13804 matches found
CVE-2007-5500
The CVE-2007-5500 issue is described in connected documents as a vulnerability in the Linux kernel (2.6.x) where the wait_task_stopped routine checks a TASK_TRACED bit instead of exit_state. This could allow a local unprivileged user to cause a denial of service (machine crash) via unspecified ve...
CVE-2008-3276
The CVE-2008-3276 flaw is an integer overflow in the Linux kernel’s DCCP stack (dccp_setsockopt_change in net/dccp/proto.c) affecting kernel versions 2.6.17-rc1 through 2.6.26.2. It allows remote attackers to trigger a denial of service (panic) via crafted Change L/Change R options when dccpsf_va...
CVE-2008-3833
CVE-2008-3833 affects the Linux kernel up to version 2.6.18 (vulnerable in 2.6.18 and earlier) where generic_file_splice_write in fs/splice.c does not properly strip setuid/setgid bits on writes via splice to a file. This allows local users to gain privileges of a different group or access sensit...
CVE-2008-5025
CVE-2008-5025: Linux kernel before 2.6.28-rc1 suffers a stack-based buffer overflow in hfs_cat_find_brec() within fs/hfs/catalog.c when processing an HFS image with an invalid catalog namelength, enabling memory corruption or a system crash and a DoS. The MiracleLinux advisory and related OpenVAS...
CVE-2009-0835
Summary (CVE-2009-0835) in the Linux kernel (2.6.28.7 and earlier on x86_64) describes a local privilege issue within the seccomp filter. The __secure_computing function does not correctly handle calls where a 32‑bit process makes a 64‑bit syscall or a 64‑bit process makes a 32‑bit syscall, allow...
CVE-2011-4348
Technical details for CVE-2011-4348 are not publicly provided in the connected documents. The material references the CVE in advisories but does not describe affected products, versions, root causes, or fixes. Monitor for updates.
CVE-2012-6549
The CVE-2012-6549 entry concerns the Linux kernel vulnerability where isofs_export_encode_fh in fs/isofs/export.c did not initialize a structure member, allowing local attackers to read sensitive data from kernel heap memory via a crafted application. Affected: Linux kernel versions prior to 3.6....
CVE-2015-5706
CVE-2015-5706 is a local-use-after-free vulnerability in the Linux kernel (path_openat in fs/namei.c) affecting 3.x and 4.x before 4.0.4. An attacker can trigger a denial of service (and possibly other impact) via O_TMPFILE filesystem operations that leverage a duplicate cleanup operation. Remedi...
CVE-2016-2067
CVE-2016-2067 affects the Linux kernel MSM GPU driver: drivers/gpu/msm/kgsl.c in the MSM graphics driver (QuIC Android contributions) for kernel 3.x. The root cause is mishandling of the KGSL_MEMFLAGS_GPUREADONLY flag, which can create accidental read/write mappings. This enables a local attacker...
CVE-2017-15128
The CVE-2017-15128 issue affects the Linux kernel’s hugetlb_mcopy_atomic_pte function (mm/hugetlb.c) prior to version 4.13.12, where a missing size check can lead to a denial of service (BUG). Public sources in connected advisories (e.g., EulerOS/Unity Linux Nessus plugins) corroborate that vulne...
CVE-2017-18550
CVE-2017-18550 affects Linux kernels up to 4.12: in drivers/scsi/aacraid/commctrl.c, aac_get_hba_info does not initialize hbainfo, exposing kernel stack memory. Severity is low (CVSS v3: 5.5) but local access required. The Unity Nessus advisories reproduce this issue and reference a kernel fix pr...
CVE-2018-12633
CVE-2018-12633 affects the Linux kernel up to 4.17.2, where vbg_misc_device_ioctl() in drivers/virt/vboxguest/vboxguest_linux.c double-fetches header data from user input via copy_from_user. A race condition lets a local attacker tamper with hdr.size_in and hdr.size_out between fetches, enabling ...
