Lucene search

K
LinuxLinux Kernel

10926 matches found

CVE
CVE
added 2006/12/14 8:28 p.m.57 views

CVE-2006-6304

The do_coredump function in fs/exec.c in the Linux kernel 2.6.19 sets the flag variable to O_EXCL but does not use it, which allows context-dependent attackers to modify arbitrary files via a rewrite attack during a core dump.

7.5CVSS7AI score0.01115EPSS
CVE
CVE
added 2007/01/12 11:28 p.m.57 views

CVE-2006-6921

Unspecified versions of the Linux kernel allow local users to cause a denial of service (unrecoverable zombie process) via a program with certain instructions that prevent init from properly reaping a child whose parent has died.

2.1CVSS5.8AI score0.00058EPSS
CVE
CVE
added 2007/02/24 12:28 a.m.57 views

CVE-2006-7051

The sys_timer_create function in posix-timers.c for Linux kernel 2.6.x allows local users to cause a denial of service (memory consumption) and possibly bypass memory limits or cause other processes to be killed by creating a large number of posix timers, which are allocated in kernel memory but ar...

4.9CVSS6.4AI score0.00119EPSS
CVE
CVE
added 2007/10/23 10:46 a.m.57 views

CVE-2007-3850

The eHCA driver in Linux kernel 2.6 before 2.6.22, when running on PowerPC, does not properly map userspace resources, which allows local users to read portions of physical address space.

1.9CVSS5.5AI score0.00056EPSS
CVE
CVE
added 2008/08/08 7:41 p.m.57 views

CVE-2008-3535

Off-by-one error in the iov_iter_advance function in mm/filemap.c in the Linux kernel before 2.6.27-rc2 allows local users to cause a denial of service (system crash) via a certain sequence of file I/O operations with readv and writev, as demonstrated by testcases/kernel/fs/ftest/ftest03 from the L...

4.9CVSS4.9AI score0.00047EPSS
CVE
CVE
added 2008/10/06 7:54 p.m.57 views

CVE-2008-4445

The sctp_auth_ep_set_hmacs function in net/sctp/auth.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, does not verify that the identifier index is within the bounds established by SCTP_AUTH_HMAC_ID_MAX,...

4.7CVSS4.7AI score0.00179EPSS
CVE
CVE
added 2011/07/28 10:55 p.m.57 views

CVE-2011-2695

Multiple off-by-one errors in the ext4 subsystem in the Linux kernel before 3.0-rc5 allow local users to cause a denial of service (BUG_ON and system crash) by accessing a sparse file in extent format with a write operation involving a block number corresponding to the largest possible 32-bit unsig...

4.9CVSS6.7AI score0.00067EPSS
CVE
CVE
added 2020/02/12 2:15 p.m.57 views

CVE-2012-0810

The int3 handler in the Linux kernel before 3.3 relies on a per-CPU debug stack, which allows local users to cause a denial of service (stack corruption and panic) via a crafted application that triggers certain lock contention.

5.5CVSS5.6AI score0.00049EPSS
CVE
CVE
added 2013/04/24 7:55 p.m.57 views

CVE-2013-1958

The scm_check_creds function in net/core/scm.c in the Linux kernel before 3.8.6 does not properly enforce capability requirements for controlling the PID value associated with a UNIX domain socket, which allows local users to bypass intended access restrictions by leveraging the time interval durin...

1.9CVSS6.2AI score0.00039EPSS
CVE
CVE
added 2014/04/01 6:35 a.m.57 views

CVE-2013-7348

Double free vulnerability in the ioctx_alloc function in fs/aio.c in the Linux kernel before 3.12.4 allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via vectors involving an error condition in the aio_setup_ring function.

4.6CVSS7.6AI score0.00053EPSS
CVE
CVE
added 2014/06/23 11:21 a.m.57 views

CVE-2014-4157

arch/mips/include/asm/thread_info.h in the Linux kernel before 3.14.8 on the MIPS platform does not configure _TIF_SECCOMP checks on the fast system-call path, which allows local users to bypass intended PR_SET_SECCOMP restrictions by executing a crafted application without invoking a trace or audi...

