13804 matches found
CVE-2022-48744
In CVE-2022-48744, the Linux kernel net/mlx5e driver was made resilient to field-bound checking by avoiding a field-overflowing memcpy() across neighboring fields. The root cause involved copying MLX5E_XDP_MIN_INLINE bytes into a 2-byte inline_hdr.start, causing writes to adjacent data (vlan_tci,...
CVE-2006-5619
The CVE-2006-5619 issue is a Linux kernel 2.6.x vulnerability (up to 2.6.18-stable) where the /proc/net/ip6_flowlabel path handling can trigger an infinite loop while searching for flowlabels, allowing local users to cause a denial of service (hang or oops). Affected components are the ip6_fl_get...
CVE-2007-1496
CVE-2007-1496 affects nfnetlink_log in the Linux kernel prior to 2.6.20.3. The issue is triggered via netfilter’s nfnetlink path (nfulnl_recv_config) when handling netlink messages, including cases with multiple packets per netlink message and bridged packets, leading to a NULL pointer dereferenc...
CVE-2007-2876
CVE-2007-2876 affects Linux kernel SCTP Netfilter connection-tracking code (ip_conntrack_proto_sctp.c and nf_conntrack_proto_sctp.c). A remote attacker can trigger a denial of service by causing certain invalid SCTP states that lead to a NULL pointer dereference. Impact is a complete availability...
CVE-2007-3642
The vulnerability CVE-2007-3642 affects the Linux kernel and is tied to the decode_choice function in nf_conntrack_h323_asn1.c. It allows remote attackers to trigger a denial of service (crash) by providing an encoded, out-of-range index for a choice field, causing a NULL pointer dereference. Aff...
CVE-2007-4998
CVE-2007-4998 is a local, user‑assisted vulnerability in cp when preserving symlinks across multiple OSes. The issue allows an attacker to cause a race/symlink attack that can overwrite arbitrary files by crafting directories with multiple source files copied to the same destination. Multiple con...
CVE-2008-3275
The CVE-2008-3275 issue affects the Linux kernel before 2.6.25.15, where the real_lookup and __lookup_hash functions in fs/namei.c fail to prevent creating a child dentry for a deleted (S_DEAD) directory. This enables a local attacker to trigger a denial of service by repeatedly creating files wi...
CVE-2009-0029
This CVE affects the Linux kernel 2.6.28 and earlier on s390, powerpc, sparc64, and mips 64-bit platforms. The root cause is that a 32-bit user-space argument in a 64‑bit register was not verifiably sign-extended when passed to a system call, allowing local users to crash the kernel or potentiall...
CVE-2009-4141
CVE-2009-4141 is a local-privilege escalation in the Linux kernel (fs/fcntl.c: fasync_helper) where enabling O_ASYNC on a locked file and closing it can grant privileges. Affected: Linux kernel before 2.6.33-rc4-git1. Root cause: use-after-free in fasync_helper. Mitigation: apply the upstream pat...
CVE-2009-4895
CVE-2009-4895 describes a race condition in the Linux kernel's tty_fasync path (drivers/char/tty_io.c) prior to 2.6.32.6, enabling local users to cause a denial of service via a NULL pointer dereference and system crash. The issue is tied to put_tty_queue and __f_setown, with a note that it was a...
CVE-2013-7268
The CVE-2013-7268 vulnerability affects the Linux kernel up to version 3.12.3, where ipx_recvmsg in net/ipx/af_ipx.c writes a length value without confirming the associated data structure is initialized. This can allow local attackers to read kernel memory via recvfrom/recvmmsg/recvmsg. The issue...
CVE-2014-9410
The CVE-2014-9410 entry affects the MSM-VFE31 driver for the Linux kernel 3.x (as used in Qualcomm Innovation Center Android contributions). The vulnerability is in vfe31_proc_general, which does not validate a specific id value, enabling a local attacker to gain privileges or cause memory corrup...
