102 matches found
CVE-2016-5195
CVE-2016-5195 (Dirty COW) : A race condition in the Linux kernel’s memory management (mm/gup.c) allows a local user to gain write access to read‑only mappings via a faulty copy‑on‑write handling. Affected: kernel 2.x–4.x prior to 4.8.3. Exploitation was observed in the wild around Oct 2016. Impac...
CVE-2014-3153
The CVE-2014-3153 issue affects the Linux kernel futex_requeue path (kernel/futex.c) through version 3.14.5. A local unprivileged user can exploit FUTEX_REQUEUE with two identical futex addresses to gain privileges or modify waiter state, causing potential privilege escalation and memory impact. ...
CVE-2013-2094
CVE-2013-2094 affects the Linux kernel: the perf_swevent_init code in kernel/events/core.c uses an incorrect integer type, enabling a local, unprivileged user to escalate privileges via a crafted perf_event_open call. The issue leads to out-of-bounds access of perf_swevent_enabled and has been fi...
CVE-2013-6282
The CVE-2013-6282 issue affects the Linux kernel on ARM v6k/v7 where get_user and put_user do not validate certain addresses, enabling an unprivileged user to read/write arbitrary kernel memory. Exploitation was reported in the wild on Android devices in late 2013. Affected kernel versions includ...
CVE-2013-2596
CVE-2013-2596 is an integer overflow in the Linux kernel’s fb_mmap implementation (fbmem.c) up to version 3.8.9. It enables a local user to map kernel memory via /dev/graphics/fb0 mmap2, gaining privileges (Motochopper demonstration). Connected advisories (e.g., CentOS RHSA-2016:0450, F5 SOL11353...
CVE-2014-0196
CVE-2014-0196 affects the Linux kernel (through 3.14.3) specifically the n_tty_write function in drivers/tty/n_tty.c. The flaw permits a local user to trigger a race condition between read and write operations with long strings in the LECHO & !OPOST case, enabling denial of service (memory corrup...
CVE-2017-1000253
CVE-2017-1000253 is a Linux kernel PIE stack buffer corruption vulnerability in load_elf_binary() that can allow local privilege escalation when PIE is used and memory mapping overlaps the stack region. The issue stems from not accounting for space for the entire binary, causing later PT_LOAD seg...
CVE-2015-1421
CVE-2015-1421 is a use-after-free in the Linux kernel SCTP path (sctp_assoc_update in net/sctp/associola.c) that allows a remote attacker to trigger an INIT collision, leading to slab corruption and a kernel panic (DoS) with potentially other impact. Affected condition: kernel versions prior to 3...
CVE-2016-7117
CVE-2016-7117 describes a use-after-free in the Linux kernel’s __sys_recvmmsg() within net/socket.c, affecting kernel versions prior to 4.5.2. An attacker could trigger the corruption via a mishandled recvmmsg system call during error processing, enabling remote execution of arbitrary code. The v...
CVE-2014-0101
The CVE-2014-0101 issue affects the Linux kernel up to version 3.13.6, where the function sctp_sf_do_5_1D_ce in net/sctp/sm_statefuns.c does not validate certain auth_enable/auth_capable fields before sctp_sf_authenticate. This can enable a remote attacker to cause a denial of service by sending ...
CVE-2014-2523
CVE-2014-2523 applies to the Linux kernel code path net/netfilter/nf_conntrack_proto_dccp.c up to version 3.13.6. The vulnerability arises from incorrect handling of a DCCP header pointer, which could allow remote attackers to cause a system crash ( denial of service ) or potentially execute arbi...
CVE-2024-49975
CVE-2024-49975: Linux kernel uprobes information leak via the [uprobes] vma. xol_add_vma() maps an uninitialized page allocated by __create_xol_area() into userspace. On some architectures (notably x86), this memory can be readable even if VM_READ is not granted, yielding a kernel memory info lea...
