2330 matches found
CVE-2020-36385
CVE-2020-36385 is a use-after-free in the Linux kernel prior to 5.10, specifically in drivers/infiniband/core/ucma.c where the ctx is reachable via the ctx_list in certain ucma_migrate_id paths when ucma_close is called. This vulnerability affects the Linux kernel before 5.10; a fix is referenced...
CVE-2018-20836
CVE-2018-20836 : A race condition in the Linux kernel before 4.20, specifically in drivers/scsi/libsas/sas_expander.c (smp_task_timedout() vs smp_task_done()), can lead to a use-after-free. Affected: Linux kernel versions prior to 4.20. Impact is described as high by CVSS. The provided documents ...
CVE-2022-0330
CVE-2022-0330 affects the Linux kernel i915 GPU driver. The root cause is a missing GPU TLB flush in the i915 driver, enabling a local attacker to cause a denial of service or privilege escalation by running code on the GPU. Public documents from connected sources confirm the flaw and its associa...
CVE-2022-29582
CVE-2022-29582 refers to a use-after-free in the Linux kernel io_uring timeout handling. The vulnerability resides in fs/io_uring.c and stems from a race condition in io_uring timeouts that can be triggered by a local user who does not have access to any user namespace. The initial description no...
CVE-2023-2177
CVE-2023-2177 describes a NULL pointer dereference in SCTP processing in Linux kernel: if stream_in allocation fails, stream_out is freed and later accessed, allowing a local user to crash the system or cause a denial of service. Affected component: net/sctp/stream_sched.c. Exploitation info is n...
CVE-2019-11810
CVE-2019-11810 affects the Linux kernel up to version before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails inside megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c, leading to a Denial of Service tied to a use-after-free. Public advisories note...
CVE-2023-0459
CVE-2023-0459: Linux kernel on 64-bit systems is affected by a local elevation of information disclosure due to Copy_from_user bypassing __uaccess_begin_nospec, bypassing access_ok and allowing a user to pass a kernel pointer to copy_from_user. Root cause is the __uaccess_begin_nospec handling. I...
CVE-2020-27777
The CVE-2020-27777 issue concerns the Linux kernel on PowerPC: RTAS memory accesses in the userspace-to-kernel path allow a local, root-like user on a locked-down guest (Secure Boot) running on PowerVM or KVM/pseries to escalate privileges to the running kernel. Root cause is an improper handling...
CVE-2020-11668
CVE-2020-11668 affects the Linux kernel drivers/media/usb/gspca/xirlink_cit.c (Xirlink camera USB driver). The issue arises from mishandling invalid USB descriptors in this driver, as reported in multiple advisories. The connected documents confirm that this vulnerability can enable a local attac...
CVE-2020-25285
CVE-2020-25285 is a race condition in the Linux kernel hugetlb sysctl handlers (mm/hugetlb.c) that could allow a local attacker to corrupt memory or trigger NULL pointer dereferences. Public docs (e.g., ChangeLog-5.8.8) indicate the fix was released in kernel 5.8.8; Ubuntu/Debian advisories refer...
CVE-2022-0322
The CVE-2022-0322 entry concerns a flaw in the Linux kernel SCTP implementation. Specifically, in net/sctp/sm_make_chunk.c, the function sctp_make_strreset_req can trigger a BUG_ON when an operation uses more buffer than allocated, enabling local privilege access to cause a denial of service. Con...
CVE-2021-46926
CVE-2021-46926 concerns the Linux kernel ALSA: hda: intel-sdw-acpi component. The flaw arises from the code setting an ACPI handle pointer before confirming the target is a SoundWire controller, allowing a graph-walk flow to continue after pointer assignment. A patch changes the logic to set call...
CVE-2020-27171
The vulnerability CVE-2020-27171 affects Linux kernels before 5.11.8. The issue is in kernel/bpf/verifier.c, where an off-by-one error enables integer underflow that can trigger out-of-bounds speculation in pointer arithmetic, allowing side-channel leakage of kernel memory and defeating Spectre m...
