6925 matches found
CVE-2001-1397
The System V (SYS5) shared memory implementation for Linux kernel before 2.2.19 could allow attackers to modify recently freed memory.
CVE-2001-1398
Masquerading code for Linux kernel before 2.2.19 does not fully check packet lengths in certain cases, which may lead to a vulnerability.
CVE-2005-3119
Memory leak in the request_key_auth_destroy function in request_key_auth in Linux kernel 2.6.10 up to 2.6.13 allows local users to cause a denial of service (memory consumption) via a large number of authorization token keys.
CVE-2010-5329
The video_usercopy function in drivers/media/video/v4l2-ioctl.c in the Linux kernel before 2.6.39 relies on the count value of a v4l2_ext_controls data structure to determine a kmalloc size, which might allow local users to cause a denial of service (memory consumption) via a large value.
CVE-2011-2209
Integer signedness error in the osf_sysinfo function in arch/alpha/kernel/osf_sys.c in the Linux kernel before 2.6.39.4 on the Alpha platform allows local users to obtain sensitive information from kernel memory via a crafted call.
CVE-2011-2518
The tomoyo_mount_acl function in security/tomoyo/mount.c in the Linux kernel before 2.6.39.2 calls the kern_path function with arguments taken directly from a mount system call, which allows local users to cause a denial of service (OOPS) or possibly have unspecified other impact via a NULL value f...
CVE-2015-8950
arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3, as used in the ION subsystem in Android and other products, does not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory by triggering a dma_mmap call.
CVE-2017-5547
drivers/hid/hid-corsair.c in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual pa...
CVE-2021-47273
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3-meson-g12a: fix usb2 PHY glue init when phy0 is disabled When only PHY1 is used (for example on Odroid-HC4), the regmap init codeuses the usb2 ports when doesn't initialize the PHY1 regmap entry. This fixes:Unable to hand...
CVE-2021-47349
In the Linux kernel, the following vulnerability has been resolved: mwifiex: bring down link before deleting interface We can deadlock when rmmod'ing the driver or going through firmwarereset, because the cfg80211_unregister_wdev() has to bring down the linkfor us, ... which then grab the same wiph...
CVE-2021-47568
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix memleak in get_file_stream_info() Fix memleak in get_file_stream_info()
CVE-2022-48719
In the Linux kernel, the following vulnerability has been resolved: net, neigh: Do not trigger immediate probes on NUD_FAILED from neigh_managed_work syzkaller was able to trigger a deadlock for NTF_MANAGED entries [0]: kworker/0:16/14617 is trying to acquire lock:ffffffff8d4dd370 (&tbl->lock){+...
CVE-2022-48820
In the Linux kernel, the following vulnerability has been resolved: phy: stm32: fix a refcount leak in stm32_usbphyc_pll_enable() This error path needs to decrement "usbphyc->n_pll_cons.counter" beforereturning.
CVE-2022-48876
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix initialization of rx->link and rx->link_sta There are some codepaths that do not initialize rx->link_sta properly. Thiscauses a crash in places which assume that rx->link_sta is valid if rx->stais...
CVE-2022-48886
In the Linux kernel, the following vulnerability has been resolved: ice: Add check for kzalloc Add the check for the return value of kzalloc in order to avoidNULL pointer dereference.Moreover, use the goto-label to share the clean code.
CVE-2022-49013
In the Linux kernel, the following vulnerability has been resolved: sctp: fix memory leak in sctp_stream_outq_migrate() When sctp_stream_outq_migrate() is called to release stream out resources,the memory pointed to by prio_head in stream out is not released. The memory leak information is as follo...
CVE-2022-49403
In the Linux kernel, the following vulnerability has been resolved: lib/string_helpers: fix not adding strarray to device's resource list Add allocated strarray to device's resource list. This is a must toautomatically release strarray when the device disappears. Without this fix we have a memory l...
CVE-2022-49692
In the Linux kernel, the following vulnerability has been resolved: net: phy: at803x: fix NULL pointer dereference on AR9331 PHY Latest kernel will explode on the PHY interrupt config, since it dependsnow on allocated priv. So, run probe to allocate priv to fix it. ar9331_switch ethernet.1:10 lan0 ...
