Lucene search
K
LinuxLinux Kernel3.5

102 matches found

CVE
CVE
added 2016/11/10 9:0 p.m.2133 views

CVE-2016-5195

CVE-2016-5195 (Dirty COW) : A race condition in the Linux kernel’s memory management (mm/gup.c) allows a local user to gain write access to read‑only mappings via a faulty copy‑on‑write handling. Affected: kernel 2.x–4.x prior to 4.8.3. Exploitation was observed in the wild around Oct 2016. Impac...

7.2CVSS7.8AI score0.83524EPSS
In wild
CVE
CVE
added 2014/06/07 2:0 p.m.1168 views

CVE-2014-3153

The CVE-2014-3153 issue affects the Linux kernel futex_requeue path (kernel/futex.c) through version 3.14.5. A local unprivileged user can exploit FUTEX_REQUEUE with two identical futex addresses to gain privileges or modify waiter state, causing potential privilege escalation and memory impact. ...

7.8CVSS6.5AI score0.37233EPSS
In wild
CVE
CVE
added 2013/05/14 8:0 p.m.963 views

CVE-2013-2094

CVE-2013-2094 affects the Linux kernel: the perf_swevent_init code in kernel/events/core.c uses an incorrect integer type, enabling a local, unprivileged user to escalate privileges via a crafted perf_event_open call. The issue leads to out-of-bounds access of perf_swevent_enabled and has been fi...

8.4CVSS7.3AI score0.47709EPSS
In wild
CVE
CVE
added 2013/11/19 3:0 p.m.804 views

CVE-2013-6282

The CVE-2013-6282 issue affects the Linux kernel on ARM v6k/v7 where get_user and put_user do not validate certain addresses, enabling an unprivileged user to read/write arbitrary kernel memory. Exploitation was reported in the wild on Android devices in late 2013. Affected kernel versions includ...

8.8CVSS7.7AI score0.39711EPSS
In wild
CVE
CVE
added 2013/04/13 1:0 a.m.782 views

CVE-2013-2596

CVE-2013-2596 is an integer overflow in the Linux kernel’s fb_mmap implementation (fbmem.c) up to version 3.8.9. It enables a local user to map kernel memory via /dev/graphics/fb0 mmap2, gaining privileges (Motochopper demonstration). Connected advisories (e.g., CentOS RHSA-2016:0450, F5 SOL11353...

7.8CVSS5.7AI score0.03373EPSS
In wild
CVE
CVE
added 2014/05/07 10:0 a.m.603 views

CVE-2014-0196

CVE-2014-0196 affects the Linux kernel (through 3.14.3) specifically the n_tty_write function in drivers/tty/n_tty.c. The flaw permits a local user to trigger a race condition between read and write operations with long strings in the LECHO & !OPOST case, enabling denial of service (memory corrup...

6.9CVSS6.3AI score0.22475EPSS
In wild
CVE
CVE
added 2017/10/04 1:0 a.m.519 views

CVE-2017-1000253

CVE-2017-1000253 is a Linux kernel PIE stack buffer corruption vulnerability in load_elf_binary() that can allow local privilege escalation when PIE is used and memory mapping overlaps the stack region. The issue stems from not accounting for space for the entire binary, causing later PT_LOAD seg...

7.8CVSS7.3AI score0.10695EPSS
In wild
CVE
CVE
added 2015/03/16 10:0 a.m.403 views

CVE-2015-1421

CVE-2015-1421 is a use-after-free in the Linux kernel SCTP path (sctp_assoc_update in net/sctp/associola.c) that allows a remote attacker to trigger an INIT collision, leading to slab corruption and a kernel panic (DoS) with potentially other impact. Affected condition: kernel versions prior to 3...

10CVSS5.9AI score0.09828EPSS
CVE
CVE
added 2016/10/10 10:0 a.m.400 views

CVE-2016-7117

CVE-2016-7117 describes a use-after-free in the Linux kernel’s __sys_recvmmsg() within net/socket.c, affecting kernel versions prior to 4.5.2. An attacker could trigger the corruption via a mishandled recvmmsg system call during error processing, enabling remote execution of arbitrary code. The v...

10CVSS9.3AI score0.24299EPSS
CVE
CVE
added 2014/03/11 1:0 a.m.338 views

CVE-2014-0101

The CVE-2014-0101 issue affects the Linux kernel up to version 3.13.6, where the function sctp_sf_do_5_1D_ce in net/sctp/sm_statefuns.c does not validate certain auth_enable/auth_capable fields before sctp_sf_authenticate. This can enable a remote attacker to cause a denial of service by sending ...

