CVE-2020-8648

CVE-2020-8648 is a use-after-free in the Linux kernel’s n_tty_receive_buf_common function (drivers/tty/n_tty.c), affecting kernel builds up to 5.5.2. It is a local vulnerability; exploitation could crash the kernel (DoS), with CVSS notes indicating local access and high impact on availability. Co...

CVE-2021-37576

CVE-2021-37576: Linux kernel on the PowerPC/KVM path (arch/powerpc/kvm/book3s_rtas.c) allows KVM guest OS users to cause host memory corruption via rtas_args.nargs. Affected: Linux kernel up to 5.13.5 for PowerPC; CVE-ID appears in multiple advisories (e.g., Astra Linux, Cloud Foundry mentions). ...

CVE-2021-3640

The CVE-2021-3640 entry is confirmed with concrete technical details in Connected documents: a use-after-free in the Linux kernel HCI sco_sock_sendmsg() is triggered by user actions around UFFDIO_REGISTER and related race with sco_conn_del(). The flaw allows a local privileged user to crash the s...

CVE-2023-4921

CVE-2023-4921 is a Linux kernel net/sched vulnerability in the qfq (Priority Fair Queue) subsystem. When the plug qdisc is used as a class of the qfq qdisc, sending packets can trigger a use-after-free in qfq_dequeue() due to the incorrect .peek handler in sch_plug and missing error checking in a...

CVE-2019-11884

The CVE-2019-11884 entry affects the Linux kernel's HIDP path. It concerns the do_hidp_sock_ioctl in net/bluetooth/hidp/sock.c, where a HIDPCONNADD command can leak data from kernel stack memory due to a name field not properly ending with a NUL terminator. The vulnerability allows local attacker...

CVE-2021-4155

CVE-2021-4155 is a data-leak in the XFS filesystem via the XFS_IOC_ALLOCSP IOCTL that increases the size of files with unaligned sizes. A local attacker could leak data not accessible otherwise. Affected: Linux kernel with XFS. Root cause: flaw in handling size increases for unaligned allocations...

CVE-2021-28950

CVE-2021-28950 affects the Linux kernel FUSE path: the issue is in fs/fuse/fuse_i.h and causes a stall on the CPU when a retry loop keeps selecting the same bad inode. A patch-level fix exists in kernel releases up to 5.11.8 and later (addresses the underlying bad-inode handling in FUSE); some so...

CVE-2021-27364

CVE-2021-27364 is a Linux kernel issue affecting the iSCSI libiscsi/iscsi subsystem (out-of-bounds read in the libiscsi module leading to possible kernel memory disclosure or crash). Connected advisories confirm related CVEs (27363, 27365) in the same area affecting sessions/handles and heap over...

CVE-2019-11487

The CVE-2019-11487 issue affects the Linux kernel prior to 5.1-rc5, enabling a page->_refcount overflow that can cause use-after-free when large RAM (≈140 GiB) is present, notably under FUSE workloads (fs/fuse/dev.c, mm/gup.c, mm/hugetlb.c, etc.). Affects multiple kernel components (fs/fuse, f...

CVE-2020-14314

CVE-2020-14314 is a memory out-of-bounds read in the Linux kernel’s ext3/ext4 directory handling that can crash the system on a local user. Public advisories confirm the issue affects the kernel and is tied to ext3/ext4 filesystem access with broken indexing, contributing to availability impact. ...

CVE-2020-26558

CVE-2020-26558: Bluetooth Core 2.1–5.2 Passkey entry/mitm reflection vulnerability. Nearby attacker could identify the Passkey during pairing by reflecting public key and authentication evidence, enabling completion of authenticated pairing with the correct Passkey. Astra Linux bulletin repeats t...

CVE-2021-46934

CVE-2021-46934 affects the Linux kernel i2c subsystem, specifically the compat ioctl path. The issue was that wrong user data could cause warnings in i2c_transfer(); userspace might trigger warnings through the compat ioctl. The patch adds validation of user data in the compat ioctl to prevent re...

