14330 matches found
CVE-2024-43872
Technical details about CVE-2024-43872 are not provided in the connected documents; only the vulnerability name and a brief fix description exist. Monitor for updates and forthcoming advisories.
CVE-2024-57799
CVE-2024-57799 — Linux kernel rockchip PHY (samsung-hdptx): The NULL pointer dereference can occur if rk_hdptx_phy_runtime_resume() runs before platform_set_drvdata() in probe. Fix: call platform_set_drvdata() before devm_pm_runtime_enable(). See kernel commits: https://git.kernel.org/stable/c/70...
CVE-2024-58015
CVE-2024-58015 affects the Linux kernel wifi driver ath12k. The root cause is an out-of-bounds memory access in self-generated stats where an overly large length is passed to print_array_to_buf_index(). The fix reduces the buffer size by one to correct the upper bound. Impact is described as an o...
CVE-2025-21737
CVE-2025-21737: Linux kernel memory-leak in ceph_mds_auth_match fixed by freeing the temporary target path substring allocation on all branches; leak could trigger memory growth and kernel OOM. Connected docs corroborate the fix in ceph_mds_auth_match and the impact described in production. No ad...
CVE-2025-21921
CVE-2025-21921: In the Linux kernel, net: ethtool: netlink: Allow NULL nlattrs when getting a phy_device, the crash occurs in ethnl_req_get_phydev() when tb is NULL (e.g., ethnl notify path) and a phy_device lookup is performed. The fix passes the cmd index and nlattr array separately to allow NU...
CVE-2025-37966
CVE-2025-37966 affects the Linux kernel (RISC‑V) where a PR_SET_TAGGED_ADDR_CTRL path crashes if the Supm extension is unavailable. The fixed version checks Supm availability to prevent Oops, addressing a LOCAL, LOW‑complexity issue with HIGH availability impact per the provided metrics.
CVE-2025-38287
CVE-2025-38287 affects the Linux kernel InfiniBand subsystem (IB_cm). The issue occurs when freeing old cm_priv_msg via cm_free_priv_msg() after cm_id has advanced, where a lock held assertion and WARN triggers due to reuse of the cm_id lock. This could allow a local attacker to trigger a denial ...
CVE-2025-38291
CVE-2025-38291 affects the Linux kernel wifi driver ath12k. The issue occurs when the host sends WMI commands to firmware during firmware crash/recovery, triggering kernel call traces. The fix sets ATH12K_FLAG_CRASH_FLUSH and ATH12K_FLAG_RECOVERY on the host driver upon receiving the firmware cra...
CVE-2026-23334
The CVE-2026-23334 issue affects the Linux kernel in the can: usb: f81604 path, where interrupt URBs of incorrect length could be misinterpreted as valid data. The vulnerability is addressed by upstream kernel fixes, and Mageia advisories reference kernel version 6.6.130 as the fixing baseline, w...
CVE-1999-1018
CVE-1999-1018 concerns Linux kernels 2.2.10 and earlier, where the IP fragmentation reassembly step is performed after some header checks. The issue allows a remote attacker to bypass IP filtering rules by sending multiple fragments with 0 offsets, undermining filters that rely on header informat...
CVE-2005-0489
CVE-2005-0489 affects Linux kernel 2.4.x prior to 2.4.17, where local attackers can trigger a denial of service by causing an invalid access of freed memory in /proc handling (proc/base.c). The OpenVAS/Debian entries confirm this CVE as part of the 2.4 kernel vulnerabilities and reference Debian ...
CVE-2005-1265
CVE-2005-1265 relates to the mmap weakness in Linux kernel 2.6.x (notably around 2.6.10) that allows a local attacker to create memory maps starting beyond the end address, causing a kernel crash (denial of service) and potentially enabling arbitrary code execution. Connected advisories confirm t...
CVE-2005-4881
CVE-2005-4881 is a Linux kernel netlink padding init flaw affecting 2.4.x (pre-2.4.37.6) and 2.6.x (pre-2.6.13-rc1). The issue left padding fields uninitialized in netlink-related structures (e.g., tc_fill_qdisc, tcf_fill_node, inet6_fill_ifinfo, __nlmsg_put, __rta_reserve, etc.), enabling local ...
