Lucene search
K
LinuxLinux Kernel

14430 matches found

CVE
CVE
added 2004/07/06 4:0 a.m.93 views

CVE-2004-0497

CVE-2004-0497 describes a local privilege escalation in the Linux kernel 2.x family (notably 2.4/2.6-rc3) due to missing DAC controls in sys_chown, enabling a local user to modify the group ownership of files (including NFS-exported files) they do not own. The underlying issue allows changing fil...

2.1CVSS5.7AI score0.00801EPSS
CVE
CVE
added 2004/12/01 5:0 a.m.93 views

CVE-2004-1070

Technical details (affected kernel versions, vulnerable component, impact, or remediation) are not publicly available in the provided documents. Monitor for updates.

7.2CVSS7.3AI score0.00508EPSS
CVE
CVE
added 2006/05/03 10:0 p.m.93 views

CVE-2006-1527

CVE-2006-1527 affects the SCTP-netfilter code in the Linux kernel; an invalid SCTP chunk size can cause for_each_sctp_chunk to loop indefinitely, enabling a remote attacker to trigger a denial of service. The issue is in kernels prior to 2.6.16.13 and is addressed by the upstream 2.6.16.13 patch....

5CVSS7.1AI score0.03815EPSS
CVE
CVE
added 2006/10/09 11:0 p.m.93 views

CVE-2006-4997

CVE-2006-4997 involves the Linux kernel ATM subsystem (clip_mkip in net/atm/clip.c). The issue allows a remote attacker to trigger a denial of service (panic) by causing the ATM subsystem to dereference memory of socket buffers after they have been freed. This is triggered by memory access patter...

7.5CVSS7AI score0.04722EPSS
CVE
CVE
added 2007/06/11 10:0 p.m.93 views

CVE-2007-2875

CVE-2007-2875 concerns an Integer underflow in cpuset_tasks_read of the Linux kernel when the cpuset filesystem is mounted. The issue affects kernels prior to 2.6.20.13 and 2.6.21.x prior to 2.6.21.4, allowing a local attacker to read kernel memory contents by supplying a large offset while readi...

2.1CVSS5.5AI score0.00436EPSS
Web
CVE
CVE
added 2007/07/10 1:0 a.m.93 views

CVE-2007-3642

The vulnerability CVE-2007-3642 affects the Linux kernel and is tied to the decode_choice function in nf_conntrack_h323_asn1.c. It allows remote attackers to trigger a denial of service (crash) by providing an encoded, out-of-range index for a choice field, causing a NULL pointer dereference. Aff...

7.8CVSS6.1AI score0.03872EPSS
CVE
CVE
added 2007/08/09 9:0 p.m.93 views

CVE-2007-3843

The CVE-2007-3843 issue affects the Linux kernel (pre-2.6.23-rc1) CIFS handling: the mount option sec= is checked against the wrong global variable, which could allow remote attackers to spoof CIFS network traffic intended to be signed with security signatures (e.g., lack of signing despite sec=n...

4.3CVSS6AI score0.02624EPSS
CVE
CVE
added 2007/12/15 1:0 a.m.93 views

CVE-2007-6151

CVE-2007-6151 affects the Linux kernel ISDN subsystem (ISDN ioctl path). The description in the Initial document states a local user can trigger a denial-of-service via a crafted ioctl struct where iocts is not null-terminated, causing a buffer overflow in isdn_common.c. Connected documents (RHSA...

7.2CVSS5.1AI score0.00556EPSS
CVE
CVE
added 2008/10/15 7:0 p.m.93 views

CVE-2008-4554

CVE-2008-4554 affects the Linux kernel in the do_splice_from function (fs/splice.c). Before 2.6.27, it does not reject file descriptors with the O_APPEND flag, allowing a local attacker to bypass append mode and make arbitrary changes to other parts of a file. The vulnerability is tied to the ker...

4.6CVSS4.4AI score0.00392EPSS
CVE
CVE
added 2009/04/06 2:0 p.m.93 views

CVE-2009-1242

CVE-2009-1242: In the Linux kernel, the vmx_set_msr function of the KVM VMX implementation (arch/x86/kvm/vmx.c) on i386 allowed a local guest OS user to trigger a denial of service (OOPS) by setting the EFER_LME bit in the EFER MSR. The issue affects kernel versions before 2.6.29.1 and is tied to...

