14031 matches found
CVE-2016-9754
CVE-2016-9754 affects the Linux kernel’s ring_buffer_resize in the profiling subsystem, where integer calculations in ring_buffer.c before 4.6.1 allow a local user to gain privileges by writing to /sys/kernel/debug/tracing/buffer_size_kb. The issue is fixed in kernel 4.6.1 and later. Affected pro...
CVE-2024-50293
Technical details about CVE-2024-50293 (net/smc dangling sk in __smc_create) are not publicly provided in the supplied documents. Monitor for updates from official advisories.
CVE-2024-53182
The CVE-2024-53182 issue affects the Linux kernel BFQ Scheduler. A revert of the patch that merged bfq_release_process_ref() into bfq_put_cooperator() caused bic_set_bfqq to operate on a freed bic data structure, yielding a slab-use-after-free detected by KASAN in bic_set_bfqq+0x200/0x230. Impact...
CVE-2024-56673
Technical details about CVE-2024-56673 are not provided in the supplied documents. Monitor for updates from the vendors/security advisories for affected products, fixes, and mitigations.
CVE-2024-57921
CVE-2024-57921 : In the Linux kernel, the AMDGPU/AMDGPU DRM buddy allocator had a race condition during trim, mitigated by adding a lock around buddy allocator trim function. The fix prevents a potential general protection fault and system hang when running mixed workloads (e.g., YouTube playback...
CVE-2024-58082
CVE-2024-58082 affects the Linux kernel media nuvoton driver (npcm_video_ece_init). The root cause is improper error handling: when of_find_device_by_node() fails it returns NULL instead of an error code, so the code path should check for NULL and return -ENODEV. The fix implements proper NULL ch...
CVE-2025-22082
CVE-2025-22082 affects the Linux kernel IIO subsystem: iio_backend_debugfs_write_reg() could pass an uninitialized stack buffer to sscanf() due to missing NULL termination. The root cause is a stack buffer not guaranteed to be 0-initialized, leading to potential uncontrolled reads. The vulnerabil...
CVE-2025-22092
The CVE-2025-22092 issue affects the Linux kernel PCI/SR-IOV path. Root cause: NULL dereference when handling virtfn creation error paths and during device removal, caused by an error handling flow after pci_setup_device() fails. The fix adds pci_iov_scan_device() to manage virtfn allocation/setu...
CVE-2025-37751
Concrete details found: CVE-2025-37751 affects the Linux kernel in x86/cpu handling of the AMD erratum table (erratum_1386_microcode). The issue arose when the NULL array terminator at the end of the table was removed during the switch from x86_cpu_desc to x86_cpu_id, causing readers to run off t...
CVE-2025-37763
CVE-2025-37763 : In the Linux kernel, the drm/imagination code fixed a use-after-free in the GPU scheduling path (pvr_queue_prepare_job) by having the fragment job take a reference on the geometry job, preventing the geometry job from being freed until the fragment is done. This mitigates a slab-...
CVE-2025-37816
Technical details for CVE-2025-37816 are not publicly available in the provided documents. Monitor for updates.
CVE-2025-38094
CVE-2025-38094 (Linux kernel, macb deadlock) Fix for a possible deadlock in the macb driver under cadence when THALT is high and TGO remains high. The issue occurred in contexts with interrupts disabled, where jiffies were not updated and the loop wouldn’t exit, potentially locking a sama5d4 devi...
CVE-2025-38181
CVE-2025-38181 affects the Linux kernel CALIPSO code path. A NULL pointer dereference could occur in calipso_req_setattr()/calipso_req_delattr() when CALIPSO options are allocated during socket option handling, tied to sk_to_full_sk() and the predicated rsk_listener being NULL after certain synco...
CVE-2025-38190
CVE-2025-38190 affects the Linux kernel ATM path. The issue arises when in the vcc_sendmsg() path, skb->truesize is accounted to sk_wmem_alloc via atm_account_tx(), but the corresponding revert is not performed on copy_from_iter_full() failure, potentially leaking a socket. The fixed approach ...
