13690 matches found
CVE-2010-3873
CVE-2010-3873 affects the Linux kernel X.25 implementation prior to 2.6.36.2. The vulnerability arises from improper parsing of facilities, allowing a remote attacker to trigger heap memory corruption and a kernel panic (partial availability) via malformed X25_FAC_CALLING_AE or X25_FAC_CALLED_AE ...
CVE-2021-23133
CVE-2021-23133 is a race condition in the Linux kernel SCTP sockets (net/sctp/socket.c) prior to 5.12-rc8. If sctp_destroy_sock executes without sock_net(sk)->sctp.addr_wq_lock, an element is removed from the auto_asconf_splist list without proper locking, enabling a local attacker with networ...
CVE-2019-15098
CVE-2019-15098 affects the Linux kernel driver ath6kl/usb.c (USB wifi driver) up to version 5.2.9. The issue is a NULL pointer dereference caused by an incomplete address in an endpoint descriptor, potentially leading to a crash or denial of service. The connected Nessus/Unity Linux advisories co...
CVE-2019-15214
CVE-2019-15214 refers to a use-after-free in the Linux kernel sound subsystem (before 5.0.10), triggered when a card is disconnected and data structures are deleted too early. Affected components: sound/core/init.c and sound/core/info.c. Impact described in sources: local attacker could potential...
CVE-2020-14390
CVE-2020-14390 affects the Linux kernel (pre-5.9-rc6). A change in screen size can trigger an out-of-bounds memory write, causing memory corruption or denial of service; the possibility of privilege escalation is not ruled out. Affected component is the kernel’s frame/ framebuffer-related handlin...
CVE-2021-45868
CVE-2021-45868: Linux kernel before 5.15.3 does not validate the on-disk quota_tree block number in quota_tree.c, which can lead to a use-after-free in kernel/locking/rwsem.c if a quota file is corrupted. Affected: Linux kernel up to 5.15.2 (and older) with quota support. Impact: potential kernel...
CVE-2018-1120
CVE-2018-1120 affects the Linux kernel prior to 4.17. By mmap()ing a FUSE-backed file into a process’s memory that contains command line arguments or environment strings, a local attacker can cause utilities that read /proc//cmdline or /proc//environ (e.g., ps, w) to block indefinitely or for a b...
CVE-2018-19854
CVE-2018-19854 affects the Linux kernel pre-4.19.3. In crypto/crypto_user.c (crypto user configuration API), structures copied to userspace are not fully initialized, potentially leaking memory to user processes. This is a regression from CVE-2013-2547 but with easier exploitability, requiring CO...
CVE-2023-52449
The CVE refers to a Linux kernel issue where, if both ftl.ko and gluebi.ko are loaded, the ftl notifier may dereference gluebi->desc during gluebi_read(), causing a NULL pointer dereference in the MTD/UBI gluebi flow. Root cause described: gluebi_get_device() is not invoked early enough in the...
CVE-2019-17053
CVE-2019-17053 affects the Linux kernel's ieee802154_create in net/ieee802154/socket.c (AF_IEEE802154) up to version 5.3.2, where CAP_NET_RAW is not enforced. This allows unprivileged users to create a raw socket (local, low complexity). The connected documents reiterate the same description but ...
CVE-2021-4002
CVE-2021-4002 describes a memory-leak flaw in the Linux kernel hugetlbfs memory usage caused by mappings being created twice (via shmget) for regions aligned to PUD, enabling a local user to access data that should be protected. The connected documents confirm this vulnerability across multiple L...
CVE-2023-1998
CVE-2023-1998 affects the Linux kernel. Root cause: when using legacy IBRS, the IBRS bit is cleared on returning to userspace, disabling implicit STIBP and leaving some spectre-BTI protections ineffective; attackers on a local machine could exploit cross-thread branch target injection despite mit...
CVE-2023-30456
CVE-2023-30456 affects Linux kernels with arch/x86/kvm/vmx/nested.c pre-6.2.8. The root cause is missing consistency checks for CR0 and CR4 in nVMX on x86_64, which can enable state inconsistency between VMX and guest. Public references indicate this has been addressed by 6.2.8 and via various AL...
