13804 matches found
CVE-2005-3358
CVE-2005-3358 affects Linux kernel prior to 2.6.15: passing a 0 bitmask to set_mempolicy can trigger a kernel panic, enabling local denial of service. Public details in Debian DSAs and OpenVAS entries confirm the issue and list patched kernel versions (e.g., Debian 2.6.8-16sarge2; Red Hat/CentOS ...
CVE-2006-1368
CVE-2006-1368 affects the Linux kernel USB Gadget RNDIS driver. The vulnerability is a buffer overrun in the RNDIS response handling: during a remote NDIS response to OID_GEN_SUPPORTED_LIST the code allocates memory for the reply data but not for the reply structure, enabling a boundary condition...
CVE-2006-5701
CVE-2006-5701 is a real issue in the Linux kernel 2.6.x squashfs module where mounting a crafted squashfs filesystem can cause a local denial of service due to a double-free condition. Affected by this vulnerability are systems using the squashfs implementation in 2.6.x kernels (as referenced by ...
CVE-2006-5871
CVE-2006-5871 affects the Linux kernel (notably 2.6.8 and 2.4.x prior to 2.4.34) where UNIX extensions are enabled. The vulnerability arises because smbfs ignores certain mount options, allowing a client to end up using server-specified uid, gid, and mode settings. Connected records (e.g., Debian...
CVE-2011-1747
CVE-2011-1747 affects the Linux kernel AGP subsystem (2.6.38.5 and earlier). The vulnerability stems from inadequate restriction of memory allocations for AGPIOC_RESERVE and AGPIOC_ALLOCATE ioctls in the AGP driver, allowing a local attacker with access to the video subsystem to induce memory exh...
CVE-2011-3619
CVE-2011-3619 affects the Linux kernel (before 3.0) via AppArmor’s apparmor_setprocattr in security/apparmor/lsm.c. Unvalidated parameters can trigger a NULL pointer dereference/OOPS by writing to /proc/#####/attr/current, enabling local denial-of-service; kernel patch exists in 3.0+ (see ChangeL...
CVE-2013-1858
The CVE-2013-1858 issue affects the Linux kernel prior to 3.8.3, where the clone system-call mishandles a combination of CLONE_NEWUSER and CLONE_FS. This enables local users to escalate privileges by calling chroot and taking advantage of the sharing of the / directory between a parent process an...
CVE-2013-2636
The CVE-2013-2636 entry concerns the Linux kernel prior to 3.8.4, where net/bridge/br_mdb.c does not initialize certain structures. This can allow local users to read sensitive kernel memory via a crafted application. The issue is addressed by the 3.8.4 update (ChangeLog-3.8.4); remediation is to...
CVE-2016-8413
CVE-2016-8413 is an information disclosure vulnerability in the Qualcomm camera driver on Android. The issue affects Kernel-3.10 and Kernel-3.18 environments and could let a local malicious application access data outside its usual permission level after compromising a privileged process. Impact ...
CVE-2017-0433
CVE-2017-0433 is an elevation-of-privilege flaw in the Synaptics touchscreen driver for Android, tied to the Kernel-3.10 platform. The vulnerability could allow a local, privileged attacker to execute arbitrary code within the touchscreen chipset context. Several connected sources (including NVD ...
CVE-2017-0531
CVE-2017-0531 is an information-disclosure vulnerability in the Qualcomm Wi‑Fi driver for Android, allowing a local malicious application to access data outside its permission levels after compromising a privileged process. Affected components/versions are Android kernel build lines (Kernel-3.10 ...
CVE-2017-0563
CVE-2017-0563 is an elevation-of-privilege in the HTC touchscreen driver affecting the Android kernel (Kernel-3.10). A local malicious application could execute arbitrary code in the kernel context, potentially enabling a persistent device compromise that may require reflashing. The vulnerability...
