392 matches found
CVE-2023-52497
CVE-2023-52497 affects the Linux kernel EROFS: the vulnerability stems from in-place LZ4 decompression where two mapped buffers could cause data corruption due to overlapping buffers and buffer ordering, especially on newer Intel CPUs with FS RM. The fix switches to using the decompressed buffer ...
CVE-2023-52644
CVE-2023-52644 relates to a Linux kernel WiFi component (b43) where the QoS-disabled path could map the IEEE 802.11 queue incorrectly due to a single-queue scenario. The root cause is that when QoS is off, the code may attempt to stop/wake a non-existent queue or fail to stop/wake the actual queu...
CVE-2021-47060
CVE-2021-47060 affects the Linux kernel KVM MMIO coalesced zones. When kvm_io_bus_unregister_dev() fails to allocate memory for a new bus instance, unregister_dev() destroys all devices on the bus except the target, but does not notify the caller, which can lead to a deleted list entry being dere...
CVE-2024-27030
CVE-2024-27030 – Verified in connected advisories: the issue is fixed in the Linux kernel by introducing separate interrupt handlers for octeontx2-af, addressing a race condition where PF→AF and VF→AF interrupt vectors used the same handler, causing two CPUs to handle the same event and corrupt d...
CVE-2024-26886
CVE-2024-26886 (Linux kernel): The vulnerability affects Bluetooth af_bluetooth in the Linux kernel, where attempting to lock a socket during .recvmsg could deadlock. The fix switches from using sock_sock to using the bt path with sk_receive_queue.lock in bt_sock_ioctl, preventing a use-after-fre...
CVE-2024-26880
CVE-2024-26880 (Linux kernel) summary The issue concerns the DM stack’s suspend/resume flow: dm_internal_resume previously called origin_postsuspend/DM targets’ resume in a way that could corrupt the hash_list due to paired suspend/resume calls being mismatched. The fix changes __dm_internal_resu...
CVE-2024-26894
CVE-2024-26894 affects the Linux kernel: ACPI: processor_idle memory leak after CPU idle device unregister. Root cause: memory allocated for acpi_processor_power_exit is not freed. Remediation: free the CPU idle device after unregistering it (kernel patch cited in multiple advisories).
CVE-2024-27005
CVE-2024-27005 : The vulnerability is a race in the Linux kernel interconnect subsystem where the req_list of icc_node could be modified while icc_set_bw() iterates it, due to locking not guaranteeing mutual exclusion between icc_bw_lock and icc_lock. The issue arises after splitting icc_lock and...
CVE-2024-57893
CVE-2024-57893 : Linux kernel ALSA: seq: oss — race in SysEx message processing can cause out-of-bounds access. Connected docs confirm the issue and state a mutex-based serialization fix was introduced to protect SysEx packets in the OSS sequencer, effectively addressing the race between 6-byte S...
CVE-2024-27032
CVE-2024-27032 affects the Linux kernel f2fs subsystem. During recovery, if FAULT_BLOCK is enabled, f2fs_reserve_new_block() may return -ENOSPC, potentially causing a kernel panic. Additionally, with fault-injection rate 1 and only FAULT_BLOCK enabled, a deadloop in block reservation may occur. T...
CVE-2024-27028
CVE-2024-27028 is confirmed with concrete details in connected docs: the Linux kernel spi-mt65xx driver had a NULL pointer dereference in the interrupt handler during spi_transfer when tx_buf could be NULL. The fix adds a check for trans->tx_buf before use, mitigating potential crashes. Affect...
CVE-2021-0920
CVE-2021-0920 is confirmed with concrete details in the connected sources: a race condition in unix_scm_to_skb within af_unix.c can trigger a use-after-free, potentially enabling local privilege escalation on the Android kernel. The vulnerability affects the Linux kernel used in Android (via the ...
CVE-2024-26586
CVE-2024-26586 (Linux kernel) : The issue is a stack corruption risk in mlxsw spectrum ACL TCAM handling when there are more than 16 ACLs in an ACL group. In Spectrum-2+ ASICs, firmware reports a larger ACL count than the PAGT register can hold, risking stack corruption during forwarding. The fix...
