13804 matches found
CVE-2025-38439
Summary of CVE-2025-38439 : In the Linux kernel, the bnxt_en driver had a flaw where the DMA unmap length was incorrectly set to 0 when sending an XDP_REDIRECT packet. The underlying issue is in the IOMMU path, where the mismatch could trigger a kernel warning on systems with IOMMU enabled. The p...
CVE-2025-38456
CVE-2025-38456 concerns Linux kernel ipmi:msghandler memory corruption in ipmi_create_user(). The bug is triggered when the ipmi interface iterator (intf) pointer is invalid (correct intf_num not found); calling atomic_dec on this invalid pointer can corrupt memory. A fix updates the intf path (i...
CVE-2025-38462
CVE-2025-38462 affects the Linux kernel vsock subsystem. Root cause is a TOCTOU race in vsock_find_cid() and vsock_dev_do_ioctl() with module unload, where transport_g2h/h2g can become NULL after a NULL check, causing null-pointer derefs. The patch adds vsock_transport_local_cid() to guard agains...
CVE-2025-38476
CVE-2025-38476 affects the Linux kernel. The vulnerability is a use-after-free in rpl_do_srh_inline() caused by accessing ipv6 headers after skb_cow_head(), which could free the header. A fix makes oldhdr a local struct to prevent use-after-free. The issue is documented with a CVSS v3.1 vector (L...
CVE-2025-38489
CVE-2025-38489: In the Linux kernel (s390/BPF), the on-disk description notes that bpf_arch_text_poke() with new_addr == NULL caused intermittent panics; the fix re‑instates the previously removed correction from commit c730fce7c70c, restoring the intended behavior and adding a clarifying comment...
CVE-2025-38495
CVE-2025-38495 affects the Linux kernel HID core: the allocated report buffer did not account for the reserved report ID, causing only 7 bytes guaranteed instead of 8 when the ID isn’t used. This is a local-exploit scenario with a Medium (CVSS 3.1: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) impact as d...
CVE-1999-0720
The set of connected records confirms a Linux-specific vulnerability in the pt_chown utility: local attackers can modify TTY terminal devices that belong to other users, indicating a local privilege/permission misuse at the device level. The description across sources is consistent (pt_chown affe...
CVE-2004-0181
The CVE-2004-0181 issue is an information leak in the Linux 2.4.x JFS code where in-memory data could be written to the device, allowing a local user to read sensitive information from the raw device. The relevant connected advisories (RHSA-2005:663, CentOS/CESA-2005:663) document this flaw as ad...
CVE-2005-1765
The CVE-2005-1765 issue is a local denial of service in the Linux kernel on AMD64 when running in 32‑bit compatibility mode, triggered by syscall() with crafted arguments. Public details across connected docs confirm affected software and fixed packages: Debian’s DSA-922-1 (security advisory) lis...
CVE-2005-2459
CVE-2005-2459 affects the Linux kernel prior to 2.6.12.5, where the huft_build function in inflate.c of the zlib routines returns the wrong value. This bug allows remote attackers to crash the kernel via a specially crafted compressed file, causing a null pointer dereference (a denial of service)...
CVE-2005-2492
CVE-2005-2492 affects the Linux kernel 2.6 series prior to 2.6.13.1. The raw_sendmsg function can be exploited by a local user to cause a denial of service (change hardware state) or read from arbitrary memory via crafted input. Documented in multiple advisories (e.g., Mandriva MDKSA-2005:235; SU...
CVE-2005-2553
CVE-2005-2553 affects Linux kernel 2.4.x before 2.4.29, where a NULL pointer dereference in ptrace32.c's find_target can crash the kernel when tracing a 64-bit executable with 32-bit ltrace. The vulnerability is local and may lead to a kernel oops/crash. Public advisories in connected docs (e.g.,...
