14330 matches found
CVE-2017-0430
CVE-2017-0430 affects Android, involving an elevation of privilege in the Broadcom Wi‑Fi driver that could allow a local malicious application to execute arbitrary code in the kernel context. Affected components are Android kernels 3.10 and 3.18 with Broadcom Wi‑Fi driver involvement; the issue i...
CVE-2017-0446
CVE-2017-0446: Elevation of privilege in the HTC touchscreen driver on Android kernel 3.18, allowing a local attacker to execute arbitrary code in kernel context. Exploitation requires compromising a privileged process and local access. Publicly available patch/fix details are not provided in the...
CVE-2017-0455
CVE-2017-0455 is an information-disclosure vulnerability in the Qualcomm bootloader that could allow a local malicious app to execute arbitrary code within the bootloader context on affected Android devices (Kernel 3.18). CNVD/OSV entries tie it to Google Pixel devices (Pixel/Pixel XL); Nessus no...
CVE-2017-13686
The CVE-2017-13686 entry concerns Linux kernel versions 4.13-rc1 through 4.13-rc6, where net/ipv4/route.c does not correctly check the fi field when RTM_F_FIB_MATCH is set. This can allow a local attacker to trigger a NULL pointer dereference (denial of service) or potentially other unspecified i...
CVE-2017-8068
CVE-2017-8068 affects the Linux kernel 4.9.x before 4.9.11, where drivers/net/usb/pegasus.c interacts incorrectly with CONFIG_VMAP_STACK. This enables a local attacker to trigger a denial of service or memory corruption by exploiting use of more than one virtual page for a DMA scatterlist. The is...
CVE-2021-47298
CVE-2021-47298 concerns the Linux kernel: a bpf/sockmap path could leak a message if skb_linearize fails, resolved by freeing the msg block before returning an error. Multiple connected advisories reference the same fix in the kernel; impact is a potential memory leak (no exploitation details pro...
CVE-2021-47568
CVE-2021-47568 concerns the ksmbd module in the Linux kernel, where a memory leak in get_file_stream_info() (fs/ksmbd/smb2pdu.c) could lead to resource exhaustion and a denial-of-service risk. The issue is resolved in the provided documents by applying a fix for the memleak; exploitation details ...
CVE-2022-48876
CVE-2022-48876 concerns the Linux kernel wifi/mac80211 path, where rx->link and rx->link_sta were not always initialized, risking a NULL pointer dereference in code paths such as __ieee80211_rx_h_amsdu invoked from fast-rx. The public records in the provided documents describe the vulnerabi...
CVE-2022-49383
CVE-2022-49383 describes a Linux kernel issue where during restart the watchdog driver for rzg2l_wdt could hit a BUG: Invalid wait context. The fix patches the restart sequence to use clk_prepare_enable() instead of pm_runtime_get_sync() to turn on clocks, addressing the invalid-wait context obse...
CVE-2022-49452
The provided documents describe CVE-2022-49452 affecting the DPAA2-ETH path in the Linux kernel. The issue arises when the TSO header is freed after dma_unmap, using a DMA-mapped buffer’s address that has already been unmapped. The fix implemented is to call dpaa2_iova_to_virt() before dma_unmap ...
CVE-2022-49456
CVE-2022-49456 affects the Linux kernel bonding path. The root cause was removal of the rcu_read_lock in bond_ethtool_get_ts_info(), which could be invoked via setsockopt (not holding the RCU lock), enabling a local-privilege/ information-exposure risk as demonstrated by the syzbot trace. The fix...
CVE-2022-50214
CVE-2022-50214 affects the Linux kernel coresight subsystem. Vulnerability: coresight_remove_match() does not clear the fwnode field when dropping references, causing a use-after-free and extra refcount drops if a device is removed after its peer. Impact: potential local use-after-free conditions...
CVE-2023-20840
CVE-2023-20840 affects imgsys with a possible out-of-bounds read/write caused by missing valid-range checks. Exploitation requires user interaction and can grant local escalation of privilege with system execution privileges. A patch is referenced: ALPS07326430 (Issue ALPS07326430). No additional...
