Lucene search
K
LinuxLinux Kernel

14372 matches found

CVE
CVE
added 2025/07/03 8:36 a.m.86 views

CVE-2025-38159

CVE-2025-38159: Linux kernel wifi/rtw88 fix to prevent out-of-bounds read by enlarging the para buffer from 2 to 6 bytes, since code reads data[0]..data[4] in rtw_fw_bt_wifi_control. Affected component is the kernel’s wifi driver, with Svace-detected reading that could access 5 bytes. Patch/mitig...

7.1CVSS7.4AI score0.00142EPSS
CVE
CVE
added 2025/07/03 8:36 a.m.86 views

CVE-2025-38166

CVE-2025-38166 affects the Linux kernel’s BPF/KTLS path (sockmap) where bpf_exec_tx_verdict() can increase msg_pl->sg.size during cork handling, causing iov_iter_revert to miscalculate and potentially panic. The patch adjusts rollback logic to accommodate size changes and relies on zero-copy p...

5.5CVSS7AI score0.00147EPSS
CVE
CVE
added 2025/07/04 1:37 p.m.86 views

CVE-2025-38185

CVE-2025-38185 (Linux kernel) : The vulnerability in the ATM subsystem (atm/atmtcp.c) arises from freeing an skb with an invalid length in atmtcp_c_send(). The code checks skb->len == 0 but does not fully guard against using skb->data as an atmtcp_hdr when len is non-zero, and when len == 0...

5.5CVSS6.5AI score0.00161EPSS
CVE
CVE
added 2025/07/04 1:37 p.m.86 views

CVE-2025-38191

The CVE-2025-38191 issue is in the Linux kernel ksmbd component, where a null pointer dereference could occur during Kerberos session setup if the client uses PreviousSessionId before session authentication completes. Root cause: sess->user is not set during initial kerberos setup, allowing a ...

5.5CVSS6.4AI score0.00482EPSS
CVE
CVE
added 2025/07/04 1:37 p.m.86 views

CVE-2025-38193

CVE-2025-38193 affects the Linux kernel net_sched component sch_sfq. The issue is a missing range check for perturb_period, which could cause perturb_period * HZ to overflow and become invalid, enabling a race condition. The provided examples show invalid values producing errors and a valid value...

5.5CVSS6.3AI score0.00161EPSS
CVE
CVE
added 2025/07/04 1:37 p.m.86 views

CVE-2025-38217

The CVE-2025-38217 issue is in the Linux kernel hwmon code path: fts_read() for hwmon_pwm_auto_channels_temp. The bug is a TOCTOU race on data->fan_source[channel], which can be read twice without locking, allowing a change to FTS_FAN_SOURCE_INVALID (0xff) between checks and use, potentially c...

4.7CVSS6.4AI score0.00101EPSS
CVE
CVE
added 2025/07/10 7:42 a.m.86 views

CVE-2025-38285

CVE-2025-38285 – Linux kernel : The issue stems from a WARN_ON_ONCE in the BPF tracing path (get_bpf_raw_tp_regs) triggered by a corner case involving trace_mmap_lock and stack maps. The issue surfaces during BPF stack retrieval and is reported in kernel/bpf_trace.c, with inline calls in bpf_get_...

5.5CVSS6.4AI score0.0017EPSS
CVE
CVE
added 2025/07/10 7:42 a.m.86 views

CVE-2025-38293

Technical details (affected versions, vulnerable components, exploit conditions, and remediation steps) are not provided in the Connected documents. The Initial document offers a general description of the fix but lacks concrete/public technical specifics; monitor for updates.

5.5CVSS7AI score0.00176EPSS
CVE
CVE
added 2025/07/10 7:42 a.m.86 views

CVE-2025-38307

CVE-2025-38307 refers to a Linux kernel vulnerability in the ASoC: Intel: avs driver. The issue arises from how parse_int_array() returns content: the first element stores the array length, and if that length is 0, manipulating beyond index 0 can cause a null-ptr-deref. The vulnerability is trigg...

5.5CVSS6.7AI score0.00145EPSS
CVE
CVE
added 2025/07/10 8:15 a.m.86 views

CVE-2025-38337

CVE-2025-38337 : Linux kernel data-race in jbd2_journal_dirty_metadata leading to potential null dereference of handle->h_transaction. The issue arises because handle may be NULL and is not checked before dereferencing, allowing a data race between jbd2_journal_dirty_metadata and ext4/jbd2 han...

