Lucene search

K
LinuxLinux Kernel

10926 matches found

CVE
CVE
added 2025/05/02 4:15 p.m.56 views

CVE-2023-53053

In the Linux kernel, the following vulnerability has been resolved: erspan: do not use skb_mac_header() in ndo_start_xmit() Drivers should not assume skb_mac_header(skb) == skb->data in theirndo_start_xmit(). Use skb_network_offset() and skb_transport_offset() whichbetter describe what is needed...

6.5AI score0.00099EPSS
CVE
CVE
added 2025/05/02 4:15 p.m.56 views

CVE-2023-53123

In the Linux kernel, the following vulnerability has been resolved: PCI: s390: Fix use-after-free of PCI resources with per-function hotplug On s390 PCI functions may be hotplugged individually even when theybelong to a multi-function device. In particular on an SR-IOV device VFsmay be removed and ...

6.7AI score0.00026EPSS
CVE
CVE
added 2024/01/28 1:15 p.m.56 views

CVE-2023-6200

A race condition was found in the Linux Kernel. Under certain conditions, an unauthenticated attacker from an adjacent network could send an ICMPv6 router advertisement packet, causing arbitrary code execution.

7.5CVSS7.8AI score0.00793EPSS
CVE
CVE
added 2024/06/24 2:15 p.m.56 views

CVE-2024-33847

In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: don't allow unaligned truncation on released compress inode f2fs image may be corrupted after below testcase: mkfs.f2fs -O extra_attr,compression -f /dev/vdb mount /dev/vdb /mnt/f2fs touch /mnt/f2fs/file f2fs_io set...

6.6AI score0.001EPSS
CVE
CVE
added 2024/05/30 4:15 p.m.56 views

CVE-2024-36033

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix info leak when fetching board id Add the missing sanity check when fetching the board id to avoid leakingslab data when later requesting the firmware.

6.7AI score0.00029EPSS
CVE
CVE
added 2024/08/08 9:15 a.m.56 views

CVE-2024-42254

In the Linux kernel, the following vulnerability has been resolved: io_uring: fix error pbuf checking Syz reports a problem, which boils down to NULL vs IS_ERR inconsistenterror handling in io_alloc_pbuf_ring(). KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]RIP: 0010:__io_re...

5.5CVSS6.5AI score0.00053EPSS
CVE
CVE
added 2024/08/08 9:15 a.m.56 views

CVE-2024-42256

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix server re-repick on subrequest retry When a subrequest is marked for needing retry, netfs will callcifs_prepare_write() which will make cifs repick the server for the opbefore renegotiating credits; it then calls cifs_iss...

9.8CVSS6.7AI score0.0028EPSS
CVE
CVE
added 2024/09/11 4:15 p.m.56 views

CVE-2024-45012

In the Linux kernel, the following vulnerability has been resolved: nouveau/firmware: use dma non-coherent allocator Currently, enabling SG_DEBUG in the kernel will cause nouveau to hit aBUG() on startup, when the iommu is enabled: kernel BUG at include/linux/scatterlist.h:187!invalid opcode: 0000 ...

5.5CVSS5.8AI score0.00039EPSS
CVE
CVE
added 2024/09/13 6:15 a.m.56 views

CVE-2024-46687

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix a use-after-free when hitting errors inside btrfs_submit_chunk() [BUG]There is an internal report that KASAN is reporting use-after-free, withthe following backtrace: BUG: KASAN: slab-use-after-free in btrfs_check_read_b...

7.8CVSS7.2AI score0.00055EPSS
CVE
CVE
added 2024/10/21 6:15 p.m.56 views

CVE-2024-49876

In the Linux kernel, the following vulnerability has been resolved: drm/xe: fix UAF around queue destruction We currently do stuff like queuing the final destruction step on arandom system wq, which will outlive the driver instance. With badtiming we can teardown the driver with one or more work wo...

7.8CVSS7.4AI score0.00031EPSS
CVE
CVE
added 2024/12/27 2:15 p.m.56 views

CVE-2024-53207

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix possible deadlocks This fixes possible deadlocks like the following caused byhci_cmd_sync_dequeue causing the destroy function to run: INFO: task kworker/u19:0:143 blocked for more than 120 seconds.Tainted: G W...

5.5CVSS7AI score0.00029EPSS
CVE
CVE
added 2024/12/27 2:15 p.m.56 views

CVE-2024-56537

In the Linux kernel, the following vulnerability has been resolved: drm: xlnx: zynqmp_disp: layer may be null while releasing layer->info can be null if we have an error on the first layer inzynqmp_disp_create_layers

5.5CVSS6.6AI score0.00023EPSS
CVE
CVE
added 2024/12/28 10:15 a.m.56 views

CVE-2024-56676

In the Linux kernel, the following vulnerability has been resolved: thermal: testing: Initialize some variables annoteded with _free() Variables annotated with __free() need to be initialized if the functioncan return before they get updated for the first time or the attempt tofree the memory point...

