Lucene search

K

9933 matches found

CVE
CVE
added 2024/02/27 10:15 a.m.522 views

CVE-2021-46933

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear. ffs_data_clear is indirectly called from both ffs_fs_kill_sb andffs_ep0_release, so it ends up being called twice when userland closes ep0and then unmounts f_fs.If userland pr...

5.5CVSS6.1AI score0.00009EPSS
CVE
CVE
added 2020/06/12 2:15 p.m.520 views

CVE-2020-10732

A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.

4.4CVSS5.6AI score0.00046EPSS
CVE
CVE
added 2023/08/07 2:15 p.m.520 views

CVE-2023-4194

A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized access to some resources. The original patches fixing CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits - a09...

5.5CVSS6.7AI score0.00009EPSS
CVE
CVE
added 2019/06/03 10:29 p.m.514 views

CVE-2019-12614

An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup of prop->name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash).

4.7CVSS6.4AI score0.00094EPSS
CVE
CVE
added 2023/10/09 6:15 p.m.512 views

CVE-2023-39193

A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the flag_count field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure.

6.1CVSS6.9AI score0.00008EPSS
CVE
CVE
added 2020/11/17 2:15 a.m.511 views

CVE-2020-25705

A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well on the Linux Based...

7.4CVSS7.3AI score0.00841EPSS
CVE
CVE
added 2024/02/27 10:15 a.m.510 views

CVE-2021-46928

In the Linux kernel, the following vulnerability has been resolved: parisc: Clear stale IIR value on instruction access rights trap When a trap 7 (Instruction access rights) occurs, this means the CPUcouldn't execute an instruction due to missing execute permissions onthe memory region. In this cas...

5.5CVSS6.2AI score0.00009EPSS
CVE
CVE
added 2024/02/22 5:15 p.m.510 views

CVE-2024-26590

In the Linux kernel, the following vulnerability has been resolved: erofs: fix inconsistent per-file compression format EROFS can select compression algorithms on a per-file basis, and eachper-file compression algorithm needs to be marked in the on-disksuperblock for initialization. However, syzkal...

5.5CVSS6AI score0.00013EPSS
CVE
CVE
added 2024/02/27 7:4 p.m.508 views

CVE-2021-46947

In the Linux kernel, the following vulnerability has been resolved: sfc: adjust efx->xdp_tx_queue_count with the real number of initialized queues efx->xdp_tx_queue_count is initially initialized to num_possible_cpus() and islater used to allocate and traverse efx->xdp_tx_queues lookup arr...

5.5CVSS5AI score0.00035EPSS
CVE
CVE
added 2018/01/03 6:29 a.m.507 views

CVE-2017-18017

The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in a...

10CVSS9.5AI score0.38093EPSS
CVE
CVE
added 2019/02/15 3:29 p.m.505 views

CVE-2019-6974

In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.

8.1CVSS7.7AI score0.08548EPSS
CVE
CVE
added 2024/02/27 10:15 a.m.504 views

CVE-2021-46937

In the Linux kernel, the following vulnerability has been resolved: mm/damon/dbgfs: fix 'struct pid' leaks in 'dbgfs_target_ids_write()' DAMON debugfs interface increases the reference counts of 'struct pid'sfor targets from the 'target_ids' file write callback('dbgfs_target_ids_write()'), but decr...

5.5CVSS6.1AI score0.00016EPSS
CVE
CVE
added 2024/02/27 10:15 a.m.502 views

CVE-2021-46923

In the Linux kernel, the following vulnerability has been resolved: fs/mount_setattr: always cleanup mount_kattr Make sure that finish_mount_kattr() is called after mount_kattr wassuccesfully built in both the success and failure case to preventleaking any references we took when we built it. We re...

5.5CVSS6.1AI score0.00013EPSS
CVE
CVE
added 2023/10/03 3:15 a.m.497 views

CVE-2023-5345

A use-after-free vulnerability in the Linux kernel's fs/smb/client component can be exploited to achieve local privilege escalation. In case of an error in smb3_fs_context_parse_param, ctx->password was freed but the field was not set to NULL which could lead to double free. We recommend upgradi...

