CVE-2017-16995

CVE-2017-16995 is a sign-extension defect in the Linux kernel's eBPF verifier (kernel/bpf/verifier.c) that can be triggered via BPF syscall, allowing a local user to escalate privileges or affect memory/behavior. Public writeups and Arch security advisories indicate the issue affects kernels prio...

CVE-2022-2588

CVE-2022-2588 affects the Linux kernel's net/sched cls_route filter. The issue arises when the kernel fails to remove an old filter from the hashtable if the filter handle equals 0, potentially enabling local impact. The available connected advisories confirm the root cause in the cls_route path ...

CVE-2018-18955

CVE-2018-18955 affects Linux kernels 4.15.x–4.19.x, with privilege escalation via map_write() in kernel/user_namespace.c when nested user namespaces have more than 5 UID/GID ranges. A user with CAP_SYS_ADMIN in the affected namespace can bypass controls outside the namespace (e.g., read /etc/shad...

CVE-2021-43056

CVE-2021-43056 affects the Linux kernel for POWERPC (Power8) prior to 5.14.15. The root cause is a bug in arch/powerpc/kvm/book3s_hv_rmhandlers.S handling of SRR1 values, which can allow a malicious KVM guest to crash the host (availability impact). The issue is documented across multiple sources...

CVE-2019-15926

CVE-2019-15926 targets the Linux kernel up to version 5.2.2, with an out-of-bounds access in the Marvell/ ath6kl wireless driver: the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx in drivers/net/wireless/ath/ath6kl/wmi.c. The connected Nessus entries confirm the flaw e...

CVE-2019-19767

CVE-2019-19767 affects the Linux kernel prior to 5.4.2, due to mishandling of ext4_expand_extra_isize which can cause use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry (fs/ext4/inode.c and fs/ext4/super.c; CID-4ea99936a163). This is a kernel-level vulnerability impacting ext4-r...

CVE-2019-11599

CVE-2019-11599 is a race-condition vulnerability in the Linux kernel’s core dump path that can leak data or cause DoS due to missing locking around vma layout/flags while core dumps run. Affected components include fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverb...

CVE-2019-20054

CVE-2019-20054 affects the Linux kernel prior to 5.0.6, with a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c (related to put_links, CID-23da9588037e). The fix is included in kernel 5.0.6 (and later). Public exploit details are not provided in the supplied documents. Rec...

CVE-2022-1016

The CVE-2022-1016 entry is confirmed to affect the Linux kernel, specifically the nf_tables_core.c component (function nft_do_chain). The flaw is a use-after-free that can lead to a kernel information leak when a local, unprivileged attacker triggers the condition. Connected sources (Astra Linux ...

CVE-2023-3772

CVE-2023-3772 is a Linux kernel vulnerability in the IPsec XFRM subsystem that allows a local attacker with CAP_NET_ADMIN to dereference a NULL pointer in xfrm_update_ae_params(), potentially crashing the kernel and causing a denial of service. Connected documents confirm the root cause as a NULL...

CVE-2019-19532

CVE-2019-19532 affects the Linux kernel up to 5.3.8, with multiple out-of-bounds write bugs triggered by a malicious USB device in HID drivers (e.g., HID-AXFF, HID-EMSFF, HID-LOGITECH-HIDPP, HID-MICROSOFT, HID-SONY, HID-TMFF, HID-ZPFF, and others). The root cause is out-of-bounds writes in HID dr...

CVE-2020-10690

The CVE-2020-10690 entry affects Linux kernel versions before 5.5. It is caused by a race between the release of ptp_clock and the cdev during resource deallocation, which can free the cdev structure while a high-privileged process holding /dev/ptpX is sleeping. When the underlying device is remo...

CVE-2023-3611

Consolidated details confirm CVE-2023-3611 affects the Linux kernel’s net/sched sch_qfq code. The vulnerability is an out-of-bounds write in qfq_change_agg where lmax is updated based on packet sizes without proper bounds checks, enabling local privilege escalation. The issue is triggered in sch_...

