14330 matches found
CVE-2022-49766
The CVE-2022-49766 entry concerns the Linux kernel netlink path: it fixes a bounds-check issue in the creation of struct nlmsgerr. The underlying cause was related to a memcpy across a composite flexible array struct, which is mitigated by switching from __nlmsg_put to nlmsg_put() and explaining ...
CVE-2022-49963
The CVE-2022-49963 entry describes a Linux kernel issue in drm/i915/ttm CCS handling. Root cause: in migrate_copy(), plain integer arithmetic can overflow when handling large objects; emitting PTEs uses the full object size, and copies fail because only a few fixed-size windows exist for mapping ...
CVE-2022-50059
CVE-2022-50059 affects the Linux kernel; the issue occurs in the ceph path where handle_cap_grant on an IMPORT operation may fail to release the snap_rwsem, potentially causing a deadlock. The vulnerability detail is supported by multiple connected Nessus/OpenVAS advisories (e.g., EulerOS/Unity L...
CVE-2022-50141
In CVE-2022-50141, the Linux kernel component mmc: sdhci-of-esdhc had a refcount leak in esdhc_signal_voltage_switch caused by of_find_matching_node() returning a node pointer with an incremented refcount. The fix adds a missing of_node_put() to release refs when the node is no longer needed, pre...
CVE-2022-50155
CVE-2022-50155 concerns the Linux kernel MTDi parsing code: a refcount leak in bcm4908_partitions_fw_offset was fixed by ensuring of_node_put() is called after of_find_node_by_path() returns a node. The vulnerability affects the kernel component responsible for partition parsing (mtd: parsers: of...
CVE-2022-50161
CVE-2022-50161 is a Linux kernel vulnerability where the of_flash_probe_versatile refcount leak is fixed. The root cause is that of_find_matching_node_and_match() returns a node pointer with an incremented refcount, and the patch adds a missing of_node_put() to release it when no longer needed. D...
CVE-2022-50184
The CVE-2022-50184 issue in the Linux kernel concerns a refcount leak in the Meson HDMI encoder path. Specifically, in drm/meson: encoder_hdmi_init, of_graph_get_remote_node() returns a remote device node pointer with an incremented refcount, and a missing of_node_put() could lead to a leak. The ...
CVE-2022-50186
The CVE-2022-50186 entry concerns a Linux kernel issue in ath11k where on htc_tx_completion error the skb was not dropped, leading to a memory leak. The documented fix ensures the skb is freed on eid >= ATH11K_HTC_EP_COUNT before returning, as the completion_handler expects consumption even in...
CVE-2022-50197
In CVE-2022-50197, the Linux kernel vulnerability affects the cpufreq: zynq component. The root cause is a refcount leak when retrieving a device node: of_find_compatible_node() returns a node pointer with an incremented refcount, and missing of_node_put() on cleanup leads to a leak. The fix adds...
CVE-2022-50203
CVE-2022-50203 affects the Linux kernel ARM OMAP2+ display path. The described issue is a refcount leak in omapdss_init_fbdev where of_find_node_by_name() can return a node with an incremented refcount. The recommended action is to call of_node_put() when the node is no longer used to prevent the...
CVE-2022-50207
Summary (CVE-2022-50207) : In the Linux kernel, ARM bcm Kona handling had a refcount leak in bcm_kona_smc_init. The root cause: of_find_matching_node() returns a node pointer with an incremented refcount and may not be released. The patch adds a missing of_node_put() to drop the reference when th...
CVE-2023-20810
CVE-2023-20810 affects the IOMMU component in MediaTek platforms. Root cause: improper input validation in the IOMMU leading to potential local information disclosure with required system execution privileges. Exploitation described as local, with no user interaction needed. Impact per documents:...
CVE-2024-37026
CVE-2024-37026 is a Linux kernel vulnerability affecting the DRM/xe path: the GuC context scheduling queue can deadlock when a migration job is queued behind a fault due to shared engines with user jobs. The issue arises because the migrate exec queue could be serviced behind non-reserved BCS ins...
