Lucene search
K
LinuxLinux Kernel3.16

54 matches found

CVE
CVE
added 2024/02/29 3:52 p.m.8256 views

CVE-2023-52488

CVE-2023-52488 concerns the Linux kernel driver for SC16IS7XX UARTs. In burst mode, the SC16IS7XX can read/write FIFO data with an initial register address, and regmap_raw_read()/regmap_raw_write() do not increment the register in this path. This could corrupt the regmap cache when multi-byte tra...

5.5CVSS6.2AI score0.00289EPSS
CVE
CVE
added 2024/05/01 5:19 a.m.3992 views

CVE-2024-26961

CVE-2024-26961 affects the Linux kernel, related to mac802154_llsec_key_del freeing key resources outside the required RCU grace period. The issue can lead to a use-after-free when llsec_lookup_key() traverses the key list in parallel with a deletion. The provided connected documents describe the...

7.8CVSS6.3AI score0.00239EPSS
CVE
CVE
added 2024/12/17 3:55 p.m.3044 views

CVE-2024-53144

CVE-2024-53144 corresponds to a Linux kernel Bluetooth issue: “Bluetooth: hci_event: Align BR/EDR JUST_WORKS pairing with LE” which aligns BR/EDR JUST_WORKS with LE and interacts with policy that now requires user confirmation. Connected items show concrete detail for CVE-2024-8805 (BlueZ HID ove...

5.5CVSS6.6AI score0.00256EPSS
CVE
CVE
added 2025/01/19 11:52 a.m.2331 views

CVE-2024-57904

CVE-2024-57904 affects the Linux kernel’s IIO subsystem for at91: the at91_ts_register path frees the wrong object during error handling. The code currently calls input_free_device() on st->ts_input, but the err path can run before iio_dev is assigned to st->ts_input. The fix is to call inp...

7.8CVSS6.3AI score0.0023EPSS
CVE
CVE
added 2024/02/25 2:3 p.m.1134 views

CVE-2022-48626

CVE-2022-48626 affects the Linux kernel moxart MMC host driver. A use-after-free occurs when the mmc host structure is accessed after being freed in moxart_remove(). The fix saves the device’s base register and uses it instead of dereferencing the freed pointer. Connected sources confirm this is ...

7.8CVSS7.4AI score0.0031EPSS
CVE
CVE
added 2021/07/20 6:1 p.m.801 views

CVE-2021-33909

CVE-2021-33909 affects the Linux kernel’s filesystem layer (fs/seq_file.c) across 3.16–5.13.x, with fixed releases in 5.13.4 and via patches noted in downstream advisories. The root cause is a size_t-to-int conversion that permits an integer overflow during seq buffer allocations, enabling an Out...

7.8CVSS7.9AI score0.09729EPSS
CVE
CVE
added 2018/07/06 2:0 p.m.658 views

CVE-2018-13405

CVE-2018-13405 involves the Linux kernel inode_init_owner() logic where, in a scenario with an SGID directory and a writably user who is not in that group, a local user could create a plain file with the SGID group ownership and executable bits, effectively escalating privileges. Connected docume...

7.8CVSS6.5AI score0.0101EPSS
CVE
CVE
added 2019/09/19 5:37 p.m.619 views

CVE-2019-14821

CVE-2019-14821 is a Linux kernel KVM issue: an out-of-bounds access in the Coalesced MMIO write path can occur if a host user controls the MMIO ring buffer indices (ring->first/ring->last). A local attacker with /dev/kvm access could crash the host kernel or potentially escalate privileges ...

8.8CVSS9AI score0.00763EPSS
CVE
CVE
added 2020/05/18 5:50 p.m.429 views

CVE-2020-13143

CVE-2020-13143 affects the Linux kernel USB gadget/configfs (drivers/usb/gadget/configfs.c) from 3.16 to 5.6.13. The flaw arises when gadget_dev_desc_UDC_store uses kstrdup and may encounter an internal NUL value, leading to potential out-of-bounds memory access (reported as heap out-of-bounds wr...

6.5CVSS6.5AI score0.04505EPSS
CVE
CVE
added 2023/06/28 8:2 p.m.424 views

CVE-2023-3390

CVE-2023-3390 is a local-use-after-free vulnerability in Linux kernel nftables (net/netfilter/nf_tables_api.c) caused by mishandled NFT_MSG_NEWRULE error paths, enabling a local attacker with CAP_SYS_ADMIN to trigger a privilege escalation. Public advisories (Amazon Linux 2/ALAS, Astra Linux, Deb...