CVE-2019-19768
CVE-2019-19768 is a Linux kernel use-after-free in the blktrace debugging path (function __blk_add_trace in kernel/trace/blktrace.c) that can occur during removal of block devices. Public documents describe this as a local exploitation risk that could enable a denial of service or privilege escal...
CVE-2020-15436
The CVE-2020-15436 entry is confirmed by connected sources as a Linux kernel local-use-after-free vulnerability in fs/block_dev.c (pre-5.8). It enables a local attacker to gain elevated privileges or cause a denial of service by abusing improper access to a particular error field. The Linux kerne...
CVE-2021-3609
CVE-2021-3609 is a local privilege-escalation flaw in the Linux kernel CAN BCM subsystem. A race in net/can/bcm.c between bcm_rx_handler() and bcm_release() can free bcm_op/bcm_sock structures while the handler runs, enabling use-after-free and root access. Public advisories consistently describe...
CVE-2022-36946
The CVE-2022-36946 issue affects nfqnl_mangle in net/netfilter/nfnetlink_queue.c of the Linux kernel (through 5.18.14). When nf_queue verdicts include a one-byte nfta_payload attribute, skb_pull can encounter a negative skb->len, enabling a remote attacker to trigger a denial of service (panic...
CVE-2017-12762
CVE-2017-12762 : Affected by a buffer overflow in the Linux kernel ISDN I4L driver. In /drivers/isdn/i4l/isdn_net.c, a user-controlled buffer is copied into a local buffer of fixed size with strcpy (no length check), leading to overflow. Impacted trees: Linux kernel 4.9-stable, 4.12-stable, 3.18-...
CVE-2019-19056
CVE-2019-19056 affects the Linux kernel driver mwifiex_pcie_alloc_cmdrsp_buf() in drivers/net/wireless/marvell/mwifiex/pcie.c. Root cause: memory leak when mwifiex_map_pci_memory() fails, leading to memory exhaustion and potential DoS. Exploitation details are not provided in the connected docume...
CVE-2022-1012
CVE-2022-1012 affects the Linux kernel TCP source port generation (net/ipv4/tcp.c) due to a small table perturb size, enabling information leakage and potential denial of service. Multiple connected advisories reiterate the memory-leak flaw in the TCP source port algorithm and indicate a patched ...
CVE-2022-25258
The CVE-2022-25258 issue affects the Linux kernel USB Gadget subsystem, specifically drivers/usb/gadget/composite.c, where interface OS descriptor requests with large indices or NULL function pointer handling were not properly validated, enabling memory corruption. It affects kernels before 5.16....
CVE-2016-3672
CVE-2016-3672 affects the Linux kernel before 4.5.3 where arch_pick_mmap_layout in arch/x86/mm/mmap.c fails to properly randomize the legacy base address. This defeats ADDR_NO_RANDOMIZE protections and can bypass ASLR for setuid/setgid programs by disabling stack-consumption resource limits. Affe...
CVE-2017-7308
CVE-2017-7308 applies to the Linux kernel AF_PACKET packet_set_ring implementation. The issue arises from insufficient validation of certain block-size data in net/packet/af_packet.c, enabling a local user with CAP_NET_RAW to trigger a denial of service (integer signedness error and out-of-bounds...
CVE-2019-20934
CVE-2019-20934 affects the Linux kernel prior to 5.2.6. On NUMA systems, the scheduler’s show_numa_stats() contains a use-after-free when freeing NUMA fault statistics, CID-16d51a590a8c. The vulnerability is acknowledged in vendor advisories (e.g., Unity Linux UTSA advisories referencing CVE-2019...
CVE-2017-1000371
CVE-2017-1000371 is a Linux kernel vulnerability reported for the 4.11.5 release, caused by the offset2lib patch that can allow a stack/heap clash for 32-bit PIE binaries when RLIMIT_STACK is RLIMIT_INFINITY and 1 GB is allocated. Consequences include potential local impact (stack guard page bypa...
