CVE-2023-52462

CVE-2023-52462 concerns the Linux kernel BPF spill-pointer bug. Technical details in connected docs indicate the vulnerability arises when a register is spilled onto the stack as 1/2/4-byte registers, leading to incorrect checking of spilled slots via slot_type and the need to consult slot_type[7...

CVE-2021-46905

CVE-2021-46905 : Linux kernel vulnerability where a NULL-pointer dereference was introduced in net: hso during tty device unregistration after a minor was released. The issue arose because the serial device table could be accessed post-release of the minor by hso_serial_tty_unregister(), leading ...

CVE-2024-26594

CVE-2024-26594 affects the Linux kernel ksmbd component, where invalid mech tokens in session setup are validated and result in an error. The vulnerability is described as a local issue with high impact on confidentiality/availability (per the CVSS data in the initial document). The connected Ast...

CVE-2014-3153

The CVE-2014-3153 issue affects the Linux kernel futex_requeue path (kernel/futex.c) through version 3.14.5. A local unprivileged user can exploit FUTEX_REQUEUE with two identical futex addresses to gain privileges or modify waiter state, causing potential privilege escalation and memory impact. ...

CVE-2020-36775

CVE-2020-36775 affects the Linux kernel’s f2fs subsystem. The vulnerability was tied to a potential deadlock in the f2fs_write_compressed_pages() path, mitigated by using f2fs_trylock_op() (consistent with the approach used in f2fs_write_single_data_page()) to avoid deadlocks. The concrete fix is...

CVE-2011-3188

CVE-2011-3188 affects the Linux kernel prior to 3.1, where IPv4 and IPv6 sequence numbers/Fragment IDs are generated with a modified MD4. This predictable value generation enables remote attackers to cause DoS or hijack sessions by crafting packets. The vulnerability is mitigated by upgrading the...

CVE-2021-46906

CVE-2021-46906 — Linux kernel HID (usbhid) info leak fix : The vulnerability arises in hid_submit_ctrl where report->size of zero caused transfer_buffer_length to be calculated as 16384, enabling an information leak. The root cause is the calculation in hid_report_len() not handling a zero-siz...

CVE-2013-2094

CVE-2013-2094 affects the Linux kernel: the perf_swevent_init code in kernel/events/core.c uses an incorrect integer type, enabling a local, unprivileged user to escalate privileges via a crafted perf_event_open call. The issue leads to out-of-bounds access of perf_swevent_enabled and has been fi...

CVE-2013-6282

The CVE-2013-6282 issue affects the Linux kernel on ARM v6k/v7 where get_user and put_user do not validate certain addresses, enabling an unprivileged user to read/write arbitrary kernel memory. Exploitation was reported in the wild on Android devices in late 2013. Affected kernel versions includ...

CVE-2023-52439

CVE-2023-52439 is a Linux kernel UIO subsystem use-after-free vulnerability. The issue occurs in a race between core-1 (uio_unregister_device) and core-2 (uio_open) where device_unregister frees idev, then core-2 may still access idev, leading to use-after-free and potential double free of idev v...

CVE-2019-10638

The CVE-2019-10638 entry concerns the Linux kernel IT: the IP ID values used for connectionless protocols (UDP/ICMP) in kernels prior to 5.1.7. The underlying issue is weak hashing of IP IDs, enabling an attacker to track a host across networks by correlating IDs and potentially obtain the hashin...

CVE-2020-10711

The CVE-2020-10711 entry concerns a NULL pointer dereference in the Linux kernel SELinux subprocess during CIPSO category bitmap import. Affected are kernel versions before 5.7; processing the CIPSO restricted bitmap tag in cipso_v4_parsetag_rbm sets a security attribute indicating the bitmap exi...

CVE-2021-33033

The connected sources confirm CVE-2021-33033 affects the Linux kernel up to 5.11.14, with a use-after-free in cipso_v4_genopt (net/ipv4/cipso_ipv4.c) due to mishandled CIPSO/CALIPSO DOI refcounting, enabling writing an arbitrary value. Exploitation would be local. Remediation is to upgrade to a f...

