Lucene search
K
LinuxLinux Kernel

14330 matches found

CVE
CVE
added 2017/02/08 3:0 p.m.57 views

CVE-2017-0432

CVE-2017-0432 describes an elevation of privilege in the MediaTek driver for Android, allowing a local malicious application to execute arbitrary code in the kernel context. The issue is tied to the MediaTek driver within Android’s kernel (Kernel-3.10) and is considered High severity because it r...

7.6CVSS6.6AI score0.02105EPSS
CVE
CVE
added 2017/02/08 3:0 p.m.57 views

CVE-2017-0442

CVE-2017-0442 describes an elevation-of-privilege in the Qualcomm Wi‑Fi driver on Android, allowing a local malicious app to execute arbitrary code in the kernel context. The vulnerability, affecting Android devices with Qualcomm Wi‑Fi components, is mitigated by requiring compromise of a privile...

7.6CVSS6.6AI score0.00863EPSS
CVE
CVE
added 2017/03/08 1:0 a.m.57 views

CVE-2017-0516

CVE-2017-0516 is described as an elevation of privilege in the Qualcomm input hardware driver that could enable a local malicious app to execute code in the kernel context on Android devices. Public sources consistently list affected products as Android with kernel versions 3.10 and 3.18; Android...

7.6CVSS6.6AI score0.01755EPSS
CVE
CVE
added 2017/03/08 1:0 a.m.57 views

CVE-2017-0519

CVE-2017-0519 describes an elevation-of-privilege vulnerability in the Qualcomm fingerprint sensor driver for Android (kernel 3.18). A local attacker could exploit this to execute arbitrary code in the kernel context by compromising a privileged process. The entry remains focused on Android and k...

7.6CVSS6.6AI score0.01542EPSS
CVE
CVE
added 2017/03/08 1:0 a.m.57 views

CVE-2017-0526

CVE-2017-0526 describes an elevation-of-privilege vulnerability in the HTC Sensor Hub Driver affecting Android on Kernel-3.10. The issue could allow a local, malicious application to execute arbitrary code within the kernel context after compromising a privileged process. The Android ID is A-3389...

7.6CVSS6.6AI score0.01453EPSS
CVE
CVE
added 2017/05/12 3:0 p.m.57 views

CVE-2017-0606

CVE-2017-0606 is an elevation-of-privilege flaw in the Qualcomm sound driver affecting Android kernels 3.10 and 3.18. The vulnerability could allow a local malicious app to execute arbitrary code in the kernel context via the Qualcomm sound subsystem (e.g., /dev/voice_svc driver). The issue is cl...

7.6CVSS6.4AI score0.01467EPSS
CVE
CVE
added 2017/05/12 3:0 p.m.57 views

CVE-2017-0611

CVE-2017-0611 is an elevation of privilege in the Qualcomm sound driver on Android that could allow a local attacker to run code in kernel context. Affected: Android devices using Kernel-3.10 and Kernel-3.18 (Android ID A-35393841). The entry is listed in multiple sources (NVD/NVD list and CVE re...

7.6CVSS6.6AI score0.01467EPSS
CVE
CVE
added 2017/05/12 3:0 p.m.57 views

CVE-2017-0622

CVE-2017-0622 targets the Goodix touchscreen driver in Android, enabling local elevation of privilege to execute code in the kernel via a compromised privileged process. Public details specify Android kernel 3.10 and the Goodix driver as the vulnerable component, with high impact (kernel context ...

7.6CVSS6.6AI score0.01436EPSS
CVE
CVE
added 2017/05/12 3:0 p.m.57 views

CVE-2017-0623

CVE-2017-0623 describes an elevation-of-privilege vulnerability in the HTC bootloader that could allow a local malicious app to execute arbitrary code within the bootloader context. Affected software is Android on Kernel-3.18, with device-specific impact noted for Pixel and Pixel XL in the CVE li...

7.6CVSS6.6AI score0.01436EPSS
CVE
CVE
added 2017/04/23 5:37 a.m.57 views

CVE-2017-8065

CVE-2017-8065 affects the Linux kernel (4.9.x and 4.10.x up to 4.10.12). The issue arises from how crypto/ccm.c interacts with CONFIG_VMAP_STACK, enabling a local attacker to cause a denial of service (system crash or memory corruption) by leveraging use of more than one virtual page for a DMA sc...

