Lucene search

K
LinuxLinux Kernel

10748 matches found

CVE
CVE
added 2024/11/19 2:16 a.m.98 views

CVE-2024-50272

In the Linux kernel, the following vulnerability has been resolved: filemap: Fix bounds checking in filemap_read() If the caller supplies an iocb->ki_pos value that is close to thefilesystem upper limit, and an iterator with a count that causes us tooverflow that limit, then filemap_read() enter...

5.5CVSS6.5AI score0.00055EPSS
CVE
CVE
added 2025/04/16 3:16 p.m.98 views

CVE-2025-22126

In the Linux kernel, the following vulnerability has been resolved: md: fix mddev uaf while iterating all_mddevs list While iterating all_mddevs list from md_notify_reboot() and md_exit(),list_for_each_entry_safe is used, and this can race with deletint thenext mddev, causing UAF: t1:spin_lock//lis...

6.6AI score0.00039EPSS
CVE
CVE
added 2009/03/25 1:30 a.m.97 views

CVE-2009-1072

nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option.

4.9CVSS4.4AI score0.00801EPSS
CVE
CVE
added 2013/02/28 7:55 p.m.97 views

CVE-2013-0343

The ipv6_create_tempaddr function in net/ipv6/addrconf.c in the Linux kernel through 3.8 does not properly handle problems with the generation of IPv6 temporary addresses, which allows remote attackers to cause a denial of service (excessive retries and address-generation outage), and consequently ...

3.2CVSS6AI score0.00385EPSS
CVE
CVE
added 2015/08/31 8:59 p.m.97 views

CVE-2015-4036

Array index error in the tcm_vhost_make_tpg function in drivers/vhost/scsi.c in the Linux kernel before 4.0 might allow guest OS users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted VHOST_SCSI_SET_ENDPOINT ioctl call. NOTE: the affected func...

7.2CVSS7.5AI score0.00104EPSS
CVE
CVE
added 2024/02/28 9:15 a.m.97 views

CVE-2021-47045

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix null pointer dereference in lpfc_prep_els_iocb() It is possible to call lpfc_issue_els_plogi() passing a did for which nomatching ndlp is found. A call is then made to lpfc_prep_els_iocb() with anull pointer to a lp...

5.5CVSS6.3AI score0.00009EPSS
CVE
CVE
added 2024/10/21 6:15 p.m.97 views

CVE-2024-49989

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix double free issue during amdgpu module unload Flexible endpoints use DIGs from available inflexible endpoints,so only the encoders of inflexible links need to be freed.Otherwise, a double free issue may occur w...

7.8CVSS7.3AI score0.00045EPSS
CVE
CVE
added 2025/01/11 1:15 p.m.97 views

CVE-2024-50051

In the Linux kernel, the following vulnerability has been resolved: spi: mpc52xx: Add cancel_work_sync before module remove If we remove the module which will call mpc52xx_spi_removeit will free 'ms' through spi_unregister_controller.while the work ms->work will be used. The sequence of operatio...

7.8CVSS6.5AI score0.00038EPSS
CVE
CVE
added 2024/10/29 1:15 a.m.97 views

CVE-2024-50075

In the Linux kernel, the following vulnerability has been resolved: xhci: tegra: fix checked USB2 port number If USB virtualizatoin is enabled, USB2 ports are shared between allVirtual Functions. The USB2 port number owned by an USB2 root hub ina Virtual Function may be less than total USB2 phy num...

5.5CVSS5.1AI score0.00033EPSS
CVE
CVE
added 2024/10/29 1:15 a.m.97 views

CVE-2024-50078

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Call iso_exit() on module unload If iso_init() has been called, iso_exit() must be called on moduleunload. Without that, the struct proto that iso_init() registered withproto_register() becomes invalid, which could cause...

5.5CVSS5.1AI score0.00035EPSS
CVE
CVE
added 2024/11/05 6:15 p.m.97 views

CVE-2024-50126

In the Linux kernel, the following vulnerability has been resolved: net: sched: use RCU read-side critical section in taprio_dump() Fix possible use-after-free in 'taprio_dump()' by adding RCUread-side critical section there. Never seen on x86 butfound on a KASAN-enabled arm64 system when investiga...

7.8CVSS6.4AI score0.00047EPSS
CVE
CVE
added 2024/11/05 6:15 p.m.97 views

CVE-2024-50131

In the Linux kernel, the following vulnerability has been resolved: tracing: Consider the NULL character when validating the event length strlen() returns a string length excluding the null byte. If the stringlength equals to the maximum buffer length, the buffer will have nospace for the NULL term...

