CVE-2019-15220

CVE-2019-15220 affects the Linux kernel prior to 5.2.1 and involves a use-after-free in the p54usb.c driver caused by a malicious USB device. The issue can lead to a denial of service via kernel memory corruption when a vulnerable USB device is connected to drivers/net/wireless/intersil/p54. The ...

CVE-2019-19045

CVE-2019-19045 affects the Linux kernel prior to 5.3.11 due to a memory leak in mlx5_fpga_conn_create_cq() (drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c). The issue allows local attackers to cause memory DoS by triggering mlx5_vector2eqn() failures. Ubuntu/Unity/SUSE advisories cite the sa...

CVE-2021-4037

Summary: CVE-2021-4037 affects the Linux kernel’s inode_init_owner() logic for XFS SGID directories, enabling local users to create files with unintended group ownership and SGID/group-exec bits when the directory is SGID and writable to non-group members. The issue is linked to a missed fix rela...

CVE-2019-11190

CVE-2019-11190 affects the Linux kernel prior to 4.8. Local users could bypass ASLR on setuid programs (e.g., /bin/su) due to install_exec_creds() being invoked late in load_elf_binary() in fs/binfmt_elf.c, creating a race in ptrace_may_access() when reading /proc/pid/stat. Connected advisories (...

CVE-2022-42896

CVE-2022-42896 affects the Linux kernel, specifically use-after-free in net/bluetooth/l2cap_core.c (l2cap_connect and l2cap_le_connect_req). A remote Bluetooth proximity attacker could trigger code execution or leak kernel memory. A fix is available by upgrading past the commit 711f8c3fb3db618970...

CVE-2019-15090

CVE-2019-15090 affects the Linux kernel driver component drivers/scsi/qedi/qedi_dbg.c, with an out-of-bounds read in the qedi_dbg_* family of functions for versions before 5.1.12. The issue can enable a local attacker to read memory due to improper bounds handling, as described in the CVE entry. ...

CVE-2019-20811

CVE-2019-20811 affects the Linux kernel prior to 5.0.6, where a reference count is mishandled in rx_queue_add_kobject() and netdev_queue_add_kobject() within net/core/net-sysfs.c (CID-a3e23f719f5c). The issue was fixed in kernel 5.0.6 (ChangeLog-5.0.6). Exploitation would require local access and...

CVE-2020-12769

CVE-2020-12769 affects the Linux kernel prior to 5.4.17. The issue is in drivers/spi/spi-dw.c, where concurrent calls to dw_spi_irq and dw_spi_transfer_one can trigger a kernel panic (local exploit). The vulnerability is fixed in Linux kernel 5.4.17 (see ChangeLog-5.4.17). No exploit details are ...

CVE-2020-12826

CVE-2020-12826 affects the Linux kernel before 5.6.5. The root cause is an integer overflow in exec_id (include/linux/sched.h) due to 32-bit sizing, which can allow a child process to send an arbitrary signal to a parent process in a different security domain, bypassing protection. A patched vers...

CVE-2018-21008

CVE-2018-21008 affects the Linux kernel up to version 4.16.6, with a use-after-free in rsi_mac80211_detach (drivers/net/wireless/rsi/rsi_91x_mac80211.c). Nessus/nvd-derived docs consistently reference this flaw across Unity Linux advisories and related feeds, confirming the vulnerable component a...

CVE-2020-36311

CVE-2020-36311 affects the Linux kernel prior to 5.9. In arch/x86/kvm/svm/sev.c, destroying a large SEV VM (unregistering many encrypted regions) can trigger a denial of service (soft lockup). The connected advisories confirm the issue and point to a fix in kernel 5.9 (and changelog indicating th...

CVE-2023-2008

The CVE-2023-2008 flaw is in the Linux kernel udmabuf device driver, within its fault handler. It stems from insufficient validation of user-supplied data, allowing a memory access past the end of an array. This can enable local privilege escalation and execution of arbitrary code in the kernel c...