7.8CVSS7.8AI score0.00864EPSS
CVE
CVE
added 2020/04/02 8:14 p.m.412 views

CVE-2020-11494

The CVE-2020-11494 issue affects the Linux kernel slcan (serial line CAN) driver: in slcan.c, CAN headers for received packets may not be fully initialised when receiving data, enabling local attackers to read uninitialised can_frame data from kernel memory (information leak). Root cause is incom...

4.4CVSS5.3AI score0.00722EPSS
CVE
CVE
added 2018/09/19 9:0 a.m.362 views

CVE-2018-17182

Summary : CVE-2018-17182 is a Linux kernel use-after-free vulnerability in the vmacache subsystem. The root cause is that the function vmacache_flush_all mishandles sequence number overflows, allowing a local attacker to trigger a use-after-free via certain thread creation/map/unmap/invalidation/...

7.8CVSS6.5AI score0.03206EPSS
CVE
CVE
added 2019/11/18 5:23 a.m.345 views

CVE-2019-19052

CVE-2019-19052 is a memory-leak vulnerability in the Linux kernel, specifically in drivers/net/can/usb/gs_usb.c within the gs_can_open() function. The issue allows a denial of service through memory consumption when usb_submit_urb() fails, affecting the kernel up to version before 5.3.11. The rea...

7.8CVSS7.5AI score0.05376EPSS
CVE
CVE
added 2020/02/25 3:48 p.m.318 views

CVE-2020-9383

CVE-2020-9383 affects the Linux kernel floppy driver (set_fdc in drivers/block/floppy.c) where the FDC index is not checked for errors before assignment, causing a wait_til_ready out-of-bounds read. Impact per the CVE description: local attacker could cause a denial of service or privilege escala...

7.1CVSS6.7AI score0.00731EPSS
CVE
CVE
added 2016/10/16 9:0 p.m.257 views

CVE-2015-3288

CVE-2015-3288 affects the Linux kernel prior to 4.1.4. It arises from mishandling anonymous pages in mm/memory.c, allowing a local user to gain privileges or cause a denial of service by writing to page zero. The issue is fixed in 4.1.4 (per ChangeLog-4.1.4 and related advisories referenced in th...

7.8CVSS7AI score0.00479EPSS
CVE
CVE
added 2021/09/20 5:25 a.m.182 views

CVE-2021-38300

CVE-2021-38300 affects the Linux kernel on MIPS through arch/mips/net/bpf_jit.c, where the BPF JIT can emit incorrect machine code when transforming unprivileged cBPF programs. Root cause: conditional branches can exceed the 128 KB limit, enabling a local user to execute arbitrary code in kernel ...

7.8CVSS7.5AI score0.00578EPSS
CVE
CVE
added 2025/02/26 2:23 a.m.181 views

CVE-2022-49647

CVE-2022-49647 affects the Linux kernel cgroups migration code. The vulnerability stems from overloading cset->mg_preload_node for both src and dst preload lists during task migrations, which could allow a cset to be simultaneously sourced and destined, risking a use-after-free if all tasks le...

7.8CVSS5.4AI score0.00281EPSS
CVE
CVE
added 2024/10/21 12:14 p.m.179 views

CVE-2024-47737

CVE-2024-47737 is a Linux kernel vulnerability in NFSD where, when xdr_reserve_space returns NULL due to insufficient buffer, a missing cache_put after a successful cache_get can occur if idmap_lookup triggers lookup_fn. This can create a mismatch in the nfsd cache handling. The CVE has a CVSSv3....

5.5CVSS7AI score0.00277EPSS
CVE
CVE
added 2024/07/12 12:20 p.m.177 views

CVE-2024-40911

CVE-2024-40911 affects the Linux kernel WiFi stack: linux wifi cfg80211_get_station may dereference a NULL pointer if the wiphy is not locked, leading to an Unable to handle kernel NULL pointer dereference. The fix locks the wiphy before rdev_get_station() (see ieee80211_get_station lockdep asser...

5.5CVSS6.9AI score0.0028EPSS
CVE
CVE
added 2024/10/21 7:39 p.m.176 views

CVE-2024-50036

CVE-2024-50036 is a Linux kernel vulnerability where dst_entries_add() uses per-CPU data that can be freed during netns dismantle, making dst_entries_destroy() race with dst_release() and potentially causing a use-after-free. The issue arises because the count of dsts must be decremented earlier,...

