14330 matches found
CVE-2024-27406
CVE-2024-27406 refers to a Linux kernel issue where the iov_iter unit test (TEST_IOV_ITER) incorrectly depended on MMU, causing a crash on nommu systems (e.g., qemu kc705-nommu) when vmap() is invoked. The root cause is that vmap() is not supported on nommu, leading to a kernel panic. The vulnera...
CVE-2024-40949
CVE-2024-40949: Linux kernel vulnerability in shmem swapin where replacing an old shmem folio could cause mem_cgroup_migrate() to clear the old folio’s memcg data, leading to incorrect memcg lruvec association and potential LRU list crashes or wrong statistics. The fix branches to use mem_cgroup_...
CVE-2024-41083
CVE-2024-41083 affects the Linux kernel netfs code path. The flaw in netfs_page_mkwrite() could dereference a NULL folio->mapping when the folio lock is held, causing kernel oopses during mmap/write scenarios. The fix ensures folio->mapping is valid after taking the folio lock (consistent w...
CVE-2024-43815
CVE-2024-43815 affects the Linux kernel crypto/mxs-dcp path. The vulnerability could leak stack memory via the AES payload field when using a hardware key from a key slot; the fix sets the payload field to 0 in these cases. The common path, where the key comes from main memory via the descriptor ...
CVE-2024-43862
CVE-2024-43862 affects the Linux kernel’s net: wan: fsl_qmc_hdlc component. The root cause is using a spinlock (carrier_lock) to protect carrier detection while framer_get_status() may take a mutex, creating a potential deadlock. The issue is addressed by converting carrier_lock from a spinlock t...
CVE-2025-21717
CVE-2025-21717 affects the Linux kernel mlx5e path: kvzalloc_node lacks cpu_to_node conversion, allowing an out-of-bounds access when ethtool/netlink calls mlx5e_open on a CPU above MAX_NUMNODES, potentially panicking the kernel. The issue is fixed by adding a missing cpu_to_node conversion to ml...
CVE-2025-21841
CVE-2025-21841 : Linux kernel vulnerability in cpufreq/amd-pstate where amd_pstate_update_limits() takes a cpufreq_policy reference but fails to decrement the refcount on an exit path. This can lead to a use-after-free or resource mismanagement depending on refcount handling. The issue is resolve...
CVE-2025-21842
CVE-2025-21842 concerns the Linux kernel amdkfd code: a destructor for GTT memory (amdgpu_amdkfd_free_gtt_mem) takes void** but may be called with a void* due to implicit casting, causing errors during execution. The issue was fixed in the kernel (as described in the Astra Linux advisory and the ...
CVE-2025-38056
The CVE-2025-38056 vulnerability affects the Linux kernel ASoC: SOF Intel HDA path. Specifically, hda_generic_machine_select() appends -idisp to the tplg filename by allocating a new string and storing it into a global, which becomes a freed pointer after module unloads, enabling a use-after-free...
CVE-1999-0628
The CVE-1999-0628 issue involves the rwho/rwhod service, which exposes machine status and user information. Documents reference the vulnerable component as the rwho/rwhod service; no specific product/vendor/version is named. The impact description indicates partial confidentiality exposure, with ...
CVE-1999-0986
The CVE-1999-0986 entry concerns the Linux ping command (Linux 2.0.3x) where local users can cause a denial of service by sending oversized packets using the -R (record route) option. The available data identifies the affected component as the ping utility and the root cause as improper handling ...
CVE-2003-1604
CVE-2003-1604 relates to the Linux kernel vulnerability in net/netfilter/nf_nat_redirect.c: nf_nat_redirect_ipv4. The connected Nessus entries indicate that Linux kernels before 4.4 are affected, where remote attackers can cause a denial of service (NULL pointer dereference/system crash) by sendi...
