13804 matches found
CVE-2014-4157
CVE-2014-4157 affects the Linux kernel on MIPS up to 3.14.8. The fast system-call path does not configure _TIF_SECCOMP checks, letting local attackers bypass PR_SET_SECCOMP restrictions by running a crafted app without trace/audit. Impact: partial confidentiality, integrity, and availability (loc...
CVE-2017-0510
CVE-2017-0510 describes an elevation-of-privilege vulnerability in the Android kernel FIQ debugger that could allow a local malicious app to execute code in kernel context. Affected: Android on Kernel-3.10 (Nexus 9 cited). Impact: potential local permanent device compromise requiring OS reflashin...
CVE-2017-0523
CVE-2017-0523 is an elevation-of-privilege vulnerability in the Qualcomm Wi‑Fi driver that could allow a local malicious app to execute arbitrary code in the kernel. The CVSS3 vector indicates LOCAL access, high complexity, no privileges required, but user interaction is required; root cause is e...
CVE-2017-8067
The vulnerability CVE-2017-8067 affects the Linux kernel drivers/char/virtio_console.c in kernels 4.9.x and 4.10.x prior to 4.10.12, where improper interaction with CONFIG_VMAP_STACK allows a local user to cause a denial of service (system crash or memory corruption) or other impact by using more...
CVE-2017-9211
The CVE-2017-9211 flaw affects the Linux kernel component crypto_skcipher_init_tfm in crypto/skcipher.c up to version 4.11.2. It relies on setkey without a key-size check, allowing a local user to cause a denial of service via a NULL pointer dereference. The connected documents indicate a patch/c...
CVE-2018-14656
Summary: CVE-2018-14656 describes a Linux kernel flaw where a missing address check in the callers of show_opcodes() can cause dumping of kernel memory into the dmesg log. The linked connected documents (Unity Linux advisories and OSV entries) confirm this kernel memory disclosure behavior. Affec...
CVE-2021-47128
CVE-2021-47128 affects the Linux kernel’s SELinux lockdown integration (locked_down LSM hook). The vulnerability stems from buggy SELinux lockdown permission checks in the interaction between bpf/audit pathways and the lockdown checks, which can trigger problematic audit logging and deadlocks. Ex...
CVE-2021-47147
CVE-2021-47147 affects the Linux kernel (ptp: ocp). The issue is a resource leak in an error path after a successful pci_ioremap_bar() unless a corresponding pci_iounmap() is invoked, as implemented in the remove path. The connected documents confirm the vulnerability and its fix in the kernel, w...
CVE-2021-47174
CVE-2021-47174 refers to a Linux kernel netfilter nft_set_pipapo_avx2 issue. The vulnerability stems from missing irq_fpu_usable() handling in the AVX2 path, triggering a backtrace in nft_pipapo_avx2_lookup and related nft lookups under AVX2. The vulnerability was resolved by adding an irq_fpu_us...
CVE-2021-47199
The CVE-2021-47199 issue in the Linux kernel's mlx5e CT offload layer causes a memleak of mod hdr actions due to CT clear action offload flow handling. Specifically, CT clear action offload adds the same set of mod hdr actions to reset ct_state when an encap action is present, potentially repeati...
CVE-2021-47227
The CVE-2021-47227 issue concerns the Linux kernel x86 fpu path: the non‑compacted slowpath could copy a user XSAVE buffer into kernel space via __copy_from_user(), potentially leaving the kernel XSAVE buffer in an invalid state that XRSTOR could fault on. The identified root cause is improper ha...
CVE-2021-47243
The CVE-2021-47243 issue concerns the Linux kernel's cake_qdisc TCP option parser. Affected code paths cake_get_tcpopt and cake_tcph_may_drop could read one byte out of bounds when processing TCP options, particularly if the option length is 1, leading to a second read for opcodes not equal to TC...
