14330 matches found
CVE-2006-2445
CVE-2006-2445 is a race-condition bug in Linux kernels prior to 2.6.16.21 affecting run_posix_cpu_timers. A local attacker can trigger a denial-of-service (BUG_ON crash) by attaching a timer to a process that is exiting on a single CPU. The connected SUSE/Ubuntu/Mandriva advisories describe the s...
CVE-2007-2480
CVE-2007-2480 affects Linux kernel 2.6.21 and earlier, in net/ipv4/udp.c. The _udp_lib_get_port function allows binding a port with a specific local address even when the port is already bound by a wildcard local address, potentially letting local users intercept local traffic for daemons or othe...
CVE-2007-6417
The connected Nessus entry links CVE-2007-6417 to the Linux kernel, affecting 2.6.11–2.6.23. The root cause is in shmem_getpage (mm/shmem.c) where allocated memory is not properly cleared in rare tmpfs-related paths, potentially allowing local users to read sensitive kernel data or crash the syst...
CVE-2013-2891
The CVE-2013-2891 vulnerability affects the Linux kernel HID subsystem, specifically the file drivers/hid/hid-steelseries.c. When CONFIG_HID_STEELSERIES is enabled, a crafted device can trigger a heap-based out-of-bounds write, allowing a physically proximate attacker to cause aDenial of Service....
CVE-2013-3228
The CVE-2013-3228 issue affects the Linux kernel’s irda_recvmsg_dgram (net/irda/af_irda.c), where a length variable is not initialized. This allows local attackers to read sensitive data from kernel stack via crafted recvmsg/recvfrom calls. Affected: Linux kernel versions before 3.9-rc7. Impact: ...
CVE-2013-7348
CVE-2013-7348 describes a double free vulnerability in the Linux kernel’s ioctx_alloc (fs/aio.c) prior to 3.12.4. An error path in aio_setup_ring can lead to a use-after-free like condition that enables a local attacker to trigger a system crash (DoS) or potentially other impact. The cited public...
CVE-2015-7884
The CVE-2015-7884 issue affects the Linux kernel’s vivid-osd driver (vivid_fb_ioctl) which does not initialize a structure member, allowing local attackers to read kernel memory. Public advisories in openSUSE and Mageia document the same CVE and indicate remediation via kernel updates; e.g., open...
CVE-2015-8950
CVE-2015-8950 affects the Linux kernel (arch/arm64/mm/dma-mapping.c) prior to 4.0.3, where uninitialized data structures in the ION memory-management path can be exposed via dma_mmap. This local-access vulnerability could allow a non-privileged user to read kernel memory. The public references in...
CVE-2016-2059
The CVE-2016-2059 issue affects the Linux kernel IPC router module (msm_ipc_router_bind_control_port) in the IPC router core for kernel 3.x used in Qualcomm QuIC Android MSM devices. The vulnerability arises because the function does not verify that a port is a client port, enabling a local attac...
CVE-2017-0620
CVE-2017-0620 is a local elevation-of-privilege in the Qualcomm Secure Channel Manager driver on Android, allowing a malicious local app to run code in the kernel. Affected: Android devices with Kernel-3.10/3.18 (per the CVE entry). Impact per sources is High (CVSSv3: 7.0). Affected devices liste...
CVE-2018-19406
CVE-2018-19406 affects the Linux kernel up to version 4.19.2, specifically kvm_pv_send_ipi in arch/x86/kvm/lapic.c. A crafted system call can reach a state where the APIC map is uninitialized, leading to a NULL pointer dereference and a BUG, causing a local denial of service. Connected advisories...
CVE-2021-47092
Summary: CVE-2021-47092 relates to a Linux kernel KVM VMX issue where setting vmx->fail during emulation_required in L2 nesting was incorrect, potentially causing a VM-Exit/VM-Fail contradiction and a warning during teardown (nested_vmx_vmexit). The fix reverts that change so vmx->fail is n...
