234 matches found
CVE-2023-52620
CVE-2023-52620 (Linux kernel) affects the nf_tables component of the Linux kernel, where the vulnerability arises from allowing a timeout parameter on anonymous sets and disallowing such parameters from userspace. The CVSS vector provided in the initial document indicates a Local, Low-severity im...
CVE-2020-24587
CVE-2020-24587 is referenced in the Amazon Linux 2 kernel advisory for Kernel-5.10-2022-002. The connected document confirms a flaw in the Linux kernel 802.11 wifi fragmentation handling where fragments encrypted under different keys can be reassembled and decrypted, enabling an attacker within w...
CVE-2019-19533
CVE-2019-19533 affects the Linux kernel prior to 5.3.4 and is caused by an info-leak in the ttusb_dec.c USB driver (drivers/media/usb/ttusb-dec/ttusb_dec.c) when handling a malicious USB device. The vulnerability can lead to partial information disclosure (confidentiality impact). Public referenc...
CVE-2019-19534
Summary: CVE-2019-19534 affects the Linux kernel before 5.3.11, enabling a local info-leak via the Peak USB CAN driver (drivers/net/can/usb/peak_usb/pcan_usb_core.c) when a malicious USB device is connected. The root cause is missing initialization of certain structures in the peak_usb CAN driver...
CVE-2019-11191
The CVE-2019-11191 entry describes a local ASLR bypass in the Linux kernel (up to 5.0.7) when CONFIG_IA32_AOUT is enabled and ia32_aout is loaded. The vulnerability arises because install_exec_creds() is invoked too late in load_aout_binary() (fs/binfmt_aout.c), creating a race in ptrace_may_acce...
CVE-2015-7872
CVE-2015-7872 affects the Linux kernel (security/keys/gc.c: key_gc_unused_keys) up to version 4.2.6. A local attacker can trigger a DoS (OOPS) using crafted keyctl commands. Connected documents reference upstream kernel commits (f05819df10d7b09f6d1eb6f8534a8f68e5a4fe61 and ce1fad2740c648a4340f6f6...
CVE-2000-0006
CVE-2000-0006 affects the strace utility. The issue allows local users to read arbitrary files via memory-mapped file names. The connected records identify strace as the affected component and describe the vulnerability as a local-read exposure through mmap-based file-name handling. No explicit e...
CVE-2014-0181
The CVE-2014-0181 issue affects the Linux kernel Netlink implementation prior to 3.14.1, where there is no authorization based on the opener of a Netlink socket. This can allow a local user to bypass intended access restrictions and modify network configurations by using a Netlink socket for the ...
CVE-2021-3923
CVE-2021-3923 describes a local information-leak in the Linux kernel RDMA over InfiniBand path. A privileged local attacker can leak kernel stack data when issuing commands to /dev/infiniband/rdma_cm, with the impact noting potential to defeat kernel protections. Remediation/fixes are not detaile...
CVE-2022-3521
CVE-2022-3521 is a race-condition vulnerability in the Linux Kernel KCM subsystem (function kcm_tx_work in net/kcm/kcmsock.c). The issue can allow a local attacker to trigger a crash via race conditions in the KCM path. Technical details in connected sources confirm the affected component and roo...
CVE-2014-8133
CVE-2014-8133 affects the Linux kernel TLS implementation (arch/x86/kernel/tls.c) up to version 3.18.1. A local attacker can exploit a crafted application that uses set_thread_area and subsequently reads a 16‑bit value to bypass the espfix protection and, in turn, bypass ASLR. The description con...
CVE-2014-9584
CVE-2014-9584 affects the Linux kernel where the function parse_rock_ridge_inode_internal in fs/isofs/rock.c does not validate a length value in the ER System Use Field, enabling local users to obtain sensitive kernel memory via a crafted iso9660 image. This vulnerability exists in kernels before...
