2330 matches found
CVE-2011-2517
The vulnerability CVE-2011-2517 affects the Linux kernel (pre-2.6.39.2) where multiple buffer overflows in net/wireless/nl80211.c can allow local users to gain privileges by exploiting a long SSID during scan operations when CAP_NET_ADMIN is available. Impact is local privilege escalation with co...
CVE-2022-49313
CVE-2022-49313 : Linux kernel patch fixes a deadlock in usb host oxu_bus_suspend(). The issue arises when oxu_bus_suspend() holds oxu->lock while waiting for a timer to stop via del_timer_sync(), but the timer handler also needs the same lock, causing a potential deadlock. The patch removes de...
CVE-2024-44949
CVE-2024-44949 affects the Linux kernel on PA-RISC (parisc) systems. The issue stems from ARCH_DMA_MINALIGN being set to 16, enabling two unrelated 16‑byte allocations to share a cache line and risking DMA/cached writes corrupting the data. The fix updates the alignment: ARCH_DMA_MINALIGN becomes...
CVE-2024-44977
In CVE-2024-44977, the Linux kernel module drm/amdgpu is affected by a missing TA binary size validation that could allow an out-of-bounds write. The issue is resolved by adding TA binary size validation to the TA handling path. The fix was cherry-picked from commit c0a04e3570d72aaf090962156ad085...
CVE-2024-50112
In CVE-2024-50112, the Linux kernel fixes a weakness in Linear Address Masking (LAM) on x86 by disabling LAM in most cases. The vulnerability stems from transient execution risk related to LAM unless Linear Address Space Separation (LASS) is active. Until LASS support lands, LAM should only be al...
CVE-2025-22026
CVE-2025-22026 (Linux kernel) affects nfsd in the kernel. The issue: nfsd_proc_stat_init() ignored the return value of svc_proc_register(), so if procfile creation fails the kernel may WARN later during removal. The fix updates nfsd_proc_stat_init() to return the same pointer type as svc_proc_reg...
CVE-2025-37932
The CVE-2025-37932 issue affects the Linux kernel’s HTB qdisc: htb_qlen_notify() was not idempotent and could deactivate an HTB class or trigger a warning if called when already deactivated. The fix ports the function to be idempotent, easing callers such as fq_codel_dequeue() and qdisc_tree_redu...
CVE-2009-2910
CVE-2009-2910 affects the Linux kernel’s ia32 entry path on x86_64. The issue is that arch/x86/ia32/ia32entry.S does not clear certain kernel registers before returning to user mode, which allows a local attacker to read register values from an earlier process after switching an ia32 process into...
CVE-2009-3002
CVE-2009-3002 affects the Linux kernel prior to 2.6.31-rc7, where getname() implementations for IrDA, AppleTalk DDP, NET/ROM, and ROSE (and related sockets) did not initialize certain data structures before copying to user-space. This allowed a local user to leak information by calling getsocknam...
CVE-2010-3437
The vulnerability CVE-2010-3437 affects the Linux kernel (before 2.6.36-rc6) in pkt_find_dev_from_minor within drivers/block/pktcdvd.c. A crafted index value passed via PKT_CTRL_CMD_STATUS ioctl can cause a signedness error, enabling local attackers to read kernel memory or trigger a crash (DoS)....
CVE-2010-4080
CVE-2010-4080 affects the Linux kernel: snd_hdsp_hwdep_ioctl in sound/pci/rme9652/hdsp.c does not initialize a structure, enabling local attackers to leak kernel stack information via SNDRV_HDSP_IOCTL_GET_CONFIG_INFO. Affected products/versions: Linux kernel before 2.6.36-rc6. Impact is an inform...
CVE-2011-1017
CVE-2011-1017 relates to a heap-based buffer overflow in the Linux kernel’s LDM code path. Affected component: fs/partitions/ldm.c (ldm_frag_add) in kernel 2.6.37.2 and earlier. Root cause cited in connected docs: bugs in evaluating LDM partitions could crash the kernel for certain corrupted LDM ...