7.8CVSS5.9AI score0.07045EPSS
CVE
CVE
added 2014/03/24 10:0 a.m.323 views

CVE-2014-2523

CVE-2014-2523 applies to the Linux kernel code path net/netfilter/nf_conntrack_proto_dccp.c up to version 3.13.6. The vulnerability arises from incorrect handling of a DCCP header pointer, which could allow remote attackers to cause a system crash ( denial of service ) or potentially execute arbi...

10CVSS7.2AI score0.10385EPSS
CVE
CVE
added 2024/10/21 6:2 p.m.285 views

CVE-2024-49975

CVE-2024-49975: Linux kernel uprobes information leak via the [uprobes] vma. xol_add_vma() maps an uninitialized page allocated by __create_xol_area() into userspace. On some architectures (notably x86), this memory can be readable even if VM_READ is not granted, yielding a kernel memory info lea...

5.5CVSS5AI score0.00249EPSS
CVE
CVE
added 2017/04/04 4:54 a.m.283 views

CVE-2016-10229

The CVE-2016-10229 issue affects the Linux kernel’s UDP handling: udp.c in versions before 4.5 contains an unsafe second checksum calculation when a recv call uses MSG_PEEK, enabling remote code execution. Reports and advisories (e.g., ALAS-2017-832, Alpine, Debian, Broadcom/Big-IP advisories) co...

10CVSS9.2AI score0.12791EPSS
CVE
CVE
added 2023/08/14 12:0 a.m.255 views

CVE-2023-40283

CVE-2023-40283 affects the Linux kernel before 6.4.10. It stems from a use-after-free in l2cap_sock_release (net/bluetooth/l2cap_sock.c) where the children of an sk are mishandled. The vulnerability allows a local attacker to run arbitrary code or cause a denial of service by crafting a targeted ...

7.8CVSS7.5AI score0.0056EPSS
CVE
CVE
added 2016/12/28 7:42 a.m.234 views

CVE-2016-9793

The CVE-2016-9793 issue affects the Linux kernel 4.8.x lineage prior to 4.8.14. The sock_setsockopt implementation in net/core/sock.c mishandles negative values for sk_sndbuf and sk_rcvbuf, enabling a local attacker with CAP_NET_ADMIN to trigger memory corruption and a potential denial of service...

7.8CVSS7.9AI score0.01566EPSS
CVE
CVE
added 2016/05/02 10:0 a.m.230 views

CVE-2012-6689

The CVE affects the Linux kernel before 3.5.5, where net/netlink/af_netlink.c:netlink_sendmsg does not validate dst_pid, enabling local spoofing of Netlink messages. Affected product is the Linux kernel (prior to 3.5.5); impact is listed as unspecified (local) with full confidentiality/integrity/...

7.8CVSS7AI score0.0031EPSS
CVE
CVE
added 2025/02/10 3:58 p.m.200 views

CVE-2025-21689

The CVE concerns Linux kernel USB: serial (quatech2) where qt2_process_read_urb() could dereference NULL due to an out-of-bounds access. The root cause was an incorrect bounds check using if (newport > serial->num_ports) which allowed newport to reach serial->num_ports and make port NULL...

5.5CVSS5.5AI score0.00201EPSS
CVE
CVE
added 2015/08/31 10:0 a.m.198 views

CVE-2015-5364

The CVE-2015-5364 issue affects the Linux kernel prior to 4.0.6, where udp_recvmsg/udpv6_recvmsg fail to handle processor yielding correctly, enabling remote attackers to trigger a denial of service (system hang) via UDP packet flood with incorrect checksums. Related CVE-2015-5366 also concerns U...

7.8CVSS5.7AI score0.06267EPSS
CVE
CVE
added 2015/12/28 11:0 a.m.194 views

CVE-2015-8543

CVE-2015-8543 affects the Linux kernel networking stack (up to version 4.3.3 as used in Android and others). The issue: the networking implementation does not validate protocol identifiers for certain protocol families, enabling local users to cause a NULL pointer dereference and system crash, wi...

7CVSS7AI score0.0123EPSS
CVE
CVE
added 2014/07/19 7:0 p.m.193 views

CVE-2014-4943

CVE-2014-4943 affects the Linux kernel up to 3.15.6, specifically the PPPoL2TP feature in net/l2tp/l2tp_ppp.c. The vulnerability arises from data-structure differences between an l2tp socket and an inet socket, enabling local privilege escalation. Public details in connected sources include PoC/e...

