CVE-2009-0835

Summary (CVE-2009-0835) in the Linux kernel (2.6.28.7 and earlier on x86_64) describes a local privilege issue within the seccomp filter. The __secure_computing function does not correctly handle calls where a 32‑bit process makes a 64‑bit syscall or a 64‑bit process makes a 32‑bit syscall, allow...

CVE-2022-49193

CVE-2022-49193 concerns the Linux kernel ice driver: a scheduling-while-atomic bug during aux critical error interrupt in ice_misc_intr() could lead to an oops via a mutex lock path. The fixed sequence adds handling in process context (ice_service_task) and introduces a PF state bit (oicr_err_reg...

CVE-2006-4814

CVE-2006-4814 is a mincore-related Linux kernel vulnerability restricted to older kernels (before 2.4.33.6) where access to user space was not properly locked, potentially causing a system hang (deadlock). Public sources in connected advisories confirm this CVE as part of multiple kernel updates,...

CVE-2006-5751

CVE-2006-5751 concerns the Linux kernel (pre-2.6.18.4) where an integer overflow in get_fdb_entries (net/bridge/br_ioctl.c) allows a local user to trigger arbitrary code execution by supplying a large maxnum in an ioctl. The issue is rooted in kernel networking bridge ioctl handling and could ena...

CVE-2006-6054

The CVE-2006-6054 issue affects the Linux kernel 2.6.x ext2 file system code, where a malformed ext2 stream can cause ext2_check_page to crash due to a length smaller than the minimum, enabling a local denial of service. Several connected advisories indicate this flaw was fixed in kernel updates ...

CVE-2007-0771

CVE-2007-0771 concerns the Linux kernel utrace support (notably in 2.6.18 and related 2.6.x lines) where local attackers can trigger a DoS via a race/spin failure between utrace_attach and related code paths when using ptrace (as exemplified by the ptrace-thrash scenario). The vulnerability manif...

CVE-2007-5904

The CVE-2007-5904 issue is a kernel vulnerability in the CIFS VFS of the Linux 2.6.23 and earlier kernels. It involves multiple buffer overflows triggered by long SMB responses in the SendReceive function, enabling a remote attacker to cause a crash and, potentially, arbitrary code execution. Pub...

CVE-2008-2826

The vulnerability CVE-2008-2826 is present in the Linux kernel prior to 2.6.25.9, where an integer overflow in sctp_getsockopt_local_addrs_old (net/sctp/socket.c) allows local users to trigger a denial of service through a large addr_num in the sctp_getaddrs_old structure. The issue is mitigated ...

CVE-2009-0747

The CVE-2009-0747 issue affects the Linux kernel’s ext4_isize helper in fs/ext4/ext4.h, exposing a denial-of-service risk when a local user mounts a crafted ext4 filesystem. The vulnerability arises from using the i_size_high structure member during operations on arbitrary file types, potentially...

CVE-2010-4076

CVE-2010-4076 affects Linux kernel 2.6.36.1 and earlier. The rs_ioctl function in drivers/char/amiserial.c does not initialize a structure member, enabling local users to read potentially sensitive information from kernel stack memory via TIOCGICOUNT. A fix is to apply the kernel update that addr...

CVE-2010-4563

The Connected documents provide concrete detail for CVE-2010-4563: when the Linux kernel handles IPv6, an attacker can probe for sniffing by sending an ICMPv6 Echo Request to a multicast address and observing whether an Echo Reply is returned (as shown by thcping). This affects the Linux kernel’s...

CVE-2010-4648

CVE-2010-4648 affects the Linux kernel wireless orinoco driver (orinoco_ioctl_set_auth in drivers/net/wireless/orinoco/wext.c) prior to 2.6.37, where TKIP protection was not correctly implemented. This could allow a remote attacker to read Wi‑Fi frames and gain access to the network. The issue is...