4.9CVSS4.2AI score0.00473EPSS
CVE
CVE
added 2010/01/26 6:0 p.m.93 views

CVE-2010-0003

The connected document confirms CVE-2010-0003 affects the Linux kernel (i386) before 2.6.32.4, where the print_fatal_signal path in kernel/signal.c can let local users read arbitrary memory by jumping to an address and reading a log, with potential DoS via the same jump. This is associated with t...

5.4CVSS6.5AI score0.00415EPSS
CVE
CVE
added 2012/06/21 11:0 p.m.93 views

CVE-2011-0006

CVE-2011-0006 affects the Linux kernel before 2.6.37: the ima_lsm_rule_init function in security/ima/ima_policy.c allows a local user to bypass IMA rules if LSM is disabled by an administrator's added IMA rule for LSM. Root cause is a bug in ima_policy.c. The advisory notes this as a fix in 2.6.3...

1.9CVSS5.2AI score0.0034EPSS
CVE
CVE
added 2011/03/01 10:0 p.m.93 views

CVE-2011-1012

CVE-2011-1012 affects the Linux kernel, in particular the LDM partition handling. The flaw lies in ldm_parse_vmdb in fs/partitions/ldm.c, which does not validate the VBLK size in the VMDB structure of an LDM partition table. A crafted partition table can trigger a divide-by-zero and cause a kerne...

4.9CVSS7.3AI score0.00463EPSS
CVE
CVE
added 2012/06/21 11:0 p.m.93 views

CVE-2011-1493

CVE-2011-1493 affects the Linux kernel (before 2.6.39). The vulnerable code is in rose_parse_national (net/rose/rose_subr.c), where an array index error can be triggered by a FAC_NATIONAL_DIGIS entry that specifies many digipeaters. This can cause heap memory corruption and a remote denial of ser...

7.5CVSS8.5AI score0.03358EPSS
CVE
CVE
added 2013/09/13 6:0 p.m.93 views

CVE-2013-2895

CVE-2013-2895 affects the Linux kernel HID Logitech DJ driver (drivers/hid/hid-logitech-dj.c) up to version 3.11 when CONFIG_HID_LOGITECH_DJ is enabled. The vulnerability allows physically proximate attackers to cause a denial of service via a NULL pointer dereference and OOPS, or to read sensiti...

5.4CVSS6.1AI score0.00383EPSS
CVE
CVE
added 2013/04/22 10:0 a.m.93 views

CVE-2013-3229

CVE-2013-3229 affects the Linux kernel and is caused by iucv_sock_recvmsg in net/iucv/af_iucv.c not initializing a length variable, enabling local attackers to read kernel stack memory via crafted recvmsg/recvfrom calls. Affected version: kernel builds before 3.9-rc7. Consequences: information di...

4.9CVSS5.5AI score0.00378EPSS
CVE
CVE
added 2014/08/18 10:0 a.m.93 views

CVE-2014-5206

CVE-2014-5206 : In Linux kernel versions up to 3.16.1, the do_remount function in fs/namespace.c fails to preserve the MNT_LOCK_READONLY flag across remounts of bind mounts. This allows a local user to bypass the intended read-only restriction by using a mount -o remount within a user namespace, ...

7.2CVSS7.9AI score0.00368EPSS
CVE
CVE
added 2016/08/07 9:0 p.m.93 views

CVE-2014-9410

The CVE-2014-9410 entry affects the MSM-VFE31 driver for the Linux kernel 3.x (as used in Qualcomm Innovation Center Android contributions). The vulnerability is in vfe31_proc_general, which does not validate a specific id value, enabling a local attacker to gain privileges or cause memory corrup...

9.8CVSS8.8AI score0.01298EPSS
CVE
CVE
added 2018/04/02 3:0 a.m.93 views

CVE-2018-1095

CVE-2018-1095 concerns the Linux kernel up to 4.15.15, where ext4_xattr_check_entries in fs/ext4/xattr.c fails to validate xattr sizes, causing misinterpretation of a size as an error code. This can enable a crafted ext4 image to trigger a get_acl NULL pointer dereference and crash the system, i....

7.1CVSS5.1AI score0.01456EPSS
CVE
CVE
added 2024/03/15 8:14 p.m.93 views

CVE-2021-47117

Technical details about CVE-2021-47117 are not provided in the connected documents. The initial description mentions ext4/extents_status and a kernel patch, but no explicit vendor/product/version mappings or remediation specifics are given in the supplied sources.

