14430 matches found
CVE-2011-4347
CVE-2011-4347 affects the Linux kernel KVM: kvm_vm_ioctl_assign_device in virt/kvm/assigned-dev.c fails to verify permissions for PCI config space and BAR resources, enabling a local attacker (host OS user) to assign PCI devices via KVM_ASSIGN_PCI_DEVICE and cause a host crash; fixed in Linux ker...
CVE-2008-5713
The CVE-2008-5713 vulnerability affects the Linux kernel (pre-2.6.25) on SMP systems, where the __qdisc_run function in net/sched/sch_generic.c can be abused to cause a soft lockup/DoS by issuing a large volume of traffic (demonstrated with Netperf UDP_STREAM). Connected advisories note a mitigat...
CVE-2009-1883
CVE-2009-1883 affects the Linux kernel z90crypt driver, where a missing capability check in the z90crypt_unlocked_ioctl for the Z90QUIESCE operation can let a local user with an effective UID of 0 bypass restrictions, potentially forcing a driver outage and enabling privilege escalation. The issu...
CVE-2009-4027
The CVE-2009-4027 issue is a race condition in Linux kernel mac80211 subsystem (pre-2.6.32-rc8-next-20091201) that enables a remote attacker to crash the system via a crafted DELBA frame, in the absence of an aggregation session. Connected documents confirm affected kernel versions and the Denial...
CVE-2010-1086
The CVE-2010-1086 entry concerns the Linux kernel (dvb-core) ULE decapsulation code in dvb_net.c. A vulnerability in the ULE Payload Pointer handling allows an attacker to induce an infinite-loop denial of service via a crafted MPEG-2 TS frame, affecting kernel 2.6.33 and earlier. Connected advis...
CVE-2011-0710
CVE-2011-0710 affects the Linux kernel on the s390 platform. The function task_show_regs in arch/s390/kernel/traps.c permits a local user to read the registers of an arbitrary process by reading a status file under /proc, for kernels before 2.6.38-rc4-next-20110216. The connected MiracleLinux adv...
CVE-2011-1173
CVE-2011-1173 affects the Linux kernel on x86_64 prior to 2.6.39. The vulnerability is in the econet_sendmsg function (net/econet/af_econet.c) and allows a remote attacker to read uninitialized data from kernel stack memory via an Acorn Universal Networking (AUN) packet, enabling information disc...
CVE-2012-2383
CVE-2012-2383 affects the Linux kernel DRM/i915 component: an integer overflow in i915_gem_execbuffer2() within drivers/gpu/drm/i915/i915_gem_execbuffer.c. On 32-bit platforms and prior to kernel 3.3.5, this allows a local user to trigger an out-of-bounds write via a crafted ioctl, leading to a p...
CVE-2012-6544
CVE-2012-6544 affects the Linux kernel Bluetooth stack prior to 3.6. The issue arises from improper initialization of certain structures in the L2CAP/HCI paths, enabling a local attacker to read sensitive data from kernel stack memory via a crafted application. MiracleLinux AXSA-2014-258 (kernel-...
CVE-2013-4270
CVE-2013-4270 affects the Linux kernel: the net_ctl_permissions function in net/sysctl_net.c may misdetermine uid/gid, allowing a local user to bypass /proc/sys/net restrictions. Affected: kernels before 3.11.5 (reported in EulerOS advisories and Nessus/OpenVAS listings). Impact is local privileg...
CVE-2014-3535
CVE-2014-3535 affects the Linux kernel prior to 2.6.36, specifically the include/linux/netdevice.h logging macros. The root cause is incorrect use of macros for netdev_printk, enabling a remote attacker to trigger a NULL pointer dereference and system crash by sending invalid packets to a VxLAN i...
CVE-2017-17852
CVE-2017-17852 affects the Linux kernel’s BPF verifier (kernel/bpf/verifier.c) up to version 4.14.8. The root cause is mishandling of 32-bit ALU operations, which can allow local users to cause a denial of service (memory corruption) and possibly other impact. The connected Nessus entries repeat ...
