Lucene search
K
LinuxLinux Kernel

14403 matches found

CVE
CVE
added 2025/05/01 1:7 p.m.92 views

CVE-2025-37763

CVE-2025-37763 : In the Linux kernel, the drm/imagination code fixed a use-after-free in the GPU scheduling path (pvr_queue_prepare_job) by having the fragment job take a reference on the geometry job, preventing the geometry job from being freed until the fragment is done. This mitigates a slab-...

7.8CVSS6.6AI score0.00167EPSS
CVE
CVE
added 2025/07/09 10:42 a.m.91 views

CVE-2025-38250

In CVE-2025-38250, the Linux kernel Bluetooth vhci_flush() path is affected by a use-after-free when a thread closes a vhci fd while another thread uses the device. The issue stems from a missing synchronization after unlinking hdev from hci_dev_list in hci_unregister_dev(), allowing another thre...

7.8CVSS6.4AI score0.00142EPSS
CVE
CVE
added 2025/07/25 3:27 p.m.91 views

CVE-2025-38459

CVE-2025-38459: Linux kernel ATM CLIP module vulnerability causing Denial of Service via infinite recursion in clip_push(). Root cause: second ATMARP_MKIP ioctl triggers recursion when vcc->old_push is used after first call; mitigation implemented by checking vcc->user_back (clip_vcc) and u...

7.8CVSS6.2AI score0.0017EPSS
CVE
CVE
added 2025/02/27 2:7 a.m.90 views

CVE-2024-57953

CVE-2024-57953 affects the Linux kernel RTC driver (rtc: tps6594). On 32-bit systems a 64-bit tmp variable overflows when calculating tmp = offset * TICKS_PER_HOUR, because offset is a long and TICKS_PER_HOUR is very large (32768*3600). The description states the overflow occurs in tps6594_rtc_se...

5.5CVSS5.5AI score0.0021EPSS
CVE
CVE
added 2025/04/01 3:41 p.m.90 views

CVE-2025-21949

CVE-2025-21949: LoongArch Linux kernel vulnerability in hugetlb mmap base address alignment. The issue occurred when the base address allocated from hugetlbfs was not aligned to the PMD size, triggering a kernel BUG in mm/hugetlb.c. A patch was added to check hugetlbfs mappings and align the mmap...

5.5CVSS6.9AI score0.00161EPSS
CVE
CVE
added 2025/04/16 2:12 p.m.90 views

CVE-2025-22082

CVE-2025-22082 affects the Linux kernel IIO subsystem: iio_backend_debugfs_write_reg() could pass an uninitialized stack buffer to sscanf() due to missing NULL termination. The root cause is a stack buffer not guaranteed to be 0-initialized, leading to potential uncontrolled reads. The vulnerabil...

5.5CVSS6.7AI score0.00175EPSS
CVE
CVE
added 2025/04/16 2:12 p.m.90 views

CVE-2025-22098

CVE-2025-22098 affects the Linux kernel’s DRM for ZynqMP DP. The issue is a deadlock in zynqmp_dp_ignore_hpd_set caused by attempting to lock the same mutex twice; the fix is to lock and unlock it properly (instead of locking twice). The vulnerability was identified by the Clang thread-safety ana...

5.5CVSS6.5AI score0.00132EPSS
CVE
CVE
added 2025/04/16 2:12 p.m.90 views

CVE-2025-22099

CVE-2025-22099 affects the Linux kernel (drm: xlnx: zynqmp_dpsub) where devm_kasprintf() can return NULL and the NULL result wasn’t checked in zynqmp_audio_init(), risking a NULL dereference. The fix adds a NULL check in zynqmp_audio_init() to avoid dereferencing null pointers. Astra Linux securi...

5.5CVSS6.6AI score0.00148EPSS
CVE
CVE
added 2025/04/16 2:12 p.m.90 views

CVE-2025-22100

CVE-2025-22100 affects the Linux kernel's DRM panthor path. The root cause is a race condition during gathering fdinfo group samples caused by insufficient protection when accessing groups with an xarray lock, which could lead to a use-after-free . The issue was fixed by the kernel commit e16635d...

4.7CVSS6.5AI score0.00121EPSS
CVE
CVE
added 2025/04/16 2:12 p.m.90 views

CVE-2025-22110

CVE-2025-22110 affects the Linux kernel nfnetlink_queue path under netfilter. The vulnerability arises because a local message buffer ctx (lsmctx) could be read/used before proper initialization in nfqnl_build_packet_message(), since initialization occurs only after nfqnl_get_sk_secctx(). The pat...

