14330 matches found
CVE-2025-38438
CVE-2025-38438 – Linux kernel ASoC: SOF: Intel: hda: devm_kstrdup() used to prevent memleak. The issue arises in sof_pdata->tplg_filename where memory allocated by kstrdup() could be overwritten, creating a memory leak detected by kmemleak. The vulnerability is specific to the SOF Intel HDA dr...
CVE-2025-38469
Technical details for CVE-2025-38469 are not publicly provided in the supplied documents; monitor for updates.
CVE-2025-38512
Intel/summary (CVE-2025-38512) The Linux kernel patch for wifi A-MSDU spoofing in mesh networks fixes a vulnerability where an A‑MSDU could be incorrectly parsed as a standard MSDU. The mitigation detects this by parsing a received A‑MSDU as MSDU, computing the Mesh Control header length, and ver...
CVE-2025-38528
CVE-2025-38528: In the Linux kernel, a BPF format-string handling flaw in bpf_bprintf_prepare could fail to reject a crafted %\x00 sequence, allowing a runtime kernel warning when a BPF program uses %p% (as shown by the example). A patch fixes this by ensuring punctuation isn’t skipped during pro...
CVE-2025-38543
CVE-2025-38543 is a Linux kernel vulnerability affecting the drm/tegra nvdec path. The root cause is a missing NULL check after dma_alloc_coherent, resolved by aligning with Robin's fix for vic.c (DMA API misuse). The impact, per the entry, is a HIGH availability impact with no confidentiality or...
CVE-2025-38566
CVE-2025-38566 affects the Linux kernel sunrpc tls alert handling in NFS over TLS. The root cause is the kTLS/read path interaction with TLS control messages and TLS alert payloads, where mis-splitting control message data can lead to incorrect processing and potential exploitation. The connected...
CVE-2025-38604
CVE-2025-38604 affects the Linux kernel RTL8187 family via a race in rtl8187_stop() where usb_kill_anchored_urbs() must be invoked before clearing b_tx_status.queue to avoid callbacks using freed skbs. The upstream fix changes the sequence to kill URBs prior to freeing the tx-status skb, addressi...
CVE-2026-31705
The CVE-2026-31705 issue affects the ksmbd component of the Linux kernel, where an out-of-bounds write occurs in smb2_get_ea() during EA alignment padding. After writing each EA entry, a 4-byte alignment padding is applied with memset() unconditionally, potentially overwriting adjacent kernel hea...
CVE-2026-45972
The CVE-2026-45972 issue affects the Linux kernel SMB client, specifically smb2_open_file(), where improper handling could lead to memory corruption (UAF) or a double free during SMB2_open() retries. The fixed description states that zeroing err_iov and err_buftype before retrying SMB2_open() pre...
CVE-2026-46206
The CVE-2026-46206 issue affects the Linux kernel’s batman-adv implementation, where the tp_meter component could start new sender or receiver sessions after mesh_state had exited BATADV_MESH_ACTIVE during teardown. The vulnerability stems from improper state management in batman-adv/tp_meter, po...
CVE-2026-46322
The CVE relates to the Linux kernel tun driver vulnerability CVE-2026-46322. When build_skb() fails inside tun_xdp_one(), the function returns -ENOMEM without freeing the allocated page for the frame, causing a memory leak of one page-frag chunk per failed build_skb() in a batch. The root cause i...
CVE-2007-5087
The CVE-2007-5087 issue affects the Linux kernel ATM module prior to 2.4.35.3 with CLIP support enabled. Reading /proc/net/atm/arp before the CLIP module is loaded can cause a denial-of-service (kernel panic) for local users. The vulnerability is documented in multiple sources (NVD/SUSE/Red Hat) ...
CVE-2008-3686
The CVE-2008-3686 entry concerns Linux kernel 2.6.26-rc4 and 2.6.26.x where the rt6_fill_node function in net/ipv6/route.c is vulnerable. Local users can trigger a denial of service (kernel OOPS) by sending IPv6 requests when no IPv6 input device is in use, causing a NULL pointer dereference. The...
CVE-2016-10284
CVE-2016-10284 is a vulnerability in the Qualcomm video driver that enables an elevated-privilege path: a local, privileged process could be exploited by a malicious local app to run arbitrary code in the kernel context on Android devices. The issue affects Android kernel versions 3.10 and 3.18, ...
CVE-2016-6162
CVE-2016-6162 affects the Linux kernel file net/core/skbuff.c (kernel 4.7-rc6). The issue allows local users to trigger a denial of service (kernel panic) or potentially other unspecified impact through certain IPv6 socket operations. Multiple advisories (SUse, Red Hat, Debian, Ubuntu OSV, CNVD, ...
CVE-2016-6757
CVE-2016-6757 describes an information-disclosure vulnerability affecting Qualcomm components used in Android devices, specifically the camera driver and video driver. The issue could allow a local malicious application to access data beyond its permissions after compromising a privileged process...
CVE-2016-8416
The CVE-2016-8416 entry concerns an information-disclosure vulnerability in the Qualcomm video driver on Android (kernel 3.18). A local malicious application could access data outside its permissions due to the driver’s handling, with impact described as data disclosure and requiring a privileged...