CVE-2017-9985
CVE-2017-9985 is a local double-fetch vulnerability in the Linux kernel (snd_msndmidi_input_read in sound/isa/msnd/msnd_midi.c) affecting up to version 4.11.7. Exploitation can cause denial of service (over-boundary access) with potential unspecified impact. Public references in Nessus/OpenVAS/U-...
CVE-2018-7754
CVE-2018-7754 affects the Linux kernel via aoedisk_debugfs_show in drivers/block/aoe/aoeblk.c. The function can be triggered by reading a debugfs file, allowing local users to obtain sensitive address information (ffree: lines). The issue is described as exploitable locally with kernel up to 4.16...
CVE-2021-47059
CVE-2021-47059 concerns a memory leak in the Linux kernel crypto: sun8i-ss component, resolved by a patch that fixes a leak on an error path. The available connected documents indicate the affected code path and the underlying fix but do not provide exploitation details, affected release versions...
CVE-2021-47207
CVE-2021-47207 (Linux kernel) : A null pointer dereference in ALSA gus handling (snd_gf1_dma_next_block) could occur if the pointer block returned null. The issue is fixed by adding a null check before dereferencing the pointer. Impact per the entry: local attack vector, low privileges required, ...
CVE-2021-47217
The CVE-2021-47217 issue is in the Linux kernel's x86/hyperv code: a NULL dereference in set_hv_tscchange_cb() if Hyper-V setup fails. The vulnerability occurs when hv_vp_index is dereferenced without validating its array, causing a kernel NULL pointer dereference and potentially disabling Hyper-...
CVE-2021-47250
CVE-2021-47250: memory leak in Linux kernel netlbl_cipsov4_add_std. The memory for doi_def->map.std allocated in netlbl_cipsov4_add_std is not freed anywhere; it should be freed in cipso_v4_doi_free, which frees the cipso DOI resource. This vulnerability detail is consistently described in con...
CVE-2021-47258
CVE-2021-47258 affects the Linux kernel scsi subsystem. The vulnerability arises from incorrect error handling in scsi_host_alloc, leading to a leaked device name if the device is not freed after initialization or when its name is set via dev_set_name. The published fixes replace kfree() with put...
CVE-2021-47307
CVE-2021-47307 affects the Linux kernel CIFS code; a NULL pointer dereference in cifs_compose_mount_options() could occur when the optional ref parameter contains a NULL node_name. The issue has been resolved in the kernel, with fixes committed in stable updates (references point to kernel commit...
CVE-2021-47328
Mode C: CVE-2021-47328 affects the Linux kernel in the SCSI/ISCSI stack. The issue is a use-after-free in iscsi_conn during resets when an unbind target call hasn’t occurred, leading to a race where iscsi_conn_teardown may free the connection while EH/threads access it. The fix moves TMF fields f...
CVE-2021-47368
CVE-2021-47368 concerns a Linux kernel vulnerability in enetc where irq_set_affinity_hit() stores a cpumask_t reference in an irq descriptor, referencing memory on the stack. This leads to illegal accesses when the affinity_hint is read via procfs, potentially causing paging oops. The issue is mi...
CVE-2021-47376
CVE-2021-47376 is a Linux kernel issue where an oversize allocation in kmalloc path could trigger a warning during BPF verification. The provided description and connected advisories indicate the fix adds an oversize check before kvcalloc() via the commit that introduces the guard in mm/kvmalloc(...
CVE-2021-47388
In the Linux kernel, CVE-2021-47388 affects mac80211 within CCMP/GCMP RX, where PN checking for fragmentation could use a stale hdr reference after a potential reallocation, leading to a use-after-free. The fix reloads the PN/hdr after the reallocating code path to ensure the PN is checked agains...
CVE-2021-47395
CVE-2021-47395 : Linux kernel/mac80211 vulnerability where the rate limiting for injected VHT MCS/NSS in ieee80211_parse_tx_radiotap was tightened to fix a syzkaller warning. Affected component: mac80211 (ieee80211_parse_tx_radiotap, ieee80211_rate_set_vht). Reported impact in the public docs is ...
