102 matches found
CVE-2014-7826
CVE-2014-7826 affects the Linux kernel up to 3.17.2, where kernel/trace/trace_syscalls.c in the ftrace subsystem mishandles private syscall numbers. This can allow a local user to gain privileges or cause a denial of service via an crafted application (invalid pointer dereference). Connected advi...
CVE-2013-3301
CVE-2013-3301 affects the Linux kernel ftrace implementation up to version before 3.8.8. Local users with CAP_SYS_ADMIN can write to either set_ftrace_pid or set_graph_function and trigger an lseek, leading to a NULL pointer dereference and possible system crash or other impact. Multiple connecte...
CVE-2013-6383
The CVE-2013-6383 issue is real in the Linux kernel up to version 3.11.7: the aac_compat_ioctl function in drivers/scsi/aacraid/linit.c does not require CAP_SYS_RAWIO, allowing local users to bypass access restrictions via a crafted ioctl. Affected: Linux kernel prior to 3.11.8 (notably seen in a...
CVE-2014-3181
CVE-2014-3181 affects the Linux kernel HID Magic Mouse driver (drivers/hid/hid-magicmouse.c, function magicmouse_raw_event) through version 3.16.3. It results in stack-based buffer overflows when processing large EHCI or XHCI data from a device, enabling physically proximate attackers to cause a ...
CVE-2014-3185
CVE-2014-3185 affects the Linux kernel’s Whiteheat USB Serial Driver (drivers/usb/serial/whiteheat.c). The vulnerability allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) by presenting a crafted USB device that suppli...
CVE-2013-0913
CVE-2013-0913 affects the i915 DRM driver in the Linux kernel up to version 3.8.3. The vulnerability is an integer overflow in drivers/gpu/drm/i915/i915_gem_execbuffer.c, which can be triggered by a crafted relocation-copy sequence and may lead to a heap-based buffer overflow, potentially enablin...
CVE-2014-7825
CVE-2014-7825 affects the Linux kernel up to 3.17.2, specifically the file kernel/trace/trace_syscalls.c. The vulnerability arises from improper handling of private syscall numbers when using the perf subsystem, enabling a local attacker to trigger an out-of-bounds read and OOPS, and potentially ...
CVE-2014-3534
CVE-2014-3534 (Linux kernel, s390) : The vulnerability in arch/s390/kernel/ ptrace.c allows a local user to bypass restrictions on address-space control with PTRACE_POKEUSR_AREA, gaining read/write access to kernel memory and potentially elevation of privileges via a crafted ptrace call. Affected...
CVE-2013-1763
CVE-2013-1763 affects the Linux kernel pre-3.7.10, where an array index error in net/core/sock_diag.c (__sock_diag_rcv_msg) could allow a local attacker to gain privileges via a large family value in a Netlink message. The impact is a local privilege escalation with full confidentiality/integrity...
CVE-2021-4442
CVE-2021-4442 – The Linux kernel TCP stack vulnerability described as: a syzkaller repro could cause RCV_SEQ to be advanced after data restoration in the receive queue, enabling an out-of-order or invalid sequence handling when TCP_QUEUE_SEQ is used on non-empty queues. The connected documents (A...
CVE-2013-6381
CVE-2013-6381 describes a buffer overflow in the Linux kernel’s qeth_snmp_command function (drivers/s390/net/qeth_core_main.c) up to version 3.12.1, allowing local users to cause a denial of service (and potentially other impact) via an SNMP ioctl with an incompatible length. Connected documents ...
CVE-2015-4002
CVE-2015-4002 affects the OZWPAN driver in the Linux kernel (drivers/staging/ozwpan/ozusbsvc1.c) up to version 4.0.5. The issue is a length-value handling flaw where certain length values are not sufficiently large, enabling remote attackers to cause a denial of service (system crash or large loo...