CVE-2025-38386
The CVE-2025-38386 entry relates to ACPICA in the Linux kernel. Root cause: AML/ACPICA could crash via use-after-free when a platform firmware update increased method parameter counts and callers weren’t updated. Fix: ACPICA now refuses to evaluate a method if the caller passes fewer arguments th...
CVE-2025-38464
CVE-2025-38464 affects the Linux kernel Tipc subsystem. The issue is a use-after-free in tipc_conn_close() that can occur when tipc_topsrv_stop() iterates tipc_net(net)->topsrv->conn_idr and calls tipc_conn_close() for each tipc_conn after releasing the IDR lock. If tipc_conn_recv_work() is...
CVE-2000-0506
The CVE refers to the Linux kernel capabilities feature prior to 2.2.16. Local users can cause a denial of service or gain privileges by manipulating capabilities to prevent a setuid program from dropping privileges. The provided documents do not include exploit details or a specified fix/patch i...
CVE-2003-0462
CVE-2003-0462 is a race condition in the Linux 2.4 kernel where env_start/env_end pointers used by the execve path (fs/proc/base.c) can lead to a local denial of service (kernel crash). Documented for several 2.4.x architectures (notably i386/alpha) and tracked in multiple advisories (e.g., Debia...
CVE-2004-0496
The CVE-2004-0496 entry refers to multiple local vulnerabilities in the Linux kernel 2.6, distinct from CVE-2004-0495, discovered via Sparse. Connected sources (Gentoo GLSA advisories GLSA-200407-02 and GLSA-200407-16, OpenVAS NASLs, and NVD/NVD-style listings) corroborate that CAN-2004-0496 conc...
CVE-2005-3272
CVE-2005-3272 affects the Linux kernel prior to 2.6.12. The issue lets remote attackers poison the bridge forwarding table with frames that have already been dropped by filtering, causing the bridge to forward spoofed packets. The vulnerability stems from how bridge/frame filtering handling inter...
CVE-2005-4605
CVE-2005-4605 concerns the Linux kernel procfs implementation. A signedness error in the proc_misc.c code (pre-2.6.15) allows a local attacker to read sensitive kernel memory by manipulating a signed value added to an unsigned value, disclosed via /proc interactions. Public reports document the a...
CVE-2006-1052
CVE-2006-1052 affects SELinux ptrace logic in SELinux for Linux 2.6.6. It allows local users with ptrace permissions to change the tracer SID to the SID of another process (local privilege impact). Public advisories (e.g., Debian DSA-1184-1/DSA-1184-2 and RHSA-2006:0575) indicate kernel updates m...
CVE-2006-5751
CVE-2006-5751 concerns the Linux kernel (pre-2.6.18.4) where an integer overflow in get_fdb_entries (net/bridge/br_ioctl.c) allows a local user to trigger arbitrary code execution by supplying a large maxnum in an ioctl. The issue is rooted in kernel networking bridge ioctl handling and could ena...
CVE-2006-5823
CVE-2006-5823 is a Linux kernel issue affecting the cramfs file system in 2.6.x where malformed compressed data can trigger memory corruption, leading to a local-denial crash. Connected advisories (RHSA-2007:0436, RHSA-2007:0014, and corresponding openvas entries) enumerate the cramfs memory corr...
CVE-2006-6058
CVE-2006-6058 affects the Linux kernel 2.6.x up to 2.6.24 (including 2.6.18). Local users can cause a denial of service (hang) via a malformed minix file stream that triggers an infinite loop in minix_bmap. The issue may involve an integer overflow or signedness error. The documented fix is a ker...
