13804 matches found
CVE-1999-0245
CVE-1999-0245 concerns Linux systems using NIS+ where certain configurations allowed an attacker to log in as the user "+". The connected sources consistently describe a login-as-+ issue arising from NIS+ configuration on Linux, but do not provide precise technical details such as affected versio...
CVE-1999-0257
CVE-1999-0257 corresponds to the Nestea variation of the teardrop IP fragmentation denial-of-service attack. The connected documents consistently describe a network DoS via IP fragmentation handling, without citing concrete affected products, versions, or a confirmed remediation patch within the ...
CVE-2001-1399
CVE-2001-1399 refers to an off-by-one/byte-copy bug in the Linux kernel prior to 2.2.19 on x86 that could allow a local attacker to modify kernel memory. Public references in 2001 advisories (Mandrake MDKSA-2001:037, Debian DSA-047-1, Debian/OpenVAS entries) describe the CPIA driver and related x...
CVE-2002-1572
CVE-2002-1572 describes a signed integer overflow in the Linux kernel’s bttv_read function of the bttv-driver.c (pre-2.4.20). The CVE entry notes the impact as unknown. Connected sources indicate a Red Hat kernel update (RHSA-2002:227) addressing kernel vulnerabilities, suggesting a remediation v...
CVE-2002-1574
CVE-2002-1574 describes a buffer overflow in the ixj telephony card driver of Linux kernels prior to 2.4.20. Connected sources confirm the issue affects the ixj driver in Linux, and Red Hat advisories (RHSA-2004:044, RHSA-2004:106) reference this and indicate that updated kernel packages contain ...
CVE-2004-0228
CVE-2004-0228 refers to an integer signedness error in the cpufreq /proc handler (cpufreq_procctl) of the Linux 2.6 kernel, enabling local users to escalate privileges to kernel level. The issue is discussed in multiple advisories (e.g., SUSE, Gentoo GLSA 200407-02, Fedora 2004-111) as part of Li...
CVE-2004-2013
The CVE-2004-2013 vulnerability affects Linux kernels 2.4.25 and earlier, caused by an integer overflow in the SCTP_SOCKOPT_DEBUG_NAME SCTP socket option in socket.c. An optlen value of -1 allows kmalloc to allocate 0 bytes, enabling a local attacker to potentially execute arbitrary code. Documen...
CVE-2005-0767
CVE-2005-0767 is documented in multiple advisories as a race condition in the Radeon DRI driver. The vulnerability affects systems using the Linux kernel with Radeon DRI hardware accelerated graphics, where a local user with DRI privileges could potentially gain root privileges due to a race in t...
CVE-2005-3753
CVE-2005-3753 affects the Linux kernel in the 2.6.x line, around versions near 2.6.12 up to 2.6.13.1. The issue could allow a denial of service (an Oops) via certain IPSec packets that trigger alignment problems in standard multi-block cipher processors. The description notes it is not clear whet...
CVE-2005-3809
The CVE-2005-3809 vulnerability affects the Linux kernel (2.6.14 up to 2.6.14.3) in nfattr_to_tcp (ip_conntrack_proto_tcp.c) within ctnetlink. The issue allows an attacker to cause a denial-of-service (kernel oops) by sending an update message without private protocol information, triggering a nu...
CVE-2006-0554
CVE-2006-0554 affects the Linux kernel 2.6.x prior to 2.6.15.5. The vulnerability arises in the XFS ftruncate call, where a crafted operation can cause the kernel to return stale data, enabling local information disclosure. Reported as a local, user-privilege‑required issue, with no remote execut...
CVE-2006-3085
CVE-2006-3085 affects the Linux kernel’s SCTP handling in xt_sctp within netfilter, where an SCTP chunk of length 0 can trigger a DoS either by an infinite loop (or crash in some reports). The vulnerability is listed as applicable to kernels before 2.6.17.1. Public references from multiple source...
