14330 matches found
CVE-2009-1388
CVE-2009-1388 affects the Linux kernel 2.6.18, where the ptrace_start function does not properly handle simultaneous execution with do_coredump, enabling local users to trigger a deadlock (DoS) via ptrace and a coredumping thread. The connected MiracleLinux doc explicitly lists CVE-2009-1388 amon...
CVE-2009-1897
The CVE affects the Linux kernel tun/tun_chr_poll path: the tun_chr_poll function in drivers/net/tun.c for Linux kernel versions 2.6.30 and 2.6.30.1. The underlying issue is that, when the -fno-delete-null-pointer-checks option is omitted, a NULL pointer dereference can be triggered via a NULL de...
CVE-2010-2525
CVE-2010-2525 involves a flaw in the gfs2 file system’s handling of ACLs. An unprivileged local attacker could exploit this to gain access to, or execute any file stored in, the gfs2 filesystem. The description and multiple connected advisories (Red Hat, SUSE, Ubuntu/NVD references) corroborate t...
CVE-2010-2538
CVE-2010-2538: Integer overflow in btrfs_ioctl_clone (fs/btrfs/ioctl.c) of the Linux kernel before 2.6.35 may allow local users to obtain sensitive information via BTRFS_IOC_CLONE_RANGE. Public references confirm impact on local privilege/user data exposure with no remote vector. Affected compone...
CVE-2011-4080
CVE-2011-4080 affects the Linux kernel: sysrq_sysctl_handler in kernel/sysctl.c did not require CAP_SYS_ADMIN to modify dmesg_restrict, enabling local users (e.g., in LXC) to bypass restrictions and read the kernel ring buffer with root privileges. Public sources (Red Hat, SUSE, NVD) cite impact ...
CVE-2013-1772
CVE-2013-1772 affects the Linux kernel 3.x prior to 3.4.33. The vulnerability stems from the log_prefix function in kernel/printk.c, which fails to correctly remove a prefix from the syslog header, enabling a local attacker with /dev/kmsg write access to trigger call_console_drivers and cause a d...
CVE-2013-5634
CVE-2013-5634 affects the Linux kernel on ARM when KVM is used: arch/arm/kvm/arm.c allows a host OS user to trigger a denial of service (NULL pointer dereference, OOPS, host crash) by omitting vCPU initialization before a KVM_GET_REG_LIST ioctl. The issue is fixed by upgrading to a kernel version...
CVE-2015-4178
Technical details about CVE-2015-4178 are not publicly provided in the connected documents. The materials reference the vulnerability generally; monitor for updates from official advisories.
CVE-2016-2068
The CVE-2016-2068 issue affects the MSM QDSP6 (sound) driver in the Linux kernel 3.x, used in Qualcomm QuIC Android contributions. The vulnerability arises in the driver when handling AUDIO_EFFECTS_WRITE (or AUDIO_EFFECTS_READ) operations, due to integer overflow and potential buffer overflow or ...
CVE-2017-5550
CVE-2017-5550 describes an off-by-one/error in the Linux kernel pipe_advance function (lib/iov_iter.c) that could allow local attackers to read from uninitialized kernel heap memory via a pipe, before the fixed 4.9.5 release. Connected advisories (EulerOS, Unity Linux) reference kernel versions b...
CVE-2018-10074
CVE-2018-10074 affects the Linux kernel hi3660: hi3660_stub_clk_probe in drivers/clk/hisilicon/clk-hi3660-stub.c (kernel
CVE-2018-11232
The vulnerability CVE-2018-11232 affects the Linux kernel, specifically the etm_setup_aux function in drivers/hwtracing/coresight/coresight-etm-perf.c, and exists in versions prior to 4.10.2. The root cause is that a parameter is incorrectly used as a local variable, which can lead to a denial of...
