2330 matches found
CVE-2014-6416
CVE-2014-6416 describes a buffer overflow in net/ceph/auth_x.c used by Ceph within the Linux kernel prior to 3.16.3. An unencrypted, long auth ticket can be exploited remotely to trigger memory corruption and a kernel panic (DoS). Connected advisories reiter the same root cause and impact. Remedi...
CVE-2017-9985
CVE-2017-9985 is a local double-fetch vulnerability in the Linux kernel (snd_msndmidi_input_read in sound/isa/msnd/msnd_midi.c) affecting up to version 4.11.7. Exploitation can cause denial of service (over-boundary access) with potential unspecified impact. Public references in Nessus/OpenVAS/U-...
CVE-2021-47149
The CVE-2021-47149 entry concerns a Linux kernel vulnerability in the Fujitsu net driver where fmvj18x_get_hwinfo() dereferences NULL if ioremap fails. The fix adds a check on the ioremap return value and returns -1 to the caller on failure, preventing a NULL pointer dereference. Public details i...
CVE-2021-47307
CVE-2021-47307 affects the Linux kernel CIFS code; a NULL pointer dereference in cifs_compose_mount_options() could occur when the optional ref parameter contains a NULL node_name. The issue has been resolved in the kernel, with fixes committed in stable updates (references point to kernel commit...
CVE-2021-47620
CVE-2021-47620 — Linux kernel Bluetooth vulnerability : The issue occurs in the Bluetooth adv data handling where an out-of-bounds read could occur after advancing the ptr in a loop. The patch prevents the check from being performed after ptr advances by moving the bounds check to the beginning o...
CVE-2021-47642
CVE-2021-47642: in the Linux kernel’s video fbdev/nvidiafb path, a fixed-size buffer overrun could occur by copying a channel name with strcpy into chan->adapter.name. The defect arises from copying into a 48-char buffer without length checks; fix is to use strscpy() to prevent overflows. The ...
CVE-2022-3533
CVE-2022-3533 affects the Linux kernel’s BPF component, specifically the parse_usdt_arg function in tools/lib/bpf/usdt.c, where manipulation of the reg_name argument leads to a memory leak. The vulnerability is described across multiple sources (NVD, vendor advisories) and a patch is recommended ...
CVE-2022-48633
CVE-2022-48633: In the Linux kernel, the gma500/psb_gem Unpin path could trigger a WARN_ON (lock->magic != lock) due to ww_mutex being destroyed by drm_gem_object_release(). The fix relocates drm_gem_object_release() to occur after psb_gem_unpin(), preventing the invalid lock state. Affected c...
CVE-2022-48710
CVE-2022-48710 concerns the Linux kernel Radeon driver. Inradeon_fp_native_mode() , the code assigns the return ofdrm_mode_duplicate() to a mode pointer and may dereference a NULL on failure. The issue is resolved by adding a NULL-pointer check to avoid NP: when drm_mode_duplicate() fails, and th...
CVE-2022-48788
CVE-2022-48788 (Linux kernel nvme-rdma) : A use-after-free in the nvme-rdma transport error_recovery logic was fixed. The issue involved a race between submit_async_event_work and the error recovery handler when destroying the admin queue and changing the ctrl state; the fix requires flushing asy...
CVE-2022-48919
CVE-2022-48919 affects the Linux kernel’s CIFS mount flow. The issue is a double-free race in cifs_get_root() when a mount fails inside cifs_smb3_do_mount(); deactivate_locked_super() leads to delayed_free(), potentially freeing resources twice if code continues to the out: path. The vulnerabilit...
CVE-2022-49110
CVE-2022-49110 relates to the Linux kernel netfilter conntrack autotuning change. The vulnerability stems from the gc logic that evicts entries; after the commit 4608fdfc07e1, conntrack gc runs every 2 minutes and, on large hash tables, evictions shift from the packet path to the gc worker, poten...
