13736 matches found
CVE-2020-8835
CVE-2020-8835 affects Linux kernel 5.5.0 and newer, with backports to 5.4.x. The issue is in the BPF verifier (kernel/bpf/verifier.c): it truncates 64-bit values to 32-bit for 32-bit operations, causing the verifier’s checked bounds to diverge from actual execution. This can lead to out-of-bounds...
CVE-2022-1263
CVE-2022-1263 is a Linux kernel KVM NULL pointer dereference bug that triggers when releasing a vCPU with dirty ring support enabled. An unprivileged local attacker on the host can issue specific ioctl calls to cause a kernel oops and DoS. Public advisories (e.g., Amazon Linux 2 ALAS2KERNEL-5.15-...
CVE-2022-36402
CVE-2022-36402 is described in connected advisories as an integer overflow in the vmwgfx driver (Linux kernel) within vmwgfx_execbuf.c, affecting GPUs exposed via /dev/dri/renderD128 (Dxxx). The vulnerability allows a local attacker with a user account to gain elevated privileges and can cause a ...
CVE-2022-40768
CVE-2022-40768 affects the Linux kernel (through 5.19.9) where stex_queuecommand_lck does not memset for the PASSTHRU_CMD path, enabling local users to read kernel memory. Affected: drivers/scsi/stex.c in the kernel. Impact: information disclosure from kernel memory; local, low complexity, no use...
CVE-2023-3268
CVE-2023-3268 : An out-of-bounds memory access in Linux kernel relayfs (relay_file_read_start_pos in kernel/relay.c) could allow a local attacker to crash the system or leak kernel information. Connected advisories confirm this vulnerability and its remediation in multiple kernels: CloudLinux not...
CVE-2023-6622
CVE-2023-6622 : A null pointer dereference in nft_dynset_init() of net/netfilter/nft_dynset.c (nf_tables) allows a local attacker with CAP_NET_ADMIN to trigger a denial of service. Affected: Linux kernel nf_tables/nft_dynset; impact: local DoS; exploitability: LOCAL, requires privileges, no user ...
CVE-2024-35877
Technical details about CVE-2024-35877 are not provided in the connected documents. Public disclosures in the MiracleLinux advisory reference this CVE but do not include kernel-level root causes, impact specifics, or remediation details.
CVE-2011-1083
The CVE-2011-1083 issue affects the Linux kernel epoll implementation (epoll_ctl/epoll_create) as shipped in 2.6.37.2 and earlier. Local attackers can cause CPU denial of service by crafting a user-space application that creates and manages epoll file descriptors, exploiting improper traversal of...
CVE-2014-8559
CVE-2014-8559 is tied to the Linux kernel up to version 3.17.2, where the d_walk function in fs/dcache.c fails to properly preserve the semantics of rename_lock. This can allow a local attacker to cause a denial of service via a deadlock and system hang. The connected advisories state that the is...
CVE-2017-10810
CVE-2017-10810: Linux kernel memory leak in virtio_gpu_object_create (drivers/gpu/drm/virtio/virtgpu_object.c) up to 4.11.8 can cause memory exhaustion and denial of service when object initialisation fails. Connected Nessus advisories (Unity Linux UTSA-2026-002867/002763/000604) reproduce the sa...
CVE-2019-15794
CVE-2019-15794 describes a refcount underflow in the overlayfs/shiftfs error path when used with aufs patches. Specifically, both the Overlayfs and shiftfs patches in the Ubuntu 5.0 and 5.3 kernel series replace vma->vm_file in mmap handlers, and on error do not restore the original value; the...
CVE-2022-2585
CVE-2022-2585 is a Linux kernel use-after-free vulnerability in POSIX CPU timers when exec() occurs from a non-leader thread. The issue stems from armed timers left on a list but freed, enabling local privilege escalation. Public advisories (e.g., AlmaLinux/ALAS and Debian bulletins) confirm the ...
