CVE-2024-36971

CVE-2024-36971 is a Linux kernel vulnerability where __dst_negative_advice() did not enforce correct RCU rules when sk->dst_cache needed clearing, allowing a possible use-after-free. The issue arises from the wrong clearance order relative to dst_release(old_dst); ip6_negative_advice() has spe...

CVE-2019-19062

CVE-2019-19062 describes a memory leak in the crypto_report() function (crypto/crypto_user_base.c) of Linux kernels up to 5.3.11, which can cause denial of service via memory exhaustion when crypto_report_alg() failures occur. The connected documents confirm the vulnerability and its impact but d...

CVE-2019-19462

CVE-2019-19462 affects Linux kernel: relay_open in kernel/relay.c, vulnerable through kernel version 5.4.1, allows local attackers to cause a denial of service (e.g., relay blockage) by triggering a NULL alloc_percpu result. The connected UNITY_LINUX advisories reproduce this description and refe...

CVE-2019-19770

CVE-2019-19770 affects the Linux kernel 4.19.83 and is described as a use-after-free (read) in the debugfs_remove function (fs/debugfs/inode.c), which handles removal of files/dirs created via debugfs. Note: kernel developers dispute this as a debugfs issue, characterizing it as misuse of debugfs...

CVE-2021-33200

CVE-2021-33200 affects the Linux kernel’s eBPF verifier (kernel/bpf/verifier.c) where incorrect limits for pointer arithmetic operations allow out-of-bounds reads/writes in kernel memory, enabling local privilege escalation to root. The issue exists in kernels up to 5.12.7 (upstream). The root ca...

CVE-2022-29581

CVE-2022-29581 : Affected component is the Linux kernel net/sched. The root cause is an Improper Update of Reference Count, enabling a local attacker to escalate privileges to root. The connected Astra Linux bulletin confirms the issue and states it affects Linux kernel versions prior to 5.18, an...

CVE-2020-12464

CVE-2020-12464 is a Linux kernel use-after-free in the USB core path. The vulnerability stems from usb_sg_cancel in drivers/usb/core/message.c where a transfer can occur without a proper reference, enabling a local attacker to potentially crash or execute code. Connected documents confirm this is...

CVE-2020-8428

CVE-2020-8428 refers to a use-after-free in the Linux kernel’s VFS layer (fs/namei.c/vfs core) that can be exploited by a local attacker to cause a denial of service or potentially read kernel memory. Public advisories (Debian DSA-4667/DSA-4667-1) attribute the issue to a may_create_in_sticky use...

CVE-2022-3028

CVE-2022-3028 describes a race condition in the Linux kernel’s IP framework (XFRM) where concurrent calls to xfrm_probe_algs can cause an out-of-bounds read that may be copied into a socket, or an out-of-bounds write, enabling a local attacker to leak kernel memory or crash the kernel. Connected ...

CVE-2019-12382

CVE-2019-12382 affects Linux kernels up to 5.1.5 in drm_load_edid_firmware (drm_edid_load.c). There is an unchecked kstrdup of fwstr, which could lead to a denial of service via a NULL pointer dereference and system crash. The description notes the vendor disputes this as a vulnerability because ...

CVE-2022-47929

CVE-2022-47929 is a Linux kernel vulnerability: a NULL pointer dereference in the traffic control subsystem (affecting qdisc_graft in net/sched/sch_api.c) that allows an unprivileged user to trigger a denial of service (system crash) via crafted tc qdisc/class configurations. Exploitation is loca...

CVE-2023-31436

Summary: CVE-2023-31436 affects the Linux kernel net/sched/qfq subsystem (qfq_change_class in net/sched/sch_qfq.c). The flaw allows a heap/out-of-bounds write because lmax can exceed QFQ_MIN_LMAX, leading to information disclosure, privilege escalation, or denial of service as described in public...

CVE-2023-4389

CVE-2023-4389 concerns a flaw in btrfs_get_root_ref (fs/btrfs/disk-io.c) of the Linux kernel where the reference count is decremented twice. The connected Astra Linux security bulletin confirms the issue affects the Linux kernel used in that distro (linux-5.10) and describes a local-privilege sce...