7CVSS6.6AI score0.00239EPSS
CVE
CVE
added 2025/02/26 2:23 a.m.149 views

CVE-2022-49602

The CVE-2022-49602 entry refers to a data race in the Linux kernel’s sysctl_fwmark_reflect reader. The race occurs while reading sysctl_fwmark_reflect, which could be changed concurrently; the fix is to apply READ_ONCE() to the reader to ensure a consistent read. Connected advisories (EulerOS/Ope...

4.7CVSS6.5AI score0.00181EPSS
CVE
CVE
added 2025/02/26 2:23 a.m.148 views

CVE-2022-49601

CVE-2022-49601 is a Linux kernel vulnerability where a data race occurs in the tcp/dccp path around reading the sysctl_fwmark_accept value. The root cause is concurrent modification of the reader while sysctl_tcp_fwmark_accept is being read, leading to potential inconsistency. The documented fix ...

4.7CVSS5.3AI score0.00181EPSS
CVE
CVE
added 2019/10/01 1:11 p.m.147 views

CVE-2019-17052

CVE-2019-17052 affects Linux kernel 3.16–5.3.2 where several AF_NET_RAW-bound protocols (AX.25) do not enforce CAP_NET_RAW in socket creation, allowing unprivileged users to create raw sockets. Related entries mention additional interfaces (IEEE802.154, Appletalk, ISDN, NFC) with the same CAP_NET...

3.3CVSS6AI score0.00635EPSS
CVE
CVE
added 2025/02/27 2:7 a.m.144 views

CVE-2024-57981

CVE-2024-57981 affects the Linux kernel USB xHCI code. When a command is queued to the final usable TRB and later aborted, the abort path could dereference a NULL cur_cmd, crashing due to a timer-setup path. The fix prevents timer setup if cur_cmd is NULL, and keeps the doorbell sequence safe. Af...

5.5CVSS6.8AI score0.00231EPSS
CVE
CVE
added 2025/05/01 1:7 p.m.134 views

CVE-2025-37781

CVE-2025-37781 affects the Linux kernel involving the i2c Cros EC tunnel. When i2c-cros-ec-tunnel and the EC driver are built-in, the EC parent device may not be found, causing a NULL pointer dereference. The issue can be reproduced by unbinding the controller driver and re-loading the i2c-cros-e...

5.5CVSS6.2AI score0.0017EPSS
CVE
CVE
added 2024/09/04 6:35 p.m.123 views

CVE-2024-44950

CVE-2024-44950 affects the Linux kernel serial driver for sc16is7xx. When enabling the special register set, Receiver time-out and RHR interrupts could cause the IRQ handler to read the FIFO via RHR at address 0x00, which is actually DLL, leading to erroneous FIFO reads. Root cause: invalid FIFO ...

5.5CVSS7.1AI score0.00209EPSS
CVE
CVE
added 2025/01/19 10:17 a.m.117 views

CVE-2025-21634

CVE-2025-21634 concerns the Linux kernel cpuset/cgroup path where kernfs active protection can be broken during concurrent cpuset writes, triggering a warning and potential deadlock risk. The root cause involved a sequence of hotplug-related changes that async/sync cpuset processing and previousl...

5.5CVSS6.8AI score0.00138EPSS
CVE
CVE
added 2024/09/27 12:39 p.m.115 views

CVE-2024-46829

The CVE-2024-46829 entry affects the Linux kernel and concerns a deadlock condition in rtmutex handling. Root cause: rt_mutex_handle_deadlock() is invoked with rt_mutex::wait_lock still held; in the deadlock path this could lead to an endless scheduling loop while the lock remains held and trigge...

5.5CVSS5.8AI score0.00196EPSS
CVE
CVE
added 2024/10/21 8:5 p.m.103 views

CVE-2022-48960

The CVE-2022-48960 issue is a Linux kernel use-after-free in net: hisilicon/hix5hd2_rx(), where a skb may be freed by napi_gro_receive() and later dereferenced. The connected sources confirm a fix was applied in the kernel (via stable tree commits referenced in the CVE entry). The vulnerability a...

7.8CVSS7.3AI score0.00238EPSS
CVE
CVE
added 2025/06/18 11:3 a.m.103 views

CVE-2022-50213

CVE-2022-50213 is a Linux kernel nf_tables/use-after-free vulnerability. When looking up NFT sets by ID within a batch, a set from a different table could be returned, and after the table was freed, a dangling reference could be exploited. The issue is in the cross-table handling of SET_ID and is...

