14031 matches found
CVE-2010-0291
CVE-2010-0291 is a Linux kernel local privilege/escalation/DoS issue described in connected advisories as affecting the kernel before 2.6.32.4. The vulnerability stems from the do_mremap/mmap handling, allowing local users to gain privileges or trigger a panic. The MiracleLinux AXSA:2010-377:12 a...
CVE-2010-1086
The CVE-2010-1086 entry concerns the Linux kernel (dvb-core) ULE decapsulation code in dvb_net.c. A vulnerability in the ULE Payload Pointer handling allows an attacker to induce an infinite-loop denial of service via a crafted MPEG-2 TS frame, affecting kernel 2.6.33 and earlier. Connected advis...
CVE-2010-1088
CVE-2010-1088 affects the MiracleLinux 3 kernel package (kernel-2.6.18-194.3.AXS3). It concerns the Linux kernel component fs/namei.c for versions 2.6.18 through 2.6.34 where automounting of NFS symlinks may not be followed, with the impact described as “unknown” in the advisory and related to LO...
CVE-2010-4077
CVE-2010-4077 affects the Linux kernel up to 2.6.36.1: the function ntty_ioctl_tiocgicount in drivers/char/nozomi.c fails to initialize a structure member, allowing local attackers to read potentially sensitive information from kernel stack memory via the TIOCGICOUNT ioctl. The connected advisori...
CVE-2010-4565
CVE-2010-4565 affects the Linux kernel CAN implementation (bcm_connect in net/can/bcm.c) on 2.6.36 and earlier, where a publicly accessible file is created with a filename containing a kernel memory address. This filename exposure can allow local attackers to glean potentially sensitive informati...
CVE-2011-1748
CVE-2011-1748 affects the Linux kernel: the raw_release function in net/can/raw.c fails to validate a socket data structure, enabling local users to trigger a NULL pointer dereference (denial of service) or possibly other impact via a crafted release operation. Affected versions are the kernel be...
CVE-2011-1927
The CVE-2011-1927 entry concerns the Linux kernel: the ip_expire function in net/ipv4/ip_fragment.c before 2.6.39 fails to properly construct ICMP_TIME_EXCEEDED after a timeout, allowing remote attackers to trigger a NULL pointer dereference and crash parts of the kernel via crafted fragmented pa...
CVE-2011-2905
CVE-2011-2905 refers to an untrusted search path vulnerability in the perf tool’s perf_config function (tools/perf/util/config.c) as distributed in the Linux kernel prior to 3.1. A local user can overwrite files via a crafted config file located in the current working directory. The vulnerability...
CVE-2011-4915
CVE-2011-4915 affects the Linux kernel, specifically the file fs/proc/base.c, up to version 3.1. It enables a local attacker to disclose sensitive keystroke information by accessing /proc/interrupts, constituting an information-disclosure vulnerability. Root cause: improper exposure of keystroke-...
CVE-2012-2137
CVE-2012-2137 describes a buffer overflow in virt/kvm/irq_comm.c within the Linux kernel's KVM subsystem, exploitable by local users on kernel versions before 3.2.24. The flaw enables denial of service (crash) and potentially arbitrary code execution via vectors involving Message Signaled Interru...
CVE-2012-6647
The CVE-2012-6647 issue affects the Linux kernel futex_wait_requeue_pi implementation in kernel/futex.c, vulnerable in versions before 3.5.1. The flaw allows a local attacker to cause a denial of service via a crafted FUTEX_WAIT_REQUEUE_PI command resulting in a NULL pointer dereference and syste...
CVE-2013-4591
CVE-2013-4591 is a Linux kernel vulnerability affecting the nfs4 ACL path: a buffer overflow in __nfs4_get_acl_uncached within fs/nfs/nfs4proc.c, fixed in kernel 3.7.2. Versions before 3.7.2 are vulnerable to local memory corruption leading to denial of service (memory corruption and system crash...
