14330 matches found
CVE-2016-7912
The CVE-2016-7912 entry describes a use-after-free in the Linux kernel involving ffs_user_copy_worker in drivers/usb/gadget/function/f_fs.c, prior to version 4.5.3. This flaw lets local users escalate privileges by accessing an I/O data structure after a callback, as documented in multiple source...
CVE-2016-8430
CVE-2016-8430 affects the NVIDIA Tegra kernel driver (NVHOST) on Android, where a mismanaged memory reference (user-after-free) can let a local attacker cause a denial of service or escalate to kernel code execution. The issue is described as elevation of privilege with potential for local persis...
CVE-2017-0443
CVE-2017-0443 describes an elevation of privilege in the Qualcomm Wi‑Fi driver on Android, allowing a local malicious application to execute arbitrary code in the kernel context. The vulnerability requires compromising a privileged process to gain initial access, and affects Android devices using...
CVE-2017-0445
CVE-2017-0445 is a kernel-privilege elevation in the HTC touchscreen driver affecting Google Pixel/Pixel XL devices (Android kernel 3.18). The connected CNVD entry confirms an HTC touchscreen driver flaw allowing a local malicious app to execute code in kernel context, i.e., a local privilege esc...
CVE-2017-0527
CVE-2017-0527 describes an elevation-of-privilege vulnerability in the HTC Sensor Hub Driver on Android, enabling a local malicious app to execute arbitrary code in kernel context. Affected products/versions: Android on kernel 3.10 and 3.18. Root cause is operating in the context of the kernel af...
CVE-2017-0613
CVE-2017-0613 is a local elevation-of-privilege flaw in the Qualcomm Secure Execution Environment Communicator driver affecting Android, enabling a non-privileged, user-space process to gain arbitrary code execution in the kernel if a privileged process is first compromised. Affected kernel versi...
CVE-2021-47225
Linux kernel mac80211 deadlock when AP_VLANs are up and the AP interface is closed. Root cause: dev_close() held the wiphy mutex triggers netdev cfg80211 notifier to re-acquire the wiphy mutex. Fixes described: (1) prevent changing iftype while AP_VLANs are up; (2) move the dev_close() loop over ...
CVE-2021-47349
The CVE-2021-47349 issue is a kernel-level deadlock in the mwifiex path: when removing the mwifiex interface or during firmware reset, cfg80211_unregister_wdev() may need to bring down the link, which then attempts to acquire the same wiphy lock already held. The provided traces show the lock/inv...
CVE-2022-3170
CVE-2022-3170 affects the Linux kernel sound subsystem. The vulnerability is an out-of-bounds access that can occur when the user-provided id->name does not end with a NUL character, allowing a privileged local user to trigger a crash or potentially escalate privileges via an ioctl() path. The...
CVE-2022-48762
CVE-2022-48762 refers to an arm64 Linux kernel issue in the extable path for load_unaligned_zeropad, where ex_handler_load_unaligned_zeropad() erroneously parsed register indices from ex->type instead of ex->data. The documented impact is a potential NULL pointer dereference on an MTE-enabl...
CVE-2022-48820
CVE-2022-48820: In the Linux kernel, a refcount leak was fixed in the stm32 USB PHY PLL enable path. The bug affected the stm32_usbphyc_pll_enable() error path where usbphyc->n_pll_cons.counter was not decremented, potentially leaking a reference. The provided connected documents confirm the f...
CVE-2022-48913
The CVE-2022-48913 issue is a Linux kernel use-after-free in blk_trace (blktrace) allocated when tracing a full disk, where created files under q->debugfs_dir are not removed if bt->dir is NULL, allowing stale pointers (dropped, msg) to be dereferenced. The result is a KASAN-triggered use-a...
CVE-2022-49068
CVE-2022-49068 — Summary (Linux kernel, btrfs) The issue occurs in btrfs direct IO write path: during get_blocks_direct_write(), temporary delalloc extents are reserved and later released with btrfs_delalloc_release_extents(). If the length is modified in the COW path, fewer extents may be releas...
