13804 matches found
CVE-2016-8415
CVE-2016-8415 describes an elevation-of-privilege flaw in the Qualcomm Wi‑Fi driver that lets a local malicious app execute code in the kernel context. Affected software is Android with kernel versions 3.10 and 3.18; exploitation requires compromising a privileged process. The issue is categorize...
CVE-2017-0580
CVE-2017-0580 is an elevation-of-privilege flaw in the Synaptics Touchscreen driver within Android’s kernel (3.18). A local malicious process could exploit the driver to run arbitrary code in kernel context. The issue is described as High severity, contingent on compromising a privileged process ...
CVE-2023-53221
The CVE-2023-53221 case concerns a vulnerability in the Linux kernel where a memleak can occur if fentry attachment fails for a BPF trampoline image. The description states that, when the fentry attach fails, the allocated trampoline image remains in memory and can be observed in /proc/kallsyms a...
CVE-2024-43878
CVE-2024-43878 — Linux kernel xfrm: Fix input error path memory access . Affected component: the Linux kernel networking/xfrm stack (xfrmi_rcv_cb). Root cause: memory access during the input slow-path handling when input state is misconfigured, leading to a KASAN wild-memory-access read (observed...
CVE-2025-38054
The CVE-2025-38054 issue affects the Linux kernel PTP clock framework (ocp) in debugfs summary output. It could dereference NULL or access out-of-bounds elements in freq_in[] and signal_out[] due to uninitialized elements. The fix adds per-array counters (nr_freq_in, nr_signal_out) with a maximum...
CVE-2025-38055
CVE-2025-38055 affects the Linux kernel (perf/x86/intel) where PEBS-via-PT with a sample_freq could trigger a NULL pointer dereference due to intel_pmu_pebs_event_update_no_drain() misinterpreting pebs_enabled bits as counter indexes. The issue arises when bits 60/61 are set for PEBS-via-PT, and ...
CVE-2025-38082
CVE-2025-38082 refers to a Linux kernel vulnerability in gpio: virtuser where an out-of-bounds write could occur if a caller wrote more characters than the destination buffer could hold in simple_write_to_buffer. The issue is mitigated by a fix that truncates the input size to the available buffe...
CVE-2025-38096
The connected SUSE/OpenSUSE advisory confirms CVE-2025-38096 is addressed by an openSUSE Leap 16.0 kernel security update (openSUSE-SU-2025-20081-1). The CVE concerns the Linux kernel wifi/iwlwifi code, specifically iwl_trans_reclaim warning behavior when the FW is not alive or a FW restart is pe...
CVE-2025-38156
CVE-2025-38156 is a Linux kernel vulnerability affecting the mt76 wifi driver and specifically the mt7996_mmio_wed_init() path. The root cause is that devm_ioremap() may return NULL on error and mt7996_mmio_wed_init() did not check for this, causing a NULL pointer dereference. Affected: Linux ker...
CVE-2025-38195
CVE-2025-38195 concerns the Linux kernel LoongArch code, where a NULL-PMD handling path in huge_pte_offset() could trigger a kernel-panic when processing huge pages, as shown by the error trace and mitigation notes. The issue affects the kernel’s page fault / madvise pathways, with a local attack...
CVE-2025-38446
CVE-2025-38446 affects the Linux kernel clock Framework for imx (ARM i.MX95 DT). The issue is an out-of-bounds access in dispmix_csr_clk_dev_data inside __clk_register() when num_parents is 4, accessing parent_names beyond the valid range. The bug manifests as a KASAN global-out-of-bounds read (s...
CVE-2025-38513
CVE-2025-38513 : Linux kernel WiFi zd1211rw driver fix for a potential NULL pointer dereference in zd_mac_tx_to_dev(). The patch adds a NULL check before calling zd_mac_tx_status() to handle the race where skb = __skb_dequeue(q) can return NULL after the distance between queue-length checks and d...
CVE-2025-38524
The CVE-2025-38524 issue concerns a race in Linux kernel RXRPC: when a call on a socket receives events, the call may be dequeued by two threads, potentially causing a release/decoupling that leaves a stale RXRPC_USER_CALL_ID. The fix dequeues the call and ignores it if it is already released, pr...
CVE-2025-38528
CVE-2025-38528: In the Linux kernel, a BPF format-string handling flaw in bpf_bprintf_prepare could fail to reject a crafted %\x00 sequence, allowing a runtime kernel warning when a BPF program uses %p% (as shown by the example). A patch fixes this by ensuring punctuation isn’t skipped during pro...
CVE-2025-38543
CVE-2025-38543 is a Linux kernel vulnerability affecting the drm/tegra nvdec path. The root cause is a missing NULL check after dma_alloc_coherent, resolved by aligning with Robin's fix for vic.c (DMA API misuse). The impact, per the entry, is a HIGH availability impact with no confidentiality or...
CVE-2025-38566
CVE-2025-38566 affects the Linux kernel sunrpc tls alert handling in NFS over TLS. The root cause is the kTLS/read path interaction with TLS control messages and TLS alert payloads, where mis-splitting control message data can lead to incorrect processing and potential exploitation. The connected...