CVE-2004-0816
CVE-2004-0816: Integer underflow in the Linux kernel’s iptables firewall logging rules prior to 2.6.8 can allow a remote attacker to crash the system via a malformed IP packet. Multiple sources (Mandrake MDKSA-2005:022, SUSE advisory, NVD, Exploit-DB/Seebug pages) confirm the vulnerability exists...
CVE-2004-1333
The CVE-2004-1333 entry describes an integer overflow in the vc_resize function of Linux kernel 2.4 and 2.6 before 2.6.10, which allows local users to trigger a kernel crash (DoS) via a short new screen value that leads to a buffer overflow. This is the only concrete detail provided in the initia...
CVE-2004-2731
CVE-2004-2731 concerns the Linux kernel Sbus PROM driver (drivers/sbus/char/openprom.c) allowing local code execution via integer overflows when a small buffer is passed to copyin_string or a negative size to copyin. It affects 2.4.x (up to 2.4.27) and 2.6.x (up to 2.6.7) and possibly later versi...
CVE-2005-0124
Technical details about CVE-2005-0124 are not provided in the supplied documents. No concrete affected product/version or root cause information is present here; monitor for updates from official advisories.
CVE-2005-0176
The CVE-2005-0176 issue affects the Linux kernel (2.6.9 and earlier) where shmctl-based locking of System V shared memory could be misused by local unprivileged users to unlock memory from other processes. This could cause sensitive memory contents to be swapped to disk and read by others after r...
CVE-2005-0532
The CVE-2005-0532 issue affects the Linux kernel: the reiserfs_copy_from_user_to_file_region function in reiserfs/file.c is vulnerable on 64-bit architectures for kernel 2.6.10/2.6.11 before 2.6.11-rc4, where casting discrepancies between size_t and int can trigger a local buffer overflow. Impact...
CVE-2005-1264
The CVE-2005-1264 issue is a concrete flaw in Linux kernel 2.6.x where raw devices (raw.c) call the wrong function before passing an ioctl to block devices, exposing kernel address space to userspace. This local, privilege-escalation risk is corroborated across multiple advisories (e.g., RHSA-200...
CVE-2005-4618
CVE-2005-4618 corresponds to a Linux kernel local-denial-of-service issue caused by a buffer overflow in sysctl writes. Affected are Linux kernel 2.6.x before 2.6.15; exploitation could corrupt user memory or cause a denial of service via a long string, with the caveat that the vulnerability may ...
CVE-2006-1368
CVE-2006-1368 affects the Linux kernel USB Gadget RNDIS driver. The vulnerability is a buffer overrun in the RNDIS response handling: during a remote NDIS response to OID_GEN_SUPPORTED_LIST the code allocates memory for the reply data but not for the reply structure, enabling a boundary condition...
CVE-2006-5701
CVE-2006-5701 is a real issue in the Linux kernel 2.6.x squashfs module where mounting a crafted squashfs filesystem can cause a local denial of service due to a double-free condition. Affected by this vulnerability are systems using the squashfs implementation in 2.6.x kernels (as referenced by ...
CVE-2009-0787
The CVE-2009-0787 issue affects the Linux kernel 2.6.28 series (before 2.6.28.9) in the eCryptfs component. The root cause is an incorrect size being used when writing kernel memory to the eCryptfs file header, which triggers an out-of-bounds read and allows a local user to obtain portions of ker...
CVE-2011-3619
CVE-2011-3619 affects the Linux kernel (before 3.0) via AppArmor’s apparmor_setprocattr in security/apparmor/lsm.c. Unvalidated parameters can trigger a NULL pointer dereference/OOPS by writing to /proc/#####/attr/current, enabling local denial-of-service; kernel patch exists in 3.0+ (see ChangeL...
CVE-2011-4087
CVE-2011-4087 affects the Linux kernel up to version 2.6.38, where the function br_parse_ip_options in net/bridge/br_netfilter.c fails to initialize a data structure properly. This can allow remote attackers to cause a denial of service by manipulating connectivity to an Ethernet bridge-enabled n...