CVE-2022-49120
CVE-2022-49120 pertains to the Linux kernel SCSI pm8001 path. The vulnerability is a task leak in pm8001_send_abort_all() where allocated SAS tasks may not be freed if pm8001_tag_alloc() or pm8001_mpi_build_cmd() fail. The fix ensures proper freeing of the SAS task in those failure paths. Public ...
CVE-2022-49126
CVE-2022-49126 concerns the Linux kernel component scsi/mpi3mr. The issue is described as memory leaks in the operational reply queue’s memory segments that are not freed when unloading the driver. The entry states a fix for these leaks has been implemented. No exploitation details are provided i...
CVE-2022-49472
CVE-2022-49472 affects the Linux kernel PHY Micrel driver: if a .probe is present and .driver_data is missing, a NULL pointer dereference can occur. The fix adds NULL checks for priv->type to allow probing without .driver_data. Connected advisories (Astra/Unity Linux) reference Linux kernel ve...
CVE-2022-49524
CVE-2022-49524 relates to the Linux kernel media driver for cx23885 (pci) where the error path in cx23885_initdev() did not release I2C-related resources when dma_set_mask() failed. The concrete details describe that a failed dma_set_mask() leads to a use-after-free in __process_removed_driver, t...
CVE-2022-49525
CVE-2022-49525 relates to the Linux kernel: the media: cx25821 driver issue triggers a warning when removing the module (remove_proc_entry leaking cx25821 IRQ). The connected advisories confirm the root cause is not a_privately exploitable bug in userland but a resource management ordering proble...
CVE-2022-49542
Summary: CVE-2022-49542 affects the Linux kernel SCSI lpfc path. The vulnerability arises in logging code: during an attempt to log a TRACE message, the code could take a hard lockup path due to an unsafe lock acquisition sequence. Root cause (as described): the cfg_log_verbose check was performe...
CVE-2024-36023
CVE-2024-36023 is a Linux kernel vulnerability involving a null pointer dereference. The alteration was reported by Julia Lawall and has been resolved in the kernel code base, as reflected by the linked advisories and the CVSS vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) with a base score of 5.5 ...
CVE-2025-37954
CVE-2025-37954 affects the Linux kernel SMB client logic. The issue is a race in open_cached_dir with lease breaks where a pre-existing valid cfid returned by find_or_create_cached_dir can race with a queued lease break, causing open_cached_dir to treat it as newly constructed and leak a dentry r...
CVE-2002-2438
CVE-2002-2438 describes a TCP/IP flaw where Linux TCP stack could bypass firewalls by receiving SYN packets that include additional flags (e.g., SYN+RST). The vulnerability arises because such packets were not consistently discarded by some stacks after firewalling, allowing a potential connectio...
CVE-2009-0269
CVE-2009-0269 refers to a local kernel vulnerability in the Linux kernel’s eCryptfs inode handling. The flaw, described as a readlink error path in fs/ecryptfs/inode.c, can lead to denial of service (fault or memory corruption) and possibly other unspecified effects by causing the code to use a -...
CVE-2011-4081
CVE-2011-4081 affects the Linux kernel crypto/ghash-generic.c. The vulnerability arises when a missing or failed ghash_setkey is followed by ghash_update or ghash_final (demonstrated via AF_ALG socket write), potentially causing a NULL pointer dereference and OOPS. Connected advisories (e.g., Mir...
CVE-2021-47169
CVE-2021-47169 : In the Linux kernel, the serial rp2 driver could NULL-dereference if a firmware load via request_firmware_nowait occurred before ports were initialized. The fix was to use a synchronous firmware load (request_firmware) during rp2_probe to ensure interrupts are not handled before ...
CVE-2021-47269
CVE-2021-47269 is a Linux kernel issue in the DesignWare USB3 (dwc3) ep0 handling. The root cause is missing validation of the ep index from dwc3_wIndex_to_dep(), which can lead to referring to a non-existing endpoint and a NULL pointer dereference in certain configurations (e.g., composite devic...