CVE-2019-14284

CVE-2019-14284 affects the Linux kernel prior to 5.2.3, where floppy.c can suffer a division-by-zero in setup_format_params. Two consecutive ioctls can trigger a DOs: the first ioctl sets geometry (.sect/.rate) such that F_SECT_PER_TRACK becomes zero; the second triggers the floppy format operati...

CVE-2021-3773

CVE-2021-3773 is a netfilter information-disclosure vulnerability in the Linux kernel that could allow a network-connected attacker to infer the OpenVPN connection endpoint. The issue is described as an information leak through netfilter, enabling reconnaissance for further attacks. Exploitation ...

CVE-2018-20856

CVE-2018-20856 : Linux kernel before 4.18.7 contains a use-after-free in block/blk-core.c__blk_drain_queue() when an error case is mishandled. This could allow a local attacker to cause a denial of service or, potentially, execute arbitrary code. The issue was addressed in the 4.18.7 patch releas...

CVE-2019-17666

CVE-2019-17666 affects the Linux kernel Realtek rtlwifi driver (rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c). The root cause is a missing upper-bound check that leads to a buffer overflow. Impact stated in sources includes memory corruption and potential remote code execution, wit...

CVE-2010-3904

CVE-2010-3904 is a Linux kernel flaw in the RDS implementation where rds_page_copy_user does not validate user-space addresses, enabling local privilege escalation via crafted sendmsg/recvmsg calls. Affected: Linux kernels prior to 2.6.36; fixed in later kernel releases (e.g., Red Hat/CentOS advi...

CVE-2019-11478

CVE-2019-11478 describes a DoS in the Linux kernel TCP SACK handling where the TCP retransmission queue can fragment, leading to degraded performance or denial of service when processing crafted SACK sequences. The initial entry notes a fixed commit f070ef2ac66716357066b683fb0baf55f8191a2e and st...

CVE-2019-15505

CVE-2019-15505 affects the technisat-usb2 media driver in Linux kernels up to 5.2.9. The issue arises from improper validation of incoming IR packets, leading to a heap buffer over-read. An attacker capable of adding USB devices (potentially via remote USB technologies like usbip/usbredir) could ...

CVE-2021-29650

CVE-2021-29650 affects the Linux kernel prior to 5.11.11. The netfilter subsystem (net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h) may omit a full memory barrier when a new table value is assigned, enabling a local attacker to trigger a DoS/panic in netfilter. The issue is docume...

CVE-2019-14283

CVE-2019-14283 affects the Linux kernel up to version 5.2.2, where floppy drive handling in set_geometry() in drivers/block/floppy.c fails to validate sect and head, enabling an integer overflow and out-of-bounds read. This can be triggered by an unprivileged local user when a floppy is present (...

CVE-2021-33034

CVE-2021-33034 is a use-after-free in Linux kernel before 5.12.4 in net/bluetooth/hci_event.c when destroying an hci_chan, enabling arbitrary writes. Affected: Linux kernel before 5.12.4 (Bluetooth HCI driver). Mitigation: upgrade to 5.12.4 or later (ChangeLog-5.12.4).

CVE-2023-52435

CVE-2023-52435 affects the Linux kernel’s net/ skb_segment() and can overflow MSS when computing mss = mss * partial_segs, risking a crash (e.g., GSO_BY_FRAGS) and triggering NULL pointer dereferences in some traces. The fix adds a guard to ensure the new MSS is smaller than GSO_BY_FRAGS, prevent...

CVE-2020-25705

CVE-2020-25705 is a Linux kernel ICMP handling flaw that lets an off-path attacker bypass UDP source port randomization and rapidly scan open UDP ports. Affected products include various kernel versions and embedded/Linux-based devices; remediation is via kernel updates (e.g., CentOS/AlmaLinux ad...

