Lucene search
K
LinuxLinux Kernel

14330 matches found

CVE
CVE
added 2024/05/21 3:31 p.m.77 views

CVE-2023-52807

CVE-2023-52807 affects the Linux kernel net/hns3 driver. The vulnerability arises from an array of strings used to display coalesce info, which may allow out-of-bounds reads when the kernel adds a new mode or state and coalesce info is read via debugfs. A patch fixes the bound-checking/array sizi...

7.8CVSS6.5AI score0.00248EPSS
CVE
CVE
added 2025/05/02 3:55 p.m.77 views

CVE-2023-53080

CVE-2023-53080 affects the Linux kernel component handling AF_XDP/XSK: specifically the xdp_umem_reg path. The vulnerability arises because the number of chunks can overflow a 32-bit unsigned integer, potentially enabling overflow. The provided connected documents confirm the fix: the kernel now ...

5.5CVSS6.7AI score0.00183EPSS
CVE
CVE
added 2024/04/03 5:0 p.m.77 views

CVE-2024-26729

In CVE-2024-26729, the Linux kernel’s DRM AMD display code (dc_dmub_srv) had potential null pointer dereferences in dc_dmub_srv_cmd_list_queue_execute() and dc_dmub_srv_is_hw_pwr_up(). The root cause was dereferencing the dc_dmub_srv pointer before a null check, which could crash or corrupt memor...

5.5CVSS6.6AI score0.00205EPSS
CVE
CVE
added 2024/04/03 5:0 p.m.77 views

CVE-2024-26762

In CVE-2024-26762, the Linux kernel patch fixes a CXL error-handling path where the CXL.mem device detach flow could lead to a crash during AER handling. Specifically, the code previously reaped RAS status registers after unbinding the memdev, which could crash on a subsequent AER notification wh...

5.5CVSS6.5AI score0.00205EPSS
CVE
CVE
added 2024/06/24 1:56 p.m.77 views

CVE-2024-34030

CVE-2024-34030 is a Linux kernel local vulnerability affecting PCI property handling. The issue occurs in pci/of_property code where int_map allocation can fail, potentially leading to a NULL pointer dereference. The fix returns -ENOMEM from of_pci_prop_intr_map() on allocation failure to prevent...

4.7CVSS6.5AI score0.00212EPSS
CVE
CVE
added 2024/05/17 12:24 p.m.77 views

CVE-2024-35792

CVE-2024-35792 refers to a Linux kernel issue in the crypto/rk3288 path where a use-after-free could occur due to an incorrect call order. The description in the connected documents states: the unprepare call must be carried out before the finalize call, as the finalize can free the request. The ...

7.8CVSS6.9AI score0.00224EPSS
CVE
CVE
added 2024/06/25 2:22 p.m.77 views

CVE-2024-38306

Summary (CVE-2024-38306) A race in the Linux kernel’s Btrfs path: during allocation/attachment of an extent buffer, the code previously used page-private ownership under a lock, but a refactor (alloc_extent_buffer) enabled an allocate-then-attach sequence that may allow a competing release to und...

4.7CVSS7.2AI score0.00138EPSS
CVE
CVE
added 2024/07/30 7:46 a.m.77 views

CVE-2024-42113

CVE-2024-42113 affects the Linux kernel: net: txgbe: initialize num_q_vectors for MSI/INTx interrupts. When MSI/INTx are used, wx->num_q_vectors remains uninitialized, causing a kernel panic in wx_alloc_q_vectors() when allocating queue vectors. The description confirms the issue is resolved i...

5.5CVSS6.4AI score0.00239EPSS
CVE
CVE
added 2025/02/27 2:18 a.m.77 views

CVE-2024-49570

The CVE is in the Linux kernel DRM- XE tracing code. A potential use-after-free (UAF) arises from TP_printk dereferencing xe_mem_type_to_name[] during tracing of xe_bo_move in the xe trace event, exposing a TP_printk-time UAF. The fix avoids dereferencing xe_mem_type_to_name[] at TP_printk time b...

7.8CVSS5.5AI score0.0021EPSS
CVE
CVE
added 2025/02/27 2:18 a.m.77 views

CVE-2025-21778

CVE-2025-21778 : In the Linux kernel, a fault occurs when mmap() is used on a trace ring buffer attached to reserve_mem. The mapping relied on virt_to_page() which does not work with vmap’d memory, causing a kernel oops during access. The fix disables mmap() for such persistent ring buffers (rese...