CVE-2018-5873
The CVE-2018-5873 entry refers to a race-condition induced Use-After-Free in the Linux kernel before 4.11, specifically in __ns_get_path within fs/nsfs.c. This affects the mainline Linux kernel and Android builds derived from CAF for Android kernels (Android for MSM, Firefox OS for MSM, QRD Andro...
CVE-2021-4441
Technical details such as affected products, exact root cause, impact, and patch versions are not publicly provided in the provided documents. Monitor for updates.
CVE-2021-47114
Technical details about CVE-2021-47114 are not publicly provided in the supplied documents. The sources reference the ocfs2 fallocate data corruption fix but do not specify affected versions, root cause specifics, exploit details, or remediation steps beyond the general description. Monitor for u...
CVE-2021-47143
CVE-2021-47143 affects the Linux kernel net/smc subsystem. The root cause was missing cleanup when a smcd_dev device_add() failed, leaving the device in smcd_dev_list and later freeing it, causing a corrupted list. The fix adds error handling to remove the device from the list on device_add() fai...
CVE-2021-47166
CVE-2021-47166 concerns the Linux kernel NFS code: the value of mirror->pg_bytes_written was updated before a successful flush of requests, risking corruption of pg_bytes_written in nfs_do_recoalesce(). The issue is resolved in the kernel, with the fix described as ensuring pg_bytes_written is...
CVE-2021-47173
CVE-2021-47173 is a Linux kernel issue described in connected advisories as a memory-leak bug in the USB subsystem. Specifically, the probe for the uss720 device (uss720_probe) forgets to decrement the usbdev refcount, leading to a memory leak. The fix recorded in the sources is to release the de...
CVE-2021-47187
CVE-2021-47187 concerns arm64: dts: qcom: msm8998 in the Linux kernel. The issue was a miscalculation of min-residency-us and conflicting idle-time parameters between CPU sleep and L2 power-collapse timings, which could cause SoC instability (random reboots/lockups) when CPU scaling is enabled. A...
CVE-2021-47261
CVE-2021-47261 affects the Linux kernel mlx5 IB driver. The CQ fragment initialization could read from the wrong buffer due to using get_cqe(), risking kernel panic when CQ size grows. The fix uses mlx5_frag_buf_get_wqe() to obtain CQEs from the correct source buffer, mitigating the issue. The li...
CVE-2021-47331
The CVE-2021-47331 issue affects the Linux kernel usb-conn-gpio path. Root cause: an IDDIG interrupt can occur before charger registration, causing a NULL pointer dereference. Fix: register the power supply before requesting IDDIG/VBUS IRQ to prevent the dereference. Affected scope and exact reme...
CVE-2021-47335
CVE-2021-47335 (Linux kernel, f2fs) : A race on the global fsync_entry_slab across multi filesystem instances caused a use-after-free in the slab cache during f2fs recovery. The root cause is concurrent access to the slab pointer when multiple f2fs mounts exist, leading to a use-after-free during...
CVE-2021-47371
CVE-2021-47371 affects the Linux kernel where memory leaks occur in the nexthop notification chain listeners. The issue arises during reload flows (e.g., mlxsw unregistration and netdev/nexthop notification handling) where some nexthop delete notifications may be skipped for certain netdevs, caus...
CVE-2021-47426
CVE-2021-47426 affects the Linux kernel (bpf, s390) with a memory leak in jit_data. The issue occurs in the error path and is resolved by freeing jit_data with kfree() to prevent leaks. The provided metrics indicate local access, low attack complexity, and low privileges needed, with no confident...
CVE-2021-47433
The CVE-2021-47433 issue is in the Linux kernel's btrfs code: an incorrect abort condition in the btrfs_replace_file_extents path could cause filesystem corruption with a missing extent in the middle of a file. The root cause is an abort decision that only checked ret != -EOPNOTSUPP in certain pa...
