13804 matches found
CVE-2016-5343
CVE-2016-5343 affects the Linux kernel driver drivers/soc/qcom/qdsp6v2/voice_svc.c (QDSP6v2 Voice Service) used in Qualcomm MSM Android contributions. The vulnerability is a buffer overflow in voice_svc_send_req triggered by a write request, which can cause memory corruption and enable a denial o...
CVE-2005-2555
CVE-2005-2555 affects the Linux kernel 2.6.x line. The issue is that socket policy access is not properly restricted to users with the CAP_NET_ADMIN capability, potentially allowing local users to perform unauthorized activities. The vulnerability is associated with the IPv4 and IPv6 socket glue ...
CVE-2005-2801
CVE-2005-2801 concerns a bug in the ext2/ext3 file system code of the Linux kernel 2.6 where sharing xattr blocks fails to consistently compare name_index fields, potentially causing default ACLs to be applied incorrectly and exposing wrong ACLs for files. Connected advisories (RHSA-2005/2006 and...
CVE-2005-3273
CVE-2005-3273 affects the ROSE (rose) packet router ioctl in the Linux kernel (ROSE code in rose_route.c) for 2.6 kernels before 2.6.12 and 2.4 before 2.4.29. The root cause is improper verification of the ndigis argument when creating a new route, which can trigger array out-of-bounds conditions...
CVE-2005-3660
CVE-2005-3660 affects the Linux kernel 2.4.x and 2.6.x. The vulnerability occurs when a process creates a large number of connected file descriptors or socketpairs and uses a large data transfer buffer, which can exhaust memory and cause a kernel panic or denial of service. The underlying issue c...
CVE-2005-3806
CVE-2005-3806 affects Linux kernels 2.4 (up to 2.4.32) and 2.6 (before 2.6.14); IPv6 flow label handling in ip6_flowlabel.c may modify the wrong variable, enabling local attackers to corrupt kernel memory or trigger a crash by freeing non-allocated memory. Connected advisories (Debian DSA-1018-1/...
CVE-2006-0742
CVE-2006-0742 affects the Linux kernel on IA-64 (Itanium) where the die_if_kernel function in arch/ia64/kernel/unaligned.c is compiled with the noreturn attribute. In kernels 2.6.x before 2.6.15.6, this can allow local users to trigger user faults that lead to a denial of service. The root cause ...
CVE-2006-1528
CVE-2006-1528 affects the Linux kernel prior to 2.6.13. The vulnerability arises in the sg (SCSI generic) driver’s handling of memory-mapped I/O space during a dio transfer, allowing a local user to trigger a crash ( Denial of Service ). The connected documents confirm the issue is located in the...
CVE-2006-2071
CVE-2006-2071 affects Linux kernels 2.4.x and 2.6.x up to 2.6.16. It arises from a flaw in the mprotect handling that allowed a local user to grant write permission to a read-only attachment of a shared memory segment, bypassing IPC permissions and enabling modification of the attachment. Reporte...
CVE-2006-5753
The CVE-2006-5753 issue concerns the Linux kernel: a flaw in the listxattr system call that can be exploited when a bad inode is present. Local users may cause a denial of service (data corruption) and potentially escalate privileges. Supported documents indicate this vulnerability was addressed ...
CVE-2006-5757
CVE-2006-5757 is a local privilege vulnerability in the Linux kernel (2.6.x) related to the __find_get_block_slow function within the ISO9660 filesystem. The issue allows a local user to trigger a denial of service (infinite loop) by mounting a crafted ISO9660 image containing malformed data stru...
CVE-2007-0772
The CVE-2007-0772 entry applies to the Linux kernel 2.6.13 and earlier, with the issue fixed in 2.6.20.1. A crafted NFSACL 2 ACCESS request could trigger a free of an incorrect pointer, leading to a remote denial of service (oops). Affected versions before 2.6.20.1 are vulnerable; mitigation is t...
CVE-2008-2729
CVE-2008-2729 affects the Linux kernel before 2.6.19 on some AMD64 systems. The issue is in arch/x86_64/lib/copy_user.S where, after a kernel memory copy exception, destination memory locations aren’t erased, potentially letting a local user read residual data. Impact: local information disclosur...
