CVE-2015-1805

CVE-2015-1805 covers a local elevation/DoS flaw in the Linux kernel where the pipe_read/pipe_write paths in fs/pipe.c mishandle side effects from failed __copy_to_user_inatomic and __copy_from_user_inatomic calls. The issue permits a local user to crash the system or potentially gain privileges v...

CVE-2019-19338

CVE-2019-19338 describes a flaw in the Linux kernel related to the handling of TAA/MDS interactions in TSX-enabled cascaded environments, affecting guests on Cascade Lake hosts with TSX enabled and a host-side fix for CVE-2019-11135 in kernels prior to 5.5. The Connected documents confirm affecte...

CVE-2021-38208

The CVE-2021-38208 entry affects the Linux kernel NFC LLCP path: net/nfc/llcp_sock.c before 5.12.10. A local unprivileged user can trigger a denial of service (NULL pointer dereference and BUG) by performing getsockname after a failed bind. This is a local-privilege scenario with a direct impact ...

CVE-2022-2663

CVE-2022-2663 is a Linux kernel issue in nf_conntrack_irc where message handling can be confused, causing incorrect matching and potentially allowing a firewall bypass when users operate with unencrypted IRC with nf_conntrack_irc enabled. The primary affected component is nf_conntrack_irc within ...

CVE-2022-3640

CVE-2022-3640 is a Linux Kernel issue affecting the Bluetooth layer. The vulnerability stems from a use-after-free in the l2cap_conn_del function in net/bluetooth/l2cap_core.c. The Astra Linux bulletin confirms the same flaw and notes affected kernel lines (linux-5.10, linux-5.15), indicating the...

CVE-2022-49552

CVE-2022-49552 affects the Linux kernel. The issue arises in the BPF JIT blinding logic where ld_imm64 addresses to subprogs are misidentified as normal instructions, causing a page fault in kernel mode. The root cause is the two-phase JIT process for subprogs; the first phase blinds and the seco...

CVE-2023-6610

CVE-2023-6610 is an out-of-bounds read in Linux kernel’s smb2_dump_detail() (fs/smb/client/smb2ops.c). The vulnerability can allow a local attacker to crash the kernel or leak internal kernel information. Connected advisories (e.g., MiracleLinux/Tencent/Tenable Nessus entries) confirm the issue a...

CVE-2024-26934

CVE-2024-26934: Linux kernel USB core deadlock in usb_deauthorize_interface() when sysfs attribute callbacks hold a parent device lock. Affected: drivers/usb/core/sysfs.c (interface_authorized_store) acquiring parent device lock; fix uses sysfs_break_active_protection() to avoid waiting for the c...

CVE-2017-15115

CVE-2017-15115: Linux kernel prior to 4.14 allows local users to trigger a denial of service (use-after-free in sctp_do_peeloff in net/sctp/socket.c) via crafted system calls. Impact is system crash; no explicit exploit details provided in the documents beyond this. The IBM bulletin references th...

CVE-2019-16413

CVE-2019-16413 : Affects the Linux kernel prior to 5.0.4 where the 9p filesystem does not properly protect i_size_write(), causing i_size_read() to loop indefinitely and trigger a denial of service on SMP systems. The public evidence ties this to a kernel patch in ChangeLog-5.0.4 and the commit r...

CVE-2019-19922

CVE-2019-19922 affects the Linux kernel sched subsystem (kernel/sched/fair.c) and is triggered when cpu.cfs_quota_us is in use (e.g., with Kubernetes). The issue allows a local attacker to cause a denial of service for non–CPU-bound applications by generating work that triggers slice expiration, ...

CVE-2020-27815

CVE-2020-27815 is a vulnerability in the Linux kernel JFS filesystem code allowing a local attacker who can set extended attributes to trigger a system panic, memory corruption, or privilege escalation. Publicly documented impact: confidentiality, integrity, and availability may be affected. The ...