CVE-2016-10229
The CVE-2016-10229 issue affects the Linux kernel’s UDP handling: udp.c in versions before 4.5 contains an unsafe second checksum calculation when a recv call uses MSG_PEEK, enabling remote code execution. Reports and advisories (e.g., ALAS-2017-832, Alpine, Debian, Broadcom/Big-IP advisories) co...
CVE-2023-40283
CVE-2023-40283 affects the Linux kernel before 6.4.10. It stems from a use-after-free in l2cap_sock_release (net/bluetooth/l2cap_sock.c) where the children of an sk are mishandled. The vulnerability allows a local attacker to run arbitrary code or cause a denial of service by crafting a targeted ...
CVE-2016-9793
The CVE-2016-9793 issue affects the Linux kernel 4.8.x lineage prior to 4.8.14. The sock_setsockopt implementation in net/core/sock.c mishandles negative values for sk_sndbuf and sk_rcvbuf, enabling a local attacker with CAP_NET_ADMIN to trigger memory corruption and a potential denial of service...
CVE-2012-6689
The CVE affects the Linux kernel before 3.5.5, where net/netlink/af_netlink.c:netlink_sendmsg does not validate dst_pid, enabling local spoofing of Netlink messages. Affected product is the Linux kernel (prior to 3.5.5); impact is listed as unspecified (local) with full confidentiality/integrity/...
CVE-2025-21689
The CVE concerns Linux kernel USB: serial (quatech2) where qt2_process_read_urb() could dereference NULL due to an out-of-bounds access. The root cause was an incorrect bounds check using if (newport > serial->num_ports) which allowed newport to reach serial->num_ports and make port NULL...
CVE-2015-5364
The CVE-2015-5364 issue affects the Linux kernel prior to 4.0.6, where udp_recvmsg/udpv6_recvmsg fail to handle processor yielding correctly, enabling remote attackers to trigger a denial of service (system hang) via UDP packet flood with incorrect checksums. Related CVE-2015-5366 also concerns U...
CVE-2015-8543
CVE-2015-8543 affects the Linux kernel networking stack (up to version 4.3.3 as used in Android and others). The issue: the networking implementation does not validate protocol identifiers for certain protocol families, enabling local users to cause a NULL pointer dereference and system crash, wi...
CVE-2014-4943
CVE-2014-4943 affects the Linux kernel up to 3.15.6, specifically the PPPoL2TP feature in net/l2tp/l2tp_ppp.c. The vulnerability arises from data-structure differences between an l2tp socket and an inet socket, enabling local privilege escalation. Public details in connected sources include PoC/e...
CVE-2014-0038
The CVE-2014-0038 issue affects the Linux kernel before 3.13.2 when CONFIG_X86_X32 is enabled: the compat_sys_recvmmsg function in net/compat.c can be exploited via recvmmsg with a crafted timeout pointer to gain local privileges. Public references document a local privilege escalation (exploitab...
CVE-2014-9322
CVE-2014-9322 affects the Linux kernel pre-3.17.5 where arch/x86/kernel/entry_64.S mishandles faults on the Stack Segment (SS) during IRET, allowing a local user to escalate privileges by accessing a GS Base address from the wrong space. Public PoC/exploitation (BadIRET) exists, illustrating loca...
CVE-2015-3331
CVE-2015-3331 affects the Linux kernel up to 3.19.2, where __driver_rfc4106_decrypt in arch/x86/crypto/aesni-intel_glue.c mishandles memory locations for encrypted data, enabling a context-dependent attacker to trigger a buffer overflow via a crypto API call (e.g., with a libkcapi test program us...
CVE-2014-8159
CVE-2014-8159 describes a flaw in the Linux kernel InfiniBand/RDMA subsystem where the uverbs interface used to register memory regions can be abused by a local user to access arbitrary physical memory, potentially crash the system or escalate privileges via /dev/infiniband/uverbsX. The initial e...
CVE-2015-2925
The vulnerability CVE-2015-2925 affects the Linux kernel prior to 4.2.4, specifically the prepend_path function in fs/dcache.c. It allows a local attacker to bypass container protections by renaming a directory inside a bind mount, enabling a double-chroot-style escape. The impact is enabling pri...
