13690 matches found
CVE-2018-1068
CVE-2018-1068 affects the Linux kernel: the 32-bit compatibility layer for ebtables did not sufficiently validate offset values in a 64-bit kernel. A local attacker with CAP_NET_ADMIN (in a namespace) could use this to overwrite kernel memory, potentially leading to privilege escalation. Public a...
CVE-2019-15099
CVE-2019-15099 affects the Linux kernel: the vulnerability is a NULL pointer dereference in drivers/net/wireless/ath/ath10k/usb.c (ath10k USB path) caused by an incomplete endpoint descriptor address. Affected kernel versions include up to 5.2.8. Noted impact is potential kernel crash or denial o...
CVE-2020-25656
CVE-2020-25656 is a Linux kernel use-after-free in the console subsystem related to ioctls KDGKBSENT and KDSKBSENT. A local attacker could read memory out of bounds, impacting data confidentiality. Several advisories (CloudLinux, Amazon Linux, CentOS/RHEL, Cloud Foundry/usn, etc.) reference this ...
CVE-2022-1353
CVE-2022-1353 — pfkey_register (net/key/af_key.c, Linux kernel) : A local, unprivileged user can gain access to kernel memory due to a flaw in pfkey_register. The vulnerability can lead to a system crash or leakage of internal kernel information. The Connected documents reference Linux kernel adv...
CVE-2010-3865
CVE-2010-3865 is a Linux kernel issue described in connected advisories as an integer overflow in the rds_rdma_pages function (net/rds/rdma.c). The vulnerability can allow local users to crash the kernel and potentially execute arbitrary code through a crafted iovec in an RDS request, triggered b...
CVE-2020-25284
The CVE-2020-25284 issue concerns the Rados Block Device (rbd) driver in the Linux kernel. Affected code path is in the rbd subsystem (drivers/block/rbd.c) where permission checks to access rbd devices were incomplete, enabling a local attacker to map or unmap rbd block devices. Multiple connecte...
CVE-2022-0500
CVE-2022-0500 : A vulnerability in the Linux kernel’s BPF subsystem arises from unrestricted eBPF usage via BPF_BTF_LOAD, enabling a local user to trigger an out-of-bounds memory write when loading BTF data. Reported impact includes system crash and privilege escalation. The connected Astra Linux...
CVE-2018-1000026
CVE-2018-1000026 affects the Linux kernel in the Broadcom NetXtreme II (bnx2x) driver. The issue is described as insufficient input validation in the bnx2x driver that can allow a remote attacker to trigger a denial of service by sending specially crafted, very large packets, potentially from an ...
CVE-2018-20169
CVE-2018-20169 affects the Linux kernel USB subsystem. It stems from missing size checks in __usb_get_extra_descriptor when reading an extra descriptor, potentially enabling denial-of-service (and, per CVSS hints, high impact on confidentiality/integrity/availability). Affected versions: Linux ke...
CVE-2019-19769
CVE-2019-19769 refers to a use-after-free (read) in the Linux kernel 5.3.10 within perf_trace_lock_acquire (related to include/trace/events/lock.h). The connected Nessus/OpenSUSE/SUSE advisories corroborate the same issue across multiple distributions and kernel bundles, but none of the provided ...
CVE-2021-38204
CVE-2021-38204 affects the Linux kernel MAX-3421 host USB controller driver (drivers/usb/host/max3421-hcd.c). The flaw allows a physically proximate attacker to trigger a use-after-free and cause a denial of service (system panic) by removing a MAX-3421 USB device in certain situations. A fix is ...
CVE-2022-1789
CVE-2022-1789 targets KVM in the Linux kernel. With shadow paging enabled, INVPCID can lead to a NULL pointer dereference when CR0.PG=0, because the invlpg callback is not set, causing a crash in kvm_mmu_invpcid_gva. The same issue is echoed in Astra Linux and AlmaLinux advisories, which list KVM...