CVE-2019-10638
The CVE-2019-10638 entry concerns the Linux kernel IT: the IP ID values used for connectionless protocols (UDP/ICMP) in kernels prior to 5.1.7. The underlying issue is weak hashing of IP IDs, enabling an attacker to track a host across networks by correlating IDs and potentially obtain the hashin...
CVE-2019-14284
CVE-2019-14284 affects the Linux kernel prior to 5.2.3, where floppy.c can suffer a division-by-zero in setup_format_params. Two consecutive ioctls can trigger a DOs: the first ioctl sets geometry (.sect/.rate) such that F_SECT_PER_TRACK becomes zero; the second triggers the floppy format operati...
CVE-2024-26875
The CVE-2024-26875 entry affects Linux kernel media: pvrusb2, where risk came from a use-after-free in pvr2_context_set_notify due to a race with pvr2_context_disconnect involving a disconnect_flag. The provided fix moves the disconnect_flag assignment to after all code in pvr2_context_disconnect...
CVE-2019-14283
CVE-2019-14283 affects the Linux kernel up to version 5.2.2, where floppy drive handling in set_geometry() in drivers/block/floppy.c fails to validate sect and head, enabling an integer overflow and out-of-bounds read. This can be triggered by an unprivileged local user when a floppy is present (...
CVE-2014-0196
CVE-2014-0196 affects the Linux kernel (through 3.14.3) specifically the n_tty_write function in drivers/tty/n_tty.c. The flaw permits a local user to trigger a race condition between read and write operations with long strings in the LECHO & !OPOST case, enabling denial of service (memory corrup...
CVE-2021-46953
The CVE-2021-46953 issue affects the Linux kernel ACPI GTDT driver. If a probe fails due to invalid firmware properties, the driver may unmap an interrupt it mapped earlier without verifying that the mapping succeeded, and if the firmware reports an interrupt number overlapping the GIC SGI range,...
CVE-2023-39193
CVE-2023-39193 affects the Linux kernel Netfilter SCTP path, where sctp_mt_check fails to validate the flag_count field, enabling a local attacker with CAP_NET_ADMIN to trigger an out-of-bounds read that can crash the system or cause information disclosure. Connected advisories (Red Hat, AlmaLinu...
CVE-2020-12770
CVE-2020-12770 arises from the Linux kernel sg_write path in the SCSI generic (sg) driver not releasing internal resources in a specific error path because sg_remove_request is not called. This root cause is cited in multiple sources (e.g., ALAS2KERNEL-5.4-2022-012) and is described as a local-ac...
CVE-2023-39192
CVE-2023-39192 : A flaw in the Linux kernel Netfilter xt_u32 module allows a local privileged attacker to trigger an out-of-bounds read by crafting improper values in the xt_u32 structure. The root cause is missing validation of fields in xt_u32, leading to crash or information disclosure. Impact...
CVE-2023-1192
CVE-2023-1192 denotes a use-after-free in CIFS smb2_is_status_io_timeout() within the Linux kernel, where memory freed during a system call and CIFS’ later access to that memory can trigger a denial of service. The connected advisories confirm this UAF issue exists in kernel CIFS code and link it...
CVE-2023-5090
CVE-2023-5090: A flaw in Linux kernel KVM (svm_set_x2apic_msr_interception) enables direct access to host x2apic MSRs when a guest resets its APIC, potentially causing denial of service. Connected advisories (Astra Linux, IBM Guardium bulletin, Amazon ALAS) reference this CVE as part of Linux ker...
CVE-2023-0459
CVE-2023-0459: Linux kernel on 64-bit systems is affected by a local elevation of information disclosure due to Copy_from_user bypassing __uaccess_begin_nospec, bypassing access_ok and allowing a user to pass a kernel pointer to copy_from_user. Root cause is the __uaccess_begin_nospec handling. I...
CVE-2020-25285
CVE-2020-25285 is a race condition in the Linux kernel hugetlb sysctl handlers (mm/hugetlb.c) that could allow a local attacker to corrupt memory or trigger NULL pointer dereferences. Public docs (e.g., ChangeLog-5.8.8) indicate the fix was released in kernel 5.8.8; Ubuntu/Debian advisories refer...
