Lucene search
K
LinuxLinux Kernel3.5

102 matches found

CVE
CVE
added 2014/11/10 11:0 a.m.120 views

CVE-2014-7826

CVE-2014-7826 affects the Linux kernel up to 3.17.2, where kernel/trace/trace_syscalls.c in the ftrace subsystem mishandles private syscall numbers. This can allow a local user to gain privileges or cause a denial of service via an crafted application (invalid pointer dereference). Connected advi...

7.8CVSS7.3AI score0.00589EPSS
CVE
CVE
added 2013/04/29 10:0 a.m.119 views

CVE-2013-3301

CVE-2013-3301 affects the Linux kernel ftrace implementation up to version before 3.8.8. Local users with CAP_SYS_ADMIN can write to either set_ftrace_pid or set_graph_function and trigger an lseek, leading to a NULL pointer dereference and possible system crash or other impact. Multiple connecte...

7.2CVSS5.6AI score0.00985EPSS
CVE
CVE
added 2013/11/27 2:0 a.m.119 views

CVE-2013-6383

The CVE-2013-6383 issue is real in the Linux kernel up to version 3.11.7: the aac_compat_ioctl function in drivers/scsi/aacraid/linit.c does not require CAP_SYS_RAWIO, allowing local users to bypass access restrictions via a crafted ioctl. Affected: Linux kernel prior to 3.11.8 (notably seen in a...

6.9CVSS6.3AI score0.0049EPSS
CVE
CVE
added 2014/09/28 10:0 a.m.116 views

CVE-2014-3181

CVE-2014-3181 affects the Linux kernel HID Magic Mouse driver (drivers/hid/hid-magicmouse.c, function magicmouse_raw_event) through version 3.16.3. It results in stack-based buffer overflows when processing large EHCI or XHCI data from a device, enabling physically proximate attackers to cause a ...

6.9CVSS6.8AI score0.00764EPSS
CVE
CVE
added 2014/09/28 10:0 a.m.116 views

CVE-2014-3185

CVE-2014-3185 affects the Linux kernel’s Whiteheat USB Serial Driver (drivers/usb/serial/whiteheat.c). The vulnerability allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) by presenting a crafted USB device that suppli...

6.9CVSS6.7AI score0.00596EPSS
CVE
CVE
added 2013/03/18 3:0 p.m.115 views

CVE-2013-0913

CVE-2013-0913 affects the i915 DRM driver in the Linux kernel up to version 3.8.3. The vulnerability is an integer overflow in drivers/gpu/drm/i915/i915_gem_execbuffer.c, which can be triggered by a crafted relocation-copy sequence and may lead to a heap-based buffer overflow, potentially enablin...

7.2CVSS7.1AI score0.00556EPSS
CVE
CVE
added 2014/11/10 11:0 a.m.115 views

CVE-2014-7825

CVE-2014-7825 affects the Linux kernel up to 3.17.2, specifically the file kernel/trace/trace_syscalls.c. The vulnerability arises from improper handling of private syscall numbers when using the perf subsystem, enabling a local attacker to trigger an out-of-bounds read and OOPS, and potentially ...

7.8CVSS6.9AI score0.00568EPSS
CVE
CVE
added 2014/08/01 10:0 a.m.113 views

CVE-2014-3534

CVE-2014-3534 (Linux kernel, s390) : The vulnerability in arch/s390/kernel/ ptrace.c allows a local user to bypass restrictions on address-space control with PTRACE_POKEUSR_AREA, gaining read/write access to kernel memory and potentially elevation of privileges via a crafted ptrace call. Affected...

7.2CVSS5.6AI score0.00469EPSS
CVE
CVE
added 2013/02/28 7:0 p.m.111 views

CVE-2013-1763

CVE-2013-1763 affects the Linux kernel pre-3.7.10, where an array index error in net/core/sock_diag.c (__sock_diag_rcv_msg) could allow a local attacker to gain privileges via a large family value in a Netlink message. The impact is a local privilege escalation with full confidentiality/integrity...

7.2CVSS6.2AI score0.0418EPSS
CVE
CVE
added 2024/08/29 9:5 a.m.111 views

CVE-2021-4442

CVE-2021-4442 – The Linux kernel TCP stack vulnerability described as: a syzkaller repro could cause RCV_SEQ to be advanced after data restoration in the receive queue, enabling an out-of-order or invalid sequence handling when TCP_QUEUE_SEQ is used on non-empty queues. The connected documents (A...

