13804 matches found
CVE-2016-7425
CVE-2016-7425 affects the Linux kernel component arcmsr_iop_message_xfer in drivers/scsi/arcmsr/arcmsr_hba.c. The vulnerability arises because a length field is not properly restricted, enabling a local user to trigger a heap-based buffer overflow via the ARCMSR_MESSAGE_WRITE_WQBUFFER control cod...
CVE-2017-15649
CVE-2017-15649 affects the Linux kernel’s AF_PACKET path (net/packet/af_packet.c) up to version before 4.13.6. A race between fanout_add and packet_do_bind can mishandle packet_fanout data structures, causing a use-after-free condition. A local user with CAP_NET_RAW can trigger this to obtain pri...
CVE-2018-10882
CVE-2018-10882 affects the Linux kernel ext4 implementation. A local user can trigger an out-of-bounds write in fs/jbd2/transaction.c by mounting/unmounting a crafted ext4 image, causing denial of service and potential system crash. Public details describe the vulnerability as part of ext4 file-s...
CVE-2021-3600
CVE-2021-3600 is reported in the provided documents as an eBPF bound-tracking issue in the Linux kernel: 32-bit source registers used in div/mod may cause bounds information to be mishandled, enabling a local attacker to possibly execute arbitrary code. The MiracleLinux AXSA-2021-2785:26/NASL lis...
CVE-2021-47393
Summary for CVE-2021-47393 (Linux kernel): The mlxreg_fan hardware monitor driver (mlxsw_core) contains a defect where returning a non-zero error when the fan current state is enforced via sysfs prevents thermal statistics updates. This occurs in scenarios where a minimum fan speed is requested v...
CVE-2022-3646
CVE-2022-3646 is a Linux kernel vulnerability affecting the nilfs_attach_log_writer function in fs/nilfs2/segment.c (BPF component). The issue enables a memory leak and may be exploitable remotely. A patch is recommended to fix this issue (VDB-211961).
CVE-2023-22998
CVE-2023-22998 affects the Linux kernel prior to 6.0.3. The vulnerability stems from drivers/gpu/drm/virtio/virtgpu_object.c misinterpreting the drm_gem_shmem_get_sg_table return value (treating an error pointer as NULL). This can allow a remote authenticated attacker on the local network to caus...
CVE-2024-26638
CVE-2024-26638 affects Linux kernel nbd: the patch fixes a KMSAN warning by always zero-initializing the msghdr structure (preventing uninitialized fields like msg_get_inq from leaking into recv paths). The issue arises because several recent msghdr fields could be left with indeterminate values,...
CVE-2024-26890
The CVE-2024-26890 vulnerability is in the Linux kernel Bluetooth stack (btrtl driver). When the btrtl driver is used with hci_h5, private HCI data memory was not allocated after hci_dev, causing a potential out-of-bounds write detected by KASAN. The fix adds memory allocation for the hci_h5 path...
CVE-2024-27436
CVE-2024-27436 — Linux kernel ALSA: usb-audio issue Root cause: ALSA usb-audio parsing channels bits could overrun the map array if a device reports more bits than channels, allowing a write beyond bounds. Synopsis in connected sources: the vulnerability was resolved in the Linux kernel by stoppi...
CVE-2024-37356
CVE-2024-37356 : In Linux kernel, the vulnerability is a shift-out-of-bounds in dctcp_update_alpha() triggered by setting dctcp_shift_g to large values (e.g., 100). The issue arises from alpha and delivered_ce computations using dctcp_shift_g, leading to an UBSAN shift-out-of-bounds and potential...
CVE-2024-42090
The CVE CVE-2024-42090 affects the Linux kernel pinctrl subsystem. Root cause: in create_pinctrl(), pinctrl_maps_mutex is held when add_setting() can return -EPROBE_DEFER, and the code then calls pinctrl_free(), which attempts to re-acquire pinctrl_maps_mutex, risking a deadlock. The patch fixes ...
