CVE-2016-8427

CVE-2016-8427 affects the NVIDIA Tegra kernel driver (NVHOST). The connected NVIDIA bulletin entry for CVE-2016-8427 notes a memory-after-free vulnerability in NVHOST that can lead to denial of service or escalation of privileges, enabling a local attacker to execute code in kernel context. The i...

CVE-2016-8431

CVE-2016-8431 describes a local elevation of privilege in the NVIDIA GPU driver on Android (Android Kernel 3.18; Pixel C). The vulnerability can allow a local malicious process to execute arbitrary code in kernel context, with potential for permanent device compromise. Connected documents indicat...

CVE-2016-8453

CVE-2016-8453 describes an elevation-of-privilege in the Broadcom Wi‑Fi driver for Android on Kernel-3.10. A local malicious app could run code in the kernel by exploiting this driver after compromising a privileged process. Impact is ability to execute arbitrary kernel code with high severity. R...

CVE-2016-8455

CVE-2016-8455 describes an elevation of privilege in the Broadcom Wi‑Fi driver affecting Android devices using kernel 3.10 (notably Nexus 6P). A local malicious application could execute arbitrary code in the kernel after compromising a privileged process. The connected documents confirm the issu...

CVE-2016-8458

The CVE-2016-8458 entry concerns an elevation-of-privilege vulnerability in the Synaptics touchscreen driver on Android. A local malicious application could execute arbitrary kernel code via the vulnerable Synaptics driver, with impact described as Kernel-level compromise. Affected components/ver...

CVE-2016-8461

CVE-2016-8461 denotes an information-disclosure vulnerability in the Android bootloader, enabling a local attacker to access data outside of the attacker’s permission level. The NVD entry specifies the affected component as the Android kernel (kernel-3.18) with Android ID A-32369621. The CVSS met...

CVE-2016-8464

CVE-2016-8464 is a Broadcom Wi‑Fi driver elevation-of-privilege vulnerability on Android. The issue allows a local malicious application to execute arbitrary code in the kernel context by exploiting the Broadcom Wi‑Fi driver after compromising a privileged process. Affected products are Android d...

CVE-2016-8473

CVE-2016-8473 is an information-disclosure vulnerability in the STMicroelectronics driver on Android (Kernel-3.10). A local, malicious app could access data outside its permissions after compromising a privileged process. Affected devices listed for this CVE include Nexus 5X and Nexus 6P. The pat...

CVE-2017-0507

CVE-2017-0507 describes an elevation-of-privilege flaw in the Android kernel ION subsystem. The vulnerability could allow a local malicious app to run code in kernel context, potentially enabling a local permanent device compromise. Affected products/cores: Android on kernel versions 3.10 and 3.1...

CVE-2017-0612

CVE-2017-0612 describes an elevation of privilege in the Qualcomm Secure Execution Environment Communicator driver on Android kernel 3.18. A local malicious application could exploit this to execute arbitrary code in the kernel context after compromising a privileged process. The vulnerability is...

CVE-2017-0621

CVE-2017-0621 is an elevation-of-privilege flaw in the Qualcomm camera driver for Android. The vulnerability lets a local, malicious app run code in the kernel context by exploiting the Qualcomm camera driver after compromising a privileged process. The issue affects Android devices with the affe...

CVE-2022-49791

The CVE-2022-49791 entry is about a Linux kernel issue in io_uring where a multishot accept request can leak if REQ_F_POLLED is set and the code misclassifies the operation as multishot from the polling path. The problem could lead to leaking the request by a skip-completion path, and the remedia...

CVE-2022-49806

CVEsummary (CVE-2022-49806) In the Linux kernel (net: microchip: sparx5), a potential null-pointer dereference was fixed in sparx_stats_init() and sparx5_start(). The root cause: sparx_stats_init() called create_singlethread_workqueue() without validating its return value, which can be NULL, lead...