5.5CVSS6.4AI score0.00159EPSS
CVE
CVE
added 2025/07/10 8:15 a.m.86 views

CVE-2025-38343

Mode C: CVE-2025-38343 is a Linux kernel WiFi fragmentation issue in mt76/mt7996 where multicast/broadcast RAs fragments are dropped since fragmentation applies only to unicast frames. Connected docs indicate affected packages (e.g., kernel versions

5.5CVSS7.8AI score0.00145EPSS
CVE
CVE
added 2025/07/25 12:53 p.m.86 views

CVE-2025-38376

CVE-2025-38376 concerns the Linux kernel USB gadget: udc suspend/resume hang when the host continues data transfer while the bus is active and the controller is gated off. The root cause is that the USB device controller is suspended but the USB bus remains active, causing pending USB requests an...

5.5CVSS6.2AI score0.00146EPSS
CVE
CVE
added 2025/07/25 12:53 p.m.86 views

CVE-2025-38395

CVE-2025-38395 involves the Linux kernel regulator GPIO driver. The root cause is an out-of-bounds access in drvdata::gpiods because memory was allocated for only one pointer, while config::ngpios can exceed 1. The vulnerability can occur when more than one GPIO descriptor is configured. The fix ...

7.1CVSS6.5AI score0.00164EPSS
CVE
CVE
added 2025/07/25 1:8 p.m.86 views

CVE-2025-38403

Summary (CVE-2025-38403) : In the Linux kernel, the vmci transport path (vsock/vmci) had a fix to clear the vmci_transport_packet before populating fields in vmci_transport_packet_init to avoid leaving uninitialised data. This change addresses an information leakage/contamination risk related to ...

7.8CVSS6.3AI score0.0018EPSS
CVE
CVE
added 2025/07/25 2:32 p.m.86 views

CVE-2025-38436

CVE-2025-38436 affects the Linux kernel’s DRM Scheduler. The issue occurs when killing an entity from application B: drm_sched_entity_kill() removes all jobs for that entity via drm_sched_entity_kill_jobs_work(), but if application A’s job depends on a scheduled fence from application B’s job, th...

5.5CVSS6.5AI score0.00126EPSS
CVE
CVE
added 2025/07/25 3:27 p.m.86 views

CVE-2025-38444

CVE-2025-38444 affects the Linux kernel raid10 path. When raid10_read_request or raid10_write_request registers a new request with REQ_NOWAIT, a malloc from the mempool may not be freed, causing a memory leak. Connected docs confirm concrete fix in raid10_make_request and related raid10 handling ...

5.5CVSS6.5AI score0.00147EPSS
CVE
CVE
added 2025/07/25 3:27 p.m.86 views

CVE-2025-38449

CVE-2025-38449 affects the Linux kernel DRM/GEM subsystem. The issue arises when a GEM handle is released while the GEM buffer object remains attached to a DRM framebuffer, which can lead to releasing the dma-buf backing the buffer. Subsequent mode-setting operations may trigger a segmentation fa...

5.5CVSS6.7AI score0.00148EPSS
CVE
CVE
added 2025/07/25 3:27 p.m.86 views

CVE-2025-38465

CVE-2025-38465 is a Linux kernel netlink vulnerability related to wraparounds in sk->sk_rmem_alloc. The issue arises from reading and updating sk_rmem_alloc with a pattern like if (atomic_read(&sk->sk_rmem_alloc) > sk->sk_rcvbuf) atomic_add(skb->truesize, &sk->sk_rmem_alloc);, w...

5.5CVSS6.3AI score0.00165EPSS
CVE
CVE
added 2025/07/25 3:27 p.m.86 views

CVE-2025-38466

CVE-2025-38466 is a Linux kernel vulnerability where uprobes could be misused during instruction fetch; the fix reverts to requiring CAP_SYS_ADMIN for uprobes, mitigating local misuse. Multiple connected advisories acknowledge the issue and reference upstream kernel fixes. Technical details confi...

5.5CVSS6.2AI score0.0017EPSS
CVE
CVE
added 2025/07/28 11:21 a.m.86 views

CVE-2025-38485

CVE-2025-38485 affects the Linux kernel IIO FXLS8962AF accelerator driver. The flaw is a use-after-free in fxls8962af_fifo_flush where indio_dev->active_scan_mask is accessed while the device might exit buffer mode mid-interrupt, creating a race that can lead to a NULL pointer dereference. The...

