2330 matches found
CVE-2024-46844
CVE-2024-46844: In the Linux kernel, the setup_one_line() path prints a pointer that could be uninitialized for *error_out, risking a NULL pointer dereference or incorrect prints. The fix initializes *error_out in all control paths, addressing the issue. The CVE is scored locally with high impact...
CVE-2024-47662
The CVE-2024-47662 entry concerns the Linux kernel component drm/amd/display (DCN35 DMCUB diagnostics). The issue is that a diagnostic register read was removed to prevent triggering a security violation when DMCUB timeouts occur, blocking Z8 entry. The fix is to stop reading that register from t...
CVE-2024-53098
CVE-2024-53098 affects the Linux kernel DRM XE ufence path. The root cause is that access_ok() only checks for addr overflow and may also read the user-supplied address to catch invalid addresses, coupled with prefetching ufence addresses to detect bogus ones. The issue is remedied by a kernel fi...
CVE-2025-21750
CVE-2025-21750 affects the Linux kernel wifi driver brcmfmac. The issue results from not validating the return value of of_property_read_string_index(), which can leave tmp uninitialized when a property is missing, leading to a kernel crash (BUG/OOPS) from passing a random pointer to devm_kstrdup...
CVE-2010-3698
The CVE-2010-3698 entry concerns the KVM implementation in Linux kernels prior to 2.6.36. The root cause is that the kernel does not properly reload the FS and GS segment registers when handling KVM_RUN with a modified Local Descriptor Table (LDT). Impact: host OS users can cause a denial of serv...
CVE-2010-3874
CVE-2010-3874: Heap-based buffer overflow in the bcm_connect function of net/can/bcm.c (Broadcast Manager) in the Linux kernel CAN implementation. Affects 64-bit kernels, before 2.6.36.2, enabling local attackers to cause memory corruption and a denial of service via a connect operation. The conn...
CVE-2011-1770
CVE-2011-1770 affects the Linux kernel up to version 2.6.33.14, where an integer underflow in dccp_parse_options (net/dccp/options.c) can be triggered by a DCCP packet with an invalid feature options length, causing a buffer over-read and remote denial of service. The vulnerability is exploitable...
CVE-2019-18675
CVE-2019-18675 affects the Linux kernel up to version 5.3.13, due to a start_offset+size integer overflow in cpia2_remap_buffer (drivers/media/usb/cpia2/cpia2_core.c) when cpia2 uses its own mmap. This allows a local user with access to /dev/video0 to read/write kernel physical pages, potentially...
CVE-2022-48794
CVE-2022-48794 affects the Linux kernel wireless stack for the IEEE 802.15.4 at86rf230 driver. On error, ieee802154_xmit_complete() is not invoked and skb structures are leaked after manual wake_queue() calls in Tx paths. The fix described in the sources is to free the skb upon error before retur...
CVE-2022-48842
CVE-2022-48842 describes a race in the Linux kernel ice driver during interface enslave (bonding). The vulnerability occurs when an auxiliary device is re-created: ice_plug_aux_dev() is invoked from ice_service_task() context, potentially creating an aux device while another thread holds RTNL loc...
CVE-2022-49155
Summary (CVE-2022-49155): The Linux kernel’s scsi/qla2xxx path (qla2xxx_create_qpair) was patched to suppress a kernel complaint arising from using smp_processor_id() in preemptible code (as seen in systemd-udevd). The connected advisories confirm the issue is addressed in the kernel and referenc...
CVE-2022-49302
CVE-2022-49302 affects the Linux kernel USB host isp116x driver. The vulnerability arises when code fails to check the return value of platform_get_resource(), which can lead to a null pointer dereference if the call returns NULL. The connected documents confirm the issue and state that the fix i...
CVE-2023-52508
Technical details about CVE-2023-52508 are not publicly available in the provided Connected documents. Monitor for updates.