4.6CVSS7.8AI score0.00044EPSS
CVE
CVE
added 2014/09/28 10:55 a.m.57 views

CVE-2014-6417

net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, does not properly consider the possibility of kmalloc failure, which allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a long unencrypted auth ticket.

7.8CVSS7.6AI score0.05588EPSS
CVE
CVE
added 2017/02/06 6:59 a.m.57 views

CVE-2016-10153

The crypto scatterlist API in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging reliance on earlier net/ceph/c...

7.8CVSS7.6AI score0.00086EPSS
CVE
CVE
added 2017/04/12 10:59 p.m.57 views

CVE-2016-5856

Drivers/soc/qcom/spcom.c in the Qualcomm SPCom driver in the Android kernel 2017-03-05 allows local users to gain privileges, a different vulnerability than CVE-2016-5857.

7.6CVSS6.8AI score0.0005EPSS
CVE
CVE
added 2017/04/07 10:59 p.m.57 views

CVE-2017-0584

An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kern...

4.7CVSS4.4AI score0.00223EPSS
CVE
CVE
added 2017/06/14 1:29 p.m.57 views

CVE-2017-0648

An elevation of privilege vulnerability in the kernel FIQ debugger could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High due to the possibility of a local permanent device compromise, which may require reflashing the opera...

9.3CVSS7.3AI score0.00195EPSS
CVE
CVE
added 2019/04/30 6:29 p.m.57 views

CVE-2018-20509

The print_binder_ref_olocked function in drivers/android/binder.c in the Linux kernel 4.14.90 allows local users to obtain sensitive address information by reading " ref *desc *node" lines in a debugfs file.

5.5CVSS4.9AI score0.00057EPSS
CVE
CVE
added 2024/03/15 9:15 p.m.57 views

CVE-2021-47130

In the Linux kernel, the following vulnerability has been resolved: nvmet: fix freeing unallocated p2pmem In case p2p device was found but the p2p pool is empty, the nvme targetis still trying to free the sgl from the p2p pool instead of theregular sgl pool and causing a crash (BUG() is called). In...

4.4CVSS5.4AI score0.00008EPSS
CVE
CVE
added 2024/04/10 7:15 p.m.57 views

CVE-2021-47195

In the Linux kernel, the following vulnerability has been resolved: spi: fix use-after-free of the add_lock mutex Commit 6098475d4cb4 ("spi: Fix deadlock when adding SPI controllers onSPI buses") introduced a per-controller mutex. But mutex_unlock() ofsaid lock is called after the controller is alr...

5.5CVSS6.6AI score0.00011EPSS
CVE
CVE
added 2024/05/21 3:15 p.m.57 views

CVE-2021-47243

In the Linux kernel, the following vulnerability has been resolved: sch_cake: Fix out of bounds when parsing TCP options and header The TCP option parser in cake qdisc (cake_get_tcpopt andcake_tcph_may_drop) could read one byte out of bounds. When the lengthis 1, the execution flow gets into the lo...

7.1CVSS6.7AI score0.00116EPSS
CVE
CVE
added 2024/05/21 3:15 p.m.57 views

CVE-2021-47244

In the Linux kernel, the following vulnerability has been resolved: mptcp: Fix out of bounds when parsing TCP options The TCP option parser in mptcp (mptcp_get_options) could read one byteout of bounds. When the length is 1, the execution flow gets into theloop, reads one byte of the opcode, and if...

6.2CVSS6.2AI score0.00072EPSS
CVE
CVE
added 2024/05/21 3:15 p.m.57 views

CVE-2021-47266

In the Linux kernel, the following vulnerability has been resolved: RDMA/ipoib: Fix warning caused by destroying non-initial netns After the commit 5ce2dced8e95 ("RDMA/ipoib: Set rtnl_link_ops for ipoibinterfaces"), if the IPoIB device is moved to non-initial netns,destroying that netns lets the de...

