13809 matches found
CVE-2017-18344
CVE-2017-18344 affects the Linux kernel before 4.14.8. The timer_create syscall in kernel/time/posix-timers.c fails to validate sigevent->sigev_notify, causing out-of-bounds access in show_timer when /proc/$PID/timers is read and enabling a local user to read arbitrary kernel memory on builds ...
CVE-2019-15919
CVE-2019-15919 affects the Linux kernel before 5.0.10. The vulnerability is in SMB2_write (fs/cifs/smb2pdu.c) due to a use-after-free in the SMB2 write path, with partial confidentiality impact (I: partial) and no explicit exploitation details provided. Remediation: upgrade to kernel 5.0.10 or la...
CVE-2019-17075
CVE-2019-17075 affects the Linux kernel cxgb4 InfiniBand driver. The issue arises in mem.c: the driver calls DMA mapping (dma_map_single) from a stack variable, which can be triggered to cause a Denial of Service on architectures where stack/DMA interaction is relevant. Connected Nessus advisorie...
CVE-2019-19054
CVE-2019-19054: A memory leak in the Linux kernel cx23888_ir_probe() function (drivers/media/pci/cx23885/cx23888-ir.c) through version 5.3.11 can lead to denial of service via memory consumption when kfifo_alloc() fails. Connected Nessus advisories (UNITY_LINUX_UTSA-2026-004170 and related entrie...
CVE-2023-52814
CVE-2023-52814 : Linux kernel has fixed a potential NULL pointer dereference in the AMDGPU driver. The function amdgpu_ras_get_context may return NULL if the device does not support ras, and the code now checks for NULL before dereferencing. This (local) vulnerability could crash the kernel if NU...
CVE-2023-7192
CVE-2023-7192 : Linux Kernel contains a memory-leak/denial-of-service issue in ctnetlink_create_conntrack() within net/netfilter/nf_conntrack_netlink.c. A local attacker with CAP_NET_ADMIN can trigger a refcount overflow to cause DoS. The initial documents confirm the vulnerability and its local-...
CVE-2024-50087
The connected Astra Linux advisory & the CVE entry describe a Linux kernel vulnerability in btrfs: read_alloc_one_name() may leave fscrypt_str.name uninitialized if kmalloc fails, so freeing fscrypt_str can access an uninitialized pointer. This is a local (L) issue with LOW initial access but HIG...
CVE-2017-1000112
CVE-2017-1000112 describes a local memory corruption in the Linux kernel UFO (UDP Fragmentation Offload) path. In ip_ufo_append_data() the code can flip from UFO to non-UFO between two send() calls, causing negative copy calculations, fragmentation, and ultimately skb_copy_and_csum_bits() writing...
CVE-2017-12192
CVE-2017-12192 affects the Linux kernel Key Management subcomponent: keyctl_read_key in security/keys/keyctl.c may be read on negatively instantiated keys, enabling a local attacker to cause a denial of service (kernel oops and crash). Affected: kernel before 4.13.5; fix implemented in 4.13.5 (Ch...
CVE-2022-0850
CVE-2022-0850 affects the Linux kernel’s ext4 filesystem by an information leak via the ext4_extent_header to userspace. The connected sources corroborate a kernel information leak (information disclosure) in ext4_extent_header and note fixes in various distributions:CloudLinux/CSLAs reference “e...
CVE-2022-25265
CVE-2022-25265 is a Linux kernel issue affecting binaries built around 2003 (e.g., GCC 3.2.2 with Linux 2.4.20) that can allow local attackers to execute code by exploiting exec-all attribute in non-executable regions. Connected advisories show the vulnerability being addressed as part of kernel/...
CVE-2022-39842
CVE-2022-39842 affects the Linux kernel up to version 5.19, specifically in drivers/video/fbdev/pxa3xx-gcu.c (pxa3xx_gcu_write). The count parameter has a type conflict of size_t versus int, causing an integer overflow and bypassing the size check; this value is then passed as the third argument ...
