2330 matches found
CVE-2016-7913
CVE-2016-7913 affects the Linux kernel tuner driver xc2028 (drivers/media/tuners/tuner-xc2028.c). The vulnerability stems from xc2028_set_config: if the firmware name is omitted from a data structure, a local attacker can trigger a use-after-free, enabling privilege escalation or a denial of serv...
CVE-2020-27830
CVE-2020-27830 is a Linux Kernel vulnerability where spk_ttyio_receive_buf2() can dereference spk_ttyio_synth when it is NULL, causing a NULL-pointer dereference crash. The connected Nessus advisories (Unity Linux UTSA-2026-001485, UTSA-2026-004226, UTSA-2026-003925) reference this CVE as part of...
CVE-2021-4150
CVE-2021-4150 is a Linux kernel use-after-free in add_partition (block/partitions/core.c). The vulnerability arises from missing cleanup when device_add fails while adding a partition, enabling a local attacker with user privileges to cause a denial of service. Affected component is the kernel’s ...
CVE-2022-48773
CVE-2022-48773 — Linux kernel (xprtrdma rpcrdma_ep_create): Affected code path dereferenced non-NULL pointers in error handling. When rpcrdma_ep_create fails, non-NULL pointers could be left with an error value, causing rpcrdma_ep_destroy to free them and trigger a kernel Oops. The fix adds point...
CVE-2023-52477
In CVE-2023-52477, the Linux kernel USB hub code (drivers/usb/core/hub.c/hub.h) incorrectly accessed fields inside udev->bos without verifying that the BOS descriptor was allocated/initialized. If usb_get_bos_descriptor() fails, udev->bos can be NULL, causing a NULL pointer dereference and ...
CVE-2010-3705
The vulnerability CVE-2010-3705 affects the Linux kernel SCTP code: sctp_auth_asoc_get_hmac in net/sctp/auth.c does not validate the hmac_ids array from a remote peer, enabling remote attackers to trigger memory corruption and a kernel panic. Affected versions are Linux kernel before 2.6.36; reme...
CVE-2022-2873
CVE-2022-2873 refers to an out-of-bounds memory access in the Linux kernel’s Intel iSMT SMBus 2.0 host controller driver, triggered by I2C_SMBUS_BLOCK_DATA with malicious input. The vulnerability allows a local attacker to crash the system (local denial of service); CVSSv3.1 base score 5.5 (Local...
CVE-2023-4569
CVE-2023-4569 – Linux kernel nf_tables memory leak : A memory leak is triggered by nft_set_catchall_flush in net/netfilter/nf_tables_api.c. Several connected advisories describe this as a local issue that can leak memory when catchall elements are deactivated. Affected software is the Linux kerne...
CVE-2023-52475
CVE-2023-52475 : Linux kernel powermate driver has a use-after-free when the device is disconnected. The issue occurs when an asynchronous control message completes after the powermate_device is freed, leaving a dead lock reference. The recommended fix is to cancel in-progress requests on disconn...
CVE-2024-26772
CVE-2024-26772 describes a Linux kernel vulnerability in ext4 where block allocations could come from a corrupted group bitmap. The fix moves the group bitmap integrity check under the group lock in ext4_mb_find_by_goal(), ensuring that blocks are not allocated from a group whose bitmap is corrup...
CVE-2015-8767
CVE-2015-8767 affects the Linux kernel SCTP path: net/sctp/sm_sideeffect.c fails to properly synchronize a lock with a socket during heartbeat timeout processing, allowing a local attacker to cause a denial of service (deadlock) via crafted sctp_accept calls. Affected: Linux kernel before 4.3 (pe...
CVE-2018-5332
CVE-2018-5332 affects the Linux kernel up to version 3.2, where rds_message_alloc_sgs() does not validate a value used during DMA page allocation, causing a heap-based out-of-bounds write in net/rds/rdma.c (via rds_rdma_extra_size). Exploitation would rely on local access to trigger DMA-related a...