5.5CVSS6.4AI score0.00148EPSS
CVE
CVE
added 2025/05/01 12:55 p.m.90 views

CVE-2025-23152

CVE-2025-23152 affects the Linux kernel on arm64, where the bug was in arm64/crc-t10dif: out-of-scope array usage in crc_t10dif_arch(). A fix was applied in the kernel, described as correcting an array used outside its scope. Connected advisories/patch references include kernel commits (stable) a...

5.5CVSS6.5AI score0.0014EPSS
CVE
CVE
added 2025/05/08 6:26 a.m.90 views

CVE-2025-37827

CVE-2025-37827 affects the Linux kernel’s Btrfs zoned mechanism when a RAID1 block-group has a write-pointer mismatch between disks. Root cause: a NULL pointer dereference in __btrfs_add_free_space_zoned() triggered by converting the metadata profile from DUP to RAID1 on two disks, leading to an ...

5.5CVSS6.4AI score0.00155EPSS
CVE
CVE
added 2025/06/18 9:33 a.m.90 views

CVE-2025-38040

CVE-2025-38040 affects the Linux kernel’s serial/mctrl_gpio path. The advisory reports a fix for a denial of service/privilege implications by splitting the disabling of modem lines (disable_ms) into two APIs: sync and no_sync, addressing a sleeping function being called from an atomic context (d...

5.5CVSS6.5AI score0.0016EPSS
CVE
CVE
added 2025/06/28 7:52 a.m.90 views

CVE-2025-38086

CVE-2025-38086 involves a Linux kernel vulnerability in net/ch9200 where mii_nway_restart() can trigger an uninitialised access through ch9200_mdio_read() due to not checking control_read() return value. The bug stems from an uninitialised local buffer (buff) being accessed when control_read() do...

5.5CVSS6.7AI score0.00153EPSS
CVE
CVE
added 2025/07/03 8:36 a.m.90 views

CVE-2025-38163

CVE-2025-38163: A fault in the Linux kernel’s F2FS truncation path caused a kernel BUG due to an inconsistent sbi->total_valid_block_count versus mapped blocks, potentially leading to a crash/denial of service. The issue is in f2fs: with sbi->total_valid_block_count not matching inode-index...

5.5CVSS7.1AI score0.00151EPSS
CVE
CVE
added 2025/07/04 1:37 p.m.90 views

CVE-2025-38234

CVE-2025-38234 affects the Linux kernel sched/rt code. The issue is a race in push_rt_task that can race with task migration and wakeups, potentially leaving a task in a pushable list even after it has migrated or run, leading to scheduler crashes such as NULL dereferences or BUG_ON failures. A f...

4.7CVSS6.5AI score0.0013EPSS
CVE
CVE
added 2025/07/10 8:15 a.m.90 views

CVE-2025-38338

CVE-2025-38338 is a Linux kernel vulnerability affecting NFS read paths. A double-unlock in fs/nfs/read during truncation can cause a deadlock because folio_unlock() may be called twice, incorrectly clearing the PG_locked flag. This can lead to warnings in netfs_read_collection or to processes wa...

7.8CVSS6.3AI score0.00153EPSS
CVE
CVE
added 2025/07/28 11:21 a.m.90 views

CVE-2025-38488

CVE-2025-38488 affects the Linux kernel SMB client path (crypt_message) where async crypto could lead to use-after-free when hardware accelerators return -EINPROGRESS. The issue arose after CVE-2024-50047 fixed async handling for all operations but hardware offload could still complete asynchrono...

7.8CVSS7.7AI score0.00278EPSS
CVE
CVE
added 2004/10/28 4:0 a.m.89 views

CVE-2004-0814

CVE-2004-0814 describes race conditions in the Linux terminal layer (kernel 2.4.x and 2.6.x prior to 2.6.9). Root causes include a TIOCSETD ioctl race on a terminal interface accessed by multiple threads and a separate race when switching from console to PPP line discipline, which could allow loc...

1.2CVSS7AI score0.00692EPSS
CVE
CVE
added 2005/08/04 4:0 a.m.89 views

CVE-2005-2456

CVE-2005-2456 refers to an array index overflow in the Linux kernel 2.6, in xfrm_user.c within xfrm_sk_policy_insert. A local user can trigger the overflow by supplying a p->dir value larger than XFRM_POLICY_OUT, causing writes beyond sock->sk_policy and resulting in a kernel crash (DoS) an...

