Lucene search
K
LinuxLinux Kernel

14330 matches found

CVE
CVE
added 2017/02/08 3:0 p.m.59 views

CVE-2017-0444

CVE-2017-0444 is a local elevation-of-privilege issue in the Realtek sound driver affecting Android devices (kernel 3.10). Connected sources (e.g., CNVD, NVD entries) describe exploitation that allows a locally executed, malicious application to run code in the kernel context via the Realtek driv...

7.6CVSS6.6AI score0.01134EPSS
CVE
CVE
added 2017/04/07 10:0 p.m.59 views

CVE-2017-0564

CVE-2017-0564 relates to an Elevation of Privilege in the Android kernel ION subsystem. The issue could allow a local malicious app to execute code with kernel privileges (local EoP). Affected are Android kernels 3.10 and 3.18. Public documents identify the kernel ION subsystem as the vulnerable ...

9.3CVSS7.3AI score0.04245EPSS
CVE
CVE
added 2017/04/07 10:0 p.m.59 views

CVE-2017-0573

CVE-2017-0573 describes an elevation of privilege in the Broadcom Wi‑Fi driver used by Android, enabling a local malicious application to execute arbitrary code in the kernel. Affected: Android on Kernel-3.10 and Kernel-3.18. Root cause: elevation of privilege via Broadcom Wi‑Fi driver; no specif...

7.6CVSS6.9AI score0.01496EPSS
CVE
CVE
added 2017/04/07 10:0 p.m.59 views

CVE-2017-0583

CVE-2017-0583 describes an elevation of privilege vulnerability in the Qualcomm CP access driver on Android, enabling a local malicious application to execute arbitrary code in the kernel context. Affected components include the Qualcomm CP access driver within Android kernel versions such as 3.1...

7.6CVSS7AI score0.01496EPSS
CVE
CVE
added 2017/04/23 5:37 a.m.59 views

CVE-2017-8066

Affected software/component: Linux kernel drivers/net/can/usb/gs_usb.c in 4.9.x and 4.10.x prior to 4.10.2. Root cause: Interaction with CONFIG_VMAP_STACK allows a local attacker to cause a denial of service or memory corruption by leveraging multiple virtual pages for a DMA scatterlist. Impact: ...

7.8CVSS7.8AI score0.00429EPSS
CVE
CVE
added 2017/04/23 5:37 a.m.59 views

CVE-2017-8070

CVE-2017-8070 affects the Linux kernel 4.9.x prior to 4.9.11. The issue is in drivers/net/usb/catc.c where interaction with CONFIG_VMAP_STACK allows a local user to trigger denial of service (system crash or memory corruption) by exploiting use of more than one virtual page for a DMA scatterlist....

7.8CVSS7.7AI score0.00449EPSS
CVE
CVE
added 2024/06/20 11:13 a.m.59 views

CVE-2022-48750

Summary (CVE-2022-48750): The issue is in the Linux kernel hwmon driver for the nct6775 (clear_caseopen). It can crash with a NULL pointer dereference when clearing the chassis intrusion alarm, as the code path passes the hwmon device (not the platform device) and the platform data isn’t set. The...

5.5CVSS5.1AI score0.00223EPSS
CVE
CVE
added 2024/08/21 6:10 a.m.59 views

CVE-2022-48871

In CVE-2022-48871, the Linux kernel fix targets tty: serial: qcom-geni-serial slab-out-of-bounds on the RX FIFO buffer. The probe allocates port->rx_fifo using a default depth (e.g., 16); during serial startup, port->rx_fifo_depth is updated to match device capabilities (e.g., 32). The RX U...

7.1CVSS6.7AI score0.00248EPSS
CVE
CVE
added 2024/08/21 6:10 a.m.59 views

CVE-2022-48894

In the Linux kernel, CVE-2022-48894 affects the iommu/arm-smmu-v3 path. The issue arises from unregistering IOMMU groups during shutdown via iommu_device_unregister(), which can cause NULL pointer dereferences in DMA API calls due to uncoordinated shutdown of devices. The documented fix changes s...

5.5CVSS6.5AI score0.00205EPSS
CVE
CVE
added 2024/10/21 8:6 p.m.59 views

CVE-2022-49018

CVE-2022-49018 involves a Linux kernel bug where a sleep in atomic context occurred during mptcp_close. The CVE entries in the provided documents confirm the issue was resolved by replacing the fast socket lock variant with sock_lock_nested() in the mptcp_close path (net/mptcp/protocol.c: close f...

