Lucene search
K
LinuxLinux Kernel

14403 matches found

CVE
CVE
added 2024/09/18 7:12 a.m.81 views

CVE-2024-46764

CVE-2024-46764 affects Linux kernel’s BPF/BTF handling: btf_name_valid_section() can pass an invalid 1-byte name if name[0] is a NULL byte, enabling an out-of-bounds condition. The fix adds a check for a NULL first byte and that the first character is printable. The initial entry indicates the vu...

7.1CVSS6.5AI score0.00223EPSS
CVE
CVE
added 2024/06/21 10:18 a.m.80 views

CVE-2024-38624

CVE-2024-38624 affects the Linux kernel NTFS3 file system code. The issue arises from using 32-bit arithmetic in a computing expression (for example, vbo = 2 * vbo + skip), risking overflow; the fix is to switch to a 64-bit variable to prevent 32-bit overflow. Multiple advisories (e.g., Ubuntu US...

5.5CVSS6.6AI score0.00222EPSS
CVE
CVE
added 2024/06/21 10:18 a.m.80 views

CVE-2024-38636

CVE-2024-38636 (Linux kernel, f2fs multi-device support) : The issue occurs when using multiple block devices with F2FS where reads on the non-primary device are mapped to the first block (address 0). This causes f2fs_map_blocks() to return a valid zero block address, but f2fs_iomap_begin() treat...

5.5CVSS6.4AI score0.0021EPSS
CVE
CVE
added 2024/06/25 2:25 p.m.80 views

CVE-2024-39461

In Linux kernel CVE-2024-39461, the Raspberry Pi clock code (clk/bcm/clk-raspberrypi.c) accessed the hws array before initializing hws->num, triggering UBSAN array-index-out-of-bounds warnings. The fix moves the initialization of ->num ahead of the first access to ->hws, removing the out...

5.5CVSS7AI score0.00211EPSS
CVE
CVE
added 2024/07/12 12:25 p.m.80 views

CVE-2024-40926

CVE-2024-40926 affects the Linux kernel DRM Nouveau driver. The issue occurs when runtime PM resumes on headless cards that lack display hardware, where hpd_work and hpd_lock are left uninitialized and scheduling hpd_work triggers a BUG. The patch adds a headless flag to DRM and instructs the sys...

5.5CVSS6.5AI score0.00238EPSS
CVE
CVE
added 2024/07/29 2:31 p.m.80 views

CVE-2024-41037

CVE-2024-41037 affects the Linux kernel ASoC: SOF Intel ASoC HDA path. The vulnerability arises during system suspend entry when a stream is active: the core calls hw_params_upon_resume(), and on Intel platforms using HDA DMA this leads to a call chain that hits a null dereference. Specifically, ...

5.5CVSS6.5AI score0.00274EPSS
CVE
CVE
added 2024/07/29 3:52 p.m.80 views

CVE-2024-42071

CVE-2024-42071 is a Linux kernel issue related to the ionic driver where napi_consume_skb() is invoked outside a safe NAPI context. The root cause described in the sources is that a non-NAPI/softirq path should call napi_consume_skb with budget=0, as indicated by the code notes and stack traces (...

5.5CVSS6.5AI score0.0021EPSS
CVE
CVE
added 2024/07/29 3:52 p.m.80 views

CVE-2024-42072

Summary of CVE-2024-42072 (Linux kernel, bpf may_goto with negative offset) The issue, reported through the Linux kernel, stems from two bugs exposed by a syzbot-facilitated bpf program: (1) the patching of may_goto when the offset is negative, which requires a different handling; and (2) a verif...

7.8CVSS6.6AI score0.00226EPSS
CVE
CVE
added 2024/07/29 4:26 p.m.80 views

CVE-2024-42088

CVE-2024-42088 affects Linux kernel ASoC: Mediatek mt8195, where a platform entry for ETDM1_OUT_BE dai link was removed inadvertently, causing a KASAN OOB warning in mtk_soundcard_common_probe() due to an empty platforms array. The fix adds a COMP_EMPTY() entry to ensure dai_link->platforms ha...

7.8CVSS6.7AI score0.00217EPSS
CVE
CVE
added 2024/08/07 3:14 p.m.80 views

CVE-2024-42234

CVE-2024-42234 affects the Linux kernel in the area of memory management, specifically the deferred split and large folio migration path. The root cause is a race during deferred_split_scan() where folios are moved to a local list without proper synchronization, risking double frees and related B...