5.5CVSS6.4AI score0.00191EPSS
CVE
CVE
added 2025/02/27 8:0 p.m.77 views

CVE-2025-21800

CVE-2025-21800 : Linux kernel fix for net/mlx5: HWS, where definer’s HWS_SET32 macro used a negative bit offset, triggering UBSAN shift-out-of-bounds in drivers/net/ethernet/mellanox/mlx5/core/steering/hws/definer.c (offset -8). This is a local issue with high impact to confidentiality/integrity/...

7.8CVSS6.6AI score0.00201EPSS
CVE
CVE
added 2025/05/20 3:21 p.m.77 views

CVE-2025-37896

CVE-2025-37896 addresses a divide-by-zero in spi-mem duration calculation (spi_mem_calc_op_duration) when dummy bytes are zero in certain SPI flash operations (e.g., Winbond SPINAND write_cache/update_cache). The fix skips the ncylcles calculation when dummy bytes are zero, preventing the divide ...

5.5CVSS6.4AI score0.0014EPSS
CVE
CVE
added 2025/06/18 9:33 a.m.77 views

CVE-2025-38045

CVE-2025-38045 is a Linux kernel vulnerability affecting the wifi driver (iwlwifi). The issue arises from an incorrect order of debug actions; the fix adds a dump split and executes the FW reset in the middle of the dump rather than causing the FW to kill itself on error. This change means that s...

5.5CVSS6.5AI score0.0016EPSS
CVE
CVE
added 2025/06/18 9:33 a.m.77 views

CVE-2025-38051

CVE-2025-38051 affects the Linux kernel CIFS client: a race in the readdir/concurrency path allows a use-after-free in cifs_fill_dirent when the rsp buffer is freed, leading to a reported KASAN-use-after-free. The vulnerability is tracked with a CVSSv3.1 vector of CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U...

7CVSS6.2AI score0.00181EPSS
CVE
CVE
added 2025/06/18 9:33 a.m.77 views

CVE-2025-38071

CVE-2025-38071 affects the Linux kernel (x86/mm). Root cause: memblock_phys_alloc_range() may return 0 on failure when CONFIG_PHYSICAL_START=0x100000, causing memblock_phys_free() to mis-handle the first 4 MiB of memory and crash. The vulnerability is resolved in the kernel by checking the return...

5.5CVSS6.3AI score0.00155EPSS
CVE
CVE
added 2025/07/03 8:13 a.m.77 views

CVE-2025-38097

CVE-2025-38097 affects the Linux kernel’s espintcp encap socket caching. The current caching scheme creates a reference leak on the encap socket chain: xfrm_state -> encap_sk -> netns. If the espintcp state is deleted before removing the netns, the netns can be leaked; otherwise the netns i...

5.5CVSS7.1AI score0.00157EPSS
CVE
CVE
added 2025/07/03 8:13 a.m.77 views

CVE-2025-38099

CVE-2025-38099 : In the Linux kernel, a SCO Bluetooth connection could lock up the controller if voice settings are not properly read or supported. SUSE/OpenSUSE advisories (e.g., openSUSE-SU-2025-20081-1) list CVE-2025-38099 among fixed kernel vulnerabilities with MEDIUM/LOW to HIGH impact range...

5.5CVSS7.1AI score0.00155EPSS
CVE
CVE
added 2025/07/04 1:37 p.m.77 views

CVE-2025-38183

CVE-2025-38183 relates to a Linux kernel lan743x driver issue where lan743x_ptp_io_event_clock_get() could write past ptp->extts[] because LAN743X_PTP_N_EXTTS was 4 while channel could be up to 7. The root cause is an out-of-bounds write in extts[channel] when updating local timestamps. The fi...

7.8CVSS6.5AI score0.00155EPSS
CVE
CVE
added 2025/07/09 10:42 a.m.77 views

CVE-2025-38244

The CVE-2025-38244 entry concerns a deadlock in the Linux kernel CIFS/SMB client when reconnecting channels. The issue stems from improper lock ordering in cifs_signal_cifsd_for_reconnect(), introducing a circular dependency between three locks: tcp_ses->srv_lock, ret_buf->ses_lock, and ret...

5.5CVSS6.5AI score0.00107EPSS
CVE
CVE
added 2025/07/09 10:42 a.m.77 views

CVE-2025-38246

The CVE-2025-38246 issue is in the bnxt driver of the Linux kernel, where XDP_REDIRECT testing could trigger list corruption (next->prev vs prev) in the XDP redirect path, resulting in a kernel crash. The connected Astra/OpenSUSE/SUSE/NASL entries confirm the Linux kernel bnxt fix to properly ...