CVE-2017-1000379
The CVE-2017-1000379 entry concerns the Linux kernel (AMD64) where the kernel may map PIE/heap/ld.so contents to the stack, enabling stack manipulation. Documents indicate affected version: Linux kernel 4.11.5. Nessus-derived items (Unity Linux UTSA advisories) reiterate the same description but ...
CVE-2019-7222
The CVE-2019-7222 issue affects the KVM component of the Linux kernel up to version 4.20.5, where a vulnerability allowed information leakage by exposing uninitialized kernel stack contents to a guest. Connected documents explicitly refer to “KVM: leak of uninitialized stack contents to guest (CV...
CVE-2020-27170
The CVE-2020-27170 flaw affects the Linux kernel prior to 5.11.8, where in kernel/bpf/verifier.c there is undesirable out-of-bounds speculation on pointer arithmetic. This can enable a side-channel attack that defeats Spectre mitigations and may allow an attacker to obtain sensitive information f...
CVE-2023-2163
The CVE-2023-2163 entry affects the Linux Kernel (versions >= 5.4) with an incorrect verifier pruning in the BPF subsystem. The root cause is a flaw in BPF verifier pruning that can mark unsafe code paths as safe, enabling arbitrary reads/writes in kernel memory, lateral privilege escalation, ...
CVE-2019-18660
CVE-2019-18660 affects: Linux kernel on PowerPC. Summary: Information exposure due to Spectre-RSB mitigation not being active on all applicable CPUs, related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c. Impact: potential partial leakage of sensitive data through side chan...
CVE-2020-15780
CVE-2020-15780 – Linux kernel configfs ACPI lockdown bypass Affects: Linux kernel drivers/acpi/acpi_configfs.c prior to 5.7.7 (observed in Unity Linux advisories). Impact: Injection of malicious ACPI tables via configfs could bypass lockdown and secure boot protections. Local attacker privileges ...
CVE-2021-29647
CVE-2021-29647 affects the Linux kernel (qrtr_recvmsg in net/qrtr/qrtr.c). The issue is an information disclosure via a partially uninitialized data structure, enabling a local attacker to read kernel memory. Root cause: partially uninitialized data in QRTR IPC router handling. Public references ...
CVE-2023-52452
CVE-2023-52452 affects the Linux kernel’s BPF verifier and stack handling. The issue allowed privileged programs to read uninitialized stack memory inconsistently, particularly for accesses near state->allocated_stack when growing the stack was required. The patch fixes these accesses in check...
CVE-2019-13233
CVE-2019-13233 affects Linux kernel arch/x86/lib/insn-eval.c with a use-after-free in LDT entry access caused by a race between modify_ldt() and a #BR exception for an MPX bounds violation. F5 advisory notes the vulnerability in Linux kernel before 5.1.9 and cites the ChangeLog-5.1.9 as the fix. ...
CVE-2019-19067
Summary (CVE-2019-19067) Four memory leaks in the acp_hw_init() function of amdgpu/acp.c in the Linux kernel (before 5.3.8) can cause memory consumption and denial of service when mfd_add_hotplug_devices() or pm_genpd_add_device() fail. The issue is reported as exploitable by a local attacker wit...
CVE-2021-3759
CVE-2021-3759 is a memory overflow in the Linux kernel memcg IPC path, where repeated semget calls by a local user can exhaust memory and cause a denial of service. Public docs confirm impact is local and availability-focused. Debian LTS advisory DLA-3244-1 and Amazon ALAS2KERNEL advisories for k...
CVE-2024-43911
CVE-2024-43911—Linux kernel wifi/mac80211 NULL pointer dereference fix . The vulnerability occurs in the MLD path during band/tx BA session initialization where link_data/link_conf may not point to vif->bss_conf, risking a NULL chan and a kernel crash. The fix adds explicit checks on ht_suppor...
CVE-2019-12380
CVE-2019-12380 is documented in multiple advisories referencing the Linux kernel EFI handling code. The connected sources specify that the vulnerability arises from how the EFI subsystem handles memory allocation failures in the x86 EFI path: phys_efi_set_virtual_address_map in arch/x86/platform/...
