Lucene search

K

9873 matches found

CVE
CVE
added 2023/06/18 10:15 p.m.96 views

CVE-2023-35829

An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c.

7CVSS6.8AI score0.00043EPSS
CVE
CVE
added 2024/08/21 12:15 a.m.96 views

CVE-2024-43863

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix a deadlock in dma buf fence polling Introduce a version of the fence ops that on release doesn't removethe fence from the pending list, and thus doesn't require a lock tofix poll->fence wait->fence unref deadl...

5.5CVSS6.5AI score0.00037EPSS
CVE
CVE
added 2024/09/27 1:15 p.m.96 views

CVE-2024-46807

In the Linux kernel, the following vulnerability has been resolved: drm/amd/amdgpu: Check tbo resource pointer Validate tbo resource pointer, skip if NULL

5.5CVSS5.4AI score0.00047EPSS
CVE
CVE
added 2024/11/19 6:15 p.m.96 views

CVE-2024-53085

In the Linux kernel, the following vulnerability has been resolved: tpm: Lock TPM chip in tpm_pm_suspend() first Setting TPM_CHIP_FLAG_SUSPENDED in the end of tpm_pm_suspend() can be racyaccording, as this leaves window for tpm_hwrng_read() to be called whilethe operation is in progress. The recent...

5.5CVSS6.5AI score0.00027EPSS
CVE
CVE
added 2011/05/26 4:55 p.m.95 views

CVE-2010-4251

The socket implementation in net/core/sock.c in the Linux kernel before 2.6.34 does not properly manage a backlog of received packets, which allows remote attackers to cause a denial of service (memory consumption) by sending a large amount of network traffic, as demonstrated by netperf UDP tests.

7.8CVSS6.8AI score0.0215EPSS
CVE
CVE
added 2011/07/18 10:55 p.m.95 views

CVE-2011-0726

The do_task_stat function in fs/proc/array.c in the Linux kernel before 2.6.39-rc1 does not perform an expected uid check, which makes it easier for local users to defeat the ASLR protection mechanism by reading the start_code and end_code fields in the /proc/#####/stat file for a process executing...

2.1CVSS6.7AI score0.0011EPSS
CVE
CVE
added 2011/05/03 8:55 p.m.95 views

CVE-2011-1593

Multiple integer overflows in the next_pidmap function in kernel/pid.c in the Linux kernel before 2.6.38.4 allow local users to cause a denial of service (system crash) via a crafted (1) getdents or (2) readdir system call.

4.9CVSS6.1AI score0.00041EPSS
CVE
CVE
added 2012/05/17 11:0 a.m.95 views

CVE-2012-1601

The KVM implementation in the Linux kernel before 3.3.6 allows host OS users to cause a denial of service (NULL pointer dereference and host OS crash) by making a KVM_CREATE_IRQCHIP ioctl call after a virtual CPU already exists.

4.9CVSS5.8AI score0.00127EPSS
CVE
CVE
added 2013/03/22 11:59 a.m.95 views

CVE-2013-0914

The flush_signal_handlers function in kernel/signal.c in the Linux kernel before 3.8.4 preserves the value of the sa_restorer field across an exec operation, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application containing a sigaction system call.

3.6CVSS5.2AI score0.00009EPSS
CVE
CVE
added 2015/03/02 11:59 a.m.95 views

CVE-2013-7421

The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a module name in the salg_name field, a different vulnerability than CVE-2014-9644.

2.1CVSS5.7AI score0.00041EPSS
CVE
CVE
added 2015/08/31 10:59 a.m.95 views

CVE-2015-3290

arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform improperly relies on espfix64 during nested NMI processing, which allows local users to gain privileges by triggering an NMI within a certain instruction window.

7.2CVSS5.5AI score0.00933EPSS
CVE
CVE
added 2024/03/01 10:15 p.m.95 views

CVE-2021-47070

In the Linux kernel, the following vulnerability has been resolved: uio_hv_generic: Fix another memory leak in error handling paths Memory allocated by 'vmbus_alloc_ring()' at the beginning of the probefunction is never freed in the error handling path. Add the missing 'vmbus_free_ring()' call. Not...

