14330 matches found
CVE-2025-38315
CVE-2025-38315 concerns a Linux kernel Bluetooth driver issue (btintel). The root cause is a mismatch between the EFI variable size and the known struct btintel_dsbr size, which could lead to a stack overflow if the EFI variable is larger than expected. The fix alters the check to rely on the kno...
CVE-2025-38320
CVE-2025-38320 affects the Linux kernel on arm64/ptrace, describing a stack-out-of-bounds read in regs_get_kernel_stack_nth() detected by KASAN. The issue is illustrated by a long kernel trace showing a read of size 8 at a stack address belonging to task 1.sh/2550, with the buggy frame located in...
CVE-2025-38326
CVE-2025-38326: Linux kernel AOE driver vulnerability where aoe device rq_list isn’t cleaned on down, causing blk_mq_freeze_queue() to sleep and hang. Fix clears the rq_list before blk_mq_freeze_queue(). No exploitation details provided; remediation is the kernel fix.
CVE-2025-38331
CVE-2025-38331 fixes a Linux kernel vulnerability in the cortina Ethernet driver where TOE/TSO must be used on all TCP traffic to prevent driver instability, lockups, and crashes. The issue arises from a mismatch between TOE and segmentation; the data path offloads IP/TCP parsing, checksums, and ...
CVE-2025-38364
CVE-2025-38364 pertains to Linux kernel Maple_tree: MA_STATE_PREALLOC handling in mas_preallocate. The flaw prevented allocations when MA_STATE_PREALLOC was set; preallocation checks could undercount, leading to a WARN_ON() and a subsequent null pointer dereference on larger future requests (e.g....
CVE-2025-38382
CVE-2025-38382 corresponds to a Linux kernel (btrfs) issue fixed in the log replay extref iteration. The root cause was an uninitialized victim_name.len when we jump to the next loop iteration from __inode_add_ref() while processing extrefs, leading to invalid memory access. The fix initializes v...
CVE-2025-38406
CVE-2025-38406 affects the Linux kernel wifi driver ath6kl: the vulnerability originates from an unnecessary WARN_ON() when firmware input is bad. The description clarifies that bad firmware input is unrelated to the driver stack and does not constitute an exploitable condition; the fix instead p...
CVE-2025-38427
Summary: CVE-2025-38427 in the Linux kernel fixes a framebuffer relocation bug where screen_info frames were tied to boot CPU addresses, not accounting for PCI host-bridge offsets. During boot, firmware may assign a different PCI memory offset, relocating PCI graphics framebuffer addresses. The k...
CVE-2025-38430
CVE-2025-38430 affects the Linux kernel NFS server (nfsd). The issue arises when processing NFSv4 compound requests; if the request is not NFSPROC4_COMPOUND, examining cstate may yield undefined results. A patch adds a guard to verify that the RPC procedure being executed is NFSPROC4_COMPOUND, pr...
CVE-2025-38437
CVE-2025-38437 : In the Linux kernel, a use-after-free in ksmbd during oplock/lease break ack was fixed. If ksmbd_iov_pin_rsp returns an error, use-after-free can occur by accessing opinfo->state and opinfo_put, and ksmbd_fd_put could be called twice. The vulnerability affects the ksmbd compon...
CVE-2004-0109
CVE-2004-0109 describes a buffer overflow in the Linux kernel ISO9660 filesystem for 2.4/2.5/2.6, allowing local users with physical access to overflow kernel memory and execute arbitrary code via a malformed CD containing a long symbolic link entry. The connected documents do not provide additio...
CVE-2004-0427
The CVE-2004-0427 issue affects Linux kernels: do_fork in 2.4.x prior to 2.4.26 and 2.6.x prior to 2.6.6 fails to decrement mm_count when an error occurs after activating the child mm_struct, causing a memory leak and a local denial-of-service via CLONE_VM. The description specifies the root caus...
CVE-2005-0531
CVE-2005-0531 refers to a bug in the Linux kernel (2.6.10 and 2.6.11 before 2.6.11-rc4) where the atm_get_addr function in addr.c could be triggered by negative length arguments, allowing a local user to overwrite substantial kernel memory. The issue stems from insufficient input validation in th...
