14403 matches found
CVE-2025-38059
The CVE-2025-38059 entry documents a Linux kernel data integrity issue in btrfs: when using rescue=idatacsums, scrub can trigger a NULL pointer dereference due to not loading the csum tree. Concrete root cause: scrub path may call btrfs_search_slot() on a NULL pointer because the NO_DATA_CSUMS fl...
CVE-2025-38192
The CVE-2025-38192 issue is in the Linux kernel. A NAT46/ingress BPF path could flip packet SKB protocols without clearing dst, leading to a NULL pointer dereference in ip6_rcv_core when an IPv4 multicast path loops back and IP6 processing runs with a stale IPv4 dst. The fix, described in the adv...
CVE-2025-38283
CVE-2025-38283 : In the Linux kernel, a bug in the hisi_acc_vfio_pci live migration path could cause a NULL data address during device data migration when the VF device driver is not loaded in the guest. This leads to access errors on the destination during live migration recovery. The fix disabl...
CVE-2025-38334
In CVE-2025-38334, the Linux kernel SGX path could reclaim EPC pages that are poisoned. Root cause: epc_page->poison is set during memory failure but the reclaimer logic does not check it, so poisoned EPC pages could be reclaimed and written out with EWB microcode operations, risking enclosure...
CVE-2025-38362
The CVE-2025-38362 issue is in the Linux kernel’s DRM AMD display path. The function get_first_active_display() could return NULL when the display list is empty, and mod_hdcp_hdcp1_enable_encryption() did not check this return value, risking a NULL pointer dereference in mod_hdcp_hdcp2_enable_enc...
CVE-2025-38384
CVE-2025-38384 affects the Linux kernel’s MTD spinand/ECC engine path. The root cause is a memory leak where ECC engine configuration memory allocated during ECC init is not released during spinand cleanup. The leak trace shows kmemleak reporting an unreferenced object during spinand probe/init p...
CVE-2025-38441
CVE-2025-38441 affects the Linux kernel netfilter flowtable nf_flow_pppoe_proto() where the Ethernet header was not accounted for in PPPoE offload logic, leading to potential use of uninitialized data (KMSAN). The vulnerability is locally exploitable; CVSS 3.1/AV:L/AC:L/PR:L/UI:N/S:U/I:N/A:H with...
CVE-2025-38460
The Astra Linux bulletin confirms CVE-2025-38460 in the Linux kernel: atm: clip: Fix potential null-ptr-deref in to_atmarpd(). The vulnerability arises because to_atmarpd() can be invoked without the RTNL lock, and clip_neigh_solicit() / neigh_ops->solicit() are unsleepable, with no RTNL depen...
CVE-2006-1052
CVE-2006-1052 affects SELinux ptrace logic in SELinux for Linux 2.6.6. It allows local users with ptrace permissions to change the tracer SID to the SID of another process (local privilege impact). Public advisories (e.g., Debian DSA-1184-1/DSA-1184-2 and RHSA-2006:0575) indicate kernel updates m...
CVE-2006-4814
CVE-2006-4814 is a mincore-related Linux kernel vulnerability restricted to older kernels (before 2.4.33.6) where access to user space was not properly locked, potentially causing a system hang (deadlock). Public sources in connected advisories confirm this CVE as part of multiple kernel updates,...
CVE-2006-5823
CVE-2006-5823 is a Linux kernel issue affecting the cramfs file system in 2.6.x where malformed compressed data can trigger memory corruption, leading to a local-denial crash. Connected advisories (RHSA-2007:0436, RHSA-2007:0014, and corresponding openvas entries) enumerate the cramfs memory corr...
CVE-2006-6054
The CVE-2006-6054 issue affects the Linux kernel 2.6.x ext2 file system code, where a malformed ext2 stream can cause ext2_check_page to crash due to a length smaller than the minimum, enabling a local denial of service. Several connected advisories indicate this flaw was fixed in kernel updates ...