CVE-2021-47151
CVE-2021-47151 affects the Linux kernel interconnect: qcom bcm-voter code. The root cause is a missing of_node_put() in of_bcm_voter_get(), leading to a reference leak. This vulnerability pertains to the bcm-voter path within Qualcomm interconnect and can impact kernel reference handling. A patch...
CVE-2021-47164
CVE-2021-47164 is a Linux kernel vulnerability fixed by correcting a NULL dereference in net/mlx5e related to lag device handling. Explanation: in bond_enslave(), the active/backup slave was set before the upper dev is assigned; a second event with an upper dev can occur, and if lag dev is NULL a...
CVE-2021-47533
CVE-2021-47533 affects the Linux kernel drm/vc4: kms path. A use-after-free could occur when duplicating state due to a stale HVS FIFO commit pointer not being cleared after waiting on the previous FIFO user. The fix sets the HVS FIFO commit pointer to NULL once the wait completes to prevent carr...
CVE-2021-47561
CVE-2021-47561 affects the Linux kernel i2c virtio driver. The issue arises when a timeout occurs: the device can continue operating on buffers the guest has freed, risking data corruption on the I2C bus and potential memory corruption inside the guest. The root cause is improper timeout handling...
CVE-2021-47655
CVE-2021-47655 affects the Linux kernel component media: venus: vdec. The root cause is a memory-leak risk in venus_helper_alloc_dpb_bufs() where an early return on an error path (ida_alloc_min()) could skip releasing previously allocated buffers. The fix moves the direct kfree() from the dma_all...
CVE-2022-48729
CVE-2022-48729 (Linux kernel) concerns an issue in IB/hfi1 where increasing ipoib send_queue_size could trigger a kernel panic. The root cause, as described in the supplied docs, is a miscalculation: a shift was treated as a function of the ring size instead of the item size, leading to a panic i...
CVE-2022-48753
CVE-2022-48753 : In the Linux kernel, a memory leak affects the disk Register/IA ranges path. The root cause is an extra reference from kobject_init_and_add() when it fails, leading to allocated memory not being freed. The fix adds a kobject_put() call to ensure proper cleanup and updates the blk...
CVE-2022-48795
CVE-2022-48795 maps to a PA-RISC Linux kernel issue: overrunning sglist in sba_unmap_sg caused a Data TLB miss and null-pointer dereference, leading to a kernel panic. The root cause was testing sg_dma_len(sglist) before confirming remaining entries (nents), which could cross a page boundary and ...
CVE-2022-48880
CVE-2022-48880 is a Linux kernel issue in platform/surface/aggregator where ssam_request_sync_init() can fail and the request may leak unless ssam_request_sync_free() is called. The fix adds the missing call to ssam_request_sync_free() to ensure proper freeing when initialization fails. This is a...
CVE-2022-48896
CVE-2022-48896 concerns a PCI device refcount leak in the Linux kernel’s ixgbe driver. The root cause, per the provided documents, is that pci_get_domain_bus_and_slot() returns a PCI device with an incremented refcount and callers must balance with pci_dev_put(). In affected paths (ixgbe_get_firs...
CVE-2022-48924
CVE-2022-48924 relates to the Linux kernel, describing a memory-leak in the int340x thermal driver during int3400_notify() on Tiger Lake, leading to unreferenced objects and potential memory pressure. The provided documents consistently show the root cause as a leak in the int3400_notify path and...
CVE-2022-48927
CVE-2022-48927 refers to a Linux kernel issue in iio: adc: tsc2046 where memory corruption occurred due to an array overflow. The root cause was a mismatch: indio_dev->num_channels counted physical channels plus a timestamp channel, while the target array was allocated only for physical channe...
CVE-2022-49454
CVE-2022-49454 concerns the Linux kernel Mediatek PCI subsystem: a refcount leak in mtk_pcie_subsys_powerup() caused by of_find_compatible_node() returning a node pointer with an incremented refcount. The issue is resolved by adding a missing of_node_put() to release the refcount when the node is...
