13804 matches found
CVE-2005-2709
The CVE-2005-2709 issue affects the Linux kernel's sysctl.c in kernels prior to 2.6.14.1. Local users could exploit a window created by opening an interface file under /proc/sys/net/ipv4/conf/, wait for the interface to unregister, then read/modify function pointers in memory used for the ctl_tab...
CVE-2005-2872
The CVE pertains to the ipt_recent kernel module (ipt_recent.c) in Linux kernels before 2.6.12. On 64-bit CPUs (e.g., AMD64), remote attackers can trigger a kernel panic (DoS) via SSH brute-force-style inputs, due to a length argument based on u_int32_t operating on an array of unsigned long elem...
CVE-2005-3105
CVE-2005-3105 affects the Linux kernel 2.6 on Itanium IA-64 Montecito (IA-64) where the mprotect code may lose cache coherency, enabling local users to cause a denial of service and possibly corrupt data by modifying PTE protections. Public advisories in connected documents (e.g., Debian DSA-922,...
CVE-2005-3274
CVE-2005-3274 is a race condition in the Linux kernel’s SMP path for ip_vs_conn_flush, where a connection timer can expire while the connection table is being flushed before the correct lock is held. Affects Linux 2.6.x (before 2.6.13) and 2.4.x (before 2.4.32-pre2). Local users could trigger a n...
CVE-2005-3783
CVE-2005-3783 affects the Linux kernel 2.6 before 2.6.14.2. The vulnerability lies in the ptrace.c implementation (ptrace functionality) where CLONE_THREAD can attach to a process without validating the thread group ID, allowing a local user to trigger a crash (Denial of Service). The issue is lo...
CVE-2006-2934
CVE-2006-2934 is a kernel-level DoS in SCTP conntrack (netfilter) for Linux kernels 2.6.17 before 2.6.17.3 and 2.6.16 before 2.6.16.23, where a crafted packet without chunks can trigger a value bug leading to a NULL dereference and crash. The connected advisories reference upstream kernel patches...
CVE-2006-5158
CVE-2006-5158 affects the Linux kernel’s NFS lockd (nlmclnt_mark_reclaim in clntlock.c). The connected advisories (RHSA-2007-0488, CESAs for RHEL/CentOS, SL) describe a vulnerability in NFS locking daemon that can cause a denial of service (deadlock) or kernel oops via NULL dereference, allowing ...
CVE-2006-6056
CVE-2006-6056 affects Linux kernel 2.6.x up to 2.6.18 with SELinux hooks enabled. It causes a local denial of service (crash) via a malformed file stream that triggers a NULL pointer dereference in superblock_doinit when using an HFS filesystem image. Connected advisories (e.g., RHSA/CESA) indica...
CVE-2007-2451
CVE-2007-2451 refers to a vulnerability in GEODE-AES (drivers/crypto/geode-aes.c) within the Linux kernel, fixed in kernel version 2.6.21.3. The issue is described as an unspecified vulnerability that could allow attackers to obtain sensitive information via unspecified vectors. The Linux kernel ...
CVE-2009-1184
CVE-2009-1184 affects the Linux kernel’s SELinux subsystem: the function security/selinux/hooks.c (selinux_ip_postroute_iptables_compat) omits avc_has_perm checks for the node and port when compat_net is enabled, allowing local users to bypass certain network-traffic restrictions. Impact is parti...
CVE-2011-0999
CVE-2011-0999 affects the Linux kernel (mm/huge_memory.c) up to 2.6.38-rc5. A local attacker could trigger creation of a transparent huge page (THP) during a temporary stack for an exec() call, enabling memory exhaustion and potential other impact. The issue is caused by not preventing THP creati...
CVE-2013-1772
CVE-2013-1772 affects the Linux kernel 3.x prior to 3.4.33. The vulnerability stems from the log_prefix function in kernel/printk.c, which fails to correctly remove a prefix from the syslog header, enabling a local attacker with /dev/kmsg write access to trigger call_console_drivers and cause a d...
