13804 matches found
CVE-2001-1390
The CVE-2001-1390 entry concerns an unknown vulnerability in the Linux kernel component binfmt_misc prior to version 2.2.19, related to user pages. Connected advisories (Mandrake MDKSA-2001:037 and Debian DSA-047-1, among others) document that the core issue is an off-by-one error in the CPIA dri...
CVE-2001-1572
CVE-2001-1572 affects the Linux kernel Netfilter MAC module (versions 2.4.1–2.4.11) and allows remote attackers to bypass MAC-based packet filters by sending small packets. This is a network-vector, low-complexity, no-authentication exploit with partial impacts on confidentiality , integrity , an...
CVE-2003-0956
CVE-2003-0956 describes race conditions in the Linux kernel’s O_DIRECT handling prior to 2.4.22. Affected component: kernel I/O path for direct I/O (O_DIRECT) on 2.4.x. Impact: local users could read data from previously deleted files or see data during reads of truncated files, potentially expos...
CVE-2003-1040
CVE-2003-1040 concerns kmod in the Linux kernel failing to set its uid, suid, gid, and sgid to 0. This can enable a local attacker to cause a denial-of-service condition (kernel crash) by sending certain signals to kmod. The associated public material confirms the issue in the kernel around 2.4.x...
CVE-2004-0133
CVE-2004-0133 affects the XFS file system code in Linux 2.4.x. The vulnerability allows an information leak by writing in-memory data to the block device hosting XFS, enabling local users to read sensitive kernel data from the raw device. Public advisories describe this as part of a broader set o...
CVE-2004-0229
CVE-2004-0229 affects the Linux kernel 2.6.x framebuffer driver, where the fb_copy_cmap function is not used correctly to copy cmap structures. The impact is listed as unknown in the primary CVE records, with local access required (attack vector: LOCAL, low complexity, no authentication). Connect...
CVE-2004-0424
CVE-2004-0424 involves an integer overflow in the Linux kernel’s ip_setsockopt handling of the MCAST_MSFILTER socket option. Affected ranges are Linux kernel 2.4.22–2.4.25 and 2.6.1–2.6.3. The vulnerability allows local users to cause a crash (denial of service) or potentially execute arbitrary c...
CVE-2004-0812
CVE-2004-0812 describes a local privilege/denial-of-service issue in the Linux kernel before 2.4.23 on AMD64 and Intel EM64T architectures, related to how TSS limits are set up. The vulnerability could allow a local user to crash the system and, in some scenarios, potentially execute arbitrary co...
CVE-2004-1057
The CVE-2004-1057 issue affects Linux kernel 2.4.19 and earlier, where several drivers do not mark memory with VM_IO, causing incorrect reference counts and potentially a denial of service via kernel panic when accessing freed pages. Connected advisories (RHSA-2006:0140, RHSA-2005:016, CESA-2006:...
CVE-2005-0400
The CVE-2005-0400 issue affects the Linux kernel ext2 file system: ext2_make_empty does not initialize memory when allocating a new directory entry block, enabling local users to read potentially sensitive data from the block. The documented fix is in kernel update 2.6.11.6 (and related Red Hat/U...
CVE-2005-3623
CVE-2005-3623 affects Linux kernel 2.6.14.4, where nfs2acl.c does not check MAY_SATTR before setting ACLs on files on exported NFS filesystems. This flaw can allow remote attackers to bypass ACLs on readonly-mounted NFS exports. The issue is addressed in kernel security updates (e.g., RHSA-2006:0...
CVE-2005-4639
CVE-2005-4639: A buffer overflow in the CA-driver (dst_ca.c) for TwinHan DST Frontend/Card affects Linux kernel 2.6.12 and other versions before 2.6.15. It allows local users to crash the system and potentially execute arbitrary code by reading more than eight bytes into an eight-byte array. Publ...