5.5CVSS6.1AI score0.00008EPSS
CVE
CVE
added 2024/05/21 3:15 p.m.95 views

CVE-2021-47304

In the Linux kernel, the following vulnerability has been resolved: tcp: fix tcp_init_transfer() to not reset icsk_ca_initialized This commit fixes a bug (found by syzkaller) that could cause spuriousdouble-initializations for congestion control modules, which could causememory leaks or other probl...

5.5CVSS6.7AI score0.00046EPSS
CVE
CVE
added 2024/05/21 3:15 p.m.95 views

CVE-2021-47356

In the Linux kernel, the following vulnerability has been resolved: mISDN: fix possible use-after-free in HFC_cleanup() This module's remove path calls del_timer(). However, that functiondoes not wait until the timer handler finishes. This means that thetimer handler may still be running after the ...

7.7CVSS7.7AI score0.00012EPSS
CVE
CVE
added 2022/03/10 5:44 p.m.95 views

CVE-2022-0433

A NULL pointer dereference flaw was found in the Linux kernel's BPF subsystem in the way a user triggers the map_get_next_key function of the BPF bloom filter. This flaw allows a local user to crash the system. This flaw affects Linux kernel versions prior to 5.17-rc1.

5.5CVSS5AI score0.00039EPSS
CVE
CVE
added 2024/08/22 2:15 a.m.95 views

CVE-2022-48915

In the Linux kernel, the following vulnerability has been resolved: thermal: core: Fix TZ_GET_TRIP NULL pointer dereference Do not call get_trip_hyst() from thermal_genl_cmd_tz_get_trip() ifthe thermal zone does not define one.

5.5CVSS6.6AI score0.00048EPSS
CVE
CVE
added 2024/10/21 8:15 p.m.95 views

CVE-2022-48978

In the Linux kernel, the following vulnerability has been resolved: HID: core: fix shift-out-of-bounds in hid_report_raw_event Syzbot reported shift-out-of-bounds in hid_report_raw_event. microsoft 0003:045E:07DA.0001: hid_field_extract() called with n (128) >32! (swapper/0) UBSAN: shift-out-of-...

5.5CVSS5.1AI score0.0005EPSS
CVE
CVE
added 2024/10/21 8:15 p.m.95 views

CVE-2022-48991

In the Linux kernel, the following vulnerability has been resolved: mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths Any codepath that zaps page table entries must invoke MMU notifiers toensure that secondary MMUs (like KVM) don't keep accessing pages whicharen't mapped anymore. Sec...

7.8CVSS7.3AI score0.0005EPSS
CVE
CVE
added 2025/02/26 7:0 a.m.95 views

CVE-2022-49109

In the Linux kernel, the following vulnerability has been resolved: ceph: fix inode reference leakage in ceph_get_snapdir() The ceph_get_inode() will search for or insert a new inode into thehash for the given vino, and return a reference to it. If new isnon-NULL, its reference is consumed. We shou...

5.3AI score0.00041EPSS
CVE
CVE
added 2025/02/26 7:0 a.m.95 views

CVE-2022-49136

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: Fix queuing commands when HCI_UNREGISTER is set hci_cmd_sync_queue shall return an error if HCI_UNREGISTER flag hasbeen set as that means hci_unregister_dev has been called so it willlikely cause a uaf after th...

7.8CVSS5.5AI score0.00038EPSS
CVE
CVE
added 2025/02/26 7:0 a.m.95 views

CVE-2022-49156

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix scheduling while atomic The driver makes a call into midlayer (fc_remote_port_delete) which can putthe thread to sleep. The thread that originates the call is in interruptcontext. The combination of the two trigg...

