2330 matches found
CVE-2020-26088
CVE-2020-26088 affects the Linux kernel up to version 5.8.2, where a missing CAP_NET_RAW check in NFC socket creation (net/nfc/rawsock.c) could let a local attacker create raw sockets and bypass security mechanisms. This is demonstrated in multiple Nessus advisories (Unity Linux/OpenSUSE/EulerOS ...
CVE-2022-26966
CVE-2022-26966 affects the Linux kernel up to 5.16.12, via the drivers/net/usb/sr9700.c component. A local attacker can attach a specially crafted USB device and cause information disclosure by leaking heap memory from the device, as described in multiple connected documents (upstream kernel note...
CVE-2023-45863
The CVE-2023-45863 issue affects the Linux kernel prior to 6.2.3 and is triggered by a race condition in lib/kobject.c that causes a fill_kobj_path out-of-bounds write when run with root privileges. Public sources in connected documents (Astra Linux bulletin and IBM advisories) describe the same ...
CVE-2024-50134
CVE-2024-50134 affects the Linux kernel driver drm/vboxvideo (vbva_mouse_pointer_shape). The issue stems from a fake VLA at the end of vbva_mouse_pointer_shape triggering a field-spanning memcpy write in hgsmi_base.c:154. The patch replaces the fake VLA with a real VLA to fix the warning and pote...
CVE-2020-10781
CVE-2020-10781 affects the Linux kernel ZRAM module: a local attacker who can read /sys/class/zram-control/hot_add can create ZRAM device nodes in /dev, and repeated reads can allocated memory and trigger OOM killer, potentially making the system inoperable. Connected advisories (e.g., ALAS2KERNE...
CVE-2022-33981
CVE-2022-33981 affects the Linux kernel’s floppy driver (drivers/block/floppy.c) up to version 5.17.6. The issue is a concurrency use-after-free after deallocating raw_cmd in the raw_cmd_ioctl function, leading to a local denial-of-service. Public documents confirm the vulnerable code path and th...
CVE-2020-35508
CVE-2020-35508 is a Linux kernel issue describing a race condition and incorrect initialization of the child/parent process ID handling when filtering signal handlers. The flaw permits a local attacker to bypass checks and send signals to a privileged process. Multiple Nessus/MiracleLinux Unity a...
CVE-2020-36558
CVE-2020-36558 refers to a race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX that can cause a NULL pointer dereference and a general protection fault. The vulnerability is triggered locally within the kernel, with impact described as high availability risk if exploited, and the...
CVE-2023-2162
Astra Linux security bulletin mirrors CVE-2023-2162, documenting a use-after-free in Linux kernel (iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c) that could allow a local attacker to leak kernel internal information. The Astra Linux entry identifies the affected kernel subcomponent (SCS...
CVE-2023-6915
CVE-2023-6915 is a NULL pointer dereference in ida_free() within lib/idr.c of the Linux kernel leading to potential denial of service. Connected advisories show affected kernels across distributions: Astra Linux lists linux-5.10, 5.15, 6.1; CloudLinux notes ida_free in kernel (CVE-2023-6915) for ...
CVE-2024-56785
CVE-2024-56785 affects the Linux kernel lifecycle on MIPS Loongson64 platforms (ls7a). The issue centers on DTS/PCIe port node handling: incorrect PCIe port node definitions in ls7a DTS files caused dtc/interpreter warnings and a runtime warning related to address-cell/interrupt-provider mappings...
CVE-2017-18203
The vulnerability CVE-2017-18203 affects the Linux kernel in the DM (device-mapper) path: dm_get_from_kobject() in drivers/md/dm.c is vulnerable to a race with __dm_destroy during creation/removal of DM devices. Exploitation from a local attacker could cause a Denial of Service. Affected are kern...
