6925 matches found
CVE-2024-40952
In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix NULL pointer dereference in ocfs2_journal_dirty() bdev->bd_super has been removed and commit 8887b94d9322 change the usagefrom bdev->bd_super to b_assoc_map->host->i_sb. This introduces thefollowing NULL poin...
CVE-2024-42235
In the Linux kernel, the following vulnerability has been resolved: s390/mm: Add NULL pointer check to crst_table_free() base_crst_free() crst_table_free() used to work with NULL pointers before the conversionto ptdescs. Since crst_table_free() can be called with a NULL pointer(error handling in cr...
CVE-2024-44936
In the Linux kernel, the following vulnerability has been resolved: power: supply: rt5033: Bring back i2c_set_clientdata Commit 3a93da231c12 ("power: supply: rt5033: Use devm_power_supply_register() helper")reworked the driver to use devm. While at it, the i2c_set_clientdatawas dropped along with t...
CVE-2024-46712
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Disable coherent dumb buffers without 3d Coherent surfaces make only sense if the host renders to them usingaccelerated apis. Without 3d the entire content of dumb buffers staysin the guest making all of the extra work ...
CVE-2024-57878
In the Linux kernel, the following vulnerability has been resolved: arm64: ptrace: fix partial SETREGSET for NT_ARM_FPMR Currently fpmr_set() doesn't initialize the temporary 'fpmr' variable,and a SETREGSET call with a length of zero will leave thisuninitialized. Consequently an arbitrary value wil...
CVE-2025-21737
In the Linux kernel, the following vulnerability has been resolved: ceph: fix memory leak in ceph_mds_auth_match() We now free the temporary target path substring allocation on everypossible branch, instead of omitting the default branch. In somecases, a memory leak occured, which could rapidly cra...
CVE-2007-3732
In Linux 2.6 before 2.6.23, the TRACE_IRQS_ON function in iret_exc calls a C function without ensuring that the segments are set properly. The kernel's %fs needs to be restored before the call in TRACE_IRQS_ON and before enabling interrupts, so that "current" references work. Without this, "current...
CVE-2009-1527
Race condition in the ptrace_attach function in kernel/ptrace.c in the Linux kernel before 2.6.30-rc4 allows local users to gain privileges via a PTRACE_ATTACH ptrace call during an exec system call that is launching a setuid application, related to locking an incorrect cred_exec_mutex object.
CVE-2010-2243
A vulnerability exists in kernel/time/clocksource.c in the Linux kernel before 2.6.34 where on non-GENERIC_TIME systems (GENERIC_TIME=n), accessing /sys/devices/system/clocksource/clocksource0/current_clocksource results in an OOPS.
CVE-2010-5328
include/linux/init_task.h in the Linux kernel before 2.6.35 does not prevent signals with a process group ID of zero from reaching the swapper process, which allows local users to cause a denial of service (system crash) by leveraging access to this process group.
CVE-2011-4112
The net subsystem in the Linux kernel before 3.1 does not properly restrict use of the IFF_TX_SKB_SHARING flag, which allows local users to cause a denial of service (panic) by leveraging the CAP_NET_ADMIN capability to access /proc/net/pktgen/pgctrl, and then using the pktgen package in conjunctio...
CVE-2019-12818
An issue was discovered in the Linux kernel before 4.20.15. The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return NULL. If the caller does not check for this, it will trigger a NULL pointer dereference. This will cause denial of service. This affects nfc_llcp_build_gb in net/nfc/llc...
CVE-2021-47279
In the Linux kernel, the following vulnerability has been resolved: usb: misc: brcmstb-usb-pinmap: check return value after calling platform_get_resource() It will cause null-ptr-deref if platform_get_resource() returns NULL,we need check the return value.
CVE-2022-48750
In the Linux kernel, the following vulnerability has been resolved: hwmon: (nct6775) Fix crash in clear_caseopen Paweł Marciniak reports the following crash, observed when clearingthe chassis intrusion alarm. BUG: kernel NULL pointer dereference, address: 0000000000000028PGD 0 P4D 0Oops: 0000 [#1] ...
CVE-2022-48762
In the Linux kernel, the following vulnerability has been resolved: arm64: extable: fix load_unaligned_zeropad() reg indices In ex_handler_load_unaligned_zeropad() we erroneously extract the data andaddr register indices from ex->type rather than ex->data. As ex->type willcontain EX_TYPE_L...