CVE-2013-4513
Buffer overflow in the oz_cdev_write function of drivers/staging/ozwpan/ozcdev.c in the Linux kernel before 3.12 allows local users to cause a denial of service or possibly other impact via a crafted write. A fix is provided by Linux kernel 3.12+ (patches referenced in the linked advisory), so up...
CVE-2013-5634
CVE-2013-5634 affects the Linux kernel on ARM when KVM is used: arch/arm/kvm/arm.c allows a host OS user to trigger a denial of service (NULL pointer dereference, OOPS, host crash) by omitting vCPU initialization before a KVM_GET_REG_LIST ioctl. The issue is fixed by upgrading to a kernel version...
CVE-2016-6516
The CVE-2016-6516 issue is a race condition in the Linux kernel’s ioctl_file_dedupe_range implementation (fs/ioctl.c) present in kernels up to 4.7. It can allow local users to cause a denial of service via a heap-based buffer overflow, or potentially gain privileges by altering a count value (a d...
CVE-2017-5546
CVE-2017-5546 affects Linux kernel 4.8.x and 4.9.x prior to 4.9.5. The freelist-randomization feature in mm/slab.c can be triggered by selecting a large random number, leading to duplicate freelist entries and a potential denial of service (system crash) or other impact in opportunistic circumsta...
CVE-2017-8106
The CVE-2017-8106 issue affects the Linux kernel (arch/x86/kvm/vmx.c) in versions 3.12–3.15. The vulnerability arises from the handle_invept path, enabling privileged KVM guest OS users to trigger a NULL pointer dereference via a single-context INVEPT with a NULL EPT pointer, causing a denial of ...
CVE-2018-20509
CVE-2018-20509 affects the Linux kernel 4.14.90, specifically the function print_binder_ref_olocked in drivers/android/binder.c. Local users can read lines like “ref *desc *node” in a debugfs file to obtain sensitive address information. Exploitation details are not provided in the connected docu...
CVE-2021-47234
CVE-2021-47234 (Linux kernel) : The issue concerns the phy-mtk-tphy driver, specifically in the mtk_phy_init() error path, where resources could leak. The fix adds a call to clk_disable_unprepare() in the error handling to release resources and prevent leaks. The vulnerability description and con...
CVE-2021-47240
The CVE-2021-47240 issue affects the Linux kernel’s net: qrtr subsystem, specifically the qrtr_endpoint_post path. Syzbot reported a slab-out-of-bounds Read due to a faulty size handling: if size from qrtr_hdr is 0xfffffffd, ALIGN(size,4) becomes 0, and a read skb_put_data(skb, data + hdrlen, siz...
CVE-2021-47290
CVE-2021-47290 is a Linux kernel vulnerability in the SCSI target path where a NULL dereference could occur during XCOPY completion. The issue arises from CPU affinity changes that allow target_complete_cmd() to queue work on a CPU determined by se_tpg_wwn->cmd_compl_affinity. In the special c...
CVE-2021-47341
CVE-2021-47341 concerns the Linux kernel KVM mmio path, where a use-after-free flaw in kvm_vm_ioctl_unregister_coalesced_mmio could enable a flawed memory read (8 bytes) via a read access after the object is freed. The issue is in the ARM64 KVM coalesced_mmio code path and Trace shows a use-after...
CVE-2021-47363
The CVE-2021-47363 issue is a Linux kernel vulnerability in the nexthop path where a resilient nexthop group could cause a division by zero when a stub nh_res_table with zero buckets is assigned during replacement while traffic is flowing. Roots cause: the data path could still reference the old ...
CVE-2021-47508
CVE-2021-47508 affects the Linux kernel’s btrfs code path. The issue is a memory leak: when qgroup/data reservation fails in btrfs_check_data_free_space() or btrfs_delalloc_reserve_space(), the allocated extent_changeset is not freed. This occurs specifically in the direct IO write path (and rela...
CVE-2021-47531
Mode C CVE-2021-47531: Linux kernel MSM DRM mmap handling fixed. The issue occurred when switching to the new mmap path (drm/msm: Implement mmap as GEM object function) and skipping the default mmap code. This caused missing VM_FLAGS and page-prot setup, contributing to crashes on ARC++ Chromeboo...
