14430 matches found
CVE-2004-0497
CVE-2004-0497 describes a local privilege escalation in the Linux kernel 2.x family (notably 2.4/2.6-rc3) due to missing DAC controls in sys_chown, enabling a local user to modify the group ownership of files (including NFS-exported files) they do not own. The underlying issue allows changing fil...
CVE-2004-1070
Technical details (affected kernel versions, vulnerable component, impact, or remediation) are not publicly available in the provided documents. Monitor for updates.
CVE-2006-1527
CVE-2006-1527 affects the SCTP-netfilter code in the Linux kernel; an invalid SCTP chunk size can cause for_each_sctp_chunk to loop indefinitely, enabling a remote attacker to trigger a denial of service. The issue is in kernels prior to 2.6.16.13 and is addressed by the upstream 2.6.16.13 patch....
CVE-2006-4997
CVE-2006-4997 involves the Linux kernel ATM subsystem (clip_mkip in net/atm/clip.c). The issue allows a remote attacker to trigger a denial of service (panic) by causing the ATM subsystem to dereference memory of socket buffers after they have been freed. This is triggered by memory access patter...
CVE-2007-2875
CVE-2007-2875 concerns an Integer underflow in cpuset_tasks_read of the Linux kernel when the cpuset filesystem is mounted. The issue affects kernels prior to 2.6.20.13 and 2.6.21.x prior to 2.6.21.4, allowing a local attacker to read kernel memory contents by supplying a large offset while readi...
CVE-2007-3642
The vulnerability CVE-2007-3642 affects the Linux kernel and is tied to the decode_choice function in nf_conntrack_h323_asn1.c. It allows remote attackers to trigger a denial of service (crash) by providing an encoded, out-of-range index for a choice field, causing a NULL pointer dereference. Aff...
CVE-2007-3843
The CVE-2007-3843 issue affects the Linux kernel (pre-2.6.23-rc1) CIFS handling: the mount option sec= is checked against the wrong global variable, which could allow remote attackers to spoof CIFS network traffic intended to be signed with security signatures (e.g., lack of signing despite sec=n...
CVE-2007-6151
CVE-2007-6151 affects the Linux kernel ISDN subsystem (ISDN ioctl path). The description in the Initial document states a local user can trigger a denial-of-service via a crafted ioctl struct where iocts is not null-terminated, causing a buffer overflow in isdn_common.c. Connected documents (RHSA...
CVE-2008-4554
CVE-2008-4554 affects the Linux kernel in the do_splice_from function (fs/splice.c). Before 2.6.27, it does not reject file descriptors with the O_APPEND flag, allowing a local attacker to bypass append mode and make arbitrary changes to other parts of a file. The vulnerability is tied to the ker...
CVE-2009-1242
CVE-2009-1242: In the Linux kernel, the vmx_set_msr function of the KVM VMX implementation (arch/x86/kvm/vmx.c) on i386 allowed a local guest OS user to trigger a denial of service (OOPS) by setting the EFER_LME bit in the EFER MSR. The issue affects kernel versions before 2.6.29.1 and is tied to...
CVE-2010-0003
The connected document confirms CVE-2010-0003 affects the Linux kernel (i386) before 2.6.32.4, where the print_fatal_signal path in kernel/signal.c can let local users read arbitrary memory by jumping to an address and reading a log, with potential DoS via the same jump. This is associated with t...
CVE-2011-0006
CVE-2011-0006 affects the Linux kernel before 2.6.37: the ima_lsm_rule_init function in security/ima/ima_policy.c allows a local user to bypass IMA rules if LSM is disabled by an administrator's added IMA rule for LSM. Root cause is a bug in ima_policy.c. The advisory notes this as a fix in 2.6.3...
CVE-2011-1012
CVE-2011-1012 affects the Linux kernel, in particular the LDM partition handling. The flaw lies in ldm_parse_vmdb in fs/partitions/ldm.c, which does not validate the VBLK size in the VMDB structure of an LDM partition table. A crafted partition table can trigger a divide-by-zero and cause a kerne...