CVE-2014-3645
CVE-2014-3645 affects the Linux kernel KVM implementation in arch/x86/kvm/vmx.c, with versions before 3.12. The root cause is that the code path handling the INVEPT instruction lacks an exit handler, which can allow a guest OS user to trigger a denial of service by crashing the guest via a crafte...
CVE-2014-9419
CVE-2014-9419 affects the Linux kernel (arch/x86/kernel/process_64.c) up to version 3.18.1. The issue fails to ensure TLS descriptors are loaded before proceeding with other steps, enabling a local attacker to bypass ASLR by crafting an application that reads a TLS base address. Connected advisor...
CVE-2014-9585
CVE-2014-9585 affects Linux kernels up to 3.18.2. The vdso_addr code in arch/x86/vdso/vma.c can misselect vDSO memory, enabling local users to bypass ASLR by guessing a PMD-end location. Exploitation details and patches/fixes are not provided in the connected documents; monitor advisories for rem...
CVE-2013-2547
CVE-2013-2547 concerns the Linux kernel: the crypto_report_one() path in crypto_user.c does not fully initialize certain kernel structures when copying data to userspace, risking leakage of kernel heap memory. The vulnerability requires CAP_NET_ADMIN in the base description, enabling a local atta...
CVE-2010-4158
The CVE-2010-4158 issue affects the Linux kernel (pre-2.6.36.2) where sk_run_filter in net/core/filter.c may execute BPF_S_LD_MEM or BPF_S_LDX_MEM before a memory location is initialized. This can allow local users to read potentially sensitive kernel stack memory via a crafted socket filter. The...
CVE-2010-3881
The CVE-2010-3881 issue affects the Linux kernel arch/x86/kvm/x86.c, where several structure members are not initialized in versions prior to 2.6.36.2. This can allow local users to read potentially sensitive data from kernel stack memory via /dev/kvm. The documented fix is in kernel 2.6.36.2 (an...
CVE-2011-0711
CVE-2011-0711 affects the Linux kernel through the xfs_fs_geometry function in fs/xfs/xfs_fsops.c. The vulnerability arises because a structure member is not initialized, enabling local attackers to read potentially sensitive data from kernel stack memory via the FSGEOMETRY_V1 ioctl. The affected...
CVE-2009-0676
The CVE-2009-0676 issue affects the Linux kernel prior to 2.6.28.6, where sock_getsockopt in net/core/sock.c fails to initialize a structure member, enabling local attackers to read potentially sensitive kernel memory via an SO_BSDCOMPAT getsockopt request. Publicly documented in multiple sources...
CVE-2014-0131
CVE-2014-0131 affects the Linux kernel up to version 3.13.6. The vulnerability is a use-after-free in the skb_segment function within net/core/skbuff.c caused by the absence of a certain orphaning operation. Exploitation details are not provided in the supplied documents. The impact is that an at...
CVE-2009-0028
CVE-2009-0028 is a local vulnerability in the Linux kernel up to version 2.6.28 where the clone system call with CLONE_PARENT can allow an unprivileged child to spawn a second child and exit, enabling it to send arbitrary signals to the parent process. The MiracleLinux AXSA-2009-42:04 advisory ex...
CVE-2013-2164
The CVE-2013-2164 issue affects the Linux kernel (mmc_ioctl_cdrom_read_data in drivers/cdrom/cdrom.c) and allows local users to read kernel memory from a malfunctioning CD-ROM. Affected context: Linux kernel up to version 3.10; exploitation requires local access. Impact per sources: local informa...
CVE-2011-1160
Technical details for CVE-2011-1160 are not publicly available in the supplied connected documents. The initial description identifies a kernel memory info leak in tpm_open (Linux kernel
CVE-2010-3850
CVE-2010-3850: In the Linux kernel, the ec_dev_ioctl function in net/econet/af_econet.c did not require CAP_NET_ADMIN, allowing local users to bypass access restrictions and configure econet addresses via an SIOCSIFADDR ioctl. Documented impact is local privilege/unauthorized configuration; fix a...