5.5CVSS6.4AI score0.0024EPSS
CVE
CVE
added 2024/03/25 9:7 a.m.93 views

CVE-2021-47137

CVE-2021-47137 affects the Linux kernel in the net/lantiq RX ring handling. When memory allocation or DMA mapping fails, an invalid address can be programmed into the RX descriptor, causing memory corruption. The fix updates the RX path to drop/reuse skb mappings appropriately and increments the ...

7.8CVSS7.6AI score0.00231EPSS
CVE
CVE
added 2024/03/25 9:7 a.m.93 views

CVE-2021-47145

CVE-2021-47145 affects the Linux kernel (btrfs) where a BUG_ON in link_to_fixup_dir can trigger a kernel panic during error paths in log recovery. The description shows a replay/recover flow (replay_one_buffer, btrfs_recover_log_trees, open_ctree) panicking with an invalid opcode in fs/btrfs/tree...

5.5CVSS6.8AI score0.00271EPSS
CVE
CVE
added 2024/05/21 2:35 p.m.93 views

CVE-2021-47339

In CVE-2021-47339, the Linux kernel fix targets media: v4l2-core, addressing uninitialized kernel stack data that could be used as input for driver ioctl handlers due to mistakes in compat ioctl implementation. The resolution requires explicitly clearing the entire ioctl input buffer before conve...

5.5CVSS6.5AI score0.00236EPSS
CVE
CVE
added 2024/05/21 3:3 p.m.93 views

CVE-2021-47375

CVE-2021-47375 affects the Linux kernel blktrace code. The issue is a use-after-free in blk_trace access after removing by sysfs, triggered during trace_note_tsk execution after blk_trace_free, leading to a kernel NULL pointer dereference (as shown by the provided log). The reproduction involves ...

6.2CVSS7.2AI score0.00254EPSS
CVE
CVE
added 2024/05/21 3:4 p.m.93 views

CVE-2021-47419

CVE-2021-47419 affects the Linux kernel (net/sched sch_taprio) where a timer is set before a packet is received. The vulnerability stems from not reliably canceling the timer if ops->reset() hasn’t been invoked, because taprio_destroy() must cancel the active timer from the qdisc_destroy path....

5.5CVSS7AI score0.00222EPSS
CVE
CVE
added 2024/05/22 6:19 a.m.93 views

CVE-2021-47451

CVE-2021-47451 relates to a Linux kernel netfilter xt_IDLETIMER panic caused by idletimer_tg.timer_type containing garbage values when a rule is added. The fixed version initializes timer_type with kzalloc instead of kmalloc to prevent the NULL/D garbage read that leads to a kernel panic. Public ...

5.5CVSS6.4AI score0.00225EPSS
CVE
CVE
added 2024/05/24 3:1 p.m.93 views

CVE-2021-47506

CVE-2021-47506 – Linux kernel: nfsd delegation use-after-free fix Affected component: Linux kernel NFS server (nfsd) delegation handling. The vulnerability arises when a delegation break is processed after a call to vfs_setlease. A callback (nfsd4_cb_recall_prepare) adds the delegation to del_rec...

7.8CVSS6.8AI score0.0026EPSS
CVE
CVE
added 2025/02/26 1:54 a.m.93 views

CVE-2021-47647

CVE-2021-47647 relates to the Linux kernel on Qualcomm IPQ8074 PCIe clock driver. The root cause is a missing clock parent setup in pcie0_rchng_clk_src: there were two declared parents but only one was actually provided via parent_hws, and the fix introduces the use of clk_parent_data to supply t...

5.5CVSS5.2AI score0.00238EPSS
CVE
CVE
added 2024/04/28 1:0 p.m.93 views

CVE-2022-48650

CVE-2022-48650 : In the Linux kernel, memory leak in the SCSI qla2xxx path (__qlt_24xx_handle_abts()) occurs when tcm_qla2xxx_find_cmd_by_tag() doesn’t find a command and the command’s memory isn’t freed after an early return. The issue was fixed by commit 8f394da36a36, which also dropped TARGET_...

4.7CVSS6.2AI score0.00229EPSS
CVE
CVE
added 2024/04/28 1:0 p.m.93 views

CVE-2022-48652

In CVE-2022-48652, the Linux kernel ICE driver fixes a crash when TC/channels are updated beyond allocated queues. The issue occurred when less queues were configured than TCs and later more TCs were added (e.g., via LLDP), leaving dirty num_txq/rxq and tc_cfg in the VSI and risking invalid point...