CVE-2021-47399
Technical details about CVE-2021-47399 (ixgbe NULL pointer dereference) are not provided in the supplied documents. Monitor for updates from vendors; no concrete technical details are included here.
CVE-2021-47478
CVE-2021-47478 : In the Linux kernel, the isofs driver could read beyond the end of the buffer when processing corrupted isofs images in isofs_read_inode(). The fix adds a sanity check on the directory entry length before use, preventing out-of-bounds reads. Remediation is to apply the kernel pat...
CVE-2021-47479
The CVE-2021-47479 entry concerns the Linux kernel staging driver rtl8712 (rtl8712_dl_fw) with a use-after-free caused by a race between r871xu_dev_remove() and the ndo_open() callback. The issue arises when firmware is freed before the network device is unregistered, allowing the driver to acces...
CVE-2021-47493
CVE-2021-47493 is a Linux kernel issue affecting ocfs2 where a race between searching chunks and releasing journal_head from a buffer_head can lead to a page fault or panic. The root cause is a race between ocfs2_test_bg_bit_allocatable() and jbd2_journal_put_journal_head(), with bg_bh->b_priv...
CVE-2021-47546
CVE-2021-47546 is a Linux kernel vulnerability affecting IPv6 nftables rules. When a fib6_rule_suppress path and a suppress_prefix rule exist, memory leaks occur in ip6_dst_cache per-packet allocations. The root cause is a mismatch between generic FIB_LOOKUP_NOREF and the IPv6-specific RT6_LOOKUP...
CVE-2021-47552
CVE-2021-47552 – Linux kernel : The vulnerability stems from blk-mq dispatch cancellation logic. Previously, blk_mq_quiesce_queue() was not invoked in blk_cleanup_queue(), delaying cancellation to disk_release(), which allowed a race where a scsi_device could be freed before blk_release_queue() r...
CVE-2021-47636
CVE-2021-47636 relates to the Linux kernel ubifs_wbuf_write_nolock() reading beyond buf bounds, causing a slab-out-of-bounds read in KASAN/ubifs paths. The vulnerability arises when len is not 8-byte aligned and the function writes via ubifs_leb_write(), potentially reading past the end of the bu...
CVE-2021-47638
CVE-2021-47638 affects the Linux kernel ubifs implementation. The issue is a double-free of whiteout_ui->data during the rename_whiteout path, caused by freeing whiteout_ui->data and then freeing ui->data in ubifs_free_inode via ubifs_rename/do_rename flow. KASAN reports double-free; the...
CVE-2022-3533
CVE-2022-3533 affects the Linux kernel’s BPF component, specifically the parse_usdt_arg function in tools/lib/bpf/usdt.c, where manipulation of the reg_name argument leads to a memory leak. The vulnerability is described across multiple sources (NVD, vendor advisories) and a patch is recommended ...
CVE-2022-48705
CVE-2022-48705 concerns the Linux kernel WiFi driver mt76 mt7921e. When a device driver fails during a chip reset, the reset sequence may loop, leaving tx_napi disabled/waiting for a state change and potentially causing a system crash. The fix changes the reset flow to avoid waiting on napi state...
CVE-2022-48711
The CVE-2022-48711 entry concerns the Linux kernel TIPC protocol. It fixes a size-validation race in tipc_mon_rcv() that processes received domain_record structures from peers. If a domain record carries more than MAX_MON_DOMAIN (64) members, a stack overflow could occur. A defensive patch adds a...
CVE-2022-48744
In CVE-2022-48744, the Linux kernel net/mlx5e driver was made resilient to field-bound checking by avoiding a field-overflowing memcpy() across neighboring fields. The root cause involved copying MLX5E_XDP_MIN_INLINE bytes into a 2-byte inline_hdr.start, causing writes to adjacent data (vlan_tci,...
