14330 matches found
CVE-2022-49989
CVE-2022-49989 concerns the Linux kernel’s xen/privcmd code. The vulnerability stems from: (1) error exit handling in privcmd_ioctl_dm_op() calling unlock_pages() with NULL pages, risking a NULL dereference, and (2) lock_pages() not verifying pin_user_pages_fast() success, potentially leaving som...
CVE-2022-50049
CVE-2022-50049 affects the Linux kernel ASoC DPCM path: when adding BE connections, the code could pick a BE that does not support the required stream direction, risking a NULL dereference if a BE substream is missing. The patch adds a presence check for the target BE’s substream at dpcm_add_path...
CVE-2022-50050
CVE-2022-50050 is reported in the Linux kernel ASoC: SOF: Intel: hda component. The vulnerability stems from using snprintf() which returns the would-be-filled size on overflow, risking a buffer overflow; the fix replaces snprintf() with a safer scnprintf() to paper over this potential issue. Con...
CVE-2022-50077
The CVE-2022-50077 entry concerns the Linux kernel AppArmor path aa_pivotroot, where a reference-count bug leaks a previously incremented “target” when aa_replace_current_label() returns success. The fix is to decrement the refcount of target in that code path (build_pivotroot() increased it earl...
CVE-2022-50123
CVE-2022-50123 affects the Linux kernel ASoC Mediatek mt8173 stack (mt8173_rt5650_rt5676_dev_probe). Root cause: of_parse_phandle() returns a node pointer with an incremented refcount and missing of_node_put() in error paths, leading to a potential refcount leak. The connected advisories document...
CVE-2022-50173
CVE-2022-50173 affects the Linux kernel DRM/MSM MDP5 path. The vulnerability arises from not grabbing the global state lock after an early return when hwpipe is disabled, allowing contention and potentially returning 0. The public entries describe the fix as “Fix global state lock backoff” and ci...
CVE-2022-50176
In CVE-2022-50176, the Linux kernel’s drm/mcde mcde_dsi_bind had a refcount leak: every iteration of for_each_available_child_of_node() decremented the previous node’s refcount, but a missing of_node_put() on loop exit caused leaks. The fix is to add of_node_put() to restore correct refcount hand...
CVE-2022-50208
CVE-2022-50208 affects the Linux kernel, specifically the soc: amlogic driver code for meson-secure-pwrc.c. In meson_secure_pwrc_probe(), there is a refcount leak on one failure path, which is the root cause described in the Initial Document. The vulnerability is fixed in the same area (refcount ...
CVE-2023-20841
CVE-2023-20841 affects imgsys and is described as an out-of-bounds write caused by missing valid range checking, enabling local escalation of privileges with System execution privileges needed. User interaction is required for exploitation. Reported patch ID: ALPS07326455 (Issue ID: ALPS07326441)...
CVE-2023-52779
CVE-2023-52779 describes a Linux kernel issue where vfs_getattr_nosec() could end up invoking vfs_getattr() in certain filesystems (notably overlayfs and ecryptfs), which could lead to a NULL pointer dereference due to security_inode_getattr() on a process with no current->fs. The patch introd...
CVE-2023-52795
Summary: CVE-2023-52795 affects the Linux kernel vhost-vdpa path. The vulnerability is a use-after-free/double-free in vhost_vdpa_probe() caused by put_device() calling vhost_vdpa_release_dev() which frees a device via ida_simple_remove(). This was resolved in the Linux kernel; the Astra Linux ad...
CVE-2023-52941
CVE-2023-52941 affects the Linux kernel can:isotp subsystem. The bug arose from the tx timer handling for isotp PDUs, where the timer served two roles: sending two consecutive frames with a gap and monitoring timeouts for flow control and echo frames. This caused more complex txstate checks and e...