CVE-2024-43856
CVE-2024-43856 : Linux kernel vulnerability in dmam_free_coherent() where freeing a DMA allocation could race with concurrent allocations to the same vaddr, causing two devres entries to share the same vaddr and possibly free the wrong one. The fix is to destroy the devres entry before freeing th...
CVE-2024-50143
CVE-2024-50143 affects the Linux kernel; the udf subsystem introduced an uninitialized-value use in udf_get_fileshortad, mitigated by a fix that also checks for overflow when computing alen in udf_current_aext to address a KMSAN bug. The patch prevents triggering issues after application, and pub...
CVE-2024-53069
CVE-2024-53069 affects the Linux kernel firmware driver for Qualcomm SCM. The vulnerability is a NULL-pointer dereference when SCM calls are made with __scm set to NULL (driver may not be probed due to absent SCM entry in device-tree). The fix prevents dereferencing a NULL pointer, addressing pot...
CVE-2024-53174
CVE-2024-53174 concerns a Linux kernel SUNRPC use-after-free in the cache path: c_show could dereference a freed cache entry due to RC ul protection when reading via cache_show. The fix uses cache_get_rcu to ensure the cache entry (cp) remains active while accessed, preventing a refcount UAF. Aff...
CVE-2025-21703
Affecting the Linux kernel netem/qdisc path: the issue stems from updating sch->q.qlen before qdisc_tree_reduce_backlog(), causing DRR to miss qlen_notify() and enabling a use-after-free in the active list. CVSS v3.1 indicates high impact (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). The Astra Linux ...
CVE-2015-8215
CVE-2015-8215 concerns the Linux kernel IPv6 stack (net/ipv6/addrconf.c) where MTU validation is missing. This affects kernel versions before 4.0 and can enable a context-dependent attacker to trigger packet loss through Router Advertisement processing, as the MTU value may be invalid (either bel...
CVE-2018-25020
Summary of CVE-2018-25020 (Linux kernel BPF): The vulnerability is in the BPF subsystem where a long jump over an instruction sequence can cause an overflow. It specifically affects the kernel's BPF implementations in files kernel/bpf/core.c and net/core/filter.c, for Linux kernels prior to 4.17....
CVE-2021-47441
CVE-2021-47441 concerns the Linux kernel mlxsw thermal driver. The issue arises when cooling state is set above the driver’s maximum state (e.g., cur_state=18 while max_state=10), which triggers out-of-bounds memory accesses in thermal statistics code. The thermal maintainer indicates it is the d...
CVE-2023-35824
CVE-2023-35824 is a Linux kernel use-after-free in the dm1105_remove path (drivers/media/pci/dm1105/dm1105.c), fixed by Linux kernel 6.3.2 (ChangeLog-6.3.2). The Astra Linux bulletin and related sources confirm the same issue affecting kernel before 6.3.2 and cite the same function/file, indicati...
CVE-2024-35847
CVE-2024-35847 affects the Linux kernel irqchip/gic-v3-its path. The vulnerability stems from the error handling in its_vpe_irq_domain_alloc(), where a double free occurs if its_vpe_init() fails after at least one interrupt was allocated. The code frees the area bitmap and vprop_page in its_vpe_i...
CVE-2024-41020
CVE-2024-41020 (Linux kernel) is addressed in IBM Storage Scale bulletin as part of a broader set of kernel fixes. The entry notes a filelock race involving fcntl/close that was backported to the compat path for 32-bit kernels, mirroring an earlier patch for the normal path. The connected IBM bul...
CVE-2024-42082
CVE-2024-42082 is a Linux kernel vulnerability where a syzkaller-triggered WARN was introduced in __xdp_reg_mem_model() when __mem_id_init_hash_table() failed. The issue arose only from memory allocation failure; a static const rhashtable_params prevented rhashtable_init() misconfiguration. The w...
CVE-2024-42245
CVE-2024-42245 is a Linux kernel vulnerability resolved by reverting the patch that changed load balancing in sched/fair. The original change caused an O(n) detachment scan in detach_tasks() when many tasks on a CPU were pinned, and the load-balancer code runs with rq lock held (often in softirq ...
