13804 matches found
CVE-2013-1959
The CVE-2013-1959 issue affects the Linux kernel up to version 3.8.8. kernel/user_namespace.c does not enforce proper capabilities for uid_map and gid_map files, allowing a local user to gain privileges by first opening a file in an unprivileged process and then modifying it in a privileged proce...
CVE-2013-3230
CVE-2013-3230 affects the Linux kernel prior to 3.9-rc7: l2tp_ip6_recvmsg in net/l2tp/l2tp_ip6.c fails to initialize a structure member, allowing local users to obtain sensitive information from kernel stack memory via a crafted recvmsg/recvfrom. The issue is mitigated by updating the kernel to 3...
CVE-2015-0568
The CVE-2015-0568 entry describes a use-after-free in the MSM-Camera driver (drivers/media/video/msm/msm_camera.c), in the msm_set_crop function, for the Linux kernel 3.x used with Qualcomm Innovation Center (QuIC) Android contributions. A crafted ioctl call from a local attacker can trigger memo...
CVE-2016-10153
The CVE-2016-10153 issue affects the Linux kernel 4.9.x before 4.9.6, where the crypto scatterlist API interacts incorrectly with CONFIG_VMAP_STACK, enabling local attackers to cause a denial of service (system crash or memory corruption) or potentially other impacts due to reliance on earlier ne...
CVE-2017-0620
CVE-2017-0620 is a local elevation-of-privilege in the Qualcomm Secure Channel Manager driver on Android, allowing a malicious local app to run code in the kernel. Affected: Android devices with Kernel-3.10/3.18 (per the CVE entry). Impact per sources is High (CVSSv3: 7.0). Affected devices liste...
CVE-2018-19406
CVE-2018-19406 affects the Linux kernel up to version 4.19.2, specifically kvm_pv_send_ipi in arch/x86/kvm/lapic.c. A crafted system call can reach a state where the APIC map is uninitialized, leading to a NULL pointer dereference and a BUG, causing a local denial of service. Connected advisories...
CVE-2021-47132
CVE-2021-47132 refers to a Linux kernel issue in the MPTCP code where sk_forward_memory could be corrupted during retransmission due to unsafe updates that did not acquire the msk spin lock. A fix was introduced that adds a new variant of the blamed function which explicitly acquires the msk spin...
CVE-2021-47292
CVE-2021-47292 affects the Linux kernel io_uring subsystem. The issue is a memory leak in io_init_wq_offload() where a leaked hash_map can occur when io_uring_enter() is called in parallel (syz-executor traffic). Root cause: missing synchronization around kzalloc/hash_map updates in io_init_wq_of...
CVE-2021-47313
The CVE-2021-47313 entry pertains to the Linux kernel cpufreq CPPC path, where a memleak could occur due to resources not being freed on policy->init() failure during cppc_cpufreq_cpu_init. The vulnerability, and its fix, are documented across multiple connected sources (kernel patch reference...
CVE-2021-47502
The CVE-2021-47502 issue relates to the Linux kernel ASoC codecs for wcd934x where channel mapping was mishandled when adding channels to multiple dai channel lists. The root cause was that channels could be added to more than one dai channel list or deleted from a list when not present, risking ...
CVE-2021-47593
CVE-2021-47593 concerns the Linux kernel mptcp ULP, where the kernel flag handling for fallback sockets could allow a plain TCP subflow to retain kernel ownership and trigger a kernel crash. The issue occurs when accept() returns a plain TCP sk that is still tagged as kernel, allowing setsockopt ...
CVE-2022-48643
The CVE-2022-48643 issue in the Linux kernel concerns nf_tables counters underflow when nft_counters_enabled is decremented in the error path of nft_basechain_init during nf_tables_addchain(). Syzbot reported an underflow after adding a chain; the root cause was nf_tables_chain_destroy() decremen...
CVE-2022-48800
CVE-2022-48800 : In the Linux kernel, a soft lockup deadlock was observed involving kcompactd when rescheduling and draining PCP lists during page migration, caused by throttling not making progress. The issue is tied to CONFIG_PREEMPT being disabled (CONFIG_PREEMPT=n) and a task migrating pages ...
