Lucene search

K

9874 matches found

CVE
CVE
added 2012/05/17 11:0 a.m.86 views

CVE-2012-1146

The mem_cgroup_usage_unregister_event function in mm/memcontrol.c in the Linux kernel before 3.2.10 does not properly handle multiple events that are attached to the same eventfd, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unsp...

5.5CVSS6.4AI score0.00097EPSS
CVE
CVE
added 2012/06/13 10:24 a.m.86 views

CVE-2012-2313

The rio_ioctl function in drivers/net/ethernet/dlink/dl2k.c in the Linux kernel before 3.3.7 does not restrict access to the SIOCSMIIREG command, which allows local users to write data to an Ethernet adapter via an ioctl call.

1.2CVSS5.5AI score0.00224EPSS
CVE
CVE
added 2012/12/21 11:47 a.m.86 views

CVE-2012-4508

Race condition in fs/ext4/extents.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from a deleted file by reading an extent that was not properly marked as uninitialized.

1.9CVSS5.3AI score0.00058EPSS
CVE
CVE
added 2013/02/28 7:55 p.m.86 views

CVE-2013-1763

Array index error in the __sock_diag_rcv_msg function in net/core/sock_diag.c in the Linux kernel before 3.7.10 allows local users to gain privileges via a large family value in a Netlink message.

7.2CVSS6.2AI score0.05507EPSS
CVE
CVE
added 2013/06/07 2:3 p.m.86 views

CVE-2013-2141

The do_tkill function in kernel/signal.c in the Linux kernel before 3.8.9 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via a crafted application that makes a (1) tkill or (2) tgkill system call.

2.1CVSS6.3AI score0.00028EPSS
CVE
CVE
added 2013/06/07 2:3 p.m.86 views

CVE-2013-2148

The fill_event_metadata function in fs/notify/fanotify/fanotify_user.c in the Linux kernel through 3.9.4 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a read operation on the fanotify descriptor.

2.1CVSS7.7AI score0.00081EPSS
CVE
CVE
added 2014/04/01 6:35 a.m.86 views

CVE-2014-2672

Race condition in the ath_tx_aggr_sleep function in drivers/net/wireless/ath/ath9k/xmit.c in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via a large amount of network traffic that triggers certain list deletions.

7.1CVSS6.5AI score0.00736EPSS
CVE
CVE
added 2015/01/02 9:59 p.m.86 views

CVE-2014-9428

The batadv_frag_merge_packets function in net/batman-adv/fragmentation.c in the B.A.T.M.A.N. implementation in the Linux kernel through 3.18.1 uses an incorrect length field during a calculation of an amount of memory, which allows remote attackers to cause a denial of service (mesh-node system cra...

7.8CVSS5.2AI score0.02949EPSS
CVE
CVE
added 2015/08/31 10:59 a.m.86 views

CVE-2015-5697

The get_bitmap_file function in drivers/md/md.c in the Linux kernel before 4.1.6 does not initialize a certain bitmap data structure, which allows local users to obtain sensitive information from kernel memory via a GET_BITMAP_FILE ioctl call.

2.1CVSS4.9AI score0.00067EPSS
CVE
CVE
added 2016/05/02 10:59 a.m.86 views

CVE-2015-8746

fs/nfs/nfs4proc.c in the NFS client in the Linux kernel before 4.2.2 does not properly initialize memory for migration recovery operations, which allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) via crafted network traffic.

7.5CVSS7.7AI score0.01868EPSS
CVE
CVE
added 2022/01/21 7:15 p.m.86 views

CVE-2021-4032

A vulnerability was found in the Linux kernel's KVM subsystem in arch/x86/kvm/lapic.c kvm_free_lapic when a failure allocation was detected. In this flaw the KVM subsystem may crash the kernel due to mishandling of memory errors that happens during VCPU construction, which allows an attacker with s...

