13804 matches found
CVE-2024-56614
Summary: CVE-2024-56614 in the Linux kernel fixes an out-of-bounds write in xsk_map_delete_elem where a user-controlled signed integer can bypass bounds checks due to unsigned/signed comparison, enabling an invalid map_entry access and potential memory corruption via xchg and subsequent operation...
CVE-2018-18710
CVE-2018-18710 affects the Linux kernel up to 4.19, in the CDROM driver: cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c. A cast from unsigned long to int can bypass bounds checking, enabling a local attacker to read kernel memory (information disclosure). The issue is analogous to CVE-2018-1094...
CVE-2019-19529
CVE-2019-19529 is a vulnerability in the Linux kernel prior to 5.3.11 where a malicious USB device could trigger a use-after-free in the mcba_usb.c CAN USB driver, CID-4d6636498c41. Exploitation would require a physical USB interaction and may lead to memory corruption. The connected Nessus advis...
CVE-2019-19602
CVE-2019-19602 – Linux kernel fpregs_state_valid cache issue : In arch/x86/include/asm/fpu/internal.h, the fpu_fpregs_owner_ctx caching can mishandle signal-based preemption when compiling with GCC 9, on amd64, leading to context-dependent attackers causing a memory corruption DoS and potentially...
CVE-2022-0742
CVE-2022-0742: Memory leak in Linux kernel ICMPv6 implementation (Linux kernel 5.13+) can allow a remote attacker to cause a DoS by flooding with ICMPv6 packets of type 130/131, exhausting memory. The advisory references a fix via a commit: 2d3916f3189172d5c69d33065c3c21119fe539fc. Connected sour...
CVE-2022-33740
Summary: The CVE-2022-33740 issue concerns the Linux Block and Network PV device frontends leaking data to the backend. The root cause described in the sources is that memory regions are not zeroed before sharing with the backend, and the grant-table granularity (4K pages) means data from differe...
CVE-2022-47940
CVE-2022-47940 affects ksmbd in the Linux kernel (versions 5.15–5.18 before 5.18.18). The issue is a missing length validation in the non-padding path of smb2_write (fs/ksmbd/smb2pdu.c), as disclosed in connected advisories. Exploitation details are not provided in the documents beyond this root ...
CVE-2024-27014
CVE-2024-27014 affects the Linux kernel component net/mlx5e, where a deadlock could occur when disabling accelerated Receive Flow Steering (aRFS). The issue arises because a scheduled aRFS work item cancels under priv->state_lock, but the work handler later tries to reacquire that same lock, c...
CVE-2024-50138
CVE-2024-50138 concerns the Linux kernel BPF ringbuf handling. The issue arises when __bpf_ringbuf_reserve is invoked from a tracepoint with preemption disabled, where using spinlock_t could trigger a “sleep in atomic” warning on RT variants. The root cause is the use of a spinlock_t in the ringb...
CVE-2024-50264
CVE-2024-50264 affects the Linux kernel, specifically the vsock/virtio path where a dangling pointer can be created in vsk->trans during loopback, enabling a Use-After-Free as described. The issue is resolved by initializing vsk->trans to NULL. Connected advisories (Astra Linux, ALAS2LIVEPA...
CVE-2025-21683
CVE-2025-21683 affects the Linux kernel and patches a memory-leak in bpf_sk_select_reuseport() when using reuseport BPF programs. The underlying issue is that a sockmap lookup could return a TCP ESTABLISHED socket that previously had SO_ATTACH_REUSEPORT_EBPF, meaning a non-NULL sk_reuseport_cb di...
CVE-2021-20239
CVE-2021-20239 describes a flaw in the Linux kernel prior to 5.4.92 within the BPF protocol. A local attacker can leak information about kernel internal addresses, impacting confidentiality. The issue is tied to the BPF verifier/run-time handling and does not require remote access. Affected produ...
CVE-2022-49124
The CVE-2022-49124 entry concerns the Linux kernel x86 MCE workaround for an erratum in fast string copy instructions (REP; MOVS*). A rare kernel panic can occur when an uncorrected error is in the first cache line of a page and the kernel executes page_copy from the previous page, causing an MCE...