CVE-2021-29155
CVE-2021-29155 is a Linux kernel issue affecting the eBPF verifier path (kernel/bpf/verifier.c) that allows speculative-out-of-bounds memory accesses to leak kernel memory via side-channels. The description from connected documents ties the vulnerability to Spectre mitigations and notes that a lo...
CVE-2018-18397
The vulnerability CVE-2018-18397 affects the Linux kernel prior to 4.19.7, where the userfaultfd implementation mishandles access control for certain UFFDIO ioctls (fs/userfaultfd.c and mm/userfaultfd.c). A local attacker with read permissions on a tmpfs file containing holes could write data int...
CVE-2023-0394
CVE-2023-0394: A NULL pointer dereference in rawv6_push_pending_frames() of the Linux kernel (net/ipv6/raw.c) can cause a crash (DoS). The issue is confirmed across multiple advisories (e.g., Astra Linux and Brocade/SANnav postings) as a Linux kernel vulnerability, with no explicit public exploit...
CVE-2020-12654
CVE-2020-12654 affects the Linux kernel prior to 5.5.4. The vulnerability is a heap-based buffer overflow in mwifiex_ret_wmm_get_status() (drivers/net/wireless/marvell/mwifiex/wmm.c) caused by an incorrect memcpy when processing WMM parameters from a remote AP. A crafted AP can trigger overflow a...
CVE-2021-3669
CVE-2021-3669 is a Linux kernel vulnerability where measuring shared memory usage does not scale with large shared memory segment counts, enabling resource exhaustion and DoS. Connected sources confirm the issue affects multiple kernel versions and distributions, with remediations following vendo...
CVE-2018-20855
CVE-2018-20855 affects Linux kernel before 4.18.7. In mlx5InfiniBand, create_qp_common (mlx5_ib_create_qp_resp) was never initialized, leaking stack memory to userspace. Upstream fix shipped with kernel 4.18.7 (commit 0625b4ba1a5d4703c7fb01c497bd6c156908af00). Mitigation: upgrade to 4.18.7+ or ap...
CVE-2018-20976
CVE-2018-20976 affects the Linux kernel prior to 4.18, specifically a use-after-free in fs/xfs/xfs_super.c related to xfs_fs_fill_super during mount failure. The vulnerability can lead to memory corruption or crash and is exploitable via a local attack, with no authentication required per the CVE...
CVE-2024-26591
CVE-2024-26591: Linux kernel vulnerability in bpf_tracing_prog_attach can crash with NULL pointer dereference due to missing attach_btf when attaching tracing programs (rawtp/fentry chain). The issue arises in a sequence of loading a rawtp program, loading an fentry with rawtp as target, creating...
CVE-2020-10766
CVE-2020-10766 is a Linux kernel vulnerability tied to the SSBD mitigation logic, enabling a local attacker to temporarily disable SSBD during a context switch due to per-task STIPB switching. Connected advisories confirm affected kernels (e.g., Linux 5.4.x/5.8 era) and provide patch info: Debian...
CVE-2019-15666
CVE-2019-15666 affects the Linux kernel prior to 5.0.19, with an out-of-bounds array access in __xfrm_policy_unlink caused by improper directory validation in net/xfrm/xfrm_user.c. This can lead to denial of service. Nexus/connected advisories confirm the same impact and recommend upgrading the k...
CVE-2022-2588
CVE-2022-2588 affects the Linux kernel's net/sched cls_route filter. The issue arises when the kernel fails to remove an old filter from the hashtable if the filter handle equals 0, potentially enabling local impact. The available connected advisories confirm the root cause in the cls_route path ...
CVE-2020-36322
The CVE-2020-36322 issue affects the Linux kernel FUSE filesystem implementation, where fuse_do_getattr() could call make_bad_inode() in inappropriate situations, potentially causing a system crash. The vulnerability is tied to the FUSE path and was partially addressed by a fix, with the incomple...
