13804 matches found
CVE-2024-49573
CVE-2024-49573 affects the Linux kernel sched/fair NEXT_BUDDY logic. Enabling NEXT_BUDDY could trigger a WARN in pick_next_entity(); fix moves clear_buddies() earlier and ensures no new ->next buddy starts as delayed. Upstream/stable kernel patches implement this remediation (see referenced ke...
CVE-2024-57891
The CVE refers to a Linux kernel issue fixed in the sched_ext subsystem: an invalid IRQ restore could occur due to improper conversion of an inner rq_unlock_irqrestore() to rq_unlock() when adding outer irqsave/restore locking in scx_ops_bypass(). This could lead to the IRQs being re-enabled at a...
CVE-2025-22048
Summary of CVE-2025-22048 (Linux kernel LoongArch BPF issue) : The problem was triggered by sign-extending the BPF return value. After commit 73c359d1d356, a5 (BPF return value) was sign-extended to a0, and for native calls the a0 value was propagated back to a5. For bpf2bpf calls this propagatio...
CVE-2025-37779
CVE-2025-37779 pertains to the Linux kernel. A folio refcount bug in lib/iov_iter caused a UAF when an EROFS file-backed mount over 9P (v9fs) on QEMU was exercised, due to pages in bvec being coalesced across a folio boundary. The root cause was inadequate refcount handling for non-slab folios, p...
CVE-2025-37845
CVE-2025-37845: Linux kernel tracing fprobe events fix prevents use-after-free by unloading a module during tprobe/tracepoint handling. Root cause: a previous relocation of try_module_get() from __find_tracepoint_module_cb() to find_tracepoint() could access a freed module object; the patch resto...
CVE-2025-37894
CVE-2025-37894 affects the Linux kernel networking code: when sk_state is TCP_TIME_WAIT, a pointer of type inet_timewait_sock could be returned by __inet_lookup_established() or __inet6_lookup_established(), and calling sock_put() on it may crash (sk_wmem_alloc access in sk_free). The issue is mi...
CVE-2025-37955
CVE-2025-37955 concerns a memory leak in the Linux kernel virtio-net driver. The issue occurs on the error path of virtnet_xsk_pool_enable(), where xsk_buffs are not freed, leading to an unreferenced 2048-byte object in the xdp helper path. The backtrace points to virtnet_xsk_pool_enable and rela...
CVE-2025-37971
CVE-2025-37971 in the Linux kernel, under the staging/bcm2835-camera path, is caused by failing to initialise dev->v4l2_dev.dev, which leads to a NULL pointer dereference in mmal_init. The fix updates bcm2835_mmal_probe to initialise dev->v4l2_dev.dev (instead of relying on v4l2_device_regi...
CVE-2025-38015
CVE-2025-38015 – Linux kernel (dmaengine idxd): The issue is a memory leak in the error path of idxd_alloc where memory allocated for idxd could be left unreleased if idxd_alloc() fails. The fix frees the allocated memory in the reverse order of allocation before exiting the function on error. Th...
CVE-2025-38107
CVE-2025-38107: In the Linux kernel, a race in net_sched:ets (ets_qdisc_change) was fixed. The race occurs when a SFQ perturb timer fires at an inopportune moment, enabling underflow of a parent qlen during qdisc operations. The corrective action is to purge the qdisc with qdisc_purge_queue() bef...
CVE-2025-38113
CVE-2025-38113 affects the Linux kernel: ACPI: CPPC: Fix NULL pointer dereference when nosmp is used. With nosmp in the kernel command line, CPUs aren’t brought up and their cpc_desc_ptr can be NULL, leading to NULL dereferences when CPU0 iterates over possible CPUs and panics. The issue is docum...
CVE-2025-38154
CVE-2025-38154 affects the Linux kernel sockmap path (bpf/sockmap) where sk->sk_socket can be used after free due to a race with backlog/thread close paths. The description in the connected documents explains that sk_socket is not locked/referenced in the backlog, enabling a race with the rele...