CVE-2021-47569
CVE-2021-47569 : In the Linux kernel io_uring path, cancellation of tasks can fail for EXITING tasks when the callback runs in a fallback path. The issue is triggered during io_uring cancellation logic in fs/io_uring.c (recorded at io_try_cancel_userdata+0x3c5/0x640). The call chain shows timeout...
CVE-2021-47601
CVE-2021-47601 in the Linux kernel fixes a NULL dereference caused by an IS_ERR() vs NULL check in the tee: amdtee path; __get_free_pages() returns NULL, not an error pointer. Affects Linux kernel; fix implemented in kernel updates (Unity Linux UTSA-2025-988866 and SUSE advisories SUSE-SU-2024:29...
CVE-2021-47605
CVE-2021-47605: In the Linux kernel vduse component, memory writes can occur due to an out-of-bounds config.offset when handling vduse_dev_ioctl(); dev->config_size and config.offset are 32-bit, enabling memory corruption. The Nessus entry (UNPATCHED_CVE_2021_47605.NASL) confirms the issue and...
CVE-2021-47660
CVE-2021-47660 is addressed by a Linux kernel fix in the ntfs3 filesystem code. The patch resolves memory leaks in an error-handling path of log_replay(), ensuring that on all error paths the allocated resources are released via the existing out path instead of leaking through returns. The descri...
CVE-2022-2785
CVE-2022-2785 affects the Linux kernel BPF subsystem. The vulnerability arises because constants used to fill pointers in structs passed to bpf_sys_bpf are not verified, allowing an attacker with CAP_BPF to read memory anywhere on the system. Affected systems can face arbitrary memory reads, with...
CVE-2022-48649
CVE-2022-48649 is a Linux kernel vulnerability affecting the kmem_cache lifecycle in mm/slab_common. The issue stems from a race where, during kmem_cache_destroy, a scheduled work item (kmem_cache_release) could run with an incorrect RCU flag value, potentially causing a double kmem_cache_release...
CVE-2022-48797
CVE-2022-48797: Linux kernel vulnerability where NUMA balancing could affect COW page writability. Root cause: change_pte_range() tests page_mapcount(page) to enable NUMA faults, which is nonsensical; patch fixes to use page_count(). Oded Gabbay’s report linked a Gaudi accelerator workload; apply...
CVE-2022-48798
CVE-2022-48798 affects the Linux kernel (s390/cio): if a device has no attached driver or the driver lacks path_event, an FCES path-event could cause a kernel panic. The fix verifies the driver availability before the path_event call, preventing a nil-function path. The vulnerability is localized...
CVE-2022-48821
In CVE-2022-48821, the Linux kernel misc/fastrpc path fixes a use-after-free: if FASTRPC_IOCTL_ALLOC_DMA_BUFF copy-back to userland fails, the code previously called dma_buf_put() on a buffer no longer owned, risking a stale fd entry. The remediation avoids dma_buf_put() in that failure path and ...
CVE-2022-48831
CVE-2022-48831 : In the Linux kernel, the IMA path (asymmetric_verify) fixes a reference-leak vulnerability. The patch ensures that a reference to the key is not leaked if the key’s algorithm is unknown. The description currently notes only that this resolves the leak and does not provide additio...
CVE-2022-48848
CVE-2022-48848 affects the Linux kernel tracing/osnoise workflow. Concrete detail: the issue is caused by unregistering tracepoints twice when stopping tracing (osnoise_workload_stop) and switching tracer to nop, leading to a kernel warning about unregistering an unregistered tracepoint. The conn...
CVE-2022-48862
The CVE-2022-48862 vulnerability is in the Linux kernel vhost/vhost.c and related vhost/vsock.c handling of IOTLB entries. The root cause is a range-size overflow in vhost_iotlb_add_range_ctx(): when start = 0 and last = ULONG_MAX, an entry with size = 0 is created, and subsequent packet processi...