CVE-2023-1206

CVE-2023-1206 describes a hash collision flaw in the Linux kernel’s IPv6 connection lookup table that can allow a local attacker or a user with high bandwidth to cause significant CPU spike (up to 95%) on the server accepting IPv6 connections. Connected advisories show this CVE being addressed in...

CVE-2014-0196

CVE-2014-0196 affects the Linux kernel (through 3.14.3) specifically the n_tty_write function in drivers/tty/n_tty.c. The flaw permits a local user to trigger a race condition between read and write operations with long strings in the LECHO & !OPOST case, enabling denial of service (memory corrup...

CVE-2021-41864

CVE-2021-41864 affects the Linux kernel (pre-5.14.12) in prealloc_elems_and_freelist() within kernel/bpf/stackmap.c. An unprivileged local user can trigger an eBPF multiplication overflow, causing an out-of-bounds write and potential memory corruption or system crash. The issue is fixed in Linux ...

CVE-2023-42754

CVE-2023-42754 is a vulnerability in the Linux kernel IPv4 stack: a NULL pointer dereference where skb may not be bound to a device before __ip_options_compile if the skb is re-routed by ipvs. The impact is a local crash under CAP_NET_ADMIN. Public details in connected advisories reaffirm the iss...

CVE-2023-39194

CVE-2023-39194 – The Apollo/CVE entry documents a flaw in the Linux kernel XFRM subsystem: during processing of state filters, an out-of-bounds read past the end of an allocated buffer can be triggered by a local attacker with CAP_NET_ADMIN privileges, potentially leading to information disclosur...

CVE-2023-39193

CVE-2023-39193 affects the Linux kernel Netfilter SCTP path, where sctp_mt_check fails to validate the flag_count field, enabling a local attacker with CAP_NET_ADMIN to trigger an out-of-bounds read that can crash the system or cause information disclosure. Connected advisories (Red Hat, AlmaLinu...

CVE-2020-10732

CVE-2020-10732 describes a Linux Kernel flaw in the Userspace core dumps implementation. According to connected IBM bulletin entries, the issue: allows a local authenticated attacker to obtain sensitive information or cause a program crash by exploiting the core-dump handling path. The vulnerabil...

CVE-2020-28374

CVE-2020-28374 affects the Linux kernel’s SCSI target (LIO) code, specifically drivers/target/target_core_xcopy.c, where insufficient identifier checking could let a remote attacker read or write files via directory traversal in an XCOPY request. Affected component is the Linux kernel prior to 5....

CVE-2022-1011

CVE-2022-1011: A use-after-free vulnerability in the Linux kernel FUSE implementation when a user triggers write(), enabling local privilege escalation. Affected component is the FUSE filesystem in the kernel; impact is unauthorized access to data from FUSE mounts and potential escalation. Connec...

CVE-2023-39192

CVE-2023-39192 : A flaw in the Linux kernel Netfilter xt_u32 module allows a local privileged attacker to trigger an out-of-bounds read by crafting improper values in the xt_u32 structure. The root cause is missing validation of fields in xt_u32, leading to crash or information disclosure. Impact...

CVE-2023-1192

CVE-2023-1192 denotes a use-after-free in CIFS smb2_is_status_io_timeout() within the Linux kernel, where memory freed during a system call and CIFS’ later access to that memory can trigger a denial of service. The connected advisories confirm this UAF issue exists in kernel CIFS code and link it...

CVE-2021-33624

CVE-2021-33624 affects the Linux kernel prior to 5.12.13, where the eBPF verifier in kernel/bpf/verifier.c could mispredict branches (e.g., due to type confusion), allowing an unprivileged BPF program to read arbitrary kernel memory locations via a side-channel attack. Several connected advisorie...