5.5CVSS6.7AI score0.00393EPSS
CVE
CVE
added 2013/11/27 2:0 a.m.109 views

CVE-2013-6381

CVE-2013-6381 describes a buffer overflow in the Linux kernel’s qeth_snmp_command function (drivers/s390/net/qeth_core_main.c) up to version 3.12.1, allowing local users to cause a denial of service (and potentially other impact) via an SNMP ioctl with an incompatible length. Connected documents ...

6.9CVSS7AI score0.00574EPSS
CVE
CVE
added 2015/06/07 11:0 p.m.108 views

CVE-2015-4002

CVE-2015-4002 affects the OZWPAN driver in the Linux kernel (drivers/staging/ozwpan/ozusbsvc1.c) up to version 4.0.5. The issue is a length-value handling flaw where certain length values are not sufficiently large, enabling remote attackers to cause a denial of service (system crash or large loo...

9CVSS7.8AI score0.08339EPSS
CVE
CVE
added 2013/06/07 10:0 a.m.104 views

CVE-2013-2850

CVE-2013-2850: Heap-based buffer overflow in the Linux kernel’s iSCSI target subsystem (iscsi_add_notunderstood_response in drivers/target/iscsi/iscsi_target_parameters.c) affects kernel versions up to 3.9.4. The flaw can allow remote attackers to trigger memory corruption and OOPS, with potentia...

7.9CVSS9.7AI score0.07313EPSS
CVE
CVE
added 2014/04/01 1:0 a.m.104 views

CVE-2014-2672

CVE-2014-2672 : A race condition in the Linux kernel’s ath9k driver (ath_tx_aggr_sleep in drivers/net/wireless/ath/ath9k/xmit.c) before 3.13.7 can be triggered by a high volume of network traffic, enabling remote attackers to cause a denial of service (system crash). Public sources in connected d...

7.1CVSS6.5AI score0.02744EPSS
CVE
CVE
added 2013/03/22 10:0 a.m.103 views

CVE-2013-1860

CVE-2013-1860 is a heap-based buffer overflow in the Linux kernel’s wdm_in_callback (drivers/usb/class/cdc-wdm.c) present in versions prior to 3.8.4. The vulnerability allows physically proximate attackers to crash the system or potentially execute arbitrary code through a crafted cdc-wdm USB dev...

6.9CVSS6.6AI score0.0082EPSS
CVE
CVE
added 2025/02/26 2:24 a.m.101 views

CVE-2022-49712

CVE-2022-49712 : In the Linux kernel, the usb: gadget: lpc32xx_udc probe had a refcount leak due to an extra reference from of_parse_phandle(); the fix adds of_node_put() to release the node when not needed. This mitigates a refcount leak in the probe path. Connected advisories (SUSE/Nessus/OpenV...

5.5CVSS5.3AI score0.00243EPSS
CVE
CVE
added 2013/11/12 1:0 a.m.99 views

CVE-2013-4511

CVE-2013-4511 concerns multiple integer overflows in the Linux kernel’s Alchemy LCD frame-buffer drivers (au1100fb_fb_mmap and au1200fb_fb_mmap). The issue allows a local attacker to craft mmap operations to create a read-write mapping of kernel memory, enabling privilege escalation. The descript...

6.9CVSS6.8AI score0.00596EPSS
CVE
CVE
added 2025/02/26 2:13 a.m.99 views

CVE-2022-49482

In the Linux kernel, CVE-2022-49482 concerns the ASoC: mxs-saif driver. The root cause is a refcount leak where of_parse_phandle() returns a node pointer with an incremented refcount that is not released unless a corresponding of_node_put() is invoked when done. The documented fix is to call of_n...

5.5CVSS6.5AI score0.00252EPSS
CVE
CVE
added 2025/02/26 2:13 a.m.99 views

CVE-2022-49486

CVE-2022-49486 relates to the Linux kernel ASoC driver for i.MX SGTL5000. The vulnerability is a refcount leak in imx_sgtl5000_probe caused by improper handling of a reference taken by of_find_i2c_device_by_node(); in error paths the driver should call put_device() to drop the reference. A resolv...

5.5CVSS5.3AI score0.00247EPSS
CVE
CVE
added 2024/05/21 3:3 p.m.98 views

CVE-2021-47401

CVE-2021-47401 concerns a Linux kernel vulnerability in the ipack: ipoctal path where the tty driver name was allocated on the stack, enabling a stack information leak to user space. The issue arises because the tty device name could be revealed after registration, and another driver copied the p...

