Lucene search
K

74 matches found

CVE
CVE
added 2022/10/17 12:0 a.m.128 views

CVE-2022-3534

CVE-2022-3534 affects the libbpf component (function btf_dump_name_dups in tools/lib/bpf/btf_dump.c) with a use-after-free in Linux kernel/libbpf. Debian and other sources report a patch and version bumps: Debian DLA fixes libbpf to 0.3-2+deb11u1 (and related packages), and ALT Linux notes a fix ...

8CVSS6.4AI score0.00535EPSS
CVE
CVE
added 2023/11/21 8:21 p.m.127 views

CVE-2023-6238

CVE-2023-6238 affects the Linux kernel NVMe driver. A buffer overflow allows a privileged user to provide a small meta buffer and trigger a larger DMA into that same buffer, overwriting unrelated kernel memory and causing random kernel crashes/memory corruption. The vulnerability is locally explo...

6.7CVSS7.5AI score0.0029EPSS
CVE
CVE
added 2022/08/29 2:3 p.m.123 views

CVE-2022-0400

The CVE-2022-0400 entry concerns an out-of-bounds read in the Linux kernel’s SMC protocol stack that can enable remote denial of service. Connected sources (NVD, OSV, Debian-related OSV entries) confirm the affected component and impact but do not provide a patched version or explicit remediation...

7.5CVSS7.4AI score0.01222EPSS
CVE
CVE
added 2023/11/01 7:5 p.m.121 views

CVE-2023-3397

CVE-2023-3397 is a race between lmLogClose and txEnd in the Linux kernel’s JFS, allowing a local attacker to crash the system or leak kernel info. Connected entries show Root:Debian-13, -11, -12 patches for rootio-linux with multiple fixed versions; patches indicate remediation has been applied i...

7CVSS6.2AI score0.0021EPSS
CVE
CVE
added 2018/07/16 8:0 p.m.115 views

CVE-2018-10840

CVE-2018-10840 describes a heap-based buffer overflow in the Linux kernel’s ext4 xattr handling: fs/ext4/xattr.c:ext4_xattr_set_entry(). An attacker could exploit this by operating on a mounted crafted ext4 image, potentially leading to kernel memory corruption. Connected feeds confirm multiple v...

7.2CVSS7.8AI score0.0067EPSS
CVE
CVE
added 2022/08/23 3:51 p.m.109 views

CVE-2021-3714

CVE-2021-3714 (Linux kernel) affects the kernel’s memory deduplication mechanism. The connected sources describe a local-exploitation style attack where an adversary can upload page-sized files and observe access-time changes from a networked service to infer whether pages have been merged. This ...

5.9CVSS5.8AI score0.01095EPSS
CVE
CVE
added 2024/08/21 6:10 a.m.107 views

CVE-2023-52904

CVE-2023-52904 refers to a Linux kernel ALSA usb-audio vulnerability where snd_usb_pcm_has_fixed_rate() can dereference a NULL subs function argument. The root cause is using the subs argument before a NULL check, leading to an eventual NULL pointer dereference. Exploitation context is local (per...

5.5CVSS6.5AI score0.00255EPSS
CVE
CVE
added 2022/09/01 8:1 p.m.103 views

CVE-2022-2308

CVE-2022-2308 describes a vulnerability in the Linux kernel’s vDPA with the VDUSE backend. The VDUSE kernel driver does not validate that the device config space size matches the features advertised by the VDUSE userspace app, causing Virtio config read helpers to pass uninitialized memory to vdu...

6.5CVSS6.8AI score0.00225EPSS
CVE
CVE
added 2006/08/23 7:0 p.m.102 views

CVE-2006-2932

CVE-2006-2932 is a regression in the restore_all code path of the 4/4GB split support for non-hugemem kernels in Red Hat Enterprise Linux 4 (Desktop/Enterprise) that allows a local user to cause a denial of service (panic) via unspecified vectors. The issue is documented in Red Hat advisories RHS...

4.9CVSS7.3AI score0.00384EPSS
CVE
CVE
added 2022/10/21 12:0 a.m.102 views

CVE-2022-3633

CVE-2022-3633 affects the Linux kernel, specifically the function j1939_session_destroy in net/can/j1939/transport.c. The issue is a memory leak caused by the manipulation of this routine. Multiple connected sources (e.g., Chainguard security.json entry, Astra Linux bulletin, CNVD/CNNVD entries, ...

3.5CVSS5.9AI score0.00299EPSS
CVE
CVE
added 2022/08/31 3:32 p.m.98 views

CVE-2022-1247

CVE-2022-1247 affects the Linux kernel, specifically the rose driver. The issue is a race condition in rose_connect() where the driver tracks usage with rose_neigh->use. When deleting a rose_route via rose_ioctl(), the driver calls rose_del_node() and only removes neighbours if both their coun...

7CVSS6.9AI score0.00258EPSS
CVE
CVE
added 2018/10/26 5:0 p.m.97 views

CVE-2018-6559

CVE-2018-6559 affects the Linux kernel overlayfs in Ubuntu 18.04/18.10. The vulnerability arises when mapping directory contents permissions inside nested user namespaces; a local attacker could exploit this to reveal names of files they would not normally access, bypassing some access controls. ...

