13804 matches found
CVE-2016-8439
CVE-2016-8439 is an Android vulnerability describing a possible buffer overflow in the trust zone access control API due to insufficient buffer size checking. The connected NVD entry lists affected software as Android kernel 3.18, with Android ID A-31625204, indicating the root cause lies in a bu...
CVE-2016-8441
CVE-2016-8441 : Possible buffer overflow in the Android hypervisor due to inappropriate use of a static array in Kernel 3.18. Impact: local code execution with high severity (CVSS2 7.2, CVSS3 7.8). Connected documents confirm product/versions but do not provide a concrete patch/remediation detail...
CVE-2016-8483
CVE-2016-8483 describes an information-disclosure vulnerability in the Qualcomm power driver used by Android on Kernel-3.10. A locally installed, malicious app could access data outside its permission levels due to a flaw in the Qualcomm power driver component. The issue is categorized as High ri...
CVE-2017-0629
CVE-2017-0629 is an information-disclosure vulnerability in the Qualcomm camera driver for Android, enabling a local malicious app to access data outside its permissions after compromising a privileged process. Affected: Android kernels 3.10/3.18 (Qualcomm camera driver). Base impact: partial con...
CVE-2017-0632
CVE-2017-0632 is an information-disclosure vulnerability in the Qualcomm sound codec driver within Android’s kernel (Kernel-3.10). It could allow a local malicious application to access data beyond its permissions after compromising a privileged process. The issue is classified as Moderate and is...
CVE-2022-50042
CVE-2022-50042 refers to a Linux kernel vulnerability in the net: genl code for policy dumping. The issue is a memory leak in error paths when constructing the array of policies if recording non-first policies fails, and in netlink_policy_dump_add_policy which currently may not record the allocat...
CVE-2024-58065
The CVE-2024-58065 issue concerns the Linux kernel component clk: mmp: pxa1908-apbc. Root cause: the NULL vs IS_ERR() check was incorrect because devm_kzalloc() returns NULL on error, not an error pointer. Die to this, a NULL check fix was applied to properly distinguish allocation failures. The ...
CVE-2024-58239
CVE-2024-58239 affects the Linux kernel TLS receive path. If a non-DATA record remains on the rx_list and another record of the same type is still queued, records can merge, causing incorrect processing: the non-DATA record may be treated as DATA, leading to improper handling. The fix described i...
CVE-2025-38172
CVE-2025-38172 refers to a Linux kernel vulnerability in the erofs filesystem driver where a device-type mismatch between primary and extra devices can trigger a use-after-free (UAF). The root cause, as described in the advisory, is that when the primary device is a block device and the extra dev...
CVE-2025-38242
CVE-2025-38242 relates to a race in the Linux kernel’s userfaultfd path (mm: userfaultfd: fix race of userfaultfd_move and swap cache). The advisory describes two race variants: (1) a NULL folio/lookup edge where a folio is swapped into the wrong VMA, potentially triggering a BUG_ON, and (2) a ra...
CVE-2025-38258
The CVE-2025-38258 issue affects the Linux kernel, specifically in mm/damon/sysfs-schemes where memcg_path_store() assigns a newly allocated buffer to filter->memcg_path without freeing the previous one, enabling kernel memory leaks via repeated writes to memcg_path in the DAMOS sysfs file. Th...
CVE-2025-38267
CVE-2025-38267 affects the Linux kernel ring-buffer logic. The issue arises during memory-mapped buffer reads when a commit_overrun allows the reader page to swap to the commit buffer, potentially triggering a WARN_ON_ONCE due to missed events. The vulnerability is tied to the ring_buffer_map_get...
CVE-2025-38306
CVE-2025-38306 – Linux kernel race in fs/fhandle.c: may_decode_fh() calls has_locked_children() without holding locks, causing an oopsable race. Patch renames has_locked_children() to __has_locked_children(), makes it static, and redirects callers to it; the public wrapper now calls the inner fun...
CVE-2025-38469
Technical details for CVE-2025-38469 are not publicly provided in the supplied documents; monitor for updates.
CVE-2025-38540
CVE-2025-38540 relates to the Linux kernel HID quirk handling for two Chicony Electronics HP 5MP Cameras (USB IDs 04F2:B824 and 04F2:B82C). The vulnerability arises because the HID sensor interface is non-functional by design, and attempting to access it via iio_info can cause the system to hang ...
CVE-2025-38670
CVE-2025-38670 affects ARM64 Linux kernel. The vulnerability arises in cpu_switch_to() and call_on_irq_stack() where masking and saving the DAIF state and SCS pointers are not atomic across stack switches, allowing a race during task/IRQ stack transitions. Interrupts (SErrors/Debug Exceptions) ca...
CVE-2025-38671
CVE-2025-38671 affects the Linux kernel i2c: qup driver. Root cause: timeout handling only set a return value and did not exit the loop when a client keeps the bus active, enabling kernel hang (observed with PCA953x GPIO extender). Fix: change the logic to return via -ETIMEDOUT, jumping out of th...