5.5CVSS6.3AI score0.00243EPSS
CVE
CVE
added 2014/09/28 10:0 a.m.97 views

CVE-2014-3182

CVE-2014-3182 affects the Linux kernel up to version 3.16.1, where an array index error in the logi_dj_raw_event function of drivers/hid/hid-logitech-dj.c can be exploited by a physically proximate attacker using a malformed REPORT_TYPE_NOTIF_DEVICE_UNPAIRED value to execute arbitrary code or cau...

6.9CVSS6.5AI score0.00428EPSS
CVE
CVE
added 2014/09/28 10:0 a.m.97 views

CVE-2014-3186

CVE-2014-3186 : A buffer overflow in the PicoLCD HID device driver’s picoLCD_raw_event (Linux kernel driver, hid-picolcd_core.c) up to kernel 3.16.3 allows physically proximate attackers to crash the system or potentially execute arbitrary code by sending a crafted large HID report, as used in An...

6.9CVSS6.9AI score0.00702EPSS
CVE
CVE
added 2014/09/28 10:0 a.m.97 views

CVE-2014-6416

CVE-2014-6416 describes a buffer overflow in net/ceph/auth_x.c used by Ceph within the Linux kernel prior to 3.16.3. An unencrypted, long auth ticket can be exploited remotely to trigger memory corruption and a kernel panic (DoS). Connected advisories reiter the same root cause and impact. Remedi...

7.8CVSS8.1AI score0.06167EPSS
CVE
CVE
added 2015/06/07 11:0 p.m.96 views

CVE-2015-4003

CVE-2015-4003 affects the OZWPAN driver in the Linux kernel (drivers/staging/ozwpan/ozusbsvc1.c, function oz_usb_handle_ep_data) through kernel 4.0.5. A remote attacker can send a crafted packet to trigger a divide-by-zero and cause a system crash (DoS). The connected advisories (Unity Linux/Eule...

7.8CVSS6.8AI score0.05852EPSS
CVE
CVE
added 2025/02/26 1:56 a.m.96 views

CVE-2022-49242

CVE-2022-49242 relates to the Linux kernel ASoC: mxs driver. The issue is a refcount leak in error paths within mxs_sgtl5000_probe caused by only calling of_node_put() in the regular path; if codec_np is NULL, saif_np[0] and saif_np[1] may remain non-NULL and leak. The root cause is improper rele...

5.5CVSS5.4AI score0.00252EPSS
CVE
CVE
added 2025/05/02 3:55 p.m.95 views

CVE-2023-53075

CVE-2023-53075 : In the Linux kernel, a ftrace lookup_rec() path can read records[-1].ip when index is 0, causing a KASAN use-after-free read via task modprobe. The root cause is an invalid access to pg->records[pg->index - 1].ip when pg->index is 0. The fix prevents IP checks when pg-&g...

7.8CVSS6.6AI score0.0017EPSS
CVE
CVE
added 2024/03/02 9:52 p.m.93 views

CVE-2023-52527

CVE-2023-52527 involves the Linux kernel IPv4/IPv6 path: the handling of transhdrlen in __ip{,6}_append_data() could inflate the length when a packet is only partially filled (e.g., after MSG_MORE), risking duplicate transport header accounting. The issue can arise when splicing into an L2TP sock...

5.5CVSS6.4AI score0.00226EPSS
CVE
CVE
added 2025/05/01 2:9 p.m.88 views

CVE-2022-49832

Technical details about CVE-2022-49832 (pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map) are not publicly provided in the supplied connected documents. Monitor for updates.

5.5CVSS6.4AI score0.00186EPSS
CVE
CVE
added 2017/01/05 11:0 a.m.86 views

CVE-2016-9754

CVE-2016-9754 affects the Linux kernel’s ring_buffer_resize in the profiling subsystem, where integer calculations in ring_buffer.c before 4.6.1 allow a local user to gain privileges by writing to /sys/kernel/debug/tracing/buffer_size_kb. The issue is fixed in kernel 4.6.1 and later. Affected pro...

7.8CVSS7.3AI score0.00532EPSS
CVE
CVE
added 2025/05/01 2:9 p.m.86 views

CVE-2022-49794

CVE-2022-49794 affects the Linux kernel IIO ADC driver (iio: adc: at91_adc). The issue is a potential memory leak in at91_adc_allocate_trigger where, if iio_trigger_register() returns an error, the driver should free the trigger reference via iio_trigger_free() and then release memory with iio_tr...