3.3CVSS4.5AI score0.00532EPSS
CVE
CVE
added 2024/11/18 9:53 a.m.97 views

CVE-2023-39180

CVE-2023-39180 affects the Linux kernel ksmbd module. The root cause is improper memory release after the memory’s lifetime in SMB2_READ handling, enabling a network-based DoS without authentication on systems with ksmbd enabled. Public details confirm impact as denial-of-service; no vendor patch...

7.5CVSS3.9AI score0.01381EPSS
CVE
CVE
added 2023/05/26 12:0 a.m.95 views

CVE-2023-2898

CVE-2023-2898 is a Linux kernel vulnerability: a null-pointer dereference in f2fs_write_end_io (fs/f2fs/data.c) can be triggered by a local, privileged user to cause a denial of service. Public documentation confirms this flaw and ties it to the f2fs filesystem on the Linux kernel, with advisorie...

4.7CVSS5.9AI score0.00197EPSS
CVE
CVE
added 2022/07/22 12:0 a.m.87 views

CVE-2022-2327

CVE-2022-2327 affects the Linux kernel io_uring path: use of work_flags to determine identity for IORING_OP may cause missing types, leading to incorrect reference counts and a double free. The primary public advisory notes the root cause is in the kernel io_uring identity handling and recommends...

7.8CVSS7.3AI score0.00263EPSS
CVE
CVE
added 2021/05/27 12:28 p.m.83 views

CVE-2008-2544

CVE-2008-2544 describes a local bypass where mounting the /proc filesystem inside a chroot can occur in read-write mode, allowing a user to bypass the chroot and gain write access to files they would not normally access. The connected documents reiterate the same description but do not provide pr...

5.5CVSS6.3AI score0.00303EPSS
CVE
CVE
added 2024/11/18 9:51 a.m.83 views

CVE-2023-39179

CVE-2023-39179 affects the Linux kernel ksmbd module and is triggered by SMB2 read requests. The vulnerability arises from insufficient validation of user-supplied data, allowing a read past the end of an allocated buffer. Impact is potential disclosure of sensitive information on affected system...

7.5CVSS7AI score0.01095EPSS
CVE
CVE
added 2022/08/24 3:8 p.m.82 views

CVE-2021-4218

CVE-2021-4218 concerns a flaw in the Linux kernel related to reading the SVC RDMA counters. The vulnerability occurs when a local attacker with access triggers reading the counter via a sysctl, which panics the system and can cause a denial of service during reboot. The issue is described as spec...

5.5CVSS5AI score0.00294EPSS
CVE
CVE
added 2007/05/18 10:0 p.m.79 views

CVE-2007-2764

The CVE-2007-2764 entry concerns the embedded Linux kernel in certain Sun-Brocade SilkWorm switches prior to 20070516. The issue arises when a non-root user creates a kernel process, which can lead to a denial of service (kernel oops) and device reboot via unspecified vectors. The NVD entry assig...

7.8CVSS6.4AI score0.02401EPSS
CVE
CVE
added 2017/06/19 4:0 p.m.78 views

CVE-2017-1000377

CVE-2017-1000377 concerns a vulnerability in PAX Linux where the default stack guard page is too small and can be bypassed, allowing a bypass of stack protections. The core details indicate this affects PAX Linux kernel versions as of 19 June 2017, originally from GRSecurity and shipped by other ...

5.9CVSS5.6AI score0.00388EPSS
CVE
CVE
added 2022/10/21 12:0 a.m.78 views

CVE-2022-3636

CVE-2022-3636 is a Linux kernel vulnerability affecting the function __mtk_ppe_check_skb in drivers/net/ethernet/mediatek/mtk_ppe.c (Ethernet Handler). The issue is a use-after-free in the MTK PPE path, leading to potential corruption or crash. A patch is recommended to fix the issue. The vulnera...

7.8CVSS6.2AI score0.00325EPSS
CVE
CVE
added 2024/11/18 9:50 a.m.68 views

CVE-2023-39176

CVE-2023-39176 concerns the ksmbd kernel module in Linux, where parsing of SMB2 transform-header requests allows reading past the end of an allocated buffer. This results in information disclosure on affected systems with ksmbd enabled. Public sources in the connected documents consistently descr...

7.5CVSS5AI score0.00663EPSS
CVE
CVE
added 2022/10/21 12:0 a.m.57 views

CVE-2022-3630

The CVE-2022-3630 entry concerns the Linux kernel, specifically the fs/fscache/cookie.c component used by IPsec. The vulnerability is described as a memory leak resulting from a manipulation in that code path. A patch is recommended to fix the issue, and the vulnerability is associated with VDB-2...

5.5CVSS4.5AI score0.00246EPSS
CVE
CVE
added 2022/10/21 12:0 a.m.49 views

CVE-2022-3624

CVE-2022-3624 affects the Linux kernel, specifically the function rlb_arp_xmit in drivers/net/bonding/bond_alb.c of the IPsec component. The issue is described as a memory leak due to a manipulation in rlb_arp_xmit. A patch is recommended to fix this vulnerability. The provided connected sources ...

3.5CVSS3.6AI score0.00248EPSS
Total number of security vulnerabilities74