13736 matches found
CVE-2026-22998
CVE-2026-22998 affects the Linux kernel’s NVMe over Fabrics NVMe-TCP path. The issue is a NULL pointer dereference in nvmet_tcp_build_pdu_iovec triggered by H2C_DATA PDUs when command data structures are uninitialized or partially initialized. Specifically, nvmet_tcp_handle_h2c_data_pdu() could p...
CVE-2018-10879
CVE-2018-10879 is a Linux kernel ext4 use-after-free vulnerability in ext4_xattr_set_entry. A local attacker can trigger a denial of service or other unspecified impact by renaming a file within a crafted ext4 image. The Connected documents corroborate the issue and list multiple advisories, but ...
CVE-2018-10883
The CVE-2018-10883 issue affects the Linux kernel ext4 implementation. A local attacker can cause an out-of-bounds write in jbd2_journal_dirty_metadata() by mounting and operating on a crafted ext4 filesystem image, leading to denial of service and potential system crash. Public sources (USN-3871...
CVE-2018-1130
CVE-2018-1130 is a Linux kernel vulnerability: a NULL pointer dereference in dccp_write_xmit() of net/dccp/output.c that can crash the system via crafted system calls, allowing local DoS. The Initial Description notes Linux kernel before 4.16-rc7 as vulnerable; connected advisories (Debian, CentO...
CVE-2018-15594
CVE-2018-15594 affects the Linux kernel arch/x86/paravirt.c, where mishandling of certain indirect calls weakens Spectre-v2 mitigations for paravirtual guests. The issue is addressed in kernel updates up to 4.18.1 (ChangeLog-4.18.1, commit 5800dc5c…). In practice, vulnerable systems running affec...
CVE-2019-16233
CVE-2019-16233 affects the Linux kernel, specifically drivers/scsi/qla2xxx/qla_os.c, where the alloc_workqueue return value is not checked, leading to a NULL pointer dereference. The Initial Description states this is a Linux kernel 5.2.14 issue. Connected documents corroborate the CVE entry and ...
CVE-2019-20810
CVE-2019-20810 affects the Linux kernel’s go7007 driver: go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c fails to call snd_card_free on a failure path, causing a memory leak (CID-9453264ef586). Public docs specify this vulnerability exists in kernels before 5.6. The described remediation...
CVE-2020-27673
CVE-2020-27673 is described in connected advisories as a Linux kernel race-condition bug in Xen event handling, permitting a guest (domU) to cause a denial of service or host hang in dom0 when exposed to high event rates. Affected scope: Linux kernel up to 5.9.1, used with Xen through 4.14.x. The...
CVE-2016-4997
CVE-2016-4997 affects the Linux kernel netfilter IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE handling in 32/64-bit compatibility paths prior to 4.6.3, enabling local privilege escalation or memory-corruption-based denial of service when a crafted offset is supplied via in-container root access. Ex...
CVE-2018-1087
CVE-2018-1087 describes a vulnerability in the Linux kernel KVM where exceptions delivered after a stack switch (via Mov SS or Pop SS) were not properly handled. The flaw could allow an unprivileged KVM guest user to crash the guest or potentially escalate privileges within the guest. The descrip...
CVE-2019-14898
CVE-2019-14898 refers to an incomplete fix for CVE-2019-11599 in the Linux kernel prior to 5.0.10. The issue allows a local attacker to trigger a race between mmget_not_zero() and get_task_mm(), which can lead to information disclosure, denial of service, or other unspecified impacts as described...
CVE-2019-15918
CVE-2019-15918 affects the Linux kernel prior to 5.0.10. The issue: SMB2_negotiate in fs/cifs/smb2pdu.c performs an out-of-bounds read due to data structures not being fully updated after downgrading SMB negotiation from smb30 to smb21. Impact stated in multiple advisories is a local vulnerabilit...