CVE-2022-49994

The CVE-2022-49994 issue affects the Linux kernel memory management path involving bootmem and kmemleak. Specifically, vmemmap pages allocated from memblock were not removed from kmemleak when the page was freed, allowing kmemleak to report an error or stop working when the page is reused. The co...

CVE-2023-20674

The CVE-2023-20674 issue affects the WLAN component in MediaTek devices, caused by an out-of-bounds read due to a missing bounds check. This vulnerability could allow local information disclosure and may enable system-level execution privileges, with no user interaction required. Multiple feeds (...

CVE-2023-20676

CVE-2023-20676 is an out-of-bounds read vulnerability in the WLAN component of MediaTek devices (notably affecting Mediatek WLAN stacks such as MT5221 and similar chips). The underlying issue is a missing bounds check, enabling local information disclosure and, per the description, potentially al...

CVE-2023-53372

CVE-2023-53372 — Linux kernel SCTP vulnerability. The issue arises in sctp_ifwdtsn_skip where, while traversing ifwdtsn skips via _sctp_walk_ifwdtsn, the code may read beyond the chunk boundary because the remaining data can be smaller than sizeof(struct sctp_ifwdtsn_skip). This can cause a cover...

CVE-2024-38631

The CVE-2024-38631 entry concerns the Linux kernel vulnerability in iio: adc: PAC1934 where an out-of-bounds array index could affect average current/voltage measurements. The hardware device supports 4 channels, but sysfs exposes additional “fake” channels for averages, which is the root cause. ...

CVE-2024-57991

CVE-2024-57991: Linux kernel WiFi driver rtW89 gating logic in rtw89_entity_recalc_mgnt_roles() caused a spurious soft lockup. The code’s for_each_entry loop attempted to abort only the inner loop with break; the outer loop continued, allowing the normalization to proceed and trigger a CPU stall ...

CVE-2024-58008

CVE-2024-58008 affects the Linux kernel where, with CONFIG_VMAP_STACK=y, the DCP crypto driver can crash while encrypting/decrypting the blob key due to improper use of sg_init_one() on vmalloc’d buffers (plain_key_blob). The fix is to always use kmalloc() for buffers given to the DCP crypto driv...

CVE-2025-38101

CVE-2025-38101 is publicly addressed in the openSUSE/SUSE advisory for the Linux kernel. The issue concerns the ring-buffer subsystem, specifically the function ring_buffer_subbuf_order_set(), where the critical section was enlarged to ensure error handling runs with the per-buffer mutex held, pr...

CVE-2025-38141

CVE-2025-38141 is a Linux kernel use-after-free vulnerability in the device mapper reporting path. The issue stems from a race around reading md->zone_revalidate_map and the lifetime of zone resources during blk_revalidate_disk_zones() and dm_blk_report_zones() calls, potentially freeing resou...

CVE-2025-38201

CVE-2025-38201 affects the Linux kernel netfilter nft_set_pipapo. The issue arises when resizing hashtables in netfilter, where WARN_ON_ONCE can trigger if GFP flags allow high bucket counts; the fix clamps the maximum map bucket size to INT_MAX. The vulnerability is described as local-attack-vec...

CVE-2025-38618

CVE-2025-38618 concerns the Linux kernel where a vsock could autobind to VMADDR_PORT_ANY, risking a use-after-free on connection to the bound socket. The fix updates __vsock_bind_connectible() to also prevent binding to VMADDR_PORT_ANY. Connected sources (e.g., Astra Linux, Debian LTS advisories,...

CVE-2026-22991

CVE-2026-22991 is a Linux kernel vulnerability in the libceph code path. A NULL pointer dereference could occur in free_choose_arg_map() when a caller triggers a partial allocation (for example, decode_choose_args() may set arg_map->size before memory allocation and then fail). The fix adds nu...