5.5CVSS6.6AI score0.00197EPSS
CVE
CVE
added 2024/05/21 3:22 p.m.93 views

CVE-2022-48709

CVE-2022-48709 : In the Linux kernel, the ice switch path could leak memory if ice_add_special_words() failed, because the error path did not release the remaining resources before exiting. The fix adds the proper cleanup path by jumping to the err_unroll label to ensure the rm is released. The v...

5.5CVSS6.6AI score0.00205EPSS
CVE
CVE
added 2024/06/20 11:13 a.m.93 views

CVE-2022-48739

CVE-2022-48739 affects the Linux kernel ASoC hdmi-codec subsystem. The vulnerability arises from out-of-bounds memory accesses during memcpy(), caused by an incorrect size for the iec_status array. The fix aligns the size of iec_status with the status array of struct snd_aes_iec958, eliminating t...

7.1CVSS6.5AI score0.00233EPSS
CVE
CVE
added 2024/06/20 11:13 a.m.93 views

CVE-2022-48758

The CVE-2022-48758 issue affects the Linux kernel SCSI/fibre channel path, specifically the bnx2fc driver. The root cause is that the bnx2fc_destroy() path removes the interface before destroying its workqueue, causing repeated sysfs_remove_group() WARNs about the rport attributes being removed t...

5.5CVSS6.6AI score0.00215EPSS
CVE
CVE
added 2024/08/21 6:10 a.m.93 views

CVE-2022-48891

CVE-2022-48891 – Linux kernel regulator (da9211): The issue arises if the IRQ handler is enabled before regulator structures are ready (e.g., when booting from kexec), potentially causing a crash due to an unreadable memory access. The patch fixes the initialization order to ensure the IRQ handle...

5.5CVSS6.4AI score0.0024EPSS
CVE
CVE
added 2024/08/22 1:30 a.m.93 views

CVE-2022-48910

The CVE-2022-48910 case concerns the Linux kernel IPv6 addrconf path: when NETDEV_DOWN is triggered for reasons other than actual interface down, repeated calls can leak one ifmcaddr6 per multicast group by leaking idev->mc_tomb. The fix is to ensure ipv6_mc_down() runs at most once per state ...

5.5CVSS6.6AI score0.0021EPSS
CVE
CVE
added 2025/02/26 1:54 a.m.93 views

CVE-2022-49089

CVE-2022-49089 (Linux kernel) resolves a race condition in IB/rdmavt code by adding a lock around a call to rvt_error_qp, which the function’s documentation requires both r_lock and s_lock to be held. The issue occurred because a commit in Fixes left the rvt_error_qp call in rvt_ruc_loopback unco...

4.7CVSS5.4AI score0.0016EPSS
CVE
CVE
added 2025/02/26 1:55 a.m.93 views

CVE-2022-49148

The CVE-2022-49148 entry concerns a Linux kernel vulnerability where, during dismantling of watch_queue, the page array was not freed, leaving a memory leak. The issue was addressed by a patch sequence that first frees the alloc bitmap when tearing down watch_queue (commit 7ea1a0124b6d) and then ...

5.5CVSS5.4AI score0.00245EPSS
CVE
CVE
added 2025/02/26 1:55 a.m.93 views

CVE-2022-49171

CVE-2022-49171 is a Linux kernel issue in the mm/gup.c path affecting ext4. The race causes [un]pin_user_pages_remote to dirty pages without proper pre-notification to ext4, which can lead to data loss. While the root cause is classed as a bug in mm/gup.c, ext4 is particularly fragile: if another...

5.5CVSS5.2AI score0.00259EPSS
CVE
CVE
added 2025/02/26 2:10 a.m.93 views

CVE-2022-49336

CVE-2022-49336 concerns the Linux kernel, specifically the DRM subsystem driver etnaviv. The vulnerability arises in etnaviv_iommu_unmap_gem: if a mapping has already been reaped, the unmap operation must be a no-op to avoid removing the mapping twice and corrupting kernel data structures. The is...

5.5CVSS5.3AI score0.00253EPSS
CVE
CVE
added 2025/02/26 2:11 a.m.93 views

CVE-2022-49357

CVE-2022-49357 is a Linux kernel issue affecting Apple T2 Macs during early boot. The vulnerability arises when Linux reads UEFI Secure Boot variables (db and dbx) and imports certificates, triggering a page fault in Apple firmware that disables EFI runtime services. The consequence is EFI Runtim...