CVE-2006-3635
CVE-2006-3635 concerns the Linux kernel ia64 subsystem prior to 2.6.26. The vulnerability arises from mishandling of invalid Register Stack Engine (RSE) state, enabling a local attacker to trigger a denial of service through stack consumption, potentially crashing the system. The issue is limited...
CVE-2009-3043
The CVE-2009-3043 entry affects Linux kernel 2.6.31-rc before 2.6.31-rc8. The tty_ldisc_hangup function in drivers/char/tty_ldisc.c allows local users to trigger a denial of service (system crash, sometimes with a NULL pointer dereference) and may enable privilege escalation via certain pseudo-te...
CVE-2009-3888
CVE-2009-3888 affects the Linux kernel up to version 2.6.31.5; the vulnerability is in do_mmap_pgoff in mm/nommu.c when an MMU is absent. Local users can trigger a denial of service (OOPS) by allocating a large amount of memory. A patch released in 2.6.31.6 fixes the issue; updating to 2.6.31.6 o...
CVE-2010-2243
CVE-2010-2243 applies to the Linux kernel code path kernel/time/clocksource.c on non-GENERIC_TIME systems; triggering an OOPS when reading /sys/devices/system/clocksource/clocksource0/current_clocksource. The vulnerability is described for kernels before version 2.6.34. Connected sources confirm ...
CVE-2012-6543
The CVE-2012-6543 issue affects the Linux kernel (pre-3.6) in net/l2tp/l2tp_ip6.c, where l2tp_ip6_getname does not initialize a structure member. This uninitialized member can allow local attackers to read sensitive kernel stack memory via a crafted user-space application, constituting local info...
CVE-2013-3233
CVE-2013-3233 affects the Linux kernel NFC subsystem: llcp_sock_recvmsg in net/nfc/llcp/sock.c does not initialize a length variable and a data structure, enabling local users to leak kernel-stack information via crafted recvmsg/recvfrom calls. The flaw is in kernels before 3.9-rc7. Impact is loc...
CVE-2016-8406
CVE-2016-8406 describes a local information-disclosure vulnerability in Android kernel components (ION subsystem, Binder, USB driver, networking) that could allow a malicious local app to access data outside its permission levels. The issue is tied to Android kernels (3.10, 3.18) and is character...
CVE-2016-8454
Technical details for CVE-2016-8454 are not publicly available in the provided documents. Monitor for updates.
CVE-2016-8460
CVE-2016-8460 : An information disclosure in the NVIDIA Tegra kernel driver (NVMAP) could leak uninitialized stack memory to a local user, enabling data exposure. Affected: Android on Kernel-3.10 (Nexus 9 cited). Impact per sources: information disclosure; CVSS v3 base 5.5 (medium). Remediation: ...
CVE-2016-8465
CVE-2016-8465 is an elevation-of-privilege vulnerability in the Broadcom Wi‑Fi driver that could let a local malicious app execute code in the kernel. Documents confirm the issue affects Android devices (kernel 3.10/3.18) and that exploitation requires a privileged process, with current mitigatio...
CVE-2016-8477
CVE-2016-8477 targets the Qualcomm camera driver in Android and is an information disclosure vulnerability. A local malicious application could access data outside its permission level after compromising a privileged process, making this a local, privilege-requiring issue. Affected: Android on Ke...
CVE-2017-0508
CVE-2017-0508 is an elevation-of-privilege flaw in the Android kernel’s ION subsystem (kernel version 3.18) that could allow a local malicious app to run arbitrary code in kernel context, potentially leading to permanent device compromise. The primary affected component is the kernel ION memory m...
CVE-2017-0577
CVE-2017-0577 is an elevation-of-privilege vulnerability in the HTC touchscreen driver for Android kernels (kernel 3.18) that could let a local malicious app execute code in the kernel context. The issue is triggered by compromising a privileged process and does not require network access or user...
