14330 matches found
CVE-2010-1162
CVE-2010-1162 affects the Linux kernel before 2.6.34-rc4, in which release_one_tty() in drivers/char/tty_io.c omits certain required put_pid() calls. The impact is described as unspecified, with local attack vectors. The available connected documents confirm the vulnerability and reference the af...
CVE-2011-0709
CVE-2011-0709 affects the Linux kernel’s networking bridge code: the br_mdb_ip_get function in net/bridge/br_multicast.c is vulnerable when there is no multicast table, allowing remote attackers to trigger a NULL pointer dereference and crash the system via IGMP traffic. Affected: Linux kernel ve...
CVE-2011-0999
CVE-2011-0999 affects the Linux kernel (mm/huge_memory.c) up to 2.6.38-rc5. A local attacker could trigger creation of a transparent huge page (THP) during a temporary stack for an exec() call, enabling memory exhaustion and potential other impact. The issue is caused by not preventing THP creati...
CVE-2011-2707
The CVE-2011-2707 entry affects the Linux kernel's arch/xtensa/kernel/ptrace.c, where the ptrace_setxregs() function does not validate user-space pointers. This allows a local user to read kernel memory via a crafted PTRACE_SETXTREGS request, as described for Linux kernel versions before 3.1. Pub...
CVE-2012-5374
CVE-2012-5374: In the Linux kernel's Btrfs CRC32C hashing, pre-3.8-rc1 versions allow local users to trigger a denial of service by creating many files whose names map to the same CRC32C hash, extending kernel runtime. Verified by Nessus plugins describing a local DoS in Btrfs hashing within affe...
CVE-2013-1958
CVE-2013-1958 affects Linux kernels before 3.8.6 where scm_check_creds in net/core/scm.c fails to enforce capabilities for the PID value tied to a UNIX domain socket, allowing local users to bypass access controls during a window when a user namespace exists but a PID namespace is not yet created...
CVE-2013-2017
CVE-2013-2017 affects the Linux kernel veth driver: SKB handling during congestion is flawed, enabling a remote DoS (system crash) via lack of skb consumption and a double-free. Affected: kernel versions before 2.6.34; remediation is upgrading to a kernel version where the issue is fixed (2.6.34+...
CVE-2013-2546
CVE-2013-2546 concerns the Linux kernel 3.8.2 era: the crypto report API in the crypto user configuration API uses an incorrect string-copy function, enabling a local attacker with CAP_NET_ADMIN to leak information from kernel stack memory. The vulnerability is scoped to the report API in the ker...
CVE-2015-4177
CVE-2015-4177 affects the Linux kernel, where the collect_mounts function in fs/namespace.c before 4.0.5 may run after a path has been unmounted. This can enable local users with user-namespace root access to trigger a denial of service (system crash) via an MNT_DETACH umount2 call. The vulnerabi...
CVE-2017-0510
CVE-2017-0510 describes an elevation-of-privilege vulnerability in the Android kernel FIQ debugger that could allow a local malicious app to execute code in kernel context. Affected: Android on Kernel-3.10 (Nexus 9 cited). Impact: potential local permanent device compromise requiring OS reflashin...
CVE-2017-0524
CVE-2017-0524 concerns an elevation-of-privilege in the Synaptics touchscreen driver within Android kernels, allowing a local malicious application to execute arbitrary kernel code. According to the linked sources, affected components are the Synaptics touchscreen driver in Android products with ...
CVE-2017-0569
CVE-2017-0569 is a local elevation-of-privilege flaw in the Broadcom Wi‑Fi driver (bcmdhd) used by Android. The root cause is a kernel‑level heap/buffer risk in handling a crafted WLC_E_PFN_SWC event: an attacker controlling the Wi‑Fi dongle can force a mismatch between total_count and pkt_count,...
CVE-2017-8067
The vulnerability CVE-2017-8067 affects the Linux kernel drivers/char/virtio_console.c in kernels 4.9.x and 4.10.x prior to 4.10.12, where improper interaction with CONFIG_VMAP_STACK allows a local user to cause a denial of service (system crash or memory corruption) or other impact by using more...