7.8CVSS7.8AI score0.00378EPSS
CVE
CVE
added 2022/10/21 12:0 a.m.57 views

CVE-2022-3630

The CVE-2022-3630 entry concerns the Linux kernel, specifically the fs/fscache/cookie.c component used by IPsec. The vulnerability is described as a memory leak resulting from a manipulation in that code path. A patch is recommended to fix the issue, and the vulnerability is associated with VDB-2...

5.5CVSS4.5AI score0.00246EPSS
CVE
CVE
added 2025/03/27 4:42 p.m.57 views

CVE-2022-49744

The CVE-2022-49744 entry concerns a Linux kernel mm/uffd issue: when forking, the dst_vma may not inherit VM_UFFD_WP even if the src has it, leading to a stale pte marker and potential access to a corrupted page. The fix is a two‑patch series under “mm: Fixes on pte markers” that hardens pte mark...

5.5CVSS6.4AI score0.0015EPSS
CVE
CVE
added 2025/05/01 2:9 p.m.57 views

CVE-2022-49817

Summary of CVE-2022-49817 (Linux kernel) : The MHI network driver (mhi_net_dellink) leaked memory because it registered a net device without setting needs_free_netdev and did not call free_netdev on unregister. The concrete remediation is a patch that adds free_netdev() usage since netdev_priv is...

5.5CVSS6.4AI score0.00164EPSS
CVE
CVE
added 2025/05/01 2:9 p.m.57 views

CVE-2022-49820

CVE-2022-49820 concerns the Linux kernel mctp i2c flow release logic. The issue arises when release_count > i2c_lock_count, triggering a WARN_ONCE due to expiring a flow before sending the first packet and not pairing the release increment with the i2c lock operation. The fix adds a guard: onl...

5.5CVSS6.5AI score0.0014EPSS
CVE
CVE
added 2025/06/18 11:2 a.m.57 views

CVE-2022-50058

CVE-2022-50058 affects the Linux kernel's vdpa_sim_blk: a missing initialization of nas and ngroups can cause a kernel NULL pointer dereference when creating a new vdpa_sim_blk device, leading to a panic in vhost_iotlb_add_range_ctx. The issue arises from commit changes adding nas/ngroups to vdpa...

5.5CVSS6.3AI score0.0014EPSS
CVE
CVE
added 2023/04/06 12:0 a.m.57 views

CVE-2023-20659

CVE-2023-20659 concerns a local out-of-bounds write in the WLAN path of a MediaTek/ALPS component, caused by a missing bounds check. The issue can lead to local privilege escalation with System execution privileges needed; exploitation does not require user interaction. The patch reference provid...

6.7CVSS6.7AI score0.00095EPSS
CVE
CVE
added 2023/04/06 12:0 a.m.57 views

CVE-2023-20679

CVE-2023-20679 affects MediaTek WLAN in which a missing bounds check allows an out-of-bounds read, enabling local escalation of privilege without user interaction. Impact: confidentiality impact listed as high; privilege requirement is high with local attack vector, no UI interaction needed. Root...

4.4CVSS4.9AI score0.00093EPSS
CVE
CVE
added 2025/03/27 4:37 p.m.57 views

CVE-2023-52934

The CVE-2023-52934 entry concerns the Linux kernel MADV_COLLAPSE path in mm/madvise. A commit changing find_pmd_or_thp_or_none() from returning SCAN_PMD_NULL when !pmd_present(pmde) to returning SCAN_PMD_NONE when pmd_none(pmde) was introduced to better distinguish none-pmd vs absent/present-pmd ...

4.7CVSS6.6AI score0.00106EPSS
CVE
CVE
added 2025/03/27 4:43 p.m.57 views

CVE-2023-52980

The CVE-2023-52980 issue affects the Linux kernel ublk driver, specifically the SPDK ublk target when assigning very large queue depths. The root cause is that UBLK_MAX_QUEUE_DEPTH is 4096, and the calculation sizeof(struct ublk_queue) + depth * sizeof(struct ublk_io) can exceed 65535 when depth ...

7.8CVSS6.8AI score0.00229EPSS
CVE
CVE
added 2025/05/02 3:55 p.m.57 views

CVE-2023-53055

CVE-2023-53055 : In the Linux kernel, fscrypt_destroy_keyring() must be called after all potentially-encrypted inodes are evicted, specifically after security_sb_delete(), because inodes in-use by the Landlock LSM are not evicted until that point. If called earlier, a WARN_ON may lead to a NULL d...