CVE-2023-53067
CVE-2023-53067: Concrete details in connected docs show a LoongArch Linux kernel issue where get_timer_irq() is invoked multiple times in constant_clockevent_init(), causing a sleeping function to be called from an invalid context under CONFIG_DEBUG_ATOMIC_SLEEP=y and CONFIG_DEBUG_PREEMPT=y. The ...
CVE-2023-53374
Technical details for CVE-2023-53374 are not publicly available in the provided connected documents. No affected products, versions, impact, or fixes are specified here; monitor for updates.
CVE-2024-40985
CVE-2024-40985 concerns the Linux kernel TCP-AO subsystem. The issue is described as: in net/tcp_ao, ao_info could be leaked on error-path, introduced with TCP_AO_CMDF_AO_REQUIRED in patch set version 5. The vulnerability’s root cause is an information leak during error handling in the TCP-AO cod...
CVE-2024-40991
CVE-2024-40991 pertains to the Linux kernel DMA engine, specifically the TI k3-udma-glue helper of_k3_udma_glue_parse_chn_by_id(). The issue: the function calls of_node_put() on the udmax_np device-node without previously incrementing its reference count, risking improper reference management. A ...
CVE-2024-41053
The CVE-2024-41053 issue affects the Linux kernel’s SCSI/ufs path. It concerns ufshcd_abort_one racing with the completion ISR, which can cause the request’s mq_hctx pointer to be NULL at ISR completion and may lead to a kernel NULL pointer dereference (as shown in the backtrace). The description...
CVE-2024-45004
CVE-2024-45004 affects the Linux kernel KEYS: trusted: dcp path. The bug leaks the blob encryption key (BEK) plaintext on export because BEK decryption occurs in-place in the key blob; subsequent reads output the BEK in plain text. The issue arises when importing a DCP-based trusted key and expor...
CVE-2024-53205
CVE-2024-53205 – Linux kernel realtek USB PHY (rtk_usb2phy_probe) NULL dereference. In rtk_usb2phy_probe(), devm_kzalloc() may return NULL and the code does not check this, allowing a possible NULL pointer dereference. The vulnerability is described as local, with a LOW/medium access/availability...
CVE-2025-21803
CVE-2025-21803: In LoongArch, the Linux kernel fixed a warning during S3 suspend by removing a potential thread switch in enable_gpe_wakeup. Root cause was acpi_enable_all_wakeup_gpes() using a mutex, which could yield and leave the CPU interrupt-enabled state when enable_gpe_wakeup() returns. Th...
CVE-2025-21958
Summary: CVE-2025-21958 concerns the Linux kernel where a revert of a Open vSwitch conntrack change causes a potential warning path in nf_ct_ext_add when a conntrack entry lacks the labels_ext extension. The code path in ovs_ct_get_conn_labels() may attempt to allocate labels_ext for a confirmed ...
CVE-2025-38273
CVE-2025-38273 corresponds to a Linux kernel fix for a refcount warning in net/tipc: tipc_aead_encrypt, reported when get_net() could be called on a destroying network namespace. The patch replaces get_net() with maybe_get_net(), which checks the refcount and returns -ENODEV if the namespace is b...
CVE-2025-38303
CVE-2025-38303: In the Linux kernel, Bluetooth eir_create_adv_data could crash when trying to add EIR_FLAGS and EIR_TX_POWER without ensuring they fit. The issue is fixed in the kernel (referenced commits in the connected documents) and affects the Bluetooth/EIR data path; remediation is applying...
CVE-2025-38404
CVE-2025-38404 affects the Linux kernel USB Type-C/displayport subsystem. The issue is a potential deadlock caused by recursive locking of cros_typec_altmode_data::mutex when a mutex-protected path calls typec_altmode_exit() from within the same context. The documented fix defers the typec_altmod...
CVE-2026-31419
Summary of CVE-2026-31419 : A use-after-free in the Linux kernel bonding driver is caused by a race in bond_xmit_broadcast() where the last slave determination can change during RCUs, leading to double-free of the original skb and a potential crash. The fix replaces the racy bond_is_last_slave() ...