CVE-2014-0203
CVE-2014-0203 affects the Linux kernel up to version 2.6.32.x, where the __do_follow_link function in fs/namei.c mishandles the last pathname component for certain filesystems, enabling a local attacker to trigger a denial of service (incorrect free operations and system crash) via an open() call...
CVE-2014-6416
CVE-2014-6416 describes a buffer overflow in net/ceph/auth_x.c used by Ceph within the Linux kernel prior to 3.16.3. An unencrypted, long auth ticket can be exploited remotely to trigger memory corruption and a kernel panic (DoS). Connected advisories reiter the same root cause and impact. Remedi...
CVE-2015-8966
CVE-2015-8966 affects the Linux kernel — specifically arch/arm/kernel/sys_oabi-compat.c — where, in versions before 4.4, a local user can gain privileges by crafting an fcntl64 call (F_OFD_GETLK, F_OFD_SETLK, or F_OFD_SETLKW). The connected Nessus advisories corroborate the kernel file and vulner...
CVE-2017-17852
CVE-2017-17852 affects the Linux kernel’s BPF verifier (kernel/bpf/verifier.c) up to version 4.14.8. The root cause is mishandling of 32-bit ALU operations, which can allow local users to cause a denial of service (memory corruption) and possibly other impact. The connected Nessus entries repeat ...
CVE-2017-17854
CVE-2017-17854 affects the Linux kernel's kernel/bpf/verifier.c, with the vulnerability existing in images up to kernel version 4.14.8. The issue arises from unrestricted integer values used in pointer arithmetic, enabling local users to trigger a denial of service (integer overflow and memory co...
CVE-2017-18261
CVE-2017-18261 : The issue is in the Linux kernel, specifically the arch_timer_reg_read_stable macro in arch/arm64/include/asm/arch_timer.h, with versions before 4.13. It allows a local user to trigger a denial of service (infinite recursion) by writing to a file under /sys/kernel/debug in certai...
CVE-2018-6559
CVE-2018-6559 affects the Linux kernel overlayfs in Ubuntu 18.04/18.10. The vulnerability arises when mapping directory contents permissions inside nested user namespaces; a local attacker could exploit this to reveal names of files they would not normally access, bypassing some access controls. ...
CVE-2020-36387
CVE-2020-36387 affects the Linux kernel up to version 5.8.2, where a use-after-free exists in fs/io_uring.c related to io_async_task_func and ctx reference holding (CID-6d816e088c35). Multiple connected advisories reference Linux kernels before 5.8.2 and indicate that patch/update to 5.8.2 or lat...
CVE-2020-36791
The CVE-2020-36791 entry refers to a Linux kernel net_sched issue where cp->alloc_hash could be left at an incorrect size after a hash allocation, enabling a potential out-of-bounds access. The described root cause is that the hash calculation was moved before tcindex_alloc_perfect_hash() but ...
CVE-2021-47059
CVE-2021-47059 concerns a memory leak in the Linux kernel crypto: sun8i-ss component, resolved by a patch that fixes a leak on an error path. The available connected documents indicate the affected code path and the underlying fix but do not provide exploitation details, affected release versions...
CVE-2021-47149
The CVE-2021-47149 entry concerns a Linux kernel vulnerability in the Fujitsu net driver where fmvj18x_get_hwinfo() dereferences NULL if ioremap fails. The fix adds a check on the ioremap return value and returns -1 to the caller on failure, preventing a NULL pointer dereference. Public details i...
CVE-2021-47249
CVE-2021-47249 concerns a memory-leak in the Linux kernel’s net: rds path, fixed by correcting refcount handling in rds_recvmsg. The issue occurred when an error happened in rds_cmsg_recv(): after a successful rds_next_incoming(rs, &inc) the code would increment inc’s refcount, but on failure to ...
CVE-2021-47337
The CVE-2021-47337 issue is in the Linux kernel SCSI core path: when an error arises during scsi_host_alloc() and the error-handling ehandler thread fails to spawn, shost->ehandler may be set to ERR_PTR(-ENOMEM) and scsi_host_dev_release() would call kthread_stop() on a NULL/invalid pointer, r...