CVE-2007-3731
CVE-2007-3731 affects the Linux kernel 2.6.20/2.6.21. The vulnerability arises from handling an invalid LDT segment selector in %cs during ptrace single-step operations, enabling a local user to trigger a NULL pointer dereference and an OOPS, via PTRACE_SETREGS and PTRACE_SINGLESTEP (TRACE_IRQS_O...
CVE-2008-3527
CVE-2008-3527 affects the Linux kernel (arch/i386/sysenter/vDSO). The vulnerability stems from missing boundary checks in vDSO install_special_mapping, syscall, and syscall32_nopage in the Linux kernel prior to 2.6.21, permitting local users to gain privileges or cause a denial of service. Affect...
CVE-2009-2691
CVE-2009-2691 affects the Linux kernel (2.6.30.4 and earlier) via the mm_for_maps path in fs/proc/base.c, allowing a local attacker to read maps and smaps files under /proc during ELF loading for a setuid process, due to a race condition. Impact is information exposure (maps/smaps); exploitation ...
CVE-2009-3624
CVE-2009-3624 affects the Linux kernel KEYS subsystem. The get_instantiation_keyring function in security/keys/keyctl.c fails to properly maintain the reference count of a keyring when a keyring is not specified by ID, enabling a local attacker to gain privileges or trigger a denial of service (O...
CVE-2010-4076
CVE-2010-4076 affects Linux kernel 2.6.36.1 and earlier. The rs_ioctl function in drivers/char/amiserial.c does not initialize a structure member, enabling local users to read potentially sensitive information from kernel stack memory via TIOCGICOUNT. A fix is to apply the kernel update that addr...
CVE-2011-1474
CVE-2011-1474 affects pax-linux versions 2.6.32.33-test79.patch, 2.6.38-test3.patch, and 2.6.37.4-test14.patch. The root cause is a bad bounds check in arch_get_unmapped_area_topdown triggered by mmap after a MAP_GROWSDOWN mmap, which can loop indefinitely and not release the VM semaphore, potent...
CVE-2011-1479
CVE-2011-1479 : A double-free in the Linux kernel’s inotify subsystem (kernel versions before 2.6.39) allows local users to crash the system via paths involving failed file creation. The issue stems from an incorrect fix related to CVE-2010-4250. Affected product: Linux kernel; vulnerability type...
CVE-2013-3234
The vulnerability CVE-2013-3234 affects the Linux kernel’s rose_recvmsg function (net/rose/af_rose.c) prior to 3.9-rc7. It does not initialize a certain data structure, allowing local attackers to read sensitive information from kernel stack memory via crafted recvmsg/recvfrom calls. The issue im...
CVE-2013-3235
Mitigation-ready summary for CVE-2013-3235: In the Linux kernel, net/tipc/socket.c prior to 3.9-rc7 does not initialize a certain data structure and a length variable, enabling local attackers to read sensitive data from kernel stack memory via crafted recvmsg/recvfrom. Affected scenario is local...
CVE-2013-7027
The CVE-2013-7027 entry concerns the Linux kernel vulnerability in the ieee80211_radiotap_iterator_init function (net/wireless/radiotap.c) prior to 3.11.7. The issue is that the code does not validate whether a frame contains data outside of the header, which may allow an attacker to trigger a de...
CVE-2014-2039
CVE-2014-2039 affects the Linux kernel on s390 where arch/s390/kernel/head64.S mishandles attempts to use the linkage stack, enabling local users to crash the system (denial of service) by executing a crafted instruction. The linked Nessus/MiracleUnity/EulerOS advisories confirm the issue exists ...
CVE-2014-9895
Technical details for CVE-2014-9895 are not publicly available in the provided documents. The materials reference an information disclosure in media-device.c but do not specify affected versions, root cause, impact, or fixes within this corpus. Monitor for updates.
CVE-2017-0537
CVE-2017-0537 affects Android kernels with Kernel-3.18 and relates to the USB gadget driver. It enables a local attacker to disclose data outside their permissions after compromising a privileged process. Impact: partial confidentiality. No public fixes or remediation details are provided in the ...