5.5CVSS5.3AI score0.00152EPSS
CVE
CVE
added 2025/02/26 2:12 a.m.59 views

CVE-2022-49423

Summary: CVE-2022-49423 relates to the Linux kernel where RTLA tracing could dereference a NULL record in several tracing tools. Root cause (as documented): NULL pointer dereference of the variable record in multiple files (osnoise_hist.c, osnoise_top.c, timerlat_hist.c, timerlat_top.c) before ca...

5.5CVSS5.3AI score0.00209EPSS
CVE
CVE
added 2025/02/26 2:13 a.m.59 views

CVE-2022-49500

CVE-2022-49500 describes a Linux kernel issue affecting the wl1251 driver where memory allocated for DMA was done in a way that conflicts with vmap’ed stacks, leading to kernel panics. The vulnerability is documented as impacting the wl1251 paths (e.g., via SDIO) and rendering affected devices (s...

5.5CVSS5.3AI score0.00209EPSS
CVE
CVE
added 2025/05/01 2:9 p.m.59 views

CVE-2022-49808

CVE-2022-49808 concerns the Linux kernel net: dsa teardown path where tagger-owned storage could leak on unbind. The provided description explains the root cause: in the dsa switch teardown path, tag_ops->disconnect was not properly dismantled during normal driver teardown, risking use-after-f...

5.5CVSS6.7AI score0.0014EPSS
CVE
CVE
added 2025/05/01 2:9 p.m.59 views

CVE-2022-49838

In CVE-2022-49838, the Linux kernel SCTP code was fixed to clear out_curr when all fragments of the current message are pruned, preventing a NULL pointer dereference during dequeue. The issue manifested as list_del corruption and a crash traced through sctp_sched_fcfs_dequeue and related SCTP pat...

5.5CVSS6.4AI score0.00183EPSS
CVE
CVE
added 2025/05/01 2:10 p.m.59 views

CVE-2022-49851

CVE-2022-49851 — Linux kernel (RISC-V) reserved memory setup Vulnerability context: The issue arises in how RISC-V sets up reserved memory using the early device-tree copy. The pointer to reserved memory regions can be an early, pre-virtual-memory address when accessed via of_reserved_mem_lookup(...

7.1CVSS6.3AI score0.00171EPSS
CVE
CVE
added 2025/05/01 2:10 p.m.59 views

CVE-2022-49859

CVE-2022-49859 concerns the Linux kernel net: lapbether vulnerability where if lapb_register() fails during the first up event, NAPI is not disabled and an invalid opcode can occur when the device goes up the second time. Public sources (Red Hat, Debian OSV, UBUNTU/Ubuntu OSV, Nessus/NASL, NVD/NV...

7.8CVSS6.4AI score0.00172EPSS
CVE
CVE
added 2025/05/01 2:10 p.m.59 views

CVE-2022-49884

CVE-2022-49884 concerns the Linux kernel KVM, where the gfn_to_pfn_cache locks could race during VM/vCPU creation. The issue is addressed by moving the gfn_to_pfn_cache lock initialization to a dedicated helper and calling it during VM/vCPU creation, reducing race conditions that could corrupt th...

4.7CVSS6.5AI score0.00098EPSS
CVE
CVE
added 2025/05/01 2:10 p.m.59 views

CVE-2022-49895

CVE-2022-49895 concerns the Linux kernel fix for a NULL pointer dereference in the cxl/region path. When an intermediate port’s decoders are exhausted and a new region is added in its hierarchical path, cxl_port_attach_region() may fail to find a port decoder and fall through to cleanup. During t...

5.5CVSS6.6AI score0.0014EPSS
CVE
CVE
added 2023/04/06 12:0 a.m.59 views

CVE-2023-20661

CVE-2023-20661 affects the wlan component (MediaTek-related stack) and is caused by an out-of-bounds write resulting from an integer overflow. The vulnerability can lead to local privilege escalation with System execution privileges required and does not require user interaction. Reported impact ...

6.7CVSS6.7AI score0.00095EPSS
CVE
CVE
added 2025/05/02 3:56 p.m.59 views

CVE-2023-53136

CVE-2023-53136 concerns a Linux kernel af_unix memory leak in OOB support. The root cause is that queue_oob() may hold a reference on a pid via maybe_add_creds(), while skb->destructor is not set (directly or via unix_scm_to_skb()), allowing the reference to be leaked when the skb is freed. Sy...