4.9CVSS4.3AI score0.00047EPSS
CVE
CVE
added 2024/06/20 12:15 p.m.86 views

CVE-2021-4439

In the Linux kernel, the following vulnerability has been resolved: isdn: cpai: check ctr->cnr to avoid array index out of bound The cmtp_add_connection() would add a cmtp session to a controllerand run a kernel thread to process cmtp. __module_get(THIS_MODULE); session->task = kthread_run(cm...

7.8CVSS8.1AI score0.00014EPSS
CVE
CVE
added 2024/02/28 9:15 a.m.86 views

CVE-2021-46980

In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Retrieve all the PDOs instead of just the first 4 commit 4dbc6a4ef06d ("usb: typec: ucsi: save power data objectsin PD mode") introduced retrieval of the PDOs when connected to aPD-capable source. But only the fir...

7.1CVSS6.2AI score0.00023EPSS
CVE
CVE
added 2024/02/28 9:15 a.m.86 views

CVE-2021-46994

In the Linux kernel, the following vulnerability has been resolved: can: mcp251x: fix resume from sleep before interface was brought up Since 8ce8c0abcba3 the driver queues work via priv->restart_work whenresuming after suspend, even when the interface was not previouslyenabled. This causes a nu...

5.5CVSS6.4AI score0.00037EPSS
CVE
CVE
added 2024/02/29 11:15 p.m.86 views

CVE-2021-47020

In the Linux kernel, the following vulnerability has been resolved: soundwire: stream: fix memory leak in stream config error path When stream config is failed, master runtime will release allslave runtime in the slave_rt_list, but slave runtime is notadded to the list at this time. This patch free...

5.5CVSS6.4AI score0.00007EPSS
CVE
CVE
added 2024/02/28 9:15 a.m.86 views

CVE-2021-47039

In the Linux kernel, the following vulnerability has been resolved: ataflop: potential out of bounds in do_format() The function uses "type" as an array index: q = unit[drive].disk[type]->queue; Unfortunately the bounds check on "type" isn't done until later in thefunction. Fix this by moving th...

7.1CVSS6.5AI score0.00042EPSS
CVE
CVE
added 2024/02/29 11:15 p.m.86 views

CVE-2021-47064

In the Linux kernel, the following vulnerability has been resolved: mt76: fix potential DMA mapping leak With buf uninitialized in mt76_dma_tx_queue_skb_raw, its field skip_unmapcould potentially inherit a non-zero value from stack garbage.If this happens, it will cause DMA mappings for MCU command...

5.3CVSS5.1AI score0.00051EPSS
CVE
CVE
added 2024/03/04 6:15 p.m.86 views

CVE-2021-47082

In the Linux kernel, the following vulnerability has been resolved: tun: avoid double free in tun_free_netdev Avoid double free in tun_free_netdev() by moving thedev->tstats and tun->security allocs to a new ndo_init routine(tun_net_init()) that will be called by register_netdevice().ndo_init...

7.8CVSS6.3AI score0.00031EPSS
CVE
CVE
added 2024/03/15 9:15 p.m.86 views

CVE-2021-47131

In the Linux kernel, the following vulnerability has been resolved: net/tls: Fix use-after-free after the TLS device goes down and up When a netdev with active TLS offload goes down, tls_device_down iscalled to stop the offload and tear down the TLS context. However, thesocket stays alive, and it s...

7.8CVSS6.5AI score0.00017EPSS
CVE
CVE
added 2024/05/22 7:15 a.m.86 views

CVE-2021-47458

In the Linux kernel, the following vulnerability has been resolved: ocfs2: mount fails with buffer overflow in strlen Starting with kernel 5.11 built with CONFIG_FORTIFY_SOURCE mouting anocfs2 filesystem with either o2cb or pcmk cluster stack fails with thetrace below. Problem seems to be that stri...