CVE-2024-38582
CVE-2024-38582 affects the Linux kernel nilfs2, causing a potential hang/deadlock during unmount. The issue arises when nilfs_segctor_sync() tries to synchronize with the log writer thread after nilfs_segctor_destroy() has already terminated that thread, leading to a deadlock path through several...
CVE-2024-42286
CVE-2024-42286 concerns the Linux kernel scsi: qla2xxx where nvme_local_port validation was corrected. The issue could lead to a NULL pointer dereference during NVMe remote port registration in qla2xxx paths, potentially causing a kernel crash. Connected advisories (Astra Linux, Debian LTS, and A...
CVE-2024-46811
CVE-2024-46811 affects the Linux kernel in the DRM/AMD display component. A potential out-of-bounds condition arises when accessing bw_params->clk_table.entries (8 entries) if soc.num_states can reach 40; the issue is fixed by asserting when soc.num_states exceeds 8 during fpu_update_bw_boundi...
CVE-2024-49916
CVE-2024-49916 affects the Linux kernel’s drm/amd/display code (dcn401_init_hw). The root cause is a potential null pointer dereference when dc->clk_mgr or dc->clk_mgr->funcs is null. The fix adds explicit null checks before dereferencing clk_mgr/clk_mgr->funcs, preventing dereference...
CVE-2024-50178
Technical details (affected component, root cause, versions, or exploit status) are not provided in the connected documents; the initial description summarizes the fix but lacks vendor/product specifics in the supplied material. Monitor for authoritative advisories for updates.
CVE-2024-54458
The CVE-2024-54458 issue is in the Linux kernel, involving the SCSI/ufs subsystem (bsg path). The root cause is not fully described beyond the fix: after removing the bsg_queue, it should be set to NULL to avoid potential use-after-free (UAF). The advisory states this vulnerability has been resol...
CVE-2024-58011
The CVE-2024-58011 entry concerns the Linux kernel, specifically the platform/x86 int3472 driver. The root cause is a missing check for adev against NULL when a device may not have an ACPI companion fwnode, which could allow adev to be NULL and lead to a NULL pointer dereference in skl_int3472_ge...
CVE-2025-37948
CVE-2025-37948 affects the Linux kernel arm64 and is fixed by adding a BHB mitigation in the epilogue of BPF programs (cBPF) loaded via seccomp. The vulnerability arises when a classic cBPF program manipulates the branch history to influence speculative execution. The published details indicate t...
CVE-2010-4169
CVE-2010-4169 is a Linux kernel use-after-free in mm/mprotect.c, vulnerable before 2.6.37-rc2. Local users can trigger a denial of service via an mprotect syscall. The MiracleLinux advisory AXSA:2011-80:02 confirms the issue among kernel fixes; remediation is to upgrade to kernel 2.6.37-rc2 or ne...
CVE-2011-0712
Technical details about CVE-2011-0712 are not publicly provided in the supplied documents. Monitor for updates in connected advisories; no confirmed affected products, versions, or fixes are stated here.
CVE-2011-1163
Vulnerability: CVE-2011-1163 affects the Linux kernel (fs/partitions/osf.c) where osf_partition mishandles an invalid number of partitions, potentially allowing local attackers to read kernel heap memory via partition-table parsing vectors. Affected: Linux kernel versions prior to 2.6.38. Root ca...
CVE-2011-1478
CVE-2011-1478 affects the Linux kernel’s GRO napi_reuse_skb path: it does not reset certain structure members in net/core/dev.c, enabling a remote attacker to trigger a NULL pointer dereference via a malformed VLAN frame and cause a denial of service. The vulnerability is present in kernels befor...
CVE-2011-1593
CVE-2011-1593 affects the Linux kernel before 2.6.38.4, where multiple integer overflows in the next_pidmap function (kernel/pid.c) allow a local user to crash the system via crafted getdents or readdir calls. The connected advisories confirm the affected component and the root cause (integer ove...