CVE-2024-40933
The CVE-2024-40933 entry concerns a Linux kernel IIO temperature driver mlx90635 issue. The vulnerability arises in mlx90635_probe() where a failure of devm_regmap_init_i2c() could yield regmap_ee as an error pointer rather than being checked with IS_ERR(regmap_ee), effectively a copy-paste error...
CVE-2024-40950
CVE-2024-40950 (Linux kernel) : The issue concerns mistaken use of mapping_large_folio_support for anonymous folios in THP handling, causing a mis-split of anon THP when splitting huge pages. Root cause: anon folios could be passed to mapping_large_folio_support() in split_huge_page_to_list_to_or...
CVE-2024-40964
The CVE-2024-40964 issue is in the Linux kernel ALSA: hda: cs35l41, where cs35l41_hda_unbind() dereferenced a codec pointer when device index could be 0. The fix uses the codec pointer stored in the cs35l41_hda structure, preventing the null pointer dereference. Severity is MEDIUM (CVSSv3.1: 5.5)...
CVE-2024-40986
CVE-2024-40986 affects the Linux kernel DMA engine for Xilinx XDMA. The issue arises from data synchronization in xdma_channel_isr() where the code does not properly sequence operations before using xdma->stop_request, requiring the vchan lock prior to stop_request usage. The vulnerability is ...
CVE-2024-42100
Technical details for CVE-2024-42100 are not provided in the connected documents. The materials reference the CVE but do not specify affected products, versions, root cause, impact, or fixes beyond the initial description; monitor for updates.
CVE-2024-43816
CVE-2024-43816 : In the Linux kernel, the lpfc SCSI target code (lpfc_prep_embed_io) referenced a little-endian sgl->sge_len value when copying with memcpy, which could cause a memory out-of-bounds access on big-endian systems when FCP targets are zoned. The fix redefines the sgl pointer as a ...
CVE-2024-43862
CVE-2024-43862 affects the Linux kernel’s net: wan: fsl_qmc_hdlc component. The root cause is using a spinlock (carrier_lock) to protect carrier detection while framer_get_status() may take a mutex, creating a potential deadlock. The issue is addressed by converting carrier_lock from a spinlock t...
CVE-2024-45014
In CVE-2024-45014, Linux kernel s390/boot exposes a memory-muncertainty issue: when the kernel image is allocated, extra memory for offsetting the image start to align with the lower 20 bits of the KASLR base address was not accounted for, potentially allowing the kernel to access memory beyond i...
CVE-2024-45023
CVE-2024-45023 affects the Linux kernel’s MD raid1 path. Root cause: the recovery status was not checked in raid1’s choose_bb_rdev() (and similarly in choose_slow_rdev()), allowing unrecovered data to be read when a degraded array lands valid data on slow disks while a normal disk is still recove...
CVE-2024-46790
CVE-2024-46790 concerns the Linux kernel: when freeing PG_hwpoison pages they are isolated rather than released, leading to a warning: “alloc_tag was not set.” The Astra Linux bulletin confirms the issue and states the fix is to “clear the page tag reference after the page got isolated and accoun...
CVE-2024-56553
CVE-2024-56553 is a Linux kernel memory-leak fix in the binder subsystem. The issue occurred when a freeze notification is cleared (BC_CLEAR_FREEZE_NOTIFICATION) before binder_freeze_notification_done(), leaving entries in proc->delivered_freeze queued and leaking on process exit. The patch en...
CVE-2024-56743
CVE-2024-56743 affects the Linux kernel NFS path. The issue arises from holding RCU while calling nfsd_file_put_local; the RCU hold is moved from nfs_to_nfsd_file_put_local to nfs_to_nfsd_net_put, with the rcu-protective call nfsd_serv_put being the one that requires RCU. This change addresses a ...