CVE-2026-43037

CVE-2026-43037 affects the Linux kernel; vulnerability arises from ip4ip6_err() using a cloned skb where the IPv6 receive path writes cb[] as inet6_skb_parm, which is then misinterpreted as IPv4 inet_skb_parm by __ip_options_echo(), causing a potential data leak/compromise. The fix includes clear...

CVE-2002-0046

The CVE-2002-0046 vulnerability affects the Linux kernel (and possibly other OS) where remote attackers can read memory by sending fragmented ICMP packets that trigger an ICMP TTL Exceeded response containing memory fragments. This exposes partial confidentiality and relies on ICMP handling in th...

CVE-2005-4352

The CVE-2005-4352 entry documents a time-wrap flaw in BSD securelevels affecting NetBSD 2.1 and earlier and Linux 2.6.15 and earlier. The root cause is an integer overflow in securelevels that allows a local user to bypass time-change restrictions by setting the clock forward to the 32‑bit Unix e...

CVE-2006-0036

CVE-2006-0036 affects the Linux kernel (2.6.14 and other versions) via the ip_nat_pptp code in the PPTP NAT helper (netfilter/ip_nat_helper_pptp.c). The vulnerability occurs when processing an inbound PPTP_IN_CALL_REQUEST packet, which can trigger a null pointer dereference in an offset calculati...

CVE-2009-4004

CVE-2009-4004 : The Linux kernel KVM subsystem (arch/x86/kvm/x86.c, function kvm_vcpu_ioctl_x86_setup_mce) is vulnerable to a buffer overflow when processing the KVM_X86_SETUP_MCE IOCTL if a large number of Machine Check Exception (MCE) banks is specified. This can lead to denial of service (memo...

CVE-2013-3302

The CVE-2013-3302 entry refers to a race condition in the Linux kernel’s CIFS transport path: smb_send_rqst in fs/cifs/transport.c, exploitable on affected kernels prior to 3.7.2. The vulnerability can allow local users to trigger a NULL pointer dereference and OOPS, with potential unspecified im...

CVE-2016-10292

CVE-2016-10292 is a denial-of-service vulnerability in the Qualcomm Wi‑Fi driver affecting Android devices. A proximate attacker could trigger a DoS in the Wi‑Fi subsystem by exploiting the Qualcomm Wi‑Fi driver within Android kernels listed as Kernel-3.10 and Kernel-3.18. Public description conf...

CVE-2016-10296

CVE-2016-10296 is an information-disclosure vulnerability in the Qualcomm shared memory driver affecting Android kernels those listed (Kernel-3.10, Kernel-3.18). The issue could allow a local malicious application to access data beyond its permissions, and is categorized as Moderate because explo...

CVE-2016-6781

CVE-2016-6781 describes an Elevation of Privilege in the MediaTek driver affecting Android on kernel 3.10. The vulnerability could allow a local malicious application to execute arbitrary code in the kernel context after compromising a privileged process. The NVD entry lists the impact as High wi...

CVE-2016-6782

CVE-2016-6782 describes a local elevation-of-privilege in the MediaTek driver on Android (Kernel-3.10) that could allow a malicious local app to execute arbitrary code in kernel context. The issue requires compromising a privileged process first; no public exploit details or patches are provided ...

CVE-2016-8438

CVE-2016-8438 describes an integer overflow in the Android kernel’s Peripheral Image Loader (PIL) path that leads to a TOCTOU condition, potentially bypassing PIL authentication. Affected product: Android (kernel 3.18). Root cause is an integer overflow exposing a race condition; impact is descri...

CVE-2016-8444

CVE-2016-8444 is an elevation of privilege vulnerability in the Qualcomm camera that could allow a local malicious app to execute arbitrary code in the kernel context on Android (Kernel-3.10). The flaw requires compromising a privileged process, and the description identifies Android as the produ...

CVE-2016-8452

CVE-2016-8452 is a vulnerability in the Qualcomm Wi-Fi driver on Android that allows a local, unprivileged process to escalate to kernel code execution. Root cause is elevation of privilege in the Qualcomm Wi‑Fi driver, with impact described as high since the attacker must first compromise a priv...