CVE-2016-6187
CVE-2016-6187 : The Linux kernel before 4.6.5 contains a vulnerability in the AppArmor LSM path. The function apparmor_setprocattr in security/apparmor/lsm.c does not validate the buffer size, enabling a local user to gain privileges by triggering a setprocattr hook. This is a local privilege-esc...
CVE-2021-47122
CVE-2021-47122 refers to a Linux kernel issue in the CAIF stack where, on caif_enroll_dev() failure, the allocated link_support was not assigned to the target structure, leading to a memory leak in caif_device_notify. The fix adds a safe deallocation path to free the allocated pointer when an err...
CVE-2021-47167
CVE-2021-47167 is a Linux kernel issue affecting NFS: an Oopsable condition in __nfs_pageio_add_request() could occur. The patch ensures that nfs_pageio_error_cleanup() resets the mirror array contents so the structure reflects an empty state, and it makes nfs_pageio_do_add_request() more robust ...
CVE-2021-47253
CVE-2021-47253 affects the Linux kernel’s DRM/AMD display path, where DMUB hw_init could leak memory on suspend/resume due to kzalloc allocation without guard. The fix ensures the DC wrapper memory is only allocated if it was not previously allocated, avoiding reallocation on suspend/resume. Docu...
CVE-2021-47254
In CVE-2021-47254, the Linux kernel gfs2 subsystem has a use-after-free in gfs2_glock_shrink_scan. The GLF_LRU flag is checked under lru_lock to remove the glock from the lru list in __gfs2_glock_put(), but cond_resched_lock(&lru_lock) allows progress on the put side without deleting the glock fr...
CVE-2021-47328
Mode C: CVE-2021-47328 affects the Linux kernel in the SCSI/ISCSI stack. The issue is a use-after-free in iscsi_conn during resets when an unbind target call hasn’t occurred, leading to a race where iscsi_conn_teardown may free the connection while EH/threads access it. The fix moves TMF fields f...
CVE-2021-47355
CVE-2021-47355 relates to the Linux kernel ATM nicstar driver. The issue is a use-after-free in nicstar_cleanup() caused by removing a timer with del_timer() instead of del_timer_sync(), which may allow the timer handler to still run after the device removal. The fix ensures the timer finishes an...
CVE-2021-47375
CVE-2021-47375 affects the Linux kernel blktrace code. The issue is a use-after-free in blk_trace access after removing by sysfs, triggered during trace_note_tsk execution after blk_trace_free, leading to a kernel NULL pointer dereference (as shown by the provided log). The reproduction involves ...
CVE-2021-47436
CVE-2021-47436 – Linux kernel USB Musb DSPS probe error path fix . The connected Astra/Unity advisories confirm a root cause in the Musb DSPS driver where dsps_setup_optional_vbus_irq() and dsps_create_musb_pdev() were inverted in the error path, leaving a platform device registered but not unreg...
CVE-2021-47452
CVE-2021-47452: In the Linux kernel, nf_tables netdev event handling during net namespace removal could lead to a redundant UNREGISTER notifier action because the base hook was removed too late. The issue is a sequence/order problem in the notifier vs .pre_exit hook, which could cause an attempt ...
CVE-2021-47500
The CVE-2021-47500 issue affects the Linux kernel IIO mma8452 driver. The driver assigned a trigger to the IIO device without first obtaining a reference, which allowed the trigger to be freed during use and caused a use-after-free. The documented fix is to obtain a reference to the trigger befor...
CVE-2021-47521
CVE-2021-47521 affects the Linux kernel via can: sja1000: fix use after free in ems_pcmcia_add_card(). The fix ensures that when the last channel is unavailable, dev is freed and pdev->irq can be used instead, with an additional check that at least one channel was set up. In the available docu...
CVE-2021-47546
CVE-2021-47546 is a Linux kernel vulnerability affecting IPv6 nftables rules. When a fib6_rule_suppress path and a suppress_prefix rule exist, memory leaks occur in ip6_dst_cache per-packet allocations. The root cause is a mismatch between generic FIB_LOOKUP_NOREF and the IPv6-specific RT6_LOOKUP...