CVE-2006-4663
The CVE-2006-4663 entry concerns weak permissions (0666/0777) in the Linux kernel source tarballs for 2.6.16 through 2.6.17.11, potentially allowing a local user to insert Trojan horse source code that could be used when the kernel is next compiled. Primary details from connected documents indica...
CVE-2006-6060
CVE-2006-6060 affects the Linux kernel 2.6.x family (notably up to 2.6.18) where a malformed NTFS file stream can trigger an infinite loop in __find_get_block_slow, causing local CPU exhaustion (DoS). Connected sources confirm this CVE is listed across Debian, SUSE/openSUSE advisories and kernel ...
CVE-2007-1388
CVE-2007-1388 affects the Linux kernel IPv6 stack (do_ipv6_setsockopt in net/ipv6/ipv6_sockglue.c). A local user can trigger a NULL pointer dereference by calling setsockopt with IPV6_RTHDR (and possibly a zero/invalid option length), causing a kernel crash (DoS). The issue is addressed by kernel...
CVE-2007-3850
The CVE-2007-3850 issue affects the Linux kernel 2.6 series running on PowerPC, where the eHCA driver fails to map userspace resources correctly. This allows local users to read portions of physical address space, revealing potentially sensitive information. The description explicitly ties this t...
CVE-2008-2750
CVE-2008-2750 affects the Linux kernel (2.6.x) prior to 2.6.26-rc6. The vulnerability is in pppol2tp_recvmsg (drivers/net/pppol2tp.c) and can be triggered by a crafted PPPOL2TP packet that sets an abnormally large length value. Impact per the sources: remote attackers can cause a denial of servic...
CVE-2008-2944
CVE-2008-2944 describes a double-free vulnerability in the Linux kernel’s utrace support, likely affecting 2.6.18-era builds, reported in Red Hat Enterprise Linux 5 and Fedora Core 6. Impact: local users can trigger a denial of service (o o p s) via a crash when running the GNU GDB testsuite; thi...
CVE-2008-3496
CVE-2008-3496 affects the Linux kernel uvcvideo (V4L) in drivers/media/video/uvc/uvc_driver.c, where a buffer overflow in format descriptor parsing occurs in uvc_parse_format. Affected are kernels older than 2.6.26.1; the ChangeLog indicates this version contains the fix. Public disclosures in SU...
CVE-2008-6107
The CVE-2008-6107 entry maps to a Linux kernel vulnerability affecting Sparc/Sparc64 paths before kernel 2.6.25.4. Specifically, the sys32_mremap function (arch/sparc64/kernel/sys_sparc32.c) and the mmap-check routines (sparc_mmap_check in arch/sparc/kernel/sys_sparc.c and sparc64_mmap_check in a...
CVE-2009-2768
The vulnerability CVE-2009-2768 affects the Linux kernel flat subsystem (fs/binfmt_flat.c: load_flat_shared_library). It allows local users to trigger a NULL pointer dereference by executing a shared flat binary, potentially causing a denial of service and system crash, via an uninitialized cred ...
CVE-2011-1747
CVE-2011-1747 affects the Linux kernel AGP subsystem (2.6.38.5 and earlier). The vulnerability stems from inadequate restriction of memory allocations for AGPIOC_RESERVE and AGPIOC_ALLOCATE ioctls in the AGP driver, allowing a local attacker with access to the video subsystem to induce memory exh...
CVE-2011-2209
The CVE-2011-2209 issue affects the Linux kernel on the Alpha architecture, where an integer signedness error in osf_sysinfo (arch/alpha/kernel/osf_sys.c) could allow local users to obtain sensitive information from kernel memory via a crafted call. Vulnerable when using kernel versions before 2....
CVE-2013-1959
The CVE-2013-1959 issue affects the Linux kernel up to version 3.8.8. kernel/user_namespace.c does not enforce proper capabilities for uid_map and gid_map files, allowing a local user to gain privileges by first opening a file in an unprivileged process and then modifying it in a privileged proce...