7.8CVSS7.4AI score0.00045EPSS
CVE
CVE
added 2024/11/07 10:15 a.m.97 views

CVE-2024-50169

In the Linux kernel, the following vulnerability has been resolved: vsock: Update rx_bytes on read_skb() Make sure virtio_transport_inc_rx_pkt() and virtio_transport_dec_rx_pkt()calls are balanced (i.e. virtio_vsock_sock::rx_bytes doesn't lie) aftervsock_transport::read_skb(). While here, also info...

5.5CVSS5.2AI score0.00028EPSS
CVE
CVE
added 2024/11/09 11:15 a.m.97 views

CVE-2024-50233

In the Linux kernel, the following vulnerability has been resolved: staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg() In the ad9832_write_frequency() function, clk_get_rate() might return 0.This can lead to a division by zero when calling ad9832_calc_freqreg().The check...

5.5CVSS5.1AI score0.00065EPSS
CVE
CVE
added 2024/11/19 6:15 p.m.97 views

CVE-2024-53058

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data In case the non-paged data of a SKB carries protocol header and protocolpayload to be transmitted on a certain platform that the DMA AXI addresswidth is configur...

5.5CVSS5.3AI score0.00049EPSS
CVE
CVE
added 2024/11/19 6:15 p.m.97 views

CVE-2024-53084

In the Linux kernel, the following vulnerability has been resolved: drm/imagination: Break an object reference loop When remaining resources are being cleaned up on driver close,outstanding VM mappings may result in resources being leaked, dueto an object reference loop, as shown below, with each o...

5.5CVSS6.6AI score0.00034EPSS
CVE
CVE
added 2024/12/27 3:15 p.m.97 views

CVE-2024-56609

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: use ieee80211_purge_tx_queue() to purge TX skb When removing kernel modules by:rmmod rtw88_8723cs rtw88_8703b rtw88_8723x rtw88_sdio rtw88_core Driver uses skb_queue_purge() to purge TX skb, but not report tx statuscau...

6.4AI score0.00054EPSS
CVE
CVE
added 2024/12/27 3:15 p.m.97 views

CVE-2024-56627

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix Out-of-Bounds Read in ksmbd_vfs_stream_read An offset from client could be a negative value, It could leadto an out-of-bounds read from the stream_buf.Note that this issue is coming when setting'vfs objects = streams_xat...

7.1CVSS6.4AI score0.00021EPSS
CVE
CVE
added 2025/03/06 4:15 p.m.97 views

CVE-2024-58052

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table The function atomctrl_get_smc_sclk_range_table() does not check the returnvalue of smu_atom_get_data_table(). If smu_atom_get_data_table() fail...

5.5CVSS7.3AI score0.00043EPSS
CVE
CVE
added 2025/01/19 11:15 a.m.97 views

CVE-2025-21635

In the Linux kernel, the following vulnerability has been resolved: rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy As mentioned in a previous commit of this series, using the 'net'structure via 'current' is not recommended for different reasons: Inconsistency: getting info from ...

5.5CVSS6.6AI score0.00028EPSS
CVE
CVE
added 2025/01/19 11:15 a.m.97 views

CVE-2025-21643

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix kernel async DIO Netfslib needs to be able to handle kernel-initiated asynchronous DIO thatis supplied with a bio_vec[] array. Currently, because of the async flag,this gets passed to netfs_extract_user_iter() which thro...

6.8AI score0.00038EPSS
CVE
CVE
added 2025/02/27 2:15 a.m.97 views

CVE-2025-21722

In the Linux kernel, the following vulnerability has been resolved: nilfs2: do not force clear folio if buffer is referenced Patch series "nilfs2: protect busy buffer heads from being force-cleared". This series fixes the buffer head state inconsistency issues reported bysyzbot that occurs when the...

7.8CVSS7.1AI score0.00024EPSS
CVE
CVE
added 2025/03/12 10:15 a.m.97 views

CVE-2025-21844

In the Linux kernel, the following vulnerability has been resolved: smb: client: Add check for next_buffer in receive_encrypted_standard() Add check for the return value of cifs_buf_get() and cifs_small_buf_get()in receive_encrypted_standard() to prevent null pointer dereference.

5.5CVSS6.6AI score0.00025EPSS
CVE
CVE
added 2025/03/27 2:15 p.m.97 views

CVE-2025-21871

In the Linux kernel, the following vulnerability has been resolved: tee: optee: Fix supplicant wait loop OP-TEE supplicant is a user-space daemon and it's possible for itbe hung or crashed or killed in the middle of processing an OP-TEERPC call. It becomes more complicated when there is incorrect s...

7AI score0.00068EPSS
CVE
CVE
added 2025/04/01 4:15 p.m.97 views

CVE-2025-21904

In the Linux kernel, the following vulnerability has been resolved: caif_virtio: fix wrong pointer check in cfv_probe() del_vqs() frees virtqueues, therefore cfv->vq_tx pointer should be checkedfor NULL before calling it, not cfv->vdev. Also the current implementationis redundant because the ...