CVE-2024-53168
CVE-2024-53168 is a Linux kernel vulnerability related to a use-after-free (UAF) in sunrpc over a kernel TCP socket. The issue, illustrated by a KASAN report (slab-use-after-free in tcp_write_timer_handler), was fixed in the kernel to address a UAF in sunrpc’s TCP path. Connected advisories (SUSE...
CVE-2017-1000364
CVE-2017-1000364 affects the Linux kernel stack guard page (4k) so the stack-pointer can jump over the guard, enabling local privilege escalation. Affected: Linux kernel 4.11.5 and earlier. Impact: privilege escalation via stack-clash-like behavior; no remote vector described. Root cause: insuffi...
CVE-2017-7533
CVE-2017-7533 describes a race condition in the Linux kernel where inotify_handle_event and vfs_rename concurrently executing can be exploited by a local attacker to cause memory corruption, a denial of service, or privilege escalation. It affects Linux kernel versions up to 4.12.4; exploitation ...
CVE-2019-15920
CVE-2019-15920 affects the Linux kernel prior to 5.0.10, with a use-after-free in SMB2_read (fs/cifs/smb2pdu.c). The issue was not fixed in 5.0.10; the 5.0.11 ChangeLog documents a memory leak related to this area. Connected advisories (Unity Linux Nessus plugins) reference the same root cause an...
CVE-2019-3819
CVE-2019-3819 : In the Linux kernel HID subsystem, hid_debug_events_read() may enter an infinite loop under certain user-supplied parameters, causing a denial of service via system lockup. The issue is accessible to root (local) and affects Linux kernels from 4.18 onward in affected lines. Public...
CVE-2021-33656
CVE-2021-33656 affects the Linux kernel: setting a font with malicious data via the PIO_FONT ioctl can cause a memory out-of-bounds write. Affected: kernel font handling path; root cause: out-of-bounds write in ioctl processing. Impact: local code execution is not explicitly stated; exploitation ...
CVE-2022-3565
CVE-2022-3565 — Linux Kernel Bluetooth vulnerability (del_timer use-after-free) : The issue affects the Linux kernel, specifically the del_timer path in drivers/isdn/mISDN/l1oip_core.c within the Bluetooth component. The root cause is a use-after-free in the timer code, enabling a remote attacker...
CVE-2023-6536
CVE-2023-6536 is a Linux kernel NVMe over TCP issue. The connected documents confirm a NULL pointer dereference in the NVMe target (nvmet_tcp_build_iovec and related paths) that could cause a kernel panic and denial of service. Affected software is the Linux kernel’s NVMe over TCP stack (nvmet_tc...
CVE-2024-42231
CVE-2024-42231 affects the Linux kernel, specifically the btrfs filesystem in zoned mode. The issue is in calc_available_free_space(): the code incorrectly loops zone handling, treating each zone as a single chunk and not permitting partial allocations. This can yield a non-zone-aligned avail val...
CVE-2024-49975
CVE-2024-49975: Linux kernel uprobes information leak via the [uprobes] vma. xol_add_vma() maps an uninitialized page allocated by __create_xol_area() into userspace. On some architectures (notably x86), this memory can be readable even if VM_READ is not granted, yielding a kernel memory info lea...
CVE-2019-19927
CVE-2019-19927 affects Linux kernel 5.0.0-rc7 (as in ubuntu/linux.git) where mounting a crafted f2fs image and performing certain operations can cause slab-out-of-bounds read access in ttm_put_pages (ttm_page_alloc.c). The issue is linked to vmwgfx/ttm modules and may enable local, non-privileged...
CVE-2021-42252
The CVE-2021-42252 issue affects the Linux kernel up to version 5.14.5 in aspeed_lpc_ctrl_mmap (drivers/soc/aspeed/aspeed-lpc-ctrl.c). A memory overwrite can occur via the Aspeed LPC control interface when a comparison uses non-memory-size values, enabling a local attacker to potentially escalate...
CVE-2024-0193
CVE-2024-0193 is a Linux kernel netfilter NFT_TABLES use-after-free flaw. The issue arises when the catchall element is garbage-collected during removal of the pipapo set, enabling double deactivation of the element and a use-after-free on NFT_CHAIN or NFT_OBJECT. This could allow a local unprivi...