CVE-2017-12168
CVE-2017-12168 affects the Linux kernel (arch/arm64) in the KVM subsystem, where the access_pmu_evcntr function in arch/arm64/kvm/sys_regs.c allows a privileged KVM guest OS user to trigger a denial of service (assertion failure and host crash) by reading the Performance Monitors Cycle Count Regi...
CVE-2021-47189
CVE-2021-47189 relates to a Linux kernel issue in btrfs memory ordering between normal and ordered work functions. Ordered work may be processed by a different thread than normal work; synchronization relied on WORK_DONE_BIT, but existing bitops did not guarantee ordering. Affected behavior obser...
CVE-2021-47209
The CVE-2021-47209 issue affects the Linux kernel’s scheduler, specifically sched/fair with the cfs_rq handling. A use-after-free of a cfs_rq occurs when a dying task group is unlinked or partially unlinked while a concurrent timer/race (tg_unthrottle_up via sched_cfs_period_timer) can re-add cfs...
CVE-2021-47277
CVE-2021-47277 affects the Linux kernel KVM path for guest memory translation. The issue arises when speculative execution may use an invalid guest frame number (gfn) to compute an out-of-bounds host virtual address (hva) in __gfn_to_hva_memslot, enabling a potential two-read Spectre gadget where...
CVE-2021-47330
CVE-2021-47330 affects the Linux kernel, specifically the tty: serial: 8250 driver. The vulnerability arises from a memory leak in error handling: in the probe path, if the final serial_config() call fails, the allocated info structure is not freed. A fix was added to provide a proper resource ha...
CVE-2021-47333
CVE-2021-47333 (Linux kernel) affects the misc: alcor_pci path. In configurations where a device is connected directly to the root complex, bus->self (bridge) can be NULL, leading to priv->parent_pdev being NULL. The vulnerability stems from alcor_pci_init_check_aspm(priv->parent_pdev) r...
CVE-2021-47351
CVE-2021-47351 relates to UBIFS in the Linux kernel, where race conditions between xattr_set/get and listxattr could cause assertion failures, memory corruption, or stale xattr values. The fix adds a new rw-lock in ubifs_inode to serialize write operations on xattrs while allowing concurrent read...
CVE-2021-47406
The CVE-2021-47406 issue affects the Linux kernel ext4: ext4_ext_replay_set_iblocks() path. If ext4_map_blocks() fails on a corrupted filesystem, ext4_ext_replay_set_iblocks() can loop infinitely, observed with inline_data and fast_commit (generic/526). The stack trace and warning show the path t...
CVE-2021-47414
Summary: CVE-2021-47414 concerns a Linux kernel vulnerability on RISCV (SiFive HiFive Unmatched) where ftrace patching may trigger an illegal instruction due to icache/dcache synchronization across CPUs. The root cause is that icache of the current CPU is not flushed before other CPUs are asked t...
CVE-2021-47446
CVE-2021-47446 concerns the Linux kernel DRM MSM MSM A4XX GPU driver. The vulnerability arises from improper error handling in a4xx_gpu_init(): it returns 1 on error instead of a negative error code, causing an Oops in the caller. Additionally, the code path checks ret != -ENODATA, which cannot b...
CVE-2021-47450
CVE-2021-47450 affects the Linux kernel KVM on arm64. The issue was a mismanaged refcounting of stage-2 PGD pages in protected mode: the host stage-2 PGD is treated as a single compound page, which could cause tail page refcounts to drop to zero and corrupt the page-table. The fix adds hyp_split_...
CVE-2021-47463
CVE-2021-47463 concerns a Linux kernel NULL pointer dereference in mm/secretmem during GUP operations. The issue arises from dereferencing page->mapping without ensuring it is non-NULL as a page mapping can be nulled while gup() runs (e.g., by reclaim or truncation). A fix was implemented to ...