5.5CVSS6.5AI score0.00165EPSS
CVE
CVE
added 2025/01/19 11:52 a.m.57 views

CVE-2024-57914

CVE-2024-57914 : In the Linux kernel, a NULL pointer dereference can occur in the usb: typec: tcpci code when two Type‑C ports share one IRQ. The tcpci_irq() handler may dereference a NULL regmap if an interrupt arrives for the second port before its tcpci_register_port() completes, leading to an...

5.5CVSS6.3AI score0.0017EPSS
CVE
CVE
added 2025/02/27 2:12 a.m.57 views

CVE-2024-58004

CVE-2024-58004 affects the Linux kernel’s media: intel/ipu6 path. The issue arises when a cpu latency QoS request is not removed on the error path, causing a corruption in the cpu latency QoS list (list_add corruption). The kernel log excerpt illustrates a corrupted list prev/next pointers during...

7.8CVSS6.8AI score0.0019EPSS
CVE
CVE
added 2025/02/27 2:18 a.m.57 views

CVE-2025-21771

CVE-2025-21771 affects the Linux kernel sched_ext subsystem. It stems from incorrect autogroup migration detection in the cgroup/migration path where scx_move_task() could misclassify a non-root cgroup migration as autogroup root migration, triggering a warning. The fix changes the call path by a...

5.5CVSS6.6AI score0.00191EPSS
CVE
CVE
added 2025/07/25 3:27 p.m.57 views

CVE-2025-38440

CVE-2025-38440 : In the Linux kernel, a race between disabling DIM and net_dim() in mlx5e can cause a NULL pointer dereference of rq->dim/sq->dim. The fix calls synchronize_net() before freeing the DIM context to ensure in-flight NAPI callbacks complete before the pointer is cleared, preven...

4.7CVSS6.2AI score0.0011EPSS
CVE
CVE
added 2025/08/16 11:22 a.m.57 views

CVE-2025-38546

CVE-2025-38546 (Linux kernel: ATM clip memory leak) The vulnerability is in the ATM subsystem’s clip code. The ioctl ATMARPD_CTRL path assigns NULL to vcc->push(), which breaks the expected cleanup path and leaks memory for the allocated struct clip_vcc during ATMARP handling. The root cause i...

5.5CVSS6.7AI score0.00149EPSS
CVE
CVE
added 2025/08/19 5:2 p.m.57 views

CVE-2025-38561

The CVE-2025-38561 entry describes a race condition in ksmbd (Linux kernel) where Preauh_HashValue could race if a client sends multiple session setup requests. The provided documents confirm the vulnerability and its fix: the Preauh_HashValue value should not be freed during the session setup ph...

8.5CVSS7.2AI score0.00391EPSS
CVE
CVE
added 2025/08/22 4:3 p.m.57 views

CVE-2025-38671

CVE-2025-38671 affects the Linux kernel i2c: qup driver. Root cause: timeout handling only set a return value and did not exit the loop when a client keeps the bus active, enabling kernel hang (observed with PCA953x GPIO extender). Fix: change the logic to return via -ETIMEDOUT, jumping out of th...

5.5CVSS6.4AI score0.00148EPSS
CVE
CVE
added 2025/09/03 1:1 p.m.57 views

CVE-2025-38678

The CVE-2025-38678 vulnerability affects the Linux kernel’s netfilter nf_tables: a chain/flowtable update can contain duplicated devices in the same batch, leaving the second (duplicate) device unregistered and its hook not removed. This can occur during batch processing of device updates and is ...

5.5CVSS5.9AI score0.00202EPSS
CVE
CVE
added 2026/04/24 2:45 p.m.57 views

CVE-2026-31661

The CVE-2026-31661 issue affects the Linux kernel brcmsmac Wi‑Fi driver where dma_free_coherent() may free a size different from what dma_alloc_consistent() allocated (size may change for alignment). The fix changes the free size to the allocation size. Descriptions across multiple advisories (NV...

5.5CVSS5.3AI score0.00114EPSS
CVE
CVE
added 1999/09/29 4:0 a.m.56 views

CVE-1999-0245

CVE-1999-0245 concerns Linux systems using NIS+ where certain configurations allowed an attacker to log in as the user "+". The connected sources consistently describe a login-as-+ issue arising from NIS+ configuration on Linux, but do not provide precise technical details such as affected versio...

