13804 matches found
CVE-2019-16089
Summary (CVE-2019-16089): The vulnerability resides in the Linux kernel (through version 5.2.13) where nbd_genl_status in drivers/block/nbd.c does not validate the return value of nla_nest_start_noflag, potentially enabling local privilege impact due to improper netlink attribute nesting checks. ...
CVE-2020-27171
The vulnerability CVE-2020-27171 affects Linux kernels before 5.11.8. The issue is in kernel/bpf/verifier.c, where an off-by-one error enables integer underflow that can trigger out-of-bounds speculation in pointer arithmetic, allowing side-channel leakage of kernel memory and defeating Spectre m...
CVE-2020-7053
CVE-2020-7053 affects the Linux kernel: a use-after-free (write) in i915_ppgtt_close (drivers/gpu/drm/i915/i915_gem_gtt.c), linked to i915_gem_context_destroy_ioctl (i915_gem_context.c). Affected: Linux kernels 4.14 LTS up to 4.14.165, 4.19 LTS up to 4.19.96, and 5.x before 5.2. Root cause is a u...
CVE-2021-46922
CVE-2021-46922 affects the Linux kernel KEYS: trusted TPM reservation for seal/unseal. The root cause was a rebased patch that caused tpm_try_get_ops() to be lost in tpm2_seal_trusted(), leading to imbalanced TPM ops and oopses on TIS hardware. The issue has been fixed by restoring the lost tpm_t...
CVE-2020-29661
The entry CVE-2020-29661 describes a local, kernel-space vulnerability in the Linux tty subsystem (drivers/tty/tty_jobctrl.c) that can enable a use-after-free through TIOCSPGRP. A locking issue in this path allows memory corruption and potential privilege escalation or system impact when an attac...
CVE-2021-29155
CVE-2021-29155 is a Linux kernel issue affecting the eBPF verifier path (kernel/bpf/verifier.c) that allows speculative-out-of-bounds memory accesses to leak kernel memory via side-channels. The description from connected documents ties the vulnerability to Spectre mitigations and notes that a lo...
CVE-2018-10902
CVE-2018-10902 is a Linux kernel local privilege-escalation flaw in the raw MIDI driver. The issue arises from a race on concurrent access in the snd_rawmidi_ioctl() path (snd_rawmidi_input_params and snd_rawmidi_output_status), causing a double-free/double-realloc in the rawmidi.c handler. Explo...
CVE-2020-14331
CVE-2020-14331 is a Linux kernel vulnerability in the VGA console driver’s soft-scrollback path. A local user with access to a VGA console can trigger an out-of-bounds write when resizing the console via VT_RESIZE, potentially crashing the system and possibly escalating privileges. Publicly docum...
CVE-2018-18397
The vulnerability CVE-2018-18397 affects the Linux kernel prior to 4.19.7, where the userfaultfd implementation mishandles access control for certain UFFDIO ioctls (fs/userfaultfd.c and mm/userfaultfd.c). A local attacker with read permissions on a tmpfs file containing holes could write data int...
CVE-2018-14634
CVE-2018-14634 is a Linux kernel integer overflow vulnerability in create_elf_tables(). An unprivileged local user with access to a SUID (or otherwise privileged) binary could escalate privileges. Documented vulnerable kernel families include 2.6.x, 3.10.x, and 4.14.x. Mitigations/recognitions ex...
CVE-2019-3900
CVE-2019-3900 is an upstream Linux kernel vulnerability in the vhost_net module causing an infinite loop while handling incoming packets in handle_rx(), which can allow a guest user to stall the vhost_net kernel thread and trigger a DoS. The issue is present in Linux kernel releases up to and inc...
CVE-2021-46932
CVE-2021-46932 affects the Linux kernel’s input subsystem (Input: appletouch). The root cause is that input_dev->close() can cancel_work_sync(&dev->work) before dev->work is initialized (initialized after input_register_device()), causing a risk of a NULL work function in __flush_work()....
