Lucene search
K
LinuxLinux Kernel

14330 matches found

CVE
CVE
added 2025/07/25 2:16 p.m.83 views

CVE-2025-38428

CVE-2025-38428 : In the Linux kernel, the vulnerability affects the ims-pcu path where the firmware-provided length (len) is used in memcpy to fragment data in ims_pcu_flash_firmware(). If len is too large, memory corruption can occur. The issue arises from trusting firmware input; the fixed vers...

7.8CVSS6.6AI score0.00179EPSS
CVE
CVE
added 2025/07/25 2:16 p.m.83 views

CVE-2025-38429

The CVE-2025-38429 issue affects the Linux kernel’s bus: mhi: ep path. Root cause: in mhi_ep_ring_add_element, the read pointer (rd_offset) was advanced before the corresponding buffer write, allowing a race where the host could observe an updated read pointer prior to the element being fully wri...

5.5CVSS6.6AI score0.00155EPSS
CVE
CVE
added 2025/07/25 3:27 p.m.83 views

CVE-2025-38443

CVE-2025-38443 affects the Linux kernel (nbd subsystem). A use-after-free occurs in the nbd_genl_connect() error path when nbd_start_device() is called but cleanup continues to use nbd->config, leading to freeing of memory in recv_work. The issue is triggered during certain error paths after d...

7.8CVSS6.2AI score0.00151EPSS
CVE
CVE
added 2025/07/25 3:27 p.m.83 views

CVE-2025-38467

CVE-2025-38467 affects the Linux kernel DRM/Exynos driver (exynos7_drm_decon). A race condition could cause a kernel NULL pointer dereference during boot when a secondary console device (e.g., TTY serial) is present, leading to a panic. The fix adds a guard to validate that the DRM device can han...

5.5CVSS6.2AI score0.00161EPSS
CVE
CVE
added 2025/07/28 11:21 a.m.83 views

CVE-2025-38478

CVE-2025-38478 concerns a Linux kernel bug in the Comedi driver where some subdevice instruction handlers may read uninitialized data. The issue arises because do_insn_ioctl() and do_insnlist_ioctl() allocate at least MIN_SAMPLES (16) data elements for instructions that write to a subdevice, but ...

5.5CVSS6.5AI score0.00156EPSS
CVE
CVE
added 2026/06/09 12:11 p.m.83 views

CVE-2026-46319

The CVE-2026-46319 entry describes a race in the Linux kernel net/sched act_ct where rcu_read_lock is exited before refcount_inc_not_zero on ct_ft, allowing a UAF when ct_ft is freed during cleanup. This creates a local privilege-escalation risk as an attacker could observe or trigger the race wi...

7.8CVSS5.4AI score0.00125EPSS
CVE
CVE
added 2000/02/04 5:0 a.m.82 views

CVE-1999-0381

CVE-1999-0381 affects the syslog utility in super 3.11.6 and other versions, where a buffer overflow allows a local user to gain root privileges. The issue originates from the syslog component, with the impact described as local privilege escalation (root). Available connected documents confirm t...

7.2CVSS7.5AI score0.00727EPSS
CVE
CVE
added 2001/05/07 4:0 a.m.82 views

CVE-2001-0317

The CVE covers a race condition in Linux kernel ptrace handling that lets an unprivileged local user attach to and modify a running setuid process to gain root. Affected: Linux kernel 2.2.x and 2.4.x (ptrace/procfs/execve paths cited). Root cause: race in ptrace usage during privileged operations...

3.7CVSS6.5AI score0.00716EPSS
CVE
CVE
added 2005/09/06 4:0 a.m.82 views

CVE-2005-2801

CVE-2005-2801 concerns a bug in the ext2/ext3 file system code of the Linux kernel 2.6 where sharing xattr blocks fails to consistently compare name_index fields, potentially causing default ACLs to be applied incorrectly and exposing wrong ACLs for files. Connected advisories (RHSA-2005/2006 and...

7.5CVSS7.3AI score0.0337EPSS
CVE
CVE
added 2005/11/25 9:0 p.m.82 views

CVE-2005-3806

CVE-2005-3806 affects Linux kernels 2.4 (up to 2.4.32) and 2.6 (before 2.6.14); IPv6 flow label handling in ip6_flowlabel.c may modify the wrong variable, enabling local attackers to corrupt kernel memory or trigger a crash by freeing non-allocated memory. Connected advisories (Debian DSA-1018-1/...