CVE-2019-14896

CVE-2019-14896 concerns a heap-based (and stack) overflow in the Marvell Libertus/Marvell network driver within the Linux kernel (lbs_ibss_join_existing path per initial doc; add_ie_rates in libertas CFG.c per IBM bulletin). Exploitation could enable remote code execution or cause a denial of ser...

CVE-2019-12819

CVE-2019-12819 affects the Linux kernel (pre-5.0) where __mdiobus_register() in drivers/net/phy/mdio_bus.c calls put_device(), triggering a fixed_mdio_bus_init use-after-free and resulting in a denial of service. The connected Nessus/OpenVAS entries replicate this description and note local explo...

CVE-2020-12351

CVE-2020-12351 corresponds to the Linux kernel Bluetooth vulnerability known as BleedingTooth. Exploitation involves Bluetooth L2CAP and related memory handling, with PoCs showing remote code execution from a nearby attacker. Root causes cited in public exploit data include a type-confusion error...

CVE-2019-19063

Concretely affected software: Linux kernel realtek rtlwifi USB driver (rtl_usb_probe in drivers/net/wireless/realtek/rtlwifi/usb.c). Root cause: two memory leaks in rtl_usb_probe() leading to memory exhaustion. Impact: potential denial of service due to unbounded memory consumption (through 5.3.1...

CVE-2021-3653

The CVE-2021-3653 issue affects the KVM hypervisor AMD code dealing with SVM nested virtualization. The root cause is improper validation of the int_ctl field in the VMCB provided by an L1 guest, which could allow a malicious L1 to enable AVIC for an L2 guest. Consequences stated across connected...

CVE-2019-19523

CVE-2019-19523 affects the Linux kernel prior to 5.3.7, where a use-after-free can be caused by a malicious USB device via the drivers/usb/misc/adutux.c driver (CID-44efc269db79). Affected systems include distributions referenced in accompanying advisories (e.g., MiracleLinux 8, Unity Linux 20.x)...

CVE-2019-19068

CVE-2019-19068 affects the Linux kernel Realtek RTL8xxxU USB Wi‑Fi driver (rtl8xxxu_submit_int_urb in rtl8xxxu_core.c, up to 5.3.11). The root cause is a memory leak when usb_submit_urb() fails during interrupt-URB submission, which can lead to DoS via memory consumption. Connected document F5 ad...

CVE-2020-24586

CVE-2020-24586 describes a fragmentation cache issue in the Linux kernel Wi‑Fi stack: received fragments are not cleared from memory on reconnect, enabling an attacker within Wi‑Fi range to inject arbitrary packets or exfiltrate data when fragments encrypted with WEP/CCMP/GCMP are involved. Conne...

CVE-2022-27666

CVE-2022-27666 describes a heap buffer overflow in IPsec ESP transformation code (net/ipv4/esp4.c and net/ipv6/esp6.c) that can allow a local user to overwrite kernel heap objects and may lead to local privilege escalation. Connected advisories confirm kernel patches are available (e.g., AlmaLinu...

CVE-2021-46911

CVE-2021-46911 affects the Linux kernel; the issue is a kernel-panic condition caused by how page refcount is handled during ch_ktls transmit. The documented fix modifies the transmit path to take the tx_ctx lock for the complete skb transmit, preventing page cleanup when an ACK is received mid-t...

CVE-2023-3776

CVE-2023-3776: A use-after-free in Linux kernel net/sched cls_fw can lead to local privilege escalation if an attacker controls the reference counter in tcf_bind_filter and frees the object by setting the counter to zero. The issue stems from fw_set_parms() returning after reference counter adjus...

CVE-2020-10942

CVE-2020-10942 affects Linux kernel pre-5.5.8: vhost-net get_raw_socket fails to validate sk_family in drivers/vhost/net.c, enabling local attackers to induce kernel stack corruption via crafted syscalls, with potential DoS or privilege escalation. The connected doc from ALAS2LIVEPATCH-2020-015 n...