7AI score0.00046EPSS
CVE
CVE
added 2022/02/18 6:15 p.m.86 views

CVE-2022-0646

A flaw use after free in the Linux kernel Management Component Transport Protocol (MCTP) subsystem was found in the way user triggers cancel_work_sync after the unregister_netdev during removing device. A local user could use this flaw to crash the system or escalate their privileges on the system....

7.8CVSS7.5AI score0.00136EPSS
CVE
CVE
added 2022/03/30 4:15 p.m.86 views

CVE-2022-0998

An integer overflow flaw was found in the Linux kernel’s virtio device driver code in the way a user triggers the vhost_vdpa_config_validate function. This flaw allows a local user to crash or potentially escalate their privileges on the system.

7.8CVSS7.5AI score0.00122EPSS
CVE
CVE
added 2022/12/14 9:15 p.m.86 views

CVE-2022-3113

An issue was discovered in the Linux kernel through 5.16-rc6. mtk_vcodec_fw_vpu_init in drivers/media/platform/mtk-vcodec/mtk_vcodec_fw_vpu.c lacks check of the return value of devm_kzalloc() and will cause the null pointer dereference.

5.5CVSS5.3AI score0.01251EPSS
CVE
CVE
added 2022/09/14 9:15 p.m.86 views

CVE-2022-40476

A null pointer dereference issue was discovered in fs/io_uring.c in the Linux kernel before 5.15.62. A local user could use this flaw to crash the system or potentially cause a denial of service.

5.5CVSS5AI score0.00048EPSS
CVE
CVE
added 2024/10/21 8:15 p.m.86 views

CVE-2022-48976

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable_offload: fix using __this_cpu_add in preemptible flow_offload_queue_work() can be called in workqueue withoutbh disabled, like the call trace showed in my act_ct testing,calling NF_FLOW_TABLE_STAT_INC() there w...

5.5CVSS5.9AI score0.00034EPSS
CVE
CVE
added 2025/02/26 7:0 a.m.86 views

CVE-2022-49142

In the Linux kernel, the following vulnerability has been resolved: net: preserve skb_end_offset() in skb_unclone_keeptruesize() syzbot found another way to trigger the infamous WARN_ON_ONCE(delta truesize value,we also need to make sure TCP wont fill new tailroomthat pskb_expand_head() was able to...

6.5AI score0.00057EPSS
CVE
CVE
added 2025/02/26 7:0 a.m.86 views

CVE-2022-49228

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a btf decl_tag bug when tagging a function syzbot reported a btf decl_tag bug with stack trace below: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASANKASAN: null-...

5.3AI score0.00039EPSS
CVE
CVE
added 2025/02/26 7:1 a.m.86 views

CVE-2022-49238

In the Linux kernel, the following vulnerability has been resolved: ath11k: free peer for station when disconnect from AP for QCA6390/WCN6855 Commit b4a0f54156ac ("ath11k: move peer delete after vdev stop of stationfor QCA6390 and WCN6855") is to fix firmware crash by changing the WMIcommand sequen...

7.8CVSS5.5AI score0.00032EPSS
CVE
CVE
added 2025/02/26 7:1 a.m.86 views

CVE-2022-49314

In the Linux kernel, the following vulnerability has been resolved: tty: Fix a possible resource leak in icom_probe When pci_read_config_dword failed, call pci_release_regions() andpci_disable_device() to recycle the resource previously allocated.

5.5CVSS6.4AI score0.00023EPSS
CVE
CVE
added 2025/02/26 7:1 a.m.86 views

CVE-2022-49334

In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: Fix xarray node memory leak If xas_split_alloc() fails to allocate the necessary nodes to complete thexarray entry split, it sets the xa_state to -ENOMEM, which xas_nomem()then interprets as "Please allocate more me...

5.5CVSS5.4AI score0.00022EPSS
CVE
CVE
added 2025/02/26 7:1 a.m.86 views

CVE-2022-49395

In the Linux kernel, the following vulnerability has been resolved: um: Fix out-of-bounds read in LDT setup syscall_stub_data() expects the data_count parameter to be the number oflongs, not bytes. ==================================================================BUG: KASAN: stack-out-of-bounds in ...