6.6CVSS4.8AI score0.00441EPSS
CVE
CVE
added 2006/09/22 9:0 p.m.82 views

CVE-2005-4811

CVE-2005-4811 concerns the Linux 2.6 kernel hugepage code (hugetlb.c). In certain configurations, a local user could trigger an mmap error before a prefault, causing an error in unmap_hugepage_area and potentially crash the system (local DoS). The connected advisories confirm this as a kernel fla...

4.9CVSS7.1AI score0.00392EPSS
CVE
CVE
added 2006/03/09 11:0 a.m.82 views

CVE-2006-0742

CVE-2006-0742 affects the Linux kernel on IA-64 (Itanium) where the die_if_kernel function in arch/ia64/kernel/unaligned.c is compiled with the noreturn attribute. In kernels 2.6.x before 2.6.15.6, this can allow local users to trigger user faults that lead to a denial of service. The root cause ...

4.6CVSS6.9AI score0.00391EPSS
CVE
CVE
added 2006/05/19 11:0 p.m.82 views

CVE-2006-1856

CVE-2006-1856 is a confirmed issue in the Linux kernel up to 2.6.8 where the readv and writev LSM hooks could be bypassed due to a missing file_permission check. The Debian advisory DSA-1184-2 and related distributions (e.g., Ubuntu USN-302-1) document this as one of several vulnerabilities fixed...

7.5CVSS7.2AI score0.02924EPSS
CVE
CVE
added 2007/01/30 7:0 p.m.82 views

CVE-2006-5753

The CVE-2006-5753 issue concerns the Linux kernel: a flaw in the listxattr system call that can be exploited when a bad inode is present. Local users may cause a denial of service (data corruption) and potentially escalate privileges. Supported documents indicate this vulnerability was addressed ...

7.2CVSS5.9AI score0.00377EPSS
CVE
CVE
added 2006/11/06 8:0 p.m.82 views

CVE-2006-5757

CVE-2006-5757 is a local privilege vulnerability in the Linux kernel (2.6.x) related to the __find_get_block_slow function within the ISO9660 filesystem. The issue allows a local user to trigger a denial of service (infinite loop) by mounting a crafted ISO9660 image containing malformed data stru...

1.2CVSS7.1AI score0.00763EPSS
CVE
CVE
added 2007/10/04 11:0 p.m.82 views

CVE-2007-4133

CVE-2007-4133 affects the Linux kernel prior to 2.6.19-rc4. The vulnerability lies in the hugetlbfs code: the functions hugetlb_vmtruncate_list and hugetlb_vmtruncate in fs/hugetlbfs/inode.c perform prio_tree calculations using HPAGE_SIZE instead of PAGE_SIZE units, enabling a local user to trigg...

4.7CVSS5.7AI score0.00375EPSS
CVE
CVE
added 2009/08/18 8:41 p.m.82 views

CVE-2009-2846

CVE-2009-2846 affects the eisa_eeprom_read function in the parisc isa-eeprom driver (drivers/parisc/eisa_eeprom.c) of the Linux kernel prior to 2.6.31-rc6. A negative ppos argument bypasses a positive-ppos check, leading to an out-of-bounds read in readb and allowing local users to access restric...

7.8CVSS6.3AI score0.08156EPSS
CVE
CVE
added 2009/10/29 2:0 p.m.82 views

CVE-2009-3640

CVE-2009-3640 affects the Linux kernel KVM component (arch/x86/kvm/x86.c). The update_cr8_intercept function does not properly handle missing APIC, causing a local denial of service via a NULL pointer dereference and, potentially, privilege escalation through kvm_vcpu_ioctl. Affected: kernels bef...

4.9CVSS8.8AI score0.00382EPSS
CVE
CVE
added 2010/05/21 5:0 p.m.82 views

CVE-2010-1436

CVE-2010-1436 involves the Linux kernel 2.6.18 (and possibly other versions) where the gfs2_quota struct can span two pages, leading to an out-of-bounds write and a local denial of service (kernel panic) when manipulating gfs2 and ext3 file systems. The MiracleLinux AXSA-2010-377:12 advisory list...

4.9CVSS6.4AI score0.00441EPSS
CVE
CVE
added 2010/06/03 2:0 p.m.82 views

CVE-2010-1643

CVE-2010-1643 affects the Linux kernel mm/shmem.c: when strict overcommit is enabled, export of shmemfs objects by knfsd is mishandled, allowing a denial of service via NULL pointer dereference and knfsd crash. The issue is fixed in the 2.6.28‑rc3 update (and later); affected users should upgrade...

