14403 matches found
CVE-2011-1581
CVE-2011-1581 affects the Linux kernel bonding driver (drivers/net/bonding/bond_main.c). When a network device with many receive queues is installed and the default tx_queues is used, the code fails to properly constrain queue indexes, enabling a remote attacker to cause a denial of service or sy...
CVE-2012-2669
CVE-2012-2669 affects the Linux kernel up to 3.4.5 in hv_kvp_daemon (tools/hv/hv_kvp_daemon.c) where Netlink message origin is not validated, allowing a local user to spoof Netlink communication via a crafted connector message. The issue is addressed by a patch included in Linux kernel 3.4.5 (via...
CVE-2012-3510
CVE-2012-3510 is a Linux kernel use-after-free in xacct_add_tsk (kernel/tsacct.c) affecting versions before 2.6.19. Local users can read potentially sensitive kernel memory or trigger a denial of service via TASKSTATS_CMD_ATTR_PID. Remediation: upgrade to kernel 2.6.19 or newer (or apply backport...
CVE-2013-0309
CVE-2013-0309 affects arch/x86/include/asm/pgtable.h in the Linux kernel prior to 3.6.2 when Transparent Huge Pages are used. The issue: PROT_NONE memory regions are not properly supported, enabling a local user to trigger a denial of service (system crash). The connected Nessus advisories for Un...
CVE-2013-2635
The CVE-2013-2635 issue affects the Linux kernel’s rtnetlink path: rtnl_fill_ifinfo in net/core/rtnetlink.c does not initialize a structure member, enabling a local attacker to read kernel stack memory. The vulnerability is associated with Linux kernel versions prior to 3.8.4; the documented fix ...
CVE-2013-7027
The CVE-2013-7027 entry concerns the Linux kernel vulnerability in the ieee80211_radiotap_iterator_init function (net/wireless/radiotap.c) prior to 3.11.7. The issue is that the code does not validate whether a frame contains data outside of the header, which may allow an attacker to trigger a de...
CVE-2014-7283
The vulnerability CVE-2014-7283 affects the Linux kernel xfs implementation: xfs_da3_fixhashpath in fs/xfs/xfs_da_btree.c fails to compare btree hash values correctly, before 3.14.2. This can allow local users to trigger filesystem corruption and OOPs/panic via operations on directories with hash...
CVE-2014-9895
Technical details for CVE-2014-9895 are not publicly available in the provided documents. The materials reference an information disclosure in media-device.c but do not specify affected versions, root cause, impact, or fixes within this corpus. Monitor for updates.
CVE-2014-9914
Summary of CVE-2014-9914 (Linux kernel) : A race condition in ip4_datagram_release_cb within net/ipv4/datagram.c (kernel before 3.15.2) can be exploited by a local user to gain privileges or cause a denial of service (use-after-free) due to incorrect locking assumptions during multithreaded IPv4 ...
CVE-2016-2383
The CVE-2016-2383 vulnerability affects the Linux kernel (kernel/bpf/verifier.c) where, in the backward-jump delta handling, local attackers can craft BPF instructions to read kernel memory. It is exploitable by local users via a crafted packet filter. The issue is present in kernel versions befo...
CVE-2017-18549
CVE-2017-18549 affects the Linux kernel component drivers/scsi/aacraid/commctrl.c in versions prior to 4.13. The root cause is that aac_send_raw_srb does not initialize the reply structure, which can lead to exposure of kernel stack memory. The connected Nessus entries (Unity Linux advisories) re...
CVE-2018-12633
CVE-2018-12633 affects the Linux kernel up to 4.17.2, where vbg_misc_device_ioctl() in drivers/virt/vboxguest/vboxguest_linux.c double-fetches header data from user input via copy_from_user. A race condition lets a local attacker tamper with hdr.size_in and hdr.size_out between fetches, enabling ...
CVE-2018-5873
The CVE-2018-5873 entry refers to a race-condition induced Use-After-Free in the Linux kernel before 4.11, specifically in __ns_get_path within fs/nsfs.c. This affects the mainline Linux kernel and Android builds derived from CAF for Android kernels (Android for MSM, Firefox OS for MSM, QRD Andro...
CVE-2019-19378
Technical details are not provided in the connected documents. CVE-2019-19378 is described as a slab-out-of-bounds write in fs/btrfs/raid56.c for Linux kernel 5.0.21 when mounting crafted images; no patch/version specifics or exploit info are present.
CVE-2021-47102
CVE-2021-47102 pertains to the Linux kernel marvell prestera code. The issue is a faulty structure access in prestera: upper = info->upper_dev; this field is only valid for specific notifiers (e.g., NETDEV_CHANGEUPPER). For other events, this can read info->upper_dev beyond its valid contex...
CVE-2021-47114
Technical details about CVE-2021-47114 are not publicly provided in the supplied documents. The sources reference the ocfs2 fallocate data corruption fix but do not specify affected versions, root cause specifics, exploit details, or remediation steps beyond the general description. Monitor for u...