5.3AI score0.00034EPSS
CVE
CVE
added 2025/02/26 7:0 a.m.95 views

CVE-2022-49226

In the Linux kernel, the following vulnerability has been resolved: net: asix: add proper error handling of usb read errors Syzbot once again hit uninit value in asix driver. The problem still thesame -- asix_read_cmd() reads less bytes, than was requested by caller. Since all read requests are per...

5.3AI score0.00041EPSS
CVE
CVE
added 2025/02/26 7:1 a.m.95 views

CVE-2022-49280

In the Linux kernel, the following vulnerability has been resolved: NFSD: prevent underflow in nfssvc_decode_writeargs() Smatch complains: fs/nfsd/nfsxdr.c:341 nfssvc_decode_writeargs() warn: no lower bound on 'args->len' Change the type to unsigned to prevent this issue.

5.5CVSS5.3AI score0.00035EPSS
CVE
CVE
added 2025/02/26 7:1 a.m.95 views

CVE-2022-49409

In the Linux kernel, the following vulnerability has been resolved: ext4: fix bug_on in __es_tree_search Hulk Robot reported a BUG_ON: kernel BUG at fs/ext4/extents_status.c:199![...]RIP: 0010:ext4_es_end fs/ext4/extents_status.c:199 [inline]RIP: 0010:__es_tree_search+0x1e0/0x260 fs/ext4/extents_st...

5.2AI score0.00068EPSS
CVE
CVE
added 2025/02/26 7:1 a.m.95 views

CVE-2022-49412

In the Linux kernel, the following vulnerability has been resolved: bfq: Avoid merging queues with different parents It can happen that the parent of a bfqq changes between the moment wedecide two queues are worth to merge (and set bic->stable_merge_bfqq)and the moment bfq_setup_merge() is calle...

7.8CVSS5.3AI score0.00026EPSS
CVE
CVE
added 2025/02/26 7:1 a.m.95 views

CVE-2022-49515

In the Linux kernel, the following vulnerability has been resolved: ASoC: cs35l41: Fix an out-of-bounds access in otp_packed_element_t The CS35L41_NUM_OTP_ELEM is 100, but only 99 entries are defined inthe array otp_map_1/2[CS35L41_NUM_OTP_ELEM], this will trigger UBSANto report a shift-out-of-boun...

5.4AI score0.00054EPSS
CVE
CVE
added 2023/05/31 8:15 p.m.95 views

CVE-2023-34256

An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4_group_desc_csum does not properly check an offset. NOTE: this is disputed by third parties because the kernel is not intended to defend agai...

5.5CVSS5.8AI score0.00016EPSS
CVE
CVE
added 2023/07/18 12:15 a.m.95 views

CVE-2023-38431

An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/connection.c in ksmbd does not validate the relationship between the NetBIOS header's length field and the SMB header sizes, via pdu_size in ksmbd_conn_handler_loop, leading to an out-of-bounds read.

9.1CVSS8.8AI score0.00066EPSS
CVE
CVE
added 2024/05/21 4:15 p.m.95 views

CVE-2023-52700

In the Linux kernel, the following vulnerability has been resolved: tipc: fix kernel warning when sending SYN message When sending a SYN message, this kernel stack trace is observed: ...[ 13.396352] RIP: 0010:_copy_from_iter+0xb4/0x550...[ 13.398494] Call Trace:[ 13.398630] [ 13.398630] ? __alloc_s...

5.5CVSS6.8AI score0.00009EPSS
CVE
CVE
added 2024/04/03 3:15 p.m.95 views

CVE-2024-26702

In the Linux kernel, the following vulnerability has been resolved: iio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC Recently, we encounter kernel crash in function rm3100_common_probecaused by out of bound access of array rm3100_samp_rates (because ofunderlying...

5.5CVSS6.1AI score0.00007EPSS
CVE
CVE
added 2024/04/17 11:15 a.m.95 views

CVE-2024-26864

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix refcnt handling in __inet_hash_connect(). syzbot reported a warning in sk_nulls_del_node_init_rcu(). The commit 66b60b0c8c4a ("dccp/tcp: Unhash sk from ehash for tb2 allocfailure after check_estalblished().") tried to fix ...