CVE-2017-0606
CVE-2017-0606 is an elevation-of-privilege flaw in the Qualcomm sound driver affecting Android kernels 3.10 and 3.18. The vulnerability could allow a local malicious app to execute arbitrary code in the kernel context via the Qualcomm sound subsystem (e.g., /dev/voice_svc driver). The issue is cl...
CVE-2017-0608
CVE-2017-0608 is an elevation-of-privilege in the Qualcomm kernel sound driver for Android, enabling a local attacker to run arbitrary code in the kernel context. The flaw requires compromising a privileged process first. Affected software/versions include Android on Kernel-3.10 and Kernel-3.18. ...
CVE-2017-0610
CVE-2017-0610 is a local privilege-escalation in the Qualcomm sound driver on Android, enabling a malicious local app to run arbitrary code in the kernel context. Affected software:Android kernel versions 3.10 and 3.18 with the Qualcomm sound subsystem. Root cause centers on elevation of privileg...
CVE-2017-0650
CVE-2017-0650 affects the Synaptics touchscreen driver on Android. It enables a local malicious app to disclose data outside its permission levels after compromising a privileged process. Huawei’s advisory reiterates information disclosure via the Synaptics driver, with fixes released for Android...
CVE-2017-5548
The CVE-2017-5548 issue affects the Linux kernel 4.9.x up to 4.9.5, where drivers/net/ieee802154/atusb.c interacts with CONFIG_VMAP_STACK. This can allow local users to cause a denial of service (system crash or memory corruption) or other impact by using more than one virtual page for a DMA scat...
CVE-2022-48888
CVE-2022-48888 (Linux kernel) affects the drm/msm/dpu path; the root cause is a memory leak in msm_mdss_parse_data_bus_icc_path. of_icc_get() allocated resources for path1 and may leak it if an early return occurs due to IS_ERR_OR_NULL(path0). The patch defers obtaining path1 to prevent the leak ...
CVE-2022-48996
CVE-2022-48996 affects the Linux kernel DAMON subsystem. The vulnerability stems from damon_sysfs_set_schemes() making assumptions that the DAMON context has no schemes, leading to incorrect creation of schemes during online tuning and a higher memory footprint. The fix, described in the commit t...
CVE-2022-49744
The CVE-2022-49744 entry concerns a Linux kernel mm/uffd issue: when forking, the dst_vma may not inherit VM_UFFD_WP even if the src has it, leading to a stale pte marker and potential access to a corrupted page. The fix is a two‑patch series under “mm: Fixes on pte markers” that hardens pte mark...
CVE-2022-49760
The CVE-2022-49760 entry documents a Linux kernel issue in hugetlb_change_protection related to PTE marker handling when using uffd-wp. The root cause, as described across connected reports, is that uffd-wp can cause incorrect handling of a PTE marker in two scenarios: (1) protecting a PTE marker...
CVE-2022-49782
CVE-2022-49782 affects the Linux kernel perf subsystem, where __perf_event_overflow incorrectly handled missing SIGTRAP, allowing a scenario where hrtimer/irq work could re-enter kernel space before returning to user space. The fix introduces a 32‑bit hash of the current IP into pending_sigtrap t...
CVE-2022-49817
Summary of CVE-2022-49817 (Linux kernel) : The MHI network driver (mhi_net_dellink) leaked memory because it registered a net device without setting needs_free_netdev and did not call free_netdev on unregister. The concrete remediation is a patch that adds free_netdev() usage since netdev_priv is...
CVE-2022-49838
In CVE-2022-49838, the Linux kernel SCTP code was fixed to clear out_curr when all fragments of the current message are pruned, preventing a NULL pointer dereference during dequeue. The issue manifested as list_del corruption and a crash traced through sctp_sched_fcfs_dequeue and related SCTP pat...