CVE-1999-1225
Concretely, CVE-1999-1225 affects rpc.mountd and is described in SGI IRIX advisories as allowing a remote tester to probe for the existence of files by issuing mount requests, leading to distinguishable error messages. The SGI advisory fixes this by patching/upgrading IRIX (upgrade to IRIX 6.5.23...
CVE-2003-0246
CVE-2003-0246 affects the Linux kernel (2.4.x) where the ioperm system call does not properly restrict privileges, enabling a local user to gain read and/or write access to certain I/O ports on 2.4.20 and earlier. The connected OpenVAS and advisory records reference Debian and other vendor adviso...
CVE-2004-0075
The CVE-2004-0075 issue affects the Linux kernel's Vicam USB driver prior to 2.4.25. The vulnerability arises because data copied from userspace to kernel space does not use copy_from_user, crossing security boundaries and enabling a local attacker to cause a denial of service. Public advisories ...
CVE-2004-1069
CVE-2004-1069 describes a race condition affecting SELinux-enabled Linux kernels in the 2.6.x series (through 2.6.9) when handling AF_UNIX network packets. Local attackers could cause a kernel DoS (kernel crash) via SOCK_SEQPACKET Unix domain sockets due to improper handling in sock_dgram_sendmsg...
CVE-2005-3110
CVE-2005-3110 is a race condition in the Linux kernel after the ebtables netfilter module tightens lock handling. In SMP systems under heavy load, a value can be modified after it is read but before it is locked, enabling a remote attacker to cause a kernel crash (DoS). Public advisories referenc...
CVE-2005-4798
CVE-2005-4798 is a buffer overflow in Linux kernel NFS readlink handling (affecting 2.4 up to 2.4.31). A remote NFS server could crash the NFS client. Debian advisories (DSA-1183-1, DSA-1184-1/2) document this vulnerability within kernel-source-2.4.27 and kernel-source-2.6.8, respectively, and de...
CVE-2006-1055
CVE-2006-1055: The Linux kernel
CVE-2006-2629
CVE-2006-2629 concerns a race condition in the Linux kernel (versions 2.6.15 to 2.6.17) on SMP systems. An attacker with local access can cause a denial of service (kernel crash) by rapidly creating and exiting a large number of tasks, then querying the /proc entry of an exiting task. This leads ...
CVE-2006-5871
CVE-2006-5871 affects the Linux kernel (notably 2.6.8 and 2.4.x prior to 2.4.34) where UNIX extensions are enabled. The vulnerability arises because smbfs ignores certain mount options, allowing a client to end up using server-specified uid, gid, and mode settings. Connected records (e.g., Debian...
CVE-2008-1294
Mode C: CVE-2008-1294 affects the Linux kernel 2.6.x line (notably 2.6.17 and earlier than 2.6.22). The issue is that RLIMIT_CPU is not validated when a user sets it to 0 until after the change is applied, allowing a local user to bypass CPU time limits. Multiple connected advisories cite this CV...
CVE-2008-3526
CVE-2008-3526 is a Linux kernel SCTP vulnerability present in 2.6.24-rc1 through 2.6.26.3. The issue is an integer overflow in sctp_setsockopt_auth_key (net/sctp/socket.c) that can be triggered by a crafted sca_keylength field in the SCTP_AUTH_KEY option, allowing remote attackers to cause a deni...
CVE-2008-3534
CVE-2008-3534 affects the Linux kernel tmpfs implementation (shmem.c: shmem_delete_inode). A local attacker could crash the system by a specific sequence of file create/remove/overwrite operations, linked to allocation of “useless pages” and improper maintenance of i_blocks. Public advisories con...
CVE-2008-4445
CVE-2008-4445 affects the Linux kernel SCTP implementation prior to 2.6.26.4. The vulnerability resides in sctp_auth_ep_set_hmacs (net/sctp/auth.c) where the identifier index is not validated against SCTP_AUTH_HMAC_ID_MAX when SCTP-AUTH is enabled. This can allow local users to obtain sensitive i...