CVE-2025-38574
CVE-2025-38574 affects the Linux kernel PPTP transmit path (pptp_xmit). A missing bound check on skb length could allow reading uninitialized data in pptp_xmit(), similar to changes made for ppp_sync_txmunge. The issue is fixed by the upstream commit aabc6596ffb3 and related bound-checking change...
CVE-2025-38578
CVE-2025-38578 is a Linux kernel vulnerability related to f2fs use-after-free in f2fs_sync_inode_meta, as discussed in the initial description. The issue arises in the writeback path via f2fs_inode_synced/update_inode/write_inode, leading to a use-after-free condition detected by KASAN. A fix has...
CVE-2025-38591
CVE-2025-38591 affects the Linux kernel and is resolved by a patch in the BPF verifier. The issue involved a narrowing context access check in BPF, where a program attempted to read a pointer field (offset 169) in __sk_buff (field sk at offset 168). The verifier incorrectly allowed this “narrower...
CVE-2026-31658
CVE-2026-31658 affects the Linux kernel net: altera-tse driver. The root cause is a memory leak: when dma_map_single() fails in tse_start_xmit(), the code returns NETDEV_TX_OK without freeing the skb, causing the skb to be leaked on every DMA mapping failure. The provided patches add dev_kfree_sk...
CVE-2006-3634
The CVE-2006-3634 entry describes a vulnerability in Linux kernel 2.6.17-rc4 through 2.6.18-rc2 where two futex helper functions, __futex_atomic_op and futex_atomic_cmpxchg_inatomic, perform the atomic futex operation in kernel address space instead of user space. This misplacement can allow a lo...
CVE-2006-6333
The CVE-2006-6333 issue affects Linux kernel 2.6.19: the tr_rx function in ibmtr.c can assign the wrong flag to ip_summed, enabling remote attackers to trigger a memory-corruption DoS by crafting packets that mislead the kernel to treat a field as an offset. The vulnerability is supported by mult...
CVE-2016-6791
CVE-2016-6791 is an elevation-of-privilege vulnerability in the Qualcomm sound driver affecting Android devices. The issue allows a local malicious application to execute arbitrary code in the kernel context, requiring initial compromise of a privileged process. Affected components/versions inclu...
CVE-2016-8394
CVE-2016-8394 describes an elevation-of-privilege vulnerability in the Synaptics touchscreen driver on Android. The issue could allow a local malicious application to execute arbitrary code in the kernel context by exploiting the Synaptics driver, requiring initial compromise of a privileged proc...
CVE-2016-8407
CVE-2016-8407 is an information disclosure vulnerability in Android’s kernel components (ION subsystem, Binder, USB driver, and networking). The issue could allow a local malicious app to access data outside its permission levels after compromising a privileged process. Affected products/versions...
CVE-2016-8410
CVE-2016-8410 is an information-disclosure vulnerability in the Qualcomm sound driver affecting Android devices. The issue could allow a local malicious application to access data outside its permission levels, and is rated Moderate because exploitation requires first compromising a privileged pr...
CVE-2016-8437
CVE-2016-8437 describes an improper input validation in Android’s Access Control APIs, with the kernel 3.18 memory range check potentially mishandled. Affected product: Android (Kernel 3.18). Official description notes a memory-range check issue but does not provide exploit paths or a concrete fi...
CVE-2016-8469
CVE-2016-8469 is an information-disclosure vulnerability in the Android camera driver affecting Kernel-3.10-based Android devices. The issue could allow a local malicious app to access data outside its permission levels by exploiting a privileged-process assumption; impact is data disclosure with...
CVE-2022-3624
CVE-2022-3624 affects the Linux kernel, specifically the function rlb_arp_xmit in drivers/net/bonding/bond_alb.c of the IPsec component. The issue is described as a memory leak due to a manipulation in rlb_arp_xmit. A patch is recommended to fix this vulnerability. The provided connected sources ...
CVE-2022-50107
CVE-2022-50107 concerns a Linux kernel vulnerability in the CIFS/fscache path where, if the index == next_cached case is hit, a refcount on the struct page could leak. The fix implemented is to switch to readahead_folio(), which manages the refcount automatically. Affected component: Linux kernel...
CVE-2023-53292
CVE-2023-53292 (Linux kernel) describes a NULL pointer dereference in blk_mq_elv_switch_none where q->elevator may become NULL after acquiring q->sysfs_lock; the fix guards the q->elevator dereference by checking it while holding the lock, preventing a crash/local denial of service. The ...
CVE-2024-52557
The CVE-2024-52557 entry concerns the Linux kernel DRM component zynqmp_dp: rate calculation overflow in zynqmp_dp_rate_get(). The issue arises when drm_dp_bw_code_to_link_rate(dp->test.bw_code) is multiplied by 10000 under 32-bit arithmetic, risking an integer overflow; the patch converts the...
CVE-2024-57927
CVE-2024-57927 relates to the Linux kernel’s NFS write-to-cache path. The root cause was that nfs_netfs_init_request() could be invoked with a NULL file pointer when netfslib copied freshly read data into a write request for the cache, causing an oops via nfs_file_open_context(). The fix prevents...