CVE-2022-49633
In the Linux kernel (CVE-2022-49633), a data-race was fixed in icmp_echo_enable_probe where readers could observe concurrent writes. The mitigation adds READ_ONCE() to readers to prevent reading torn data. The provided connected docs confirm this resolution and describe the underlying issue and f...
CVE-2022-49692
The CVE-2022-49692 issue is a Linux kernel fix for the at803x PHY NULL pointer dereference on AR9331 PHY. The vulnerability manifested as kernel paging fault during PHY interrupt handling, traced to AR9331 switch/MDIO initialization and phylink/dsa probe paths. The remedy is in the latest kernel ...
CVE-2022-49774
CVE-2022-49774 affects the Linux kernel (KVM: x86/xen) and concerns eventfd error handling in kvm_xen_eventfd_assign(). The root cause was calling eventfd_ctx_put() on error; a patch introduces a new goto target to handle the error instead. The documents confirm the fix has been applied and refer...
CVE-2022-49950
CVE-2022-49950 affects the Linux kernel: a bug in misc: fastrpc where the probe session-duplication overflow increments the session count even when no sessions are available, allowing memory corruption beyond the fixed-size slab-allocated fastrpc_session array during open(). This was fixed in the...
CVE-2022-49968
CVE-2022-49968 concerns a race condition in the Linux kernel’s ieee802154/adf7242 path causing a use-after-free between adf7242_remove and adf7242_channel due to the upper layer not synchronizing on detaching events. The root cause is that adf7242_channel can be called without checks while destro...
CVE-2022-49999
CVE-2022-49999 : In the Linux kernel, a race between caching free space for a block group and returning free space to the in‑memory space cache for pinned extents can cause double‑adding free space, corrupting the Btrfs free space tree and space cache. Symptoms include EEXIST when re‑adding freed...
CVE-2022-50001
The CVE-2022-50001 issue affects the Linux kernel netfilter component nft_tproxy. The root cause was that TPROXY could be used from non-prerouting paths, leading to a null dereference crash. The fix restricts nft_tproxy to the prerouting hook, requiring a check that it runs only in prerouting. Th...
CVE-2022-50005
The CVE-2022-50005 issue concerns Linux kernel NFC code for pn533 devices. The root cause is a use-after-free caused by a timer (cmd_timeout) not being canceled during pn532_uart_remove(), allowing a concurrent use path to dereference freed memory. The fix adds del_timer_sync() in pn532_uart_remo...
CVE-2022-50007
CVE-2022-50007: In the Linux kernel xfrm_policy_check(), on the error path when fetching pols[1] fails, pols[0] is not decremented, causing a refcount leak. The fix adds a decref for pols[0] in that path. Affected component: Linux kernel xfrm policy check. Impact described as memory leaks on erro...
CVE-2022-50047
The CVE-2022-50047 issue affects the Linux kernel’s net: dsa mv88e6060 code. When a port is neither a CPU port nor a user port, cpu_dp can be NULL, causing a NULL pointer dereference and kernel crash during mv88e6060_setup_port(). This is a local impact vulnerability that leads to a crash; connec...
CVE-2022-50134
CVE-2022-50134 affects the Linux kernel RDMA/hfi1 path. The issue is a memory leak in setup_base_ctxt(): when allocating a uctxt->groups chunk via hfi1_alloc_ctxt_rcv_groups(), failure of init_user_ctxt() can leave uctxt->groups unreleased, causing a leak. The referenced advisories specify ...
CVE-2022-50143
CVE-2022-50143 : In the Linux kernel intel_th, there is a resource leak path in error handling after pci_alloc_irq_vectors(); pci_free_irq_vectors() must be called as already done in the remove function. The issue, if triggered, affects the kernel’s handling of IRQ vectors and can impact availabi...