5.5CVSS6.5AI score0.00021EPSS
CVE
CVE
added 2024/05/21 3:15 p.m.57 views

CVE-2021-47317

In the Linux kernel, the following vulnerability has been resolved: powerpc/bpf: Fix detecting BPF atomic instructions Commit 91c960b0056672 ("bpf: Rename BPF_XADD and prepare to encode otheratomics in .imm") converted BPF_XADD to BPF_ATOMIC and added a way todistinguish instructions based on the i...

3.3CVSS6.7AI score0.00077EPSS
CVE
CVE
added 2024/05/21 3:15 p.m.57 views

CVE-2021-47322

In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix an Oops in pnfs_mark_request_commit() when doing O_DIRECT Fix an Oopsable condition in pnfs_mark_request_commit() when we'reputting a set of writes on the commit list to reschedule them after afailed pNFS attempt.

7.8CVSS6.6AI score0.00022EPSS
CVE
CVE
added 2024/05/24 3:15 p.m.57 views

CVE-2021-47529

In the Linux kernel, the following vulnerability has been resolved: iwlwifi: Fix memory leaks in error handling path Should an error occur (invalid TLV len or memory allocation failure), thememory already allocated in 'reduce_power_data' should be freed beforereturning, otherwise it is leaking.

5.5CVSS7AI score0.0002EPSS
CVE
CVE
added 2024/05/24 3:15 p.m.57 views

CVE-2021-47535

In the Linux kernel, the following vulnerability has been resolved: drm/msm/a6xx: Allocate enough space for GMU registers In commit 142639a52a01 ("drm/msm/a6xx: fix crashstate capture forA650") we changed a6xx_get_gmu_registers() to read 3 sets ofregisters. Unfortunately, we didn't change the memor...

6.2CVSS6.5AI score0.00018EPSS
CVE
CVE
added 2022/08/31 4:15 p.m.57 views

CVE-2022-1976

A flaw was found in the Linux kernel’s implementation of IO-URING. This flaw allows an attacker with local executable permission to create a string of requests that can cause a use-after-free flaw within the kernel. This issue leads to memory corruption and possible privilege escalation.

7.8CVSS7.4AI score0.00029EPSS
CVE
CVE
added 2024/04/28 1:15 p.m.57 views

CVE-2022-48640

In the Linux kernel, the following vulnerability has been resolved: bonding: fix NULL deref in bond_rr_gen_slave_id Fix a NULL dereference of the struct bonding.rr_tx_counter member becauseif a bond is initially created with an initial mode != zero (Round Robin)the memory required for the counter i...

6.3AI score0.00026EPSS
CVE
CVE
added 2024/04/28 1:15 p.m.57 views

CVE-2022-48668

In the Linux kernel, the following vulnerability has been resolved: smb3: fix temporary data corruption in collapse range collapse range doesn't discard the affected cached regionso can risk temporarily corrupting the file data. Thisfixes xfstest generic/031 I also decided to merge a minor cleanup ...

6.4AI score0.00034EPSS
CVE
CVE
added 2024/06/20 12:15 p.m.57 views

CVE-2022-48755

In the Linux kernel, the following vulnerability has been resolved: powerpc64/bpf: Limit 'ldbrx' to processors compliant with ISA v2.06 Johan reported the below crash with test_bpf on ppc64 e5500: test_bpf: #296 ALU_END_FROM_LE 64: 0x0123456789abcdef -> 0x67452301 jited:1Oops: Exception in kerne...

5.5CVSS6.3AI score0.00034EPSS
CVE
CVE
added 2024/06/20 12:15 p.m.57 views

CVE-2022-48768

In the Linux kernel, the following vulnerability has been resolved: tracing/histogram: Fix a potential memory leak for kstrdup() kfree() is missing on an error path to free the memory allocated bykstrdup(): p = param = kstrdup(data->params[i], GFP_KERNEL); So it is better to free it via kfree(p)...