5.5CVSS7.1AI score0.0004EPSS
CVE
CVE
added 2009/03/06 11:30 a.m.96 views

CVE-2009-0834

The audit_syscall_entry function in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass certain syscall audit configurations via crafted...

3.6CVSS4.6AI score0.00104EPSS
CVE
CVE
added 2010/09/03 8:0 p.m.96 views

CVE-2010-2240

The do_anonymous_page function in mm/memory.c in the Linux kernel before 2.6.27.52, 2.6.32.x before 2.6.32.19, 2.6.34.x before 2.6.34.4, and 2.6.35.x before 2.6.35.2 does not properly separate the stack and the heap, which allows context-dependent attackers to execute arbitrary code by writing to t...

7.2CVSS7AI score0.00097EPSS
CVE
CVE
added 2010/12/22 9:0 p.m.96 views

CVE-2010-4346

The install_special_mapping function in mm/mmap.c in the Linux kernel before 2.6.37-rc6 does not make an expected security_file_mmap function call, which allows local users to bypass intended mmap_min_addr restrictions and possibly conduct NULL pointer dereference attacks via a crafted assembly-lan...

2.1CVSS5.8AI score0.00058EPSS
CVE
CVE
added 2012/05/24 11:55 p.m.96 views

CVE-2011-2517

Multiple buffer overflows in net/wireless/nl80211.c in the Linux kernel before 2.6.39.2 allow local users to gain privileges by leveraging the CAP_NET_ADMIN capability during scan operations with a long SSID value.

7.2CVSS6.6AI score0.00115EPSS
CVE
CVE
added 2014/11/10 11:55 a.m.96 views

CVE-2014-7825

kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the perf subsystem, which allows local users to cause a denial of service (out-of-bounds read and OOPS) or bypass the ASLR protection mechanism via a crafted application.

7.8CVSS6.9AI score0.00035EPSS
CVE
CVE
added 2015/08/31 10:59 a.m.96 views

CVE-2014-9729

The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.18.2 does not ensure a certain data-structure size consistency, which allows local users to cause a denial of service (system crash) via a crafted UDF filesystem image.

4.9CVSS5.3AI score0.00042EPSS
CVE
CVE
added 2016/08/07 9:59 p.m.96 views

CVE-2015-0573

drivers/media/platform/msm/broadcast/tsc.c in the TSC driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service (invalid pointer dereference) or possibly have unspecified othe...

9.8CVSS9.1AI score0.00303EPSS
CVE
CVE
added 2015/06/07 11:59 p.m.96 views

CVE-2015-4004

The OZWPAN driver in the Linux kernel through 4.0.5 relies on an untrusted length field during packet parsing, which allows remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via a crafted packet.

8.5CVSS7.7AI score0.04967EPSS
CVE
CVE
added 2016/11/16 5:59 a.m.96 views

CVE-2016-7915

The hid_input_field function in drivers/hid/hid-core.c in the Linux kernel before 4.6 allows physically proximate attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) by connecting a device, as demonstrated by a Logitech DJ receiver.

5.5CVSS6.5AI score0.00288EPSS
CVE
CVE
added 2018/03/12 3:29 a.m.96 views

CVE-2017-18224

In the Linux kernel before 4.15, fs/ocfs2/aops.c omits use of a semaphore and consequently has a race condition for access to the extent tree during read operations in DIRECT mode, which allows local users to cause a denial of service (BUG) by modifying a certain e_cpos field.

4.7CVSS5.1AI score0.0005EPSS
CVE
CVE
added 2017/02/14 6:59 a.m.96 views

CVE-2017-5972

The TCP stack in the Linux kernel 3.x does not properly implement a SYN cookie protection mechanism for the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many TCP SYN packets, as demonstrated by an attack against the kerne...

7.8CVSS7.1AI score0.20773EPSS
CVE
CVE
added 2024/02/28 9:15 a.m.96 views

CVE-2020-36780

In the Linux kernel, the following vulnerability has been resolved: i2c: sprd: fix reference leak when pm_runtime_get_sync fails The PM reference count is not expected to be incremented onreturn in sprd_i2c_master_xfer() and sprd_i2c_remove(). However, pm_runtime_get_sync will increment the PM refe...

4.7CVSS5.3AI score0.00009EPSS
CVE
CVE
added 2024/02/28 9:15 a.m.96 views

CVE-2021-47010

In the Linux kernel, the following vulnerability has been resolved: net: Only allow init netns to set default tcp cong to a restricted algo tcp_set_default_congestion_control() is netns-safe in that it writesto &net->ipv4.tcp_congestion_control, but it also setsca->flags |= TCP_CONG_NON_RESTR...

