69 views

CVE-2020-36387

An issue was discovered in the Linux kernel before 5.8.2. fs/io_uring.c has a use-after-free related to io_async_task_func and ctx reference holding, aka CID-6d816e088c35.

7.8CVSS7.3AI score0.00057EPSS
CVE
CVE
added 2024/03/04 7:15 p.m.69 views

CVE-2021-47106

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix use-after-free in nft_set_catchall_destroy() We need to use list_for_each_entry_safe() iteratorbecause we can not access @catchall after kfree_rcu() call. syzbot reported: BUG: KASAN: use-after-free in nft...

7.8CVSS6.5AI score0.00012EPSS
CVE
CVE
added 2024/03/15 9:15 p.m.69 views

CVE-2021-47109

In the Linux kernel, the following vulnerability has been resolved: neighbour: allow NUD_NOARP entries to be forced GCed IFF_POINTOPOINT interfaces use NUD_NOARP entries for IPv6. It's possible tofill up the neighbour table with enough entries that it will overflow forvalid connections after that. ...

5.5CVSS6.8AI score0.00009EPSS
CVE
CVE
added 2024/03/15 9:15 p.m.69 views

CVE-2021-47123

In the Linux kernel, the following vulnerability has been resolved: io_uring: fix ltout double free on completion race Always remove linked timeout on io_link_timeout_fn() from the masterrequest link list, otherwise we may get use-after-free when firstio_link_timeout_fn() puts linked timeout in the...

7.8CVSS6.7AI score0.00018EPSS
CVE
CVE
added 2024/03/25 10:15 a.m.69 views

CVE-2021-47167

In the Linux kernel, the following vulnerability has been resolved: NFS: Fix an Oopsable condition in __nfs_pageio_add_request() Ensure that nfs_pageio_error_cleanup() resets the mirror array contents,so that the structure reflects the fact that it is now empty.Also change the test in nfs_pageio_do...

5.5CVSS6.3AI score0.00011EPSS
CVE
CVE
added 2024/03/25 10:15 a.m.69 views

CVE-2021-47169

In the Linux kernel, the following vulnerability has been resolved: serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait' In 'rp2_probe', the driver registers 'rp2_uart_interrupt' then calls'rp2_fw_cb' through 'request_firmware_nowait'. In 'rp2_fw_cb', if thefirmware don't exists...

5.5CVSS6.3AI score0.00014EPSS
CVE
CVE
added 2024/04/10 7:15 p.m.69 views

CVE-2021-47200

In the Linux kernel, the following vulnerability has been resolved: drm/prime: Fix use after free in mmap with drm_gem_ttm_mmap drm_gem_ttm_mmap() drops a reference to the gem object on success. Ifthe gem object's refcount == 1 on entry to drm_gem_prime_mmap(), thatdrop will free the gem object, an...

7.8CVSS6.5AI score0.00012EPSS
CVE
CVE
added 2024/05/21 3:15 p.m.69 views

CVE-2021-47226

In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Invalidate FPU state after a failed XRSTOR from a user buffer Both Intel and AMD consider it to be architecturally valid for XRSTOR tofail with #PF but nonetheless change the register state. The actualconditions under whic...

7.1CVSS6.7AI score0.00053EPSS
CVE
CVE
added 2024/05/21 3:15 p.m.69 views

CVE-2021-47355

In the Linux kernel, the following vulnerability has been resolved: atm: nicstar: Fix possible use-after-free in nicstar_cleanup() This module's remove path calls del_timer(). However, that functiondoes not wait until the timer handler finishes. This means that thetimer handler may still be running...

7.8CVSS6.6AI score0.00018EPSS
CVE
CVE
added 2024/05/21 3:15 p.m.69 views

CVE-2021-47359

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix soft lockup during fsstress Below traces are observed during fsstress and system got hung.[ 130.698396] watchdog: BUG: soft lockup - CPU#6 stuck for 26s!

5.5CVSS6.8AI score0.00012EPSS
CVE
CVE
added 2024/05/21 3:15 p.m.69 views

CVE-2021-47371

In the Linux kernel, the following vulnerability has been resolved: nexthop: Fix memory leaks in nexthop notification chain listeners syzkaller discovered memory leaks [1] that can be reduced to thefollowing commands: ip nexthop add id 1 blackhole devlink dev reload pci/0000:06:00.0 As part of the ...

7.1CVSS8AI score0.00015EPSS
CVE
CVE
added 2024/05/21 3:15 p.m.69 views

CVE-2021-47409

In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: check return value after calling platform_get_resource() It will cause null-ptr-deref if platform_get_resource() returns NULL,we need check the return value.

5.5CVSS6.7AI score0.00007EPSS
CVE
CVE
added 2024/05/21 3:15 p.m.69 views

CVE-2021-47421

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: handle the case of pci_channel_io_frozen only in amdgpu_pci_resume In current code, when a PCI error state pci_channel_io_normal is detectd,it will report PCI_ERS_RESULT_CAN_RECOVER status to PCI driver, and PCIdriver w...