CVE-2014-3534
CVE-2014-3534 (Linux kernel, s390) : The vulnerability in arch/s390/kernel/ ptrace.c allows a local user to bypass restrictions on address-space control with PTRACE_POKEUSR_AREA, gaining read/write access to kernel memory and potentially elevation of privileges via a crafted ptrace call. Affected...
CVE-2015-4036
CVE-2015-4036: An array index error in Linux kernel before 4.0 in drivers/vhost/scsi.c (tcm_vhost_make_tpg, renamed to vhost_scsi_make_tpg) can allow local guest OS users to cause a denial of service (memory corruption) or potentially other impact via a crafted VHOST_SCSI_SET_ENDPOINT IOCTL. Expl...
CVE-2021-47348
The CVE-2021-47348 issue affects the Linux kernel, specifically the DRM AMD display path. The root cause is HDCP over-read/corruption due to reading 8 bytes instead of the targeted 5 bytes for a field; this could yield a corrupted value if trailing bytes are non-zero. The fix introduces a properl...
CVE-2021-47372
CVE-2021-47372 is a Linux kernel use-after-free in the macb driver. The issue arises from plat_dev->dev->platform_data being released by platform_device_unregister() and subsequently using pclk and hclk, leading to use-after-free in macb_remove. The fixed sequence avoids using the clk devic...
CVE-2022-48704
CVE-2022-48704 affects the Linux kernel’s DRM/Radeon path. The vulnerability stems from a race/flush issue where the radeon lockup work queue may not be fully flushed before the system enters D3hot, potentially leading to a kernel Oops and a stall in GPU work processing. The described fix adds a ...
CVE-2022-49053
CVE-2022-49053 affects the Linux kernel scsi: target: tcmu component. The vulnerability arises from tcmu_try_get_data_page() returning a data page pointer without properly holding a reference under the cmdr_lock, which can allow the page to be freed by tcmu_blocks_release(), creating a use-after-...
CVE-2022-49304
CVE-2022-49304 concerns a deadlock in the Linux kernel’s serial driver path (drivers/tty/serial) specifically in sa1100_set_termios(). The issue stems from a lock-order conflict: thread1 holds sport->port.lock while waiting on del_timer_sync(), while a timer handler running in thread2 also nee...
CVE-2022-49611
The CVE-2022-49611 entry refers to a Linux kernel x86 speculation mitigation: Fill RSB on vmexit for IBRS to prevent RSB underflow/poisoning. The description notes mitigation is implemented in the kernel and documents tribal knowledge about RSB attacks. Connected Nessus/OpenVAS entries for EulerO...
CVE-2024-26706
The CVE-2024-26706 entry documents a parisc Linux kernel vulnerability where random data corruption could occur in the exception handler when accessing user space memory if the compiler reuses a different register than the one defined for the error code. The fix extends the __ex_table by three wo...
CVE-2024-35945
CVE-2024-35945 (Linux kernel) is reported as resolved in OSV entries for Root:Ubuntu 22.04 via ROOT-OS-UBUNTU-2204-CVE-2024-35945, with multiple fixed ROOT rootio-linux versions available. Other OSVs (ROOT-OS-DEBIAN-11-CVE-2024-35945, ROOT-OS-DEBIAN-12-CVE-2024-35945) also indicate patches in roo...
CVE-2024-46760
CVE-2024-46760 concerns the Linux kernel wifi driver rtw88 (usb) where RX status handling could dereference a NULL pointer if USB replies arrive before the device is fully initialized. The root cause is initiation of USB REQs (usb_submit_urb) before rtw_dev setup completes, allowing races with in...
CVE-2024-46834
CVE-2024-46834 concerns a Linux kernel issue in the ethtool path where the max channel check can be skipped if the indirection table cannot be fetched or memory allocation fails. The vulnerability can allow a driver’s indirection table to contain out-of-bounds channel IDs, potentially leading to ...