CVE-2022-49684
The Connected documents confirm CVE-2022-49684 relates to the Linux kernel, specifically the iio: adc: aspeed code. The issue is a refcount leak in aspeed_adc_set_trim_data caused by of_find_node_by_name() returning a node pointer with an incremented refcount; the remediation is to call of_node_p...
CVE-2023-52706
The CVE-2023-52706 issue affects the Linux kernel gpio-sim, where an inverted logic in gpio_sim_remove_hogs() prevented freeing GPIO hog structures, causing a memory leak. A fix was applied in the kernel to correct the logic and free the hog structures, mitigating the leak. The vulnerability was ...
CVE-2023-53115
CVE-2023-53115 refers to a Linux kernel vulnerability affecting the scsi mpi3mr driver, where memory leaks were reported in mpi3mr_init_ioc during IOC reinitialization. The confirmed remediation is a memory-management fix that prevents reallocation when IOC is being reinitialized. Multiple adviso...
CVE-2024-41026
CVE-2024-41026 is a Linux kernel issue in the davinci_mmc driver where the transmitted data size could exceed sg_miter length, causing a kernel panic. The vulnerability arises from lack of validation on the data size to be transmitted; the fix limits the number of transmitted bytes to sg_mmiter-&...
CVE-2024-42112
Summary (CVE-2024-42112): In the Linux kernel, the txgbe driver mishandled isb resource freeing when using MSI/INTx interrupts, risking reads from freed memory. The fix moves wx_free_isb_resources() from txgbe_close() to txgbe_remove() and corrects the isb free action in the txgbe_open() error pa...
CVE-2024-42257
The CVE-2024-42257 issue affects the Linux kernel ext4 code: the s_volume_name field in ext4_super_block was not NUL terminated. The root cause was using the wrong string copy approach; memtostr_pad() should be used instead of strncpy(), aligning with prior nonstring annotations in ext4.h. The re...
CVE-2024-42275
In CVE-2024-42275, the Linux kernel’s drm/client path fixes an error code in drm_client_buffer_vmap_local() that previously returned success on a failure path, causing locking issues and an uninitialized map_copy in the caller. The vulnerability is resolved by the upstream kernel fix. No exploits...
CVE-2024-46704
In the Linux kernel workqueue code, CVE-2024-46704 is a data race fix in __flush_work() when flushing a work item for cancellation. The root cause was reading @work->data before testing from_cancel, which could spuriously trigger KCSAN reports. A patch reorganized the code to test @from_cancel...
CVE-2024-46712
The documented CVE-2024-46712 affects the Linux kernel's DRM VMWGFX subsystem: coherent dumb buffers are enabled even when 3D is disabled, causing guest-only content to be retained and wasting guest-host synchronization efforts. The problem arises because coherent surfaces are only meaningful wit...
CVE-2024-55642
CVE-2024-55642: In the Linux kernel, the zone write plug error recovery could deadlock if a device queue freeze occurred while BIOs were plugged and a write failed. The automatic use of report zones after a failed write was removed, and recovery now relies on the user/driver to perform report zon...
CVE-2024-57988
In the Linux kernel, the Bluetooth driver btbcm had a NULL pointer dereference in btbcm_get_board_name() when devm_kstrdup() could return NULL. The fix adds a NULL check in btbcm_get_board_name() to prevent the dereference.
CVE-2024-58062
CVE-2024-58062: In the Linux kernel, the iwlwifi mvm code was fixed to avoid NULL pointer dereference when iterating over active links of a virtual interface (vif). The root cause was a missing check that the link pointer exists before dereferencing it; the patch adds usage of for_each_vif_active...