7.8CVSS6.7AI score0.00194EPSS
CVE
CVE
added 2025/02/26 1:56 a.m.102 views

CVE-2022-49248

CVE-2022-49248 relates to the Linux kernel ALSA: firewire-lib, where the deferrable AV/C transaction flag could be left uninitialized for non-control/notify AV/C transactions. UBSAN reported an invalid-load in fcp.c when handling AV/C responses, with the status flag being read as a boolean. The i...

5.5CVSS6.5AI score0.00253EPSS
CVE
CVE
added 2025/02/26 2:23 a.m.99 views

CVE-2022-49661

Affected component: Linux kernel, gs_usb driver (USB CAN adapter). Issue: memory leak in gs_usb_open/close where RX URBs allocated with usb_alloc_coherent() were not freed by usb_kill_anchored_urbs() and DMA memory leaked. Root cause: improper freeing pattern; the fix explicitly frees RX URBs and...

5.5CVSS5.4AI score0.00253EPSS
CVE
CVE
added 2025/02/26 1:55 a.m.96 views

CVE-2022-49189

CVE-2022-49189 : In the Linux kernel (clk-rcg2, Qualcomm display pixel clock), final D calculation for the M/N ratio could fall outside the accepted range, causing underflow. The fix updates the D-value calculation to respect the valid range for given M and N, preventing underflow. Affected compo...

5.5CVSS5.4AI score0.00253EPSS
CVE
CVE
added 2024/06/19 2:53 p.m.95 views

CVE-2021-47587

CVE-2021-47587 concerns Linux kernel net: systemport descriptor lifecycle. The vulnerability arises from a shared descriptor list across multiple TX queues where the existing per-queue locking fails to serialize writes to WRITE_PORT_{HI,LO}, allowing concurrent producers to corrupt descriptors. C...

5.5CVSS7.2AI score0.00182EPSS
CVE
CVE
added 2025/02/26 2:24 a.m.93 views

CVE-2022-49679

The CVE-2022-49679 entry concerns a Linux kernel ARM refcount leak in axxia_boot_secondary. The flaw arises because of_find_compatible_node() returns a node pointer with an incremented refcount and is not paired with a corresponding of_node_put(). The connected Astra Linux and Unity/OSV entries r...

5.5CVSS5.3AI score0.0025EPSS
CVE
CVE
added 2024/06/20 11:13 a.m.87 views

CVE-2022-48715

CVE-2022-48715 is a Linux kernel vulnerability related to the SCSI driver bn x2fc. The issue stems from bnx2fc_recv_frame() modifying per-CPU lport stats counters in a non-MP-safe way, which could occur in a preemptible context when SMP features are enabled. The resolved fix restores the old get_...

5.5CVSS6.6AI score0.0021EPSS
CVE
CVE
added 2025/07/28 11:22 a.m.87 views

CVE-2025-38497

CVE-2025-38497 (Linux kernel) affects usb gadget configfs: writing an empty string to the qw_sign or landingPage sysfs attributes can dereference page[l-1] before length validation, causing an OOB read. The fix adds an early length check in os_desc_qw_sign_store() and webusb_landingPage_store() t...

7.1CVSS6.3AI score0.00153EPSS
CVE
CVE
added 2024/05/21 2:19 p.m.82 views

CVE-2021-47256

CVE-2021-47256 stems from a Linux kernel memory_failure fix where a missing wait for page writeback could leave inode i_wb_list in an inconsistent state, triggering a BUG_ON in clear_inode and kernel panic. Connected advisories describe the root cause: after end_page_writeback, inode->i_wb_lis...

5.5CVSS6.5AI score0.00233EPSS
CVE
CVE
added 2025/06/18 11:4 a.m.81 views

CVE-2022-50229

CVE-2022-50229 is a Linux kernel vulnerability in the ALSA bcd2000 driver. The issue is a use-after-free (UAF) bug that occurs on the error path during probing: when snd_card_register() fails, the driver frees midi_out_urb before it is killed, enabling a UAF condition. The observed log pattern me...

7.8CVSS6.5AI score0.002EPSS
CVE
CVE
added 2025/06/18 11:3 a.m.68 views

CVE-2022-50197

In CVE-2022-50197, the Linux kernel vulnerability affects the cpufreq: zynq component. The root cause is a refcount leak when retrieving a device node: of_find_compatible_node() returns a node pointer with an incremented refcount, and missing of_node_put() on cleanup leads to a leak. The fix adds...

