Lucene search
K
LinuxLinux Kernel

14330 matches found

CVE
CVE
added 2004/04/16 4:0 a.m.78 views

CVE-2004-0177

CVE-2004-0177 affects Linux 2.4.x (before 2.4.26) due to improper initialization of journal descriptor blocks in ext3, causing an information leak where in-memory kernel data could be written to the device and read back via raw-device access. Impact: privileged users could obtain portions of kern...

5CVSS5.7AI score0.02603EPSS
CVE
CVE
added 2004/04/17 4:0 a.m.78 views

CVE-2004-0181

The CVE-2004-0181 issue is an information leak in the Linux 2.4.x JFS code where in-memory data could be written to the device, allowing a local user to read sensitive information from the raw device. The relevant connected advisories (RHSA-2005:663, CentOS/CESA-2005:663) document this flaw as ad...

2.1CVSS5.1AI score0.00423EPSS
CVE
CVE
added 2005/01/20 5:0 a.m.78 views

CVE-2004-1237

CVE-2004-1237 : A vulnerability in the system call filtering code of the Red Hat Enterprise Linux 3 audit subsystem could allow a local user to cause a denial of service (system crash) when auditing is enabled. The issue is addressed in the Red Hat kernel security advisory RHSA-2005:043, which up...

2.1CVSS6.3AI score0.00358EPSS
CVE
CVE
added 2005/08/22 4:0 a.m.78 views

CVE-2005-2459

CVE-2005-2459 affects the Linux kernel prior to 2.6.12.5, where the huft_build function in inflate.c of the zlib routines returns the wrong value. This bug allows remote attackers to crash the kernel via a specially crafted compressed file, causing a null pointer dereference (a denial of service)...

5CVSS5.9AI score0.04626EPSS
CVE
CVE
added 2005/09/14 4:0 a.m.78 views

CVE-2005-2492

CVE-2005-2492 affects the Linux kernel 2.6 series prior to 2.6.13.1. The raw_sendmsg function can be exploited by a local user to cause a denial of service (change hardware state) or read from arbitrary memory via crafted input. Documented in multiple advisories (e.g., Mandriva MDKSA-2005:235; SU...

3.6CVSS5.6AI score0.00454EPSS
CVE
CVE
added 2005/09/22 4:0 a.m.78 views

CVE-2005-3044

CVE-2005-3044 affects the Linux kernel prior to 2.6.13.2. Vulnerabilities arise from (1) fput in a 32-bit ioctl on 64-bit x86 systems and (2) sockfd_put in the 32-bit routing_ioctl function on 64-bit systems, enabling local attackers to trigger a kernel OOPS and cause a denial of service. Remedia...

2.1CVSS5.2AI score0.00422EPSS
CVE
CVE
added 2005/09/30 4:0 a.m.78 views

CVE-2005-3106

CVE-2005-3106 is a Linux kernel race condition affecting thread management when memory mappings are shared (CLONE_VM). The issue can lead to a local denial of service via deadlock, e.g., by triggering a core dump or waiting-for-exec scenarios. Connected advisories confirm this CVE across multiple...

4.7CVSS4.8AI score0.00288EPSS
CVE
CVE
added 2005/10/20 4:0 a.m.78 views

CVE-2005-3271

CVE-2005-3271 affects the Linux kernel 2.6 series. Description and multiple advisories (SUSE, Debian, Mandriva) show exec() does not properly clear posix-timers in multi-threaded environments, causing a resource leak. This can enable a large number of local users to cause a denial of service by e...

2.1CVSS5.5AI score0.00421EPSS
CVE
CVE
added 2006/03/21 6:0 p.m.78 views

CVE-2006-1343

The connected Debian advisory (DSA-1184-2) confirms CVE-2006-1343 as a local information-leak in the Linux 2.6.8 kernel (kernel-source-2.6.8), caused by an information leak in the getsockopt system call that can let a local user leak potentially sensitive memory to userspace. Affected architectur...

2.1CVSS7AI score0.0042EPSS
CVE
CVE
added 2006/10/03 11:0 p.m.78 views

CVE-2006-5158

CVE-2006-5158 affects the Linux kernel’s NFS lockd (nlmclnt_mark_reclaim in clntlock.c). The connected advisories (RHSA-2007-0488, CESAs for RHEL/CentOS, SL) describe a vulnerability in NFS locking daemon that can cause a denial of service (deadlock) or kernel oops via NULL dereference, allowing ...

