14403 matches found
CVE-2025-37763
CVE-2025-37763 : In the Linux kernel, the drm/imagination code fixed a use-after-free in the GPU scheduling path (pvr_queue_prepare_job) by having the fragment job take a reference on the geometry job, preventing the geometry job from being freed until the fragment is done. This mitigates a slab-...
CVE-2025-38250
In CVE-2025-38250, the Linux kernel Bluetooth vhci_flush() path is affected by a use-after-free when a thread closes a vhci fd while another thread uses the device. The issue stems from a missing synchronization after unlinking hdev from hci_dev_list in hci_unregister_dev(), allowing another thre...
CVE-2025-38459
CVE-2025-38459: Linux kernel ATM CLIP module vulnerability causing Denial of Service via infinite recursion in clip_push(). Root cause: second ATMARP_MKIP ioctl triggers recursion when vcc->old_push is used after first call; mitigation implemented by checking vcc->user_back (clip_vcc) and u...
CVE-2024-57953
CVE-2024-57953 affects the Linux kernel RTC driver (rtc: tps6594). On 32-bit systems a 64-bit tmp variable overflows when calculating tmp = offset * TICKS_PER_HOUR, because offset is a long and TICKS_PER_HOUR is very large (32768*3600). The description states the overflow occurs in tps6594_rtc_se...
CVE-2025-21949
CVE-2025-21949: LoongArch Linux kernel vulnerability in hugetlb mmap base address alignment. The issue occurred when the base address allocated from hugetlbfs was not aligned to the PMD size, triggering a kernel BUG in mm/hugetlb.c. A patch was added to check hugetlbfs mappings and align the mmap...
CVE-2025-22082
CVE-2025-22082 affects the Linux kernel IIO subsystem: iio_backend_debugfs_write_reg() could pass an uninitialized stack buffer to sscanf() due to missing NULL termination. The root cause is a stack buffer not guaranteed to be 0-initialized, leading to potential uncontrolled reads. The vulnerabil...
CVE-2025-22098
CVE-2025-22098 affects the Linux kernel’s DRM for ZynqMP DP. The issue is a deadlock in zynqmp_dp_ignore_hpd_set caused by attempting to lock the same mutex twice; the fix is to lock and unlock it properly (instead of locking twice). The vulnerability was identified by the Clang thread-safety ana...
CVE-2025-22099
CVE-2025-22099 affects the Linux kernel (drm: xlnx: zynqmp_dpsub) where devm_kasprintf() can return NULL and the NULL result wasn’t checked in zynqmp_audio_init(), risking a NULL dereference. The fix adds a NULL check in zynqmp_audio_init() to avoid dereferencing null pointers. Astra Linux securi...
CVE-2025-22100
CVE-2025-22100 affects the Linux kernel's DRM panthor path. The root cause is a race condition during gathering fdinfo group samples caused by insufficient protection when accessing groups with an xarray lock, which could lead to a use-after-free . The issue was fixed by the kernel commit e16635d...
CVE-2025-22110
CVE-2025-22110 affects the Linux kernel nfnetlink_queue path under netfilter. The vulnerability arises because a local message buffer ctx (lsmctx) could be read/used before proper initialization in nfqnl_build_packet_message(), since initialization occurs only after nfqnl_get_sk_secctx(). The pat...
CVE-2025-23152
CVE-2025-23152 affects the Linux kernel on arm64, where the bug was in arm64/crc-t10dif: out-of-scope array usage in crc_t10dif_arch(). A fix was applied in the kernel, described as correcting an array used outside its scope. Connected advisories/patch references include kernel commits (stable) a...
CVE-2025-37827
CVE-2025-37827 affects the Linux kernel’s Btrfs zoned mechanism when a RAID1 block-group has a write-pointer mismatch between disks. Root cause: a NULL pointer dereference in __btrfs_add_free_space_zoned() triggered by converting the metadata profile from DUP to RAID1 on two disks, leading to an ...