5.5CVSS6.4AI score0.00138EPSS
CVE
CVE
added 2025/07/10 7:41 a.m.77 views

CVE-2025-38272

CVE-2025-38272 : In the Linux kernel, the bcm63xx DSA switch could attempt to enable EEE on external PHYs connected to multiple RGMII ports, causing a system hang when accessing non-existent EEE registers. The fix is to gate EEE configuration by actually checking switch support before enabling it...

5.5CVSS6.6AI score0.00154EPSS
CVE
CVE
added 2025/07/10 7:41 a.m.77 views

CVE-2025-38277

CVE-2025-38277 affects the Linux kernel mtd: nand: ecc-mxic code. The bug occurs when ctx->steps is zero: the loop over ECC steps is skipped and ret is left uninitialized, later checked/returned, causing undefined behavior and potential user-space disruption or kernel crashes. The fix initiali...

5.5CVSS6.5AI score0.00156EPSS
CVE
CVE
added 2025/07/10 7:42 a.m.77 views

CVE-2025-38282

CVE-2025-38282 affects the Linux kernel kernfs draining guard. The issue stems from a too-sensitive WARN in kernfs_should_drain_open_files() due to the active reference break/unbreak lifecycle, which can transiently misclassify legitimate callers as a condition requiring drain. Upstream fixes ind...

5.5CVSS6.5AI score0.00156EPSS
CVE
CVE
added 2025/07/10 7:42 a.m.77 views

CVE-2025-38299

CVE-2025-38299 affects the Linux kernel ASoC Mediatek mt8195 driver. Root cause: ETDM1/2 IN/OUT were set to COMP_DUMMY/COMP_EMPTY when codec dai_name is null, leading to a NULL pointer dereference and kernel crash during probe. The fix initializes or guards these links to safe dummy/empty compone...

5.5CVSS6.4AI score0.00143EPSS
CVE
CVE
added 2025/07/10 7:42 a.m.77 views

CVE-2025-38310

CVE-2025-38310 refers to a Linux kernel vulnerability in seg6 where validation of nexthop addresses could read uninitialized memory if the provided length exceeded the actual data; the fix enforces that the provided length exactly matches the specified length. The connected advisories confirm the...

5.5CVSS6.4AI score0.00137EPSS
CVE
CVE
added 2025/07/10 7:42 a.m.77 views

CVE-2025-38319

CVE-2025-38319 affects the Linux kernel’s DRM/AMD/PP path. The vulnerability arises because atomctrl_initialize_mc_reg_table() and atomctrl_initialize_mc_reg_table_v2_2() do not validate the return value of smu_atom_get_data_table(); if that call fails to obtain vram_info and returns NULL, a NULL...

5.5CVSS6.5AI score0.00145EPSS
CVE
CVE
added 2025/07/25 12:53 p.m.77 views

CVE-2025-38389

CVE-2025-38389 affects the Linux kernel i915 DRM stack (drm/i915/gt). The vulnerability arises when ring submission allocation fails during VMA allocation, leaving the engine’s legacy timeline referenced and not released on driver unbind, potentially causing a left-held timeline and related insta...

7.8CVSS6.3AI score0.00179EPSS
CVE
CVE
added 2025/07/25 3:27 p.m.77 views

CVE-2025-38451

CVE-2025-38451 affects the Linux kernel’s md/md-bitmap code. The issue caused a GPF in bitmap_get_stats() when handling external or internal bitmaps due to missing super-block validation. The fix adds a super-block existence check for both internal and external cases, preventing the non-canonical...

5.5CVSS6.5AI score0.00147EPSS
CVE
CVE
added 2025/07/28 11:21 a.m.77 views

CVE-2025-38475

CVE-2025-38475 : Linux kernel SMC sockets suffered from inet_sock type confusion causing oops/double-free behavior when freeing inet_opt due to smc_sock hijacking AF_INET/AF_INET6 fields. Root cause: smc_sock did not place inet_sock as the first member, allowing misinterpretation of function poin...

5.5CVSS6.5AI score0.00135EPSS
CVE
CVE
added 2025/07/28 11:22 a.m.77 views

CVE-2025-38493

CVE-2025-38493 concerns the Linux kernel vulnerability in tracing/osnoise, specifically timerlat_dump_stack(). The root cause is a faulty memcpy that uses a size field containing garbage from the ring buffer, which can trigger a buffer overflow and kernel panic when stack data is dumped. The vuln...

