14330 matches found
CVE-2025-38428
CVE-2025-38428 : In the Linux kernel, the vulnerability affects the ims-pcu path where the firmware-provided length (len) is used in memcpy to fragment data in ims_pcu_flash_firmware(). If len is too large, memory corruption can occur. The issue arises from trusting firmware input; the fixed vers...
CVE-2025-38429
The CVE-2025-38429 issue affects the Linux kernel’s bus: mhi: ep path. Root cause: in mhi_ep_ring_add_element, the read pointer (rd_offset) was advanced before the corresponding buffer write, allowing a race where the host could observe an updated read pointer prior to the element being fully wri...
CVE-2025-38443
CVE-2025-38443 affects the Linux kernel (nbd subsystem). A use-after-free occurs in the nbd_genl_connect() error path when nbd_start_device() is called but cleanup continues to use nbd->config, leading to freeing of memory in recv_work. The issue is triggered during certain error paths after d...
CVE-2025-38467
CVE-2025-38467 affects the Linux kernel DRM/Exynos driver (exynos7_drm_decon). A race condition could cause a kernel NULL pointer dereference during boot when a secondary console device (e.g., TTY serial) is present, leading to a panic. The fix adds a guard to validate that the DRM device can han...
CVE-2025-38478
CVE-2025-38478 concerns a Linux kernel bug in the Comedi driver where some subdevice instruction handlers may read uninitialized data. The issue arises because do_insn_ioctl() and do_insnlist_ioctl() allocate at least MIN_SAMPLES (16) data elements for instructions that write to a subdevice, but ...
CVE-2026-46319
The CVE-2026-46319 entry describes a race in the Linux kernel net/sched act_ct where rcu_read_lock is exited before refcount_inc_not_zero on ct_ft, allowing a UAF when ct_ft is freed during cleanup. This creates a local privilege-escalation risk as an attacker could observe or trigger the race wi...
CVE-1999-0381
CVE-1999-0381 affects the syslog utility in super 3.11.6 and other versions, where a buffer overflow allows a local user to gain root privileges. The issue originates from the syslog component, with the impact described as local privilege escalation (root). Available connected documents confirm t...
CVE-2001-0317
The CVE covers a race condition in Linux kernel ptrace handling that lets an unprivileged local user attach to and modify a running setuid process to gain root. Affected: Linux kernel 2.2.x and 2.4.x (ptrace/procfs/execve paths cited). Root cause: race in ptrace usage during privileged operations...
CVE-2005-2801
CVE-2005-2801 concerns a bug in the ext2/ext3 file system code of the Linux kernel 2.6 where sharing xattr blocks fails to consistently compare name_index fields, potentially causing default ACLs to be applied incorrectly and exposing wrong ACLs for files. Connected advisories (RHSA-2005/2006 and...
CVE-2005-3806
CVE-2005-3806 affects Linux kernels 2.4 (up to 2.4.32) and 2.6 (before 2.6.14); IPv6 flow label handling in ip6_flowlabel.c may modify the wrong variable, enabling local attackers to corrupt kernel memory or trigger a crash by freeing non-allocated memory. Connected advisories (Debian DSA-1018-1/...
CVE-2005-4811
CVE-2005-4811 concerns the Linux 2.6 kernel hugepage code (hugetlb.c). In certain configurations, a local user could trigger an mmap error before a prefault, causing an error in unmap_hugepage_area and potentially crash the system (local DoS). The connected advisories confirm this as a kernel fla...
CVE-2006-0742
CVE-2006-0742 affects the Linux kernel on IA-64 (Itanium) where the die_if_kernel function in arch/ia64/kernel/unaligned.c is compiled with the noreturn attribute. In kernels 2.6.x before 2.6.15.6, this can allow local users to trigger user faults that lead to a denial of service. The root cause ...
CVE-2006-1856
CVE-2006-1856 is a confirmed issue in the Linux kernel up to 2.6.8 where the readv and writev LSM hooks could be bypassed due to a missing file_permission check. The Debian advisory DSA-1184-2 and related distributions (e.g., Ubuntu USN-302-1) document this as one of several vulnerabilities fixed...
