Lucene search
K
LinuxLinux Kernel

14330 matches found

CVE
CVE
added 2025/06/18 11:0 a.m.73 views

CVE-2022-49989

CVE-2022-49989 concerns the Linux kernel’s xen/privcmd code. The vulnerability stems from: (1) error exit handling in privcmd_ioctl_dm_op() calling unlock_pages() with NULL pages, risking a NULL dereference, and (2) lock_pages() not verifying pin_user_pages_fast() success, potentially leaving som...

5.5CVSS6.5AI score0.00202EPSS
CVE
CVE
added 2025/06/18 11:1 a.m.73 views

CVE-2022-50049

CVE-2022-50049 affects the Linux kernel ASoC DPCM path: when adding BE connections, the code could pick a BE that does not support the required stream direction, risking a NULL dereference if a BE substream is missing. The patch adds a presence check for the target BE’s substream at dpcm_add_path...

5.5CVSS6.6AI score0.00157EPSS
CVE
CVE
added 2025/06/18 11:1 a.m.73 views

CVE-2022-50050

CVE-2022-50050 is reported in the Linux kernel ASoC: SOF: Intel: hda component. The vulnerability stems from using snprintf() which returns the would-be-filled size on overflow, risking a buffer overflow; the fix replaces snprintf() with a safer scnprintf() to paper over this potential issue. Con...

7.8CVSS7AI score0.00183EPSS
CVE
CVE
added 2025/06/18 11:2 a.m.73 views

CVE-2022-50077

The CVE-2022-50077 entry concerns the Linux kernel AppArmor path aa_pivotroot, where a reference-count bug leaks a previously incremented “target” when aa_replace_current_label() returns success. The fix is to decrement the refcount of target in that code path (build_pivotroot() increased it earl...

5.5CVSS6.4AI score0.00161EPSS
CVE
CVE
added 2025/06/18 11:2 a.m.73 views

CVE-2022-50123

CVE-2022-50123 affects the Linux kernel ASoC Mediatek mt8173 stack (mt8173_rt5650_rt5676_dev_probe). Root cause: of_parse_phandle() returns a node pointer with an incremented refcount and missing of_node_put() in error paths, leading to a potential refcount leak. The connected advisories document...

5.5CVSS6.5AI score0.0016EPSS
CVE
CVE
added 2025/06/18 11:3 a.m.73 views

CVE-2022-50173

CVE-2022-50173 affects the Linux kernel DRM/MSM MDP5 path. The vulnerability arises from not grabbing the global state lock after an early return when hwpipe is disabled, allowing contention and potentially returning 0. The public entries describe the fix as “Fix global state lock backoff” and ci...

5.5CVSS6.5AI score0.00158EPSS
CVE
CVE
added 2025/06/18 11:3 a.m.73 views

CVE-2022-50176

In CVE-2022-50176, the Linux kernel’s drm/mcde mcde_dsi_bind had a refcount leak: every iteration of for_each_available_child_of_node() decremented the previous node’s refcount, but a missing of_node_put() on loop exit caused leaks. The fix is to add of_node_put() to restore correct refcount hand...

5.5CVSS6.5AI score0.00209EPSS
CVE
CVE
added 2025/06/18 11:3 a.m.73 views

CVE-2022-50208

CVE-2022-50208 affects the Linux kernel, specifically the soc: amlogic driver code for meson-secure-pwrc.c. In meson_secure_pwrc_probe(), there is a refcount leak on one failure path, which is the root cause described in the Initial Document. The vulnerability is fixed in the same area (refcount ...

5.5CVSS6.5AI score0.00188EPSS
CVE
CVE
added 2023/09/04 2:27 a.m.73 views

CVE-2023-20841

CVE-2023-20841 affects imgsys and is described as an out-of-bounds write caused by missing valid range checking, enabling local escalation of privileges with System execution privileges needed. User interaction is required for exploitation. Reported patch ID: ALPS07326455 (Issue ID: ALPS07326441)...

6.5CVSS6.6AI score0.00094EPSS
CVE
CVE
added 2024/05/21 3:30 p.m.73 views

CVE-2023-52779

CVE-2023-52779 describes a Linux kernel issue where vfs_getattr_nosec() could end up invoking vfs_getattr() in certain filesystems (notably overlayfs and ecryptfs), which could lead to a NULL pointer dereference due to security_inode_getattr() on a process with no current->fs. The patch introd...