6.9CVSS7.2AI score0.00372EPSS
CVE
CVE
added 2010/12/29 5:27 p.m.82 views

CVE-2010-4343

CVE-2010-4343 affects the Linux kernel, where drivers/scsi/bfa/bfa_core.c may fail to initialize a port data structure in fc_host, enabling a local user to crash the system by reading the fc_host statistics file. This is fixed in kernel versions starting with 2.6.35 (i.e., patched in 2.6.35+). Ev...

5.5CVSS4.9AI score0.00391EPSS
CVE
CVE
added 2011/05/03 7:0 p.m.82 views

CVE-2011-1169

CVE-2011-1169 affects the Linux kernel before 2.6.38.1 via an array index error in the AudioScience HPI driver (sound/pci/asihpi/hpioctl.c) that can memory-corrupt local kernel data and may allow local privilege escalation. Connected advisories (SUSE/Ubuntu) confirm the root cause and impact, wit...

7.2CVSS8.5AI score0.0044EPSS
CVE
CVE
added 2012/06/21 11:0 p.m.82 views

CVE-2011-1476

CVE-2011-1476 is an integer underflow in the Linux kernel OSS subsystem (specifically the MIDI/OSS sequencer driver) before 2.6.39 on unspecified non-x86 platforms. It allows local users to cause a denial of service via memory corruption by crafting writes to /dev/sequencer. Publicly documented f...

4CVSS7.5AI score0.00425EPSS
CVE
CVE
added 2012/06/13 10:0 a.m.82 views

CVE-2011-1759

CVE-2011-1759 affects the Linux kernel on ARM with OABI compatibility enabled. The flaw is an integer overflow in sys_oabi_semtimedop (arch/arm/kernel/sys_oabi-compat.c) prior to release 2.6.39, allowing local users to gain privileges or trigger a denial of service via heap memory corruption due ...

6.2CVSS6.6AI score0.00437EPSS
CVE
CVE
added 2012/06/13 10:0 a.m.82 views

CVE-2012-2384

CVE-2012-2384 : Integer overflow in i915_gem_do_execbuffer (drivers/gpu/drm/i915/i915_gem_execbuffer.c) of the Linux kernel before 3.3.5 on 32-bit platforms. Local users may trigger an out-of-bounds write via a crafted ioctl, causing denial of service (and possibly other impact). Affected: DRM/i9...

4.9CVSS5.9AI score0.00357EPSS
CVE
CVE
added 2013/02/22 12:0 a.m.82 views

CVE-2013-0313

CVE-2013-0313 affects the Linux kernel: when EVM is enabled, the evm_update_evmxattr function in security/integrity/evm/evm_crypto.c in versions before 3.7.5 is vulnerable to a local-denial-of-service via an attempted removexattr operation on a sockfs inode, causing a NULL pointer dereference and...

6.2CVSS6.7AI score0.00357EPSS
CVE
CVE
added 2016/04/27 5:0 p.m.82 views

CVE-2015-1339

CVE-2015-1339 affects the Linux kernel: memory leak in cuse_channel_release (fs/fuse/cuse.c) can be triggered by opening /dev/cuse many times, leading to local denial of service via memory consumption (unbounded memory use). The vulnerability is reported as present in kernel versions before 4.4. ...

6.2CVSS6.3AI score0.00425EPSS
CVE
CVE
added 2016/08/07 9:0 p.m.82 views

CVE-2016-2064

The CVE-2016-2064 entry concerns the MSM QDSP6 audio driver (Linux kernel 3.x) in sound/soc/msm/qdsp6v2/msm-audio-effects-q6-v2.c, used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices. The vulnerability arises from an ioctl handling flaw that allows a crafted applicatio...

7.8CVSS7.7AI score0.00576EPSS
CVE
CVE
added 2016/08/06 8:0 p.m.82 views

CVE-2016-5400

The CVE-2016-5400 entry concerns a memory leak in the airspy_probe function of the airspy USB driver (drivers/media/usb/airspy/airspy.c) in the Linux kernel, exploitable when a crafted USB device emulates many VFL_TYPE_SDR/VFL_TYPE_SUBDEV devices and performs rapid connect/disconnect sequences. A...

4.9CVSS5AI score0.00374EPSS
CVE
CVE
added 2016/12/08 5:0 p.m.82 views

CVE-2016-9919

The CVE-2016-9919 entry concerns the Linux kernel y icmp6_send in net/ipv6/icmp.c, vulnerable through kernel version 4.8.12. The flaw omits a check of the dst data structure, allowing remote attackers to trigger a denial of service (panic) by sending a fragmented IPv6 packet. Connected advisories...