CVE-2022-49851
CVE-2022-49851 — Linux kernel (RISC-V) reserved memory setup Vulnerability context: The issue arises in how RISC-V sets up reserved memory using the early device-tree copy. The pointer to reserved memory regions can be an early, pre-virtual-memory address when accessed via of_reserved_mem_lookup(...
CVE-2022-49884
CVE-2022-49884 concerns the Linux kernel KVM, where the gfn_to_pfn_cache locks could race during VM/vCPU creation. The issue is addressed by moving the gfn_to_pfn_cache lock initialization to a dedicated helper and calling it during VM/vCPU creation, reducing race conditions that could corrupt th...
CVE-2022-49904
The CVE-2022-49904 entry documents a Linux kernel vulnerability in net/neigh: a null-ptr-deref in neigh_table_clear() that occurs when IPv6 initialization fails and cleanup calls pneigh_queue_purge() with a NULL device. The fix, as described, is to pass NULL to pneigh_queue_purge() in neigh_ifdow...
CVE-2022-49912
CVE-2022-49912 is a Linux kernel vulnerability affecting btrfs qgroup self tests, where the old_roots ulist could leak on error paths when failing to add tree refs or remove extent data. The fix ensures the ulist is freed (ulist_free) before returning from the test paths, mitigating the leak. No ...
CVE-2022-50058
CVE-2022-50058 affects the Linux kernel's vdpa_sim_blk: a missing initialization of nas and ngroups can cause a kernel NULL pointer dereference when creating a new vdpa_sim_blk device, leading to a panic in vhost_iotlb_add_range_ctx. The issue arises from commit changes adding nas/ngroups to vdpa...
CVE-2023-20659
CVE-2023-20659 concerns a local out-of-bounds write in the WLAN path of a MediaTek/ALPS component, caused by a missing bounds check. The issue can lead to local privilege escalation with System execution privileges needed; exploitation does not require user interaction. The patch reference provid...
CVE-2023-20662
The CVE-2023-20662 entry describes a vulnerability in the wlan component where an integer overflow causes an out-of-bounds write. This could enable local escalation of privilege with SYSTEM-level execution privileges and requires no user interaction. A patch is identified as ALPS07560765 (Issue A...
CVE-2023-20716
CVE-2023-20716 concerns the wlan component in MediaTek chips, where an out-of-bounds write occurs due to a missing bounds check in the WLAN driver. This can lead to local escalation of privileges with System execution rights, and no user interaction is required. Reported patch: ALPS07796883 (Issu...
CVE-2023-52942
CVE-2023-52942 affects the Linux kernel’s cgroup/cpuset subsystem. The root cause was an incorrect check in update_parent_subparts_cpumask() that could allow a parent cpuset to be left with no effective CPUs even when there are tasks in it, potentially causing a system panic. The fix alters the e...
CVE-2023-53055
CVE-2023-53055 : In the Linux kernel, fscrypt_destroy_keyring() must be called after all potentially-encrypted inodes are evicted, specifically after security_sb_delete(), because inodes in-use by the Landlock LSM are not evicted until that point. If called earlier, a WARN_ON may lead to a NULL d...
CVE-2024-42233
CVE-2024-42233 concerns a Linux kernel issue in filemap_fault_recheck_pte_none() where a stale PTL could lead to a use-after-free after pte_unmap(). The fix replaces pte_offset_map() with pte_offset_map_nolock(), removing reliance on the PTL to protect the page table. Exploitation details are not...
CVE-2024-42266
CVE-2024-42266 relates to the Linux kernel btrfs module. The issue stems from the cow_file_range_inline() path not honoring the folio lock state on error, which can lead to an assertion panic or kernel bug when a folio becomes unlocked during buffered write handling in __extent_writepage()/extent...
CVE-2024-56668
The CVE-2024-56668 issue affects the Linux kernel iommu/vt-d path where qi_batch could be NULL for nested parent domains, risking a kernel NULL pointer dereference and a potential memory leak due to lack of locking around domain->qi_batch allocation. The root cause is that qi_batch was not all...