5.5CVSS6.4AI score0.00198EPSS
CVE
CVE
added 2025/08/19 5:2 p.m.62 views

CVE-2025-38555

The CVE CVE-2025-38555 is a use-after-free in Linux kernel USB gadget driver during composite_dev_cleanup, arising when configfs_composite_bind() frees cdev->os_desc_req on kmalloc failure but doesn’t NULL it, leading to a subsequent use of non-NULL pointer. The issue affects the usb gadget’s ...

7.8CVSS7.1AI score0.00162EPSS
CVE
CVE
added 2026/03/04 12:58 p.m.46 views

CVE-2026-23231

CVE-2026-23231 affects the Linux kernel nf_tables code. The root cause is a use-after-free in nf_tables_addchain(), where a new chain is published to a table via list_add_tail_rcu() before hooks are registered; on failure the error path frees the chain without an RCU grace period, creating use-af...

7.8CVSS5.8AI score0.00812EPSS
CVE
CVE
added 2026/02/14 4:27 p.m.28 views

CVE-2025-71221

CVE-2025-71221: The Linux kernel mmp_pdma driver contained a race in mmp_pdma_residue() that could cause use-after-free when descriptors are freed while tx_status() iterates the descriptor list. The race occurs as CPU0 unwinds the descriptor list without proper locking while CPU1's tasklet can fr...

7CVSS5.2AI score0.00095EPSS
CVE
CVE
added 2025/10/04 3:43 p.m.25 views

CVE-2022-50503

CVE-2022-50503 affects the Linux kernel component mtd: lpddr2_nvm. The vulnerability is a possible null-ptr-deref in resource_size(add_range) when platform_get_resource() returns NULL. This is triggered in the lpddr2_nvm code path and can lead to a crash/local impact as described. The issue has b...

5.5CVSS6.2AI score0.00152EPSS
CVE
CVE
added 2026/05/27 12:17 p.m.22 views

CVE-2026-45890

The CVE-2026-45890 issue affects the Linux kernel xen-netback in Xen environments. The backend validated the upper bound of multi-queue config but did not reject zero, allowing a guest to set multi-queue-num-queues to 0. This leads to vzalloc(array_size(0, sizeof(struct xenvif_queue))) and WARN_O...

5.5CVSS5.7AI score0.00123EPSS
CVE
CVE
added 2026/04/24 2:42 p.m.21 views

CVE-2026-31619

The CVE-2026-31619 vulnerability affects the Linux kernel ALSA fireworks driver where a 32-bit status value from a FireWire device could be looked up in a 17-entry efr_status_names[] array, potentially indexing outside the array and causing incorrect string formatting. The issue could interpret E...

5.5CVSS5.3AI score0.00125EPSS
CVE
CVE
added 2025/10/07 3:21 p.m.20 views

CVE-2023-53667

CVE-2023-53667 affects the Linux kernel net/cdc_ncm path. The vulnerability arises when dwNtbOutMaxSize is lower than the calculated minimum but greater than zero, causing skb allocation in cdc_ncm_fill_tx_frame() to run out of space and potentially panic due to skb bounds checks. The patch/clamp...

5.5CVSS6.1AI score0.00137EPSS
CVE
CVE
added 2025/09/16 4:11 p.m.18 views

CVE-2022-50347

In CVE-2022-50347, the Linux kernel vulnerability is in mmc: rtsx_usb_sdmmc where mmc_add_host() return value was not checked. If mmc_add_host() fails and the code ignores the error, memory allocated by mmc_alloc_host() can be leaked, causing a kernel crash from deleting a non-added device in the...

5.5CVSS6.1AI score0.0015EPSS
CVE
CVE
added 2025/10/01 11:42 a.m.18 views

CVE-2022-50434

CVE-2022-50434: Technical details (affected product/component, root cause, impact, versions, fix) are not present in the connected documents. Monitor for updates.

5.5CVSS6.5AI score0.00168EPSS
CVE
CVE
added 2026/05/01 2:15 p.m.17 views

CVE-2026-31773

The CVE-2026-31773 entry concerns the Linux kernel Bluetooth SMP implementation. The root cause is that the legacy responder path in smp_random() marks the STK as authenticated whenever pending_sec_level is BT_SECURITY_HIGH, which reflects the requested security level rather than the actual pairi...

8.8CVSS5.8AI score0.00282EPSS
Total number of security vulnerabilities54