4.6CVSS7.3AI score0.00398EPSS
CVE
CVE
added 1999/09/29 4:0 a.m.56 views

CVE-1999-0414

The vulnerability CVE-1999-0414 affects Linux prior to 2.0.36, where remote attackers could spoof a TCP connection and pass data to the application layer before the three-way handshake completes. The root issue is the TCP connection handling that allows data to be injected prior to full establish...

5CVSS7AI score0.06863EPSS
CVE
CVE
added 2006/01/27 10:0 p.m.56 views

CVE-2002-1572

CVE-2002-1572 describes a signed integer overflow in the Linux kernel’s bttv_read function of the bttv-driver.c (pre-2.4.20). The CVE entry notes the impact as unknown. Connected sources indicate a Red Hat kernel update (RHSA-2002:227) addressing kernel vulnerabilities, suggesting a remediation v...

10CVSS6.7AI score0.02221EPSS
CVE
CVE
added 2003/08/05 4:0 a.m.56 views

CVE-2003-0187

The CVE pertains to the Netfilter connection-tracking core in Linux 2.4.20 where CONFIG_IP_NF_CONNTRACK or ip_conntrack causes DoS. Technical details in the connected records show a change in the linked-list API handling that affects UNCONFIRMED connections: Netfilter could fail to identify such ...

5CVSS6.7AI score0.01922EPSS
CVE
CVE
added 2005/11/25 9:0 p.m.56 views

CVE-2005-3809

The CVE-2005-3809 vulnerability affects the Linux kernel (2.6.14 up to 2.6.14.3) in nfattr_to_tcp (ip_conntrack_proto_tcp.c) within ctnetlink. The issue allows an attacker to cause a denial-of-service (kernel oops) by sending an update message without private protocol information, triggering a nu...

7.8CVSS6.4AI score0.0205EPSS
CVE
CVE
added 2006/06/23 10:0 a.m.56 views

CVE-2006-3085

CVE-2006-3085 affects the Linux kernel’s SCTP handling in xt_sctp within netfilter, where an SCTP chunk of length 0 can trigger a DoS either by an infinite loop (or crash in some reports). The vulnerability is listed as applicable to kernels before 2.6.17.1. Public references from multiple source...

7.8CVSS6.1AI score0.03083EPSS
CVE
CVE
added 2008/07/09 12:0 a.m.56 views

CVE-2008-3077

The CVE-2008-3077 issue affects the Linux kernel (arch/x86/kernel/ptrace.c) on x86_64 before version 2.6.25.10. The function sys32_ptrace leaks task_struct references, enabling local attackers to trigger a denial of service (system crash) and potentially other impacts via unknown vectors, possibl...

4.9CVSS6.7AI score0.00398EPSS
CVE
CVE
added 2008/07/24 3:18 p.m.56 views

CVE-2008-3247

Technical details for CVE-2008-3247 are not provided in the supplied documents. Monitor for updates.

7.2CVSS6.5AI score0.00361EPSS
CVE
CVE
added 2009/11/16 7:0 p.m.56 views

CVE-2009-3888

CVE-2009-3888 affects the Linux kernel up to version 2.6.31.5; the vulnerability is in do_mmap_pgoff in mm/nommu.c when an MMU is absent. Local users can trigger a denial of service (OOPS) by allocating a large amount of memory. A patch released in 2.6.31.6 fixes the issue; updating to 2.6.31.6 o...

4.9CVSS7AI score0.00749EPSS
CVE
CVE
added 2019/11/07 4:43 p.m.56 views

CVE-2010-2243

CVE-2010-2243 applies to the Linux kernel code path kernel/time/clocksource.c on non-GENERIC_TIME systems; triggering an OOPS when reading /sys/devices/system/clocksource/clocksource0/current_clocksource. The vulnerability is described for kernels before version 2.6.34. Connected sources confirm ...

7.8CVSS7.3AI score0.02505EPSS
CVE
CVE
added 2013/03/14 8:0 p.m.56 views

CVE-2012-6543

The CVE-2012-6543 issue affects the Linux kernel (pre-3.6) in net/l2tp/l2tp_ip6.c, where l2tp_ip6_getname does not initialize a structure member. This uninitialized member can allow local attackers to read sensitive kernel stack memory via a crafted user-space application, constituting local info...