CVE-2016-8441
CVE-2016-8441 : Possible buffer overflow in the Android hypervisor due to inappropriate use of a static array in Kernel 3.18. Impact: local code execution with high severity (CVSS2 7.2, CVSS3 7.8). Connected documents confirm product/versions but do not provide a concrete patch/remediation detail...
CVE-2016-8483
CVE-2016-8483 describes an information-disclosure vulnerability in the Qualcomm power driver used by Android on Kernel-3.10. A locally installed, malicious app could access data outside its permission levels due to a flaw in the Qualcomm power driver component. The issue is categorized as High ri...
CVE-2017-0536
CVE-2017-0536 concerns an information-disclosure flaw in the Synaptics touchscreen driver on Android, affecting Kernel-3.10 and Kernel-3.18. The vulnerability could let a local malicious process access data outside its privileges, requiring compromise of a privileged process. Publicly disclosed d...
CVE-2017-0580
CVE-2017-0580 is an elevation-of-privilege flaw in the Synaptics Touchscreen driver within Android’s kernel (3.18). A local malicious process could exploit the driver to run arbitrary code in kernel context. The issue is described as High severity, contingent on compromising a privileged process ...
CVE-2017-0629
CVE-2017-0629 is an information-disclosure vulnerability in the Qualcomm camera driver for Android, enabling a local malicious app to access data outside its permissions after compromising a privileged process. Affected: Android kernels 3.10/3.18 (Qualcomm camera driver). Base impact: partial con...
CVE-2022-3624
CVE-2022-3624 affects the Linux kernel, specifically the function rlb_arp_xmit in drivers/net/bonding/bond_alb.c of the IPsec component. The issue is described as a memory leak due to a manipulation in rlb_arp_xmit. A patch is recommended to fix this vulnerability. The provided connected sources ...
CVE-2023-53292
CVE-2023-53292 (Linux kernel) describes a NULL pointer dereference in blk_mq_elv_switch_none where q->elevator may become NULL after acquiring q->sysfs_lock; the fix guards the q->elevator dereference by checking it while holding the lock, preventing a crash/local denial of service. The ...
CVE-2024-58065
The CVE-2024-58065 issue concerns the Linux kernel component clk: mmp: pxa1908-apbc. Root cause: the NULL vs IS_ERR() check was incorrect because devm_kzalloc() returns NULL on error, not an error pointer. Die to this, a NULL check fix was applied to properly distinguish allocation failures. The ...
CVE-2025-38156
CVE-2025-38156 is a Linux kernel vulnerability affecting the mt76 wifi driver and specifically the mt7996_mmio_wed_init() path. The root cause is that devm_ioremap() may return NULL on error and mt7996_mmio_wed_init() did not check for this, causing a NULL pointer dereference. Affected: Linux ker...
CVE-2025-38172
CVE-2025-38172 refers to a Linux kernel vulnerability in the erofs filesystem driver where a device-type mismatch between primary and extra devices can trigger a use-after-free (UAF). The root cause, as described in the advisory, is that when the primary device is a block device and the extra dev...
CVE-2025-38255
CVE-2025-38255 : In the Linux kernel, a NULL pointer dereference can occur in lib/group_cpus when group_cpus_evenly() is called with numgrps == 0. The root cause is that kcalloc() returns ZERO_SIZE_PTR and subsequent dereference leads to a panic during blk_mq_map_queues/nulL_map_queues. The conne...
CVE-2025-38340
CVE-2025-38340: Linux kernel vulnerability in firmware: cs_dsp causing an OOB memory read in KUnit test due to source string length rounding up to allocation size. Reported by KASAN as out-of-bounds in cs_dsp_mock_bin_add_name_or_info(). Affects kernel components involved in firmware cs_dsp; root...
CVE-2025-38359
CVE-2025-38359 affects the Linux kernel on s390/x architectures. The issue is a fix in in_atomic() handling in do_secure_storage_access() where kernel user-space accesses to not-exported pages in atomic context can trigger a page fault handling path. The described impact involves a potential slee...
CVE-2025-38513
CVE-2025-38513 : Linux kernel WiFi zd1211rw driver fix for a potential NULL pointer dereference in zd_mac_tx_to_dev(). The patch adds a NULL check before calling zd_mac_tx_status() to handle the race where skb = __skb_dequeue(q) can return NULL after the distance between queue-length checks and d...
CVE-2025-38582
CVE-2025-38582 affects the Linux kernel RDMA/hns (hns_roce) stack. The root cause is a double destruction of rsv_qp: free_mr_init() can run twice (once in free_mr_init() during error flow and again in hns_roce_exit()), leading to LIST_POISON1 corruption in the qP destroy path. The fix moves the f...
CVE-2025-38588
CVE-2025-38588 affects the Linux kernel IPv6 path: an infinite loop in rt6_nlmsg_size() due to list_del_rcu() interactions with rt6_nh structures, potentially causing denial of service. The patch reworks the loop by restarting when f6i->fib6_nsiblings is zero, and kernel live patches/advisorie...