CVE-2019-15217

The CVE-2019-15217 entry concerns a NULL pointer dereference in the Linux kernel before 5.2.3, triggered by a malicious USB device via the zr364xx USB driver (drivers/media/usb/zr364xx/zr364xx.c). The issue can lead to a denial of service on a physical USB attack vector. Public references indicat...

CVE-2020-24394

CVE-2020-24394 affects the Linux kernel before 5.7.8 in the NFS server (fs/nfsd/vfs.c). The root cause is that ACL-less filesystems do not apply the current umask when creating new objects, allowing an attacker with local access to set incorrect permissions. Public details in connected advisories...

CVE-2020-12464

CVE-2020-12464 is a Linux kernel use-after-free in the USB core path. The vulnerability stems from usb_sg_cancel in drivers/usb/core/message.c where a transfer can occur without a proper reference, enabling a local attacker to potentially crash or execute code. Connected documents confirm this is...

CVE-2018-5803

CVE-2018-5803 affects the Linux kernel SCTP chunk handling: a length check flaw in _sctp_make_chunk() (net/sctp/sm_make_chunk.c) can trigger a kernel crash/DoS. Affected kernel versions include 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102. Public advisories (Debian, CentOS/Red Hat, Ubunt...

CVE-2022-47929

CVE-2022-47929 is a Linux kernel vulnerability: a NULL pointer dereference in the traffic control subsystem (affecting qdisc_graft in net/sched/sch_api.c) that allows an unprivileged user to trigger a denial of service (system crash) via crafted tc qdisc/class configurations. Exploitation is loca...

CVE-2020-25212

CVE-2020-25212 affects the NFSv4 client in the Linux kernel and is caused by a TOCTOU mismatch where a size check is performed in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c. This can allow a local attacker to corrupt memory or cause unspecified impacts. The issue is addressed in the upstream k...

CVE-2021-3444

CVE-2021-3444 affects the Linux kernel’s eBPF verifier, where mod32 destination register truncation can be mishandled when the source is known to be zero. This enables a local attacker loading BPF programs to read kernel memory (information disclosure) and potentially perform out-of-bounds writes...

CVE-2023-2166

CVE-2023-2166 pertains to a NULL pointer dereference in the Linux kernel CAN protocol (net/can/af_can.c). The issue is that ml_priv may not be initialized in the receive path for CAN frames, enabling a local attacker to crash the system or potentially cause a denial of service via a malformed or ...

CVE-2020-36766

The CVE-2020-36766 issue affects the Linux kernel prior to 5.8.6. In drivers/media/cec/core/cec-api.c, memory leakage of one kernel byte to unprivileged users occurs due to directly assigning log_addrs with a hole in the struct. The vulnerability is local (requires local access) and has a low ove...

CVE-2021-3573

CVE-2021-3573 is a local-use-after-free vulnerability in the Linux kernel Bluetooth HCI subsystem (function hci_sock_bound_ioctl) where a race between ioct HCIUNBLOCKADDR and hci_unregister_dev() and calls such as hci_sock_blacklist_add()/del(), hci_get_conn_info(), and hci_get_auth_info() can le...

CVE-2021-4203

CVE-2021-4203 is a Linux kernel use-after-free read flaw in sock_getsockopt() triggered by a race between SO_PEERCRED/SO_PEERGROUPS and listen()/connect(). An authenticated local attacker could crash the system or leak kernel information. The connected IBM advisories document affected products (I...

CVE-2021-30002

The CVE-2021-30002 issue affects the Linux kernel prior to 5.11.3. It is caused by a memory leak in video_usercopy inside drivers/media/v4l2-core/v4l2-ioctl.c when handling large webcam arguments. This memory leak can lead to memory exhaustion on affected systems. Connected advisories (e.g., Debi...

CVE-2021-43389

CVE-2021-43389 affects the Linux kernel (pre-5.14.15) with an array-index-out-of-bounds flaw in the ISDN CAPI detach_capi_ctr function (kcapi.c). Multiple sources describe this as a local privilege‑escalation/DoS risk, where a privileged attacker could cause memory corruption, DoS, or potentially...

