13804 matches found
CVE-2024-57928
CVE-2024-57928 (Linux kernel) : The vulnerability is in netfs buffered reads. When netfs_read_to_pagecache() encounters an error from either ->prepare_read() or netfs_prepare_read_iterator(), it must decrement ->nr_outstanding, cancel the subrequest, and break the issuing loop. The patch fi...
CVE-2025-22082
CVE-2025-22082 affects the Linux kernel IIO subsystem: iio_backend_debugfs_write_reg() could pass an uninitialized stack buffer to sscanf() due to missing NULL termination. The root cause is a stack buffer not guaranteed to be 0-initialized, leading to potential uncontrolled reads. The vulnerabil...
CVE-2025-22100
CVE-2025-22100 affects the Linux kernel's DRM panthor path. The root cause is a race condition during gathering fdinfo group samples caused by insufficient protection when accessing groups with an xarray lock, which could lead to a use-after-free . The issue was fixed by the kernel commit e16635d...
CVE-2025-22110
CVE-2025-22110 affects the Linux kernel nfnetlink_queue path under netfilter. The vulnerability arises because a local message buffer ctx (lsmctx) could be read/used before proper initialization in nfqnl_build_packet_message(), since initialization occurs only after nfqnl_get_sk_secctx(). The pat...
CVE-2025-23154
CVE-2025-23154 concerns the Linux kernel’s io_uring path. The issue arises from io_req_post_cqe being used for non-multishot requests, enabling abuse via a send bundle in io_uring/net. The fix adds a flag to indicate whether a request will post multiple CQEs; multishot (REQ_F_APOLL_MULTISHOT) sem...
CVE-2025-37751
Concrete details found: CVE-2025-37751 affects the Linux kernel in x86/cpu handling of the AMD erratum table (erratum_1386_microcode). The issue arose when the NULL array terminator at the end of the table was removed during the switch from x86_cpu_desc to x86_cpu_id, causing readers to run off t...
CVE-2025-37816
Technical details for CVE-2025-37816 are not publicly available in the provided documents. Monitor for updates.
CVE-2025-37837
CVE-2025-37837 addresses warnings in the Linux kernel: iommu/tegra241-cmdqv dmam_free_coherent() warnings during SMMU rollback and a memory-usage warning (128 pages) from free_contig_range, traced to devres-managed LVCMDQ resources freed by devm_action_release. The fix removes the unwind path in ...
CVE-2025-38062
Summary of CVE-2025-38062: The Linux kernel vulnerability affects the MSI/IOMMU path used for translating MSI addresses. The root cause is a use-after-free-like risk due to storing a cookie pointer (IOVA) in the MSI descriptor across two stages of MSI address translation, which can be race-condit...
CVE-2025-38146
CVE-2025-38146 affects the Linux kernel net/openvswitch MPLS parsing. The issue can cause a dead loop when MPLS label stacks wrap, with a UBSAN array-index-out-of-bounds (index -1) in key_extract_l3l4 and related stack traces, potentially leading to soft lockup/CPU stall. A fix for the MPLS parse...
CVE-2025-38348
The CVE-2025-38348 issue is in the Linux kernel wifi driver for the Intersil p54 interface. A malicious USB device could cause a buffer over-read in p54_rx_eeprom_readback() by tampering v1/v2 eeprom length fields, potentially crashing the host. A patch was applied to store the eeprom size in the...
CVE-2025-38369
CVE-2025-38369 affects the Linux kernel DMA engine idxd path. Under certain container configurations running IDXD workloads with /dev mounted can trigger a call trace or kernel panic when the parent process of the container is terminated. Root cause described: Docker’s mount replication propagati...
CVE-2025-38386
The CVE-2025-38386 entry relates to ACPICA in the Linux kernel. Root cause: AML/ACPICA could crash via use-after-free when a platform firmware update increased method parameter counts and callers weren’t updated. Fix: ACPICA now refuses to evaluate a method if the caller passes fewer arguments th...
