Lucene search
K
LinuxLinux Kernel

14330 matches found

CVE
CVE
added 2024/08/21 6:10 a.m.61 views

CVE-2022-48882

CVE-2022-48882: In the Linux kernel, a macsec null-dereference could occur in the net/mlx5e hw-offload path when updating a SecY with extended packet number (epn) enabled. The macsec SA initialization would fetch salt and ssci from the rx_sa context, which may be unavailable during SecY property ...

5.5CVSS6.5AI score0.00205EPSS
CVE
CVE
added 2024/10/21 8:5 p.m.61 views

CVE-2022-48964

The CVE-2022-48964 entry concerns a use-after-free in the Linux kernel ravb_rx_gbeth() path. The vulnerability arises when a socket buffer (skb) is freed by napi_gro_receive(), and later dereferenced, leading to potential memory corruption. The connected sources consistently describe this as a fi...

7.8CVSS7.4AI score0.00227EPSS
CVE
CVE
added 2024/10/21 8:5 p.m.61 views

CVE-2022-48965

CVE-2022-48965 concerns a refcount leak in rockchip_gpiolib_register() within linux-5.x kernels. The root cause is a missing of_node_put() for the parent node after obtaining it with of_get_parent(). The fix adds of_node_put() at the end of of_pinctrl_get() to balance the refcount. Multiple advis...

5.5CVSS5.3AI score0.00229EPSS
CVE
CVE
added 2025/02/26 1:54 a.m.61 views

CVE-2022-49079

CVE-2022-49079 involves the Linux kernel Btrfs zoned code. Root cause: btrfs_can_activate_zone() could be invoked with fs_devices->device_list_mutex already held, risking deadlock through a long call chain (insert_dev_extents -> find_free_extent -> can_allocate_chunk etc.). Mitigation de...

5.5CVSS6.3AI score0.00173EPSS
CVE
CVE
added 2025/03/27 4:43 p.m.61 views

CVE-2022-49758

The CVE-2022-49758 entry concerns a Linux kernel issue in the uniphier-glue path where a call to resource_size(res) may dereference NULL if platform_get_resource() returns NULL. This is a local, low-privilege issue with high availability impact as described in the CVE (CVSS: AV:L/AC:L/PR:L/UI:N/S...

5.5CVSS6.6AI score0.00187EPSS
CVE
CVE
added 2025/05/01 2:9 p.m.61 views

CVE-2022-49782

CVE-2022-49782 affects the Linux kernel perf subsystem, where __perf_event_overflow incorrectly handled missing SIGTRAP, allowing a scenario where hrtimer/irq work could re-enter kernel space before returning to user space. The fix introduces a 32‑bit hash of the current IP into pending_sigtrap t...

5.5CVSS6.3AI score0.00163EPSS
CVE
CVE
added 2025/05/01 2:10 p.m.61 views

CVE-2022-49854

CVE-2022-49854 concerns the Linux kernel: a resource leak in the mctp_init() error path when mctp_neigh_init() returns an error. The issue is resolved by ensuring route resources are released in the error handling path, preventing leaks. Affected component: mctp subsystem in the kernel; impact is...

5.5CVSS6.6AI score0.00163EPSS
CVE
CVE
added 2025/05/01 2:10 p.m.61 views

CVE-2022-49867

CVE-2022-49867 : In the Linux kernel IOSM driver (net: wwan: iosm), the device was registered without setting needs_free_netdev and free_netdev() was not called on unregister, causing a memory leak. The published patch enables needs_free_netdev to true at registration, so the netdev subsystem wil...

5.5CVSS6.4AI score0.00164EPSS
CVE
CVE
added 2025/05/01 2:10 p.m.61 views

CVE-2022-49876

Summary: CVE-2022-49876 is a Linux kernel vulnerability in wifi/mac80211 that causes a general-protection fault when an interface’s status changes during active transmission. The issue stems from accessing sdata->bss after it is set to NULL during ieee80211_runtime_change_iftype/ieee80211_do_s...

5.5CVSS6.5AI score0.0014EPSS
CVE
CVE
added 2025/05/01 2:10 p.m.61 views

CVE-2022-49912

CVE-2022-49912 is a Linux kernel vulnerability affecting btrfs qgroup self tests, where the old_roots ulist could leak on error paths when failing to add tree refs or remove extent data. The fix ensures the ulist is freed (ulist_free) before returning from the test paths, mitigating the leak. No ...