CVE-2006-5753
The CVE-2006-5753 issue concerns the Linux kernel: a flaw in the listxattr system call that can be exploited when a bad inode is present. Local users may cause a denial of service (data corruption) and potentially escalate privileges. Supported documents indicate this vulnerability was addressed ...
CVE-2006-5757
CVE-2006-5757 is a local privilege vulnerability in the Linux kernel (2.6.x) related to the __find_get_block_slow function within the ISO9660 filesystem. The issue allows a local user to trigger a denial of service (infinite loop) by mounting a crafted ISO9660 image containing malformed data stru...
CVE-2007-4133
CVE-2007-4133 affects the Linux kernel prior to 2.6.19-rc4. The vulnerability lies in the hugetlbfs code: the functions hugetlb_vmtruncate_list and hugetlb_vmtruncate in fs/hugetlbfs/inode.c perform prio_tree calculations using HPAGE_SIZE instead of PAGE_SIZE units, enabling a local user to trigg...
CVE-2009-2846
CVE-2009-2846 affects the eisa_eeprom_read function in the parisc isa-eeprom driver (drivers/parisc/eisa_eeprom.c) of the Linux kernel prior to 2.6.31-rc6. A negative ppos argument bypasses a positive-ppos check, leading to an out-of-bounds read in readb and allowing local users to access restric...
CVE-2009-3640
CVE-2009-3640 affects the Linux kernel KVM component (arch/x86/kvm/x86.c). The update_cr8_intercept function does not properly handle missing APIC, causing a local denial of service via a NULL pointer dereference and, potentially, privilege escalation through kvm_vcpu_ioctl. Affected: kernels bef...
CVE-2010-1436
CVE-2010-1436 involves the Linux kernel 2.6.18 (and possibly other versions) where the gfs2_quota struct can span two pages, leading to an out-of-bounds write and a local denial of service (kernel panic) when manipulating gfs2 and ext3 file systems. The MiracleLinux AXSA-2010-377:12 advisory list...
CVE-2010-1643
CVE-2010-1643 affects the Linux kernel mm/shmem.c: when strict overcommit is enabled, export of shmemfs objects by knfsd is mishandled, allowing a denial of service via NULL pointer dereference and knfsd crash. The issue is fixed in the 2.6.28‑rc3 update (and later); affected users should upgrade...
CVE-2010-4343
CVE-2010-4343 affects the Linux kernel, where drivers/scsi/bfa/bfa_core.c may fail to initialize a port data structure in fc_host, enabling a local user to crash the system by reading the fc_host statistics file. This is fixed in kernel versions starting with 2.6.35 (i.e., patched in 2.6.35+). Ev...
CVE-2011-1169
CVE-2011-1169 affects the Linux kernel before 2.6.38.1 via an array index error in the AudioScience HPI driver (sound/pci/asihpi/hpioctl.c) that can memory-corrupt local kernel data and may allow local privilege escalation. Connected advisories (SUSE/Ubuntu) confirm the root cause and impact, wit...
CVE-2011-1476
CVE-2011-1476 is an integer underflow in the Linux kernel OSS subsystem (specifically the MIDI/OSS sequencer driver) before 2.6.39 on unspecified non-x86 platforms. It allows local users to cause a denial of service via memory corruption by crafting writes to /dev/sequencer. Publicly documented f...
CVE-2011-1759
CVE-2011-1759 affects the Linux kernel on ARM with OABI compatibility enabled. The flaw is an integer overflow in sys_oabi_semtimedop (arch/arm/kernel/sys_oabi-compat.c) prior to release 2.6.39, allowing local users to gain privileges or trigger a denial of service via heap memory corruption due ...
CVE-2012-2384
CVE-2012-2384 : Integer overflow in i915_gem_do_execbuffer (drivers/gpu/drm/i915/i915_gem_execbuffer.c) of the Linux kernel before 3.3.5 on 32-bit platforms. Local users may trigger an out-of-bounds write via a crafted ioctl, causing denial of service (and possibly other impact). Affected: DRM/i9...