CVE-2021-37159
CVE-2021-37159 affects the Linux kernel driver hso_free_net_device() in drivers/net/usb/hso.c. The code calls unregister_netdev without verifying NETREG_REGISTERED, causing use-after-free and double-free scenarios. Affected kernel versions include up to 5.13.4; the issue is mitigated by upgrading...
CVE-2022-23222
CVE-2022-23222 affects the Linux kernel Bitcoin? No. It targets kernel/bpf/verifier.c where pointer arithmetic on *_OR_NULL types can lead to privilege escalation. Affected: Linux kernel through 5.15.14 (local attacker). Connected advisories reference fixes in kernel package updates (e.g., ALAS/M...
CVE-2023-0394
CVE-2023-0394: A NULL pointer dereference in rawv6_push_pending_frames() of the Linux kernel (net/ipv6/raw.c) can cause a crash (DoS). The issue is confirmed across multiple advisories (e.g., Astra Linux and Brocade/SANnav postings) as a Linux kernel vulnerability, with no explicit public exploit...
CVE-2018-18955
CVE-2018-18955 affects Linux kernels 4.15.x–4.19.x, with privilege escalation via map_write() in kernel/user_namespace.c when nested user namespaces have more than 5 UID/GID ranges. A user with CAP_SYS_ADMIN in the affected namespace can bypass controls outside the namespace (e.g., read /etc/shad...
CVE-2019-10126
CVE-2019-10126 affects the Linux kernel Marvell mwifiex wireless kernel driver. The issue is a heap-based buffer overflow in mwifiex_uap_parse_tail_ies (drivers/net/wireless/marvell/mwifiex/ie.c) that can lead to memory corruption. Public documents in the Connected set identify the affected compo...
CVE-2020-12654
CVE-2020-12654 affects the Linux kernel prior to 5.5.4. The vulnerability is a heap-based buffer overflow in mwifiex_ret_wmm_get_status() (drivers/net/wireless/marvell/mwifiex/wmm.c) caused by an incorrect memcpy when processing WMM parameters from a remote AP. A crafted AP can trigger overflow a...
CVE-2021-3490
Technical details about CVE-2021-3490 are not publicly provided in the supplied documents. Monitor for updates.
CVE-2021-3669
CVE-2021-3669 is a Linux kernel vulnerability where measuring shared memory usage does not scale with large shared memory segment counts, enabling resource exhaustion and DoS. Connected sources confirm the issue affects multiple kernel versions and distributions, with remediations following vendo...
CVE-2018-20855
CVE-2018-20855 affects Linux kernel before 4.18.7. In mlx5InfiniBand, create_qp_common (mlx5_ib_create_qp_resp) was never initialized, leaking stack memory to userspace. Upstream fix shipped with kernel 4.18.7 (commit 0625b4ba1a5d4703c7fb01c497bd6c156908af00). Mitigation: upgrade to 4.18.7+ or ap...
CVE-2018-20976
CVE-2018-20976 affects the Linux kernel prior to 4.18, specifically a use-after-free in fs/xfs/xfs_super.c related to xfs_fs_fill_super during mount failure. The vulnerability can lead to memory corruption or crash and is exploitable via a local attack, with no authentication required per the CVE...
CVE-2021-46943
CVE-2021-46943 : Linux kernel vulnerability in media: staging/intel-ipu3 where a faulty set_fmt error handling could cause mis-updated sizes, enabling a local exploit path that, without the fix, could trigger excessive RAM use (up to 4 GiB) and an OOPS. The issue stems from overwriting previous v...
CVE-2023-4004
CVE-2023-4004 is a use-after-free in the Linux kernel’s netfilter nft_pipapo_remove() path when triggering the element without NFT_SET_EXT_KEY_END. This vulnerability can let a local attacker crash the system or potentially escalate privileges. The issue is tied to nf_tables/netfilter behavior an...
CVE-2019-18808
The CVE-2019-18808 entry describes a memory-leak DoS in the Linux kernel via ccp_run_sha_cmd() in ccp-ops.c (up to kernel 5.3.9). Connected Astra Linux advisories show a similar memory-leak DoS in ccp_run_aes_gcm_cmd() (drivers/crypto/ccp/ccp-ops.c) affecting Linux-5.10 and noting similarity to C...