CVE-2021-3612
CVE-2021-3612 is an out-of-bounds memory write flaw in the Linux kernel joystick subsystem exploitable by a local user via the JSIOCSBTNMAP ioctl. The advisory notes potential system crash and possible privilege escalation. Affected disclosures reference pre-5.13.2 revisions (e.g., fixes upstream...
CVE-2019-5108
CVE-2019-5108 is an exploitable denial-of-service in the Linux kernel prior to mainline 5.3. An attacker can trigger IAPP location updates for stations before authentication completes by forging Authentication/Association Request packets, leading to potential CAM-table attacks or traffic flapping...
CVE-2023-6546
CVE-2023-6546 describes a race condition in the Linux kernel’s GSM 0710 tty multiplexor. Two threads can race on GSMIOC_SETCONF on the same tty when gsm line discipline is enabled, triggering a use-after-free of the gsm_dlci during GSM mux restart and potentially enabling local privilege escalati...
CVE-2019-15221
CVE-2019-15221 affects the Linux kernel up to version 5.1.17. A NULL pointer dereference can be triggered by a malicious USB device via the sound/usb/line6/pcm.c driver, leading to denial of service or system instability. Affected component is the kernel sound USB Line6 PCM driver; root cause is ...
CVE-2020-12653
CVE-2020-12653 affects the Linux kernel prior to 5.5.4, caused by an incorrect memcpy in the mwifiex_cmd_append_vsie_tlv() function (drivers/net/wireless/marvell/mwifiex/scan.c). This enables a local attacker to gain elevated privileges or cause a denial of service due to a buffer overflow. Conne...
CVE-2019-19767
CVE-2019-19767 affects the Linux kernel prior to 5.4.2, due to mishandling of ext4_expand_extra_isize which can cause use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry (fs/ext4/inode.c and fs/ext4/super.c; CID-4ea99936a163). This is a kernel-level vulnerability impacting ext4-r...
CVE-2020-10768
CVE-2020-10768 affects the Linux kernel prior to 5.8-rc1, where prctl() can re-enable indirect branch speculation after it has been disabled, enabling Spectre v2-style disclosure. The vulnerability has Local attack vector and primarily impacts confidentiality; no exploitation details are provided...
CVE-2019-19532
CVE-2019-19532 affects the Linux kernel up to 5.3.8, with multiple out-of-bounds write bugs triggered by a malicious USB device in HID drivers (e.g., HID-AXFF, HID-EMSFF, HID-LOGITECH-HIDPP, HID-MICROSOFT, HID-SONY, HID-TMFF, HID-ZPFF, and others). The root cause is out-of-bounds writes in HID dr...
CVE-2019-20054
CVE-2019-20054 affects the Linux kernel prior to 5.0.6, with a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c (related to put_links, CID-23da9588037e). The fix is included in kernel 5.0.6 (and later). Public exploit details are not provided in the supplied documents. Rec...
CVE-2020-10690
The CVE-2020-10690 entry affects Linux kernel versions before 5.5. It is caused by a race between the release of ptp_clock and the cdev during resource deallocation, which can free the cdev structure while a high-privileged process holding /dev/ptpX is sleeping. When the underlying device is remo...
CVE-2019-12819
CVE-2019-12819 affects the Linux kernel (pre-5.0) where __mdiobus_register() in drivers/net/phy/mdio_bus.c calls put_device(), triggering a fixed_mdio_bus_init use-after-free and resulting in a denial of service. The connected Nessus/OpenVAS entries replicate this description and note local explo...
CVE-2022-27666
CVE-2022-27666 describes a heap buffer overflow in IPsec ESP transformation code (net/ipv4/esp4.c and net/ipv6/esp6.c) that can allow a local user to overwrite kernel heap objects and may lead to local privilege escalation. Connected advisories confirm kernel patches are available (e.g., AlmaLinu...
CVE-2019-19523
CVE-2019-19523 affects the Linux kernel prior to 5.3.7, where a use-after-free can be caused by a malicious USB device via the drivers/usb/misc/adutux.c driver (CID-44efc269db79). Affected systems include distributions referenced in accompanying advisories (e.g., MiracleLinux 8, Unity Linux 20.x)...
