Lucene search

K
LinuxLinux Kernel

10926 matches found

cve
cve
added 2012/06/13 10:24 a.m.64 views

CVE-2012-2384

Integer overflow in the i915_gem_do_execbuffer function in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 3.3.5 on 32-bit platforms allows local users to cause a denial of service (out-of-bounds write) or possibly have unspecifi...

4.9CVSS5.9AI score0.00064EPSS
cve
cve
added 2013/03/15 8:55 p.m.64 views

CVE-2012-6541

The ccid3_hc_tx_getsockopt function in net/dccp/ccids/ccid3.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.

1.9CVSS6.1AI score0.00056EPSS
cve
cve
added 2013/03/15 8:55 p.m.64 views

CVE-2012-6546

The ATM implementation in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.

1.9CVSS5.4AI score0.00032EPSS
cve
cve
added 2013/09/25 10:31 a.m.64 views

CVE-2013-2140

The dispatch_discard_io function in drivers/block/xen-blkback/blkback.c in the Xen blkback implementation in the Linux kernel before 3.10.5 allows guest OS users to cause a denial of service (data loss) via filesystem write operations on a read-only disk that supports the (1) BLKIF_OP_DISCARD (aka ...

3.8CVSS6.2AI score0.0013EPSS
Web
cve
cve
added 2013/09/16 1:1 p.m.64 views

CVE-2013-2896

drivers/hid/hid-ntrig.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_NTRIG is enabled, allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted device.

4.7CVSS5.9AI score0.00069EPSS
cve
cve
added 2014/08/01 11:13 a.m.64 views

CVE-2014-5045

The mountpoint_last function in fs/namei.c in the Linux kernel before 3.15.8 does not properly maintain a certain reference count during attempts to use the umount system call in conjunction with a symlink, which allows local users to cause a denial of service (memory consumption or use-after-free)...

6.2CVSS6.4AI score0.00029EPSS
cve
cve
added 2016/07/11 1:59 a.m.64 views

CVE-2016-2068

The MSM QDSP6 audio driver (aka sound driver) for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (integer overflow, and buffer overflow or buffer over-read)...

7.8CVSS7.6AI score0.00162EPSS
cve
cve
added 2018/06/24 11:29 p.m.64 views

CVE-2018-12714

An issue was discovered in the Linux kernel through 4.17.2. The filter parsing in kernel/trace/trace_events_filter.c could be called with no filter, which is an N=0 case when it expected at least one line to have been read, thus making the N-1 index invalid. This allows attackers to cause a denial ...

10CVSS9.5AI score0.01204EPSS
cve
cve
added 2020/09/10 2:15 p.m.64 views

CVE-2020-25221

get_gate_page in mm/gup.c in the Linux kernel 5.7.x and 5.8.x before 5.8.7 allows privilege escalation because of incorrect reference counting (caused by gate page mishandling) of the struct page that backs the vsyscall page. The result is a refcount underflow. This can be triggered by any 64-bit p...

7.8CVSS7.5AI score0.00193EPSS
cve
cve
added 2024/03/15 9:15 p.m.64 views

CVE-2021-47114

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix data corruption by fallocate When fallocate punches holes out of inode size, if original isize is inthe middle of last cluster, then the part from isize to the end of thecluster will be zeroed with buffer write, at that ...

5.5CVSS6.4AI score0.00007EPSS
cve
cve
added 2024/03/25 9:15 a.m.64 views

CVE-2021-47145

In the Linux kernel, the following vulnerability has been resolved: btrfs: do not BUG_ON in link_to_fixup_dir While doing error injection testing I got the following panic kernel BUG at fs/btrfs/tree-log.c:1862!invalid opcode: 0000 [#1] SMP NOPTICPU: 1 PID: 7836 Comm: mount Not tainted 5.13.0-rc1+ ...