CVE-2022-3566
CVE-2022-3566 affects the Linux kernel TCP handler (tcp_getsockopt/tcp_setsockopt) with a race condition. The connected documents show multiple vendor/OS advisories (ALAS2KERNEL-5.15-2024-053, ALAS2KERNEL-5.4-2024-084, ALAS2KERNEL-5.10-2024-066, ALAS-2024-2622, ALAS2KERNEL-5.15-2024-053, ALAS2KER...
CVE-2024-53123
CVE-2024-53123 affects the Linux kernel and is tied to MPTCP: the issue stems from racing disconnect handling. After a blamed commit, sk_wait_data() can return with an error while the underlying socket is already disconnected and the receive window (rcv_mss) is zero. The result is a potential use...
CVE-2009-0065
CVE-2009-0065 affects the Linux kernel SCTP implementation: a buffer overflow in net/sctp/sm_statefuns.c allows a remote attacker to trigger an impact via a Forward-TSN chunk with a large stream ID on kernels before 2.6.28-git8. The vulnerability is described in multiple connected advisories (e.g...
CVE-2018-18281
CVE-2018-18281 is a Linux kernel local vulnerability due to a race in mremap() where TLB flushes can occur too late, potentially allowing a process to access memory after it has been freed. The issue stems from moving page tables during mremap(), where stale TLB entries may remain until after the...
CVE-2021-28964
CVE-2021-28964: A race condition in get_old_root() in fs/btrfs/ctree.c of the Linux kernel up to 5.11.8 can allow a local attacker to cause a denial of service by cloning an extent buffer without proper locking. Connected documents confirm the Btrfs race condition and DoS impact but do not provid...
CVE-2021-42008
The CVE-2021-42008 entry concerns the Linux kernel 6pack driver (drivers/net/hamradio/6pack.c). It describes a slab out-of-bounds write in decode_data up to kernel versions before 5.13.13, enabling a local attacker with CAP_NET_ADMIN to achieve root access. Connected documents corroborate the aff...
CVE-2021-45486
CVE-2021-45486 affects the Linux kernel IPv4 stack, specifically net/ipv4/route.c, where a very small hash table enables information leakage. The vulnerability arises from the hash table size and is documented to be addressed in Linux kernel 5.12.4 (ChangeLog-5.12.4). Public-connected materials (...
CVE-2022-4379
CVE-2022-4379 is a use-after-free vulnerability in the Linux kernel’s NFSv4.2 server path: __nfs42_ssc_open() in fs/nfs/nfs4file.c. The flaw can enable a remote denial of service. The connected Astra Linux advisory confirms the same issue applies to Linux kernel 5.x and notes remote denial of ser...
CVE-2023-6270
CVE-2023-6270 affects the Linux kernel AoE (ATA over Ethernet) driver. The flaw is in aoecmd_cfg_pkts(), which improperly updates the refcount of thestruct net_device, allowing a use-after-free when freeing the device and accessing it via the skbtxq queue. This can lead to a denial of service or ...
CVE-2018-10675
The CVE-2018-10675 issue affects the Linux kernel prior to 4.12.9, where the do_get_mempolicy function in mm/mempolicy.c allows a local attacker to trigger a use-after-free, leading to denial of service and potentially other impact. Affected versions include kernels compiled into Linux-based prod...
CVE-2019-15216
CVE-2019-15216 affects the Linux kernel prior to 5.0.14, with a NULL pointer dereference triggered by a malicious USB device in drivers/usb/misc/yurex.c. Exploitation could cause a denial of service; impact is indicated as HIGH for availability. A fix is available in kernel 5.0.14 and later. Reme...
CVE-2020-12652
CVE-2020-12652 concerns the Linux kernel. The issue is in the function "__mptctl_ioctl" in drivers/message/fusion/mptctl.c, where an operation may hold an incorrect lock during an ioctl, enabling a local race condition (double fetch). The vulnerability affects Linux kernels prior to 5.4.14. Explo...
CVE-2021-31440
CVE-2021-31440 affects the Linux kernel, with the vulnerability in the eBPF verifier: improper validation of user-supplied eBPF programs can allow a local attacker to escalate privileges and execute code in kernel context. The issue is rooted in the handling/verification of eBPF programs, leading...
