Lucene search
K
LinuxLinux Kernel

14330 matches found

CVE
CVE
added 2017/05/12 3:0 p.m.55 views

CVE-2017-0614

CVE-2017-0614 describes an elevation of privilege in the Qualcomm Secure Execution Environment Communicator driver on Android. The issue could allow a local malicious application to execute arbitrary code in the kernel context. Affected software/components: Android devices using Kernel-3.10 and K...

7.6CVSS6.7AI score0.01467EPSS
CVE
CVE
added 2017/05/12 3:0 p.m.55 views

CVE-2017-0626

CVE-2017-0626 is an information-disclosure vulnerability in the Qualcomm crypto engine driver, affecting Android kernel components (Kernel-3.10 and Kernel-3.18). A local malicious app could access data outside its permission levels due to this driver flaw. Evidence shows affected product as Andro...

5.5CVSS4.9AI score0.01017EPSS
CVE
CVE
added 2017/06/14 1:0 p.m.55 views

CVE-2017-0650

CVE-2017-0650 affects the Synaptics touchscreen driver on Android. It enables a local malicious app to disclose data outside its permission levels after compromising a privileged process. Huawei’s advisory reiterates information disclosure via the Synaptics driver, with fixes released for Android...

4.7CVSS4.4AI score0.00742EPSS
CVE
CVE
added 2024/07/16 11:44 a.m.55 views

CVE-2022-48819

Summary: CVE-2022-48819 affects the Linux kernel TCP path. When mixing sendpage() data and MSG_ZEROCOPY via the same socket, a warning in inet_sock_destruct() (sk_forward_alloc_get(sk)) could be triggered, due to the sendpage() path being forgotten in zerocopy handling and the need to keep zeroco...

5.5CVSS6.5AI score0.00229EPSS
CVE
CVE
added 2024/08/21 6:10 a.m.55 views

CVE-2022-48897

CVE-2022-48897 affects the Linux kernel arm64 memory management, specifically a bug where pmd_leaf could be considered valid even when the PMD is invalid due to pmd_present_invalid. This caused file_map_count to be decremented and then incremented in multiple code paths, ultimately triggering a B...

5.5CVSS6.6AI score0.00205EPSS
CVE
CVE
added 2025/06/18 11:1 a.m.55 views

CVE-2022-50004

CVE-2022-50004 is a Linux kernel vulnerability in the xfrm policy path. A null pointer dereference can occur when transmitting an skb with metadata_dst where dst->dev is NULL, through the xfrm interface, due to a missing null check in xfrmi_xmit/xfrm_lookup_with_ifid. The impact is kernel cras...

5.5CVSS6AI score0.00209EPSS
CVE
CVE
added 2025/09/15 2:21 p.m.55 views

CVE-2022-50266

The CVE-2022-50266 issue is in the Linux kernel kprobes path: kill_kprobe() incorrectly disarms a probe because KPROBE_FLAG_GONE is set before checking the probe’s enabled state, causing !kprobe_disabled(p) to evaluate to false and bypass necessary disarm handling. The fix adds the enabled-check ...

5.5CVSS6AI score0.00143EPSS
CVE
CVE
added 2023/04/06 12:0 a.m.55 views

CVE-2023-20682

CVE-2023-20682 affects the MediaTek wlan component, describing an out-of-bounds write caused by an integer overflow that could enable local privilege escalation with system execution privileges required. User interaction is not needed. A patch is noted: ALPS07441605 (Issue ALPS07441605). Connecte...

6.7CVSS6.7AI score0.00095EPSS
CVE
CVE
added 2025/01/19 11:52 a.m.55 views

CVE-2024-57909

CVE-2024-57909 – Linux kernel iio bh1745 information leak : The vulnerability occurs in the IIO light driver (bh1745) where the ‘scan’ local struct used to push data to userspace from a triggered buffer is not initialized for inactive channels, since the code only uses iio_for_each_active_channel...

7.1CVSS6.1AI score0.00234EPSS
CVE
CVE
added 2025/02/27 2:7 a.m.55 views

CVE-2024-57989

CVE-2024-57989 : In the Linux kernel, the wifi driver for mt76 mt7925 had a NULL pointer dereference in mt7925_change_vif_links because devm_kzalloc() could return NULL and its result was not checked. The vulnerability is described as a local, low-privilege issue with high potential impact to ava...