CVE-2016-8474

CVE-2016-8474 is an information disclosure vulnerability in the STMicroelectronics driver on Android (kernel 3.10). A local malicious app could access data beyond its permissions, requiring compromise of a privileged process. CVSS3: 4.7 (MEDIUM), local, user interaction required; confidentiality ...

CVE-2016-8478

CVE-2016-8478 describes an information-disclosure vulnerability in the Qualcomm video driver on Android (Kernel 3.18). The issue allows a local malicious application to access data outside its permission levels, but only after compromising a privileged process. The root cause is information expos...

CVE-2017-0609

CVE-2017-0609 is an elevation-of-privilege vulnerability in the Qualcomm sound driver on Android, enabling a local malicious app to execute code in the kernel context. Affected: Android devices with Kernel-3.10/3.18 (Qualcomm sound subsystem). Root cause: not explicitly detailed in the provided d...

CVE-2017-8072

The vulnerability CVE-2017-8072 affects the Linux kernel 4.9.x with a flaw in cp2112_gpio_direction_input (drivers/hid/hid-cp2112.c): it does not return the expected EIO error for a zero-length report, enabling local users to cause an unspecified impact via unknown vectors. Affected: Linux kernel...

CVE-2022-49785

The CVE-2022-49785 entry concerns the Linux kernel SGX subsystem. The issue arises in sgx_validate_offset_length(), which verifies userspace-provided offset and length but lacked an overflow check on their addition. The documented fix adds an overflow check to prevent arithmetic overflow when com...

CVE-2022-49805

CVE-2022-49805 – Linux kernel (lan966x): The issue occurs in lan966x_stats_init(), which calls create_singlethread_workqueue() without validating the return value. If it returns NULL, a later queue_delayed_work path dereferences a null workqueue pointer, causing a null-pointer dereference. The re...

CVE-2022-49970

CVE-2022-49970 concerns a Linux kernel vulnerability in the bpf/cgroup path, where an invalid opcode triggers a kernel BUG during purge_effective_progs when detaching BPF programs from nested cgroups. Reproduction steps described in multiple sources involve attaching prog2 to cg2, prog1 to cg1, w...

CVE-2022-50266

The CVE-2022-50266 issue is in the Linux kernel kprobes path: kill_kprobe() incorrectly disarms a probe because KPROBE_FLAG_GONE is set before checking the probe’s enabled state, causing !kprobe_disabled(p) to evaluate to false and bypass necessary disarm handling. The fix adds the enabled-check ...

CVE-2023-53261

CVE-2023-53261 : Linux kernel coresight memory leak in acpi_buffer->pointer. The leak occurs because the temporary buffer is not freed before returning from acpi_get_dsd_graph(); the fix moves buf to acpi_coresight_parse_graph() and frees it prior to function return. Affected: Linux kernel (as...

CVE-2024-58067

The CVE-2024-58067 issue affects the Linux kernel in the clk: mmp: pxa1908-mpmu path. Root cause: an incorrect NULL vs IS_ERR() check around devm_kzalloc() where NULL is returned on error; the check has been updated to match. Impact, as per listed metadata, is availability impact HIGH with no con...

CVE-2025-21952

CVE-2025-21952 relates to the Linux kernel and affects the corsair-void subsystem. The issue occurs when corsair_void_process_receiver is invoked from an interrupt context, where it previously locked battery_mutex, risking a kernel panic. The fix relocates the critical section into its own work i...

CVE-2025-38033

CVE-2025-38033 affects the Linux kernel (x86) where FineIBT and Rust integration triggers a kernel panic when core::fmt::write() is invoked from Rust with FineIBT enabled. Root cause is that core::fmt::rt::Argument::fmt() has CFI-disabled code (no_sanitize(cfi, kcfi)), causing a Control Protectio...