CVE-2022-50145
The CVE-2022-50145 issue affects the Linux kernel’s dmaengine sf-pdma path. A data race allows multiple threads to rewrite a DMA channel descriptor, risking NULL pointer dereference and OOPS/hang when device_prep_dma_memcpy() is called concurrently. The vulnerability manifests as a multithreading...
CVE-2022-50189
CVE-2022-50189 relates to a Linux kernel turbostat issue where a FILE pointer leak occurs if fscanf fails, causing an open file pointer to be leaked on an early return. The fix closes the file before returning (turbostat.c:2039) to remediate the resource leak. Affected component: Linux kernel tur...
CVE-2022-50198
CVE-2022-50198 applies to the Linux kernel ARM OMAP2+ stack. The vulnerability arises from a refcount leak in omap3xxx_prm_late_init: of_find_matching_node() returns a node pointer with a refcount incremented, and of_node_put() was added to release it when no longer needed. The patch fixes the le...
CVE-2022-50209
The CVE-2022-50209 issue in the Linux kernel concerns a refcount leak in meson_mx_socinfo_init. The root cause is that of_find_matching_node() can return a node pointer with an incremented refcount, requiring an of_node_put() when the reference is no longer needed. The fix adds the missing of_nod...
CVE-2022-50231
Root cause: in neon_poly1305_blocks, when both s[] and r[] are uninitialized, the code incorrectly uses the first 32-byte block to initialize s[] (first 16 bytes as key, next 16 as s[]), causing a read-out-of-bounds. The patch fixes this by ensuring the initialization uses poly1305_init_arm64() (...
CVE-2023-52896
The CVE-2023-52896 issue affects the Linux kernel’s btrfs quota handling. A race between the quota rescan path and quota disable can lead the rescan worker to dereference a NULL quota_root, causing a NULL pointer dereference in btrfs_start_transaction. The root cause is that task B clears fs_info...
CVE-2023-53009
The CVE-2023-53009 entry concerns the Linux kernel DRM/AMDKFD path. It describes a fix where a sync is added after creating a VRAM buffer (vram bo) to ensure initialization completes before memory is written by SVM. Without this synchronization there is a risk of data corruption on VRAM allocated...
CVE-2024-35816
CVE-2024-35816 (Linux kernel, firewire_ohci) is resolved by the patch that prevents leaking a leftover IRQ on unbind. The change, including commit 5a95f1ded28691e6, switches to devres for the requested IRQ and removes the call to free_irq() in pci_remove(), which previously left a devm_request_ir...
CVE-2024-39470
CVE-2024-39470 : In the Linux kernel, a null-pointer dereference could occur in eventfs_find_events() when ei is NULL after update_events_attr, potentially leading to a crash if ei->is_freed is set. The issue has been resolved via kernel patches (stable releases) implementing a guard that retu...
CVE-2024-40951
CVE-2024-40951 affects the Linux kernel (OCFS2 subsystem). The issue is a NULL pointer dereference in ocfs2_abort_trigger() caused by bdev->bd_super removal and an incorrect use of bh->b_assoc_map without proper initialization, leading to a crash when the function is invoked. The provided s...
CVE-2024-40992
CVE-2024-40992 concerns the Linux kernel RDMA/rxe stack. The root cause was an incorrect resilience check for UD QP receive data: a deferred responder length check in the function copy_data (via commit 689c5421bfe0) could trigger an oversized UD packet to fail with -EINVAL, causing send_data_in t...
CVE-2024-41033
The CVE-2024-41033 issue affects the Linux kernel cachestat component. The root cause is that cachestat() flushed stats while in an RCU read section, which can sleep during workingset_test_recent(). The fix moves the stat-flushing step to occur before the RCU read section and skips stat flushing ...
CVE-2024-41052
CVE-2024-41052 : In the Linux kernel, the VFIO PCI subsystem misused an uninitialized local variable named count during collection of hot-reset devices, causing device-counting mistakes and possible userspace crashes when invoking the hot‑reset info path. The issue has been resolved by initializi...