CVE-2023-52908
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix potential NULL dereference Fix potential NULL dereference, in the case when "man", the resource managermight be NULL, when/if we print debug information.
CVE-2024-58062
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: avoid NULL pointer dereference When iterating over the links of a vif, we need to make sure that thepointer is valid (in other words - that the link exists) beforedereferncing it.Use for_each_vif_active_link tha...
CVE-2025-21901
In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Add sanity checks on rdev validity There is a possibility that ulp_irq_stop and ulp_irq_startcallbacks will be called when the device is in detached state.This can cause a crash due to NULL pointer dereference asthe r...
CVE-2025-21940
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix NULL Pointer Dereference in KFD queue Through KFD IOCTL Fuzzing we encountered a NULL pointer derefrencewhen calling kfd_queue_acquire_buffers. (cherry picked from commit 049e5bf3c8406f87c3d8e1958e0a16804fa1d530)
CVE-2025-38352
In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() If an exiting non-autoreaping task has already passed exit_notify() andcalls handle_posix_cpu_timers() from IRQ, it can be reaped by its parento...
CVE-1999-1285
Linux 2.1.132 and earlier allows local users to cause a denial of service (resource exhaustion) by reading a large buffer from a random device (e.g. /dev/urandom), which cannot be interrupted until the read has completed.
CVE-2001-1395
Unknown vulnerability in sockfilter for Linux kernel before 2.2.19 related to "boundary cases," with unknown impact.
CVE-2006-3635
The ia64 subsystem in the Linux kernel before 2.6.26 allows local users to cause a denial of service (stack consumption and system crash) via a crafted application that leverages the mishandling of invalid Register Stack Engine (RSE) state.
CVE-2012-4467
The (1) do_siocgstamp and (2) do_siocgstampns functions in net/socket.c in the Linux kernel before 3.5.4 use an incorrect argument order, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (system crash) via a crafted ioctl call.
CVE-2013-1956
The create_user_ns function in kernel/user_namespace.c in the Linux kernel before 3.8.6 does not check whether a chroot directory exists that differs from the namespace root directory, which allows local users to bypass intended filesystem restrictions via a crafted clone system call.
CVE-2022-48782
In the Linux kernel, the following vulnerability has been resolved: mctp: fix use after free Clang static analysis reports this problemroute.c:425:4: warning: Use of memory after it is freedtrace_mctp_key_acquire(key);^~~~~~~~~~~~~~~~~~~~~~~~~~~When mctp_key_add() fails, key is freed but then is la...
CVE-2022-48963
In the Linux kernel, the following vulnerability has been resolved: net: wwan: iosm: fix memory leak in ipc_mux_init() When failed to alloc ipc_mux->ul_adb.pp_qlt in ipc_mux_init(), ipc_muxis not released.
CVE-2022-49899
In the Linux kernel, the following vulnerability has been resolved: fscrypt: stop using keyrings subsystem for fscrypt_master_key The approach of fs/crypto/ internally managing the fscrypt_master_keystructs as the payloads of "struct key" objects contained in a"struct key" keyring has outlived its ...
CVE-2023-52914
In the Linux kernel, the following vulnerability has been resolved: io_uring/poll: add hash if ready poll request can't complete inline If we don't, then we may lose access to it completely, leading to arequest leak. This will eventually stall the ring exit process aswell.
CVE-2024-45024
In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix hugetlb vs. core-mm PT locking We recently made GUP's common page table walking code to also walk hugetlbVMAs without most hugetlb special-casing, preparing for the future ofhaving less hugetlb-specific page table w...
CVE-2024-46684
In the Linux kernel, the following vulnerability has been resolved: binfmt_elf_fdpic: fix AUXV size calculation when ELF_HWCAP2 is defined create_elf_fdpic_tables() does not correctly account the space for theAUX vector when an architecture has ELF_HWCAP2 defined. Prior to thecommit 10e29251be0e ("...
CVE-2024-46837
In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Restrict high priorities on group_create We were allowing any users to create a high priority group without anypermission checks. As a result, this was allowing possible denial ofservice. We now only allow the DRM mast...
CVE-2024-56668
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix qi_batch NULL pointer with nested parent domain The qi_batch is allocated when assigning cache tag for a domain. Whilefor nested parent domain, it is missed. Hence, when trying to map pagesto the nested parent, NULL...