5.5CVSS5.2AI score0.00208EPSS
CVE
CVE
added 2024/05/21 3:31 p.m.73 views

CVE-2023-52795

Summary: CVE-2023-52795 affects the Linux kernel vhost-vdpa path. The vulnerability is a use-after-free/double-free in vhost_vdpa_probe() caused by put_device() calling vhost_vdpa_release_dev() which frees a device via ida_simple_remove(). This was resolved in the Linux kernel; the Astra Linux ad...

7.8CVSS6.9AI score0.00241EPSS
CVE
CVE
added 2025/03/27 4:37 p.m.73 views

CVE-2023-52941

CVE-2023-52941 affects the Linux kernel can:isotp subsystem. The bug arose from the tx timer handling for isotp PDUs, where the timer served two roles: sending two consecutive frames with a gap and monitoring timeouts for flow control and echo frames. This caused more complex txstate checks and e...

5.5CVSS6.6AI score0.00197EPSS
CVE
CVE
added 2025/05/02 3:55 p.m.73 views

CVE-2023-53067

CVE-2023-53067: Concrete details in connected docs show a LoongArch Linux kernel issue where get_timer_irq() is invoked multiple times in constant_clockevent_init(), causing a sleeping function to be called from an invalid context under CONFIG_DEBUG_ATOMIC_SLEEP=y and CONFIG_DEBUG_PREEMPT=y. The ...

5.5CVSS6.5AI score0.00164EPSS
CVE
CVE
added 2025/09/18 1:33 p.m.73 views

CVE-2023-53374

Technical details for CVE-2023-53374 are not publicly available in the provided connected documents. No affected products, versions, impact, or fixes are specified here; monitor for updates.

7.8CVSS6.1AI score0.00147EPSS
CVE
CVE
added 2024/07/12 12:37 p.m.73 views

CVE-2024-40985

CVE-2024-40985 concerns the Linux kernel TCP-AO subsystem. The issue is described as: in net/tcp_ao, ao_info could be leaked on error-path, introduced with TCP_AO_CMDF_AO_REQUIRED in patch set version 5. The vulnerability’s root cause is an information leak during error handling in the TCP-AO cod...

5.5CVSS6.5AI score0.00235EPSS
CVE
CVE
added 2024/07/12 12:37 p.m.73 views

CVE-2024-40991

CVE-2024-40991 pertains to the Linux kernel DMA engine, specifically the TI k3-udma-glue helper of_k3_udma_glue_parse_chn_by_id(). The issue: the function calls of_node_put() on the udmax_np device-node without previously incrementing its reference count, risking improper reference management. A ...

5.5CVSS6.5AI score0.00229EPSS
CVE
CVE
added 2024/07/29 2:32 p.m.73 views

CVE-2024-41053

The CVE-2024-41053 issue affects the Linux kernel’s SCSI/ufs path. It concerns ufshcd_abort_one racing with the completion ISR, which can cause the request’s mq_hctx pointer to be NULL at ISR completion and may lead to a kernel NULL pointer dereference (as shown in the backtrace). The description...

5.5CVSS6.4AI score0.00291EPSS
CVE
CVE
added 2024/09/04 7:54 p.m.73 views

CVE-2024-45004

CVE-2024-45004 affects the Linux kernel KEYS: trusted: dcp path. The bug leaks the blob encryption key (BEK) plaintext on export because BEK decryption occurs in-place in the key blob; subsequent reads output the BEK in plain text. The issue arises when importing a DCP-based trusted key and expor...

5.5CVSS5.3AI score0.00102EPSS
CVE
CVE
added 2024/12/27 1:49 p.m.73 views

CVE-2024-53205

CVE-2024-53205 – Linux kernel realtek USB PHY (rtk_usb2phy_probe) NULL dereference. In rtk_usb2phy_probe(), devm_kzalloc() may return NULL and the code does not check this, allowing a possible NULL pointer dereference. The vulnerability is described as local, with a LOW/medium access/availability...

5.5CVSS7AI score0.00264EPSS
CVE
CVE
added 2025/02/27 8:0 p.m.73 views

CVE-2025-21803

CVE-2025-21803: In LoongArch, the Linux kernel fixed a warning during S3 suspend by removing a potential thread switch in enable_gpe_wakeup. Root cause was acpi_enable_all_wakeup_gpes() using a mutex, which could yield and leave the CPU interrupt-enabled state when enable_gpe_wakeup() returns. Th...

