Lucene search

K
LinuxLinux Kernel

10741 matches found

CVE
CVE
added 2013/02/19 7:55 p.m.60 views

CVE-2013-0290

The __skb_recv_datagram function in net/core/datagram.c in the Linux kernel before 3.8 does not properly handle the MSG_PEEK flag with zero-length data, which allows local users to cause a denial of service (infinite loop and system hang) via a crafted application.

4.9CVSS5.9AI score0.00036EPSS
CVE
CVE
added 2014/10/13 10:55 a.m.60 views

CVE-2014-7283

The xfs_da3_fixhashpath function in fs/xfs/xfs_da_btree.c in the xfs implementation in the Linux kernel before 3.14.2 does not properly compare btree hash values, which allows local users to cause a denial of service (filesystem corruption, and OOPS or panic) via operations on directories that have...

4.9CVSS5AI score0.0004EPSS
CVE
CVE
added 2014/11/10 11:55 a.m.60 views

CVE-2014-8481

The instruction decoder in arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel before 3.18-rc2 does not properly handle invalid instructions, which allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via a crafted application that triggers (1)...

4.9CVSS6.9AI score0.00072EPSS
CVE
CVE
added 2016/08/07 9:59 p.m.60 views

CVE-2016-2064

sound/soc/msm/qdsp6v2/msm-audio-effects-q6-v2.c in the MSM QDSP6 audio driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service (buffer over-read) or possibly have unspecifie...

7.8CVSS7.7AI score0.00114EPSS
CVE
CVE
added 2016/06/27 10:59 a.m.60 views

CVE-2016-4440

arch/x86/kvm/vmx.c in the Linux kernel through 4.6.3 mishandles the APICv on/off state, which allows guest OS users to obtain direct APIC MSR access on the host OS, and consequently cause a denial of service (host OS crash) or possibly execute arbitrary code on the host OS, via x2APIC mode.

7.8CVSS7.8AI score0.00124EPSS
CVE
CVE
added 2017/03/08 1:59 a.m.60 views

CVE-2017-0523

An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Andro...

7.6CVSS6.7AI score0.00056EPSS
CVE
CVE
added 2017/03/08 1:59 a.m.60 views

CVE-2017-0525

An elevation of privilege vulnerability in the Qualcomm IPA driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10,...

7.6CVSS6.6AI score0.0024EPSS
CVE
CVE
added 2017/12/27 5:8 p.m.60 views

CVE-2017-17853

kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect BPF_RSH signed bounds calculations.

7.8CVSS7.4AI score0.00071EPSS
CVE
CVE
added 2017/02/06 6:59 a.m.60 views

CVE-2017-5546

The freelist-randomization feature in mm/slab.c in the Linux kernel 4.8.x and 4.9.x before 4.9.5 allows local users to cause a denial of service (duplicate freelist entries and system crash) or possibly have unspecified other impact in opportunistic circumstances by leveraging the selection of a la...

7.8CVSS8.1AI score0.00079EPSS
CVE
CVE
added 2017/04/24 11:59 p.m.60 views

CVE-2017-8106

The handle_invept function in arch/x86/kvm/vmx.c in the Linux kernel 3.12 through 3.15 allows privileged KVM guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via a single-context INVEPT instruction with a NULL EPT pointer.

5.5CVSS5AI score0.00038EPSS
CVE
CVE
added 2024/03/04 6:15 p.m.60 views

CVE-2021-47093

In the Linux kernel, the following vulnerability has been resolved: platform/x86: intel_pmc_core: fix memleak on registration failure In case device registration fails during module initialisation, theplatform device structure needs to be freed using platform_device_put()to properly free all resour...

5.5CVSS6.3AI score0.00012EPSS
CVE
CVE
added 2024/03/15 9:15 p.m.60 views

CVE-2021-47122

In the Linux kernel, the following vulnerability has been resolved: net: caif: fix memory leak in caif_device_notify In case of caif_enroll_dev() fail, allocatedlink_support won't be assigned to the correspondingstructure. So simply free allocated pointer in caseof error

5.5CVSS6.5AI score0.00012EPSS
CVE
CVE
added 2024/03/25 10:15 a.m.60 views

CVE-2021-47174

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo_avx2: Add irq_fpu_usable() check, fallback to non-AVX2 version Arturo reported this backtrace: [709732.358791] WARNING: CPU: 3 PID: 456 at arch/x86/kernel/fpu/core.c:128 kernel_fpu_begin_mask+0xae/0xe0[709...

5.5CVSS6.6AI score0.00011EPSS
CVE
CVE
added 2024/05/21 3:15 p.m.60 views

CVE-2021-47255

In the Linux kernel, the following vulnerability has been resolved: kvm: LAPIC: Restore guard to prevent illegal APIC register access Per the SDM, "any access that touches bytes 4 through 15 of an APICregister may cause undefined behavior and must not be executed."Worse, such an access in kvm_lapic...