CVE-2013-2850
CVE-2013-2850: Heap-based buffer overflow in the Linux kernel’s iSCSI target subsystem (iscsi_add_notunderstood_response in drivers/target/iscsi/iscsi_target_parameters.c) affects kernel versions up to 3.9.4. The flaw can allow remote attackers to trigger memory corruption and OOPS, with potentia...
CVE-2014-2672
CVE-2014-2672 : A race condition in the Linux kernel’s ath9k driver (ath_tx_aggr_sleep in drivers/net/wireless/ath/ath9k/xmit.c) before 3.13.7 can be triggered by a high volume of network traffic, enabling remote attackers to cause a denial of service (system crash). Public sources in connected d...
CVE-2013-1860
CVE-2013-1860 is a heap-based buffer overflow in the Linux kernel’s wdm_in_callback (drivers/usb/class/cdc-wdm.c) present in versions prior to 3.8.4. The vulnerability allows physically proximate attackers to crash the system or potentially execute arbitrary code through a crafted cdc-wdm USB dev...
CVE-2022-49712
CVE-2022-49712 : In the Linux kernel, the usb: gadget: lpc32xx_udc probe had a refcount leak due to an extra reference from of_parse_phandle(); the fix adds of_node_put() to release the node when not needed. This mitigates a refcount leak in the probe path. Connected advisories (SUSE/Nessus/OpenV...
CVE-2013-4511
CVE-2013-4511 concerns multiple integer overflows in the Linux kernel’s Alchemy LCD frame-buffer drivers (au1100fb_fb_mmap and au1200fb_fb_mmap). The issue allows a local attacker to craft mmap operations to create a read-write mapping of kernel memory, enabling privilege escalation. The descript...
CVE-2022-49482
In the Linux kernel, CVE-2022-49482 concerns the ASoC: mxs-saif driver. The root cause is a refcount leak where of_parse_phandle() returns a node pointer with an incremented refcount that is not released unless a corresponding of_node_put() is invoked when done. The documented fix is to call of_n...
CVE-2022-49486
CVE-2022-49486 relates to the Linux kernel ASoC driver for i.MX SGTL5000. The vulnerability is a refcount leak in imx_sgtl5000_probe caused by improper handling of a reference taken by of_find_i2c_device_by_node(); in error paths the driver should call put_device() to drop the reference. A resolv...
CVE-2021-47401
CVE-2021-47401 concerns a Linux kernel vulnerability in the ipack: ipoctal path where the tty driver name was allocated on the stack, enabling a stack information leak to user space. The issue arises because the tty device name could be revealed after registration, and another driver copied the p...
CVE-2014-3182
CVE-2014-3182 affects the Linux kernel up to version 3.16.1, where an array index error in the logi_dj_raw_event function of drivers/hid/hid-logitech-dj.c can be exploited by a physically proximate attacker using a malformed REPORT_TYPE_NOTIF_DEVICE_UNPAIRED value to execute arbitrary code or cau...
CVE-2014-3186
CVE-2014-3186 : A buffer overflow in the PicoLCD HID device driver’s picoLCD_raw_event (Linux kernel driver, hid-picolcd_core.c) up to kernel 3.16.3 allows physically proximate attackers to crash the system or potentially execute arbitrary code by sending a crafted large HID report, as used in An...
CVE-2014-6416
CVE-2014-6416 describes a buffer overflow in net/ceph/auth_x.c used by Ceph within the Linux kernel prior to 3.16.3. An unencrypted, long auth ticket can be exploited remotely to trigger memory corruption and a kernel panic (DoS). Connected advisories reiter the same root cause and impact. Remedi...
CVE-2015-4003
CVE-2015-4003 affects the OZWPAN driver in the Linux kernel (drivers/staging/ozwpan/ozusbsvc1.c, function oz_usb_handle_ep_data) through kernel 4.0.5. A remote attacker can send a crafted packet to trigger a divide-by-zero and cause a system crash (DoS). The connected advisories (Unity Linux/Eule...
