13804 matches found
CVE-2025-38134
CVE-2025-38134 in Linux kernel: The usb: acpi: fix prevents a NULL pointer dereference in usb_acpi_add_usb4_devlink() due to usb_hub_to_struct_hub() returning NULL in certain hub teardown scenarios. The issue could lead to an access to hub->ports[...] if NULL, and was mitigated by guards in ot...
CVE-2025-38199
The connected Astra/Linux kernel advisory describes CVE-2025-38199 as a memory leak in wifi/ath12k where arsta->rx_stats was allocated each time a station was added, including repeated additions for the same station. The root cause is redundant allocations when ath12k_mac_station_add() is call...
CVE-2025-38261
CVE-2025-38261 affects the Linux kernel on riscv. The root cause is improper handling of the SR_SUM CSR during task switches, where a sleeping function passed to put_user() could clear SR_SUM and trigger a crash under heavy load (e.g., with syz-stress). The patch adds saving and restoring SR_SUM ...
CVE-2025-38284
CVE-2025-38284 affects the Linux kernel wifi driver rtW89 via PCI config DAC handling. The issue: 36-bit DMA support depends on a chip‑proprietary bit accessible through PCI config API or DBI; when mmap is NULL, a page fault occurs and the kernel trace shows a BUG in rtw89_pci_ops_write16 leading...
CVE-2025-38321
CVE-2025-38321 affects the Linux kernel SMB/CIFS subsystem. Under low-memory conditions, close_all_cached_dirs() could not move dentries to a separate list for dput() after locks are dropped, causing a “Dentry still in use” error during unmount. The patch adds an explicit error log to clarify thi...
CVE-2025-38347
CVE-2025-38347 is tied to a Linux kernel issue in the F2FS file system. The description details a deadlock scenario during mknod in a corrupted directory, caused by locking the directory inode page twice while processing ACL/xattrs. The root cause is a mismatch between inode number and xattr inod...
CVE-2025-38360
CVE-2025-38360 is a Linux kernel vulnerability affecting drm/amd/display where insufficient HUBP/DSC domain checks could leave the HUBP domain mismatched to a DSC instance, risking an undefined tile state and potential system hang. The advisory states that the fix adds more checks to ensure the H...
CVE-2025-38438
CVE-2025-38438 – Linux kernel ASoC: SOF: Intel: hda: devm_kstrdup() used to prevent memleak. The issue arises in sof_pdata->tplg_filename where memory allocated by kstrdup() could be overwritten, creating a memory leak detected by kmemleak. The vulnerability is specific to the SOF Intel HDA dr...
CVE-2025-38452
CVE-2025-38452 affects the Linux kernel’s net/ethernet RTSN driver. The vulnerability was in a null pointer dereference in rtsn_probe(), addressed by adding a check for the return value of rcar_gen4_ptp_alloc(). This mitigates potential null pointer dereference and reduces the risk of a local imp...
CVE-2025-38597
CVE-2025-38597 (Linux kernel, drm/rockchip): A vulnerability in vop2 binding for video-ports could dereference a null primary plane. The code binding a vop2 to a window searches for a primary-plane usable by the target port, but no check ensured a primary-plane was found before calling drm_crtc_i...
CVE-2026-22999
CVE-2026-22999 is addressed by fixes in the Linux kernel's net/sched code: sch_qfq now avoids freeing an existing class in qfq_change_class() unless a new class and qdisc are allocated, preventing potential use-after-free (UAF). The Ubuntu/Ubuntu USN and SUSE SUSE-SU-2026:1305-1 advisories list t...
CVE-2026-31607
CVE-2026-31607 (Linux kernel USB/IP) : A RET_SUBMIT response can cause an out-of-bounds write when usbip_pack_ret_submit() overwrites urb->number_of_packets without validation. The loop bound in usbip_recv_iso()/usbip_pad_iso() then writes beyond urb->iso_frame_desc[], triggering a heap OOB...