CVE-2024-46698
CVE-2024-46698 (Linux kernel) is resolved. The issue was in video/aperture handling where sysfb_disable() was only invoked for VGA-class boot devices, allowing a non‑VGA boot device to trigger a NULL pointer dereference when the non-primary GPU subsequently called sysfb_disable() after resources ...
CVE-2024-46791
CVE-2024-46791 concerns the Linux kernel, where a deadlock can occur in the MCP251X CAN driver if an interrupt arrives while mcp251x_open holds priv->mcp_lock. The root cause is that mcp251x_hw_wake() disables interrupts with the mutex still held, causing the interrupt handler to deadlock when...
CVE-2024-50154
CVE-2024-50154 (Linux kernel) : The vulnerability arises from tcp/dccp code using timer_pending() in reqsk_queue_unlink(), which can miss del_timer_sync() in reqsk_timer_handler() and create a use-after-free (UAF) when req->sk is closed before timer expiry (default ~63s). Affected: Linux kerne...
CVE-2024-53124
CVE-2024-53124 – Linux kernel data race around sk_forward_alloc in LISTEN state. Two threads can concurrently execute tcp_v6_do_rcv()/skb_clone_and_charge_r and sk_forward_alloc_add(), causing incorrect accounting and a possible use-after-free path. The issue arises when sk->sk_lock is unlocke...
CVE-2024-57903
CVE-2024-57903 is a Linux kernel vulnerability affecting the net module: SO_REUSEPORT was restricted to inet sockets after a blamed commit. The issue could involve destroying crypto sockets via an RCU callback and attempted mutex acquisition within that context. The description notes that the pat...
CVE-2014-9940
CVE-2014-9940 affects the Linux kernel regulator_ena_gpio_free function in drivers/regulator/core.c, with exploitation possible through local access to gain privileges or cause a denial of service via a use-after-free. Affected condition is kernel versions before 3.19. Impact per sources is high ...
CVE-2017-14489
CVE-2017-14489 affects the Linux kernel iSCSI transport (drivers/scsi/scsi_transport_iscsi.c: iscsi_if_rx). The root cause is incorrect length validation, enabling a local authenticated attacker to trigger a denial of service (kernel panic) or memory corruption. Affected as of kernel versions up ...
CVE-2017-5967
CVE-2017-5967 affects the Linux kernel: when CONFIG_TIMER_STATS is enabled, the time subsystem through kernel 4.9.9 allows a local attacker to reveal real PID values (outside of PID namespaces) by reading /proc/timer_list, via the print_timer path in kernel/time/timer_list.c and the __timer_stats...
CVE-2018-16276
CVE-2018-16276 concerns the Linux kernel, specifically the yurex_read function in drivers/usb/misc/yurex.c. The issue is a bounds-check vulnerability that could allow a local attacker with access to the system to crash the kernel or potentially escalate privileges. Affected code path is in the US...
CVE-2023-1078
CVE-2023-1078 affects the Linux kernel RDS implementation. The flaw is caused by rds_rm_zerocopy_callback() using list_entry() on the head of a list, causing a type confusion where a pointer of type struct rds_msg_zcopy_info *info may actually refer to something else controlled by a local user. T...
CVE-2023-51780
CVE-2023-51780: Linux kernel before 6.6.8 contains a use-after-free in do_vcc_ioctl (net/atm/ioctl.c) caused by a vcc_recvmsg race, enabling local exploitation. Affected: Linux kernel versions prior to 6.6.8. Root cause: race between vcc_recvmsg and do_vcc_ioctl leading to use-after-free. Impact:...
CVE-2024-26907
CVE-2024-26907 affects the Linux kernel in the RDMA mlx5 stack. The vulnerability arises from a fortify source warning caused by a field-spanning write to eseg->inline_hdr.start in wr.c (memcpy path) during mlx5_ib_post_send, potentially enabling a local issue if exploited. Affected components...
CVE-2024-27015
CVE-2024-27015 affects the Linux kernel netfilter flowtable implementation. The issue is an incorrect pppoe tuple handling where the PPPoE header is expected at the network header offset, causing flowtable lookups to miss and PPPoE traffic to enter the classical forwarding path. Connected advisor...