CVE-2006-1522
CVE-2006-1522 affects Linux kernel 2.6.16.1 and 2.6.17-rc1 (and possibly earlier). The sys_add_key function in the keyring code may add a key to a user key instead of a keyring, causing an invalid dereference in __keyring_search_one and resulting in a local DoS (OOPS) / kernel crash. The vulnerab...
CVE-2007-4774
CVE-2007-4774 concerns the Linux kernel prior to 2.4.36-rc1, where a race condition can bypass systrace policies by flooding a ptraced process with SIGCONT signals, potentially waking a PTRACED process. The documentation consistently describes this as a policy bypass rather than a broader impact ...
CVE-2007-5501
The CVE-2007-5501 entries confirm a vulnerability in the Linux kernel 2.6.21–2.6.23.7 and 2.6.24-rc through 2.6.24-rc2 where remote attackers can cause a denial of service (crash) by sending crafted ACKs that trigger a NULL pointer dereference in net/ipv4/tcp_input.c (tcp_sacktag_write_queue). Th...
CVE-2007-6733
CVE-2007-6733 affects the Linux kernel 2.6.9, where the nfs_lock function in fs/nfs/file.c fails to properly remove POSIX locks on files that are setgid without group-execute permission. This can allow local users to cause a denial of service (BUG and system crash) by locking a file on an NFS fil...
CVE-2009-0605
CVE-2009-0605 is a Linux kernel vulnerability affecting the do_page_fault path in arch/x86/mm/fault.c, present in 2.6.x up to 2.6.28.5. A local user with a registered Kprobes probe can trigger page faults to cause memory exhaustion, enabling denial of service and potentially privilege gain. The f...
CVE-2012-6536
CVE-2012-6536 affects the Linux kernel (up to version 3.6) in net/xfrm/xfrm_user.c. The vulnerability stems from not verifying that the Netlink message length matches a header field, enabling local users with CAP_NET_ADMIN to read sensitive kernel heap memory by supplying a (1) new or (2) updated...
CVE-2013-4127
CVE-2013-4127 is a use-after-free in the Linux kernel's vhost_net_set_backend (drivers/vhost/net.c) up to and including version 3.10.3, enabling local attackers to trigger a denial of service (OOPS and system crash) by powering on a virtual machine. The connected Nessus advisories (Unity Linux se...
CVE-2016-6775
Summary: CVE-2016-6775 is a vulnerability in the NVIDIA Tegra kernel driver (NVMAP) where referencing memory after it has been freed may lead to a denial of service or a local privilege escalation. The issue arises from a use-after-free condition in the NVMAP memory handling, enabling a local att...
CVE-2016-6776
CVE-2016-6776 is an elevation-of-privilege vulnerability in the NVIDIA Tegra kernel driver (NVHOST) where referencing memory after it has been freed may allow a local attacker to escalate to kernel code execution. The issue is documented across NVIDIA Bulletins for Jetson TK1/K1 and Tegra-line de...
CVE-2016-8479
CVE-2016-8479 describes an elevation-of-privilege in the Qualcomm GPU driver for Android. The vulnerability could let a local malicious app execute arbitrary code in the kernel context, potentially leading to a permanent device compromise that may require OS reflashing. Affected: Android on kerne...
CVE-2017-0325
CVE-2017-0325 affects the NVIDIA kernel driver’s i2c-hid component on Android. The issue allows an attacker to escalate privileges and execute arbitrary code in the kernel context by writing arbitrary data to an arbitrary location within i2c-hid. The vulnerability is local and requires interactio...
CVE-2017-0332
CVE-2017-0332 affects the NVIDIA crypto driver in Android kernels (NVIDIA Tegra). The vulnerability arises from a heap-allocated buffer overwrite in the cryptodev path, which could allow a local attacker to execute arbitrary code in kernel context (privilege escalation). Android’s public bulletin...