CVE-2022-48835
CVE-2022-48835 involves a page fault in the Linux kernel driver mpt3sas (SCSI) on a LUN reset path. A faulty invalid reply_q pointer used by mpt3sas_base_sync_reply_irqs leads to a kernel oops when processing reply queues; the described mitigation is to move the _base_process_reply_queue() call i...
CVE-2022-48873
CVE-2022-48873 affects the Linux kernel in the misc: fastrpc subsystem. The root cause is improper handling of map removal on error paths during creater_process and device_release, risking a use‑after‑free. The fixed behavior is to avoid removing the map from the list on error in fastrpc_init_cre...
CVE-2022-48896
CVE-2022-48896 concerns a PCI device refcount leak in the Linux kernel’s ixgbe driver. The root cause, per the provided documents, is that pci_get_domain_bus_and_slot() returns a PCI device with an incremented refcount and callers must balance with pci_dev_put(). In affected paths (ixgbe_get_firs...
CVE-2022-49360
CVE-2022-49360 (Linux kernel, f2fs): The issue arises from a root-cause mismatch where ckpt.valid_block_count is inconsistent with the SIT table, causing a panic during garbage collection when the LFS allocator cannot find a free segment despite the filesystem reporting free blocks. The reference...
CVE-2022-49387
CVE-2022-49387 concerns the Linux kernel watchdog driver rzg2l_wdt. The root cause is a 32-bit overflow in timer_cycle_us that can yield 0, e.g., when a counter like 0xfff is used to compute maxval. The provided connected documents confirm a patch that promotes values to 64-bit by appending ULL t...
CVE-2022-49554
The CVE-2022-49554 issue concerns the Linux kernel zsmalloc races during asynchronous zspage free and page migration. The race stems from the zspage page list being locked without defense against concurrent migrations, allowing pages to migrate off the zspage while lock_zspage() runs. Consequence...
CVE-2022-49582
This CVE-ID (CVE-2022-49582) is associated with the Linux kernel: net: dsa: fix NULL pointer dereference in dsa_port_reset_vlan_filtering. The root cause described in the sources is that the ds iterator variable used in dsa_port_reset_vlan_filtering() -> dsa_switch_for_each_port() overwrites t...
CVE-2022-49692
The CVE-2022-49692 issue is a Linux kernel fix for the at803x PHY NULL pointer dereference on AR9331 PHY. The vulnerability manifested as kernel paging fault during PHY interrupt handling, traced to AR9331 switch/MDIO initialization and phylink/dsa probe paths. The remedy is in the latest kernel ...
CVE-2022-49706
CVE-2022-49706—zonefs contains a read handling bug in zonefs_iomap_begin() where a readahead to a zone file with an offset equal to the current file size can set iomap type to IOMAP_UNWRITTEN with length 0, triggering a WARN_ON in iomap_iter and causing iomap_readahead() to loop. The patch fixes ...
CVE-2022-49774
CVE-2022-49774 affects the Linux kernel (KVM: x86/xen) and concerns eventfd error handling in kvm_xen_eventfd_assign(). The root cause was calling eventfd_ctx_put() on error; a patch introduces a new goto target to handle the error instead. The documents confirm the fix has been applied and refer...
CVE-2022-49784
CVE-2022-49784 affects the Linux kernel perf/x86/amd/uncore subsystem. The issue is a memory leak where the events array in per-CPU NB/LLC uncore contexts is freed late, after the uncore context is freed when a CPU comes online. The documented fix is to free the events array before freeing the un...
CVE-2022-50047
The CVE-2022-50047 issue affects the Linux kernel’s net: dsa mv88e6060 code. When a port is neither a CPU port nor a user port, cpu_dp can be NULL, causing a NULL pointer dereference and kernel crash during mv88e6060_setup_port(). This is a local impact vulnerability that leads to a crash; connec...
