Lucene search

K

9994 matches found

CVE
CVE
added 2007/07/27 9:30 p.m.67 views

CVE-2007-3105

Stack-based buffer overflow in the random number generator (RNG) implementation in the Linux kernel before 2.6.22 might allow local root users to cause a denial of service or gain privileges by setting the default wakeup threshold to a value greater than the output pool size, which triggers writing...

4.6CVSS6.5AI score0.0013EPSS
CVE
CVE
added 2007/09/26 10:17 a.m.67 views

CVE-2007-4571

The snd_mem_proc_read function in sound/core/memalloc.c in the Advanced Linux Sound Architecture (ALSA) in the Linux kernel before 2.6.22.8 does not return the correct write size, which allows local users to obtain sensitive information (kernel memory contents) via a small count argument, as demons...

2.1CVSS5.1AI score0.00127EPSS
CVE
CVE
added 2009/08/14 3:16 p.m.67 views

CVE-2009-2691

The mm_for_maps function in fs/proc/base.c in the Linux kernel 2.6.30.4 and earlier allows local users to read (1) maps and (2) smaps files under proc/ via vectors related to ELF loading, a setuid process, and a race condition.

2.1CVSS6.3AI score0.00057EPSS
CVE
CVE
added 2010/04/06 10:30 p.m.67 views

CVE-2010-1085

The azx_position_ok function in hda_intel.c in Linux kernel 2.6.33-rc4 and earlier, when running on the AMD780V chip set, allows context-dependent attackers to cause a denial of service (crash) via unknown manipulations that trigger a divide-by-zero error.

7.1CVSS6.9AI score0.0112EPSS
CVE
CVE
added 2013/03/15 8:55 p.m.67 views

CVE-2012-6539

The dev_ifconf function in net/socket.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.

1.9CVSS5.4AI score0.00058EPSS
CVE
CVE
added 2013/09/16 1:1 p.m.67 views

CVE-2013-2894

drivers/hid/hid-lenovo-tpkbd.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_LENOVO_TPKBD is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device.

4.7CVSS5.7AI score0.0007EPSS
CVE
CVE
added 2013/08/25 3:27 a.m.67 views

CVE-2013-4254

The validate_event function in arch/arm/kernel/perf_event.c in the Linux kernel before 3.10.8 on the ARM platform allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by adding a hardware event to an event group led by a software event.

6.9CVSS6.2AI score0.00017EPSS
CVE
CVE
added 2013/12/09 6:55 p.m.67 views

CVE-2013-6431

The fib6_add function in net/ipv6/ip6_fib.c in the Linux kernel before 3.11.5 does not properly implement error-code encoding, which allows local users to cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability for an IPv6 SIOCADDRT ioctl cal...

4.7CVSS6.7AI score0.00045EPSS
CVE
CVE
added 2014/11/10 11:55 a.m.67 views

CVE-2014-8480

The instruction decoder in arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel before 3.18-rc2 lacks intended decoder-table flags for certain RIP-relative instructions, which allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via a crafted ap...

4.9CVSS6.7AI score0.00072EPSS
CVE
CVE
added 2017/02/07 7:59 a.m.67 views

CVE-2014-9914

Race condition in the ip4_datagram_release_cb function in net/ipv4/datagram.c in the Linux kernel before 3.15.2 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect expectations about locking during multithreaded access to internal data structu...

7.8CVSS7.3AI score0.00032EPSS
CVE
CVE
added 2016/10/10 10:59 a.m.67 views

CVE-2015-0572

Multiple race conditions in drivers/char/adsprpc.c and drivers/char/adsprpc_compat.c in the ADSPRPC driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service (zero-value write)...

7CVSS8.2AI score0.00061EPSS
CVE
CVE
added 2016/08/06 8:59 p.m.67 views

CVE-2016-6156

Race condition in the ec_device_ioctl_xcmd function in drivers/platform/chrome/cros_ec_dev.c in the Linux kernel before 4.7 allows local users to cause a denial of service (out-of-bounds array access) by changing a certain size value, aka a "double fetch" vulnerability.

5.1CVSS5AI score0.00066EPSS
CVE
CVE
added 2019/08/19 2:15 a.m.67 views

CVE-2017-18552

An issue was discovered in net/rds/af_rds.c in the Linux kernel before 4.11. There is an out of bounds write and read in the function rds_recv_track_latency.

7.8CVSS7.4AI score0.00128EPSS
CVE
CVE
added 2019/11/07 4:15 p.m.67 views

CVE-2019-18812

A memory leak in the sof_dfsentry_write() function in sound/soc/sof/debug.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-c0a333d842ef.