CVE-2022-48775
CVE-2022-48775 concerns a memory leak in the Linux kernel under the hv: vmbus driver: the function kobject_init_and_add() can return an error without releasing the allocated object, leading to a leak. The documented fix is to call kobject_put() when an error occurs, preventing memory retention. T...
CVE-2022-48788
CVE-2022-48788 (Linux kernel nvme-rdma) : A use-after-free in the nvme-rdma transport error_recovery logic was fixed. The issue involved a race between submit_async_event_work and the error recovery handler when destroying the admin queue and changing the ctrl state; the fix requires flushing asy...
CVE-2022-48826
Mode C: CVE-2022-48826 affects the Linux kernel drm/vc4, where a deadlock can occur during DSI device attach error when the host device lock is held. Specifically, in the device attach error path, un-registering the host can deadlock with a call trace involving device_del/unregister, mipi_dsi_hos...
CVE-2022-49051
CVE-2022-49051 concerns the Linux kernel USB driver net: usb: aqc111, specifically the aqc111_rx_fixup() function. The advisory states multiple out-of-bounds accesses that a malicious or defective USB device can trigger, including OOB reads in the metadata array (desc_offset..desc_offset+2*pkt_co...
CVE-2022-49061
The CVE-2022-49061 issue affects the Linux kernel net: ethernet: stmmac altr_tse_pcs when using a fixed-link. The driver crashes with a null-pointer dereference because phy_device is not provided to tse_pcs_fix_mac_speed. The patch adds a check for phy_dev before calling tse_pcs_fix_mac_speed() a...
CVE-2022-49118
CVE-2022-49118 relates to the Linux kernel SCSI driver for Hisilicon SAS v3 hardware. The vulnerability arises when the driver probe fails to request the channel IRQ or a fatal IRQ, causing the driver to free IRQ vectors before freeing the IRQs in free_irq(), which can trigger a kernel BUG. The d...
CVE-2022-49174
The CVE-2022-49174 entry concerns the Linux kernel ext4 code: when flex_bg with fast_commit is enabled, ext4_mb_mark_bb() may read the block bitmap buffer_head only for the starting block group, failing to refresh it when an inode extents crosses a block-group boundary. This can cause memory acce...
CVE-2022-49187
The CVE-2022-49187 entry concerns the Linux kernel clk subsystem. A NULL device pointer in clk_core (often from clk_register/clk_hw_register paths) can lead to a NULL pointer dereference when clk_hw_get_clk() is invoked on a clk_hw whose clk_core.dev is NULL, due to a call to dev_name() on NULL. ...
CVE-2022-49193
CVE-2022-49193 concerns the Linux kernel ice driver: a scheduling-while-atomic bug during aux critical error interrupt in ice_misc_intr() could lead to an oops via a mutex lock path. The fixed sequence adds handling in process context (ice_service_task) and introduces a PF state bit (oicr_err_reg...
CVE-2022-49232
CVE-2022-49232 is a Linux kernel vulnerability in the DRM/AMD display path. In amdgpu_dm_connector_add_common_modes(), the code assigns the result of amdgpu_dm_create_common_mode() to mode and then passes it to drm_mode_probed_add(). If amdgpu_dm_create_common_mode() fails, mode may be NULL and d...
CVE-2022-49260
Technical details for CVE-2022-49260 are not publicly available in the provided documents. Monitor for updates from the OSV/SUSE advisories and related feeds.
CVE-2022-49342
CVE-2022-49342 affects the Linux kernel net/ethernet/bgmac path (bcma_mdio_mii_register) where of_get_child_by_name() increases the node refcount, causing a refcount leak. The root cause is missing of_node_put() on unused nodes. Patches add the missing of_node_put() to prevent leaks. Patched stat...
CVE-2022-49432
CVE-2022-49432 affects the Linux kernel on PowerPC/xics: a refcount leak in icp_opal_init() was fixed. The root cause is that of_find_compatible_node() returns a node pointer with refcount already incremented, and the fix is to call of_node_put() on it when done. The upstream description notes th...