5.5CVSS6.5AI score0.00173EPSS
CVE
CVE
added 2024/08/21 6:10 a.m.61 views

CVE-2023-52908

CVE-2023-52908 (Linux kernel): In drm/amdgpu, a potential NULL dereference could occur when the resource manager is NULL while printing debug information. The entry states this was fixed in the Linux kernel (drm/amdgpu: Fix potential NULL dereference). Concrete details in the connected docs point...

5.5CVSS6.5AI score0.00205EPSS
CVE
CVE
added 2025/03/27 4:43 p.m.61 views

CVE-2023-53012

CVE-2023-53012 is documented across multiple connected advisories as a Linux kernel vulnerability affecting the thermal subsystem. The issue arises from calling put_device() before a successful device_register(), specifically in __thermal_cooling_device_register(), and is accompanied by unnecessa...

5.5CVSS6.6AI score0.00188EPSS
CVE
CVE
added 2025/05/02 3:56 p.m.61 views

CVE-2023-53127

In CVE-2023-53127, the Linux kernel SCSI MPI3MR driver had a leak in the mpi3mr_remove() cleanup path (expander node leak) due to a missing resource cleanup. The fix adds the missing cleanup in .remove(), mitigating an information/resource leak with a Local attack vector and, per the NVD entry, a...

5.5CVSS6.5AI score0.00152EPSS
CVE
CVE
added 2024/06/21 10:18 a.m.61 views

CVE-2024-38626

CVE-2024-38626 is a Linux kernel vulnerability related to FUSE. The issue occurs when a READ-INIT request is resent via a USE_NOTIFY_RESEND, causing the INIT request to be moved from processing to pending and potentially triggering a warning in fuse_request_end. The documented fix is to clear the...

5.5CVSS6.3AI score0.00191EPSS
CVE
CVE
added 2024/08/17 8:54 a.m.61 views

CVE-2024-42266

CVE-2024-42266 relates to the Linux kernel btrfs module. The issue stems from the cow_file_range_inline() path not honoring the folio lock state on error, which can lead to an assertion panic or kernel bug when a folio becomes unlocked during buffered write handling in __extent_writepage()/extent...

5.5CVSS6.4AI score0.00193EPSS
CVE
CVE
added 2024/09/13 5:29 a.m.61 views

CVE-2024-46690

The CVE-2024-46690 issue in the Linux kernel concerns nfsd4_deleg_getattr_conflict when a third‑party lease is present. The root cause was unsafe dereferencing of fl->c.flc_owner without verifying that fl->fl_lmops is the expected manager, leading to incorrect delegation handling. A patch r...

5.5CVSS5.2AI score0.00185EPSS
CVE
CVE
added 2024/12/27 3:6 p.m.61 views

CVE-2024-56666

In Linux kernel, drm/amdkfd: Dereference null return value in pqm_uninit occurs when pdd = kfd_get_process_device_data could be NULL and is dereferenced without NULL-checking. This is a local, low-privilege issue with MEDIUM impact per CVSS v3.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). The CVE is m...

5.5CVSS6.6AI score0.0018EPSS
CVE
CVE
added 2024/12/27 3:6 p.m.61 views

CVE-2024-56668

The CVE-2024-56668 issue affects the Linux kernel iommu/vt-d path where qi_batch could be NULL for nested parent domains, risking a kernel NULL pointer dereference and a potential memory leak due to lack of locking around domain->qi_batch allocation. The root cause is that qi_batch was not all...

5.5CVSS6.3AI score0.0018EPSS
CVE
CVE
added 2025/01/11 2:49 p.m.61 views

CVE-2024-57877

The CVE is a Linux kernel arm64 flaw in ptrace NT_ARM_POE handling (poe_set): a temporary ctrl value is not initialized, so a zero-length SETREGSET can write an uninitialized value into target->thread.por_el0, potentially leaking up to 64 bits from the kernel stack. The patch fixes this by ini...

6.1CVSS6.3AI score0.00175EPSS
CVE
CVE
added 2025/02/27 2:7 a.m.61 views

CVE-2024-57987

CVE-2024-57987 is a Linux kernel Bluetooth vulnerability in the btrtl driver. When inserting a USB dongle whose Realtek chip isn’t in ic_id_table, a NULL dereference could trigger a kernel oops. The fix adds a NULL check in btrtl_setup_realtek() to prevent the NULL pointer access. Affected: Linux...