CVE-2023-52919
In CVE-2023-52919, the Linux kernel nfc: nci path fixes a NULL pointer dereference by handling memory allocation failure from nci_skb_alloc() (alloc_skb()). The fix addresses a possible NULL pointer dereference when sending acknowledge, mitigating local-execution risk. The vulnerability affects t...
CVE-2017-7618
CVE-2017-7618 affects the Linux kernel crypto/ahash.c, enabling denial of service by triggering EBUSY on a full request queue and causing infinite recursion in the AHASH path. The issue is referenced across multiple connected advisories (Cloud Foundry USN-3312-2, CNVD-2017-05429, Debian DLA-922-1...
CVE-2018-10021
CVE-2018-10021 affects the Linux kernel’s SAS SCSI host driver (drivers/scsi/libsas/sas_scsi_host.c) prior to 4.16. A local user can trigger certain failure conditions to cause a denial of service (ata_qc leak). A third party disputes the report’s relevance, noting the issue can occur only with p...
CVE-2019-14899
CVE-2019-14899 is a routing-path/kernel issue affecting macOS (and cited across Linux, FreeBSD, OpenBSD, iOS, Android). The root cause is a VPN-tunnel routing problem that allows a local/adjacent attacker to inject into active VPN connections, enabling data injection and potential VPN hijacking. ...
CVE-2023-2176
CVE-2023-2176 affects the Linux kernel RDMA path: a use of compare_netdev_and_ip in drivers/infiniband/core/cma.c can trigger an out-of-bounds read, allowing a local attacker to crash or escalate privileges. Multiple vendor advisories (e.g., SUSE SU-2025-02848-1, SUSE SU-2025-02846-1) reference a...
CVE-2023-52606
CVE-2023-52606 : In the Linux kernel, the vulnerability involves the powerpc/lib area where vector-operation sizes used by fp/vmx emulation were assumed to have a maximum size, but the true size is determined separately in analyse_instr(). A check was added to validate the maximum size of the vec...
CVE-2024-44995
CVE-2024-44995 affects the Linux kernel hns3 driver (net: hns3). When configuring TC during the reset process a deadlock can occur due to the sequence DOWN -> napi_disable -> napi_enable -> UINIT -> INIT, with setup_tc potentially UP'ing the port before UINIT. The fix adds a DOWN path...
CVE-2024-50299
CVE-2024-50299: Linux kernel SCTP vulnerability in sctp_sf_ootb() due to missing size validation when processing chunks, similar to prior fix in sctp_walk chunks. The issue caused a KMSAN/uninitialized value crash reported by syzbot in sctp_sf_ootb() and related call chain. The published advisori...
CVE-2016-2384
The CVE-2016-2384 issue affects the Linux kernel (snd_usbmidi_create in sound/usb/midi.c) prior to 4.5, caused by a double-free when handling an invalid USB descriptor. This can enable physically proximate attackers to trigger a denial of service (panic) or potentially other unspecified impacts. ...
CVE-2016-4913
The CVE-2016-4913 issue affects the Linux kernel (fs/isofs/rock.c) and concerns get_rock_ridge_filename mishandling of NM (alternate name) entries containing a NUL character. A local attacker mounting a crafted isofs filesystem could read kernel memory due to this information leak. The vulnerabil...
CVE-2017-7482
CVE-2017-7482 affects the Linux kernel prior to 4.12. When Kerberos 5 tickets are decoded using RXRPC keys, the code incorrectly assumes the size of a field, causing the size-remaining calculation to wrap and the data pointer to extend past the buffer end. This can lead to memory corruption and p...
CVE-2019-12378
CVE-2019-12378 affects the Linux kernel (up to 5.1.5) in ip6_ra_control (net/ipv6/ipv6_sockglue.c). It involves an unchecked kmalloc of new_ra that could lead to a NULL pointer dereference and system crash (DoS). Note: the issue has been disputed as not an issue in some sources. No public patch d...