7.8CVSS7.5AI score0.00554EPSS
CVE
CVE
added 2025/05/07 2:15 p.m.67 views

CVE-2020-36791

In the Linux kernel, the following vulnerability has been resolved: net_sched: keep alloc_hash updated after hash allocation In commit 599be01ee567 ("net_sched: fix an OOB access in cls_tcindex")I moved cp->hash calculation before the firsttcindex_alloc_perfect_hash(), but cp->alloc_hash is l...

5.3AI score0.00049EPSS
CVE
CVE
added 2024/03/04 6:15 p.m.67 views

CVE-2021-47091

In the Linux kernel, the following vulnerability has been resolved: mac80211: fix locking in ieee80211_start_ap error path We need to hold the local->mtx to release the channel context,as even encoded by the lockdep_assert_held() there. Fix it.

5.5CVSS6.2AI score0.00007EPSS
CVE
CVE
added 2024/03/15 9:15 p.m.67 views

CVE-2021-47120

In the Linux kernel, the following vulnerability has been resolved: HID: magicmouse: fix NULL-deref on disconnect Commit 9d7b18668956 ("HID: magicmouse: add support for Apple MagicTrackpad 2") added a sanity check for an Apple trackpad but returnedsuccess instead of -ENODEV when the check failed. T...

5.5CVSS6.2AI score0.00009EPSS
CVE
CVE
added 2024/03/15 9:15 p.m.67 views

CVE-2021-47122

In the Linux kernel, the following vulnerability has been resolved: net: caif: fix memory leak in caif_device_notify In case of caif_enroll_dev() fail, allocatedlink_support won't be assigned to the correspondingstructure. So simply free allocated pointer in caseof error

5.5CVSS6.5AI score0.00012EPSS
CVE
CVE
added 2024/03/25 9:15 a.m.67 views

CVE-2021-47139

In the Linux kernel, the following vulnerability has been resolved: net: hns3: put off calling register_netdev() until client initialize complete Currently, the netdevice is registered before client initializingcomplete. So there is a timewindow between netdevice availableand usable. In this case, ...

5.5CVSS6.5AI score0.00009EPSS
CVE
CVE
added 2024/03/25 9:15 a.m.67 views

CVE-2021-47143

In the Linux kernel, the following vulnerability has been resolved: net/smc: remove device from smcd_dev_list after failed device_add() If the device_add() for a smcd_dev fails, there's no cleanup step thatrolls back the earlier list_add(). The device subsequently gets freed,and we end up with a co...

5.5CVSS6.5AI score0.00018EPSS
CVE
CVE
added 2024/03/25 10:15 a.m.67 views

CVE-2021-47166

In the Linux kernel, the following vulnerability has been resolved: NFS: Don't corrupt the value of pg_bytes_written in nfs_do_recoalesce() The value of mirror->pg_bytes_written should only be updated after asuccessful attempt to flush out the requests on the list.

5.5CVSS6.2AI score0.00008EPSS
CVE
CVE
added 2024/04/10 7:15 p.m.67 views

CVE-2021-47187

In the Linux kernel, the following vulnerability has been resolved: arm64: dts: qcom: msm8998: Fix CPU/L2 idle state latency and residency The entry/exit latency and minimum residency in state for the idlestates of MSM8998 were ..bad: first of all, for all of them thetimings were written for CPU sl...

5.5CVSS6.5AI score0.00011EPSS
CVE
CVE
added 2024/04/10 7:15 p.m.67 views

CVE-2021-47207

In the Linux kernel, the following vulnerability has been resolved: ALSA: gus: fix null pointer dereference on pointer block The pointer block return from snd_gf1_dma_next_block could benull, so there is a potential null pointer dereference issue.Fix this by adding a null check before dereference.

5.5CVSS6.3AI score0.00008EPSS
CVE
CVE
added 2024/04/10 7:15 p.m.67 views

CVE-2021-47209

In the Linux kernel, the following vulnerability has been resolved: sched/fair: Prevent dead task groups from regaining cfs_rq's Kevin is reporting crashes which point to a use-after-free of a cfs_rqin update_blocked_averages(). Initial debugging revealed that we'velive cfs_rq's (on_list=1) in an a...

5.5CVSS6.6AI score0.0001EPSS
CVE
CVE
added 2024/05/21 3:15 p.m.67 views

CVE-2021-47228

In the Linux kernel, the following vulnerability has been resolved: x86/ioremap: Map EFI-reserved memory as encrypted for SEV Some drivers require memory that is marked as EFI boot servicesdata. In order for this memory to not be re-used by the kernelafter ExitBootServices(), efi_mem_reserve() is u...

6.2CVSS7.2AI score0.00018EPSS
CVE
CVE
added 2024/05/21 3:15 p.m.67 views

CVE-2021-47230

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Immediately reset the MMU context when the SMM flag is cleared Immediately reset the MMU context when the vCPU's SMM flag is cleared sothat the SMM flag in the MMU role is always synchronized with the vCPU'sflag. If RSM f...

