14330 matches found
CVE-2025-38478
CVE-2025-38478 concerns a Linux kernel bug in the Comedi driver where some subdevice instruction handlers may read uninitialized data. The issue arises because do_insn_ioctl() and do_insnlist_ioctl() allocate at least MIN_SAMPLES (16) data elements for instructions that write to a subdevice, but ...
CVE-2025-38324
CVE-2025-38324 : The Linux kernel fix addresses a race in mpls_route_input_rcu() that could be triggered when called from mpls_getroute() under RTNL, where net->mpls.platform_label is updated under RTNL. The patch switches to rcu_dereference_rtnl() to silence the spurious lockdep warning and e...
CVE-2025-38346
CVE-2025-38346: Linux kernel ftrace UAF when lookup kallsyms after ftrace is disabled. Root cause: use-after-free accessing mod->name during module removal when ftrace_disable is active. Impact per CVSS: Local access with Low privileges required, High confidentiality/integrity/availability imp...
CVE-2025-38351
CVE-2025-38351 affects the Linux kernel KVM component (x86) when Hyper-V hypercalls are enabled. The issue arises in PV TLB flush processing where non-canonical GVAs can reach INVVPID/INVLPGA paths, potentially triggering VM-Fail on Intel hardware (AMD may ignore). In practice, this can allow a g...
CVE-2025-38365
CVE-2025-38365 affects the Linux kernel’s Btrfs filesystem. A race between a rename and directory inode logging could lead to file loss on crash/power-fail due to log replay deleting an intended entry. The fix pins the log root during renames before removing the old directory entry and unpins aft...
CVE-2025-38448
CVE-2025-38448 is a Linux kernel vulnerability in the USB gadget u_serial wakeup path. The issue is a race condition where gs_start_io() may call gs_start_rx() or gs_start_tx() after briefly dropping port_lock for usb_ep_queue(), allowing gs_close() or gserial_disconnect() to clear port.tty and p...
CVE-2025-38457
CVE-2025-38457 concerns a Linux kernel net/sched bug where grafting a qdisc to a non-existent parent class could cause a failure during qdisc initialization. The fix introduces early validation via qdisc_leaf so that attempting to attach to a non-class parent aborts before qdisc_create. Affected ...
CVE-2025-38473
CVE-2025-38473 affects the Linux kernel Bluetooth subsystem. A null-ptr-deref in l2cap_sock_resume_cb() can occur when handling l2cap sockets during resume/kill sequences. The fix adds a guard to ensure chan->data is not NULL, avoiding use-after-free/killed-socket access. The description refer...
CVE-2025-38476
CVE-2025-38476 affects the Linux kernel. The vulnerability is a use-after-free in rpl_do_srh_inline() caused by accessing ipv6 headers after skb_cow_head(), which could free the header. A fix makes oldhdr a local struct to prevent use-after-free. The issue is documented with a CVSS v3.1 vector (L...
CVE-2025-38494
CVE-2025-38494 (Linux kernel) : In the HID core, hid_hw_raw_request() checks were bypassed by a low-level transport path, allowing the use of invalid parameters. The vulnerability was resolved in the Linux kernel; advisories from Debian/Amazon/RHEL references confirm the fix. Impact is high (loca...
CVE-2026-23092
CVE-2026-23092 relates to a Linux kernel fix in iio: dac: ad3552r-hs_write_data_source where out-of-bounds writes could occur. The issue stemmed from using the write-return count as the index for null termination instead of the actual number of bytes copied by simple_write_to_buffer(). If count e...
CVE-2004-1068
CVE-2004-1068 involves a missing serialization flaw in the unix_dgram_recvmsg path of Linux kernels 2.4.27 and earlier, and 2.6.x up to 2.6.9. The issue enables local users to potentially gain privileges due to a race condition. The description explicitly states the vulnerability is a local privi...
