2330 matches found
CVE-2024-42065
CVE-2024-42065 relates to the Linux kernel DRM/XE path. A NULL pointer dereference vulnerability in xe_ttm_stolen_mgr_init was fixed by adding an explicit NULL check to ensure the mgr is not NULL before use. The patch updates the function to validate the mgr reference and prevents dereferencing a...
CVE-2024-42135
CVE-2024-42135 concerns the Linux kernel vhost_task handling of SIGKILL. The connected sources confirm a concrete fix: when a SIGKILL is issued, the kernel now (1) marks the worker as killed to prevent new virtqueue usage and new flush operations, (2) fixes the virtqueue-to-worker mapping to stop...
CVE-2024-44956
CVE-2024-44956 — Linux kernel (drm/xe/preempt_fence): The vulnerability relates to enlarging the fence critical section to cover the entire preempt_fence_work_func callback. This change aims to improve lockdep understanding when signaling fences, potentially avoiding races with vm->lock. The i...
CVE-2008-3272
The CVE-2008-3272 issue affects the Linux kernel sound subsystem (sound/core/seq/oss/seq_oss_synth.c). The root cause is that snd_seq_oss_synth_make_info does not verify that the device number lies within the range defined by max_synthdev before returning data, enabling local users to leak sensit...
CVE-2010-2537
CVE-2010-2537 affects the Linux kernel’s btrfs_ioctl_clone path: the btrfs_ioctl_clone function in fs/btrfs/ioctl.c before 2.6.35 allows a local attacker to overwrite an append‑only file when using BTRFS_IOC_CLONE or BTRFS_IOC_CLONE_RANGE with a donor file. Impact is local privilege/unauthorized ...
CVE-2010-3298
CVE-2010-3298 affects the Linux kernel. The hso_get_count function in drivers/net/usb/hso.c, in kernel builds before 2.6.36-rc5, does not initialize a certain structure member, which allows local users to read potentially sensitive information from kernel stack memory via the TIOCGICOUNT ioctl. T...
CVE-2011-1598
CVE-2011-1598 affects the Linux kernel’s CAN subsystem: the bcm_release function in net/can/bcm.c does not validate a socket data structure, enabling a local user to trigger a NULL pointer dereference and cause a denial of service. The affected version range is kernel 2.6.39-rc6 and earlier. Reso...
CVE-2011-2479
CVE-2011-2479 affects the Linux kernel up to version 2.6.38.x and allows a local user to trigger a denial of service by a crafted MAP_PRIVATE mmap on /dev/zero that causes THP creation to misbehave. The vulnerability is in transparent huge pages handling and can crash the system. A fix exists in ...
CVE-2011-2689
The vulnerability CVE-2011-2689 affects the Linux kernel’s gfs2_fallocate path (fs/gfs2/file.c). It occurs in versions before 3.0-rc1, where the size of a chunk allocation may not be a multiple of the filesystem block size. This can allow a local user to trigger a denial of service and system cra...
CVE-2016-6787
CVE-2016-6787 affects the Linux kernel’s performance subsystem: kernel/events/core.c before 4.0 mismanages locks during certain migrations, allowing local users to gain privileges via a crafted application (Android internal bug 31095224). Impact is local privilege escalation with complete confide...
CVE-2021-47170
CVE-2021-47170 (Linux kernel) is described in the initial document as a benign user‑request issue where usbfs would emit a WARN when a user submits an excessively large memory allocation for bulk transfers. The vulnerability is not a flaw in kernel logic, but a misinterpretation of invalid reques...
CVE-2021-47323
CVE-2021-47323 affects the Linux kernel watchdog driver sc520_wdt: use-after-free can occur if timer removal uses del_timer() during device removal. The issue is addressed by replacing del_timer() with del_timer_sync() to ensure the timer handler finishes before teardown, preventing potential use...