CVE-2011-1493
CVE-2011-1493 affects the Linux kernel (before 2.6.39). The vulnerable code is in rose_parse_national (net/rose/rose_subr.c), where an array index error can be triggered by a FAC_NATIONAL_DIGIS entry that specifies many digipeaters. This can cause heap memory corruption and a remote denial of ser...
CVE-2013-2895
CVE-2013-2895 affects the Linux kernel HID Logitech DJ driver (drivers/hid/hid-logitech-dj.c) up to version 3.11 when CONFIG_HID_LOGITECH_DJ is enabled. The vulnerability allows physically proximate attackers to cause a denial of service via a NULL pointer dereference and OOPS, or to read sensiti...
CVE-2013-3229
CVE-2013-3229 affects the Linux kernel and is caused by iucv_sock_recvmsg in net/iucv/af_iucv.c not initializing a length variable, enabling local attackers to read kernel stack memory via crafted recvmsg/recvfrom calls. Affected version: kernel builds before 3.9-rc7. Consequences: information di...
CVE-2014-5206
CVE-2014-5206 : In Linux kernel versions up to 3.16.1, the do_remount function in fs/namespace.c fails to preserve the MNT_LOCK_READONLY flag across remounts of bind mounts. This allows a local user to bypass the intended read-only restriction by using a mount -o remount within a user namespace, ...
CVE-2014-9410
The CVE-2014-9410 entry affects the MSM-VFE31 driver for the Linux kernel 3.x (as used in Qualcomm Innovation Center Android contributions). The vulnerability is in vfe31_proc_general, which does not validate a specific id value, enabling a local attacker to gain privileges or cause memory corrup...
CVE-2018-1095
CVE-2018-1095 concerns the Linux kernel up to 4.15.15, where ext4_xattr_check_entries in fs/ext4/xattr.c fails to validate xattr sizes, causing misinterpretation of a size as an error code. This can enable a crafted ext4 image to trigger a get_acl NULL pointer dereference and crash the system, i....
CVE-2021-47117
Technical details about CVE-2021-47117 are not provided in the connected documents. The initial description mentions ext4/extents_status and a kernel patch, but no explicit vendor/product/version mappings or remediation specifics are given in the supplied sources.
CVE-2021-47137
CVE-2021-47137 affects the Linux kernel in the net/lantiq RX ring handling. When memory allocation or DMA mapping fails, an invalid address can be programmed into the RX descriptor, causing memory corruption. The fix updates the RX path to drop/reuse skb mappings appropriately and increments the ...
CVE-2021-47145
CVE-2021-47145 affects the Linux kernel (btrfs) where a BUG_ON in link_to_fixup_dir can trigger a kernel panic during error paths in log recovery. The description shows a replay/recover flow (replay_one_buffer, btrfs_recover_log_trees, open_ctree) panicking with an invalid opcode in fs/btrfs/tree...
CVE-2021-47339
In CVE-2021-47339, the Linux kernel fix targets media: v4l2-core, addressing uninitialized kernel stack data that could be used as input for driver ioctl handlers due to mistakes in compat ioctl implementation. The resolution requires explicitly clearing the entire ioctl input buffer before conve...
CVE-2021-47375
CVE-2021-47375 affects the Linux kernel blktrace code. The issue is a use-after-free in blk_trace access after removing by sysfs, triggered during trace_note_tsk execution after blk_trace_free, leading to a kernel NULL pointer dereference (as shown by the provided log). The reproduction involves ...
CVE-2021-47419
CVE-2021-47419 affects the Linux kernel (net/sched sch_taprio) where a timer is set before a packet is received. The vulnerability stems from not reliably canceling the timer if ops->reset() hasn’t been invoked, because taprio_destroy() must cancel the active timer from the qdisc_destroy path....