CVE-2021-47272
The CVE-2021-47272 item concerns a Linux kernel issue in the DWC3 gadget path. A failure in dwc3_gadget_init() can leave dwc->gadget dangling and lead to dereferencing an invalid gadget pointer or freeing unmapped DMA memory during mode switches peripheral/host. The root cause is an unsafe ref...
CVE-2021-47608
CVE-2021-47608 involves a bug in the Linux kernel BPF fetch path (bpf: Fix kernel address leakage in atomic fetch) where a faulty check_mem_access() handling could cause leakage of kernel pointers from spilled stack registers when performing atomic XADD. The issue arises in the BPF_FETCH path, wh...
CVE-2021-47617
CVE-2021-47617 affects the Linux kernel PCIe hot-plug controller (pciehp) in the PCIe Slot Common Service, specifically the Power Fault Detected (PFD) handling. The issue caused an infinite loop in the IRQ path due to the hardirq handler clearing the PFD bit before the power_fault_detected flag c...
CVE-2021-47669
In the provided materials, CVE-2021-47669 is tied to the Linux kernel, specifically a use-after-free condition in the vxcan_xmit path of can: vxcan. After calling netif_rx_ni(skb), the code may dereference skb, and the canfd_frame cfd that aliases skb memory can be accessed post-netif_rx_ni, lead...
CVE-2022-3103
Technical details about CVE-2022-3103 are not publicly provided in the supplied documents. Monitor for updates from vendors and security advisories; current sources only note an off-by-one issue in the io_uring module without specifics.
CVE-2022-48726
CVE-2022-48726 affects the Linux kernel’s RDMA/ucma code path, specifically a use-after-free in ucma_cleanup_multicast and related flows (ucma_destroy_private_ctx, ucma_write) caused by touching a concurrently freed multicast structure during a multicast leaves operation. The description notes th...
CVE-2022-48741
Technical details (affected product/component/versions/root cause/impact/fix) are not publicly provided in the supplied documents. Monitor for updates; no concrete technical specifics are available here.
CVE-2022-48745
The CVE-2022-48745 entry refers to a Linux kernel vulnerability in the net/mlx5 component where a race condition can occur due to del_timer() usage during the fw reset polling flow. The affected code substitutes del_timer() with del_timer_sync() to avoid deactivation of a timer while its interrup...
CVE-2022-48778
CVE-2022-48778 concerns a Linux kernel issue in mtd: rawnand gpmi where a PM runtime reference could leak in the error path if gpmi_nfc_apply_timings() fails. The provided documents consistently describe the vulnerability and its resolution, noting that the PM runtime usage counter must be droppe...
CVE-2022-48801
CVE-2022-48801 concerns the Linux kernel IIO subsystem, specifically the IIO_BUFFER_GET_FD_IOCTL path. The issue arises when copying the newly created file descriptor to userland fails; the cleanup attempts use put_unused_fd() for the descriptor that was already published by anon_inode_getfd() vi...
CVE-2022-48815
CVE-2022-48815 affects the Linux kernel bcm_sf2 DSA/MDIO path. The root cause is unsafe interaction between devres-managed mdiobus allocation/registration and manual mdiobus unregistering, where mdiobus_free() may panic if devm_mdiobus_free() triggers devres_release_all() before the bus is unregi...
CVE-2022-48845
CVE-2022-48845 affects the Linux kernel on MIPS SMP builds, where mis-timing of CPU topology map calculation caused smt_mask (cpu_smt_mask) to be empty during sched_core_cpu_starting(). The issue arises after enabling CONFIG_SCHED_CORE (landed around 5.14), leading to a WARN at sched_core_cpu_sta...
CVE-2022-49743
CVE-2022-49743 affects the Linux kernel's overlay filesystem (ovl). The fix changes memcpy destination to use the root_buf/“buf” flexible array to avoid Fortify_SOURCE warnings. Root cause: copying into a flexible array that wasn’t the memcpy destination previously triggered a false positive warn...