CVE-2005-3180
The CVE-2005-3180 issue concerns the Linux kernel Orinoco wireless driver (orinoco.c). In kernels up to 2.6.13 and earlier, memory from a previously used packet is not cleared when the packet length is increased, which can allow a remote attacker to observe sensitive information (information leak...
CVE-2005-3275
CVE-2005-3275 describes a race in the Linux kernel NAT code (ip_nat_proto_tcp.c and ip_nat_proto_udp.c) where a variable is incorrectly declared static. This enables a remote attacker to cause memory corruption by NATing two packets for the same protocol simultaneously, leading to a denial of ser...
CVE-2005-3276
CVE-2005-3276 affects the Linux 2.6 kernel: the sys_get_thread_area path in process.c may copy an uninitialized data structure to userspace, exposing kernel memory to a local user. Affected versions are 2.6 before 2.6.12.4 and 2.6.13. The impact is information disclosure of kernel data to untrust...
CVE-2006-0744
CVE-2006-0744 affects the Linux kernel before 2.6.16.5. The issue arises from handling uncanonical return addresses on Intel EM64T CPUs, where an exception is reported in SYSRET instead of the next instruction, causing the kernel exception handler to run on the user stack with an incorrect GS. Im...
CVE-2006-1066
CVE-2006-1066 is tied to the Linux kernel prior to 2.6.16 on x86_64 with preemption enabled. The vulnerability allows a local attacker to trigger a denial of service (oops) by using multiple ptrace tasks performing single steps, which can cause corruption of the DEBUG_STACK stack during the do_de...
CVE-2006-2936
CVE-2006-2936 affects the ftdi_sio USB/serial driver in Linux kernels 2.6.x (up to at least 2.6.17). The issue lets local users trigger memory consumption DoS by writing more data to a serial port than the hardware can handle, causing queued data and potential resource exhaustion. Public referenc...
CVE-2006-6053
CVE-2006-6053 affects the Linux kernel 2.6.x: the ext3fs_dirhash function can crash the kernel via a malformed ext3 stream, enabling a local user to cause a denial of service. The issue is tied to the ext3 filesystem code in the 2.6.x series and is listed among kernel vulnerabilities addressed by...
CVE-2007-3851
CVE-2007-3851 affects the Linux kernel’s i915 DRM path on Intel 965-era chipsets. The flaw lets a local user with access to an X11 session and DRM write to arbitrary memory via a crafted batchbuffer, enabling privilege escalation. The issue is tied to the DRM/i915 driver before kernel 2.6.22.2. P...
CVE-2007-6694
CVE-2007-6694 : A NULL pointer dereference in the CHRP PowerPC kernel code (chrp_show_cpuinfo in setup.c) may be triggered when of_get_property fails, potentially enabling a local denial-of-service (crash) on Linux kernel 2.4.21–2.6.18-53 running on PowerPC. Connected advisories (RHSA/ELSA) indic...
CVE-2009-0859
CVE-2009-0859 affects the Linux kernel shm subsystem (ipc/shm.c). When CONFIG_SHMEM is disabled, shm_get_stat misinterprets the inode data type, enabling local users to trigger a denial of service (system hang) via an SHM_INFO shmctl call (as demonstrated by the ipcs program). The advisory notes ...
CVE-2010-1641
CVE-2010-1641 affects the Linux kernel’s gfs2 file operations. MiracleLinux AXSA-2010-377:12 notes the affected kernel (2.6.18-194.3.AXS3) and flags that do_gfs2_set_flags does not verify file ownership, allowing local bypass via a SETFLAGS ioctl. The vulnerability corresponds to Linux kernels be...
CVE-2011-1023
CVE-2011-1023 affects the Linux kernel RDS (Reliable Datagram Sockets) subsystem prior to 2.6.38. The issue arises in congestion map updates, allowing a local, unprivileged user to trigger a denial of service (BUG_ON and system crash) via loopback (loop) or InfiniBand (ib) transmit vectors. The v...
