14430 matches found
CVE-2004-0535
CVE-2004-0535 relates to the Linux kernel's e1000 NIC driver (2.4.x and earlier) where memory used by the driver was not properly initialized before access. This could permit a local attacker to read portions of kernel memory. The issue is documented and linked to several vendor advisories (e.g.,...
CVE-2006-3745
CVE-2006-3745 affects the SCTP implementation in Linux 2.6.x (before 2.6.17.10) and 2.4.x (up to 2.4.33). The vulnerability resides in sctp_make_abort_user and allows a local user to cause a denial of service (panic) and potentially gain root privileges via unspecified attack vectors. Connected s...
CVE-2006-5619
The CVE-2006-5619 issue is a Linux kernel 2.6.x vulnerability (up to 2.6.18-stable) where the /proc/net/ip6_flowlabel path handling can trigger an infinite loop while searching for flowlabels, allowing local users to cause a denial of service (hang or oops). Affected components are the ip6_fl_get...
CVE-2007-1592
The CVE-2007-1592 vulnerability affects the Linux kernel (2.6.x up to 2.6.21-rc3) in net/ipv6/tcp_ipv6.c, where ipv6_fl_socklist is inadvertently shared from a listening IPv6 socket to child sockets. This can allow a local user to cause a denial of service (OOPS) or a double free by attaching a f...
CVE-2007-3740
CVE-2007-3740 describes a flaw in the CIFS filesystem of the Linux kernel prior to 2.6.22 where Unix extension support can fail to honor the process umask, enabling a local user to gain privileges. Affected are kernels with CIFS Unix extensions enabled; impact is local privilege escalation. Remed...
CVE-2007-3848
CVE-2007-3848 affects the Linux kernel (notably 2.4.35 and other versions) by allowing a local user to send arbitrary signals to a higher-privilege child process via a setuid-root parent dying and delivering an attacker-controlled death signal (PR_SET_PDEATHSIG). The issue is listed in advisories...
CVE-2007-4998
CVE-2007-4998 is a local, user‑assisted vulnerability in cp when preserving symlinks across multiple OSes. The issue allows an attacker to cause a race/symlink attack that can overwrite arbitrary files by crafting directories with multiple source files copied to the same destination. Multiple con...
CVE-2007-5093
The CVE-2007-5093 issue affects the Linux kernel pwc (Philips USB Webcam) driver in 2.6.x up to 2.6.22.5, where disconnect relies on user space to close the device. This can allow a user-assisted local attacker to cause a denial of service (USB subsystem hang and khubd CPU usage) by not closing t...
CVE-2007-6762
The vulnerability is in the Linux kernel before 2.6.20, caused by an off-by-one error in net/netlabel/netlabel_cipso_v4.c that can overflow the doi_def->tags[] array. Affected component is the kernel’s netlabel CipSO v4 handling. The provided connected sources confirm the off-by-one overflow c...
CVE-2008-1514
CVE-2008-1514 affects the Linux kernel on IBM System z (s390) where a local user can cause a kernel panic via the 31‑bit ptrace padding test. The issue is in arch/s390/kernel/ptrace.c and occurs in kernels from 2.6.9 and in versions older than 2.6.27-rc6. The vulnerability arises from an invalid ...
CVE-2008-3275
The CVE-2008-3275 issue affects the Linux kernel before 2.6.25.15, where the real_lookup and __lookup_hash functions in fs/namei.c fail to prevent creating a child dentry for a deleted (S_DEAD) directory. This enables a local attacker to trigger a denial of service by repeatedly creating files wi...
CVE-2009-1883
CVE-2009-1883 affects the Linux kernel z90crypt driver, where a missing capability check in the z90crypt_unlocked_ioctl for the Z90QUIESCE operation can let a local user with an effective UID of 0 bypass restrictions, potentially forcing a driver outage and enabling privilege escalation. The issu...
CVE-2009-4027
The CVE-2009-4027 issue is a race condition in Linux kernel mac80211 subsystem (pre-2.6.32-rc8-next-20091201) that enables a remote attacker to crash the system via a crafted DELBA frame, in the absence of an aggregation session. Connected documents confirm affected kernel versions and the Denial...