5.5CVSS6.5AI score0.00205EPSS
CVE
CVE
added 2025/02/27 8:0 p.m.61 views

CVE-2024-58022

CVE-2024-58022 relates to a NULL vs IS_ERR() handling bug in the Linux kernel’s mailbox th1520 path. The vulnerable code used to treat NULL returns from devm_ioremap() as errors consistent with IS_ERR() checks, which is incorrect since devm_ioremap() returns NULL on failure. The fixed description...

5.5CVSS6.5AI score0.00177EPSS
CVE
CVE
added 2025/02/27 2:18 a.m.61 views

CVE-2025-21777

CVE-2025-21777 affects the Linux kernel ring-buffer metadata validation. The vulnerability stems from the subbuf index array (reader page and subbuffer order) potentially containing duplicates, which the validator did not check. If duplicates exist on the writer side, the ring buffer link list co...

5.5CVSS6.8AI score0.00191EPSS
CVE
CVE
added 2025/02/27 2:18 a.m.61 views

CVE-2025-21788

Technical details for CVE-2025-21788 are not provided in the connected documents; the initial description does not reveal vendor/product/version specifics, affected components, or remediation. Monitor for updates.

5.5CVSS6.5AI score0.00203EPSS
CVE
CVE
added 2025/02/27 8:4 p.m.61 views

CVE-2025-21813

CVE-2025-21813 affects the Linux kernel timers/migration code. The root cause is an off-by-one mis-count during the migration of the top CPU group to a new root, where the old root is pre-accounted as a child of the new root. After attaching the upcoming CPU’s top group, the expected children cou...

5.5CVSS6.4AI score0.00179EPSS
CVE
CVE
added 2025/04/01 3:41 p.m.61 views

CVE-2025-21933

CVE-2025-21933: In the Linux kernel (ARM), a NULL pointer dereference can occur in pgtable when update_mmu_cache_range() is invoked with a NULL vmf, causing a NULL dereference in adjust_pte(). The issue is triggered by how PTE locks are acquired; the fix changes the lock decision to be based on w...

5.5CVSS7AI score0.00159EPSS
CVE
CVE
added 2025/06/18 9:33 a.m.61 views

CVE-2025-38036

The CVE-2025-38036 entry describes a Linux kernel issue in drm/xe/vf where GuC communication required GT MMIO to be initialized. Root cause: gt->mmio was initialized late due to recent refactoring, causing GuC calls to xe_mmio_read|write() to crash with an NPD when attempting to access MMIO ad...

5.5CVSS6.3AI score0.0014EPSS
CVE
CVE
added 2025/06/18 9:33 a.m.61 views

CVE-2025-38041

CVE-2025-38041 concerns Linux kernel code: clk: sunxi-ng: h616 reparents the GPU clock to the GPU1 clock during frequency changes to mitigate panfrost OoOps and GPU hangs when performing device DVFS on the GPU. The vulnerability is effectively a local issue with the GPU clock DVFS pathway; the ex...

5.5CVSS6.7AI score0.0014EPSS
CVE
CVE
added 2025/07/03 8:35 a.m.61 views

CVE-2025-38125

The CVE (CVE-2025-38125) affects the Linux kernel’s net: stmmac driver, where a 0 ptp_rate could propagate to EST configuration, causing a division by zero. The fix adds a guard to ensure ptp_rate is non-zero before configuring EST, with an error path if zero is encountered. According to SUSE/Ope...

5.5CVSS7AI score0.00158EPSS
CVE
CVE
added 2025/07/03 8:35 a.m.61 views

CVE-2025-38137

Technical details about CVE-2025-38137 (Linux kernel PCI/pwrctrl use-after-free due to rescan handling) are not provided in the connected documents. Public disclosures here list the CVE but do not elaborate affected versions, root cause, or fixes. Monitor for updates.

7.8CVSS7.2AI score0.00155EPSS
CVE
CVE
added 2025/07/10 7:41 a.m.61 views

CVE-2025-38274

The CVE-2025-38274 issue affects the Linux kernel FPGA subsystem, specifically fpga_mgr_test_img_load_sgt(). The root cause was an allocation of sgt with kunit_kzalloc() without verifying success; later __sg_alloc_table() called memset() on sgt, causing a NULL pointer dereference if allocation fa...