CVE-1999-1166
CVE-1999-1166 affects Linux 2.0.37 and is caused by not properly encoding the Custom segment limit, which allows local users to gain root privileges by accessing or modifying kernel memory. The connected documents reiterate the same description and do not provide a concrete remediation, workaroun...
CVE-2001-1273
The CVE-2001-1273 issue affects the Linux kernel before version 2.2.17-14 when running on certain Intel CPUs. The vulnerability, described as the 'mxcsr P4' issue, allows a local user to cause a denial of service (system halt). Documents do not specify the exact vulnerable components beyond the k...
CVE-2001-1384
CVE-2001-1384 affects the Linux kernel in 2.2.x up to 2.2.19 and 2.4.x up to 2.4.9. The vulnerability is a local privilege escalation: a local user can gain root by ptracing a setuid/setgid process that itself executes an unprivileged program (e.g., newgrp). The provided documents do not specify ...
CVE-2004-0058
The CVE-2004-0058 entry affects Antivir for Linux 2.0.9-9 and potentially earlier versions. It describes a local privilege issue where a symlink race on the temporary file .pid_antivir_$$ allows a local user to overwrite arbitrary files. The underlying cause is a symlink attack on a daemon-relate...
CVE-2004-2135
Cryptoloop in Linux kernel 2.6.x, when used on file systems with a block size of 1024 or greater, contains IV computation weaknesses that allow watermarked files to be detected without decryption. The documented impact is PARTIAL confidentiality loss. No exploits, specific remediations, or affect...
CVE-2008-3077
The CVE-2008-3077 issue affects the Linux kernel (arch/x86/kernel/ptrace.c) on x86_64 before version 2.6.25.10. The function sys32_ptrace leaks task_struct references, enabling local attackers to trigger a denial of service (system crash) and potentially other impacts via unknown vectors, possibl...
CVE-2008-7316
The vulnerability CVE-2008-7316 affects the Linux kernel up to version 2.6.25 in the mm/filemap.c path. A local attacker can trigger an infinite loop/denial of service by issuing a writev system call that creates a zero-length iovec followed by a page fault for a nonzero-length iovec. Impact is a...
CVE-2011-4098
CVE-2011-4098 affects the Linux kernel GFS2 fallocate implementation. The vulnerability stems from using the page cache to preallocate blocks, which can allow local users to trigger a denial of service in scenarios with insufficient memory. Affected component is the GFS2 filesystem’s fallocate pa...
CVE-2016-10286
CVE-2016-10286 is an elevation-of-privilege vulnerability in the Qualcomm video driver on Android, enabling a local malicious application to execute arbitrary code in the kernel context. The issue affects Android with Kernel-3.18 and Android ID A-35400904; exploitation requires compromising a pri...
CVE-2016-10287
CVE-2016-10287 describes an elevation-of-privilege vulnerability in the Qualcomm sound driver within Android’s kernel. The issue could let a local malicious application execute arbitrary code in the kernel context, requiring prior compromise of a privileged process. Affected components/versions i...
CVE-2016-10288
CVE-2016-10288 is an elevation-of-privilege flaw in the Qualcomm LED driver that could allow a local attacker to execute arbitrary code in the kernel context on affected Android devices. The issue targets the Android kernel (Kernel-3.18) via the LED driver, requiring compromising a privileged pro...
CVE-2016-8404
CVE-2016-8404 is an information-disclosure vulnerability in Android kernel components (ION subsystem, Binder, USB driver, and networking). A local malicious application could access data outside its permission levels after compromising a privileged process. Affected product/versions: Android kern...
CVE-2016-8451
CVE-2016-8451 is an elevation-of-privilege vulnerability in the Synaptics touchscreen driver that could allow a local malicious app to execute arbitrary code in kernel context on Android. The Synaptics driver is the affected component; root cause is privilege escalation within the driver enabling...