CVE-2021-47342
CVE-2021-47342 affects the Linux kernel’s ext4 filesystem. A race during remounting a read-only, mmp-protected filesystem can cause a use-after-free (UAF) when the kmmpd thread may exit and leave sbi->s_mmp_tsk pointing at freed memory, triggering an object lifetime dereference in ext4_stop_mm...
CVE-2022-49131
CVE-2022-49131 concerns a Linux kernel kernel-panic in the ath11k driver while unloading/loading modules on some ARM platforms. The root cause is a dereference path leading to an OOPS in napi_by_id during netif_napi_add, which could occur over repeated unload/load cycles. The fixed fix is to call...
CVE-2022-49501
CVE-2022-49501 concerns the Linux kernel USB Ethernet (usbnet) path. The root cause is a use-after-free risk during disconnect caused by non-mirroring binding/unbinding order: usbnet_probe() binds then register_netdev(), whereas disconnect() previously unregisters before unbind(), leading to PHY ...
CVE-2022-49729
CVE-2022-49729 affects the Linux kernel’s nfcmrvl NFC driver. The issue is a memory leak in nfcmrvl_play_deferred caused by submitting deferred URBs directly via usb_submit_urb and then unanchoring them, which could prevent proper unref and leak memory. The fix, as described in connected advisori...
CVE-2023-0615
CVE-2023-0615 affects the Linux kernel V4L2 and vivid test code paths. The vulnerability is a memory leak with potential divide-by-zero and integer overflow when triggering ioctls such as VIDIOC_S_DV_TIMINGS, which could allow a local user to crash the system if vivid test code is enabled. Public...
CVE-2024-26902
CVE-2024-26902 concerns the Linux kernel: a RISCV perf PMU overflow panic when setting bits for overflowed_ctrs due to using (1 <
CVE-2024-56784
Technical details for CVE-2024-56784 are not provided in the connected documents. The initial description notes a Linux kernel drm/amd/display fix, but explicit affected versions, root cause specifics, exploitability, or remediation are not disclosed here. Monitor for updates.
CVE-2009-0322
CVE-2009-0322 affects the Linux kernel Dell RBU (Remote BIOS Update) driver: reading zero bytes from image_type or packet_size under /sys/devices/platform/dell_rbu/ can cause a local DoS (system crash). Concrete references in connected advisories show affected kernels include 2.6.27.x (before 2.6...
CVE-2010-3297
CVE-2010-3297 affects the Linux kernel net/eql driver; the eql_g_master_cfg function in drivers/net/eql.c did not initialize a structure member, enabling local users to read kernel stack memory via an EQL_GETMASTRCFG ioctl. Affects kernels before 2.6.36-rc5; corrected in subsequent patches (net/e...
CVE-2010-5332
CVE-2010-5332 affects the Linux kernel before 2.6.37, where an out-of-bounds array access can occur in drivers/net/mlx4/port.c. During searches for a free entry in mlx4_register_vlan() or mlx4_register_mac(), if no free entry exists, the loop may terminate without updating the local variable free...
CVE-2011-1016
CVE-2011-1016 concerns the Linux kernel Radeon GPU drivers and their DRM subsystem. The affected component is the Radeon GPU driver (radeon/kms) in kernels before 2.6.38-rc5, where data related to the AA resolve registers was not properly validated. This could allow a local user to write to arbit...
CVE-2011-1573
CVE-2011-1573: Linux kernel SCTP (net/sctp/sm_make_chunk.c) can OOPs DoS when addip_enable and auth_enable are used because INIT/INIT-ACK length calculation ignores zero padding. Affects kernels before 2.6.34; patch/fix shipped in 2.6.34+. vulnerable component/file: sm_make_chunk.c; impact: denia...
CVE-2011-1771
CVE-2011-1771 affects the Linux kernel up to version 2.6.38, specifically the cifs_close function in fs/cifs/file.c. If a local user opens a CIFS file with the O_DIRECT flag, it can trigger a NULL pointer dereference (and BUG), causing a denial of service or unspecified impact. Mitigation: upgrad...
