14330 matches found
CVE-2016-6789
CVE-2016-6789 is an elevation-of-privilege in the NVIDIA libomx library (LIBNVOMX.SO) that could allow a local attacker to execute arbitrary code with privileged process rights. Affected environment is Android (kernel 3.18) using NVIDIA components. The vulnerability is scored as CVSS v3.0 base 9....
CVE-2017-0403
CVE-2017-0403 is an elevation-of-privilege vulnerability in the Android kernel performance subsystem. The issue could allow a local malicious application to execute arbitrary code within the kernel context, requiring initial access via a privileged process. Affected software is Android’s kernel w...
CVE-2017-0433
CVE-2017-0433 is an elevation-of-privilege flaw in the Synaptics touchscreen driver for Android, tied to the Kernel-3.10 platform. The vulnerability could allow a local, privileged attacker to execute arbitrary code within the touchscreen chipset context. Several connected sources (including NVD ...
CVE-2017-0439
CVE-2017-0439 describes a local privilege-escalation vulnerability in the Qualcomm Wi‑Fi driver for Android, affecting Kernel-3.10 and Kernel-3.18. The issue could allow a local malicious app to execute arbitrary code in the kernel context after compromising a privileged process. The Android Prod...
CVE-2017-0456
CVE-2017-0456 describes an elevation-of-privilege flaw in the Qualcomm IPA driver that allows a local attacker to run code in the kernel context on Android. Affected components/versions include Android kernel 3.10 and 3.18 with the issue stemming from the IPA driver in Qualcomm silicon. The vulne...
CVE-2021-47125
CVE-2021-47125 concerns a Linux kernel local vulnerability due to a refcount leak in the HTB offload path. The root cause was an incorrect NULL handling around qdisc_refcount_inc in htb_parent_to_leaf_offload, which could leak references if new_q was NULL. The fix adds a NULL pointer check to gua...
CVE-2021-47130
CVE-2021-47130 affects the Linux kernel nvmet subsystem. The issue occurs when a p2p device is found but the p2p pool is empty, causing nvme target to free the SGLs from the p2p pool and trigger a crash (BUG()) in lib/genalloc.c. The documented fix is to assign the p2p_dev for the request only if...
CVE-2021-47268
CVE-2021-47268: Unity/Linux kernel advisory describes a fix for usb: typec: tcpm: cancel vdm and state machine hrtimer when unregister tcpm port, addressing a pending hrtimer that may expire after tcpm port destruction. Root cause is a pending hrtimer in tcpm that could fire during module unload,...
CVE-2021-47519
CVE-2021-47519 concerns the Linux kernel CAN subsystem, specifically a memory leak in can/m_can_read_fifo. According to connected sources, if the second call to m_can_fifo_read() fails, code paths jump to an out_fail label and return before freeing the skb created by alloc_can_skb(), resulting in...
CVE-2022-48870
CVE-2022-48870 : In the Linux kernel, a null pointer dereference could occur in spk_ttyio_release due to a null-ptr-defer in tty handling, which has been fixed (tty: fix possible null-ptr-defer in spk_ttyio_release). The vulnerability affects kernel code involved with the Speakup Speakup AUDPTR/T...
CVE-2022-48881
CVE-2022-48881 (Linux kernel) affects the Linux kernel in the AMD platform x86 code. The vulnerability arises from a refcount leak in amd_pmc_probe, and a reference taken by pci_get_domain_bus_and_slot() that callers must release with pci_dev_put() after use. The fix adds pci_dev_put() in the err...
CVE-2022-48903
The CVE-2022-48903 entry refers to a Linux kernel vulnerability in the btrfs relocation path: a premature return from btrfs_commit_transaction can cause relocation-related crashes. The connected documents indicate upstream fixes in the kernel (e.g., commits addressing btrfs_relocate_block_group a...
CVE-2022-48922
CVE-2022-48922 (Linux kernel, riscv) : Root cause is a NULL pointer dereference when irqsoff latency tracer is enabled because trace_hardirqs_on/off rely on the frame pointer (CALLER_ADDR1). If the frame pointer is repurposed, memory access faults can occur during boot. The issue was mitigated by...
CVE-2022-48984
The connected documents provide concrete details for CVE-2022-48984 affecting Linux kernel can: slcan: fix freed work crash. The issue manifests as a NULL pointer dereference in slcan when the LTP pty03 test crashes, with a crash trace in process_one_work and workqueue handling. Root cause: slcan...
CVE-2022-49009
The CVE-2022-49009 issue affects the Linux kernel component hwmon:asus-ec-sensors, where devm_kcalloc may return NULL and the return value must be checked to avoid NULL pointer dereference. The provided documents confirm a resolved vulnerability with a fix implementing checks for the NULL return ...
CVE-2022-49013
CVE-2022-49013 affects the Linux kernel SCTP path: a memory leak in sctp_stream_outq_migrate() where the object pointed by prio_head is not released when releasing stream out resources. The description includes a concrete memory-leak instance and a backtrace showing allocation paths, indicating r...