CVE-2019-18807
Two memory leaks in the Linux kernel sja1105_static_config_upload() (drivers/net/dsa/sja1105/sja1105_spi.c) before 5.3.5 can cause memory‑based DoS. The leaks arise when static_config_buf_prepare_for_upload() or sja1105_inhibit_tx() fail (CID‑68501df92d11). Affected product is the Linux kernel; v...
CVE-2021-47141
CVE-2021-47141 affects the Linux kernel gve path and is caused by missing NULL checks when freeing IRQ vectors. Specifically, when freeing notification blocks, code indexes priv->msix_vectors, and a failure to allocate priv->msix_vectors (abort_with_msix_vectors) can lead to a NULL pointer ...
CVE-2021-47224
The CVE-2021-47224 entry concerns the Linux kernel ll_temac driver: a use-after-free in DMA occurs when freeing an skb that is still fragmented, because the skb pointer was piggy-backed on the first TX descriptor instead of the TX BD of the skb. The fix, as documented, ensures the skb is freed on...
CVE-2021-47240
The CVE-2021-47240 issue affects the Linux kernel’s net: qrtr subsystem, specifically the qrtr_endpoint_post path. Syzbot reported a slab-out-of-bounds Read due to a faulty size handling: if size from qrtr_hdr is 0xfffffffd, ALIGN(size,4) becomes 0, and a read skb_put_data(skb, data + hdrlen, siz...
CVE-2021-47332
CVE-2021-47332 affects the Linux kernel’s ALSA usx2y component. The issue arises from calling free_pages_exact() with a NULL address, which could lead to a kernel Oops if not guarded. The description confirms a NULL check was added to prevent this invalid free path, addressing the vulnerability. ...
CVE-2021-47507
CVE-2021-47507 concerns the Linux kernel nfsd startup race. The issue stems from the nsfd startup order: an RPC pipefs event race against nfsd_net_id registration, which was re-opened by commit bd5ae9288d64 and fixed by commit bb7ffbf29e76. The patch sequence restores the order между register_per...
CVE-2021-47554
CVE-2021-47554 affects the Linux kernel vdpa_sim code. Root cause: in error paths of vdpasim_create(), an uninitialized iova_domain could be freed, causing a NULL pointer dereference when put_iova_domain is executed, potentially crashing the system. The fix requires iova_domain to be initialized ...
CVE-2021-47611
CVE-2021-47611 affects the Linux kernel (mac80211) where parsing of extended elements could proceed without verifying that the extended element ID is present. The fix Verifies the extended element ID before parsing to prevent malformed element handling. The documented impact is LOCAL, with attack...
CVE-2021-47660
CVE-2021-47660 is addressed by a Linux kernel fix in the ntfs3 filesystem code. The patch resolves memory leaks in an error-handling path of log_replay(), ensuring that on all error paths the allocated resources are released via the existing out path instead of leaking through returns. The descri...
CVE-2021-47669
In the provided materials, CVE-2021-47669 is tied to the Linux kernel, specifically a use-after-free condition in the vxcan_xmit path of can: vxcan. After calling netif_rx_ni(skb), the code may dereference skb, and the canfd_frame cfd that aliases skb memory can be accessed post-netif_rx_ni, lead...
CVE-2022-48730
CVE-2022-48730 affects the Linux kernel: dma-buf heaps vulnerability where a user-supplied index could be treated as a potential Spectre v1 gadget, risking leakage of kernel memory to userspace through speculative execution. The fixed issue is described as preventing leakage by using array_index_...
CVE-2022-48776
CVE-2022-48776 is a Linux kernel memory-leak fix in the MTD parsers for Qualcomm SMEM: the cleanup function did not free pparts, causing a leak. The vulnerability affects mtd/parsers/qcomsmempart.c (pparts) and is resolved by adding a missing free in the cleanup path. Affected context and patches...
CVE-2022-48797
CVE-2022-48797: Linux kernel vulnerability where NUMA balancing could affect COW page writability. Root cause: change_pte_range() tests page_mapcount(page) to enable NUMA faults, which is nonsensical; patch fixes to use page_count(). Oded Gabbay’s report linked a Gaudi accelerator workload; apply...