CVE-2025-38040
CVE-2025-38040 affects the Linux kernel’s serial/mctrl_gpio path. The advisory reports a fix for a denial of service/privilege implications by splitting the disabling of modem lines (disable_ms) into two APIs: sync and no_sync, addressing a sleeping function being called from an atomic context (d...
CVE-2025-38086
CVE-2025-38086 involves a Linux kernel vulnerability in net/ch9200 where mii_nway_restart() can trigger an uninitialised access through ch9200_mdio_read() due to not checking control_read() return value. The bug stems from an uninitialised local buffer (buff) being accessed when control_read() do...
CVE-2025-38163
CVE-2025-38163: A fault in the Linux kernel’s F2FS truncation path caused a kernel BUG due to an inconsistent sbi->total_valid_block_count versus mapped blocks, potentially leading to a crash/denial of service. The issue is in f2fs: with sbi->total_valid_block_count not matching inode-index...
CVE-2025-38234
CVE-2025-38234 affects the Linux kernel sched/rt code. The issue is a race in push_rt_task that can race with task migration and wakeups, potentially leaving a task in a pushable list even after it has migrated or run, leading to scheduler crashes such as NULL dereferences or BUG_ON failures. A f...
CVE-2025-38338
CVE-2025-38338 is a Linux kernel vulnerability affecting NFS read paths. A double-unlock in fs/nfs/read during truncation can cause a deadlock because folio_unlock() may be called twice, incorrectly clearing the PG_locked flag. This can lead to warnings in netfs_read_collection or to processes wa...
CVE-2025-38488
CVE-2025-38488 affects the Linux kernel SMB client path (crypt_message) where async crypto could lead to use-after-free when hardware accelerators return -EINPROGRESS. The issue arose after CVE-2024-50047 fixed async handling for all operations but hardware offload could still complete asynchrono...
CVE-2004-0814
CVE-2004-0814 describes race conditions in the Linux terminal layer (kernel 2.4.x and 2.6.x prior to 2.6.9). Root causes include a TIOCSETD ioctl race on a terminal interface accessed by multiple threads and a separate race when switching from console to PPP line discipline, which could allow loc...
CVE-2005-2456
CVE-2005-2456 refers to an array index overflow in the Linux kernel 2.6, in xfrm_user.c within xfrm_sk_policy_insert. A local user can trigger the overflow by supplying a p->dir value larger than XFRM_POLICY_OUT, causing writes beyond sock->sk_policy and resulting in a kernel crash (DoS) an...
CVE-2006-3626
CVE-2006-3626 is a local-privilege-escalation flaw in the Linux kernel (affected: 2.6.17.4 and earlier) caused by a race in the proc filesystem via prctl(PR_SET_DUMPABLE) that can set /proc/self/environ to setuid root. Exploitation would require local access and is not described as remote. The is...
CVE-2006-4145
CVE-2006-4145 affects the Linux kernel UDF filesystem driver (2.6.17 and earlier). The issue allows a local user to trigger a hang or crash by performing operations on truncated files (illustrated via dd). Public documents in connected feeds confirm this CVE and indicate that updated kernel packa...
CVE-2006-7203
CVE-2006-7203 affects the Linux kernel 2.6.20 and earlier, via compat_sys_mount in fs/compat.c. When mounting a smbfs filesystem in compatibility mode (mount -t smbfs), a local user can trigger a NULL pointer dereference (and oops), leading to denial of service. Publicly documented references (RH...
CVE-2007-3105
CVE-2007-3105 affects the Linux kernel before 2.6.22, where a stack-based buffer overflow in the RNG can be triggered by setting the default wakeup threshold larger than the output pool size. This may allow local root users to cause a denial of service or gain privileges due to the pool transfer ...
CVE-2007-4571
CVE-2007-4571 affects the ALSA portion of the Linux kernel before 2.6.22.8. The snd_mem_proc_read function in sound/core/memalloc.c does not return the correct write size, enabling a local user to read kernel memory contents via a small count argument (demonstrated by reading /proc/driver/snd-pag...