CVE-2024-35864
In CVE-2024-35864, the Linux kernel SMB client (smb2) had a potential use-after-free in smb2_is_valid_lease_break(); fixes skip sessions that are tearing down (status SES_EXITING) to avoid UAF. The issue is local and could be triggered by SMB lease-break handling; the CVSS vector indicates high i...
CVE-2024-39476
The CVE-2024-39476 entry describes a Linux kernel md/raid5 deadlock scenario affecting raid5d where a deadlock can occur when MD_SB_CHANGE_PENDING is not cleared promptly. Root cause, as stated, is a dependency chain: md_check_recovery() from raid5d() must hold reconfig_mutex to clear MD_SB_CHANG...
CVE-2024-40997
CVE-2024-40997 involves a Linux kernel vulnerability where a memory leak in the amd-pstate cpufreq path was fixed. The issue was that kzalloc() allocated cpudata during amd_pstate_epp_cpu_init() but could not be freed in the corresponding exit path, leading to a leak on CPU EPP exit. The primary ...
CVE-2024-42159
The CVE-2024-42159 entry corresponds to a Linux kernel vulnerability in the SCSI mpi3mr driver where values stored in mr_sas_port->phy_mask could exceed the field size, risking improper handling and potential memory corruption. Public advisories (ALAS/Red Hat/Debian) list the fixed kernel upda...
CVE-2024-50304
The CVE-2024-50304 entry concerns the Linux kernel IPv4 ip_tunnel subsystem. A suspicious RCU usage warning in ip_tunnel_find() was addressed by adding a lockdep check to hlist_for_each_entry_rcu(), validating that the RTNL mutex is held. The per-netns IP tunnel hash table is protected by the RTN...
CVE-2024-53053
The CVE-2024-53053 issue affects the Linux kernel SCSI UFS core. The deadlock occurs when ufshcd_rtc_work calls ufshcd_rpm_put_sync() and the power management usage_count is 0, causing the runtime suspend callback to wait for ufshcd_rtc_work to flush, leading to a deadlock. The published fix repl...
CVE-2024-53134
CVE-2024-53134 affects the Linux kernel, specifically the pmdomain: imx93-blk-ctrl path. The root cause is a faulty loop condition in the remove path: it used bc->onecell_data.num_domains instead of i onecell_data.num_domains, which can cause an infinite loop and kernel panic. The advisory ind...
CVE-2024-57940
CVE-2024-57940 (Linux kernel exfat): The issue occurs when a corrupted exFAT cluster chain links a cluster to itself and an unused directory entry exists in that cluster. In this case, dentry is not incremented and the traversal can loop indefinitely, preventing s_lock release and causing hangs (...
CVE-2016-10200
CVE-2016-10200 describes a race condition in the Linux kernel’s L2TPv3 IP Encapsulation feature that can allow a local user to escalate privileges or cause a denial of service via repeated bind() calls without correctly checking SOCK_ZAPPED status. The issue affects Linux kernels prior to 4.8.14,...
CVE-2017-2596
CVE-2017-2596 affects the Linux kernel’s KVM VMX handling. The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c through kernel 4.9.8 incorrectly emulates the VMXON instruction, enabling a local L1 guest user to cause host memory exhaustion and a denial of service by abusing mishandled page r...
CVE-2018-16880
CVE-2018-16880 affects the Linux kernel’s handle_rx() in the vhost_net driver. Under specific conditions a malicious guest can trigger an out-of-bounds write in a kmalloc-8 slab on the host, potentially causing kernel memory corruption and a system panic; privilege escalation cannot be ruled out....
CVE-2019-17056
CVE-2019-17056 affects the Linux kernel AF_NFC implementation (llcp_sock_create in net/nfc/llcp_sock.c). Description: it does not enforce CAP_NET_RAW, allowing unprivileged users to create a raw socket. Root cause: missing capability check in llcp_sock_create. Impact: enables local privilege-rest...