5.5CVSS6.6AI score0.00224EPSS
CVE
CVE
added 2025/04/01 3:46 p.m.73 views

CVE-2025-21958

Summary: CVE-2025-21958 concerns the Linux kernel where a revert of a Open vSwitch conntrack change causes a potential warning path in nf_ct_ext_add when a conntrack entry lacks the labels_ext extension. The code path in ovs_ct_get_conn_labels() may attempt to allocate labels_ext for a confirmed ...

4.7CVSS7.1AI score0.00133EPSS
CVE
CVE
added 2025/07/10 7:41 a.m.73 views

CVE-2025-38273

CVE-2025-38273 corresponds to a Linux kernel fix for a refcount warning in net/tipc: tipc_aead_encrypt, reported when get_net() could be called on a destroying network namespace. The patch replaces get_net() with maybe_get_net(), which checks the refcount and returns -ENODEV if the namespace is b...

5.5CVSS6.5AI score0.00161EPSS
CVE
CVE
added 2025/07/10 7:42 a.m.73 views

CVE-2025-38303

CVE-2025-38303: In the Linux kernel, Bluetooth eir_create_adv_data could crash when trying to add EIR_FLAGS and EIR_TX_POWER without ensuring they fit. The issue is fixed in the kernel (referenced commits in the connected documents) and affects the Bluetooth/EIR data path; remediation is applying...

5.5CVSS6.6AI score0.00146EPSS
CVE
CVE
added 2025/07/25 1:9 p.m.73 views

CVE-2025-38404

CVE-2025-38404 affects the Linux kernel USB Type-C/displayport subsystem. The issue is a potential deadlock caused by recursive locking of cros_typec_altmode_data::mutex when a mutex-protected path calls typec_altmode_exit() from within the same context. The documented fix defers the typec_altmod...

5.5CVSS6.3AI score0.00129EPSS
CVE
CVE
added 2026/04/13 1:40 p.m.73 views

CVE-2026-31419

Summary of CVE-2026-31419 : A use-after-free in the Linux kernel bonding driver is caused by a race in bond_xmit_broadcast() where the last slave determination can change during RCUs, leading to double-free of the original skb and a potential crash. The fix replaces the racy bond_is_last_slave() ...

7.8CVSS5.7AI score0.00124EPSS
CVE
CVE
added 2001/09/12 4:0 a.m.72 views

CVE-1999-1225

Concretely, CVE-1999-1225 affects rpc.mountd and is described in SGI IRIX advisories as allowing a remote tester to probe for the existence of files by issuing mount requests, leading to distinguishable error messages. The SGI advisory fixes this by patching/upgrading IRIX (upgrade to IRIX 6.5.23...

5CVSS6.9AI score0.0176EPSS
CVE
CVE
added 2003/05/15 4:0 a.m.72 views

CVE-2003-0246

CVE-2003-0246 affects the Linux kernel (2.4.x) where the ioperm system call does not properly restrict privileges, enabling a local user to gain read and/or write access to certain I/O ports on 2.4.20 and earlier. The connected OpenVAS and advisory records reference Debian and other vendor adviso...

3.6CVSS6AI score0.005EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.72 views

CVE-2004-0075

The CVE-2004-0075 issue affects the Linux kernel's Vicam USB driver prior to 2.4.25. The vulnerability arises because data copied from userspace to kernel space does not use copy_from_user, crossing security boundaries and enabling a local attacker to cause a denial of service. Public advisories ...

2.1CVSS5.9AI score0.00392EPSS
CVE
CVE
added 2004/12/01 5:0 a.m.72 views

CVE-2004-1069

CVE-2004-1069 describes a race condition affecting SELinux-enabled Linux kernels in the 2.6.x series (through 2.6.9) when handling AF_UNIX network packets. Local attackers could cause a kernel DoS (kernel crash) via SOCK_SEQPACKET Unix domain sockets due to improper handling in sock_dgram_sendmsg...

1.2CVSS7.2AI score0.00334EPSS
CVE
CVE
added 2005/09/30 4:0 a.m.72 views

CVE-2005-3110

CVE-2005-3110 is a race condition in the Linux kernel after the ebtables netfilter module tightens lock handling. In SMP systems under heavy load, a value can be modified after it is read but before it is locked, enabling a remote attacker to cause a kernel crash (DoS). Public advisories referenc...