CVE-2011-2695
CVE-2011-2695 involves multiple off-by-one errors in the Linux kernel ext4 subsystem (before 3.0-rc5). Local users can cause a denial of service (BUG_ON and system crash) by performing a write operation to a sparse file in extent format where the block number equals the maximum 32-bit unsigned va...
CVE-2011-4917
CVE-2011-4917 : Information disclosure in the Linux kernel up to 3.1 via /proc/stat. Local access required; low attack complexity with LOW privileges and partial confidentiality impact (CVSS v3.1 base score 5.5). Root cause: kernel information leakage through /proc/stat. Affected product: Linux k...
CVE-2012-3520
CVE-2012-3520 concerns the Netlink implementation in the Linux kernel prior to 3.2.30, where Netlink messages missing SCM_CREDENTIALS data could be spoofed by a local attacker via crafted messages (notably affecting services such as Avahi or NetworkManager). The vulnerability enables a local user...
CVE-2012-6539
CVE-2012-6539: In Linux kernel prior to 3.6, dev_ifconf in net/socket.c fails to initialize a structure, allowing local attackers to read kernel stack memory. SUSE advisories (SUSE-SU-2014:0536-1) roll up fixes and list this CVE among many kernel mitigations; patching/upgrading to kernel 3.6+ is ...
CVE-2013-1826
The CVE-2013-1826 issue affects the Linux kernel’s xfrm_state_netlink() in net/xfrm/xfrm_user.c prior to 3.5.7. The vulnerability stems from not properly handling error conditions in dump_one_state() calls, which can allow a local user with CAP_NET_ADMIN to gain privileges or trigger a denial of ...
CVE-2013-1848
Affected software: Linux kernel (fs/ext3/super.c) before 3.8.4. Root cause: incorrect arguments to functions related to printk input, enabling local users to perform format-string attacks and potentially gain privileges via a crafted application. Impact: local privilege escalation. Remediation: p...
CVE-2014-8481
CVE-2014-8481 affects the Linux kernel KVM arch/x86/kvm/emulate.c; the instruction decoder mishandles invalid instructions, allowing guest OS users to trigger a NULL pointer dereference and host crash via a crafted application that either fetches an invalid instruction or uses too many bytes. Roo...
CVE-2014-9717
Vulnerability CVE-2014-9717 affects the Linux kernel prior to 4.0.2. The flaw is in fs/namespace.c where unmounting (MNT_DETACH) is processed by umount2 without ensuring MNT_LOCKED is unset, allowing local users to bypass access restrictions and access beneath a mount when running in a user names...
CVE-2016-4440
The CVE-2016-4440 issue affects the Linux kernel (up to 4.6.3) in arch/x86/kvm/vmx.c where APICv on/off state is mishandled. This allows guest OS users to access direct host APIC MSRs via x2APIC, enabling potential host denial of service (crash) or arbitrary code execution. A fix exists in the up...
CVE-2019-18810
CVE-2019-18810 affects the Linux kernel before 5.3.8, specifically a memory leak in komeda_wb_connector_add() within drivers/gpu/drm/arm/display/komeda/komeda_wb_connector.c. An attacker can trigger memory growth by causing drm_writeback_connector_init() failures, leading to denial of service via...
CVE-2021-47093
CVE-2021-47093: SUSE advisories SIG- Linux kernel (SUSE SLES/openSUSE) notes a memleak in intel_pmc_core during module init when platform device registration fails. The fix frees the platform device with platform_device_put() to release resources (e.g., device name). Connected documents confirm t...
CVE-2021-47196
CVE-2021-47196 concerns a use-after-free in the Linux kernel mlx5_ib path during QP creation. The issue arises when RDMA/core code presets both receive and send completion queue pointers before forwarding to the driver, then overwrites ibqp properties and continues into the driver path. If mlx5_q...