7.1CVSS6.5AI score0.00158EPSS
CVE
CVE
added 2025/09/18 1:33 p.m.59 views

CVE-2023-53372

CVE-2023-53372 — Linux kernel SCTP vulnerability. The issue arises in sctp_ifwdtsn_skip where, while traversing ifwdtsn skips via _sctp_walk_ifwdtsn, the code may read beyond the chunk boundary because the remaining data can be smaller than sizeof(struct sctp_ifwdtsn_skip). This can cause a cover...

7.8CVSS6.4AI score0.00155EPSS
CVE
CVE
added 2024/12/27 2:51 p.m.59 views

CVE-2024-56612

CVE-2024-56612 describes a Linux kernel vulnerability in mm/gup where unpin_user_pages() may dereference NULL pages in the pages** array when using pofs. The flaw was triggered by a configuration like x86 with numa=fake=2 movablecore=4G on Linux 6.12, leading to a kernel NULL pointer dereference ...

5.5CVSS6.4AI score0.0017EPSS
CVE
CVE
added 2025/07/03 8:35 a.m.59 views

CVE-2025-38139

In Linux kernels with netfs, CVE-2025-38139 is resolved by correcting the write-retry path: netfs_retry_write_stream() now uses the iterator-reset function, ensuring the subrequest length accounts for any shortened data after a retry. The bug could cause a KASAN slab-out-of-bounds read in iov_ite...

7.1CVSS6.9AI score0.00158EPSS
CVE
CVE
added 2025/07/04 1:37 p.m.59 views

CVE-2025-38205

The CVE CVE-2025-38205 affects the Linux kernel’s DRM AMD display path. The root cause is a divide-by-zero risk in downstream code caused by uninitialized dummy pitch values in populate_dummy_dml_surface_cfg(); the fix initializes the dummy pitch to 1 to prevent division by zero in CalculateVMAnd...

5.5CVSS6.4AI score0.00129EPSS
CVE
CVE
added 2025/07/08 7:42 a.m.59 views

CVE-2025-38237

CVE-2025-38237 pertains to the Linux kernel, specifically the media: platform: exynos4-is code path. The issue arises in fimc_is_hw_change_mode(), where camera mode changes occur without waiting for hardware completion, risking data corruption or system hangs if subsequent operations race with ha...

5.5CVSS6.7AI score0.00137EPSS
CVE
CVE
added 2026/01/23 3:24 p.m.59 views

CVE-2026-22992

Mode C: The CVE-2026-22992 issue affects the Linux kernel’s libceph stack. Root cause: mon_handle_auth_done() no longer propagates errors from ceph_auth_handle_reply_done(), so a failure during authentication could be misinterpreted by higher layers while msgr2 proceeds with session setup. Potent...

7.5CVSS5.2AI score0.00268EPSS
CVE
CVE
added 2026/05/08 1:37 p.m.59 views

CVE-2026-43341

The CVE-2026-43341 details Linux kernel IOAM6 trace filling vulnerability. In ioam6_fill_trace_data(), the schema length is accumulated in an 8-bit unsigned variable (sclen). With the largest schema payload and bit 22 set, sclen wraps from 256 to 0 (1 + 1020/4), bypassing the remaining-space chec...

9.8CVSS5.8AI score0.00409EPSS
CVE
CVE
added 2026/05/28 9:35 a.m.59 views

CVE-2026-46137

CVE-2026-46137 affects the Linux kernel MPTCP implementation. The mptcp_pm_add_timer() helper runs as a timer callback in softirq context and can race with socket state unless the socket lock is held with bh_lock_sock(). The mitigation is to hold the lock and retry if the socket is in use, mirror...

9.8CVSS5.8AI score0.00426EPSS
CVE
CVE
added 2026/05/28 9:36 a.m.59 views

CVE-2026-46155

CVE-2026-46155 affects the Linux kernel SMB client. The vulnerability is an out-of-bounds read in smb2_compound_op() caused by memcpy reading size[0] (OutputBufferLength) when iov_len is smaller than that length after a truncated server response. This can leak adjacent kernel heap memory. Impact ...

9.1CVSS5.8AI score0.00478EPSS
CVE
CVE
added 2026/05/28 9:36 a.m.59 views

CVE-2026-46181

Summary: CVE-2026-46181 concerns the Linux kernel RDMA/mlx4 component. The root cause is improper use of Read-Copy Update (RCU) in mlx4_srq_event(), which could allow a race where an event is delivered before the srq object is fully initialized, potentially crashing the system. The documented fix...