CVE-2018-6927

CVE-2018-6927 concerns the Linux kernel futex_requeue implementation in kernel/futex.c. Multiple connected documents confirm a flaw where triggering a negative wake or requeue value can cause a denial of service via an integer overflow. Affected are kernel versions prior to 4.14.15 (and related u...

CVE-2019-15925

CVE-2019-15925 : The Linux kernel (before 5.2.3) contains an out-of-bounds access in hclge_tm_schd_mode_vnet_base_cfg (drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_tm.c). This affects kernels prior to 5.2.3; patch and changelog are available in ChangeLog-5.2.3. Public references include kerne...

CVE-2021-29265

CVE-2021-29265 affects the Linux kernel prior to 5.11.7. The vulnerability is in the usbip_sockfd_store function (drivers/usb/usbip/stub_dev.c) where the stub-up sequence has race conditions during updates of local and shared status, enabling a local attacker to trigger a denial of service (kerne...

CVE-2021-35477

The CVE-2021-35477 vulnerability affects the Linux kernel (through 5.13.7): an unprivileged BPF program can read sensitive kernel memory via a Speculative Store Bypass side-channel due to a preempting store not reliably ordering before an attacker-controlled store. The issue is rooted in the eBPF...

CVE-2022-42719

Summary of CVE-2022-42719 : A use-after-free in the mac80211 wireless stack when parsing a multi-BSSID element in the Linux kernel (versions 5.2–5.19.14) could allow a remote attacker who can inject WLAN frames to crash the kernel and potentially execute code. The vulnerability impacts the Linux ...

CVE-2018-1066

CVE-2018-1066 affects the Linux kernel prior to 4.11, where a NULL pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() can cause a kernel panic on clients mounting a CIFS server, due to mishandling of an empty TargetInfo field in NTLMSSP during session recovery. Connected documents co...

CVE-2022-28893

CVE-2022-28893 is a Linux kernel SUNRPC issue fixed in later kernels when the xs_xprt_free path runs before sockets reach the intended state, enabling kernel memory corruption via a use-after-free (UAF) condition in the inet_put_port flow. Public documentation confirms the root cause and that exp...

CVE-2023-35788

CVE-2023-35788 : In the Linux kernel, the function fl_set_geneve_opt in net/sched/cls_flower.c prior to 6.3.7 contains an out-of-bounds write in the flower classifier when processing packets with TCA_FLOWER_KEY_ENC_OPTS_GENEVE. This can lead to denial of service or privilege escalation. Affected ...

CVE-2023-39198

CVE-2023-39198 describes a race condition in the Linux kernel’s QXL driver. The qxl_mode_dumb_create() path dereferences the qxl_gem_object_create_with_handle() result while the handle is the sole reference, enabling a caller to guess the handle value and trigger a use-after-free. This can lead t...

CVE-2019-12817

CVE-2019-12817 affects the PowerPC Linux kernel: a bug in arch/powerpc/mm/mmu_context_book3s64.c before 5.1.15 can allow unrelated processes to read/write each other’s memory via an mmap above 512 TB on a subset of PowerPC systems. The issue is limited to those platforms; impact is memory confide...

CVE-2024-43908

The CVE-2024-43908 issue is confirmed in the Linux kernel’s DRM/AMDGPU code: a null pointer dereference in ras_manager that can arise when ras_manager is consulted. The published fix is to check ras_manager before using it, preventing dereference of a null pointer. The connected Nessus advisories...

CVE-2018-15471

CVE-2018-15471 affects the Linux kernel Xen netback driver: the xenvif_set_hash_mapping function in drivers/net/xen-netback/hash.c handles request queue mapping with insufficient input validation (e.g., for integer overflow), causing out-of-bounds memory access. This can allow a malicious or bugg...

CVE-2018-20961

CVE-2018-20961 affects the Linux kernel prior to 4.16.4. It is a double-free in the f_midi_set_alt function of drivers/usb/gadget/function/f_midi.c (f_midi driver) that may allow a denial of service or potentially other impacts. Affected versions are Linux kernel before 4.16.4; remediation is pro...