CVE-2005-2800
CVE-2005-2800 is a memory leak in the Linux kernel's SCSI procfs sg(devices) interface (for Linux 2.6.13 and earlier). Exploitation arises from repeated reads of /proc/scsi/sg/devices, leading to memory consumption and potential Denial of Service. Publicly documented references describe the issue...
CVE-2005-3106
CVE-2005-3106 is a Linux kernel race condition affecting thread management when memory mappings are shared (CLONE_VM). The issue can lead to a local denial of service via deadlock, e.g., by triggering a core dump or waiting-for-exec scenarios. Connected advisories confirm this CVE across multiple...
CVE-2006-0038
The CVE-2006-0038 issue is a local kernel vulnerability in Linux 2.6.x where arithmetic in netfilter’s do_replace() can overflow a buffer. Exploitation requires CAP_NET_ADMIN rights and is tied to virtualization environments (e.g., OpenVZ). The advisory notes that this can lead to arbitrary code ...
CVE-2006-1343
The connected Debian advisory (DSA-1184-2) confirms CVE-2006-1343 as a local information-leak in the Linux 2.6.8 kernel (kernel-source-2.6.8), caused by an information leak in the getsockopt system call that can let a local user leak potentially sensitive memory to userspace. Affected architectur...
CVE-2006-4623
The vulnerability CVE-2006-4623 affects the Linux kernel DVB ULE decapsulation path: Unidirectional Lightweight Encapsulation (ULE) in dvb-core/dvb_net.c of the kernel 2.6.17.8. A remote attacker can cause a denial of service (crash) by sending a ULE packet with an SNDU length of 0. Public adviso...
CVE-2007-1730
CVE-2007-1730 is a local kernel vulnerability due to an integer signedness error in the DCCP path (do_dccp_getsockopt) affecting Linux kernels 2.6.20 and later. The flaw allows a local user to read kernel memory or trigger a denial of service via a negative optlen. This is confirmed by Red Hat CV...
CVE-2007-3107
The CVE-2007-3107 entry concerns a flaw in the Linux kernel signal handling on PowerPC systems using HTX. The issue allows local users to cause a denial of service via floating point corruption and concurrency issues related to clearing MSR bits, as described in the initial document. Connected so...
CVE-2008-2137
The CVE-2008-2137 entry describes a Linux kernel vulnerability in the SPARC/SPARC64 mmap checks. Affected are Linux kernel 2.4 before 2.4.36.5 and 2.6 before 2.6.25.3, where sparc_mmap_check (arch/sparc/kernel/sys_sparc.c) and sparc64_mmap_check (arch/sparc64/kernel/sys_sparc.c) omit some virtual...
CVE-2010-2525
CVE-2010-2525 involves a flaw in the gfs2 file system’s handling of ACLs. An unprivileged local attacker could exploit this to gain access to, or execute any file stored in, the gfs2 filesystem. The description and multiple connected advisories (Red Hat, SUSE, Ubuntu/NVD references) corroborate t...
CVE-2011-2928
CVE-2011-2928 affects the Linux kernel prior to 3.1-rc3, specifically the befs_follow_link function in fs/befs/linuxvfs.c. The flaw does not validate the length attribute of long symlinks on a malformed Be filesystem, enabling a local attacker to trigger an incorrect pointer dereference and OOPS,...
CVE-2013-3226
CVE-2013-3226 affects the Linux kernel Bluetooth SCO stack: sco_sock_recvmsg() in net/bluetooth/sco.c does not initialize a length variable, allowing local attackers to read kernel stack memory via crafted recvmsg/recvfrom calls. Affected releases are kernels prior to 3.9-rc7; the issue is addres...
CVE-2014-8481
CVE-2014-8481 affects the Linux kernel KVM arch/x86/kvm/emulate.c; the instruction decoder mishandles invalid instructions, allowing guest OS users to trigger a NULL pointer dereference and host crash via a crafted application that either fetches an invalid instruction or uses too many bytes. Roo...