CVE-2011-4325
CVE-2011-4325 – Linux kernel NFS vulnerability : The NFS implementation in the Linux kernel up to 2.6.31-rc6 can dereference uninitialized data, enabling a local denial-of-service via NULL pointer dereference and an O_DIRECT oops (e.g., demonstrated with diotest4 from LTP). Affected component: ke...
CVE-2013-1828
The CVE-2013-1828 issue affects the Linux kernel prior to 3.8.4, where sctp_getsockopt_assoc_stats in net/sctp/socket.c does not validate the requested size before a copy_from_user, enabling local privilege escalation via SCTP_GET_ASSOC_STATS getsockopt. Affected are kernel versions before 3.8.4;...
CVE-2013-2636
The CVE-2013-2636 entry concerns the Linux kernel prior to 3.8.4, where net/bridge/br_mdb.c does not initialize certain structures. This can allow local users to read sensitive kernel memory via a crafted application. The issue is addressed by the 3.8.4 update (ChangeLog-3.8.4); remediation is to...
CVE-2013-3230
CVE-2013-3230 affects the Linux kernel prior to 3.9-rc7: l2tp_ip6_recvmsg in net/l2tp/l2tp_ip6.c fails to initialize a structure member, allowing local users to obtain sensitive information from kernel stack memory via a crafted recvmsg/recvfrom. The issue is mitigated by updating the kernel to 3...
CVE-2015-0568
The CVE-2015-0568 entry describes a use-after-free in the MSM-Camera driver (drivers/media/video/msm/msm_camera.c), in the msm_set_crop function, for the Linux kernel 3.x used with Qualcomm Innovation Center (QuIC) Android contributions. A crafted ioctl call from a local attacker can trigger memo...
CVE-2016-5856
Technical details for CVE-2016-5856 are not publicly available in the provided documents. Monitor for updates.
CVE-2016-8413
CVE-2016-8413 is an information disclosure vulnerability in the Qualcomm camera driver on Android. The issue affects Kernel-3.10 and Kernel-3.18 environments and could let a local malicious application access data outside its usual permission level after compromising a privileged process. Impact ...
CVE-2016-8424
CVE-2016-8424 is an elevation-of-privilege in the NVIDIA Tegra GPU driver (NVMAP) that can let a local, unprivileged process execute code in kernel context by referencing memory after it has been freed (use-after-free). Affected: Android devices using the NVIDIA Tegra kernel driver (Kernel-3.10)....
CVE-2016-9313
CVE-2016-9313 affects the Linux kernel in security/keys/big_key.c (big_key data type). The issue arises when unsuccessful crypto registration occurs in conjunction with a subsequent key-type registration, enabling local users to trigger a NULL pointer dereference and kernel panic (denial of servi...
CVE-2017-0440
CVE-2017-0440 describes an elevation-of-privilege flaw in the Qualcomm Wi‑Fi driver for Android kernels 3.10 and 3.18. A local malicious app could exploit it to execute code in the kernel context, after compromising a privileged process. The vulnerability is classified as High severity in the pub...
CVE-2017-0563
CVE-2017-0563 is an elevation-of-privilege in the HTC touchscreen driver affecting the Android kernel (Kernel-3.10). A local malicious application could execute arbitrary code in the kernel context, potentially enabling a persistent device compromise that may require reflashing. The vulnerability...
CVE-2017-0648
CVE-2017-0648 is a local elevation-of-privilege in the Android kernel FIQ debugger. The issue arises from the FIQ debugger and SysRq access enabling arbitrary kernel code execution when exploited by a local attacker via a compromised device. Technical details in the connected sources show the roo...
CVE-2017-7979
CVE-2017-7979 affects the Linux kernel 4.11.x via the packet action API (net/sched/act_api.c). The vulnerability arises from mishandling the tb nlattr array in the cookie feature, enabling a local attacker to trigger denial of service through uninitialized memory access and a refcount underflow, ...