CVE-2020-14385

CVE-2020-14385 affects the Linux kernel prior to 5.9-rc4. A failure in the XFS file system metadata validator can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt, potentially shutting down the filesystem or making it inaccessible until remounted, resulting ...

CVE-2019-19527

CVE-2019-19527 is a use-after-free vulnerability in the Linux kernel caused by a malformed interaction with a malicious USB device in the hiddev.c driver (drivers/hid/usbhid). Affected releases are Linux kernels prior to 5.2.10. The impact, as indicated in the CVE entry, includes potential compro...

CVE-2022-4378

CVE-2022-4378 is a Linux kernel stack overflow flaw in the SYSCTL subsystem triggered by how a user changes certain kernel parameters, allowing a local user to crash the system or potentially escalate privileges. Public advisories (ALSA and CloudLinux entries) confirm the issue affects stack over...

CVE-2018-9568

This CVE-2018-9568 entry concerns the Linux kernel socket code: In sk_clone_lock of sock.c, a memory corruption due to type confusion could allow local privilege escalation without user interaction. Affected product/version in the initial doc is Android kernel; connected MiracleLinux advisory con...

CVE-2019-10207

The CVE-2019-10207 entry describes a local DoS in Linux kernels via Bluetooth UART mishandling. Affected: Linux kernel Bluetooth UART implementation, versions 3.x.x prior to 4.18.0 and 5.x.x. Vulnerable action: a crafted ioctl call by a local attacker with write access to Bluetooth hardware can c...

CVE-2020-12659

Concrete details found: CVE-2020-12659 affects the Linux kernel before 5.6.7. The vulnerability is an out-of-bounds write in xdp_umem_reg() of net/xdp/xdp_umem.c, exploitable by a user with CAP_NET_ADMIN due to missing headroom validation. Impact described across connected docs includes potential...

CVE-2023-2177

CVE-2023-2177 describes a NULL pointer dereference in SCTP processing in Linux kernel: if stream_in allocation fails, stream_out is freed and later accessed, allowing a local user to crash the system or cause a denial of service. Affected component: net/sctp/stream_sched.c. Exploitation info is n...

CVE-2017-18595

Linux kernel before 4.14.11 is affected by a double-free in allocate_trace_buffer (kernel/trace/trace.c). This CVE-2017-18595 issue can enable memory corruption when the trace buffer is allocated, and is exploitable with local access. The vulnerability is tied to kernel versions older than 4.14.1...

CVE-2019-7221

CVE-2019-7221 is a Use-after-Free in the KVM implementation of the Linux kernel up to version 4.20.5. The vulnerability concerns KVM VMX preemption timer handling and is locally exploitable with low privileges and no user interaction, potentially affecting confidentiality, integrity, and availabi...

CVE-2020-36385

CVE-2020-36385 is a use-after-free in the Linux kernel prior to 5.10, specifically in drivers/infiniband/core/ucma.c where the ctx is reachable via the ctx_list in certain ucma_migrate_id paths when ucma_close is called. This vulnerability affects the Linux kernel before 5.10; a fix is referenced...

CVE-2018-20836

CVE-2018-20836 : A race condition in the Linux kernel before 4.20, specifically in drivers/scsi/libsas/sas_expander.c (smp_task_timedout() vs smp_task_done()), can lead to a use-after-free. Affected: Linux kernel versions prior to 4.20. Impact is described as high by CVSS. The provided documents ...

CVE-2018-5390

CVE-2018-5390 (SegmentSmack) affects Linux kernels 4.9+ where specially crafted TCP packets can trigger expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue(), potentially exhausting CPU and causing DoS. The Citrix advisory corroborates that TCP reassembly issues can lead to CPU sa...