CVE-2007-5500
The CVE-2007-5500 issue is described in connected documents as a vulnerability in the Linux kernel (2.6.x) where the wait_task_stopped routine checks a TASK_TRACED bit instead of exit_state. This could allow a local unprivileged user to cause a denial of service (machine crash) via unspecified ve...
CVE-2008-3915
CVE-2008-3915 is a buffer overflow in the Linux kernel’s nfsd when NFSv4 is enabled. The issue can allow remote triggering of a denial of service via crafted NFSv4 ACL decoding; affected are kernels older than 2.6.26.4. The Debian/Ubuntu advisories in the connected set reference this CVE among a ...
CVE-2009-0747
The CVE-2009-0747 issue affects the Linux kernel’s ext4_isize helper in fs/ext4/ext4.h, exposing a denial-of-service risk when a local user mounts a crafted ext4 filesystem. The vulnerability arises from using the i_size_high structure member during operations on arbitrary file types, potentially...
CVE-2011-1019
The CVE-2011-1019 issue affects the Linux kernel up to version 2.6.38, where dev_load in net/core/dev.c allows local users with CAP_NET_ADMIN to bypass CAP_SYS_MODULE and load arbitrary modules. This constitutes a local privilege escalation. Remediation is to upgrade to kernel 2.6.38 or newer (as...
CVE-2011-4097
CVE-2011-4097 affects the Linux kernel up to version 3.1.8 on 64-bit systems. The vulnerability is due to an integer overflow in the oom_badness function (mm/oom_kill.c), which can allow a local user to trigger memory exhaustion or terminate processes, resulting in a denial of service. The root c...
CVE-2011-4348
Technical details for CVE-2011-4348 are not publicly provided in the connected documents. The material references the CVE in advisories but does not describe affected products, versions, root causes, or fixes. Monitor for updates.
CVE-2013-0310
The issue CVE-2013-0310 affects the Linux kernel, specifically the cipso_v4_validate function in net/ipv4/cipso_ipv4.c. In kernels prior to 3.4.8, local attackers can trigger a NULL pointer dereference and system crash via IPOPT_CIPSO IP_OPTIONS used with setsockopt, enabling potential local deni...
CVE-2013-3234
The vulnerability CVE-2013-3234 affects the Linux kernel’s rose_recvmsg function (net/rose/af_rose.c) prior to 3.9-rc7. It does not initialize a certain data structure, allowing local attackers to read sensitive information from kernel stack memory via crafted recvmsg/recvfrom calls. The issue im...
CVE-2013-4515
The CVE-2013-4515 issue affects the Linux kernel (pre-3.12) in the bcm_char_ioctl path (drivers/staging/bcm/Bcmchar.c). The root cause is failure to initialize a data structure, enabling local attackers to read sensitive kernel memory via the IOCTL_BCM_GET_DEVICE_DRIVER_INFO interface. Impact is ...
CVE-2013-7267
CVE-2013-7267 (Linux kernel) : Affected component is the atalk_recvmsg function in net/appletalk/ddp.c, vulnerable before 3.12.4. The bug updates a length value without ensuring the associated data structure is initialized, enabling local attackers to leak kernel memory via recvfrom, recvmmsg, or...
CVE-2013-7271
The CVE-2013-7271 issue affects the Linux kernel up to versions before 3.12.4. The vulnerability exists in x25_recvmsg (net/x25/af_x25.c), where a length value is updated without ensuring the associated data structure is initialized, enabling local attackers to disclose kernel memory content via ...
CVE-2014-2039
CVE-2014-2039 affects the Linux kernel on s390 where arch/s390/kernel/head64.S mishandles attempts to use the linkage stack, enabling local users to crash the system (denial of service) by executing a crafted instruction. The linked Nessus/MiracleUnity/EulerOS advisories confirm the issue exists ...
CVE-2015-3291
CVE-2015-3291 concerns the Linux kernel before 4.1.6 on the x86_64 platform. The issue is that nested NMI processing is not properly detected, allowing a local attacker to trigger a denial of service (skipped NMI) by manipulating the rsp register, issuing a syscall, and triggering an NMI. Affecte...