CVE-2024-53050
The CVE-2024-53050 issue affects the Linux kernel’s DRM/i915 HDCP path. The vulnerability arises from a missing encoder check in hdcp2_get_capability, and a fix was applied to Add encoder check in intel_hdcp2_get_capability to prevent a null pointer dereference. The description indicates the prob...
CVE-2018-14646
CVE-2018-14646 path: Linux kernel contains a NULL pointer dereference in __netlink_ns_capable() (net/netlink/af_netlink.c). A local attacker with netnsid assigned to a net namespace can trigger a kernel panic, causing a denial of service. Connected advisories (e.g., Red Hat RHSA entries and Euler...
CVE-2018-18021
CVE-2018-18021 affects arch/arm64/kvm/guest.c in the Linux kernel before 4.18.12. The KVM_SET_ON_REG ioctl is mishandled, allowing a local attacker who can create VMs to arbitrarily redirect the hypervisor flow of control (full register control) and potentially cause a hypervisor panic via an ill...
CVE-2019-19081
CVE-2019-19081 is a memory-leak/DoS vulnerability in the Linux kernel at drivers/net/ethernet/netronome/nfp/flower/main.c: nfp_flower_spawn_vnic_reprs() leaks memory, enabling denial of service via memory consumption. Affected: Linux kernel versions prior to 5.3.4. Reportedly remediated by Linux ...
CVE-2021-20194
CVE-2021-20194 affects Linux kernels 5.2+ when compiled with CONFIG_BPF_SYSCALL=y, CONFIG_BPF=y, CONFIG_CGROUPS=y, CONFIG_CGROUP_BPF=y, and without hardened_usercopy; a BPF execution bug in __cgroup_bpf_run_filter_getsockopt() can cause a heap overflow. Local attackers can potentially cause DoS o...
CVE-2023-1380
CVE-2023-1380 is referenced in the Connected documents as a slab-out-of-bounds read vulnerability in the Linux kernel, specifically in brcmf_get_assoc_ies() within the brcmfmac CFG80211 path. The underlying issue is when assoc_info->req_len exceeds the buffer size (WL_EXTRA_BUF_MAX), enabling ...
CVE-2017-17741
CVE-2017-17741 affects the Linux kernel KVM implementation through 4.14.7, enabling a write_mmio stack-based out-of-bounds read that can reveal potentially sensitive information from kernel memory. Affected code paths are in arch/x86/kvm/x86.c and include/trace/events/kvm.h. The supplied document...
CVE-2020-12656
CVE-2020-12656 affects the Linux kernel (up to 5.6.10) where gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c of rpcsec_gss_krb5 fails to call domain_release, causing a memory leak when unloading a kernel module. The issue is triggered by privileged module loading/unloading; memory could be...
CVE-2023-2124
CVE-2023-2124 is an out-of-bounds memory access flaw in the Linux kernel XFS image restore path after failure with a dirty log journal. It can crash a local user or potentially escalate privileges when mounting/correcting a corrupted XFS disk image. Public advisories (e.g., Debian DSA-5448-1 and ...
CVE-2020-12657
CVE-2020-12657 affects the Linux kernel before 5.6.5 due to a use-after-free in bfq_idle_slice_timer_body within bfq-iosched.c. The connected advisories (Unity Linux UTSA-2026-00x, Red Hat RHSA/CESA entries, CentOS plugin references) confirm kernel versions impacted and reference the 5.6.5 patch/...
CVE-2021-4149
CVE-2021-4149: Local privilege escalation via Linux kernel btrfs deadlock. Affects btrfs_alloc_tree_b in fs/btrfs/extent-tree.c where an improper lock operation can deadlock, enabling a local user to cause a denial-of-service. Debian LTS advisory DLA-3065-1 lists CVE-2021-4149 and notes the patch...
CVE-2022-3643
CVE-2022-3643: Linux kernel netback driver vulnerability allowing a guest to trigger NIC interface reset/abort/crash by sending packets with split headers. Root cause is an assumption that packet protocol headers reside in the SKB's linear section; certain NICs (e.g., Cisco ENIC, Broadcom NetXtre...