5.5CVSS7AI score0.0002EPSS
CVE
CVE
added 2024/06/20 12:15 p.m.57 views

CVE-2022-48770

In the Linux kernel, the following vulnerability has been resolved: bpf: Guard against accessing NULL pt_regs in bpf_get_task_stack() task_pt_regs() can return NULL on powerpc for kernel threads. This isthen used in __bpf_get_stack() to check for user mode, resulting in akernel oops. Guard against ...

5.5CVSS6.3AI score0.00034EPSS
CVE
CVE
added 2024/07/16 12:15 p.m.57 views

CVE-2022-48778

In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: gpmi: don't leak PM reference in error path If gpmi_nfc_apply_timings() fails, the PM runtime usage counter must bedropped.

7.8CVSS8.1AI score0.00039EPSS
CVE
CVE
added 2024/07/16 12:15 p.m.57 views

CVE-2022-48784

In the Linux kernel, the following vulnerability has been resolved: cfg80211: fix race in netlink owner interface destruction My previous fix here to fix the deadlock left a race wherethe exact same deadlock (see the original commit referencedbelow) can still happen if cfg80211_destroy_ifaces() alr...

4.7CVSS6.5AI score0.00023EPSS
CVE
CVE
added 2024/07/16 12:15 p.m.57 views

CVE-2022-48797

In the Linux kernel, the following vulnerability has been resolved: mm: don't try to NUMA-migrate COW pages that have other uses Oded Gabbay reports that enabling NUMA balancing causes corruption withhis Gaudi accelerator test load: "All the details are in the bug, but the bottom line is that someh...

6.8AI score0.00073EPSS
CVE
CVE
added 2024/07/16 1:15 p.m.57 views

CVE-2022-48833

In the Linux kernel, the following vulnerability has been resolved: btrfs: skip reserved bytes warning on unmount after log cleanup failure After the recent changes made by commit c2e39305299f01 ("btrfs: clearextent buffer uptodate when we fail to write it") and its followup fix,commit 651740a50241...

6.5AI score0.00065EPSS
CVE
CVE
added 2024/07/16 1:15 p.m.57 views

CVE-2022-48844

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: Fix leaking sent_cmd skb sent_cmd memory is not freed before freeing hci_dev causing it to leakit contents.

5.5CVSS6.3AI score0.00039EPSS
CVE
CVE
added 2024/07/16 1:15 p.m.57 views

CVE-2022-48854

In the Linux kernel, the following vulnerability has been resolved: net: arc_emac: Fix use after free in arc_mdio_probe() If bus->state is equal to MDIOBUS_ALLOCATED, mdiobus_free(bus) will freethe "bus". But bus->name is still used in the next line, which will leadto a use after free. We can...

7.8CVSS7.5AI score0.00066EPSS
CVE
CVE
added 2024/08/21 7:15 a.m.57 views

CVE-2022-48880

In the Linux kernel, the following vulnerability has been resolved: platform/surface: aggregator: Add missing call to ssam_request_sync_free() Although rare, ssam_request_sync_init() can fail. In that case, therequest should be freed via ssam_request_sync_free(). Currently it isleaked instead. Fix ...

6.5AI score0.00065EPSS
CVE
CVE
added 2024/08/21 7:15 a.m.57 views

CVE-2022-48896

In the Linux kernel, the following vulnerability has been resolved: ixgbe: fix pci device refcount leak As the comment of pci_get_domain_bus_and_slot() says, itreturns a PCI device with refcount incremented, when finishusing it, the caller must decrement the reference count bycalling pci_dev_put()....

5.5CVSS6.5AI score0.00037EPSS
CVE
CVE
added 2024/08/22 2:15 a.m.57 views

CVE-2022-48914

In the Linux kernel, the following vulnerability has been resolved: xen/netfront: destroy queues before real_num_tx_queues is zeroed xennet_destroy_queues() relies on info->netdev->real_num_tx_queues todelete queues. Since d7dac083414eb5bb99a6d2ed53dc2c1b405224e5("net-sysfs: update the queue ...