CVE-2017-9211
The CVE-2017-9211 flaw affects the Linux kernel component crypto_skcipher_init_tfm in crypto/skcipher.c up to version 4.11.2. It relies on setkey without a key-size check, allowing a local user to cause a denial of service via a NULL pointer dereference. The connected documents indicate a patch/c...
CVE-2021-47318
CVE-2021-47318 concerns the Linux kernel’s topology management. The vulnerability arises in arch_topology where topology_scale_freq_tick() may dereference a pointer to a previously cleared scale_freq_data , due to missing protection before the data is freed. The issue is localized to the kernel’s...
CVE-2021-47613
CVE-2021-47613 concerns a Linux kernel i2c virtio issue where the notify callback could run before all buffers are completed, risking incorrect I2C data or guest memory corruption. The confirmed fix is to call virtio_get_buf() from the notify handler (as in other virtio drivers) and to wait for a...
CVE-2021-47617
CVE-2021-47617 affects the Linux kernel PCIe hot-plug controller (pciehp) in the PCIe Slot Common Service, specifically the Power Fault Detected (PFD) handling. The issue caused an infinite loop in the IRQ path due to the hardirq handler clearing the PFD bit before the power_fault_detected flag c...
CVE-2022-48722
CVE-2022-48722 affects the Linux kernel, specifically the net/ieee802154: ca8210 path. On error, the helper ieee802154_xmit_complete() is not invoked and only ieee802154_wake_queue() is called, which can leak an skb. The remediation is to free the skb structure upon error before returning. Multip...
CVE-2022-48725
CVE-2022-48725: Linux kernel RDMA/siw: fix refcounting leak in siw_create_qp by ensuring atomic_inc() is paired with atomic_dec() on the error path. The issue allows a leak on error handling during QP creation; remediation is a kernel patch (e.g., commits listed in the references) that corrects t...
CVE-2022-48726
CVE-2022-48726 affects the Linux kernel’s RDMA/ucma code path, specifically a use-after-free in ucma_cleanup_multicast and related flows (ucma_destroy_private_ctx, ucma_write) caused by touching a concurrently freed multicast structure during a multicast leaves operation. The description notes th...
CVE-2022-48731
CVE-2022-48731 is a Linux kernel vulnerability affecting mm/kmemleak: when using devm_request_free_mem_region() and devm_memremap_pages() to add ZONE_DEVICE memory, an excessively large end_pfn (e.g., 0x400000000) can make node_end_pfn() oversized, creating a huge hole between node_start_pfn() an...
CVE-2022-48745
The CVE-2022-48745 entry refers to a Linux kernel vulnerability in the net/mlx5 component where a race condition can occur due to del_timer() usage during the fw reset polling flow. The affected code substitutes del_timer() with del_timer_sync() to avoid deactivation of a timer while its interrup...
CVE-2022-48801
CVE-2022-48801 concerns the Linux kernel IIO subsystem, specifically the IIO_BUFFER_GET_FD_IOCTL path. The issue arises when copying the newly created file descriptor to userland fails; the cleanup attempts use put_unused_fd() for the descriptor that was already published by anon_inode_getfd() vi...
CVE-2022-48815
CVE-2022-48815 affects the Linux kernel bcm_sf2 DSA/MDIO path. The root cause is unsafe interaction between devres-managed mdiobus allocation/registration and manual mdiobus unregistering, where mdiobus_free() may panic if devm_mdiobus_free() triggers devres_release_all() before the bus is unregi...
CVE-2022-48821
In CVE-2022-48821, the Linux kernel misc/fastrpc path fixes a use-after-free: if FASTRPC_IOCTL_ALLOC_DMA_BUFF copy-back to userland fails, the code previously called dma_buf_put() on a buffer no longer owned, risking a stale fd entry. The remediation avoids dma_buf_put() in that failure path and ...
