CVE-2020-28915

CVE-2020-28915 is a Linux kernel vulnerability in the fbcon framebuffer code, where a buffer over-read before 5.8.15 could allow a local attacker to read kernel memory. The issue is caused by improper bounds handling in the framebuffer font-related path used by fbcon. Affected fix: upstream patch...

CVE-2023-46813

CVE-2023-46813 affects the Linux kernel before 6.5.9. The issue arises from incorrect access checking in the #VC handler and SEV-ES MMIO instruction emulation, allowing a race where an attacker with userspace MMIO access can replace an instruction before the #VC handler reads it. This can lead to...

CVE-2019-15213

CVE-2019-15213: Linux kernel before 5.2.3 contains a use-after-free in the DVB‑USB driver (drivers/media/usb/dvb-usb/dvb-usb-init.c) triggered by a malicious USB device. The issue is limited to the kernel plasma stack in this component and is mitigated by upgrading to kernel 5.2.3 or newer, per t...

CVE-2022-49731

CVE-2022-49731 affects the Linux kernel’s ata_libata-core. The flaw is a NULL pointer dereference in ata_host_alloc_pinfo() if the ppi array starts with NULL, causing a kernel oops. The fix initializes the local pi variable to &ata_dummy_port_info to prevent the oops. This vulnerability is addres...

CVE-2022-1734

CVE-2022-1734 affects the Linux kernel nfcmrvl NFC driver (drivers/nfc/nfcmrvl/main.c). The flaw is a use-after-free caused by a race between the cleanup path and firmware download, allowing memory corruption with local access (read/write) and potentially denial of service or privilege escalation...

CVE-2017-7889

CVE-2017-7889 affects the Linux kernel mm subsystem (up to 3.2); a local attacker with access to /dev/mem can read/write kernel memory due to CONFIG_STRICT_DEVMEM not being properly enforced in arch/x86/mm/init.c and drivers/char/mem.c. Public details: Debian security advisories show fixes (e.g.,...

CVE-2023-52809

CVE-2023-52809 : Linux kernel vulnerability in scsi: libfc where fc_lport_ptp_setup() could dereference a NULL pointer if fc_rport_create() returns NULL. The fix adds a check on fc_rport_create()’s return value and logs an error when it fails. Affects the kernel’s SCSI/FC path; local access requi...

CVE-2019-19543

CVE-2019-19543: In the Linux kernel up to 5.1.5/5.1.6, there is a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c. A local attacker could trigger this UAF via the serial IR device support, with the impact described as potential denial of service or instability once the f...

CVE-2023-42755

CVE-2023-42755 affects the IPv4 RSVP classifier in the Linux kernel. The xprt pointer can reference beyond the skb’s linear area, causing an out-of-bounds read in rsvp_classify, which may allow a local user to crash the system and trigger denial of service. Connected advisories (Debian, Red Hat-b...

CVE-2019-17351

CVE-2019-17351 affects the Linux kernel prior to 5.2.3 in drivers/xen/balloon.c (Xen up to 4.12.x). The issue allows a guest OS user to cause a denial of service by unrestricted resource consumption during the mapping of guest memory. The connected advisories (Unity Linux, EulerOS, OpenVAS/USN re...

CVE-2022-2503

CVE-2022-2503 affects Linux kernels using Dm-verity/LoadPin. A device-mapper table reload can swap the target to an equivalent dm-linear target, bypassing verification until reboot and allowing root to load untrusted/unsigned kernel modules and firmware. This can enable arbitrary kernel execution...

CVE-2019-19051

CVE-2019-19051 : A memory leak in the Linux kernel function i2400m_op_rfkill_sw_toggle() (drivers/net/wimax/i2400m/op-rfkill.c) prior to 5.3.11 can allow a local attacker to cause memory exhaustion and denial of service. The issue is fixed in 5.3.11 (ChangeLog-5.3.11). References include related ...