CVE-2017-5550
CVE-2017-5550 describes an off-by-one/error in the Linux kernel pipe_advance function (lib/iov_iter.c) that could allow local attackers to read from uninitialized kernel heap memory via a pipe, before the fixed 4.9.5 release. Connected advisories (EulerOS, Unity Linux) reference kernel versions b...
CVE-2018-11232
The vulnerability CVE-2018-11232 affects the Linux kernel, specifically the etm_setup_aux function in drivers/hwtracing/coresight/coresight-etm-perf.c, and exists in versions prior to 4.10.2. The root cause is that a parameter is incorrectly used as a local variable, which can lead to a denial of...
CVE-2021-47088
CVE-2021-47088 concerns the Linux kernel where the DAMON debugfs interface could trigger a use-after-free by destructing monitoring targets without holding the required lock. The root cause was iterating targets in dbgfs_target_ids_read() while also destroying them in dbgfs_before_terminate() wit...
CVE-2021-47242
CVE-2021-47242 affects the Linux kernel and is tied to a fix for an issue in MPTCP subflow error reporting. The root cause was a soft lookup caused when subflow_error_report() attempted to acquire mptcp_data_lock across call paths that could already hold other locks, triggering a soft lockup unde...
CVE-2021-47300
CVE-2021-47300 – Linux kernel (bpf tail_call_reachable bug) Affects: Linux kernel with BPF tail-call support in interpreter/JIT paths. The issue arises when tail_call_reachable was not properly propagated during JIT/epilogue handling, due to a tracker added in check_max_stack_depth(), causing tai...
CVE-2021-47303
CVE-2021-47303 affects the Linux kernel BPF subsystem. The root cause is improper lifecycle management of the poke descriptor table (aux->poke_tab) associated with BPF prog objects, which can be freed while still referenced by a map’s subprograms. This creates a use-after-free when map_poke_ru...
CVE-2021-47524
CVE-2021-47524 : In the Linux kernel, the serial driver (liteuart) leaked a minor number on probe errors. The fix ensures the allocated minor number is released before returning from probe errors. This entry is tied to kernel versions affected by the liteuart minor-number leak and has been resolv...
CVE-2021-47567
CVE-2021-47567 describes a Linux kernel vulnerability in the powerpc/32 code where a vmap stack overflow could lead to a hard lockup when the data MMU is not active. The root cause is that emergency_ctx was accessed with a virtual address during MMU inactivity; the fix uses a physical address ins...
CVE-2022-48714
Summary of CVE-2022-48714 : The Linux kernel vulnerability arises in the ringbuffer mapping used by BPF. The root cause is a Kasan-related mislabeling where mappings created from allocated pages were treated as VM_ALLOC, triggering out-of-bounds reports after vmap() when KASAN is enabled. The fix...
CVE-2022-48718
CVE-2022-48718 concerns a NULL pointer dereference in the Linux kernel’s drm mxsfb driver. The vulnerability arises when drm_atomic_get_new_bridge_state can return a NULL pointer, which mxsfb may dereference. A fix was implemented that avoids dereferencing a NULL by assuming a fixed format instea...
CVE-2022-48730
CVE-2022-48730 affects the Linux kernel: dma-buf heaps vulnerability where a user-supplied index could be treated as a potential Spectre v1 gadget, risking leakage of kernel memory to userspace through speculative execution. The fixed issue is described as preventing leakage by using array_index_...
CVE-2022-48746
In CVE-2022-48746, the Linux kernel mlx5e bond netevent path incorrectly verified netdev origin: the code only checked for a VF representor and lacked a check that the VF representor was on the same physical device as the bond handling the netevent. The fix adds the missing check and optimizes th...
CVE-2022-48774
CVE-2022-48774 affects the Linux kernel dmaengine/ptdma path. The issue is in pt_core_init() where resource freeing in the error path could leak resources or release unallocated items. The fix switches two goto targets in the error handling path to ensure proper resource cleanup, and relocates a ...