CVE-2021-47198
CVE-2021-47198 affects the Linux kernel lpfc SCSI lpfc driver. The vulnerability arises when unloading the driver: NLP_REG_LOGIN_SEND is set in lpfc_reg_fab_ctrl_node() but not cleared on login completion, allowing a second call to lpfc_unreg_rpi() to operate with nlp_rpi = LPFC_RPI_ALLOW_ERROR a...
CVE-2021-47239
CVE-2021-47239 : In Linux kernel net/usb, theSmsc75xx driver has a use-after-free in smsc75xx_bind caused by not cleaning up a scheduled work in smsc75xx_reset→smsc75xx_set_multicast. The patch 46a8b29c6306 adds cancel_work_sync and NULLs the dangling pointer (dev->data[0]) to prevent use-afte...
CVE-2021-47294
The CVE-2021-47294 issue affects the Linux kernel NETROM implementation where sock timer handling changed to sock timer API. sk_reset_timer() may increase the sock refcount when called on an inactive timer, so if the timer expires the handler must decrease the refcount to avoid a leak. A patch (c...
CVE-2021-47302
In CVE-2021-47302, the Linux kernel igc driver is affected by a use-after-free during TX ring reset. The fix cleans the next_to_watch descriptor when cleaning the TX ring, preventing a possible free of an skb that was already freed if igc_poll() runs during a reset. The described impact is memory...
CVE-2021-47305
In CVE-2021-47305, the Linux kernel’s dma-buf/sync_file implementation leaks fences on error paths due to missing dma_fence_put() calls when merging fences and in krealloc_array failure. The fix ensures i and the fences array are zero-initialized and that all fences are dma_fence_put() and the fe...
CVE-2021-47340
CVE-2021-47340 is a Linux kernel vulnerability in the JFS subsystem. The issue arises when diFree() processes an inode without a valid ipimap, causing a NULL dereference via JFS_IP(ipimap) and leading to a GFP-related fault. The fix prevents passing an inode with IPIMAP == NULL to diFree, avoidin...
CVE-2021-47447
CVE-2021-47447 : Linux kernel MSM DRM driver (drm/msm/a3xx) fix implemented for incorrect error handling in a3xx_gpu_init. Error paths returned 1 (not a negative errno), risking an Oops; also the ret check for -ENODATA failed since ret could be 1. The connected advisories confirm this as a kernel...
CVE-2021-47503
In CVE-2021-47503, the Linux kernel SCSI pm80xx driver has a fix: do not call scsi_remove_host() inside pm8001_alloc() because scsi_add_host() has not yet been called, which previously could crash with a NULL pointer dereference during device_del. The issue occurs in the pm8001_pci_probe flow lea...
CVE-2021-47512
CVE-2021-47512 is a Linux kernel vulnerability in the net/sched fq_pie implementation. The root cause is that fq_pie_destroy() did not copy the timer handling logic from pie_destroy() and other qdiscs, potentially allowing a timer to rearm after del_timer_sync(&q->adapt_timer). The issue has b...
CVE-2021-47530
CVE-2021-47530: Linux kernel vulnerability in drm/msm where the submitqueue reference leak was not dropped across all paths, notably when the fence had already signaled. The fix (described as extracting a helper to normalize handling across different returns) resolves the leak. Public advisories ...
CVE-2021-47536
CVE-2021-47536 – Linux kernel (net/smc) . A bug in smc_lgr_cleanup_early wrongly deletes the list head instead of the link group from the link group list, causing memory corruption and a list corruption panic. Affected: Linux kernel with SMC subsystem (as described in the provided advisories). Im...
CVE-2021-47604
CVE-2021-47604 concerns a Linux kernel vulnerability in vduse where get_config() failed to bound-check the offset, causing a potential out-of-bounds read when offset > dev->config_size due to unsigned subtraction. The issue is resolved in the Linux kernel (as per the description), with advi...
CVE-2022-2785
CVE-2022-2785 affects the Linux kernel BPF subsystem. The vulnerability arises because constants used to fill pointers in structs passed to bpf_sys_bpf are not verified, allowing an attacker with CAP_BPF to read memory anywhere on the system. Affected systems can face arbitrary memory reads, with...