CVE-2025-38340
CVE-2025-38340: Linux kernel vulnerability in firmware: cs_dsp causing an OOB memory read in KUnit test due to source string length rounding up to allocation size. Reported by KASAN as out-of-bounds in cs_dsp_mock_bin_add_name_or_info(). Affects kernel components involved in firmware cs_dsp; root...
CVE-2025-38502
Technical details beyond the initial description are not provided in the connected documents; no explicit product/version, impact specifics, or remediation are present here. Monitor for updates.
CVE-2025-38512
Intel/summary (CVE-2025-38512) The Linux kernel patch for wifi A-MSDU spoofing in mesh networks fixes a vulnerability where an A‑MSDU could be incorrectly parsed as a standard MSDU. The mitigation detects this by parsing a received A‑MSDU as MSDU, computing the Mesh Control header length, and ver...
CVE-2025-38548
CVE-2025-38548 affects the Linux kernel hwmon driver for Corsair Corsair-CPro. The root cause is improper validation of the input buffer size received by the USB command path, allowing potential mismatches between the reported and actual buffer lengths. The fix, as documented in the connected Ast...
CVE-2025-38550
CVE-2025-38550 is a Linux kernel issue in ipv6 multicast handling. The root cause is delaying the release of the reference to pmc->idev in mld_del_delrec(), while pmc->idev is also used by ip6_mc_clear_src(). The fix (as stated) is to put the reference after ip6_mc_clear_src() returns. The ...
CVE-2025-38610
CVE-2025-38610 affects the Linux kernel powercap codebase, specifically the dtpm_cpu path. The vulnerability is caused by a NULL dereference in get_pd_power_uw() when em_cpu_get() returns NULL, which can occur if a CPU becomes unavailable at runtime and get_cpu_device() yields NULL, propagating t...
CVE-2025-39766
CVE-2025-39766 : In the Linux kernel, the net/sched cake_enqueue path was fixed to return NET_XMIT_CN when dropping packets due to a very small buffer_limit, preventing htb_enqueue from activating an empty child qdisc. The issue caused packet drops to be signaled as NET_XMIT_SUCCESS, leading to f...
CVE-2026-31405
CVE-2026-31405 : Linux kernel media/dvb-net vulnerability — OOB read in ULE extension header tables due to 255-element lookup arrays; bounds check added for htype to ensure out-of-range SNDU is discarded. This resolves a kernel-wide issue and is reflected in OSV advisories (e.g., Root: Debian 11/...
CVE-2005-3810
CVE-2005-3810 affects the Linux kernel 2.6.14 family (2.6.14 up to 2.6.14.3). The vulnerable component is ip_conntrack_proto_icmp.c in the ctnetlink module, where a lack of ICMP_ID information in an ICMP IPv4 message can cause a kernel oops, i.e., a NULL dereference leading to a denial of service...
CVE-2016-8450
CVE-2016-8450 is an elevation-of-privilege flaw in the Qualcomm sound driver affecting Android kernel space (Kernel-3.10). The NVD entry describes a local attacker compromising a privileged process to gain code execution in the kernel context. The vulnerability is tied to the Qualcomm sound drive...
CVE-2024-58000
CVE-2024-58000 affects the Linux kernel Io_uring reg-wait path. The root cause is speculative execution on a kernel array indexed by user input when using ENTER_EXT_ARG_REG, which could interpret an offset into a pre-mapped memory region as an argument. The documented fix is to prevent speculativ...
CVE-2025-38029
CVE-2025-38029 (Linux kernel) : The issue occurs in kasan when apply_to_pte_range enters lazy MMU mode and invokes kasan_populate_vmalloc_pte(), which can sleep while allocating a single page. This can crash in-context on certain arches (e.g., s390) when preemption is manipulated during lazy MMU ...
CVE-2025-38069
Technical details for CVE-2025-38069 are not provided in the connected documents. Monitor for updates from upstream advisories.
CVE-2025-38228
CVE-2025-38228: In the Linux kernel, a memory leak could occur in the media/imagination driver during e5010_probe(). The fix ensures memory allocated by video_device_alloc() is released if an error path is taken by adding video_device_release() in the failure handling path. This addresses leaked ...
CVE-2025-38301
CVE-2025-38301 affects the Linux kernel nvmem driver for zynqmp_nvmem; root cause: the driver expected a device pointer in context but nvmem_config.priv is never set, causing NULL pointer dereferences when accessing the device. A fix was committed to restore correct context handling (commit 29be4...
CVE-2025-38302
Technical details about CVE-2025-38302 are not publicly provided in the connected documents. The Linux kernel fix is described at a high level; no vendor/product/version mappings or exploit details are included here. Monitor for updates from vendors/security advisories.
CVE-2025-38318
CVE-2025-38318: In the Linux kernel, the perf/arm-ni driver missed a call path, missing platform_set_drvdata() in arm_ni_probe(), which caused platform_get_drvdata() to return NULL in remove. The SUSE advisory and OpenVAS references confirm this specific fix was applied to address the arm-ni PMU,...