7.8CVSS7.7AI score0.00022EPSS
CVE
CVE
added 2019/11/29 3:15 p.m.495 views

CVE-2019-14901

A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is...

10CVSS9.7AI score0.06097EPSS
CVE
CVE
added 2020/05/09 9:15 p.m.495 views

CVE-2020-12770

An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040.

6.7CVSS6.7AI score0.0005EPSS
CVE
CVE
added 2022/10/17 7:15 p.m.492 views

CVE-2022-3564

A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. Th...

7.1CVSS6.9AI score0.00067EPSS
CVE
CVE
added 2021/01/13 4:15 a.m.490 views

CVE-2020-28374

In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a net...

8.1CVSS7.8AI score0.00175EPSS
CVE
CVE
added 2023/10/09 6:15 p.m.490 views

CVE-2023-39192

A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds read by setting the size fields with a value beyond the array boundaries, leading to a cra...

6.7CVSS6.9AI score0.00009EPSS
CVE
CVE
added 2022/03/18 6:15 p.m.489 views

CVE-2022-1011

A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation.

7.8CVSS7.7AI score0.00193EPSS
CVE
CVE
added 2019/09/04 9:15 p.m.486 views

CVE-2019-15927

An issue was discovered in the Linux kernel before 4.20.2. An out-of-bounds access exists in the function build_audio_procunit in the file sound/usb/mixer.c.

7.8CVSS7.8AI score0.00073EPSS
CVE
CVE
added 2022/02/04 11:15 p.m.482 views

CVE-2021-4154

A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel's cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service ...

8.8CVSS8.1AI score0.00745EPSS
CVE
CVE
added 2022/06/02 9:15 p.m.482 views

CVE-2022-32250

net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.

7.8CVSS7.5AI score0.02737EPSS
CVE
CVE
added 2021/05/10 10:15 p.m.481 views

CVE-2021-32399

net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller.

7CVSS7AI score0.00077EPSS
CVE
CVE
added 2023/11/01 8:15 p.m.479 views

CVE-2023-1192

A use-after-free flaw was found in smb2_is_status_io_timeout() in CIFS in the Linux Kernel. After CIFS transfers response data to a system call, there are still local variable points to the memory region, and if the system call frees it faster than CIFS uses it, CIFS will access a free memory regio...

6.5CVSS7AI score0.00026EPSS
CVE
CVE
added 2021/01/29 5:15 p.m.476 views

CVE-2021-3347

An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.

7.8CVSS7.5AI score0.00336EPSS
CVE
CVE
added 2021/06/23 4:15 p.m.475 views

CVE-2021-33624

In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack, aka CID-9183671af6db.

4.7CVSS5.6AI score0.0047EPSS
CVE
CVE
added 2017/10/05 1:29 a.m.473 views

CVE-2017-1000253

Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (committed on April 14, 2015). This kernel vulnerability was fixed in April 2015 by commit a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (backported to Linux 3.10....

7.8CVSS7.3AI score0.55565EPSS
CVE
CVE
added 2024/02/27 10:15 a.m.472 views

CVE-2021-46934

In the Linux kernel, the following vulnerability has been resolved: i2c: validate user data in compat ioctl Wrong user data may cause warning in i2c_transfer(), ex: zero msgs.Userspace should not be able to trigger warnings, so this patch addsvalidation checks for user data in compact ioctl to prev...

3.3CVSS5.3AI score0.00015EPSS
CVE
CVE
added 2019/05/10 10:29 p.m.469 views

CVE-2019-11884

The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character.

3.3CVSS5.6AI score0.00096EPSS
CVE
CVE
added 2022/03/25 7:15 p.m.467 views

CVE-2022-0435

A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges i...