CVE-2023-0459

CVE-2023-0459: Linux kernel on 64-bit systems is affected by a local elevation of information disclosure due to Copy_from_user bypassing __uaccess_begin_nospec, bypassing access_ok and allowing a user to pass a kernel pointer to copy_from_user. Root cause is the __uaccess_begin_nospec handling. I...

CVE-2022-0330

CVE-2022-0330 affects the Linux kernel i915 GPU driver. The root cause is a missing GPU TLB flush in the i915 driver, enabling a local attacker to cause a denial of service or privilege escalation by running code on the GPU. Public documents from connected sources confirm the flaw and its associa...

CVE-2022-29582

CVE-2022-29582 refers to a use-after-free in the Linux kernel io_uring timeout handling. The vulnerability resides in fs/io_uring.c and stems from a race condition in io_uring timeouts that can be triggered by a local user who does not have access to any user namespace. The initial description no...

CVE-2019-11810

CVE-2019-11810 affects the Linux kernel up to version before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails inside megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c, leading to a Denial of Service tied to a use-after-free. Public advisories note...

CVE-2021-4453

The CVE-2021-4453 issue in the Linux kernel affects the drm/amd/pm path where gpu_metrics_table memory is leaked: memory allocated in renoir_init_smc_tables() is not freed in smu_v12_0_fini_smc_tables(). The provided documents describe the leak and the fix as freeing gpu_metrics_table, with no ex...

CVE-2018-16871

A CVE-2018-16871 issue exists in the Linux kernel’s NFS implementation (all 3.x and 4.x up to 4.20). A attacker mounting an exported NFS filesystem can trigger a null pointer dereference using an invalid NFS sequence, causing a kernel panic and denying access to the NFS server; outstanding disk w...

CVE-2019-13648

CVE-2019-13648 affects the Linux kernel on PowerPC where hardware transactional memory is disabled. A local user can trigger a denial of service (TM Bad Thing exception and system crash) by sending a crafted signal frame via sigreturn() to arch/powerpc/kernel/signal_32.c and signal_64.c. Public d...

CVE-2019-14815

CVE-2019-14815 is a Linux kernel issue in the Marvell Mwifiex WiFi driver, described in the connected F5 advisory as a heap overflow in mwifiex_set_wmm_params(). The initial document also notes a heap overflow in this driver. The provided sources do not include explicit exploit details, affected ...

CVE-2020-14386

CVE-2020-14386 is a Linux kernel memory-corruption vulnerability affecting the packet socket (AF_PACKET) path that can allow a local attacker to gain kernel privileges. The initial entry cites a memory corruption flaw exploitable by an unprivileged process to achieve root access. Connected adviso...

CVE-2023-3812

CVE-2023-3812 : Linux kernel TUN/TAP driver flaw allows local users to crash or possibly escalate privileges by generating a malicious oversized networking packet when napi frags is enabled. Root cause: out-of-bounds memory access in packet handling. Public details confirm impact and conditional ...

CVE-2020-12655

CVE-2020-12655 affects the Linux kernel’s XFS code path: specifically, xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c up to version 5.6.10. The issue allows an attacker to trigger a sync of excessive duration when processing a crafted XFS v5 image, potentially causing denial of service through prolo...

CVE-2020-25704

CVE-2020-25704 describes a memory leak in the Linux kernel perf subsystem when using PERF_EVENT_IOC_SET_FILTER, enabling a local user to exhaust resources and cause a denial of service. The vulnerability is reiterated across multiple advisories (e.g., ALAS2KERNEL, ALAS-2020-1566, Debian/AlmaLinux...

CVE-2021-27363

CVE-2021-27363 affects the Linux kernel iSCSI subsystem. A flaw leaks the iSCSI transport’s kernel address via the sysfs handle (/sys/class/iscsi_transport/$TRANSPORT_NAME/handle), enabling a local attacker to leak the iscsi_transport pointer and potentially end arbitrary iSCSI connections. Conne...