CVE-2014-4323
The CVE-2014-4323 issue affects the Linux kernel 3.x MDP display driver (mdp_lut_hw_update in drivers/video/msm/mdp.c) used in Qualcomm QuIC Android MSM contributions. The vulnerability stems from insufficient validation of certain start and length values in an ioctl call, enabling privilege esca...
CVE-2014-6418
Summary of CVE-2014-6418 — firmware/driver component: In Ceph usage within the Linux kernel, net/ceph/auth_x.c handles auth replies and, prior to kernel 3.16.3, fails to properly validate them. This can be triggered by crafted data arriving from a Ceph Monitor IP address, potentially causing a de...
CVE-2016-6761
CVE-2016-6761 describes an elevation of privilege vulnerability in Qualcomm media codecs on Android. A local malicious app could execute arbitrary code within the context of a privileged process due to this flaw in the media codecs. Affected devices include Nexus 5X/6/6P, Nexus 9, Android One, Ne...
CVE-2016-8432
CVE-2016-8432 describes an elevation-of-privilege in the NVIDIA GPU driver on Android with kernel-3.18, enabling a local malicious app to run arbitrary code in kernel context. Affected product: Android devices using NVIDIA GPU drivers (Pixel C cited in Google's patch table). Impact is labeled Cri...
CVE-2017-0427
CVE-2017-0427 is an elevation-of-privilege vulnerability in the Android kernel file system. A local attacker could execute arbitrary code in the kernel context on devices running Kernel-3.10 or Kernel-3.18, with a potential for permanent device compromise. The CVE’s patch status is not publicly a...
CVE-2021-47244
CVE-2021-47244 concerns the Linux kernel mptcp TCP option parser. The vulnerability arises in mptcp_get_options, where parsing TCP options could read one byte out of bounds when the option length is 1; after reading the first opcode byte, if it isn’t TCPOPT_EOL or TCPOPT_NOP, the code reads anoth...
CVE-2021-47286
CVE-2021-47286 affects the Linux kernel MHI bus core. The issue arises when processing command completions: the channel ID read from the device event ring can be any value 0–255, risking out-of-bounds accesses. The fix adds a bounds check against the controller’s maximum channels and against chan...
CVE-2021-47299
CVE-2021-47299 affects the Linux kernel XDP/BPF path: use-after-free in bpf_xdp_link_release between dev_get_by_index() and dev_xdp_attach_link(). Affected in-kernel code; patches are referenced (ca9ba1de8f09976b45ccc8e655c51c6201992139, a7537dc73e69ad9c0b67ad24ad3ebee954ed0af6, 5acc7d3e8d3428584...
CVE-2022-48779
In the Linux kernel, a use-after-free was fixed in the net: mscc: ocelot driver (ocelot_vlan_del). The bug occurred because ocelot_vlan_member_del() freed the ocelot_bridge_vlan struct which could still be accessed via the port’s pvid_vlan. The fix determines whether to clear ocelot_port->pvid...
CVE-2022-48803
CVE-2022-48803 affects Linux kernel TI PHY (phy-j721e-wiz.c) where _get_table_maxdiv() could read clk_div_table out of bounds, triggering KASAN global-out-of-bounds. The fix adds a sentinel entry to clk_div_table to prevent the overread. Affected component is the TI J721e Wiz PHY clock divider lo...
CVE-2022-48854
CVE-2022-48854 concerns a Linux kernel use-after-free in arc_emac's arc_mdio_probe. When bus->state == MDIOBUS_ALLOCATED, mdiobus_free(bus) frees the bus but bus->name is still used immediately after, leading to a use-after-free. The fix implements a local copy of the name and makes bus->...
CVE-2022-49403
The CVE-2022-49403 entry concerns the Linux kernel component lib/string_helpers. The vulnerability was resolved by adding an allocated strarray to a device’s resource list, ensuring automatic release when the device disappears. Root cause: strarray not being added to the device’s resource list, w...