1.9CVSS5.6AI score0.00361EPSS
CVE
CVE
added 2017/05/12 3:0 p.m.56 views

CVE-2016-10287

CVE-2016-10287 describes an elevation-of-privilege vulnerability in the Qualcomm sound driver within Android’s kernel. The issue could let a local malicious application execute arbitrary code in the kernel context, requiring prior compromise of a privileged process. Affected components/versions i...

7.6CVSS6.6AI score0.01467EPSS
CVE
CVE
added 2017/01/12 8:0 p.m.56 views

CVE-2016-8398

CVE-2016-8398 affects Android on kernels up to 3.18, where unauthenticated NAS messages can be processed by the UE when no EPS security context exists. This is a network-exploitable issue (no user interaction) with high impact to confidentiality, integrity, and availability (CVSSv3: AV:N/AC:L/PR:...

10CVSS9AI score0.01598EPSS
CVE
CVE
added 2017/01/12 8:0 p.m.56 views

CVE-2016-8427

CVE-2016-8427 affects the NVIDIA Tegra kernel driver (NVHOST). The connected NVIDIA bulletin entry for CVE-2016-8427 notes a memory-after-free vulnerability in NVHOST that can lead to denial of service or escalation of privileges, enabling a local attacker to execute code in kernel context. The i...

9.3CVSS7.4AI score0.01619EPSS
CVE
CVE
added 2017/01/12 8:0 p.m.56 views

CVE-2016-8428

CVE-2016-8428 affects NVIDIA Tegra kernel driver (NVMAP). The issue allows reading/writing memory outside the intended buffer boundary, potentially enabling a local attacker to escalate privileges or cause a denial of service. Impact is kernel context level on affected Android kernels; CVSS vecto...

9.3CVSS7.4AI score0.01619EPSS
CVE
CVE
added 2017/01/12 8:0 p.m.56 views

CVE-2016-8457

CVE-2016-8457 is a vulnerability in the Broadcom Wi‑Fi driver on Android. It enables a local, malicious application to gain elevated privileges by executing arbitrary code in the kernel context. The issue requires compromising a privileged process and is classified as High severity (CVSSv3.0: Loc...

7.6CVSS6.9AI score0.01523EPSS
CVE
CVE
added 2017/01/12 8:0 p.m.56 views

CVE-2016-8459

CVE-2016-8459 (Android) describes a possible buffer overflow in the storage subsystem, triggered by bad parameters in RPMB listener responses. The issue affects Android kernel 3.18 and is associated with the RPMB command handling, potentially leading to a write/overflow condition in kernel memory...

10CVSS9.3AI score0.01728EPSS
CVE
CVE
added 2017/01/12 8:0 p.m.56 views

CVE-2016-8475

CVE-2016-8475 describes an information-disclosure vulnerability in the HTC input driver on Android platforms running kernel 3.18. A local malicious application could access data outside its normal permission set after compromising a privileged process. The issue is documented as affecting Android...

4.7CVSS4.4AI score0.00771EPSS
CVE
CVE
added 2017/02/08 3:0 p.m.56 views

CVE-2017-0438

CVE-2017-0438 is a local elevation-of-privilege issue in the Qualcomm Wi‑Fi driver for Android, enabling a local malicious app to run code in the kernel context. The vulnerability is tied to the Qualcomm Wi‑Fi stack and is listed under Android kernel versions 3.10 and 3.18 with Android IDs A-3240...

7.6CVSS6.6AI score0.0087EPSS
CVE
CVE
added 2017/03/08 1:0 a.m.56 views

CVE-2017-0535

CVE-2017-0535 is an information disclosure in the HTC sound codec driver for Android hosted on Kernel-3.10. The issue permits a local attacker, after compromising a privileged process, to access data outside its permissions, implying a confidentiality risk limited to the affected kernel/device co...

4.7CVSS4.3AI score0.00872EPSS
CVE
CVE
added 2017/04/07 10:0 p.m.56 views

CVE-2017-0577

CVE-2017-0577 is an elevation-of-privilege vulnerability in the HTC touchscreen driver for Android kernels (kernel 3.18) that could let a local malicious app execute code in the kernel context. The issue is triggered by compromising a privileged process and does not require network access or user...

7.6CVSS6.9AI score0.01496EPSS
Total number of security vulnerabilities14330