CVE-2017-0436
Summary of CVE-2017-0436 (Qualcomm sound driver privilege escalation) : The vulnerability affects Android, specifically the Qualcomm sound driver within kernel contexts (kernel versions 3.10 and 3.18). It enables a local, malicious application to elevate privileges and execute arbitrary code in t...
CVE-2017-0448
CVE-2017-0448 is an information-disclosure vulnerability in the NVIDIA Tegra NVHOST kernel driver. The root cause is a memory handling flaw (use-after-free/memory after free) that can allow a local attacker to access data outside the process permissions. Affected stack: Android devices using Kern...
CVE-2017-13686
The CVE-2017-13686 entry concerns Linux kernel versions 4.13-rc1 through 4.13-rc6, where net/ipv4/route.c does not correctly check the fi field when RTM_F_FIB_MATCH is set. This can allow a local attacker to trigger a NULL pointer dereference (denial of service) or potentially other unspecified i...
CVE-2021-47225
Linux kernel mac80211 deadlock when AP_VLANs are up and the AP interface is closed. Root cause: dev_close() held the wiphy mutex triggers netdev cfg80211 notifier to re-acquire the wiphy mutex. Fixes described: (1) prevent changing iftype while AP_VLANs are up; (2) move the dev_close() loop over ...
CVE-2022-49013
CVE-2022-49013 affects the Linux kernel SCTP path: a memory leak in sctp_stream_outq_migrate() where the object pointed by prio_head is not released when releasing stream out resources. The description includes a concrete memory-leak instance and a backtrace showing allocation paths, indicating r...
CVE-2022-49456
CVE-2022-49456 affects the Linux kernel bonding path. The root cause was removal of the rcu_read_lock in bond_ethtool_get_ts_info(), which could be invoked via setsockopt (not holding the RCU lock), enabling a local-privilege/ information-exposure risk as demonstrated by the syzbot trace. The fix...
CVE-2023-20840
CVE-2023-20840 affects imgsys with a possible out-of-bounds read/write caused by missing valid-range checks. Exploitation requires user interaction and can grant local escalation of privilege with system execution privileges. A patch is referenced: ALPS07326430 (Issue ALPS07326430). No additional...
CVE-2023-20847
CVE-2023-20847 affects MediaTek chips, specifically the imgsys_cmdq component, where a missing valid range check can cause an out-of-bounds read. This vulnerability can lead to local denial of service with SYSTEM privileges required, and exploitation requires user interaction. The known remedy in...
CVE-2023-52770
CVE-2023-52770 is a Linux-kernel (f2fs) issue: the bug stems from how extent_cache is allocated, with a split between initial and dynamic conditions that could trigger a panic during extent_cache updates (observed during a file creation with compressed flag and subsequent operations). The vulnera...
CVE-2024-38609
The CVE-2024-38609 issue is a Linux kernel vulnerability in wifi/mt76 (connac) where a NULL wcid could be dereferenced, leading to a crash. The fixed code adds a validity check before dereferencing the wcid to prevent a NULL pointer dereference. Exploitation would be local, with a crash impact (I...
CVE-2024-42235
CVE-2024-42235 affects the Linux kernel (s390/mm) where crst_table_free() and base_crst_free() could be called with NULL pointers. The issue was resolved by adding NULL pointer checks: crst_table_free() now validates NULL before use (as part of the crst_table_upgrade() error handling) and a simil...
CVE-2024-43848
In CVE-2024-43848, the Linux kernel vulnerability relates to wifi: mac80211 TTLM teardown work. The provided connected documents state that the worker can compute a wrong sdata pointer, and if executed, it may crash. All sources indicate this issue has been resolved in the kernel; no exploit info...
CVE-2024-45014
In CVE-2024-45014, Linux kernel s390/boot exposes a memory-muncertainty issue: when the kernel image is allocated, extra memory for offsetting the image start to align with the lower 20 bits of the KASLR base address was not accounted for, potentially allowing the kernel to access memory beyond i...