6.6CVSS7.6AI score0.00015EPSS
CVE
CVE
added 2024/05/21 3:15 p.m.67 views

CVE-2021-47248

In the Linux kernel, the following vulnerability has been resolved: udp: fix race between close() and udp_abort() Kaustubh reported and diagnosed a panic in udp_lib_lookup().The root cause is udp_abort() racing with close(). Bothracing functions acquire the socket lock, but udp{v6}_destroy_sock()re...

4.7CVSS6.7AI score0.00007EPSS
CVE
CVE
added 2024/05/21 3:15 p.m.67 views

CVE-2021-47331

In the Linux kernel, the following vulnerability has been resolved: usb: common: usb-conn-gpio: fix NULL pointer dereference of charger When power on system with OTG cable, IDDIG's interrupt arises beforethe charger registration, it will cause a NULL pointer dereference,fix the issue by registering...

5.5CVSS6.7AI score0.00041EPSS
CVE
CVE
added 2024/05/21 3:15 p.m.67 views

CVE-2021-47358

In the Linux kernel, the following vulnerability has been resolved: staging: greybus: uart: fix tty use after free User space can hold a tty open indefinitely and tty drivers must notrelease the underlying structures until the last user is gone. Switch to using the tty-port reference counter to man...

7.8CVSS6.8AI score0.00016EPSS
CVE
CVE
added 2024/05/21 3:15 p.m.67 views

CVE-2021-47381

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Fix DSP oops stack dump output contents Fix @buf arg given to hex_dump_to_buffer() and stack address usedin dump error output.

6.7AI score0.00017EPSS
CVE
CVE
added 2024/05/21 3:15 p.m.67 views

CVE-2021-47399

In the Linux kernel, the following vulnerability has been resolved: ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup The ixgbe driver currently generates a NULL pointer dereference withsome machine (online cpus < 63). This is due to the fact that themaximum value of num_xdp_queues is nr_cp...

5.5CVSS6.7AI score0.00009EPSS
CVE
CVE
added 2024/05/21 3:15 p.m.67 views

CVE-2021-47423

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/debugfs: fix file release memory leak When using single_open() for opening, single_release() should becalled, otherwise the 'op' allocated in single_open() will be leaked.

5.5CVSS6.8AI score0.00013EPSS
CVE
CVE
added 2024/05/21 3:15 p.m.67 views

CVE-2021-47426

In the Linux kernel, the following vulnerability has been resolved: bpf, s390: Fix potential memory leak about jit_data Make sure to free jit_data through kfree() in the error path.

5.5CVSS6.6AI score0.00016EPSS
CVE
CVE
added 2024/05/22 7:15 a.m.67 views

CVE-2021-47436

In the Linux kernel, the following vulnerability has been resolved: usb: musb: dsps: Fix the probe error path Commit 7c75bde329d7 ("usb: musb: musb_dsps: request_irq() afterinitializing musb") has inverted the calls todsps_setup_optional_vbus_irq() and dsps_create_musb_pdev() withoutupdating correc...

5.5CVSS6.6AI score0.00012EPSS
CVE
CVE
added 2024/05/22 7:15 a.m.67 views

CVE-2021-47451

In the Linux kernel, the following vulnerability has been resolved: netfilter: xt_IDLETIMER: fix panic that occurs when timer_type has garbage value Currently, when the rule related to IDLETIMER is added, idletimer_tg timerstructure is initialized by kmalloc on executing idletimer_tg_createfunction...

6.4AI score0.00022EPSS
CVE
CVE
added 2024/05/22 7:15 a.m.67 views

CVE-2021-47452

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: skip netdev events generated on netns removal syzbot reported following (harmless) WARN: WARNING: CPU: 1 PID: 2648 at net/netfilter/core.c:468nft_netdev_unregister_hooks net/netfilter/nf_tables_api.c:230 [inli...

6.6AI score0.00021EPSS
CVE
CVE
added 2024/05/22 7:15 a.m.67 views

CVE-2021-47462

In the Linux kernel, the following vulnerability has been resolved: mm/mempolicy: do not allow illegal MPOL_F_NUMA_BALANCING | MPOL_LOCAL in mbind() syzbot reported access to unitialized memory in mbind() [1] Issue came with commit bda420b98505 ("numa balancing: migrate on faultamong multiple bound...

5.5CVSS6.6AI score0.00031EPSS
CVE
CVE
added 2024/05/22 9:15 a.m.67 views

CVE-2021-47474

In the Linux kernel, the following vulnerability has been resolved: comedi: vmk80xx: fix bulk-buffer overflow The driver is using endpoint-sized buffers but must not assume that thetx and rx buffers are of equal size or a malicious device could overflowthe slab-allocated receive buffer when doing b...