CVE-2022-49840
CVE-2022-49840 affects the Linux kernel's BPF test_run path (bpf_prog_test_run_skb) where an odd-sized user-supplied BPF program could trigger an alignment fault on aarch64 leading to use-after-free in skb handling. The issue is caused by unaligned access to skb_shared_info when KFENCE is enabled...
CVE-2022-49898
CVE-2022-49898 affects the Linux kernel’s Btrfs tree-mod-log path. The issue arises in tree_mod_log_rewind() when replaying log entries for a block that should not have been replayed, triggering BUG_ON(tm->slot
CVE-2022-49929
CVE-2022-49929 relates to the Linux kernel RDMA/rxe path. The issue is a use-after-free-like leak in MR handling: rxe_recheck_mr() increments mr ref_cnt and, during RESPST_ERR_RNR, the code must call rxe_put(mr) to drop the extra reference to avoid a warning in __rxe_cleanup. The vulnerability is...
CVE-2022-49954
The CVE-2022-49954 issue concerns the Linux kernel and a race where, after clearing IFORCE_XMIT_RUNNING, wake_up was not invoked, causing a hung task in input handling (hang at __input_unregister_device() during iforce_close and input_disconnect_device()). The root cause per the provided descript...
CVE-2022-49956
CVE-2022-49956 in the Linux kernel refers to a use-after-free bug in the rtl8712 staging driver. The issue arises because _Read/Write_MACREG callbacks are NULL, causing read/write_macreg_hdl() to only free the pcmd pointer. The fix removes these callbacks to prevent the use-after-free. The vulner...
CVE-2022-49980
CVE-2022-49980 affects the Linux kernel USB gadget subsystem (udc). A race between uevent callbacks and gadget driver unregistration can cause a use-after-free in usb_udc_uevent(), when it dereferences udc->driver without holding the udc_lock mutex. If the gadget driver is unbound concurrently...
CVE-2022-50008
CVE-2022-50008 affects the Linux kernel kprobes subsystem. The issue arises when __disable_kprobe() and its call to disarm_kprobe() interact with a probe that has already been disarmed, triggering WARN_ONCE() and leading to incomplete cleanup. This can cause an infinite loop in tk->rp.kp.list ...
CVE-2022-50012
CVE-2022-50012 affects the Linux kernel on 64-bit PowerPC (powerpc/64). The root cause is that jump_label_init() is invoked in setup_feature_keys() too late, since static keys may be used by subroutines of parse_early_param(), which itself is a subroutine of early_init_devtree(). The result is th...
CVE-2022-50084
CVE-2022-50084 - Kernel dm-raid KASAN warning fix Context: Linux kernel vulnerability resolved in the dm-raid area, where an AddressSanitizer slab-out-of-bounds read could occur in raid_status. The fault manifested as a read of 4 bytes from conf->max_nr_stripes when mddev->private was cast ...
CVE-2022-50101
CVE-2022-50101 affects the Linux kernel’s fbdev vt8623fb code. The flaw arises in vt8623fb_set_par(), where a user-supplied value is used to compute screen_size. If screen_size exceeds info->screen_size, a memory write via memset_io() can trigger a supervisor-page fault (kernel crash). The rep...
CVE-2022-50140
CVE-2022-50140 affects the Linux kernel memstick/ms_block subsystem. The root cause is a memory leak where erased_blocks_bitmap is allocated with used_blocks_bitmap but not freed; the patch adds bitmap_free() in msb_data_clear() to free erased_blocks_bitmap. The CVSS 3.1 base score is 5.5 (MEDIUM...
CVE-2022-50156
CVE-2022-50156 affects the Linux kernel HID cp2112 driver (cp2112_xfer). The issue is a potential buffer overflow in memcpy when read_length (taken from data->block[0], user-controlled, 0-255) is not bounded, causing overflow of data->block[1] and buf. Patches have added an upper bound to r...
CVE-2022-50164
CVE-2022-50164 concerns the Linux kernel wifi driver (iwlwifi, mvm). The issue is a bug in iwl_mvm_mac_wake_tx_queue where a double list_add can leave related lists uncleared after a successful station association if station queues are disabled, allowing a new element to link with a stale one. Th...
