13804 matches found
CVE-2025-21900
Summary: CVE-2025-21900 affects the Linux kernel NFSv4 state recovery for sillyrenamed files. A server reboot could trigger an open reclaim that races with close(), causing a synchronous delegreturn to deadlock because it isn’t privileged. Fix / root cause: the kernel now ensures that nfs4_inode_...
CVE-2025-38006
CVE-2025-38006 affects the Linux kernel MCTP path: in net/mctp, mctp_dump_addrinfo may read uninitialized memory from ifaddrmsg when filtering by ifa_index if the struct isaddrmsg is not provided. This can occur during certain netlink dumps (e.g., from syzkaller/busybox ip addr show). The issue i...
CVE-2025-38016
CVE-2025-38016 (Linux kernel, HID: bpf: abort dispatch if device destroyed) is confirmed in connected sources as a HID subsystem issue in the Linux kernel. The vulnerability stems from HID-BPF dispatch when a HID device is destroyed: after hid_bpf_destroy_device(), a cleaned-up SRCU can be access...
CVE-2025-38287
CVE-2025-38287 affects the Linux kernel InfiniBand subsystem (IB_cm). The issue occurs when freeing old cm_priv_msg via cm_free_priv_msg() after cm_id has advanced, where a lock held assertion and WARN triggers due to reuse of the cm_id lock. This could allow a local attacker to trigger a denial ...
CVE-2025-38404
CVE-2025-38404 affects the Linux kernel USB Type-C/displayport subsystem. The issue is a potential deadlock caused by recursive locking of cros_typec_altmode_data::mutex when a mutex-protected path calls typec_altmode_exit() from within the same context. The documented fix defers the typec_altmod...
CVE-2025-38617
CVE-2025-38617 concerns a Linux kernel race in the packet networking path (net/packet) between packet_set_ring() and packet_notifier(). When po->bind_lock is temporarily released during ring setup, a concurrent NETDEV_UP event could be processed by packet_notifier(), risking inconsistent socke...
CVE-1999-1225
Concretely, CVE-1999-1225 affects rpc.mountd and is described in SGI IRIX advisories as allowing a remote tester to probe for the existence of files by issuing mount requests, leading to distinguishable error messages. The SGI advisory fixes this by patching/upgrading IRIX (upgrade to IRIX 6.5.23...
CVE-2005-4798
CVE-2005-4798 is a buffer overflow in Linux kernel NFS readlink handling (affecting 2.4 up to 2.4.31). A remote NFS server could crash the NFS client. Debian advisories (DSA-1183-1, DSA-1184-1/2) document this vulnerability within kernel-source-2.4.27 and kernel-source-2.6.8, respectively, and de...
CVE-2007-3850
The CVE-2007-3850 issue affects the Linux kernel 2.6 series running on PowerPC, where the eHCA driver fails to map userspace resources correctly. This allows local users to read portions of physical address space, revealing potentially sensitive information. The description explicitly ties this t...
CVE-2008-3496
CVE-2008-3496 affects the Linux kernel uvcvideo (V4L) in drivers/media/video/uvc/uvc_driver.c, where a buffer overflow in format descriptor parsing occurs in uvc_parse_format. Affected are kernels older than 2.6.26.1; the ChangeLog indicates this version contains the fix. Public disclosures in SU...
CVE-2008-3526
CVE-2008-3526 is a Linux kernel SCTP vulnerability present in 2.6.24-rc1 through 2.6.26.3. The issue is an integer overflow in sctp_setsockopt_auth_key (net/sctp/socket.c) that can be triggered by a crafted sca_keylength field in the SCTP_AUTH_KEY option, allowing remote attackers to cause a deni...
CVE-2008-4445
CVE-2008-4445 affects the Linux kernel SCTP implementation prior to 2.6.26.4. The vulnerability resides in sctp_auth_ep_set_hmacs (net/sctp/auth.c) where the identifier index is not validated against SCTP_AUTH_HMAC_ID_MAX when SCTP-AUTH is enabled. This can allow local users to obtain sensitive i...