CVE-2024-46699
CVE-2024-46699: In the Linux kernel, drm/v3d preemption was not disabled around the write_seqcount_begin/end() used to update GPU stats, risking seqcount/RCU race conditions. Root cause: missing __seqprop_assert around the update path in v3d stats code leading to potential data corruption under p...
CVE-2024-54191
CVE-2024-54191 affects the Linux kernel Bluetooth stack (ISO). The issue arises from a circular lock between the socket lock and hdev lock in the ISO path. The fix reworks iso_sock_recvmsg and related code so that the socket lock is released before acquiring hdev, breaking the circular dependency...
CVE-2024-55642
CVE-2024-55642: In the Linux kernel, the zone write plug error recovery could deadlock if a device queue freeze occurred while BIOs were plugged and a write failed. The automatic use of report zones after a failed write was removed, and recovery now relies on the user/driver to perform report zon...
CVE-2025-38028
CVE-2025-38028 : Linux kernel local vulnerability in NFS/localio due to a race in nfs_local_open_fh. After clp->cl_uuid.lock is dropped, another CPU could free the recently added nfsd_file. The fix uses an RCU read lock before dropping the spin lock to prevent dangling pointers. Exploitation i...
CVE-2001-1244
Technical details such as affected products, versions, and root cause are not publicly provided in the connected documents. Monitor CVE-2001-1244 updates for concrete details.
CVE-2001-1394
CVE-2001-1394 is a Linux kernel local vulnerability describing a signedness error in (1) getsockopt and (2) setsockopt prior to kernel version 2.2.19 that allows local users to cause a denial of service. The connected documents confirm the affected component is the Linux kernel and specify the is...
CVE-2001-1397
CVE-2001-1397 affects the System V shared memory implementation in the Linux kernel before version 2.2.19. The issue allows attackers to modify recently freed memory within SYSV shared memory. Public sources consistently describe this as a kernel memory handling flaw rather than a user-space vuln...
CVE-2005-2098
The CVE-2005-2098 issue affects the Linux 2.6 kernel up to but before 2.6.12.5, where the KEYCTL_JOIN_SESSION_KEYRING error path fails to release the session management semaphore. This can allow local users or remote attackers to cause a denial of service (semaphore hang) by creating a new sessio...
CVE-2005-4886
The CVE-2005-4886 entry concerns the Linux kernel prior to 2.6.12-rc4, where the selinux_parse_skb_ipv6 function in security/selinux/hooks.c can be triggered by an incorrect call to ipv6_skip_exthdr, enabling remote attackers to cause a denial of service (OOPS). Connected advisories (RHSA-2005:51...
CVE-2006-0096
CVE-2006-0096 affects the SDLA driver in Linux kernels 2.6.x before 2.6.11 and 2.4.x before 2.4.29, describing lax capability checks for firmware upgrades. The description notes local attack vectors and an unclear impact; later investigation mentions that exploitation may require root privileges ...
CVE-2011-2208
The CVE-2011-2208 vulnerability affects the Linux kernel on the Alpha platform, caused by an integer signedness error in osf_getdomainname in arch/alpha/kernel/osf_sys.c. It allows local users to access sensitive kernel memory. Impact is limited to local exploitation with partial confidentiality ...
CVE-2013-3237
CVE-2013-3237 affects the Linux kernel’s vsock_stream_sendmsg in net/vmw_vsock/af_vsock.c, where a length variable is not initialized prior to use. This can allow local users to read sensitive data from kernel stack memory via crafted recvmsg/recvfrom syscalls. The issue is linked to the kernel v...
CVE-2014-2889
CVE-2014-2889 describes an off-by-one error in the Linux kernel's x86 BPF JIT path. Specifically, in arch/x86/net/bpf_jit_comp.c (function bpf_jit_compile) for kernel versions prior to 3.1.8, if BPF JIT is enabled an off-by-one condition can allow a local user to trigger a denial of service (syst...