CVE-2017-0584
CVE-2017-0584 is an information-disclosure issue in the Qualcomm Wi‑Fi driver affecting Android. The vulnerability could let a local malicious application access data outside its permissions, requiring compromise of a privileged process. The Initial document cites kernel versions 3.10 and 3.18 an...
CVE-2021-47130
CVE-2021-47130 affects the Linux kernel nvmet subsystem. The issue occurs when a p2p device is found but the p2p pool is empty, causing nvme target to free the SGLs from the p2p pool and trigger a crash (BUG()) in lib/genalloc.c. The documented fix is to assign the p2p_dev for the request only if...
CVE-2021-47133
CVE-2021-47133 affects Linux kernel; memory leak in the amd_sfh driver (HID: amd_sfh: Fix memory leak in amd_sfh_work) detected by kmemleak. Root cause: unreferenced kmem object in request_list handling; fix implemented as freeing the request_list entry once the processed entry is removed from th...
CVE-2021-47264
The CVE-2021-47264 issue is tied to the Linux kernel ASoC core code, where a null pointer dereference in fmt_single_name() could occur if the return value of devm_kstrdup() is not checked. The connected documents confirm the vulnerability and indicate that it has been resolved by adding a check o...
CVE-2021-47282
CVE-2021-47282 relates to the Linux kernel bcm2835 SPI driver. The root cause is an out-of-bounds access triggered when more than 3 slaves are used: the code limited native chipselects to 3 via num_chipselect, while GPIO-based chipselects in the device tree could push the effective count higher, ...
CVE-2022-48729
CVE-2022-48729 (Linux kernel) concerns an issue in IB/hfi1 where increasing ipoib send_queue_size could trigger a kernel panic. The root cause, as described in the supplied docs, is a miscalculation: a shift was treated as a function of the ring size instead of the item size, leading to a panic i...
CVE-2022-48749
CVE-2022-48749 affects the Linux kernel (drm/msm/dpu) where dpu_setup_dspp_pcc performs a check on the ctx parameter but uses it prior to the check. The issue is a potential NULL pointer dereference, mitigated by initializing the base variable after the sanity check. The vulnerability is describe...
CVE-2022-48779
In the Linux kernel, a use-after-free was fixed in the net: mscc: ocelot driver (ocelot_vlan_del). The bug occurred because ocelot_vlan_member_del() freed the ocelot_bridge_vlan struct which could still be accessed via the port’s pvid_vlan. The fix determines whether to clear ocelot_port->pvid...
CVE-2022-48781
CVE-2022-48781 affects Linux kernel crypto: af_alg. The issue stems from removing alg_memory_allocated and an alg_proto memory_allocated field without a corresponding sysctl_mem, which makes sk_has_account() true and causes NULL pointer dereferences in sk_prot_mem_limits()/sock_reserve_memory whe...
CVE-2022-48795
CVE-2022-48795 maps to a PA-RISC Linux kernel issue: overrunning sglist in sba_unmap_sg caused a Data TLB miss and null-pointer dereference, leading to a kernel panic. The root cause was testing sg_dma_len(sglist) before confirming remaining entries (nents), which could cross a page boundary and ...
CVE-2022-48803
CVE-2022-48803 affects Linux kernel TI PHY (phy-j721e-wiz.c) where _get_table_maxdiv() could read clk_div_table out of bounds, triggering KASAN global-out-of-bounds. The fix adds a sentinel entry to clk_div_table to prevent the overread. Affected component is the TI J721e Wiz PHY clock divider lo...
CVE-2022-48854
CVE-2022-48854 concerns a Linux kernel use-after-free in arc_emac's arc_mdio_probe. When bus->state == MDIOBUS_ALLOCATED, mdiobus_free(bus) frees the bus but bus->name is still used immediately after, leading to a use-after-free. The fix implements a local copy of the name and makes bus->...
CVE-2022-48903
The CVE-2022-48903 entry refers to a Linux kernel vulnerability in the btrfs relocation path: a premature return from btrfs_commit_transaction can cause relocation-related crashes. The connected documents indicate upstream fixes in the kernel (e.g., commits addressing btrfs_relocate_block_group a...