6.9CVSS6.3AI score0.02103EPSS
CVE
CVE
added 2014/02/06 10:0 p.m.181 views

CVE-2014-0038

The CVE-2014-0038 issue affects the Linux kernel before 3.13.2 when CONFIG_X86_X32 is enabled: the compat_sys_recvmmsg function in net/compat.c can be exploited via recvmmsg with a crafted timeout pointer to gain local privileges. Public references document a local privilege escalation (exploitab...

6.9CVSS5.6AI score0.34649EPSS
CVE
CVE
added 2014/12/17 11:0 a.m.177 views

CVE-2014-9322

CVE-2014-9322 affects the Linux kernel pre-3.17.5 where arch/x86/kernel/entry_64.S mishandles faults on the Stack Segment (SS) during IRET, allowing a local user to escalate privileges by accessing a GS Base address from the wrong space. Public PoC/exploitation (BadIRET) exists, illustrating loca...

7.8CVSS7.4AI score0.01504EPSS
CVE
CVE
added 2015/05/27 10:0 a.m.177 views

CVE-2015-3331

CVE-2015-3331 affects the Linux kernel up to 3.19.2, where __driver_rfc4106_decrypt in arch/x86/crypto/aesni-intel_glue.c mishandles memory locations for encrypted data, enabling a context-dependent attacker to trigger a buffer overflow via a crypto API call (e.g., with a libkcapi test program us...

9.3CVSS6.6AI score0.10108EPSS
CVE
CVE
added 2015/03/16 10:0 a.m.170 views

CVE-2014-8159

CVE-2014-8159 describes a flaw in the Linux kernel InfiniBand/RDMA subsystem where the uverbs interface used to register memory regions can be abused by a local user to access arbitrary physical memory, potentially crash the system or escalate privileges via /dev/infiniband/uverbsX. The initial e...

6.9CVSS6AI score0.00441EPSS
CVE
CVE
added 2015/11/16 11:0 a.m.170 views

CVE-2015-2925

The vulnerability CVE-2015-2925 affects the Linux kernel prior to 4.2.4, specifically the prepend_path function in fs/dcache.c. It allows a local attacker to bypass container protections by renaming a directory inside a bind mount, enabling a double-chroot-style escape. The impact is enabling pri...

6.9CVSS5.8AI score0.01246EPSS
CVE
CVE
added 2016/04/27 5:0 p.m.170 views

CVE-2015-8816

CVE-2015-8816 affects the Linux kernel prior to 4.3.5, where hub_activate in drivers/usb/core/hub.c mishandles hub-interface data. Physically proximate attackers can unplug a USB hub to trigger invalid memory access and a system crash (DoS); impact may be unspecified otherwise. A fixed version ex...

7.2CVSS7AI score0.00544EPSS
CVE
CVE
added 2013/07/08 5:0 p.m.168 views

CVE-2013-1059

CVE-2013-1059 affects the Linux kernel (net/ceph/auth_none.c) through version 3.10. A remote attacker can trigger a denial of service via an auth_reply message that leads to a NULL pointer dereference and system crash; the content implies possible other impact. In the connected Nessus entries for...

7.8CVSS6.6AI score0.04546EPSS
CVE
CVE
added 2024/11/19 5:22 p.m.166 views

CVE-2024-53066

CVE-2024-53066 concerns a Linux kernel issue where a KMSAN warning could arise from decoding NFS attributes. The warning is an uninitialized value in decode_getfattr_attrs() triggered during attribute decoding, linked to the field mdsthreshold in fattr not being initialized before it is used by d...

5.5CVSS5AI score0.00253EPSS
CVE
CVE
added 2015/01/09 9:0 p.m.164 views

CVE-2014-9529

CVE-2014-9529: A race condition in Linux kernel key garbage collection (key_gc_unused_keys in security/keys/gc.c) up to 3.18.2 can enable local users to cause DoS or memory corruption during key garbage collection via keyctl. Connected advisory confirms kernel upstream fix and lists commit a3a878...

6.9CVSS6.2AI score0.00339EPSS
CVE
CVE
added 2013/02/18 2:0 a.m.156 views

CVE-2013-0871

CVE-2013-0871 refers to a race condition in the Linux kernel’s ptrace implementation (PTRACE_SETREGS) that could allow a local user to gain privileges. The issue is in kernels prior to 3.7.5, with the ChangeLog for 3.7.5 documenting the fix. Affected component: Linux kernel (pre-3.7.5); root caus...