CVE-2021-47358
CVE-2021-47358 concerns the Linux kernel staging/greybus uart use-after-free vulnerability. The root cause is improper lifetime management of greybus tty state after disconnect, allowing user-space processes to hold an open tty indefinitely and for tty drivers to release underlying structures whi...
CVE-2021-47374
CVE-2021-47374 affects the Linux kernel DMA subsystem where an error path in DMA API drivers could generate a flood of printk messages. The vulnerability arises from an error condition that can be reached millions of times per second, spamming the kernel printk buffer and driving CPU usage to 100...
CVE-2021-47475
CVE-2021-47475 is a Linux kernel vulnerability in the comedi vmk80xx USB driver. The issue arises from transfer-buffer size checks: buffers were endpoint-sized and lacked validation, enabling overflows when a malicious device with larger max-packet sizes or unexpected accesses could write past th...
CVE-2021-47551
CVE-2021-47551 : In the Linux kernel, the issue affects the DRM AMD amdkfd driver used with SR-IOV configurations. The root cause is a kernel panic that can occur when a reset has failed and is triggered again; the driver may attempt uninitialization again and fail to resume cpsch, since there is...
CVE-2021-47620
CVE-2021-47620 — Linux kernel Bluetooth vulnerability : The issue occurs in the Bluetooth adv data handling where an out-of-bounds read could occur after advancing the ptr in a loop. The patch prevents the check from being performed after ptr advances by moving the bounds check to the beginning o...
CVE-2021-47656
Summary (CVE-2021-47656): In the Linux kernel’s jffs2 subsystem, a use-after-free occurs in jffs2_clear_xattr_subsystem during mounting a jffs2 image when an abnormal block is encountered. The code path frees an xattr_ref object twice (UAF) due to a call sequence in jffs2_build_filesystem/jffs2_d...
CVE-2022-1247
CVE-2022-1247 affects the Linux kernel, specifically the rose driver. The issue is a race condition in rose_connect() where the driver tracks usage with rose_neigh->use. When deleting a rose_route via rose_ioctl(), the driver calls rose_del_node() and only removes neighbours if both their coun...
CVE-2022-3533
CVE-2022-3533 affects the Linux kernel’s BPF component, specifically the parse_usdt_arg function in tools/lib/bpf/usdt.c, where manipulation of the reg_name argument leads to a memory leak. The vulnerability is described across multiple sources (NVD, vendor advisories) and a patch is recommended ...
CVE-2022-3977
CVE-2022-3977 is a use-after-free in the Linux kernel MCTP implementation. It occurs when a user performs a DROPTAG ioctl while a socket close happens, potentially crashing the system or allowing local privilege escalation. The issue is documented across multiple sources (NVD entry and OSV/GNU-fa...
CVE-2022-48710
CVE-2022-48710 concerns the Linux kernel Radeon driver. Inradeon_fp_native_mode() , the code assigns the return ofdrm_mode_duplicate() to a mode pointer and may dereference a NULL on failure. The issue is resolved by adding a NULL-pointer check to avoid NP: when drm_mode_duplicate() fails, and th...
CVE-2022-48788
CVE-2022-48788 (Linux kernel nvme-rdma) : A use-after-free in the nvme-rdma transport error_recovery logic was fixed. The issue involved a race between submit_async_event_work and the error recovery handler when destroying the admin queue and changing the ctrl state; the fix requires flushing asy...
CVE-2022-48852
The CVE (CVE-2022-48852) affects the Linux kernel DRM/VC4 HDMI driver. The issue arises because the HDMI codec device is registered on bind but not unregistered on unbind, causing a device leak. Root cause: unbind path does not unregister the HDMI codec device, leaving orphaned device state. The ...