CVE-2022-49242
CVE-2022-49242 relates to the Linux kernel ASoC: mxs driver. The issue is a refcount leak in error paths within mxs_sgtl5000_probe caused by only calling of_node_put() in the regular path; if codec_np is NULL, saif_np[0] and saif_np[1] may remain non-NULL and leak. The root cause is improper rele...
CVE-2023-53075
CVE-2023-53075 : In the Linux kernel, a ftrace lookup_rec() path can read records[-1].ip when index is 0, causing a KASAN use-after-free read via task modprobe. The root cause is an invalid access to pg->records[pg->index - 1].ip when pg->index is 0. The fix prevents IP checks when pg-&g...
CVE-2023-52527
CVE-2023-52527 involves the Linux kernel IPv4/IPv6 path: the handling of transhdrlen in __ip{,6}_append_data() could inflate the length when a packet is only partially filled (e.g., after MSG_MORE), risking duplicate transport header accounting. The issue can arise when splicing into an L2TP sock...
CVE-2022-49832
Technical details about CVE-2022-49832 (pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map) are not publicly provided in the supplied connected documents. Monitor for updates.
CVE-2016-9754
CVE-2016-9754 affects the Linux kernel’s ring_buffer_resize in the profiling subsystem, where integer calculations in ring_buffer.c before 4.6.1 allow a local user to gain privileges by writing to /sys/kernel/debug/tracing/buffer_size_kb. The issue is fixed in kernel 4.6.1 and later. Affected pro...
CVE-2022-49794
CVE-2022-49794 affects the Linux kernel IIO ADC driver (iio: adc: at91_adc). The issue is a potential memory leak in at91_adc_allocate_trigger where, if iio_trigger_register() returns an error, the driver should free the trigger reference via iio_trigger_free() and then release memory with iio_tr...
CVE-2022-50152
CVE-2022-50152 is resolved in the Linux kernel via a fix for usb: ohci-nxp: refcount leak in ohci_hcd_nxp_probe. The issue arises because of_parse_phandle() returns a node pointer with an incremented refcount and lacks a corresponding of_node_put() when the node is no longer needed. The patch add...
CVE-2025-38448
CVE-2025-38448 is a Linux kernel vulnerability in the USB gadget u_serial wakeup path. The issue is a race condition where gs_start_io() may call gs_start_rx() or gs_start_tx() after briefly dropping port_lock for usb_ep_queue(), allowing gs_close() or gserial_disconnect() to clear port.tty and p...
CVE-2022-49914
CVE-2022-49914 involves the Linux kernel btrfs backref walk leak in resolve_indirect_refs(). When an error occurs, code previously freed the parents list with ulist_free(), but attached inode lists via the aux field were not freed, causing a leak. The fix replaces ulist_free() with free_leaf_list...
CVE-2022-49898
CVE-2022-49898 affects the Linux kernel’s Btrfs tree-mod-log path. The issue arises in tree_mod_log_rewind() when replaying log entries for a block that should not have been replayed, triggering BUG_ON(tm->slot
CVE-2014-6417
CVE-2014-6417 affects net/ceph/auth_x.c in Ceph usage within the Linux kernel prior to 3.16.3. The issue arises from not handling kmalloc failure, enabling a remote attacker to cause a denial of service (system crash) or potentially other impact via a long unencrypted auth ticket. Public advisori...
CVE-2013-6763
CVE-2013-6763 : The Linux kernel function uio_mmap_physical (drivers/uio/uio.c) is vulnerable in all versions before 3.12 due to missing validation of the mmaped memory block size. This can enable local users to trigger memory corruption and potentially gain privileges through crafted mmap operat...
CVE-2014-6418
Summary of CVE-2014-6418 — firmware/driver component: In Ceph usage within the Linux kernel, net/ceph/auth_x.c handles auth replies and, prior to kernel 3.16.3, fails to properly validate them. This can be triggered by crafted data arriving from a Ceph Monitor IP address, potentially causing a de...
