Lucene search
K
LinuxLinux Kernel

4037 matches found

CVE
CVE
added 2024/02/29 3:52 p.m.8192 views

CVE-2024-26620

CVE-2024-26620 affects the Linux kernel’s s390 VFIO AP mediated devices (vfio-ap). The issue stems from vfio_ap_mdev_filter_matrix: when a new adapter or domain is assigned to an mdev, only the APID/APQI for the new item was inspected. This could leave AP queues bound to no driver exposed to a gu...

7.5CVSS6.3AI score0.0095EPSS
CVE
CVE
added 2024/02/29 3:52 p.m.8187 views

CVE-2023-52494

CVE-2023-52494 concerns the Linux kernel bus: mhi driver. The vulnerability arises from an unaligned event ring read pointer reading 128-bit elements (struct mhi_ring_element). Although the code validates the pointer is within the buffer, an unaligned pointer could lead to DoS or ring-buffer memo...

7.8CVSS6.3AI score0.00279EPSS
CVE
CVE
added 2024/02/29 3:52 p.m.8172 views

CVE-2023-52495

CVE-2023-52495 affects the Linux kernel PMIC GLINK altmode driver (qcom) and is caused by an incomplete port sanity check. The driver supports at most two ports; a notification for an unsupported port could access memory beyond the port array, risking memory corruption. The issue is addressed by ...

7.8CVSS6.5AI score0.00282EPSS
CVE
CVE
added 2024/05/01 5:26 a.m.7842 views

CVE-2024-26936

CVE-2024-26936 affects the Linux kernel component ksmbd. The issue arises because the response buffer is allocated in smb2_allocate_rsp_buf() only after validating the request, while the patch shows that fields in the payload and the SMB2 header are used within smb2_allocate_rsp_buf(), enabling a...

7.8CVSS6.6AI score0.00234EPSS
CVE
CVE
added 2024/05/01 5:28 a.m.7801 views

CVE-2024-27000

Summary: CVE-2024-27000 is a Linux kernel vulnerability in the serial mxs-auart driver where uart_handle_cts_change() could be invoked without holding uport->lock, risking mis-synchronization. The issue is resolved by adding a spinlock around changing the CTS state. The described scenario invo...

7.8CVSS6.2AI score0.00327EPSS
CVE
CVE
added 2024/05/01 5:19 a.m.7737 views

CVE-2024-26965

CVE-2024-26965 affects the Linux kernel clk/qcom:mmcc-msm8974. The issue stems from frequency table arrays not being terminated with an empty element, which can lead to out-of-bounds traversal by qcom_find_freq() or qcom_find_freq_floor(). The fix adds a terminating empty entry at the end of the ...

7.8CVSS6.4AI score0.0026EPSS
CVE
CVE
added 2024/05/01 5:18 a.m.7722 views

CVE-2024-26955

CVE-2024-26955 is a Linux kernel vulnerability in nilfs2. The issue arises when nilfs_get_block() can return success in a state where both searching and inserting a block fail due to a race, potentially leading to a read of an unmapped buffer and triggering a BUG_ON in submit_bh_wbc() via BH_Mapp...

7.8CVSS6.4AI score0.00255EPSS
CVE
CVE
added 2024/05/01 1:4 p.m.7692 views

CVE-2024-27075

CVE-2024-27075 targets Linux kernel media/dvb-frontends, specifically the stv0367 driver. The root cause is a stack-frame growth issue (stack frame size 3624 exceeds 2048) exposed by clang/KASAN_STACK, due to temporary i2c_msg structures on the stack in stv0367ter_set_frontend. The fix reworks st...

7.8CVSS6.7AI score0.0033EPSS
CVE
CVE
added 2024/05/01 1:4 p.m.7678 views

CVE-2024-27065

CVE-2024-27065 is a Linux kernel issue affecting nf_tables: the verifier could incorrectly compare internal table flags during updates. The public advisories in connected documents reference a fix that “restores skipping transaction if table update does not modify flags,” applied as part of kerne...