CVE-2025-38356
CVE-2025-38356 (Linux kernel) . The issue affects the DRM frontend (drm/xe/guc) where during driver probe the code may briefly run in CT safe mode (driven by a delayed work). If probe aborts early, unwind can destroy a pending delayed work that would restart itself, triggering a WARN in the workq...
CVE-2026-46099
The CVE-2026-46099 entry describes a use-after-free race in Linux kernel IPv6 handling for seg6 and rpl lightweight tunnels. A NOREF destination cached during ip6_route_input() can be freed by a concurrent FIB lookup on a shared nexthop under PREEMPT_RT, leading to a WARN or potential instability...
CVE-2026-46259
In the Linux kernel procfs path do_task_stat() reading /proc/[pid]/stat, task->real_parent is accessed without proper RCU protection, enabling a potential Use-After-Free when another task is released. The fix switches from task_tgid_nr_ns() to task_ppid_nr_ns() to add proper RCU protection for...
CVE-2001-0851
CVE-2001-0851 covers the Linux kernel 2.0, 2.2 and 2.4 with syncookies enabled. The issue arises from the syncookie handling that allows a remote attacker to bypass firewall rules by brute-forcing the cookie, effectively defeating first-hop filtering. Public advisories from Red Hat, SUSE, Mandrak...
CVE-2003-0465
The CVE-2003-0465 issue affects the Linux kernel (2.4/2.5) where strncpy does not pad with null bytes on architectures other than x86, potentially allowing information leaks. Red Hat’s RHSA-2004:188 and related advisories document this as a kernel vulnerability with fixes in updated kernel packag...
CVE-2003-0476
CVE-2003-0476 affects the Linux kernel 2.4.x execve system call, where the executable’s file descriptor is recorded in the caller’s file table, enabling local users to read restricted file descriptors. Public advisories (e.g., Debian DSA-423-1, RHSA-2003:408) note this vulnerability and recommend...
CVE-2003-0501
The CVE-2003-0501 issue concerns the Linux /proc filesystem allowing a local attacker to read sensitive information by opening entries in /proc/self before a setuid program runs, potentially preventing proper ownership/permission changes. Connected advisories confirm this can be triggered in Linu...
CVE-2005-0749
The CVE-2005-0749 issue affects the Linux kernel prior to 2.6.11.6. The vulnerability arises in load_elf_library where freeing an invalid pointer via a crafted ELF library or executable can trigger a kernel crash (DoS). Affected component: kernel’s ELF loading/free path (load_elf_library). The pu...
CVE-2005-1913
CVE-2005-1913 affects the Linux kernel up to version 2.6.12.1. The vulnerability occurs when a non group-leader thread executes a different program while an itimer is pending; the expiry signal is delivered to the old group-leader task, which no longer exists, causing a kernel panic (local DoS). ...
CVE-2005-2500
CVE-2005-2500: A buffer overflow in the Linux kernel 2.6.12 code path (xdr_xcode_array2 in xdr.c) used by SuSE Linux Enterprise Server 9 can be triggered by crafted XDR data for the nfsacl protocol, potentially allowing remote denial of service and possibly arbitrary code execution. The vulnerabi...
CVE-2005-3358
CVE-2005-3358 affects Linux kernel prior to 2.6.15: passing a 0 bitmask to set_mempolicy can trigger a kernel panic, enabling local denial of service. Public details in Debian DSAs and OpenVAS entries confirm the issue and list patched kernel versions (e.g., Debian 2.6.8-16sarge2; Red Hat/CentOS ...
CVE-2005-3858
Technical details about CVE-2005-3858 are not publicly available in the provided connected documents. Monitor for updates.
CVE-2006-1342
CVE-2006-1342 is a local information-leak in the Linux kernel’s IPv4 socket-name handling. The root cause is that sockaddr_in.sin_zero is not cleared when returning IPv4 socket names from getsockname, getpeername, or accept, potentially exposing portions of kernel memory. Public advisories across...