CVE-2025-38445
CVE-2025-38445 covers a Linux kernel issue in md/raid1 where raid1_reshape allocated a mempool on the stack and assigned it to conf->r1bio_pool, causing conf->r1bio_pool.wait.head to reference a stack address. Subsequent access in raid1_read_request/raid1_write_request paths could trigger a...
CVE-2025-38464
CVE-2025-38464 affects the Linux kernel Tipc subsystem. The issue is a use-after-free in tipc_conn_close() that can occur when tipc_topsrv_stop() iterates tipc_net(net)->topsrv->conn_idr and calls tipc_conn_close() for each tipc_conn after releasing the IDR lock. If tipc_conn_recv_work() is...
CVE-2026-31685
The connected Red Hat/SUSE/NVD entries confirm CVE-2026-31685 affects the Linux kernel netfilter component ip6t_eui64. The root cause is that eui64_mt6() derives a modified EUI-64 from the Ethernet source and compares it with the IPv6 low 64 bits, but the existing guard only rejects an invalid MA...
CVE-2026-46195
The CVE-2026-46195 entry concerns a Linux kernel SMB client vulnerability. 32-bit servers can supply a crafted dacloffset that wraps a DACL pointer, allowing dereferencing of DACL fields during chmod/chown if validated only after pointer arithmetic. The flaw occurs in parse_sec_desc(), build_sec_...
CVE-2003-0462
CVE-2003-0462 is a race condition in the Linux 2.4 kernel where env_start/env_end pointers used by the execve path (fs/proc/base.c) can lead to a local denial of service (kernel crash). Documented for several 2.4.x architectures (notably i386/alpha) and tracked in multiple advisories (e.g., Debia...
CVE-2004-0496
The CVE-2004-0496 entry refers to multiple local vulnerabilities in the Linux kernel 2.6, distinct from CVE-2004-0495, discovered via Sparse. Connected sources (Gentoo GLSA advisories GLSA-200407-02 and GLSA-200407-16, OpenVAS NASLs, and NVD/NVD-style listings) corroborate that CAN-2004-0496 conc...
CVE-2005-2490
CVE-2005-2490 describes a stack-based buffer overflow in the Linux kernel 2.6 sendmsg() path prior to 2.6.13.1. Local users could cause arbitrary code execution by calling sendmsg and altering message contents in another thread. Public sources in the connected documents corroborate the vulnerabil...
CVE-2006-1052
CVE-2006-1052 affects SELinux ptrace logic in SELinux for Linux 2.6.6. It allows local users with ptrace permissions to change the tracer SID to the SID of another process (local privilege impact). Public advisories (e.g., Debian DSA-1184-1/DSA-1184-2 and RHSA-2006:0575) indicate kernel updates m...
CVE-2006-4093
CVE-2006-4093 affects Linux kernel 2.x on PowerPC PPC970: HID0 attention enable at boot time can crash the kernel (denial of service). Vulnerable: 2.6.x up to 2.6.17.9 and 2.4.x up to 2.4.33.1. Exploitation details are not provided in the initial documents, but multiple advisories (e.g., RHSA, SU...
CVE-2006-5823
CVE-2006-5823 is a Linux kernel issue affecting the cramfs file system in 2.6.x where malformed compressed data can trigger memory corruption, leading to a local-denial crash. Connected advisories (RHSA-2007:0436, RHSA-2007:0014, and corresponding openvas entries) enumerate the cramfs memory corr...
CVE-2006-6058
CVE-2006-6058 affects the Linux kernel 2.6.x up to 2.6.24 (including 2.6.18). Local users can cause a denial of service (hang) via a malformed minix file stream that triggers an infinite loop in minix_bmap. The issue may involve an integer overflow or signedness error. The documented fix is a ker...
CVE-2006-7203
CVE-2006-7203 affects the Linux kernel 2.6.20 and earlier, via compat_sys_mount in fs/compat.c. When mounting a smbfs filesystem in compatibility mode (mount -t smbfs), a local user can trigger a NULL pointer dereference (and oops), leading to denial of service. Publicly documented references (RH...