7.8CVSS6.5AI score0.00263EPSS
CVE
CVE
added 2024/05/01 5:18 a.m.7677 views

CVE-2024-26951

CVE-2024-26951 (Linux kernel, WireGuard) : The bug occurs in the netlink dump when peers are removed with wg_peer_remove_all(): a cursored peer that has been removed can lead to iterating freed peers, causing a use-after-free. The fix changes the check from an empty peer_list to the dedicated is_...

7.8CVSS6.4AI score0.00234EPSS
CVE
CVE
added 2024/06/21 10:18 a.m.7520 views

CVE-2024-38629

In CVE-2024-38629, the Linux kernel’s dmaengine: idxd driver had a use-after-free risk where ida_destroy(&file_ida) could run after file_ida was already destroyed during WQ cdev teardown, risking a kernel panic. The fix removes ida_destroy(&file_ida) since file_ida is allocated on cdev open and f...

7.8CVSS6.4AI score0.00231EPSS
CVE
CVE
added 2024/02/27 6:47 p.m.7270 views

CVE-2021-46965

CVE-2021-46965 : Linux kernel mtd/physmap/physmap-bt1-rom vulnerability where casting &data to (char ) caused unintentional stack access; the fix corrects the byte offset calculation (data is u32) to prevent out-of-bounds/stacks access. Affected code and root cause are documented in the upstream ...

7.1CVSS6.4AI score0.0023EPSS
CVE
CVE
added 2024/05/09 4:37 p.m.7224 views

CVE-2024-27397

CVE-2024-27397 affects the Linux kernel nf_tables in netfilter. The root cause is a race where set elements could expire during unfinished control-plane transactions. The fix adds a timestamp field at the start of a transaction and stores it per-netns, updating the set backends’ insert, deactivat...

7CVSS6.5AI score0.00257EPSS
CVE
CVE
added 2024/05/01 12:53 p.m.7208 views

CVE-2024-27036

CVE-2024-27036 affects the Linux kernel CIFS writeback path. The vulnerability arises when cifs_extend_writeback() considers an extra folio but would overrun the wsize, causing the xarray scanning loop to rely on xas_pause(), which advances the counter and can skip a page. The fix is to call xas_...

7.8CVSS6.7AI score0.00282EPSS
CVE
CVE
added 2024/05/30 3:29 p.m.7195 views

CVE-2024-36904

The provided connected advisories confirm CVE-2024-36904 affects the Linux kernel TCP TIME-WAIT handling. Specifically, a race window during connect() could allow refcount mismanagement in tcp_twsk_unique() if a TIME-WAIT sk is reused with zero refcnt, potentially leading to a use-after-free. The...

7.8CVSS6.7AI score0.00614EPSS
CVE
CVE
added 2024/02/27 6:47 p.m.7165 views

CVE-2021-46969

CVE-2021-46969 affects the Linux kernel bus: mhi: core. The vulnerability arises when mhi_queue incorrectly returns an error if the doorbell is not accessible in a non-M0 state (e.g., M3). The device is awakened to M0 before updating the doorbell, and treating this as an error delayed the doorbel...

7.8CVSS6.5AI score0.00216EPSS
CVE
CVE
added 2024/04/01 8:35 a.m.7165 views

CVE-2024-26654

Summary (CVE-2024-26654) : In the Linux kernel, the ALSA: sh: aica path could dereference a freed aica_channel due to a race between mod_timer/del_timer during PCM close, causing a use-after-free (UAF). Connected advisories confirm affected kernel families include Astra Linux advisories for Linux...

7CVSS6.1AI score0.00255EPSS
CVE
CVE
added 2024/05/13 10:22 a.m.7112 views

CVE-2024-27398

CVE-2024-27398 – Linux kernel Bluetooth SCO use-after-free . The vulnerability stems from a use-after-free in sco_sock_timeout: after a SCO connection is established, releasing the SCO socket may schedule timeout_work, but the socket can be freed yet still dereferenced by sco_sock_timeout, leadin...