CVE-2022-48845
CVE-2022-48845 affects the Linux kernel on MIPS SMP builds, where mis-timing of CPU topology map calculation caused smt_mask (cpu_smt_mask) to be empty during sched_core_cpu_starting(). The issue arises after enabling CONFIG_SCHED_CORE (landed around 5.14), leading to a WARN at sched_core_cpu_sta...
CVE-2022-48847
CVE-2022-48847 concerns the Linux kernel: a fix for watch_queue_set_filter() where a type check used BITS_PER_LONG could overflow the type_filter bitmap, enabling out-of-bounds writes to wfilter->type_filter and to wfilter->filters[]. The issue arises from two separate checks; one uses 8* s...
CVE-2022-48925
CVE-2022-48925 affects the Linux kernel RDMA/CMA path. The issue arises when the state is not idle: resolve_prepare_src() may overwrite route.addr.src_addr, potentially corrupting the source address and triggering a use-after-free trace in cma_cancel_listens() paths. The bug can occur with states...
CVE-2022-49161
The CVE-2022-49161 entry pertains to the Linux kernel ASoC: mediatek mt8183_da7219_max98357_dev_probe. The vulnerability root cause is a refcount leak caused by not calling of_node_put() in error paths after of_parse_phandle() returns a device_node with incremented refcount. The description indic...
CVE-2022-49186
CVE-2022-49186 describes a Linux kernel vulnerability in the Visconti clock driver where a -1 sentinel used to indicate no reset function is stored in an unsigned 8-bit field. This caused the check if (clks[i].rs_id >= 0) to always be true, leading to an out-of-bounds access in visconti_clk_re...
CVE-2022-49195
The CVE-2022-49195 entry documents a Linux kernel issue in the DSA driver: during multi-chip probing, all switches must probe, but up to N-1 may bind and later shutdown since the Nth switch initializes the tree. If that Nth initialization fails, shutdown on the other switches dereferences uniniti...
CVE-2022-49245
CVE-2022-49245 affects the Linux kernel ASoC Rockchip implementation, specifically the rockchip_i2s_tdm_resume path. The root cause is that pm_runtime_get_sync would increment the PM usage counter even when the operation failed, leading to a reference counter leak. The documented fix replaces the...
CVE-2022-49380
The CVE-2022-49380 entry concerns a Linux kernel F2FS bug where total_valid_block_count/total_valid_node_count could fuzz to zero, leading to a BUG_ON() during dec_valid_node_count() in f2fs_remove_inode_page()/f2fs_evict_inode(). The issue was fixed by printing a warning and changing behavior to...
CVE-2022-49405
CVE-2022-49405 affects the Linux kernel staging driver for r8188eu (rtw_wx_set_scan). The vulnerability arises from an overflow in the Ssid[] array: while there is a read overflow check, an additional check is needed to prevent writing beyond the end of the array. Multiple connected bulletins con...
CVE-2022-49458
CVE-2022-49458 concerns the Linux kernel MSM DRM path where, if an error occurs before a request_irq() call, msm_drm_uninit() could call free_irq() on an IRQ that was not requested. The described backtrace shows a “Trying to free already-free IRQ” in a Qualcomm SM8350 environment, indicating a us...
CVE-2022-49762
CVE-2022-49762: In the Linux kernel, ntfs_attr_find() can overflow when iterating ATTR_RECORDs in MFT records, due to adding le32_to_cpu(a->length) to the current pointer and wrapping on 32‑bit systems. A patch adds bounds checks when computing the end address of the current ATTR_RECORD to pre...
CVE-2022-50024
CVE-2022-50024 affects the Linux kernel DMA engine (dmaengine) dw-axi-dmac. The issue occurs when axi_chan_dump_lli() is given a NULL LLI pointer, which can trigger an OOPS by attempting to read fields from a NULL structure. The fix is to print a NULL LLI and exit instead of dereferencing it. Aff...