CVE-2021-47166
CVE-2021-47166 concerns the Linux kernel NFS code: the value of mirror->pg_bytes_written was updated before a successful flush of requests, risking corruption of pg_bytes_written in nfs_do_recoalesce(). The issue is resolved in the kernel, with the fix described as ensuring pg_bytes_written is...
CVE-2021-47173
CVE-2021-47173 is a Linux kernel issue described in connected advisories as a memory-leak bug in the USB subsystem. Specifically, the probe for the uss720 device (uss720_probe) forgets to decrement the usbdev refcount, leading to a memory leak. The fix recorded in the sources is to release the de...
CVE-2021-47187
CVE-2021-47187 concerns arm64: dts: qcom: msm8998 in the Linux kernel. The issue was a miscalculation of min-residency-us and conflicting idle-time parameters between CPU sleep and L2 power-collapse timings, which could cause SoC instability (random reboots/lockups) when CPU scaling is enabled. A...
CVE-2021-47228
CVE-2021-47228 affects the Linux kernel x86/ioremap code. The issue arises when EFI boot services memory is preserved with efi_mem_reserve() and marked EFI_MEMORY_RUNTIME; under SEV, such memory must be mapped encrypted, otherwise the kernel may crash during boot. The public docs indicate a fix t...
CVE-2021-47270
CVE-2021-47270 entry is rejected/not used; not an active vulnerability.
CVE-2021-47277
CVE-2021-47277 affects the Linux kernel KVM path for guest memory translation. The issue arises when speculative execution may use an invalid guest frame number (gfn) to compute an out-of-bounds host virtual address (hva) in __gfn_to_hva_memslot, enabling a potential two-read Spectre gadget where...
CVE-2021-47331
The CVE-2021-47331 issue affects the Linux kernel usb-conn-gpio path. Root cause: an IDDIG interrupt can occur before charger registration, causing a NULL pointer dereference. Fix: register the power supply before requesting IDDIG/VBUS IRQ to prevent the dereference. Affected scope and exact reme...
CVE-2021-47346
The CVE-2021-47346 entry concerns a Linux kernel vulnerability in coresight’s tmc-etf path. A global-out-of-bounds read (KASAN) occurred in tmc_update_etf_buffer() due to reading barrier_pkt beyond its allocated size after barrier_pkt trailing null removal in a prior patch. The issue is triggered...
CVE-2021-47394
CVE-2021-47394 is a Linux kernel vulnerability in the netfilter nf_tables path: unlinking a table before deleting it could allow a use-after-free. SYZKABAN reports a UAF in memcmp/nlattr/nft_table_lookup paths, with read-accesses occurring on lockless GETs after synchronize_rcu. The documented ro...
CVE-2021-47414
Summary: CVE-2021-47414 concerns a Linux kernel vulnerability on RISCV (SiFive HiFive Unmatched) where ftrace patching may trigger an illegal instruction due to icache/dcache synchronization across CPUs. The root cause is that icache of the current CPU is not flushed before other CPUs are asked t...
CVE-2021-47450
CVE-2021-47450 affects the Linux kernel KVM on arm64. The issue was a mismanaged refcounting of stage-2 PGD pages in protected mode: the host stage-2 PGD is treated as a single compound page, which could cause tail page refcounts to drop to zero and corrupt the page-table. The fix adds hyp_split_...
CVE-2021-47462
CVE-2021-47462 affects the Linux kernel mempolicy/memory policy handling. The root cause was an invalid combination check for MPOL_MODE_FLAGS: MPOL_F_NUMA_BALANCING may only pair with MPOL_BIND, but the check existed only in do_set_mempolicy(). The patch moves this validation into sanitize_mpol_f...
CVE-2021-47467
CVE-2021-47467: In the Linux kernel, a reference-count leak occurs in the kunit path of kfree_at_end when kunit_alloc_and_get_resource() is invoked. The resource’s refcount is increased but not properly accounted for, leaking a reference in the normal path. The fix replaces kunit_alloc_and_get_re...
CVE-2021-47540
CVE-2021-47540 is a Linux kernel vulnerability in the mt7915/mt76 driver stack that causes a NULL pointer dereference when adding an IBSS interface via the mt7915_get_phy_mode path. The issue can trigger a kernel oops (as shown in the crash trace) in the MT7622-based platforms when the driver pro...
CVE-2021-47603
In CVE-2021-47603, the Linux kernel audit subsystem is affected: kauditd_thread() could block when sending audit records if the audit daemon is stopped, allowing the audit backlog to grow beyond limits and potentially cause a deadlock. The referenced patch lowers the kernel thread’s socket send t...
CVE-2022-48642
Summary: CVE-2022-48642 is a Linux kernel vulnerability in netfilter/nf_tables that causes a percpu memory leak in nf_tables_addchain(), linked to nf_chain_offload_priority() error handling. The leak was observed since a prior commit and has been fixed in the kernel by the referenced changes (e.g...
CVE-2022-48646
CVE-2022-48646 affects the Linux kernel; it fixes a NULL pointer dereference in sfc/siena within efx_hard_start_xmit. The patch prevents a potential NULL dereference in the network path, addressing a local-execution vulnerability. The CVSS v3.1 base score is 6.2 (MEDIUM) with LOCAL exploitability...