CVE-2022-48798
CVE-2022-48798 affects the Linux kernel (s390/cio): if a device has no attached driver or the driver lacks path_event, an FCES path-event could cause a kernel panic. The fix verifies the driver availability before the path_event call, preventing a nil-function path. The vulnerability is localized...
CVE-2022-48807
CVE-2022-48807 concerns the Linux kernel ice driver and the LAG NETDEV_UNREGISTER notifier path. The issue arises because the same notifier handler was invoked for both NETDEV_BONDING_INFO LAG unlink and NETDEV_UNREGISTER events, passing a netdev_notifier_info structure that differs between event...
CVE-2022-48813
CVE-2022-48813 concerns the Linux kernel’s DSA Felix support. The advisory notes that using devres for the MDIO bus caused mdiobus_free() to panic when freed via devm_mdiobus_free(), unless the bus was unregistered first. For the Felix VSC9959 switch (PCI device), the recommended remediation is t...
CVE-2022-48837
The CVE-2022-48837 vulnerability affects the Linux kernel USB gadget RNDIS code: rndis_set_response() may overflow ifBufOffset is very large, because BufOffset + 8 can wrap. The documented impact is a potential overflow with high severity (CVE-2019-like pattern) and is described as impacting conf...
CVE-2022-49127
CVE-2022-49127 is a Linux kernel vulnerability fix where the ref_tracker use-after-free detection was added. The patch marks the ref_tracker_dir as dead during ref_tracker_dir_init() and checks this dead status from ref_tracker_alloc() and ref_tracker_free(), aiming to detect buggy dev_put()/dev_...
CVE-2022-49167
The CVE-2022-49167 entry concerns a Linux kernel issue in btrfs where the compression path could cause a bio to be completed twice on error. The connected documents describe the root cause as the path that handles compressed reads potentially ending the bio both in the compression path and again ...
CVE-2022-49406
The CVE-2022-49406 entry is active in Linux kernel and concerns a deadlock in blk_ia_range_sysfs_show() caused by unnecessary use of the queue sysfs lock during reads. The fix, as described in the sources, is to remove the mutex_lock()/mutex_unlock() calls from blk_ia_range_sysfs_show(), since th...
CVE-2022-49624
Summary (CVE-2022-49624) The Linux kernel Atlantic/AQ NIC driver had a bug where aq_nic_deinit() could be invoked again during resume after suspend, causing a hang on resume from S3. The fix removes aq_nic_deinit() during resume so it is not called again. This vulnerability affects the Atlantic n...
CVE-2022-49756
CVE-2022-49756 is about a Linux kernel issue in the USB sunplus PHY path. A null pointer dereference could occur in sp_usb_phy_probe() because platform_get_resource_byname() may fail and yield NULL, and devm_ioremap() could then use usbphy->moon4_res_mem->start as input. The fixes described...
CVE-2022-49767
CVE-2022-49767 affects the Linux kernel 9p/trans_fd path. The issue arises because p9_mux_poll_stop() could fail to interrupt blocking kernel_read()/kernel_write() on pipes due to fd_open() not setting O_NONBLOCK, whereas socket paths already use O_NONBLOCK. A minimal patch makes O_NONBLOCK alway...
CVE-2022-49830
CVE-2022-49830 affects the Linux kernel’s DRM subsystem. The issue occurs in drm_dev_init(), which adds drm_dev_init_release() as a callback; if drmm_add_action() fails, the release callback isn’t registered, causing the refcnt from device_get() in drm_dev_init() to leak instead of being released...
CVE-2022-49833
The CVE-2022-49833 issue affects the Linux kernel's btrfs zoned handling: when cloning a btrfs_device, the associated btrfs_zoned_device_info is not cloned for zoned filesystems, which can lead to a NULL pointer dereference when accessing the device’s zone_info (e.g., when activating a zone). The...