CVE-2017-18208
CVE-2017-18208 affects the Linux kernel prior to 4.14.4. The vulnerability lies in the MADVISE_WILLNEED handling in mm/madvise.c, where triggering MADVISE_WILLNEED for a DAX mapping allows a local attacker to cause a denial of service via an infinite loop. The issue is local in scope and is tied ...
CVE-2021-28715
CVE-2021-28715 concerns the Linux kernel netback driver in Xen guests. The Xen netback path buffers incoming guest data until the guest processes it, and although there are safeguards to limit buffering, an attacker running in a guest can bypass them. Specifically, when using UDP on a fast interf...
CVE-2017-7645
The CVE-2017-7645 issue affects the Linux kernel NFSv2/v3 server (nfsd) and is triggered by processing long RPC replies. The root cause is an out-of-bounds memory access in the NFS server paths (net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, fs/nfsd/nfsxdr.c) that can lead to a system crash (DoS). Affected...
CVE-2019-19528
CVE-2019-19528: Linux kernel pre-5.3.7 contains a use-after-free in the iowarrior USB driver (drivers/usb/misc/iowarrior.c) triggered by a malicious USB device. Public advisories (MiracleLinux AXSA:2021-2148:12 and Unity Linux UTSA references) confirm this CVE and map it to kernel builds up to 5....
CVE-2022-3303
CVE-2022-3303 is a race-condition vulnerability in the Linux kernel sound subsystem (SNDCTL_DSP_SYNC ioctl) that can cause a NULL pointer dereference and denial of service via a locally privileged user. The issue affects the Linux kernel’s sound code path and can crash the system, potentially ena...
CVE-2023-3161
CVE-2023-3161 : Linux Kernel fbcon has a shift-out-of-bounds in fbcon_set_font when font->width/height > 32, causing undefined behavior and potential denial of service. Connected documents corroborate the same fbcon font handling issue in the Linux kernel. The Astra Linux bulletin mentions ...
CVE-2024-41013
CVE-2024-41013 : The Linux kernel vulnerability in xfs: don't walk off the end of a directory data block has been fixed. The issue was caused by insufficient bounds checks for xfs_dir2_data_unused and xfs_dir2_data_entry, which could allow an out-of-bounds read during directory traversal if a cra...
CVE-2023-1079
The CVE-2023-1079 issue is a Linux kernel use-after-free involving asus_kbd_backlight_set. A malicious USB device advertising as an Asus device can trigger a use-after-free through the LED controller, when the device is disconnecting, which may schedule a work_struct and free the struct asus_kbd_...
CVE-2024-43902
CVE-2024-43902 is a Linux kernel vulnerability in drm/amd/display where a null pointer could be dereferenced. The fix adds a null checker before passing variables to functions, addressing three NULL_RETURNS issues reported by Coverity. Connected documents confirm the root cause and the remediatio...
CVE-2019-3901
CVE-2019-3901 describes a race condition in perf_event_open() that can leak data from setuid processes. The root cause is that cred_guard_mutex is not held during the ptrace_may_access() check, allowing a target task to execve() with setuid execution before perf_event_alloc() attaches, bypassing ...
CVE-2023-52594
CVE-2023-52594 (Linux kernel) involves a potential array-index-out-of-bounds read in the ath9k_htc_txstatus() path of the wifi/ath9k driver. The issue occurs when txs->cnt (data from a URB from a USB device) exceeds HTC_MAX_TX_STATUS (12); UBSAN reports index 13 out of range. The code path lac...
CVE-2023-3268
CVE-2023-3268 : An out-of-bounds memory access in Linux kernel relayfs (relay_file_read_start_pos in kernel/relay.c) could allow a local attacker to crash the system or leak kernel information. Connected advisories confirm this vulnerability and its remediation in multiple kernels: CloudLinux not...
CVE-2023-52595
CVE-2023-52595 is reported in MiracleLinux advisories as affecting MiracleLinux 8 with kernel 4.18.0-553.5.1.el8_10 (AXSA:2024-8481:17). The issue is in wifi: rt2x00: restart beacon queue when hardware reset, where a hardware reset can deadlock the beacon queue if mac80211 does not stop queues, p...