CVE-2010-4074
CVE-2010-4074 affects Linux kernel USB subsystem prior to 2.6.36-rc5, where several structure members were not properly initialized. This can let local users read potentially sensitive data from kernel stack memory via TIOCGICOUNT-related ioctl paths, specifically mos7720_ioctl and mos7840_ioctl ...
CVE-2011-4081
CVE-2011-4081 affects the Linux kernel crypto/ghash-generic.c. The vulnerability arises when a missing or failed ghash_setkey is followed by ghash_update or ghash_final (demonstrated via AF_ALG socket write), potentially causing a NULL pointer dereference and OOPS. Connected advisories (e.g., Mir...
CVE-2012-2100
The CVE-2012-2100 issue affects the Linux kernel before 3.2.2, on x86 (and unspecified other) platforms, via the ext4_fill_flex_info function in fs/ext4/super.c. It allows user-assisted remote attackers to trigger inconsistent filesystem-groups data and potentially cause a denial of service throu...
CVE-2012-2137
CVE-2012-2137 describes a buffer overflow in virt/kvm/irq_comm.c within the Linux kernel's KVM subsystem, exploitable by local users on kernel versions before 3.2.24. The flaw enables denial of service (crash) and potentially arbitrary code execution via vectors involving Message Signaled Interru...
CVE-2013-7269
The CVE-2013-7269 vulnerability affects the Linux kernel (affected area: net/netrom/af_netrom.c) before 3.12.4. The issue arises when nr_recvmsg updates a length value without ensuring the associated data structure is initialized, enabling local attackers to read kernel memory via recvfrom, recvm...
CVE-2015-5327
CVE-2015-5327 affects the Linux kernel (4.3-rc1 and later); the flaw is an out-of-bounds memory read in x509_decode_time within x509_cert_parser.c. Impact is partially confidentiality (per CVSS2) and high confidentiality (per CVSS3); the issue is fixed by kernel patches (as noted in referenced ad...
CVE-2016-2070
CVE-2016-2070 affects Linux kernels prior to 4.3.5. The tcp_cwnd_reduction function in net/ipv4/tcp_input.c can be triggered by crafted TCP traffic to cause a divide-by-zero DoS and system crash. According to connected advisories, upgrading to kernel 4.3.5 (as cited in ChangeLog-4.3.5) is the rem...
CVE-2016-3135
CVE-2016-3135 is an integer overflow in xt_alloc_table_info (net/netfilter/x_tables.c) of the Linux kernel up to 4.5.2 on 32-bit platforms, enabling local privilege escalation or heap corruption leading to DoS via IPT_SO_SET_REPLACE. Connected documents corroborate the 32-bit overflow in xt_alloc...
CVE-2016-4558
CVE-2016-4558 : The Linux kernel BPF subsystem before 4.5.5 mishandles reference counts, enabling a local attacker to trigger a denial-of-service via use-after-free, with possible other impact on systems with large memory (32 GB+ and 1 TB mentioned in the advisory). The Nessus/NVD documents confi...
CVE-2017-14954
CVE-2017-14954 affects the Linux kernel: the waitid implementation in waitid.c? actually kernel/exit.c in the Linux kernel up to 4.13.4 accesses rusage data structures in unintended cases, enabling local users to obtain sensitive information and bypass the KASLR protection via a crafted system ca...
CVE-2018-17977
CVE-2018-17977 affects Linux kernel 4.14.67, where interaction between XFRM Netlink messages, IPPROTO_AH, and IPPROTO_IP can be exploited locally (with root) to trigger memory exhaustion and system hang; demonstrated on CentOS 7. The provided documents do not specify a fix or patch version.
CVE-2019-18680
Mode C: Affected software is Linux kernel 4.4.x (before 4.4.195). The vulnerability is a NULL pointer dereference in rds_tcp_kill_sock() inside net/rds/tcp.c, which leads to denial of service. Mitigation/workaround: apply the patch from Linux stable 4.4.195 (ChangeLog-4.4.195) or update to a fixe...