CVE-2022-50143
CVE-2022-50143 : In the Linux kernel intel_th, there is a resource leak path in error handling after pci_alloc_irq_vectors(); pci_free_irq_vectors() must be called as already done in the remove function. The issue, if triggered, affects the kernel’s handling of IRQ vectors and can impact availabi...
CVE-2022-50162
CVE-2022-50162 concerns the Linux kernel WiFi Libertus driver. The issue is a possible refcount leak in if_usb_probe caused by calling usb_get_dev before lbs_get_firmware_async, requiring usb_put_dev when lbs_get_firmware_async fails. The vulnerability is identified in the kernel’s Libertus USB p...
CVE-2022-50171
CVE-2022-50171 is a Linux kernel issue in crypto: hisilicon/sec where a mutex lock is used during softirq, causing scheduling while atomic when kunpeng920 encryption driver processes packets in softirq. Affected component: Linux kernel crypto path for Hisilicon/sec; root cause: sleeping in softir...
CVE-2022-50189
CVE-2022-50189 relates to a Linux kernel turbostat issue where a FILE pointer leak occurs if fscanf fails, causing an open file pointer to be leaked on an early return. The fix closes the file before returning (turbostat.c:2039) to remediate the resource leak. Affected component: Linux kernel tur...
CVE-2022-50198
CVE-2022-50198 applies to the Linux kernel ARM OMAP2+ stack. The vulnerability arises from a refcount leak in omap3xxx_prm_late_init: of_find_matching_node() returns a node pointer with a refcount incremented, and of_node_put() was added to release it when no longer needed. The patch fixes the le...
CVE-2022-50209
The CVE-2022-50209 issue in the Linux kernel concerns a refcount leak in meson_mx_socinfo_init. The root cause is that of_find_matching_node() can return a node pointer with an incremented refcount, requiring an of_node_put() when the reference is no longer needed. The fix adds the missing of_nod...
CVE-2023-52848
Summary (CVE-2023-52848) : The issue, reported for the Linux kernel’s f2fs file system, centers on a bug during f2fs_put_super() where the meta_inode page cache is not dropped after an IO error in f2fs_wait_on_all_pages. This can lead to a reference-count leak and a kernel panic during unmount. T...
CVE-2023-52897
CVE-2023-52897 affects the Linux kernel Btrfs quota management (qgroup) accounting. Root cause: after introducing NO_ACCOUNTING, some qgroup records could have old_roots unset (NULL). During a qgroup rescan, NO_ACCOUNTING is cleared and current transaction is committed, which may trigger a WARN_O...
CVE-2024-39470
CVE-2024-39470 : In the Linux kernel, a null-pointer dereference could occur in eventfs_find_events() when ei is NULL after update_events_attr, potentially leading to a crash if ei->is_freed is set. The issue has been resolved via kernel patches (stable releases) implementing a guard that retu...
CVE-2024-40933
The CVE-2024-40933 entry concerns a Linux kernel IIO temperature driver mlx90635 issue. The vulnerability arises in mlx90635_probe() where a failure of devm_regmap_init_i2c() could yield regmap_ee as an error pointer rather than being checked with IS_ERR(regmap_ee), effectively a copy-paste error...
CVE-2024-40964
The CVE-2024-40964 issue is in the Linux kernel ALSA: hda: cs35l41, where cs35l41_hda_unbind() dereferenced a codec pointer when device index could be 0. The fix uses the codec pointer stored in the cs35l41_hda structure, preventing the null pointer dereference. Severity is MEDIUM (CVSSv3.1: 5.5)...
CVE-2024-40992
CVE-2024-40992 concerns the Linux kernel RDMA/rxe stack. The root cause was an incorrect resilience check for UD QP receive data: a deferred responder length check in the function copy_data (via commit 689c5421bfe0) could trigger an oversized UD packet to fail with -EINVAL, causing send_data_in t...
CVE-2024-41029
CVE-2024-41029 — Linux kernel (nvmem/core) Affected: Linux kernel components handling non-volatile memory (nvmem). Issue: the cell sysfs attribute could expose more access to nvmem data than the main attribute, e.g., when nvme_config::root_only was set, the cell attribute still allowed reads for ...
