Linux Kernel Security Vulnerabilities and Issues — Page 209 of Linux Kernel CVE List

4.7CVSS4.5AI score0.00226EPSS

CVE-2016-6757

An information disclosure vulnerability in Qualcomm components including the camera driver and video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Produc...

9.3CVSS7.3AI score0.00151EPSS

CVE-2016-6790

An elevation of privilege vulnerability in the NVIDIA libomx library (libnvomx) could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which ...

7.6CVSS6.8AI score0.00198EPSS

CVE-2016-6791

An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.1...

4.7CVSS3.9AI score0.00146EPSS

CVE-2016-8404

An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a ...

CVE•added 2017/01/12 8:59 p.m.•38 views

CVE-2016-8415

An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.1...

7.6CVSS6.9AI score0.00198EPSS

CVE•added 2017/01/12 8:59 p.m.•38 views

CVE-2016-8427

An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the ope...

9.3CVSS7.4AI score0.00256EPSS

CVE•added 2017/01/12 8:59 p.m.•38 views

CVE-2016-8444

An elevation of privilege vulnerability in the Qualcomm camera could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. And...

7.6CVSS6.9AI score0.00151EPSS

CVE•added 2017/03/08 1:59 a.m.•38 views

CVE-2016-8483

An information disclosure vulnerability in the Qualcomm power driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions...

5.5CVSS4.9AI score0.00283EPSS

CVE•added 2017/03/08 1:59 a.m.•38 views

CVE-2017-0520

An elevation of privilege vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Ke...

7.6CVSS6.6AI score0.0024EPSS

CVE•added 2017/03/08 1:59 a.m.•38 views

CVE-2017-0536

An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.1...

4.7CVSS4.3AI score0.00255EPSS

CVE•added 2022/10/21 6:15 a.m.•38 views

CVE-2022-3624

A vulnerability was found in Linux Kernel and classified as problematic. Affected by this issue is the function rlb_arp_xmit of the file drivers/net/bonding/bond_alb.c of the component IPsec. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier...

3.5CVSS3.6AI score0.00015EPSS

CVE•added 2025/05/01 3:16 p.m.•38 views

CVE-2022-49893

In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fix cxl_region leak, cleanup targets at region delete When a region is deleted any targets that have been previously assignedto that region hold references to it. Trigger those references todrop by detaching all targets...

6.6AI score0.00035EPSS

CVE-2022-49959

In the Linux kernel, the following vulnerability has been resolved: openvswitch: fix memory leak at failed datapath creation ovs_dp_cmd_new()->ovs_dp_change()->ovs_dp_set_upcall_portids()allocates array via kmalloc.If for some reason new_vport() fails during ovs_dp_cmd_new()dp->upcall_port...

6.6AI score0.00025EPSS

CVE-2022-49999

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix space cache corruption and potential double allocations When testing space_cache v2 on a large set of machines, we encountered afew symptoms: "unable to add free space :-17" (EEXIST) errors. Missing free space info items...

6.7AI score0.00025EPSS

CVE-2022-50040

In the Linux kernel, the following vulnerability has been resolved: net: dsa: sja1105: fix buffer overflow in sja1105_setup_devlink_regions() If an error occurs in dsa_devlink_region_create(), then 'priv->regions'array will be accessed by negative index '-1'. Found by Linux Verification Center (...

7AI score0.00026EPSS

CVE-2022-50197

In the Linux kernel, the following vulnerability has been resolved: cpufreq: zynq: Fix refcount leak in zynq_get_revision of_find_compatible_node() returns a node pointer with refcountincremented, we should use of_node_put() on it when done.Add missing of_node_put() to avoid refcount leak.

6.4AI score0.00036EPSS

CVE-2022-50203

In the Linux kernel, the following vulnerability has been resolved: ARM: OMAP2+: display: Fix refcount leak bug In omapdss_init_fbdev(), of_find_node_by_name() will return a nodepointer with refcount incremented. We should use of_node_put() whenit is not used anymore.

6.5AI score0.00036EPSS

CVE-2022-50204

In the Linux kernel, the following vulnerability has been resolved: ARM: OMAP2+: pdata-quirks: Fix refcount leak bug In pdata_quirks_init_clocks(), the loop containsof_find_node_by_name() but without corresponding of_node_put().

CVE•added 2023/04/06 6:15 p.m.•38 views

CVE-2023-20674

In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588569; Issue ID: ALPS07588552.

4.4CVSS4.2AI score0.00018EPSS

CVE•added 2023/04/06 6:15 p.m.•38 views

CVE-2023-20676

4.4CVSS4.2AI score0.00018EPSS

CVE•added 2024/12/27 2:15 p.m.•38 views

CVE-2024-53186

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in SMB request handling A race condition exists between SMB request handling inksmbd_conn_handler_loop() and the freeing of ksmbd_conn in theworkqueue handler handle_ksmbd_work(). This leads to a UAF. KASA...

7.8CVSS7AI score0.00031EPSS

CVE•added 2025/03/06 4:15 p.m.•38 views

CVE-2024-58065

In the Linux kernel, the following vulnerability has been resolved: clk: mmp: pxa1908-apbc: Fix NULL vs IS_ERR() check The devm_kzalloc() function returns NULL on error, not error pointers.Fix the check.

5.5CVSS7.2AI score0.00028EPSS

CVE•added 2025/06/18 10:15 a.m.•38 views

CVE-2025-38074

In the Linux kernel, the following vulnerability has been resolved: vhost-scsi: protect vq->log_used with vq->mutex The vhost-scsi completion path may access vq->log_base when vq->log_used isalready set to false. vhost-thread QEMU-thread vhost_scsi_complete_cmd_work()-> vhost_add_use...