CVE-2022-42329
CVE-2022-42329 concerns the Linux xen-netback driver. The description shows a potential deadlock when freeing the SKB of a dropped packet under the XSA-392 handling (also tied to CVE-2022-42328) and also when dropping packets if netpoll is active on the connected interface, risking a deadlock in ...
CVE-2023-28466
Summary: CVE-2023-28466 affects the Linux kernel up to 6.2.6, where do_tls_getsockopt in net/tls/tls_main.c can race due to a missing lock_sock, causing a use-after-free or NULL pointer dereference. The condition is a local, kernel‑level issue with potential crashes or memory corruption as descri...
CVE-2023-6111
CVE-2023-6111 is a use-after-free in the Linux kernel netfilter nf_tables GC path: the function nft_trans_gc_catchall can fail to remove a catchall set element from catchall_list when sync is true, allowing a catchall element to be freed multiple times. This enables local privilege escalation. Th...
CVE-2023-6931
CVE-2023-6931 describes a heap/out-of-bounds write in the Linux kernel’s Performance Events subsystem. The issue arises when a perf_event read_size overflows, causing an out-of-bounds increment or write in perf_read_group(). The vulnerability is described as enabling local privilege escalation. M...
CVE-2015-9289
Mode C: CVE-2015-9289 affects the Linux kernel (drivers/media/dvb-frontends/cx24116.c). A buffer overflow can occur when validating userspace parameters for DiSEqC commands: the API specifies a maximum of 6, but code accepts values up to 23. This is in kernels before 4.1.4; the fix is in Linux 4....
CVE-2017-17449
CVE-2017-17449 affects the Linux kernel: the __netlink_deliver_tap_skb function in net/netlink/af_netlink.c can allow local attackers with CAP_NET_ADMIN to sniff Netlink activity across all net namespaces when CONFIG_NLMON is enabled. This results in information disclosure (exposure of kernel Net...
CVE-2018-14625
The CVE-2018-14625 entry describes a Linux kernel vulnerability in the vsock (AF_VSOCK) implementation. A race condition between connect() and close() can lead to a use-after-free that may enable a local attacker running inside a guest VM to read kernel memory (information leak) or potentially in...
CVE-2020-14416
CVE-2020-14416 is a Linux kernel issue fixed in 5.4.16. A race condition in tty->disc_data handling for slip and slcan line disciplines can cause a use-after-free, affecting drivers/net/slip/slip.c and drivers/net/can/slcan.c. The connected Nessus advisories reproduce the vulnerability across ...
CVE-2022-3625
CVE-2022-3625 affects the Linux kernel, specifically the devlink subsystem. The issue is a use-after-free in the functions devlink_param_set and devlink_param_get in net/core/devlink.c, enabling a remote authenticated attacker on the local network to cause a denial of service. A patch is availabl...
CVE-2023-52595
CVE-2023-52595 is reported in MiracleLinux advisories as affecting MiracleLinux 8 with kernel 4.18.0-553.5.1.el8_10 (AXSA:2024-8481:17). The issue is in wifi: rt2x00: restart beacon queue when hardware reset, where a hardware reset can deadlock the beacon queue if mac80211 does not stop queues, p...
CVE-2017-18216
CVE-2017-18216 affects the Linux kernel's OCFS2 nodemanager.c: a required mutex is not used, enabling local attackers to trigger a NULL pointer dereference/BUG and cause denial of service. The issue exists in kernel versions before 4.15. Exploitation is local; no remote vector noted in the provid...
CVE-2019-16995
CVE-2019-16995 affects the Linux kernel prior to 5.0.3. The issue is a memory leak in hsr_dev_finalize() (net/hsr/hsr_device.c) that can occur if hsr_add_port fails to add a port, potentially leading to a denial of service. The vulnerability is not tied to a vendor product in the provided text be...
