108 matches found
CVE-2024-26992
The CVE-2024-26992 entry concerns the Linux kernel KVM: x86/pmu feature to disable adaptive PEBS. The advisory states that adaptive PEBS support is dropped due to architectural/breakage and because adaptive PEBS could leak host LBRs/addresses to guests. Root causes include: (1) improper handling ...
CVE-2021-46971
The CVE-2021-46971 entry corresponds to a Linux kernel fix in perf/core: the lockdown state was queried unconditionally, but its result is only needed if PERF_SAMPLE_REGS_INTR is set in attr.sample_type. This unconditional check could trigger SELinux lockdown hooks unnecessarily, potentially caus...
CVE-2021-47000
CVE-2021-47000 is confirmed to affect the Linux kernel with a fixed inode leak in the ceph path on getattr error in __fh_to_dentry. The available connected documents provide the concrete fix description, linking the CVE to ceph inode leak resolution in the kernel. Remediation requires deploying k...
CVE-2024-57898
Technical details for CVE-2024-57898 are not provided in the supplied documents. Public information about affected products, impact, or fixes is unavailable here; monitor vendor advisories for updates.
CVE-2020-24588
The CVE-2020-24588 entry relates to the 802.11 Wi‑Fi fragmentation/ A‑MSDU handling issue where the plaintext QoS header flag isn’t authenticated, enabling an attacker to inject packets by sending non‑SSP A‑MSDU frames (FragAttacks). Connected Astra Linux advisories describe this as a variant of ...
CVE-2019-11884
The CVE-2019-11884 entry affects the Linux kernel's HIDP path. It concerns the do_hidp_sock_ioctl in net/bluetooth/hidp/sock.c, where a HIDPCONNADD command can leak data from kernel stack memory due to a name field not properly ending with a NUL terminator. The vulnerability allows local attacker...
CVE-2021-46934
CVE-2021-46934 affects the Linux kernel i2c subsystem, specifically the compat ioctl path. The issue was that wrong user data could cause warnings in i2c_transfer(); userspace might trigger warnings through the compat ioctl. The patch adds validation of user data in the compat ioctl to prevent re...
CVE-2018-20855
CVE-2018-20855 affects Linux kernel before 4.18.7. In mlx5InfiniBand, create_qp_common (mlx5_ib_create_qp_resp) was never initialized, leaking stack memory to userspace. Upstream fix shipped with kernel 4.18.7 (commit 0625b4ba1a5d4703c7fb01c497bd6c156908af00). Mitigation: upgrade to 4.18.7+ or ap...
CVE-2019-17055
CVE-2019-17055 affects the Linux kernel up to 5.3.2, where base_sock_create in drivers/isdn/mISDN/socket.c did not enforce CAP_NET_RAW, allowing unprivileged users to create a raw socket via AF_ISDN. The issue is tracked with CID CID-b91ee4aa2a21 and was addressed in upstream kernel commits 0edc3...
CVE-2020-24586
CVE-2020-24586 describes a fragmentation cache issue in the Linux kernel Wi‑Fi stack: received fragments are not cleared from memory on reconnect, enabling an attacker within Wi‑Fi range to inject arbitrary packets or exfiltrate data when fragments encrypted with WEP/CCMP/GCMP are involved. Conne...
CVE-2021-3655
CVE-2021-3655 is a Linux kernel SCTP vulnerability (present in kernels prior to affected fixes) where missing size validations on inbound SCTP packets may allow reading uninitialized memory. The initial description and connected advisories confirm the issue exists in the Linux kernel SCTP impleme...
CVE-2020-29374
CVE-2020-29374 affects the Linux kernel and was fixed in 5.7.3. It concerns the get_user_pages (gup) implementation used for copy-on-write pages: when handling read operations, it may grant unintended write access, risking information disclosure or data corruption (COW cross-process leakage). Sev...
CVE-2020-36766
The CVE-2020-36766 issue affects the Linux kernel prior to 5.8.6. In drivers/media/cec/core/cec-api.c, memory leakage of one kernel byte to unprivileged users occurs due to directly assigning log_addrs with a hole in the struct. The vulnerability is local (requires local access) and has a low ove...