CVE-2022-3595
CVE-2022-3595 affects the Linux kernel CIFS component, specifically the function sess_free_buffer in fs/cifs/sess.c , where the issue causes a double free . The root cause is improper buffer management leading to memory corruption with a direct impact on availability (as per CVSS metrics: Availab...
CVE-2022-48758
The CVE-2022-48758 issue affects the Linux kernel SCSI/fibre channel path, specifically the bnx2fc driver. The root cause is that the bnx2fc_destroy() path removes the interface before destroying its workqueue, causing repeated sysfs_remove_group() WARNs about the rport attributes being removed t...
CVE-2022-48761
CVE-2022-48761 affects the Linux kernel USB xhci-plat code. The issue occurs on platforms like i.MX8QM during suspend with remote wake enabled, where xhci_suspend disables the hub wake and then accesses registers after the device clock is gated by run-time suspend. The underlying root cause was t...
CVE-2022-49112
CVE-2022-49112 is a Linux kernel issue described in the provided docs as a fix for a monitor-mode crash involving the mt76/mt7921s stack. The problem arises when a CTS packet in monitor mode could cause improper skb handling due to only the first RXD buffer being linear; pulling RXD-size+6 bytes ...
CVE-2022-49284
The CVE-2022-49284 entry affects the Linux kernel coresight subsystem (syscfg: cscfg_create_device). The issue is a memory leak on registration failure caused by improper error handling in device_register() after device_initialize(); the recommended fix is to use put_device() to relinquish the re...
CVE-2022-49358
CVE-2022-49358 affects the Linux kernel, specifically the netfilter nf_tables path where a memleak can occur for a flow rule object created during a commit path. The root cause is that abort path releases the flow rule object, but the commit path does not, leading to a memleak. The advisory docum...
CVE-2022-49396
CVE-2022-49396 affects the Linux kernel component phy: qcom-qmp, leaking the reset-controller on probe errors. The described fix releases the lane reset controller on late probe errors (e.g., probe deferral) and notes that the reset controller is defined in devicetree in the "lane" child nodes, w...
CVE-2022-49444
CVE-2022-49444: Linux kernel vulnerability in module loading (e_shstrndx).sh_size) leading to an out-of-bounds access; described as exploitable by crafting a module. The issue is resolved by a patch that was rebased onto modules-next. Affected systems require updating to a kernel version containi...
CVE-2022-49493
CVE-2022-49493: Linux kernel ASoC rt5645 cleanup order bug can cause use-after-free due to rt5645_i2c_remove() cancelling jack_detect_work before del_timer_sync, which may race with rt5645_btn_check_callback(). The fix moves del_timer_sync before cancel_delayed_work_sync, addressing the race. Con...
CVE-2022-49497
CVE-2022-49497 is a Linux kernel issue in the networking code where two BUG() calls were present in skb_checksum_help(). The vulnerability was resolved by removing these BUG()s and replacing them with WARN_ON_ONCE() so skb_checksum_help() can return an error code instead of triggering a crash whe...
CVE-2022-49621
The CVE-2022-49621 issue is a Linux kernel cpufreq.pmac32-cpufreq refcount leak bug. The root cause is missing of_node_put() for three node pointers whose refcounts were incremented by of_find_node_by_name() in pmac_cpufreq_init_MacRISC3(); the fix adds the corresponding of_node_put() calls to dr...
CVE-2022-49658
CVE-2022-49658 concerns the Linux kernel’s BPF bounds propagation. The issue stems from insufficient propagation of tnum min/max bounds into register bounds during operations like adjust_scalar_min_max_vals, allowing a register that becomes a constant-like value to leak pointers when it is later ...