CVE-2026-22997
The CVE-2026-22997 issue affects the Linux kernel CAN/J1939 subsystem. The root cause is that j1939_session_deactivate_activate_next() is only invoked in j1939_tp_rxtimer() when the timer is enabled, allowing a refcount leak if the timer is cancelled without calling the function. This can lead to...
CVE-1999-1276
The CVE-1999-1276 entry describes a local privilege escalation in fte-console: before 0.46b-4.1 it does not drop root privileges, allowing local users to gain root via the virtual console device. Affected: fte-package fte-console. Impact per CVSS: complete impact to confidentiality, integrity, an...
CVE-1999-1441
CVE-1999-1441 concerns the Linux kernel (2.0.34) allowing a local user to deliver SIGIO signals to arbitrary processes, leading to denial of service if the target does not catch the signal. The root cause is improper restriction of SIGIO delivery across processes. Public references show a practic...
CVE-2011-2210
The CVE-2011-2210 issue affects the Linux kernel on the Alpha platform, where osf_getsysinfo in arch/alpha/kernel/osf_sys.c does not properly bound the data size for GSI_GET_HWRPB, enabling local users to read kernel memory. Public sources confirm the root cause is improper data size restriction ...
CVE-2012-0058
The CVE-2012-0058 issue affects the Linux kernel up to version 3.2.2, in the kiocb_batch_free function of fs/aio.c, caused by incorrect iocb management. It allows local attackers to cause a denial of service (OOPS). Impact is confined to local execution, with availability as the primary effect de...
CVE-2016-10284
CVE-2016-10284 is a vulnerability in the Qualcomm video driver that enables an elevated-privilege path: a local, privileged process could be exploited by a malicious local app to run arbitrary code in the kernel context on Android devices. The issue affects Android kernel versions 3.10 and 3.18, ...
CVE-2016-6162
CVE-2016-6162 affects the Linux kernel file net/core/skbuff.c (kernel 4.7-rc6). The issue allows local users to trigger a denial of service (kernel panic) or potentially other unspecified impact through certain IPv6 socket operations. Multiple advisories (SUse, Red Hat, Debian, Ubuntu OSV, CNVD, ...
CVE-2016-6790
CVE-2016-6790 affects NVIDIA libomx (libnvomx) in Android devices (notably Pixel C) with kernel 3.18. Root cause: NVIDIA OpenMAX component copies an input buffer to an output buffer without validating the input size, enabling local exploitation; the NVIDIA bulletin labels this as a high‑severity ...
CVE-2016-8392
CVE-2016-8392 is a local privilege-escalation in the Qualcomm sound driver affecting Android devices (Nexus 5X/6/6P, Android One, Pixel/Pixel XL) via the kernel context. The vulnerability could let a malicious local app execute arbitrary code in the kernel after compromising a privileged process....
CVE-2016-8403
CVE-2016-8403 describes an information-disclosure vulnerability in Android’s kernel components, including the ION subsystem, Binder, USB driver, and networking subsystem. The issue could allow a local malicious application to access data outside its permission levels, with confidentiality impact ...
CVE-2016-8416
The CVE-2016-8416 entry concerns an information-disclosure vulnerability in the Qualcomm video driver on Android (kernel 3.18). A local malicious application could access data outside its permissions due to the driver’s handling, with impact described as data disclosure and requiring a privileged...
CVE-2016-8426
CVE-2016-8426 affects the NVIDIA GPU driver on Android (kernel-3.10). It is an elevation-of-privilege vulnerability that could let a local malicious app execute arbitrary code in kernel context, potentially causing a local permanent device compromise. The NVD entry cites CVSSv3: LOCAL access, hig...
CVE-2022-49819
CVE-2022-49819 concerns the Linux kernel. The issue in octeon_ep has a potential memory leak in octep_device_setup on failures of unsupported_dev or mbox init, where oct->conf was not freed and oct->mmio[i].hw_addr was not unmapped. The fix frees oct->conf with kfree() and unmaps oct->...
CVE-2022-50223
CVE-2022-50223 affects the Linux kernel on LoongArch where, when CONFIG_CPUMASK_OFFSTACK and CONFIG_DEBUG_PER_CPU_MAPS are enabled, cpu_max_bits_warn() could trigger a runtime warning during /proc/cpuinfo display. The issue arises from iterating CPUs using NR_CPUS and is fixed by using nr_cpu_ids...
CVE-2022-50224
CVE-2022-50224 is a Linux kernel/KVM issue where NX is treated as a valid SPTE bit for NPT, enabling a mismatch that can trigger a WARN when reserved SPTE bits are set. Concrete details come from the Linux kernel KVM/mmu path, including a traceback and a mitigation involving NX handling when the ...
CVE-2023-20677
The CVE-2023-20677 issue affects the wlan component in MediaTek-based devices, caused by a missing bounds check leading to an out-of-bounds read. Impact is local information disclosure with SYSTEM-level execution privileges required, and exploitation reportedly does not require user interaction. ...
CVE-2025-38070
The CVE-2025-38070 entry concerns the Linux kernel ASoC sma1307 driver. The vulnerability arises from missing NULL checks in sma1307_setting_loaded(), with allocations via kzalloc and devm_kzalloc that could be NULL. The connected Astra Linux advisory confirms this description and notes that mult...