6.5AI score0.00044EPSS
CVE
CVE
added 2025/02/27 2:15 a.m.56 views

CVE-2024-57994

In the Linux kernel, the following vulnerability has been resolved: ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple() Jakub added a lockdep_assert_no_hardirq() check in __page_pool_put_page()to increase test coverage. syzbot found a splat caused by hard irq blocking inptr_ring_re...

6.4AI score0.00039EPSS
CVE
CVE
added 2025/02/27 8:16 p.m.56 views

CVE-2025-21819

In the Linux kernel, the following vulnerability has been resolved: Revert "drm/amd/display: Use HW lock mgr for PSR1" This reverts commita2b5a9956269 ("drm/amd/display: Use HW lock mgr for PSR1") Because it may cause system hang while connect with two edp panel.

6.7AI score0.00044EPSS
CVE
CVE
added 2025/04/16 3:16 p.m.56 views

CVE-2025-22069

In the Linux kernel, the following vulnerability has been resolved: riscv: fgraph: Fix stack layout to match __arch_ftrace_regs argument of ftrace_return_to_handler Naresh Kamboju reported a "Bad frame pointer" kernel warning whilerunning LTP trace ftrace_stress_test.sh in riscv. We can reproduce t...

6.3AI score0.00044EPSS
CVE
CVE
added 2025/04/16 3:16 p.m.56 views

CVE-2025-22084

In the Linux kernel, the following vulnerability has been resolved: w1: fix NULL pointer dereference in probe The w1_uart_probe() function calls w1_uart_serdev_open() (which includesdevm_serdev_device_open()) before setting the client ops viaserdev_device_set_client_ops(). This ordering can trigger...

6.5AI score0.00034EPSS
CVE
CVE
added 2025/04/16 3:16 p.m.56 views

CVE-2025-22098

In the Linux kernel, the following vulnerability has been resolved: drm: zynqmp_dp: Fix a deadlock in zynqmp_dp_ignore_hpd_set() Instead of attempting the same mutex twice, lock and unlock it. This bug has been detected by the Clang thread-safety analyzer.

6.5AI score0.0004EPSS
CVE
CVE
added 2025/05/01 1:15 p.m.56 views

CVE-2025-23143

In the Linux kernel, the following vulnerability has been resolved: net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod. When I ran the repro 0 and waited a few seconds, I observed twoLOCKDEP splats: a warning immediately followed by a null-ptr-deref. 1 Reproduction Steps: Mount CI...

6.2AI score0.00026EPSS
CVE
CVE
added 2025/05/01 2:15 p.m.56 views

CVE-2025-37763

In the Linux kernel, the following vulnerability has been resolved: drm/imagination: take paired job reference For paired jobs, have the fragment job take a reference on thegeometry job, so that the geometry job cannot be freed untilthe fragment job has finished with it. The geometry job structure ...

6.6AI score0.00025EPSS
CVE
CVE
added 2025/05/08 7:15 a.m.56 views

CVE-2025-37813

In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Fix invalid pointer dereference in Etron workaround This check is performed before prepare_transfer() and prepare_ring(), soenqueue can already point at the final link TRB of a segment. And indeedit will, some 0.4% of ti...

6.7AI score0.00026EPSS
CVE
CVE
added 2025/05/08 7:15 a.m.56 views

CVE-2025-37821

In the Linux kernel, the following vulnerability has been resolved: sched/eevdf: Fix se->slice being set to U64_MAX and resulting crash There is a code path in dequeue_entities() that can set the slice of asched_entity to U64_MAX, which sometimes results in a crash. The offending case is when de...

6.6AI score0.00031EPSS
CVE
CVE
added 2025/05/09 7:16 a.m.56 views

CVE-2025-37876

In the Linux kernel, the following vulnerability has been resolved: netfs: Only create /proc/fs/netfs with CONFIG_PROC_FS When testing a special config: CONFIG_NETFS_SUPPORTS=yCONFIG_PROC_FS=n The system crashes with something like: [ 3.766197] ------------[ cut here ]------------[ 3.766484] kernel...

6.5AI score0.00025EPSS
CVE
CVE
added 2025/05/20 4:15 p.m.56 views

CVE-2025-37930

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill() Nouveau is mostly designed in a way that it's expected that fences onlyever get signaled through nouveau_fence_signal(). However, in at leastone other place, nouveau_fence_do...