CVE-2006-6058
CVE-2006-6058 affects the Linux kernel 2.6.x up to 2.6.24 (including 2.6.18). Local users can cause a denial of service (hang) via a malformed minix file stream that triggers an infinite loop in minix_bmap. The issue may involve an integer overflow or signedness error. The documented fix is a ker...
CVE-2007-0771
CVE-2007-0771 concerns the Linux kernel utrace support (notably in 2.6.18 and related 2.6.x lines) where local attackers can trigger a DoS via a race/spin failure between utrace_attach and related code paths when using ptrace (as exemplified by the ptrace-thrash scenario). The vulnerability manif...
CVE-2007-3731
CVE-2007-3731 affects the Linux kernel 2.6.20/2.6.21. The vulnerability arises from handling an invalid LDT segment selector in %cs during ptrace single-step operations, enabling a local user to trigger a NULL pointer dereference and an OOPS, via PTRACE_SETREGS and PTRACE_SINGLESTEP (TRACE_IRQS_O...
CVE-2008-0001
CVE-2008-0001 affects the Linux kernel: VFS in kernels before 2.6.22.16 and 2.6.23.x before 2.6.23.14 tests access permissions using the flag variable instead of the acc_mode flag, potentially allowing a local, unprivileged user to bypass file-write permissions and remove directories. The issue i...
CVE-2008-3833
CVE-2008-3833 affects the Linux kernel up to version 2.6.18 (vulnerable in 2.6.18 and earlier) where generic_file_splice_write in fs/splice.c does not properly strip setuid/setgid bits on writes via splice to a file. This allows local users to gain privileges of a different group or access sensit...
CVE-2009-0748
CVE-2009-0748 affects the Linux kernel: ext4_fill_super in fs/ext4/super.c fails to validate the superblock configuration, enabling a local attacker to trigger a NULL pointer dereference/OOPS when mounting a crafted ext4 filesystem. Impact is local denial of service. Affected ranges: Linux kernel...
CVE-2009-0835
Summary (CVE-2009-0835) in the Linux kernel (2.6.28.7 and earlier on x86_64) describes a local privilege issue within the seccomp filter. The __secure_computing function does not correctly handle calls where a 32‑bit process makes a 64‑bit syscall or a 64‑bit process makes a 32‑bit syscall, allow...
CVE-2009-3722
CVE-2009-3722 affects the Linux kernel KVM subsystem, specifically the x86 VMX path where the handle_dr function in arch/x86/kvm/vmx.c does not properly verify the Current Privilege Level before accessing a debug register. This allows a guest OS user to trigger a denial-of-service (trap) on the h...
CVE-2011-1479
CVE-2011-1479 : A double-free in the Linux kernel’s inotify subsystem (kernel versions before 2.6.39) allows local users to crash the system via paths involving failed file creation. The issue stems from an incorrect fix related to CVE-2010-4250. Affected product: Linux kernel; vulnerability type...
CVE-2011-3593
CVE-2011-3593 : The Linux kernel 2.6.32 on Red Hat Enterprise Linux 6 is affected by a vulnerability in the VLAN patch within net/8021q/vlan_core.c (vlan_hwaccel_do_receive). This enables remote attackers to cause a denial of service (system crash) via priority-tagged VLAN frames. Connected advis...
CVE-2012-2119
CVE-2012-2119 : A buffer overflow in the Linux kernel macvtap device driver (before 3.4.5) can be triggered in certain configurations by a long descriptor with a long vector length, enabling privileged KVM guest users to crash the host (DoS). Affected component: macvtap driver in the Linux kernel...
CVE-2013-0217
The CVE-2013-0217 entry concerns memory leakage in the Linux kernel Xen netback driver (drivers/net/xen-netback/netback.c). The issue affects the Xen netback functionality in Linux kernel versions prior to 3.7.8, enabling a guest OS user to trigger error conditions that lead to memory exhaustion ...
CVE-2016-9754
CVE-2016-9754 affects the Linux kernel’s ring_buffer_resize in the profiling subsystem, where integer calculations in ring_buffer.c before 4.6.1 allow a local user to gain privileges by writing to /sys/kernel/debug/tracing/buffer_size_kb. The issue is fixed in kernel 4.6.1 and later. Affected pro...