5.5CVSS6.6AI score0.00205EPSS
CVE
CVE
added 2025/02/27 8:0 p.m.55 views

CVE-2024-58042

CVE-2024-58042 relates to the Linux kernel and fixes a potential deadlock in rhashtable growth logic. The original implementation could trigger a deadlock chain involving nested locks between the rhashtable bucket, rq lock, and dsq lock. The fix moves the hash table growth check and work scheduli...

5.5CVSS6.5AI score0.00157EPSS
CVE
CVE
added 2025/03/06 3:54 p.m.55 views

CVE-2024-58066

The CVE-2024-58066 entry concerns a Linux kernel vulnerability in the clk: mmp: pxa1908-apbcp component. The issue was a NULL vs IS_ERR() check related to devm_kzalloc() returning NULL on error, not an error-pointer, and the code was updated to align the check with the actual return value. Affect...

5.5CVSS7.1AI score0.00143EPSS
CVE
CVE
added 2025/07/03 8:36 a.m.55 views

CVE-2025-38168

CVE-2025-38168 is a Linux kernel issue described as: when provisioning an NI device, a resource allocation failure in one clock domain must rollback all previously registered perf PMUs in other clock domains; otherwise a kernel panic can occur. The connected SUSE/OpenSUSE advisory confirms this C...

5.5CVSS7AI score0.00136EPSS
CVE
CVE
added 2025/07/10 7:41 a.m.55 views

CVE-2025-38269

CVE-2025-38269 affects the Linux kernel, specifically the btrfs path. When exit after a state insertion failure occurs in btrfs_convert_extent_bit(), if insert_state() fails and CONFIG_BUG is disabled, the code falls through to cache_state() and dereferences the error pointer, causing an invalid ...

5.5CVSS6.8AI score0.00154EPSS
CVE
CVE
added 2025/07/10 7:41 a.m.55 views

CVE-2025-38270

CVE-2025-38270: In the Linux kernel, netdevsim with netpoll could trigger a napi_complete-related issue if napi_complete() is called from netpoll. The fix disables napi_complete() in netpoll paths for netdevsim to prevent premature SCHED state handling, addressing a warning observed in napi_compl...

7.8CVSS6.6AI score0.00162EPSS
CVE
CVE
added 2025/07/10 8:14 a.m.55 views

CVE-2025-38321

CVE-2025-38321 affects the Linux kernel SMB/CIFS subsystem. Under low-memory conditions, close_all_cached_dirs() could not move dentries to a separate list for dput() after locks are dropped, causing a “Dentry still in use” error during unmount. The patch adds an explicit error log to clarify thi...

5.5CVSS6.4AI score0.00164EPSS
CVE
CVE
added 2025/07/25 1:20 p.m.55 views

CVE-2025-38413

CVE-2025-38413 : In the Linux kernel virtio-net XDP path (xsk RX), len passed to buf_to_xdp did not consistently account for virtio header length for the first buffer, risking an incorrect frame size check. The fix differentiates the first buffer from subsequent ones by introducing an extra param...

5.5CVSS6.5AI score0.00154EPSS
CVE
CVE
added 2025/08/19 5:2 p.m.55 views

CVE-2025-38560

CVE-2025-38560 relates to the Linux kernel x86/sev SNP memory validation. The vulnerability requires a cache-line eviction mitigation when memory is validated after changing a page state to private. The documented mitigation is to touch the first and last byte of each 4K page being validated. If ...

5.5CVSS7.2AI score0.00153EPSS
CVE
CVE
added 2001/09/12 4:0 a.m.54 views

CVE-1999-1285

CVE-1999-1285 affects Linux kernels 2.1.132 and earlier. A local attacker can cause a denial of service by reading a large buffer from a random device (e.g., /dev/urandom) that cannot be interrupted until the read completes. The provided documents specify the vulnerability and impact (resource ex...

2.1CVSS7.2AI score0.00338EPSS
CVE
CVE
added 2005/02/21 5:0 a.m.54 views

CVE-2005-0204

CVE-2005-0204 affects the Linux kernel prior to 2.6.9 on AMD64/EM64T, where local users could exploit the OUTS instruction to write to privileged IO ports. The issue is documented in multiple advisories (RHSA-2005:293, SUSE CVE-2005-0204) and CentOS/CentOS-announce and is addressed by kernel secu...