CVE-2023-39189
CVE-2023-39189 is documented in connected sources as affecting the Linux kernel Netfilter component, specifically the nftables path nf_osf_match_one(), which can trigger an out-of-bounds read leading to a crash or information disclosure. The vulnerability is reported across multiple advisories (e...
CVE-2019-19530
CVE-2019-19530 affects the Linux kernel prior to 5.2.10, with a use-after-free in the USB CDC-ACM driver (drivers/usb/class/cdc-acm.c) triggered by a malicious USB device. The issue could lead to a denial of service through memory corruption if exploited locally via USB hardware interfaces; CVSS ...
CVE-2022-3114
CVE-2022-3114 affects the Linux kernel up to 5.16-rc6. The issue is in imx_register_uart_clocks (drivers/clk/imx/clk.c): it does not check the return value of kcalloc(), which can lead to a null pointer dereference and a potential crash. This is a local issue with low to moderate complexity and a...
CVE-2022-49562
CVE-2022-49562 affects the Linux kernel KVM on x86. The fix changes A/D bit updates for guest PTEs to use __try_cmpxchg_user() instead of mapping PTEs into kernel space, addressing an incorrect VM_PFNMAP-based approach that could expose the kernel to unintended pfns. The issue is rooted in how vm...
CVE-2023-5633
CVE-2023-5633 is documented in an IBM QRadar SIEM bulletin as a Linux Kernel use-after-free vulnerability: a memory-management flaw in handling memory objects for GEM objects can allow a local, authenticated attacker to gain elevated privileges within a VM with 3D acceleration (VMware guest). The...
CVE-2016-10229
The CVE-2016-10229 issue affects the Linux kernel’s UDP handling: udp.c in versions before 4.5 contains an unsafe second checksum calculation when a recv call uses MSG_PEEK, enabling remote code execution. Reports and advisories (e.g., ALAS-2017-832, Alpine, Debian, Broadcom/Big-IP advisories) co...
CVE-2018-10881
CVE-2018-10881 is an ext4-related Linux kernel vulnerability: out-of-bounds access in ext4_get_group_info when mounting/operating on a crafted ext4 image, leading to denial of service or system crash. Connected sources (e.g., USN-3752-2) confirm this CVE is among kernel/ext4 issues addressed; rem...
CVE-2023-1077
CVE-2023-1077A: Linux kernel scheduling: In pick_next_rt_entity(), a type confusion can occur where a non-NULL, non-entry object (a list_head) is misinterpreted as a sched_rt_entity, bypassing BUG_ON checks and causing memory corruption. Public docs (Astra Linux page) mirror this description for ...
CVE-2011-4127
The CVE-2011-4127 entry is supported by connected advisory data that details the vulnerability in the Linux kernel prior to 3.2.2. Affected component: SG_IO ioctl handling in the kernel (SG_IO ioctls not properly restricted). Root cause: insufficient restriction of SG_IO commands, allowing a loca...
CVE-2019-10140
Technical details for CVE-2019-10140 are not provided in the connected documents. The initial description contains the vulnerability specifics, but no additional technical data appears here. Monitor for updates from the CNA and vendor advisories.
CVE-2019-15211
CVE-2019-15211 : Linux kernel before 5.2.6 contains a use-after-free in drivers/media/v4l2-core/v4l2-dev.c triggered by a malicious USB device; the issue is tied to memory allocation in drivers/media/radio/radio-raremono.c. Evidence from multiple Nessus/SUSE/OpenOpen advisories confirms the descr...
CVE-2020-27825
CVE-2020-27825: A use-after-free in Linux kernel kernel/trace/ring_buffer.c (before 5.10-rc1) enables a race between trace_open and cpu-buffer resize, allowing local DOS and potential information leaks. Affected: Linux kernel’s tracing ring buffer; root cause is a race on parallel CPU access. Mit...
CVE-2020-28915
CVE-2020-28915 is a Linux kernel vulnerability in the fbcon framebuffer code, where a buffer over-read before 5.8.15 could allow a local attacker to read kernel memory. The issue is caused by improper bounds handling in the framebuffer font-related path used by fbcon. Affected fix: upstream patch...