5.5CVSS6.5AI score0.00155EPSS
CVE
CVE
added 2025/08/16 11:12 a.m.61 views

CVE-2025-38527

CVE-2025-38527 affects the Linux kernel smb client (cifs_oplock_break). A race during unmount can lead to a use-after-free of cinode when the superblock is deactivated. The vulnerability occurs because cifs_oplock_break() may access cinode after the last superblock reference is released, triggeri...

7.8CVSS6.6AI score0.0015EPSS
CVE
CVE
added 2026/04/12 5:36 a.m.61 views

CVE-2026-31413

CVE-2026-31413 — Linux kernel BPF verifier flaw (CVE-joined info from multiple sources) The issue arises in maybe_fork_scalars() when handling ARSH plus AND/OR with a constant in the BPF verifier. The code forks the verifier state; the pushed path previously used env->insn_idx + 1, so it re-ex...

7.8CVSS5.7AI score0.00221EPSS
CVE
CVE
added 2026/06/09 11:52 a.m.61 views

CVE-2026-46317

CVE-2026-46317 concerns the Linux kernel KVM on arm64. A traversal of the array kvm->arch.nested_mmus[] occurs under kvm->mmu_lock, while kvm_vcpu_init_nested() reallocates the array and frees the old buffer with only kvm->arch.config_lock held. The fix moves the allocation outside the m...

8.8CVSS5.6AI score0.0013EPSS
CVE
CVE
added 2000/02/04 5:0 a.m.60 views

CVE-1999-0195

Summary (CVE-1999-0195) : This is a DoS in the RPC portmapper where attackers can register/unregister RPC services or spoof services using a spoofed source IP (e.g., 127.0.0.1). Multiple connected records corroborate the behaviour, including Red Hat and SUSE advisories. The exact affected product...

5CVSS7.2AI score0.01489EPSS
CVE
CVE
added 2000/04/12 4:0 a.m.60 views

CVE-2000-0227

The CVE-2000-0227 entry concerns the Linux 2.2.x kernel where the number of Unix domain sockets is not restricted by the wmem_max parameter. This allows a local attacker to cause a denial of service by requesting a large number of sockets. The linked sources confirm the affected platform and vuln...

2.1CVSS6.5AI score0.00771EPSS
CVE
CVE
added 2002/03/09 5:0 a.m.60 views

CVE-2001-1056

The CVE affects the ip_masq_irc IP masquerading module 2.2. A remote attacker can bypass firewall restrictions by inducing the target to send a DCC SEND to a malicious server listening on port 6667, which may cause the module to treat that traffic as valid and permit the connection to the port sp...

7.5CVSS7.1AI score0.02439EPSS
CVE
CVE
added 2002/08/31 4:0 a.m.60 views

CVE-2001-1396

CVE-2001-1396 corresponds to an off-by-one vulnerability in the CPIA driver of the Linux kernel prior to 2.2.19. Connected advisories confirm that this flaw could allow a local attacker to modify kernel memory, potentially impacting confidentiality and integrity (and with related disclosures, DoS...

3.6CVSS5.6AI score0.0044EPSS
CVE
CVE
added 2002/08/31 4:0 a.m.60 views

CVE-2001-1400

CVE-2001-1400 describes a local denial-of-service issue in the Linux kernel before 2.2.19 where UDP port allocation could deadlock a system. Connected advisories confirm the vulnerability affects the Linux kernel up to 2.2.18 and are corrected in the 2.2.19 release (e.g., Mandrake MDKSA-2001:037 ...

2.1CVSS5.4AI score0.004EPSS
CVE
CVE
added 2005/07/14 4:0 a.m.60 views

CVE-2001-1551

Summary: CVE-2001-1551 affects the Linux kernel 2.2.19. The issue arises because CAP_SYS_RESOURCE is enabled for setuid processes, allowing local users to exceed disk quota restrictions during execution of setuid programs. What’s affected: Linux kernel 2.2.19 (setuid/process context). Impact (as ...

2.1CVSS6.8AI score0.00415EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.60 views

CVE-2002-0704

The CVE-2002-0704 entry concerns Netfilter (iptables) NAT capability leaking translated IP addresses in ICMP error messages for versions 1.2.6a and earlier. Affected component: Netfilter (iptables) NAT feature. Root cause: NAT leaks internal addresses in ICMP error messages. Impact: potential exp...