CVE-2019-3016
CVE-2019-3016 is a Linux kernel/KVM issue where, when PV TLB is enabled, a process inside a guest can read memory belonging to another process in the same guest. The root cause is a missing or incomplete TLB flush in the KVM x86 paravirtualized path when the host is running Linux 4.10 and the gue...
CVE-2022-1462
CVE-2022-1462 is an out-of-bounds read in the Linux kernel TeleTYpe subsystem triggered by a race using ioctls (TIOCSPTLCK, TIOCGPTPEER, TIOCSTI, TCXONC). Local users can crash the system or read unauthorized memory. Public advisories link this CVE to Linux kernel versions across multiple distrib...
CVE-2024-26591
CVE-2024-26591: Linux kernel vulnerability in bpf_tracing_prog_attach can crash with NULL pointer dereference due to missing attach_btf when attaching tracing programs (rawtp/fentry chain). The issue arises in a sequence of loading a rawtp program, loading an fentry with rawtp as target, creating...
CVE-2020-10766
CVE-2020-10766 is a Linux kernel vulnerability tied to the SSBD mitigation logic, enabling a local attacker to temporarily disable SSBD during a context switch due to per-task STIPB switching. Connected advisories confirm affected kernels (e.g., Linux 5.4.x/5.8 era) and provide patch info: Debian...
CVE-2019-15666
CVE-2019-15666 affects the Linux kernel prior to 5.0.19, with an out-of-bounds array access in __xfrm_policy_unlink caused by improper directory validation in net/xfrm/xfrm_user.c. This can lead to denial of service. Nexus/connected advisories confirm the same impact and recommend upgrading the k...
CVE-2019-17055
CVE-2019-17055 affects the Linux kernel up to 5.3.2, where base_sock_create in drivers/isdn/mISDN/socket.c did not enforce CAP_NET_RAW, allowing unprivileged users to create a raw socket via AF_ISDN. The issue is tracked with CID CID-b91ee4aa2a21 and was addressed in upstream kernel commits 0edc3...
CVE-2021-43267
The CVE-2021-43267 issue affects the Linux kernel up to version 5.14.16 in the TIPC crypto path (net/tipc/crypto.c). The vulnerability arises from insufficient validation of user-supplied sizes for the MSG_CRYPTO message type, enabling remote attackers to potentially corrupt memory or escalate pr...
CVE-2021-44733
CVE-2021-44733 is a use-after-free in the Linux kernel TEE subsystem (drivers/tee/tee_shm.c) that can occur during freeing of a shared memory object due to a race in tee_shm_get_from_id. Affects Linux kernels up to 5.15.11; exploitation could lead to denial of service and, in some configurations,...
CVE-2021-3612
CVE-2021-3612 is an out-of-bounds memory write flaw in the Linux kernel joystick subsystem exploitable by a local user via the JSIOCSBTNMAP ioctl. The advisory notes potential system crash and possible privilege escalation. Affected disclosures reference pre-5.13.2 revisions (e.g., fixes upstream...
CVE-2023-1859
CVE-2023-1859 is a use-after-free in Xen transport 9pfs (xen_9pfs_front_removet in net/9p/trans_xen.c) of the Linux kernel. Connected security bulletins confirm a race condition that could allow a local attacker to crash the system and potentially leak kernel information. Affected is the Xen 9pfs...
CVE-2020-36322
The CVE-2020-36322 issue affects the Linux kernel FUSE filesystem implementation, where fuse_do_getattr() could call make_bad_inode() in inappropriate situations, potentially causing a system crash. The vulnerability is tied to the FUSE path and was partially addressed by a fix, with the incomple...
CVE-2021-46920
CVE-2021-46920 concerns the Linux kernel DMAengine idxd; the bug is a clobber of the SWERR overflow bit during writeback where the code overwrites SWERR/OVERFLOW instead of restoring the bits read. Affected: Linux kernel with idxd component; root cause: writeback path writes read values back, pre...