5.9CVSS6.5AI score0.00034EPSS
CVE
CVE
added 2024/05/20 10:15 a.m.95 views

CVE-2024-35964

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix not validating setsockopt user input Check user input length before copying data.

6.8AI score0.00049EPSS
CVE
CVE
added 2024/07/05 7:15 a.m.95 views

CVE-2024-39484

In the Linux kernel, the following vulnerability has been resolved: mmc: davinci: Don't strip remove function when driver is builtin Using __exit for the remove function results in the remove callback beingdiscarded with CONFIG_MMC_DAVINCI=y. When such a device gets unbound (e.g.using sysfs or hotp...

5.5CVSS6.5AI score0.00064EPSS
CVE
CVE
added 2024/07/12 1:15 p.m.95 views

CVE-2024-40925

In the Linux kernel, the following vulnerability has been resolved: block: fix request.queuelist usage in flush Friedrich Weber reported a kernel crash problem and bisected to commit81ada09cc25e ("blk-flush: reuse rq queuelist in flush state machine"). The root cause is that we use "list_move_tail(...

6.4AI score0.00116EPSS
CVE
CVE
added 2024/07/12 1:15 p.m.95 views

CVE-2024-40983

In the Linux kernel, the following vulnerability has been resolved: tipc: force a dst refcount before doing decryption As it says in commit 3bc07321ccc2 ("xfrm: Force a dst refcount beforeentering the xfrm type handlers"): "Crypto requests might return asynchronous. In this case we leave thercu pro...

6.5AI score0.00301EPSS
CVE
CVE
added 2024/07/29 3:15 p.m.95 views

CVE-2024-41062

In the Linux kernel, the following vulnerability has been resolved: bluetooth/l2cap: sync sock recv cb and release The problem occurs between the system call to close the sock and hci_rx_work,where the former releases the sock and the latter accesses it without lock protection. CPU0 CPU1 ---- ---- ...

6.5AI score0.00131EPSS
CVE
CVE
added 2024/07/29 4:15 p.m.95 views

CVE-2024-41084

In the Linux kernel, the following vulnerability has been resolved: cxl/region: Avoid null pointer dereference in region lookup cxl_dpa_to_region() looks up a region based on a memdev and DPA.It wrongly assumes an endpoint found mapping the DPA is also ofa fully assembled region. When not true it l...

5.5CVSS6.4AI score0.00039EPSS
CVE
CVE
added 2024/08/07 4:15 p.m.95 views

CVE-2024-42232

In the Linux kernel, the following vulnerability has been resolved: libceph: fix race between delayed_work() and ceph_monc_stop() The way the delayed work is handled in ceph_monc_stop() is prone toraces with mon_fault() and possibly also finish_hunting(). Both ofthese can requeue the delayed work w...

5.5CVSS6.7AI score0.00084EPSS
CVE
CVE
added 2024/08/17 9:15 a.m.95 views

CVE-2024-42282

In the Linux kernel, the following vulnerability has been resolved: net: mediatek: Fix potential NULL pointer dereference in dummy net_device handling Move the freeing of the dummy net_device from mtk_free_dev() tomtk_remove(). Previously, if alloc_netdev_dummy() failed in mtk_probe(),eth->dummy...

5.5CVSS6.5AI score0.00047EPSS
CVE
CVE
added 2024/08/17 9:15 a.m.95 views

CVE-2024-42321

In the Linux kernel, the following vulnerability has been resolved: net: flow_dissector: use DEBUG_NET_WARN_ON_ONCE The following splat is easy to reproduce upstream as well as in -stablekernels. Florian Westphal provided the following commit: d1dab4f71d37 ("net: add and use __skb_get_hash_symmetri...

