13804 matches found
CVE-2015-7515
CVE-2015-7515 affects the Linux kernel (pre-4.4) due to improper validation in the aiptek_probe path of drivers/input/tablet/aiptek.c. A physically proximate user can cause a NULL pointer dereference and system crash via a crafted USB device that lacks endpoints, leading to denial of service. The...
CVE-2015-7566
CVE-2015-7566 affects the Linux kernel driver drivers/usb/serial/visor.c (clie_5_attach). A USB device without a bulk-out endpoint can cause a NULL pointer dereference, leading to a denial of service and potential system crash. The vulnerability is confirmed by Nessus advisories referencing the v...
CVE-2016-4794
CVE-2016-4794 is a local-use-after-free in the Linux kernel’s percpu allocator (mm/percpu.c) up to version 4.6. A crafted mmap/bpf usage could cause a denial of service or potentially other unspecified impact. The IBM advisories list fixes at code levels 7.7.1.9, 7.8.1.6, 8.1.1.2, and 8.1.2.1 for...
CVE-2016-6213
CVE-2016-6213 affects the Linux kernel (fs/namespace.c): an unrestricted limit on the number of mounts in a mount namespace allows a local attacker to cause memory exhaustion and potential deadlock via MS_BIND mount calls. The vulnerability is present in kernels before 4.9 and has been referenced...
CVE-2017-5669
The vulnerability CVE-2017-5669 affects the Linux kernel’s do_shmat() in ipc/shm.c up to and including 4.9.12, where the rounding operation on the mapped address is not restricted. This allows local (privileged) users to map page zero and bypass the mmap protection mechanism via crafted shmget/sh...
CVE-2018-16885
The CVE-2018-16885 issue is a Linux kernel vulnerability (affecting kernel 3.10.x as shipped with Red Hat Enterprise Linux 7) where userspace can call memcpy_fromiovecend() and similar functions with a zero offset and buffer length, causing a read beyond the buffer boundaries. This can lead to a ...
CVE-2021-38200
Public technical details for CVE-2021-38200 are not present in the connected documents. The initial description notes the affected Linux kernel path and conditions, but no exploits, affected versions beyond general, or remediation details are provided here; monitor for updates.
CVE-2021-47579
Mode C: CVE-2021-47579 affects the Linux kernel overlayfs component (ovl) with a WARN_ON path in ovl_workdir_create() when mkdir returns a dentry without an inode (not instantiated). The fix, described in the connected advisories, calls ovl_mkdir_real() directly from ovl_workdir_create() and reje...
CVE-2022-1671
CVE-2022-1671 is a local NULL pointer dereference in the Linux kernel function rxrpc_preparse_s (net/rxrpc/server_key.c). The flaw allows a local attacker to crash the system or leak internal kernel information. Public references indicate this CVE was addressed in SUSE-SU-2022:2615-1, which fixes...
CVE-2022-4842
CVE-2022-4842 concerns a NULL dereference in the Linux kernel NTFS3 driver’s attr_punch_hole() function. The flaw is described as a NULL pointer dereference that can be triggered locally by a user, leading to a system crash. The vulnerability is discussed in multiple sources (e.g., Astra Linux se...
CVE-2022-48632
CVE-2022-48632 — The Linux kernel flaw in the i2c mlxbf driver allows a stack overflow via an unbounded memcpy loop in mlxbf_i2c_smbus_start_transaction() because the upper bound of operation->length is not checked and data_idx increments. Public docs in connected Nessus advisories reference t...
CVE-2022-49416
CVE-2022-49416 is present in the Linux kernel, tied to a use-after-free bug in wifi/mac80211 chanctx handling. The issue occurs in ieee80211_vif_use_reserved_context() when the new context’s replace_state is REPLACE_NONE and the old context is freed in ieee80211_vif_use_reserved_reassign(), after...