CVE-2008-6107
The CVE-2008-6107 entry maps to a Linux kernel vulnerability affecting Sparc/Sparc64 paths before kernel 2.6.25.4. Specifically, the sys32_mremap function (arch/sparc64/kernel/sys_sparc32.c) and the mmap-check routines (sparc_mmap_check in arch/sparc/kernel/sys_sparc.c and sparc64_mmap_check in a...
CVE-2009-2768
The vulnerability CVE-2009-2768 affects the Linux kernel flat subsystem (fs/binfmt_flat.c: load_flat_shared_library). It allows local users to trigger a NULL pointer dereference by executing a shared flat binary, potentially causing a denial of service and system crash, via an uninitialized cred ...
CVE-2010-0741
CVE-2010-0741 affects the Linux kernel in the virtio-net driver when used with qemu-kvm 0.11.0 or KVM, allowing a remote attacker to crash the guest OS by sending a large volume of TCP traffic due to an improper TCP Segment Offloading (TSO) handling in virtio-net. The issue is triggered by a flaw...
CVE-2011-4604
CVE-2011-4604 affects the Linux kernel via batman-adv: the bat_socket_read function in net/batman-adv/icmp_socket.c allows remote memory corruption/DoS via crafted batman-adv ICMP packets. Affected: kernel versions prior to 3.3. Root cause: ICMP handling in batman-adv. Impact: memory corruption a...
CVE-2012-2127
CVE-2012-2127 affects the Linux kernel prior to 3.2, where fs/proc/root.c in procfs does not properly interact with CLONE_NEWPID clone system calls. This can enable a remote attacker to trigger a denial of service via a reference leak and growing memory usage by opening many connections to a PID-...
CVE-2013-1958
CVE-2013-1958 affects Linux kernels before 3.8.6 where scm_check_creds in net/core/scm.c fails to enforce capabilities for the PID value tied to a UNIX domain socket, allowing local users to bypass access controls during a window when a user namespace exists but a PID namespace is not yet created...
CVE-2013-2017
CVE-2013-2017 affects the Linux kernel veth driver: SKB handling during congestion is flawed, enabling a remote DoS (system crash) via lack of skb consumption and a double-free. Affected: kernel versions before 2.6.34; remediation is upgrading to a kernel version where the issue is fixed (2.6.34+...
CVE-2013-3228
The CVE-2013-3228 issue affects the Linux kernel’s irda_recvmsg_dgram (net/irda/af_irda.c), where a length variable is not initialized. This allows local attackers to read sensitive data from kernel stack via crafted recvmsg/recvfrom calls. Affected: Linux kernel versions before 3.9-rc7. Impact: ...
CVE-2013-7348
CVE-2013-7348 describes a double free vulnerability in the Linux kernel’s ioctx_alloc (fs/aio.c) prior to 3.12.4. An error path in aio_setup_ring can lead to a use-after-free like condition that enables a local attacker to trigger a system crash (DoS) or potentially other impact. The cited public...
CVE-2014-3183
CVE-2014-3183 is a heap-based buffer overflow in the Linux kernel driver HID Logitech DJ (logi-dj_ll_raw_request in drivers/hid/hid-logitech-dj.c) exposed when a device reports a large LED report. Affected kernel versions are earlier than 3.16.2. This allows physically proximate attackers to caus...
CVE-2016-2059
The CVE-2016-2059 issue affects the Linux kernel IPC router module (msm_ipc_router_bind_control_port) in the IPC router core for kernel 3.x used in Qualcomm QuIC Android MSM devices. The vulnerability arises because the function does not verify that a port is a client port, enabling a local attac...
CVE-2016-2061
CVE-2016-2061 is described in connected EulerOS/Nessus content as an integer signedness error in the Linux kernel MSM V4L2 video driver (3.x), used in Qualcomm QuIC MSM contributions. It can allow privilege escalation or a denial-of-service via a crafted application that triggers msm_isp_axi_crea...