6.7AI score0.00062EPSS
CVE
CVE
added 2024/05/22 7:15 a.m.69 views

CVE-2021-47433

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix abort logic in btrfs_replace_file_extents Error injection testing uncovered a case where we'd end up with acorrupt file system with a missing extent in the middle of a file. Thisoccurs because the if statement to decide ...

7AI score0.00018EPSS
CVE
CVE
added 2024/05/22 9:15 a.m.69 views

CVE-2021-47475

In the Linux kernel, the following vulnerability has been resolved: comedi: vmk80xx: fix transfer-buffer overflows The driver uses endpoint-sized USB transfer buffers but up untilrecently had no sanity checks on the sizes. Commit e1f13c879a7c ("staging: comedi: check validity of wMaxPacketSizeof us...

6.6AI score0.00049EPSS
CVE
CVE
added 2024/05/22 9:15 a.m.69 views

CVE-2021-47479

In the Linux kernel, the following vulnerability has been resolved: staging: rtl8712: fix use-after-free in rtl8712_dl_fw Syzbot reported use-after-free in rtl8712_dl_fw(). The problem was inrace condition between r871xu_dev_remove() ->ndo_open() callback. It's easy to see from crash log, that d...

6.7AI score0.00028EPSS
CVE
CVE
added 2024/05/22 9:15 a.m.69 views

CVE-2021-47493

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix race between searching chunks and release journal_head from buffer_head Encountered a race between ocfs2_test_bg_bit_allocatable() andjbd2_journal_put_journal_head() resulting in the below vmcore. PID: 106879 TASK: ffff8...

6.8AI score0.0005EPSS
CVE
CVE
added 2024/05/24 3:15 p.m.69 views

CVE-2021-47500

In the Linux kernel, the following vulnerability has been resolved: iio: mma8452: Fix trigger reference couting The mma8452 driver directly assigns a trigger to the struct iio_dev. TheIIO core when done using this trigger will call iio_trigger_put() to dropthe reference count by 1. Without the matc...

7.8CVSS6.7AI score0.00015EPSS
CVE
CVE
added 2024/05/24 3:15 p.m.69 views

CVE-2021-47538

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer() Need to call rxrpc_put_local() for peer candidate before kfree() as itholds a ref to rxrpc_local. [DH: v2: Changed to abstract the peer freeing code out into a function]

6.8AI score0.00022EPSS
CVE
CVE
added 2024/05/24 3:15 p.m.69 views

CVE-2021-47555

In the Linux kernel, the following vulnerability has been resolved: net: vlan: fix underflow for the real_dev refcnt Inject error before dev_hold(real_dev) in register_vlan_dev(),and execute the following testcase: ip link add dev dummy1 type dummyip link add name dummy1.100 link dummy1 type vlan i...

4.4CVSS6.7AI score0.00019EPSS
CVE
CVE
added 2024/06/19 3:15 p.m.69 views

CVE-2021-47586

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: dwmac-rk: fix oob read in rk_gmac_setup KASAN reports an out-of-bounds read in rk_gmac_setup on the line: while (ops->regs[i]) { This happens for most platforms since the regs flexible array member isempty, so the m...

5.5CVSS7AI score0.0001EPSS
CVE
CVE
added 2024/06/19 3:15 p.m.69 views

CVE-2021-47596

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix use-after-free bug in hclgevf_send_mbx_msg Currently, the hns3_remove function firstly uninstall client instance,and then uninstall acceletion engine device. The netdevice is freed inclient instance uninstall process...

7.8CVSS8AI score0.00013EPSS
CVE
CVE
added 2024/06/19 3:15 p.m.69 views

CVE-2021-47603

In the Linux kernel, the following vulnerability has been resolved: audit: improve robustness of the audit queue handling If the audit daemon were ever to get stuck in a stopped state thekernel's kauditd_thread() could get blocked attempting to send auditrecords to the userspace audit daemon. With ...

4.4CVSS6.4AI score0.00011EPSS
CVE
CVE
added 2025/02/26 6:37 a.m.69 views

CVE-2021-47651

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: rpmpd: Check for null return of devm_kcalloc Because of the possible failure of the allocation, data->domains mightbe NULL pointer and will cause the dereference of the NULL pointerlater.Therefore, it might be better ...

5.5CVSS5.4AI score0.00024EPSS
CVE
CVE
added 2024/05/21 4:15 p.m.69 views

CVE-2022-48709

In the Linux kernel, the following vulnerability has been resolved: ice: switch: fix potential memleak in ice_add_adv_recipe() When ice_add_special_words() fails, the 'rm' is not released, which willlead to a memory leak. Fix this up by going to 'err_unroll' label. Compile tested only.

5.5CVSS6.6AI score0.00041EPSS
CVE
CVE
added 2024/06/20 12:15 p.m.69 views

CVE-2022-48766

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Wrap dcn301_calculate_wm_and_dlg for FPU. Mirrors the logic for dcn30. Cue lots of WARNs and somekernel panics without this fix.