CVE-2016-6156
CVE-2016-6156 is a local-denial-of-service race in the Linux kernel Chrome EC driver (ec_device_ioctl_xcmd) implemented in drivers/platform/chrome/cros_ec_dev.c. It allows a local user to trigger an out-of-bounds array access by tampering with a size value, in kernels before 4.7; a fix was applie...
CVE-2017-12168
CVE-2017-12168 affects the Linux kernel (arch/arm64) in the KVM subsystem, where the access_pmu_evcntr function in arch/arm64/kvm/sys_regs.c allows a privileged KVM guest OS user to trigger a denial of service (assertion failure and host crash) by reading the Performance Monitors Cycle Count Regi...
CVE-2017-15128
The CVE-2017-15128 issue affects the Linux kernel’s hugetlb_mcopy_atomic_pte function (mm/hugetlb.c) prior to version 4.13.12, where a missing size check can lead to a denial of service (BUG). Public sources in connected advisories (e.g., EulerOS/Unity Linux Nessus plugins) corroborate that vulne...
CVE-2021-3736
CVE-2021-3736 affects the Linux kernel in mbochs_ioctl within samples/vfio-mdev/mbochs.c used by VFIO mediated devices. The flaw is a memory leak that could allow a local attacker to leak internal kernel information. Some sources note a patched kernel package (e.g., kernel 5.10.131.1-1 in Mariner...
CVE-2021-47261
CVE-2021-47261 affects the Linux kernel mlx5 IB driver. The CQ fragment initialization could read from the wrong buffer due to using get_cqe(), risking kernel panic when CQ size grows. The fix uses mlx5_frag_buf_get_wqe() to obtain CQEs from the correct source buffer, mitigating the issue. The li...
CVE-2021-47297
CVE-2021-47297 (Linux kernel) affects the net/caif/caif_socket.c path, specifically caif_seqpkt_sendmsg. The root cause is a KMSAN-uninit value in caif_seqpkt_sendmsg when nr_segs in iovec_from_user is zero, leading to uninit stack memory in msg->msg_iter.iov. The provided sources state that t...
CVE-2021-47325
CVE-2021-47325 concerns the Linux kernel’s iommu/arm-smmu subsystem. The issue is a refcount leak in arm_smmu_iova_to_phys_hard() where, on several error paths, the refcount of the underlying smmu object, increased by arm_smmu_rpm_get(), is not decremented. The fixed workaround described in the p...
CVE-2021-47327
The CVE-2021-47327 issue concerns the Linux kernel’s iommu/arm-smmu path. arm_smmu_rpm_get() calls pm_runtime_get_sync(), which can inflate the refcount of the SMMU even when the function returns a negative error, causing a refcount leak if callers don’t balance it on failure. A fix is documented...
CVE-2021-47333
CVE-2021-47333 (Linux kernel) affects the misc: alcor_pci path. In configurations where a device is connected directly to the root complex, bus->self (bridge) can be NULL, leading to priv->parent_pdev being NULL. The vulnerability stems from alcor_pci_init_check_aspm(priv->parent_pdev) r...
CVE-2021-47392
Summary: CVE-2021-47392 concerns a leak in the Linux kernel RDMA CMA listener path. If rdma_cma_listen_on_all() fails, the per-device ID remains on the listen_list, but the state is not set to RDMA_CM_ADDR_BOUND. When the CMID is later destroyed, cma_cancel_listens() may not be invoked due to the...
CVE-2021-47426
CVE-2021-47426 affects the Linux kernel (bpf, s390) with a memory leak in jit_data. The issue occurs in the error path and is resolved by freeing jit_data with kfree() to prevent leaks. The provided metrics indicate local access, low attack complexity, and low privileges needed, with no confident...
CVE-2021-47433
The CVE-2021-47433 issue is in the Linux kernel's btrfs code: an incorrect abort condition in the btrfs_replace_file_extents path could cause filesystem corruption with a missing extent in the middle of a file. The root cause is an abort decision that only checked ret != -EOPNOTSUPP in certain pa...