5.5CVSS6.5AI score0.00184EPSS
CVE
CVE
added 2024/08/07 3:14 p.m.80 views

CVE-2024-42242

In CVE-2024-42242, the Linux kernel mmc: sdhci driver had a mismatch between two checks for max_segment_size. max_size was forced to PAGE_SIZE by blk_queue_max_segment_size() when it was below PAGE_SIZE, while blk_validate_limits() treated a max_segment_size below PAGE_SIZE as an error (returning...

5.5CVSS6.4AI score0.00182EPSS
CVE
CVE
added 2024/08/17 9:21 a.m.80 views

CVE-2024-43844

CVE-2024-43844 affects the Linux kernel’s wifi rt w89 GTK offload path. The issue stems from rtw89_fw_h2c_wow_gtk_ofld handling, where a sk_buff could be oversized, causing skb_panic in net/core/skbuff.c and a kernel crash (BUG at skbuff.c:192). Affected data path: wow GTK offload H2C, leading to...

5.5CVSS6.6AI score0.0018EPSS
CVE
CVE
added 2024/09/04 7:54 p.m.80 views

CVE-2024-44997

CVE-2024-44997 affects the Linux kernel’s net: ethernet: mtk_wed component. The issue is a use-after-free/panic in MT798X when turning down an interface on a band with multiple AP interfaces and WED enabled. The root cause: cb_priv was freed in mtk_wed_setup_tc_block() without nulling the pointer...

7.8CVSS7.3AI score0.00214EPSS
CVE
CVE
added 2024/12/28 9:46 a.m.80 views

CVE-2024-56682

Summary (CVE-2024-56682) : In the Linux kernel RISCV IRQ domain handling, probing the APLIC driver before IMSIC can leave the parent MSI domain missing, causing a NULL pointer dereference in msi_create_device_irq_domain(). The fix defers the APLIC probe until the parent MSI domain is available an...

5.5CVSS6.5AI score0.00224EPSS
CVE
CVE
added 2025/01/15 1:5 p.m.80 views

CVE-2024-57891

The CVE refers to a Linux kernel issue fixed in the sched_ext subsystem: an invalid IRQ restore could occur due to improper conversion of an inner rq_unlock_irqrestore() to rq_unlock() when adding outer irqsave/restore locking in scx_ops_bypass(). This could lead to the IRQs being re-enabled at a...

5.5CVSS6.5AI score0.00175EPSS
CVE
CVE
added 2025/03/12 9:41 a.m.80 views

CVE-2024-58089

CVE-2024-58089 affects the Linux kernel (btrfs) and is due to a double accounting race in btrfs_run_delalloc_range() when it fails. The issue can cause a kernel crash/Oops with a sequence of BTRFS error messages and a kernel panic on configurations where block size is smaller than page size (4K v...

5.5CVSS6.4AI score0.00203EPSS
CVE
CVE
added 2025/02/27 2:7 a.m.80 views

CVE-2025-21709

CVE-2025-21709 (Linux kernel) involves a race in dup_mmap() that can leave an incomplete mm_struct in an unsafe state when forking or mmap-failure paths are hit. The patch adds MMF_OOM_SKIP to avoid iterating vmas on the out‑of‑memory path and MMF_UNSTABLE to prevent use of a partially initialise...

5.5CVSS6.6AI score0.00179EPSS
CVE
CVE
added 2025/02/27 2:12 a.m.80 views

CVE-2025-21751

CVE-2025-21751 affects the Linux kernel net/mlx5 HWS: when a firmware error occurs during the matcher disconnect flow, the kernel previously attempted to reconnect the matcher and could free a matcher that was still on the list, causing use-after-free and a crash. The patch changes the error path...

7.8CVSS6.8AI score0.00212EPSS
CVE
CVE
added 2025/03/27 2:57 p.m.80 views

CVE-2025-21874

CVE-2025-21874 is a Linux kernel vulnerability in dm-integrity, where in Inline mode the journal is unused and journal_sectors can be zero. Calculating the journal watermark divides by journal_sectors, which can trigger an OOPS during a simple dmsetup table query. The issue was observed on some s...

5.5CVSS6.9AI score0.00187EPSS
CVE
CVE
added 2025/04/01 3:47 p.m.80 views

CVE-2025-21965

The CVE-2025-21965 case concerns a Linux kernel sched_ext bug where a BPF scheduler may pass an invalid prev_cpu to scx_bpf_select_cpu_dfl(), outside the valid nr_cpu_ids range. The resulting behavior can crash the kernel. The fix adds validation of prev_cpu in scx_bpf_select_cpu_dfl() and trigge...