CVE-2011-1019

The CVE-2011-1019 issue affects the Linux kernel up to version 2.6.38, where dev_load in net/core/dev.c allows local users with CAP_NET_ADMIN to bypass CAP_SYS_MODULE and load arbitrary modules. This constitutes a local privilege escalation. Remediation is to upgrade to kernel 2.6.38 or newer (as...

CVE-2011-1474

CVE-2011-1474 affects pax-linux versions 2.6.32.33-test79.patch, 2.6.38-test3.patch, and 2.6.37.4-test14.patch. The root cause is a bad bounds check in arch_get_unmapped_area_topdown triggered by mmap after a MAP_GROWSDOWN mmap, which can loop indefinitely and not release the VM semaphore, potent...

CVE-2011-1479

CVE-2011-1479 : A double-free in the Linux kernel’s inotify subsystem (kernel versions before 2.6.39) allows local users to crash the system via paths involving failed file creation. The issue stems from an incorrect fix related to CVE-2010-4250. Affected product: Linux kernel; vulnerability type...

CVE-2011-4097

CVE-2011-4097 affects the Linux kernel up to version 3.1.8 on 64-bit systems. The vulnerability is due to an integer overflow in the oom_badness function (mm/oom_kill.c), which can allow a local user to trigger memory exhaustion or terminate processes, resulting in a denial of service. The root c...

CVE-2013-0217

The CVE-2013-0217 entry concerns memory leakage in the Linux kernel Xen netback driver (drivers/net/xen-netback/netback.c). The issue affects the Xen netback functionality in Linux kernel versions prior to 3.7.8, enabling a guest OS user to trigger error conditions that lead to memory exhaustion ...

CVE-2013-0309

CVE-2013-0309 affects arch/x86/include/asm/pgtable.h in the Linux kernel prior to 3.6.2 when Transparent Huge Pages are used. The issue: PROT_NONE memory regions are not properly supported, enabling a local user to trigger a denial of service (system crash). The connected Nessus advisories for Un...

CVE-2013-0310

The issue CVE-2013-0310 affects the Linux kernel, specifically the cipso_v4_validate function in net/ipv4/cipso_ipv4.c. In kernels prior to 3.4.8, local attackers can trigger a NULL pointer dereference and system crash via IPOPT_CIPSO IP_OPTIONS used with setsockopt, enabling potential local deni...

CVE-2013-4125

The CVE-2013-4125 issue affects the Linux kernel IPv6 stack: fib6_add_rt2node in net/ipv6/ip6_fib.c (up to and including 3.10.1) mishandles Router Advertisement messages in ECMP scenarios, allowing a remote attacker to crash the system via a crafted sequence of RA messages. Connected advisories (...

CVE-2013-4515

The CVE-2013-4515 issue affects the Linux kernel (pre-3.12) in the bcm_char_ioctl path (drivers/staging/bcm/Bcmchar.c). The root cause is failure to initialize a data structure, enabling local attackers to read sensitive kernel memory via the IOCTL_BCM_GET_DEVICE_DRIVER_INFO interface. Impact is ...

CVE-2013-7267

CVE-2013-7267 (Linux kernel) : Affected component is the atalk_recvmsg function in net/appletalk/ddp.c, vulnerable before 3.12.4. The bug updates a length value without ensuring the associated data structure is initialized, enabling local attackers to leak kernel memory via recvfrom, recvmmsg, or...

CVE-2013-7271

The CVE-2013-7271 issue affects the Linux kernel up to versions before 3.12.4. The vulnerability exists in x25_recvmsg (net/x25/af_x25.c), where a length value is updated without ensuring the associated data structure is initialized, enabling local attackers to disclose kernel memory content via ...

CVE-2014-9895

Technical details for CVE-2014-9895 are not publicly available in the provided documents. The materials reference an information disclosure in media-device.c but do not specify affected versions, root cause, impact, or fixes within this corpus. Monitor for updates.

CVE-2016-5340

CVE-2016-5340 is tied to a vulnerability in the KGSL Linux Graphics Module exposed by a QuIC Android patch for Linux kernel 3.x. The issue arises from the function is_ashmem_file in drivers/staging/android/ashmem.c, where pointer validation is mishandled. This design flaw can allow an attacker to...