2.6CVSS5.7AI score0.0338EPSS
CVE
CVE
added 2006/05/09 8:0 p.m.72 views

CVE-2005-4798

CVE-2005-4798 is a buffer overflow in Linux kernel NFS readlink handling (affecting 2.4 up to 2.4.31). A remote NFS server could crash the NFS client. Debian advisories (DSA-1183-1, DSA-1184-1/2) document this vulnerability within kernel-source-2.4.27 and kernel-source-2.6.8, respectively, and de...

5CVSS7.3AI score0.02954EPSS
CVE
CVE
added 2006/04/05 5:0 p.m.72 views

CVE-2006-1055

CVE-2006-1055: The Linux kernel

4.9CVSS7.2AI score0.00582EPSS
CVE
CVE
added 2006/05/27 10:0 a.m.72 views

CVE-2006-2629

CVE-2006-2629 concerns a race condition in the Linux kernel (versions 2.6.15 to 2.6.17) on SMP systems. An attacker with local access can cause a denial of service (kernel crash) by rapidly creating and exiting a large number of tasks, then querying the /proc entry of an exiting task. This leads ...

4CVSS6.4AI score0.00652EPSS
CVE
CVE
added 2006/12/11 11:0 p.m.72 views

CVE-2006-5871

CVE-2006-5871 affects the Linux kernel (notably 2.6.8 and 2.4.x prior to 2.4.34) where UNIX extensions are enabled. The vulnerability arises because smbfs ignores certain mount options, allowing a client to end up using server-specified uid, gid, and mode settings. Connected records (e.g., Debian...

4.1CVSS7.2AI score0.00318EPSS
CVE
CVE
added 2008/05/02 4:0 p.m.72 views

CVE-2008-1294

Mode C: CVE-2008-1294 affects the Linux kernel 2.6.x line (notably 2.6.17 and earlier than 2.6.22). The issue is that RLIMIT_CPU is not validated when a user sets it to 0 until after the change is applied, allowing a local user to bypass CPU time limits. Multiple connected advisories cite this CV...

2.1CVSS7.2AI score0.00526EPSS
CVE
CVE
added 2008/08/27 8:0 p.m.72 views

CVE-2008-3526

CVE-2008-3526 is a Linux kernel SCTP vulnerability present in 2.6.24-rc1 through 2.6.26.3. The issue is an integer overflow in sctp_setsockopt_auth_key (net/sctp/socket.c) that can be triggered by a crafted sca_keylength field in the SCTP_AUTH_KEY option, allowing remote attackers to cause a deni...

7.8CVSS6AI score0.03494EPSS
CVE
CVE
added 2008/08/08 7:0 p.m.72 views

CVE-2008-3534

CVE-2008-3534 affects the Linux kernel tmpfs implementation (shmem.c: shmem_delete_inode). A local attacker could crash the system by a specific sequence of file create/remove/overwrite operations, linked to allocation of “useless pages” and improper maintenance of i_blocks. Public advisories con...

4.9CVSS4.9AI score0.00532EPSS
CVE
CVE
added 2008/10/06 6:0 p.m.72 views

CVE-2008-4445

CVE-2008-4445 affects the Linux kernel SCTP implementation prior to 2.6.26.4. The vulnerability resides in sctp_auth_ep_set_hmacs (net/sctp/auth.c) where the identifier index is not validated against SCTP_AUTH_HMAC_ID_MAX when SCTP-AUTH is enabled. This can allow local users to obtain sensitive i...

4.7CVSS4.7AI score0.00448EPSS
CVE
CVE
added 2009/07/01 12:26 p.m.72 views

CVE-2009-2287

CVE-2009-2287 affects the Linux kernel’s KVM on x86, where KVM_SET_SREGS does not validate the page-table root (cr3). This can allow a local attacker to crash or hang the host (denial of service) via a crafted cr3 value, triggering a NULL pointer dereference in gfn_to_rmap. The issue is documente...

4.9CVSS6.8AI score0.00398EPSS
CVE
CVE
added 2012/05/24 11:0 p.m.72 views

CVE-2011-2518

The CVE-2011-2518 entry concerns the Linux kernel code path security/tomoyo/mount.c: tomoyo_mount_acl calls kern_path with arguments from the mount system call. This allows local users to trigger a denial of service (OOPS) or possibly other impact via a NULL device name in kernels before 2.6.39.2...