7.8CVSS6.8AI score0.05671EPSS
CVE
CVE
added 2017/06/28 6:0 a.m.82 views

CVE-2017-9986

The CVE-2017-9986 issue affects the Linux kernel’s sound/oss/msnd_pinnacle.c: the intr function is vulnerable to a double-fetch scenario when the message queue head pointer is read between two kernel reads, up to kernel versions through 4.11.7. This local condition allows a unprivileged user to c...

7.8CVSS7.6AI score0.00362EPSS
CVE
CVE
added 2024/03/04 6:15 p.m.82 views

CVE-2021-47106

CVE-2021-47106 concerns a Linux kernel nf_tables use-after-free in nft_set_catchall_destroy, caused by accessing catchall after kfree_rcu(). The fix requires using a safe iterator (list_for_each_entry_safe) to walk the set elements. Syzbot reported KASAN use-after-free in nft_set_catchall_destroy...

7.8CVSS6.5AI score0.00216EPSS
CVE
CVE
added 2024/03/15 8:14 p.m.82 views

CVE-2021-47109

CVE-2021-47109: In the Linux kernel, IFF_POINTOPOINT interfaces use NUD_NOARP entries for IPv6. An attacker can force GC of NUD_NOARP entries by overflowing the neighbour table, leading to valid connections being dropped. The issue is tied to a change around neighbor garbage collection (commit 58...

5.5CVSS6.8AI score0.00235EPSS
CVE
CVE
added 2024/03/15 8:14 p.m.82 views

CVE-2021-47120

CVE-2021-47120 : Linux kernel HID issue where Apple Magic Trackpad/Mouse disconnect could dereference an uninitialized driver pointer due to a faulty disconnect path. The patch added a sanity check but returned success instead of -ENODEV when the check failed, causing a potential NULL-deref on dr...

5.5CVSS6.2AI score0.00235EPSS
CVE
CVE
added 2024/03/25 9:7 a.m.82 views

CVE-2021-47148

CVE-2021-47148 affects the Linux kernel octeontx2-pf driver. The issue is a buffer overflow in otx2_set_rxfh_context() that can occur when calling ethtool_set_rxfh() with a user-controlled *rss_context; the code has been updated with bounds checking to prevent memory corruption. The description a...

7.8CVSS7.2AI score0.00234EPSS
CVE
CVE
added 2024/03/25 9:16 a.m.82 views

CVE-2021-47161

CVE-2021-47161 affects the Linux kernel SPI driver spi-fsl-dspi, where a resource leak could occur in an error path during probe. The issue is mitigated by ensuring that dspi_request_dma() is properly undone with a matching dspi_release_dma() call in the probe’s error handling path (as already do...

5.5CVSS6AI score0.00226EPSS
CVE
CVE
added 2024/03/25 9:16 a.m.82 views

CVE-2021-47180

The CVE-2021-47180 entry concerns a Linux kernel NFC component memory-leak in nci_allocate_device, with nfcmrvl_disconnect failing to free the hci_dev field and a fix to release hci_dev in nci_free_device. Connected documents (Astra Linux and Nessus-derived advisories) confirm the issue and its r...

5.5CVSS6.4AI score0.00226EPSS
CVE
CVE
added 2024/04/10 6:56 p.m.82 views

CVE-2021-47184

CVE-2021-47184 relates to the Linux kernel issue where a NULL pointer dereference could occur in the VSI filter synchronization (i40e driver). The patch adds an I40E_VSI_RELEASING flag to coordinate VSI resource deletion/release with the sync filters subtask and removes the cause of the dereferen...

5.5CVSS6.1AI score0.00238EPSS
CVE
CVE
added 2024/04/10 7:1 p.m.82 views

CVE-2021-47218

CVE-2021-47218: Linux kernel SELinux hashtab allocation failure could lead to NULL dereference. Root cause: on hashtab_init() allocation failure, h->size remains non-zero while h->htable is NULL, breaking hashtab_map() and hashtab_destroy() which assume non-empty hashtab. Mitigation in the ...

5.5CVSS6.5AI score0.00225EPSS
CVE
CVE
added 2024/05/21 2:19 p.m.82 views

CVE-2021-47256

CVE-2021-47256 stems from a Linux kernel memory_failure fix where a missing wait for page writeback could leave inode i_wb_list in an inconsistent state, triggering a BUG_ON in clear_inode and kernel panic. Connected advisories describe the root cause: after end_page_writeback, inode->i_wb_lis...