CVE-2023-53004
CVE-2023-53004 concerns a Linux kernel overlay (ovl) tmpfile leak due to a missed error cleanup. The vulnerability is resolved in the kernel with patches referenced by the stable commits listed in the sources. The CVSSv3.1 vector indicates LOCAL attack vector, LOW attack complexity and privileges...
CVE-2024-38609
The CVE-2024-38609 issue is a Linux kernel vulnerability in wifi/mt76 (connac) where a NULL wcid could be dereferenced, leading to a crash. The fixed code adds a validity check before dereferencing the wcid to prevent a NULL pointer dereference. Exploitation would be local, with a crash impact (I...
CVE-2024-42235
CVE-2024-42235 affects the Linux kernel (s390/mm) where crst_table_free() and base_crst_free() could be called with NULL pointers. The issue was resolved by adding NULL pointer checks: crst_table_free() now validates NULL before use (as part of the crst_table_upgrade() error handling) and a simil...
CVE-2024-43848
In CVE-2024-43848, the Linux kernel vulnerability relates to wifi: mac80211 TTLM teardown work. The provided connected documents state that the worker can compute a wrong sdata pointer, and if executed, it may crash. All sources indicate this issue has been resolved in the kernel; no exploit info...
CVE-2024-44945
CVE-2024-44945 affects the Linux kernel netfilter nfnetlink: the vulnerability arises from missing extack initialisation when ACKing BATCH_BEGIN and BATCH_END. The issue is in extack handling, which could impact the ACK path for those batch operations. The provided CVE details indicate the fix is...
CVE-2024-46799
CVE-2024-46799 — Linux kernel net: ethernet: ti: am65-cpsw : The issue is a NULL pointer dereference in am65_cpsw_ndo_xdp_xmit() that occurs when the number of TX queues is set to 1 during XDP_TX. The Astra Linux entry and canonical description confirm the root cause and the fix: use actual TX qu...
CVE-2024-58075
CVE-2024-58075: In the Linux kernel, crypto: tegra may transfer a request even when tegra_cmac_init/tegra_sha_init returns an error (e.g., memory exhaustion). A patch in kernel code fixes that the request must not be transferred on init failure. Affected: Linux kernel crypto/tegra components; imp...
CVE-2025-21805
CVE-2025-21805 affects the Linux kernel RDMA/rtrs path. The root cause is a missing deinit() invocation for the IB event handler, introduced by commit 667db86bcbe8, which leads to a warning (list_add corruption) during repeated connect/disconnect of rnbd. The fix is to call deinit() to unregister...
CVE-2025-21840
CVE-2025-21840 affects the Linux kernel thermal netlink interface. The intel-lpmd tool segfaults because THERMAL_GENL_ATTR_CPU_CAPABILITY’s raw value changed in a commit, while intel_lpmd still used the old value. The documented fix moves THERMAL_GENL_ATTR_TZ_PREV_TEMP to the end of enum thermal_...
CVE-2025-21879
CVE-2025-21879 describes a Linux kernel use-after-free in the btrfs code. In btrfs_scan_root(), the kernel could dereference inode->root->fs_info after scheduling the inode for delayed iput, if the cleaner kthread ran iput first, leading to a use-after-free of the inode and potential crash....
CVE-2025-38618
CVE-2025-38618 concerns the Linux kernel where a vsock could autobind to VMADDR_PORT_ANY, risking a use-after-free on connection to the bound socket. The fix updates __vsock_bind_connectible() to also prevent binding to VMADDR_PORT_ANY. Connected sources (e.g., Astra Linux, Debian LTS advisories,...
CVE-2026-23069
CVE-2026-23069 (Linux kernel) : In vsock/virtio, the credit calculation in virtio_transport_get_credit() can underflow when the peer’s advertised buffer (peer_buf_alloc) shrinks while data is in flight, potentially allowing more data to be queued than the peer can handle. The issue arises from un...