4.9CVSS6.3AI score0.00403EPSS
CVE
CVE
added 2013/06/07 10:0 a.m.72 views

CVE-2011-4604

CVE-2011-4604 affects the Linux kernel via batman-adv: the bat_socket_read function in net/batman-adv/icmp_socket.c allows remote memory corruption/DoS via crafted batman-adv ICMP packets. Affected: kernel versions prior to 3.3. Root cause: ICMP handling in batman-adv. Impact: memory corruption a...

6.8CVSS7.6AI score0.02986EPSS
CVE
CVE
added 2014/09/28 10:0 a.m.72 views

CVE-2014-3183

CVE-2014-3183 is a heap-based buffer overflow in the Linux kernel driver HID Logitech DJ (logi-dj_ll_raw_request in drivers/hid/hid-logitech-dj.c) exposed when a device reports a large LED report. Affected kernel versions are earlier than 3.16.2. This allows physically proximate attackers to caus...

6.9CVSS7.9AI score0.00499EPSS
CVE
CVE
added 2024/03/15 8:14 p.m.72 views

CVE-2021-47127

CVE-2021-47127: The Linux kernel AF_XDP copy-mode Tx regression (introduced by commit that removed xsk_buff_pool from VSI) is fixed by adding a bitmap of zero-copy queues. Each bit corresponds to a queue where an xsk pool is configured; the bitmap is updated in ice_xsk_pool_en/disable and consult...

5.5CVSS6.2AI score0.00196EPSS
CVE
CVE
added 2024/03/25 9:7 a.m.72 views

CVE-2021-47140

CVE-2021-47140 affects the Linux kernel’s IOMMU path for AMD. The root cause is that when changing the default IOMMU domain for an IOMMU group, dev->dma_ops is not cleared when switching from a DMA to an identity domain, causing the DMA layer to use dma-iommu ops on an identity domain and trig...

5.3CVSS5AI score0.00603EPSS
Web
CVE
CVE
added 2024/04/10 6:56 p.m.72 views

CVE-2021-47195

CVE-2021-47195 relates to the Linux kernel SPI subsystem. The issue is a use-after-free caused by unlocking a per-controller mutex (add_lock) after the controller has already been freed during spi_unregister_controller(ctlr) and subsequent put_device flow. The fix moves put_device() after the mut...

5.5CVSS6.6AI score0.00219EPSS
CVE
CVE
added 2024/05/21 2:19 p.m.72 views

CVE-2021-47266

CVE-2021-47266 affects the Linux kernel’s RDMA/IPOIB path. After a change that sets rtnl_link_ops for ipoib interfaces, moving an IPoIB device to a non-initial netns can cause the device to disappear when the owning netns is deleted, due to default_device_exit() skipping interfaces with rtnl_link...

5.5CVSS6.5AI score0.00232EPSS
CVE
CVE
added 2024/05/21 2:20 p.m.72 views

CVE-2021-47282

CVE-2021-47282 relates to the Linux kernel bcm2835 SPI driver. The root cause is an out-of-bounds access triggered when more than 3 slaves are used: the code limited native chipselects to 3 via num_chipselect, while GPIO-based chipselects in the device tree could push the effective count higher, ...

7.8CVSS6.8AI score0.00231EPSS
CVE
CVE
added 2024/06/19 2:53 p.m.72 views

CVE-2021-47584

CVE-2021-47584 : In Linux kernel iocost donation logic, a low hweight donor (active hweight=1) could trigger a divide-by-zero during donation calculation. The fix excludes cgroups with active hweight

5.5CVSS6.9AI score0.0025EPSS
CVE
CVE
added 2024/06/19 2:54 p.m.72 views

CVE-2021-47607

CVE-2021-47607 is a Linux kernel issue where BPF_CMPXCHG could leak kernel addresses due to the verifier not rejecting unprivileged programs that place a pointer in R0. The high-level POC probes kernel addresses by using the map value pointer as R0 while SRC_REG has a canary, enabling address lea...

5.5CVSS6.6AI score0.00246EPSS
CVE
CVE
added 2025/04/17 6:1 p.m.72 views

CVE-2021-47668

CVE-2021-47668 is a Linux kernel use-after-free vulnerability in the CAN restart path. The issue occurs when, after calling netif_rx_ni(skb), the code dereferences the same skb memory (specifically cf->len from the can_frame cf aliasing skb), which is unsafe and can lead to memory corruption. ...

7.8CVSS6.7AI score0.00167EPSS
Total number of security vulnerabilities14330