5.5CVSS6.5AI score0.00151EPSS
CVE
CVE
added 2026/03/18 10:5 a.m.77 views

CVE-2026-23243

CVE-2026-23243 is a Linux kernel vulnerability involving RDMA/umad_write, where user-controlled MAD header size mismatch could yield a negative data_len, leading to an out-of-bounds memset in alloc_send_rmpp_list. The issue has a concrete upstream fix that rejects negative data_len before creatin...

7.8CVSS5.7AI score0.00125EPSS
CVE
CVE
added 2026/04/24 2:42 p.m.77 views

CVE-2026-31607

CVE-2026-31607 (Linux kernel USB/IP) : A RET_SUBMIT response can cause an out-of-bounds write when usbip_pack_ret_submit() overwrites urb->number_of_packets without validation. The loop bound in usbip_recv_iso()/usbip_pad_iso() then writes beyond urb->iso_frame_desc[], triggering a heap OOB...

9.8CVSS5.6AI score0.00311EPSS
CVE
CVE
added 2000/04/18 4:0 a.m.76 views

CVE-1999-0720

The set of connected records confirms a Linux-specific vulnerability in the pt_chown utility: local attackers can modify TTY terminal devices that belong to other users, indicating a local privilege/permission misuse at the device level. The description across sources is consistent (pt_chown affe...

4.6CVSS6.8AI score0.0075EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.76 views

CVE-2002-1380

CVE-2002-1380 affects Linux kernel 2.2.x where a local user can cause a denial of service (crash) by invoking mmap() with PROT_READ to access non-readable memory pages via /proc/pid/mem. The underlying issue is a memory access vulnerability in the kernel that enables local DoS. Multiple connected...

2.1CVSS5.9AI score0.00873EPSS
Web
CVE
CVE
added 2004/12/22 5:0 a.m.76 views

CVE-2004-1058

CVE-2004-1058 is a race-condition vulnerability in the Linux kernel that can allow a local user to read environment variables of another process that is still spawning via /proc/.../cmdline. The initial description specifies Linux kernel 2.6 as affected. Connected advisories confirm this CVE is r...

1.2CVSS7AI score0.00391EPSS
Web
CVE
CVE
added 2005/02/24 5:0 a.m.76 views

CVE-2005-0529

CVE-2005-0529 concerns Linux kernel versions 2.6.10 and 2.6.11rc1-bk6, where proc_file_read and locks_read_proc use mismatched size types for offsets, causing a heap-based buffer overflow when a signed comparison yields negative values used in a positive context. Several connected advisories conf...

2.1CVSS6.5AI score0.00527EPSS
CVE
CVE
added 2005/03/26 5:0 a.m.76 views

CVE-2005-0867

CVE-2005-0867 involves an integer overflow in the Linux kernel 2.6 sysfs_write_file() function. The Ubuntu USN-110-1 and Red Hat RHSA-2005:366 describe a local user could exploit this to crash the kernel or possibly execute code with root privileges by writing to a user-writable sysfs file under ...

7.2CVSS6AI score0.00398EPSS
CVE
CVE
added 2005/08/12 4:0 a.m.76 views

CVE-2005-2553

CVE-2005-2553 affects Linux kernel 2.4.x before 2.4.29, where a NULL pointer dereference in ptrace32.c's find_target can crash the kernel when tracing a 64-bit executable with 32-bit ltrace. The vulnerability is local and may lead to a kernel oops/crash. Public advisories in connected docs (e.g.,...

2.1CVSS5.5AI score0.0055EPSS
CVE
CVE
added 2005/09/06 4:0 a.m.76 views

CVE-2005-2800

CVE-2005-2800 is a memory leak in the Linux kernel's SCSI procfs sg(devices) interface (for Linux 2.6.13 and earlier). Exploitation arises from repeated reads of /proc/scsi/sg/devices, leading to memory consumption and potential Denial of Service. Publicly documented references describe the issue...

2.1CVSS4.9AI score0.00828EPSS
CVE
CVE
added 2005/09/30 4:0 a.m.76 views

CVE-2005-3109

The CVE-2005-3109 entry affects the Linux 2.6 kernel HFS and HFS+ (hfsplus) modules. The issue allows a local attacker to cause a kernel oops/denial of service by mounting a filesystem that is not HFS/HFS+. Public disclosures in Debian (DSA-922-1) and Red Hat/CentOS advisories confirm this vulner...