CVE-2020-10942
CVE-2020-10942 affects Linux kernel pre-5.5.8: vhost-net get_raw_socket fails to validate sk_family in drivers/vhost/net.c, enabling local attackers to induce kernel stack corruption via crafted syscalls, with potential DoS or privilege escalation. The connected doc from ALAS2LIVEPATCH-2020-015 n...
CVE-2019-15292
CVE-2019-15292 is a vulnerability in the Linux kernel before 5.0.9 involving a use-after-free in the Appletalk subsystem (atalk_proc_exit), related to the files net/appletalk/atalk_proc.c, net/appletalk/ddp.c, and net/appletalk/sysctl_net_atalk.c. The issue is documented in multiple connected Nes...
CVE-2021-3655
CVE-2021-3655 is a Linux kernel SCTP vulnerability (present in kernels prior to affected fixes) where missing size validations on inbound SCTP packets may allow reading uninitialized memory. The initial description and connected advisories confirm the issue exists in the Linux kernel SCTP impleme...
CVE-2020-14351
CVE-2020-14351 is a Linux kernel vulnerability in the perf subsystem that enables a local attacker with perf event access to trigger a use-after-free, potentially corrupt memory and escalate privileges. Public sources in connected advisories describe the vulnerability as a local use-after-free af...
CVE-2021-3679
CVE-2021-3679 affects the Linux kernel tracing subsystem (trace ring buffer) prior to 5.14-rc3. The flaw arises in how a user uses the trace ring buffer, enabling a privileged local attacker (CAP_SYS_ADMIN) to starve CPU resources and cause denial of service. The connected documents consistently ...
CVE-2020-29374
CVE-2020-29374 affects the Linux kernel and was fixed in 5.7.3. It concerns the get_user_pages (gup) implementation used for copy-on-write pages: when handling read operations, it may grant unintended write access, risking information disclosure or data corruption (COW cross-process leakage). Sev...
CVE-2021-23134
CVE-2021-23134 is a Linux kernel NFC LLCP use-after-free in nfc sockets (pre-5.12.4). The issue arises from refcount handling during bind/connect fixes, enabling a local attacker with CAP_NET_RAW to trigger a crash or memory corruption. A related CVE discussion confirms the fix: after nfc_llcp_lo...
CVE-2022-30594
The CVE-2022-30594 issue affects the Linux kernel prior to 5.17.2, where the PTRACE_SEIZE path could bypass the PT_SUSPEND_SECCOMP restrictions and allow a local attacker to bypass seccomp-related restrictions. Connected advisories (Astra Linux, AlmaLinux advisories) confirm the same vulnerabilit...
CVE-2022-42703
CVE-2022-42703 affects the Linux kernel prior to 5.19.7 via a use-after-free in leaf anon_vma double reuse in mm/rmap.c. This enables local escalation of privilege (per CVSS: LOCAL, HIGH availability impact, LOW complexity, no user interaction). Upstream fixes were applied in kernel 5.19.7 (see C...
CVE-2023-4133
CVE-2023-4133 affects the Linux kernel cxgb4 driver; root cause is a use-after-free during detachment when flower_stats_timer is rearmed on the work queue, which can cause local denial of service by crashing the system. The MiracleLinux advisory AXSA:2024-8139:15 references CVE-2023-4133 among af...
CVE-2020-10767
CVE-2020-10767 affects the Linux kernel before 5.8-rc1, where Enhanced IBPB mitigation is disabled when STIBP is unavailable or when IBRS is available, enabling a Spectre V2–style attack on local confidentiality. Connected advisories confirm Linux kernel mitigations (IBPB/SSBD) and note a patched...
CVE-2021-45485
CVE-2021-45485 affects the Linux kernel IPv6 path: net/ipv6/output_core.c exposes an information leak due to how a hash table is used, enabling IPv6 source address-based observation. Impact is partial confidentiality exposure; no integrity/availability impact stated. Affected: Linux kernel prior ...