CVE-2021-47281
CVE-2021-47281 affects the Linux kernel ALSA seq subsystem: snd_seq_timer_open() has a race on timeri allocation per queue, allowing a later concurrent call to override the timer and cause a use-after-free until the queue closes. The vulnerability is caused by missing protection when checking the...
CVE-2021-47374
CVE-2021-47374 affects the Linux kernel DMA subsystem where an error path in DMA API drivers could generate a flood of printk messages. The vulnerability arises from an error condition that can be reached millions of times per second, spamming the kernel printk buffer and driving CPU usage to 100...
CVE-2021-47478
CVE-2021-47478 : In the Linux kernel, the isofs driver could read beyond the end of the buffer when processing corrupted isofs images in isofs_read_inode(). The fix adds a sanity check on the directory entry length before use, preventing out-of-bounds reads. Remediation is to apply the kernel pat...
CVE-2021-47506
CVE-2021-47506 – Linux kernel: nfsd delegation use-after-free fix Affected component: Linux kernel NFS server (nfsd) delegation handling. The vulnerability arises when a delegation break is processed after a call to vfs_setlease. A callback (nfsd4_cb_recall_prepare) adds the delegation to del_rec...
CVE-2021-47654
CVE-2021-47654: Linux kernel landlock sandbox fix for a path_list memory leak where path_list allocated in parse_path() is not freed. Description notes a leak warning in sandboxer.c:134 and that path_list is freed by none. No exploitation details or fixes/versions are specified beyond the fix not...
CVE-2022-49100
The CVE-2022-49100 entry concerns the Linux kernel virtio_console subsystem. The vulnerability is resolved by removing anonymous init and exit functions (module_init/module_exit) and assigning unique driver-specific names, to avoid ambiguity in System.map and initcall_debug logs, per the descript...
CVE-2022-49125
CVE-2022-49125 affects the Linux kernel DRM sprd driver. The issue is a potential NULL dereference of the ‘drm’ pointer in sprd_drm_shutdown, with a warning log that could dereference it. The fix removes the dereference risk by adjusting the shutdown path and changes the warning handling from unc...
CVE-2022-49271
CVE-2022-49271 affects the Linux kernel CIFS/SMB2 code. When smb2_ioctl_query_info() is called with flags=PASSTHRU_FSCTL and output_buffer_length=0, the kernel could copy a bad pointer (buffer) and end up dereferencing NULL, potentially leading to a NULL pointer dereference. The fix also ensures ...
CVE-2022-49315
CVE-2022-49315 concerns a deadlock in the Linux kernel, specifically in the staging driver rtl8192e (rtllib_beacons_stop). The issue arises when rtllib_beacons_stop() holds ieee->beacon_lock while calling del_timer_sync(), while the timer handler (rtllib_send_beacon_cb) needs the same lock, ca...
CVE-2022-49521
In CVE-2022-49521, the Linux kernel vulnerability affects the lpfc SCSI path: if lpfc_complete_unsol_iocb() cannot match the rctl of a received frame, the frame is dropped and resources are leaked. The fix returns resources when discarding an unhandled frame type and updates lpfc_fc_frame_check()...
CVE-2023-23003
Linux kernel
CVE-2023-52804
CVE-2023-52804 affects the Linux kernel (fs/jfs) where db_maxag and db_agpref were used as indexes into db_agfree without validity checks. This could trigger an array-index-out-of-bounds UB in fs/jfs/jfs_dmap.c:639:20 (index 7936 out of range for atomic_t[128]). The issue has been addressed by ad...
CVE-2025-38177
CVE-2025-38177 (Linux kernel) : The issue affects the sch_hfsc qdisc; hfsc_qlen_notify() was not idempotent and could misbehave for callers such as fq_codel_dequeue(). The linked EulerOS advisories confirm a kernel patch that makes hfsc_qlen_notify() idempotent. The patch makes two changes: (1) i...