CVE-2022-48945
CVE-2022-48945 is associated with a Linux kernel vulnerability in the media/vivid driver where the compose height adjustment could cause a boundary overrun in V4L2_SEL_TGT_CROP handling. The root cause is a missing boundary check after adjust compose->height, which could lead to memory access ...
CVE-2022-49099
CVE-2022-49099 : Linux kernel vulnerability in hv_vmbus/vmbus driver stack. The issue arises during device object initialization in vmbus_device_register(), where dma_mask, dma_parms, and dma_mask must be set before device_register() is called. The fixed trace relates to netvsc/vmbus probe paths ...
CVE-2022-49169
CVE-2022-49169 concerns the Linux kernel’s f2fs module and a race/lock issue that could cause a hang. The connected advisories document that the fix is to replace a mutex-based path with a spin_lock, specifically to avoid hang scenarios in f2fs when handling certain task reads and statistics oper...
CVE-2022-49210
The CVE-2022-49210 issue is a Linux-kernel memory-leak in the MIPS pgalloc path. The generic pgd_free() freed only one pgd page, but on 64‑bit systems with PAGE_SIZE_4KB and without MIPS_VA_BITS_48 the PGD_TABLE spans two pages; this mismatch leaks memory. MemFree behavior can reveal the leak. Ro...
CVE-2022-49528
CVE-2022-49528 pertains to the Linux kernel: the dw9714 I2C regulator driver regression during probe could leave the regulator enabled, triggering a warning path in regulator core and a failed probe. The vulnerability arises from not disabling the regulator in error handling, which can lead to a ...
CVE-2022-49624
Summary (CVE-2022-49624) The Linux kernel Atlantic/AQ NIC driver had a bug where aq_nic_deinit() could be invoked again during resume after suspend, causing a hang on resume from S3. The fix removes aq_nic_deinit() during resume so it is not called again. This vulnerability affects the Atlantic n...
CVE-2022-49786
The CVE-2022-49786 issue affects the Linux kernel’s blk-cgroup subsystem. Root cause: blkcg_css_online incorrectly pinned the parent after a 397c9f46 refactor, pinning the css instead of the parent blkcg, which leads to extra pins and leakage of blkcgs and cgroups. Impact stated: leakage of blkcg...
CVE-2022-49796
The CVE-2022-49796 issue affects the Linux kernel tracing/kprobe path. It concerns a potential NULL pointer dereference in trace_array if test_gen_kprobe_cmd() fails after kprobe_event_gen_cmd_end(), where gen_kretprobe_test could reference an invalid trace_array after kprobe_event_delete(). The ...
CVE-2022-49886
CVE-2022-49886 affects the Linux kernel (x86/tdx) where bad configurations can cause a panic if a #VE is delivered on private memory access. The fix/policy requires ATTR_SEPT_VE_DISABLE to be set during early boot; if it is unset, the kernel panics. There is no public exploit detail provided in t...
CVE-2022-50019
CVE-2022-50019 concerns the Linux kernel tty: serial path, specifically the ucc_uart.c refcount leak. In soc_info(), of_find_node_by_type() may return a node pointer with an incremented refcount that is not released, leading to a resource leak. The documented fix is to call of_node_put() when the...
CVE-2022-50030
CVE-2022-50030 is a vulnerability in the Linux kernel’s lpfc driver affecting debugfs input handling. According to the provided documents, malformed user input to debugfs can cause buffer overflow crashes due to input strings not fitting internal buffers (space for NULL terminators added). The CV...
CVE-2022-50098
CVE-2022-50098: Linux kernel SCSI qla2xxx crash due to stale SRB access during I/O timeouts; fix ensures SRB is returned during timeout escalation or fails escalation path if not possible. Connected advisories list the CVE but provide no technical details or patch specifics.
CVE-2022-50158
CVE-2022-50158 relates to the Linux kernel vulnerability in mtd: partitions where of_get_child_by_name() returns a node pointer with an incremented refcount and is not put back, leading to a refcount leak. The issue is fixed by adding a missing of_node_put() when the pointer is no longer needed. ...