CVE-2022-1852

CVE-2022-1852 concerns a NULL pointer dereference in the Linux kernel’s KVM module during x86 emulation (x86_emulate_insn) when the guest executes an illegal instruction on Intel CPUs, which can lead to a denial of service. The vulnerability is in the KVM emulation path (arch/x86/kvm/emulate.c) a...

CVE-2022-3707

CVE-2022-3707 is a double-free in the Intel GVT-g graphics support within the Linux kernel, specifically in the intel_gvt_dma_map_guest_page path. The flaw can be triggered by a local attacker and may crash the system due to memory corruption. Connected advisories confirm the issue affecting the ...

CVE-2024-56779

The CVE-2024-56779 entry describes a Linux kernel vulnerability in nf sd4_open handling where concurrent opens could leak nfsd_openowner state, potentially leaving objects unfreed and triggering a warning when /proc/fs/nfsd/threads is echoed. The issue arises when two rpc_task instances race to o...

CVE-2024-56787

CVE-2024-56787 documents a Linux kernel issue where imx8m SoC code probed as a driver caused -EPROBE_DEFER when clock driver wasn’t probed yet. The fix converts the SoC code to a platform driver and instantiates it in current device_initcall, propagating -EPROBE_DEFER through the .probe retry mec...

CVE-2023-6531

CVE-2023-6531 is a Linux kernel use-after-free race in the unix garbage collector where deletion of SKB races with unix_stream_read_generic() on the socket the SKB is queued on. The issue enables local privilege escalation as described in multiple advisories. Public documents consistently identif...

CVE-2024-26915

CVE-2024-26915 concerns the Linux kernel DRM AMDGPU driver. The root cause is the Reset IH OVERFLOW_CLEAR bit, which allows detection of subsequent IH ring buffer overflows. Affected component: drm/amdgpu in the Linux kernel. Impact as stated: potential availability impact with local, low-privile...

CVE-2018-16658

The CVE-2018-16658 entry concerns the Linux kernel prior to 4.18.6, where a vulnerability in cdrom_ioctl_drive_status() in drivers/cdrom/cdrom.c allows a local attacker to read kernel memory due to an unsafe cast from unsigned long to int that bypasses bounds checks. The issue is mitigated by upg...

CVE-2022-2078

CVE-2022-2078 is a Linux kernel vulnerability in nft_set_desc_concat_parse() that can trigger a buffer overflow, leading to denial of service and possibly code execution. The linked AstraEU/IBM advisories reiterate the same function and impact, describing local access requirements and potential f...

CVE-2020-25669

CVE-2020-25669 is a Linux kernel use-after-free in sunkbd_reinit triggered after sunkbd interrupts and before freed; an alias remains after NULLing in sinkbd_disconnect, enabling a use-after-free condition. Documents indicate this is a kernel issue with local impact, potentially causing a crash o...

CVE-2022-0494

CVE-2022-0494 is a Linux kernel information-leak flaw in scsi_ioctl.c that could let a local attacker with CAP_SYS_ADMIN or CAP_SYS_RAWIO extract kernel information, affecting confidentiality. The associated documents confirm the vulnerability and provide CVSS context (local access, high confiden...

CVE-2023-28328

CVE-2023-28328: A NULL pointer dereference in the az6027 driver (drivers/media/usb/dev-usb/az6027.c) of the Linux kernel, caused by not validating the user-space message before transfer. Local users could crash the system or potentially cause a denial of service. Connected Astra Linux bulletin re...

CVE-2023-52815

The connected Astra Linux advisory confirms the CVE affects the Linux kernel DRM amdgpu/vkms path. In amdgpu_vkms_conn_get_modes(), the code previously assigned the return value of drm_cvt_mode() to mode and could dereference NULL on failure. The fix adds a NULL check to prevent dereference, miti...

CVE-2019-15215

The CVE-2019-15215 issue is a use-after-free in the Linux kernel, caused by a malicious USB device via the cpia2_usb.c driver (drivers/media/usb/cpia2). Affected: kernel versions before 5.2.6. Impact: potential local denial of service or privilege issues due to use-after-free in USB cpia2 handlin...