CVE-2014-1738
CVE-2014-1738 is a Linux kernel vulnerability in the floppy driver (raw_cmd_copyout) where processing FDRAWCMD IOCTL calls could allow local attackers with write access to /dev/fd to read kernel heap memory. The flaw is described as an improper restriction of pointers during FDRAWCMD processing, ...
CVE-2011-1080
CVE-2011-1080 affects the Linux kernel prior to 2.6.39 via the do_replace path in net/bridge/netfilter/ebtables.c. The issue: a name field may not end with a null terminator, enabling a local user with CAP_NET_ADMIN to replace a bridge table and read potentially sensitive data from kernel stack m...
CVE-2011-1162
CVE-2011-1162 is a memory-clearing flaw in the Linux kernel 2.6 tpm_read() that can let a local unprivileged user read data from a previous TPM command. The connected advisories (MiracleLinux AXSA entries, Oracle Linux ELSA advisories, and RHSA-2012:0010) explicitly list CVE-2011-1162 among kerne...
CVE-2011-4132
CVE-2011-4132 affects the Linux kernel’s Journaling Block Device (JBD) cleanup_journal_tail function. The vulnerability allows local users to trigger a denial of service (assertion error and kernel oops) when handling an ext3 or ext4 image containing an invalid log first block value. The descript...
CVE-2015-6252
CVE-2015-6252 refers to a vulnerability in the Linux kernel where the vhost_dev_ioctl path in drivers/vhost/vhost.c allows local users to trigger a denial of service (memory consumption) by issuing a VHOST_SET_LOG_FD ioctl that can cause permanent file-descriptor allocation. The description speci...
CVE-2014-9644
CVE-2014-9644 affects the Linux kernel Crypto API prior to 3.18.5. It allows a local user to load arbitrary kernel modules by abusing a bind() call on an AF_ALG socket with a module template expression (eg, vfat(aes)) in salg_name. This is a local, privilege-related issue, separate from CVE-2013-...
CVE-2010-3875
CVE-2010-3875 affects the Linux kernel, specifically the ax25_getname function in net/ax25/af_ax25.c. The root cause is that a structure is not initialized, enabling local users to read a copy of kernel stack memory and potentially obtain sensitive information. The issue is tied to kernels prior ...
CVE-2010-3296
CVE-2010-3296 affects the Linux kernel driver cxgb3 (cxgb_extension_ioctl in drivers/net/cxgb3/cxgb3_main.c). The advisory states that the code path in kernels up to 2.6.36-rc5 does not properly initialize a structure member, allowing a local user to potentially read sensitive data from kernel st...
CVE-2013-2237
CVE-2013-2237 affects the Linux kernel prior to 3.9. The vulnerability arises because key_notify_policy_flush in net/key/af_key.c does not initialize a certain structure member, enabling local attackers to read kernel heap memory via a broadcast message on the IPSec key_socket notify_policy inter...
CVE-2009-3228
The CVE-2009-3228 issue concerns the Linux kernel tc subsystem (net/sched/sch_api.c: tc_fill_tclass). In Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.31-rc9, certain structure members (tcm__pad1, tcm__pad2) are not initialized, which could allow local users to read sensitive data from ...
CVE-2011-4110
CVE-2011-4110 is a vulnerability in the Linux kernel 2.6 that affects the user_update function in security/keys/user_defined.c. The issue allows local users to trigger a denial of service via a NULL pointer dereference and kernel oops when updating a negative key into a fully instantiated key. Ex...
CVE-2013-7421
CVE-2013-7421 : Linux kernel Crypto API flaw allows a local user to load arbitrary kernel modules via a bind() on an AF_ALG socket with a salg_name, in kernels before 3.18.5. This is the same class as CVE-2014-9644 and is addressed by the 3.18.5 fix (ChangeLog-3.18.5). Connected IBM and vendor ad...
CVE-2011-1171
CVE-2011-1171 affects the Linux kernel prior to 2.6.39, specifically the IPv4 netfilter ip_tables.c path. The issue is that string data in certain structure members may not end with the expected null terminator, enabling a local attacker with CAP_NET_ADMIN to craft a request and read the argument...