CVE-2005-1762
CVE-2005-1762 affects AMD64 Linux kernel 2.6.8.1 and 2.6.10; a ptrace() address verification flaw allows local users to crash the kernel (denial of service). Root cause: inadequate verification of non-canonical addresses in amd64 ptrace. Impact: kernel crash; exploitation requires local access. R...
CVE-2005-2555
CVE-2005-2555 affects the Linux kernel 2.6.x line. The issue is that socket policy access is not properly restricted to users with the CAP_NET_ADMIN capability, potentially allowing local users to perform unauthorized activities. The vulnerability is associated with the IPv4 and IPv6 socket glue ...
CVE-2005-3784
CVE-2005-3784 concerns the Linux kernel 2.6.x series: auto-reap of child processes can include ptrace-attached children, causing a dangling ptrace reference that leads to local denial of service (crash) and potential root privileges. The description specifies the vulnerable condition is present i...
CVE-2006-1528
CVE-2006-1528 affects the Linux kernel prior to 2.6.13. The vulnerability arises in the sg (SCSI generic) driver’s handling of memory-mapped I/O space during a dio transfer, allowing a local user to trigger a crash ( Denial of Service ). The connected documents confirm the issue is located in the...
CVE-2006-2071
CVE-2006-2071 affects Linux kernels 2.4.x and 2.6.x up to 2.6.16. It arises from a flaw in the mprotect handling that allowed a local user to grant write permission to a read-only attachment of a shared memory segment, bypassing IPC permissions and enabling modification of the attachment. Reporte...
CVE-2006-2448
Concrete details found: CVE-2006-2448 affects the Linux kernel on PowerPC, specifically versions before 2.6.16.21 and 2.6.17. The root cause is missing access_ok checks in PowerPC signal handling (signal_64.c, potentially signal_32.c). Impact as stated: local users could read arbitrary kernel mem...
CVE-2007-2764
The CVE-2007-2764 entry concerns the embedded Linux kernel in certain Sun-Brocade SilkWorm switches prior to 20070516. The issue arises when a non-root user creates a kernel process, which can lead to a denial of service (kernel oops) and device reboot via unspecified vectors. The NVD entry assig...
CVE-2008-2365
CVE-2008-2365 describes a race condition in Linux kernel ptrace/utrace support (kernel 2.6.9–2.6.25) used by RHEL4. A local user can cause a denial of service (oops) by issuing a long sequence of PTRACE_ATTACH calls that trigger a conflict between utrace_detach and report_quiescent due to a late ...
CVE-2008-5702
CVE-2008-5702 concerns a buffer underflow in the Linux kernel watchdog driver IB700 SBC (ib700wdt.c) via the ibwdt_ioctl path. Affected software is the Linux kernel prior to 2.6.28-rc1; exploitation could occur through a WDIOC_SETTIMEOUT ioctl on /dev/watchdog by a local user. The Initial Descrip...
CVE-2009-0935
CVE-2009-0935 affects Linux kernel inotify_read across 2.6.27–2.6.27.13, 2.6.28–2.6.28.2, and 2.6.29-rc3. The issue allows local users to trigger a denial of service (OOPS) by reading with an invalid address to an inotify instance, causing the event list mutex to be unlocked twice and preventing ...
CVE-2009-4026
CVE-2009-4026 affects the Linux kernel mac80211 subsystem prior to 2.6.32-rc8-next-20091201. A crafted Delete Block ACK (DELBA) packet can cause a remote denial of service (panic) due to an erroneous “code shuffling patch.” A fix is provided in the patch referenced as 2.6.32-rc8-next-20091201, an...
CVE-2010-0623
The CVE-2010-0623 issue affects the Linux kernel versions prior to 2.6.33-rc7, where futex_lock_pi in kernel/futex.c mishandles a reference count. This allows local users to trigger a denial of service (OOPS) by exploiting an unmount of an ext3 filesystem. The SUSE entry confirms the same descrip...
CVE-2011-0716
CVE-2011-0716 affects the Linux kernel older than 2.6.38. The vulnerability lies in the br_multicast_add_group function within net/bridge/br_multicast.c, triggered when a specific Ethernet bridge configuration is used. An attacker locally can cause memory corruption and a system crash by sending ...