5.5CVSS6.8AI score0.00375EPSS
CVE
CVE
added 2006/07/15 1:6 a.m.89 views

CVE-2006-3626

CVE-2006-3626 is a local-privilege-escalation flaw in the Linux kernel (affected: 2.6.17.4 and earlier) caused by a race in the proc filesystem via prctl(PR_SET_DUMPABLE) that can set /proc/self/environ to setuid root. Exploitation would require local access and is not described as remote. The is...

6.2CVSS7.3AI score0.02203EPSS
CVE
CVE
added 2006/08/21 7:0 p.m.89 views

CVE-2006-4145

CVE-2006-4145 affects the Linux kernel UDF filesystem driver (2.6.17 and earlier). The issue allows a local user to trigger a hang or crash by performing operations on truncated files (illustrated via dd). Public documents in connected feeds confirm this CVE and indicate that updated kernel packa...

4.9CVSS6.8AI score0.00434EPSS
CVE
CVE
added 2007/05/14 5:0 p.m.89 views

CVE-2006-7203

CVE-2006-7203 affects the Linux kernel 2.6.20 and earlier, via compat_sys_mount in fs/compat.c. When mounting a smbfs filesystem in compatibility mode (mount -t smbfs), a local user can trigger a NULL pointer dereference (and oops), leading to denial of service. Publicly documented references (RH...

4CVSS6.9AI score0.00479EPSS
CVE
CVE
added 2007/07/27 9:0 p.m.89 views

CVE-2007-3105

CVE-2007-3105 affects the Linux kernel before 2.6.22, where a stack-based buffer overflow in the RNG can be triggered by setting the default wakeup threshold larger than the output pool size. This may allow local root users to cause a denial of service or gain privileges due to the pool transfer ...

4.6CVSS6.5AI score0.00454EPSS
CVE
CVE
added 2007/09/26 10:0 a.m.89 views

CVE-2007-4571

CVE-2007-4571 affects the ALSA portion of the Linux kernel before 2.6.22.8. The snd_mem_proc_read function in sound/core/memalloc.c does not return the correct write size, enabling a local user to read kernel memory contents via a small count argument (demonstrated by reading /proc/driver/snd-pag...

2.1CVSS5.1AI score0.00761EPSS
CVE
CVE
added 2007/11/20 2:0 a.m.89 views

CVE-2007-5500

The CVE-2007-5500 issue is described in connected documents as a vulnerability in the Linux kernel (2.6.x) where the wait_task_stopped routine checks a TASK_TRACED bit instead of exit_state. This could allow a local unprivileged user to cause a denial of service (machine crash) via unspecified ve...

4.9CVSS5.6AI score0.00396EPSS
CVE
CVE
added 2008/09/09 2:0 p.m.89 views

CVE-2008-3915

CVE-2008-3915 is a buffer overflow in the Linux kernel’s nfsd when NFSv4 is enabled. The issue can allow remote triggering of a denial of service via crafted NFSv4 ACL decoding; affected are kernels older than 2.6.26.4. The Debian/Ubuntu advisories in the connected set reference this CVE among a ...

9.3CVSS5.3AI score0.04353EPSS
CVE
CVE
added 2009/02/27 5:0 p.m.89 views

CVE-2009-0747

The CVE-2009-0747 issue affects the Linux kernel’s ext4_isize helper in fs/ext4/ext4.h, exposing a denial-of-service risk when a local user mounts a crafted ext4 filesystem. The vulnerability arises from using the i_size_high structure member during operations on arbitrary file types, potentially...

4.9CVSS6.8AI score0.00412EPSS
CVE
CVE
added 2013/03/01 11:0 a.m.89 views

CVE-2011-1019

The CVE-2011-1019 issue affects the Linux kernel up to version 2.6.38, where dev_load in net/core/dev.c allows local users with CAP_NET_ADMIN to bypass CAP_SYS_MODULE and load arbitrary modules. This constitutes a local privilege escalation. Remediation is to upgrade to kernel 2.6.38 or newer (as...

1.9CVSS6.6AI score0.00443EPSS
CVE
CVE
added 2012/05/17 10:0 a.m.89 views

CVE-2011-4097

CVE-2011-4097 affects the Linux kernel up to version 3.1.8 on 64-bit systems. The vulnerability is due to an integer overflow in the oom_badness function (mm/oom_kill.c), which can allow a local user to trigger memory exhaustion or terminate processes, resulting in a denial of service. The root c...

