14330 matches found
CVE-2023-52807
CVE-2023-52807 affects the Linux kernel net/hns3 driver. The vulnerability arises from an array of strings used to display coalesce info, which may allow out-of-bounds reads when the kernel adds a new mode or state and coalesce info is read via debugfs. A patch fixes the bound-checking/array sizi...
CVE-2023-53080
CVE-2023-53080 affects the Linux kernel component handling AF_XDP/XSK: specifically the xdp_umem_reg path. The vulnerability arises because the number of chunks can overflow a 32-bit unsigned integer, potentially enabling overflow. The provided connected documents confirm the fix: the kernel now ...
CVE-2024-26729
In CVE-2024-26729, the Linux kernel’s DRM AMD display code (dc_dmub_srv) had potential null pointer dereferences in dc_dmub_srv_cmd_list_queue_execute() and dc_dmub_srv_is_hw_pwr_up(). The root cause was dereferencing the dc_dmub_srv pointer before a null check, which could crash or corrupt memor...
CVE-2024-26762
In CVE-2024-26762, the Linux kernel patch fixes a CXL error-handling path where the CXL.mem device detach flow could lead to a crash during AER handling. Specifically, the code previously reaped RAS status registers after unbinding the memdev, which could crash on a subsequent AER notification wh...
CVE-2024-34030
CVE-2024-34030 is a Linux kernel local vulnerability affecting PCI property handling. The issue occurs in pci/of_property code where int_map allocation can fail, potentially leading to a NULL pointer dereference. The fix returns -ENOMEM from of_pci_prop_intr_map() on allocation failure to prevent...
CVE-2024-35792
CVE-2024-35792 refers to a Linux kernel issue in the crypto/rk3288 path where a use-after-free could occur due to an incorrect call order. The description in the connected documents states: the unprepare call must be carried out before the finalize call, as the finalize can free the request. The ...
CVE-2024-38306
Summary (CVE-2024-38306) A race in the Linux kernel’s Btrfs path: during allocation/attachment of an extent buffer, the code previously used page-private ownership under a lock, but a refactor (alloc_extent_buffer) enabled an allocate-then-attach sequence that may allow a competing release to und...
CVE-2024-42113
CVE-2024-42113 affects the Linux kernel: net: txgbe: initialize num_q_vectors for MSI/INTx interrupts. When MSI/INTx are used, wx->num_q_vectors remains uninitialized, causing a kernel panic in wx_alloc_q_vectors() when allocating queue vectors. The description confirms the issue is resolved i...
CVE-2024-49570
The CVE is in the Linux kernel DRM- XE tracing code. A potential use-after-free (UAF) arises from TP_printk dereferencing xe_mem_type_to_name[] during tracing of xe_bo_move in the xe trace event, exposing a TP_printk-time UAF. The fix avoids dereferencing xe_mem_type_to_name[] at TP_printk time b...
CVE-2025-21778
CVE-2025-21778 : In the Linux kernel, a fault occurs when mmap() is used on a trace ring buffer attached to reserve_mem. The mapping relied on virt_to_page() which does not work with vmap’d memory, causing a kernel oops during access. The fix disables mmap() for such persistent ring buffers (rese...
CVE-2025-21800
CVE-2025-21800 : Linux kernel fix for net/mlx5: HWS, where definer’s HWS_SET32 macro used a negative bit offset, triggering UBSAN shift-out-of-bounds in drivers/net/ethernet/mellanox/mlx5/core/steering/hws/definer.c (offset -8). This is a local issue with high impact to confidentiality/integrity/...
CVE-2025-37896
CVE-2025-37896 addresses a divide-by-zero in spi-mem duration calculation (spi_mem_calc_op_duration) when dummy bytes are zero in certain SPI flash operations (e.g., Winbond SPINAND write_cache/update_cache). The fix skips the ncylcles calculation when dummy bytes are zero, preventing the divide ...
CVE-2025-38045
CVE-2025-38045 is a Linux kernel vulnerability affecting the wifi driver (iwlwifi). The issue arises from an incorrect order of debug actions; the fix adds a dump split and executes the FW reset in the middle of the dump rather than causing the FW to kill itself on error. This change means that s...