5.5CVSS6.8AI score0.00008EPSS
cve
cve
added 2024/03/25 9:15 a.m.64 views

CVE-2021-47152

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix data stream corruption Maxim reported several issues when forcing a TCP transparent proxyto use the MPTCP protocol for the inbound connections. He alsoprovided a clean reproducer. The problem boils down to 'mptcp_frag_ca...

5.5CVSS6.7AI score0.00018EPSS
cve
cve
added 2024/05/21 3:15 p.m.64 views

CVE-2021-47223

In the Linux kernel, the following vulnerability has been resolved: net: bridge: fix vlan tunnel dst null pointer dereference This patch fixes a tunnel_dst null pointer dereference due to locklessaccess in the tunnel egress path. When deleting a vlan tunnel thetunnel_dst pointer is set to NULL with...

5.5CVSS6.6AI score0.0001EPSS
cve
cve
added 2024/05/21 3:15 p.m.64 views

CVE-2021-47233

In the Linux kernel, the following vulnerability has been resolved: regulator: rt4801: Fix NULL pointer dereference if priv->enable_gpios is NULL devm_gpiod_get_array_optional may return NULL if no GPIO was assigned.

5.5CVSS6.7AI score0.00053EPSS
cve
cve
added 2024/05/21 3:15 p.m.64 views

CVE-2021-47241

In the Linux kernel, the following vulnerability has been resolved: ethtool: strset: fix message length calculation Outer nest for ETHTOOL_A_STRSET_STRINGSETS is not accounted for.This may result in ETHTOOL_MSG_STRSET_GET producing a warning like: calculated message payload length (684) not suffici...

7.5CVSS7.7AI score0.00027EPSS
cve
cve
added 2024/05/21 3:15 p.m.64 views

CVE-2021-47242

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix soft lookup in subflow_error_report() Maxim reported a soft lookup in subflow_error_report(): watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [swapper/0:0]RIP: 0010:native_queued_spin_lock_slowpathRSP: 0018:ffffa859c00...

7.8CVSS7.4AI score0.00033EPSS
cve
cve
added 2024/05/21 3:15 p.m.64 views

CVE-2021-47246

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix page reclaim for dead peer hairpin When adding a hairpin flow, a firmware-side send queue is created forthe peer net device, which claims some host memory pages for itsinternal ring buffer. If the peer net device is ...

5.5CVSS6.5AI score0.0001EPSS
cve
cve
added 2024/05/21 3:15 p.m.64 views

CVE-2021-47256

In the Linux kernel, the following vulnerability has been resolved: mm/memory-failure: make sure wait for page writeback in memory_failure Our syzkaller trigger the "BUG_ON(!list_empty(&inode->i_wb_list))" inclear_inode: kernel BUG at fs/inode.c:519!Internal error: Oops - BUG: 0 [#1] SMPModules ...

5.5CVSS6.5AI score0.00017EPSS
cve
cve
added 2024/05/21 3:15 p.m.64 views

CVE-2021-47308

In the Linux kernel, the following vulnerability has been resolved: scsi: libfc: Fix array index out of bound exception Fix array index out of bound exception in fc_rport_prli_resp().

6.5CVSS7.6AI score0.00034EPSS
cve
cve
added 2024/05/21 3:15 p.m.64 views

CVE-2021-47343

In the Linux kernel, the following vulnerability has been resolved: dm btree remove: assign new_root only when removal succeeds remove_raw() in dm_btree_remove() may fail due to IO read error(e.g. read the content of origin block fails during shadowing),and the value of shadow_spine::root is uninit...

5.5CVSS6.4AI score0.00013EPSS
cve
cve
added 2024/05/21 3:15 p.m.64 views

CVE-2021-47346

In the Linux kernel, the following vulnerability has been resolved: coresight: tmc-etf: Fix global-out-of-bounds in tmc_update_etf_buffer() commit 6f755e85c332 ("coresight: Add helper for inserting synchronizationpackets") removed trailing '\0' from barrier_pkt array and updated thecall sites like ...