CVE-2016-6786
CVE-2016-6786 affects the Linux kernel’s performance subsystem: kernel/events/core.c mismanages locks during certain migrations, enabling a local user to escalate privileges. Public documents indicate this vulnerability exists in kernels before 4.0, with several Nessus advisories (Unity Linux/Mir...
CVE-2018-12904
CVE-2018-12904 affects the Linux kernel’s KVM implementation on x86 when nested virtualization is enabled. The vulnerability arises in arch/x86/kvm/vmx.c due to insufficient CPL checks, potentially allowing a local attacker running in a guest VM (L1) to cause VMEXITs that may lead to privilege es...
CVE-2021-47182
The CVE-2021-47182 entry concerns the Linux kernel scsi_mode_sense() implementation. Affected component: scsi core. Issues: improper handling of the MODE SENSE(10) allocation length field (16-bit, truncating lengths >255) and buffer length adjustments that could corrupt memory when len is too ...
CVE-2021-47280
CVE-2021-47280 is a Linux kernel vulnerability affecting drm_getunique() in the DRM subsystem. A time-of-check-to-time-of-use (TOCTOU) error occurs by reading file_priv->master before acquiring the device master mutex, allowing a master pointer to be used after the original object may have bee...
CVE-2021-47362
CVE-2021-47362 affects the Linux kernel’s drm/amd/pm power management code. The vulnerability occurs during DPM initialization when set_power_state reads values from the current state; if current state is not populated, this can lead to a NULL pointer dereference. The ATCS/ACPI path for PCI speed...
CVE-2021-47404
Summary (CVE-2021-47404): The issue stems from a slab-out-of-bounds write in the HID Betop driver (betopff) in the Linux kernel. Syzbot observed a write beyond slab bounds due to assuming an input report exists; malicious devices can violate this assumption. The public advisories, including Astra...
CVE-2021-47622
CVE-2021-47622 affects the Linux kernel SCSI/UFS path. The issue is a deadlock in the error handling flow when all tags are allocated: the SCSI error path triggers ufshcd_eh_host_reset_handler(), which queues work that calls ufshcd_err_handler(), leading to a lockup in the workqueue (ufs_eh_wq_0)...
CVE-2022-49007
CVE-2022-49007 affects the Linux kernel/NILFS2. A NULL pointer dereference in nilfs_palloc_commit_free_entry() could occur during DAT metadata handling when a lower-level DAT block’s entry is clobbered during commit, leading to a crash. The fix adds NULL checks in nilfs_dat_commit_free() for req-...
CVE-2022-49137
CVE-2022-49137 concerns a refcount leak in the Linux kernel’s amdgpu_cs_fence_to_handle_ioctl() path. When info->in.what hits the default case, the function returns -EINVAL without decrementing the previously bumped dma_fence refcount, causing leaks. The issue arises from a missing refcount de...
CVE-2022-49312
CVE-2022-49312 (Linux kernel) : The vulnerability concerns a potential memory leak in the rtl8712 staging path. In r871xu_drv_init(), if r8712_init_drv_sw() fails, memory allocated by r8712_alloc_io_queue() in r8712_usb_dvobj_init() is not released because there is no action in r8712_usb_dvobj_de...
CVE-2022-49327
The CVE-2022-49327 issue affects the Linux kernel and is described in multiple advisories (e.g., Unity Linux and SUSE/SUSE-SU family) as a fix for bcached journal no-space deadlock. The vulnerability arises when journal replay during cache set registration can stall if journal buckets are exhaust...
CVE-2022-49449
The CVE-2022-49449 issue affects Linux kernel pinctrl: renesas: rzn1. The root cause is a possible null-ptr-deref when using 'res' if platform_get_resource() returns NULL. The patch defers dereferencing 'res' by performing devm_ioremap_resource() first (which validates the resource) and then uses...
CVE-2022-49523
CVE-2022-49523 affects the Linux kernel component ath11k, specifically the spectral scan path during spectral_deinit. The issue arises when ath11k modules are removed (rmmod) with spectral scan enabled, which can trigger a crash (kernel NULL pointer dereference) as shown by the provided call trac...