CVE-2022-50165
CVE-2022-50165 affects the Linux kernel wifi/wil6210 debugfs, where a logic error in wil_write_file_wmi() stems from a commit that changed simple_write_to_buffer() to memdup_user() but did not adjust the return value, leaving rc uninitialized and returning rc. The fix is to return the length when...
CVE-2022-50169
CVE-2022-50169 references a vulnerability in the Linux kernel’s wifi/wil6210 debugfs handling (wil_write_file_wmi). The root cause is that simple_write_to_buffer() succeeds if any single byte is initialized, which can leak information because the entire buffer may not be initialized. The fix init...
CVE-2022-50202
CVE-2022-50202 maps to a Linux kernel vulnerability in the PM: hibernate flow where resuming from hibernation defers device probing. The described race involves probe_count, with wait_for_device_probe() potentially sleeping indefinitely while misc_mtx is held, due to three conditions (a device no...
CVE-2023-20811
CVE-2023-20811 involves a boundary-check failure in the MediaTek IOMMU, causing an out-of-bounds write that could enable local privilege escalation with system privileges. Affected component: IOMMU sub-system (MediaTek). Root cause: missing bounds check leading to out-of-bounds write. Impact: loc...
CVE-2023-3312
CVE-2023-3312 affects the Linux kernel cpufreq driver: drivers/cpufreq/qcom-cpufreq-hw.c, where an issue during device unbind can cause a double-release leading to a denial of service. Affected products are the Linux kernel (ARM/QCOM CPUFreq HW driver); the underlying root cause is the double-rel...
CVE-2023-52795
Summary: CVE-2023-52795 affects the Linux kernel vhost-vdpa path. The vulnerability is a use-after-free/double-free in vhost_vdpa_probe() caused by put_device() calling vhost_vdpa_release_dev() which frees a device via ida_simple_remove(). This was resolved in the Linux kernel; the Astra Linux ad...
CVE-2023-52797
CVE-2023-52797 is a Linux kernel vulnerability resolved by ensuring find_first_bit() return values are checked before using them as an index (prevents overflow and panic). Affected component: drivers perf in the kernel. The fix (cited in connected advisories) adds a check on the return value to a...
CVE-2023-52910
CVE-2023-52910 (Linux kernel, iommu/iova overflow) : In __alloc_and_insert_iova_range, retry_pfn can overflow because iovad->anchor.pfn_hi is ~0UL. When iovad->cached_node == iovad->anchor, curr_iova->pfn_hi + 1 overflows, causing low_pfn to reset to 0 and making new_pfn
CVE-2023-52998
CVE-2023-52998 — In the Linux kernel’s fec driver, freeing RX buffers used page_pool_release_page, which unmaps but doesn’t recycle pages, enabling memory exhaustion after repeated eth0 up/down. A fix replaces it with page_pool_put_full_page, recycling the page when refcnt == 1. The vulnerability...
CVE-2023-53029
The CVE-2023-53029 entry concerns the Linux kernel, specifically the octeontx2-pf driver. The vulnerability/issue arises from GFP_KERNEL usage in atomic contexts for the rt (real-time) kernel, triggering sleep warnings in atomic context (BUG: sleeping function called from invalid context) and rel...
CVE-2023-53080
CVE-2023-53080 affects the Linux kernel component handling AF_XDP/XSK: specifically the xdp_umem_reg path. The vulnerability arises because the number of chunks can overflow a 32-bit unsigned integer, potentially enabling overflow. The provided connected documents confirm the fix: the kernel now ...
CVE-2023-53082
CVE-2023-53082 affects the Linux kernel’s VP_VDPA/VDPA path. The root cause is a use-after-free when unplugging a vp_vdpa device, caused by vdpa_mgmtdev_unregister() accessing modern devices during removal, leading to a crash observed as a kernel panic. The patches fix the crash by changing the s...