CVE-2019-17053
CVE-2019-17053 affects the Linux kernel's ieee802154_create in net/ieee802154/socket.c (AF_IEEE802154) up to version 5.3.2, where CAP_NET_RAW is not enforced. This allows unprivileged users to create a raw socket (local, low complexity). The connected documents reiterate the same description but ...
CVE-2021-45486
CVE-2021-45486 affects the Linux kernel IPv4 stack, specifically net/ipv4/route.c, where a very small hash table enables information leakage. The vulnerability arises from the hash table size and is documented to be addressed in Linux kernel 5.12.4 (ChangeLog-5.12.4). Public-connected materials (...
CVE-2018-13053
CVE-2018-13053 affects the Linux kernel alarm_timer_nsleep path (kernel/time/alarmtimer.c) through 4.17.3, due to an integer overflow when handling large relative timeouts because ktime_add_safe is not used. This is confirmed by multiple connected advisories (e.g., F5 security advisory summarizin...
CVE-2021-38205
CVE-2021-38205 affects the xilinx_emaclite driver in the Linux kernel. The vulnerability arises because the driver prints a real IOMEM/kernel pointer, which can aid attackers in bypassing ASLR and facilitate information disclosure. Affected state is Linux kernels before 5.13.3; remediation is to ...
CVE-2022-24448
CVE-2022-24448 affects the Linux kernel’s NFS path: in fs/nfs/dir.c, if an application opens a regular file with O_DIRECTORY set, nfs_atomic_open() does a regular lookup and returns uninitialized data in the file descriptor when a regular file is found instead of ENOTDIR. This issue is documented...
CVE-2017-17807
CVE-2017-17807 : Linux kernel KEYS subsystem vulnerability where the request_key() path can bypass access control when adding a key to the current task’s default request-key keyring. An unpatched kernel (pre-4.14.6) could allow a local attacker to craft a sequence of system calls to insert keys i...
CVE-2019-15919
CVE-2019-15919 affects the Linux kernel before 5.0.10. The vulnerability is in SMB2_write (fs/cifs/smb2pdu.c) due to a use-after-free in the SMB2 write path, with partial confidentiality impact (I: partial) and no explicit exploitation details provided. Remediation: upgrade to kernel 5.0.10 or la...
CVE-2013-2929
CVE-2013-2929 : The Linux kernel before 3.12.2 fails to properly use get_dumpable in the ptrace subsystem (kernel/ptrace.c, arch/ia64/include/asm/processor.h). This allows a local unprivileged user to bypass ptrace restrictions or read IA64 scratch registers via a crafted application. The vulnera...
CVE-2019-19057
CVE-2019-19057 affects the Linux kernel mwifiex PCIe wireless driver (drivers/net/wireless/marvell/mwifiex/pcie.c). Two memory leaks in mwifiex_pcie_init_evt_ring() can occur through failures in mwifiex_map_pci_memory(), allowing a local attacker to trigger memory consumption and a denial of serv...
CVE-2023-1075
CVE-2023-1075 is a Linux kernel TLS TLS: tls_is_tx_ready vulnerability. The issue arises from tls_is_tx_ready() performing a flawed check of list emptiness on a tls-related list, allowing a type-confused entry to be treated as a valid list_head and potentially leaking the last byte of a field tha...
CVE-2020-29371
CVE-2020-29371 affects Linux kernel romfs_dev_read (fs/romfs/storage.c) prior to 5.8.4, where uninitialized memory leaks to userspace. The vulnerability stems from uninitialized memory paths, enabling leakage to user space. Affected component is the ROMFS code in the kernel; no exploit details ar...
CVE-2022-33981
CVE-2022-33981 affects the Linux kernel’s floppy driver (drivers/block/floppy.c) up to version 5.17.6. The issue is a concurrency use-after-free after deallocating raw_cmd in the raw_cmd_ioctl function, leading to a local denial-of-service. Public documents confirm the vulnerable code path and th...