CVE-2022-49568
CVE-2022-49568 affects the Linux kernel KVM code path, where a NULL dereference can occur during cleanup if destroy() is assumed non-NULL but is not (notably for some Book3s KVM devices that use release() instead). The root cause is an assumption in kvm_ioctl_create_device() that destroy() is alw...
CVE-2022-49674
The CVE-2022-49674 issue is a Linux kernel vulnerability in dm-raid where an array (rs->devs) could be accessed beyond its end when the raid_disks-derived count differed from metadata-driven counts during RAID layout changes. The root cause is using rs->raid_disks for iteration instead of t...
CVE-2024-26699
CVE-2024-26699 concerns the Linux kernel’s drm/amd/display code, specifically a fix for an array-index-out-of-bounds in dcn35_clkmgr. The root cause is a memory access violation when iterating through the dcn35 clocks array. The documented mitigation is to limit iteration to the array size. Concr...
CVE-2024-36911
CVE-2024-36911 affects the Linux kernel hv_netvsc driver used in CoCo VMs. The vulnerability stems from the netvsc path freeing decrypted memory when set_memory_decrypted() fails, potentially causing decrypted/shared pages to be returned to the page allocator. The underlying issue is that the cal...
CVE-2024-47683
CVE-2024-47683 affects the Linux kernel’s DRM/AMD display path. The issue is a NULL pointer dereference during MST/DSC setup when a mode change is not detected; the fix is to skip recomputing DSC parameters if there is no stream on the link, with further checks to confirm whether the stream is al...
CVE-2008-2812
CVE-2008-2812 affects the Linux kernel prior to 2.6.25.10, with NULL pointer dereferences in tty handling (notably in drivers/net/ such as hamradio, irda, ppp, slip, wan, and wireless components) potentially enabling local privilege escalation or a system crash. The issue arises from missing chec...
CVE-2009-4031
CVE-2009-4031 affects the KVM x86 emulator (arch/x86/kvm/emulate.c) in the Linux kernel prior to 2.6.32-rc8-next-20091125. The do_insn_fetch path could interpret instructions longer than valid, failing to enforce the 15-byte limit per instruction, which guest OS users can abuse to cause a denial ...
CVE-2011-3638
CVE-2011-3638 affects the Linux kernel’s ext4 extents handling. The vulnerability occurs in fs/ext4/extents.c where a modified extent may not be marked_dirty during certain extent-splitting paths, enabling a local attacker to trigger a denial of service (kernel crash) through ext4 unmount/mount o...
CVE-2011-4326
CVE-2011-4326 affects the Linux kernel’s UDP fragment handling for IPv6 when UDP Fragmentation Offload (UFO) is enabled. Specifically, the vulnerability lies in udp6_ufo_fragment in net/ipv6/udp.c, allowing remote attackers to crash the system by sending fragmented IPv6 UDP packets to a bridge. T...
CVE-2012-0044
CVE-2012-0044 is an integer overflow in drm_mode_dirtyfb_ioctl() within Linux kernel drivers/gpu/drm/drm_crtc.c, vulnerable before 3.1.5. The flaw allows local users to gain privileges or trigger memory corruption/DoS via a crafted ioctl. Public sources (including MiracleLinux AXSA-2012-646:05) c...
CVE-2012-3552
The CVE-2012-3552 issue is a race condition in the Linux kernel IP implementation that exists in versions before 3.0. According to the connected documents, remote attackers could trigger a denial of service (slab corruption and system crash) by sending packets to an application that sets socket o...
CVE-2021-47211
CVE-2021-47211 refers to a Linux kernel vulnerability in ALSA: usb-audio where snd_usb_find_clock_source could return a null cs_desc, risking a null pointer dereference. The fix adds a null check before dereferencing the clock source descriptor. The portrait of affected code points to the ALSA us...