CVE-2008-5702
CVE-2008-5702 concerns a buffer underflow in the Linux kernel watchdog driver IB700 SBC (ib700wdt.c) via the ibwdt_ioctl path. Affected software is the Linux kernel prior to 2.6.28-rc1; exploitation could occur through a WDIOC_SETTIMEOUT ioctl on /dev/watchdog by a local user. The Initial Descrip...
CVE-2009-2767
CVE-2009-2767 affects the Linux kernel up to version 2.6.31-rc6. The init_posix_timers function in kernel/posix-timers.c mishandles CLOCK_MONOTONIC_RAW clock_nanosleep, triggering a NULL pointer dereference and enabling local users to cause a denial of service (OOPS) or potentially gain privilege...
CVE-2009-2846
CVE-2009-2846 affects the eisa_eeprom_read function in the parisc isa-eeprom driver (drivers/parisc/eisa_eeprom.c) of the Linux kernel prior to 2.6.31-rc6. A negative ppos argument bypasses a positive-ppos check, leading to an out-of-bounds read in readb and allowing local users to access restric...
CVE-2009-3638
CVE-2009-3638 affects the Linux kernel KVM subsystem: integer overflow in kvm_dev_ioctl_get_supported_cpuid (arch/x86/kvm/x86.c) allows local users to trigger an unspecified impact via KVM_GET_SUPPORTED_CPUID requests. Affected versions are Linux kernels before 2.6.31.4. Remediation is to upgrade...
CVE-2011-1169
CVE-2011-1169 affects the Linux kernel before 2.6.38.1 via an array index error in the AudioScience HPI driver (sound/pci/asihpi/hpioctl.c) that can memory-corrupt local kernel data and may allow local privilege escalation. Connected advisories (SUSE/Ubuntu) confirm the root cause and impact, wit...
CVE-2011-2942
CVE-2011-2942 is tied to a Red Hat patch affecting the Linux kernel 2.6.18-... on RHEL 5. The issue is in the bridge forward path, specifically br_forward.c __br_deliver, enabling a remote attacker on a bridged network to trigger a NULL pointer dereference and system crash (DoS) or potentially ot...
CVE-2011-4594
The CVE-2011-4594 entry documents a local kernel vulnerability in the Linux kernel (__sys_sendmsg in net/socket.c) where crafted usage of sendmmsg can trigger an incorrect pointer dereference and crash the system. It affects kernel versions before 3.1, with the described impact being a denial of ...
CVE-2011-4914
The CVE-2011-4914 issue affects the Linux kernel ROSE protocol implementation prior to 2.6.39. It arises because data-length values are not verified against the actual data sent, enabling remote attackers to read kernel memory (out-of-bounds read) or cause a denial of service via crafted data to ...
CVE-2012-2384
CVE-2012-2384 : Integer overflow in i915_gem_do_execbuffer (drivers/gpu/drm/i915/i915_gem_execbuffer.c) of the Linux kernel before 3.3.5 on 32-bit platforms. Local users may trigger an out-of-bounds write via a crafted ioctl, causing denial of service (and possibly other impact). Affected: DRM/i9...
CVE-2013-0313
CVE-2013-0313 affects the Linux kernel: when EVM is enabled, the evm_update_evmxattr function in security/integrity/evm/evm_crypto.c in versions before 3.7.5 is vulnerable to a local-denial-of-service via an attempted removexattr operation on a sockfs inode, causing a NULL pointer dereference and...
CVE-2013-1848
Affected software: Linux kernel (fs/ext3/super.c) before 3.8.4. Root cause: incorrect arguments to functions related to printk input, enabling local users to perform format-string attacks and potentially gain privileges via a crafted application. Impact: local privilege escalation. Remediation: p...
CVE-2013-4254
The CVE-2013-4254 issue affects the Linux kernel on ARM where the validate_event function in arch/arm/kernel/perf_event.c before 3.10.8 can be triggered by adding a hardware event to an event group led by a software event, allowing local privilege escalation or causing a NULL pointer dereference ...