CVE-2021-3847
CVE-2021-3847 describes a local privilege escalation in the Linux kernel OverlayFS subsystem. The flaw arises in the way a user copies a capable file from a nosuid mount to another mount, enabling unauthorized execution of setuid-capable files. The confirmed impact is that a local user can escala...
CVE-2022-2639
CVE-2022-2639 affects the Linux kernel openvswitch module. The root cause is an integer coercion error in reserve_sfa_size() that can fail to return -EMSGSIZE under heavy action counts, risking an out-of-bounds write and local privilege escalation or denial of service. Public details in connected...
CVE-2018-13053
CVE-2018-13053 affects the Linux kernel alarm_timer_nsleep path (kernel/time/alarmtimer.c) through 4.17.3, due to an integer overflow when handling large relative timeouts because ktime_add_safe is not used. This is confirmed by multiple connected advisories (e.g., F5 security advisory summarizin...
CVE-2019-15218
CVE-2019-15218: Linux kernel before 5.1.8 contains a NULL pointer dereference in drivers/media/usb/siano/smsusb.c triggered by a malicious USB device. Affected is the Linux kernel version range up to 5.1.7; exploitation could lead to a crash or denial of service on affected systems. Remediation i...
CVE-2019-18814
CVE-2019-18814 affects the Linux kernel up to version 5.3.9. The vulnerability is a use-after-free in aa_label_parse() when it fails inside aa_audit_rule_init() in security/apparmor/audit.c. The issue can lead to memory corruption via use-after-free, with potential impact to confidentiality, inte...
CVE-2021-34556
CVE-2021-34556 affects the Linux kernel up to 5.13.7. An unprivileged eBPF (BPF) program can leak sensitive kernel memory via a Speculative Store Bypass side-channel, because the protection mechanism did not account for uninitialized memory on the BPF stack. The root cause is information disclosu...
CVE-2024-53051
CVE-2024-53051 is addressed in the Linux kernel's DRM/I915 driver: a change to intel_hdcp_get_capability adds an encoder check to avoid a NULL pointer dereference when an encoder isn’t initialized during hotplug or suspend/resume. This is the stated fix in connected documentation (drm/i915/hdcp: ...
CVE-2019-15924
CVE-2019-15924 : The issue is in the Linux kernel before 5.0.11, where fm10k_init_module in drivers/net/ethernet/intel/fm10k/fm10k_main.c can dereference NULL when an alloc_workqueue failure occurs due to missing -ENOMEM handling. This can lead to a crash or potential denial of service on affecte...
CVE-2022-0480
CVE-2022-0480 is a Linux kernel vulnerability in filelock_init (fs/locks.c) where memory exhaustion can occur because memcg does not limit the number of POSIX file locks. Connected documents confirm the issue across multiple Linux distributions (Astra Linux, AlmaLinux, IBM Power PowerVM advisory)...
CVE-2020-36386
The CVE-2020-36386 vulnerability affects the Linux kernel prior to 5.8.1 and is located in net/bluetooth/hci_event.c (hci_extended_inquiry_result_evt). A slab-out-of-bounds read in this function could disclose information or contribute to a DoS condition. Exploitation requires local access (AV:L,...
CVE-2018-18559
CVE-2018-18559 affects the Linux kernel up to 4.19, caused by a use-after-free in a race between fanout_add from setsockopt and bind on AF_PACKET sockets. The issue stems from an incomplete fix (15fe076...) and a multithreaded sequence where a packet_do_bind unregister action followed by a packet...
CVE-2023-0590
CVE-2023-0590: A use-after-free in qdisc_graft (net/sched/sch_api.c) due to a race condition in the Linux kernel can lead to denial of service. The issue is noted in multiple public bulletins (e.g., Astra Linux and IBM QRadar) referencing the same kernel component, with remediation via patch ebda...
CVE-2018-8822
The CVE-2018-8822 issue affects the Linux kernel, specifically the ncp_read_kernel handling in fs/ncpfs/ncplib_kernel.c and the corresponding code in drivers/staging/ncpfs/ncplib_kernel.c. The root cause is incorrect buffer length handling, reported for Linux kernel versions up to 4.15.11 and for...