7.8CVSS6.6AI score0.00151EPSS
CVE
CVE
added 1999/09/29 4:0 a.m.85 views

CVE-1999-0183

CVE-1999-0183 affects Linux implementations of TFTP, described as allowing traversal to read files outside the restricted directory. The OpenVAS/Nessus entries confirm a directory-traversal vulnerability enabling arbitrary file reads via TFTP server responses (e.g., tftpd misconfiguration allows ...

6.4CVSS6.7AI score0.01555EPSS
CVE
CVE
added 2004/07/09 4:0 a.m.85 views

CVE-2004-0447

Technical details about CVE-2004-0447 are not publicly available in the provided connected documents. Monitor for updates and new advisories.

7.2CVSS5.9AI score0.00441EPSS
CVE
CVE
added 2004/12/15 5:0 a.m.85 views

CVE-2004-1137

CVE-2004-1137 affects the Linux kernel 2.4.x (2.4.22–2.4.28) and 2.6.x (up to 2.6.9). The flaws are in IGMP handling (ip_mc_source decrements a counter to -1; igmp_marksources may perform an out-of-bounds read), allowing local or remote attackers to cause denial of service or potentially execute ...

10CVSS7.8AI score0.20825EPSS
CVE
CVE
added 2005/02/22 5:0 a.m.85 views

CVE-2005-0504

CVE-2005-0504 is a buffer overflow in the MoxaDriverIoctl function of the MOXA serial driver (moxa.c) in Linux 2.2.x, 2.4.x, and 2.6.x prior to 2.6.22. This vulnerability could allow a local unprivileged user to execute arbitrary code via a modified length value. The CVE is referenced in multiple...

4.6CVSS5.9AI score0.00576EPSS
CVE
CVE
added 2005/03/20 5:0 a.m.85 views

CVE-2005-0815

CVE-2005-0815 affects the Linux kernel iso9660 filesystem handler in versions up to 2.6.11 (and earlier). The issue is described as multiple range-checking flaws in the ISO-9660 file system code, which could be triggered by mounting a crafted/corrupted ISO image on CD-ROM. Impact stated in connec...

6.4CVSS5.2AI score0.13429EPSS
CVE
CVE
added 2005/10/11 4:0 a.m.85 views

CVE-2005-3181

CVE-2005-3181 affects the Linux kernel audit subsystem when CONFIG_AUDITSYSCALL is enabled. The flaw arises from using an incorrect function to free names_cache memory, preventing proper tracking by AUDITSYSCALL and causing a memory leak that can lead to local denial of service via memory exhaust...

2.1CVSS5.1AI score0.00499EPSS
CVE
CVE
added 2006/07/07 6:0 p.m.85 views

CVE-2006-2451

The CVE-2006-2451 issue affects Linux kernel 2.6.13 up to 2.6.17.4 inclusive, and 2.6.16 up to 2.6.16.24, where the suid_dumpable handling enables a local user to cause disk-based denial of service and potentially gain privileges via PR_SET_DUMPABLE when a core dump is created in a directory the ...

4.6CVSS6.1AI score0.04387EPSS
CVE
CVE
added 2006/12/19 7:0 p.m.85 views

CVE-2006-6106

The CVE-2006-6106 entry describes several buffer overflows in the Bluetooth driver (net/bluetooth/cmtp/capi.c) of the Linux kernel, specifically in the cmtp_recv_interopmsg function. Affected products/versions include Linux kernel 2.4.22 up to 2.4.33.4 and 2.6.2 up to 2.6.18.5, with 2.6.19.x also...

7.5CVSS7.8AI score0.05605EPSS
CVE
CVE
added 2007/05/07 7:0 p.m.85 views

CVE-2007-1861

CVE-2007-1861 affects the Linux kernel prior to 2.6.20.8. The nl_fib_lookup function in net/ipv4/fib_frontend.c can be triggered by NETLINK_FIB_LOOKUP replies, causing infinite recursion and a stack overflow that leads to a kernel panic (denial of service). Open sources in the connected data conf...

4.9CVSS8.9AI score0.01024EPSS
CVE
CVE
added 2007/05/08 11:0 p.m.85 views

CVE-2007-2525

CVE-2007-2525 : Memory leak in the Linux kernel PPPoE socket implementation allows a local user to cause a denial of service by creating a socket with connect and releasing it before PPPIOCGCHAN is initialized. Affected: Linux kernel before 2.6.21-git8. Impact: memory consumption leading to DoS. ...

4.9CVSS6.9AI score0.00405EPSS
CVE
CVE
added 2009/10/20 5:0 p.m.85 views

CVE-2009-2909

CVE-2009-2909 affects the Linux kernel ax25 subsystem (ax25_setsockopt in net/ax25/af_ax25.c). The vulnerability arises from a signedness/unsigned check issue in the ax25 sockopt/setsockopt path, enabling a local attacker to cause a kernel OOPS or potentially crash the kernel and execute code. Pu...