CVE-2019-19080
CVE-2019-19080 affects the Linux kernel (pre-5.3.4). The issue consists of four memory leaks in nfp_flower_spawn_phy_reprs() in drivers/net/ethernet/netronome/nfp/flower/main.c, leading to potential memory consumption and a denial of service. The public references confirm the vulnerable function ...
CVE-2022-25375
CVE-2022-25375 affects the Linux kernel rndis gadget: the RNDIS_MSG_SET size is not validated, allowing information disclosure from kernel memory. Affected: kernels prior to 5.16.10. Remediation: apply upstream patch in 5.16.10+; Debian advisories note fixes in stable branches (e.g., 5.10.x/Bulls...
CVE-2022-2959
CVE-2022-2959 is a Linux kernel race condition in the watch queue due to a missing lock in pipe_resize_ring(), affecting handling of pipe buffers. The flaw, described in multiple sources (including upstream commit references and security bulletins), can allow a local user to crash the system or e...
CVE-2023-26242
CVE-2023-26242 concerns an integer overflow in afu_mmio_region_get_by_offset located in drivers/fpga/dfl-afu-region.c of the Linux kernel, reported to be vulnerable through kernel version 6.1.12. The connected Nessus plugin notes Linux distros unpatched for CVE-2023-26242, indicating there is no ...
CVE-2023-52827
CVE-2023-52827 concerns the Linux kernel’s wifi ath12k code. The issue is a potential out-of-bounds read in ath12k_htt_pull_ppdu_stats(), caused by len being extracted from an HTT message without sufficient validation; an unexpected value could occur during message iteration/parsing. The same ris...
CVE-2024-45000
CVE-2024-45000 is a Linux kernel vulnerability affecting the fs/netfs/fscache_cookie path. A missing n_accesses check allowed a NULL pointer dereference under a data race between fscache_cookie_state_machine() and concurrent operations (notably fscache_unuse_cookie() and cachefiles_prepare_write(...
CVE-2017-9075
CVE-2017-9075 affects the Linux kernel network subsystem: the sctp_v6_create_accept_sk function in net/sctp/ipv6.c mishandles inheritance, enabling a local attacker to cause a denial of service (and possibly other effects) via crafted system calls. Connected CentOS Red Hat advisories (e.g., CESA/...
CVE-2019-15222
CVE-2019-15222 entry is rejected/not used and not an active vulnerability.
CVE-2021-45469
CVE-2021-45469 affects the Linux kernel’s f2fs file system implementation, specifically __f2fs_setxattr in fs/f2fs/xattr.c. When an inode’s last xattr entry is invalid, there is an out-of-bounds memory access. Documents indicate an attacker who can mount a crafted f2fs image could trigger denial ...
CVE-2023-0458
CVE-2023-0458 describes a speculative pointer dereference in the Linux kernel’s do_prlimit() path. The vulnerable path uses a controlled resource argument in pointer arithmetic for the rl im variable, enabling leakage of kernel contents when exploited. The Astra Linux security bulletin corroborat...
CVE-2023-1281
CVE-2023-1281 is a Linux kernel use-after-free in the traffic control index filter (tcindex) that permits local privilege escalation to root. The vulnerability stems from updating an imperfect hash area while packets traverse; a use-after-free occurs when tcf_exts_exec() accesses a destroyed tcf_...
CVE-2023-52918
CVE-2023-52918 – Linux kernel (media: pci: cx23885) The vulnerability concerns the cx23885 video device initialization in the Linux kernel’s media: pci subsystem. cx23885_vdev_init() can return a NULL pointer, but the caller previously used that pointer without checking it. The fix adds a NULL po...
CVE-2024-49568
CVE-2024-49568 affects the Linux kernel net/smc implementation. The issue arises when receiving a proposal message: fields v2_ext_offset, eid_cnt, and ism_gid_cnt from the remote client are not fully trustworthy; if v2_ext_offset exceeds the max value, it can trigger an out-of-bounds access and a...