7.1CVSS5.3AI score0.00024EPSS
CVE
CVE
added 2025/02/26 7:1 a.m.86 views

CVE-2022-49408

In the Linux kernel, the following vulnerability has been resolved: ext4: fix memory leak in parse_apply_sb_mount_options() If processing the on-disk mount options fails after any memory wasallocated in the ext4_fs_context, e.g. s_qf_names, then this memory isleaked. Fix this by calling ext4_fc_fre...

5.5CVSS5.4AI score0.0004EPSS
CVE
CVE
added 2025/05/01 3:16 p.m.86 views

CVE-2022-49872

In the Linux kernel, the following vulnerability has been resolved: net: gso: fix panic on frag_list with mixed head alloc types Since commit 3dcbdb134f32 ("net: gso: Fix skb_segment splat whensplitting gso_size mangled skb having linear-headed frag_list"), it isallowed to change gso_size of a GRO ...

6.5AI score0.00036EPSS
CVE
CVE
added 2024/01/11 7:15 p.m.86 views

CVE-2023-51781

An issue was discovered in the Linux kernel before 6.6.8. atalk_ioctl in net/appletalk/ddp.c has a use-after-free because of an atalk_recvmsg race condition.

7CVSS6.8AI score0.00018EPSS
CVE
CVE
added 2024/03/06 7:15 a.m.86 views

CVE-2023-52590

In the Linux kernel, the following vulnerability has been resolved: ocfs2: Avoid touching renamed directory if parent does not change The VFS will not be locking moved directory if its parent does notchange. Change ocfs2 rename code to avoid touching renamed directory ifits parent does not change a...

5.5CVSS6.5AI score0.00007EPSS
CVE
CVE
added 2024/04/02 7:15 a.m.86 views

CVE-2023-52631

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix an NULL dereference bug The issue here is when this is called from ntfs_load_attr_list(). The"size" comes from le32_to_cpu(attr->res.data_size) so it can't overflowon a 64bit systems but on 32bit systems the "+ 102...

5.5CVSS6.3AI score0.00018EPSS
CVE
CVE
added 2024/05/17 2:15 p.m.86 views

CVE-2023-52670

In the Linux kernel, the following vulnerability has been resolved: rpmsg: virtio: Free driver_override when rpmsg_remove() Free driver_override when rpmsg_remove(), otherwisethe following memory leak will occur: unreferenced object 0xffff0000d55d7080 (size 128):comm "kworker/u8:2", pid 56, jiffies...

6.6CVSS6.7AI score0.0002EPSS
CVE
CVE
added 2025/05/02 4:15 p.m.86 views

CVE-2023-53056

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Synchronize the IOCB count to be in order A system hang was observed with the following call trace: BUG: kernel NULL pointer dereference, address: 0000000000000000PGD 0 P4D 0Oops: 0000 [#1] PREEMPT SMP NOPTICPU: 15 P...

6.6AI score0.00026EPSS
CVE
CVE
added 2025/05/10 3:15 p.m.86 views

CVE-2023-53145

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition In btsdio_probe, the data->work is bound with btsdio_work. It will bestarted in btsdio_send_frame. If the btsdio_remove runs with a unfinished work...

6.5AI score0.00036EPSS
CVE
CVE
added 2024/04/17 10:15 a.m.86 views

CVE-2024-26842

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix shift issue in ufshcd_clear_cmd() When task_tag >= 32 (in MCQ mode) and sizeof(unsigned int) == 4, 1U <<task_tag will out of bounds for a u32 mask. Fix this up to preventSHIFT_ISSUE (bitwise shifts tha...