CVE-2006-1524
The MADV_REMOVE issue (CVE-2006-1524) affects Linux kernel 2.6.16 up to 2.6.16.6, where madvise_remove does not enforce file/mmap restrictions, enabling a local user to bypass IPC permissions and overwrite portions of readonly tmpfs files with zeros. The problem is tied to the mprotect-related fl...
CVE-2006-4813
Concrete details found: CVE-2006-4813 affects the Linux kernel 2.6.x prior to 2.6.13, where __block_prepare_write in fs/buffer.c fails to clear buffers under certain error conditions, allowing a local user to read portions of files that have been unlinked. Impact is partial confidentiality; explo...
CVE-2006-5749
The CVE-2006-5749 issue affects the Linux kernel 2.4 series up to, but not including, 2.4.34-rc4. It concerns the isdn_ppp_ccp_reset_alloc_state function in drivers/isdn/isdn_ppp.c, which does not call init_timer for the ISDN PPP CCP reset state timer. The underlying cause is a timer initializati...
CVE-2007-5501
The CVE-2007-5501 entries confirm a vulnerability in the Linux kernel 2.6.21–2.6.23.7 and 2.6.24-rc through 2.6.24-rc2 where remote attackers can cause a denial of service (crash) by sending crafted ACKs that trigger a NULL pointer dereference in net/ipv4/tcp_input.c (tcp_sacktag_write_queue). Th...
CVE-2013-1858
The CVE-2013-1858 issue affects the Linux kernel prior to 3.8.3, where the clone system-call mishandles a combination of CLONE_NEWUSER and CLONE_FS. This enables local users to escalate privileges by calling chroot and taking advantage of the sharing of the / directory between a parent process an...
CVE-2013-6432
CVE-2013-6432 affects the Linux kernel ping_recvmsg in net/ipv4/ping.c and can cause a local denial of service via a NULL pointer dereference when interacting with read() on ping sockets. The vulnerability exists in kernel versions prior to 3.12.4. The provided connected documents corroborate the...
CVE-2014-0102
CVE-2014-0102 affects the Linux kernel up to version 3.13.6. The vulnerability is in the function keyring_detect_cycle_iterator (security/keys/keyring.c), which does not correctly determine whether keyrings are identical. This can allow local users to cause a denial of service (OOPS) by issuing c...
CVE-2016-10153
The CVE-2016-10153 issue affects the Linux kernel 4.9.x before 4.9.6, where the crypto scatterlist API interacts incorrectly with CONFIG_VMAP_STACK, enabling local attackers to cause a denial of service (system crash or memory corruption) or potentially other impacts due to reliance on earlier ne...
CVE-2017-0429
CVE-2017-0429 is an elevation-of-privilege vulnerability in the NVIDIA kernel driver’s i2c-hid component, enabling a local attacker to write arbitrary values to kernel memory and potentially execute code with kernel privileges. Public descriptions tie the issue to the NVIDIA kernel driver on Andr...
CVE-2017-0531
CVE-2017-0531 is an information-disclosure vulnerability in the Qualcomm Wi‑Fi driver for Android, allowing a local malicious application to access data outside its permission levels after compromising a privileged process. Affected components/versions are Android kernel build lines (Kernel-3.10 ...
CVE-2017-0584
CVE-2017-0584 is an information-disclosure issue in the Qualcomm Wi‑Fi driver affecting Android. The vulnerability could let a local malicious application access data outside its permissions, requiring compromise of a privileged process. The Initial document cites kernel versions 3.10 and 3.18 an...
CVE-2021-47133
CVE-2021-47133 affects Linux kernel; memory leak in the amd_sfh driver (HID: amd_sfh: Fix memory leak in amd_sfh_work) detected by kmemleak. Root cause: unreferenced kmem object in request_list handling; fix implemented as freeing the request_list entry once the processed entry is removed from th...