CVE-2021-47143
CVE-2021-47143 affects the Linux kernel net/smc subsystem. The root cause was missing cleanup when a smcd_dev device_add() failed, leaving the device in smcd_dev_list and later freeing it, causing a corrupted list. The fix adds error handling to remove the device from the list on device_add() fai...
CVE-2021-47152
CVE-2021-47152 concerns a Linux kernel vulnerability in the MPTCP data path that can cause data stream corruption. The root cause is that mptcp_frag_can_collapse_to() could reuse memory fragments when non-MPTCP protocols allocate page fragments, leading to corruption of mptcp_data_frag. The fix, ...
CVE-2021-47209
The CVE-2021-47209 issue affects the Linux kernel’s scheduler, specifically sched/fair with the cfs_rq handling. A use-after-free of a cfs_rq occurs when a dying task group is unlinked or partially unlinked while a concurrent timer/race (tg_unthrottle_up via sched_cfs_period_timer) can re-add cfs...
CVE-2021-47248
CVE-2021-47248 (Linux kernel) : The vulnerability involves a race between close() and udp_abort() in UDP, where both racing functions acquire the socket lock but udp{v6}_destroy_sock() releases it before performing destructive actions. The fix uses the SOCK_DEAD flag to prevent udp_abort from act...
CVE-2021-47329
CVE-2021-47329 affects the Linux kernel driver for Megaraid SAS (scsi: megaraid_sas). The issue is a resource leak: if probe fails during PCI device initialization, resources allocated by scsi_add_host() or megasas_start_aen() are not fully cleaned up, potentially leaving allocated resources unre...
CVE-2021-47371
CVE-2021-47371 affects the Linux kernel where memory leaks occur in the nexthop notification chain listeners. The issue arises during reload flows (e.g., mlxsw unregistration and netdev/nexthop notification handling) where some nexthop delete notifications may be skipped for certain netdevs, caus...
CVE-2021-47406
The CVE-2021-47406 issue affects the Linux kernel ext4: ext4_ext_replay_set_iblocks() path. If ext4_map_blocks() fails on a corrupted filesystem, ext4_ext_replay_set_iblocks() can loop infinitely, observed with inline_data and fast_commit (generic/526). The stack trace and warning show the path t...
CVE-2021-47463
CVE-2021-47463 concerns a Linux kernel NULL pointer dereference in mm/secretmem during GUP operations. The issue arises from dereferencing page->mapping without ensuring it is non-NULL as a page mapping can be nulled while gup() runs (e.g., by reclaim or truncation). A fix was implemented to ...
CVE-2021-47578
CVE-2021-47578 impacts the Linux kernel. The vulnerability stems from the scsi_debug path calling memory allocation with a zero size: if size == 0, kcalloc() returns ZERO_SIZE_PTR, which can break a following NULL-pointer check. The fix is to return early (do not call kcalloc()) when the size arg...
CVE-2021-47586
The CVE-2021-47586 entry relates to the Linux kernel net: stmmac: dwmac-rk driver. KASAN reported an out-of-bounds read in rk_gmac_setup due to iterating over a flexible array member (regs) with a loop (while (ops->regs[i]) that reads past the ops structure on platforms where the array is empt...
CVE-2021-47610
CVE-2021-47610: In the Linux kernel, a NULL pointer dereference in the DRM MSM GEM submit path (msm_ioctl_gem_submit) could trigger a kernel panic (Oops) and crash the system. The vulnerability arises from dereferencing a NULL in msm_ioctl_gem_submit, leading to a trace via kref_put and drm ioctl...
CVE-2021-47640
CVE-2021-47640 describes a Linux kernel vulnerability in the powerpc/KASAN pathway where the shadow page table was not updated correctly when PTE_RPN_SHIFT = 24 and PAGE_SHIFT = 12. The issue caused false positives and false negatives in KASAN reports (vmalloc-out-of-bounds in pcpu_alloc) and was...