CVE-2023-0468

CVE-2023-0468 : A use-after-free race in the Linux kernel’s io_uring/poll.c (io_poll_check_events, io_uring subcomponent) is triggered by a race on poll_refs, potentially causing a NULL pointer dereference. Impact: local attacker could cause a system crash/denial of service; CVSS indicates LOCAL ...

CVE-2023-4244

CVE-2023-4244 is a Linux kernel use-after-free in nf_tables/netfilter. A race between the netlink control plane transaction and nft_set element garbage collection can underflow a reference counter, enabling local privilege escalation. Affected: Linux kernel nf_tables/netfilter. Root cause: refere...

CVE-2017-9077

CVE-2017-9077 : The Linux kernel's tcp_v6_syn_recv_sock in net/ipv6/tcp_ipv6.c mishandles inheritance, enabling a local attacker to cause a denial of service via crafted system calls. The connected CentOS/CSA entries corroborate kernel-level impact and note security updates; no remote exploit det...

CVE-2022-24959

CVE-2022-24959 affects the Linux kernel before 5.16.5, via a memory leak in yam_siocdevprivate() in drivers/net/hamradio/yam.c. This can lead to denial of service due to memory exhaustion. The issue is addressed in the 5.16.5 kernel release; related advisories (e.g., Debian security updates) note...

CVE-2022-36123

The CVE-2022-36123 entry pertains to the Linux kernel prior to 5.18.13, where an unclear clear operation for the .bss block may allow Xen PV guests to trigger a denial of service or privilege escalation. Affected component: Linux kernel (xen pv guest context) up to version 5.18.12; fixed in 5.18....

CVE-2024-25744

In CVE-2024-25744, Linux kernel versions before 6.6.7 are vulnerable: an untrusted VMM can trigger int80 syscall handling at any point due to code in arch/x86/coco/tdx/tdx.c and arch/x86/mm/mem_encrypt_amd.c. This is a local-privilege impact condition as described by the advisory, with a base sco...

CVE-2017-7184

The CVE-2017-7184 issue affects the Linux kernel xfrm subsystem, where xfrm_replay_verify_len in net/xfrm/xfrm_user.c up to 4.10.6 does not validate certain size data after an XFRM_MSG_NEWAE update, enabling a local attacker with CAP_NET_ADMIN to cause a heap-based out-of-bounds access and potent...

CVE-2019-7308

CVE-2019-7308 affects the Linux kernel’s BPF verifier in kernel/bpf/verifier.c prior to 4.20.6. The issue is undesirable out-of-bounds speculation on pointer arithmetic across branches with different state/limits, enabling potential side-channel attacks. Public sources in connected documents cons...

CVE-2020-25673

CVE-2020-25673 is described in connected documents as a Linux kernel vulnerability where a non-blocking socket in llcp_sock_connect() can cause a memory leak and eventually hang the system. The Unity Linux UTSA-2026-001467 advisory and related Nessus plugins reiterate this issue, referencing a vu...

CVE-2021-29648

CVE-2021-29648 affects the Linux kernel up to version 5.11.11, with the BPF subsystem failing to treat resolved_ids and resolved_sizes as intentionally uninitialized in the vmlinux BTF. The consequence is a system crash on an unexpected access (in map_create and check_btf_info), caused by CID-350...

CVE-2018-5814

CVE-2018-5814 : Linux Kernel before 4.16.11, 4.14.43, 4.9.102, and 4.4.133 has race condition vulnerabilities in USB handling (probe, disconnect, rebind) that can trigger use-after-free or NULL dereference via multiple USB over IP packets. Fixes were released in kernel updates: 4.16.11, 4.14.43, ...

CVE-2022-42328

Technical details about CVE-2022-42328 (and related CVEs) are not provided in the connected documents. Monitor the cited Xen/XenServer advisories and AWS Amazon/Linux advisories for updates and fixes.