CVE-2009-2287
CVE-2009-2287 affects the Linux kernel’s KVM on x86, where KVM_SET_SREGS does not validate the page-table root (cr3). This can allow a local attacker to crash or hang the host (denial of service) via a crafted cr3 value, triggering a NULL pointer dereference in gfn_to_rmap. The issue is documente...
CVE-2011-2518
The CVE-2011-2518 entry concerns the Linux kernel code path security/tomoyo/mount.c: tomoyo_mount_acl calls kern_path with arguments from the mount system call. This allows local users to trigger a denial of service (OOPS) or possibly other impact via a NULL device name in kernels before 2.6.39.2...
CVE-2011-4604
CVE-2011-4604 affects the Linux kernel via batman-adv: the bat_socket_read function in net/batman-adv/icmp_socket.c allows remote memory corruption/DoS via crafted batman-adv ICMP packets. Affected: kernel versions prior to 3.3. Root cause: ICMP handling in batman-adv. Impact: memory corruption a...
CVE-2014-3183
CVE-2014-3183 is a heap-based buffer overflow in the Linux kernel driver HID Logitech DJ (logi-dj_ll_raw_request in drivers/hid/hid-logitech-dj.c) exposed when a device reports a large LED report. Affected kernel versions are earlier than 3.16.2. This allows physically proximate attackers to caus...
CVE-2021-47127
CVE-2021-47127: The Linux kernel AF_XDP copy-mode Tx regression (introduced by commit that removed xsk_buff_pool from VSI) is fixed by adding a bitmap of zero-copy queues. Each bit corresponds to a queue where an xsk pool is configured; the bitmap is updated in ice_xsk_pool_en/disable and consult...
CVE-2021-47140
CVE-2021-47140 affects the Linux kernel’s IOMMU path for AMD. The root cause is that when changing the default IOMMU domain for an IOMMU group, dev->dma_ops is not cleared when switching from a DMA to an identity domain, causing the DMA layer to use dma-iommu ops on an identity domain and trig...
CVE-2021-47195
CVE-2021-47195 relates to the Linux kernel SPI subsystem. The issue is a use-after-free caused by unlocking a per-controller mutex (add_lock) after the controller has already been freed during spi_unregister_controller(ctlr) and subsequent put_device flow. The fix moves put_device() after the mut...
CVE-2021-47266
CVE-2021-47266 affects the Linux kernel’s RDMA/IPOIB path. After a change that sets rtnl_link_ops for ipoib interfaces, moving an IPoIB device to a non-initial netns can cause the device to disappear when the owning netns is deleted, due to default_device_exit() skipping interfaces with rtnl_link...
CVE-2021-47282
CVE-2021-47282 relates to the Linux kernel bcm2835 SPI driver. The root cause is an out-of-bounds access triggered when more than 3 slaves are used: the code limited native chipselects to 3 via num_chipselect, while GPIO-based chipselects in the device tree could push the effective count higher, ...
CVE-2021-47584
CVE-2021-47584 : In Linux kernel iocost donation logic, a low hweight donor (active hweight=1) could trigger a divide-by-zero during donation calculation. The fix excludes cgroups with active hweight
CVE-2021-47607
CVE-2021-47607 is a Linux kernel issue where BPF_CMPXCHG could leak kernel addresses due to the verifier not rejecting unprivileged programs that place a pointer in R0. The high-level POC probes kernel addresses by using the map value pointer as R0 while SRC_REG has a canary, enabling address lea...
CVE-2021-47668
CVE-2021-47668 is a Linux kernel use-after-free vulnerability in the CAN restart path. The issue occurs when, after calling netif_rx_ni(skb), the code dereferences the same skb memory (specifically cf->len from the can_frame cf aliasing skb), which is unsafe and can lead to memory corruption. ...