CVE-2021-47658
CVE-2021-47658 affects the Linux kernel DRM/AMD/PM component. The issue is a memory leak where gpu_metrics_table is allocated in renoir_init_smc_tables() but not freed in smu_v12_0_fini_smc_tables(), as described in the provided entries. Impact details are limited to a potential memory leak with ...
CVE-2022-2327
CVE-2022-2327 affects the Linux kernel io_uring path: use of work_flags to determine identity for IORING_OP may cause missing types, leading to incorrect reference counts and a double free. The primary public advisory notes the root cause is in the kernel io_uring identity handling and recommends...
CVE-2022-48690
Insight : CVE-2022-48690 refers to a Linux kernel fix in the ice driver for a DMA mappings leak when reallocating RX buffers while changing ring parameters. The leak occurred because kfree on rx_buf freed DMA mappings that were still active, leading to leaked DMA mappings during buffer substituti...
CVE-2022-48715
CVE-2022-48715 is a Linux kernel vulnerability related to the SCSI driver bn x2fc. The issue stems from bnx2fc_recv_frame() modifying per-CPU lport stats counters in a non-MP-safe way, which could occur in a preemptible context when SMP features are enabled. The resolved fix restores the old get_...
CVE-2022-48810
In CVE-2022-48810, the Linux kernel fixes a RTNL lock handling issue in IPv4/IPv6 multicast code: ipmr and ip6mr_free_table() could be called on the failure path without proper RTNL protection. The patch ensures RTNL is held before freeing mroute tables, preventing an assertion failure observed i...
CVE-2022-48814
CVE-2022-48814 affects the Linux kernel DSA seville driver (VSC9959) where mdiobus was allocated/registered with devres. The root cause is a devres interaction causing mdiobus to be freed without prior unregistration, leading to mdiobus_free() panics when invoked from devm_mdiobus_free(). The pro...
CVE-2022-48902
CVE-2022-48902 is a Linux kernel issue in the btrfs extent_io path where a warned-on condition could occur when a page with PageError is encountered during extent buffer ops. The vulnerability arises from using assert_eb_page_uptodate() on non-uptodate pages, potentially exposing instability warn...
CVE-2022-48916
CVE-2022-48916 affects the Linux kernel IOMMU VT-d path when enabling Volume Management Device (VMD) in scalable mode. The issue manifests as a kernel panic during boot (Eagle Stream/Sapphire Rapids), traced to a double list_add in the VMD/IOMMU enable path. The connected documents reference upst...
CVE-2022-48923
CVE-2022-48923 (Linux kernel) affects btrfs: the bug arises in the LZO decompression path (btrfs/lzo.c) where a compressed length may be corrupted to exceed allocated memory, causing a out-of-bounds write in copy_compressed_segment and potentially a general protection fault. Affected code path is...
CVE-2022-48935
CVE-2022-48935 is a Linux kernel flaw in netfilter nf_tables where flowtable hooks were not unregistered on net namespace exit, causing a use-after-free (KASAN) in nf_hook_entries_grow. The issue arises when nf_tables_flowtable_destroy() does not unregister hooks promptly, leading to UAF in flowt...
CVE-2022-48941
CVE-2022-48941 pertains to the Linux kernel ice driver, where a race between VF reset and removal could lead to memory corruption or panics. The root cause was a driver-state flag change that caused the PF to stop responding to VF messages during teardown, allowing a VF to remove DMA memory befor...
CVE-2022-49054
The CVE-2022-49054 entry concerns the Linux kernel, specifically the Hyper-V vmbus driver. A fix was applied to deactivate sysctl_record_panic_msg by default in isolated guests because hv_panic_page may reveal guest-sensitive information when dumped to Hyper-V. The change also updates comments in...
CVE-2022-49200
CVE-2022-49200 (Linux kernel): A bug in Bluetooth btmtksdio handling caused a kernel oops when btmtksdio_interrupt ran before sdio_set_drvdata was initialized. The issue happened because hdev->power_on could be queued and execute prior to sdio_set_drvdata being filled during btmtksdio_probe, a...