5.5CVSS5AI score0.00158EPSS
CVE
CVE
added 2025/02/26 2:11 a.m.93 views

CVE-2022-49358

CVE-2022-49358 affects the Linux kernel, specifically the netfilter nf_tables path where a memleak can occur for a flow rule object created during a commit path. The root cause is that abort path releases the flow rule object, but the commit path does not, leading to a memleak. The advisory docum...

5.5CVSS5.5AI score0.00274EPSS
CVE
CVE
added 2025/02/26 2:11 a.m.93 views

CVE-2022-49396

CVE-2022-49396 affects the Linux kernel component phy: qcom-qmp, leaking the reset-controller on probe errors. The described fix releases the lane reset controller on late probe errors (e.g., probe deferral) and notes that the reset controller is defined in devicetree in the "lane" child nodes, w...

5.5CVSS5.3AI score0.00253EPSS
CVE
CVE
added 2025/02/26 2:12 a.m.93 views

CVE-2022-49399

CVE-2022-49399 affects the Linux kernel tty driver for the goldfish port. In goldfish_tty_probe(), the port created by tty_port_init() can leak resources if error paths don’t destroy it; in goldfish_tty_remove(), the port must also be destroyed. The fix is to call tty_port_destroy() to release th...

5.5CVSS5.4AI score0.00246EPSS
CVE
CVE
added 2025/02/26 2:12 a.m.93 views

CVE-2022-49446

CVE-2022-49446 affects the Linux kernel’s NVDIMM path, describing deadlock risks in CXL/NVDIMM interactions. The advisory notes possible unsafe locking scenarios involving nd_region keys, nvdimm_bus->reconfig_mutex, system_transition_mutex, and cxl_root/acpi_scan_lock chains, triggered by hold...

5.5CVSS5.4AI score0.00191EPSS
CVE
CVE
added 2025/02/26 2:13 a.m.93 views

CVE-2022-49490

CVE-2022-49490: In the Linux kernel, drm/msm/mdp5 had a NULL dereference risk in mdp5_pipe_release when mdp5_get_global_state could return an error (-EDEADLK) during modeset lock handling. The fix propagates such errors from mdp5_get_global_state to mdp5_pipe_release and returns a proper error in...

5.5CVSS6.6AI score0.00253EPSS
CVE
CVE
added 2025/02/26 2:24 a.m.93 views

CVE-2022-49667

The CVE-2022-49667 issue is a Linux kernel net bonding use-after-free bug triggered by 802.3ad slave unbind. The flaw occurs when bond_3ad_unbind_slave clears an aggregator while there are still ports referencing freed memory, due to ad_clear_agg being invoked even when the port count in a group ...

7.8CVSS6.5AI score0.00281EPSS
CVE
CVE
added 2025/06/18 11:0 a.m.93 views

CVE-2022-49958

Summary: CVE-2022-49958 affects the Linux kernel net/sched subsystem. When an ethernet device with multiple queues fails to attach a qdisc to queue 0 due to memory exhaustion, the code may leave the original qdisc attached on other queues and fall back to noqueue, causing a reference leak if the ...

5.5CVSS6.6AI score0.00209EPSS
CVE
CVE
added 2025/06/18 11:2 a.m.93 views

CVE-2022-50085

The CVE-2022-50085 issue is present in the Linux kernel’s dm-raid path and affects the raid_resume flow. A KASAN warning is triggered when lvmetad tests exercise mddev->raid_disks vs rs->raid_disks, causing an out-of-bounds access in the raid resume loop. The connected OpenVAS/Nessus entrie...

7.8CVSS6.5AI score0.0017EPSS
CVE
CVE
added 2025/06/18 11:3 a.m.93 views

CVE-2022-50206

The CVE-2022-50206 issue affects the Linux kernel (ARM64) where emulation_proc_handler() concurrently updates table->data for proc_dointvec_minmax, allowing a NULL pointer dereference Oops. The fix is to keep table->data as &insn->current_mode and to retrieve the insn pointer with contai...

5.5CVSS6.4AI score0.00203EPSS
CVE
CVE
added 2024/03/02 9:52 p.m.93 views

CVE-2023-52523

CVE-2023-52523 is a Linux kernel vulnerability where a BPF sockmap/sk_msg redirect can cause a crash if the egress target is a non-TCP socket. The root cause is a hard-coded assumption that the egress socket is TCP; after enabling redirects to non-TCP sockets, a non-TCP target leads to an invalid...

5.5CVSS6.2AI score0.00225EPSS
Total number of security vulnerabilities14430