10741 matches found
CVE-2024-35904
In the Linux kernel, the following vulnerability has been resolved: selinux: avoid dereference of garbage after mount failure In case kern_mount() fails and returns an error pointer return in theerror branch instead of continuing and dereferencing the error pointer. While on it drop the never read ...
CVE-2024-41014
In the Linux kernel, the following vulnerability has been resolved: xfs: add bounds checking to xlog_recover_process_data There is a lack of verification of the space occupied by fixed membersof xlog_op_header in the xlog_recover_process_data. We can create a crafted image to trigger an out of boun...
CVE-2024-53124
In the Linux kernel, the following vulnerability has been resolved: net: fix data-races around sk->sk_forward_alloc Syzkaller reported this warning:------------[ cut here ]------------WARNING: CPU: 0 PID: 16 at net/ipv4/af_inet.c:156 inet_sock_destruct+0x1c5/0x1e0Modules linked in:CPU: 0 UID: 0 ...
CVE-2024-53140
In the Linux kernel, the following vulnerability has been resolved: netlink: terminate outstanding dump on socket close Netlink supports iterative dumping of data. It provides the familiesthe following ops: start - (optional) kicks off the dumping process dump - actual dump helper, keeps getting ca...
CVE-2024-57798
In the Linux kernel, the following vulnerability has been resolved: drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req() While receiving an MST up request message from one thread indrm_dp_mst_handle_up_req(), the MST topology could be removed fromanother thread via drm_dp_m...
CVE-2025-21676
In the Linux kernel, the following vulnerability has been resolved: net: fec: handle page_pool_dev_alloc_pages error The fec_enet_update_cbd function calls page_pool_dev_alloc_pages but didnot handle the case when it returned NULL. There was a WARN_ON(!new_page)but it would still proceed to use the...
CVE-2025-21764
In the Linux kernel, the following vulnerability has been resolved: ndisc: use RCU protection in ndisc_alloc_skb() ndisc_alloc_skb() can be called without RTNL or RCU being held. Add RCU protection to avoid possible UAF.
CVE-2025-21858
In the Linux kernel, the following vulnerability has been resolved: geneve: Fix use-after-free in geneve_find_dev(). syzkaller reported a use-after-free in geneve_find_dev() [0]without repro. geneve_configure() links struct geneve_dev.next tonet_generic(net, geneve_net_id)->geneve_list. The net ...
CVE-2009-1439
Buffer overflow in fs/cifs/connect.c in CIFS in the Linux kernel 2.6.29 and earlier allows remote attackers to cause a denial of service (crash) via a long nativeFileSystem field in a Tree Connect response to an SMB mount request.
CVE-2011-0521
The dvb_ca_ioctl function in drivers/media/dvb/ttpci/av7110_ca.c in the Linux kernel before 2.6.38-rc2 does not check the sign of a certain integer field, which allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a negative value.
CVE-2011-1180
Multiple stack-based buffer overflows in the iriap_getvaluebyclass_indication function in net/irda/iriap.c in the Linux kernel before 2.6.39 allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging connectivity to an IrDA infrar...
CVE-2013-2852
Format string vulnerability in the b43_request_firmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and including format string specifiers in an fwpostfix modprobe p...
CVE-2016-3070
The trace_writeback_dirty_page implementation in include/trace/events/writeback.h in the Linux kernel before 4.4 improperly interacts with mm/migrate.c, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by tri...
CVE-2017-8924
The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel before 4.10.4 allows local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger...
CVE-2021-47018
In the Linux kernel, the following vulnerability has been resolved: powerpc/64: Fix the definition of the fixmap area At the time being, the fixmap area is defined at the top ofthe address space or just below KASAN. This definition is not valid for PPC64. For PPC64, use the top of the I/O space. Be...
CVE-2021-47094
In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Don't advance iterator after restart due to yielding After dropping mmu_lock in the TDP MMU, restart the iterator duringtdp_iter_next() and do not advance the iterator. Advancing the iteratorresults in skipping the to...