7.1CVSS6.6AI score0.00021EPSS
cve
cve
added 2024/05/21 3:15 p.m.64 views

CVE-2021-47364

In the Linux kernel, the following vulnerability has been resolved: comedi: Fix memory leak in compat_insnlist() compat_insnlist() handles the 32-bit version of the COMEDI_INSNLISTioctl (whenwhen CONFIG_COMPAT is enabled). It allocates memory totemporarily hold an array of struct comedi_insn conver...

5.5CVSS6.5AI score0.00016EPSS
cve
cve
added 2024/05/21 3:15 p.m.64 views

CVE-2021-47375

In the Linux kernel, the following vulnerability has been resolved: blktrace: Fix uaf in blk_trace access after removing by sysfs There is an use-after-free problem triggered by following process: P1(sda) P2(sdb) echo 0 > /sys/block/sdb/trace/enable blk_trace_remove_queue synchronize_rcu blk_tra...

6.2CVSS7.2AI score0.00007EPSS
cve
cve
added 2024/05/21 3:15 p.m.64 views

CVE-2021-47396

In the Linux kernel, the following vulnerability has been resolved: mac80211-hwsim: fix late beacon hrtimer handling Thomas explained in https://lore.kernel.org/r/87mtoeb4hb.ffs@tglxthat our handling of the hrtimer here is wrong: If the timer fireslate (e.g. due to vCPU scheduling, as reported by D...

6.7AI score0.00018EPSS
cve
cve
added 2024/05/22 7:15 a.m.64 views

CVE-2021-47440

In the Linux kernel, the following vulnerability has been resolved: net: encx24j600: check error in devm_regmap_init_encx24j600 devm_regmap_init may return error which caused by like out of memory,this will results in null pointer dereference later when readingor writing register: general protectio...

2.3CVSS5.9AI score0.00004EPSS
cve
cve
added 2024/05/22 9:15 a.m.64 views

CVE-2021-47476

In the Linux kernel, the following vulnerability has been resolved: comedi: ni_usb6501: fix NULL-deref in command paths The driver uses endpoint-sized USB transfer buffers but had no sanitychecks on the sizes. This can lead to zero-size-pointer dereferences oroverflowed transfer buffers in ni6501_p...

4.6CVSS6.5AI score0.00036EPSS
cve
cve
added 2024/05/22 9:15 a.m.64 views

CVE-2021-47477

In the Linux kernel, the following vulnerability has been resolved: comedi: dt9812: fix DMA buffers on stack USB transfer buffers are typically mapped for DMA and must not beallocated on the stack or transfers will fail. Allocate proper transfer buffers in the various command helpers andreturn an e...

5.3CVSS7AI score0.00157EPSS
cve
cve
added 2024/05/22 9:15 a.m.64 views

CVE-2021-47494

In the Linux kernel, the following vulnerability has been resolved: cfg80211: fix management registrations locking The management registrations locking was broken, the list waslocked for each wdev, but cfg80211_mgmt_registrations_update()iterated it without holding all the correct spinlocks, causin...

6.7AI score0.00052EPSS
cve
cve
added 2024/05/24 3:15 p.m.64 views

CVE-2021-47526

In the Linux kernel, the following vulnerability has been resolved: serial: liteuart: Fix NULL pointer dereference in ->remove() drvdata has to be set in _probe() - otherwise platform_get_drvdata()causes null pointer dereference BUG in _remove().

5.5CVSS7AI score0.00017EPSS
cve
cve
added 2024/05/24 3:15 p.m.64 views

CVE-2021-47540

In the Linux kernel, the following vulnerability has been resolved: mt76: mt7915: fix NULL pointer dereference in mt7915_get_phy_mode Fix the following NULL pointer dereference in mt7915_get_phy_moderoutine adding an ibss interface to the mt7915 driver. [ 101.137097] wlan0: Trigger new scan to find...