CVE-2022-48937
CVE-2022-48937 affects the Linux kernel io_uring subsystem, specifically a missing schedule point introduced in io_add_buffers. The vulnerability can cause soft lockups when a loop runs ~65,535 times performing kmalloc allocations, with DEBUG features (e.g., KASAN) enabled amplifying the issue. R...
CVE-2022-49141
CVE-2022-49141 affects the Linux kernel net: dsa: felix path, where kzalloc() may return NULL and lead to a NULL pointer dereference. The connected docs confirm the issue and state that the fix checks the SGI to prevent dereferencing NULL. The reported CVSS indicates a local attack with low privi...
CVE-2022-49198
CVE-2022-49198 targets the Linux kernel’s mptcp path. According to multiple sources, the vulnerability stems from a race in __mptcp_alloc_tx_skb where skb->tcp_tsorted_anchor is initialized before the skb release path under memory pressure, causing kfree_skb to release the destination twice an...
CVE-2022-49231
The CVE-2022-49231 entry concerns a Linux kernel issue in the rtw88 driver where memory overrun and memory leaks occurred during hw_scan due to under-allocated buffers. The mitigation is explicit: allocate the correct size and implement a proper deinitialization flow. Connected sources (SUSE Astr...
CVE-2022-49403
The CVE-2022-49403 entry concerns the Linux kernel component lib/string_helpers. The vulnerability was resolved by adding an allocated strarray to a device’s resource list, ensuring automatic release when the device disappears. Root cause: strarray not being added to the device’s resource list, w...
CVE-2022-49461
CVE-2022-49461 concerns the Linux kernel where the gateway’s handling of an advertising message fails to free relay information after extraction, causing a memory leak. The root cause is in the advertisement handler not freeing allocated relay data, leading to local memory exhaustion. Multiple co...
CVE-2022-49717
In CVE-2022-49717, the Linux kernel issue concerns irqchip/apple-aic: a refcount leak in build_fiq_affinity. The problem was that of_find_node_by_phandle() returns a node pointer with an incremented refcount, and the fix is to call of_node_put() when the node is no longer needed to avoid the leak...
CVE-2022-49757
CVE-2022-49757 – Linux kernel EDAC highbank memory leak fix . The vulnerability occurs in the highbank MC probe path where, if devres_open_group() fails, memory allocated by edac_mc_alloc() is not freed, causing a memory leak. The provided fixes call edac_mc_free() on the error handling path to p...
CVE-2022-49764
CVE-2022-49764 (Linux kernel) : A vulnerability in BPF raw tracepoint handling allows a BPF program to recursion-trigget the same tracepoint via bpf_trace_printk, causing spinlock contention paths to recurse and potentially affecting tracing by taking the slow path. Root cause: a BPF program atta...
CVE-2022-49803
CVE-2022-49803 relates to the Linux kernel netdevsim memory leak in nsim_dev->fa_cookie. The issue arises when nsim_dev_trap_fa_cookie_write() allocates fa_cookie with kmalloc and assigns it to nsim_dev->fa_cookie, but nsim_drv_remove() fails to free it, leading to a leak reported by kmemle...
CVE-2022-49877
CVE-2022-49877 concerns a Linux kernel vulnerability resolved by a change in the BPF sockmap code. The issue manifests as a warning from sk_stream_kill_queues concerning sk_forward_alloc during test_sockmap selftests. The root cause was a mistaken use of msg->sg.size to replace the tosend valu...
CVE-2022-49950
CVE-2022-49950 affects the Linux kernel: a bug in misc: fastrpc where the probe session-duplication overflow increments the session count even when no sessions are available, allowing memory corruption beyond the fixed-size slab-allocated fastrpc_session array during open(). This was fixed in the...
CVE-2022-49972
In CVE-2022-49972, the Linux kernel vulnerability concerns XDP_SHARED_UMEM mode (with aligned mode) where packets become corrupted for the second and subsequent sockets bound to the same umem; the first socket is unaffected. The root cause was that DMA addresses for the pre-populated xsk buffer p...