2.1CVSS6AI score0.00388EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.54 views

CVE-2005-1368

The vulnerability CVE-2005-1368 affects Linux kernel 2.6.10 through 2.6.11.8, caused by the key_user_lookup() path in security/keys/key.c, enabling a local attacker to crash the system (kernel oops) via SMP. Fedora and Ubuntu advisories indicate that upgrading to a 2.6.11.8-based release or later...

1.2CVSS5.2AI score0.0035EPSS
CVE
CVE
added 2005/11/25 9:0 p.m.54 views

CVE-2005-3805

CVE-2005-3805 describes a locking issue in the POSIX timer cleanup on exit for Linux kernel 2.6.10–2.6.14 on SMP systems, enabling local users to cause a denial of service (deadlock) related to process CPU timers. Affected products/versions are Linux kernel 2.6.10–2.6.14 on SMP; the root cause is...

4.9CVSS5.8AI score0.00398EPSS
CVE
CVE
added 2006/01/09 8:0 p.m.54 views

CVE-2005-4352

The CVE-2005-4352 entry documents a time-wrap flaw in BSD securelevels affecting NetBSD 2.1 and earlier and Linux 2.6.15 and earlier. The root cause is an integer overflow in securelevels that allows a local user to bypass time-change restrictions by setting the clock forward to the 32‑bit Unix e...

2.1CVSS6.3AI score0.00468EPSS
CVE
CVE
added 2006/01/09 11:0 a.m.54 views

CVE-2005-4635

CVE-2005-4635 affects the Linux kernel via nl_fib_input in fib_frontend.c, where lack of validation for header and payload lengths allows remote attackers to trigger a denial of service (invalid memory reference) with malformed fib_lookup netlink messages. Affected lineage is kernels before 2.6.1...

5CVSS6.6AI score0.02889EPSS
CVE
CVE
added 2007/03/28 10:0 p.m.54 views

CVE-2007-1734

CVE-2007-1734 is a Linux kernel vulnerability in the DCCP path: do_dccp_getsockopt does not verify the upper bounds of optlen in net/dccp/proto.c for 2.6.20 and later, enabling local attackers on some architectures to read kernel memory or cause a kernel oops. Public detail confirms affected prod...

7.2CVSS6AI score0.0073EPSS
CVE
CVE
added 2009/09/17 10:0 a.m.54 views

CVE-2009-3234

Affected software: Linux kernel 2.6.31-rc1. The vulnerability is a buffer overflow in the perf_copy_attr function of kernel/perf_counter.c, exploitable via perf_counter_open. Local attackers can crash the kernel (denial of service) and may execute arbitrary code. No exploitation status or patch d...

4.9CVSS7.3AI score0.01795EPSS
Web
CVE
CVE
added 2010/10/05 5:0 p.m.54 views

CVE-2010-2653

CVE-2010-2653 concerns a race condition in the Linux kernel’s hvc_close function (drivers/char/hvc_console.c). The vulnerability affects Linux kernels before 2.6.34 and can enable a local attacker to cause a denial of service or potentially other impact by closing a Hypervisor Virtual Console dev...

6.9CVSS7.2AI score0.00381EPSS
CVE
CVE
added 2012/05/24 12:0 a.m.54 views

CVE-2011-2906

The issue is an integer signedness error in the Linux kernel's pmcraid_ioctl_passthrough under drivers/scsi/pmcraid.c, affecting pre-3.1 kernels. It may allow local attackers to cause denial of service via a negative size value in an ioctl call, typically in environments with a privileged program...

5.5CVSS5.1AI score0.00477EPSS
CVE
CVE
added 2017/05/12 3:0 p.m.54 views

CVE-2016-10293

CVE-2016-10293 is an information-disclosure flaw in the Qualcomm video driver on Android (Kernel-3.10). A local malicious app could access data beyond its permissions by exploiting the driver when a privileged process is compromised. The vulnerability is listed for Nexus 5X, Nexus 6P, and Android...

4.7CVSS4.3AI score0.0088EPSS
CVE
CVE
added 2017/01/12 3:0 p.m.54 views

CVE-2016-6779

CVE-2016-6779 is a local elevation-of-privilege in the HTC sound codec driver affecting Android kernel 3.10 (Nexus 9). The vulnerability could let a local malicious application execute arbitrary code in the kernel context if it can compromise a privileged process. The issue is categorized as High...