CVE-2020-13974
CVE-2020-13974 affects the Linux kernel in drivers/tty/vt/keyboard.c, caused by a signed integer overflow in k_ascii when invoked repeatedly. Connected docs confirm impacted products include Linux kernel 4.4–5.7.1 and note potential local code execution risk (IBM bulletin and MSRC description) th...
CVE-2021-43975
CVE-2021-43975 is described in connected material as a Linux kernel vulnerability up to version 5.15.2 where the hw_atl_utils_fw_rpc_wait() function in the aQuantia AQtion Ethernet driver (drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c) allows a local attacker who can introduce a cr...
CVE-2018-1000199
The CVE-2018-1000199 entry concerns the Linux kernel (v3.18) where modify_user_hw_breakpoint() contains a ptrace-related handling flaw. This flaw can allow a local attacker to crash the kernel and, per other sources, may enable memory corruption or local code execution via ptrace. The issue is ro...
CVE-2019-9500
The CVE set concerns Broadcom brcmfmac WiFi driver flaws. CVE-2019-9500 is a heap buffer overflow in brcmf_wowl_nd_results triggered when Wake-on-WLAN is configured (pre-commit 1b5e2423164b3670e8bc9174e4762d297990deff); exploitation could enable arbitrary code execution on affected hosts or cause...
CVE-2022-43750
CVE-2022-43750 affects the Linux kernel usbmon driver (usbmon/mon_bin.c). A local user-space client can corrupt the monitor’s internal memory due to handling in usbmon before 5.19.15 and 6.x before 6.0.1. The fixed versions are Linux 5.19.15+ and 6.0.1+. Public references indicate the issue is tr...
CVE-2019-19052
CVE-2019-19052 is a memory-leak vulnerability in the Linux kernel, specifically in drivers/net/can/usb/gs_usb.c within the gs_can_open() function. The issue allows a denial of service through memory consumption when usb_submit_urb() fails, affecting the kernel up to version before 5.3.11. The rea...
CVE-2021-3564
CVE-2021-3564 describes a local, double-free memory corruption in the Linux kernel Bluetooth HCI device initialization. A local attacker could crash the system by triggering the flaw when attaching a malicious HCI TTY Bluetooth device; the issue affects Linux kernel versions from 3.13 onward. Con...
CVE-2023-31248
CVE-2023-31248 is a Linux kernel nf_tables (nftables) use-after-free vulnerability. The issue occurs in nf_tables when using nft_chain_lookup_byid, where a chain’s active state wasn’t properly checked, enabling a local attacker with CAP_NET_ADMIN in any user or network namespace to escalate privi...
CVE-2024-0565
CVE-2024-0565 affects the Linux kernel CIFS (SMB) client: receive_encrypted_standard in fs/smb/client/smb2ops.c contains an out-of-bounds read caused by an integer underflow in memcpy length, leading to denial of service. Connected advisories consistently reference this CVE in kernel CIFS decrypt...
CVE-2019-15031
CVE-2019-15031 affects the Linux kernel on the powerpc platform up to and including 5.2.14. A local user can read vector registers of another local process by triggering an interrupt, starting a hardware transactional memory region with tbegin, and then accessing vector registers. The issue arise...
CVE-2020-8992
CVE-2020-8992 affects the Linux kernel ext4 implementation (ext4_protect_reserved_inode in fs/ext4/block_validity.c) through version 5.5.3. A crafted journal size can cause a denial of service (soft lockup) via a local attack. Connected advisories (e.g., SUSE-SU-2020:1663-1, Ubuntu USN-4419-1, Un...
CVE-2022-34918
CVE-2022-34918 affects the Linux kernel up to 5.18.9 in the Netfilter nf_tables subsystem. A type confusion in nft_set_elem_init can trigger a heap/buffer overflow in nft_set_elem_init, allowing a local attacker who already has an unprivileged user namespace to escalate to root by gaining CAP_NET...