CVE-2010-3477
The CVE-2010-3477 issue affects the Linux kernel’s net/sched/act_police.c (tcf_act_police_dump) in versions before 2.6.36-rc4. The root cause is incomplete initialization of certain structure members during dump operations, allowing local users to read potentially sensitive kernel memory. The vul...
CVE-2011-1172
The CVE-2011-1172 issue affects the Linux kernel IPv6 stack (net/ipv6/netfilter/ip6_tables.c): root cause is failure to append a null terminator to certain string values, enabling local memory information disclosure via a crafted request (CAP_NET_ADMIN) and reading the modprobe argument. Impact i...
CVE-2014-9731
The CVE-2014-9731 entry concerns the Linux kernel’s UDF filesystem (CONFIG_UDF_FS) for versions before 3.18.2. The vulnerability arises because the UDF symlink path length validation may not accommodate space for storing a symlink target’s name plus a trailing NUL, enabling a local attacker to ob...
CVE-2015-8569
The CVE-2015-8569 issue affects the Linux kernel’s PPTP path: pptp_bind() and pptp_connect() in drivers/net/ppp/pptp.c do not verify the length of the sockaddr, enabling a local attacker to copy kernel memory to user space and bypass KASLR via a crafted application. The vulnerability is present i...
CVE-2004-0554
CVE-2004-0554 affects the Linux kernel (2.4.x and 2.6.x on x86). The root cause is a local-denial-of-service condition triggered by an infinite loop that abuses a sequence of fsave/frstor instructions in a signal handler (as demonstrated by crash.c). The practical impact is a system crash/DoS wit...
CVE-2009-3612
CVE-2009-3612 affects the Linux kernel’s net/sched/cls_api.c tcf_fill_node in the netlink subsystem. The issue is that a tcm__pad2 structure member is not initialized, potentially allowing local attackers to read sensitive kernel memory. Affected: kernel 2.6.x prior to 2.6.32-rc5 and 2.4.37.6 and...
CVE-2011-1044
CVE-2011-1044 affects the Linux kernel (pre-2.6.37) and is caused by ib_uverbs_poll_cq in drivers/infiniband/core/uverbs_cmd.c not initializing a certain response buffer. This allows local attackers to read potentially sensitive data from kernel memory via vectors that fill the buffer only partia...
CVE-2010-4346
The vulnerability CVE-2010-4346 affects the Linux kernel: install_special_mapping in mm/mmap.c before 2.6.37-rc6 does not call security_file_mmap as expected, allowing local users to bypass mmap_min_addr restrictions and potentially trigger NULL pointer dereference via a crafted assembly-language...
CVE-2013-2234
CVE-2013-2234: In the Linux kernel (net/key/af_key.c), the functions key_notify_sa_flush and key_notify_policy_flush do not initialize certain structure members in versions before 3.10, allowing local users to read sensitive information from kernel heap memory via a broadcast message on the IPSec...
CVE-2007-6206
CVE-2007-6206 affects the Linux kernel (2.4.x and 2.6.x up to 2.6.24-rc3). The issue lies in the do_coredump function in fs/exec.c, where the core dump file’s UID is not changed if a core dump already exists in the same location when a root-owned process dumps a core. This behavior could allow a ...
CVE-2009-2910
CVE-2009-2910 affects the Linux kernel’s ia32 entry path on x86_64. The issue is that arch/x86/ia32/ia32entry.S does not clear certain kernel registers before returning to user mode, which allows a local attacker to read register values from an earlier process after switching an ia32 process into...
CVE-2010-4080
CVE-2010-4080 affects the Linux kernel: snd_hdsp_hwdep_ioctl in sound/pci/rme9652/hdsp.c does not initialize a structure, enabling local attackers to leak kernel stack information via SNDRV_HDSP_IOCTL_GET_CONFIG_INFO. Affected products/versions: Linux kernel before 2.6.36-rc6. Impact is an inform...