4.9CVSS5.5AI score0.00395EPSS
Web
CVE
CVE
added 2012/06/21 11:0 p.m.85 views

CVE-2011-1021

The CVE-2011-1021 entry describes a local privilege escalation in the Linux kernel caused by the ACPI debugfs interface. Vulnerable component: drivers/acpi/debugfs.c. Affected software: Linux kernel versions before 3.0. Root-level access is required to write to /sys/kernel/debug/acpi/custom_metho...

3.6CVSS7AI score0.00928EPSS
CVE
CVE
added 2013/09/25 10:0 a.m.85 views

CVE-2013-2140

CVE-2013-2140 affects the Linux kernel before 3.10.5, via dispatch_discard_io in Xen blkback (drivers/block/xen-blkback/blkback.c). It enables a guest OS user to trigger a denial of service (data loss) through write operations on read-only disks that support BLKIF_OP_DISCARD/TRIM or SCSI UNMAP. T...

3.8CVSS6.2AI score0.01013EPSS
Web
CVE
CVE
added 2013/04/22 10:0 a.m.85 views

CVE-2013-3223

The CVE-2013-3223 issue affects the Linux kernel: the ax25_recvmsg function in net/ax25/af_ax25.c does not initialize a certain data structure, allowing local attackers to read sensitive information from kernel stack memory via crafted recvmsg or recvfrom calls. Affected kernel versions are befor...

4.9CVSS5.7AI score0.00375EPSS
CVE
CVE
added 2013/12/14 6:0 p.m.85 views

CVE-2013-6376

The CVE-2013-6376 issue affects the Linux kernel’s KVM path: the recalculate_apic_map function in arch/x86/kvm/lapic.c, with impact described as a host-OS crash ( denial of service ) via a crafted ICR write in x2apic mode. The connected Nessus advisories (UNITY_LINUX_UTSA series) reproduce the sa...

5.2CVSS5.8AI score0.01102EPSS
CVE
CVE
added 2013/12/09 6:0 p.m.85 views

CVE-2013-6431

The CVE-2013-6431 issue affects the Linux kernel’s IPv6 routing code: the fib6_add function in net/ipv6/ip6_fib.c fails to encode error codes correctly in versions before 3.11.5, enabling a local user with CAP_NET_ADMIN to trigger a NULL pointer dereference via an IPv6 SIOCADDRT ioctl, causing a ...

4.7CVSS6.7AI score0.00435EPSS
CVE
CVE
added 2016/08/06 10:0 a.m.85 views

CVE-2014-9870

The CVE-2014-9870 entry concerns the Linux kernel prior to 3.11 on ARM, including Android devices (Nexus 5/7) before 2016-08-05. It exposes a privilege-escalation path via improper handling of user-space access to the TPIDRURW register, enabling local attackers to gain privileges with a crafted a...

9.3CVSS7.5AI score0.01017EPSS
CVE
CVE
added 2016/08/06 10:0 a.m.85 views

CVE-2014-9892

The CVE-2014-9892 issue affects the Linux kernel (up to 4.7) in the snd_compr_tstamp path used by Android on Nexus 5/7 devices. Root cause: snd_compr_tstamp does not initialize a timestamp data structure, enabling a crafted app to obtain sensitive information. Impact: information disclosure possi...

5.5CVSS5.3AI score0.00499EPSS
CVE
CVE
added 2016/11/16 4:49 a.m.85 views

CVE-2015-8961

The vulnerability CVE-2015-8961 affects the Linux kernel prior to 4.3.3, specifically the __ext4_journal_stop function in fs/ext4/ext4_jbd2.c. It allows local users to gain privileges or cause a denial of service (use-after-free) by improper access to a certain error field. The issue is resolved ...

9.3CVSS7.6AI score0.01999EPSS
CVE
CVE
added 2019/07/27 9:38 p.m.85 views

CVE-2016-10764

In CVE-2016-10764, the vulnerability is in the Linux kernel before 4.9.6: the cadence-quadspi.c file in drivers/mtd/spi-nor contains an off-by-one error in cqspi_setup_flash() where the f_pdata array uses CQSPI_MAX_CHIPSELECT elements and the comparison should be >= instead of >. This is co...