CVE-2017-9076
CVE-2017-9076 is a Linux kernel issue reported in the CentOS/Red Hat advisory set (CESA-2018:1854) tied to the IPv6 DCCP implementation. The vulnerability arises from mishandling of inheritance in the IPv6 DCCP code, allowing a local attacker to cause a denial of service or possibly other unspeci...
CVE-2022-1263
CVE-2022-1263 is a Linux kernel KVM NULL pointer dereference bug that triggers when releasing a vCPU with dirty ring support enabled. An unprivileged local attacker on the host can issue specific ioctl calls to cause a kernel oops and DoS. Public advisories (e.g., Amazon Linux 2 ALAS2KERNEL-5.15-...
CVE-2020-14416
CVE-2020-14416 is a Linux kernel issue fixed in 5.4.16. A race condition in tty->disc_data handling for slip and slcan line disciplines can cause a use-after-free, affecting drivers/net/slip/slip.c and drivers/net/can/slcan.c. The connected Nessus advisories reproduce the vulnerability across ...
CVE-2022-42329
CVE-2022-42329 concerns the Linux xen-netback driver. The description shows a potential deadlock when freeing the SKB of a dropped packet under the XSA-392 handling (also tied to CVE-2022-42328) and also when dropping packets if netpoll is active on the connected interface, risking a deadlock in ...
CVE-2015-9289
Mode C: CVE-2015-9289 affects the Linux kernel (drivers/media/dvb-frontends/cx24116.c). A buffer overflow can occur when validating userspace parameters for DiSEqC commands: the API specifies a maximum of 6, but code accepts values up to 23. This is in kernels before 4.1.4; the fix is in Linux 4....
CVE-2017-18216
CVE-2017-18216 affects the Linux kernel's OCFS2 nodemanager.c: a required mutex is not used, enabling local attackers to trigger a NULL pointer dereference/BUG and cause denial of service. The issue exists in kernel versions before 4.15. Exploitation is local; no remote vector noted in the provid...
CVE-2017-9075
CVE-2017-9075 affects the Linux kernel network subsystem: the sctp_v6_create_accept_sk function in net/sctp/ipv6.c mishandles inheritance, enabling a local attacker to cause a denial of service (and possibly other effects) via crafted system calls. Connected CentOS Red Hat advisories (e.g., CESA/...
CVE-2018-18690
CVE-2018-18690 pertains to the Linux kernel before 4.17 where a local attacker able to set attributes on an xfs filesystem could render the filesystem non-operational until remount by triggering an unchecked error during an xfs attribute change. The root cause is mishandling of ATTR_REPLACE in xf...
CVE-2019-15222
CVE-2019-15222 entry is rejected/not used and not an active vulnerability.
CVE-2022-25375
CVE-2022-25375 affects the Linux kernel rndis gadget: the RNDIS_MSG_SET size is not validated, allowing information disclosure from kernel memory. Affected: kernels prior to 5.16.10. Remediation: apply upstream patch in 5.16.10+; Debian advisories note fixes in stable branches (e.g., 5.10.x/Bulls...
CVE-2023-52827
CVE-2023-52827 concerns the Linux kernel’s wifi ath12k code. The issue is a potential out-of-bounds read in ath12k_htt_pull_ppdu_stats(), caused by len being extracted from an HTT message without sufficient validation; an unexpected value could occur during message iteration/parsing. The same ris...
CVE-2023-52918
CVE-2023-52918 – Linux kernel (media: pci: cx23885) The vulnerability concerns the cx23885 video device initialization in the Linux kernel’s media: pci subsystem. cx23885_vdev_init() can return a NULL pointer, but the caller previously used that pointer without checking it. The fix adds a NULL po...