CVE-2022-48807
CVE-2022-48807 concerns the Linux kernel ice driver and the LAG NETDEV_UNREGISTER notifier path. The issue arises because the same notifier handler was invoked for both NETDEV_BONDING_INFO LAG unlink and NETDEV_UNREGISTER events, passing a netdev_notifier_info structure that differs between event...
CVE-2022-48833
CVE-2022-48833 involves the btrfs code in the Linux kernel. After patches addressing: (1) btrfs: clear extent buffer uptodate when we fail to write it and (2) btrfs: check WRITE_ERR when reading an extent buffer, unmounts could leave space reservations in block groups/log tree extents uncleared i...
CVE-2022-48899
CVE-2022-48899 is a Linux kernel vulnerability in drm/virtio causing a use-after-free (UAF) during GEM handle creation. An attacker could guess a GEM handle value and race creation with handle close, leading to dereferencing an object after its reference is dropped. The issue's root cause is that...
CVE-2022-48926
CVE-2022-48926 affects the Linux kernel USB gadget rndis path. The vulnerability arises from a missing spinlock protecting the rndis response list, enabling potential list corruption when two list_add operations occur concurrently. The provided traces show corruption of next->prev and a corres...
CVE-2022-49064
CVE-2022-49064 affects the Linux kernel's cachefiles code. The issue is an in-use flag leakage in error paths: in cachefiles_open_file(), an in-use flag could leak and cause the system to log “Inode already in use” on subsequent lookups; in cachefiles_create_tmpfile() this leakage could occur wit...
CVE-2022-49192
Technical details about CVE-2022-49192 are not publicly available in the provided Connected documents. The CVE entry describes a fix in cpsw but lacks vendor/product/version specifics, exploit info, or remediation steps beyond the general change. Monitor for updates.
CVE-2022-49338
CVE-2022-49338 affects the Linux kernel in the Mellanox mlx5 core path: CT cleanup happens after TC ct rules cleanup, risking use-after-free of CT shared resources when uplink cleanup ordering is reversed. The resolved description states the fix is to reverse the cleanup/init order so that TC cle...
CVE-2022-49406
The CVE-2022-49406 entry is active in Linux kernel and concerns a deadlock in blk_ia_range_sysfs_show() caused by unnecessary use of the queue sysfs lock during reads. The fix, as described in the sources, is to remove the mutex_lock()/mutex_unlock() calls from blk_ia_range_sysfs_show(), since th...
CVE-2022-49665
CVE-2022-49665 affects the Linux kernel (platform/x86: thinkpad_acpi) and is caused by a memory leak in EFCH MMIO resource handling: release_resource() does not free the resource as release_mem_region() would, so the resource must be freed explicitly to avoid leaks. The issue is addressed by a ke...
CVE-2022-49682
CVE-2022-49682 is a Linux kernel issue: in xtensa, a refcount leak bug in time.c occurred where calibrate_ccount() could return a node with an incremented refcount. The fix requires using of_node_put() when the node is no longer used (to avoid a leak). Connected advisories (Astra Linux and Unity/...
CVE-2022-49767
CVE-2022-49767 affects the Linux kernel 9p/trans_fd path. The issue arises because p9_mux_poll_stop() could fail to interrupt blocking kernel_read()/kernel_write() on pipes due to fd_open() not setting O_NONBLOCK, whereas socket paths already use O_NONBLOCK. A minimal patch makes O_NONBLOCK alway...
CVE-2022-49783
CVE-2022-49783 — In the Linux kernel, the issue arises when fpu_inherit_perms() is invoked under fpregs_lock() in PREEMPT_RT builds, causing a sleeping function to be called from an atomic context due to spin_lock_irq() usage. The root cause is that fpu_state_size_dynamic() can return true even t...
CVE-2022-49792
CVE-2022-49792 corresponds to a Linux kernel vulnerability in the iio: adc MP2629 driver. The issue is a potential array out-of-bounds access, mitigated by adding a sentinel at the end of maps in the iio core. Affected component is the IIO subsystem’s mp2629 ADC path; root cause is improper bound...