5.5CVSS6.5AI score0.00166EPSS
CVE
CVE
added 2025/06/18 11:3 a.m.85 views

CVE-2022-50152

CVE-2022-50152 is resolved in the Linux kernel via a fix for usb: ohci-nxp: refcount leak in ohci_hcd_nxp_probe. The issue arises because of_parse_phandle() returns a node pointer with an incremented refcount and lacks a corresponding of_node_put() when the node is no longer needed. The patch add...

5.5CVSS6.4AI score0.00156EPSS
CVE
CVE
added 2025/07/25 3:27 p.m.81 views

CVE-2025-38448

CVE-2025-38448 is a Linux kernel vulnerability in the USB gadget u_serial wakeup path. The issue is a race condition where gs_start_io() may call gs_start_rx() or gs_start_tx() after briefly dropping port_lock for usb_ep_queue(), allowing gs_close() or gserial_disconnect() to clear port.tty and p...

4.7CVSS6.3AI score0.00115EPSS
CVE
CVE
added 2025/05/01 2:10 p.m.78 views

CVE-2022-49914

CVE-2022-49914 involves the Linux kernel btrfs backref walk leak in resolve_indirect_refs(). When an error occurs, code previously freed the parents list with ulist_free(), but attached inode lists via the aux field were not freed, causing a leak. The fix replaces ulist_free() with free_leaf_list...

5.5CVSS6.4AI score0.00173EPSS
CVE
CVE
added 2025/05/01 2:10 p.m.75 views

CVE-2022-49898

CVE-2022-49898 affects the Linux kernel’s Btrfs tree-mod-log path. The issue arises in tree_mod_log_rewind() when replaying log entries for a block that should not have been replayed, triggering BUG_ON(tm->slot

5.5CVSS6.6AI score0.00164EPSS
CVE
CVE
added 2014/09/28 10:0 a.m.74 views

CVE-2014-6417

CVE-2014-6417 affects net/ceph/auth_x.c in Ceph usage within the Linux kernel prior to 3.16.3. The issue arises from not handling kmalloc failure, enabling a remote attacker to cause a denial of service (system crash) or potentially other impact via a long unencrypted auth ticket. Public advisori...

7.8CVSS7.6AI score0.05244EPSS
CVE
CVE
added 2013/11/12 1:0 a.m.73 views

CVE-2013-6763

CVE-2013-6763 : The Linux kernel function uio_mmap_physical (drivers/uio/uio.c) is vulnerable in all versions before 3.12 due to missing validation of the mmaped memory block size. This can enable local users to trigger memory corruption and potentially gain privileges through crafted mmap operat...

6.9CVSS6.7AI score0.00633EPSS
CVE
CVE
added 2014/09/28 10:0 a.m.70 views

CVE-2014-6418

Summary of CVE-2014-6418 — firmware/driver component: In Ceph usage within the Linux kernel, net/ceph/auth_x.c handles auth replies and, prior to kernel 3.16.3, fails to properly validate them. This can be triggered by crafted data arriving from a Ceph Monitor IP address, potentially causing a de...

7.1CVSS7.7AI score0.04881EPSS
CVE
CVE
added 2025/06/18 11:3 a.m.69 views

CVE-2022-50162

CVE-2022-50162 concerns the Linux kernel WiFi Libertus driver. The issue is a possible refcount leak in if_usb_probe caused by calling usb_get_dev before lbs_get_firmware_async, requiring usb_put_dev when lbs_get_firmware_async fails. The vulnerability is identified in the kernel’s Libertus USB p...

5.5CVSS6.4AI score0.00156EPSS
CVE
CVE
added 2025/07/04 1:37 p.m.60 views

CVE-2025-38207

CVE-2025-38207 : In the Linux kernel, a bug in the uprobe handling during vma expansion could cause the upnode page table entry (pte) to be overwritten, potentially orphaning the upbump page. The issue arises when remapping a vma that includes an uprobe, causing a pte overwrite during the set_pte...

5.5CVSS6.4AI score0.00131EPSS
CVE
CVE
added 2026/05/06 11:27 a.m.38 views

CVE-2026-43163

Impact: Linux kernel md/bitmap component vulnerable to a use-after-free race during array resize, causing a General Protection Fault in write_page. Root cause: concurrent access to bitmap->storage.filemap between bitmap_daemon_work() and __bitmap_resize(), with md_bitmap_file_unmap() freeing s...