5.5CVSS6.1AI score0.00453EPSS
CVE
CVE
added 2013/06/08 10:0 a.m.89 views

CVE-2011-4348

Technical details for CVE-2011-4348 are not publicly provided in the connected documents. The material references the CVE in advisories but does not describe affected products, versions, root causes, or fixes. Monitor for updates.

7.1CVSS5.9AI score0.02184EPSS
CVE
CVE
added 2013/02/22 12:0 a.m.89 views

CVE-2013-0310

The issue CVE-2013-0310 affects the Linux kernel, specifically the cipso_v4_validate function in net/ipv4/cipso_ipv4.c. In kernels prior to 3.4.8, local attackers can trigger a NULL pointer dereference and system crash via IPOPT_CIPSO IP_OPTIONS used with setsockopt, enabling potential local deni...

6.6CVSS5.9AI score0.00317EPSS
CVE
CVE
added 2013/04/22 10:0 a.m.89 views

CVE-2013-3234

The vulnerability CVE-2013-3234 affects the Linux kernel’s rose_recvmsg function (net/rose/af_rose.c) prior to 3.9-rc7. It does not initialize a certain data structure, allowing local attackers to read sensitive information from kernel stack memory via crafted recvmsg/recvfrom calls. The issue im...

4.9CVSS5.7AI score0.00389EPSS
CVE
CVE
added 2013/11/12 1:0 a.m.89 views

CVE-2013-4515

The CVE-2013-4515 issue affects the Linux kernel (pre-3.12) in the bcm_char_ioctl path (drivers/staging/bcm/Bcmchar.c). The root cause is failure to initialize a data structure, enabling local attackers to read sensitive kernel memory via the IOCTL_BCM_GET_DEVICE_DRIVER_INFO interface. Impact is ...

4.9CVSS6.7AI score0.00446EPSS
CVE
CVE
added 2014/01/06 11:0 a.m.89 views

CVE-2013-7267

CVE-2013-7267 (Linux kernel) : Affected component is the atalk_recvmsg function in net/appletalk/ddp.c, vulnerable before 3.12.4. The bug updates a length value without ensuring the associated data structure is initialized, enabling local attackers to leak kernel memory via recvfrom, recvmmsg, or...

4.9CVSS4.7AI score0.00434EPSS
CVE
CVE
added 2014/01/06 11:0 a.m.89 views

CVE-2013-7271

The CVE-2013-7271 issue affects the Linux kernel up to versions before 3.12.4. The vulnerability exists in x25_recvmsg (net/x25/af_x25.c), where a length value is updated without ensuring the associated data structure is initialized, enabling local attackers to disclose kernel memory content via ...

4.9CVSS4.7AI score0.0048EPSS
CVE
CVE
added 2014/02/28 2:0 a.m.89 views

CVE-2014-2039

CVE-2014-2039 affects the Linux kernel on s390 where arch/s390/kernel/head64.S mishandles attempts to use the linkage stack, enabling local users to crash the system (denial of service) by executing a crafted instruction. The linked Nessus/MiracleUnity/EulerOS advisories confirm the issue exists ...

4.9CVSS5.7AI score0.00456EPSS
CVE
CVE
added 2015/08/31 10:0 a.m.89 views

CVE-2015-3291

CVE-2015-3291 concerns the Linux kernel before 4.1.6 on the x86_64 platform. The issue is that nested NMI processing is not properly detected, allowing a local attacker to trigger a denial of service (skipped NMI) by manipulating the rsp register, issuing a syscall, and triggering an NMI. Affecte...

2.1CVSS5.3AI score0.00397EPSS
CVE
CVE
added 2016/08/06 8:0 p.m.89 views

CVE-2016-6156

CVE-2016-6156 is a local-denial-of-service race in the Linux kernel Chrome EC driver (ec_device_ioctl_xcmd) implemented in drivers/platform/chrome/cros_ec_dev.c. It allows a local user to trigger an out-of-bounds array access by tampering with a size value, in kernels before 4.7; a fix was applie...

5.1CVSS5AI score0.00274EPSS
CVE
CVE
added 2017/09/20 8:0 a.m.89 views

CVE-2017-12168

CVE-2017-12168 affects the Linux kernel (arch/arm64) in the KVM subsystem, where the access_pmu_evcntr function in arch/arm64/kvm/sys_regs.c allows a privileged KVM guest OS user to trigger a denial of service (assertion failure and host crash) by reading the Performance Monitors Cycle Count Regi...