6.9AI score0.0005EPSS
CVE
CVE
added 2024/05/24 3:15 p.m.67 views

CVE-2021-47504

In the Linux kernel, the following vulnerability has been resolved: io_uring: ensure task_work gets run as part of cancelations If we successfully cancel a work item but that work item needs to beprocessed through task_work, then we can be sleeping uninterruptiblyin io_uring_cancel_generic() and ne...

6.6AI score0.00026EPSS
CVE
CVE
added 2024/05/24 3:15 p.m.67 views

CVE-2021-47521

In the Linux kernel, the following vulnerability has been resolved: can: sja1000: fix use after free in ems_pcmcia_add_card() If the last channel is not available then "dev" is freed. Fortunately,we can just use "pdev->irq" instead. Also we should check if at least one channel was set up.

7.8CVSS8.5AI score0.00014EPSS
CVE
CVE
added 2024/05/24 3:15 p.m.67 views

CVE-2021-47522

In the Linux kernel, the following vulnerability has been resolved: HID: bigbenff: prevent null pointer dereference When emulating the device through uhid, there is a chance we don't haveoutput reports and so report_field is null.

5.5CVSS7AI score0.00018EPSS
CVE
CVE
added 2024/05/24 3:15 p.m.67 views

CVE-2021-47525

In the Linux kernel, the following vulnerability has been resolved: serial: liteuart: fix use-after-free and memleak on unbind Deregister the port when unbinding the driver to prevent it from beingused after releasing the driver data and leaking memory allocated byserial core.

7.8CVSS8.4AI score0.00018EPSS
CVE
CVE
added 2024/05/24 3:15 p.m.67 views

CVE-2021-47542

In the Linux kernel, the following vulnerability has been resolved: net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() In qlcnic_83xx_add_rings(), the indirect function ofahw->hw_ops->alloc_mbx_args will be called to allocate memory forcmd.req.arg, and there is a d...

5.5CVSS7.2AI score0.00008EPSS
CVE
CVE
added 2024/05/24 3:15 p.m.67 views

CVE-2021-47565

In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix kernel panic during drive powercycle test While looping over shost's sdev list it is possible that oneof the drives is getting removed and its sas_target object isfreed but its sdev object remains intact. Consequ...

6.6AI score0.0005EPSS
CVE
CVE
added 2024/06/19 3:15 p.m.67 views

CVE-2021-47597

In the Linux kernel, the following vulnerability has been resolved: inet_diag: fix kernel-infoleak for UDP sockets KMSAN reported a kernel-infoleak [1], that can exploitedby unpriv users. After analysis it turned out UDP was not initializingr->idiag_expires. Other users of inet_sk_diag_fill()mig...

5.5CVSS7AI score0.00013EPSS
CVE
CVE
added 2025/02/26 6:37 a.m.67 views

CVE-2021-47635

In the Linux kernel, the following vulnerability has been resolved: ubifs: Fix to add refcount once page is set private MM defined the rule [1] very clearly that once page was set with PG_privateflag, we should increment the refcount in that page, also main flows likepageout(), migrate_page() will ...

5.2AI score0.00044EPSS
CVE
CVE
added 2024/04/28 1:15 p.m.67 views

CVE-2022-48642

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix percpu memory leak at nf_tables_addchain() It seems to me that percpu memory for chain stats started leaking sincecommit 3bc158f8d0330f0a ("netfilter: nf_tables: map basechain priority tohardware priority"...

5.5CVSS6.5AI score0.0001EPSS
CVE
CVE
added 2024/06/20 11:15 a.m.67 views

CVE-2022-48715

In the Linux kernel, the following vulnerability has been resolved: scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe Running tests with a debug kernel shows that bnx2fc_recv_frame() ismodifying the per_cpu lport stats counters in a non-mpsafe way. Just boota debug kernel and run the bnx2fc driver wit...

6.6AI score0.00038EPSS
CVE
CVE
added 2024/06/20 12:15 p.m.67 views

CVE-2022-48758

In the Linux kernel, the following vulnerability has been resolved: scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() The bnx2fc_destroy() functions are removing the interface before callingdestroy_work. This results multiple WARNings from sysfs_remove_group() asthe contr...

6.6AI score0.00052EPSS
CVE
CVE
added 2024/07/16 1:15 p.m.67 views

CVE-2022-48851

In the Linux kernel, the following vulnerability has been resolved: staging: gdm724x: fix use after free in gdm_lte_rx() The netif_rx_ni() function frees the skb so we can't dereference it tosave the skb->len.

7.8CVSS8AI score0.00056EPSS
Total number of security vulnerabilities9994