7.8CVSS5.8AI score0.00114EPSS
CVE
CVE
added 2026/06/08 3:46 p.m.59 views

CVE-2026-46291

CVE-2026-46291 affects the Linux kernel crypto caam path, specifically hash_digest_key, where HMAC key bytes could be exposed via hex dumps when dynamic debugging is enabled. The reported fix changes the dumping approach to use print_hex_dump_devel() to avoid leaking sensitive HMAC key material a...

5.5CVSS5.4AI score0.00123EPSS
CVE
CVE
added 2026/06/09 12:11 p.m.59 views

CVE-2026-46321

Summary. CVE-2026-46321 concerns the Linux kernel tun/tap with vhost-net, where a short-frame rejection path in tun_xdp_one() can leak memory pages. Specifically, when a frame is shorter than ETH_HLEN, tun_xdp_one() returns -EINVAL without freeing the page allocated by vhost_net_build_xdp(). tun_...

7.1CVSS5.4AI score0.00129EPSS
Web
CVE
CVE
added 2026/06/24 7:14 a.m.59 views

CVE-2026-52923

The CVE-2026-52923 issue affects the Linux kernel IPC ID allocation in the checkpoint/restore path. ipc_idr_alloc() forwards the next_id request to idr_alloc() with an open-ended upper bound, so if the valid SysV IPC id tail is full the allocation can spill past ipc_mni. The encoded id may then r...

7.8CVSS5.7AI score0.00127EPSS
CVE
CVE
added 2000/01/04 5:0 a.m.58 views

CVE-1999-0804

CVE-1999-0804 affects Linux 2.2.x kernels, where the vulnerability lies in ICMP handling. Malformed ICMP packets with unusual types, codes and IP header lengths can cause a denial of service. The NVD CVSS v2 base score is 5.0 (Medium), with network attack vector, low attack complexity, and partia...

5CVSS7AI score0.05639EPSS
CVE
CVE
added 2002/08/31 4:0 a.m.58 views

CVE-2001-1395

CVE-2001-1395 is a vulnerability described as unknown in sockfilter for Linux kernel before 2.2.19. Connected sources corroborate an off-by-one issue in the CPIA driver that could allow a local kernel-memory write and potentially expose or compromise kernel integrity; remediation in practice is t...

3.6CVSS5.3AI score0.0044EPSS
CVE
CVE
added 2005/03/29 5:0 a.m.58 views

CVE-2005-0916

CVE-2005-0916 affects the Linux kernel 2.6.11 on PPC64/IA64 with CONFIG_HUGETLB_PAGE enabled. A local user can trigger a denial of service (system panic) by running io_queue_init and exiting without io_queue_release, causing exit_aio and is_hugepage_only_range to fail. Connected sources confirm t...

2.1CVSS5.1AI score0.00724EPSS
CVE
CVE
added 2005/11/25 9:0 p.m.58 views

CVE-2005-3808

The CVE-2005-3808 issue affects the Linux kernel (versions 2.6.11–2.6.14). A 32‑bit system executing 64‑bit mmap calls can trigger an integer overflow in invalidate_inode_pages2_range, allowing local users to cause a denial of service (hang). Multiple advisories confirm the vulnerability across d...

4.9CVSS6.1AI score0.00772EPSS
CVE
CVE
added 2006/01/11 9:0 p.m.58 views

CVE-2006-0035

The CVE-2006-0035 entry is supported by connected documents detailing a vulnerability in the Linux kernel (versions 2.6.14 and 2.6.15). The issue occurs in the netlink_rcv_skb function within af_netlink.c, where a crafted nlmsg_len field of 0 can cause a local-user-triggered denial of service via...

4.9CVSS6.1AI score0.00379EPSS
CVE
CVE
added 2019/11/07 9:31 p.m.58 views

CVE-2007-3732

The CVE-2007-3732 issue affects Linux 2.6 up to before 2.6.23, involving the TRACE_IRQS_ON function in iret_exc. The root cause is calling a C function without ensuring that processor segments are correctly set, specifically failing to restore the kernel %fs before the call and before enabling in...

5.5CVSS5.3AI score0.00378EPSS
CVE
CVE
added 2008/09/04 5:0 p.m.58 views

CVE-2008-3911

The CVE-2008-3911 issue affects the Linux kernel 2.6.26.3, specifically the proc_do_xprt function in net/sunrpc/sysctl.c, which does not validate the length of a user-supplied buffer when reading /proc/sys/sunrpc/transports. This can allow local users to overflow a stack-based buffer and cause un...