CVE-2020-15852
CVE-2020-15852 affects Linux kernel 5.5–5.7.9 (and Xen via 4.13.x for x86 PV guests). The issue stems from mishandling of tss_invalidate_io_bitmap, causing desynchronization between TSS I/O bitmaps and Xen, which may let an attacker gain I/O port permissions of an unrelated task. Public advisorie...
CVE-2021-4440
CVE-2021-4440 (Linux kernel) fixed by commit afd30525a659ac0ae0904f0cb4a2ca75522c3123 upstream: in x86/xen, the paravirt USERGS_SYSRET64 path was dropped and the exit from user space now uses the iret exit from the start instead of sysret, avoiding stack-mangling prerequisites in Xen PV guests. T...
CVE-2021-47231
CVE-2021-47231 describes a memory leak in the Linux kernel SocketCAN driver (mcba_usb). The issue arises in mcba_usb_start() where 20 usb_coherent buffers are allocated but not freed; callbacks resubmit the URB and disconnect handling doesn’t free or mark URB_FREE_BUFFER for coherent buffers. Thi...
CVE-2021-47254
In CVE-2021-47254, the Linux kernel gfs2 subsystem has a use-after-free in gfs2_glock_shrink_scan. The GLF_LRU flag is checked under lru_lock to remove the glock from the lru list in __gfs2_glock_put(), but cond_resched_lock(&lru_lock) allows progress on the put side without deleting the glock fr...
CVE-2021-47281
CVE-2021-47281 affects the Linux kernel ALSA seq subsystem: snd_seq_timer_open() has a race on timeri allocation per queue, allowing a later concurrent call to override the timer and cause a use-after-free until the queue closes. The vulnerability is caused by missing protection when checking the...
CVE-2021-47350
Affected software: Linux kernel on PowerPC. The issue stems from is_exec_fault() returning false for exec faults taken by the kernel, causing set_access_flags_filter() not to set PAGE_EXEC and leading to a perpetual minor exec fault. Root cause traced through a sequence of commits (notably d7df24...
CVE-2021-47357
CVE-2021-47357 : In the Linux kernel, the atm: iphase removal path calls del_timer(), which can leave a timer handler running after the driver remove completes, causing a possible use-after-free. The fix uses del_timer_sync() to wait for the timer handler to finish and prevent rescheduling. Conne...
CVE-2021-47389
CVE-2021-47389 is a Linux kernel/KVM SVM issue related to SevReceiveStart and SEV context decommission. The root cause was a missing SEV decommission step when ASID binding fails after RECEIVE_START, which can leak firmware memory and eventually prevent allocating new SEV guest contexts, causing ...
CVE-2021-47395
CVE-2021-47395 : Linux kernel/mac80211 vulnerability where the rate limiting for injected VHT MCS/NSS in ieee80211_parse_tx_radiotap was tightened to fix a syzkaller warning. Affected component: mac80211 (ieee80211_parse_tx_radiotap, ieee80211_rate_set_vht). Reported impact in the public docs is ...
CVE-2021-47424
The CVE-2021-47424 issue affects the Linux kernel i40e driver. When VSI setup fails during PF switch in i40e_probe(), the code attempted to free misc IRQ vectors in i40e_clear_interrupt_scheme, potentially freeing an IRQ that had not been allocated yet, leading to a kernel Oops (example trace sho...
CVE-2021-47452
CVE-2021-47452: In the Linux kernel, nf_tables netdev event handling during net namespace removal could lead to a redundant UNREGISTER notifier action because the base hook was removed too late. The issue is a sequence/order problem in the notifier vs .pre_exit hook, which could cause an attempt ...
CVE-2021-47521
CVE-2021-47521 affects the Linux kernel via can: sja1000: fix use after free in ems_pcmcia_add_card(). The fix ensures that when the last channel is unavailable, dev is freed and pdev->irq can be used instead, with an additional check that at least one channel was set up. In the available docu...