CVE-2013-7026
Summary of CVE-2013-7026 : The Linux kernel contains race conditions in ipc/shm.c (IPC_SHM with IPC_RMID) that can be exploited locally to trigger use-after-free and a system crash, potentially causing a denial of service. The issue affects kernels prior to 3.12.2. The referenced advisories indic...
CVE-2014-9717
Vulnerability CVE-2014-9717 affects the Linux kernel prior to 4.0.2. The flaw is in fs/namespace.c where unmounting (MNT_DETACH) is processed by umount2 without ensuring MNT_LOCKED is unset, allowing local users to bypass access restrictions and access beneath a mount when running in a user names...
CVE-2015-8953
CVE-2015-8953 affects the Linux kernel overlayfs: copy_up.c contains an incorrect cleanup path that leaks dentry references, enabling local DoS via operations on large files in a lower overlayfs layer. Affected component: overlayfs/copy_up.c in the kernel before 4.2.6. Impact: denial of service d...
CVE-2016-2066
CVE-2016-2066 affects the MSM QDSP6 audio driver in the Linux kernel 3.x as used in Qualcomm QuIC Android contributions for MSM devices and related products. The issue is an integer signedness error in the msm-audio-effects-q6-v2.c path that handles ioctl commands, leading to memory corruption. P...
CVE-2016-5400
The CVE-2016-5400 entry concerns a memory leak in the airspy_probe function of the airspy USB driver (drivers/media/usb/airspy/airspy.c) in the Linux kernel, exploitable when a crafted USB device emulates many VFL_TYPE_SDR/VFL_TYPE_SUBDEV devices and performs rapid connect/disconnect sequences. A...
CVE-2017-9984
The CVE-2017-9984 issue affects the Linux kernel’s snd_msnd_interrupt path (sound/isa/msnd/msnd_pinnacle.c) and is a local, double-fetch vulnerability that can allow over-boundary access to a message queue head pointer, potentially enabling DoS or other impact. The advisory notes vulnerable until...
CVE-2019-18810
CVE-2019-18810 affects the Linux kernel before 5.3.8, specifically a memory leak in komeda_wb_connector_add() within drivers/gpu/drm/arm/display/komeda/komeda_wb_connector.c. An attacker can trigger memory growth by causing drm_writeback_connector_init() failures, leading to denial of service via...
CVE-2021-47120
CVE-2021-47120 : Linux kernel HID issue where Apple Magic Trackpad/Mouse disconnect could dereference an uninitialized driver pointer due to a faulty disconnect path. The patch added a sanity check but returned success instead of -ENODEV when the check failed, causing a potential NULL-deref on dr...
CVE-2021-47148
CVE-2021-47148 affects the Linux kernel octeontx2-pf driver. The issue is a buffer overflow in otx2_set_rxfh_context() that can occur when calling ethtool_set_rxfh() with a user-controlled *rss_context; the code has been updated with bounds checking to prevent memory corruption. The description a...
CVE-2021-47159
CVE-2021-47159 is a Linux kernel issue where a crash occurs in net: dsa: fix a crash if ->get_sset_count() fails. The root cause is that when ds->ops->get_sset_count() returns a negative error code (e.g., -EOPNOTSUPP), the unsigned loop index “i” promotes the negative value, causing memo...
CVE-2021-47184
CVE-2021-47184 relates to the Linux kernel issue where a NULL pointer dereference could occur in the VSI filter synchronization (i40e driver). The patch adds an I40E_VSI_RELEASING flag to coordinate VSI resource deletion/release with the sync filters subtask and removes the cause of the dereferen...
CVE-2021-47198
CVE-2021-47198 affects the Linux kernel lpfc SCSI lpfc driver. The vulnerability arises when unloading the driver: NLP_REG_LOGIN_SEND is set in lpfc_reg_fab_ctrl_node() but not cleared on login completion, allowing a second call to lpfc_unreg_rpi() to operate with nlp_rpi = LPFC_RPI_ALLOW_ERROR a...