CVE-2022-49836
The CVE-2022-49836 issue in the Linux kernel concerns a memory leak in siox_device_add() if device_register() fails. The fix ensures proper reference handling: after an error, the name allocated by dev_set_name() is freed by freeing the reference with put_device(), allowing kobject_cleanup() to f...
CVE-2022-49869
CVE-2022-49869 (bnxt_en): In the Linux kernel bnxt_hwrm_set_coal() may crash during error recovery because rtnl_lock isn’t held for the entire sequence, allowing freed datastructures. The fix uses BNXT_STATE_OPEN rather than netif_running() to ensure the device is fully operational before reconfi...
CVE-2022-49886
CVE-2022-49886 affects the Linux kernel (x86/tdx) where bad configurations can cause a panic if a #VE is delivered on private memory access. The fix/policy requires ATTR_SEPT_VE_DISABLE to be set during early boot; if it is unset, the kernel panics. There is no public exploit detail provided in t...
CVE-2022-49944
CVE-2022-49944 concerns the Linux kernel where a regression from the commit 87d0e2f41b8c in usb: typec: ucsi: add a common function ucsi_unregister_connectors() left a stale sysfs entry with NULL ops, causing a NULL dereference while reading the power supply sysfs and leaving the power device unr...
CVE-2022-49954
The CVE-2022-49954 issue concerns the Linux kernel and a race where, after clearing IFORCE_XMIT_RUNNING, wake_up was not invoked, causing a hung task in input handling (hang at __input_unregister_device() during iforce_close and input_disconnect_device()). The root cause per the provided descript...
CVE-2022-49980
CVE-2022-49980 affects the Linux kernel USB gadget subsystem (udc). A race between uevent callbacks and gadget driver unregistration can cause a use-after-free in usb_udc_uevent(), when it dereferences udc->driver without holding the udc_lock mutex. If the gadget driver is unbound concurrently...
CVE-2022-50097
CVE-2022-50097 affects the Linux kernel’s video fbdev s3fb driver. The bug arises in s3fb_set_par() where the code computes screen_size from user input and can exceed info->screen_size, leading to a kernel PAGE_FAULT on write (local access) during memset_io. The issue is mitigated by the docum...
CVE-2022-50101
CVE-2022-50101 affects the Linux kernel’s fbdev vt8623fb code. The flaw arises in vt8623fb_set_par(), where a user-supplied value is used to compute screen_size. If screen_size exceeds info->screen_size, a memory write via memset_io() can trigger a supervisor-page fault (kernel crash). The rep...
CVE-2022-50110
The CVE-2022-50110 issue affects the Linux kernel watchdog sp5100_tco path, where a memory leak of EFCH MMIO resource occurred because release_resource() was not freeing the resource as release_mem_region() does; the leak is fixed by explicitly freeing the resource. The vulnerability details and ...
CVE-2022-50165
CVE-2022-50165 affects the Linux kernel wifi/wil6210 debugfs, where a logic error in wil_write_file_wmi() stems from a commit that changed simple_write_to_buffer() to memdup_user() but did not adjust the return value, leaving rc uninitialized and returning rc. The fix is to return the length when...
CVE-2022-50166
CVE-2022-50166 affects the Linux kernel Bluetooth HCI subsystem. When the HCI work queue is drained, a delayed command could still be queued to the drained workqueue, triggering a timeout in hci_cmd_timeout and a kernel warning. The root cause is the draining of the command/event/data processing ...
CVE-2022-50169
CVE-2022-50169 references a vulnerability in the Linux kernel’s wifi/wil6210 debugfs handling (wil_write_file_wmi). The root cause is that simple_write_to_buffer() succeeds if any single byte is initialized, which can leak information because the entire buffer may not be initialized. The fix init...
CVE-2023-52526
The CVE-2023-52526 issue affects the Linux kernel’s erofs memory handling during global compressed deduplication. The vulnerability is a memory leak related to LZMA global deduplication under stress (enabled with -Ededupe) that could cause transient pages not to be released, potentially leading t...