CVE-2026-46289
In the Linux kernel, CVE-2026-46289 concerns bugs in lib/scatterlist during extract_kvec_to_sg when transferring data from a kvec to a sglist. The main issues: (1) the computed length for a sglist entry can exceed the page size, causing overread; (2) while extracting a user buffer, the sglist can...
CVE-2026-46325
Summary (details from sources): CVE-2026-46325 affects the Linux kernel RDMA/rxe code, where iova-to-va conversion fails when MR page_size differs from system PAGE_SIZE. The bug arises because rxe_set_page() uses mr->page_size steps while the page_list holds PAGE_SIZE pages, and ib_sg_to_page(...
CVE-1999-0461
CVE-1999-0461 affects rpcbind implementations (Linux, IRIX and Wietse Venema’s rpcbind). The issue allows a remote attacker to insert and delete entries by spoofing the source address. Exploitation status is mentioned in multiple sources, but no specific patch/versions with a fix are provided in ...
CVE-2003-1040
CVE-2003-1040 concerns kmod in the Linux kernel failing to set its uid, suid, gid, and sgid to 0. This can enable a local attacker to cause a denial-of-service condition (kernel crash) by sending certain signals to kmod. The associated public material confirms the issue in the kernel around 2.4.x...
CVE-2004-0133
CVE-2004-0133 affects the XFS file system code in Linux 2.4.x. The vulnerability allows an information leak by writing in-memory data to the block device hosting XFS, enabling local users to read sensitive kernel data from the raw device. Public advisories describe this as part of a broader set o...
CVE-2004-0229
CVE-2004-0229 affects the Linux kernel 2.6.x framebuffer driver, where the fb_copy_cmap function is not used correctly to copy cmap structures. The impact is listed as unknown in the primary CVE records, with local access required (attack vector: LOCAL, low complexity, no authentication). Connect...
CVE-2004-1057
The CVE-2004-1057 issue affects Linux kernel 2.4.19 and earlier, where several drivers do not mark memory with VM_IO, causing incorrect reference counts and potentially a denial of service via kernel panic when accessing freed pages. Connected advisories (RHSA-2006:0140, RHSA-2005:016, CESA-2006:...
CVE-2005-2099
CVE-2005-2099 affects the Linux kernel (pre-2.6.12.5) where a keyring that is not instantiated properly is not destroyed, allowing local users or remote attackers to trigger a kernel oops via a payload in the keyring, leading to a denial of service. The affected code path is in the keyring destru...
CVE-2005-3119
CVE-2005-3119 affects the Linux kernel 2.6.10 through 2.6.13, where a memory leak in request_key_auth_destroy (within request_key_auth) can be exploited by a local user to cause denial of service via excessive authorization token keys. The connected advisories indicate this vulnerability is addre...
CVE-2005-3623
CVE-2005-3623 affects Linux kernel 2.6.14.4, where nfs2acl.c does not check MAY_SATTR before setting ACLs on files on exported NFS filesystems. This flaw can allow remote attackers to bypass ACLs on readonly-mounted NFS exports. The issue is addressed in kernel security updates (e.g., RHSA-2006:0...
CVE-2007-6733
CVE-2007-6733 affects the Linux kernel 2.6.9, where the nfs_lock function in fs/nfs/file.c fails to properly remove POSIX locks on files that are setgid without group-execute permission. This can allow local users to cause a denial of service (BUG and system crash) by locking a file on an NFS fil...
CVE-2008-1675
The CVE-2008-1675 issue affects the Linux kernel 2.6.x up to 2.6.25.1, where the bdx_ioctl_priv function in the tehuti driver (tehuti.c) does not properly validate register-size related information. This can lead to an unspecified impact, with local attack vectors and potential kernel memory acce...
CVE-2009-0024
The CVE-2009-0024 entry concerns the Linux kernel vulnerability in the sys_remap_file_pages function (mm/fremap.c) present in versions prior to 2.6.24.1. The issue arises from the vm_file structure member and related mmap_region and do_munmap paths, allowing local users to cause a denial of servi...