CVE-2024-50133
CVE-2024-50133 (LoongArch Linux kernel) : The issue occurs when a task without a vDSO mapping (e.g., kthreads) calls stack_top(), dereferencing a NULL vdso pointer and crashing. Reported in the Linux kernel with a concrete path, including kunit-related stack traces, indicating the root cause is a...
CVE-2018-13093
CVE-2018-13093 relates to a NULL pointer dereference in Linux kernel fs/xfs/xfs_icache.c during pathwalks on a corrupted XFS image, caused by missing validation that cached inodes are freed during allocation. Impact: potential crash/DoS. Remediation: Debian LTS advisory DLA-2114-1 lists this CVE ...
CVE-2018-18690
CVE-2018-18690 pertains to the Linux kernel before 4.17 where a local attacker able to set attributes on an xfs filesystem could render the filesystem non-operational until remount by triggering an unchecked error during an xfs attribute change. The root cause is mishandling of ATTR_REPLACE in xf...
CVE-2019-12456
CVE-2019-12456 : A local double-fetch vulnerability in the Linux kernel, affecting the MPT3COMMAND path of _ctl_ioctl_main in drivers/scsi/mpt3sas/mpt3sas_ctl.c. The issue arises from reading ioc_number between two kernel reads, allowing a local attacker to trigger a denial of service or potentia...
CVE-2021-3659
CVE-2021-3659 is a local NULL pointer dereference in the Linux kernel’s IEEE 802.15.4 LR-WPAN subsystem. The specific code path cited in connected sources is a NULL pointer dereference in llsec_key_alloc() within net/mac802154/llsec.c, which can be triggered during LR-WPAN connection closure and ...
CVE-2022-1195
CVE-2022-1195 describes a use-after-free in the Linux kernel driver for hamradio (drivers/net/hamradio), specifically involving the mkiss and sixpack paths. The flaw allows a local attacker with user privileges to trigger a denial of service when the mkiss/sixpack device is detached and resources...
CVE-2024-39494
CVE-2024-39494 – Linux kernel ima use-after-free on dentry name The flaw occurs in the IMA path where a dentry’s dname.name can be changed by a rename, and the previous value may be freed. The early value could be freed before a stable snapshot is taken because the locking conditions (dentry/d_lo...
CVE-2024-56782
Technical details about CVE-2024-56782 are not provided in the supplied documents. The materials reference the patch description but do not include product/version/impact specifics or exploitation context.
CVE-2016-8655
CVE-2016-8655 describes a race condition in the Linux kernel AF_PACKET path (net/packet/af_packet.c) that, up to version 4.8.12, could allow a local user with CAP_NET_RAW to change a socket version via packet_set_ring/packet_setsockopt, leading to use-after-free, privilege escalation or DoS. Conn...
CVE-2017-18241
CVE-2017-18241 affects Linux kernel fs/f2fs/segment.c prior to 4.13. Local users can cause a denial of service via a NULL pointer dereference in a flush_cmd_control when using the noflush_merge option, leading to a panic. No exploitation details are provided in the documents. Remediation: upgrade...
CVE-2017-7518
CVE-2017-7518: In the Linux kernel before 4.12, the KVM module mishandles the trap-flag TF in EFLAGS during syscall emulation, causing a debug exception (#DB) on the guest stack. This could allow a user/process inside a guest to escalate privileges within the guest (Linux guests only; host kernel...
CVE-2018-6554
CVE-2018-6554 describes a memory leak in the Linux kernel’s irda_bind path (net/irda/af_irda.c and later staging/irda/net/af_irda.c). A local user can cause memory exhaustion by repeatedly binding an AF_IRDA socket, leading to denial of service. The vulnerability exists in kernels prior to 4.17 a...
CVE-2019-12381
CVE-2019-12381 affects the Linux kernel (ip_ra_control in net/ipv4/ip_sockglue.c) up to version 5.1.5. It describes an unchecked kmalloc for new_ra, which could cause a NULL pointer dereference and system crash (DoS). NOTE: some sources dispute this because new_ra is not used if it is NULL. The c...