CVE-2025-38051
CVE-2025-38051 affects the Linux kernel CIFS client: a race in the readdir/concurrency path allows a use-after-free in cifs_fill_dirent when the rsp buffer is freed, leading to a reported KASAN-use-after-free. The vulnerability is tracked with a CVSSv3.1 vector of CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U...
CVE-2025-38071
CVE-2025-38071 affects the Linux kernel (x86/mm). Root cause: memblock_phys_alloc_range() may return 0 on failure when CONFIG_PHYSICAL_START=0x100000, causing memblock_phys_free() to mis-handle the first 4 MiB of memory and crash. The vulnerability is resolved in the kernel by checking the return...
CVE-2025-38097
CVE-2025-38097 affects the Linux kernel’s espintcp encap socket caching. The current caching scheme creates a reference leak on the encap socket chain: xfrm_state -> encap_sk -> netns. If the espintcp state is deleted before removing the netns, the netns can be leaked; otherwise the netns i...
CVE-2025-38099
CVE-2025-38099 : In the Linux kernel, a SCO Bluetooth connection could lock up the controller if voice settings are not properly read or supported. SUSE/OpenSUSE advisories (e.g., openSUSE-SU-2025-20081-1) list CVE-2025-38099 among fixed kernel vulnerabilities with MEDIUM/LOW to HIGH impact range...
CVE-2025-38183
CVE-2025-38183 relates to a Linux kernel lan743x driver issue where lan743x_ptp_io_event_clock_get() could write past ptp->extts[] because LAN743X_PTP_N_EXTTS was 4 while channel could be up to 7. The root cause is an out-of-bounds write in extts[channel] when updating local timestamps. The fi...
CVE-2025-38244
The CVE-2025-38244 entry concerns a deadlock in the Linux kernel CIFS/SMB client when reconnecting channels. The issue stems from improper lock ordering in cifs_signal_cifsd_for_reconnect(), introducing a circular dependency between three locks: tcp_ses->srv_lock, ret_buf->ses_lock, and ret...
CVE-2025-38246
The CVE-2025-38246 issue is in the bnxt driver of the Linux kernel, where XDP_REDIRECT testing could trigger list corruption (next->prev vs prev) in the XDP redirect path, resulting in a kernel crash. The connected Astra/OpenSUSE/SUSE/NASL entries confirm the Linux kernel bnxt fix to properly ...
CVE-2025-38272
CVE-2025-38272 : In the Linux kernel, the bcm63xx DSA switch could attempt to enable EEE on external PHYs connected to multiple RGMII ports, causing a system hang when accessing non-existent EEE registers. The fix is to gate EEE configuration by actually checking switch support before enabling it...
CVE-2025-38277
CVE-2025-38277 affects the Linux kernel mtd: nand: ecc-mxic code. The bug occurs when ctx->steps is zero: the loop over ECC steps is skipped and ret is left uninitialized, later checked/returned, causing undefined behavior and potential user-space disruption or kernel crashes. The fix initiali...
CVE-2025-38282
CVE-2025-38282 affects the Linux kernel kernfs draining guard. The issue stems from a too-sensitive WARN in kernfs_should_drain_open_files() due to the active reference break/unbreak lifecycle, which can transiently misclassify legitimate callers as a condition requiring drain. Upstream fixes ind...
CVE-2025-38299
CVE-2025-38299 affects the Linux kernel ASoC Mediatek mt8195 driver. Root cause: ETDM1/2 IN/OUT were set to COMP_DUMMY/COMP_EMPTY when codec dai_name is null, leading to a NULL pointer dereference and kernel crash during probe. The fix initializes or guards these links to safe dummy/empty compone...
CVE-2025-38310
CVE-2025-38310 refers to a Linux kernel vulnerability in seg6 where validation of nexthop addresses could read uninitialized memory if the provided length exceeded the actual data; the fix enforces that the provided length exactly matches the specified length. The connected advisories confirm the...