CVE-2025-38590
CVE-2025-38590 is a Linux kernel vulnerability in the Mellanox mlx5e path. The issue occurs when a hardware decrypted packet’s xfrm state is not found in an xarray, leaving the skb secpath (sp) extension intact. Downstream code may dereference an invalid secpath, causing a crash in __xfrm_policy_...
CVE-2025-38614
The CVE-2025-38614 entry describes a Linux kernel vulnerability in eventpoll where recursion depth in ep_loop_check_proc() could form deep trees and trigger semi-unbounded recursion. The root cause involved two shortcomings: (1) the depth checks did not consider upward paths, and (2) multiple dow...
CVE-2025-38616
CVE-2025-38616 (Linux kernel TLS ULP issue) affects the kernel TLS path handling data that may disappear from under the TLS ULP when the socket reader predated TLS installation or uses non-standard read APIs. The bug could lead to an out-of-bounds read or TLS state corruption if data is partially...
CVE-2026-23240
In CVE-2026-23240, the Linux kernel fixed a race condition in TLS handling where cancel_delayed_work_sync() used during tls_sk_proto_close() could allow tls_sw_cancel_work_tx() to schedule tx_work_handler() after the TLS object was freed. The root cause involved potential scheduling from paths li...
CVE-2026-23416
The CVE-2026-23416 issue affects the Linux kernel (mm/mseal) where vm_area_struct end handling could become stale during VMA merges. The root cause is curr_end not staying in sync when a VMA is updated via vma_modify_flags(), leading to an incorrect curr_start on the next iteration. The fix uncon...
CVE-2026-31636
Summary: CVE-2026-31636 affects the Linux kernel rxrpc subsystem. The root cause is in rxgk_verify_authenticator(), which copies auth_len into a temporary buffer and then uses p + auth_len as the parser limit. Because p is a __be32*, this inflates the parser end pointer by four, enabling a slab-o...
CVE-2026-43383
CVE-2026-43383 affects the Linux kernel’s TCP MD5 signature handling. The root cause is a non-constant-time MAC comparison, enabling potential timing attacks. The vulnerability is addressed by changing the MAC comparison to a constant-time implementation using the appropriate helper function. The...
CVE-2012-0058
The CVE-2012-0058 issue affects the Linux kernel up to version 3.2.2, in the kiocb_batch_free function of fs/aio.c, caused by incorrect iocb management. It allows local attackers to cause a denial of service (OOPS). Impact is confined to local execution, with availability as the primary effect de...
CVE-2016-10290
CVE-2016-10290 is an elevation-of-privilege issue in the Qualcomm Shared Memory Driver used on Android. The vulnerability could allow a local malicious application to execute arbitrary code in the kernel context by exploiting the shared memory driver. The entry specifies that exploitation is loca...
CVE-2016-10294
CVE-2016-10294 describes a local information-disclosure vulnerability in the Qualcomm power driver used in Android. The issue could allow a local malicious application to access data outside its permission levels by exploiting the Qualcomm power driver in affected Android kernels (Kernel-3.10 and...
CVE-2016-6785
CVE-2016-6785 is described across multiple sources as an elevation of privilege vulnerability in the MediaTek driver on Android, enabling a (local) attacker to execute arbitrary code in the context of the kernel. The documented impact is a kernel-level compromise that requires a privileged proces...
CVE-2016-8392
CVE-2016-8392 is a local privilege-escalation in the Qualcomm sound driver affecting Android devices (Nexus 5X/6/6P, Android One, Pixel/Pixel XL) via the kernel context. The vulnerability could let a malicious local app execute arbitrary code in the kernel after compromising a privileged process....
CVE-2016-8426
CVE-2016-8426 affects the NVIDIA GPU driver on Android (kernel-3.10). It is an elevation-of-privilege vulnerability that could let a local malicious app execute arbitrary code in kernel context, potentially causing a local permanent device compromise. The NVD entry cites CVSSv3: LOCAL access, hig...
CVE-2022-50107
CVE-2022-50107 concerns a Linux kernel vulnerability in the CIFS/fscache path where, if the index == next_cached case is hit, a refcount on the struct page could leak. The fix implemented is to switch to readahead_folio(), which manages the refcount automatically. Affected component: Linux kernel...
CVE-2023-20677
The CVE-2023-20677 issue affects the wlan component in MediaTek-based devices, caused by a missing bounds check leading to an out-of-bounds read. Impact is local information disclosure with SYSTEM-level execution privileges required, and exploitation reportedly does not require user interaction. ...
CVE-2023-53248
CVE-2023-53248 affects the Linux kernel DRM/AMDGPU subsystem. The fix installs a stub fence into potentially unused page-table update fences instead of NULL to avoid NULL dereferences when dma_fence_wait() is called on those pointers during CPU-based page-table updates. This targets the scenario ...
CVE-2024-52557
The CVE-2024-52557 entry concerns the Linux kernel DRM component zynqmp_dp: rate calculation overflow in zynqmp_dp_rate_get(). The issue arises when drm_dp_bw_code_to_link_rate(dp->test.bw_code) is multiplied by 10000 under 32-bit arithmetic, risking an integer overflow; the patch converts the...