5.5CVSS7AI score0.00174EPSS
CVE
CVE
added 2025/05/01 12:55 p.m.80 views

CVE-2025-23153

The CVE-2025-23153 entry is confirmed with concrete details in connected sources: Linux kernel affected area is arm/crc-t10dif, where a bug caused an out-of-scope array access in crc_t10dif_arch(). The issue is fixed by the patch(es) referenced from kernel stable commits, addressing the use-after...

5.5CVSS6.5AI score0.0014EPSS
CVE
CVE
added 2025/05/01 1:7 p.m.80 views

CVE-2025-37779

CVE-2025-37779 pertains to the Linux kernel. A folio refcount bug in lib/iov_iter caused a UAF when an EROFS file-backed mount over 9P (v9fs) on QEMU was exercised, due to pages in bvec being coalesced across a folio boundary. The root cause was inadequate refcount handling for non-slab folios, p...

5.5CVSS6.4AI score0.0013EPSS
CVE
CVE
added 2025/05/20 4:47 p.m.80 views

CVE-2025-37971

CVE-2025-37971 in the Linux kernel, under the staging/bcm2835-camera path, is caused by failing to initialise dev->v4l2_dev.dev, which leads to a NULL pointer dereference in mmal_init. The fix updates bcm2835_mmal_probe to initialise dev->v4l2_dev.dev (instead of relying on v4l2_device_regi...

5.5CVSS6.4AI score0.00146EPSS
CVE
CVE
added 2025/07/03 8:35 a.m.80 views

CVE-2025-38105

CVE-2025-38105 concerns the Linux kernel ALSA USB audio path. The issue arises when the USB-audio MIDI driver’s timer is initialized but the driver is freed without an explicit disconnect, potentially leaving an active timer and triggering a kernel warning under debug builds. The documented fix i...

5.5CVSS7.2AI score0.00157EPSS
CVE
CVE
added 2025/07/03 8:35 a.m.80 views

CVE-2025-38107

CVE-2025-38107: In the Linux kernel, a race in net_sched:ets (ets_qdisc_change) was fixed. The race occurs when a SFQ perturb timer fires at an inopportune moment, enabling underflow of a parent qlen during qdisc operations. The corrective action is to purge the qdisc with qdisc_purge_queue() bef...

7CVSS7AI score0.00126EPSS
CVE
CVE
added 2025/07/03 8:35 a.m.80 views

CVE-2025-38112

CVE-2025-38112 (Linux kernel) : A TOCTOU race in sk_is_readable() can occur when a socket resides in a sockmap. If sk->sk_prot is reloaded after the initial check, sk->sk_prot->sock_is_readable may have become NULL, causing a potential null pointer dereference. The issue stems from the f...

4.7CVSS7.1AI score0.0012EPSS
CVE
CVE
added 2025/07/03 8:35 a.m.80 views

CVE-2025-38120

CVE-2025-38120 affects the Linux kernel netfilter nf_set_pipapo_avx2. The issue: if the first field does not cover the entire start map, the remainder must be zeroed to prevent leaking bits into the next match round map. The early fix was incomplete and only addressed the generic C implementation...

5.5CVSS7.1AI score0.00156EPSS
CVE
CVE
added 2025/07/03 8:35 a.m.80 views

CVE-2025-38136

The CVE-2025-38136 issue in the Linux kernel concerns Renesas USBHS on the RZ/V2H platform. Vulnerable path: in usbhs_probe(), clocks are sometimes not enabled before memory-mapped register access (iowrite16), causing a synchronous external abort. Root cause: initialization sequence in usbhs_prob...

5.5CVSS7AI score0.00172EPSS
CVE
CVE
added 2025/07/03 8:35 a.m.80 views

CVE-2025-38157

Affected software: Linux kernel driver ath9k_htc (wifi). Issue: when an adversarial USB device emits WMI_SWBA_EVENTID before beaconing is enabled, ath9k_htc_swba() may trigger a device-by-zero error causing a crash or out-of-bounds read. Root cause: improper handling of software beacon processing...

7.8CVSS7.1AI score0.00158EPSS
CVE
CVE
added 2025/07/03 8:36 a.m.80 views

CVE-2025-38162

Summary: CVE-2025-38162 is a Linux kernel vulnerability in netfilter/nft_set_pipapo related to overflow in lookup table allocation. The description states the root cause as an overflow-prone calculation when determining the lookup table size. The fix involves guarding the multiplications with ove...

