14330 matches found
CVE-2024-40962
CVE-2024-40962 affects the Linux kernel btrfs zoning code. The issue is a NULL pointer dereference in btrfs_zone_finish_endio() when handling zoned NODATASUM writes under zoned emulation for conventional zones. The fix, as described in the disclosure, is to allocate dummy checksums for zoned NODA...
CVE-2024-41018
The CVE-2024-41018 detail is supported by the connected Tencent/TSSA advisory: it concerns the Linux kernel NTFS3 driver (fs/ntfs3) and a bounds check regression. The fix adds an attr_names/oatbl validation and out-of-bounds protection for ATTR_NAME_ENTRY to prevent invalid memory access. In prac...
CVE-2024-41086
In Linux kernel context, CVE-2024-41086 concerns bcachefs. The vulnerability arises from incomplete validation in the downgrade handling code: bch2_sb_downgrade_validate() did not check for a downgrade entry that extends past the end of the superblock section, and for_each_downgrade_entry() used ...
CVE-2024-42099
The CVE-2024-42099 issue affects the Linux kernel s390/dasd subsystem. It concerns indirect addressing for DASD CCWs (IDAW) where the CCW CDA pointer points to IDAL and must be translated from physical to virtual before use. Dereferencing this pointer can cause a kernel panic in error paths, incl...
CVE-2024-42150
CVE-2024-42150 concerns the Linux kernel networking driver for Intel Rhine (txgbe). The issue arises when using MSI or INTx interrupts: request_irq() for pdev->irq can conflict with request_threaded_irq() for txgbe->misc.irq, potentially causing a system crash. The fix removes the separate ...
CVE-2024-42256
CVE-2024-42256 affects the Linux kernel CIFS client. The issue arises when a subrequest is retried and smb2_async_writev() re-picks the SMB server, causing in_flight accounting to be updated against different servers and leading to misaccounting. The fix removes the repick in smb2_async_writev(),...
CVE-2024-42300
The CVE concerns the Linux kernel’s erofs subsystem, specifically a race in z_erofs_get_gbuf() that can migrate the current task between z_erofs_gbuf_id() and spin_lock(&gbuf->lock). This race can cause z_erofs_put_gbuf() to trigger a kernel BUG in fs/erofs/zutil.c, as observed during stress t...
CVE-2024-50241
CVE-2024-50241 affects the Linux kernel’s NFSD component, specifically the nfsd4_copy path. The issue arises because struct nfsd4_copy fields refcount and async_copies were not initialized early, and cleanup_async_copy() may reference them on error. This can lead to a refcount underflow. The conn...
CVE-2024-58084
The CVE-2024-58084 issue in the Linux kernel relates to the Qualcomm SC M firmware (qcom_scm) read barriers. The advisory notes a missing read barrier in qcom_scm_get_tzmem_pool() and that a write barrier was previously added in probe. Access from concurrent contexts could fetch a stale __scm val...
CVE-2025-21900
Summary: CVE-2025-21900 affects the Linux kernel NFSv4 state recovery for sillyrenamed files. A server reboot could trigger an open reclaim that races with close(), causing a synchronous delegreturn to deadlock because it isn’t privileged. Fix / root cause: the kernel now ensures that nfs4_inode_...
CVE-2025-38008
CVE-2025-38008 affects the Linux kernel: a race in the page allocator’s handling of unaccepted memory across zones due to non-serialized updates to a static key, making the -1/0 boundary vulnerable in concurrent scenarios. The issue is localized to memory management paths (mm/page_alloc) and beco...
CVE-2025-38019
Summary: CVE-2025-38019 describes a use-after-free in the mlxsw spectrum_router driver when deleting GRE net devices, triggered during replay of neighbor configurations after a driver reload. What’s affected: the Linux kernel mlxsw GRE offload path for neighbors built on top of GRE devices; the i...