CVE-2020-27171
The vulnerability CVE-2020-27171 affects Linux kernels before 5.11.8. The issue is in kernel/bpf/verifier.c, where an off-by-one error enables integer underflow that can trigger out-of-bounds speculation in pointer arithmetic, allowing side-channel leakage of kernel memory and defeating Spectre m...
CVE-2019-3016
CVE-2019-3016 is a Linux kernel/KVM issue where, when PV TLB is enabled, a process inside a guest can read memory belonging to another process in the same guest. The root cause is a missing or incomplete TLB flush in the KVM x86 paravirtualized path when the host is running Linux 4.10 and the gue...
CVE-2021-37159
CVE-2021-37159 affects the Linux kernel driver hso_free_net_device() in drivers/net/usb/hso.c. The code calls unregister_netdev without verifying NETREG_REGISTERED, causing use-after-free and double-free scenarios. Affected kernel versions include up to 5.13.4; the issue is mitigated by upgrading...
CVE-2022-1462
CVE-2022-1462 is an out-of-bounds read in the Linux kernel TeleTYpe subsystem triggered by a race using ioctls (TIOCSPTLCK, TIOCGPTPEER, TIOCSTI, TCXONC). Local users can crash the system or read unauthorized memory. Public advisories link this CVE to Linux kernel versions across multiple distrib...
CVE-2019-13631
The CVE-2019-13631 entry describes a vulnerability in the Linux kernel (parse_hid_report_descriptor in drivers/input/tablet/gtco.c) where a malicious USB HID device can cause an out-of-bounds write during debugging message generation. This affects kernels up to version 5.2.1. The document does no...
CVE-2019-19532
CVE-2019-19532 affects the Linux kernel up to 5.3.8, with multiple out-of-bounds write bugs triggered by a malicious USB device in HID drivers (e.g., HID-AXFF, HID-EMSFF, HID-LOGITECH-HIDPP, HID-MICROSOFT, HID-SONY, HID-TMFF, HID-ZPFF, and others). The root cause is out-of-bounds writes in HID dr...
CVE-2020-10690
The CVE-2020-10690 entry affects Linux kernel versions before 5.5. It is caused by a race between the release of ptp_clock and the cdev during resource deallocation, which can free the cdev structure while a high-privileged process holding /dev/ptpX is sleeping. When the underlying device is remo...
CVE-2020-13143
CVE-2020-13143 affects the Linux kernel USB gadget/configfs (drivers/usb/gadget/configfs.c) from 3.16 to 5.6.13. The flaw arises when gadget_dev_desc_UDC_store uses kstrdup and may encounter an internal NUL value, leading to potential out-of-bounds memory access (reported as heap out-of-bounds wr...
CVE-2020-12352
CVE-2020-12352 corresponds to an issue in the Linux Bluetooth stack (BlueZ) where improper access control may allow an unauthenticated user with adjacent access to trigger information disclosure. The description and connected sources indicate this is a local/adjacent-network risk without user int...
CVE-2019-19319
CVE-2019-19319 : In the Linux kernel prior to 5.2, a setxattr operation following a mount of a crafted ext4 image can trigger a slab-out-of-bounds write via ext4_xattr_set_entry use-after-free when a large old_size is used in memset in fs/ext4/xattr.c. This is an information disclosure/DoS risk p...
CVE-2019-15090
CVE-2019-15090 affects the Linux kernel driver component drivers/scsi/qedi/qedi_dbg.c, with an out-of-bounds read in the qedi_dbg_* family of functions for versions before 5.1.12. The issue can enable a local attacker to read memory due to improper bounds handling, as described in the CVE entry. ...
CVE-2021-42739
CVE-2021-42739 is a heap/buffer overflow in the Linux kernel’s FireWire FireDTV driver (firedtv-avc.c, firedtv-ci.c) caused by avc_ca_pmt failing to perform proper bounds checking. It affects the kernel’s FireWire path and can lead to memory corruption, crashes, or potentially privilege escalatio...