CVE-2006-4997
CVE-2006-4997 involves the Linux kernel ATM subsystem (clip_mkip in net/atm/clip.c). The issue allows a remote attacker to trigger a denial of service (panic) by causing the ATM subsystem to dereference memory of socket buffers after they have been freed. This is triggered by memory access patter...
CVE-2010-0003
The connected document confirms CVE-2010-0003 affects the Linux kernel (i386) before 2.6.32.4, where the print_fatal_signal path in kernel/signal.c can let local users read arbitrary memory by jumping to an address and reading a log, with potential DoS via the same jump. This is associated with t...
CVE-2010-0291
CVE-2010-0291 is a Linux kernel local privilege/escalation/DoS issue described in connected advisories as affecting the kernel before 2.6.32.4. The vulnerability stems from the do_mremap/mmap handling, allowing local users to gain privileges or trigger a panic. The MiracleLinux AXSA:2010-377:12 a...
CVE-2010-1085
CVE-2010-1085 affects the Linux kernel before 2.6.32.x/2.6.33-rc4 on the AMD780V chipset. The vulnerability is in the azx_position_ok function in hda_intel.c, where certain inputs can trigger a divide-by-zero and cause a crash (DoS). Public advisories from MiracleLinux and Oracle Linux list this ...
CVE-2010-2946
CVE-2010-2946 affects the Linux kernel via a flaw in fs/jfs/xattr.c where a legacy extended-attributes storage format could let local attackers bypass xattr namespace restrictions using an os2. prefix. Several connected advisories confirm the issue and reference the affected range: Linux kernel v...
CVE-2010-4074
CVE-2010-4074 affects Linux kernel USB subsystem prior to 2.6.36-rc5, where several structure members were not properly initialized. This can let local users read potentially sensitive data from kernel stack memory via TIOCGICOUNT-related ioctl paths, specifically mos7720_ioctl and mos7840_ioctl ...
CVE-2011-0710
CVE-2011-0710 affects the Linux kernel on the s390 platform. The function task_show_regs in arch/s390/kernel/traps.c permits a local user to read the registers of an arbitrary process by reading a status file under /proc, for kernels before 2.6.38-rc4-next-20110216. The connected MiracleLinux adv...
CVE-2011-1748
CVE-2011-1748 affects the Linux kernel: the raw_release function in net/can/raw.c fails to validate a socket data structure, enabling local users to trigger a NULL pointer dereference (denial of service) or possibly other impact via a crafted release operation. Affected versions are the kernel be...
CVE-2015-9004
CVE-2015-9004 affects the Linux kernel up to version 3.18 (pre-3.19). The flaw is in kernel/events/core.c where improper handling of counter grouping enables local privilege escalation via crafted apps, involving perf_pmu_register and perf_event_open. The impact is local Privilege Escalation with...
CVE-2017-18261
CVE-2017-18261 : The issue is in the Linux kernel, specifically the arch_timer_reg_read_stable macro in arch/arm64/include/asm/arch_timer.h, with versions before 4.13. It allows a local user to trigger a denial of service (infinite recursion) by writing to a file under /sys/kernel/debug in certai...
CVE-2021-47275
CVE-2021-47275 concerns the Linux kernel w.r.t. the bcache cache-miss path. In cached_dev_cache_miss(), the calculation of the read size for missing cache data can overflow the 16-bit size field embedded in the bkey (via the sectors value), causing oversized inserts into the internal B+ tree. Thi...
CVE-2021-47409
CVE-2021-47409 concerns a Linux kernel vulnerability in the USB: dwc2 subsystem where a NULL return from platform_get_resource() could lead to a NULL pointer dereference. The issue is triggered when the return value is not checked, as described in the CVE entry and echoed in connected advisories ...