CVE-2025-38173
CVE-2025-38173 affects the Linux kernel’s crypto path for marvell/cesa. The vulnerability arises from handling zero-length skcipher requests, where code could access invalid memory. The fix makes zero-length requests return 0 instead of reading memory. This is a local vulnerability with the kerne...
CVE-2025-38174
The CVE-2025-38174 issue is in the Linux kernel Thunderbolt path: tb_cfg_request_work/tb_cfg_request_dequeue can schedule the same configuration request twice, causing a double list_del on ctl->request_queue and a potential general protection fault (non-canonical address 0xdead000000000122). T...
CVE-2025-38215
In CVE-2025-38215, the Linux kernel fbdev subsystem had a null-ptr-deref risk in fb_videomode_to_var when do_register_framebuffer allocated fb_videomode memory unsuccessfully. The fix prevents registering fb_info unless its mode is set and moves fb_add_videomode() earlier in do_register_framebuff...
CVE-2025-38222
Summary : CVE-2025-38222 refers to a Linux kernel vulnerability in ext4 inline data handling. When inline_data is enabled, a length parameter (len) is incorrectly treated as an unsigned int, causing a truncation of pos+len in ext4_prepare_inline_data. This leads to an incorrect len being passed t...
CVE-2025-38227
CVE-2025-38227 concerns a slab-use-after-free in the Linux kernel’s vidtv driver, specifically in vidtv_mux_pid_ctx_init and vidtv_mux_init. The root cause, as reported by syzbot, is a use-after-free that occurs when PSI initialization fails and the si member is accessed again, leading to a 8-byt...
CVE-2025-38279
CVE-2025-38279: Linux kernel bpf verifier backtracking bug in __mark_chain_precision (verifier) when handling precise registers; a test demonstrating a r10-related path and a patch that stops including stack ptr in precision backtracking was provided. Affected component: Linux kernel BPF verifier...
CVE-2025-38312
CVE-2025-38312 concerns the Linux kernel fbdev path: fbcvt. In fb_find_mode_cvt(), if mode->refresh equals 0x80000000, cvt.f_refresh overflows when doubled, and is subsequently used as a divider in fb_cvt_hperiod(), causing a division by zero and potential kernel oops. The vulnerability is res...
CVE-2025-38323
Summary (CVE-2025-38323): In the Linux kernel, the ATM LECS code path (net/atm/lec.c) had a potential use-after-free due to a path that could leave a dangling pointer in dev_lec[] from lecd_attach(). The patch adds a mutex (lec_mutex) to protect dev_lecp[] uses from lecd_attach(), lec_vcc_attach(...
CVE-2025-38324
CVE-2025-38324 : The Linux kernel fix addresses a race in mpls_route_input_rcu() that could be triggered when called from mpls_getroute() under RTNL, where net->mpls.platform_label is updated under RTNL. The patch switches to rcu_dereference_rtnl() to silence the spurious lockdep warning and e...
CVE-2025-38353
CVE-2025-38353: Linux kernel drm/xe wedge handling fix. Affected component: xe DRM path. Root cause: taking an invalid wedge lock when device wedges on GuC upload, leaving state uninitialized and submission not enabled. Impact: device wedged with recovery required; observed WARN/lock debugging ou...
CVE-2025-38400
No additional technical details about CVE-2025-38400 are provided in the connected documents beyond the initial description. Monitor for updates.
CVE-2025-38428
CVE-2025-38428 : In the Linux kernel, the vulnerability affects the ims-pcu path where the firmware-provided length (len) is used in memcpy to fragment data in ims_pcu_flash_firmware(). If len is too large, memory corruption can occur. The issue arises from trusting firmware input; the fixed vers...
CVE-2025-38448
CVE-2025-38448 is a Linux kernel vulnerability in the USB gadget u_serial wakeup path. The issue is a race condition where gs_start_io() may call gs_start_rx() or gs_start_tx() after briefly dropping port_lock for usb_ep_queue(), allowing gs_close() or gserial_disconnect() to clear port.tty and p...