CVE-2021-47451
CVE-2021-47451 relates to a Linux kernel netfilter xt_IDLETIMER panic caused by idletimer_tg.timer_type containing garbage values when a rule is added. The fixed version initializes timer_type with kzalloc instead of kmalloc to prevent the NULL/D garbage read that leads to a kernel panic. Public ...
CVE-2022-48642
Summary: CVE-2022-48642 is a Linux kernel vulnerability in netfilter/nf_tables that causes a percpu memory leak in nf_tables_addchain(), linked to nf_chain_offload_priority() error handling. The leak was observed since a prior commit and has been fixed in the kernel by the referenced changes (e.g...
CVE-2022-48652
In CVE-2022-48652, the Linux kernel ICE driver fixes a crash when TC/channels are updated beyond allocated queues. The issue occurred when less queues were configured than TCs and later more TCs were added (e.g., via LLDP), leaving dirty num_txq/rxq and tc_cfg in the VSI and risking invalid point...
CVE-2022-48654
The CVE-2022-48654 entry concerns a Linux kernel netfilter issue: nfnetlink_osf (nf_osf_find) could incorrectly return true on a mismatch, causing copying of uninitialized memory in nft_osf and leaking stale kernel stack data to userspace. Connected Astra Linux advisory mirrors this vulnerability...
CVE-2022-48712
CVE-2022-48712 affects the Linux kernel ext4 subsystem. The advisory states that ext4: fix error handling in ext4_fc_record_modified_inode() does not fully handle krealloc() error cases, which could lead to silent memory corruption or a kernel bug. The fix patches the error handling in ext4_fc_re...
CVE-2022-48715
CVE-2022-48715 is a Linux kernel vulnerability related to the SCSI driver bn x2fc. The issue stems from bnx2fc_recv_frame() modifying per-CPU lport stats counters in a non-MP-safe way, which could occur in a preemptible context when SMP features are enabled. The resolved fix restores the old get_...
CVE-2022-48793
CVE-2022-48793 affects the Linux kernel KVM/x86 nested migration path. The root cause is a NULL dereference caused by calling nested_svm_load_cr3 before Nested Page Tables (NPT) are enabled, preventing guest memory access and breaking mmu walk initialization. Red Hat and vendor advisories (RHSA-2...
CVE-2022-48809
In CVE-2022-48809, the Linux kernel fixes a memory leak in net handling when uncloning an skb destination and its metadata. The root cause is that the uncloned dst+metadata is initialized with refcount 1 and briefly increased to 2 before attachment, leaving a path where the refcount cannot drop t...
CVE-2022-48814
CVE-2022-48814 affects the Linux kernel DSA seville driver (VSC9959) where mdiobus was allocated/registered with devres. The root cause is a devres interaction causing mdiobus to be freed without prior unregistration, leading to mdiobus_free() panics when invoked from devm_mdiobus_free(). The pro...
CVE-2022-48910
The CVE-2022-48910 case concerns the Linux kernel IPv6 addrconf path: when NETDEV_DOWN is triggered for reasons other than actual interface down, repeated calls can leak one ifmcaddr6 per multicast group by leaking idev->mc_tomb. The fix is to ensure ipv6_mc_down() runs at most once per state ...
CVE-2022-49075
CVE-2022-49075 : In the Linux kernel, a qgroup reserve overflow in btrfs can occur when fallocate spans more than 4 GiB. The root cause is that extent_changeset->bytes_changed is stored as an unsigned int, causing overflow and potentially breaking the qgroup limit. The advisory notes that regu...
CVE-2022-49092
CVE-2022-49092 concerns a Linux kernel net/ipv4 routing issue where deleting a route that points to a nexthop ID (without nhid) triggers a warning in fib_nh_match when a nexthop object is present. The root cause is a match operation on a fib_info with a nexthop object; the fix is to skip such mat...
CVE-2022-49105
CVE-2022-49105 concerns the Linux kernel: in the staging/wfx driver, an error path in wfx_init_common() could return without freeing ieee80211 hardware state, leading to a memory leak. The fix adds an err label and ensures ieee80211_free_hw(hw) is called on error paths, unifying the error handlin...