CVE-2022-32296
CVE-2022-32296 affects the Linux kernel where, prior to 5.17.9, the TCP source port selection (Algorithm 4, Double-Hash Port Selection from RFC 6056) can allow a remote or local observer to identify clients by observed source ports. Connected advisories confirm the issue in kernel ments and note ...
CVE-2021-38209
CVE-2021-38209 affects the Linux kernel prior to 5.12.2, where nf_conntrack_standalone.c leaks namespace changes across all net namespaces via NF_SYSCTL_CT_MAX, NF_SYSCTL_CT_EXPECT_MAX, and NF_SYSCTL_CT_BUCKETS. The issue enables observation of changes in any net namespace because updates are lea...
CVE-2023-1513
CVE-2023-1513: A flaw in KVM where, on 32-bit systems, uninitialized portions of the kvm_debugregs structure could be copied to userspace via KVM_GET_DEBUGREGS, causing an information leak. Astra Linux bulletin confirms the same KVM-based issue; no fix/version details are provided in the availabl...
CVE-2021-20239
CVE-2021-20239 describes a flaw in the Linux kernel prior to 5.4.92 within the BPF protocol. A local attacker can leak information about kernel internal addresses, impacting confidentiality. The issue is tied to the BPF verifier/run-time handling and does not require remote access. Affected produ...
CVE-2024-50044
CVE-2024-50044 affects the Linux kernel Bluetooth RFCOMM path. The issue is a deadlock in rfcomm_sk_state_change caused by rfcomm_sock_ioctl attempting to lock sock_lock while another path already holds the lock, creating circular locking. The vulnerability is resolved in kernel code by ensuring ...
CVE-2014-8134
CVE-2014-8134 affects the Linux kernel’s KVM paravirt code path (arch/x86/kernel/kvm.c, paravirt_ops_setup) through version 3.18. The root cause is an improper paravirt_enabled setting for KVM guest kernels, which could allow a guest user to bypass ASLR via a crafted application that reads a 16‑b...
CVE-2017-17864
CVE-2017-17864 affects the Linux kernel up to version 4.14.8, specifically the BPF verifier code (kernel/bpf/verifier.c). The root cause is a mishandling of states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type, which can allow a local user to leak potentially sen...
CVE-2019-17056
CVE-2019-17056 affects the Linux kernel AF_NFC implementation (llcp_sock_create in net/nfc/llcp_sock.c). Description: it does not enforce CAP_NET_RAW, allowing unprivileged users to create a raw socket. Root cause: missing capability check in llcp_sock_create. Impact: enables local privilege-rest...
CVE-2024-41007
CVE-2024-41007 relates to a Linux kernel TCP issue where a socket using TCP_USER_TIMEOUT could have the retransmit timer emit packets for minutes after the user timeout expired if the peer reduced its window to zero. The underlying cause was tcp_retransmit_timer() ignoring icsk_user_timeout under...
CVE-2011-1833
The CVE-2011-1833 issue affects the Linux kernel’s eCryptfs subsystem, specifically the ecryptfs_mount path (fs/ecryptfs/main.c). A race condition during mounting with a mismatched uid could let a local attacker bypass file permissions. This vulnerability is present in kernel versions before 3.1....
CVE-2024-50057
CVE-2024-50057 affects the Linux kernel USB Type-C tipd path. The vulnerability stems from freeing IRQs in polling mode when no IRQ was requested; the fix calls devm_free_irq() only if client->irq is set, preventing the warning observed during tps6598x removal. Public details in the connected ...
CVE-2018-18386
The CVE-2018-18386 issue affects the Linux kernel up to version 4.14.10, in drivers/tty/n_tty.c, where an EXTPROC vs ICANON confusion in TIOCINQ allows local attackers with access to pseudo terminals to hang or block further use of any PTY. The root cause is a terminal/TTY handling inconsistency,...