5.5CVSS6.2AI score0.00036EPSS
CVE
CVE
added 2024/10/21 8:15 p.m.57 views

CVE-2022-49003

In the Linux kernel, the following vulnerability has been resolved: nvme: fix SRCU protection of nvme_ns_head list Walking the nvme_ns_head siblings list is protected by the head's srcuin nvme_ns_head_submit_bio() but not nvme_mpath_revalidate_paths().Removing namespaces from the list also fails to...

4.7CVSS4.3AI score0.00026EPSS
CVE
CVE
added 2025/02/26 7:0 a.m.57 views

CVE-2022-49173

In the Linux kernel, the following vulnerability has been resolved: spi: fsi: Implement a timeout for polling status The data transfer routines must poll the status register todetermine when more data can be shifted in or out. If the hardwaregets into a bad state, these polling loops may never exit...

5.4AI score0.00039EPSS
CVE
CVE
added 2025/02/26 7:1 a.m.57 views

CVE-2022-49338

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: CT: Fix cleanup of CT before cleanup of TC ct rules CT cleanup assumes that all tc rules were deleted first, and sois free to delete the CT shared resources (e.g the dr_actionfwd_action which is shared for all tuples). B...

5.4AI score0.00051EPSS
CVE
CVE
added 2025/02/26 7:1 a.m.57 views

CVE-2022-49479

In the Linux kernel, the following vulnerability has been resolved: mt76: fix tx status related use-after-free race on station removal There is a small race window where ongoing tx activity can lead to a skbgetting added to the status tracking idr after that idr has already beencleaned up, which wi...

7.8CVSS6.7AI score0.00025EPSS
CVE
CVE
added 2025/02/26 7:1 a.m.57 views

CVE-2022-49528

In the Linux kernel, the following vulnerability has been resolved: media: i2c: dw9714: Disable the regulator when the driver fails to probe When the driver fails to probe, we will get the following splat: [ 59.305988] ------------[ cut here ]------------[ 59.306417] WARNING: CPU: 2 PID: 395 at dri...

5.3AI score0.00051EPSS
CVE
CVE
added 2025/02/26 7:1 a.m.57 views

CVE-2022-49540

In the Linux kernel, the following vulnerability has been resolved: rcu-tasks: Fix race in schedule and flush work While booting secondary CPUs, cpus_read_[lock/unlock] is not keepingonline cpumask stable. The transient online mask results in belowcalltrace. [ 0.324121] CPU1: Booted secondary proce...

5.4AI score0.00039EPSS
CVE
CVE
added 2025/02/26 7:1 a.m.57 views

CVE-2022-49608

In the Linux kernel, the following vulnerability has been resolved: pinctrl: ralink: Check for null return of devm_kcalloc Because of the possible failure of the allocation, data->domains mightbe NULL pointer and will cause the dereference of the NULL pointerlater.Therefore, it might be better t...

5.5CVSS5.4AI score0.00042EPSS
CVE
CVE
added 2025/03/27 5:15 p.m.57 views

CVE-2022-49752

In the Linux kernel, the following vulnerability has been resolved: device property: fix of node refcount leak in fwnode_graph_get_next_endpoint() The 'parent' returned by fwnode_graph_get_port_parent()with refcount incremented when 'prev' is not NULL, itneeds be put when finish using it. Because t...

5.5CVSS6.6AI score0.00011EPSS
CVE
CVE
added 2025/03/27 5:15 p.m.57 views

CVE-2022-49756

In the Linux kernel, the following vulnerability has been resolved: phy: usb: sunplus: Fix potential null-ptr-deref in sp_usb_phy_probe() sp_usb_phy_probe() will call platform_get_resource_byname() that may failand return NULL. devm_ioremap() will use usbphy->moon4_res_mem->start asinput, whi...

5.5CVSS6.5AI score0.00016EPSS
Total number of security vulnerabilities10926