CVE-2007-1861
CVE-2007-1861 affects the Linux kernel prior to 2.6.20.8. The nl_fib_lookup function in net/ipv4/fib_frontend.c can be triggered by NETLINK_FIB_LOOKUP replies, causing infinite recursion and a stack overflow that leads to a kernel panic (denial of service). Open sources in the connected data conf...
CVE-2007-3731
CVE-2007-3731 affects the Linux kernel 2.6.20/2.6.21. The vulnerability arises from handling an invalid LDT segment selector in %cs during ptrace single-step operations, enabling a local user to trigger a NULL pointer dereference and an OOPS, via PTRACE_SETREGS and PTRACE_SINGLESTEP (TRACE_IRQS_O...
CVE-2008-3527
CVE-2008-3527 affects the Linux kernel (arch/i386/sysenter/vDSO). The vulnerability stems from missing boundary checks in vDSO install_special_mapping, syscall, and syscall32_nopage in the Linux kernel prior to 2.6.21, permitting local users to gain privileges or cause a denial of service. Affect...
CVE-2008-3915
CVE-2008-3915 is a buffer overflow in the Linux kernel’s nfsd when NFSv4 is enabled. The issue can allow remote triggering of a denial of service via crafted NFSv4 ACL decoding; affected are kernels older than 2.6.26.4. The Debian/Ubuntu advisories in the connected set reference this CVE among a ...
CVE-2009-2691
CVE-2009-2691 affects the Linux kernel (2.6.30.4 and earlier) via the mm_for_maps path in fs/proc/base.c, allowing a local attacker to read maps and smaps files under /proc during ELF loading for a setuid process, due to a race condition. Impact is information exposure (maps/smaps); exploitation ...
CVE-2009-3624
CVE-2009-3624 affects the Linux kernel KEYS subsystem. The get_instantiation_keyring function in security/keys/keyctl.c fails to properly maintain the reference count of a keyring when a keyring is not specified by ID, enabling a local attacker to gain privileges or trigger a denial of service (O...
CVE-2013-3234
The vulnerability CVE-2013-3234 affects the Linux kernel’s rose_recvmsg function (net/rose/af_rose.c) prior to 3.9-rc7. It does not initialize a certain data structure, allowing local attackers to read sensitive information from kernel stack memory via crafted recvmsg/recvfrom calls. The issue im...
CVE-2014-9914
Summary of CVE-2014-9914 (Linux kernel) : A race condition in ip4_datagram_release_cb within net/ipv4/datagram.c (kernel before 3.15.2) can be exploited by a local user to gain privileges or cause a denial of service (use-after-free) due to incorrect locking assumptions during multithreaded IPv4 ...
CVE-2016-2383
The CVE-2016-2383 vulnerability affects the Linux kernel (kernel/bpf/verifier.c) where, in the backward-jump delta handling, local attackers can craft BPF instructions to read kernel memory. It is exploitable by local users via a crafted packet filter. The issue is present in kernel versions befo...
CVE-2016-9754
CVE-2016-9754 affects the Linux kernel’s ring_buffer_resize in the profiling subsystem, where integer calculations in ring_buffer.c before 4.6.1 allow a local user to gain privileges by writing to /sys/kernel/debug/tracing/buffer_size_kb. The issue is fixed in kernel 4.6.1 and later. Affected pro...
CVE-2017-0537
CVE-2017-0537 affects Android kernels with Kernel-3.18 and relates to the USB gadget driver. It enables a local attacker to disclose data outside their permissions after compromising a privileged process. Impact: partial confidentiality. No public fixes or remediation details are provided in the ...
CVE-2019-19378
Technical details are not provided in the connected documents. CVE-2019-19378 is described as a slab-out-of-bounds write in fs/btrfs/raid56.c for Linux kernel 5.0.21 when mounting crafted images; no patch/version specifics or exploit info are present.