CVE-2013-0313
CVE-2013-0313 affects the Linux kernel: when EVM is enabled, the evm_update_evmxattr function in security/integrity/evm/evm_crypto.c in versions before 3.7.5 is vulnerable to a local-denial-of-service via an attempted removexattr operation on a sockfs inode, causing a NULL pointer dereference and...
CVE-2015-1339
CVE-2015-1339 affects the Linux kernel: memory leak in cuse_channel_release (fs/fuse/cuse.c) can be triggered by opening /dev/cuse many times, leading to local denial of service via memory consumption (unbounded memory use). The vulnerability is reported as present in kernel versions before 4.4. ...
CVE-2016-2064
The CVE-2016-2064 entry concerns the MSM QDSP6 audio driver (Linux kernel 3.x) in sound/soc/msm/qdsp6v2/msm-audio-effects-q6-v2.c, used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices. The vulnerability arises from an ioctl handling flaw that allows a crafted applicatio...
CVE-2016-5400
The CVE-2016-5400 entry concerns a memory leak in the airspy_probe function of the airspy USB driver (drivers/media/usb/airspy/airspy.c) in the Linux kernel, exploitable when a crafted USB device emulates many VFL_TYPE_SDR/VFL_TYPE_SUBDEV devices and performs rapid connect/disconnect sequences. A...
CVE-2016-9919
The CVE-2016-9919 entry concerns the Linux kernel y icmp6_send in net/ipv6/icmp.c, vulnerable through kernel version 4.8.12. The flaw omits a check of the dst data structure, allowing remote attackers to trigger a denial of service (panic) by sending a fragmented IPv6 packet. Connected advisories...
CVE-2017-9986
The CVE-2017-9986 issue affects the Linux kernel’s sound/oss/msnd_pinnacle.c: the intr function is vulnerable to a double-fetch scenario when the message queue head pointer is read between two kernel reads, up to kernel versions through 4.11.7. This local condition allows a unprivileged user to c...
CVE-2021-47106
CVE-2021-47106 concerns a Linux kernel nf_tables use-after-free in nft_set_catchall_destroy, caused by accessing catchall after kfree_rcu(). The fix requires using a safe iterator (list_for_each_entry_safe) to walk the set elements. Syzbot reported KASAN use-after-free in nft_set_catchall_destroy...
CVE-2021-47109
CVE-2021-47109: In the Linux kernel, IFF_POINTOPOINT interfaces use NUD_NOARP entries for IPv6. An attacker can force GC of NUD_NOARP entries by overflowing the neighbour table, leading to valid connections being dropped. The issue is tied to a change around neighbor garbage collection (commit 58...
CVE-2021-47120
CVE-2021-47120 : Linux kernel HID issue where Apple Magic Trackpad/Mouse disconnect could dereference an uninitialized driver pointer due to a faulty disconnect path. The patch added a sanity check but returned success instead of -ENODEV when the check failed, causing a potential NULL-deref on dr...
CVE-2021-47148
CVE-2021-47148 affects the Linux kernel octeontx2-pf driver. The issue is a buffer overflow in otx2_set_rxfh_context() that can occur when calling ethtool_set_rxfh() with a user-controlled *rss_context; the code has been updated with bounds checking to prevent memory corruption. The description a...
CVE-2021-47161
CVE-2021-47161 affects the Linux kernel SPI driver spi-fsl-dspi, where a resource leak could occur in an error path during probe. The issue is mitigated by ensuring that dspi_request_dma() is properly undone with a matching dspi_release_dma() call in the probe’s error handling path (as already do...
CVE-2021-47180
The CVE-2021-47180 entry concerns a Linux kernel NFC component memory-leak in nci_allocate_device, with nfcmrvl_disconnect failing to free the hci_dev field and a fix to release hci_dev in nci_free_device. Connected documents (Astra Linux and Nessus-derived advisories) confirm the issue and its r...