CVE-2022-38457
CVE-2022-38457 affects the vmwgfx driver (Linux kernel) in the function vmw_cmd_res_check within drivers/gpu/vmxgfx/vmxgfx_execbuf.c, exposed via /dev/dri/renderD128. The issue is a use-after-free, leading to local privilege escalation and DoS. Connected advisories ( MiracleLinux AXSA) reference ...
CVE-2020-8647
Summary of CVE-2020-8647: A use-after-free? No — it is an MMIO out-of-bounds access in the vgacon driver (vt.c, vc_do_resize) of the Linux kernel, reported in the Debian/AlmaLinux advisories as CVE-2020-8647. Impact stated in Debian entries includes potential denial of service, memory corruption,...
CVE-2022-40133
CVE-2022-40133 : A use-after-free in the Linux kernel vmwgfx driver (function vmw_execbuf_tie_context in drivers/gpu/vmxgfx/vmxgfx_execbuf.c) can be triggered by local unprivileged/user-space activity via the render node (/dev/dri/renderD128). Exploitation may allow a local attacker to gain eleva...
CVE-2020-8834
Affected software: Linux kernel KVM for PowerPC (KVM with Book3S HV on Power8). Vulnerability arises from conflicting use of HSTATE_HOST_R1 to store r1 state in kvmppc_hv_entry and in kvmppc_save_tm()/kvmppc_restore_tm, leading to stack corruption. Consequence: a guest VM kernel-space code execut...
CVE-2020-26541
CVE-2020-26541 : Local attacker can bypass the Secure Boot Forbidden Signature Database (dbx) protection in Linux kernels up to 5.8.13, affecting certs/blacklist.c and certs/system_keyring.c. Impact involves potential system integrity/confidentiality compromise. Connected sources confirm the issu...
CVE-2021-4203
CVE-2021-4203 is a Linux kernel use-after-free read flaw in sock_getsockopt() triggered by a race between SO_PEERCRED/SO_PEERGROUPS and listen()/connect(). An authenticated local attacker could crash the system or leak kernel information. The connected IBM advisories document affected products (I...
CVE-2021-3573
CVE-2021-3573 is a local-use-after-free vulnerability in the Linux kernel Bluetooth HCI subsystem (function hci_sock_bound_ioctl) where a race between ioct HCIUNBLOCKADDR and hci_unregister_dev() and calls such as hci_sock_blacklist_add()/del(), hci_get_conn_info(), and hci_get_auth_info() can le...
CVE-2019-19046
CVE-2019-19046 is a memory-leak in Linux kernel drivers/char/ipmi/ipmi_msghandler.c (__ipmi_bmc_register) up to kernel 5.3.11. An ida_simple_get() failure can cause memory consumption leading to DoS; exploitation details are described in the CVE entry, including note that third parties dispute th...
CVE-2019-19332
CVE-2019-19332 affects the Linux kernel KVM implementation (x86) with an out-of-bounds memory write in handling the KVM_GET_EMULATED_CPUID ioctl, enabling a local user with access to /dev/kvm to crash the system (DoS). Affected range is kernels 3.13–5.4. Root cause described as a missing/bounds-c...
CVE-2021-30002
The CVE-2021-30002 issue affects the Linux kernel prior to 5.11.3. It is caused by a memory leak in video_usercopy inside drivers/media/v4l2-core/v4l2-ioctl.c when handling large webcam arguments. This memory leak can lead to memory exhaustion on affected systems. Connected advisories (e.g., Debi...
CVE-2021-33655
CVE-2021-33655 is confirmed in the provided documents as an out-of-bounds memory write triggered by malicious data sent via the framebuffer ioctl FBIOPUT_VSCREENINFO in the Linux kernel framebuffer/console path. The issue allows a local user to crash the system and potentially escalate privileges...
CVE-2021-3772
CVE-2021-3772 affects the Linux kernel SCTP stack: a blind attacker who knows IPs/ports and can spoof packets can kill an existing SCTP association by sending invalid chunks. The connected advisories confirm the issue and point to a patch in the Linux kernel (commit 32f8807a48ae55be0e76880cfe8607...