CVE-2022-49603
CVE-2022-49603 concerns the Linux kernel where data races around sysctl_ip_fwd_update_priority could occur while readers access it concurrently. The fix adds READ_ONCE() to readers to prevent concurrent modification. Connected advisories (EulerOS/OpenVAS/Nessus) explicitly reference this vulnerab...
CVE-2022-49631
CVE-2022-49631 is a Linux kernel data-race vulnerability in the reader of sysctl_raw_l3mdev_accept. While reading this sysctl, its value could be changed concurrently, prompting a fix that adds a READ_ONCE() to the reader. The issue is a kernel-level race that can affect availability. The connect...
CVE-2023-30772
CVE-2023-30772 is a Linux kernel race condition leading to a use-after-free in drivers/power/supply/da9150-charger.c when a nearby attacker unplugs a device. The issue affects kernels prior to 6.2.9; security advisories from Astra Linux and Debian Mageia indicate this vulnerability, with fixes co...
CVE-2023-35828
CVE-2023-35828 affects the Linux kernel with a use-after-free in the Renesas USB3 gadget driver (drivers/usb/gadget/udc/renesas_usb3.c: renesas_usb3_remove). The vulnerability is triggered in certain removal paths, enabling local attackers to potentially crash the kernel or escalate privileges. A...
CVE-2023-38426
The CVE-2023-38426 issue affects the Linux kernel prior to 6.3.4, specifically ksmbd’s SMB2 path where an out-of-bounds read occurs in smb2_find_context_vals if create_context’s name_len exceeds the tag length. Public references (kernel commit and ChangeLog-6.3.4) confirm the vulnerability contex...
CVE-2023-52798
CVE-2023-52798 concerns the Linux kernel’s ath11k wifi DFS radar event handling. The fix marks the DFS radar event locking code (calling ath11k_mac_get_ar_by_pdev_id()) as an RCU read-side critical section to prevent potential use-after-free in active pdev protection. Document notes indicate comp...
CVE-2024-26634
CVE-2024-26634 — Normal mode Affected: Linux kernel net subsystem involving network namespace handling. Summary: A BUG triggered when removing a net namespace with conflicting interface altnames could cause the main interface name to be overwritten during the namespace teardown. This occurred whe...
CVE-2024-26687
CVE-2024-26687 concerns the Linux kernel xen/events subsystem. The issue arises from a lock-order inversion between irq_mapping_update_lock and irq_desc->lock in shutdown_pirq/startup_pirq paths, allowing race conditions where evtchn mappings can be torn down and re-established concurrently. S...
CVE-2024-35808
In CVE-2024-35808, the Linux kernel md/dm-raid subsystem is vulnerable because md_reap_sync_thread() is invoked from raid_message() without holding reconfig_mutex, risking mutation of fields protected by that mutex and potential deadlocks. The documented fix is to unregister the sync_thread via s...
CVE-2024-35839
CVE-2024-35839 is a Linux kernel/netfilter bridge issue: a bug where skb->dev could be stale when bridged skb moves between interfaces, allowing use-after-free-like behavior in neigh/arp handling. The fix replaces net_device linkage with the device index (ifindex) and uses dev_get_by_index_rcu...
CVE-2024-36005
CVE-2024-36005 is reported in the Astra Linux security bulletin as a Linux kernel vulnerability affecting nf_tables: the kernel could unregister an already unregistered nethook due to mishandling the table dormant flag on netdev release events. The issue is described with the same reproduction tr...
CVE-2024-36030
CVE-2024-36030 refers to a Linux kernel vulnerability in the octeontx2-af driver where a double free could occur in rvu_npc_freemem() due to an extra free of memory previously released (npc_mcam_rsrcs_deinit() freed mcam->counters.bmap). The fix, as noted in the connected documents, was to del...
CVE-2024-40956
CVE-2024-40956 affects the Linux kernel (dmaengine: idxd). The vulnerability is a use-after-free in irq_process_work_list, caused by reusing a descriptor while it may still be referenced. The fix uses list_for_each_entry_safe() to safely iterate and delete entries during the loop; freeing the des...