CVE-2020-27820
CVE-2020-27820: Linux kernel use-after-free in nouveau's postclose() during device removal (or unbind). Exploitation local; affects nouveau driver paths; impact: high availability risk, no confidentiality/integrity impact per CVSS. Documents indicate a fix exists in kernel patches (e.g., advisori...
CVE-2021-3491
CVE-2021-3491 concerns the Linux kernel io_uring PROVIDE_BUFFERS path, where the MAX_RW_COUNT limit could be bypassed, causing negative values to be used in mem_rw during /proc//mem reads. This could enable a heap overflow and potential arbitrary code execution in the kernel. The issue was addres...
CVE-2022-28356
CVE-2022-28356 is a Linux kernel vulnerability describing a refcount leak in net/llc/af_llc.c that affects kernels before 5.17.1. Connected docs confirm the issue and reference a fix in 5.17.1 (and advisories in Debian DSA 5127-1/DSA-5173-1, Astra/Linux bulletins). The CVSS v3.1 base score is 5.5...
CVE-2022-45934
The CVE-2022-45934 issue affects the Linux kernel up to version 6.0.10, in the Bluetooth subsystem’s l2cap_config_req function (net/bluetooth/l2cap_core.c) where an integer wraparound can occur via L2CAP_CONF_REQ packets. The available connected documents confirm the root cause as an integer wrap...
CVE-2018-1000204
CVE-2018-1000204 affects Linux kernel versions 3.18–4.16 where an SG_IO ioctl on /dev/sg0 with dxfer_direction=SG_DXFER_FROM_DEV and an empty 6-byte cmdp can cause the kernel to copy up to 1000 heap pages to userspace. The root cause is improper handling of SG_IO data flow leading to information ...
CVE-2018-17182
Summary : CVE-2018-17182 is a Linux kernel use-after-free vulnerability in the vmacache subsystem. The root cause is that the function vmacache_flush_all mishandles sequence number overflows, allowing a local attacker to trigger a use-after-free via certain thread creation/map/unmap/invalidation/...
CVE-2019-19533
CVE-2019-19533 affects the Linux kernel prior to 5.3.4 and is caused by an info-leak in the ttusb_dec.c USB driver (drivers/media/usb/ttusb-dec/ttusb_dec.c) when handling a malicious USB device. The vulnerability can lead to partial information disclosure (confidentiality impact). Public referenc...
CVE-2022-1055
CVE-2022-1055 affects the Linux kernel: a use-after-free in tc_new_tfilter within net/sched/cls_api.c can enable privilege escalation when unprivileged user namespaces are in use. The issue allows a local attacker to escalate privileges; exploitation relies on specific local conditions. A fix is ...
CVE-2022-28390
CVE-2022-28390 is a Linux kernel vulnerability: a double-free in ems_usb_start_xmit() implemented in drivers/net/can/usb/ems_usb.c, affecting kernels up to 5.17.1. Connected advisories (Astra Linux, ALMAS/AL2, Debian DSA) reference this CVE and include it among kernel fixes; they indicate patchin...
CVE-2017-11176
CVE-2017-11176 is a local vulnerability in the Linux kernel’s Netlink mq_notify path. The issue arises because mq_notify does not set the sock pointer to NULL when entering retry logic, enabling a use-after-free scenario during a user-space close of a Netlink socket. Public sources describe poten...
CVE-2018-10323
CVE-2018-10323 relates to the Linux kernel where the function xfs_bmap_extents_to_btree in fs/xfs/libxfs/xfs_bmap.c can trigger a NULL pointer dereference in xfs_bmapi_write when processing crafted XFS images. The vulnerability affects kernels up to 4.16.3 and can lead to denial of service via lo...
CVE-2019-18809
CVE-2019-18809 affects the Linux kernel memory management in the af9005 DVB-T USB device driver. The vulnerability is a memory leak in af9005_identify_state() in drivers/media/usb/dvb-usb/af9005.c, potentially enabling a denial of service through memory exhaustion on affected kernels (through 5.3...