CVE-2025-21897
CVE-2025-21897: Linux kernel sched_ext vulnerability where pick_task_scx() could return non-queued tasks if balance() wasn’t called. The fix adds a workaround to emulate SCX_RQ_BAL_KEEP only when preceding balance_scx() is missing, and corrects the prior test that used @prev to decide if a task w...
CVE-2025-38012
CVE-2025-38012 concerns the Linux kernel vulnerability in sched_ext where bpf_iter_scx_dsq_new() may leave an uninitialized BPF iterator after an error return, causing bpf_iter_scx_dsq_next() to dereference garbage data. The patch ensures bpf_iter_scx_dsq_new() always clears kit->dsq, making n...
CVE-2025-38028
CVE-2025-38028 : Linux kernel local vulnerability in NFS/localio due to a race in nfs_local_open_fh. After clp->cl_uuid.lock is dropped, another CPU could free the recently added nfsd_file. The fix uses an RCU read lock before dropping the spin lock to prevent dangling pointers. Exploitation i...
CVE-2025-40300
The CVE-2025-40300 issue affects the Linux kernel’s x86/vmscape mitigation. The vulnerability arises from insufficient branch predictor isolation between a guest and a userspace hypervisor, which is mitigated by conditionally issuing an IBPB after VMexit and before returning to userspace. The fix...
CVE-2026-46241
CVE-2026-46241 concerns the SPI driver for the MPC52xx in the Linux kernel, where a use-after-free can occur if controller registration fails because interrupts are not properly disabled and freed. The issue is resolved by a fix that ensures interrupts are disabled and resources freed on registra...
CVE-1999-0400
CVE-1999-0400 affects Linux 2.2.0 where running the ldd command on a core file causes a denial of service. The connected documents confirm the affected component (ldd behavior on core files) and the impact (DoS). No explicit root cause, affected versions beyond Linux 2.2.0 are not detailed here, ...
CVE-2001-0914
The CVE-2001-0914 issue affects the Linux kernel prior to 2.4.11pre3. It allows local users to cause a denial of service (crash) by starting the core vmlinux kernel, with the root cause described as potentially poor error checking during ELF loading. Publicly available documents name the affected...
CVE-2001-1390
The CVE-2001-1390 entry concerns an unknown vulnerability in the Linux kernel component binfmt_misc prior to version 2.2.19, related to user pages. Connected advisories (Mandrake MDKSA-2001:037 and Debian DSA-047-1, among others) document that the core issue is an off-by-one error in the CPIA dri...
CVE-2001-1392
The supplied documents confirm CVE-2001-1392 affects the Linux kernel prior to 2.2.19, due to missing unregister calls for CPUID and MSR drivers, which could crash the system on unloading/loading (local DoS). Remediation is to upgrade to kernel 2.2.19 or later (as noted in Mandrake/Debian/NVD ref...
CVE-2001-1572
CVE-2001-1572 affects the Linux kernel Netfilter MAC module (versions 2.4.1–2.4.11) and allows remote attackers to bypass MAC-based packet filters by sending small packets. This is a network-vector, low-complexity, no-authentication exploit with partial impacts on confidentiality , integrity , an...
CVE-2003-0956
CVE-2003-0956 describes race conditions in the Linux kernel’s O_DIRECT handling prior to 2.4.22. Affected component: kernel I/O path for direct I/O (O_DIRECT) on 2.4.x. Impact: local users could read data from previously deleted files or see data during reads of truncated files, potentially expos...
CVE-2004-0424
CVE-2004-0424 involves an integer overflow in the Linux kernel’s ip_setsockopt handling of the MCAST_MSFILTER socket option. Affected ranges are Linux kernel 2.4.22–2.4.25 and 2.6.1–2.6.3. The vulnerability allows local users to cause a crash (denial of service) or potentially execute arbitrary c...
CVE-2004-0812
CVE-2004-0812 describes a local privilege/denial-of-service issue in the Linux kernel before 2.4.23 on AMD64 and Intel EM64T architectures, related to how TSS limits are set up. The vulnerability could allow a local user to crash the system and, in some scenarios, potentially execute arbitrary co...