CVE-2015-8816
CVE-2015-8816 affects the Linux kernel prior to 4.3.5, where hub_activate in drivers/usb/core/hub.c mishandles hub-interface data. Physically proximate attackers can unplug a USB hub to trigger invalid memory access and a system crash (DoS); impact may be unspecified otherwise. A fixed version ex...
CVE-2013-1059
CVE-2013-1059 affects the Linux kernel (net/ceph/auth_none.c) through version 3.10. A remote attacker can trigger a denial of service via an auth_reply message that leads to a NULL pointer dereference and system crash; the content implies possible other impact. In the connected Nessus entries for...
CVE-2024-53066
CVE-2024-53066 concerns a Linux kernel issue where a KMSAN warning could arise from decoding NFS attributes. The warning is an uninitialized value in decode_getfattr_attrs() triggered during attribute decoding, linked to the field mdsthreshold in fattr not being initialized before it is used by d...
CVE-2014-9529
CVE-2014-9529: A race condition in Linux kernel key garbage collection (key_gc_unused_keys in security/keys/gc.c) up to 3.18.2 can enable local users to cause DoS or memory corruption during key garbage collection via keyctl. Connected advisory confirms kernel upstream fix and lists commit a3a878...
CVE-2013-0871
CVE-2013-0871 refers to a race condition in the Linux kernel’s ptrace implementation (PTRACE_SETREGS) that could allow a local user to gain privileges. The issue is in kernels prior to 3.7.5, with the ChangeLog for 3.7.5 documenting the fix. Affected component: Linux kernel (pre-3.7.5); root caus...
CVE-2014-3673
The vulnerability CVE-2014-3673 affects the SCTP implementation in the Linux kernel up to version 3.17.2. A malformed ASCONF chunk can be sent by a remote attacker to trigger a denial of service (system crash). Affected components are net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c. Remediat...
CVE-2015-7613
CVE-2015-7613 is a Linux kernel race condition in the IPC object implementation (up to version 4.2.3) that can allow a local unprivileged user to escalate privileges by triggering ipc_addid, which uses uid/gid values from uninitialized data (topics include msg.c, shm.c, util.c). Connected sources...
CVE-2013-2852
CVE-2013-2852 refers to a format string vulnerability in the b43_request_firmware path of the Broadcom B43 wireless driver for the Linux kernel (up to 3.9.4). The issue arises from format specifiers in an fwpostfix modprobe parameter, leading to improper construction of an error message and local...
CVE-2014-1737
CVE-2014-1737 affects the Linux kernel (through 3.14.3) and its floppy driver (drivers/block/floppy.c). The flaw is in raw_cmd_copyin not handling error conditions during processing of an FDRAWCMD ioctl, enabling local users with write access to /dev/fd to trigger kfree and potentially gain privi...
CVE-2025-37992
CVE-2025-37992 affects the Linux kernel net_sched subsystem. Affected: qdiscs (codel, fq, fq_codel, fq_pie, hhf, pie). Root cause: during qdisc ->change(), trimming only the main queue could leave packets on the gso_skb list, risking NULL pointer dereference when sch->limit is compared to s...
CVE-2014-5077
CVE-2014-5077 affects the Linux kernel’s SCTP code: the function sctp_assoc_update in net/sctp/associola.c (affected in kernel builds up to 3.15.8) can be triggered when SCTP authentication is enabled. An attacker can cause a denial of service via a NULL pointer dereference and kernel OOPS by ini...
CVE-2014-3687
The provided materials confirm CVE-2014-3687 affects the Linux kernel SCTP implementation (net/sctp/associola.c) up to version 3.17.2. The vulnerability allows remote attackers to cause a denial of service (panic) by sending duplicate ASCONF chunks, triggering an incorrect uncork within the side-...
CVE-2025-37798
CVE-2025-37798 affects the Linux kernel networking code. The fix removes the qlen check in fq_codel_dequeue() and codel_qdisc_dequeue() after making sch->qlen_notify() callbacks idempotent. The description indicates the vulnerability related to backlog/queue length handling in qdisc code (code...