CVE-2022-48648
Technical details (affected software, versions, root cause, impact, and fixes) for CVE-2022-48648 are not provided in the supplied documents. Monitor vendor advisories and CVE entries for updates.
CVE-2022-48692
CVE-2022-48692 concerns a Linux kernel issue where RDMA/srp code could dereference a NULL scmnd pointer. The vulnerability arises from not guarding scmnd->result when scmnd is NULL, leading to a kernel NULL pointer dereference that was repro'd by blktests srp/007. The connected Astra Linux bul...
CVE-2022-48721
CVE-2022-48721 affects the Linux kernel net/smc: when SMC is used and a fallback to TCP occurs, some waitqueue entries previously inserted into smc_socket->wq may remain. After fallback, data flows over TCP and only clcsock->wq is woken, so applications (e.g., epoll) may miss wakeups for th...
CVE-2022-48809
In CVE-2022-48809, the Linux kernel fixes a memory leak in net handling when uncloning an skb destination and its metadata. The root cause is that the uncloned dst+metadata is initialized with refcount 1 and briefly increased to 2 before attachment, leaving a path where the refcount cannot drop t...
CVE-2022-48823
CVE-2022-48823 affects the Linux kernel SCSI qedf driver. The issue is a refcount bug triggered when a LOGO is received during a TMF, which can cause an I/O to hang in the qedf driver. The provided connected advisories confirm the root cause (refcount during TMF/LOGO) and note that a fix was impl...
CVE-2022-48920
CVE-2022-48920: In the Linux kernel, the btrfs flushoncommit path could trigger a warning in __writeback_inodes_sb_nr() during transaction commits. The fix avoids deadlock risks by replacing writeback_inodes_sb() with try_to_writeback_inodes_sb(), which reads sb->s_umount and only calls writeb...
CVE-2022-49144
CVE-2022-49144 pertains to the Linux kernel io_uring subsystem. The issue stems from a memory-leak when registering files: if there are no files to process in __io_sqe_files_scm(), the code frees resources but forgets to restore the uid, leading to a leak. The connected documents confirm this exa...
CVE-2022-49162
The CVE-2022-49162 issue affects the Linux kernel’s fbdev sm712fb driver. When the sm712fb driver writes three bytes to the framebuffer, it could crash with a page fault due to an endianness fixup path that was open-coded. The fix is to remove the open-coded endianness fixup code (kernel patching...
CVE-2022-49191
Concrete details found: CVE-2022-49191 affects the Linux kernel mxser code path, where xmit_buf leaks in activate() when LSR == 0xff and ->shutdown() is not called on failure, leaving the buffer unfreed. The fix adds a proper free path to a designated label and ensures the code jumps there fro...
CVE-2022-49246
CVE-2022-49246 affects the Linux kernel, specifically ASoC: atmel: snd_proto_probe. The issue is a refcount leak: of_parse_phandle() returns a device_node with refcount incremented, but of_node_put() was only called in the regular path, not in error paths. The fix ensures of_node_put() is called ...
CVE-2022-49270
CVE-2022-49270 : In the Linux kernel, a use-after-free can occur in dm_cleanup_zoned_dev() if it is not called before blk_cleanup_disk() proceeds through its cleanup path (blk_cleanup_disk->blk_cleanup_queue()->kobject_put()->blk_release_queue()->…->blk_free_queue_rcu()). This raci...
CVE-2022-49274
CVE-2022-49274 concerns an ocfs2 quota crash when mounting with quotas enabled in the Linux kernel. The connected Astra Linux entry reproduces the issue and provides the same symptom set and stack trace context. The root cause is that during dqi_gqlock initialization, the related dqi_type and dqi...
CVE-2022-49424
CVE-2022-49424 is a Linux kernel issue in the Mediatek IOMMU driver. The root cause is a NULL pointer dereference when printing dev_name due to larbdev being NULL during probe (mtk_iommu_probe_device). The crash can occur in device_link_add() and is triggered by an incorrect DTS input. The public...
CVE-2022-49427
The CVE pertains to the Linux kernel’s MTK IOMMU driver. After a patch (mtk_iommu_remove) removing clk_disable and relying on a runtime clock-control callback, the clock is now managed by runtime, eliminating the previous disable path. This addresses a warning trace seen when unbinding the MTK IO...
CVE-2022-49435
CVE-2022-49435 concerns the Linux kernel, in the mfd: davinci_voicecodec path. It fixes a potential null-pointer dereference in the davinci_vc_probe() flow if platform_get_resource() returns NULL. The workaround changes the code to use the resource only after devm_ioremap_resource() performs a NU...
CVE-2022-49475
The connected advisories confirm CVE-2022-49475 affects the Linux kernel in the spi-fsl-qspi driver, where a missing check of the resource returned by platform_get_resource_byname() can lead to a NULL pointer dereference. The root cause is not validating the resource handle before use, causing a ...
CVE-2022-49480
Technical details for CVE-2022-49480 are not publicly available in the provided documents; no affected products, root cause, impact, or remediation details are given here. Monitor for updates.