CVE-2002-1319

The Linux kernel 2.4.20 and earlier, and 2.5.x, when running on x86 systems, allows local users to cause a denial of service (hang) via the emulation mode, which does not properly clear TF and NT EFLAGs.

CVE-2002-1963

Linux kernel 2.4.1 through 2.4.19 sets root's NR_RESERVED_FILES limit to 10 files, which allows local users to cause a denial of service (resource exhaustion) by opening 10 setuid binaries.

CVE-2003-1161

exit.c in Linux kernel 2.6-test9-CVS, as stored on kernel.bkbits.net, was modified to contain a backdoor, which could allow local users to elevate their privileges by passing __WCLONE|__WALL to the sys_wait4 function.

CVE-2013-3236

The vmci_transport_dgram_dequeue function in net/vmw_vsock/vmci_transport.c in the Linux kernel before 3.9-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

CVE-2016-10288

An elevation of privilege vulnerability in the Qualcomm LED driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18....

CVE-2016-10290

An elevation of privilege vulnerability in the Qualcomm shared memory driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Ke...

CVE-2016-6729

An elevation of privilege vulnerability in the Qualcomm bootloader in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which...

CVE-2016-6737

An elevation of privilege vulnerability in the kernel ION subsystem in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, whic...

CVE-2016-6747

A denial of service vulnerability in Mediaserver in Android before 2016-11-05 could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Android ID: A-31244612. References: NVIDIA N-CVE-2...

CVE-2016-6760

An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normall...

CVE-2016-6785

An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. And...

CVE-2016-8403

An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a ...

CVE-2016-8416

An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Andr...

CVE-2016-8426

An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the ope...

CVE-2016-8438

Integer overflow leading to a TOCTOU condition in hypervisor PIL. An integer overflow exposes a race condition that may be used to bypass (Peripheral Image Loader) PIL authentication. Product: Android. Versions: Kernel 3.18. Android ID: A-31624565. References: QC-CR#1023638.

CVE-2016-8439

Possible buffer overflow in trust zone access control API. Buffer overflow may occur due to lack of buffer size checking. Product: Android. Versions: Kernel 3.18. Android ID: A-31625204. References: QC-CR#1027804.

CVE-2016-8441

Possible buffer overflow in the hypervisor. Inappropriate usage of a static array could lead to a buffer overrun. Product: Android. Versions: Kernel 3.18. Android ID: A-31625904. References: QC-CR#1027769.

CVE-2016-8452

An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.1...

CVE-2016-8477

An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Ker...

CVE-2017-0580

An elevation of privilege vulnerability in the Synaptics Touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Ker...

CVE-2017-0631

An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Ker...

CVE-2017-0632

An information disclosure vulnerability in the Qualcomm sound codec driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10...

CVE-2022-49763

In the Linux kernel, the following vulnerability has been resolved: ntfs: fix use-after-free in ntfs_attr_find() Patch series "ntfs: fix bugs about Attribute", v2. This patchset fixes three bugs relative to Attribute in record: Patch 1 adds a sanity check to ensure that, attrs_offset field in first...

CVE-2022-49766

In the Linux kernel, the following vulnerability has been resolved: netlink: Bounds-check struct nlmsgerr creation In preparation for FORTIFY_SOURCE doing bounds-check on memcpy(),switch from __nlmsg_put to nlmsg_put(), and explain the bounds checkfor dealing with the memcpy() across a composite fl...

CVE-2022-49791

In the Linux kernel, the following vulnerability has been resolved: io_uring: fix multishot accept request leaks Having REQ_F_POLLED set doesn't guarantee that the request isexecuted as a multishot from the polling path. Fortunately for us, ifthe code thinks it's multishot issue when it's not, it c...

CVE-2022-49805

In the Linux kernel, the following vulnerability has been resolved: net: lan966x: Fix potential null-ptr-deref in lan966x_stats_init() lan966x_stats_init() calls create_singlethread_workqueue() and notchecked the ret value, which may return NULL. And a null-ptr-deref mayhappen: lan966x_stats_init()...

CVE-2022-49811

In the Linux kernel, the following vulnerability has been resolved: drbd: use after free in drbd_create_device() The drbd_destroy_connection() frees the "connection" so use the _safe()iterator to prevent a use after free.

CVE-2022-49838

In the Linux kernel, the following vulnerability has been resolved: sctp: clear out_curr if all frag chunks of current msg are pruned A crash was reported by Zhen Chen: list_del corruption, ffffa035ddf01c18->next is NULLWARNING: CPU: 1 PID: 250682 at lib/list_debug.c:49 __list_del_entry_valid+0x...

CVE-2022-49851

In the Linux kernel, the following vulnerability has been resolved: riscv: fix reserved memory setup Currently, RISC-V sets up reserved memory using the "early" copy of thedevice tree. As a result, when trying to get a reserved memory regionusing of_reserved_mem_lookup(), the pointer to reserved me...

CVE-2022-49859

In the Linux kernel, the following vulnerability has been resolved: net: lapbether: fix issue of invalid opcode in lapbeth_open() If lapb_register() failed when lapb device goes to up for the first time,the NAPI is not disabled. As a result, the invalid opcode issue isreported when the lapb device ...