9CVSS9AI score0.54888EPSS
CVE
CVE
added 2023/11/06 11:15 a.m.467 views

CVE-2023-5090

A flaw was found in KVM. An improper check in svm_set_x2apic_msr_interception() may allow direct access to host x2apic msrs when the guest resets its apic, potentially leading to a denial of service condition.

6CVSS6.7AI score0.00022EPSS
CVE
CVE
added 2019/08/23 6:15 a.m.466 views

CVE-2019-15505

drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir).

10CVSS9AI score0.00756EPSS
CVE
CVE
added 2021/03/07 5:15 a.m.465 views

CVE-2021-27365

An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum lengt...

7.8CVSS7.5AI score0.00426EPSS
CVE
CVE
added 2023/09/12 8:15 p.m.465 views

CVE-2023-4921

A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. When the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfq_dequeue() due to the incorrect .peek handler of s...

7.8CVSS7.9AI score0.00015EPSS
CVE
CVE
added 2019/05/07 2:29 p.m.464 views

CVE-2018-20836

An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free.

9.3CVSS7.5AI score0.03904EPSS
CVE
CVE
added 2019/12/03 4:15 p.m.464 views

CVE-2019-19527

In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e.

7.2CVSS7.4AI score0.00024EPSS
CVE
CVE
added 2021/07/26 10:15 p.m.464 views

CVE-2021-37576

arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e.

7.8CVSS7.5AI score0.00015EPSS
CVE
CVE
added 2025/02/26 6:37 a.m.464 views

CVE-2021-4453

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix a potential gpu_metrics_table memory leak Memory is allocated for gpu_metrics_table in renoir_init_smc_tables(),but not freed in int smu_v12_0_fini_smc_tables(). Free it!

5.5CVSS6.5AI score0.00022EPSS
CVE
CVE
added 2019/09/04 9:15 p.m.463 views

CVE-2017-18595

An issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c.

7.8CVSS7.8AI score0.00046EPSS
CVE
CVE
added 2019/04/23 10:29 p.m.461 views

CVE-2019-11487

The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/h...

7.8CVSS8AI score0.00079EPSS
CVE
CVE
added 2019/05/07 2:29 p.m.458 views

CVE-2019-11810

An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free.

7.8CVSS7.2AI score0.01451EPSS
CVE
CVE
added 2024/05/15 6:15 p.m.458 views

CVE-2024-25743

In the Linux kernel through 6.9, an untrusted hypervisor can inject virtual interrupts 0 and 14 at any point in time and can trigger the SIGFPE signal handler in userspace applications. This affects AMD SEV-SNP and AMD SEV-ES.

7.1CVSS6.4AI score0.00071EPSS
CVE
CVE
added 2018/12/06 2:29 p.m.457 views

CVE-2018-9568

In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-113509...

7.8CVSS7.9AI score0.00478EPSS
CVE
CVE
added 2019/07/19 1:15 p.m.457 views

CVE-2019-13648

In the Linux kernel through 5.2.1 on the powerpc platform, when hardware transactional memory is disabled, a local user can cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sends a crafted signal frame. This affects arch/powerpc/kernel/signal_32...

5.5CVSS5.7AI score0.00035EPSS
CVE
CVE
added 2022/08/24 4:15 p.m.457 views

CVE-2021-4155

A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them.

5.5CVSS6.4AI score0.00015EPSS
CVE
CVE
added 2019/07/30 5:15 p.m.456 views

CVE-2018-16871

A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to th...

7.5CVSS7.1AI score0.00657EPSS
CVE
CVE
added 2020/02/06 1:15 a.m.454 views

CVE-2020-8648

There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c.

7.1CVSS7AI score0.0003EPSS
CVE
CVE
added 2023/01/12 7:15 a.m.454 views

CVE-2023-23454

cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).

5.5CVSS6AI score0.00065EPSS
CVE
CVE
added 2020/06/09 1:15 p.m.453 views

CVE-2020-10757

A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system.

7.8CVSS7.5AI score0.00771EPSS
Total number of security vulnerabilities9933