14330 matches found
CVE-2014-9870
The CVE-2014-9870 entry concerns the Linux kernel prior to 3.11 on ARM, including Android devices (Nexus 5/7) before 2016-08-05. It exposes a privilege-escalation path via improper handling of user-space access to the TPIDRURW register, enabling local attackers to gain privileges with a crafted a...
CVE-2014-9892
The CVE-2014-9892 issue affects the Linux kernel (up to 4.7) in the snd_compr_tstamp path used by Android on Nexus 5/7 devices. Root cause: snd_compr_tstamp does not initialize a timestamp data structure, enabling a crafted app to obtain sensitive information. Impact: information disclosure possi...
CVE-2008-2544
CVE-2008-2544 describes a local bypass where mounting the /proc filesystem inside a chroot can occur in read-write mode, allowing a user to bypass the chroot and gain write access to files they would not normally access. The connected documents reiterate the same description but do not provide pr...
CVE-2008-2729
CVE-2008-2729 affects the Linux kernel before 2.6.19 on some AMD64 systems. The issue is in arch/x86_64/lib/copy_user.S where, after a kernel memory copy exception, destination memory locations aren’t erased, potentially letting a local user read residual data. Impact: local information disclosur...
CVE-2009-0746
The CVE-2009-0746 entry concerns the Linux kernel ext4 code: make_indexed_dir in fs/ext4/namei.c fails to validate a rec_len field, allowing a local attacker to trigger a denial of service (OOPS) by mounting a crafted ext4 filesystem. Affected is kernel 2.6.27 up to 2.6.27.19 and 2.6.28 up to 2.6...
CVE-2009-3001
Technical details about CVE-2009-3001 are not provided in the connected documents; the initial description states a kernel infoleak via getsockname on AF_LLC, but no vendor/product/version specifics or fixes are included. Monitor for updates.
CVE-2009-4271
CVE-2009-4271 affects Linux kernel 2.6.9–2.6.17 on x86_64/amd64. A local unprivileged user can trigger a NULL pointer dereference when a crafted 32-bit process calls mprotect on the Virtual Dynamic Shared Object (VDSO) page, potentially causing a kernel panic (DoS). The issue is tied to memory pr...
CVE-2009-4272
CVE-2009-4272 relates to a Red Hat patch for net/ipv4/route.c in the Linux kernel 2.6.18 on RHEL 5. It enables remote attackers to cause a denial of service (deadlock) by sending crafted packets that trigger collisions in the IPv4 routing hash table, prompting a routing “emergency” with a hash ch...
CVE-2010-2071
The CVE-2010-2071 entry corresponds to the Linux kernel issue where the btrfs_xattr_set_acl function in fs/btrfs/acl.c did not verify file ownership before applying ACLs. Affected: Linux kernel 2.6.34 and earlier. Impact: local users can bypass file permissions by setting arbitrary ACLs (demonstr...
CVE-2011-2700
CVE-2011-2700 affects the Linux kernel prior to 2.6.39.4 on the N900 platform, where multiple buffer overflows in si4713_write_econtrol_string (drivers/media/radio/si4713-i2c.c) can be triggered by a crafted s_ext_ctrls operation using V4L2_CID_RDS_TX_PS_NAME or V4L2_CID_RDS_TX_RADIO_TEXT. The is...
CVE-2011-2909
Summary (CVE-2011-2909): The Linux kernel (do_devinfo_ioctl in drivers/staging/comedi/comedi_fops.c) before 3.1 allows local users to leak sensitive kernel memory content through a copy of a short string. This is described as an information leak in the kernel staging area. Impact is local confide...
CVE-2011-2942
CVE-2011-2942 is tied to a Red Hat patch affecting the Linux kernel 2.6.18-... on RHEL 5. The issue is in the bridge forward path, specifically br_forward.c __br_deliver, enabling a remote attacker on a bridged network to trigger a NULL pointer dereference and system crash (DoS) or potentially ot...