7.1CVSS6.5AI score0.00011EPSS
CVE
CVE
added 2024/05/21 3:15 p.m.60 views

CVE-2021-47303

In the Linux kernel, the following vulnerability has been resolved: bpf: Track subprog poke descriptors correctly and fix use-after-free Subprograms are calling map_poke_track(), but on program release there is nohook to call map_poke_untrack(). However, on program release, the aux memory(and poke ...

7.8CVSS6.5AI score0.00097EPSS
CVE
CVE
added 2024/05/21 3:15 p.m.60 views

CVE-2021-47325

In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Fix arm_smmu_device refcount leak in address translation The reference counting issue happens in several exception handling pathsof arm_smmu_iova_to_phys_hard(). When those error scenarios occur, thefunction forgets...

5.5CVSS6.6AI score0.00041EPSS
CVE
CVE
added 2024/05/21 3:15 p.m.60 views

CVE-2021-47332

In the Linux kernel, the following vulnerability has been resolved: ALSA: usx2y: Don't call free_pages_exact() with NULL address Unlike some other functions, we can't pass NULL pointer tofree_pages_exact(). Add a proper NULL check for avoiding possibleOops.

5.5CVSS6.8AI score0.00011EPSS
CVE
CVE
added 2024/05/21 3:15 p.m.60 views

CVE-2021-47333

In the Linux kernel, the following vulnerability has been resolved: misc: alcor_pci: fix null-ptr-deref when there is no PCI bridge There is an issue with the ASPM(optional) capability checking function.A device might be attached to root complex directly, in this case,bus->self(bridge) will be N...

5.5CVSS6.9AI score0.00011EPSS
CVE
CVE
added 2024/05/21 3:15 p.m.60 views

CVE-2021-47367

In the Linux kernel, the following vulnerability has been resolved: virtio-net: fix pages leaking when building skb in big mode We try to use build_skb() if we had sufficient tailroom. But we forgetto release the unused pages chained via private in big mode which willleak pages. Fixing this by rele...

5.5CVSS7AI score0.00008EPSS
CVE
CVE
added 2024/05/21 3:15 p.m.60 views

CVE-2021-47370

In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure tx skbs always have the MPTCP ext Due to signed/unsigned comparison, the expression: info->size_goal - skb->len > 0 evaluates to true when the size goal is smaller than theskb size. That results in lack of tx...

5.5CVSS6.9AI score0.00011EPSS
CVE
CVE
added 2024/05/21 3:15 p.m.60 views

CVE-2021-47397

In the Linux kernel, the following vulnerability has been resolved: sctp: break out if skb_header_pointer returns NULL in sctp_rcv_ootb We should always check if skb_header_pointer's return is NULL beforeusing it, otherwise it may cause null-ptr-deref, as syzbot reported: KASAN: null-ptr-deref in r...

5.5CVSS6.7AI score0.00007EPSS
CVE
CVE
added 2024/05/21 3:15 p.m.60 views

CVE-2021-47420

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: fix a potential ttm->sg memory leak Memory is allocated for ttm->sg by kmalloc in kfd_mem_dmamap_userptr,but isn't freed by kfree in kfd_mem_dmaunmap_userptr. Free it!

5.5CVSS6.7AI score0.00015EPSS
CVE
CVE
added 2024/05/22 7:15 a.m.60 views

CVE-2021-47450

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix host stage-2 PGD refcount The KVM page-table library refcounts the pages of concatenated stage-2PGDs individually. However, when running KVM in protected mode, thehost's stage-2 PGD is currently managed by EL2 as a ...

6.6AI score0.00017EPSS
CVE
CVE
added 2024/05/22 7:15 a.m.60 views

CVE-2021-47463

In the Linux kernel, the following vulnerability has been resolved: mm/secretmem: fix NULL page->mapping dereference in page_is_secretmem() Check for a NULL page->mapping before dereferencing the mapping inpage_is_secretmem(), as the page's mapping can be nullified while gup()is running, e.g....

5.5CVSS6.5AI score0.00048EPSS
CVE
CVE
added 2024/05/24 3:15 p.m.60 views

CVE-2021-47553

In the Linux kernel, the following vulnerability has been resolved: sched/scs: Reset task stack state in bringup_cpu() To hot unplug a CPU, the idle task on that CPU calls a few layers of Ccode before finally leaving the kernel. When KASAN is in use, poisonedshadow is left around for each of the ac...