7.6CVSS6.8AI score0.0139EPSS
CVE
CVE
added 2017/01/12 3:0 p.m.54 views

CVE-2016-8397

CVE-2016-8397 affects the NVIDIA Tegra kernel driver (NVMAP) with an information-disclosure vulnerability: uninitialized stack memory may be leaked to user space, enabling data exposure from local, unprivileged contexts. CVSSv3 base score is 5.5 (LOCAL, LOW complexity, UI REQUIRED; confidentialit...

5.5CVSS5AI score0.01143EPSS
CVE
CVE
added 2017/02/08 3:0 p.m.54 views

CVE-2016-8419

CVE-2016-8419 is a local elevation-of-privilege vulnerability in the Qualcomm Wi‑Fi driver affecting Android. The issue could allow a local malicious application to execute arbitrary code in the kernel context by exploiting the Qualcomm Wi‑Fi driver. Affected components/files are tied to the Andr...

7.6CVSS6.6AI score0.00845EPSS
CVE
CVE
added 2017/02/08 3:0 p.m.54 views

CVE-2016-8421

CVE-2016-8421 is an elevation-of-privilege vulnerability in the Qualcomm Wi‑Fi driver on Android. A local malicious app could execute arbitrary code in the kernel context by exploiting this driver vulnerability. Affected components/versions noted in provided docs include the Qualcomm Wi‑Fi driver...

7.6CVSS6.6AI score0.00845EPSS
CVE
CVE
added 2017/01/12 8:0 p.m.54 views

CVE-2016-8431

CVE-2016-8431 describes a local elevation of privilege in the NVIDIA GPU driver on Android (Android Kernel 3.18; Pixel C). The vulnerability can allow a local malicious process to execute arbitrary code in kernel context, with potential for permanent device compromise. Connected documents indicat...

9.3CVSS7.4AI score0.01537EPSS
CVE
CVE
added 2017/01/12 8:0 p.m.54 views

CVE-2016-8436

CVE-2016-8436 matches an elevation-of-privilege flaw in the Qualcomm video driver affecting Android kernels (Kernel-3.18). The vulnerability could let a local malicious app execute arbitrary code in the kernel context, potentially causing a permanent device compromise and requiring reflashing to ...

9.3CVSS7.4AI score0.00677EPSS
CVE
CVE
added 2017/01/12 8:0 p.m.54 views

CVE-2016-8438

CVE-2016-8438 describes an integer overflow in the Android kernel’s Peripheral Image Loader (PIL) path that leads to a TOCTOU condition, potentially bypassing PIL authentication. Affected product: Android (kernel 3.18). Root cause is an integer overflow exposing a race condition; impact is descri...

10CVSS9.1AI score0.02251EPSS
CVE
CVE
added 2017/01/12 8:0 p.m.54 views

CVE-2016-8451

CVE-2016-8451 is an elevation-of-privilege vulnerability in the Synaptics touchscreen driver that could allow a local malicious app to execute arbitrary code in kernel context on Android. The Synaptics driver is the affected component; root cause is privilege escalation within the driver enabling...

7.6CVSS6.9AI score0.01518EPSS
CVE
CVE
added 2017/02/08 3:0 p.m.54 views

CVE-2016-8476

CVE-2016-8476 is an elevation-of-privilege vulnerability in the Qualcomm Wi‑Fi driver for Android, allowing a local malicious application to execute code in the kernel once a privileged process is compromised. The issue affects Android kernel versions 3.10 and 3.18; Android ID A-32879283. The NVD...

7.6CVSS6.6AI score0.00845EPSS
CVE
CVE
added 2017/04/05 2:0 p.m.54 views

CVE-2017-0328

Summary (CVE-2017-0328) An information-disclosure vulnerability in the NVIDIA crypto driver could allow a local malicious Android process to access data outside its permission levels. Affected software: Android on kernel 3.10. Exploitation requires a privileged process, so impact is limited to lo...

4.7CVSS5.2AI score0.012EPSS
CVE
CVE
added 2017/03/08 1:0 a.m.54 views

CVE-2017-0334

CVE-2017-0334 is an information-disclosure vulnerability in the NVIDIA GPU driver affecting Android on kernel 3.18 (Android ID A-33245849) where a local malicious app could access data outside its permission levels. The provided documents state the issue is an information disclosure with high imp...