6.4AI score0.00073EPSS
CVE
CVE
added 2024/09/11 4:15 p.m.95 views

CVE-2024-45016

In the Linux kernel, the following vulnerability has been resolved: netem: fix return value if duplicate enqueue fails There is a bug in netem_enqueue() introduced bycommit 5845f706388a ("net: netem: fix skb length BUG_ON in __skb_to_sgvec")that can lead to a use-after-free. This commit made netem_...

5.5CVSS6.2AI score0.00074EPSS
CVE
CVE
added 2024/09/13 6:15 a.m.95 views

CVE-2024-46675

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: core: Prevent USB core invalid event buffer address access This commit addresses an issue where the USB core could access aninvalid event buffer address during runtime suspend, potentially causingSMMU faults and other me...

5.5CVSS6.4AI score0.00084EPSS
CVE
CVE
added 2024/09/27 1:15 p.m.95 views

CVE-2024-46828

In the Linux kernel, the following vulnerability has been resolved: sched: sch_cake: fix bulk flow accounting logic for host fairness In sch_cake, we keep track of the count of active bulk flows per host,when running in dst/src host fairness mode, which is used as theround-robin weight when iterati...

7.8CVSS7.3AI score0.00036EPSS
CVE
CVE
added 2024/10/21 12:15 p.m.95 views

CVE-2024-47705

In the Linux kernel, the following vulnerability has been resolved: block: fix potential invalid pointer dereference in blk_add_partition The blk_add_partition() function initially used a single if-condition(IS_ERR(part)) to check for errors when adding a partition. This wasmodified to handle the s...

5.5CVSS7AI score0.00044EPSS
CVE
CVE
added 2024/10/21 12:15 p.m.95 views

CVE-2024-47707

In the Linux kernel, the following vulnerability has been resolved: ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() Blamed commit accidentally removed a check for rt->rt6i_idev being NULL,as spotted by syzbot: Oops: general protection fault, probably for non-canonical address 0x...

5.5CVSS6.8AI score0.00045EPSS
CVE
CVE
added 2024/10/21 1:15 p.m.95 views

CVE-2024-47757

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential oob read in nilfs_btree_check_delete() The function nilfs_btree_check_delete(), which checks whether degenerationto direct mapping occurs before deleting a b-tree entry, causes memoryaccess outside the block b...

7.1CVSS6.7AI score0.00043EPSS
CVE
CVE
added 2024/10/21 6:15 p.m.95 views

CVE-2024-49896

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check stream before comparing them [WHAT & HOW]amdgpu_dm can pass a null stream to dc_is_stream_unchanged. It isnecessary to check for null before dereferencing them. This fixes 1 FORWARD_NULL issue reported by Cov...

5.5CVSS5.2AI score0.00043EPSS
CVE
CVE
added 2024/10/21 6:15 p.m.95 views

CVE-2024-49939

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: avoid to add interface to list twice when SER If SER L2 occurs during the WoWLAN resume flow, the add interface flowis triggered by ieee80211_reconfig(). However, due tortw89_wow_resume() return failure, it will cause ...

5.5CVSS6.5AI score0.00045EPSS
CVE
CVE
added 2024/11/07 10:15 a.m.95 views

CVE-2024-50152

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix possible double free in smb2_set_ea() Clang static checker(scan-build) warning:fs/smb/client/smb2ops.c:1304:2: Attempt to free released memory.1304 | kfree(ea);| ^~~~~~~~~ There is a double free in such case:'ea is...

5.5CVSS5.7AI score0.00028EPSS
CVE
CVE
added 2024/11/08 6:15 a.m.95 views

CVE-2024-50197

In the Linux kernel, the following vulnerability has been resolved: pinctrl: intel: platform: fix error path in device_for_each_child_node() The device_for_each_child_node() loop requires calls tofwnode_handle_put() upon early returns to decrement the refcount ofthe child node and avoid leaking mem...

5.5CVSS6.7AI score0.00034EPSS
Total number of security vulnerabilities9873