CVE-2019-12984
CVE-2019-12984 is a NULL pointer dereference in the Linux kernel before 5.1.13, specifically in nfc_genl_deactivate_target() within net/nfc/netlink.c. A malicious user-mode program that omits certain NFC attributes can trigger this vulnerability, resulting in denial of service. Affected software ...
CVE-2021-38206
The CVE-2021-38206 issue affects the Linux kernel mac80211 subsystem before 5.12.13: when a 5 GHz-only device is used, injecting a frame with 802.11a rates can trigger a NULL pointer dereference in the radiotap parser, causing a Denial of Service. The vulnerability is addressed in Linux kernel 5....
CVE-2024-38780
CVE-2024-38780 affects the Linux kernel's dma-buf/sw-sync path. The root cause was replacing spin_unlock_irqrestore() with spin_unlock_irq() in sync_print_obj() (and in sync_debugfs_show()) after commit a6aa8fca4d79, triggering a lockdep warning about inconsistent lock state. The fix uses plain s...
CVE-2024-42079
CVE-2024-42079 is a Linux kernel vulnerability in the gfs2 subsystem that could lead to a NULL pointer dereference during log flush operations. The root cause is a race between outstanding glock work and unmount, which could cause gfs2_log_flush() to dereference a freed or NULL sdp->sd_jdesc. ...
CVE-2024-50058
CVE-2024-50058: Linux kernel serial subsystem vulnerability where uart_shutdown() could dereference a NULL uart_port (uport) after a patch added NULL checks. The commit af224ca2df29 added safety checks, but a call to uart_port_dtr_rts(uport, false) remained unprotected if HUPCL is set. The incons...
CVE-2024-56600
CVE-2024-56600 (Linux kernel) : The issue arises in inet6_create() where sock_init_data() attaches an allocated sk to the sock, and if inet6_create() later fails, the sock keeps a dangling sk pointer, risking use-after-free. The fix, as described, is to clear the sock’s sk pointer on error to pre...
CVE-2015-8539
CVE-2015-8539 is referenced in MiracleLinux AXSA-2018-2578 as a Linux kernel KEYS subsystem flaw fixed by updating the kernel to a version with mitigations. The vulnerability arises in the KEYS subsystem of the Linux kernel prior to 4.4, where crafted keyctl commands can negatively instantiate a ...
CVE-2017-17806
CVE-2017-17806 affects the Linux kernel before 4.14.8. The HMAC implementation (crypto/hmac.c) does not validate that the underlying hash algorithm is unkeyed, allowing a local attacker who can use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and SHA-3 (CONFIG_CRYPTO_SHA3) to tri...
CVE-2019-19227
The CVE-2019-19227 issue affects the Linux kernel AppleTalk subsystem prior to 5.1. The vulnerability is a potential NULL pointer dereference caused by register_snap_client returning NULL, which can trigger a denial of service in net/appletalk/aarp.c and net/appletalk/ddp.c (e.g., via unregister_...
CVE-2017-2618
CVE-2017-2618 is a Linux kernel local vulnerability caused by how SELinux attributes are cleared on /proc/pid/attr. An empty write to that file can crash the system by triggering access to unmapped kernel memory. The connected Nessus entries (Unity Linux, MiracleLinux AXSA advisory, and related p...
CVE-2019-19536
CVE-2019-19536 is an info-leak vulnerability in the Linux kernel (<5.2.9) caused by a faulty handling of a malicious USB device in drivers/net/can/usb/peak_usb/pcan_usb_pro.c (CID-ead16e53c2f0). Some public advisories (Unity Linux UTSA-2026-*) reference this CVE and note the issue affects kern...
CVE-2021-4159
CVE-2021-4159 is described in connected documents as a Linux kernel EBPF verifier flaw that could allow a local attacker to leak internal kernel memory by causing uninitialized or sensitive data to be exposed to userspace when handling internal data structures during eBPF code insertion. The issu...
CVE-2022-39190
CVE-2022-39190 affects the Linux kernel nf_tables_api.c and enables a local denial-of-service by binding to an already bound netfilter chain. The issue is described as present in Linux kernel versions up to 5.19.5 (before 5.19.6). A patch addressing this vulnerability is included in 5.19.6 (Chang...