CVE-2024-41079
Mode C: The CVE-2024-41079 issue affects the Linux kernel nvmet subsystem. The vulnerability arises because the first two double words (cqe.result) may remain uninitialized when not used, allowing potential leakage of stack data for RDMA paths (behavior was 0 for TCP/FC but not for RDMA). The fix...
CVE-2024-43869
CVE-2024-43869 relates to the Linux kernel perf subsystem where an event leak could occur when a child perf event is freed during exec or file/exec cleanup. The issue arises because the pending task work for a released event could still hold references, potentially leaking the event in some race ...
CVE-2024-46858
CVE-2024-46858 in the Linux kernel fixes a local UAF race in mptcp_pm_del_add_timer. Two paths can access mptcp_pm_del_add_timer concurrently (CPU1 in PM code path vs CPU2 in netlink/ip stack path), leading to use-after-free when a timer entry is freed after leaving the critical region. The patch...
CVE-2024-47715
Summary: CVE-2024-47715 affects the Linux kernel’s wifi mt76 driver for MT7915 on MT7986. The issue stemmed from mt7915_band_config() setting band_idx to 1 on the main phy for MT7986 with MT7975_ONE_ADIE or MT7976_ONE_ADIE, which caused a dereference of the phys array via wcid->phy_idx in mt76...
CVE-2024-49870
CVE-2024-49870 (Linux kernel, cachefiles) summary : The vulnerability arises in cachefiles when a dentry leak can occur if a lookup cookie and a cull run concurrently in cachefiles_open_file(). The leak happens because the code path may fail to release a reference to a dentry, potentially leaving...
CVE-2024-50015
CVE-2024-50015 affects the Linux kernel ext4 dax path. In ext4/dax, the loop in dax_iomap_rw() can copy data after the process is signalled and then update the inode size, causing written extents to exceed the inode size (e.g., 2M vs 4M) and fsck to report inconsistencies. The referenced fixes tr...
CVE-2024-50028
CVE-2024-50028 is confirmed in connected documents as a Linux kernel vulnerability related to the thermal subsystem. The flaw occurs in the thermal: core: Reference count handling in thermal_zone_get_by_id(), where the thermal zone object could be accessed after it may have been freed. The adviso...
CVE-2024-50029
CVE-2024-50029 refers to a Linux kernel bug in Bluetooth handling. The issue is a use-after-free in hci_enhanced_setup_sync where the ACL connection can be destroyed while a cmd_sync is pending, leading to a KASAN slab-use-after-free in hci_enhanced_setup_sync. The description includes a trace sh...
CVE-2024-53222
Concretely, CVE-2024-53222 affects Linux zram: the zram_add() path can dereference NULL for zram->comp_algs[ZRAM_PRIMARY_COMP] if comp_algorithm_set() hasn’t run yet. The fix moves the necessary setup earlier (ahead of device_add_disk()) so the zram device is ready before users can access it v...
CVE-2024-54460
Technical details for CVE-2024-54460 are not present in the provided documents. No affected products, versions, or remediation are disclosed here. Monitor vendor advisories for updates.
CVE-2024-56591
The MiracleLinux advisory confirms CVE-2024-56591 in the Linux kernel Bluetooth stack: the hci_conn code now uses disable_delayed_work_sync instead of cancel_delayed_work_sync to prevent new submissions while the work object is being freed. This fixes a race in work cancellation that could affect...
CVE-2024-56726
CVE-2024-56726 affects the Linux kernel octeontx2-pf in cn10k.c; the issue stems from missing validation after otx2_mbox_get_rsp. The Astra Linux bulletin mirrors this kernel context and notes the fix is to add an error pointer check after otx2_mbox_get_rsp. Remediation in the public record indic...
CVE-2024-56761
The CVE-2024-56761 issue affects the Linux kernel’s x86/fred handling of WFE state during missing-ENDBRANCH #CPs. Indirect branches can set IBT to WAIT_FOR_ENDBRANCH, leaving WFE asserted across the boundary. When an inappropriate instruction is decoded with WFE set, a #CP fault can occur. The ad...