6.9CVSS6.7AI score0.01434EPSS
CVE
CVE
added 2014/11/10 11:0 a.m.156 views

CVE-2014-3673

The vulnerability CVE-2014-3673 affects the SCTP implementation in the Linux kernel up to version 3.17.2. A malformed ASCONF chunk can be sent by a remote attacker to trigger a denial of service (system crash). Affected components are net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c. Remediat...

7.8CVSS7.1AI score0.07461EPSS
CVE
CVE
added 2015/10/19 10:0 a.m.155 views

CVE-2015-7613

CVE-2015-7613 is a Linux kernel race condition in the IPC object implementation (up to version 4.2.3) that can allow a local unprivileged user to escalate privileges by triggering ipc_addid, which uses uid/gid values from uninitialized data (topics include msg.c, shm.c, util.c). Connected sources...

6.9CVSS6.1AI score0.00412EPSS
CVE
CVE
added 2013/06/07 10:0 a.m.152 views

CVE-2013-2852

CVE-2013-2852 refers to a format string vulnerability in the b43_request_firmware path of the Broadcom B43 wireless driver for the Linux kernel (up to 3.9.4). The issue arises from format specifiers in an fwpostfix modprobe parameter, leading to improper construction of an error message and local...

6.9CVSS5.7AI score0.01022EPSS
CVE
CVE
added 2014/05/11 9:0 p.m.150 views

CVE-2014-1737

CVE-2014-1737 affects the Linux kernel (through 3.14.3) and its floppy driver (drivers/block/floppy.c). The flaw is in raw_cmd_copyin not handling error conditions during processing of an FDRAWCMD ioctl, enabling local users with write access to /dev/fd to trigger kfree and potentially gain privi...

7.2CVSS6.2AI score0.00489EPSS
CVE
CVE
added 2025/05/26 2:54 p.m.150 views

CVE-2025-37992

CVE-2025-37992 affects the Linux kernel net_sched subsystem. Affected: qdiscs (codel, fq, fq_codel, fq_pie, hhf, pie). Root cause: during qdisc ->change(), trimming only the main queue could leave packets on the gso_skb list, risking NULL pointer dereference when sch->limit is compared to s...

5.5CVSS6.9AI score0.00159EPSS
CVE
CVE
added 2014/08/01 10:0 a.m.149 views

CVE-2014-5077

CVE-2014-5077 affects the Linux kernel’s SCTP code: the function sctp_assoc_update in net/sctp/associola.c (affected in kernel builds up to 3.15.8) can be triggered when SCTP authentication is enabled. An attacker can cause a denial of service via a NULL pointer dereference and kernel OOPS by ini...

7.1CVSS6.2AI score0.05794EPSS
CVE
CVE
added 2014/11/10 11:0 a.m.148 views

CVE-2014-3687

The provided materials confirm CVE-2014-3687 affects the Linux kernel SCTP implementation (net/sctp/associola.c) up to version 3.17.2. The vulnerability allows remote attackers to cause a denial of service (panic) by sending duplicate ASCONF chunks, triggering an incorrect uncork within the side-...

7.8CVSS7.1AI score0.08579EPSS
CVE
CVE
added 2025/05/02 2:16 p.m.147 views

CVE-2025-37798

CVE-2025-37798 affects the Linux kernel networking code. The fix removes the qlen check in fq_codel_dequeue() and codel_qdisc_dequeue() after making sch->qlen_notify() callbacks idempotent. The description indicates the vulnerability related to backlog/queue length handling in qdisc code (code...

7.8CVSS6.6AI score0.00176EPSS
CVE
CVE
added 2025/02/26 2:23 a.m.146 views

CVE-2022-49573

The CVE-2022-49573 entry refers to a Linux kernel data race in the reader of sysctl_tcp_early_retrans. The vulnerability arises when reading sysctl_tcp_early_retrans, which could be modified concurrently. The fix was to add READ_ONCE() to the reader, mitigating the data race. Connected advisories...

4.7CVSS5.3AI score0.00181EPSS
CVE
CVE
added 2013/12/14 6:0 p.m.144 views

CVE-2013-4587

CVE-2013-4587 describes an array index error in kvm_vm_ioctl_create_vcpu() within virt/kvm/kvm_main.c of the Linux kernel (through 3.12.5). This vulnerability enables local privilege escalation via a large id value. The connected Nessus/OpenVAS advisories reference Unity Linux/SUSE/OpenVAS entrie...