CVE-2025-38494
CVE-2025-38494 (Linux kernel) : In the HID core, hid_hw_raw_request() checks were bypassed by a low-level transport path, allowing the use of invalid parameters. The vulnerability was resolved in the Linux kernel; advisories from Debian/Amazon/RHEL references confirm the fix. Impact is high (loca...
CVE-2002-0429
CVE-2002-0429 affects Linux kernels 2.4.18 and earlier on x86, via the iBCS compatibility interface (the lcall path in arch/i386/kernel/traps.c). The vulnerability enables a local unprivileged user to kill arbitrary processes. Connected advisories confirm affected architectures and that patches e...
CVE-2003-0018
CVE-2003-0018 concerns Linux kernel 2.4.10–2.4.21-pre4 where O_DIRECT is mishandled, allowing local attackers with write privileges to read portions of previously deleted files or cause filesystem corruption. Related advisories (SUSE CVE-2003-0956; Debian DSA-358/423) note multiple O_DIRECT-relat...
CVE-2004-0109
CVE-2004-0109 describes a buffer overflow in the Linux kernel ISO9660 filesystem for 2.4/2.5/2.6, allowing local users with physical access to overflow kernel memory and execute arbitrary code via a malformed CD containing a long symbolic link entry. The connected documents do not provide additio...
CVE-2004-1016
CVE-2004-1016 affects the Linux kernel (2.4.x up to 2.4.28 and 2.6.x up to 2.6.9) where the scm_send function in the kernel SCM layer can be triggered by local users. By crafting auxiliary messages passed to sendmsg, this can lead to a deadlock and a system hang (denial of service). Public record...
CVE-2004-1056
CVE-2004-1056 involves the Direct Rendering Manager (DRM) drivers in Linux kernel 2.6. It is caused by insufficient DMA lock checking, which could allow an authorized client to send arbitrary values to the video card, potentially causing an X server crash or modifying the video output. The vulner...
CVE-2005-0209
CVE-2005-0209 is a Linux kernel netfilter fragmentation flaw that allows a remote attacker to crash the system (DoS) by sending crafted IP fragments. Documented impact is a kernel crash via malformed fragments in the netfilter path of Linux 2.6.x (notably 2.6.8.1). Public advisories confirm vulne...
CVE-2005-0531
CVE-2005-0531 refers to a bug in the Linux kernel (2.6.10 and 2.6.11 before 2.6.11-rc4) where the atm_get_addr function in addr.c could be triggered by negative length arguments, allowing a local user to overwrite substantial kernel memory. The issue stems from insufficient input validation in th...
CVE-2005-3044
CVE-2005-3044 affects the Linux kernel prior to 2.6.13.2. Vulnerabilities arise from (1) fput in a 32-bit ioctl on 64-bit x86 systems and (2) sockfd_put in the 32-bit routing_ioctl function on 64-bit systems, enabling local attackers to trigger a kernel OOPS and cause a denial of service. Remedia...
CVE-2006-1066
CVE-2006-1066 is tied to the Linux kernel prior to 2.6.16 on x86_64 with preemption enabled. The vulnerability allows a local attacker to trigger a denial of service (oops) by using multiple ptrace tasks performing single steps, which can cause corruption of the DEBUG_STACK stack during the do_de...
CVE-2007-0006
The CVE-2007-0006 issue affects Linux kernels 2.6.9 through 2.6.20 in the key_alloc_serial code, where a fault in the key serial number collision avoidance can be triggered by a local user, leading to a crash via a NULL pointer dereference (local DoS). The vulnerability is documented across multi...
CVE-2007-1217
CVE-2007-1217 affects the ISDN CAPI subsystem in Linux kernel 2.6.9–2.6.20 and isdn4k-utils. A buffer overflow in capiutil.c’s bufprint function could allow a local user to crash the system and potentially gain privileges via a crafted CAPI packet. Exploitation requires ISDN frame access to the t...
CVE-2008-5033
The CVE-2008-5033 issue affects the Linux kernel: the chip_command function in drivers/media/video/tvaudio.c is vulnerable in 2.6.25.x before 2.6.25.19, 2.6.26.x before 2.6.26.7, and 2.6.27.x before 2.6.27.3, enabling a denial of service via NULL function pointer dereference (OOPS). Patches are r...