CVE-2022-49740
CVE-2022-49740 concerns the Linux kernel brcmfmac driver. The vulnerability arises when the device-provided channel spec count exceeds the allocated list length in brcmf_construct_chaninfo() and brcmf_enable_bw40_2g(), causing slab-out-of-bounds reads. The patch adds bounds checks so these functi...
CVE-2022-49749
The CVE-2022-49749 issue is confirmed in the Linux kernel’s I2C designware driver. In i2c_dw_scl_lcnt() and i2c_dw_scl_hcnt(), multiplying ic_clk by constant factors could overflow 32-bit arithmetic, depending on ic_clk (e.g., ic_clk > 1 MHz). The patch adds a 64-bit cast (u64) to the calculat...
CVE-2022-49875
CVE-2022-49875: In the Linux kernel, bpftool can cause a NULL pointer dereference when pinning BPFFS objects (PROG, MAP, LINK) without a FILE, leading to a local segmentation fault. The root cause is strlen being invoked on a NULL name during mount_bpffs_for_pin. The mitigation provided in the so...
CVE-2022-49878
Summary: CVE-2022-49878 is a Linux kernel vulnerability in the bpf verifier’s array reallocation. When realloc_array() errors (krealloc() returns NULL), callers previously set their pointers to NULL, but krealloc() leaves the original allocation untouched, causing a memory leak. The description i...
CVE-2022-49961
Technical details about CVE-2022-49961 are not publicly provided in the supplied documents. No vendor/product specifics or impact are disclosed here. Monitor for updates from EulerOS/kernel advisories and OpenVAS/Nessus entries referencing this CVE.
CVE-2022-50006
CVE-2022-50006 affects the Linux kernel in NFSv4.2 handling of __nfs42_ssc_open. The issue arises when a destination server processes a COPY and should not accept a passed filehandle if it’s not a regular filehandle; additionally, if alloc_file_pseudo() fails, the kernel must drop the reference t...
CVE-2022-50015
CVE-2022-50015 : In the Linux kernel ASoC: SOF Intel hda-ipc, there is a vulnerability where a firmware could send a reply before the FW_READY message. Since reply_data is allocated after FW_READY, this can cause a NULL pointer dereference. The issue was reported for IPC4 and the same condition e...
CVE-2022-50146
CVE-2022-50146 concerns the Linux kernel PCI-DWC stack. If dw_pcie_ep_init() initializes EPC memory and allocates MSI memory but fails to perform a subsequent action, the MSI region leak is not cleaned up, creating a memory leak. The fix, described in the commit log referenced by multiple advisor...
CVE-2023-20844
CVE-2023-20844 affects the imgsys_cmdq component in MediaTek devices. The issue is an out-of-bounds read caused by missing valid range checking, potentially enabling local information disclosure with system-execution privileges required. Exploitation requires user interaction. The vulnerability i...
CVE-2023-3022
The CVE-2023-3022 entry corresponds to a Linux kernel IPv6 module flaw where arg.result is inconsistently used in fib6_rule_lookup, being sometimes rt6_info and other times fib6_info. This mismatch is not accounted for where rt6_info is expected unconditionally, potentially causing a kernel panic...
CVE-2023-52577
CVE-2023-52577 pertains to the Linux kernel DCCP handling. The issue stems from an incorrect assumption about the DCCP header field dh->dccph_x (the 9th byte, offset 8) and related ICMP message sizing, which could affect processing of DCCP packets and ICMP responses. The description notes that...
CVE-2023-52678
CVE-2023-52678 involves the Linux kernel with a fix in the AMD expose path for KFD topology. The vulnerability was due to using list_first_entry on a list that could be empty; the corrected code now checks that the list is non-empty before access and returns -ENODATA when empty. This change mitig...
CVE-2023-52737
CVE-2023-52737: In the Linux kernel, when using Btrfs, fiemap could deadlock with an in-flight fsync due to not taking the inode lock (i_mutex) before fiemap operations. The root cause is that fiemap_fill_next_extent() could fault while accessing user space buffers, which creates a lock-order cyc...