CVE-2022-49273
In the Linux kernel, the following vulnerability has been resolved: rtc: pl031: fix rtc features null pointer dereference When there is no interrupt line, rtc alarm feature is disabled. The clearing of the alarm feature bit was being done prior to allocationsof ldata->rtc device, resulting in a ...
CVE-2023-1670
A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-card) Ethernet driver was found.A local user could use this flaw to crash the system or potentially escalate their privileges on the system.
CVE-2023-3777
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. When nf_tables_delrule() is flushing table rules, it is not checked whether the chain is bound and the chain's owner rule can also release the objects in certa...
CVE-2023-42752
An integer overflow flaw was found in the Linux kernel. This issue leads to the kernel allocating skb_shared_info in the userspace, which is exploitable in systems without SMAP protection since skb_shared_info contains references to function pointers.
CVE-2023-52599
In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in diNewExt [Syz report]UBSAN: array-index-out-of-bounds in fs/jfs/jfs_imap.c:2360:2index -878706688 is out of range for type 'struct iagctl[128]'CPU: 1 PID: 5065 Comm: syz-executor282 Not tainted...
CVE-2023-52707
In the Linux kernel, the following vulnerability has been resolved: sched/psi: Fix use-after-free in ep_remove_wait_queue() If a non-root cgroup gets removed when there is a thread that registeredtrigger and is polling on a pressure file within the cgroup, the pollingwaitqueue gets freed in the fol...
CVE-2024-0564
A flaw was found in the Linux kernel's memory deduplication mechanism. The max page sharing of Kernel Samepage Merging (KSM), added in Linux kernel version 4.4.0-96.119, can create a side channel. When the attacker and the victim share the same host and the default setting of KSM is "max page shari...
CVE-2024-26629
In the Linux kernel, the following vulnerability has been resolved: nfsd: fix RELEASE_LOCKOWNER The test on so_count in nfsd4_release_lockowner() is nonsense andharmful. Revert to using check_for_locks(), changing that to not sleep. First: harmful.As is documented in the kdoc comment for nfsd4_rele...
CVE-2024-26779
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix race condition on enabling fast-xmit fast-xmit must only be enabled after the sta has been uploaded to the driver,otherwise it could end up passing the not-yet-uploaded sta via drv_tx callsto the driver, leading...
CVE-2024-35805
In the Linux kernel, the following vulnerability has been resolved: dm snapshot: fix lockup in dm_exception_table_exit There was reported lockup when we exit a snapshot with many exceptions.Fix this by adding "cond_resched" to the loop that frees the exceptions.
CVE-2024-35867
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in cifs_stats_proc_show() Skip sessions that are being teared down (status == SES_EXITING) toavoid UAF.
CVE-2024-35905
In the Linux kernel, the following vulnerability has been resolved: bpf: Protect against int overflow for stack access size This patch re-introduces protection against the size of access to stackmemory being negative; the access size can appear negative as a resultof overflowing its signed int repr...
CVE-2024-35946
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: fix null pointer access when abort scan During cancel scan we might use vif that weren't scanning.Fix this by using the actual scanning vif.
CVE-2024-35973
In the Linux kernel, the following vulnerability has been resolved: geneve: fix header validation in geneve[6]_xmit_skb syzbot is able to trigger an uninit-value in geneve_xmit() [1] Problem : While most ip tunnel helpers (like ip_tunnel_get_dsfield())uses skb_protocol(skb, true), pskb_inet_may_pul...
CVE-2024-36932
In the Linux kernel, the following vulnerability has been resolved: thermal/debugfs: Prevent use-after-free from occurring after cdev removal Since thermal_debug_cdev_remove() does not run under cdev->lock, it canrun in parallel with thermal_debug_cdev_state_update() and it may freethe struct th...
CVE-2024-36960
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix invalid reads in fence signaled events Correctly set the length of the drm_event to the size of the structurethat's actually used. The length of the drm_event was set to the parent structure instead ofto the drm_vmw...