CVE-2015-2672
The CVE-2015-2672 entry concerns the Linux kernel’s xsave/xrstor implementation (arch/x86/include/asm/xsave.h). Vulnerable code paths exist in kernels before 3.19.2 where certain .altinstr_replacement pointers are created, failing to provide protection against instruction faulting. Local attacker...
CVE-2016-5343
CVE-2016-5343 affects the Linux kernel driver drivers/soc/qcom/qdsp6v2/voice_svc.c (QDSP6v2 Voice Service) used in Qualcomm MSM Android contributions. The vulnerability is a buffer overflow in voice_svc_send_req triggered by a write request, which can cause memory corruption and enable a denial o...
CVE-2016-9755
CVE-2016-9755 affects the Linux kernel netfilter IPv6 reassembly logic prior to 4.9. It allows local users to cause a denial of service via a crafted application that uses socket, connect, and writev calls, due to an integer overflow / out-of-bounds write in the IPv6 reassembly path. The root cau...
CVE-2016-9777
KVM in the Linux kernel (before 4.8.12) is vulnerable when I/O APIC is enabled. A guest user can craft an interrupt request to bypass VCPU index restrictions, potentially gaining host privileges or causing a host denial of service via out-of-bounds access and host crash. Affected components: arch...
CVE-2017-0576
CVE-2017-0576 is an elevation-of-privilege vulnerability in the Qualcomm Crypto Engine Driver that could allow a local malicious app to execute arbitrary code in the kernel context. Affected product scope is Android; kernels 3.10 and 3.18 are listed as vulnerable. The underlying issue is in the Q...
CVE-2021-47083
CVE-2021-47083 affects the Linux kernel’s pinctrl Mediatek code: when the eint virtual EINT number exceeds the GPIO count, it can trigger a global-out-of-bounds write to desc[eint_n]. The issue was fixed in the mediatek pinctrl path (pinctrl: mediatek: fix global-out-of-bounds issue). No exploit ...
CVE-2021-47089
CVE-2021-47089 pertains to the Linux kernel: kfence memory leak when handling cat kfence objects. The leak stems from a missing release function for files opened via file_operations, causing allocated seq_file structures/related seq_buf to not be freed when the file is closed, as evidenced by kme...
CVE-2021-47091
CVE-2021-47091 affects the Linux kernel mac80211 component. Root cause: locking in ieee80211_start_ap error path where local channel context release wasn’t guaranteed to hold local->mtx, risking improper synchronization. The fix enforces holding local->mtx when releasing the channel context...
CVE-2021-47139
CVE-2021-47139 affects the Linux kernel hns3 driver. A race occurs because the netdevice is registered before client initialization completes, creating a window where changes to channels or rx CPU map can trigger hns3_set_rx_cpu_rmap() twice, leading to a crash (BUG at lib/cpu_rmap.c). The fix, a...
CVE-2021-47146
CVE-2021-47146 concerns the Linux kernel where mld_newpack could panic when headroom is large because high-order page allocation was disallowed (skb_put() path). The issue is triggered during IPv6 multicast handling in mld_newpack/mld_send_initial_cr and can lead to a kernel crash; the provided t...
CVE-2021-47160
CVE-2021-47160 corresponds to a Linux kernel vulnerability where PCR_MATRIX was set to all-ones when VLAN filtering was enabled and not reset when disabled, potentially allowing VLAN traffic leaks between bridges br0 and br1. The issue is addressed by removing the PCR_MATRIX write from mt7530_por...
CVE-2021-47214
CVE-2021-47214 affects Linux kernel hugetlb/userfaultfd handling. The fix corrects reservation restoration on userfaultfd error in hugetlb_mcopy_atomic_pte() by treating the is_continue path like pagecache insertion and altering the new_pagecache_page flag (renamed to page_in_pagecache) so restor...
CVE-2021-47216
CVE-2021-47216 affects the Linux kernel SCSI AdvanSys driver. The root cause is a kernel pointer leak caused by printing pointers cast to unsigned long with %lx instead of using %p/%px. A patch fixes the issue by changing pointer printing format from %lx to %p, effectively printing the hashed poi...