9.8CVSS9.1AI score0.03075EPSS
CVE
CVE
added 2019/04/30 5:12 p.m.85 views

CVE-2018-20510

CVE-2018-20510 affects the Linux kernel 4.14.90, where the print_binder_transaction_ilocked function in drivers/android/binder.c can allow a local user to read sensitive address information from a debugfs file by exploiting the *from *code *flags lines. Connected Nessus advisories reiter this exa...

5.5CVSS5.6AI score0.0041EPSS
CVE
CVE
added 2022/09/01 5:56 p.m.85 views

CVE-2020-27784

CVE-2020-27784 is a use-after-free in the Linux kernel’s printer_ioctl path. The issue arises from accessing a deallocated printer_dev instance after it has been freed by gprinter_free(), enabling a local attacker to trigger a fault in the kernel. The vulnerability is tracked with CVSSv3.1 vector...

5.5CVSS5.9AI score0.00224EPSS
CVE
CVE
added 2024/03/25 9:16 a.m.85 views

CVE-2021-47159

CVE-2021-47159 is a Linux kernel issue where a crash occurs in net: dsa: fix a crash if ->get_sset_count() fails. The root cause is that when ds->ops->get_sset_count() returns a negative error code (e.g., -EOPNOTSUPP), the unsigned loop index “i” promotes the negative value, causing memo...

5.5CVSS6.7AI score0.00235EPSS
CVE
CVE
added 2024/03/25 9:16 a.m.85 views

CVE-2021-47160

CVE-2021-47160 corresponds to a Linux kernel vulnerability where PCR_MATRIX was set to all-ones when VLAN filtering was enabled and not reset when disabled, potentially allowing VLAN traffic leaks between bridges br0 and br1. The issue is addressed by removing the PCR_MATRIX write from mt7530_por...

7.1CVSS6.7AI score0.00233EPSS
CVE
CVE
added 2024/04/10 6:56 p.m.85 views

CVE-2021-47197

CVE-2021-47197 : In Linux kernel mlx5_core, a double-destroy path could crash via mlx5_debug_cq_remove() if mlx5_core_destroy_cq() is retried after failure. The fix nullifies cq->dbg after removal and ensures CQ destruction proceeds only if the FW command DESTROY_CQ returns 0. A patch addressi...

5.5CVSS6.3AI score0.00225EPSS
CVE
CVE
added 2024/04/10 6:56 p.m.85 views

CVE-2021-47200

CVE-2021-47200 is a Linux kernel security issue affecting DRM/GEM objects during mmap via drm_gem_ttm_mmap. The root cause is dropping a gem object's reference on success and subsequently dereferencing after a potential use-after-free if the object’s refcount was 1 on entry to drm_gem_prime_mmap(...

7.8CVSS6.5AI score0.00219EPSS
CVE
CVE
added 2024/05/21 2:19 p.m.85 views

CVE-2021-47230

CVE-2021-47230 affects the Linux kernel KVM on x86. The vulnerability arises from a lack of synchronization between the vCPU SMM flag and the MMU’s SMM flag, so that when RSM is not emulated correctly, KVM can bail out and leave the MMU in an inconsistent state. This misalignment can cause a NULL...

6.6CVSS7.6AI score0.00232EPSS
CVE
CVE
added 2024/05/21 2:19 p.m.85 views

CVE-2021-47241

The CVE-2021-47241 issue is a Linux kernel vulnerability related to ethtool: strset: fix message length calculation. The root cause is that the outer nest for ETHTOOL_A_STRSET_STRINGSETS was not accounted for, which could cause ETHTOOL_MSG_STRSET_GET to emit a warning and potentially trigger a sp...

7.5CVSS7.7AI score0.0102EPSS
CVE
CVE
added 2024/05/21 2:35 p.m.85 views

CVE-2021-47295

CVE-2021-47295 affects the Linux kernel net: sched tcindex code. The issue was a memory leak in tcindex_partial_destroy_work due to the allocation of a new tcindex_data in tcindex_set_parms() and copying fields from the old one without freeing the old tcindex_data’s perfect hash. The destroy func...

7.5CVSS7.2AI score0.01497EPSS
CVE
CVE
added 2024/05/21 2:35 p.m.85 views

CVE-2021-47309

CVE-2021-47309 affects the Linux kernel's net/tunnel code: skb_tunnel_info() may return a pointer to lwtstate->data without validating its type, risking out-of-bounds reads such as during VXLAN routing. Connected advisories (SUSE-SU-2024:2561-1 and related OSV/Nessus entries) confirm the fix i...

7.1CVSS6.7AI score0.00247EPSS
Total number of security vulnerabilities14372