CVE-2021-47451
CVE-2021-47451 relates to a Linux kernel netfilter xt_IDLETIMER panic caused by idletimer_tg.timer_type containing garbage values when a rule is added. The fixed version initializes timer_type with kzalloc instead of kmalloc to prevent the NULL/D garbage read that leads to a kernel panic. Public ...
CVE-2021-47506
CVE-2021-47506 – Linux kernel: nfsd delegation use-after-free fix Affected component: Linux kernel NFS server (nfsd) delegation handling. The vulnerability arises when a delegation break is processed after a call to vfs_setlease. A callback (nfsd4_cb_recall_prepare) adds the delegation to del_rec...
CVE-2021-47647
CVE-2021-47647 relates to the Linux kernel on Qualcomm IPQ8074 PCIe clock driver. The root cause is a missing clock parent setup in pcie0_rchng_clk_src: there were two declared parents but only one was actually provided via parent_hws, and the fix introduces the use of clk_parent_data to supply t...
CVE-2022-48650
CVE-2022-48650 : In the Linux kernel, memory leak in the SCSI qla2xxx path (__qlt_24xx_handle_abts()) occurs when tcm_qla2xxx_find_cmd_by_tag() doesn’t find a command and the command’s memory isn’t freed after an early return. The issue was fixed by commit 8f394da36a36, which also dropped TARGET_...
CVE-2022-48652
In CVE-2022-48652, the Linux kernel ICE driver fixes a crash when TC/channels are updated beyond allocated queues. The issue occurred when less queues were configured than TCs and later more TCs were added (e.g., via LLDP), leaving dirty num_txq/rxq and tc_cfg in the VSI and risking invalid point...
CVE-2022-48709
CVE-2022-48709 : In the Linux kernel, the ice switch path could leak memory if ice_add_special_words() failed, because the error path did not release the remaining resources before exiting. The fix adds the proper cleanup path by jumping to the err_unroll label to ensure the rm is released. The v...
CVE-2022-48739
CVE-2022-48739 affects the Linux kernel ASoC hdmi-codec subsystem. The vulnerability arises from out-of-bounds memory accesses during memcpy(), caused by an incorrect size for the iec_status array. The fix aligns the size of iec_status with the status array of struct snd_aes_iec958, eliminating t...
CVE-2022-48758
The CVE-2022-48758 issue affects the Linux kernel SCSI/fibre channel path, specifically the bnx2fc driver. The root cause is that the bnx2fc_destroy() path removes the interface before destroying its workqueue, causing repeated sysfs_remove_group() WARNs about the rport attributes being removed t...
CVE-2022-48891
CVE-2022-48891 – Linux kernel regulator (da9211): The issue arises if the IRQ handler is enabled before regulator structures are ready (e.g., when booting from kexec), potentially causing a crash due to an unreadable memory access. The patch fixes the initialization order to ensure the IRQ handle...
CVE-2022-48910
The CVE-2022-48910 case concerns the Linux kernel IPv6 addrconf path: when NETDEV_DOWN is triggered for reasons other than actual interface down, repeated calls can leak one ifmcaddr6 per multicast group by leaking idev->mc_tomb. The fix is to ensure ipv6_mc_down() runs at most once per state ...
CVE-2022-49089
CVE-2022-49089 (Linux kernel) resolves a race condition in IB/rdmavt code by adding a lock around a call to rvt_error_qp, which the function’s documentation requires both r_lock and s_lock to be held. The issue occurred because a commit in Fixes left the rvt_error_qp call in rvt_ruc_loopback unco...
CVE-2022-49148
The CVE-2022-49148 entry concerns a Linux kernel vulnerability where, during dismantling of watch_queue, the page array was not freed, leaving a memory leak. The issue was addressed by a patch sequence that first frees the alloc bitmap when tearing down watch_queue (commit 7ea1a0124b6d) and then ...
CVE-2022-49171
CVE-2022-49171 is a Linux kernel issue in the mm/gup.c path affecting ext4. The race causes [un]pin_user_pages_remote to dirty pages without proper pre-notification to ext4, which can lead to data loss. While the root cause is classed as a bug in mm/gup.c, ext4 is particularly fragile: if another...