CVE-2025-38319
CVE-2025-38319 affects the Linux kernel’s DRM/AMD/PP path. The vulnerability arises because atomctrl_initialize_mc_reg_table() and atomctrl_initialize_mc_reg_table_v2_2() do not validate the return value of smu_atom_get_data_table(); if that call fails to obtain vram_info and returns NULL, a NULL...
CVE-2025-38389
CVE-2025-38389 affects the Linux kernel i915 DRM stack (drm/i915/gt). The vulnerability arises when ring submission allocation fails during VMA allocation, leaving the engine’s legacy timeline referenced and not released on driver unbind, potentially causing a left-held timeline and related insta...
CVE-2025-38451
CVE-2025-38451 affects the Linux kernel’s md/md-bitmap code. The issue caused a GPF in bitmap_get_stats() when handling external or internal bitmaps due to missing super-block validation. The fix adds a super-block existence check for both internal and external cases, preventing the non-canonical...
CVE-2025-38475
CVE-2025-38475 : Linux kernel SMC sockets suffered from inet_sock type confusion causing oops/double-free behavior when freeing inet_opt due to smc_sock hijacking AF_INET/AF_INET6 fields. Root cause: smc_sock did not place inet_sock as the first member, allowing misinterpretation of function poin...
CVE-2025-38493
CVE-2025-38493 concerns the Linux kernel vulnerability in tracing/osnoise, specifically timerlat_dump_stack(). The root cause is a faulty memcpy that uses a size field containing garbage from the ring buffer, which can trigger a buffer overflow and kernel panic when stack data is dumped. The vuln...
CVE-2026-23243
CVE-2026-23243 is a Linux kernel vulnerability involving RDMA/umad_write, where user-controlled MAD header size mismatch could yield a negative data_len, leading to an out-of-bounds memset in alloc_send_rmpp_list. The issue has a concrete upstream fix that rejects negative data_len before creatin...
CVE-2026-31607
CVE-2026-31607 (Linux kernel USB/IP) : A RET_SUBMIT response can cause an out-of-bounds write when usbip_pack_ret_submit() overwrites urb->number_of_packets without validation. The loop bound in usbip_recv_iso()/usbip_pad_iso() then writes beyond urb->iso_frame_desc[], triggering a heap OOB...
CVE-1999-0720
The set of connected records confirms a Linux-specific vulnerability in the pt_chown utility: local attackers can modify TTY terminal devices that belong to other users, indicating a local privilege/permission misuse at the device level. The description across sources is consistent (pt_chown affe...
CVE-2002-1380
CVE-2002-1380 affects Linux kernel 2.2.x where a local user can cause a denial of service (crash) by invoking mmap() with PROT_READ to access non-readable memory pages via /proc/pid/mem. The underlying issue is a memory access vulnerability in the kernel that enables local DoS. Multiple connected...
CVE-2004-1058
CVE-2004-1058 is a race-condition vulnerability in the Linux kernel that can allow a local user to read environment variables of another process that is still spawning via /proc/.../cmdline. The initial description specifies Linux kernel 2.6 as affected. Connected advisories confirm this CVE is r...
CVE-2005-0529
CVE-2005-0529 concerns Linux kernel versions 2.6.10 and 2.6.11rc1-bk6, where proc_file_read and locks_read_proc use mismatched size types for offsets, causing a heap-based buffer overflow when a signed comparison yields negative values used in a positive context. Several connected advisories conf...
CVE-2005-0867
CVE-2005-0867 involves an integer overflow in the Linux kernel 2.6 sysfs_write_file() function. The Ubuntu USN-110-1 and Red Hat RHSA-2005:366 describe a local user could exploit this to crash the kernel or possibly execute code with root privileges by writing to a user-writable sysfs file under ...
CVE-2005-2553
CVE-2005-2553 affects Linux kernel 2.4.x before 2.4.29, where a NULL pointer dereference in ptrace32.c's find_target can crash the kernel when tracing a 64-bit executable with 32-bit ltrace. The vulnerability is local and may lead to a kernel oops/crash. Public advisories in connected docs (e.g.,...