CVE-2021-47232
CVE-2021-47232 is a Linux kernel issue where a skb is taken from the per-session j1939 skb queue without incrementing the ref count, leading to a Use-after-Free if the skb is concurrently used. The patch "can: j1939: fix Use-after-Free, hold skb ref while in use" fixes this by holding a reference...
CVE-2021-47256
CVE-2021-47256 stems from a Linux kernel memory_failure fix where a missing wait for page writeback could leave inode i_wb_list in an inconsistent state, triggering a BUG_ON in clear_inode and kernel panic. Connected advisories describe the root cause: after end_page_writeback, inode->i_wb_lis...
CVE-2021-47448
CVE-2021-47448 affects the Linux kernel MPTCP recvmsg path. If the caller uses MSG_WAITALL and insufficient data remains to satisfy the request, recvmsg can stall in an infinite loop because mptcp_wait_data() detects MPTCP_DATA_READY and never clears it in that code path. This can trigger an RCU ...
CVE-2021-47513
CVE-2021-47513 is a Linux kernel vulnerability affecting the net: dsa: felix MMIO filtering path. The issue is a memory leak in felix_setup_mmio_filtering that occurs if there is no CPU port defined. The vulnerability is fixed in the kernel by addressing the resource leak in the felix MMIO filter...
CVE-2021-47529
CVE-2021-47529: Linux kernel vulnerability in iwlwifi memory management where memory allocated in reduce_power_data could leak on error (invalid TLV len or memory allocation failure). The issue has been fixed in the Linux kernel by freeing allocated memory in the error path before return. Connect...
CVE-2021-47577
CVE-2021-47577 : In the Linux kernel, a race in the io-wq subsystem can occur between adding a new worker task_work and the wq exiting. The code checks IO_WQ_BIT_EXIT before creating a worker, and the exit path may cancel pending creations, creating a window where a newly added task_work is proce...
CVE-2021-47640
CVE-2021-47640 describes a Linux kernel vulnerability in the powerpc/KASAN pathway where the shadow page table was not updated correctly when PTE_RPN_SHIFT = 24 and PAGE_SHIFT = 12. The issue caused false positives and false negatives in KASAN reports (vmalloc-out-of-bounds in pcpu_alloc) and was...
CVE-2022-48647
CVE-2022-48647 is a Linux kernel issue in the sfc driver where legacy interrupt TX channel handling used a fixed tx_channel_offset of 1, which is incorrect when efx_sepparate_tx_channels is false. The queues reside in a single channel (index 0) with RX, so the offset should be 0; using 1 can caus...
CVE-2022-48706
The CVE-2022-48706 entry concerns the Linux kernel and a memory-leak in the virtual data path (vdpa) IFCVF path. Root cause: ifcvf_mgmt_dev leaks memory if not freed on exit and the existing cleanup in ifcvf_init_hw does not handle it, so the fix adds proper cleanup at the return path to ensure m...
CVE-2022-48755
The CVE-2022-48755 issue is a Linux kernel vulnerability affecting powerpc64 systems where BPF code could emit ldbrx instructions not supported on processors older than ISA v2.06. The root cause is an ISA compatibility gap in the ldbrx path used by BPF_FROM_[L|E] and BPF_FROM_[L|B]E, leading to a...
CVE-2022-48855
CVE-2022-48855: The connected advisories confirm a Linux kernel SCTP kernel-infoleak fix. The issue arose because r->idiag_expires was not initialized when inet_sctp_diag_fill() invoked inet_diag_msg_common_fill(), enabling a potential 4-byte kernel infoleak via SCTP sockets. The fix requires ...
CVE-2022-48928
The CVE-2022-48928 issue affects the Linux kernel driver iio: adc, specifically the men_z188_adc component. A resource leak occurs in an error path when iio_device_register() fails, leaving a previously mapped region (ioremap()) unbalanced. The root cause is an unbalanced iounmap() not being call...
CVE-2022-48930
CVE-2022-48930 corresponds to a deadlock in the Linux kernel RDMA/ib_srp path. The fix removes the flush_workqueue(system_long_wq) call, which was deadlock‑prone and redundant with a preceding cancel_work_sync(). The associated Nessus entries reproduce the advisory text and reference kernel-stabl...