CVE-2019-19046
CVE-2019-19046 is a memory-leak in Linux kernel drivers/char/ipmi/ipmi_msghandler.c (__ipmi_bmc_register) up to kernel 5.3.11. An ida_simple_get() failure can cause memory consumption leading to DoS; exploitation details are described in the CVE entry, including note that third parties dispute th...
CVE-2019-19332
CVE-2019-19332 affects the Linux kernel KVM implementation (x86) with an out-of-bounds memory write in handling the KVM_GET_EMULATED_CPUID ioctl, enabling a local user with access to /dev/kvm to crash the system (DoS). Affected range is kernels 3.13–5.4. Root cause described as a missing/bounds-c...
CVE-2019-3459
The CVE-2019-3459 entry concerns a heap address information leak in the Linux kernel, occurring before version 5.1-rc1 when using the L2CAP_GET_CONF_OPT path. Affected software is the Linux kernel (pre-5.1-rc1); the underlying issue is an information exposure vulnerability in this Bluetooth-relat...
CVE-2019-3874
CVE-2019-3874 concerns the SCTP socket buffer not being accounted by the cgroups subsystem, enabling a denial-of-service against affected systems. The vulnerability is described in Unity Linux advisories referencing kernel SCTP handling and states that “Kernel 3.10.x and 4.18.x branches are belie...
CVE-2021-3772
CVE-2021-3772 affects the Linux kernel SCTP stack: a blind attacker who knows IPs/ports and can spoof packets can kill an existing SCTP association by sending invalid chunks. The connected advisories confirm the issue and point to a patch in the Linux kernel (commit 32f8807a48ae55be0e76880cfe8607...
CVE-2022-1158
The CVE-2022-1158 issue affects Linux kernel KVM: updating a guest page table entry can use vm_pgoff as the offset to the page frame number, and since vaddr and vm_pgoff are user-controlled, an unprivileged host user could write outside the guest’s region and potentially corrupt the kernel, causi...
CVE-2022-2196
The CVE-2022-2196 entry concerns a regression in Linux kernel KVM/nVMX where speculative execution could leak from an L2 guest to the host L1 due to inadequate Spectre v2 mitigations (retpolines/IBPB/eIBRS context). The description states an L2 attacker with code execution can influence indirect ...
CVE-2024-0340
CVE-2024-0340 is confirmed in the Linux kernel, affecting the vhost_new_msg path in drivers/vhost/vhost.c. The issue arises from memory not being properly initialized when building messages exchanged between virtual guests and the host via /dev/vhost-net, enabling local privileged users to read k...
CVE-2020-12771
CVE-2020-12771 involves the Linux kernel component drivers/md/bcache/btree.c , where the function btree_gc_coalesce may deadlock if a coalescing operation fails. The connected Unity/Nessus entries reproduce: an issue in the kernel up to 5.6.11 with deadlock in the btree GC coalescing path, impact...
CVE-2020-28974
CVE-2020-28974 is a slab-out-of-bounds read in the Linux kernel’s fbcon driver, fixed in kernel 5.9.7. The flaw arises in KD_FONT_OP_COPY within drivers/tty/vt/vt.c and could allow a local attacker to read privileged kernel memory or cause a kernel crash. Several connected documents describe the ...
CVE-2021-31916
CVE-2021-31916 is a Linux kernel vulnerability in the device-mapper code (drivers/md/dm-ioctl.c, list_devices) causing an out-of-bounds memory write due to a bound check failure in kernels before 5.12. An attacker with CAP_SYS_ADMIN (local, no user interaction) can trigger a heap overrun, potenti...
CVE-2021-34693
CVE-2021-34693 affects the Linux kernel, specifically the net/can/bcm.c implementation. The issue is an information disclosure caused by uninitialized memory in a data structure, allowing a local attacker to read kernel stack memory. Affected releases include kernel versions up to 5.12.10 (as not...
CVE-2016-1583
CVE-2016-1583 affects the Linux kernel: ecryptfs_privileged_open (fs/ecryptfs/kthread.c) allows a local attacker to gain privileges or cause a denial of service via crafted mmap calls for /proc pathnames, triggering recursive pagefault handling. Affects kernels prior to 4.6.3; patch released in 4...