7.1AI score0.00039EPSS
CVE
CVE
added 2024/05/24 3:15 p.m.60 views

CVE-2021-47564

In the Linux kernel, the following vulnerability has been resolved: net: marvell: prestera: fix double free issue on err path fix error path handling in prestera_bridge_port_join() thatcases prestera driver to crash (see below). Trace:Internal error: Oops: 96000044 [#1] SMPModules linked in: preste...

7.8CVSS6.7AI score0.00034EPSS
CVE
CVE
added 2024/06/19 3:15 p.m.60 views

CVE-2021-47585

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix memory leak in __add_inode_ref() Line 1169 (#3) allocates a memory chunk for victim_name by kmalloc(),but when the function returns in line 1184 (#4) victim_name allocatedby line 1169 (#3) is not freed, which will lead t...

5.5CVSS7AI score0.00011EPSS
CVE
CVE
added 2024/06/19 3:15 p.m.60 views

CVE-2021-47595

In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_ets: don't remove idle classes from the round-robin list Shuang reported that the following script: tc qdisc add dev ddd0 handle 10: parent 1: ets bands 8 strict 4 priomap 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 mausezahn dd...

5.5CVSS6.9AI score0.00011EPSS
CVE
CVE
added 2025/02/26 6:37 a.m.60 views

CVE-2021-47643

In the Linux kernel, the following vulnerability has been resolved: media: ir_toy: free before error exiting Fix leak in error path.

5.4AI score0.00034EPSS
CVE
CVE
added 2022/09/01 9:15 p.m.60 views

CVE-2022-2308

A flaw was found in vDPA with VDUSE backend. There are currently no checks in VDUSE kernel driver to ensure the size of the device config space is in line with the features advertised by the VDUSE userspace application. In case of a mismatch, Virtio drivers config read helpers do not initialize the...

6.5CVSS6.8AI score0.00014EPSS
CVE
CVE
added 2024/04/28 1:15 p.m.60 views

CVE-2022-48657

In the Linux kernel, the following vulnerability has been resolved: arm64: topology: fix possible overflow in amu_fie_setup() cpufreq_get_hw_max_freq() returns max frequency in kHz as unsigned int ,while freq_inv_set_max_ratio() gets passed this frequency in Hz as 'u64'.Multiplying max frequency by...

7.8CVSS6.8AI score0.00019EPSS
CVE
CVE
added 2024/04/28 1:15 p.m.60 views

CVE-2022-48663

In the Linux kernel, the following vulnerability has been resolved: gpio: mockup: fix NULL pointer dereference when removing debugfs We now remove the device's debugfs entries when unbinding the driver.This now causes a NULL-pointer dereference on module exit because theplatform devices are unregis...

5.5CVSS6.5AI score0.00011EPSS
CVE
CVE
added 2024/06/20 11:15 a.m.60 views

CVE-2022-48717

In the Linux kernel, the following vulnerability has been resolved: ASoC: max9759: fix underflow in speaker_gain_control_put() Check for negative values of "priv->gain" to prevent an out of boundsaccess. The concern is that these might come from the user via:-> snd_ctl_elem_write_user()-> ...

7.8CVSS6.5AI score0.00028EPSS
CVE
CVE
added 2024/06/20 12:15 p.m.60 views

CVE-2022-48724

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() After commit e3beca48a45b ("irqdomain/treewide: Keep firmware nodeunconditionally allocated"). For tear down scenario, fn is only freedafter fail to allocate ir_d...

5.5CVSS7AI score0.00008EPSS
CVE
CVE
added 2024/06/20 12:15 p.m.60 views

CVE-2022-48734

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock between quota disable and qgroup rescan worker Quota disable ioctl starts a transaction before waiting for the qgrouprescan worker completes. However, this wait can be infinite and resultsin deadlock because of ...

5.5CVSS7.2AI score0.00009EPSS
CVE
CVE
added 2024/06/20 12:15 p.m.60 views

CVE-2022-48744

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Avoid field-overflowing memcpy() In preparation for FORTIFY_SOURCE performing compile-time and run-timefield bounds checking for memcpy(), memmove(), and memset(), avoidintentionally writing across neighboring fields. Us...

6.5AI score0.00021EPSS
CVE
CVE
added 2024/06/20 12:15 p.m.60 views

CVE-2022-48752

In the Linux kernel, the following vulnerability has been resolved: powerpc/perf: Fix power_pmu_disable to call clear_pmi_irq_pending only if PMI is pending Running selftest with CONFIG_PPC_IRQ_SOFT_MASK_DEBUG enabled in kerneltriggered below warning: [ 172.851380] ------------[ cut here ]---------...

6.6AI score0.00039EPSS
CVE
CVE
added 2024/06/20 12:15 p.m.60 views

CVE-2022-48759

In the Linux kernel, the following vulnerability has been resolved: rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev struct rpmsg_ctrldev contains a struct cdev. The current code freesthe rpmsg_ctrldev struct in rpmsg_ctrldev_release_device(), but thecdev is a managed object, the...