CVE-2018-5803

CVE-2018-5803 affects the Linux kernel SCTP chunk handling: a length check flaw in _sctp_make_chunk() (net/sctp/sm_make_chunk.c) can trigger a kernel crash/DoS. Affected kernel versions include 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102. Public advisories (Debian, CentOS/Red Hat, Ubunt...

CVE-2020-25212

CVE-2020-25212 affects the NFSv4 client in the Linux kernel and is caused by a TOCTOU mismatch where a size check is performed in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c. This can allow a local attacker to corrupt memory or cause unspecified impacts. The issue is addressed in the upstream k...

CVE-2021-3444

CVE-2021-3444 affects the Linux kernel’s eBPF verifier, where mod32 destination register truncation can be mishandled when the source is known to be zero. This enables a local attacker loading BPF programs to read kernel memory (information disclosure) and potentially perform out-of-bounds writes...

CVE-2021-43976

CVE-2021-43976 affects the Linux kernel, specifically the Marvell mwifiex_usb_recv() function in drivers/net/wireless/marvell/mwifiex/usb.c. A local attacker with access to a crafted USB device can trigger a denial of service (skb_over_panic). The advisory notes the vulnerability exists in kernel...

CVE-2024-26588

CVE-2024-26588 – LoongArch: BPF: Prevent out-of-bounds memory access . Linux kernel BPF JIT compilation on LoongArch can fault while loading large BPF programs (e.g., 2039 insns) due to an out-of-bounds access during build_body/bpf_int_jit_compile sequence, triggering an unhandled page fault. The...

CVE-2021-3656

CVE-2021-3656 describes a flaw in the KVM hypervisor for AMD processors where the L1 guest can provide a VMCB with an improperly validated virt_ext field, allowing the L1 to disable VMLOAD/VMSAVE intercepts and VLS for the L2 guest. This enables the L2 guest to read/write portions of the host’s p...

CVE-2019-3882

CVE-2019-3882 affects the Linux kernel vfio interface: a local user owning a vfio device could abuse DMA mappings to memory and exhaust system memory, enabling a denial of service. Publicly available connected documents confirm the vulnerability and its DoS impact; Debian and other advisories inc...

CVE-2020-36766

The CVE-2020-36766 issue affects the Linux kernel prior to 5.8.6. In drivers/media/cec/core/cec-api.c, memory leakage of one kernel byte to unprivileged users occurs due to directly assigning log_addrs with a hole in the struct. The vulnerability is local (requires local access) and has a low ove...

CVE-2021-3489

CVE-2021-3489 concerns the Linux kernel eBPF RINGBUF: the bpf_ringbuf_reserve() function could allocate a size larger than the ringbuf, enabling out-of-bounds writes and potential arbitrary code execution. The issue was fixed by commit 4b81ccebaeee ("bpf, ringbuf: Deny reserve of buffers larger t...

CVE-2021-4203

CVE-2021-4203 is a Linux kernel use-after-free read flaw in sock_getsockopt() triggered by a race between SO_PEERCRED/SO_PEERGROUPS and listen()/connect(). An authenticated local attacker could crash the system or leak kernel information. The connected IBM advisories document affected products (I...

CVE-2022-28388

CVE-2022-28388 affects the Linux kernel driver usb_8dev_start_xmit (drivers/net/can/usb/usb_8dev.c). The vulnerability is a double free in the function usb_8dev_start_xmit, present up to kernel versions including 5.17.1. Documents reference a commit addressing the issue and mention downstream adv...

CVE-2023-2166

CVE-2023-2166 pertains to a NULL pointer dereference in the Linux kernel CAN protocol (net/can/af_can.c). The issue is that ml_priv may not be initialized in the receive path for CAN frames, enabling a local attacker to crash the system or potentially cause a denial of service via a malformed or ...