CVE-2022-49146
The CVE-2022-49146 entry describes a Linux kernel issue in virtio handling where drivers bypass the enable_cbs callback during virtio_device_restore(), causing suspend-resume traces and potential interrupt handling problems. The root cause is failure to call virtio_device_ready() in restore, so i...
CVE-2022-49576
CVE-2022-49576 is a Linux kernel vulnerability in IPv4 sysctl_fib_multipath_hash_fields where readers could observe data races while the value is updated concurrently. The root cause is concurrent modification without proper synchronization; fix implemented by adding READ_ONCE() to the readers. T...
CVE-2022-49974
CVE-2022-49974 refers to a Linux kernel vulnerability in the HID Nintendo driver where a null pointer could be dereferenced when queuing rumble work to a destroyed workqueue. The root cause is attempting to queue work after the controller is disconnected and nintendo_hid_remove has destroyed the ...
CVE-2022-50023
The CVE-2022-50023 issue affects the Linux kernel's DMAengine dw-axi-dmac component. When a channel has no descriptor and an interrupt is raised, the kernel can OOPS. The root cause is not validating the descriptor result; the fix is to check the outcome of vchan_next_desc() in axi_chan_block_xfe...
CVE-2022-50080
CVE-2022-50080 (Linux kernel) affects kernel code path for tee/shm handling. The issue is an integer overflow in register_shm_helper() when calculating pages for a memory region supplied by user space, which can lead to a NULL pointer dereference in internal_get_user_pages_fast() via pin_user_pag...
CVE-2022-50108
CVE-2022-50108 affects the Linux kernel via the mfd: max77620 sub-system. The root cause is a refcount leak in max77620_initialise_fps: of_get_child_by_name() returns a node pointer with an incremented refcount, and the patch adds missing of_node_put() to release it when no longer needed. The iss...
CVE-2022-50188
CVE-2022-50188 is a Linux kernel vulnerability where a refcount leak in drm/meson was fixed. The issue arose because of how of_find_device_by_node() held a reference, with missing put_device() in the error path, leading to a refcount leak. The fix patches the kernel (meson_encoder_hdmi_init) to r...
CVE-2022-50192
CVE-2022-50192 : In the Linux kernel, the vulnerability affects the SPI Tegra tegra20-slink path. After calling spi_unregister_master(), the master’s refcount can drop to 0 and the master (and its associated device data) may be freed, causing a use-after-free when using tspi. The fix ensures the ...
CVE-2022-50204
CVE-2022-50204 concerns a Linux kernel issue affecting ARM OMAP2+ where pdata-quirks leaked a refcount in pdata_quirks_init_clocks due to a missing of_node_put() after using of_find_node_by_name() in a loop. The vulnerability is mitigated by a kernel fix that corrects the refcount handling, preve...
CVE-2022-50219
In CVE-2022-50219, the issue is in the Linux kernel’s BPF subsystem. Syzbot reported a use-after-free in compute_effective_progs when detaching BPF links, where a freed memory path could be dereferenced by update_effective_progs() leading to a KASAN UAF. The fix removes the pointer from the cgrou...
CVE-2023-20715
CVE-2023-20715 affects the wlan component in MediaTek-based devices. The issue is an out-of-bounds write caused by a missing bounds check, enabling local escalation of privileges with SYSTEM execution rights required. Exploitation reportedly does not require user interaction. The vulnerability’s ...
CVE-2023-20839
CVE-2023-20839 affects the imgsys component. The root cause is an out-of-bounds read due to missing valid range checking, leading to local information disclosure with system execution privileges required and user interaction for exploitation. The vulnerability is documented across multiple source...
CVE-2023-52986
CVE-2023-52986 is a Linux kernel issue affecting bpf, sockmap where a listening socket linked to a sockmap can have its sk_prot overridden to a variant in tcp_bpf_prots. The root cause is that cloning a child from a TCP listener checked only for the TCP_BPF_BASE proto variant, whereas the listene...
CVE-2023-52996
CVE-2023-52996 : Linux kernel IPv4 code in fib_metrics_match() uses @type as an array index, which could enable a spectre v1 gadget. The connected advisories indicate this is resolved in the kernel, with mitigation by preventing speculative access to fi->fib_metrics->metrics[type-1]. The vu...
CVE-2023-53061
CVE-2023-53061 affects the Linux kernel (ksmbd) and describes a refcount leak in smb2_open() where the reference count of acls can leak if memory allocation fails. The fix adds the missing posix_acl_release() to prevent the leak. Connected documents confirm the vulnerability was addressed in the ...
CVE-2024-32936
CVE-2024-32936 concerns the Linux kernel, specifically the TI j721e CSI2 RX DMA driver. The vulnerability arises when a frame is submitted to DMA: the submitted list may not be updated quickly enough, causing the DMA callback to fire before the list update completes. This race can lead to kernel ...
CVE-2024-45024
The CVE-2024-45024 issue in the Linux kernel concerns page-table locking around hugetlb folios during GUP page-walking. The fix implements a technique to use a PTE lock pointer (ptep_lockptr) so the PTE page-table lock can be acquired consistently with core-mm locking, addressing locking mismatch...