CVE-2017-0520
CVE-2017-0520 is an elevation-of-privilege vulnerability in the Qualcomm crypto engine driver that could allow a local malicious Android app to execute code in the kernel context. Affected components: Qualcomm crypto engine driver; vulnerable against Android kernels 3.10 and 3.18. Trigger require...
CVE-2017-0536
CVE-2017-0536 concerns an information-disclosure flaw in the Synaptics touchscreen driver on Android, affecting Kernel-3.10 and Kernel-3.18. The vulnerability could let a local malicious process access data outside its privileges, requiring compromise of a privileged process. Publicly disclosed d...
CVE-2017-0631
CVE-2017-0631 is an information-disclosure vulnerability in the Qualcomm camera driver for Android. According to NVD, it affects Android on kernels 3.10 and 3.18, enabling a local malicious application to access data outside its permission levels after compromising a privileged process. The descr...
CVE-2022-49893
CVE-2022-49893 concerns a Linux kernel issue where the cxl/region leak occurs if a region is deleted. The fix ensures that, during unregister_region(), all targets previously assigned to the region are detached, so their references to the region drop and the region object is not leaked after sysf...
CVE-2022-50130
CVE-2022-50130 concerns the Linux kernel staging fbtft: core: set smem_len before fb_deferred_io_init call. In fbtft_framebuffer_alloc(), fb_deferred_io_init() was invoked before initializing info->fix.smem_len, which was zeroed by framebuffer_alloc() and caused a WARN_ON() at init, resulting ...
CVE-2023-20675
CVE-2023-20675 concerns MediaTek platforms where the kernel/wlan component is vulnerable to an out-of-bounds read caused by a missing bounds check. The issue can lead to local information disclosure, with potentially full System privileges if exploited, and does not require user interaction. Conn...
CVE-2024-43874
CVE-2024-43874 affects the Linux kernel crypto CCP/SEV path. The vulnerability is a NULL pointer dereference in __sev_snp_shutdown_locked triggered when psp_device or sev_device are uninitialized due to DEBUG_TEST_DRIVER_REMOVE. The fix returns early from __sev_snp_shutdown_locked() if these stru...
CVE-2024-58238
In the Linux kernel Bluetooth btnxpuart driver, CVE-2024-58238, a race during power-save UART break handling could cause a TX timeout when two HCI commands timed with the 2-second power-save window occurred during extended stress tests. The issue was mitigated by adding a ps_lock mutex around UAR...
CVE-2025-38039
CVE-2025-38039 affects the Linux kernel's net/mlx5e driver in scenarios where MQPRIO is enabled while HTB offload is already configured. The vulnerability arises when the driver previously returned -EINVAL and triggered a WARN_ON, potentially generating a call trace. A patch was applied to handle...
CVE-2025-38092
CVE-2025-38092 concerns the Linux kernel (ksmbd) and the opinfo_get_list() path. The root cause is use of list_first_entry(), which does not return NULL for empty lists, leading to an invalid pointer. The fix is to switch to list_first_entry_or_null() to safely detect empties. Public references i...
CVE-2025-38164
CVE-2025-38164 concerns the Linux kernel F2FS file system. A patch fixes an inconsistency between SIT and SSA during garbage collection by skipping block migration for opened sections in f2fs_gc_range(), preventing a potential crash (Observed as in test scenarios where a filesystem stopped with ‘...
CVE-2025-38208
CVE-2025-38208 is resolved in the Linux kernel: smb client adds a NULL check in automount_fullpath to prevent NULL dereference when tcon->origin_fullpath is set. The issue was a missing null check in __build_path_from_dentry_optional_prefix for the case when origin_fullpath is present. Affects...
CVE-2025-38297
CVE-2025-38297: In the Linux kernel, a division-by-zero could occur in em_compute_costs() for non-CPU devices due to uninitialized table[i].performance. The fix adds a _is_cpu_device(dev) check to em_init_performance() paths to prevent the division. Public advisories (e.g., openSUSE SUSE-SU-2026:...