CVE-2021-47245
CVE-2021-47245 affects the Linux kernel netfilter synproxy TCP option parser. The vulnerability arises from an out-of-bounds read in synproxy_parse_options when parsing TCP options; if length equals 1, the loop reads an opcode byte and, if it is not TCPOPT_EOL or TCPOPT_NOP, reads one more byte, ...
CVE-2021-47283
CVE-2021-47283 concerns the Linux kernel where the SFC driver could leak IRQ resources when using legacy IRQs. The issue arises because the flag irqs_hooked was not set during initialization in legacy IRQ mode, causing non-freed interrupt descriptors on module removal. The vulnerability affects t...
CVE-2021-47343
CVE-2021-47343 is a Linux kernel issue in the device-mapper (dm) btree removal path. The bug could cause an uninitialized value to be assigned to new_root when removal fails, leading to out-of-bounds access in dm-thin metadata (details_root/details_info) and potential general protection faults. T...
CVE-2021-47390
CVE-2021-47390 concerns the Linux kernel KVM path on x86, where KASAN reports a stack-out-of-bounds access in kvm_make_vcpus_request_mask() when handling IOAPIC indirect requests. The root cause is that the vcpu_bitmap is allocated as a single stack long instead of a size equal to KVM_MAX_VCPUS, ...
CVE-2021-47398
The CVE-2021-47398 entry concerns a Linux kernel RDMA/hfi1 pointer leak. The vulnerability stemmed from printing secured pointers using unsigned long long with %llx, which could reveal addresses. The fix changes the formatting to print pointers with %p or %px, eliminating the cast to a large inte...
CVE-2021-47420
CVE-2021-47420 affects the Linux kernel in the DRM/AMDKFD path. The issue is a memory leak: memory allocated for ttm->sg by kmalloc in kfd_mem_dmamap_userptr is not freed in kfd_mem_dmaunmap_userptr. The vulnerability has been resolved by freeing the leaked memory. Connected advisories (Astra ...
CVE-2021-47427
CVE-2021-47427 affects the Linux kernel SCSI/ISCSI code where iscsi_task could be freed after abort handling due to a goto to cleanup. Root cause: abort path introduced iscsi_get_conn()/iscsi_put_conn() but then cleanup could still perform a put on the iscsi_task. The fix reverts the goto and mov...
CVE-2021-47513
CVE-2021-47513 is a Linux kernel vulnerability affecting the net: dsa: felix MMIO filtering path. The issue is a memory leak in felix_setup_mmio_filtering that occurs if there is no CPU port defined. The vulnerability is fixed in the kernel by addressing the resource leak in the felix MMIO filter...
CVE-2021-47525
CVE-2021-47525 affects the Linux kernel, specifically the serial liteuart driver. The issue is a use-after-free and memory leak that occurs on unbind, where the port may remain registered after driver data is released, leading to potential use after free and serial-core memory leaks. The publishe...
CVE-2021-47526
CVE-2021-47526 is a Linux kernel vulnerability in the serial: liteuart driver causing a NULL pointer dereference in _remove() when drvdata isn’t set in _probe(). The root cause is missing drvdata assignment which leads to platform_get_drvdata() returning NULL in _remove(). The issue affects the L...
CVE-2021-47539
CVE-2021-47539 affects the Linux kernel RxRPC code. The issue is a use-after-free-like leak where a rxrpc_peer may be leaked during rxrpc_look_up_bundle() when handling a bundle candidate. The provided data states the root cause is a leak of the rxrpc_peer and the remediation is to call rxrpc_put...
CVE-2021-47577
CVE-2021-47577 : In the Linux kernel, a race in the io-wq subsystem can occur between adding a new worker task_work and the wq exiting. The code checks IO_WQ_BIT_EXIT before creating a worker, and the exit path may cancel pending creations, creating a window where a newly added task_work is proce...