7.2CVSS6.6AI score0.00441EPSS
CVE
CVE
added 2017/02/06 6:4 a.m.58 views

CVE-2010-5328

The CVE affects the Linux kernel, specifically signals targeting a process group ID of zero reaching the swapper due to a flaw in include/linux/init_task.h prior to 2.6.35. This allows a local user to trigger a denial of service (system crash). The vulnerability is caused by insufficient filterin...

5.5CVSS5.1AI score0.00433EPSS
CVE
CVE
added 2012/10/10 9:0 p.m.58 views

CVE-2012-4467

The vulnerability CVE-2012-4467 affects the Linux kernel (pre-3.5.4). The affected code paths are the do_siocgstamp and do_siocgstampns functions in net/socket.c, which use an incorrect argument order, enabling local users to either read sensitive kernel memory or trigger a denial of service (sys...

6.6CVSS6.2AI score0.00489EPSS
CVE
CVE
added 2015/02/06 11:0 a.m.58 views

CVE-2014-5332

The CVE-2014-5332 entry affects NVIDIA Tegra Linux Kernel 3.10 and its NVMap driver. A race condition in the NVMAP_IOC_CREATE path can trigger a use-after-free in nvmap_handle during concurrent creation/duplication of handles, enabling a local attacker to escalate privileges (e.g., escaping Chrom...

6.9CVSS6.5AI score0.00371EPSS
CVE
CVE
added 2017/02/06 6:4 a.m.58 views

CVE-2016-10154

CVE-2016-10154 affects Linux kernel 4.9.x prior to 4.9.1. The smbhash function in fs/cifs/smbencrypt.c interacts incorrectly with CONFIG_VMAP_STACK, enabling local users to trigger a denial of service (system crash or memory corruption) or other unspecified impacts by exploiting use of more than ...

5.5CVSS5.9AI score0.00452EPSS
CVE
CVE
added 2017/01/12 3:0 p.m.58 views

CVE-2016-6755

CVE-2016-6755 is an elevation-of-privilege vulnerability in the Qualcomm camera driver for Android, affecting Kernel-3.10 and Kernel-3.18. It allows a local attacker to execute arbitrary code in kernel context after compromising a privileged process. Affected devices include Nexus 5X, Nexus 6, Ne...

7.6CVSS6.8AI score0.01208EPSS
CVE
CVE
added 2017/01/12 3:0 p.m.58 views

CVE-2016-6756

CVE-2016-6756 describes an information-disclosure vulnerability affecting Qualcomm components (including the camera driver and video driver) on Android. The issue could allow a local malicious application to access data outside its permission level, with root cause tied to a privileged-process co...

4.7CVSS4.5AI score0.00742EPSS
CVE
CVE
added 2017/01/12 3:0 p.m.58 views

CVE-2016-6780

CVE-2016-6780 is described as an elevation-of-privilege in the HTC sound codec driver that could allow a local malicious application to execute arbitrary code in the kernel context on Android (kernel-3.10). Affected product/any specifics beyond Android and Nexus 9 are not provided in the Initial ...

7.6CVSS6.8AI score0.0139EPSS
CVE
CVE
added 2017/01/12 8:0 p.m.58 views

CVE-2016-8454

Technical details for CVE-2016-8454 are not publicly available in the provided documents. Monitor for updates.

7.6CVSS6.9AI score0.01324EPSS
CVE
CVE
added 2017/01/12 8:0 p.m.58 views

CVE-2016-8460

CVE-2016-8460 : An information disclosure in the NVIDIA Tegra kernel driver (NVMAP) could leak uninitialized stack memory to a local user, enabling data exposure. Affected: Android on Kernel-3.10 (Nexus 9 cited). Impact per sources: information disclosure; CVSS v3 base 5.5 (medium). Remediation: ...

5.5CVSS5.2AI score0.00787EPSS
CVE
CVE
added 2017/01/12 8:0 p.m.58 views

CVE-2016-8463

CVE-2016-8463 describes a denial-of-service vulnerability in the Qualcomm FUSE file system used by Android. A remote attacker could trigger a device hang or reboot by delivering a specially crafted file. Affected software includes Android on kernels 3.10 and 3.18. The connected documents do not s...

7.1CVSS5.7AI score0.01232EPSS
Total number of security vulnerabilities14330