CVE-2021-47184
CVE-2021-47184 relates to the Linux kernel issue where a NULL pointer dereference could occur in the VSI filter synchronization (i40e driver). The patch adds an I40E_VSI_RELEASING flag to coordinate VSI resource deletion/release with the sync filters subtask and removes the cause of the dereferen...
CVE-2021-47218
CVE-2021-47218: Linux kernel SELinux hashtab allocation failure could lead to NULL dereference. Root cause: on hashtab_init() allocation failure, h->size remains non-zero while h->htable is NULL, breaking hashtab_map() and hashtab_destroy() which assume non-empty hashtab. Mitigation in the ...
CVE-2021-47256
CVE-2021-47256 stems from a Linux kernel memory_failure fix where a missing wait for page writeback could leave inode i_wb_list in an inconsistent state, triggering a BUG_ON in clear_inode and kernel panic. Connected advisories describe the root cause: after end_page_writeback, inode->i_wb_lis...
CVE-2021-47413
CVE-2021-47413 concerns a NULL pointer dereference in the Linux kernel (usb: chipidea: ci_hdrc_imx) when a 'phys' phandle is provided in devicetree on i.MX7/i.MX8MM. The chipidea core populates usb_phy in ci_hdrc, while charger logic checks data->usb_phy in imx_usbmisc_data, causing a NULL der...
CVE-2021-47417
CVE-2021-47417 refers to a Linux kernel memory-leak issue in libbpf’s strset management. The vulnerability arises from freeing only internal parts previously, not the strset structure itself, allowing a memory leak. The CVE description and connected advisories confirm this root cause and indicate...
CVE-2021-47444
CVE-2021-47444 relates to the Linux kernel DRM/EDID handling. The issue stems from connector_bad_edid() assuming the EDID buffer could hold edid[0x7e] + 1 blocks, while ignoring the actual allocated size indicated by num_blocks. A bounds check was added to prevent reading beyond allocated memory,...
CVE-2021-47510
CVE-2021-47510 affects the Linux kernel's btrfs implementation. A write-hole during tree-log node freeing on zoned devices can trigger a transaction abort (-11) with -EAGAIN when the tree-log depth is ≥ 2, causing write failures during fsync/write paths. The issue is fixed by correctly re-dirtyin...
CVE-2021-47514
CVE-2021-47514 : In the Linux kernel, there is a vulnerability in the devlink netns refcount handling, specifically a leak in netns refcounts in devlink_nl_cmd_reload(). The root cause is that some error paths forgot to release a netns refcount during the devlink_reload() flow. The patch fixes th...
CVE-2022-48644
Summary (CVE-2022-48644): A Linux kernel net/sched taprio offload bug could crash the kernel when disabling offload if flags were left at TAPRIO_FLAGS_INVALID after an error path. The code evaluated FULL_OFFLOAD_IS_ENABLED(q->flags) on an invalid flag value (U32_MAX), causing a crash when tapr...
CVE-2022-48649
CVE-2022-48649 is a Linux kernel vulnerability affecting the kmem_cache lifecycle in mm/slab_common. The issue stems from a race where, during kmem_cache_destroy, a scheduled work item (kmem_cache_release) could run with an incorrect RCU flag value, potentially causing a double kmem_cache_release...
CVE-2022-48717
CVE-2022-48717 concerns the Linux kernel ASoC max9759 driver, where an underflow could occur in speaker_gain_control_put() if priv->gain is negative, risking out-of-bounds access via snd_ctl_elem_write_user()/snd_ctl_elem_write()/kctl->put(). The fix adds a check for negative values of priv...
CVE-2022-48724
CVE-2022-48724 concerns a memory leak in the Linux kernel’s IOMMU VT-d path during intel_setup_irq_remapping. The description in multiple connected documents states that after commit e3beca48a45b, the tear-down path could leak memory when dmar_enable_qi() errors, and that free() of the function p...
CVE-2022-48751
CVE-2022-48751 is a Linux kernel vulnerability in the net/smc clcsock race that could cause a NULL pointer dereference when accessing clcsock after it is released (smc_setsockopt). The connected advisories/documentation describe a fix that hold-in release lock (clcsock_release_lock) and verify cl...