CVE-2023-5178

CVE-2023-5178 is a use-after-free vulnerability in the NVMe over Fabrics over TCP subsystem of the Linux kernel, specifically nvmet_tcp_free_crypto in drivers/nvme/target/tcp.c. The logical bug can lead to use-after-free and double-free conditions, with potential remote code execution or local pr...

CVE-2020-27786

CVE-2020-27786 affects the Linux kernel MIDI subsystem (rawmidi) with a use-after-free in the MIDI ioctl handling path. A local attacker with access to issue ioctl commands to MIDI devices could trigger memory corruption, potentially enabling privilege escalation. Public documentation in connecte...

CVE-2021-20322

CVE-2021-20322 relates to a Linux kernel ICMP handling flaw (ICMP fragment needed/redirect) that lets an off-path attacker quickly discover UDP port usage, bypassing UDP source port randomization. The connected advisories confirm this affects the Linux kernel and multiple distributions and mentio...

CVE-2021-30002

The CVE-2021-30002 issue affects the Linux kernel prior to 5.11.3. It is caused by a memory leak in video_usercopy inside drivers/media/v4l2-core/v4l2-ioctl.c when handling large webcam arguments. This memory leak can lead to memory exhaustion on affected systems. Connected advisories (e.g., Debi...

CVE-2021-3573

CVE-2021-3573 is a local-use-after-free vulnerability in the Linux kernel Bluetooth HCI subsystem (function hci_sock_bound_ioctl) where a race between ioct HCIUNBLOCKADDR and hci_unregister_dev() and calls such as hci_sock_blacklist_add()/del(), hci_get_conn_info(), and hci_get_auth_info() can le...

CVE-2022-0854

CVE-2022-0854 is a memory leak flaw in the Linux kernel DMA subsystem (DMA_FROM_DEVICE) that could allow a local authenticated attacker to read random kernel memory, exposing data. The IBM Security Bulletin for IBM Storage Scale System lists CVE-2022-0854 among Linux kernel DMA swiotlb-related is...

CVE-2023-52450

CVE-2023-52450 : In the Linux kernel, a NULL pointer dereference vulnerability exists in perf/x86/intel/uncore when discovering UPI topology. The fix changes topology discovery to obtain the logical socket id rather than the physical id, preventing an out-of-bounds access in upi_fill_topology() v...

CVE-2022-41218

CVE-2022-41218 is a Linux kernel use-after-free in the DVB core (drivers/media/dvb-core/dmxdev.c) caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release. The issue is local, with potential denial of service or privilege escalation as implied by downstream advisories. Public rec...

CVE-2003-0001

The CVE-2003-0001 issue, known as Etherleak, is an information-disclosure vulnerability caused by NIC/device drivers not padding Ethernet frames with null bytes, allowing an adjacent attacker to glimpse memory content from previously transmitted packets. Connected documents show this vulnerabilit...

CVE-2021-20265

CVE-2021-20265 affects the Linux kernel: a memory-leak/DoS bug in unix_stream_recvmsg when a signal is pending can exhaust memory locally. Connected docs reference a fix in the upstream kernel (commit fa0dc04df259ba2df3ce1920e9690c7842f8fa4b4) and later kernel slab-leak fixes for af_unix, indicat...

CVE-2021-43389

CVE-2021-43389 affects the Linux kernel (pre-5.14.15) with an array-index-out-of-bounds flaw in the ISDN CAPI detach_capi_ctr function (kcapi.c). Multiple sources describe this as a local privilege‑escalation/DoS risk, where a privileged attacker could cause memory corruption, DoS, or potentially...

CVE-2019-11486

The CVE-2019-11486 entry describes multiple race conditions in the Siemens R3964 line discipline driver (drivers/tty/n_r3964.c) of the Linux kernel, affecting versions before 5.0.8. This yields local exploitation potential with full confidentiality, integrity, and availability impact. A fix is av...

CVE-2019-20096

CVE-2019-20096 affects the Linux kernel before 5.1, where a memory leak in __feat_register_sp() (net/dccp/feat.c) can lead to denial of service. The Unity Linux Nessus advisories (UTSA-2026-003899/004383/000228) reference the same description block, confirming the issue and impact. No specific pa...