CVE-2025-38560
CVE-2025-38560 relates to the Linux kernel x86/sev SNP memory validation. The vulnerability requires a cache-line eviction mitigation when memory is validated after changing a page state to private. The documented mitigation is to touch the first and last byte of each 4K page being validated. If ...
CVE-2025-38571
The CVE-2025-38571 entry documents a Linux kernel flaw in sunrpc client-side handling of TLS alerts within NFS over TLS. The vulnerability stems from a misassumption that valid data resides in the msghdr iterator’s kvec, which could be exploited by TLS alert handling. The recommended fix reworks ...
CVE-2025-38572
CVE-2025-38572 affects the Linux kernel IPv6 path, where an attacker could craft IPv6 extension headers to overflow skb->transport_header via ipv6_gso_segment() when processing very long headers. The root cause is related to the 16-bit transport header field handling, with a suggested fix addi...
CVE-2025-38670
CVE-2025-38670 affects ARM64 Linux kernel. The vulnerability arises in cpu_switch_to() and call_on_irq_stack() where masking and saving the DAIF state and SCS pointers are not atomic across stack switches, allowing a race during task/IRQ stack transitions. Interrupts (SErrors/Debug Exceptions) ca...
CVE-2003-0467
The CVE-2003-0467 issue affects Netfilter NAT SACK handling (ip_nat_sack_adjust) in Linux kernels 2.4.20 and some 2.5.x when NAT FTP/IRC is enabled or ip_nat_ftp/irc modules are loaded. The root cause is an integer signedness handling in the Sack adjustment logic, which could allow a remote attac...
CVE-2004-2536
Summary of CVE-2004-2536 : The Linux kernel 2.6.x releases up to 2.6.5 contain a fault in the exit_thread path (process.c) where per-TSS io_bitmap pointers are not invalidated when a process obtains IO permissions via ioperm and later exits. This can allow other processes to access the per-TSS po...
CVE-2007-5087
The CVE-2007-5087 issue affects the Linux kernel ATM module prior to 2.4.35.3 with CLIP support enabled. Reading /proc/net/atm/arp before the CLIP module is loaded can cause a denial-of-service (kernel panic) for local users. The vulnerability is documented in multiple sources (NVD/SUSE/Red Hat) ...
CVE-2008-3686
The CVE-2008-3686 entry concerns Linux kernel 2.6.26-rc4 and 2.6.26.x where the rt6_fill_node function in net/ipv6/route.c is vulnerable. Local users can trigger a denial of service (kernel OOPS) by sending IPv6 requests when no IPv6 input device is in use, causing a NULL pointer dereference. The...
CVE-2011-2210
The CVE-2011-2210 issue affects the Linux kernel on the Alpha platform, where osf_getsysinfo in arch/alpha/kernel/osf_sys.c does not properly bound the data size for GSI_GET_HWRPB, enabling local users to read kernel memory. Public sources confirm the root cause is improper data size restriction ...
CVE-2016-10285
CVE-2016-10285 concerns an elevation-of-privilege in the Qualcomm video driver within Android's kernel (Kernel-3.18). A local malicious application could execute arbitrary code in kernel context if it first compromises a privileged process. The issue is rated High and requires local access with u...
CVE-2016-6757
CVE-2016-6757 describes an information-disclosure vulnerability affecting Qualcomm components used in Android devices, specifically the camera driver and video driver. The issue could allow a local malicious application to access data beyond its permissions after compromising a privileged process...
CVE-2016-6758
CVE-2016-6758 is an elevation of privilege vulnerability in Qualcomm Media Codecs on Android. The issue allows a local malicious application to execute arbitrary code in the context of a privileged process via exploitation of the Qualcomm media codecs component (kernel 3.10/3.18 lineage). Affecte...