2.1CVSS4.9AI score0.00423EPSS
CVE
CVE
added 2006/06/30 9:0 p.m.76 views

CVE-2006-2934

CVE-2006-2934 is a kernel-level DoS in SCTP conntrack (netfilter) for Linux kernels 2.6.17 before 2.6.17.3 and 2.6.16 before 2.6.16.23, where a crafted packet without chunks can trigger a value bug leading to a NULL dereference and crash. The connected advisories reference upstream kernel patches...

5CVSS7.1AI score0.05102EPSS
CVE
CVE
added 2006/11/22 1:0 a.m.76 views

CVE-2006-6056

CVE-2006-6056 affects Linux kernel 2.6.x up to 2.6.18 with SELinux hooks enabled. It causes a local denial of service (crash) via a malformed file stream that triggers a NULL pointer dereference in superblock_doinit when using an HFS filesystem image. Connected advisories (e.g., RHSA/CESA) indica...

4.9CVSS7AI score0.00525EPSS
CVE
CVE
added 2007/03/12 11:0 p.m.76 views

CVE-2007-1000

The CVE-2007-1000 issue affects the Linux kernel up to version 2.6.20.2, where the ipv6_getsockopt_sticky function in net/ipv6/ipv6_sockglue.c can trigger a NULL dereference through certain getsockopt calls, allowing local users to read arbitrary kernel memory. The vulnerability stems from a NULL...

7.2CVSS5.7AI score0.011EPSS
CVE
CVE
added 2007/04/24 4:0 p.m.76 views

CVE-2007-1353

CVE-2007-1353 affects the Linux kernel’s Bluetooth stack (L2CAP and HCI) and can allow a context-dependent attacker to read kernel memory via the copy_from_user call accessing an uninitialized stack buffer in the setsockopt pathway. The vulnerability is present in kernel versions prior to 2.4.34....

2.1CVSS6.9AI score0.00414EPSS
CVE
CVE
added 2011/01/25 6:0 p.m.76 views

CVE-2010-4256

CVE-2010-4256 affects the Linux kernel: the pipe_fcntl code in fs/pipe.c before 2.6.37 may misidentify named pipes, enabling a local user to cause a denial of service via an F_SETPIPE_SZ fcntl call. The issue is tracked across multiple advisories (e.g., Ubuntu USN-1083-1, RH advisories) and was f...

2.1CVSS7.7AI score0.00363EPSS
CVE
CVE
added 2011/08/29 5:0 p.m.76 views

CVE-2011-2928

CVE-2011-2928 affects the Linux kernel prior to 3.1-rc3, specifically the befs_follow_link function in fs/befs/linuxvfs.c. The flaw does not validate the length attribute of long symlinks on a malformed Be filesystem, enabling a local attacker to trigger an incorrect pointer dereference and OOPS,...

4.9CVSS7.5AI score0.00506EPSS
CVE
CVE
added 2013/02/19 7:0 p.m.76 views

CVE-2013-0290

The vulnerability CVE-2013-0290 affects the Linux kernel up to version 3.7.x (fixed in 3.8) and is due to how __skb_recv_datagram() in net/core/datagram.c handles MSG_PEEK when data length is zero. A local unprivileged user can trigger an infinite loop, causing a denial of service (system hang). ...

4.9CVSS5.9AI score0.00402EPSS
CVE
CVE
added 2013/03/14 8:0 p.m.76 views

CVE-2013-2548

The CVE-2013-2548 entry concerns the Linux kernel crypto user configuration API (the report API). Specifically, in crypto_report_one (crypto/crypto_user.c), an incorrect length value during a copy operation in the report path allows a local user with CAP_NET_ADMIN to leak kernel memory. The descr...

2.1CVSS5.3AI score0.00385EPSS
CVE
CVE
added 2013/04/22 10:0 a.m.76 views

CVE-2013-3226

CVE-2013-3226 affects the Linux kernel Bluetooth SCO stack: sco_sock_recvmsg() in net/bluetooth/sco.c does not initialize a length variable, allowing local attackers to read kernel stack memory via crafted recvmsg/recvfrom calls. Affected releases are kernels prior to 3.9-rc7; the issue is addres...

4.9CVSS5.5AI score0.0037EPSS
CVE
CVE
added 2013/04/22 10:0 a.m.76 views

CVE-2013-3227

CVE-2013-3227 affects the Linux kernel. The vulnerability is in the caif_seqpkt_recvmsg function (net/caif/caif_socket.c) where a length variable is not initialized. This can allow a local user to obtain sensitive information from kernel stack memory through a crafted recvmsg or recvfrom system c...

4.9CVSS5.2AI score0.00378EPSS
Total number of security vulnerabilities14330