CVE-2022-50001
The CVE-2022-50001 issue affects the Linux kernel netfilter component nft_tproxy. The root cause was that TPROXY could be used from non-prerouting paths, leading to a null dereference crash. The fix restricts nft_tproxy to the prerouting hook, requiring a check that it runs only in prerouting. Th...
CVE-2022-50007
CVE-2022-50007: In the Linux kernel xfrm_policy_check(), on the error path when fetching pols[1] fails, pols[0] is not decremented, causing a refcount leak. The fix adds a decref for pols[0] in that path. Affected component: Linux kernel xfrm policy check. Impact described as memory leaks on erro...
CVE-2022-50052
The CVE-2022-50052 issue affects the Linux kernel ASoC: Intel: avs component. It stems from using snprintf(), which returns the would-be-filled size on buffer overflow, creating a potential buffer overflow; the patch replaces snprintf() with scnprintf() to mitigate this. The vulnerability is trac...
CVE-2022-50141
In CVE-2022-50141, the Linux kernel component mmc: sdhci-of-esdhc had a refcount leak in esdhc_signal_voltage_switch caused by of_find_matching_node() returning a node pointer with an incremented refcount. The fix adds a missing of_node_put() to release refs when the node is no longer needed, pre...
CVE-2022-50155
CVE-2022-50155 concerns the Linux kernel MTDi parsing code: a refcount leak in bcm4908_partitions_fw_offset was fixed by ensuring of_node_put() is called after of_find_node_by_path() returns a node. The vulnerability affects the kernel component responsible for partition parsing (mtd: parsers: of...
CVE-2022-50161
CVE-2022-50161 is a Linux kernel vulnerability where the of_flash_probe_versatile refcount leak is fixed. The root cause is that of_find_matching_node_and_match() returns a node pointer with an incremented refcount, and the patch adds a missing of_node_put() to release it when no longer needed. D...
CVE-2022-50184
The CVE-2022-50184 issue in the Linux kernel concerns a refcount leak in the Meson HDMI encoder path. Specifically, in drm/meson: encoder_hdmi_init, of_graph_get_remote_node() returns a remote device node pointer with an incremented refcount, and a missing of_node_put() could lead to a leak. The ...
CVE-2022-50203
CVE-2022-50203 affects the Linux kernel ARM OMAP2+ display path. The described issue is a refcount leak in omapdss_init_fbdev where of_find_node_by_name() can return a node with an incremented refcount. The recommended action is to call of_node_put() when the node is no longer used to prevent the...
CVE-2022-50231
Root cause: in neon_poly1305_blocks, when both s[] and r[] are uninitialized, the code incorrectly uses the first 32-byte block to initialize s[] (first 16 bytes as key, next 16 as s[]), causing a read-out-of-bounds. The patch fixes this by ensuring the initialization uses poly1305_init_arm64() (...
CVE-2023-52785
CVE-2023-52785 affects the Linux kernel, specifically the SCSI UFS core. The issue is a race between ufshcd_mcq_abort() and the ISR: when a command timeout occurs and a CQ complete IRQ arrives concurrently, ufshcd_mcq_abort clears lprb->cmd, leading to a NULL pointer dereference in the ISR. Th...
CVE-2023-53043
CVE-2023-53043 affects the Linux kernel on arm64 where the PCIe controller in the Qualcomm SC7280 was not marked as cache coherent in the device tree. The root cause is that the kernel may attempt to maintain coherence during DMA operations, which can lead to data corruption if DMA-coherence is n...
CVE-2024-35816
CVE-2024-35816 (Linux kernel, firewire_ohci) is resolved by the patch that prevents leaking a leftover IRQ on unbind. The change, including commit 5a95f1ded28691e6, switches to devres for the requested IRQ and removes the call to free_irq() in pci_remove(), which previously left a devm_request_ir...