7.8CVSS7.4AI score0.00014EPSS
CVE
CVE
added 2024/02/28 9:15 a.m.96 views

CVE-2021-47053

In the Linux kernel, the following vulnerability has been resolved: crypto: sun8i-ss - Fix memory leak of pad It appears there are several failure return paths that don't seemto be free'ing pad. Fix these. Addresses-Coverity: ("Resource leak")

5.5CVSS6.6AI score0.00041EPSS
CVE
CVE
added 2024/05/21 3:15 p.m.96 views

CVE-2021-47338

In the Linux kernel, the following vulnerability has been resolved: fbmem: Do not delete the mode that is still in use The execution of fb_delete_videomode() is not based on the result of theprevious fbcon_mode_deleted(). As a result, the mode is directly deleted,regardless of whether it is still i...

7.8CVSS6.6AI score0.00025EPSS
CVE
CVE
added 2024/05/21 3:15 p.m.96 views

CVE-2021-47356

In the Linux kernel, the following vulnerability has been resolved: mISDN: fix possible use-after-free in HFC_cleanup() This module's remove path calls del_timer(). However, that functiondoes not wait until the timer handler finishes. This means that thetimer handler may still be running after the ...

7.7CVSS7.7AI score0.00012EPSS
CVE
CVE
added 2025/02/26 6:37 a.m.96 views

CVE-2021-47639

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Zap all roots when unmapping gfn range in TDP MMU Zap both valid and invalid roots when zapping/unmapping a gfn range, asKVM must ensure it holds no references to the freed page after returningfrom the unmap operation...

7.8CVSS6.5AI score0.00026EPSS
CVE
CVE
added 2022/03/10 5:44 p.m.96 views

CVE-2022-0433

A NULL pointer dereference flaw was found in the Linux kernel's BPF subsystem in the way a user triggers the map_get_next_key function of the BPF bloom filter. This flaw allows a local user to crash the system. This flaw affects Linux kernel versions prior to 5.17-rc1.

5.5CVSS5AI score0.00039EPSS
CVE
CVE
added 2024/06/20 12:15 p.m.96 views

CVE-2022-48743

In the Linux kernel, the following vulnerability has been resolved: net: amd-xgbe: Fix skb data length underflow There will be BUG_ON() triggered in include/linux/skbuff.h leading tointermittent kernel panic, when the skb length underflow is detected. Fix this by dropping the packet if such length ...

5.5CVSS6.9AI score0.00007EPSS
CVE
CVE
added 2025/02/26 7:0 a.m.96 views

CVE-2022-49049

In the Linux kernel, the following vulnerability has been resolved: mm/secretmem: fix panic when growing a memfd_secret When one tries to grow an existing memfd_secret with ftruncate, one getsa panic [1]. For example, doing the following reliably induces thepanic: fd = memfd_secret(); ftruncate(fd,...

5.1AI score0.00039EPSS
CVE
CVE
added 2025/02/26 7:0 a.m.96 views

CVE-2022-49220

In the Linux kernel, the following vulnerability has been resolved: dax: make sure inodes are flushed before destroy cache A bug can be triggered by following command $ modprobe nd_pmem && modprobe -r nd_pmem [ 10.060014] BUG dax_cache (Not tainted): Objects remaining in dax_cache on __kmem_cache_s...

5.4AI score0.00068EPSS
CVE
CVE
added 2025/02/26 7:1 a.m.96 views

CVE-2022-49253

In the Linux kernel, the following vulnerability has been resolved: media: usb: go7007: s2250-board: fix leak in probe() Call i2c_unregister_device(audio) on this error path.

5.4AI score0.00102EPSS
CVE
CVE
added 2025/02/26 7:1 a.m.96 views

CVE-2022-49263

In the Linux kernel, the following vulnerability has been resolved: brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup error path This avoids leaking memory if brcmf_chip_get_raminfo fails. Note thatthe CLM blob is released in the device remove path.

5.4AI score0.00094EPSS
CVE
CVE
added 2025/02/26 7:1 a.m.96 views

CVE-2022-49280

In the Linux kernel, the following vulnerability has been resolved: NFSD: prevent underflow in nfssvc_decode_writeargs() Smatch complains: fs/nfsd/nfsxdr.c:341 nfssvc_decode_writeargs() warn: no lower bound on 'args->len' Change the type to unsigned to prevent this issue.

5.5CVSS5.3AI score0.00035EPSS
CVE
CVE
added 2025/02/26 7:1 a.m.96 views

CVE-2022-49296

In the Linux kernel, the following vulnerability has been resolved: ceph: fix possible deadlock when holding Fwb to get inline_data 1, mount with wsync.2, create a file with O_RDWR, and the request was sent to mds.0: ceph_atomic_open()-->ceph_mdsc_do_request(openc)finish_open(file, dentry, ceph_...

5.5CVSS6.5AI score0.00021EPSS
Total number of security vulnerabilities10748