6.6AI score0.00065EPSS
CVE
CVE
added 2025/05/20 4:15 p.m.56 views

CVE-2025-37944

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process Currently, ath12k_dp_mon_srng_process uses ath12k_hal_srng_src_get_next_entryto fetch the next entry from the destination ring. This is incorrect becauseath12k_hal...

6.7AI score0.00027EPSS
CVE
CVE
added 2025/05/20 5:15 p.m.56 views

CVE-2025-37982

In the Linux kernel, the following vulnerability has been resolved: wifi: wl1251: fix memory leak in wl1251_tx_work The skb dequeued from tx_queue is lost when wl1251_ps_elp_wakeup failswith a -ETIMEDOUT error. Fix that by queueing the skb back to tx_queue.

6.5AI score0.00036EPSS
CVE
CVE
added 1999/09/29 4:0 a.m.55 views

CVE-1999-0628

The rwho/rwhod service is running, which exposes machine status and user information.

5CVSS7.4AI score0.0061EPSS
CVE
CVE
added 2000/01/04 5:0 a.m.55 views

CVE-1999-0986

The ping command in Linux 2.0.3x allows local users to cause a denial of service by sending large packets with the -R (record route) option.

5CVSS6.7AI score0.01424EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.55 views

CVE-2002-1380

Linux kernel 2.2.x allows local users to cause a denial of service (crash) by using the mmap() function with a PROT_READ parameter to access non-readable memory pages through the /proc/pid/mem interface.

2.1CVSS5.9AI score0.00182EPSS
CVE
CVE
added 2016/05/02 10:59 a.m.55 views

CVE-2003-1604

The redirect_target function in net/ipv4/netfilter/ipt_REDIRECT.c in the Linux kernel before 2.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending packets to an interface that has a 0.0.0.0 IP address, a related issue to CVE-2015-8787.

7.8CVSS8.6AI score0.05655EPSS
CVE
CVE
added 2005/01/10 5:0 a.m.55 views

CVE-2004-1069

Race condition in SELinux 2.6.x through 2.6.9 allows local users to cause a denial of service (kernel crash) via SOCK_SEQPACKET unix domain sockets, which are not properly handled in the sock_dgram_sendmsg function.

1.2CVSS7.2AI score0.0006EPSS
CVE
CVE
added 2005/12/03 12:0 a.m.55 views

CVE-2004-2607

A numeric casting discrepancy in sdla_xfer in Linux kernel 2.6.x up to 2.6.5 and 2.4 up to 2.4.29-rc1 allows local users to read portions of kernel memory via a large len argument, which is received as an int but cast to a short, which prevents a read loop from filling a buffer.

2.1CVSS5.7AI score0.00064EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.55 views

CVE-2005-0532

The reiserfs_copy_from_user_to_file_region function in reiserfs/file.c for Linux kernel 2.6.10 and 2.6.11 before 2.6.11-rc4, when running on 64-bit architectures, may allow local users to trigger a buffer overflow as a result of casting discrepancies between size_t and int data types.

2.1CVSS5.5AI score0.00067EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.55 views

CVE-2005-0839

Linux kernel 2.6 before 2.6.11 does not restrict access to the N_MOUSE line discipline for a TTY, which allows local users to gain privileges by injecting mouse or keyboard events into other user sessions.

7.2CVSS5.4AI score0.00052EPSS
CVE
CVE
added 2006/06/27 11:5 p.m.55 views

CVE-2006-0456

The strnlen_user function in Linux kernel before 2.6.16 on IBM S/390 can return an incorrect value, which allows local users to cause a denial of service via unknown vectors.

2.1CVSS6.9AI score0.00066EPSS
CVE
CVE
added 2006/06/23 10:2 a.m.55 views

CVE-2006-2445

Race condition in run_posix_cpu_timers in Linux kernel before 2.6.16.21 allows local users to cause a denial of service (BUG_ON crash) by causing one CPU to attach a timer to a process that is exiting.

4CVSS5.8AI score0.00064EPSS
CVE
CVE
added 2008/08/27 8:41 p.m.55 views

CVE-2008-3526

Integer overflow in the sctp_setsockopt_auth_key function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel 2.6.24-rc1 through 2.6.26.3 allows remote attackers to cause a denial of service (panic) or possibly have unspecified other impact via...