CVE-2020-27786

CVE-2020-27786 affects the Linux kernel MIDI subsystem (rawmidi) with a use-after-free in the MIDI ioctl handling path. A local attacker with access to issue ioctl commands to MIDI devices could trigger memory corruption, potentially enabling privilege escalation. Public documentation in connecte...

CVE-2023-38409

CVE-2023-38409 affects the Linux kernel fbcon subsystem (drivers/video/fbdev/core/fbcon.c). The issue arises in set_con2fb_map: an assignment is performed only for the first virtual console, which can desynchronize fbcon_registered_fb and fbcon_display when fbcon_mode_deleted is invoked, leaving ...

CVE-2019-11486

The CVE-2019-11486 entry describes multiple race conditions in the Siemens R3964 line discipline driver (drivers/tty/n_r3964.c) of the Linux kernel, affecting versions before 5.0.8. This yields local exploitation potential with full confidentiality, integrity, and availability impact. A fix is av...

CVE-2019-20096

CVE-2019-20096 affects the Linux kernel before 5.1, where a memory leak in __feat_register_sp() (net/dccp/feat.c) can lead to denial of service. The Unity Linux Nessus advisories (UTSA-2026-003899/004383/000228) reference the same description block, confirming the issue and impact. No specific pa...

CVE-2021-33655

CVE-2021-33655 is confirmed in the provided documents as an out-of-bounds memory write triggered by malicious data sent via the framebuffer ioctl FBIOPUT_VSCREENINFO in the Linux kernel framebuffer/console path. The issue allows a local user to crash the system and potentially escalate privileges...

CVE-2020-14381

CVE-2020-14381 is a vulnerability in the Linux kernel futex implementation. A local attacker can corrupt memory or escalate privileges when creating a futex on a filesystem that is about to be unmounted. The issue is local, with attack vector and conditions described as exploitation requiring loc...

CVE-2020-25284

The CVE-2020-25284 issue concerns the Rados Block Device (rbd) driver in the Linux kernel. Affected code path is in the rbd subsystem (drivers/block/rbd.c) where permission checks to access rbd devices were incomplete, enabling a local attacker to map or unmap rbd block devices. Multiple connecte...

CVE-2022-0516

CVE-2022-0516 affects the KVM for s390 in the Linux kernel, specifically the arch/s390/kvm/kvm-s390.c function kvm_s390_guest_sida_op. The vulnerability allows a local user with normal privileges to obtain unauthorized memory write access due to an insufficient check in the KVM s390x release_agen...

CVE-2022-1184

CVE-2022-1184 affects the Linux kernel ext4 file-system code (fs/ext4/namei.c:dx_insert_block). The flaw is a use-after-free that can be triggered by a local user to cause a denial of service. Astra Linux bulletin also documents this exact issue. The connected documents do not specify a fixed ver...

CVE-2020-11608

CVE-2020-11608 affects Linux kernel versions prior to 5.6.1. The issue is a NULL pointer dereference in the ov511_mode_init_regs and ov518_mode_init_regs paths of drivers/media/usb/gspca/ov519.c when there are zero USB endpoints, potentially enabling local denial of service. The vulnerability is ...

CVE-2022-1508

The CVE-2022-1508 entry describes an out-of-bounds read in the Linux kernel io_uring module triggered by certain parameters to io_read(), enabling a local user with low privileges and no user interaction to read memory out of bounds. The provided data notes a MEDIUM base score (6.1, CVSS 3.1) wit...

CVE-2018-1068

CVE-2018-1068 affects the Linux kernel: the 32-bit compatibility layer for ebtables did not sufficiently validate offset values in a 64-bit kernel. A local attacker with CAP_NET_ADMIN (in a namespace) could use this to overwrite kernel memory, potentially leading to privilege escalation. Public a...

CVE-2020-25656

CVE-2020-25656 is a Linux kernel use-after-free in the console subsystem related to ioctls KDGKBSENT and KDSKBSENT. A local attacker could read memory out of bounds, impacting data confidentiality. Several advisories (CloudLinux, Amazon Linux, CentOS/RHEL, Cloud Foundry/usn, etc.) reference this ...