CVE-2022-49757
In the Linux kernel, the following vulnerability has been resolved: EDAC/highbank: Fix memory leak in highbank_mc_probe() When devres_open_group() fails, it returns -ENOMEM without freeing memoryallocated by edac_mc_alloc(). Call edac_mc_free() on the error handling path to avoid a memory leak. [ b...
CVE-2023-52911
In the Linux kernel, the following vulnerability has been resolved: drm/msm: another fix for the headless Adreno GPU Fix another oops reproducible when rebooting the board with the AdrenoGPU working in the headless mode (e.g. iMX platforms). Unable to handle kernel NULL pointer dereference at virtu...
CVE-2024-43822
In the Linux kernel, the following vulnerability has been resolved: ASoc: PCM6240: Return directly after a failed devm_kzalloc() in pcmdevice_i2c_probe() The value “-ENOMEM” was assigned to the local variable “ret”in one if branch after a devm_kzalloc() call failed at the beginning.This error code ...
CVE-2024-43848
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix TTLM teardown work The worker calculates the wrong sdata pointer, so if it everruns, it'll crash. Fix that.
CVE-2024-46690
In the Linux kernel, the following vulnerability has been resolved: nfsd: fix nfsd4_deleg_getattr_conflict in presence of third party lease It is not safe to dereference fl->c.flc_owner without first confirmingfl->fl_lmops is the expected manager. nfsd4_deleg_getattr_conflict()tests fl_lmops ...
CVE-2024-46704
In the Linux kernel, the following vulnerability has been resolved: workqueue: Fix spruious data race in __flush_work() When flushing a work item for cancellation, __flush_work() knows that itexclusively owns the work item through its PENDING bit. 134874e2eee9("workqueue: Allow cancel_work_sync() a...
CVE-2024-46769
In the Linux kernel, the following vulnerability has been resolved: spi: intel: Add check devm_kasprintf() returned value intel_spi_populate_chip() use devm_kasprintf() to set pdata->name.This can return a NULL pointer on failure but this returned valueis not checked.
CVE-2024-49570
In the Linux kernel, the following vulnerability has been resolved: drm/xe/tracing: Fix a potential TP_printk UAF The commitafd2627f727b ("tracing: Check "%s" dereference via the field and not the TP_printk format")exposes potential UAFs in the xe_bo_move trace event. Fix those by avoiding derefere...
CVE-2024-56646
In the Linux kernel, the following vulnerability has been resolved: ipv6: avoid possible NULL deref in modify_prefix_route() syzbot found a NULL deref [1] in modify_prefix_route(), caused by onefib6_info without a fib6_table pointer set. This can happen for net->ipv6.fib6_null_entry [1]Oops: gen...
CVE-2024-56711
In the Linux kernel, the following vulnerability has been resolved: drm/panel: himax-hx83102: Add a check to prevent NULL pointer dereference drm_mode_duplicate() could return NULL due to lack of memory,which will then call NULL pointer dereference. Add a check toprevent it.
CVE-2024-57919
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix divide error in DM plane scale calcs dm_get_plane_scale doesn't take into account plane scaled size equal tozero, leading to a kernel oops due to division by zero. Fix by settingout-scale size as zero when the ...
CVE-2025-21845
In the Linux kernel, the following vulnerability has been resolved: mtd: spi-nor: sst: Fix SST write failure 'commit 18bcb4aa54ea ("mtd: spi-nor: sst: Factor out common write operationto sst_nor_write_data()")' introduced a bug where only one byte of datais written, regardless of the number of byte...
CVE-2001-1390
Unknown vulnerability in binfmt_misc in the Linux kernel before 2.2.19, related to user pages.
CVE-2001-1392
The Linux kernel before 2.2.19 does not have unregister calls for (1) CPUID and (2) MSR drivers, which could cause a DoS (crash) by unloading and reloading the drivers.
CVE-2001-1396
Unknown vulnerabilities in strnlen_user for Linux kernel before 2.2.19, with unknown impact.
CVE-2004-2013
Integer overflow in the SCTP_SOCKOPT_DEBUG_NAME SCTP socket option in socket.c in the Linux kernel 2.4.25 and earlier allows local users to execute arbitrary code via an optlen value of -1, which causes kmalloc to allocate 0 bytes of memory.