CVE-2023-52934

In the Linux kernel, the following vulnerability has been resolved: mm/MADV_COLLAPSE: catch !none !huge !bad pmd lookups In commit 34488399fa08 ("mm/madvise: add file and shmem support toMADV_COLLAPSE") we make the following change to find_pmd_or_thp_or_none(): - if (!pmd_present(pmde)) - return SC...

CVE-2023-52942

In the Linux kernel, the following vulnerability has been resolved: cgroup/cpuset: Fix wrong check in update_parent_subparts_cpumask() It was found that the check to see if a partition could use up allthe cpus from the parent cpuset in update_parent_subparts_cpumask()was incorrect. As a result, it ...

CVE-2023-53050

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Fix memory leak in margining Memory for the usb4->margining needs to be relased for the upstream portof the router as well, even though the debugfs directory gets releasedwith the router device removal. Fix this.

CVE-2024-42266

In the Linux kernel, the following vulnerability has been resolved: btrfs: make cow_file_range_inline() honor locked_page on error The btrfs buffered write path runs through __extent_writepage() whichhas some tricky return value handling for writepage_delalloc().Specifically, when that returns 1, w...

CVE-2024-43872

In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix soft lockup under heavy CEQE load CEQEs are handled in interrupt handler currently. This may cause theCPU core staying in interrupt context too long and lead to soft lockupunder heavy load. Handle CEQEs in BH workqueu...

CVE-2024-46837

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Restrict high priorities on group_create We were allowing any users to create a high priority group without anypermission checks. As a result, this was allowing possible denial ofservice. We now only allow the DRM mast...

CVE-2024-49941

In the Linux kernel, the following vulnerability has been resolved: gpiolib: Fix potential NULL pointer dereference in gpiod_get_label() In gpiod_get_label(), it is possible that srcu_dereference_check() mayreturn a NULL pointer, leading to a scenario where label->str is accessedwithout verifyin...

CVE-2024-50212

In the Linux kernel, the following vulnerability has been resolved: lib: alloc_tag_module_unload must wait for pending kfree_rcu calls Ben Greear reports following splat:------------[ cut here ]------------net/netfilter/nf_nat_core.c:1114 module nf_nat func:nf_nat_register_fn has 256 allocated at m...

CVE-2024-56743

In the Linux kernel, the following vulnerability has been resolved: nfs_common: must not hold RCU while calling nfsd_file_put_local Move holding the RCU from nfs_to_nfsd_file_put_local tonfs_to_nfsd_net_put. It is the call to nfs_to->nfsd_serv_put thatrequires the RCU anyway (the puts for nfsd_f...

CVE-2024-57914

In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpci: fix NULL pointer issue on shared irq case The tcpci_irq() may meet below NULL pointer dereference issue: [ 2.641851] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000010[ 2.641951]...

CVE-2024-58091

In the Linux kernel, the following vulnerability has been resolved: drm/fbdev-dma: Add shadow buffering for deferred I/O DMA areas are not necessarily backed by struct page, so we cannotrely on it for deferred I/O. Allocate a shadow buffer for driversthat require deferred I/O and use it as framebuf...

CVE-2025-21751

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: HWS, change error flow on matcher disconnect Currently, when firmware failure occurs during matcher disconnect flow,the error flow of the function reconnects the matcher back and returnsan error, which continues running t...

CVE-2025-21932

In the Linux kernel, the following vulnerability has been resolved: mm: abort vma_modify() on merge out of memory failure The remainder of vma_modify() relies upon the vmg state remaining pristineafter a merge attempt. Usually this is the case, however in the one edge case scenario of a mergeattemp...

CVE-2025-21939

In the Linux kernel, the following vulnerability has been resolved: drm/xe/hmm: Don't dereference struct page pointers without notifier lock The pnfs that we obtain from hmm_range_fault() point to pages thatwe don't have a reference on, and the guarantee that they are stillin the cpu page-tables is...

CVE-2025-37952

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix UAF in __close_file_table_ids A use-after-free is possible if one thread destroys the filevia __ksmbd_close_fd while another thread holds a reference toit. The existing checks on fp->refcount are not sufficient toprev...

CVE-2025-37956

In the Linux kernel, the following vulnerability has been resolved: ksmbd: prevent rename with empty string Client can send empty newname string to ksmbd server.It will cause a kernel oops from d_alloc.This patch return the error when attempting to renamea file or directory with an empty new name s...

CVE-2025-37960

In the Linux kernel, the following vulnerability has been resolved: memblock: Accept allocated memory before use in memblock_double_array() When increasing the array size in memblock_double_array() and the slabis not yet available, a call to memblock_find_in_range() is used toreserve/allocate memor...

CVE-2025-37991

In the Linux kernel, the following vulnerability has been resolved: parisc: Fix double SIGFPE crash Camm noticed that on parisc a SIGFPE exception will crash an application witha second SIGFPE in the signal handler. Dave analyzed it, and it happensbecause glibc uses a double-word floating-point sto...

CVE-1999-0782

KDE kppp allows local users to create a directory in an arbitrary location via the HOME environmental variable.

CVE-1999-1441

Linux 2.0.34 does not properly prevent users from sending SIGIO signals to arbitrary processes, which allows local users to cause a denial of service by sending SIGIO to processes that do not catch it.