CVE-2025-38238
CVE-2025-38238 : In the Linux kernel, the SCSI fnic driver (fnic_wq_cmpl_handler) crashes when both FDMI RHBA and RPA requests time out due to reusing the same frame to send ABTS for both. The root cause is the double-free of a frame on send completion. The fix allocates separate frames for RHBA ...
CVE-2025-38305
CVE-2025-38305 affects the Linux kernel: the advisory describes removing the ptp->n_vclocks check logic in ptp_vclock_in_use() to avoid a recursive locking scenario. The trigger involves reading ptp->n_vclocks under the n_vclocks_mux while another path holds the same mutex, causing a potent...
CVE-2025-38355
CVE-2025-38355 involves the Linux kernel DRM/xe path where deferred GGTT node removals could be drained later than device unwinding, potentially unmapping MMIO/GSM mappings during unwinding and causing a page fault. The fixes add a managed-device action to explicitly drain the ggtt node removals ...
CVE-2003-0986
CVE-2003-0986 affects PPC64 on Linux kernels: 2.6 before 2.6.2 and 2.4 before 2.4.24. The issue arises when code copies data from userspace to kernelspace without using copy_from_user, failing to cross security boundaries and enabling local denial of service. Documents indicate a kernel fix/updat...
CVE-2004-0138
CVE-2004-0138 affects the Linux kernel 2.4 series prior to 2.4.25. The vulnerability lies in the ELF loader: a crafted ELF with an invalid interpreter arch triggers a BUG() when an invalid VMA is unmapped, allowing local denial of service (crash). The issue is mitigated by upgrading to 2.4.25 or ...
CVE-2004-0415
The CVE-2004-0415 issue affects the Linux kernel where 64-bit file offset pointers are not reliably converted to 32 bits, enabling a local unprivileged user to access portions of kernel memory. An attacker can leverage this through file I/O paths that manipulate 32/64-bit offset conversions, pote...
CVE-2004-0887
CVE-2004-0887 affects SUSE Linux Enterprise Server 9 on the S/390 platform, where the SACF privileged instruction is not handled correctly, allowing a local user to gain root privileges. Connected sources also reference Debian advisories for kernel-source-2.4.27 updates (DSA-1018-1/2) that addres...
CVE-2004-2302
CVE-2004-2302 is a race condition in the Linux kernel’s sysfs_read_file and sysfs_write_file, present in 2.6.10 and earlier. It can let local users read kernel memory and cause a denial of service (crash) by exploiting large offsets in sysfs files. Public advisories (e.g., Debian DSA-922-1) docum...
CVE-2005-2548
CVE-2005-2548 affects vlan_dev.c in the Linux kernel 2.6.8 VLAN code. It allows remote attackers to cause a kernel oops (denial of service) via certain UDP packets that trigger a function argument error; demonstrated with snmpwalk on snmpd. Public advisories from Debian, SUSE, Mandriva, Ubuntu, a...
CVE-2005-3857
The CVE-2005-3857 entry refers to a vulnerability in the Linux kernel before 2.6.15-rc3 where the time_out_leases function in locks.c can exhaust memory and fill system logs. Local attackers could trigger a denial of service by creating a large number of broken leases, pumping printk log messages...
CVE-2006-0557
CVE-2006-0557 : In the Linux kernel 2.6.x, the sys_mbind path in mempolicy.c failed to sanity-check the maxnod value before computing in get_nodes, enabling a local user to trigger a kernel crash (DoS). Public advisories tie this to local exploitation with kernel crashes, not remote code executio...
CVE-2006-1855
The CVE-2006-1855 case concerns Linux kernel code (choose_new_parent) containing obsolete debugging paths that can be exploited locally to cause a kernel panic/Denial of Service. The vulnerability is described as a local issue in the kernel prior to a fixed release (notably reflected across multi...
CVE-2006-1858
CVE-2006-1858 affects the Linux kernel SCTP chunk length handling. The vulnerability arises when a chunk length is inconsistent with the actual parameters, enabling remote attackers to trigger a crash and potentially execute arbitrary code. Connected advisories show mitigations via kernel securit...