CVE-2025-21761
CVE-2025-21761 affects the Linux kernel/Open vSwitch area. The root cause is that ovs_vport_cmd_fill_info() could be invoked without RTNL or RCU, risking a use-after-free. The fix adds RCU protection and uses dev_net_rcu() to prevent UAF. This is a kernel-level issue with potential impact describ...
CVE-2025-21787
CVE-2025-21787 affects the Linux kernel's team subsystem due to insufficient validation of TEAM_OPTION_TYPE_STRING in the net/TEAM code paths. The root cause is validated data handling in team_mode_get/ team_mode_option_set/ team_option_set, with inline occurrences in team_core.c:480, 607, 1401 a...
CVE-2025-21864
CVE-2025-21864 (Linux kernel) : Affects the TCP path when deferring skb free in multi-netns/IPComp6 scenarios. The secpath may keep a reference to an xfrm_state via an skb attached to it, causing a lingering reference after netns deletion. The published fix drops the secpath at the same time as d...
CVE-2025-21905
CVE-2025-21905 refers to a Linux kernel issue in the iwlwifi path where a printed string from a firmware TLV could read beyond the buffer due to missing NUL-termination. The root cause is printing beyond the end of the TLV if the file isn’t NUL-terminated, potentially reading past the file buffer...
CVE-2008-4395
CVE-2008-4395 concerns multiple buffer overflows in the ndiswrapper module for Linux kernel 2.6. The issue allows a remote attacker to execute arbitrary code by sending WLAN packets with long ESSIDs, effectively exploiting a vulnerability in ESSID handling. Connected advisories confirm affected d...
CVE-2014-3610
CVE-2014-3610 is a Linux kernel KVM WRMSR emulation flaw present up to and including 3.17.2. The issue arises when guest writes a non-canonical value to a model-specific register, causing the host to crash (DoS). It is tied to wrmsr_interception (arch/x86/kvm/svm.c) and handle_wrmsr (arch/x86/kvm...
CVE-2014-3673
The vulnerability CVE-2014-3673 affects the SCTP implementation in the Linux kernel up to version 3.17.2. A malformed ASCONF chunk can be sent by a remote attacker to trigger a denial of service (system crash). Affected components are net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c. Remediat...
CVE-2016-1575
CVE-2016-1575 concerns the overlayfs implementation in the Linux kernel up to 4.5.2, which, according to the provided documents, does not properly maintain POSIX ACL xattr data. This can allow local users to gain privileges by leveraging a group-writable setgid directory. The connected Nessus ent...
CVE-2016-8646
CVE-2016-8646 affects the Linux kernel: the hash_accept function in crypto/algif_hash.c before version 4.3.6 allows local users to trigger in-kernel hash algorithms for sockets that have received zero bytes, causing a denial of service (OOPS). The vulnerability is local and does not require authe...
CVE-2017-16525
The CVE-2017-16525 entry affects the Linux kernel: usb_serial_console_disconnect in drivers/usb/serial/console.c allows local users to trigger a denial of service (use-after-free and system crash) via a crafted USB device, with impact on confidentiality/integrity/availability as per the advisory....
CVE-2018-10087
CVE-2018-10087 is present in the MiracleLinux kernel package listed in AXSA:2024-8953:34. The advisory shows a local DoS risk due to the kernel_wait4 function in kernel/exit.c triggering undefined behavior when using -INT_MIN on an unspecified architecture/compiler. The connected Nessus entry ide...
CVE-2019-15923
The CVE-2019-15923 entry describes a NULL pointer dereference in the Linux kernel before 5.0.9, specifically for a cd data structure when alloc_disk fails in drivers/block/paride/pf.c. The available references point to upstream commit f0d1762554014ce0ae347b9f0d088f2c157c8c72 and ChangeLog-5.0.9. ...