6.3AI score0.00053EPSS

CVE•added 2025/07/03 9:15 a.m.•38 views

CVE-2025-38098

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Don't treat wb connector as physical in create_validate_stream_for_sink Don't try to operate on a drm_wb_connector as an amdgpu_dm_connector.While dereferencing aconnector->base will "work" it's wrong andmight l...

6.9AI score0.00025EPSS

CVE•added 2025/07/03 9:15 a.m.•38 views

CVE-2025-38099

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Disable SCO support if READ_VOICE_SETTING is unsupported/broken A SCO connection without the proper voice_setting can causethe controller to lock up.

7.1AI score0.00025EPSS

CVE•added 2025/07/03 9:15 a.m.•38 views

CVE-2025-38162

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: prevent overflow in lookup table allocation When calculating the lookup table size, ensure the followingmultiplication does not overflow: desc->field_len[] maximum value is U8_MAX multiplied byNFT_PIPA...

7.5AI score0.00025EPSS

CVE•added 2025/07/04 2:15 p.m.•38 views

CVE-2025-38234

In the Linux kernel, the following vulnerability has been resolved: sched/rt: Fix race in push_rt_task Overview When a CPU chooses to call push_rt_task and picks a task to push toanother CPU's runqueue then it will call find_lock_lowest_rq methodwhich would take a double lock on both CPUs' runqueue...

CVE•added 2025/07/09 11:15 a.m.•38 views

CVE-2025-38248

In the Linux kernel, the following vulnerability has been resolved: bridge: mcast: Fix use-after-free during router port configuration The bridge maintains a global list of ports behind which a multicastrouter resides. The list is consulted during forwarding to ensuremulticast packets are forwarded...

CVE•added 2025/07/25 1:15 p.m.•38 views

CVE-2025-38373

In the Linux kernel, the following vulnerability has been resolved: IB/mlx5: Fix potential deadlock in MR deregistration The issue arises when kzalloc() is invoked while holding umem_mutex orany other lock acquired under umem_mutex. This is problematic becausekzalloc() can trigger fs_reclaim_aqcuir...

6.2AI score0.00024EPSS

CVE•added 2025/07/25 1:15 p.m.•38 views

CVE-2025-38382

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix iteration of extrefs during log replay At __inode_add_ref() when processing extrefs, if we jump into the nextlabel we have an undefined value of victim_name.len, since we haven'tinitialized it before we did the goto. Thi...

6.3AI score0.00026EPSS

CVE•added 2025/07/25 1:15 p.m.•38 views

CVE-2025-38385

In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect Remove redundant netif_napi_del() call from disconnect path. A WARN may be triggered in __netif_napi_del_locked() during USB devicedisconnect: WARNING: CPU: 0 PID...

6.1AI score0.00026EPSS

CVE•added 2025/07/25 4:15 p.m.•38 views

CVE-2025-38451

In the Linux kernel, the following vulnerability has been resolved: md/md-bitmap: fix GPF in bitmap_get_stats() The commit message of commit 6ec1f0239485 ("md/md-bitmap: fix statscollection for external bitmaps") states: Remove the external bitmap check as the statistics should be available regardl...

CVE•added 2025/07/25 4:15 p.m.•38 views

CVE-2025-38453

In the Linux kernel, the following vulnerability has been resolved: io_uring/msg_ring: ensure io_kiocb freeing is deferred for RCU syzbot reports that defer/local task_work adding via msg_ring can hita request that has been freed: CPU: 1 UID: 0 PID: 19356 Comm: iou-wrk-19354 Not tainted 6.16.0-rc4-...

6.3AI score0.00026EPSS

CVE•added 2025/07/28 12:15 p.m.•38 views

CVE-2025-38475

In the Linux kernel, the following vulnerability has been resolved: smc: Fix various oops due to inet_sock type confusion. syzbot reported weird splats [0][1] in cipso_v4_sock_setattr() whilefreeing inet_sk(sk)->inet_opt. The address was freed multiple times even though it was read-only memory. ...

6.5AI score0.00024EPSS

CVE•added 2005/10/25 4:0 a.m.•37 views

CVE-2004-2536

The exit_thread function (process.c) in Linux kernel 2.6 through 2.6.5 does not invalidate the per-TSS io_bitmap pointers if a process obtains IO access permissions from the ioperm function but does not drop those permissions when it exits, which allows other processes to access the per-TSS pointer...

7.5CVSS7AI score0.00482EPSS

CVE•added 2006/12/06 10:28 p.m.•37 views

CVE-2006-6333

The tr_rx function in ibmtr.c for Linux kernel 2.6.19 assigns the wrong flag to the ip_summed field, which allows remote attackers to cause a denial of service (memory corruption) via crafted packets that cause the kernel to interpret another field as an offset.

7.8CVSS6.5AI score0.02605EPSS

CVE•added 2016/08/06 8:59 p.m.•37 views

CVE-2016-6162

net/core/skbuff.c in the Linux kernel 4.7-rc6 allows local users to cause a denial of service (panic) or possibly have unspecified other impact via certain IPv6 socket operations.

7.8CVSS7.8AI score0.00041EPSS

CVE•added 2016/11/25 4:59 p.m.•37 views

CVE-2016-6728

An elevation of privilege vulnerability in the kernel ION subsystem in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, whic...

9.3CVSS7.3AI score0.00107EPSS

CVE•added 2016/11/25 4:59 p.m.•37 views

CVE-2016-6731

9.3CVSS7AI score0.00102EPSS

9.3CVSS7.4AI score0.00245EPSS

CVE-2016-8431

9.3CVSS6.8AI score0.00198EPSS

CVE-2016-8435

7.6CVSS6.9AI score0.00238EPSS

CVE-2016-8451

An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Ker...