7.8CVSS6.3AI score0.00757EPSS
CVE
CVE
added 2024/05/13 10:29 a.m.7059 views

CVE-2024-27401

CVE-2024-27401 affects the Linux kernel’s firewire nosy code path. The vulnerability arises because packet_buffer_get could read beyond the user-supplied length if the head packet length exceeded user_length, potentially allowing a user-space overflow. The fix ensures the function returns 0 when ...

7.1CVSS6.6AI score0.00296EPSS
CVE
CVE
added 2024/07/29 6:18 a.m.6941 views

CVE-2024-41090

CVE-2024-41090 and CVE-2024-41091 pertain to the Linux kernel’s handling of short frames in TAP/TUN paths. The bug stems from missing verification of frame length in the tap_get_user_xdp() path (CVE-2024-41090) and in the tun_xdp_one()/ETH header handling (CVE-2024-41091), potentially allowing a ...

7.1CVSS6.3AI score0.00256EPSS
CVE
CVE
added 2024/02/28 8:13 a.m.6841 views

CVE-2021-47040

CVE-2021-47040 relates to the Linux kernel io_uring subsystem. The vulnerability stems from overflow checks in provide_buffers() for io_provide_buffers_prep(), with prior attempts not addressing the overflow/sign-extension issue. It was resolved by introducing robust overflow checks via helper fu...

7.8CVSS6.7AI score0.0026EPSS
CVE
CVE
added 2024/02/28 8:13 a.m.6813 views

CVE-2021-47014

CVE-2021-47014 affects the Linux kernel’s net/sched code, specifically the act_ct action used during IP fragment handling. The root cause was a wild memory access that occurred when a temporarily stored IP fragment was reassembled: restoring skb->cb could overwrite FRAG_CB(), causing invalid m...

7.8CVSS6.5AI score0.00233EPSS
CVE
CVE
added 2024/02/29 3:52 p.m.6794 views

CVE-2024-26610

Mode C: The CVE-2024-26610 vulnerability affects the Linux kernel’s iwlwifi component (iwl_fw_ini_trigger_tlv::data) where data is a __le32*; copying to data + offset with a byte-based offset can overflow the buffer, causing memory corruption. Connected Astra Linux advisory confirms a fix in the ...

7.8CVSS6.1AI score0.00307EPSS
CVE
CVE
added 2024/02/28 8:13 a.m.6767 views

CVE-2021-46999

CVE-2021-46999 affects the Linux kernel SCTP stack. A transport use-after-free occurs when processing a duplicate COOKIE-ECHO chunk in sctp_sf_do_dupcook_a(), where COOKIE-ACK and SHUTDOWN chunks can be allocated with the transport from the new asoc but are later sent via the old asoc after the n...

7.8CVSS6.7AI score0.0025EPSS
CVE
CVE
added 2024/02/28 8:13 a.m.6767 views

CVE-2021-47004

CVE-2021-47004 affects Linux kernel f2fs by fixing a get_victim() GC bug in CP-disabling mode. Two issues when using LFS or SSR/AT_SSR to pick a victim: (1) GC could choose a section with checkpointed data if only current-segment checks were performed; the fix adds section-level validation so a v...

7.1CVSS6.5AI score0.00236EPSS
CVE
CVE
added 2024/07/29 6:18 a.m.6757 views

CVE-2024-41091

CVE-2024-41091, in the Linux kernel, is due to missing verification of frame length in the tun_xdp_one() path. This can allow a skb with insufficient Ethernet header length to be processed, risking out-of-bounds access or header-length inconsistencies in subsequent processing. A related path (tun...

7.1CVSS6.3AI score0.00256EPSS
CVE
CVE
added 2024/02/29 3:52 p.m.6744 views

CVE-2024-26619

CVE-2024-26619 concerns the Linux kernel on riscv, where a use-after-free was introduced by the order of kfree calls during module loading. The vulnerability is resolved by reversing the free order, preventing use-after-free conditions. The available details identify the affected component as the...

7.8CVSS6.7AI score0.00275EPSS
CVE
CVE
added 2024/02/29 5:43 a.m.6715 views

CVE-2023-52482

CVE-2023-52482 is a Linux kernel issue where x86 SRSO mitigation was added to address speculative return stack overflow on Hygon processors. The connected Nessus entry for MiracleLinux 9 references kernel commits that implement x86 srso mitigation for Hygon and notes this CVE’s resolution, aligni...