CVE-2017-0404
CVE-2017-0404 is an elevation-of-privilege vulnerability in the Android kernel sound subsystem that could allow a local malicious application to execute arbitrary code in kernel context. Affected products/versions include Android devices using kernel 3.10 and 3.18. The issue requires compromising...
CVE-2017-0524
CVE-2017-0524 concerns an elevation-of-privilege in the Synaptics touchscreen driver within Android kernels, allowing a local malicious application to execute arbitrary kernel code. According to the linked sources, affected components are the Synaptics touchscreen driver in Android products with ...
CVE-2021-47584
CVE-2021-47584 : In Linux kernel iocost donation logic, a low hweight donor (active hweight=1) could trigger a divide-by-zero during donation calculation. The fix excludes cgroups with active hweight
CVE-2021-47607
CVE-2021-47607 is a Linux kernel issue where BPF_CMPXCHG could leak kernel addresses due to the verifier not rejecting unprivileged programs that place a pointer in R0. The high-level POC probes kernel addresses by using the map value pointer as R0 while SRC_REG has a canary, enabling address lea...
CVE-2021-47613
CVE-2021-47613 concerns a Linux kernel i2c virtio issue where the notify callback could run before all buffers are completed, risking incorrect I2C data or guest memory corruption. The confirmed fix is to call virtio_get_buf() from the notify handler (as in other virtio drivers) and to wait for a...
CVE-2022-1976
CVE-2022-1976 affects the Linux kernel IO-URING implementation. The flaw allows a local attacker to craft a sequence of requests that triggers a use-after-free in the kernel, leading to memory corruption and possible privilege escalation. Across multiple sources, the issue is described without pu...
CVE-2022-3541
CVE-2022-3541 affects the Linux kernel Sunplus Ethernet driver (spl2sw_nvmem_get_mac_address in drivers/net/ethernet/sunplus/spl2sw_driver.c). The issue is a use-after-free vulnerability, as described in the initial document. Connected sources (Ubuntu USN advisories and Nessus/OpenVAS entries) co...
CVE-2022-48725
CVE-2022-48725: Linux kernel RDMA/siw: fix refcounting leak in siw_create_qp by ensuring atomic_inc() is paired with atomic_dec() on the error path. The issue allows a leak on error handling during QP creation; remediation is a kernel patch (e.g., commits listed in the references) that corrects t...
CVE-2022-48880
CVE-2022-48880 is a Linux kernel issue in platform/surface/aggregator where ssam_request_sync_init() can fail and the request may leak unless ssam_request_sync_free() is called. The fix adds the missing call to ssam_request_sync_free() to ensure proper freeing when initialization fails. This is a...
CVE-2022-49150
CVE-2022-49150 in the Linux kernel relates to rtc: gamecube: Fix refcount leak in gamecube_rtc_read_offset_from_sram. The issue was that of_find_compatible_node() returned a node pointer with an incremented refcount and lacked a corresponding of_node_put() to release it. The connected documents c...
CVE-2022-49195
The CVE-2022-49195 entry documents a Linux kernel issue in the DSA driver: during multi-chip probing, all switches must probe, but up to N-1 may bind and later shutdown since the Nth switch initializes the tree. If that Nth initialization fails, shutdown on the other switches dereferences uniniti...
CVE-2022-49211
CVE-2022-49211 concerns a Linux kernel issue in the MIPS CDMM code path where of_find_compatible_node() returns a node pointer with an incremented refcount and the code omits of_node_put() to release it. The fixed description states: add the missing of_node_put() to release the refcount. Affected...
CVE-2022-49405
CVE-2022-49405 affects the Linux kernel staging driver for r8188eu (rtw_wx_set_scan). The vulnerability arises from an overflow in the Ssid[] array: while there is a read overflow check, an additional check is needed to prevent writing beyond the end of the array. Multiple connected bulletins con...