CVE-2022-48919
CVE-2022-48919 affects the Linux kernel’s CIFS mount flow. The issue is a double-free race in cifs_get_root() when a mount fails inside cifs_smb3_do_mount(); deactivate_locked_super() leads to delayed_free(), potentially freeing resources twice if code continues to the out: path. The vulnerabilit...
CVE-2022-48957
Summary: CVE-2022-48957 is a Linux kernel issue in the dpaa2-switch component where a memory leak can occur because cmd_buff is not freed on error in dpaa2_switch_acl_entry_add() and dpaa2_switch_acl_entry_remove(). The connected documents confirm the root cause and that a fix was applied, e.g., ...
CVE-2022-48972
CVE-2022-48972 affects the Linux kernel’s mac802154 code path. The issue arises in ieee802154_if_add() where a wpan_dev private data structure’s list is not initialized, potentially leading to a NULL pointer dereference during notifier handling (cfg802154_netdev_notifier_call) as devices are regi...
CVE-2022-49059
The CVE-2022-49059 issue is a Linux kernel vulnerability in NFC/NCI where a race between a delayed mechanism (timer) and a workqueue can lead to a use-after-free when detaching an NCI device. The fix added flush_workqueue to prevent this UAF by ensuring the timer/workqueue lifecycle cannot race w...
CVE-2022-49074
CVE-2022-49074 concerns the Linux kernel vulnerability in the GICv3 interrupt controller. The issue was caused by incorrect polling of GICR RWP in redistributors, where the code tested the distributor bit index instead of the correct RWP bit, a mistake that reportedly persisted for eight years. T...
CVE-2022-49084
Summary (CVE-2022-49084): The vulnerability in the Linux kernel affects the qede subsystem where qede_build_skb() assumes build_skb() always succeeds and proceeds to skb_reserve() even if it returns NULL under memory pressure. The fix adds a NULL check for build_skb() and returns NULL when alloca...
CVE-2022-49113
CVE-2022-49113 — In the Linux kernel, a refcount leak in powerpc/secvar, specifically in format_show(), is fixed. The leak can occur when format_show returns failure in multiple paths. The mitigation is the unified management of of_node_put to correct the leak. The available connected sources con...
CVE-2022-49151
CVE-2022-49151 is a Linux kernel vulnerability in the CAN/USB subsystem (can: mcba_usb) where usb_submit_urb() could warn due to an incorrect endpoint type. Syzbot reported a bogus urb transfer when the pipe’s type did not match the endpoint, prompting a code path change: pipes are now saved in m...
CVE-2022-49164
CVE-2022-49164 describes a Linux kernel vulnerability on PowerPC with TM (transaction memory) that could corrupt the user r13 register due to a SLB miss during treclaim/trechkpt handling. The issue occurs when SCRATCH0 is live with the saved user r13 value, which can be clobbered by the kernel r1...
CVE-2022-49187
The CVE-2022-49187 entry concerns the Linux kernel clk subsystem. A NULL device pointer in clk_core (often from clk_register/clk_hw_register paths) can lead to a NULL pointer dereference when clk_hw_get_clk() is invoked on a clk_hw whose clk_core.dev is NULL, due to a call to dev_name() on NULL. ...
CVE-2022-49189
CVE-2022-49189 : In the Linux kernel (clk-rcg2, Qualcomm display pixel clock), final D calculation for the M/N ratio could fall outside the accepted range, causing underflow. The fix updates the D-value calculation to respect the valid range for given M and N, preventing underflow. Affected compo...
CVE-2022-49206
CVE-2022-49206 affects the Linux kernel RDMA/mlx5 path. The issue is a memory leak in the error flow of the subscribe event routine where a second xa_insert() failure leaves obj_event unreleased. The fix adds proper memory cleanup in the error unwinding path to prevent the leak. The documented im...
CVE-2022-49224
CVE-2022-49224 affects the Linux kernel in the power: supply: ab8500 module, where a memory leak can occur because kobject_init_and_add() may fail and memory is not released. The fix is to call kobject_put() on error to properly clean up, as documented in the vulnerability description. The issue ...