5.5CVSS6.7AI score0.00017EPSS
CVE
CVE
added 2025/02/26 7:0 a.m.69 views

CVE-2022-49110

In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: revisit gc autotuning as of commit 4608fdfc07e1("netfilter: conntrack: collect all entries in one cycle")conntrack gc was changed to run every 2 minutes. On systems where conntrack hash table is set to large v...

5.4AI score0.00041EPSS
CVE
CVE
added 2025/02/26 7:0 a.m.69 views

CVE-2022-49118

In the Linux kernel, the following vulnerability has been resolved: scsi: hisi_sas: Free irq vectors in order for v3 HW If the driver probe fails to request the channel IRQ or fatal IRQ, thedriver will free the IRQ vectors before freeing the IRQs in free_irq(),and this will cause a kernel BUG like ...

5.2AI score0.00044EPSS
CVE
CVE
added 2025/02/26 7:0 a.m.69 views

CVE-2022-49120

In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix task leak in pm8001_send_abort_all() In pm8001_send_abort_all(), make sure to free the allocated sas taskif pm8001_tag_alloc() or pm8001_mpi_build_cmd() fail.

6.5AI score0.00044EPSS
CVE
CVE
added 2025/02/26 7:0 a.m.69 views

CVE-2022-49174

In the Linux kernel, the following vulnerability has been resolved: ext4: fix ext4_mb_mark_bb() with flex_bg with fast_commit In case of flex_bg feature (which is by default enabled), extents forany given inode might span across blocks from two different block group.ext4_mb_mark_bb() only reads the...

5.1AI score0.00044EPSS
CVE
CVE
added 2025/02/26 7:0 a.m.69 views

CVE-2022-49213

In the Linux kernel, the following vulnerability has been resolved: ath10k: Fix error handling in ath10k_setup_msa_resources The device_node pointer is returned by of_parse_phandle() with refcountincremented. We should use of_node_put() on it when done. This function only calls of_node_put() in the...

5.5CVSS5.4AI score0.00045EPSS
CVE
CVE
added 2025/02/26 7:1 a.m.69 views

CVE-2022-49258

In the Linux kernel, the following vulnerability has been resolved: crypto: ccree - Fix use after free in cc_cipher_exit() kfree_sensitive(ctx_p->user.key) will free the ctx_p->user.key. Butctx_p->user.key is still used in the next line, which will lead to ause after free. We can call kfre...

7.8CVSS5.5AI score0.00025EPSS
CVE
CVE
added 2025/02/26 7:1 a.m.69 views

CVE-2022-49260

In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/sec - fix the aead software fallback for engine Due to the subreq pointer misuse the private context memory. The aeadsoft crypto occasionally casues the OS panic as setting the 64K page.Here is fix it.

5.4AI score0.00057EPSS
CVE
CVE
added 2025/02/26 7:1 a.m.69 views

CVE-2022-49310

In the Linux kernel, the following vulnerability has been resolved: char: xillybus: fix a refcount leak in cleanup_dev() usb_get_dev is called in xillyusb_probe. So it is better to callusb_put_dev before xdev is released.

5.5CVSS5.3AI score0.00025EPSS
CVE
CVE
added 2025/02/26 7:1 a.m.69 views

CVE-2022-49320

In the Linux kernel, the following vulnerability has been resolved: dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type In zynqmp_dma_alloc/free_chan_resources functions there is apotential overflow in the below expressions. dma_alloc_coherent(chan->dev, (2 * chan->desc_s...

5.6AI score0.00068EPSS
CVE
CVE
added 2025/02/26 7:1 a.m.69 views

CVE-2022-49357

In the Linux kernel, the following vulnerability has been resolved: efi: Do not import certificates from UEFI Secure Boot for T2 Macs On Apple T2 Macs, when Linux attempts to read the db and dbx efi variablesat early boot to load UEFI Secure Boot certificates, a page fault occursin Apple firmware c...

5AI score0.00053EPSS
CVE
CVE
added 2025/02/26 7:1 a.m.69 views

CVE-2022-49369

In the Linux kernel, the following vulnerability has been resolved: amt: fix possible memory leak in amt_rcv() If an amt receives packets and it finds socket.If it can't find a socket, it should free a received skb.But it doesn't.So, a memory leak would possibly occur.

5.5CVSS5.5AI score0.00022EPSS
CVE
CVE
added 2025/02/26 7:1 a.m.69 views

CVE-2022-49382

In the Linux kernel, the following vulnerability has been resolved: soc: rockchip: Fix refcount leak in rockchip_grf_init of_find_matching_node_and_match returns a node pointer with refcountincremented, we should use of_node_put() on it when done.Add missing of_node_put() to avoid refcount leak.

5.5CVSS5.3AI score0.00024EPSS
CVE
CVE
added 2025/02/26 7:1 a.m.69 views

CVE-2022-49435

In the Linux kernel, the following vulnerability has been resolved: mfd: davinci_voicecodec: Fix possible null-ptr-deref davinci_vc_probe() It will cause null-ptr-deref when using 'res', if platform_get_resource()returns NULL, so move using 'res' after devm_ioremap_resource() thatwill check it to a...

6.5AI score0.00068EPSS
Total number of security vulnerabilities10926