CVE-2011-1076
CVE-2011-1076 affects the Linux kernel up to 2.6.37 in dns_key.c; remote DNS servers sending invalid responses can trigger a NULL pointer dereference/OOPS, leading to a denial of service. Reports from SUSE/Red Hat/NVD corroborate. Remediation: upgrade to kernel 2.6.38 or newer (vendor patches). E...
CVE-2018-25015
CVE-2018-25015 affects the Linux kernel up to version 4.14.15, with a use-after-free in net/sctp/socket.c when a lock is held after a peel-off (CID-a0ff660058b8). Exploitation details are not provided in the supplied documents, but CVSS v3 indicates a high impact. The ChangeLog entry for 4.14.16 ...
CVE-2022-40476
CVE-2022-40476: A NULL pointer dereference in fs/io_uring.c of the Linux kernel prior to 5.15.62 allows a local user to crash the system or potentially cause a denial of service. Affected software: Linux kernel (pre-5.15.62). Root cause: NULL pointer dereference in io_uring handling. Impact: loca...
CVE-2022-48853
The CVE-2022-48853 entry concerns a Linux kernel swiotlb information leak when using DMA_FROM_DEVICE during SCSI SG I/O. The description explains a multi-step scenario where a bounce buffer and swiotlb can expose non-zero data from user space, potentially leaking content when the TUR (Test Unit R...
CVE-2022-49033
CVE-2022-49033 affects the Linux kernel’s btrfs qgroup code, where a sleep was performed in an invalid context during qgroup inheritance. The advisory and connected documents describe the fix as: call qgroup_dirty() on the destination qgroup and update the limit item in btrfs_run_qgroups() later,...
CVE-2022-49279
The CVE-2022-49279 issue affects the Linux kernel’s NFSD component and arises from an integer overflow on 32‑bit systems in the operation len * sizeof(*p). Public descriptions in the provided documents confirm the root cause and affected area, but do not specify a fixed patch version or remediati...
CVE-2023-4611
CVE-2023-4611 is a use-after-free in the Linux kernel memory subsystem (mm/mempolicy.c) caused by a race between mbind() and VMA-locked page fault. The vulnerability could allow a local attacker to crash the system or leak kernel information. Connected sources confirm the affected component and t...
CVE-2023-53089
CVE-2023-53089 affects the Linux kernel ext4/xattr path. The issue occurs during eviction of inodes with extended attributes (EA) where ext4_xattr_delete_inode triggers a hang due to finding an EA inode (ea_inum = 15) that is in I_FREEING state and waiting for the EA inode’s deletion, causing an ...
CVE-2024-38580
CVE-2024-38580 is a Linux kernel vulnerability in the epoll path where epoll could race with the last fput(), causing a file reference to go dead and potentially leading to use-after-free when epoll calls into vfs_poll(). The fix adds a validation to ensure a valid file reference is held before d...
CVE-2024-41002
The connected documents confirm CVE-2024-41002 affects the Linux kernel crypto path for Hisilicon SEC (AIV resource) where releasing SEC resources could leak memory. The root cause is improper synchronization of AIV release with sec resource cleanup, leading to a memory leak when resources are fr...
CVE-2024-41078
CVE-2024-41078 (Linux kernel, btrfs qgroup) fixes a quota root leak that occurs if quota disable cleanup fails, leaking the quota root via fs_info->quota_root. The root cause is a missing btrfs_put_root() on the out path when dropping quota root references; a NULL assignment previously happene...
CVE-2024-42083
CVE-2024-42083 affects the Linux kernel, addressing a bug in ionic_run_xdp() where multi-buffer jumbo frames were not fully unmapped for XDP_TX/XDP_REDIRECT. SG pages could be reused, causing a kernel panic (general protection fault). A patch/fix was applied in the kernel (e.g., 6.10.x targets an...
CVE-2024-43883
CVE-2024-43883 is a Linux kernel issue in the usb vhci-hcd driver. The bug allowed stale references to be carried due to dropping existing references before new ones are gained, potentially enabling use-after references. The description and linked advisories show the root cause as racing/dropping...