CVE-2005-2800
CVE-2005-2800 is a memory leak in the Linux kernel's SCSI procfs sg(devices) interface (for Linux 2.6.13 and earlier). Exploitation arises from repeated reads of /proc/scsi/sg/devices, leading to memory consumption and potential Denial of Service. Publicly documented references describe the issue...
CVE-2005-3109
The CVE-2005-3109 entry affects the Linux 2.6 kernel HFS and HFS+ (hfsplus) modules. The issue allows a local attacker to cause a kernel oops/denial of service by mounting a filesystem that is not HFS/HFS+. Public disclosures in Debian (DSA-922-1) and Red Hat/CentOS advisories confirm this vulner...
CVE-2006-2934
CVE-2006-2934 is a kernel-level DoS in SCTP conntrack (netfilter) for Linux kernels 2.6.17 before 2.6.17.3 and 2.6.16 before 2.6.16.23, where a crafted packet without chunks can trigger a value bug leading to a NULL dereference and crash. The connected advisories reference upstream kernel patches...
CVE-2006-6056
CVE-2006-6056 affects Linux kernel 2.6.x up to 2.6.18 with SELinux hooks enabled. It causes a local denial of service (crash) via a malformed file stream that triggers a NULL pointer dereference in superblock_doinit when using an HFS filesystem image. Connected advisories (e.g., RHSA/CESA) indica...
CVE-2007-1000
The CVE-2007-1000 issue affects the Linux kernel up to version 2.6.20.2, where the ipv6_getsockopt_sticky function in net/ipv6/ipv6_sockglue.c can trigger a NULL dereference through certain getsockopt calls, allowing local users to read arbitrary kernel memory. The vulnerability stems from a NULL...
CVE-2007-1353
CVE-2007-1353 affects the Linux kernel’s Bluetooth stack (L2CAP and HCI) and can allow a context-dependent attacker to read kernel memory via the copy_from_user call accessing an uninitialized stack buffer in the setsockopt pathway. The vulnerability is present in kernel versions prior to 2.4.34....
CVE-2010-4256
CVE-2010-4256 affects the Linux kernel: the pipe_fcntl code in fs/pipe.c before 2.6.37 may misidentify named pipes, enabling a local user to cause a denial of service via an F_SETPIPE_SZ fcntl call. The issue is tracked across multiple advisories (e.g., Ubuntu USN-1083-1, RH advisories) and was f...
CVE-2011-2928
CVE-2011-2928 affects the Linux kernel prior to 3.1-rc3, specifically the befs_follow_link function in fs/befs/linuxvfs.c. The flaw does not validate the length attribute of long symlinks on a malformed Be filesystem, enabling a local attacker to trigger an incorrect pointer dereference and OOPS,...
CVE-2013-0290
The vulnerability CVE-2013-0290 affects the Linux kernel up to version 3.7.x (fixed in 3.8) and is due to how __skb_recv_datagram() in net/core/datagram.c handles MSG_PEEK when data length is zero. A local unprivileged user can trigger an infinite loop, causing a denial of service (system hang). ...
CVE-2013-2548
The CVE-2013-2548 entry concerns the Linux kernel crypto user configuration API (the report API). Specifically, in crypto_report_one (crypto/crypto_user.c), an incorrect length value during a copy operation in the report path allows a local user with CAP_NET_ADMIN to leak kernel memory. The descr...
CVE-2013-3226
CVE-2013-3226 affects the Linux kernel Bluetooth SCO stack: sco_sock_recvmsg() in net/bluetooth/sco.c does not initialize a length variable, allowing local attackers to read kernel stack memory via crafted recvmsg/recvfrom calls. Affected releases are kernels prior to 3.9-rc7; the issue is addres...
CVE-2013-3227
CVE-2013-3227 affects the Linux kernel. The vulnerability is in the caif_seqpkt_recvmsg function (net/caif/caif_socket.c) where a length variable is not initialized. This can allow a local user to obtain sensitive information from kernel stack memory through a crafted recvmsg or recvfrom system c...