CVE-2008-5701
CVE-2008-5701 is a Linux kernel local denial-of-service vulnerability on 64-bit MIPS platforms caused by an array index error in arch/mips/kernel/scall64-o32.S. It affects kernel versions prior to 2.6.28-rc8, where an o32 syscall with a small number can trigger an out-of-bounds access to the sysc...
CVE-2009-0859
CVE-2009-0859 affects the Linux kernel shm subsystem (ipc/shm.c). When CONFIG_SHMEM is disabled, shm_get_stat misinterprets the inode data type, enabling local users to trigger a denial of service (system hang) via an SHM_INFO shmctl call (as demonstrated by the ipcs program). The advisory notes ...
CVE-2009-1897
The CVE affects the Linux kernel tun/tun_chr_poll path: the tun_chr_poll function in drivers/net/tun.c for Linux kernel versions 2.6.30 and 2.6.30.1. The underlying issue is that, when the -fno-delete-null-pointer-checks option is omitted, a NULL pointer dereference can be triggered via a NULL de...
CVE-2010-1187
The CVE-2010-1187 issue affects the Linux kernel TIPc (Transparent Inter-Process Communication) implementation, reported for kernel versions 2.6.16-rc1 through 2.6.33 (and potentially other versions). The vulnerability allows a local user to trigger a NULL pointer dereference and cause a kernel O...
CVE-2011-0716
CVE-2011-0716 affects the Linux kernel older than 2.6.38. The vulnerability lies in the br_multicast_add_group function within net/bridge/br_multicast.c, triggered when a specific Ethernet bridge configuration is used. An attacker locally can cause memory corruption and a system crash by sending ...
CVE-2011-2695
CVE-2011-2695 involves multiple off-by-one errors in the Linux kernel ext4 subsystem (before 3.0-rc5). Local users can cause a denial of service (BUG_ON and system crash) by performing a write operation to a sparse file in extent format where the block number equals the maximum 32-bit unsigned va...
CVE-2011-4917
CVE-2011-4917 : Information disclosure in the Linux kernel up to 3.1 via /proc/stat. Local access required; low attack complexity with LOW privileges and partial confidentiality impact (CVSS v3.1 base score 5.5). Root cause: kernel information leakage through /proc/stat. Affected product: Linux k...
CVE-2012-3520
CVE-2012-3520 concerns the Netlink implementation in the Linux kernel prior to 3.2.30, where Netlink messages missing SCM_CREDENTIALS data could be spoofed by a local attacker via crafted messages (notably affecting services such as Avahi or NetworkManager). The vulnerability enables a local user...
CVE-2012-6546
CVE-2012-6546 affects the Linux kernel up to version 3.6, where the ATM implementation may not initialize certain structures. This allows local users to obtain sensitive information from kernel stack memory via a crafted application. Connected advisories (e.g., MiracleLinux AXSA entries) confirm ...
CVE-2013-2140
CVE-2013-2140 affects the Linux kernel before 3.10.5, via dispatch_discard_io in Xen blkback (drivers/block/xen-blkback/blkback.c). It enables a guest OS user to trigger a denial of service (data loss) through write operations on read-only disks that support BLKIF_OP_DISCARD/TRIM or SCSI UNMAP. T...
CVE-2013-3076
CVE-2013-3076 affects the Linux kernel prior to or up to 3.9-rc8, where the crypto API does not initialize certain length variables. This allows local attackers to read kernel stack memory via crafted recvmsg/recvfrom calls, related to hash_recvmsg (crypto/algif_hash.c) and skcipher_recvmsg (cryp...
CVE-2013-4300
CVE-2013-4300 affects the Linux kernel (pre-3.11). The vulnerability arises from a faulty capability check in scm_check_creds() in net/core/scm.c that uses an incorrect namespace, enabling local users to gain privileges via PID spoofing. Impact: local privilege escalation with complete confidenti...