CVE-2005-0400
The ext2_make_empty function call in the Linux kernel before 2.6.11.6 does not properly initialize memory when creating a block for a new directory entry, which allows local users to obtain potentially sensitive information by reading the block.
CVE-2005-4351
The securelevels implementation in FreeBSD 7.0 and earlier, OpenBSD up to 3.8, DragonFly up to 1.2, and Linux up to 2.6.15 allows root users to bypass immutable settings for files by mounting another filesystem that masks the immutable files while the system is running.
CVE-2005-4886
The selinux_parse_skb_ipv6 function in security/selinux/hooks.c in the Linux kernel before 2.6.12-rc4 allows remote attackers to cause a denial of service (OOPS) via vectors associated with an incorrect call to the ipv6_skip_exthdr function.
CVE-2006-5331
The altivec_unavailable_exception function in arch/powerpc/kernel/traps.c in the Linux kernel before 2.6.19 on 64-bit systems mishandles the case where CONFIG_ALTIVEC is defined and the CPU actually supports Altivec, but the Altivec support was not detected by the kernel, which allows local users t...
CVE-2009-0024
The sys_remap_file_pages function in mm/fremap.c in the Linux kernel before 2.6.24.1 allows local users to cause a denial of service or gain privileges via unspecified vectors, related to the vm_file structure member, and the mmap_region and do_munmap functions.
CVE-2009-0605
Stack consumption vulnerability in the do_page_fault function in arch/x86/mm/fault.c in the Linux kernel before 2.6.28.5 allows local users to cause a denial of service (memory corruption) or possibly gain privileges via unspecified vectors that trigger page faults on a machine that has a registere...
CVE-2009-2768
The load_flat_shared_library function in fs/binfmt_flat.c in the flat subsystem in the Linux kernel before 2.6.31-rc6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by executing a shared flat binary, which trigge...
CVE-2010-1488
The proc_oom_score function in fs/proc/base.c in the Linux kernel before 2.6.34-rc4 uses inappropriate data structures during selection of a candidate for the OOM killer, which might allow local users to cause a denial of service via unspecified patterns of task creation.
CVE-2013-2058
The host_start function in drivers/usb/chipidea/host.c in the Linux kernel before 3.7.4 does not properly support a certain non-streaming option, which allows local users to cause a denial of service (system crash) by sending a large amount of network traffic through a USB/Ethernet adapter.
CVE-2013-2636
net/bridge/br_mdb.c in the Linux kernel before 3.8.4 does not initialize certain structures, which allows local users to obtain sensitive information from kernel memory via a crafted application.
CVE-2013-4220
The bad_mode function in arch/arm64/kernel/traps.c in the Linux kernel before 3.9.5 on the ARM64 platform allows local users to cause a denial of service (system crash) via vectors involving an attempted register access that triggers an unexpected value in the Exception Syndrome Register (ESR).
CVE-2017-8062
drivers/media/usb/dvb-usb/dw2102.c in the Linux kernel 4.9.x and 4.10.x before 4.10.4 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of mor...
CVE-2022-48882
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix macsec possible null dereference when updating MAC security entity (SecY) Upon updating MAC security entity (SecY) in hw offload path, the macsecsecurity association (SA) initialization routine is called. In case ofe...
CVE-2022-48952
In the Linux kernel, the following vulnerability has been resolved: PCI: mt7621: Add sentinel to quirks table Current driver is missing a sentinel in the struct soc_device_attributearray, which causes an oops when assessed by thesoc_device_match(mt7621_pcie_quirks_match) call. This was only exposed...
CVE-2023-52684
In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: qseecom: fix memory leaks in error paths Fix instances of returning error codes directly instead of jumping tothe relevant labels where memory allocated for the SCM calls would befreed.
CVE-2024-38584
In the Linux kernel, the following vulnerability has been resolved: net: ti: icssg_prueth: Fix NULL pointer dereference in prueth_probe() In the prueth_probe() function, if one of the calls to emac_phy_connect()fails due to of_phy_connect() returning NULL, then the subsequent call tophy_attached_in...