CVE-2007-1497
CVE-2007-1497 affects the Linux kernel nf_conntrack netfilter code prior to 2.6.20.3. During IPv6 fragment reassembly, nfctinfo is not set, leaving the default IP_CT_ESTABLISHED and potentially allowing remote attackers to bypass certain netfilter rulesusing IPv6 fragments. The documented fix is ...
CVE-2008-3535
CVE-2008-3535 is an off-by-one error in the iov_iter_advance function of Linux kernel mm/filemap.c, addressed by multiple advisories. Public disclosures in Debian/Ubuntu indicate this allows local attackers to crash the system (denial of service) via certain sequences of readv/writev/file operati...
CVE-2008-4618
The CVE-2008-4618 issue affects the Linux kernel SCTP implementation prior to 2.6.27, where a protocol violation with an invalid parameter length could trigger a panic and denial-of-service via SCTP processing paths (sctp_sf_violation_paramlen, sctp_sf_abort_violation, sctp_make_abort_violation; ...
CVE-2012-0810
CVE-2012-0810 affects the Linux kernel up to version prior to 3.3, where the int3 handler uses a per-CPU debug stack and can be abused by a local, unprivileged user to cause stack corruption and a denial of service via crafted lock-contention scenarios. Publicly available connected documents conf...
CVE-2012-2127
CVE-2012-2127 affects the Linux kernel prior to 3.2, where fs/proc/root.c in procfs does not properly interact with CLONE_NEWPID clone system calls. This can enable a remote attacker to trigger a denial of service via a reference leak and growing memory usage by opening many connections to a PID-...
CVE-2012-3364
CVE-2012-3364 relates to multiple stack-based buffer overflows in the Linux kernel’s Near Field Communication Controller Interface (NCI) before version 3.4.5. The flaw allows remote attackers to crash the system and potentially execute arbitrary code via incoming frames with crafted length fields...
CVE-2013-6763
CVE-2013-6763 : The Linux kernel function uio_mmap_physical (drivers/uio/uio.c) is vulnerable in all versions before 3.12 due to missing validation of the mmaped memory block size. This can enable local users to trigger memory corruption and potentially gain privileges through crafted mmap operat...
CVE-2014-9888
CVE-2014-9888 affects the Linux kernel on ARM: memory allocated for DMA buffers could be mapped with executable permissions due to insufficient validation in arch/arm/mm/dma-mapping.c, before version 3.13. This is noted as affecting Android on Nexus devices (Nexus 5 and 7 2013) prior to 2016-08-0...
CVE-2015-2686
The CVE-2015-2686 issue affects the Linux kernel 3.19.x, specifically before 3.19.3. It arises from not validating certain range data for sendto/recvfrom in net/socket.c, enabling a local privilege escalation via a subsystem using the copy_from_iter function in the iov_iter interface, with the Bl...
CVE-2016-10907
Vulnerability CVE-2016-10907 affects the Linux kernel in drivers/iio/dac/ad5755.c up to version 4.8.5, with an out-of-bounds write in the function ad5755_parse_dt. Exploitation could lead to memory corruption. The ChangeLog indicates the issue was addressed in kernel 4.8.6 (and later). Controlled...
CVE-2017-0404
CVE-2017-0404 is an elevation-of-privilege vulnerability in the Android kernel sound subsystem that could allow a local malicious application to execute arbitrary code in kernel context. Affected products/versions include Android devices using kernel 3.10 and 3.18. The issue requires compromising...
CVE-2017-0572
The CVE-2017-0572 entry concerns Broadcom Wi‑Fi driver (bcmdhd) used in Android. The connected analysis provides concrete technical details: in the function dhd_pno_process_anqpo_result, a buffer is allocated as kmalloc(mem_needed,...), but a subsequent memcpy uses bi->SSID_len to copy the SSI...
CVE-2017-8063
The CVE-2017-8063 issue affects Linux kernel 4.9.x and 4.10.x before 4.10.12, where the cxusb.c driver in drivers/media/usb/dvb-usb mishandles interaction with CONFIG_VMAP_STACK, allowing a local user to cause a denial of service (system crash) or other unspecified impact by leveraging more than ...