6.6AI score0.00039EPSS
CVE
CVE
added 2024/07/16 12:15 p.m.60 views

CVE-2022-48793

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: nSVM: fix potential NULL derefernce on nested migration Turns out that due to review feedback and/or rebasesI accidentally moved the call to nested_svm_load_cr3 to be too early,before the NPT is enabled, which is very wro...

5.5CVSS6.9AI score0.0003EPSS
CVE
CVE
added 2024/08/22 2:15 a.m.60 views

CVE-2022-48916

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix double list_add when enabling VMD in scalable mode When enabling VMD and IOMMU scalable mode, the following kernel paniccall trace/kernel log is shown in Eagle Stream platform (Sapphire RapidsCPU) during booting: pc...

5.5CVSS6.5AI score0.0003EPSS
CVE
CVE
added 2024/08/22 4:15 a.m.60 views

CVE-2022-48933

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix memory leak during stateful obj update stateful objects can be updated from the control plane.The transaction logic allocates a temporary object for this purpose. The ->init function was called for this...

5.5CVSS7AI score0.00037EPSS
CVE
CVE
added 2024/10/21 8:15 p.m.60 views

CVE-2022-48950

In the Linux kernel, the following vulnerability has been resolved: perf: Fix perf_pending_task() UaF Per syzbot it is possible for perf_pending_task() to run after theevent is free()'d. There are two related but distinct cases: the task_work was already queued before destroying the event; destroyi...

7.8CVSS7.3AI score0.0007EPSS
CVE
CVE
added 2024/10/21 8:15 p.m.60 views

CVE-2022-48953

In the Linux kernel, the following vulnerability has been resolved: rtc: cmos: Fix event handler registration ordering issue Because acpi_install_fixed_event_handler() enables the eventautomatically on success, it is incorrect to call it before thehandler routine passed to it is ready to handle eve...

5.5CVSS5.2AI score0.00068EPSS
CVE
CVE
added 2024/10/21 8:15 p.m.60 views

CVE-2022-49033

In the Linux kernel, the following vulnerability has been resolved: btrfs: qgroup: fix sleep from invalid context bug in btrfs_qgroup_inherit() Syzkaller reported BUG as follows: BUG: sleeping function called from invalid context atinclude/linux/sched/mm.h:274Call Trace:dump_stack_lvl+0xcd/0x134__m...

5.5CVSS5.4AI score0.0005EPSS
CVE
CVE
added 2025/01/02 3:15 p.m.60 views

CVE-2022-49035

In the Linux kernel, the following vulnerability has been resolved: media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE I expect that the hardware will have limited this to 16, but just incase it hasn't, check for this corner case.

5.5CVSS7AI score0.00028EPSS
CVE
CVE
added 2025/02/26 7:0 a.m.60 views

CVE-2022-49071

In the Linux kernel, the following vulnerability has been resolved: drm/panel: ili9341: fix optional regulator handling If the optional regulator lookup fails, reset the pointer to NULL.Other functions such as mipi_dbi_poweron_reset_conditional() only doa NULL pointer check and will otherwise deref...

5.5CVSS6.5AI score0.00017EPSS
CVE
CVE
added 2025/02/26 7:0 a.m.60 views

CVE-2022-49082

In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix use after free in _scsih_expander_node_remove() The function mpt3sas_transport_port_remove() called in_scsih_expander_node_remove() frees the port field of the sas_expanderstructure, leading to the following use-...

7.8CVSS5.5AI score0.00018EPSS
CVE
CVE
added 2025/02/26 7:0 a.m.60 views

CVE-2022-49110

In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: revisit gc autotuning as of commit 4608fdfc07e1("netfilter: conntrack: collect all entries in one cycle")conntrack gc was changed to run every 2 minutes. On systems where conntrack hash table is set to large v...

5.4AI score0.00033EPSS
CVE
CVE
added 2025/02/26 7:0 a.m.60 views

CVE-2022-49163

In the Linux kernel, the following vulnerability has been resolved: media: imx-jpeg: fix a bug of accessing array out of bounds When error occurs in parsing jpeg, the slot isn't acquired yet, it maybe the default value MXC_MAX_SLOTS.If the driver access the slot using the incorrect slot number, it ...

5.4AI score0.00052EPSS
CVE
CVE
added 2025/02/26 7:0 a.m.60 views

CVE-2022-49184

In the Linux kernel, the following vulnerability has been resolved: net: sparx5: switchdev: fix possible NULL pointer dereference As the possible failure of the allocation, devm_kzalloc() may return NULLpointer.Therefore, it should be better to check the 'db' in order to preventthe dereference of N...

5.5CVSS5.4AI score0.00017EPSS
Total number of security vulnerabilities10741