CVE-2021-47522
CVE-2021-47522 affects the Linux kernel HID bigbenff handling in uhid. When emulating the device, if no output reports exist, report_field may be NULL, risking a NULL pointer dereference. The issue has been resolved in the Linux kernel (as described in connected Astra Linux advisory blocks). Impa...
CVE-2021-47558
The CVE-2021-47558 issue affects Linux kernel’s net:stmmac driver. The bug occurred because Tx queues were not disabled when stopping an interface to apply new configuration, potentially causing a kernel panic during: (1) reconfiguring queue numbers (ethtool -L), (2) resizing ring buffers (ethtoo...
CVE-2021-47565
The CVE-2021-47565 issue is in the Linux kernel, specifically the scsi: mpt3sas path. The root cause is a race/NULL-check problem when iterating over a host (shost) sdev list: a drive may be removed and its sas_target object freed while its sdev remains, allowing code to access sas_target->sas...
CVE-2021-47619
CVE-2021-47619 concerns the i40e Linux kernel XDP path. A PF queue pile fragmentation caused by placing a flow director VSI immediately after the main VSI could prevent the main VSI from resizing its queue allocation when XDP is enabled on systems with many CPUs and an X722 NIC, leading to a NULL...
CVE-2021-47635
CVE-2021-47635 is a Linux kernel/UBIFS issue where, after ubifs sets a page private, UBIFS did not increase the page refcount, causing page migration to erroneously move a in-use page. The description in the connected advisories explains that if a page is private, the kernel expects an extra refe...
CVE-2022-48972
CVE-2022-48972 affects the Linux kernel’s mac802154 code path. The issue arises in ieee802154_if_add() where a wpan_dev private data structure’s list is not initialized, potentially leading to a NULL pointer dereference during notifier handling (cfg802154_netdev_notifier_call) as devices are regi...
CVE-2022-49310
CVE-2022-49310 corresponds to a Linux kernel vulnerability in the xillybus driver where a refcount leak occurs in cleanup_dev(). The root cause is the sequence: usb_get_dev is acquired in xillyusb_probe and usb_put_dev is not paired before xdev is released, leading to a potential resource leak. T...
CVE-2022-49438
CVE-2022-49438 : In the Linux kernel, the refcount leak occurs in the path handling for device tree lookups. Specifically, of_find_node_by_path() using of_find_node_opts_by_path() returns a node pointer with an incremented refcount, but the code did not call of_node_put() when done, causing a ref...
CVE-2022-49440
CVE-2022-49440 affects the Linux kernel (PowerPC RTAS path). The root cause is MSR[RI] not being preserved when entering RTAS, while RTAS runs in real mode and may trigger a panic/ watchdog lockup if MSR[RI] is unset. The fix updates how MSR is computed before calling RTAS, ensuring a hardcoded v...
CVE-2022-49444
CVE-2022-49444: Linux kernel vulnerability in module loading (e_shstrndx).sh_size) leading to an out-of-bounds access; described as exploitable by crafting a module. The issue is resolved by a patch that was rebased onto modules-next. Affected systems require updating to a kernel version containi...
CVE-2022-49498
CVE-2022-49498 affects the Linux kernel, specifically the ALSA PCM path. The issue: a pointer substream could be dereferenced before a null check (PCM_RUNTIME_CHECK), risking a crash/denial of service if triggered locally. The connected advisories (e.g., Astra Linux, SUSE SU-2025 updates) confirm...
CVE-2022-49530
CVE-2022-49530 affects the Linux kernel DRM/AMD power management code. The vulnerability arises in si_parse_power_table() where allocations for adev->pm.dpm.ps and its elements can be followed by a second free in si_dpm_fini() if an allocation fails, causing a potential double-free of adev->...
CVE-2022-49670
CVE-2022-49670 is a Linux kernel issue disclosed via multiple advisories (Unity Linux UTSA-2025-990008, UTSA-2025-986722, etc.). The vulnerability is in the RDMA DIM path: a divide-by-zero occurs in rdma_dim_stats_compare() when prev->cpe_ratio == 0. The problem is resolved by a kernel patch (...