CVE-2022-49454
CVE-2022-49454 concerns the Linux kernel Mediatek PCI subsystem: a refcount leak in mtk_pcie_subsys_powerup() caused by of_find_compatible_node() returning a node pointer with an incremented refcount. The issue is resolved by adding a missing of_node_put() to release the refcount when the node is...
CVE-2022-49458
CVE-2022-49458 concerns the Linux kernel MSM DRM path where, if an error occurs before a request_irq() call, msm_drm_uninit() could call free_irq() on an IRQ that was not requested. The described backtrace shows a “Trying to free already-free IRQ” in a Qualcomm SM8350 environment, indicating a us...
CVE-2022-49702
Summary: CVE-2022-49702 concerns a deadlock in Linux kernel when unmounting a filesystem with an async block group reclaim task relocating data. Multiple reclaim tasks (block-group, metadata/data) can interact with a parked cleaner thread, leading to a hang during close_ctree()/unmount due to del...
CVE-2022-49780
The CVE-2022-49780 entry concerns a Linux kernel vulnerability in SCSI target tcm_loop where a name leak can occur if device_register() fails in tcm_loop_setup_hba_bus(). The root cause is improper error-path handling: the memory/name allocated by dev_set_name() is not freed, and put_device() sho...
CVE-2022-49781
CVE-2022-49781 corresponds to a Linux kernel vulnerability in perf/x86/amd where a race between amd_pmu_enable_all and perf NMI/throttling could lead to a NULL event dereference and kernel crash. The issue arises when perf NMI disables/enables all events while amd_pmu_enable_all is in progress, p...
CVE-2022-49814
CVE-2022-49814 concerns a race condition in the Linux kernel KCM RX path. The issue arises because sk_receive_queue is protected by the skb queue lock, but KCM sockets’ RX path uses mux->rx_lock to protect more than just the skb queue, while kcm_recvmsg() continued to only grab the skb queue l...
CVE-2022-49907
CVE-2022-49907 is a Linux kernel issue in net: mdio related to undefined behavior from shifting a signed 32-bit value by 31 bits in __mdiobus_register. The root cause is an out-of-bounds bit shift in mdiobus initialization; the code was changed to use an unsigned type to avoid UB. A UBSAN warning...
CVE-2022-50005
The CVE-2022-50005 issue concerns Linux kernel NFC code for pn533 devices. The root cause is a use-after-free caused by a timer (cmd_timeout) not being canceled during pn532_uart_remove(), allowing a concurrent use path to dereference freed memory. The fix adds del_timer_sync() in pn532_uart_remo...
CVE-2022-50024
CVE-2022-50024 affects the Linux kernel DMA engine (dmaengine) dw-axi-dmac. The issue occurs when axi_chan_dump_lli() is given a NULL LLI pointer, which can trigger an OOPS by attempting to read fields from a NULL structure. The fix is to print a NULL LLI and exit instead of dereferencing it. Aff...
CVE-2022-50049
CVE-2022-50049 affects the Linux kernel ASoC DPCM path: when adding BE connections, the code could pick a BE that does not support the required stream direction, risking a NULL dereference if a BE substream is missing. The patch adds a presence check for the target BE’s substream at dpcm_add_path...
CVE-2022-50061
CVE-2022-50061 concerns the Linux kernel pinctrl nomadik path. The root cause is a refcount leak in nmk_pinctrl_dt_subnode_to_map: of_parse_phandle() returns a node pointer with incremented refcount, and of_node_put() was not called when the node is no longer needed. The issue is resolved by addi...
CVE-2022-50173
CVE-2022-50173 affects the Linux kernel DRM/MSM MDP5 path. The vulnerability arises from not grabbing the global state lock after an early return when hwpipe is disabled, allowing contention and potentially returning 0. The public entries describe the fix as “Fix global state lock backoff” and ci...
CVE-2022-50208
CVE-2022-50208 affects the Linux kernel, specifically the soc: amlogic driver code for meson-secure-pwrc.c. In meson_secure_pwrc_probe(), there is a refcount leak on one failure path, which is the root cause described in the Initial Document. The vulnerability is fixed in the same area (refcount ...