5.5CVSS7.5AI score0.00138EPSS
CVE
CVE
added 2025/07/03 8:36 a.m.80 views

CVE-2025-38170

CVE-2025-38170 concerns the Linux kernel (arm64) FPSIMD/SVE/SME state handling. A race during SME trap handling can cause a preemption race where a task ends up with TIF_SME set and TIF_FOREIGN_FPSTATE cleared while the live hardware state is stale. The provided code path shows a trap handler and...

5.5CVSS7AI score0.00138EPSS
CVE
CVE
added 2025/07/10 8:14 a.m.80 views

CVE-2025-38323

Summary (CVE-2025-38323): In the Linux kernel, the ATM LECS code path (net/atm/lec.c) had a potential use-after-free due to a path that could leave a dangling pointer in dev_lec[] from lecd_attach(). The patch adds a mutex (lec_mutex) to protect dev_lecp[] uses from lecd_attach(), lec_vcc_attach(...

7.8CVSS6.4AI score0.00177EPSS
CVE
CVE
added 2025/07/25 3:27 p.m.80 views

CVE-2025-38455

CVE-2025-38455: Linux kernel KVM-SEV-ES intra-host migration is rejected when vCPU creation is in-flight to prevent SEV-ES VM with non-SEV-ES vCPU. Root cause: vCPU creation runs largely outside kvm->lock, allowing sev_info.es_active to toggle during svm_vcpu_create(), causing issues when free...

5.5CVSS6.2AI score0.00148EPSS
CVE
CVE
added 2025/07/25 3:27 p.m.80 views

CVE-2025-38456

CVE-2025-38456 concerns Linux kernel ipmi:msghandler memory corruption in ipmi_create_user(). The bug is triggered when the ipmi interface iterator (intf) pointer is invalid (correct intf_num not found); calling atomic_dec on this invalid pointer can corrupt memory. A fix updates the intf path (i...

7.8CVSS6.5AI score0.00155EPSS
CVE
CVE
added 2025/07/28 11:21 a.m.80 views

CVE-2025-38489

CVE-2025-38489: In the Linux kernel (s390/BPF), the on-disk description notes that bpf_arch_text_poke() with new_addr == NULL caused intermittent panics; the fix re‑instates the previously removed correction from commit c730fce7c70c, restoring the intended behavior and adding a clarifying comment...

5.5CVSS6.3AI score0.00136EPSS
CVE
CVE
added 2025/07/28 11:22 a.m.80 views

CVE-2025-38495

CVE-2025-38495 affects the Linux kernel HID core: the allocated report buffer did not account for the reserved report ID, causing only 7 bytes guaranteed instead of 8 when the ID isn’t used. This is a local-exploit scenario with a Medium (CVSS 3.1: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) impact as d...

5.5CVSS6.6AI score0.00198EPSS
CVE
CVE
added 2026/03/18 10:5 a.m.80 views

CVE-2026-23243

CVE-2026-23243 is a Linux kernel vulnerability involving RDMA/umad_write, where user-controlled MAD header size mismatch could yield a negative data_len, leading to an out-of-bounds memset in alloc_send_rmpp_list. The issue has a concrete upstream fix that rejects negative data_len before creatin...

7.8CVSS5.7AI score0.00125EPSS
CVE
CVE
added 2026/05/28 9:35 a.m.80 views

CVE-2026-46113

CVE-2026-46113 (Linux kernel KVM x86 shadow paging use-after-free) is a resolved vulnerability in the KVM shadow paging path. The issue arises when the shadow MMU computes GFNs for direct shadow pages using sp->gfn plus the SPTE index and guest page-table modifications between VM entries can c...

8.8CVSS5.7AI score0.00126EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.79 views

CVE-2002-0429

CVE-2002-0429 affects Linux kernels 2.4.18 and earlier on x86, via the iBCS compatibility interface (the lcall path in arch/i386/kernel/traps.c). The vulnerability enables a local unprivileged user to kill arbitrary processes. Connected advisories confirm affected architectures and that patches e...

3.6CVSS6AI score0.00383EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.79 views

CVE-2004-0001

The CVE-2004-0001 issue is described across multiple advisories as a local privilege escalation in the AMD64 Linux kernel ptrace emulation, due to incorrect eflags handling in 32-bit ptrace. Affected: AMD64 Linux kernels; root cause: eflags processing in the ptrace emulation path; impact: local u...