CVE-2017-12168

CVE-2017-12168 affects the Linux kernel (arch/arm64) in the KVM subsystem, where the access_pmu_evcntr function in arch/arm64/kvm/sys_regs.c allows a privileged KVM guest OS user to trigger a denial of service (assertion failure and host crash) by reading the Performance Monitors Cycle Count Regi...

CVE-2021-47209

The CVE-2021-47209 issue affects the Linux kernel’s scheduler, specifically sched/fair with the cfs_rq handling. A use-after-free of a cfs_rq occurs when a dying task group is unlinked or partially unlinked while a concurrent timer/race (tg_unthrottle_up via sched_cfs_period_timer) can re-add cfs...

CVE-2021-47277

CVE-2021-47277 affects the Linux kernel KVM path for guest memory translation. The issue arises when speculative execution may use an invalid guest frame number (gfn) to compute an out-of-bounds host virtual address (hva) in __gfn_to_hva_memslot, enabling a potential two-read Spectre gadget where...

CVE-2021-47327

The CVE-2021-47327 issue concerns the Linux kernel’s iommu/arm-smmu path. arm_smmu_rpm_get() calls pm_runtime_get_sync(), which can inflate the refcount of the SMMU even when the function returns a negative error, causing a refcount leak if callers don’t balance it on failure. A fix is documented...

CVE-2021-47392

Summary: CVE-2021-47392 concerns a leak in the Linux kernel RDMA CMA listener path. If rdma_cma_listen_on_all() fails, the per-device ID remains on the listen_list, but the state is not set to RDMA_CM_ADDR_BOUND. When the CMID is later destroyed, cma_cancel_listens() may not be invoked due to the...

CVE-2021-47414

Summary: CVE-2021-47414 concerns a Linux kernel vulnerability on RISCV (SiFive HiFive Unmatched) where ftrace patching may trigger an illegal instruction due to icache/dcache synchronization across CPUs. The root cause is that icache of the current CPU is not flushed before other CPUs are asked t...

CVE-2021-47450

CVE-2021-47450 affects the Linux kernel KVM on arm64. The issue was a mismanaged refcounting of stage-2 PGD pages in protected mode: the host stage-2 PGD is treated as a single compound page, which could cause tail page refcounts to drop to zero and corrupt the page-table. The fix adds hyp_split_...

CVE-2021-47463

CVE-2021-47463 concerns a Linux kernel NULL pointer dereference in mm/secretmem during GUP operations. The issue arises from dereferencing page->mapping without ensuring it is non-NULL as a page mapping can be nulled while gup() runs (e.g., by reclaim or truncation). A fix was implemented to ...

CVE-2021-47476

CVE-2021-47476 : In the Linux kernel, the comedi driver for ni_usb6501 exposed a NULL-dereference/overflow risk in command paths due to endpoint-sized USB transfer buffers without proper size checks. Exploitation could occur if a malicious device reports smaller max-packet sizes than expected, af...

CVE-2021-47494

CVE-2021-47494 in the Linux kernel affects cfg80211 management registrations locking. The vulnerability arose because cfg80211_mgmt_registrations_update() iterated the per-wdev list without holding all necessary spinlocks, leading to list corruption. The fix moves the lock to the wiphy/rdev level...

CVE-2021-47578

CVE-2021-47578 impacts the Linux kernel. The vulnerability stems from the scsi_debug path calling memory allocation with a zero size: if size == 0, kcalloc() returns ZERO_SIZE_PTR, which can break a following NULL-pointer check. The fix is to return early (do not call kcalloc()) when the size arg...

CVE-2021-47586

The CVE-2021-47586 entry relates to the Linux kernel net: stmmac: dwmac-rk driver. KASAN reported an out-of-bounds read in rk_gmac_setup due to iterating over a flexible array member (regs) with a loop (while (ops->regs[i]) that reads past the ops structure on platforms where the array is empt...