CVE-2022-48755
The CVE-2022-48755 issue is a Linux kernel vulnerability affecting powerpc64 systems where BPF code could emit ldbrx instructions not supported on processors older than ISA v2.06. The root cause is an ISA compatibility gap in the ldbrx path used by BPF_FROM_[L|E] and BPF_FROM_[L|B]E, leading to a...
CVE-2022-48756
CVE-2022-48756 relates to the Linux kernel DRM MSM DSI driver. The vulnerability stems from an invalid parameter check in msm_dsi_phy_enable where the function uses the PHY input before validating it, risking a NULL pointer dereference. The fix is to initialize the dev variable after performing t...
CVE-2022-48895
CVE-2022-48895 affects the Linux kernel iommu/arm-smmu component, specifically an issue where shutdown unregistration could trigger a NULL pointer dereference in the IOMMU path during reboot sequences. The issue was observed in stack traces leading to Oops in interrupt and kernel panic scenarios,...
CVE-2022-48931
CVE-2022-48931: Linux kernel configfs race when calling configfs_register_subsystem()/configfs_unregister_subsystem() can lead to kernel panic due to concurrent list modifications during link_group()/unlink_group(). The root cause is a race in configfs item management when parent configfs_subsyst...
CVE-2022-49052
The CVE-2022-49052 entry concerns a Linux kernel zram swap issue: when CLONE_VM occurs, a race could map zeroed data to userspace due to swap_slot_free_notify not counting swap slots, enabling a process to observe or rely on incorrect data until the fix patches out that notification and relies on...
CVE-2022-49071
CVE-2022-49071 affects the Linux kernel where drm/panel: ili9341 handling of an optional regulator could dereference a NULL or error pointer if the regulator lookup fails. The patch ensures that a failed optional regulator lookup resets the pointer to NULL, and notes that related functions like m...
CVE-2022-49250
CVE-2022-49250 : In the Linux kernel ASoC codecs rx-macro path, the AUX interpolator may access compander data without checking that compander exists, potentially causing an out-of-bounds access in the comp_enabled[] array. The issue is resolved by adding a guard before accessing compander data. ...
CVE-2022-49254
CVE-2022-49254 concerns the Linux kernel media TI-VPE driver. In cal_ctx_v4l2_init_formats(), the code assigns the result of devm_kzalloc() to ctx->active_fmt and then dereferences it unconditionally, which could cause a NULL pointer dereference if allocation fails. The vulnerability is mitiga...
CVE-2022-49388
CVE-2022-49388 affects the Linux kernel ubi_create_volume() in the UBI subsystem. The issue is an use-after-free involving the 'eba_tbl' in the error handling path: ubi_eba_replace_table(vol, eba_tbl) assigns vol->eba_tbl = tbl, then on error the code path leads to ubi_eba_destroy_table(eba_tb...
CVE-2022-49487
CVE-2022-49487 affects the Linux kernel mtd/rawnand/syscalls for Intel NAND, where a null pointer dereference could occur if platform_get_resource() returns NULL. The fix moves using the resource after devm_ioremap_resource(), which checks for NULL to prevent dereference. Connected Astra Linux ad...
CVE-2022-49506
The CVE-2022-49506 issue affects the Linux kernel DRM/Mediatek path, where a race between the vblank callback registration and disabling vblank could yield NULL callback data in the ovl IRQ path, risking kernel panic. The documented fix adds a vblank callback registration flow: register callback ...
CVE-2022-49540
CVE-2022-49540 refers to a race in the Linux kernel’s RCU Tasks Rude grace-period handling. The issue occurs during boot when multiple CPUs come online and the rcu_tasks_rude_wait_gp() flow calls schedule_on_each_cpu(), which can mis-handle the online cpumask and produce a call trace in __flush_w...
CVE-2022-49672
CVE-2022-49672 refers to a race condition in the Linux kernel’s network/tun path: when destroying a tunNAPI object, the NAPI in the tun_file struct can be destroyed before the netdev, requiring explicit deletion of the NAPI. Syzbot observed this race as the queue was detached, enabling a potentia...