CVE-2022-49121
CVE-2022-49121 involves the Linux kernel SCSI pm8001 driver and is resolved in the kernel updates. The issue is a tag leak in error paths where tags allocated by pm8001_mpi_build_cmd() may not be freed when cmd building fails, and similarly when the chip task abort path fails, a missing call to p...
CVE-2022-49144
CVE-2022-49144 pertains to the Linux kernel io_uring subsystem. The issue stems from a memory-leak when registering files: if there are no files to process in __io_sqe_files_scm(), the code frees resources but forgets to restore the uid, leading to a leak. The connected documents confirm this exa...
CVE-2022-49162
The CVE-2022-49162 issue affects the Linux kernel’s fbdev sm712fb driver. When the sm712fb driver writes three bytes to the framebuffer, it could crash with a page fault due to an endianness fixup path that was open-coded. The fix is to remove the open-coded endianness fixup code (kernel patching...
CVE-2022-49165
CVE-2022-49165 is a Linux kernel vulnerability in the media: imx-jpeg decoding path. When an NV12M JPEG is queued as an output buffer but a single-planar capture buffer is queued, the kernel could crash with a NULL pointer dereference in mxc_jpeg_addrs. The mitigation in the patch is to finish th...
CVE-2022-49193
CVE-2022-49193 concerns the Linux kernel ice driver: a scheduling-while-atomic bug during aux critical error interrupt in ice_misc_intr() could lead to an oops via a mutex lock path. The fixed sequence adds handling in process context (ice_service_task) and introduces a PF state bit (oicr_err_reg...
CVE-2022-49230
CVE-2022-49230 concerns the Linux kernel, specifically the mt76 mt7915 driver. The issue was a memory-leak in mt7915_mcu_add_sta where allocated skbs could be leaked on failures. The resolution is to free the allocated skb in the failure path. The CVE’s CVSSv3 base score is 5.5 (Medium) with LOCA...
CVE-2022-49270
CVE-2022-49270 : In the Linux kernel, a use-after-free can occur in dm_cleanup_zoned_dev() if it is not called before blk_cleanup_disk() proceeds through its cleanup path (blk_cleanup_disk->blk_cleanup_queue()->kobject_put()->blk_release_queue()->…->blk_free_queue_rcu()). This raci...
CVE-2022-49337
In the Linux kernel OCFS2 code, CVE-2022-49337 relates to dlmfs user_dlm_destroy_lock: on failure, flags like USER_LOCK_IN_TEARDOWN and USER_LOCK_BUSY may not be cleared, causing a use-after-free risk and a kernel panic during unlink. The fix reverts USER_LOCK_IN_TEARDOWN on failure and ensures e...
CVE-2022-49359
CVE-2022-49359 : In Linux kernel’s DRM Panfrost handling, a use-after-free occurs when a panfrost_priv is freed but a job structure continues to reference it to obtain the MMU context. The fix drops the panfrost_priv reference from the job and adds a direct reference to the MMU structure that is ...
CVE-2022-49418
The CVE affects the Linux kernel in NFSv4 handling, where an uninitialized nfs4_label could be freed during referral lookup, leading to a crash. The fix reuses the already-allocated fattr with nfs4_fs_locations and drops the memcpy of fattr, avoiding two extra allocations and preventing the crash...
CVE-2022-49470
CVE-2022-49470 concerns the Linux kernel Bluetooth subsystem, specifically the btmtksdio driver. The provided sources confirm a concrete issue: use-after-free involving the skb/data in btmtksdio_recv_event after hci_recv_frame is called, leading to a KASAN report. The impact is high (CVE score 7....
CVE-2022-49475
The connected advisories confirm CVE-2022-49475 affects the Linux kernel in the spi-fsl-qspi driver, where a missing check of the resource returned by platform_get_resource_byname() can lead to a NULL pointer dereference. The root cause is not validating the resource handle before use, causing a ...