CVE-2024-50177
CVE-2024-50177 concerns the Linux kernel amdgpu display driver (DML2.1). The issue is a UBSAN shift-out-of-bounds triggered when programming phantom pipes and cursor_width is explicitly set to 0, causing an overflow in 32-bit size calculations. The published fix adds a guard to validate cursor wi...
CVE-2010-2226
CVE-2010-2226 affects the Linux kernel: the xfs_swapext function in fs/xfs/xfs_dfrag.c does not properly validate file descriptors passed to the SWAPEXT ioctl, enabling a local user with write access to swap a file into another and gain read access. The issue is present in kernel versions before ...
CVE-2010-2943
CVE-2010-2943 affects the Linux kernel's XFS implementation up to version 2.6.34, where inode allocation B-trees are not consulted before reading inode buffers. This allows remote authenticated users to read unlinked files or read/overwrite disk blocks that were previously allocated to an unlinke...
CVE-2010-2954
The CVE-2010-2954 issue affects the Linux kernel IRDA stack: irda_bind in net/irda/af_irda.c may dereference a NULL pointer when irda_open_tsap fails, causing local denial of service (kernel panic) via repeated unsuccessful binds on AF_IRDA (PF_IRDA) sockets. Affected software is the Linux kernel...
CVE-2010-4078
CVE-2010-4078 affects the Linux kernel before 2.6.36-rc6, where the sisfb_ioctl function in drivers/video/sis/sis_main.c fails to properly initialize a structure member. This allows local users to leak potentially sensitive information from kernel stack memory via the FBIOGET_VBLANK ioctl. Connec...
CVE-2013-6381
CVE-2013-6381 describes a buffer overflow in the Linux kernel’s qeth_snmp_command function (drivers/s390/net/qeth_core_main.c) up to version 3.12.1, allowing local users to cause a denial of service (and potentially other impact) via an SNMP ioctl with an incompatible length. Connected documents ...
CVE-2013-7470
The vulnerability CVE-2013-7470 affects the Linux kernel's cipso_v4_validate (net/cipso_ipv4.h) before 3.11.7 when CONFIG_NETLABEL is disabled, allowing a denial of service (infinite loop and crash) as demonstrated by icmpsic. Nessus/NVD entries confirm affected kernel versions include up to 3.11...
CVE-2014-4027
CVE-2014-4027 affects the Linux kernel prior to 3.14. The flaw is in the rd_build_device_space function (drivers/target/target_core_rd.c), where a data structure is not properly initialized, enabling local users to read sensitive information from ramdisk_mcp memory by abusing access to a SCSI ini...
CVE-2014-4611
CVE-2014-4611 concerns an integer overflow in the LZ4 implementation used in Yann Collet LZ4 prior to r118 and in the Linux kernel’s lz4_decompress.c (linux kernel before 3.15.2) on 32-bit platforms. A crafted Literal Run can trigger improper handling, enabling context-dependent attackers to caus...
CVE-2021-4439
Mode C: The connected Nessus/OpenVAS entries confirm CVE-2021-4439 affects the Linux kernel isdn/capi/kcapi.c and relates to cmtp session handling. The root cause is an array-index-out-of-bounds when detaching a controller that is not yet attached, triggering an out-of-bounds access (-1) in a 32-...
CVE-2022-48628
The CVE-2022-48628 entry concerns a Linux kernel issue in ceph: drop messages from MDS when unmounting. The description in the primary doc states that during unmount, dirty buffers are flushed and after the last OSD request finishes, the last i_count reference is released and dirty caps/snaps are...
CVE-2022-48789
CVE-2022-48789 concerns an AER-related use-after-free in the Linux kernel’s nvme-tcp transport error_recovery path. The vulnerability arises when nvme_tcp_submit_async_event_work checks ctrl/queue state while scheduling IO work, creating a race with the error_recovery handler that could lead to f...