CVE-2024-50097
CVE-2024-50097 is resolved in OpenSUSE kernel-devel-longterm-6.12.11-1.1 on GA media. The issue in the Linux kernel’s fec driver could panics when saving PTP state if PTP is unsupported; the fix guards fec_ptp_save_state behind a PTP-support check, preventing the unconditional state save. Technic...
CVE-2024-54191
CVE-2024-54191 affects the Linux kernel Bluetooth stack (ISO). The issue arises from a circular lock between the socket lock and hdev lock in the ISO path. The fix reworks iso_sock_recvmsg and related code so that the socket lock is released before acquiring hdev, breaking the circular dependency...
CVE-2024-56711
CVE-2024-56711 is a Linux kernel vulnerability affecting the DRM panel driver for himax-hx83102. The issue arises when drm_mode_duplicate() can return NULL due to memory allocation failure, after which code may dereference NULL pointers. The fix adds a explicit NULL check to prevent a NULL pointe...
CVE-2024-56740
CVE-2024-56740 affects the Linux kernel NFSv3 LOCALIO path. The issue arises when res.replen is not cleared in nfs_local_read_done, leading to memory corruption as data can be copied from stale hdrsize/replen values through nfs3_read_done -> server->read_hdrsize -> args.replen -> hdrs...
CVE-2025-21843
CVE-2025-21843 concerns the Linux kernel DRM panthor component (panthor_ioctl_dev_query). The issue is that priorities_info is uninitialized and its value can be copied to a user object when PANTHOR_UOBJ_SET() is invoked. The documented fix is to initialize priorities_info (e.g., via memset) to a...
CVE-2025-21901
Technical details about CVE-2025-21901 beyond the initial description are not provided in the connected documents. The entry notes a kernel patch for RDMA/bnxt_re with possible NULL dereference when the rdev is freed; monitor for updates.
CVE-2025-37975
CVE-2025-37975 : Linux kernel riscv module relocation fix for out‑of‑bounds access in relocation handling. The patch replaces the end‑of‑relocation access rel[j] with a bounds‑checked approach using num_relocations, effectively correcting the relocation size calculation. The vulnerability is desc...
CVE-2025-38563
CVE-2025-38563 affects the Linux kernel perf subsystem. The issue arises when perf mmap-based mappings can be split (VMA split) after initial mapping, causing mismatched offsets/sizes and leaking reference counts for ringbuffer/auxiliary buffers. The fix adds vm_operations_struct.may_split() and ...
CVE-1999-0074
CVE-1999-0074 describes a flaw where listening TCP ports are assigned sequentially, enabling spoofing. The connected documents do not specify affected products, versions, or root cause details beyond this mechanism. Exploitation status, impact scope, and fixes are not provided; some entries reite...
CVE-1999-0216
The CVE-1999-0216 entry concerns a Denial of Service of inetd on Linux triggered by SYN and RST packets. Connected documents consistently describe inetd on Linux as the affected component and the root cause as crafted TCP packets causing denial of service. Public details in the PT-1997-1097 entry...
CVE-1999-1339
CVE-1999-1339 affects Linux 2.2.10 and earlier (with ipchains) and FreeBSD 3.2 (with ipfw). The issue is triggered by a crafted ping -R (record route) packet, causing a remote attacker to induce a kernel panic and denial of service. The vulnerability arises from how NAT is handled when enabled, a...
CVE-2003-0643
CVE-2003-0643 involves an integer signedness error in the Linux Socket Filter (filter.c) in Linux kernels from 2.4.3-pre3 through 2.4.22-pre10, which can cause a crash (denial of service). The vulnerability is documented across multiple sources (NVD/CVE entries, Debian advisory CD/OSV). The initi...
CVE-2005-0210
CVE-2005-0210 is a Netfilter-related vulnerability in Linux kernel 2.6.8.1 where certain fragmented packets reassembled twice cause a data structure to be allocated twice, leading to memory exhaustion and potential denial of service. The connected documents confirm this issue and show that multip...
CVE-2005-1263
CVE-2005-1263 affects the Linux kernel: the elf_core_dump path in binfmt_elf.c can trigger a negative length in create_elf_tables, causing a buffer overflow that enables local attackers to execute arbitrary code. Affected: Linux kernel 2.x up to listed pre-release/rc versions across multiple line...
CVE-2005-2457
CVE-2005-2457 affects the Linux kernel zisofs driver for compressed ISO files. The vulnerability in the driver in older kernels (before 2.6.12.5) allows local users and remote attackers to trigger a denial of service (kernel crash) by crafting a compressed ISO filesystem. The issue is confirmed a...
CVE-2005-3179
CVE-2005-3179 affects the Linux kernel, specifically the drm.c path in kernel versions 2.6.10 through 2.6.13. The vulnerability arises because a debug file is created in sysfs with world‑readable and world‑writable permissions. This allows a local user to enable DRM debugging and potentially obta...
CVE-2005-3807
CVE-2005-3807 describes a memory leak in the VFS lease handling (locks.c) in Linux kernels 2.6.10–2.6.15 that can lead to local denial of service (memory exhaustion) when Samba activities trigger re-allocation of an fasync entry after clean-up. Multiple connected advisories (Ubuntu USN-231-1 and ...