7.5CVSS7.1AI score0.03473EPSS
CVE
CVE
added 2007/02/06 7:0 p.m.78 views

CVE-2007-0006

The CVE-2007-0006 issue affects Linux kernels 2.6.9 through 2.6.20 in the key_alloc_serial code, where a fault in the key serial number collision avoidance can be triggered by a local user, leading to a crash via a NULL pointer dereference (local DoS). The vulnerability is documented across multi...

1.9CVSS5.7AI score0.00362EPSS
CVE
CVE
added 2007/03/28 10:0 a.m.78 views

CVE-2007-1730

CVE-2007-1730 is a local kernel vulnerability due to an integer signedness error in the DCCP path (do_dccp_getsockopt) affecting Linux kernels 2.6.20 and later. The flaw allows a local user to read kernel memory or trigger a denial of service via a negative optlen. This is confirmed by Red Hat CV...

6.6CVSS5.7AI score0.00773EPSS
CVE
CVE
added 2008/11/10 4:0 p.m.78 views

CVE-2008-5033

The CVE-2008-5033 issue affects the Linux kernel: the chip_command function in drivers/media/video/tvaudio.c is vulnerable in 2.6.25.x before 2.6.25.19, 2.6.26.x before 2.6.26.7, and 2.6.27.x before 2.6.27.3, enabling a denial of service via NULL function pointer dereference (OOPS). Patches are r...

7.8CVSS6.9AI score0.02589EPSS
CVE
CVE
added 2009/05/05 8:0 p.m.78 views

CVE-2009-1184

CVE-2009-1184 affects the Linux kernel’s SELinux subsystem: the function security/selinux/hooks.c (selinux_ip_postroute_iptables_compat) omits avc_has_perm checks for the node and port when compat_net is enabled, allowing local users to bypass certain network-traffic restrictions. Impact is parti...

4.4CVSS4.2AI score0.00349EPSS
CVE
CVE
added 2010/04/12 6:0 p.m.78 views

CVE-2010-0741

CVE-2010-0741 affects the Linux kernel in the virtio-net driver when used with qemu-kvm 0.11.0 or KVM, allowing a remote attacker to crash the guest OS by sending a large volume of TCP traffic due to an improper TCP Segment Offloading (TSO) handling in virtio-net. The issue is triggered by a flaw...

7.8CVSS6.4AI score0.03518EPSS
CVE
CVE
added 2010/03/31 5:35 p.m.78 views

CVE-2010-1187

The CVE-2010-1187 issue affects the Linux kernel TIPc (Transparent Inter-Process Communication) implementation, reported for kernel versions 2.6.16-rc1 through 2.6.33 (and potentially other versions). The vulnerability allows a local user to trigger a NULL pointer dereference and cause a kernel O...

4.9CVSS6.3AI score0.00416EPSS
CVE
CVE
added 2012/05/17 10:0 a.m.78 views

CVE-2011-4611

The CVE-2011-4611 entry relates to the Linux kernel on POWERPC where an integer overflow in perf_event_interrupt (arch/powerpc/kernel/perf_event.c) before version 2.6.39 can allow a local user to trigger a denial of service via performance-event handling. Affected: Linux kernel releases prior to ...

4.9CVSS6.2AI score0.00397EPSS
CVE
CVE
added 2013/09/13 6:0 p.m.78 views

CVE-2013-2896

The CVE-2013-2896 issue affects the Linux kernel HID driver: drivers/hid/hid-ntrig.c, applicable when CONFIG_HID_NTRIG is enabled, up to kernel version 3.11. It allows physically proximate attackers to trigger a denial of service (NULL pointer dereference and OOPS) via a crafted HID device. Explo...

4.7CVSS5.9AI score0.0038EPSS
CVE
CVE
added 2013/04/22 10:0 a.m.78 views

CVE-2013-3076

CVE-2013-3076 affects the Linux kernel prior to or up to 3.9-rc8, where the crypto API does not initialize certain length variables. This allows local attackers to read kernel stack memory via crafted recvmsg/recvfrom calls, related to hash_recvmsg (crypto/algif_hash.c) and skcipher_recvmsg (cryp...

4.9CVSS6.8AI score0.00354EPSS
CVE
CVE
added 2013/09/25 10:0 a.m.78 views

CVE-2013-4300

CVE-2013-4300 affects the Linux kernel (pre-3.11). The vulnerability arises from a faulty capability check in scm_check_creds() in net/core/scm.c that uses an incorrect namespace, enabling local users to gain privileges via PID spoofing. Impact: local privilege escalation with complete confidenti...