5.5CVSS6.5AI score0.00233EPSS
CVE
CVE
added 2024/05/21 3:4 p.m.82 views

CVE-2021-47413

CVE-2021-47413 concerns a NULL pointer dereference in the Linux kernel (usb: chipidea: ci_hdrc_imx) when a 'phys' phandle is provided in devicetree on i.MX7/i.MX8MM. The chipidea core populates usb_phy in ci_hdrc, while charger logic checks data->usb_phy in imx_usbmisc_data, causing a NULL der...

5.5CVSS6.5AI score0.00222EPSS
CVE
CVE
added 2024/05/21 3:4 p.m.82 views

CVE-2021-47417

CVE-2021-47417 refers to a Linux kernel memory-leak issue in libbpf’s strset management. The vulnerability arises from freeing only internal parts previously, not the strset structure itself, allowing a memory leak. The CVE description and connected advisories confirm this root cause and indicate...

5.5CVSS6.7AI score0.00194EPSS
CVE
CVE
added 2024/05/22 6:19 a.m.82 views

CVE-2021-47444

CVE-2021-47444 relates to the Linux kernel DRM/EDID handling. The issue stems from connector_bad_edid() assuming the EDID buffer could hold edid[0x7e] + 1 blocks, while ignoring the actual allocated size indicated by num_blocks. A bounds check was added to prevent reading beyond allocated memory,...

5.5CVSS6.6AI score0.00225EPSS
CVE
CVE
added 2024/05/24 3:9 p.m.82 views

CVE-2021-47510

CVE-2021-47510 affects the Linux kernel's btrfs implementation. A write-hole during tree-log node freeing on zoned devices can trigger a transaction abort (-11) with -EAGAIN when the tree-log depth is ≥ 2, causing write failures during fsync/write paths. The issue is fixed by correctly re-dirtyin...

5.5CVSS6.9AI score0.00205EPSS
CVE
CVE
added 2024/05/24 3:9 p.m.82 views

CVE-2021-47514

CVE-2021-47514 : In the Linux kernel, there is a vulnerability in the devlink netns refcount handling, specifically a leak in netns refcounts in devlink_nl_cmd_reload(). The root cause is that some error paths forgot to release a netns refcount during the devlink_reload() flow. The patch fixes th...

5.5CVSS6.7AI score0.00236EPSS
CVE
CVE
added 2024/04/28 1:0 p.m.82 views

CVE-2022-48644

Summary (CVE-2022-48644): A Linux kernel net/sched taprio offload bug could crash the kernel when disabling offload if flags were left at TAPRIO_FLAGS_INVALID after an error path. The code evaluated FULL_OFFLOAD_IS_ENABLED(q->flags) on an invalid flag value (U32_MAX), causing a crash when tapr...

5.5CVSS6.3AI score0.00232EPSS
CVE
CVE
added 2024/04/28 1:0 p.m.82 views

CVE-2022-48649

CVE-2022-48649 is a Linux kernel vulnerability affecting the kmem_cache lifecycle in mm/slab_common. The issue stems from a race where, during kmem_cache_destroy, a scheduled work item (kmem_cache_release) could run with an incorrect RCU flag value, potentially causing a double kmem_cache_release...

7.8CVSS6.3AI score0.00217EPSS
CVE
CVE
added 2024/06/20 11:13 a.m.82 views

CVE-2022-48717

CVE-2022-48717 concerns the Linux kernel ASoC max9759 driver, where an underflow could occur in speaker_gain_control_put() if priv->gain is negative, risking out-of-bounds access via snd_ctl_elem_write_user()/snd_ctl_elem_write()/kctl->put(). The fix adds a check for negative values of priv...

7.8CVSS6.5AI score0.00219EPSS
CVE
CVE
added 2024/06/20 11:13 a.m.82 views

CVE-2022-48724

CVE-2022-48724 concerns a memory leak in the Linux kernel’s IOMMU VT-d path during intel_setup_irq_remapping. The description in multiple connected documents states that after commit e3beca48a45b, the tear-down path could leak memory when dmar_enable_qi() errors, and that free() of the function p...

5.5CVSS7AI score0.00236EPSS
CVE
CVE
added 2024/06/20 11:13 a.m.82 views

CVE-2022-48751

CVE-2022-48751 is a Linux kernel vulnerability in the net/smc clcsock race that could cause a NULL pointer dereference when accessing clcsock after it is released (smc_setsockopt). The connected advisories/documentation describe a fix that hold-in release lock (clcsock_release_lock) and verify cl...

4.7CVSS6.2AI score0.0021EPSS
Total number of security vulnerabilities14330