CVE-2024-46802
CVE-2024-46802 affects the Linux kernel’s DRM-AMD display path. The vulnerability is a NULL-dereference in drm/amd/display when validating a stream, caused by missing NULL checks for dc or stream. The fixed code adds a NULL check at the start of dc_validate_stream to prevent invalid memory access...
CVE-2024-46803
CVE-2024-46803 (Linux kernel) affects the DRM AMD kernel component (amdkfd). In interrupt context, writing dbg_ev_file via a workqueue can occur after debug_trap_disable, yielding a NULL pointer dereference. The fix adds a guard by canceling the work item (debug_event_workarea) before setting dbg...
CVE-2024-46832
CVE-2024-46832 involves the Linux kernel, specifically the MIPS cevt-r4k path. The issue arose when get_c0_compare_int was called if a timer IRQ was installed, which could trigger a WARN/BUG: sleeping function called from invalid context on secondary CPU. The patch changes the flow to avoid calli...
CVE-2024-49940
CVE-2024-49940 : In the Linux kernel, a tunnel refcount underflow could occur in L2TP handling. The issue stems from a race where session->tunnel is non-NULL in a window between session creation and tunnel refcount increment during l2tp_session_register, allowing a backpointer to a tunnel whos...
CVE-2025-21833
CVE-2025-21833 : In the Linux kernel, the vulnerability affects iommu/vt-d logic where a NULL pointer could be dereferenced after a WARN_ON_ONCE if domain_remove_dev_pasid cannot find the pasid. The issue has been resolved in the kernel code path that avoids using a NULL pointer post-WARN_ON_ONCE...
CVE-2025-22025
CVE-2025-22025 concerns the Linux kernel NFS server (nfsd) where, before queuing dl_recall in nfsd4_run_cb, the code increments a reference count on dl_stid. If queuing fails, the callback path does not run, and the corresponding dl_stid reference is not decremented, leading to a leak of nfs4_sti...
CVE-2025-22037
CVE-2025-22037 (Linux kernel) : Affects ksmbd in the Linux kernel. A malformed SMB2 negotiate request could lead ksmbd to respond with an error and, if the client then proceeds to session setup, trigger a NULL pointer dereference in alloc_preauth_hash(). The patch introduces a new KSMBD_SESS_NEED...
CVE-2025-37852
CVE-2025-37852 affects the Linux kernel DRM/AMDGPU stack. The root cause is errors from amdgpu_cgs_create_device() in amd_powerplay_create(), which could lead to a null pointer dereference if not handled. The fix propagates the failure to the caller, releases the hwmgr, and returns -ENOMEM instea...
CVE-2010-1437
CVE-2010-1437 is a race condition in the Linux kernel’s keyring handling (find_keyring_by_name in security/keys/keyring.c) affecting version 2.6.34-rc5 and earlier. A local user can exploit this via keyctl session commands that access a dead keyring being deleted by key_cleanup, leading to memory...
CVE-2010-3080
CVE-2010-3080 is a double-free vulnerability in the Linux kernel’s snd_seq_oss_open() (sound/core/seq/oss/seq_oss_init.c) affecting kernels before 2.6.36-rc4. An unsuccessful open of /dev/sequencer could trigger kernel memory corruption, leading to local denial of service and potentially other im...
CVE-2011-2492
CVE-2011-2492 affects the Linux kernel Bluetooth subsystem prior to 3.0-rc4, where certain data structures are not properly initialized. The flaw is exploited via a crafted getsockopt system call in the l2cap_sock_getsockopt_old and rfcomm_sock_getsockopt_old paths, enabling local users to obtain...
CVE-2012-0038
CVE-2012-0038 affects the Linux kernel prior to 3.1.9. An integer overflow in fs/xfs/xfs_acl.c (xfs_acl_from_disk) can be triggered by a malformed ACL on a filesystem, leading to a heap-based buffer overflow and a local-denial-of-service (panic). A fix was released in 3.1.9. Users should upgrade ...