CVE-2020-11669

CVE-2020-11669 affects the Linux kernel before 5.2 on the powerpc platform. The issue is in arch/powerpc/kernel/idle_book3s.S where save/restore for PNV_POWERSAVE_AMR, PNV_POWERSAVE_UAMOR, and PNV_POWERSAVE_AMOR is missing (CID-53a712bae5dd). This can impact availability (per CVSS 3.1: Availabili...

CVE-2016-10906

CVE-2016-10906 affects the Linux kernel’s arc_emac_main.c (drivers/net/ethernet/arc) with a use-after-free caused by a race between arc_emac_tx and arc_emac_tx_clean. The issue occurs in kernels prior to 4.5, enabling local attackers to exploit the race and potentially compromise kernel memory. T...

CVE-2017-17807

CVE-2017-17807 : Linux kernel KEYS subsystem vulnerability where the request_key() path can bypass access control when adding a key to the current task’s default request-key keyring. An unpatched kernel (pre-4.14.6) could allow a local attacker to craft a sequence of system calls to insert keys i...

CVE-2020-25668

CVE-2020-25668 is a Linux kernel vulnerability in the TTY subsystem (con_font_op) caused by unsynchronized access to fg_console, leading to a use-after-free. According to Debian, this can cause a crash or memory corruption and may enable privilege escalation; CloudLinux notes a fix was applied in...

CVE-2021-28952

CVE-2021-28952 concerns a buffer overflow in the Linux kernel’s sound/soc/qcom/sdm845.c soundwire driver when an unexpected port ID is encountered. Affected: Linux kernel 5.11.8 and earlier (through 5.11.x); root cause: buffer overflow in the driver. Impact described in sources as potentially ena...

CVE-2021-31829

CVE-2021-31829 affects the Linux kernel’s eBPF verifier (kernel/bpf/verifier.c) and describes speculative-load handling that could leak kernel memory via side-channels. The Initial document notes the flaw up to kernel 5.12.1 and references remediation through patched kernels; Connected documents ...

CVE-2022-45869

CVE-2022-45869 is a Linux kernel issue describing a race condition in the x86 KVM subsystem that can be triggered when nested virtualization and the TDP MMU are enabled. The vulnerability affects the Linux kernel up to version 6.1-rc6 as described in the Astra Linux security bulletin, which mirro...

CVE-2023-52429

CVE-2023-52429 affects the Linux kernel driver path drivers/md/dm-table.c. The issue arises in dm_table_create’s alloc_targets path where, due to a missing check for struct dm_ioctl.target_count, it can allocate more than INT_MAX bytes and crash. Public sources in connected Nessus plugins confirm...

CVE-2024-43909

Technical details about CVE-2024-43909 (AMDGPU SMU7 null pointer dereference) are not provided in the connected documents. The initial description notes a fix but lacks vendor/product/version specifics or remediation steps beyond general description. Monitor for updates.

CVE-2017-18551

CVE-2017-18551 : The Linux kernel contains an out-of-bounds write in drivers/i2c/i2c-core-smbus.c, specifically in the function i2c_smbus_xfer_emulated, affecting kernels prior to 4.14.15. The vulnerability can enable local attacker privilege/escalation due to memory corruption. Remediation is to...

CVE-2018-20784

CVE-2018-20784 affects the Linux kernel prior to 4.20.2, where kernel/sched/fair.c mishandles leaf cfs_rq’s, allowing a denial of service via an infinite loop in update_blocked_averages and potentially other impact from induced high load. The publicly documented fix is in kernel version 4.20.2 (C...

CVE-2022-3524

CVE-2022-3524 affects the Linux kernel IPv6 Handler’s ipv6_renew_options, causing a memory leak. The vulnerability can be triggered remotely per some sources; a patch is available and applies to mitigate the issue. Review the Linux kernel patches referenced in the CVE details and apply the approp...

CVE-2022-39188

CVE-2022-39188 describes a race in include/asm-generic/tlb.h in the Linux kernel up to version 5.18/5.19 where unmap_mapping_range races with munmap for VM_PFNMAP VMAs can free a page still holding stale TLB entries. This can cause a page to be freed while TLBs still cache old mappings, potential...