5.5CVSS6.8AI score0.00018EPSS
cve
cve
added 2024/05/24 3:15 p.m.64 views

CVE-2021-47558

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: Disable Tx queues when reconfiguring the interface The Tx queues were not disabled in situations where the driver needed tostop the interface to apply a new configuration. This could result in akernel panic when doing ...

6.5AI score0.00047EPSS
cve
cve
added 2024/06/19 3:15 p.m.64 views

CVE-2021-47594

In the Linux kernel, the following vulnerability has been resolved: mptcp: never allow the PM to close a listener subflow Currently, when deleting an endpoint the netlink PM treversesall the local MPTCP sockets, regardless of their status. If an MPTCP listener socket is bound to the IP matching the...

5.5CVSS5.1AI score0.0001EPSS
cve
cve
added 2024/06/19 3:15 p.m.64 views

CVE-2021-47616

In the Linux kernel, the following vulnerability has been resolved: RDMA: Fix use-after-free in rxe_queue_cleanup On error handling path in rxe_qp_from_init() qp->sq.queue is freed andthen rxe_create_qp() will drop last reference to this object. qp clean upfunction will try to free this queue on...

7.8CVSS8.4AI score0.00027EPSS
cve
cve
added 2024/04/28 1:15 p.m.64 views

CVE-2022-48647

In the Linux kernel, the following vulnerability has been resolved: sfc: fix TX channel offset when using legacy interrupts In legacy interrupt mode the tx_channel_offset was hardcoded to 1, butthat's not correct if efx_sepparate_tx_channels is false. In that case,the offset is 0 because the tx que...

5.5CVSS6.2AI score0.00011EPSS
cve
cve
added 2024/04/28 1:15 p.m.64 views

CVE-2022-48648

In the Linux kernel, the following vulnerability has been resolved: sfc: fix null pointer dereference in efx_hard_start_xmit Trying to get the channel from the tx_queue variable here is wrongbecause we can only be here if tx_queue is NULL, so we shouldn'tdereference it. As the above comment in the ...

5.5CVSS6.4AI score0.00012EPSS
cve
cve
added 2024/05/03 3:15 p.m.64 views

CVE-2022-48691

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: clean up hook list when offload flags check fails splice back the hook list so nft_chain_release_hook() has a chance torelease the hooks. BUG: memory leakunreferenced object 0xffff88810180b100 (size 96):comm "...

5.5CVSS6.6AI score0.0001EPSS
cve
cve
added 2024/05/03 3:15 p.m.64 views

CVE-2022-48692

In the Linux kernel, the following vulnerability has been resolved: RDMA/srp: Set scmnd->result only when scmnd is not NULL This change fixes the following kernel NULL pointer dereferencewhich is reproduced by blktests srp/007 occasionally. BUG: kernel NULL pointer dereference, address: 00000000...

5.5CVSS6.2AI score0.00011EPSS
cve
cve
added 2024/06/20 11:15 a.m.64 views

CVE-2022-48717

In the Linux kernel, the following vulnerability has been resolved: ASoC: max9759: fix underflow in speaker_gain_control_put() Check for negative values of "priv->gain" to prevent an out of boundsaccess. The concern is that these might come from the user via:-> snd_ctl_elem_write_user()-> ...

7.8CVSS6.5AI score0.00028EPSS
cve
cve
added 2024/06/20 12:15 p.m.64 views

CVE-2022-48724

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() After commit e3beca48a45b ("irqdomain/treewide: Keep firmware nodeunconditionally allocated"). For tear down scenario, fn is only freedafter fail to allocate ir_d...

5.5CVSS7AI score0.00009EPSS
cve
cve
added 2024/06/20 12:15 p.m.64 views

CVE-2022-48752

In the Linux kernel, the following vulnerability has been resolved: powerpc/perf: Fix power_pmu_disable to call clear_pmi_irq_pending only if PMI is pending Running selftest with CONFIG_PPC_IRQ_SOFT_MASK_DEBUG enabled in kerneltriggered below warning: [ 172.851380] ------------[ cut here ]---------...