CVE-2022-49415
The CVE-2022-49415 description is supported by multiple connected sources indicating a Linux kernel issue: ipmi:ipmb: Fix refcount leak in ipmi_ipmb_probe. The root cause is that of_parse_phandle() returns a node pointer with its refcount incremented, and the proper cleanup requires calling of_no...
CVE-2022-49550
CVE-2022-49550 affects the Linux kernel ntfs3 filesystem. The root cause is the absence of the ‘invalidate_folio’ method, which leads to a memory leak where cached written data are not freed after unmount. The documented fix is to add a new implementation, block_invalidate_folio, to ntfs3 to reso...
CVE-2022-49654
CVE-2022-49654 pertains to the Linux kernel, specifically the net: dsa: qca8k component. The issue occurs when MAX_FRAME_SIZE (MTU) is changed while the CPU port is enabled, causing the switch to panic and stop sending packets, which can render the device unreachable; a switch reset may be requir...
CVE-2022-49757
CVE-2022-49757 – Linux kernel EDAC highbank memory leak fix . The vulnerability occurs in the highbank MC probe path where, if devres_open_group() fails, memory allocated by edac_mc_alloc() is not freed, causing a memory leak. The provided fixes call edac_mc_free() on the error handling path to p...
CVE-2022-49764
CVE-2022-49764 (Linux kernel) : A vulnerability in BPF raw tracepoint handling allows a BPF program to recursion-trigget the same tracepoint via bpf_trace_printk, causing spinlock contention paths to recurse and potentially affecting tracing by taking the slow path. Root cause: a BPF program atta...
CVE-2022-49803
CVE-2022-49803 relates to the Linux kernel netdevsim memory leak in nsim_dev->fa_cookie. The issue arises when nsim_dev_trap_fa_cookie_write() allocates fa_cookie with kmalloc and assigns it to nsim_dev->fa_cookie, but nsim_drv_remove() fails to free it, leading to a leak reported by kmemle...
CVE-2022-50038
CVE-2022-50038 affects the Linux kernel in drm/meson, specifically the meson_vpu_has_available_connectors() function. The issue consists of two refcount leak bugs: (1) missing of_node_put() for the 'ep' when exiting for_each_endpoint_of_node(), and (2) missing of_node_put() for the reference from...
CVE-2022-50162
CVE-2022-50162 concerns the Linux kernel WiFi Libertus driver. The issue is a possible refcount leak in if_usb_probe caused by calling usb_get_dev before lbs_get_firmware_async, requiring usb_put_dev when lbs_get_firmware_async fails. The vulnerability is identified in the kernel’s Libertus USB p...
CVE-2023-52978
Summary (CVE-2023-52978) : A Linux kernel issue affecting riscv kprobe probing of illegal positions could trigger a kernel panic with stack-protector corruption (example: probing in the middle of an instruction). The fix adds arch_check_kprobe in arch_prepare_kprobe to prevent illegal probe posit...
CVE-2023-53043
CVE-2023-53043 affects the Linux kernel on arm64 where the PCIe controller in the Qualcomm SC7280 was not marked as cache coherent in the device tree. The root cause is that the kernel may attempt to maintain coherence during DMA operations, which can lead to data corruption if DMA-coherence is n...
CVE-2023-53144
CVE-2023-53144 concerns the Linux kernel erofs subsystem. The connected documentation describes an identified issue where kunmap could be applied to incorrect pages during LZMA decompression on HIGHMEM platforms, leading to a NULL pointer dereference in z_erofs_lzma_decompress and related call ch...
CVE-2024-27406
CVE-2024-27406 refers to a Linux kernel issue where the iov_iter unit test (TEST_IOV_ITER) incorrectly depended on MMU, causing a crash on nommu systems (e.g., qemu kc705-nommu) when vmap() is invoked. The root cause is that vmap() is not supported on nommu, leading to a kernel panic. The vulnera...
CVE-2024-40949
CVE-2024-40949: Linux kernel vulnerability in shmem swapin where replacing an old shmem folio could cause mem_cgroup_migrate() to clear the old folio’s memcg data, leading to incorrect memcg lruvec association and potential LRU list crashes or wrong statistics. The fix branches to use mem_cgroup_...