CVE-2021-47132
CVE-2021-47132 refers to a Linux kernel issue in the MPTCP code where sk_forward_memory could be corrupted during retransmission due to unsafe updates that did not acquire the msk spin lock. A fix was introduced that adds a new variant of the blamed function which explicitly acquires the msk spin...
CVE-2021-47264
The CVE-2021-47264 issue is tied to the Linux kernel ASoC core code, where a null pointer dereference in fmt_single_name() could occur if the return value of devm_kstrdup() is not checked. The connected documents confirm the vulnerability and indicate that it has been resolved by adding a check o...
CVE-2021-47292
CVE-2021-47292 affects the Linux kernel io_uring subsystem. The issue is a memory leak in io_init_wq_offload() where a leaked hash_map can occur when io_uring_enter() is called in parallel (syz-executor traffic). Root cause: missing synchronization around kzalloc/hash_map updates in io_init_wq_of...
CVE-2021-47312
The CVE-2021-47312 issue in Linux kernel nf_tables caused a NULL pointer dereference during error handling when flow is NULL (chain flags NFT_CHAIN_HW_OFFLOAD is false). The fix ensures nft_flow_rule_destroy is only called if flow is non-null, preventing the crash in the error path. Connected ven...
CVE-2021-47593
CVE-2021-47593 concerns the Linux kernel mptcp ULP, where the kernel flag handling for fallback sockets could allow a plain TCP subflow to retain kernel ownership and trigger a kernel crash. The issue occurs when accept() returns a plain TCP sk that is still tagged as kernel, allowing setsockopt ...
CVE-2022-48781
CVE-2022-48781 affects Linux kernel crypto: af_alg. The issue stems from removing alg_memory_allocated and an alg_proto memory_allocated field without a corresponding sysctl_mem, which makes sk_has_account() true and causes NULL pointer dereferences in sk_prot_mem_limits()/sock_reserve_memory whe...
CVE-2022-48835
CVE-2022-48835 involves a page fault in the Linux kernel driver mpt3sas (SCSI) on a LUN reset path. A faulty invalid reply_q pointer used by mpt3sas_base_sync_reply_irqs leads to a kernel oops when processing reply queues; the described mitigation is to move the _base_process_reply_queue() call i...
CVE-2022-48873
CVE-2022-48873 affects the Linux kernel in the misc: fastrpc subsystem. The root cause is improper handling of map removal on error paths during creater_process and device_release, risking a use‑after‑free. The fixed behavior is to avoid removing the map from the list on error in fastrpc_init_cre...
CVE-2022-48937
CVE-2022-48937 affects the Linux kernel io_uring subsystem, specifically a missing schedule point introduced in io_add_buffers. The vulnerability can cause soft lockups when a loop runs ~65,535 times performing kmalloc allocations, with DEBUG features (e.g., KASAN) enabled amplifying the issue. R...
CVE-2022-48986
CVE-2022-48986 targets the Linux kernel memory management path for dax. The issue arises because pud_huge() returns true on x86 for dax puds, allowing the gup_pud_range path to behave unexpectedly when hugetlb is not in use, which can trigger a general protection fault and kernel panic in get_use...
CVE-2022-49198
CVE-2022-49198 targets the Linux kernel’s mptcp path. According to multiple sources, the vulnerability stems from a race in __mptcp_alloc_tx_skb where skb->tcp_tsorted_anchor is initialized before the skb release path under memory pressure, causing kfree_skb to release the destination twice an...
CVE-2022-49461
CVE-2022-49461 concerns the Linux kernel where the gateway’s handling of an advertising message fails to free relay information after extraction, causing a memory leak. The root cause is in the advertisement handler not freeing allocated relay data, leading to local memory exhaustion. Multiple co...