CVE-2021-47317
In the Linux kernel, CVE-2021-47317 relates to the powerpc64 JIT check for BPF atomic instructions. The patch fixes an incorrect scrutiny of the immediate field when distinguishing BPF_XADD/BPF_ATOMIC instructions, ensuring that only allowed immediates (e.g., BPF_ADD) are accepted. Prior to the f...
CVE-2021-47470
CVE-2021-47470 affects the Linux kernel. The issue is in the mm/slab subsystem (slab_debugfs_fops) where a use-after-free can occur if sysfs_slab_add fails, because the slab object “s” is freed soon after and then used later by slab_debugfs_fops. The connected Astra Linux advisory confirms this d...
CVE-2021-47528
CVE-2021-47528 in the Linux kernel USB CDNSP code fixes a NULL pointer dereference in cdnsp_endpoint_init() by adding a check for pep->ring after cdnsp_ring_alloc() (previously dereferenced on potential failure). The vulnerability could occur when cdnsp_ring_alloc() fails and pep->ring is N...
CVE-2022-1976
CVE-2022-1976 affects the Linux kernel IO-URING implementation. The flaw allows a local attacker to craft a sequence of requests that triggers a use-after-free in the kernel, leading to memory corruption and possible privilege escalation. Across multiple sources, the issue is described without pu...
CVE-2022-3541
CVE-2022-3541 affects the Linux kernel Sunplus Ethernet driver (spl2sw_nvmem_get_mac_address in drivers/net/ethernet/sunplus/spl2sw_driver.c). The issue is a use-after-free vulnerability, as described in the initial document. Connected sources (Ubuntu USN advisories and Nessus/OpenVAS entries) co...
CVE-2022-48914
CVE-2022-48914 affects the Linux kernel’s xen_netfront/xennet_destroy_queues path. The vulnerability arises because xennet_destroy_queues() relies on netdev->real_num_tx_queues, which is cleared after unregister_netdev() due to net-sysfs changes, causing a NULL dereference when freeing queues ...
CVE-2022-49150
CVE-2022-49150 in the Linux kernel relates to rtc: gamecube: Fix refcount leak in gamecube_rtc_read_offset_from_sram. The issue was that of_find_compatible_node() returned a node pointer with an incremented refcount and lacked a corresponding of_node_put() to release it. The connected documents c...
CVE-2022-49428
The CVE-2022-49428 entry concerns Linux kernel f2fs: the fix adds a sanity check for inline_dots in inodes to prevent a NULL pointer dereference during f2fs_lookup (__recover_dot_dentries path). The root cause is that for special files (character, block, fifo, socket), f2fs did not initialize the...
CVE-2022-49702
Summary: CVE-2022-49702 concerns a deadlock in Linux kernel when unmounting a filesystem with an async block group reclaim task relocating data. Multiple reclaim tasks (block-group, metadata/data) can interact with a parked cleaner thread, leading to a hang during close_ctree()/unmount due to del...
CVE-2022-49952
CVE-2022-49952 concerns the Linux kernel. The issue is in the misc: fastrpc path where memory could be corrupted during probe due to a missing sanity check on the probed-session count. When there are more than FASTRPC_MAX_SESSIONS sessions defined in the devicetree, memory could be corrupted beyo...
CVE-2022-49959
The CVE-2022-49959 entry concerns a memory-leak in the Linux kernel related to openvswitch datapath creation. The root cause was that ovs_dp_cmd_new()->ovs_dp_change()->ovs_dp_set_upcall_portids() allocated an array with kmalloc but did not always free dp->upcall_portids when new_vport()...
CVE-2022-49982
CVE-2022-49982 affects the Linux kernel media driver pvrusb2. The leak arises from error handling in pvr2_hdw_create: the v4l2 device is not unregistered when control flow returns to pvr2_context_create, causing pvr2_hdw_destroy to exit early. The fix adds v4l2_device_unregister to decrement the ...