CVE-2018-10853
CVE-2018-10853: A security flaw in the Linux kernel KVM hypervisor (pre-4.18) where emulation of certain unprivileged instructions (sgdt, sidt, fxsave, fxrstor) did not check CPL, potentially allowing an unprivileged guest process to escalate privileges inside the guest. The CVE is linked to comm...
CVE-2022-0617
CVE-2022-0617 is a NULL pointer dereference in the Linux kernel UDF filesystem. A local user could trigger udf_file_write_iter with a crafted UDF image to crash the system. Affected: Linux kernel 4.2-rc1 through 5.17-rc2 per initial description; multiple connected advisories corroborate UDF NULL ...
CVE-2023-3863
CVE-2023-3863 is a use-after-free vulnerability in the Linux kernel’s NFC stack (nfc_llcp_find_local in net/nfc/llcp_core.c). A local privileged user could trigger memory misuse leading to kernel information leak (impact on confidentiality; I=H, A=H in some advisories) and potential escalation. P...
CVE-2023-4132
CVE-2023-4132 is a use-after-free vulnerability in the Linux kernel’s sono smsusb module triggered during device initialization when the Sono device is plugged in. Exploitation by a local user could crash the system, causing a denial of service. Connected Astra Linux security bulletins reiterate ...
CVE-2017-1000410
Summary of CVE-2017-1000410 (Linux kernel info leak) : The vulnerability affects Linux kernel 3.3-rc1 and later in how L2CAP ConfigRequest/ConfigResponse are parsed. A stack variable (struct l2cap_conf_efs efs) is declared uninitialized and, depending on parsing flow and input, can be leaked back...
CVE-2019-19065
CVE-2019-19065 corresponds to a memory leak in the Linux kernel’s sdma_init() (drivers/infiniband/hw/hfi1/sdma.c). The condition is triggered by rhashtable_init() failures during sdma_init(), leading to memory consumption and potential DoS. The root cause is that the call path invokes sdma_init()...
CVE-2020-25672
The CVE-2020-25672 entry refers to a memory-leak vulnerability in the Linux kernel NFC LLCP path (llcp_sock_connect). The issue is described as a memory leak in the NFC LLCP implementation, which can lead to resource exhaustion and denial of service when non-blocking socket operations trigger the...
CVE-2021-3483
CVE-2021-3483 refers to a vulnerability in the Linux kernel Nosy driver where a device can be inserted twice into a doubly-linked list, causing a use-after-free when one is removed. This affects versions before 5.12-rc6 and impacts confidentiality, integrity, and availability. The incident is loc...
CVE-2022-41674
CVE-2022-41674 affects the Linux kernel (pre-5.19.16) and is triggered by injecting WLAN frames, causing a buffer overflow in ieee80211_bss_info_update() within net/mac80211/scan.c. Reported impact includes high confidentiality and high availability risk (I=None, A=High, C=High) with adjacent att...
CVE-2023-2156
CVE-2023-2156 is a Linux kernel networking flaw in the RPL protocol handling that stems from improper processing of user-supplied data. The description in the initial document states that an unauthenticated remote attacker could cause a denial of service by triggering an assertion failure. Connec...
CVE-2018-14633
CVE-2018-14633 affects the Linux kernel iSCSI target code, specifically chap_server_compute_md5(), where an unauthenticated remote attacker can trigger a stack-based buffer overflow, potentially causing a denial of service or exposing data from an iSCSI target. Public disclosures in 2018 indicate...
CVE-2019-20812
CVE-2019-20812 affects the Linux kernel prior to 5.4.7. The issue is in the function prb_calc_retire_blk_tmo() in net/packet/af_packet.c , which can cause a denial of service (high CPU usage and soft lockup) in a failure case when using TPACKET_V3 . Impact is localized (local access required) and...
CVE-2021-40490
CVE-2021-40490 describes a race condition in ext4_write_inline_data_end of the Linux kernel’s ext4 subsystem, present through kernel versions up to 5.13.13. Connected sources corroborate a race in ext4 and note this can enable denial of service and potential privilege impact. The Debian advisory ...