5.5CVSS4.9AI score0.00862EPSS
CVE
CVE
added 2017/03/08 1:0 a.m.54 views

CVE-2017-0336

CVE-2017-0336 is an information-disclosure flaw affecting the NVIDIA GPU driver on Android (Kernel-3.18). A local malicious app could access data outside its permission levels. The vulnerability is described as high-severity in the Android bulletin, with patches released as part of the 2017-03-01...

5.5CVSS4.9AI score0.00862EPSS
CVE
CVE
added 2017/03/08 1:0 a.m.54 views

CVE-2017-0507

CVE-2017-0507 describes an elevation-of-privilege flaw in the Android kernel ION subsystem. The vulnerability could allow a local malicious app to run code in kernel context, potentially enabling a local permanent device compromise. Affected products/cores: Android on kernel versions 3.10 and 3.1...

9.3CVSS7.2AI score0.01823EPSS
CVE
CVE
added 2017/05/12 3:0 p.m.54 views

CVE-2017-0607

CVE-2017-0607 describes an elevation-of-privilege vulnerability in the Qualcomm sound driver on Android, allowing a local malicious application to execute arbitrary code in the kernel context. The description specifies Product: Android and Kernel-3.18, with Android ID A-35400551 and references QC...

7.6CVSS6.6AI score0.01467EPSS
CVE
CVE
added 2017/05/12 3:0 p.m.54 views

CVE-2017-0634

CVE-2017-0634 is an information-disclosure vulnerability in the Synaptics touchscreen driver on Android, affecting Kernel-3.18. The issue allows a local malicious process to access data outside its permissions after bypassing privileged process protection. Impact is limited to the Synaptics drive...

4.7CVSS4.3AI score0.00876EPSS
CVE
CVE
added 2024/10/21 8:6 p.m.54 views

CVE-2022-49008

The CVE-2022-49008 issue affects the Linux kernel, specifically the can327 path: can327_feed_frame_to_netdev() failed to free the skb when the netdev is down, and all callers did not free allocated skbs, causing a potential skb leak. The patch adds kfree_skb() in can327_feed_frame_to_netdev() whe...

5.5CVSS5.4AI score0.002EPSS
CVE
CVE
added 2025/05/01 2:9 p.m.54 views

CVE-2022-49806

CVEsummary (CVE-2022-49806) In the Linux kernel (net: microchip: sparx5), a potential null-pointer dereference was fixed in sparx_stats_init() and sparx5_start(). The root cause: sparx_stats_init() called create_singlethread_workqueue() without validating its return value, which can be NULL, lead...

5.5CVSS6.5AI score0.00164EPSS
CVE
CVE
added 2025/06/18 11:2 a.m.54 views

CVE-2022-50130

CVE-2022-50130 concerns the Linux kernel staging fbtft: core: set smem_len before fb_deferred_io_init call. In fbtft_framebuffer_alloc(), fb_deferred_io_init() was invoked before initializing info->fix.smem_len, which was zeroed by framebuffer_alloc() and caused a WARN_ON() at init, resulting ...

5.5CVSS6.5AI score0.00159EPSS
CVE
CVE
added 2023/04/06 12:0 a.m.54 views

CVE-2023-20663

CVE-2023-20663 describes a potential out-of-bounds write in wlan due to an integer overflow, enabling local privilege escalation with System execution privileges required and no user interaction. The vulnerability is tied to a patch ID ALPS07560741 / Issue ID ALPS07560741. Connected sources menti...

6.7CVSS6.7AI score0.00095EPSS
CVE
CVE
added 2025/03/06 3:54 p.m.54 views

CVE-2024-58073

CVE-2024-58073 affects the Linux kernel component drm/msm/dpu, where dpu_plane_atomic_print_state() could dereference NULL when the pipe state is dumped without a corresponding atomic_check() and pipe->sspp is assigned. The issue is resolved by adding a validation check for sspp in the dpu pla...

5.5CVSS7.2AI score0.00143EPSS
CVE
CVE
added 2025/08/22 1:1 p.m.54 views

CVE-2024-58239

CVE-2024-58239 affects the Linux kernel TLS receive path. If a non-DATA record remains on the rx_list and another record of the same type is still queued, records can merge, causing incorrect processing: the non-DATA record may be treated as DATA, leading to improper handling. The fix described i...

5.5CVSS6.5AI score0.00175EPSS
Total number of security vulnerabilities14330