4.7CVSS5.8AI score0.00091EPSS
CVE
CVE
added 2026/04/24 2:45 p.m.35 views

CVE-2026-31657

CVE-2026-31657 affects the Linux kernel batman-adv component. The flaw arises when batman-adv’s batadv_bla_add_claim() can replace claim->backbone_gw and drop the old gateway’s final reference while readers still follow the pointer. The netlink claim dump path dereferences claim->backbone_g...

9.8CVSS5.4AI score0.00399EPSS
CVE
CVE
added 2026/05/28 9:40 a.m.34 views

CVE-2026-46212

CVE-2026-46212 concerns the Linux kernel’s batman-adv module. The vulnerability arises when deleting backbone claims in batman-adv (function batadv_bla_del_backbone_claims): the code drops a hash-list link entry that is still referenced, risking that the entry could be freed by batadv_claim_relea...

8.8CVSS5.7AI score0.00274EPSS
CVE
CVE
added 2026/05/28 9:40 a.m.34 views

CVE-2026-46233

CVE-2026-46233 affects the Linux kernel batman-adv component (batadv_bla_purge_claims). The issue arises when iterating the claims list with an rcu_read_lock() and encountering a claim being released, potentially setting backbone_gw to NULL before the delayed kfree, making batadv_bla_claim_get_ba...

5.5CVSS5.8AI score0.00119EPSS
CVE
CVE
added 2025/09/05 5:20 p.m.33 views

CVE-2025-39677

Summary: CVE-2025-39677 affects the Linux kernel net/sched backlog accounting in qdisc_dequeue_internal for hhf, fq, fq_codel, and fq_pie. The issue occurs when adjusting to a new backlog limit; dequeue paths drop packets from gso_skb without increasing qstats backlog, causing backlog underflow i...

5.5CVSS6.2AI score0.00128EPSS
CVE
CVE
added 2026/06/03 3:49 p.m.33 views

CVE-2026-46253

In Linux kernel pstore/ram, CVE-2026-46253, the vulnerability is a heap buffer overflow during persistent_ram_save_old(). If the buffer size has grown since the first allocation, the code updates old_log_size to the new size and then copies with memcpy_fromio(), risking an out-of-bounds write (an...

7.8CVSS5.9AI score0.00136EPSS
CVE
CVE
added 2026/04/24 2:42 p.m.27 views

CVE-2026-31588

CVE-2026-31588 concerns the Linux kernel KVM MMIO handling bug where an MMIO write that spans multiple pages could reference on‑stack data, enabling a use‑after‑free path. The root cause is an internal temporary variable path during complete_emulated_mmio when emulated MMIO writes cross page boun...

8.8CVSS5.6AI score0.00128EPSS
CVE
CVE
added 2025/09/18 4:3 p.m.23 views

CVE-2022-50402

CVE-2022-50402 concerns Linux kernel’s md-bitmap code. The vulnerability arises from not validating the return value of md_bitmap_get_counter(), which can lead to a NULL pointer dereference. The issue was resolved by updating the code to check the return value and guard against NULL dereferences;...

5.5CVSS6.1AI score0.00147EPSS
CVE
CVE
added 2026/05/28 9:35 a.m.23 views

CVE-2026-46127

CVE-2026-46127 affects the Linux kernel RDMA/ocrdma; the bug is a NULL dereference in ocrdma_copy_pd_uresp() when uctx is uninitialized, potentially causing a crash. Connected sources indicate patches exist in multiple OSV entries (Root:rootio-linux for Ubuntu 24.04 and Debian 11/12, OpenSUSE/ope...

5.5CVSS5.8AI score0.00128EPSS
CVE
CVE
added 2025/10/04 3:16 p.m.20 views

CVE-2022-50484

CVE-2022-50484 affects the Linux kernel ALSA USB audio driver. The vulnerability is a memory leak when -ENOMEM occurs during URB/buffer allocation inside the sync EP URB loop, where ep->nurbs remained 0 and partially allocated URBs could be left unreleased. The fix initializes ep->nurbs ear...

5.5CVSS6.1AI score0.00149EPSS
CVE
CVE
added 2026/05/06 11:29 a.m.20 views

CVE-2026-43279

The CVE-2026-43279 entry concerns the Linux kernel ALSA USB-audio subsystem. A discrepancy between playback and capture stream setups (e.g., USB core max packet size) can cause out-of-bounds writes to the buffer, potentially crashing the system. A fix was implemented by adding a sanity check of t...

7.8CVSS5.9AI score0.00123EPSS
Total number of security vulnerabilities102