CVE-2022-2588
CVE-2022-2588 affects the Linux kernel's net/sched cls_route filter. The issue arises when the kernel fails to remove an old filter from the hashtable if the filter handle equals 0, potentially enabling local impact. The available connected advisories confirm the root cause in the cls_route path ...
CVE-2019-5108
CVE-2019-5108 is an exploitable denial-of-service in the Linux kernel prior to mainline 5.3. An attacker can trigger IAPP location updates for stations before authentication completes by forging Authentication/Association Request packets, leading to potential CAM-table attacks or traffic flapping...
CVE-2017-16995
CVE-2017-16995 is a sign-extension defect in the Linux kernel's eBPF verifier (kernel/bpf/verifier.c) that can be triggered via BPF syscall, allowing a local user to escalate privileges or affect memory/behavior. Public writeups and Arch security advisories indicate the issue affects kernels prio...
CVE-2019-15221
CVE-2019-15221 affects the Linux kernel up to version 5.1.17. A NULL pointer dereference can be triggered by a malicious USB device via the sound/usb/line6/pcm.c driver, leading to denial of service or system instability. Affected component is the kernel sound USB Line6 PCM driver; root cause is ...
CVE-2019-19447
CVE-2019-19447 is a Linux kernel 5.0.21 flaw where mounting a crafted ext4 filesystem image can trigger a use-after-free in ext4_put_super (fs/ext4/super.c, related to dump_orphan_list). Reports in multiple connected sources corroborate a local, post-authentication impact with potential arbitrary...
CVE-2023-35001
CVE-2023-35001 is a Linux kernel nftables vulnerability where the nft_byteorder expression mishandles vm register contents when CAP_NET_ADMIN exists in any user or network namespace, causing an out-of-bounds read/write in the nf_tables nft_byteorder path. Public references in the provided documen...
CVE-2018-17972
The CVE-2018-17972 issue affects the Linux kernel (proc_pid_stack in fs/proc/base.c) up to 4.18.11, where an attacker with local access could exploit race in stack unwinding to leak kernel task stack contents. The root cause is insufficient restriction on inspecting kernel stacks, enabling local ...
CVE-2019-13631
The CVE-2019-13631 entry describes a vulnerability in the Linux kernel (parse_hid_report_descriptor in drivers/input/tablet/gtco.c) where a malicious USB HID device can cause an out-of-bounds write during debugging message generation. This affects kernels up to version 5.2.1. The document does no...
CVE-2020-12653
CVE-2020-12653 affects the Linux kernel prior to 5.5.4, caused by an incorrect memcpy in the mwifiex_cmd_append_vsie_tlv() function (drivers/net/wireless/marvell/mwifiex/scan.c). This enables a local attacker to gain elevated privileges or cause a denial of service due to a buffer overflow. Conne...
CVE-2022-1048
The CVE CVE-2022-1048 is a use-after-free vulnerability in the Linux kernel sound subsystem (ALSA PCM) caused by a race between concurrent hw_params and hw_free ioctls. Attacker-controlled timing on local access can crash the system or potentially escalate privileges. Affected component: Linux ke...
CVE-2023-6546
CVE-2023-6546 describes a race condition in the Linux kernel’s GSM 0710 tty multiplexor. Two threads can race on GSMIOC_SETCONF on the same tty when gsm line discipline is enabled, triggering a use-after-free of the gsm_dlci during GSM mux restart and potentially enabling local privilege escalati...
CVE-2023-3609
CVE-2023-3609 is a Linux kernel use-after-free in the net/sched: cls_u32 classifier. The flaw arises when tcf_change_indev() fails; u32_set_parms() returns after updating the reference counter in tcf_bind_filter(), and an attacker who can manipulate the reference counter to zero can cause the ref...
CVE-2019-19767
CVE-2019-19767 affects the Linux kernel prior to 5.4.2, due to mishandling of ext4_expand_extra_isize which can cause use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry (fs/ext4/inode.c and fs/ext4/super.c; CID-4ea99936a163). This is a kernel-level vulnerability impacting ext4-r...