CVE-2022-50036
CVE-2022-50036 affects the Linux kernel component drm/sun4i: dsi. The underflow occurred when computing packet sizes due to subtracting packet overhead with unsigned arithmetic; with a short sync pulse the subtraction could wrap to a large unsigned value. The remediation is a fix that uses signed...
CVE-2022-50062
The CVE-2022-50062 issue concerns the Linux kernel net: bgmac path. A bug triggered by wrong bytes_compl can cause a kernel BUG_ON inside bgmac_dma_tx_free() when called from bgmac_poll(), due to a race between setting ring->end and netdev_sent_queue() and an RX interrupt. Reported on an ARM 4...
CVE-2022-50094
CVE-2022-50094 relates to Linux kernel spmi trace: trace_spmi_write_begin() and trace_spmi_read_end() use memcpy() with length len + 1, causing a potential stack-out-of-bounds read. A KASAN report demonstrates an out-of-bounds read in trace_event_raw_event_spmi_read_end. The issue affects the SPM...
CVE-2022-50099
CVE-2022-50099 affects the Linux kernel video fbdev Arkfb component. In arkfb_set_par(), user input can set screen_size larger than info->screen_size, risking a kernel page fault (LOCAL, high impact). The mitigation described is to check screen_size before memset_io() and apply the provided pa...
CVE-2022-50103
CVE-2022-50103: In the Linux kernel, sched/cpuset handling with cgroup v2 can lead to a panic when cpus_allowed is empty, causing dl_cpu_busy() to crash due to an out-of-bounds percpu access. The fix uses the effective_cpus mask instead of cpus_allowed, for both v1 (where they’re the same) and v2...
CVE-2022-50104
CVE-2022-50104 affects the Linux kernel, specifically the powerpc/xive subsystem. The root cause is a refcount leak caused by a node pointer returned by of_find_node_by_path() with an incremented refcount and missing of_node_put() when done. The remediation is a patch that adds the missing of_nod...
CVE-2022-50164
CVE-2022-50164 concerns the Linux kernel wifi driver (iwlwifi, mvm). The issue is a bug in iwl_mvm_mac_wake_tx_queue where a double list_add can leave related lists uncleared after a successful station association if station queues are disabled, allowing a new element to link with a stale one. Th...
CVE-2023-3312
CVE-2023-3312 affects the Linux kernel cpufreq driver: drivers/cpufreq/qcom-cpufreq-hw.c, where an issue during device unbind can cause a double-release leading to a denial of service. Affected products are the Linux kernel (ARM/QCOM CPUFreq HW driver); the underlying root cause is the double-rel...
CVE-2023-52936
CVE-2023-52936 affects the Linux kernel, specifically the irqdomain.c path where debugfs_lookup() results were not being released with dput(), causing a memory leak over time. The advisory notes the fix is to replace the call with debugfs_lookup_and_remove(), which handles the necessary cleanup i...
CVE-2023-53029
The CVE-2023-53029 entry concerns the Linux kernel, specifically the octeontx2-pf driver. The vulnerability/issue arises from GFP_KERNEL usage in atomic contexts for the rt (real-time) kernel, triggering sleep warnings in atomic context (BUG: sleeping function called from invalid context) and rel...
CVE-2024-26738
CVE-2024-26738 concerns the Linux kernel on PowerPC/pSeries. The root cause was that during DLPAR add of a PCI device, a newly allocated pci_controller could be created without calling iommu_device_register(), leaving an iommu_device unregistered and potentially triggering NULL pointer dereferenc...
CVE-2024-26834
The CVE-2024-26834 entry concerns the Linux kernel netfilter NFT_FLOW_OFFLOAD path. TECHNICAL DETAILS (from connected docs): Direct xmit path avoids calling dst_release() due to using dev_queue_xmit(), leaving a kmemleak-reported unreferenced object and a route stack path that can affect packet r...
CVE-2024-36970
CVE-2024-36970 : In the Linux kernel, the issue affects the iwlwifi subsystem and has been resolved by changing the module load path to use request_module_nowait, which is described as a workaround for a deadlock regression introduced during LED merging in 6.9. The deadlock is observed in systems...