CVE-2019-19074
The CVE-2019-19074 entry describes a memory leak in the ath9k_wmi_cmd() function (drivers/net/wireless/ath/ath9k/wmi.c) of the Linux kernel up to version 5.3.11, which can be exploited to cause a denial of service via memory consumption. Root cause is a leak within ath9k_wmi_cmd() that enables me...
CVE-2021-41073
The CVE-2021-41073 issue affects the Linux kernel (affected versions 5.10 to 5.14.6) where loop_rw_iter in fs/io_uring.c can be abused via IORING_OP_PROVIDE_BUFFERS to trigger a use-after-free of a kernel buffer, enabling local privilege escalation. Exploitation relies on reading /proc//maps and ...
CVE-2022-2153
CVE-2022-2153 is a vulnerability in the Linux kernel’s KVM related to setting a SynIC IRQ. The issue allows a misbehaving VMM to write to SYNIC/STIMER MSRs, which can cause a NULL pointer dereference and a kernel oops, enabling an unprivileged local attacker on the host to trigger a denial of ser...
CVE-2023-1073
CVE-2023-1073 is a memory corruption flaw in the Linux kernel HID subsystem triggered by inserting a malicious USB device. The impact is local: a nearby user can crash the system or potentially escalate privileges. Public documents confirm the issue is tracked across multiple advisories (e.g., AL...
CVE-2017-1000252
CVE-2017-1000252 : The Linux kernel KVM subsystem (arch/x86/kvm/vmx.c and virt/kvm/eventfd.c) is vulnerable to a denial of service caused by an out-of-bounds guest_irq value. The issue allows a local guest OS user to trigger an assertion failure, leading to a hypervisor hang or crash. The descrip...
CVE-2024-36905
Mode C: The connected Broadcom advisory lists CVE-2024-36905 as not affected for Brocade Fabric OS before 10.0.0, with inline mitigations already in place. No other connected document provides concrete product/version details for this CVE beyond that note. Therefore, no active vulnerability detai...
CVE-2018-20854
CVE-2018-20854 affects the Linux kernel up to version 4.20, where an off-by-one error in drivers/phy/mscc/phy-ocelot-serdes.c can cause a ctrl->phys out-of-bounds read. The issue is rooted in a boundary condition in that SerDes driver, leading to potential information disclosure or instability...
CVE-2020-12114
CVE-2020-12114 describes a local, pivot_root race condition in the Linux kernel’s fs/namespace.c that can allow a local user to trigger a denial of service (panic) by corrupting a mountpoint reference counter. The initial description lists affected kernel branches and versions where the issue exi...
CVE-2020-25670
CVE-2020-25670 is a Linux kernel vulnerability affecting the NFC LLCP protocol implementation. The issue is a refcount leak in llcp_sock_bind() that can cause a use-after-free, with the potential for privilege escalation. The connected documents confirm the vulnerability and its association with ...
CVE-2017-6214
CVE-2017-6214 affects the Linux kernel TCP splice/tcp_splice_read handling of urgent data (URG flag). The vulnerability can cause a denial of service via an infinite loop/soft lockup in the kernel when processing certain TCP packets. Affected are Linux kernels older than 4.9.11; patching to 4.9.1...
CVE-2019-19449
CVE-2019-19449 affects the Linux kernel (5.0.21) where mounting a crafted f2fs filesystem image can trigger a slab-out-of-bounds read in ft2fs_build_segment_manager (fs/f2fs/segment.c). The root cause is an unvalidated second argument to get_seg_entry when computing init_min_max_mtime in fs/f2fs/...
CVE-2021-38166
CVE-2021-38166 affects the Linux kernel (bpf/hashtab.c) up to 5.13.8. An integer overflow can cause an out-of-bounds write when many elements occupy a single bucket, potentially enabling local denial-of-service or arbitrary-code execution. Exploitation is mitigated by CAP_SYS_ADMIN requirements; ...