CVE-2024-46857
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix bridge mode operations when there are no VFs Currently, trying to set the bridge mode attribute when numvfs=0 leads to acrash: bridge link set dev eth2 hwmode vepa [ 168.967392] BUG: kernel NULL pointer dereference, a...
CVE-2013-7263
The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/pin...
CVE-2014-3180
In kernel/compat.c in the Linux kernel before 3.17, as used in Google Chrome OS and other products, there is a possible out-of-bounds read. restart_syscall uses uninitialized data when restarting compat_sys_nanosleep. NOTE: this is disputed because the code path is unreachable
CVE-2015-2925
The prepend_path function in fs/dcache.c in the Linux kernel before 4.2.4 does not properly handle rename actions inside a bind mount, which allows local users to bypass an intended container protection mechanism by renaming a directory, related to a "double-chroot attack."
CVE-2015-7990
Race condition in the rds_sendmsg function in net/rds/sendmsg.c in the Linux kernel before 4.3.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound. NOTE: this vulnerabil...
CVE-2016-2550
The Linux kernel before 4.5 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by leveraging incorrect tracking of descriptor ownership and sending each descriptor over a UNIX socket before closing it. NOTE: this vulnerability exists because of an...
CVE-2019-10142
A flaw was found in the Linux kernel's freescale hypervisor manager implementation, kernel versions 5.0.x up to, excluding 5.0.17. A parameter passed to an ioctl was incorrectly validated and used in size calculations for the page size calculation. An attacker can use this flaw to crash the system,...
CVE-2020-10742
A flaw was found in the Linux kernel. An index buffer overflow during Direct IO write leading to the NFS client to crash. In some cases, a reach out of the index after one memory allocation by kmalloc will cause a kernel panic. The highest threat from this vulnerability is to data confidentiality a...
CVE-2021-26934
An issue was discovered in the Linux kernel 4.18 through 5.10.16, as used by Xen. The backend allocation (aka be-alloc) mode of the drm_xen_front drivers was not meant to be a supported configuration, but this wasn't stated accordingly in its support status entry.
CVE-2021-3923
A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a privileged local account can leak kernel stack information when issuing commands to the /dev/infiniband/rdma_cm device node. While this access is unlikely to leak sensitive user information, it can be ...
CVE-2022-29156
drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel before 5.16.12 has a double free related to rtrs_clt_dev_release.
CVE-2022-49753
In the Linux kernel, the following vulnerability has been resolved: dmaengine: Fix double increment of client_count in dma_chan_get() The first time dma_chan_get() is called for a channel the channelclient_count is incorrectly incremented twice for public channels,first in balance_ref_count(), and ...
CVE-2024-0582
A memory leak flaw was found in the Linux kernel’s io_uring functionality in how a user registers a buffer ring with IORING_REGISTER_PBUF_RING, mmap() it, and then frees it. This flaw allows a local user to crash or potentially escalate their privileges on the system.
CVE-2024-24855
A race condition was found in the Linux kernel's scsi device driver in lpfc_unregister_fcf_rescan() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.
CVE-2024-26691
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix circular locking dependency The rule inside kvm enforces that the vcpu->mutex is taken inside kvm->lock. The rule is violated by the pkvm_create_hyp_vm() which acquiresthe kvm->lock while already holding th...
CVE-2024-26769
In the Linux kernel, the following vulnerability has been resolved: nvmet-fc: avoid deadlock on delete association path When deleting an association the shutdown path is deadlocking because wetry to flush the nvmet_wq nested. Avoid this by deadlock by deferringthe put work into its own work item.
CVE-2024-27022
In the Linux kernel, the following vulnerability has been resolved: fork: defer linking file vma until vma is fully initialized Thorvald reported a WARNING [1]. And the root cause is below race: CPU 1 CPU 2fork hugetlbfs_fallocatedup_mmap hugetlbfs_punch_holei_mmap_lock_write(mapping);vma_interval_...
CVE-2024-27052
In the Linux kernel, the following vulnerability has been resolved: wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work The workqueue might still be running, when the driver is stopped. Toavoid a use-after-free, call cancel_work_sync() in rtl8xxxu_stop().