6.6AI score0.00039EPSS
cve
cve
added 2024/07/16 1:15 p.m.64 views

CVE-2022-48857

In the Linux kernel, the following vulnerability has been resolved: NFC: port100: fix use-after-free in port100_send_complete Syzbot reported UAF in port100_send_complete(). The root case is inmissing usb_kill_urb() calls on error handling path of ->probe function. port100_send_complete() access...

5.5CVSS6.2AI score0.00013EPSS
cve
cve
added 2024/08/22 4:15 a.m.64 views

CVE-2022-48928

In the Linux kernel, the following vulnerability has been resolved: iio: adc: men_z188_adc: Fix a resource leak in an error handling path If iio_device_register() fails, a previous ioremap() is left unbalanced. Update the error handling path and add the missing iounmap() call, asalready done in the...

5.5CVSS6.9AI score0.00048EPSS
cve
cve
added 2024/08/22 4:15 a.m.64 views

CVE-2022-48930

In the Linux kernel, the following vulnerability has been resolved: RDMA/ib_srp: Fix a deadlock Remove the flush_workqueue(system_long_wq) call since flushingsystem_long_wq is deadlock-prone and since that call is redundant with apreceding cancel_work_sync()

5.5CVSS7AI score0.00037EPSS
cve
cve
added 2024/10/21 8:15 p.m.64 views

CVE-2022-48994

In the Linux kernel, the following vulnerability has been resolved: ALSA: seq: Fix function prototype mismatch in snd_seq_expand_var_event With clang's kernel control flow integrity (kCFI, CONFIG_CFI_CLANG),indirect call targets are validated against the expected functionpointer prototype to make s...

5.5CVSS5.1AI score0.00036EPSS
cve
cve
added 2024/10/21 8:15 p.m.64 views

CVE-2022-49001

In the Linux kernel, the following vulnerability has been resolved: riscv: fix race when vmap stack overflow Currently, when detecting vmap stack overflow, riscv firstly switchesto the so called shadow stack, then use this shadow stack to call theget_overflow_stack() to get the overflow stack. Howe...

7CVSS6.8AI score0.00024EPSS
cve
cve
added 2025/02/26 7:0 a.m.64 views

CVE-2022-49082

In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix use after free in _scsih_expander_node_remove() The function mpt3sas_transport_port_remove() called in_scsih_expander_node_remove() frees the port field of the sas_expanderstructure, leading to the following use-...

7.8CVSS5.5AI score0.00026EPSS
cve
cve
added 2025/02/26 7:0 a.m.64 views

CVE-2022-49117

In the Linux kernel, the following vulnerability has been resolved: mips: ralink: fix a refcount leak in ill_acc_of_setup() of_node_put(np) needs to be called when pdev == NULL.

5.5CVSS5.3AI score0.00024EPSS
cve
cve
added 2025/02/26 7:0 a.m.64 views

CVE-2022-49133

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: svm range restore work deadlock when process exit kfd_process_notifier_release flush svm_range_restore_workwhich calls svm_range_list_lock_and_flush_work to flush deferred_listwork, but if deferred_list work mmput relea...

6.5AI score0.00054EPSS
cve
cve
added 2025/02/26 7:0 a.m.64 views

CVE-2022-49170

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on curseg->alloc_type As Wenqing Liu reported in bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=215657 OverviewUBSAN: array-index-out-of-bounds in fs/f2fs/segment.c:3460:2 when mount and opera...

5.2AI score0.00044EPSS
cve
cve
added 2025/02/26 7:0 a.m.64 views

CVE-2022-49191

In the Linux kernel, the following vulnerability has been resolved: mxser: fix xmit_buf leak in activate when LSR == 0xff When LSR is 0xff in ->activate() (rather unlike), we return an error.Provided ->shutdown() is not called when ->activate() fails, nothingactually frees the buffer in th...

5.5AI score0.00126EPSS
Total number of security vulnerabilities10926