7.8CVSS6.6AI score0.00015EPSS
CVE
CVE
added 2024/05/20 10:15 a.m.86 views

CVE-2024-35999

In the Linux kernel, the following vulnerability has been resolved: smb3: missing lock when picking channel Coverity spotted a place where we should have been holding thechannel lock when accessing the ses channel index. Addresses-Coverity: 1582039 ("Data race condition (MISSING_LOCK)")

5.5CVSS6.8AI score0.00026EPSS
CVE
CVE
added 2024/07/10 8:15 a.m.86 views

CVE-2024-39490

In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix missing sk_buff release in seg6_input_core The seg6_input() function is responsible for adding the SRH into apacket, delegating the operation to the seg6_input_core(). This functionuses the skb_cow_head() to ensure th...

6.2CVSS7.5AI score0.00136EPSS
CVE
CVE
added 2024/08/14 3:15 p.m.86 views

CVE-2024-42259

In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: Fix Virtual Memory mapping boundaries calculation Calculating the size of the mapped area as the lesser valuebetween the requested size and the actual size does not considerthe partial mapping offset. This can cause p...

5.5CVSS6.5AI score0.00072EPSS
CVE
CVE
added 2025/01/11 1:15 p.m.86 views

CVE-2024-43098

In the Linux kernel, the following vulnerability has been resolved: i3c: Use i3cdev->desc->info instead of calling i3c_device_get_info() to avoid deadlock A deadlock may happen since the i3c_master_register() acquires&i3cbus->lock twice. See the log below.Use i3cdev->desc->info inste...

5.5CVSS6.6AI score0.00029EPSS
CVE
CVE
added 2024/09/27 1:15 p.m.86 views

CVE-2024-46814

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check msg_id before processing transcation [WHY & HOW]HDCP_MESSAGE_ID_INVALID (-1) is not a valid msg_id nor is it a validarray index, and it needs checking before used. This fixes 4 OVERRUN issues reported by Cove...

7.8CVSS7.3AI score0.00055EPSS
CVE
CVE
added 2024/10/21 12:15 p.m.86 views

CVE-2024-47709

In the Linux kernel, the following vulnerability has been resolved: can: bcm: Clear bo->bcm_proc_read after remove_proc_entry(). syzbot reported a warning in bcm_release(). [0] The blamed change fixed another warning that is triggered whenconnect() is issued again for a socket whose connect()ed ...

5.5CVSS6.8AI score0.00043EPSS
CVE
CVE
added 2024/10/21 1:15 p.m.86 views

CVE-2024-49850

In the Linux kernel, the following vulnerability has been resolved: bpf: correctly handle malformed BPF_CORE_TYPE_ID_LOCAL relos In case of malformed relocation record of kind BPF_CORE_TYPE_ID_LOCALreferencing a non-existing BTF type, function bpf_core_calc_relo_insnwould cause a null pointer defer...

5.5CVSS5.2AI score0.00045EPSS
CVE
CVE
added 2024/10/21 6:15 p.m.86 views

CVE-2024-49879

In the Linux kernel, the following vulnerability has been resolved: drm: omapdrm: Add missing check for alloc_ordered_workqueue As it may return NULL pointer and cause NULL pointer dereference. Add checkfor the return value of alloc_ordered_workqueue.

5.5CVSS7AI score0.00045EPSS
CVE
CVE
added 2024/10/21 6:15 p.m.86 views

CVE-2024-49904

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: add list empty check to avoid null pointer issue Add list empty check to avoid null pointer issues in some corner cases. list_for_each_entry_safe()

5.5CVSS5.6AI score0.00037EPSS
CVE
CVE
added 2024/10/21 6:15 p.m.86 views

CVE-2024-49971

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Increase array size of dummy_boolean [WHY]dml2_core_shared_mode_support and dml_core_mode_support access the thirdelement of dummy_boolean, i.e. hw_debug5 = &s->dummy_boolean[2], whendummy_boolean has size of 2....

5.5CVSS5.3AI score0.00044EPSS
Total number of security vulnerabilities9874