CVE-2022-49336
CVE-2022-49336 concerns the Linux kernel, specifically the DRM subsystem driver etnaviv. The vulnerability arises in etnaviv_iommu_unmap_gem: if a mapping has already been reaped, the unmap operation must be a no-op to avoid removing the mapping twice and corrupting kernel data structures. The is...
CVE-2022-49357
CVE-2022-49357 is a Linux kernel issue affecting Apple T2 Macs during early boot. The vulnerability arises when Linux reads UEFI Secure Boot variables (db and dbx) and imports certificates, triggering a page fault in Apple firmware that disables EFI runtime services. The consequence is EFI Runtim...
CVE-2022-49358
CVE-2022-49358 affects the Linux kernel, specifically the netfilter nf_tables path where a memleak can occur for a flow rule object created during a commit path. The root cause is that abort path releases the flow rule object, but the commit path does not, leading to a memleak. The advisory docum...
CVE-2022-49396
CVE-2022-49396 affects the Linux kernel component phy: qcom-qmp, leaking the reset-controller on probe errors. The described fix releases the lane reset controller on late probe errors (e.g., probe deferral) and notes that the reset controller is defined in devicetree in the "lane" child nodes, w...
CVE-2022-49399
CVE-2022-49399 affects the Linux kernel tty driver for the goldfish port. In goldfish_tty_probe(), the port created by tty_port_init() can leak resources if error paths don’t destroy it; in goldfish_tty_remove(), the port must also be destroyed. The fix is to call tty_port_destroy() to release th...
CVE-2022-49446
CVE-2022-49446 affects the Linux kernel’s NVDIMM path, describing deadlock risks in CXL/NVDIMM interactions. The advisory notes possible unsafe locking scenarios involving nd_region keys, nvdimm_bus->reconfig_mutex, system_transition_mutex, and cxl_root/acpi_scan_lock chains, triggered by hold...
CVE-2022-49490
CVE-2022-49490: In the Linux kernel, drm/msm/mdp5 had a NULL dereference risk in mdp5_pipe_release when mdp5_get_global_state could return an error (-EDEADLK) during modeset lock handling. The fix propagates such errors from mdp5_get_global_state to mdp5_pipe_release and returns a proper error in...
CVE-2022-49667
The CVE-2022-49667 issue is a Linux kernel net bonding use-after-free bug triggered by 802.3ad slave unbind. The flaw occurs when bond_3ad_unbind_slave clears an aggregator while there are still ports referencing freed memory, due to ad_clear_agg being invoked even when the port count in a group ...
CVE-2022-49958
Summary: CVE-2022-49958 affects the Linux kernel net/sched subsystem. When an ethernet device with multiple queues fails to attach a qdisc to queue 0 due to memory exhaustion, the code may leave the original qdisc attached on other queues and fall back to noqueue, causing a reference leak if the ...
CVE-2022-50085
The CVE-2022-50085 issue is present in the Linux kernel’s dm-raid path and affects the raid_resume flow. A KASAN warning is triggered when lvmetad tests exercise mddev->raid_disks vs rs->raid_disks, causing an out-of-bounds access in the raid resume loop. The connected OpenVAS/Nessus entrie...
CVE-2022-50206
The CVE-2022-50206 issue affects the Linux kernel (ARM64) where emulation_proc_handler() concurrently updates table->data for proc_dointvec_minmax, allowing a NULL pointer dereference Oops. The fix is to keep table->data as &insn->current_mode and to retrieve the insn pointer with contai...
CVE-2023-52523
CVE-2023-52523 is a Linux kernel vulnerability where a BPF sockmap/sk_msg redirect can cause a crash if the egress target is a non-TCP socket. The root cause is a hard-coded assumption that the egress socket is TCP; after enabling redirects to non-TCP sockets, a non-TCP target leads to an invalid...