7.2CVSS5.9AI score0.00422EPSS
CVE
CVE
added 2016/08/30 5:0 p.m.78 views

CVE-2016-5342

The CVE-2016-5342 entry describes a heap-based buffer overflow in the wcnss_wlan_write function of the Linux kernel 3.x wcnss_wlan driver (drivers/net/wireless/wcnss/wcnss_wlan.c) used in Qualcomm QuIC MSM Android contributions. An attacker could trigger a denial of service or potentially other i...

7.8CVSS7.9AI score0.00511EPSS
CVE
CVE
added 2017/03/08 1:0 a.m.78 views

CVE-2017-0523

CVE-2017-0523 is an elevation-of-privilege vulnerability in the Qualcomm Wi‑Fi driver that could allow a local malicious app to execute arbitrary code in the kernel. The CVSS3 vector indicates LOCAL access, high complexity, no privileges required, but user interaction is required; root cause is e...

7.6CVSS6.7AI score0.00746EPSS
CVE
CVE
added 2017/06/19 4:0 p.m.78 views

CVE-2017-1000377

CVE-2017-1000377 concerns a vulnerability in PAX Linux where the default stack guard page is too small and can be bypassed, allowing a bypass of stack protections. The core details indicate this affects PAX Linux kernel versions as of 19 June 2017, originally from GRSecurity and shipped by other ...

5.9CVSS5.6AI score0.00388EPSS
CVE
CVE
added 2024/04/10 6:56 p.m.78 views

CVE-2021-47190

Concrete details from the connected docs show CVE-2021-47190 affects the Linux kernel’s perf/bpf path. The issue is a memory leak in perf_env__insert_btf() when a duplicate BTF id is encountered; code was changed to have perf_env__insert_btf() return a success/error value and to free memory if in...

5.5CVSS6.6AI score0.00232EPSS
CVE
CVE
added 2024/04/10 6:56 p.m.78 views

CVE-2021-47193

CVE-2021-47193 affects the Linux kernel SCSI PM80XX driver (pm80xx) where memory allocated by the module is not fully freed on rmmod, causing a memory leak during driver removal. The vulnerability is resolved in Linux kernel code by properly freeing memory when the module is removed. The CVE has ...

5.5CVSS6.4AI score0.00225EPSS
CVE
CVE
added 2024/04/10 6:56 p.m.78 views

CVE-2021-47204

CVE-2021-47204 affects the Linux kernel’s net: dpaa2-eth driver. The flaw is a use-after-free in dpaa2_eth_remove where access to a freed netdev occurs. The fix moves the debug log to occur before free_netdev(), preventing use-after-free. Public descriptions in connected advisories (AstraLinux, U...

7.8CVSS6.4AI score0.00227EPSS
CVE
CVE
added 2024/05/21 2:19 p.m.78 views

CVE-2021-47242

CVE-2021-47242 affects the Linux kernel and is tied to a fix for an issue in MPTCP subflow error reporting. The root cause was a soft lookup caused when subflow_error_report() attempted to acquire mptcp_data_lock across call paths that could already hold other locks, triggering a soft lockup unde...

7.8CVSS7.4AI score0.00187EPSS
CVE
CVE
added 2024/05/21 2:19 p.m.78 views

CVE-2021-47263

CVE-2021-47263 is a Linux kernel issue in the gpio-wcd934x driver where a shift-out-of-bounds UBSAN error occurred due to using BIT(n-1) for pins 0–4, leading to an out-of-bounds shift in gpio-wcd934x.c:34:14. The vulnerability has been resolved by a patch to correct the bit-mask handling (pins 0...

5.5CVSS6.7AI score0.00225EPSS
CVE
CVE
added 2024/05/21 2:35 p.m.78 views

CVE-2021-47290

CVE-2021-47290 is a Linux kernel vulnerability in the SCSI target path where a NULL dereference could occur during XCOPY completion. The issue arises from CPU affinity changes that allow target_complete_cmd() to queue work on a CPU determined by se_tpg_wwn->cmd_compl_affinity. In the special c...

5.5CVSS6.5AI score0.00193EPSS
CVE
CVE
added 2024/05/21 3:4 p.m.78 views

CVE-2021-47415

CVE-2021-47415 affects the Linux kernel’s iwlwifi mvm code. The vulnerability is a potential NULL pointer dereference in __iwl_mvm_remove_time_event(), mitigated by checking te_data->vif for NULL before dereferencing. The issue is resolved by the kernel patch referenced in the initial descript...