CVE-2022-4543

CVE-2022-4543, described as EntryBleed, is a Linux kernel vulnerability in the Page Table Isolation (KPTI) path that could allow a local attacker to leak the KASLR base address via prefetch side-channels based on TLB timing on Intel CPUs. The connected sources confirm the issue’s existence and it...

CVE-2023-31084

The CVE-2023-31084 issue affects Linux kernel 6.2 in drivers/media/dvb-core/dvb_frontend.c. The root cause is a blocking operation when a task is not TASK_RUNNING: in dvb_frontend_get_event wait_event_interruptible checks dvb_frontend_test_event(fepriv, events) and, if false, down(&fepriv->sem...

CVE-2019-15212

CVE-2019-15212 describes a vulnerability in the Linux kernel prior to 5.1.8 where a malicious USB device can trigger a double-free in drivers/usb/misc/rio500.c. This is a local/physical-access issue with potential impact to availability as per CVSS metrics shown. The connected Unity Nessus adviso...

CVE-2022-3594

CVE-2022-3594 is a Linux kernel vulnerability in the BPF component: the intr_callback in drivers/net/usb/r8152.c can cause logging of excessive data. It is exploitable remotely as described; a patch/update is recommended. Connected advisories (Astra Linux, Amazon Linux livepatch) mirror these det...

CVE-2023-0179

CVE-2023-0179 is a Linux kernel Netfilter vulnerability involving a buffer overflow in the NFT payload path that could leak stack/heap addresses and enable local privilege escalation via arbitrary code execution. Connected advisories confirm a fix in the Linux kernel: Astra Linux describes correc...

CVE-2023-33951

The CVE-2023-33951 entry affects the vmwgfx driver in the Linux kernel, where a race condition in handling GEM objects due to improper locking can lead to information disclosure in kernel context. Connected advisories (MiracleLinux AXSA-2023-7038/AXSA:2023-7038:31) explicitly reference a vmwgfx i...

CVE-2017-18344

CVE-2017-18344 affects the Linux kernel before 4.14.8. The timer_create syscall in kernel/time/posix-timers.c fails to validate sigevent->sigev_notify, causing out-of-bounds access in show_timer when /proc/$PID/timers is read and enabling a local user to read arbitrary kernel memory on builds ...

CVE-2017-18509

CVE-2017-18509 targets the Linux kernel (net/ipv6/ip6mr.c). By sending a specific socket option, an attacker can manipulate a kernel pointer in ip6_mroute_* and trigger an inet_csk_listen_stop general protection fault, potentially enabling arbitrary code execution with root privileges. Impact can...

CVE-2018-7191

CVE-2018-7191 affects the Linux kernel tun subsystem prior to 4.13.14. Root cause: dev_get_valid_name is not called before register_netdevice, enabling a local user to trigger a NULL pointer dereference via ioctl(TUNSETIFF) with a device name containing a “/” character, potentially causing a deni...

CVE-2019-17075

CVE-2019-17075 affects the Linux kernel cxgb4 InfiniBand driver. The issue arises in mem.c: the driver calls DMA mapping (dma_map_single) from a stack variable, which can be triggered to cause a Denial of Service on architectures where stack/DMA interaction is relevant. Connected Nessus advisorie...

CVE-2019-19054

CVE-2019-19054: A memory leak in the Linux kernel cx23888_ir_probe() function (drivers/media/pci/cx23885/cx23888-ir.c) through version 5.3.11 can lead to denial of service via memory consumption when kfifo_alloc() fails. Connected Nessus advisories (UNITY_LINUX_UTSA-2026-004170 and related entrie...

CVE-2021-3506

CVE-2021-3506 : An out-of-bounds memory access in fs/f2fs/node.c of the Linux kernel (f2fs module) allows a local attacker to read/write out-of-bounds memory, leading to a system crash or leakage of kernel information. Affected are kernel versions before 5.12.0-rc4. The description notes the high...