CVE-2021-3655

CVE-2021-3655 is a Linux kernel SCTP vulnerability (present in kernels prior to affected fixes) where missing size validations on inbound SCTP packets may allow reading uninitialized memory. The initial description and connected advisories confirm the issue exists in the Linux kernel SCTP impleme...

CVE-2019-15292

CVE-2019-15292 is a vulnerability in the Linux kernel before 5.0.9 involving a use-after-free in the Appletalk subsystem (atalk_proc_exit), related to the files net/appletalk/atalk_proc.c, net/appletalk/ddp.c, and net/appletalk/sysctl_net_atalk.c. The issue is documented in multiple connected Nes...

CVE-2023-52451

CVE-2023-52451 affects the Linux kernel on POWER architectures, where a bounds check oversight in pseries hot-add/hot-remove memory logic allowed potential out-of-bounds access in the drmem lmb array when a DRC index lookup failed. The issue manifested as a dereference of a cursor pointing past t...

CVE-2020-12352

CVE-2020-12352 corresponds to an issue in the Linux Bluetooth stack (BlueZ) where improper access control may allow an unauthenticated user with adjacent access to trigger information disclosure. The description and connected sources indicate this is a local/adjacent-network risk without user int...

CVE-2020-13143

CVE-2020-13143 affects the Linux kernel USB gadget/configfs (drivers/usb/gadget/configfs.c) from 3.16 to 5.6.13. The flaw arises when gadget_dev_desc_UDC_store uses kstrdup and may encounter an internal NUL value, leading to potential out-of-bounds memory access (reported as heap out-of-bounds wr...

CVE-2020-14351

CVE-2020-14351 is a Linux kernel vulnerability in the perf subsystem that enables a local attacker with perf event access to trigger a use-after-free, potentially corrupt memory and escalate privileges. Public sources in connected advisories describe the vulnerability as a local use-after-free af...

CVE-2021-3679

CVE-2021-3679 affects the Linux kernel tracing subsystem (trace ring buffer) prior to 5.14-rc3. The flaw arises in how a user uses the trace ring buffer, enabling a privileged local attacker (CAP_SYS_ADMIN) to starve CPU resources and cause denial of service. The connected documents consistently ...

CVE-2019-15538

CVE-2019-15538 affects the Linux kernel component fs/xfs/xfs_iops.c: xfs_setattr_nonsize, with the issue present in kernels up to 5.2.9. The vulnerability arises when a chgrp operation fails due to out-of-disk-quota conditions, causing XFS to partially wedge and fail to unlock ILOCK after the xfs...

CVE-2020-25641

CVE-2020-25641 affects the Linux kernel biovecs implementation in the block layer. A zero-length biovec request can cause the kernel to enter an infinite loop, leading to a local denial of service and availability impact. The vulnerability is exploitable by a local attacker with basic privileges ...

CVE-2020-8649

CVE-2020-8649 is a Linux kernel use-after-free in vgacon_invert_region (drivers/video/console/vgacon.c). The vulnerability, reported as CVE-2020-8649, could lead to memory corruption or DoS via the vgacon driver when a virtual terminal is accessed. Public details in Debian security advisories (DL...

CVE-2019-11833

The CVE-2019-11833 vulnerability affects the ext4 filesystem implementation in the Linux kernel (extents.c) where the code path for an extent tree block does not zero out an unused memory region. This could allow a local attacker to read uninitialized kernel memory and disclose information. The i...

CVE-2020-29569

CVE-2020-29569 describes a use-after-free in the Linux kernel PV block backend (blkback) when Xen is used, where the kernel thread handler may not reset ring->xenblkd to NULL if the frontend toggles between connect/disconnect, allowing a misbehaving guest to trigger a dom0 crash. The issue aff...

CVE-2021-21781

CVE-2021-21781 is a local-information-disclosure vulnerability in the Linux kernel’s ARM SIGPAGE handling, where SIGPAGE may not be fully initialised and can leak kernel memory contents when read by a userland process. Affected: Linux kernel ARM SIGPAGE implementation (v5.4.66/v5.4.54) with fixes...