CVE-2024-41033
The CVE-2024-41033 issue affects the Linux kernel cachestat component. The root cause is that cachestat() flushed stats while in an RCU read section, which can sleep during workingset_test_recent(). The fix moves the stat-flushing step to occur before the RCU read section and skips stat flushing ...
CVE-2024-42075
CVE-2024-42075 concerns the Linux kernel’s bpf arena logic, which failed to account for mremap, risking use-after-free in arena_vm_close. The vulnerability is addressed by adding a reference count for multiple mmap events to protect the arena during remapping. The connected documents indicate the...
CVE-2024-42099
The CVE-2024-42099 issue affects the Linux kernel s390/dasd subsystem. It concerns indirect addressing for DASD CCWs (IDAW) where the CCW CDA pointer points to IDAL and must be translated from physical to virtual before use. Dereferencing this pointer can cause a kernel panic in error paths, incl...
CVE-2025-21717
CVE-2025-21717 affects the Linux kernel mlx5e path: kvzalloc_node lacks cpu_to_node conversion, allowing an out-of-bounds access when ethtool/netlink calls mlx5e_open on a CPU above MAX_NUMNODES, potentially panicking the kernel. The issue is fixed by adding a missing cpu_to_node conversion to ml...
CVE-2025-21803
CVE-2025-21803: In LoongArch, the Linux kernel fixed a warning during S3 suspend by removing a potential thread switch in enable_gpe_wakeup. Root cause was acpi_enable_all_wakeup_gpes() using a mutex, which could yield and leave the CPU interrupt-enabled state when enable_gpe_wakeup() returns. Th...
CVE-2025-21921
CVE-2025-21921: In the Linux kernel, net: ethtool: netlink: Allow NULL nlattrs when getting a phy_device, the crash occurs in ethnl_req_get_phydev() when tb is NULL (e.g., ethnl notify path) and a phy_device lookup is performed. The fix passes the cmd index and nlattr array separately to allow NU...
CVE-2025-37966
CVE-2025-37966 affects the Linux kernel (RISC‑V) where a PR_SET_TAGGED_ADDR_CTRL path crashes if the Supm extension is unavailable. The fixed version checks Supm availability to prevent Oops, addressing a LOCAL, LOW‑complexity issue with HIGH availability impact per the provided metrics.
CVE-2025-38025
The CVE-2025-38025 issue affects the Linux kernel IIO ADC driver for the ad7606 bus. The root cause is a NULL dereference when calling sw_mode_config() because the callback may not be defined on all buses. The vulnerability can lead to a crash via NULL-pointer dereference in vulnerable configurat...
CVE-2001-0851
CVE-2001-0851 covers the Linux kernel 2.0, 2.2 and 2.4 with syncookies enabled. The issue arises from the syncookie handling that allows a remote attacker to bypass firewall rules by brute-forcing the cookie, effectively defeating first-hop filtering. Public advisories from Red Hat, SUSE, Mandrak...
CVE-2003-0476
CVE-2003-0476 affects the Linux kernel 2.4.x execve system call, where the executable’s file descriptor is recorded in the caller’s file table, enabling local users to read restricted file descriptors. Public advisories (e.g., Debian DSA-423-1, RHSA-2003:408) note this vulnerability and recommend...
CVE-2005-3110
CVE-2005-3110 is a race condition in the Linux kernel after the ebtables netfilter module tightens lock handling. In SMP systems under heavy load, a value can be modified after it is read but before it is locked, enabling a remote attacker to cause a kernel crash (DoS). Public advisories referenc...
CVE-2005-3358
CVE-2005-3358 affects Linux kernel prior to 2.6.15: passing a 0 bitmask to set_mempolicy can trigger a kernel panic, enabling local denial of service. Public details in Debian DSAs and OpenVAS entries confirm the issue and list patched kernel versions (e.g., Debian 2.6.8-16sarge2; Red Hat/CentOS ...