7.8CVSS6AI score0.01908EPSS
Web
CVE
CVE
added 2009/03/25 1:30 a.m.55 views

CVE-2009-0787

The ecryptfs_write_metadata_to_contents function in the eCryptfs functionality in the Linux kernel 2.6.28 before 2.6.28.9 uses an incorrect size when writing kernel memory to an eCryptfs file header, which triggers an out-of-bounds read and allows local users to obtain portions of kernel memory.

4.9CVSS6.8AI score0.00076EPSS
CVE
CVE
added 2013/06/08 1:5 p.m.55 views

CVE-2011-4087

The br_parse_ip_options function in net/bridge/br_netfilter.c in the Linux kernel before 2.6.39 does not properly initialize a certain data structure, which allows remote attackers to cause a denial of service by leveraging connectivity to a network interface that uses an Ethernet bridge device.

7.5CVSS6.9AI score0.00964EPSS
CVE
CVE
added 2013/06/07 2:3 p.m.55 views

CVE-2011-4604

The bat_socket_read function in net/batman-adv/icmp_socket.c in the Linux kernel before 3.3 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted batman-adv ICMP packet.

6.8CVSS7.6AI score0.00695EPSS
CVE
CVE
added 2013/03/22 11:59 a.m.55 views

CVE-2013-1828

The sctp_getsockopt_assoc_stats function in net/sctp/socket.c in the Linux kernel before 3.8.4 does not validate a size value before proceeding to a copy_from_user operation, which allows local users to gain privileges via a crafted application that contains an SCTP_GET_ASSOC_STATS getsockopt syste...

6.9CVSS5.9AI score0.00201EPSS
CVE
CVE
added 2014/03/11 1:1 p.m.55 views

CVE-2014-0102

The keyring_detect_cycle_iterator function in security/keys/keyring.c in the Linux kernel through 3.13.6 does not properly determine whether keyrings are identical, which allows local users to cause a denial of service (OOPS) via crafted keyctl commands.

5.2CVSS5.5AI score0.00078EPSS
CVE
CVE
added 2014/09/28 10:55 a.m.55 views

CVE-2014-6418

net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, does not properly validate auth replies, which allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via crafted data from the IP address of a Ceph Monitor.

7.1CVSS7.7AI score0.05251EPSS
CVE
CVE
added 2017/01/12 8:59 p.m.55 views

CVE-2017-0403

An elevation of privilege vulnerability in the kernel performance subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Ker...

7.6CVSS6.5AI score0.00327EPSS
CVE
CVE
added 2017/02/08 3:59 p.m.55 views

CVE-2017-0439

An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.1...

7.6CVSS6.6AI score0.00137EPSS
CVE
CVE
added 2024/05/21 3:15 p.m.55 views

CVE-2021-47268

In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: cancel vdm and state machine hrtimer when unregister tcpm port A pending hrtimer may expire after the kthread_worker of tcpm portis destroyed, see below kernel dump when do module unload, fix itby cancel the 2 hrt...

7.8CVSS6.5AI score0.00022EPSS
CVE
CVE
added 2024/05/21 3:15 p.m.55 views

CVE-2021-47299

In the Linux kernel, the following vulnerability has been resolved: xdp, net: Fix use-after-free in bpf_xdp_link_release The problem occurs between dev_get_by_index() and dev_xdp_attach_link().At this point, dev_xdp_uninstall() is called. Then xdp link will not bedetached automatically when dev is ...

5.5CVSS6.6AI score0.00096EPSS
CVE
CVE
added 2024/05/21 3:15 p.m.55 views

CVE-2021-47313

In the Linux kernel, the following vulnerability has been resolved: cpufreq: CPPC: Fix potential memleak in cppc_cpufreq_cpu_init It's a classic example of memleak, we allocate something, we fail andnever free the resources. Make sure we free all resources on policy ->init() failures.

8.4CVSS8.2AI score0.001EPSS
CVE
CVE
added 2024/05/22 7:15 a.m.55 views

CVE-2021-47470

In the Linux kernel, the following vulnerability has been resolved: mm, slub: fix potential use-after-free in slab_debugfs_fops When sysfs_slab_add failed, we shouldn't call debugfs_slab_add() for sbecause s will be freed soon. And slab_debugfs_fops will use s laterleading to a use-after-free.

7.8CVSS6.7AI score0.00032EPSS
CVE
CVE
added 2024/05/24 3:15 p.m.55 views

CVE-2021-47514

In the Linux kernel, the following vulnerability has been resolved: devlink: fix netns refcount leak in devlink_nl_cmd_reload() While preparing my patch series adding netns refcount tracking,I spotted bugs in devlink_nl_cmd_reload() Some error paths forgot to release a refcount on a netns. To fix t...

5.5CVSS6.7AI score0.00018EPSS
Total number of security vulnerabilities10926