CVE-2022-49573
The CVE-2022-49573 entry refers to a Linux kernel data race in the reader of sysctl_tcp_early_retrans. The vulnerability arises when reading sysctl_tcp_early_retrans, which could be modified concurrently. The fix was to add READ_ONCE() to the reader, mitigating the data race. Connected advisories...
CVE-2013-4587
CVE-2013-4587 describes an array index error in kvm_vm_ioctl_create_vcpu() within virt/kvm/kvm_main.c of the Linux kernel (through 3.12.5). This vulnerability enables local privilege escalation via a large id value. The connected Nessus/OpenVAS advisories reference Unity Linux/SUSE/OpenVAS entrie...
CVE-2014-2851
CVE-2014-2851: Integer overflow in ping_init_sock (net/ipv4/ping.c) of the Linux kernel up to 3.14.1 allows local users to cause a denial of service (use‑after‑free and system crash) and potentially gain privileges via a crafted application that exploits an improperly managed reference counter. C...
CVE-2024-38601
CVE-2024-38601 : Linux kernel ring-buffer race between readers and resize checks in ring_buffer, causing transient doubly-linked-list inconsistency (page->prev/next) during concurrent resizing and read operations. Root cause described as a swap of reader pages via cmpxchg in rb_get_reader_page...
CVE-2024-26635
CVE-2024-26635 affects the Linux kernel LLС path. The issue arises from legacy support for ETH_P_TR_802_2 in 802.2 LLC handling, where llc_conn_handler/llc_pdu_decode paths initialized saddr/daddr.mac only for ETH_P_802_2, causing reads of garbage in other protocols (e.g., ETH_P_TR_802_2). The bu...
CVE-2014-0069
The CVE-2014-0069 entry affects the Linux kernel (fs/cifs/file.c: cifs_iovec_write) up to version 3.13.5. The vulnerability stems from improper handling of uncached write operations that copy fewer bytes than requested, enabling local users to read kernel memory (information disclosure), cause me...
CVE-2014-4699
CVE-2014-4699 affects the Linux kernel prior to 3.15.4 on Intel CPUs: a non-canonical saved RIP value in system calls that do not use IRET can be exploited via ptrace and fork to escalate privileges or trigger a denial of service (double fault). Multiple connected advisories (e.g., MiracleLinux A...
CVE-2014-2706
CVE-2014-2706 describes a race condition in the Linux kernel’s mac80211 subsystem (sta_info.c and tx.c) that, when handling network traffic in conjunction with the WLAN_STA_PS_STA (power-save) state, can cause a remote denial of service (system crash). The issue affects kernel versions prior to 3...
CVE-2012-3412
CVE-2012-3412 affects the sfc (Solarflare Solarstorm) driver in the Linux kernel, specifically versions before 3.2.30. The vulnerability allows remote attackers to trigger a denial of service by sending crafted TCP packets that induce a small MSS value, leading to DMA descriptor consumption and n...
CVE-2013-4348
CVE-2013-4348 affects the Linux kernel (up to 3.12) via skb_flow_dissect in net/core/flow_dissector.c. A crafted small IHL value in IPIP-encapsulated packets can trigger an infinite loop, enabling remote denial of service. The connected Nessus advisories reproduce the same description for Unity L...
CVE-2025-21881
CVE-2025-21881 describes a Linux kernel vulnerability in the uprobes code path, specifically in uprobe_write_opcode() where a zero page (zeropage) is rejected but not properly accounted. The issue arises when a zero pfn is written to a PTE without increasing the RSS counter, causing the zero foli...
CVE-2025-37765
CVE-2025-37765 relates to the Linux kernel drm/nouveau path where an oops occurs in ttm_bo_delayed_delete due to a dangling nouveau_bo reservation pointer after amdgpu_bo destruction. The root cause is that drm_prime_gem_destroy releases a shared dma_buf, destroying the amdgpu_bo, which leaves no...