7.2CVSS6.2AI score0.00436EPSS
CVE
CVE
added 2004/02/03 5:0 a.m.79 views

CVE-2004-0003

Technical details for CVE-2004-0003 are not publicly available in the provided documents. No concrete description of affected component, root cause, or remediation is present; monitor for updates from the sources.

4.6CVSS5.8AI score0.00444EPSS
CVE
CVE
added 2004/02/19 5:0 a.m.79 views

CVE-2004-0010

This CVE describes a stack-based buffer overflow in the ncp_lookup function of ncpfs in Linux kernel 2.4.x, enabling local privilege escalation. The provided documents do not specify affected kernel versions beyond 2.4.x, nor remediation or exploit status. No connected documents add concrete tech...

7.2CVSS6.4AI score0.00467EPSS
CVE
CVE
added 2004/04/17 4:0 a.m.79 views

CVE-2004-0181

The CVE-2004-0181 issue is an information leak in the Linux 2.4.x JFS code where in-memory data could be written to the device, allowing a local user to read sensitive information from the raw device. The relevant connected advisories (RHSA-2005:663, CentOS/CESA-2005:663) document this flaw as ad...

2.1CVSS5.1AI score0.00423EPSS
CVE
CVE
added 2004/12/22 5:0 a.m.79 views

CVE-2004-1056

CVE-2004-1056 involves the Direct Rendering Manager (DRM) drivers in Linux kernel 2.6. It is caused by insufficient DMA lock checking, which could allow an authorized client to send arbitrary values to the video card, potentially causing an X server crash or modifying the video output. The vulner...

6.4CVSS5.2AI score0.03268EPSS
CVE
CVE
added 2005/03/18 5:0 a.m.79 views

CVE-2005-0209

CVE-2005-0209 is a Linux kernel netfilter fragmentation flaw that allows a remote attacker to crash the system (DoS) by sending crafted IP fragments. Documented impact is a kernel crash via malformed fragments in the netfilter path of Linux 2.6.x (notably 2.6.8.1). Public advisories confirm vulne...

7.8CVSS5.1AI score0.03274EPSS
CVE
CVE
added 2005/04/12 4:0 a.m.79 views

CVE-2005-1041

The CVE-2005-1041 issue affects the Linux kernel and is caused by the fib_seq_start() function in fib_hash.c, allowing a local attacker to crash the system via /proc/net/route (Denial of Service). Public advisories confirm affected distributions and provide fixes: Ubuntu USN-131-1 upgrades to ker...

2.1CVSS5AI score0.00357EPSS
CVE
CVE
added 2005/08/22 4:0 a.m.79 views

CVE-2005-2459

CVE-2005-2459 affects the Linux kernel prior to 2.6.12.5, where the huft_build function in inflate.c of the zlib routines returns the wrong value. This bug allows remote attackers to crash the kernel via a specially crafted compressed file, causing a null pointer dereference (a denial of service)...

5CVSS5.9AI score0.04626EPSS
CVE
CVE
added 2005/09/22 4:0 a.m.79 views

CVE-2005-3044

CVE-2005-3044 affects the Linux kernel prior to 2.6.13.2. Vulnerabilities arise from (1) fput in a 32-bit ioctl on 64-bit x86 systems and (2) sockfd_put in the 32-bit routing_ioctl function on 64-bit systems, enabling local attackers to trigger a kernel OOPS and cause a denial of service. Remedia...

2.1CVSS5.2AI score0.00422EPSS
CVE
CVE
added 2006/01/23 10:0 p.m.79 views

CVE-2005-3356

CVE-2005-3356 is a kernel vulnerability in Linux 2.6.x where the mq_open system call can be tricked into decrementing an internal counter twice, potentially leading to a kernel panic and local denial of service. The connected documents describe the root cause as a faulty sequence in mntput/dentry...

2.1CVSS4.5AI score0.00437EPSS
CVE
CVE
added 2006/09/19 7:0 p.m.79 views

CVE-2006-4535

CVE-2006-4535 describes a local denial-of-service in the Linux kernel SCTP implementation where a socket with a specific SO_LINGER value can crash the kernel. Affected are kernel versions 2.6.17.10, 2.6.17.11 and 2.6.18-rc5 (and older kernels backported CVE-2006-3745 patches). Public sources (Red...

4.9CVSS7.1AI score0.00434EPSS
Total number of security vulnerabilities14403