CVE-2021-38204

CVE-2021-38204 affects the Linux kernel MAX-3421 host USB controller driver (drivers/usb/host/max3421-hcd.c). The flaw allows a physically proximate attacker to trigger a use-after-free and cause a denial of service (system panic) by removing a MAX-3421 USB device in certain situations. A fix is ...

CVE-2022-1353

CVE-2022-1353 — pfkey_register (net/key/af_key.c, Linux kernel) : A local, unprivileged user can gain access to kernel memory due to a flaw in pfkey_register. The vulnerability can lead to a system crash or leakage of internal kernel information. The Connected documents reference Linux kernel adv...

CVE-2018-20169

CVE-2018-20169 affects the Linux kernel USB subsystem. It stems from missing size checks in __usb_get_extra_descriptor when reading an extra descriptor, potentially enabling denial-of-service (and, per CVSS hints, high impact on confidentiality/integrity/availability). Affected versions: Linux ke...

CVE-2021-3772

CVE-2021-3772 affects the Linux kernel SCTP stack: a blind attacker who knows IPs/ports and can spoof packets can kill an existing SCTP association by sending invalid chunks. The connected advisories confirm the issue and point to a patch in the Linux kernel (commit 32f8807a48ae55be0e76880cfe8607...

CVE-2020-27170

The CVE-2020-27170 flaw affects the Linux kernel prior to 5.11.8, where in kernel/bpf/verifier.c there is undesirable out-of-bounds speculation on pointer arithmetic. This can enable a side-channel attack that defeats Spectre mitigations and may allow an attacker to obtain sensitive information f...

CVE-2022-1789

CVE-2022-1789 targets KVM in the Linux kernel. With shadow paging enabled, INVPCID can lead to a NULL pointer dereference when CR0.PG=0, because the invlpg callback is not set, causing a crash in kvm_mmu_invpcid_gva. The same issue is echoed in Astra Linux and AlmaLinux advisories, which list KVM...

CVE-2020-15780

CVE-2020-15780 – Linux kernel configfs ACPI lockdown bypass Affects: Linux kernel drivers/acpi/acpi_configfs.c prior to 5.7.7 (observed in Unity Linux advisories). Impact: Injection of malicious ACPI tables via configfs could bypass lockdown and secure boot protections. Local attacker privileges ...

CVE-2019-18660

CVE-2019-18660 affects: Linux kernel on PowerPC. Summary: Information exposure due to Spectre-RSB mitigation not being active on all applicable CPUs, related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c. Impact: potential partial leakage of sensitive data through side chan...

CVE-2020-27820

CVE-2020-27820: Linux kernel use-after-free in nouveau's postclose() during device removal (or unbind). Exploitation local; affects nouveau driver paths; impact: high availability risk, no confidentiality/integrity impact per CVSS. Documents indicate a fix exists in kernel patches (e.g., advisori...

CVE-2019-13233

CVE-2019-13233 affects Linux kernel arch/x86/lib/insn-eval.c with a use-after-free in LDT entry access caused by a race between modify_ldt() and a #BR exception for an MPX bounds violation. F5 advisory notes the vulnerability in Linux kernel before 5.1.9 and cites the ChangeLog-5.1.9 as the fix. ...

CVE-2021-29647

CVE-2021-29647 affects the Linux kernel (qrtr_recvmsg in net/qrtr/qrtr.c). The issue is an information disclosure via a partially uninitialized data structure, enabling a local attacker to read kernel memory. Root cause: partially uninitialized data in QRTR IPC router handling. Public references ...

CVE-2024-43911

CVE-2024-43911—Linux kernel wifi/mac80211 NULL pointer dereference fix . The vulnerability occurs in the MLD path during band/tx BA session initialization where link_data/link_conf may not point to vif->bss_conf, risking a NULL chan and a kernel crash. The fix adds explicit checks on ht_suppor...