CVE-2023-0386

CVE-2023-0386 describes a Linux kernel OverlayFS uid-mapping bug that lets a local user escalate privileges by improperly handling execution of setuid-capable files copied between mounts. Connected advisories confirm this CVE affecting upstream Linux kernel and note fixes via newer kernel package...

CVE-2022-2586

CVE-2022-2586 is a Linux kernel use-after-free in netfilter nf_tables related to nft objects/expressions referencing nft sets across tables. Connected Astra Linux advisories confirm the fix was applied by updating the kernel to address: netfilter nf_tables: do not allow SET_ID to refer to another...

CVE-2020-11668

CVE-2020-11668 affects the Linux kernel drivers/media/usb/gspca/xirlink_cit.c (Xirlink camera USB driver). The issue arises from mishandling invalid USB descriptors in this driver, as reported in multiple advisories. The connected documents confirm that this vulnerability can enable a local attac...

CVE-2020-14356

CVE-2020-14356 affects the Linux kernel cgroupv2 subsystem in versions before 5.7.10. The flaw is a use-after-free / NULL pointer dereference in the handling of socket references to cgroups, which, under certain configurations (including reboot scenarios), could allow a local user to crash the sy...

CVE-2020-27777

The CVE-2020-27777 issue concerns the Linux kernel on PowerPC: RTAS memory accesses in the userspace-to-kernel path allow a local, root-like user on a locked-down guest (Secure Boot) running on PowerVM or KVM/pseries to escalate privileges to the running kernel. Root cause is an improper handling...

CVE-2019-15239

The CVE-2019-15239 issue arises from a backported net/ipv4/tcp_output.c change in some 4.9.x and 4.14.x long-term Linux kernels that was correctly fixed in 4.16.12 but incorrectly backported to older LT kernels. This regression enables a local attacker to add to a write queue between disconnectio...

CVE-2021-46913

CVE-2021-46913 affects the Linux kernel nf_tables/nftables clone set element expressions. The root cause is memcpy() corruption when using a connlimit in set elements, which crashes the connlimit garbage collector during list-walk. The documented fix is to initialize the connlimit expression list...

CVE-2022-0322

The CVE-2022-0322 entry concerns a flaw in the Linux kernel SCTP implementation. Specifically, in net/sctp/sm_make_chunk.c, the function sctp_make_strreset_req can trigger a BUG_ON when an operation uses more buffer than allocated, enabling local privilege access to cause a denial of service. Con...

CVE-2020-25285

CVE-2020-25285 is a race condition in the Linux kernel hugetlb sysctl handlers (mm/hugetlb.c) that could allow a local attacker to corrupt memory or trigger NULL pointer dereferences. Public docs (e.g., ChangeLog-5.8.8) indicate the fix was released in kernel 5.8.8; Ubuntu/Debian advisories refer...

CVE-2021-46924

CVE-2021-46924 affects the Linux kernel NFC driver st21nfca. The issue is a memory leak caused by phy->pending_skb being allocated during device probe but not freed on error or remove paths. The connected Astra Linux bulletin and referenced kernel commits confirm the root cause and the remedia...

CVE-2025-39946

CVE-2025-39946 affects the Linux kernel TLS/record parsing path. When a record header is bogus and data arrives in small chunks, tls_rx_msg_size() may not abort early enough, risking skb space overflow due to repeated partial parsing. The fixed behavior aborts the TLS stream as soon as an invalid...

CVE-2019-16089

Summary (CVE-2019-16089): The vulnerability resides in the Linux kernel (through version 5.2.13) where nbd_genl_status in drivers/block/nbd.c does not validate the return value of nla_nest_start_noflag, potentially enabling local privilege impact due to improper netlink attribute nesting checks. ...

CVE-2021-46926

CVE-2021-46926 concerns the Linux kernel ALSA: hda: intel-sdw-acpi component. The flaw arises from the code setting an ACPI handle pointer before confirming the target is a SoundWire controller, allowing a graph-walk flow to continue after pointer assignment. A patch changes the logic to set call...