5.5CVSS6.8AI score0.00194EPSS
CVE
CVE
added 2024/04/28 1:1 p.m.78 views

CVE-2022-48663

CVE-2022-48663 affects the Linux kernel, specifically the GPIO mockup debugfs handling. The vulnerability arises when unbinding a driver: debugfs entries are removed globally before platform devices are unregistered, which can lead to a NULL pointer dereference on module exit. The disclosed fix u...

5.5CVSS6.5AI score0.00226EPSS
CVE
CVE
added 2024/06/20 11:13 a.m.78 views

CVE-2022-48718

CVE-2022-48718 concerns a NULL pointer dereference in the Linux kernel’s drm mxsfb driver. The vulnerability arises when drm_atomic_get_new_bridge_state can return a NULL pointer, which mxsfb may dereference. A fix was implemented that avoids dereferencing a NULL by assuming a fixed format instea...

5.5CVSS6.9AI score0.00207EPSS
CVE
CVE
added 2024/06/20 11:13 a.m.78 views

CVE-2022-48727

The CVE-2022-48727 entry concerns a Linux kernel KVM arm64 issue: when non-IRQ exceptions occur, ESR_EL2 is updated and used to detect if an HVC occurred, potentially mis-updating ELR_EL2 if an SError was synchronised and later re-executing guest instructions. The fix ensures ARM_EXCEPTION_CODE()...

5.5CVSS6.4AI score0.00225EPSS
CVE
CVE
added 2024/06/20 11:13 a.m.78 views

CVE-2022-48767

CVE-2022-48767 affects the Linux kernel and relates to a leak of the ceph_string reference after an async create attempt. The description in the initial document states that the reference acquired by try_prep_async_create is leaked and must be put back, and connected sources (Astra Linux bulletin...

5.5CVSS6.9AI score0.00217EPSS
CVE
CVE
added 2024/07/16 11:13 a.m.78 views

CVE-2022-48780

CVE-2022-48780 (Linux kernel) : The vulnerability in net/smc arises from overwriting clcsock callback function pointers during multiple fallbacks, which can create a loop: clcsk->sk_error_report → smc_fback_error_report → smc_fback_forward_wakeup → clcsock_callback overwritten → smc->clcsk_...

5.5CVSS6.6AI score0.00225EPSS
CVE
CVE
added 2024/07/16 12:25 p.m.78 views

CVE-2022-48844

The CVE-2022-48844 entry refers to a Linux kernel Bluetooth issue in the hci_core subsystem: sent_cmd memory is leaked when freeing hci_dev, causing a memory leak. This is a local, low-privilege exposure with high availability impact as per the CVSS data. Connected advisories confirm a fixed fix ...

5.5CVSS6.3AI score0.00222EPSS
CVE
CVE
added 2024/07/16 12:25 p.m.78 views

CVE-2022-48848

CVE-2022-48848 affects the Linux kernel tracing/osnoise workflow. Concrete detail: the issue is caused by unregistering tracepoints twice when stopping tracing (osnoise_workload_stop) and switching tracer to nop, leading to a kernel warning about unregistering an unregistered tracepoint. The conn...

7.8CVSS7.3AI score0.00217EPSS
CVE
CVE
added 2024/08/21 6:10 a.m.78 views

CVE-2022-48899

CVE-2022-48899 is a Linux kernel vulnerability in drm/virtio causing a use-after-free (UAF) during GEM handle creation. An attacker could guess a GEM handle value and race creation with handle close, leading to dereferencing an object after its reference is dropped. The issue's root cause is that...

4.7CVSS6.5AI score0.00233EPSS
CVE
CVE
added 2025/02/26 1:54 a.m.78 views

CVE-2022-49067

CVE-2022-49067 is about a Linux kernel issue where virt_addr_valid() incorrectly returned true for vmalloc addresses in 64-bit Book3E (and related 32-bit behavior). Investigations across multiple advisories (NVD, Red Hat, Debian OSV, Unity/NASL/Nessus plugins) describe the root cause: __pa() can ...

5.5CVSS5.4AI score0.00247EPSS
CVE
CVE
added 2025/02/26 1:54 a.m.78 views

CVE-2022-49069

The CVE-2022-49069 issue affects the Linux kernel’s DRM AMD Display path, where a general protection fault was observed when WebGL Aquarium ran for extended periods. The provided technical details show the root cause as a calculation/validation path in dcn30_internal_validate_bw, leading to fault...