CVE-2018-15572
CVE-2018-15572: Linux kernel
CVE-2018-20511
The CVE-2018-20511 vulnerability affects Linux kernel older than 4.18.11, where ipddp_ioctl in drivers/net/appletalk/ipddp.c allows local users with CAP_NET_ADMIN to read the ipddp_route and next fields via SIOCFINDIPDDPRT, leading to kernel address disclosure (information leakage). Unity/Linux a...
CVE-2018-7492
The CVE-2018-7492 entry affects the Linux kernel prior to 4.14.7, where a NULL pointer dereference in net/rds/rdma.c __rds_rdma_map() can be triggered by local attackers via RDS_GET_MR / RDS_GET_MR_FOR_DEST. This leads to a system panic and denial-of-service. Affected versions are exposed to loca...
CVE-2021-3732
CVE-2021-3732 is a local-privilege escalation/information-disclosure flaw in the Linux kernel OverlayFS subsystem affecting how TmpFS is mounted under OverlayFS, allowing a local user to reveal files hidden in the original mount. Connected docs corroborate the issue across multiple sources (Astra...
CVE-2023-1249
CVE-2023-1249: A use-after-free in the Linux kernel core dump subsystem could allow a local user to crash the system; this requires patch 390031c94211 to be applied to be affected. Technical details are not publicly provided in the supplied documents. Monitor for updates.
CVE-2019-19535
CVE-2019-19535 affects the Linux kernel up to 5.2.8 via the PCAN-USB FD driver (drivers/net/can/usb/peak_usb/pcan_usb_fd.c). A malicious USB device can trigger an info-leak in this driver (CID-30a8beeb3042), causing partial information disclosure. Affected product: Linux kernel before 5.2.9; vuln...
CVE-2021-45402
CVE-2021-45402 affects the Linux kernel where check_alu_op() in kernel/bpf/verifier.c does not update bounds properly when handling mov32, enabling local attackers to leak potentially sensitive addresses (pointer leak). The description is consistently cited across multiple connected advisories (e...
CVE-2021-47548
CVE-2021-47548 (Linux kernel ethernet: hisilicon: hns: hns_dsaf_misc) fixes an array overflow in hns_dsaf_ge_srst_by_port(). The port check was port >= DSAF_GE_NUM (8), but dsaf_dev->mac_cb has length DSAF_MAX_PORT_NUM (6); ports 6–7 could access dsaf_dev->mac_cb[port] and overflow. The ...
CVE-2024-26671
CVE-2024-26671 describes a Linux kernel IO hang caused by blk-mq wakeup/race where __add_wait_queue() can be reordered with blk_mq_get_driver_tag() on tag failure, leading __sbitmap_queue_wake_up() to miss the waiter and not wake up, while blk_mq_mark_tag_wait() cannot obtain a driver tag. The fi...
CVE-2024-35809
The CVE-2024-35809 entry describes a race in the Linux kernel's PCI runtime power management path: the .runtime_idle() callback in rtsx_pcr PCI driver can still be running when pm_runtime_get_sync() returns, leading to a race with the post-sync code and a potential kernel crash due to an unhandle...
CVE-2020-27152
CVE-2020-27152 affects the Linux kernel prior to 5.9.2 in arch/x86/kvm/ioapic.c (ioapic_lazy_update_eoi). The issue is an infinite loop caused by improper interaction between a resampler and edge triggering. Affected software: Linux kernel up to 5.9.1, with fixed 5.9.2 per ChangeLog-5.9.2. Exploi...
CVE-2023-1582
CVE-2023-1582 is described in connected documents as a race condition in the Linux kernel's fs/proc/task_mmu.c under the memory management component. It may allow a local privileged user to cause a denial of service. The MiracleLinux advisory block lists the vulnerability and confirms the race co...