CVE-2010-5329
The CVE-2010-5329 issue affects Linux kernels (video_usercopy in drivers/media/video/v4l2-ioctl.c) before 2.6.39. The flaw is that it relies on the count value of a v4l2_ext_controls data structure to determine a kmalloc size, which could allow local users to trigger memory exhaustion (DoS). The ...
CVE-2011-2208
The CVE-2011-2208 vulnerability affects the Linux kernel on the Alpha platform, caused by an integer signedness error in osf_getdomainname in arch/alpha/kernel/osf_sys.c. It allows local users to access sensitive kernel memory. Impact is limited to local exploitation with partial confidentiality ...
CVE-2012-6536
CVE-2012-6536 affects the Linux kernel (up to version 3.6) in net/xfrm/xfrm_user.c. The vulnerability stems from not verifying that the Netlink message length matches a header field, enabling local users with CAP_NET_ADMIN to read sensitive kernel heap memory by supplying a (1) new or (2) updated...
CVE-2013-3232
The CVE-2013-3232 issue is a Linux kernel local information disclosure caused by nr_recvmsg in net/netrom/af_netrom.c not initializing a data structure. Affected: Linux kernel versions prior to 3.9-rc7 (per the description). Impact: local users may read kernel stack memory via crafted recvmsg/rec...
CVE-2013-4127
CVE-2013-4127 is a use-after-free in the Linux kernel's vhost_net_set_backend (drivers/vhost/net.c) up to and including version 3.10.3, enabling local attackers to trigger a denial of service (OOPS and system crash) by powering on a virtual machine. The connected Nessus advisories (Unity Linux se...
CVE-2014-2889
CVE-2014-2889 describes an off-by-one error in the Linux kernel's x86 BPF JIT path. Specifically, in arch/x86/net/bpf_jit_comp.c (function bpf_jit_compile) for kernel versions prior to 3.1.8, if BPF JIT is enabled an off-by-one condition can allow a local user to trigger a denial of service (syst...
CVE-2016-6759
CVE-2016-6759 is an elevation of privilege vulnerability in Qualcomm Media Codecs on Android. It could allow a local malicious app to execute arbitrary code within the context of a privileged process. Affected components/conditions: Android devices using Kernel-3.10 or Kernel-3.18 with Qualcomm M...
CVE-2016-6775
Summary: CVE-2016-6775 is a vulnerability in the NVIDIA Tegra kernel driver (NVMAP) where referencing memory after it has been freed may lead to a denial of service or a local privilege escalation. The issue arises from a use-after-free condition in the NVMAP memory handling, enabling a local att...
CVE-2016-6777
CVE-2016-6777 affects NVIDIA Tegra kernel driver (NVMAP) with a use-after-free vulnerability: referencing memory after it has been freed can lead to denial of service or possible privilege escalation. Base details in NVIDIA/Tegra entries show a CVSSv3.0 base score of 8.4 and a local/privilege-esc...
CVE-2016-8479
CVE-2016-8479 describes an elevation-of-privilege in the Qualcomm GPU driver for Android. The vulnerability could let a local malicious app execute arbitrary code in the kernel context, potentially leading to a permanent device compromise that may require OS reflashing. Affected: Android on kerne...
CVE-2017-0332
CVE-2017-0332 affects the NVIDIA crypto driver in Android kernels (NVIDIA Tegra). The vulnerability arises from a heap-allocated buffer overwrite in the cryptodev path, which could allow a local attacker to execute arbitrary code in kernel context (privilege escalation). Android’s public bulletin...
CVE-2017-0339
CVE-2017-0339 is an NVIDIA Tegra crypto-dev driver IOCTL handling vulnerability. The issue arises when a value is passed to the kernel driver without proper validation, potentially causing array index issues. Affected are NVIDIA Tegra-based platforms running Linux for Tegra in Android, notably Je...