CVE-2023-1390
CVE-2023-1390 is a remote DoS in the Linux kernel TIPC module. The advisory describes a flaw in tipc_link_xmit() where a loop encounters an unknown state while parsing SKBs not in the queue, and sending two small UDP packets to a system with a UDP bearer can cause CPU utilization to spike to 100%...
CVE-2023-35823
CVE-2023-35823 is a use-after-free in the Linux kernel before 6.3.2, specifically in saa7134_finidev() within drivers/media/pci/saa7134/saa7134-core.c. Astra Linux and related entries confirm the same vulnerability class and location (saa7134-core.c). The risk is high (local attack vector, as per...
CVE-2023-42756
CVE-2023-42756 is a Linux kernel vulnerability in the Netfilter/IPSET subsystem caused by a race between IPSET_CMD_ADD and IPSET_CMD_SWAP that can lead to a kernel panic and local system crash. The description indicates a local attacker may crash the machine due to calling __ip_set_put on a wrong...
CVE-2024-36016
CVE-2024-36016 is a Linux kernel vulnerability affecting the tty n_gsm path (gsm0_receive, gsm1_receive). The advisory details a possible out-of-bounds write when switching between basic/advanced option modes and not resetting state, length, or MRU across reconfigurations. The fixed code changes ...
CVE-2017-18232
CVE-2017-18232 affects the Linux kernel SAS (libsas): a mutex mishandling in the SAS implementation up to kernel 4.15.9 allows local users to cause a denial of service (deadlock) by triggering certain error-handling code. Connected advisories (Unity Linux UTSA-2026-…) confirm a kernel security up...
CVE-2017-7273
CVE-2017-7273 affects the Linux kernel, where cp_report_fixup in drivers/hid/hid-cypress.c (kernel 3.2 and 4.x before 4.9.4) allows physically proximate attackers to trigger a denial of service (integer underflow) via a crafted HID report. The issue is fixed in Linux kernel 4.9.4; remediation is ...
CVE-2019-18198
Technical details beyond the initial description are not provided in the connected documents. CVE-2019-18198 concerns a reference count usage error in fib6_rule_suppress() in net/ipv6/fib6_rules.c (Linux kernel before 5.3.4) that can lead to memory corruption; no further public facts (affected ve...
CVE-2019-9162
CVE-2019-9162 concerns the Linux kernel prior to 4.20.12, where the SNMP NAT module's net/ipv4/netfilter/nf_nat_snmp_basic_main.c contains insufficient ASN.1 length checks. This can trigger an out-of-bounds read/write (array index) leading to a kernel oops or local privilege escalation, specifica...
CVE-2023-2235
CVE-2023-2235 describes a local privilege-escalation use-after-free in the Linux Kernel Performance Events subsystem. The flaw stems from perf_group_detach not checking siblings’ attach_state before add_event_to_groups(), coupled with remove_on_exec allowing list_del_event() on the event before d...
CVE-2023-52614
CVE-2023-52614 (Linux kernel) : The vulnerability is a buffer overflow in trans_stat_show() within PM/devfreq. The fix converts a simple snprintf to scnprintf with size PAGE_SIZE, adds a boundary check to exit when PAGE_SIZE is exceeded, issues a warning that stats are disabled, and returns -EFBI...
CVE-2023-52615
CVE-2023-52615 : The Linux kernel patch fixes a deadlock in the hwrng read path when a user reads from /dev/hwrng and mmap()’ed memory overlap. Root cause is a page fault during copy_to_user invoked from the hwrng core read path, which could trigger a recursive read and deadlock. The fix switches...
CVE-2024-36902
CVE-2024-36902 is a Linux kernel vulnerability: fib6_rules may dereference a NULL from ip6_dst_idev() in fib6_rule_action(), potentially enabling a crash (general protection fault). A fix has been applied in the Linux kernel; remediation is to update to a version containing the patch. Other conne...