CVE-2015-2922
CVE-2015-2922 is a Linux kernel IPv6 Neighbor Discovery flaw in the ndisc_router_discovery path that lets a crafted Router Advertisement with a small hop_limit reconfigure the hop-limit on the receiving interface. It affects the IPv6 stack prior to kernel 3.19.6; the impact is loss of connectivit...
CVE-2014-3917
CVE-2014-3917 affects the Linux kernel up to 3.14.5, specifically kernel/auditsc.c when CONFIG_AUDITSYSCALL is enabled with certain syscall rules. Local users can obtain sensitive single-bit values from kernel memory or trigger a denial of service (OOPS) by using a large syscall number. Exploitat...
CVE-2016-4486
CVE-2016-4486 affects the Linux kernel prior to 4.5.5, where the function rtnetlink.c: rtnl_fill_link_ifmap does not initialize a certain data structure. This allows a local attacker to read kernel stack memory via a crafted Netlink message, leading to information disclosure. Public references (i...
CVE-2021-47671
The CVE-2021-47671 issue affects the Linux kernel can: etas_es58x driver. In es58x_rx_err_msg(), when can->do_set_mode() fails, the code previously returned and did not free the skb allocated by alloc_can_err_skb(), causing a memory leak. A patch was applied to remove the return in the error p...
CVE-2022-48939
CVE-2022-48939 refers to a Linux kernel issue where the BPF subsystem’s batch operations could cause soft lockups due to missing schedule points. The fix adds scheduling points in batch paths to prevent long hangs (e.g., kworker/1:1:27 blocked and hung RCUs). The root cause is that batch processi...
CVE-2024-38388
CVE-2024-38388 affects the Linux kernel ALSA component: hda/cs_dsp_ctl. The fix switches to using the control private_free callback to free the associated data block, ensuring memory is freed regardless of how the control is destroyed. Previously, hda_cs_dsp_control_remove() only freed the intern...
CVE-2024-47738
CVE-2024-47738 affects the Linux kernel’s wifi subsystem (mac80211). The vulnerability lies in handling rate masks for offchannel TX, where an incorrect rate mask could trigger a -EINVAL/unsupported rate warning. The advisory notes that the root cause was traced to a chain of commits, with the pr...
CVE-2019-17052
CVE-2019-17052 affects Linux kernel 3.16–5.3.2 where several AF_NET_RAW-bound protocols (AX.25) do not enforce CAP_NET_RAW in socket creation, allowing unprivileged users to create raw sockets. Related entries mention additional interfaces (IEEE802.154, Appletalk, ISDN, NFC) with the same CAP_NET...
CVE-2019-17054
CVE-2019-17054 affects the Linux kernel (AF_APPLETALK) where atalk_create does not enforce CAP_NET_RAW through 5.3.2, allowing unprivileged users to create raw sockets. Exploitation status and exact fixes are not provided in the supplied documents; no mitigation details are described here.
CVE-2022-3629
CVE-2022-3629 affects the Linux kernel’s vsock_connect in net/vmw_vsock/af_vsock.c, causing a memory leak. The issue is described as a local problem with low overall severity (CVSS 3.1: low, availability impact), and exploitation is not trivial but feasible locally. The primary remediation guidan...
CVE-2024-26764
CVE-2024-26764 : Linux kernel vulnerability in fs/aio where kiocb_set_cancel_fn() was not restricted to I/O submitted via libaio. If called for io_uring I/O, a kernel warning is produced (kiocb_set_cancel_fn+0x9c/0xa8). The fix: set the IOCB_AIO_RW flag for read/write I/O submitted by libaio to p...
CVE-2014-9683
CVE-2014-9683 describes an off-by-one error in the Linux kernel’s eCryptfs path: ecryptfs_decode_from_filename in fs/ecryptfs/crypto.c (pre-3.18.2). A crafted filename can cause a buffer overflow, leading to a denial of service and, potentially, local privilege escalation. The vulnerability is lo...
CVE-2024-50211
Technical details about CVE-2024-50211 (affected component, root cause, impact, or fix) are not provided in the supplied connected documents. Monitor for updates from upstream advisories or security bulletins.