7.5CVSS7AI score0.03242EPSS
CVE
CVE
added 2006/01/23 10:0 p.m.60 views

CVE-2002-1571

CVE-2002-1571 affects the Linux 2.4 kernel pre-2.4.19. The root cause is that the fninit instruction is assumed to clear all registers, which can cause an information leak on processors that do not clear all relevant SSE registers. The practical impact is potential leakage of information (partial...

2.1CVSS6.1AI score0.00392EPSS
CVE
CVE
added 2005/02/16 5:0 a.m.60 views

CVE-2005-0177

CVE-2005-0177 relates to the Linux kernel: nls_ascii.c incorrectly sized the translation table (128 vs 256), enabling a buffer overflow that can crash the kernel (DoS). Public references in Ubuntu/SUSE/NVD describe the same issue affecting Linux kernels up to 2.6.8.1, with fixes provided in newer...

7.8CVSS6.4AI score0.0242EPSS
CVE
CVE
added 2005/10/07 4:0 a.m.60 views

CVE-2005-1764

CVE-2005-1764 is a kernel vulnerability affecting Linux 2.6 on 64-bit x86 (x86_64). The issue arises because the 47‑bit address page guard is not used, leaving the system vulnerable to local DoS via AMD K8 bug exploitation. Documents confirm the flaw and note that updates/patches were released (e...

2.1CVSS6.1AI score0.00393EPSS
CVE
CVE
added 2005/10/25 4:0 a.m.60 views

CVE-2005-2708

CVE-2005-2708 details: a flaw in Linux 2.4 kernel on 64‑bit x86 where exec.c’s search_binary_handler fails to check a return code under low virtual memory, enabling local users to trigger a denial of service (panic). Public discussions in Ubuntu/Bash contexts confirm the issue affects 64‑bit x86,...

2.1CVSS6.2AI score0.00518EPSS
CVE
CVE
added 2006/03/07 2:0 a.m.60 views

CVE-2006-0555

Vulnerability: CVE-2006-0555 affects the Linux kernel prior to 2.6.15.5, where NFS client operations using O_DIRECT can cause the kernel to panic and crash (local denial of service). Affected product is the Linux kernel; root cause relates to direct I/O handling for NFS. Public advisories from Re...

2.1CVSS5.8AI score0.00412EPSS
CVE
CVE
added 2006/04/12 11:0 p.m.60 views

CVE-2006-1523

CVE-2006-1523 affects the Linux kernel’s RCU signal handling: the __group_complete_signal function in signal.c may allow local DoS due to an unsafe BUG_ON, guarded by siglock while switch_exit_pids() uses tasklist_lock. Affected version cited is kernel 2.6.16 (and possibly other 2.6.x). The conne...

10CVSS6.2AI score0.02549EPSS
CVE
CVE
added 2006/08/15 10:0 p.m.60 views

CVE-2006-2446

CVE-2006-2446 describes a race condition between kfree_skb and __skb_unlink in Linux kernel socket buffer handling (Linux kernel 2.6.9 and possibly others) that can allow remote attackers to cause a denial of service (crash) as demonstrated by TCP stress tests in the LTP suite. Connected document...

5.4CVSS7.3AI score0.03263EPSS
CVE
CVE
added 2009/04/06 2:0 p.m.60 views

CVE-2009-1243

The issue affects the Linux kernel prior to 2.6.29.1, where an unlocking step in the udp seq_file infrastructure can be triggered under certain conditions. This allows local users to cause a denial of service (panic) by reading zero bytes from /proc/net/udp (and unspecified other files). Root cau...

5.5CVSS5.2AI score0.00267EPSS
CVE
CVE
added 2010/05/21 5:0 p.m.60 views

CVE-2010-1446

CVE-2010-1446 affects KGDB in the Linux kernel on PowerPC, where arch/powerpc/mm/fsl_booke_mmu.c does not perform a proper security check for access to a kernel page. Local users could overwrite arbitrary kernel memory. The vulnerability is noted across multiple advisories (e.g., Debian DSA-2053-...

1.9CVSS6.4AI score0.0034EPSS
CVE
CVE
added 2012/05/17 10:0 a.m.60 views

CVE-2011-4112

CVE-2011-4112 affects the Linux kernel net subsystem prior to 3.1. The issue arises from improper restriction of the IFF_TX_SKB_SHARING flag, enabling local users with CAP_NET_ADMIN to access /proc/net/pktgen/pgctrl and, using the pktgen package with a bridge device for a VLAN interface, trigger ...

5.5CVSS5.2AI score0.00468EPSS
Web
Total number of security vulnerabilities14330