CVE-2020-16166

CVE-2020-16166 affects the Linux kernel by allowing remote observers to infer the network RNG internal state via drivers/char/random.c and kernel/time/timer.c. Affected platforms show fixes across multiple distributions: Debian LTS (linux package updates to 4.9.240-1/ -2; multiple CVEs), IBM advi...

CVE-2022-1184

CVE-2022-1184 affects the Linux kernel ext4 file-system code (fs/ext4/namei.c:dx_insert_block). The flaw is a use-after-free that can be triggered by a local user to cause a denial of service. Astra Linux bulletin also documents this exact issue. The connected documents do not specify a fixed ver...

CVE-2020-14381

CVE-2020-14381 is a vulnerability in the Linux kernel futex implementation. A local attacker can corrupt memory or escalate privileges when creating a futex on a filesystem that is about to be unmounted. The issue is local, with attack vector and conditions described as exploitation requiring loc...

CVE-2021-33655

CVE-2021-33655 is confirmed in the provided documents as an out-of-bounds memory write triggered by malicious data sent via the framebuffer ioctl FBIOPUT_VSCREENINFO in the Linux kernel framebuffer/console path. The issue allows a local user to crash the system and potentially escalate privileges...

CVE-2022-0516

CVE-2022-0516 affects the KVM for s390 in the Linux kernel, specifically the arch/s390/kvm/kvm-s390.c function kvm_s390_guest_sida_op. The vulnerability allows a local user with normal privileges to obtain unauthorized memory write access due to an insufficient check in the KVM s390x release_agen...

CVE-2019-15916

CVE-2019-15916 is for Linux kernel versions before 5.0.1, where a memory leak in register_queue_kobjects() in net/core/net-sysfs.c can cause a denial of service. Publicly referenced by Unity Linux 20 / MiracleLinux AXSA:2020-097:03 advisories and Nessus plugins, which map this CVE to kernel 5.0.1...

CVE-2019-19947

CVE-2019-19947 affects the Linux kernel up to version 5.4.6, where the kvaser_usb_leaf.c driver (drivers/net/can/usb/kvaser_usb) leaks information from uninitialized memory to a USB device (CID-da2311a6385c). Connected advisories corroborate this kernel info-leak issue and link it to the Kvaser C...

CVE-2022-1508

The CVE-2022-1508 entry describes an out-of-bounds read in the Linux kernel io_uring module triggered by certain parameters to io_read(), enabling a local user with low privileges and no user interaction to read memory out of bounds. The provided data notes a MEDIUM base score (6.1, CVSS 3.1) wit...

CVE-2018-19985

CVE-2018-19985 is a Linux kernel vulnerability describing an out-of-bounds read in hso_get_config_data (drivers/net/usb/hso.c) caused by indexing an array with the device-provided if_num. This is a local, kernel-space issue that could lead to a crash. Public IBM advisories for the IBM 4769 toolki...

CVE-2023-38409

CVE-2023-38409 affects the Linux kernel fbcon subsystem (drivers/video/fbdev/core/fbcon.c). The issue arises in set_con2fb_map: an assignment is performed only for the first virtual console, which can desynchronize fbcon_registered_fb and fbcon_display when fbcon_mode_deleted is invoked, leaving ...

CVE-2018-1068

CVE-2018-1068 affects the Linux kernel: the 32-bit compatibility layer for ebtables did not sufficiently validate offset values in a 64-bit kernel. A local attacker with CAP_NET_ADMIN (in a namespace) could use this to overwrite kernel memory, potentially leading to privilege escalation. Public a...

CVE-2020-11608

CVE-2020-11608 affects Linux kernel versions prior to 5.6.1. The issue is a NULL pointer dereference in the ov511_mode_init_regs and ov518_mode_init_regs paths of drivers/media/usb/gspca/ov519.c when there are zero USB endpoints, potentially enabling local denial of service. The vulnerability is ...