CVE-2014-1739
CVE-2014-1739 affects the Linux kernel before 3.14.6, where the function media_device_enum_entities in drivers/media/media-device.c fails to initialize a data structure. This leads to an information disclosure vulnerability: a local attacker with access to /dev/media0 can read kernel memory throu...
CVE-2017-10662
The CVE-2017-10662 issue affects the Linux kernel’s F2FS implementation: the sanity_check_raw_super function in fs/f2fs/super.c fails to validate the segment count, enabling local privilege escalation. Concretely, affected versions are before 4.11.1. Several connected advisories (e.g., UTSA/Euler...
CVE-2022-3078
CVE-2022-3078 affects Linux kernels up to 5.16-rc6; it arises from a lack of a post-allocation check after vzalloc() and a missing free in drivers/media/test-drivers/vidtv/vidtv_s302m.c. This can enable memory mismanagement within the affected driver. A fix is available in kernel patch history (e...
CVE-2023-0160
CVE-2023-0160 corresponds to a deadlock in the Linux kernel BPF subsystem that can be exploited locally to crash the system. Connected documents confirm the issue arises in the kernel’s eBPF/BPF path and affect Linux kernel versions including Astra Linux references to linux-5.10/5.15. The Amazon ...
CVE-2023-53097
CVE-2023-53097: In the Linux kernel powerpc IOMMU path, a memory leak occurs when using debugfs_lookup() because the result isn’t dput()-ed; the fix uses debugfs_lookup_and_remove() to handle the lookup and release in one step. The vulnerability is described as local, with potential high impact t...
CVE-2024-26842
The CVE-2024-26842 issue is a Linux kernel vulnerability in the SCSI UFS host controller code (ufshcd_clear_cmd). In MCQ mode, when task_tag >= 32 and sizeof(unsigned int) == 4, 1U <
CVE-2024-35868
CVE-2024-35868 is a Linux kernel vulnerability related to the SMB/CIFS client: it fixes a potential use-after-free in cifs_stats_proc_write() by skipping sessions that are tearing down (status SES_EXITING). The issue is addressed in Linux kernel updates; multiple Red Hat advisories (RHSA-2026:053...
CVE-2024-42087
CVE-2024-42087 affects the Linux kernel in the drm/panel/ilitek-ili9881c GPIO reset implementation. The issue arises from using gpiod_set_value() for a GPIO controller that may sleep, which triggers warnings. A fix replaces the non-sleeping call with gpiod_set_value_cansleep(), addressing the war...
CVE-2009-3620
CVE-2009-3620 affects the ATI Rage 128 (r128) driver in the Linux kernel, where the driver fails to properly verify Concurrent Command Engine (CCE) state initialization. This local vulnerability can cause a NULL pointer dereference and system crash (DoS) and may allow privilege escalation via uns...
CVE-2010-4160
The CVE-2010-4160 issue is present in the Linux kernel before 2.6.36.2, involving multiple integer overflows in the PPPoL2TP and IPoL2TP sendmsg paths (pppol2tp_sendmsg and l2tp_ip_sendmsg). The vulnerability can allow local users to trigger a denial of service through heap memory corruption and ...
CVE-2010-4656
CVE-2010-4656 affects the Linux kernel’s USB iowarrior driver (drivers/usb/misc/iowarrior.c). The root cause is improper buffer/memory allocation in iowarrior_write, enabling a heap-based buffer overflow via a long report from a malicious device. This aligns with openSUSE/SUSE advisories noting a...
CVE-2014-3185
CVE-2014-3185 affects the Linux kernel’s Whiteheat USB Serial Driver (drivers/usb/serial/whiteheat.c). The vulnerability allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) by presenting a crafted USB device that suppli...
CVE-2022-3544
CVE-2022-3544 describes a memory leak in the Linux kernel within Netfilter, specifically the damon_sysfs_add_target function in mm/damon/sysfs.c. The issue is triggered through manipulation of target handling and is described as a vulnerability in the kernel’s Netfilter component. The initial des...