5.5CVSS5.4AI score0.00245EPSS
CVE
CVE
added 2025/02/26 1:55 a.m.78 views

CVE-2022-49184

The CVE-2022-49184 issue affects the Linux kernel under net: sparx5: switchdev, where a NULL pointer dereference could occur if devm_kzalloc() returns NULL and the code dereferences the pointer. The description across connected sources indicates the vulnerability was resolved in the Linux kernel ...

5.5CVSS5.4AI score0.00245EPSS
CVE
CVE
added 2025/02/26 1:55 a.m.78 views

CVE-2022-49210

The CVE-2022-49210 issue is a Linux-kernel memory-leak in the MIPS pgalloc path. The generic pgd_free() freed only one pgd page, but on 64‑bit systems with PAGE_SIZE_4KB and without MIPS_VA_BITS_48 the PGD_TABLE spans two pages; this mismatch leaks memory. MemFree behavior can reveal the leak. Ro...

5.5CVSS5.4AI score0.00245EPSS
CVE
CVE
added 2025/02/26 2:10 a.m.78 views

CVE-2022-49338

CVE-2022-49338 affects the Linux kernel in the Mellanox mlx5 core path: CT cleanup happens after TC ct rules cleanup, risking use-after-free of CT shared resources when uplink cleanup ordering is reversed. The resolved description states the fix is to reverse the cleanup/init order so that TC cle...

5.5CVSS5.4AI score0.00209EPSS
CVE
CVE
added 2025/02/26 2:13 a.m.78 views

CVE-2022-49510

CVE-2022-49510 concerns a Linux kernel issue in the DRM/OMAP driver where a NULL pointer (r_ovl) dereference occurs when accessing ovl->idx, triggering a NULL-deref in omap_overlay.c. The vulnerability stems from a coccicheck warning that was fixed by correcting r_ovl->idx to ovl->idx. T...

5.5CVSS5.4AI score0.00243EPSS
CVE
CVE
added 2025/02/26 2:13 a.m.78 views

CVE-2022-49528

CVE-2022-49528 pertains to the Linux kernel: the dw9714 I2C regulator driver regression during probe could leave the regulator enabled, triggering a warning path in regulator core and a failed probe. The vulnerability arises from not disabling the regulator in error handling, which can lead to a ...

5.5CVSS5.3AI score0.00211EPSS
CVE
CVE
added 2025/05/01 2:9 p.m.78 views

CVE-2022-49786

The CVE-2022-49786 issue affects the Linux kernel’s blk-cgroup subsystem. Root cause: blkcg_css_online incorrectly pinned the parent after a 397c9f46 refactor, pinning the css instead of the parent blkcg, which leads to extra pins and leakage of blkcgs and cgroups. Impact stated: leakage of blkcg...

5.5CVSS6.5AI score0.0014EPSS
CVE
CVE
added 2025/05/01 2:9 p.m.78 views

CVE-2022-49792

CVE-2022-49792 corresponds to a Linux kernel vulnerability in the iio: adc MP2629 driver. The issue is a potential array out-of-bounds access, mitigated by adding a sentinel at the end of maps in the iio core. Affected component is the IIO subsystem’s mp2629 ADC path; root cause is improper bound...

7.1CVSS6.5AI score0.0017EPSS
CVE
CVE
added 2025/05/01 2:9 p.m.78 views

CVE-2022-49797

CVE-2022-49797 concerns the Linux kernel tracing subsystem. The vulnerability is a potential NULL pointer dereference in the kprobe path: when trace_get_event_file() fails, gen_kretprobe_test may be marked as the error code, and if the kprobe_event_gen_test module is removed, a dereference can oc...

5.5CVSS6.4AI score0.00165EPSS
CVE
CVE
added 2025/05/01 2:9 p.m.78 views

CVE-2022-49801

CVE-2022-49801 is a Linux kernel vulnerability tied to the tracing subsystem, specifically a memory leak in tracing_read_pipe() that can trigger a kmemleak-unreferenced-object issue. The linked OpenVAS/Nessus entries and EulerOS advisories (EulerOS-SA-2025-2546, EulerOS-SA-2025-2296, etc.) list t...

5.5CVSS6.5AI score0.00164EPSS
CVE
CVE
added 2025/05/01 2:9 p.m.78 views

CVE-2022-49834

CVE-2022-49834 concerns a use-after-free in nilfs2 when downgrading to read-only and remounting read/write, risking access to a freed nilfs_writer. The issue arises during a race between log-writer detachment and remount/downgrade, potentially allowing a Task1 thread to dereference a freed pointe...

7.8CVSS6.5AI score0.0019EPSS
Total number of security vulnerabilities14330