7.2CVSS6.2AI score0.0053EPSS
CVE
CVE
added 2014/04/14 11:0 p.m.143 views

CVE-2014-2851

CVE-2014-2851: Integer overflow in ping_init_sock (net/ipv4/ping.c) of the Linux kernel up to 3.14.1 allows local users to cause a denial of service (use‑after‑free and system crash) and potentially gain privileges via a crafted application that exploits an improperly managed reference counter. C...

6.9CVSS6.5AI score0.00959EPSS
CVE
CVE
added 2024/06/19 1:48 p.m.141 views

CVE-2024-38601

CVE-2024-38601 : Linux kernel ring-buffer race between readers and resize checks in ring_buffer, causing transient doubly-linked-list inconsistency (page->prev/next) during concurrent resizing and read operations. Root cause described as a swap of reader pages via cmpxchg in rb_get_reader_page...

4.7CVSS6.4AI score0.00175EPSS
CVE
CVE
added 2024/03/18 10:14 a.m.139 views

CVE-2024-26635

CVE-2024-26635 affects the Linux kernel LLС path. The issue arises from legacy support for ETH_P_TR_802_2 in 802.2 LLC handling, where llc_conn_handler/llc_pdu_decode paths initialized saddr/daddr.mac only for ETH_P_802_2, causing reads of garbage in other protocols (e.g., ETH_P_TR_802_2). The bu...

5.5CVSS5.8AI score0.00242EPSS
CVE
CVE
added 2014/02/28 2:0 a.m.137 views

CVE-2014-0069

The CVE-2014-0069 entry affects the Linux kernel (fs/cifs/file.c: cifs_iovec_write) up to version 3.13.5. The vulnerability stems from improper handling of uncached write operations that copy fewer bytes than requested, enabling local users to read kernel memory (information disclosure), cause me...

7.2CVSS6.5AI score0.00414EPSS
CVE
CVE
added 2014/07/09 10:0 a.m.135 views

CVE-2014-4699

CVE-2014-4699 affects the Linux kernel prior to 3.15.4 on Intel CPUs: a non-canonical saved RIP value in system calls that do not use IRET can be exploited via ptrace and fork to escalate privileges or trigger a denial of service (double fault). Multiple connected advisories (e.g., MiracleLinux A...

6.9CVSS6.1AI score0.02324EPSS
CVE
CVE
added 2014/04/14 11:0 p.m.131 views

CVE-2014-2706

CVE-2014-2706 describes a race condition in the Linux kernel’s mac80211 subsystem (sta_info.c and tx.c) that, when handling network traffic in conjunction with the WLAN_STA_PS_STA (power-save) state, can cause a remote denial of service (system crash). The issue affects kernel versions prior to 3...

7.1CVSS7.8AI score0.04354EPSS
CVE
CVE
added 2012/10/03 10:0 a.m.129 views

CVE-2012-3412

CVE-2012-3412 affects the sfc (Solarflare Solarstorm) driver in the Linux kernel, specifically versions before 3.2.30. The vulnerability allows remote attackers to trigger a denial of service by sending crafted TCP packets that induce a small MSS value, leading to DMA descriptor consumption and n...

7.8CVSS6AI score0.06158EPSS
CVE
CVE
added 2013/11/04 11:0 a.m.129 views

CVE-2013-4348

CVE-2013-4348 affects the Linux kernel (up to 3.12) via skb_flow_dissect in net/core/flow_dissector.c. A crafted small IHL value in IPIP-encapsulated packets can trigger an infinite loop, enabling remote denial of service. The connected Nessus advisories reproduce the same description for Unity L...

7.1CVSS5.9AI score0.09408EPSS
CVE
CVE
added 2025/03/27 2:57 p.m.124 views

CVE-2025-21881

CVE-2025-21881 describes a Linux kernel vulnerability in the uprobes code path, specifically in uprobe_write_opcode() where a zero page (zeropage) is rejected but not properly accounted. The issue arises when a zero pfn is written to a PTE without increasing the RSS counter, causing the zero foli...

5.5CVSS7AI score0.00191EPSS
CVE
CVE
added 2025/05/01 1:7 p.m.123 views

CVE-2025-37765

CVE-2025-37765 relates to the Linux kernel drm/nouveau path where an oops occurs in ttm_bo_delayed_delete due to a dangling nouveau_bo reservation pointer after amdgpu_bo destruction. The root cause is that drm_prime_gem_destroy releases a shared dma_buf, destroying the amdgpu_bo, which leaves no...

5.5CVSS6.5AI score0.00176EPSS
Total number of security vulnerabilities102