CVE-2021-47603

In CVE-2021-47603, the Linux kernel audit subsystem is affected: kauditd_thread() could block when sending audit records if the audit daemon is stopped, allowing the audit backlog to grow beyond limits and potentially cause a deadlock. The referenced patch lowers the kernel thread’s socket send t...

CVE-2022-48698

CVE-2022-48698 affects the Linux kernel’s drm/amd/display path, causing a memory leak when using debugfs_lookup if the returned object isn’t released with dput(). The provided documents confirm the issue and describe the fix as correctly releasing the object via dput(), preventing unbounded memor...

CVE-2022-48721

CVE-2022-48721 affects the Linux kernel net/smc: when SMC is used and a fallback to TCP occurs, some waitqueue entries previously inserted into smc_socket->wq may remain. After fallback, data flows over TCP and only clcsock->wq is woken, so applications (e.g., epoll) may miss wakeups for th...

CVE-2022-48777

CVE-2022-48777 affects the Linux kernel mtd parsers for Qualcomm partitions. The issue triggers a kernel panic when a partition entry is skipped (name is empty and leads to a NULL name in cleanup). The patch reworks the parser logic to first validate the partition number, then allocate and popula...

CVE-2022-48851

CVE-2022-48851 is a Linux kernel vulnerability affecting the staging gdm724x driver, specifically a use-after-free in gdm_lte_rx. The issue arises because netif_rx_ni() frees the skb, making it unsafe to dereference to read skb->len. The vulnerability is documented with a local attack vector, ...

CVE-2022-48909

The CVE-2022-48909 entry relates to the Linux kernel net/smc subsystem. A connection leak could occur during a sequence where, after initiating a close, a tcp_abort() may discard pending CLC CONFIRM messages in the TCP send buffer, preventing delivery of the connection token and blocking passive ...

CVE-2022-48941

CVE-2022-48941 pertains to the Linux kernel ice driver, where a race between VF reset and removal could lead to memory corruption or panics. The root cause was a driver-state flag change that caused the PF to stop responding to VF messages during teardown, allowing a VF to remove DMA memory befor...

CVE-2022-49163

CVE-2022-49163 is a Linux kernel issue affecting the media/imx-jpeg driver. When parsing JPEGs, if an error occurs before a slot is acquired, a default MXC_MAX_SLOTS may be used and the driver can access the slot with an incorrect slot number, causing an out-of-bounds access. This leads to a chan...

CVE-2022-49191

Concrete details found: CVE-2022-49191 affects the Linux kernel mxser code path, where xmit_buf leaks in activate() when LSR == 0xff and ->shutdown() is not called on failure, leaving the buffer unfreed. The fix adds a proper free path to a designated label and ensures the code jumps there fro...

CVE-2022-49213

CVE-2022-49213 affects the Linux kernel, specifically the ath10k subsystem in the error path of ath10k_setup_msa_resources. The root cause is that the device_node pointer returned by of_parse_phandle() is assigned a refcount that is not always released on error paths, causing a refcount leak. The...

CVE-2022-49246

CVE-2022-49246 affects the Linux kernel, specifically ASoC: atmel: snd_proto_probe. The issue is a refcount leak: of_parse_phandle() returns a device_node with refcount incremented, but of_node_put() was only called in the regular path, not in error paths. The fix ensures of_node_put() is called ...

CVE-2022-49392

CVE-2022-49392 affects the Linux kernel’s serial driver for ASPEED vuart (8250_aspeed_vuart). The vulnerability arises from a NULL pointer dereference in aspeed_vuart_probe when platform_get_resource() returns NULL. The patch adds a check for the resource return value to avoid dereferencing NULL,...

CVE-2022-49399

CVE-2022-49399 affects the Linux kernel tty driver for the goldfish port. In goldfish_tty_probe(), the port created by tty_port_init() can leak resources if error paths don’t destroy it; in goldfish_tty_remove(), the port must also be destroyed. The fix is to call tty_port_destroy() to release th...