6CVSS5.5AI score0.00417EPSS
CVE
CVE
added 2018/01/14 6:0 a.m.89 views

CVE-2017-15128

The CVE-2017-15128 issue affects the Linux kernel’s hugetlb_mcopy_atomic_pte function (mm/hugetlb.c) prior to version 4.13.12, where a missing size check can lead to a denial of service (BUG). Public sources in connected advisories (e.g., EulerOS/Unity Linux Nessus plugins) corroborate that vulne...

5.5CVSS5.2AI score0.00411EPSS
CVE
CVE
added 2022/08/23 3:51 p.m.89 views

CVE-2021-3736

CVE-2021-3736 affects the Linux kernel in mbochs_ioctl within samples/vfio-mdev/mbochs.c used by VFIO mediated devices. The flaw is a memory leak that could allow a local attacker to leak internal kernel information. Some sources note a patched kernel package (e.g., kernel 5.10.131.1-1 in Mariner...

5.5CVSS4.9AI score0.00237EPSS
CVE
CVE
added 2024/05/21 2:19 p.m.89 views

CVE-2021-47261

CVE-2021-47261 affects the Linux kernel mlx5 IB driver. The CQ fragment initialization could read from the wrong buffer due to using get_cqe(), risking kernel panic when CQ size grows. The fix uses mlx5_frag_buf_get_wqe() to obtain CQEs from the correct source buffer, mitigating the issue. The li...

7.8CVSS6.7AI score0.00234EPSS
CVE
CVE
added 2024/05/21 2:35 p.m.89 views

CVE-2021-47297

CVE-2021-47297 (Linux kernel) affects the net/caif/caif_socket.c path, specifically caif_seqpkt_sendmsg. The root cause is a KMSAN-uninit value in caif_seqpkt_sendmsg when nr_segs in iovec_from_user is zero, leading to uninit stack memory in msg->msg_iter.iov. The provided sources state that t...

5.5CVSS6.8AI score0.00226EPSS
CVE
CVE
added 2024/05/21 2:35 p.m.89 views

CVE-2021-47325

CVE-2021-47325 concerns the Linux kernel’s iommu/arm-smmu subsystem. The issue is a refcount leak in arm_smmu_iova_to_phys_hard() where, on several error paths, the refcount of the underlying smmu object, increased by arm_smmu_rpm_get(), is not decremented. The fixed workaround described in the p...

5.5CVSS6.6AI score0.00246EPSS
CVE
CVE
added 2024/05/21 2:35 p.m.89 views

CVE-2021-47327

The CVE-2021-47327 issue concerns the Linux kernel’s iommu/arm-smmu path. arm_smmu_rpm_get() calls pm_runtime_get_sync(), which can inflate the refcount of the SMMU even when the function returns a negative error, causing a refcount leak if callers don’t balance it on failure. A fix is documented...

7.1CVSS6.6AI score0.00255EPSS
CVE
CVE
added 2024/05/21 2:35 p.m.89 views

CVE-2021-47333

CVE-2021-47333 (Linux kernel) affects the misc: alcor_pci path. In configurations where a device is connected directly to the root complex, bus->self (bridge) can be NULL, leading to priv->parent_pdev being NULL. The vulnerability stems from alcor_pci_init_check_aspm(priv->parent_pdev) r...

5.5CVSS6.9AI score0.00239EPSS
CVE
CVE
added 2024/05/21 3:3 p.m.89 views

CVE-2021-47392

Summary: CVE-2021-47392 concerns a leak in the Linux kernel RDMA CMA listener path. If rdma_cma_listen_on_all() fails, the per-device ID remains on the listen_list, but the state is not set to RDMA_CM_ADDR_BOUND. When the CMID is later destroyed, cma_cancel_listens() may not be invoked due to the...

5.5CVSS6.6AI score0.00239EPSS
CVE
CVE
added 2024/05/21 3:4 p.m.89 views

CVE-2021-47426

CVE-2021-47426 affects the Linux kernel (bpf, s390) with a memory leak in jit_data. The issue occurs in the error path and is resolved by freeing jit_data with kfree() to prevent leaks. The provided metrics indicate local access, low attack complexity, and low privileges needed, with no confident...

5.5CVSS6.6AI score0.00222EPSS
CVE
CVE
added 2024/05/22 6:19 a.m.89 views

CVE-2021-47433

The CVE-2021-47433 issue is in the Linux kernel's btrfs code: an incorrect abort condition in the btrfs_replace_file_extents path could cause filesystem corruption with a missing extent in the middle of a file. The root cause is an abort decision that only checked ret != -EOPNOTSUPP in certain pa...

5.5CVSS7AI score0.00254EPSS
Total number of security vulnerabilities14403