CVE-2021-47189
CVE-2021-47189 relates to a Linux kernel issue in btrfs memory ordering between normal and ordered work functions. Ordered work may be processed by a different thread than normal work; synchronization relied on WORK_DONE_BIT, but existing bitops did not guarantee ordering. Affected behavior obser...
CVE-2021-47200
CVE-2021-47200 is a Linux kernel security issue affecting DRM/GEM objects during mmap via drm_gem_ttm_mmap. The root cause is dropping a gem object's reference on success and subsequently dereferencing after a potential use-after-free if the object’s refcount was 1 on entry to drm_gem_prime_mmap(...
CVE-2021-47230
CVE-2021-47230 affects the Linux kernel KVM on x86. The vulnerability arises from a lack of synchronization between the vCPU SMM flag and the MMU’s SMM flag, so that when RSM is not emulated correctly, KVM can bail out and leave the MMU in an inconsistent state. This misalignment can cause a NULL...
CVE-2021-47270
CVE-2021-47270 entry is rejected/not used; not an active vulnerability.
CVE-2021-47308
CVE-2021-47308 affects the Linux kernel bug in the SCSI libfc code: fc_rport_prli_resp() could index out of bounds. The issue is resolved in the kernel via fixes in the stable/maintained commits listed in the CVE references (e.g., a4a54c54..., 8511293e..., 4921b161...). The CVSSv3.1 base score is...
CVE-2021-47325
CVE-2021-47325 concerns the Linux kernel’s iommu/arm-smmu subsystem. The issue is a refcount leak in arm_smmu_iova_to_phys_hard() where, on several error paths, the refcount of the underlying smmu object, increased by arm_smmu_rpm_get(), is not decremented. The fixed workaround described in the p...
CVE-2021-47330
CVE-2021-47330 affects the Linux kernel, specifically the tty: serial: 8250 driver. The vulnerability arises from a memory leak in error handling: in the probe path, if the final serial_config() call fails, the allocated info structure is not freed. A fix was added to provide a proper resource ha...
CVE-2021-47364
Summary (CVE-2021-47364) The Linux kernel vulnerability in the comedi subsystem affects the 32-bit version of the COMEDI_INSNLIST ioctl when CONFIG_COMPAT is enabled. The issue is a memory leak in compat_insnlist(): memory was allocated to hold a converted array of struct comedi_insn and only fre...
CVE-2021-47406
The CVE-2021-47406 issue affects the Linux kernel ext4: ext4_ext_replay_set_iblocks() path. If ext4_map_blocks() fails on a corrupted filesystem, ext4_ext_replay_set_iblocks() can loop infinitely, observed with inline_data and fast_commit (generic/526). The stack trace and warning show the path t...
CVE-2021-47446
CVE-2021-47446 concerns the Linux kernel DRM MSM MSM A4XX GPU driver. The vulnerability arises from improper error handling in a4xx_gpu_init(): it returns 1 on error instead of a negative error code, causing an Oops in the caller. Additionally, the code path checks ret != -ENODATA, which cannot b...
CVE-2021-47467
CVE-2021-47467: In the Linux kernel, a reference-count leak occurs in the kunit path of kfree_at_end when kunit_alloc_and_get_resource() is invoked. The resource’s refcount is increased but not properly accounted for, leaking a reference in the normal path. The fix replaces kunit_alloc_and_get_re...
CVE-2021-47537
CVE-2021-47537 affects the Linux kernel in the octeontx2-af component, where in rvu_mbox_init() the mbox_regions pointer could be leaked on the switch-default path. The bug was a memory leak due to not freeing or returning the regions, and it is fixed by replacing a plain return err with a goto f...
CVE-2021-47553
The CVE describes a Linux kernel issue (CVE-2021-47553) in the SCS and KASAN shadow stack handling for the idle task during CPU hotplug (bringup_cpu). When a CPU is offline and brought back online, stale KASAN shadow and stale shadow call stack (SCS) state could lead to bogus warnings or leak por...