CVE-2024-50047
CVE-2024-50047 is a Linux kernel issue affecting the SMB client’s async crypto path. When performing async decryption for large reads, a use-after-free in the cryptography API can occur, crashing due to a freed AEAD request while the hardware crypto offload is still processing. The Astra Linux ad...
CVE-2024-53096
CVE-2024-53096: Linux kernel patch resolves faulty mmap_region() error path. Key changes move core logic into __mmap_region(), perform upfront validations, and unwind writable/ seal checks earlier. Effects include preallocating iterator state before file-backed hooks, early handling of mapping_ma...
CVE-2012-6657
CVE-2012-6657 affects the Linux kernel up to version 3.5.7. The vulnerability lies in sock_setsockopt in net/core/sock.c, where a keepalive action may not be properly associated with a stream socket, enabling a local attacker to cause a denial of service (system crash) by leveraging the ability t...
CVE-2016-9576
CVE-2016-9576 affects the Linux kernel’s SCSI generic (sg) path. The blk_rq_map_user_iov() function in block/blk-map.c did not properly restrict the iterator type, enabling a local attacker with access to /dev/sg to read or write arbitrary kernel memory or trigger a use-after-free. CVE-2016-10088...
CVE-2017-2671
CVE-2017-2671 affects the Linux kernel ping_unhash in net/ipv4/ping.c. The issue is that a lock is obtained too late, failing to guarantee safety for disconnect calls, enabling a local attacker to trigger a denial of service (panic) by leveraging IPPROTO_ICMP in a socket syscall. Public reference...
CVE-2019-12379
The connected Nessus UNPATCHED_CVE_2019_12379 entry confirms CVE-2019-12379 affects Linux kernel code path con_insert_unipair in drivers/tty/vt/consolemap.c (up to kernel 5.1.5) with a memory leak in an ENOMEM/kmalloc scenario. The description explicitly notes this issue is disputed as an actual ...
CVE-2021-3635
CVE-2021-3635 affects the Linux kernel netfilter implementation. The described flaw exists in versions prior to 5.5-rc7, where a user with root privileges (CAP_SYS_ADMIN) can panic the system when issuing netfilter netflow commands. The included sources (e.g., Unity Linux and MiracleLinux Nessus ...
CVE-2022-3523
CVE-2022-3523 (Linux kernel) is addressed in MiracleLinux AXSA-2023-7038: the issue is a use-after-free in mm/memory.c during memory fault handling (memory manager race on private device pages). The Nessus/Miracle advisory lists this as one of multiple kernel CVEs affected on kernel 5.14.x builds...
CVE-2022-40307
CVE-2022-40307 is a Linux kernel issue in drivers/firmware/efi/capsule-loader.c that creates a race condition with a resulting use-after-free . Connections show multiple references: Debian’s LTS advisory for linux-5.10 includes CVE-2022-40307 among the listed fixes, indicating affected kernel ser...
CVE-2023-23000
CVE-2023-23000 affects Linux kernel pre-5.17: in drivers/phy/tegra/xusb.c, tegra_xusb_find_port_node return value is mishandled, with callers expecting NULL in error cases but an error pointer is returned. The referenced fixes appear in kernel 5.17 changelog.
CVE-2023-3212
CVE-2023-3212 affects the Linux kernel gfs2 file system. A NULL pointer dereference occurs on corrupt gfs2 filesystems when the evict path references the journal descriptor structure after it has been freed, enabling a local privileged user to trigger a kernel panic. Affected: Linux kernel with g...
CVE-2024-26645
CVE-2024-26645 : The issue is in the Linux kernel tracing subsystem (tracing_map) where a race can occur when inserting a new element. The root cause is CPU reordering between memcpy(elt->key, key, map->key_size) and entry->val = elt in __tracing_map_insert(), which can cause a later che...
CVE-2024-26664
CVE-2024-26664 : The Linux kernel hwmon: coretemp fix addresses an out-of-bounds memory access. The bug arises when pdata->cpu_map[] is set before the out-of-bounds check, potentially triggering on systems with more than 128 cores per package. Connected sources corroborate the vulnerability an...