CVE-2025-38169
In the Linux kernel (CVE-2025-38169) on arm64 with SME, a thread context switch could clobber the kernel FPSIMD state when restoring a previous kernel FPSIMD state while the CPU is in streaming SVE mode. The bug occurs if fpsimd_thread_switch() calls fpsimd_load_kernel_state() while streaming SVE...
CVE-2025-38232
CVE-2025-38232 : A race between NFSD registration and exports_proc causes kernel oopses when exportfs -r and mounting nfsd happen concurrently. The description specifies that the bug arises because nfsd creates the proc entry at init and cleans up at exit, leading to a race with exports_proc. The...
CVE-2025-38255
CVE-2025-38255 : In the Linux kernel, a NULL pointer dereference can occur in lib/group_cpus when group_cpus_evenly() is called with numgrps == 0. The root cause is that kcalloc() returns ZERO_SIZE_PTR and subsequent dereference leads to a panic during blk_mq_map_queues/nulL_map_queues. The conne...
CVE-2025-38311
CVE-2025-38311 affects the Linux kernel iavf driver. Root cause: removal of the crit_lock to avoid error-prone try_locks, replacing it with netdev_lock in most cases. This change aims to fix deadlock scenarios observed during VF removal by canceling work without netdev_lock and by expanding the p...
CVE-2025-38333
CVE-2025-38333 affects the Linux kernel’s f2fs file system. A fix was applied to bail out in get_new_segment() when inconsistent status is detected between free_segmap and free_secmap, recording the error into the superblock and aborting the segment allocation. The vulnerability stems from get_ne...
CVE-2025-38514
The CVE-2025-38514 issue affects the Linux kernel RxRPC: when an AF_RXRPC service socket is opened/bound and calls are preallocated, rxrpc_alloc_incoming_call() can oops because rxrpc_backlog may not be allocated until the first preallocation. The fix is to return NULL from rxrpc_alloc_incoming_c...
CVE-2025-38582
CVE-2025-38582 affects the Linux kernel RDMA/hns (hns_roce) stack. The root cause is a double destruction of rsv_qp: free_mr_init() can run twice (once in free_mr_init() during error flow and again in hns_roce_exit()), leading to LIST_POISON1 corruption in the qP destroy path. The fix moves the f...
CVE-2025-38590
CVE-2025-38590 is a Linux kernel vulnerability in the Mellanox mlx5e path. The issue occurs when a hardware decrypted packet’s xfrm state is not found in an xarray, leaving the skb secpath (sp) extension intact. Downstream code may dereference an invalid secpath, causing a crash in __xfrm_policy_...
CVE-2025-38614
The CVE-2025-38614 entry describes a Linux kernel vulnerability in eventpoll where recursion depth in ep_loop_check_proc() could form deep trees and trigger semi-unbounded recursion. The root cause involved two shortcomings: (1) the depth checks did not consider upward paths, and (2) multiple dow...
CVE-1999-0781
The CVE-1999-0781 entry concerns KDE: local users can run arbitrary commands by setting the KDEDIR environment variable to alter KDE’s executable search path. This documents the affected component as KDE and the root cause as the KDEDIR env var influencing how KDE locates executables, enabling lo...
CVE-2002-1963
The CVE-2002-1963 entry affects Linux kernel versions 2.4.1–2.4.19. The root cause is that the NR_RESERVED_FILES limit is set to 10, enabling local users to exhaust resources by opening 10 setuid binaries, causing a denial of service. Publicly provided documents confirm the affected kernel range ...
CVE-2003-1161
The CVE-2003-1161 entry concerns the Linux kernel 2.6-test9-CVS where exit.c, as stored on kernel.bkbits.net, was modified to include a backdoor. This backdoor could allow local users to elevate privileges by passing __WCLONE|__WALL to the sys_wait4 function, enabling local privilege escalation. ...
CVE-2013-3236
The CVE-2013-3236 issue affects the Linux kernel component vmci_transport_dgram_dequeue in net/vmw_vsock/vmci_transport.c; it fails to initialize a length variable, allowing local attackers to read kernel stack memory via crafted recvmsg/recvfrom. Affects kernels before 3.9-rc7. Multiple advisori...
CVE-2016-10290
CVE-2016-10290 is an elevation-of-privilege issue in the Qualcomm Shared Memory Driver used on Android. The vulnerability could allow a local malicious application to execute arbitrary code in the kernel context by exploiting the shared memory driver. The entry specifies that exploitation is loca...
CVE-2016-10294
CVE-2016-10294 describes a local information-disclosure vulnerability in the Qualcomm power driver used in Android. The issue could allow a local malicious application to access data outside its permission levels by exploiting the Qualcomm power driver in affected Android kernels (Kernel-3.10 and...
CVE-2016-8393
CVE-2016-8393 describes an elevation of privilege in the Synaptics touchscreen driver that could let a local malicious Android application execute arbitrary code in kernel context. Affected product: Android (kernel 3.10). Root cause: a vulnerability in the Synaptics touchscreen driver enabling co...