CVE-2021-46928

CVE-2021-46928 affects the Linux kernel on parisc: a trap7 (Instruction access rights) could leave the cr19 IIR register with a stale value. The patch fixes this by overwriting the stale IIR with the constant 0xbaadf00d when the trap occurs, preventing confusing dump values. The issue arises beca...

CVE-2021-4083

CVE-2021-4083 is a read-after-free in Linux kernel Unix domain socket GC triggered by a race between close() and fget(). Affected kernels are prior to 5.16-rc4. Local users could crash the system or escalate privileges. Affected products include upstream kernel and Linux distributions (Astra Linu...

CVE-2023-3567

CVE-2023-3567 is a use-after-free vulnerability in Linux kernel code (vc_screen.c: vcs_read in vc_screen) that can allow a local attacker to crash the system or leak kernel information. Connected advisories (Astra Linux, CIRCL sighting, and Amazon Linux advisories) confirm the same UAF issue and ...

CVE-2023-1829

CVE-2023-1829 affects the Linux kernel tcindex subsystem. A use-after-free can occur in tcindex_delete when filters are not properly deactivated for a perfect-hash underlying structure, potentially enabling local privilege escalation to root. The flaw is tied to the traffic control index filter (...

CVE-2019-15927

CVE-2019-15927: A Linux kernel issue before 4.20.2 allows an out-of-bounds access in build_audio_procunit() within sound/usb/mixer.c, enabling local exploitation under affected kernels. The vulnerability is triggered by an out-of-bounds access in the function, as documented in the CVE entry and t...

CVE-2021-3640

The CVE-2021-3640 entry is confirmed with concrete technical details in Connected documents: a use-after-free in the Linux kernel HCI sco_sock_sendmsg() is triggered by user actions around UFFDIO_REGISTER and related race with sco_conn_del(). The flaw allows a local privileged user to crash the s...

CVE-2019-11884

The CVE-2019-11884 entry affects the Linux kernel's HIDP path. It concerns the do_hidp_sock_ioctl in net/bluetooth/hidp/sock.c, where a HIDPCONNADD command can leak data from kernel stack memory due to a name field not properly ending with a NUL terminator. The vulnerability allows local attacker...

CVE-2021-4155

CVE-2021-4155 is a data-leak in the XFS filesystem via the XFS_IOC_ALLOCSP IOCTL that increases the size of files with unaligned sizes. A local attacker could leak data not accessible otherwise. Affected: Linux kernel with XFS. Root cause: flaw in handling size increases for unaligned allocations...

CVE-2021-28950

CVE-2021-28950 affects the Linux kernel FUSE path: the issue is in fs/fuse/fuse_i.h and causes a stall on the CPU when a retry loop keeps selecting the same bad inode. A patch-level fix exists in kernel releases up to 5.11.8 and later (addresses the underlying bad-inode handling in FUSE); some so...

CVE-2019-11487

The CVE-2019-11487 issue affects the Linux kernel prior to 5.1-rc5, enabling a page->_refcount overflow that can cause use-after-free when large RAM (≈140 GiB) is present, notably under FUSE workloads (fs/fuse/dev.c, mm/gup.c, mm/hugetlb.c, etc.). Affects multiple kernel components (fs/fuse, f...

CVE-2020-26558

CVE-2020-26558: Bluetooth Core 2.1–5.2 Passkey entry/mitm reflection vulnerability. Nearby attacker could identify the Passkey during pairing by reflecting public key and authentication evidence, enabling completion of authenticated pairing with the correct Passkey. Astra Linux bulletin repeats t...

CVE-2020-14385

CVE-2020-14385 affects the Linux kernel prior to 5.9-rc4. A failure in the XFS file system metadata validator can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt, potentially shutting down the filesystem or making it inaccessible until remounted, resulting ...

CVE-2018-9568

This CVE-2018-9568 entry concerns the Linux kernel socket code: In sk_clone_lock of sock.c, a memory corruption due to type confusion could allow local privilege escalation without user interaction. Affected product/version in the initial doc is Android kernel; connected MiracleLinux advisory con...