CVE-2017-15265

CVE-2017-15265 is a race condition in the ALSA sequencer subsystem of the Linux kernel, up to version 4.13.8. A local attacker can trigger a use-after-free via crafted /dev/snd/seq ioctl calls, leading to denial of service (crash) or potentially other impacts. The vulnerability is fixed in the up...

CVE-2020-29370

CVE-2020-29370 (Linux kernel): An issue in kmem_cache_alloc_bulk (mm/slub.c) before 5.5.11 where the slowpath path does not increment the TID as required (CID-fd4d9c7d0c71). Affected: Linux kernel prior to 5.5.11. Impact described in connected advisories as a vulnerability in the kernel memory al...

CVE-2022-2961

CVE-2022-2961 concerns the Linux kernel’s PLP Rose functionality. The vulnerability is a use-after-free flaw caused by a race: a local user can trigger a race between calling bind and the rose_bind() function, potentially crashing the kernel or escalating privileges. Impact is described as local ...

CVE-2024-0607

The CVE-2024-0607 entry concerns the Linux kernel netfilter/nft_tables vulnerability in nft_byteorder_eval(). A loop writes 8 bytes per iteration into a dst array of u32 elements, causing out-of-bounds writes and corruption of the dst array. This can enable a local user to cause a Denial of Servi...

CVE-2019-19526

The vulnerability CVE-2019-19526 affects the Linux kernel prior to 5.3.9, caused by a use-after-free in the drivers/nfc/pn533/usb.c USB NFC driver. A malicious USB device can trigger the bug, potentially impacting availability (high impact) while confidentiality/integrity remain unaffected. Affec...

CVE-2020-29371

CVE-2020-29371 affects Linux kernel romfs_dev_read (fs/romfs/storage.c) prior to 5.8.4, where uninitialized memory leaks to userspace. The vulnerability stems from uninitialized memory paths, enabling leakage to user space. Affected component is the ROMFS code in the kernel; no exploit details ar...

CVE-2024-42070

CVE-2024-42070 affects the Linux kernel netfilter nft_tables component. The issue is in the NFT_DATA_VALUE store validation for data registers; the datatype can be NFT_DATA_VALUE or NFT_DATA_VERDICT, and a new helper to infer the register type from the set datatype removes a conditional check. Th...

CVE-2015-3288

CVE-2015-3288 affects the Linux kernel prior to 4.1.4. It arises from mishandling anonymous pages in mm/memory.c, allowing a local user to gain privileges or cause a denial of service by writing to page zero. The issue is fixed in 4.1.4 (per ChangeLog-4.1.4 and related advisories referenced in th...

CVE-2016-9794

CVE-2016-9794 is a local, use-after-free race in ALSA’s snd_pcm_period_elapsed() in the Linux kernel before 4.7. A crafted SNDRV_PCM_TRIGGER_START can trigger memory corruption, enabling a local attacker to cause a denial of service (and possibly other impact) on affected systems. Public write-up...

CVE-2020-16120

The CVE-2020-16120 issue concerns Overlayfs in the Linux kernel where permission checks during copy-up were inadequate when used inside a user namespace. It was introduced in kernel 4.19 (ovl: stack file ops) and fixed in kernel 5.8 by patches that verify permissions in ovl_path_open(), switch to...

CVE-2021-3501

CVE-2021-3501 affects Linux kernels prior to 5.12. The vulnerability arises from the KVM API: the internal.ndata value is mapped to an array index and can be updated by a user process at any time, enabling an out-of-bounds write. Documented impact is data integrity and system availability. A patc...

CVE-2021-38207

CVE-2021-38207 affects the Linux kernel driver: drivers/net/ethernet/xilinx/ll_temac_main.c. It allows remote attackers to cause a denial of service (buffer overflow and lockup) by sending heavy network traffic for about ten minutes. The issue is in the ll_temac_main.c path, and the vulnerability...

CVE-2022-26966

CVE-2022-26966 affects the Linux kernel up to 5.16.12, via the drivers/net/usb/sr9700.c component. A local attacker can attach a specially crafted USB device and cause information disclosure by leaking heap memory from the device, as described in multiple connected documents (upstream kernel note...