CVE-2024-57905
In the Linux kernel, the following vulnerability has been resolved: iio: adc: ti-ads1119: fix information leak in triggered buffer The 'scan' local struct is used to push data to user space from atriggered buffer, but it has a hole between the sample (unsigned int)and the timestamp. This hole is ne...
CVE-2024-57988
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btbcm: Fix NULL deref in btbcm_get_board_name() devm_kstrdup() can return a NULL pointer on failure,but thisreturned value in btbcm_get_board_name() is not checked.Add NULL check in btbcm_get_board_name(), to handle kern...
CVE-2001-0907
Linux kernel 2.2.1 through 2.2.19, and 2.4.1 through 2.4.10, allows local users to cause a denial of service via a series of deeply nested symlinks, which causes the kernel to spend extra time when trying to access the link.
CVE-2001-1399
Certain operations in Linux kernel before 2.2.19 on the x86 architecture copy the wrong number of bytes, which might allow attackers to modify memory, aka "User access asm bug on x86."
CVE-2009-3043
The tty_ldisc_hangup function in drivers/char/tty_ldisc.c in the Linux kernel 2.6.31-rc before 2.6.31-rc8 allows local users to cause a denial of service (system crash, sometimes preceded by a NULL pointer dereference) or possibly gain privileges via certain pseudo-terminal I/O activity, as demonst...
CVE-2009-3623
The lookup_cb_cred function in fs/nfsd/nfs4callback.c in the nfsd4 subsystem in the Linux kernel before 2.6.31.2 attempts to access a credentials cache even when a client specifies the AUTH_NULL authentication flavor, which allows remote attackers to cause a denial of service (NULL pointer derefere...
CVE-2009-3888
The do_mmap_pgoff function in mm/nommu.c in the Linux kernel before 2.6.31.6, when the CPU lacks a memory management unit, allows local users to cause a denial of service (OOPS) via an application that attempts to allocate a large amount of memory.
CVE-2021-47271
In the Linux kernel, the following vulnerability has been resolved: usb: cdnsp: Fix deadlock issue in cdnsp_thread_irq_handler Patch fixes the following critical issue caused by deadlock which has beendetected during testing NCM class: smp: csd: Detected non-responsive CSD lock (#1) on CPU#0smp: cs...
CVE-2022-48894
In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu-v3: Don't unregister on shutdown Similar to SMMUv2, this driver calls iommu_device_unregister() from theshutdown path, which removes the IOMMU groups with no coordinationwhatsoever with their users - shutdown methods...
CVE-2022-48964
In the Linux kernel, the following vulnerability has been resolved: ravb: Fix potential use-after-free in ravb_rx_gbeth() The skb is delivered to napi_gro_receive() which may free it, after calling this,dereferencing skb may trigger use-after-free.
CVE-2022-48965
In the Linux kernel, the following vulnerability has been resolved: gpio/rockchip: fix refcount leak in rockchip_gpiolib_register() The node returned by of_get_parent() with refcount incremented,of_node_put() needs be called when finish using it. So add it in theend of of_pinctrl_get().
CVE-2022-49919
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: release flow rule object from commit path No need to postpone this to the commit release path, since no packetsare walking over this object, this is accessed from control plane only.This helped uncovered UAF t...
CVE-2024-46696
In the Linux kernel, the following vulnerability has been resolved: nfsd: fix potential UAF in nfsd4_cb_getattr_release Once we drop the delegation reference, the fields embedded in it are nolonger safe to access. Do that last.
CVE-2024-46799
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ti: am65-cpsw: Fix NULL dereference on XDP_TX If number of TX queues are set to 1 we get a NULL pointerdereference during XDP_TX. ~# ethtool -L eth0 tx 1~# ./xdp-trafficgen udp -A -a eth0 -t 2Transmitting on eth0 (...
CVE-2024-54191
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: iso: Fix circular lock in iso_conn_big_sync This fixes the circular locking dependency warning below, by reworkingiso_sock_recvmsg, to ensure that the socket lock is always releasedbefore calling a function that locks hd...
CVE-2024-56666
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Dereference null return value In the function pqm_uninit there is a call-assignment of "pdd =kfd_get_process_device_data" which could be null, and this value waslater dereferenced without checking.
CVE-1999-1341
Linux kernel before 2.3.18 or 2.2.13pre15, with SLIP and PPP options, allows local unprivileged users to forge IP packets via the TIOCSETD option on tty devices.