CVE-2017-18241
CVE-2017-18241 affects Linux kernel fs/f2fs/segment.c prior to 4.13. Local users can cause a denial of service via a NULL pointer dereference in a flush_cmd_control when using the noflush_merge option, leading to a panic. No exploitation details are provided in the documents. Remediation: upgrade...
CVE-2019-19080
CVE-2019-19080 affects the Linux kernel (pre-5.3.4). The issue consists of four memory leaks in nfp_flower_spawn_phy_reprs() in drivers/net/ethernet/netronome/nfp/flower/main.c, leading to potential memory consumption and a denial of service. The public references confirm the vulnerable function ...
CVE-2022-1195
CVE-2022-1195 describes a use-after-free in the Linux kernel driver for hamradio (drivers/net/hamradio), specifically involving the mkiss and sixpack paths. The flaw allows a local attacker with user privileges to trigger a denial of service when the mkiss/sixpack device is detached and resources...
CVE-2023-0458
CVE-2023-0458 describes a speculative pointer dereference in the Linux kernel’s do_prlimit() path. The vulnerable path uses a controlled resource argument in pointer arithmetic for the rl im variable, enabling leakage of kernel contents when exploited. The Astra Linux security bulletin corroborat...
CVE-2024-56551
Summary (CVE-2024-56551) : In the Linux kernel, the drm/amdgpu driver fixes a use-after-free in the slab allocator. The vulnerability is triggered by a use-after-free in the GPU scheduling path, specifically involving drm_sched_entity_flush, where a 8-byte read could occur after an object had bee...
CVE-2021-3659
CVE-2021-3659 is a local NULL pointer dereference in the Linux kernel’s IEEE 802.15.4 LR-WPAN subsystem. The specific code path cited in connected sources is a NULL pointer dereference in llsec_key_alloc() within net/mac802154/llsec.c, which can be triggered during LR-WPAN connection closure and ...
CVE-2018-6554
CVE-2018-6554 describes a memory leak in the Linux kernel’s irda_bind path (net/irda/af_irda.c and later staging/irda/net/af_irda.c). A local user can cause memory exhaustion by repeatedly binding an AF_IRDA socket, leading to denial of service. The vulnerability exists in kernels prior to 4.17 a...
CVE-2024-56782
Technical details about CVE-2024-56782 are not provided in the supplied documents. The materials reference the patch description but do not include product/version/impact specifics or exploitation context.
CVE-2017-7518
CVE-2017-7518: In the Linux kernel before 4.12, the KVM module mishandles the trap-flag TF in EFLAGS during syscall emulation, causing a debug exception (#DB) on the guest stack. This could allow a user/process inside a guest to escalate privileges within the guest (Linux guests only; host kernel...
CVE-2019-19083
CVE-2019-19083: In Linux kernel before 5.3.8, memory leaks in clock_source_create() under drivers/gpu/drm/amd/display/dc can cause memory exhaustion and DoS. Affects dce112_clock_source_create(), dce100_clock_source_create(), dcn10_clock_source_create(), dcn20_clock_source_create(), dce120_clock_...
CVE-2022-49610
The CVE-2022-49610 entry concerns the Linux kernel KVM VMX path. The vulnerability description states a theoretical RSB underflow could occur on VMX when there is a gap between the guest SPEC_CTRL write and vmenter, potentially triggered by an NMI with a deep call stack. The mitigation is to disa...
CVE-2021-29646
CVE-2021-29646 involves the Linux kernel, where the function tipc_nl_retrieve_key in net/tipc/node.c shows insufficient validation of data sizes. Connected docs confirm concrete details: affected component is the kernel tipc subsystem, with a fix implemented in kernel 5.11.11 (and Fedora/Mariner ...
CVE-2023-6932
CVE-2023-6932 is a Linux kernel vulnerability affecting the ipv4: igmp component. The issue is described as a use-after-free condition with a race that can cause a timer to be registered on an RCU read-locked object that is freed by another thread, enabling local privilege escalation. Connected d...