CVE-2022-50162
CVE-2022-50162 concerns the Linux kernel WiFi Libertus driver. The issue is a possible refcount leak in if_usb_probe caused by calling usb_get_dev before lbs_get_firmware_async, requiring usb_put_dev when lbs_get_firmware_async fails. The vulnerability is identified in the kernel’s Libertus USB p...
CVE-2025-38207
CVE-2025-38207 : In the Linux kernel, a bug in the uprobe handling during vma expansion could cause the upnode page table entry (pte) to be overwritten, potentially orphaning the upbump page. The issue arises when remapping a vma that includes an uprobe, causing a pte overwrite during the set_pte...
CVE-2026-43163
Impact: Linux kernel md/bitmap component vulnerable to a use-after-free race during array resize, causing a General Protection Fault in write_page. Root cause: concurrent access to bitmap->storage.filemap between bitmap_daemon_work() and __bitmap_resize(), with md_bitmap_file_unmap() freeing s...
CVE-2026-31657
CVE-2026-31657 affects the Linux kernel batman-adv component. The flaw arises when batman-adv’s batadv_bla_add_claim() can replace claim->backbone_gw and drop the old gateway’s final reference while readers still follow the pointer. The netlink claim dump path dereferences claim->backbone_g...
CVE-2026-46212
CVE-2026-46212 concerns the Linux kernel’s batman-adv module. The vulnerability arises when deleting backbone claims in batman-adv (function batadv_bla_del_backbone_claims): the code drops a hash-list link entry that is still referenced, risking that the entry could be freed by batadv_claim_relea...
CVE-2026-46233
CVE-2026-46233 affects the Linux kernel batman-adv component (batadv_bla_purge_claims). The issue arises when iterating the claims list with an rcu_read_lock() and encountering a claim being released, potentially setting backbone_gw to NULL before the delayed kfree, making batadv_bla_claim_get_ba...
CVE-2025-39677
Summary: CVE-2025-39677 affects the Linux kernel net/sched backlog accounting in qdisc_dequeue_internal for hhf, fq, fq_codel, and fq_pie. The issue occurs when adjusting to a new backlog limit; dequeue paths drop packets from gso_skb without increasing qstats backlog, causing backlog underflow i...
CVE-2026-46253
In Linux kernel pstore/ram, CVE-2026-46253, the vulnerability is a heap buffer overflow during persistent_ram_save_old(). If the buffer size has grown since the first allocation, the code updates old_log_size to the new size and then copies with memcpy_fromio(), risking an out-of-bounds write (an...
CVE-2026-31588
CVE-2026-31588 concerns the Linux kernel KVM MMIO handling bug where an MMIO write that spans multiple pages could reference on‑stack data, enabling a use‑after‑free path. The root cause is an internal temporary variable path during complete_emulated_mmio when emulated MMIO writes cross page boun...
CVE-2022-50402
CVE-2022-50402 concerns Linux kernel’s md-bitmap code. The vulnerability arises from not validating the return value of md_bitmap_get_counter(), which can lead to a NULL pointer dereference. The issue was resolved by updating the code to check the return value and guard against NULL dereferences;...
CVE-2026-46127
CVE-2026-46127 affects the Linux kernel RDMA/ocrdma; the bug is a NULL dereference in ocrdma_copy_pd_uresp() when uctx is uninitialized, potentially causing a crash. Connected sources indicate patches exist in multiple OSV entries (Root:rootio-linux for Ubuntu 24.04 and Debian 11/12, OpenSUSE/ope...
CVE-2022-50484
CVE-2022-50484 affects the Linux kernel ALSA USB audio driver. The vulnerability is a memory leak when -ENOMEM occurs during URB/buffer allocation inside the sync EP URB loop, where ep->nurbs remained 0 and partially allocated URBs could be left unreleased. The fix initializes ep->nurbs ear...
CVE-2026-43279
The CVE-2026-43279 entry concerns the Linux kernel ALSA USB-audio subsystem. A discrepancy between playback and capture stream setups (e.g., USB core max packet size) can cause out-of-bounds writes to the buffer, potentially crashing the system. A fix was implemented by adding a sanity check of t...