CVE-2023-6176

The connected documents confirm CVE-2023-6176 is a Linux kernel issue in the cryptographic algorithm scatterwalk API. A null pointer dereference can be triggered when a local user constructs a malicious packet with specific socket configuration, potentially crashing the system or enabling privile...

CVE-2020-29374

CVE-2020-29374 affects the Linux kernel and was fixed in 5.7.3. It concerns the get_user_pages (gup) implementation used for copy-on-write pages: when handling read operations, it may grant unintended write access, risking information disclosure or data corruption (COW cross-process leakage). Sev...

CVE-2021-23134

CVE-2021-23134 is a Linux kernel NFC LLCP use-after-free in nfc sockets (pre-5.12.4). The issue arises from refcount handling during bind/connect fixes, enabling a local attacker with CAP_NET_RAW to trigger a crash or memory corruption. A related CVE discussion confirms the fix: after nfc_llcp_lo...

CVE-2019-5489

CVE-2019-5489 affects the Linux kernel mincore() implementation (mm/mincore.c) up to version 4.19.13. It enables a local attacker to observe page cache access patterns of other processes sharing memory, leading to potential information disclosure; the impact is described as partial confidentialit...

CVE-2022-30594

The CVE-2022-30594 issue affects the Linux kernel prior to 5.17.2, where the PTRACE_SEIZE path could bypass the PT_SUSPEND_SECCOMP restrictions and allow a local attacker to bypass seccomp-related restrictions. Connected advisories (Astra Linux, AlmaLinux advisories) confirm the same vulnerabilit...

CVE-2019-19319

CVE-2019-19319 : In the Linux kernel prior to 5.2, a setxattr operation following a mount of a crafted ext4 image can trigger a slab-out-of-bounds write via ext4_xattr_set_entry use-after-free when a large old_size is used in memset in fs/ext4/xattr.c. This is an information disclosure/DoS risk p...

CVE-2020-29660

This CVE (CVE-2020-29660) affects the Linux kernel tty subsystem, specifically in drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c, where a locking inconsistency can enable a local attacker to perform a read-after-free against TIOCGSID. Consequences stated in multiple advisories include memory ...

CVE-2023-4133

CVE-2023-4133 affects the Linux kernel cxgb4 driver; root cause is a use-after-free during detachment when flower_stats_timer is rearmed on the work queue, which can cause local denial of service by crashing the system. The MiracleLinux advisory AXSA:2024-8139:15 references CVE-2023-4133 among af...

CVE-2024-56548

CVE-2024-56548 affects the Linux kernel’s hfsplus handling. The root cause is changing device logical block sizes (e.g., via LOOP_SET_BLOCK_SIZE) that can cause a write of out-of-bounds data when hfsplus_read_wrapper calls hfsplus_submit_bio. The fix introduces a new min_io_size, set to the max o...

CVE-2020-10767

CVE-2020-10767 affects the Linux kernel before 5.8-rc1, where Enhanced IBPB mitigation is disabled when STIBP is unavailable or when IBRS is available, enabling a Spectre V2–style attack on local confidentiality. Connected advisories confirm Linux kernel mitigations (IBPB/SSBD) and note a patched...

CVE-2019-15220

CVE-2019-15220 affects the Linux kernel prior to 5.2.1 and involves a use-after-free in the p54usb.c driver caused by a malicious USB device. The issue can lead to a denial of service via kernel memory corruption when a vulnerable USB device is connected to drivers/net/wireless/intersil/p54. The ...

CVE-2022-42703

CVE-2022-42703 affects the Linux kernel prior to 5.19.7 via a use-after-free in leaf anon_vma double reuse in mm/rmap.c. This enables local escalation of privilege (per CVSS: LOCAL, HIGH availability impact, LOW complexity, no user interaction). Upstream fixes were applied in kernel 5.19.7 (see C...