CVE-2011-1477
CVE-2011-1477 affects the Linux kernel (sound/oss/opl3.c) through multiple array index errors before 2.6.39. These flaws allow local users to cause a denial of service via heap memory corruption and, potentially, gain privileges by writing to /dev/sequencer. The issue is tied to Yamaha YM3812/OPL...
CVE-2011-2184
The CVE-2011-2184 entry concerns Linux kernel prior to 2.6.39.1 where key_replace_session_keyring fails to initialize a structure member, enabling local users to trigger a NULL pointer dereference and system crash via KEYCTL_SESSION_TO_PARENT in keyctl. This is a distinct issue from CVE-2010-2960...
CVE-2011-2898
CVE-2011-2898 concerns the Linux kernel AF_PACKET implementation. The flaw allows local users to read potentially sensitive kernel memory by exploiting inadequate restrictions on VLAN Tag Control Information data structures. The vulnerability is described as a kernel information leak in the AF_PA...
CVE-2011-4594
The CVE-2011-4594 entry documents a local kernel vulnerability in the Linux kernel (__sys_sendmsg in net/socket.c) where crafted usage of sendmmsg can trigger an incorrect pointer dereference and crash the system. It affects kernel versions before 3.1, with the described impact being a denial of ...
CVE-2011-4914
The CVE-2011-4914 issue affects the Linux kernel ROSE protocol implementation prior to 2.6.39. It arises because data-length values are not verified against the actual data sent, enabling remote attackers to read kernel memory (out-of-bounds read) or cause a denial of service via crafted data to ...
CVE-2013-2894
CVE-2013-2894 affects the Linux kernel HID subsystem, specifically drivers/hid/hid-lenovo-tpkbd.c. When CONFIG_HID_LENOVO_TPKBD is enabled, the vulnerability permits a physically proximate attacker to trigger a denial of service via a heap-based out-of-bounds write using a crafted USB device. The...
CVE-2013-2898
The CVE-2013-2898 entry concerns the Linux kernel HID subsystem, specifically drivers/hid/hid-sensor-hub.c. When CONFIG_HID_SENSOR_HUB is enabled, the vulnerability affects the kernel up through version 3.11 and allows physically proximate attackers to obtain sensitive information from kernel mem...
CVE-2013-7026
Summary of CVE-2013-7026 : The Linux kernel contains race conditions in ipc/shm.c (IPC_SHM with IPC_RMID) that can be exploited locally to trigger use-after-free and a system crash, potentially causing a denial of service. The issue affects kernels prior to 3.12.2. The referenced advisories indic...
CVE-2014-8480
CVE-2014-8480 affects the Linux kernel KVM subsystem: the instruction decoder in arch/x86/kvm/emulate.c lacks intended decoder-table flags for certain RIP-relative instructions. This can allow a guest OS user to trigger a NULL pointer dereference and crash the host OS (denial of service). The vul...
CVE-2015-8953
CVE-2015-8953 affects the Linux kernel overlayfs: copy_up.c contains an incorrect cleanup path that leaks dentry references, enabling local DoS via operations on large files in a lower overlayfs layer. Affected component: overlayfs/copy_up.c in the kernel before 4.2.6. Impact: denial of service d...
CVE-2016-2066
CVE-2016-2066 affects the MSM QDSP6 audio driver in the Linux kernel 3.x as used in Qualcomm QuIC Android contributions for MSM devices and related products. The issue is an integer signedness error in the msm-audio-effects-q6-v2.c path that handles ioctl commands, leading to memory corruption. P...
CVE-2017-0568
CVE-2017-0568 is a Broadcom Wi‑Fi driver elevation-of-privilege issue in Android kernels (3.10/3.18). An attacker controlling the dongle can abuse WLC_GET_VALID_CHANNELS results to inflate list->count, causing an out‑of‑bounds write when populating default_chan_list and enabling arbitrary code...