CVE-2004-1151
CVE-2004-1151 involves multiple buffer overflows in the Linux 2.6.x kernel, specifically in sys32_ni_syscall() and sys32_vm86_warning() within sys_ia32.c. Exploitation could allow a local attacker to modify kernel memory and escalate privileges (root). Several advisories confirm affected kernels ...
CVE-2004-2607
CVE-2004-2607 is a local-read vulnerability in the Linux kernel (sdla_xfer) caused by casting a large len argument received as int to a short, preventing a read loop from filling a buffer. The description applies to Linux kernel 2.6.x (up to 2.6.5) and 2.4 (up to 2.4.29-rc1). Public documents con...
CVE-2005-0400
The CVE-2005-0400 issue affects the Linux kernel ext2 file system: ext2_make_empty does not initialize memory when allocating a new directory entry block, enabling local users to read potentially sensitive data from the block. The documented fix is in kernel update 2.6.11.6 (and related Red Hat/U...
CVE-2005-0937
The CVE-2005-0937 issue is a Linux kernel vulnerability in futex.c (2.6.x) where get_user may be invoked while mmap_sem is held. This can lead to a deadlock in do_page_fault if another thread is executing mmap or related operations, as described in the Linux kernel advisories. Public references (...
CVE-2006-0037
CVE-2006-0037 concerns the Linux kernel 2.6.14 (and other versions) where the PPTP NAT helper (netfilter/ip_nat_helper_pptp.c) is vulnerable. A crafted outbound packet can trigger an incorrect offset calculation from pointer arithmetic when non-linear SKBs are used, enabling a local user to cause...
CVE-2006-4572
CVE-2006-4572 concerns the Linux kernel’s netfilter ip6_tables. Affects the IPv6 tables implementation in versions prior to 2.6.16.31, allowing remote attackers to bypass security rules: (1) a protocol-disallow rule via a fragment header-adjacent protocol header, and (2) a header-extension rule v...
CVE-2009-0605
CVE-2009-0605 is a Linux kernel vulnerability affecting the do_page_fault path in arch/x86/mm/fault.c, present in 2.6.x up to 2.6.28.5. A local user with a registered Kprobes probe can trigger page faults to cause memory exhaustion, enabling denial of service and potentially privilege gain. The f...
CVE-2013-2890
CVE-2013-2890 affects the Linux kernel HID subsystem (drivers/hid/hid-sony.c). When CONFIG_HID_SONY is enabled, it allows physically proximate attackers to trigger a heap-based out-of-bounds write via a crafted USB device, leading to a denial of service. The vulnerability is described as existing...
CVE-2013-4512
CVE-2013-4512 describes a buffer overflow in the Linux kernel's user-mode Linux port, specifically in the write method of /proc/exitcode (exitcode_proc_write) in arch/um/kernel/exitcode.c, exploitable by local attackers with sufficient privileges. The vulnerability exists in kernels prior to 3.12...
CVE-2016-6776
CVE-2016-6776 is an elevation-of-privilege vulnerability in the NVIDIA Tegra kernel driver (NVHOST) where referencing memory after it has been freed may allow a local attacker to escalate to kernel code execution. The issue is documented across NVIDIA Bulletins for Jetson TK1/K1 and Tegra-line de...
CVE-2016-8429
CVE-2016-8429 concerns the NVIDIA Tegra kernel driver (NVMAP) in Android. The connected NVIDIA bulletins describe a memory safety issue in NVMAP where memory references after free can lead to denial of service and possible privilege escalation, enabling a local attacker to execute code in the ker...
CVE-2017-0325
CVE-2017-0325 affects the NVIDIA kernel driver’s i2c-hid component on Android. The issue allows an attacker to escalate privileges and execute arbitrary code in the kernel context by writing arbitrary data to an arbitrary location within i2c-hid. The vulnerability is local and requires interactio...