CVE-2023-52664
The CVE-2023-52664 issue affects the Linux kernel net: Atlantic driver, where a logic error in ring data allocation/free can lead to a double-free scenario in error handling if memory allocation fails. The root cause is using the ring pointer as a failure indicator, while only ring data is alloca...
CVE-2024-44931
CVE-2024-44931 describes a speculative information-leak in the Linux kernel gpio path: userspace can trigger a speculative read beyond the gpio descriptor array by calling gpio_ioctl() with an out-of-range offset. The fix sanitizes the offset before using it as an index by applying array_index_no...
CVE-2020-36694
The CVE-2020-36694 issue affects the Linux kernel netfilter path prior to 5.10, enabling a use-after-free in the packet processing context due to mishandling of the per-CPU sequence counter during concurrent iptables rule replacements. Exploitation requires CAP_NET_ADMIN in an unprivileged namesp...
CVE-2023-52478
CVE-2023-52478 : The Linux kernel hides a TOCTOU race in logitech-hidpp HID++ handling (hidpp_connect_event) that can lead to a use-after-free during USB receiver disconnect. The issue arises as four TOCTOU races occur across probe/workqueue threads when retrieving the HIDPP protocol, updating th...
CVE-2024-35947
Technical details about CVE-2024-35947 are not publicly provided in the supplied documents; the initial entry notes the Linux kernel BUG_ON fix but no affected products/versions or remediation specifics beyond references. Monitor for updates.
CVE-2024-56605
CVE-2024-56605 is a Linux kernel vulnerability in Bluetooth L2CAP handling. The issue arises when bt_sock_alloc() creates an sk object and attaches it to a sock; on error, l2cap_sock_alloc() frees the sk but leaves a dangling sk pointer attached to the sock, allowing a potential use-after-free in...
CVE-2010-4249
CVE-2010-4249 affects the Linux kernel before 2.6.37-rc3-next-20101125: the wait_for_unix_gc routine in net/unix/garbage.c does not properly select times for garbage-collecting inflight sockets, enabling local users to cause a denial of service (system hang) by crafting socketpair and sendmsg cal...
CVE-2016-5829
CVE-2016-5829 is a Linux kernel vulnerability in the hiddev driver (hiddev_ioctl_usage in drivers/hid/usbhid/hiddev.c) that allows a local user to trigger heap-based buffer overflows by sending crafted ioctls (HIDIOCGUSAGES or HIDIOCSUSAGES). Affected kernels are up to 4.6.3 (through 4.6.3). The ...
CVE-2024-43904
CVE-2024-43904 is a Linux kernel issue affecting the AMD display pipeline. The vulnerability stemmed from missing null checks in drm/amd/display code, where the variables stream and plane could be dereferenced without verifying non-null values in dcn30_apply_idle_power_optimizations, risking a nu...
CVE-2024-56601
CVE-2024-56601 is a Linux kernel vulnerability in the inet/ code path. The issue arises because sock_init_data() attaches a kernel socket (sk) to a sock, and if inet_create() fails later, the sk is freed but the sock retains a dangling sk pointer, enabling a use-after-free on the sock. The docume...
CVE-2017-12193
CVE-2017-12193 affects the Linux kernel: the function assoc_array_insert_into_terminal_node in lib/assoc_array.c mishandles node splitting, leading to a NULL pointer dereference and kernel panic via a crafted application. The vulnerability is in kernels prior to 4.13.11, enabling local attackers ...
CVE-2021-20261
CVE-2021-20261 is a local race-condition vulnerability in the Linux kernel floppy disk drive controller (fd0) driver. The issue’s impact is mitigated by default file permissions on /dev/fd0 being root-only; changes to device permissions can greatly increase risk. The initial description notes a l...
CVE-2023-52622
CVE-2023-52622 concerns an ext4 online resizing failure when flexbg_size is oversized. Affected Linux kernel workflows (mkfs.ext4 -G, mount, resize2fs) could trigger WARN_ON at __alloc_pages/__kmalloc during ext4_resize_fs, caused by MAX_RESIZE_BG exceeding available memory groups. The minimum MA...