CVE-2017-18552
CVE-2017-18552 affects the Linux kernel up to version 4.10 in net/rds/af_rds.c, where rds_recv_track_latency contains an out-of-bounds write and read. The connected Nessus advisories (Unity Linux UTSA advisories) mirror this issue and reference kernel versions before 4.11, with a commit in the Li...
CVE-2017-9984
The CVE-2017-9984 issue affects the Linux kernel’s snd_msnd_interrupt path (sound/isa/msnd/msnd_pinnacle.c) and is a local, double-fetch vulnerability that can allow over-boundary access to a message queue head pointer, potentially enabling DoS or other impact. The advisory notes vulnerable until...
CVE-2021-47121
Rejected: CVE-2021-47121 entry withdrawn/not used; this CVE is not an active vulnerability entry.
CVE-2021-47175
CVE-2021-47175: Linux kernel net/sched fq_pie OOB access in the traffic path (fq_pie_qdisc_enqueue). The issue manifests as slab-out-of-bounds read during packet enqueue, demonstrated by a kasan report when using tc with fq_pie. A fix was applied to the fq_pie path to prevent selecting an out-of-...
CVE-2021-47215
CVE-2021-47215 affects the Linux kernel mlx5e kTLS flow. The root cause is list corruption in TLS RX resync flow: entries are now protected against movements from resync_handle_seq_match() until resync handling in napi completes. This fixes stability/crashes in the RX resync path. The entry docum...
CVE-2021-47232
CVE-2021-47232 is a Linux kernel issue where a skb is taken from the per-session j1939 skb queue without incrementing the ref count, leading to a Use-after-Free if the skb is concurrently used. The patch "can: j1939: fix Use-after-Free, hold skb ref while in use" fixes this by holding a reference...
CVE-2021-47233
Summary of CVE-2021-47233 (Linux kernel): The issue is a NULL pointer dereference in regulator rt4801 when priv->enable_gpios is NULL, with devm_gpiod_get_array_optional possibly returning NULL if no GPIO is assigned. The vulnerability has been resolved in the Linux kernel; multiple advisories...
CVE-2021-47296
CVE-2021-47296 affects the Linux kernel KVM on PPC. The issue is a leak in vcpu_load due to vcpu_put not being called when a user copy fails, which can corrupt preempt notifiers and cause crashes. The vulnerability is resolved via a kernel patch (details present in the connected advisories), with...
CVE-2021-47367
Affected software: Linux kernel virtio-net component. Issue: when using build_skb() in big mode, unused pages chained via private in big mode were not released, causing page leakage. Root cause: failure to release those pages after skb construction in big mode. Impact: potential resource leak; CV...
CVE-2021-47448
CVE-2021-47448 affects the Linux kernel MPTCP recvmsg path. If the caller uses MSG_WAITALL and insufficient data remains to satisfy the request, recvmsg can stall in an infinite loop because mptcp_wait_data() detects MPTCP_DATA_READY and never clears it in that code path. This can trigger an RCU ...
CVE-2021-47529
CVE-2021-47529: Linux kernel vulnerability in iwlwifi memory management where memory allocated in reduce_power_data could leak on error (invalid TLV len or memory allocation failure). The issue has been fixed in the Linux kernel by freeing allocated memory in the error path before return. Connect...
CVE-2022-48660
CVE-2022-48660 is a Linux kernel vulnerability affecting gpiolib: cdev on certain platforms (ex: nxp-ls1028). The issue occurred when the IRQ for lineevent_state was set before the IRQ was successfully registered, leading to a warning trace from free_irq() during gpio tests and a resource release...
CVE-2022-48706
The CVE-2022-48706 entry concerns the Linux kernel and a memory-leak in the virtual data path (vdpa) IFCVF path. Root cause: ifcvf_mgmt_dev leaks memory if not freed on exit and the existing cleanup in ifcvf_init_hw does not handle it, so the fix adds proper cleanup at the return path to ensure m...