7.8CVSS6.8AI score0.00257EPSS
CVE
CVE
added 2024/02/29 3:52 p.m.6712 views

CVE-2024-26617

CVE-2024-26617 (Linux kernel) : The vulnerability stems from fs/proc/task_mmu where the mmu notification mechanism was moved inside the mm lock, preventing a race with components that depend on the notifier to invalidate memory ranges. The patch tightens the notifier scope inside the mm lock, red...

7CVSS6.5AI score0.00163EPSS
CVE
CVE
added 2024/02/29 3:52 p.m.6702 views

CVE-2024-26616

CVE-2024-26616 affects the Linux kernel Btrfs file system, specifically the scrub path. The bug occurs when a converted ext4-converted Btrfs with chunk layout causes Scrub to split a bio and free resources twice, leading to a use-after-free in scrub_read_endio/scrub_submit_initial_read. The root ...

7.8CVSS6.2AI score0.00291EPSS
CVE
CVE
added 2024/02/29 3:52 p.m.6659 views

CVE-2023-52491

CVE-2023-52491 concerns a use-after-free in the Linux kernel’s media/mtk-jpeg driver. The issue arises from binding jpeg->job_timeout_work to mtk_jpeg_job_timeout_work in mtk_jpeg_probe and a path in mtk_jpeg_dec_device_run where an error in mtk_jpeg_set_dec_dst leads to a worker being started...

7.8CVSS6.3AI score0.00276EPSS
CVE
CVE
added 2024/05/01 5:17 a.m.6487 views

CVE-2024-26939

Summary (CVE-2024-26939) : In the Linux kernel, the DRM i915 driver’s VMA handling suffers a Use-After-Free when destroying a VMA during retirement race, leading to spurious frees of an active i915 VMA object. The root cause is a race between __active_retire() and i915_vma_destroy()/parked paths,...

7CVSS6.5AI score0.00239EPSS
CVE
CVE
added 2024/02/27 6:46 p.m.6408 views

CVE-2021-46955

CVE-2021-46955 affects the Linux kernel in combination with Open vSwitch. The issue arises in IPv4 packet fragmentation within ovs_fragment(), where a temporary dst_entry is misused as an rtable pointer during the ip_do_fragment() -> ip_skb_dst_mtu() -> ip_dst_mtu_maybe_forward() -> ip_m...

7.1CVSS6.1AI score0.00254EPSS
CVE
CVE
added 2024/02/27 6:47 p.m.6390 views

CVE-2021-46966

CVE-2021-46966 affects the Linux kernel: a use-after-free vulnerability in ACPI custom_method code where cm_write() could access a freed buf if count

7.8CVSS6.5AI score0.0023EPSS
CVE
CVE
added 2024/02/28 8:13 a.m.6155 views

CVE-2021-47013

CVE-2021-47013 concerns a use-after-free in Linux kernel’s net:emac/emac-mac path, specifically emac_mac_tx_buf_send. The issue arises when emac_tx_fill_tpd() errors cause skb to be freed (dev_kfree_skb(skb)), yet skb->len is still read by netdev_sent_queue(skb->len). The description states...

7.8CVSS6.3AI score0.00259EPSS
CVE
CVE
added 2024/02/29 10:37 p.m.6154 views

CVE-2021-47068

The CVE-2021-47068 entry concerns the Linux kernel NFC LLCP paths (llcp_sock_bind/llcp_sock_connect). Root cause: a refcount leak in bind/connect was fixed but introduced a use-after-free when the same local is bound to two sockets. The vulnerability is tied to the NFC LLCP implementation in the ...

7.8CVSS7.1AI score0.00343EPSS
CVE
CVE
added 2024/02/28 8:13 a.m.6120 views

CVE-2021-47017

The CVE-2021-47017 vulnerability is in the Linux kernel's ath10k_htc_send_bundle path, where a use-after-free could occur if bundle_skb is freed by dev_kfree_skb_any(bundle_skb) but later accessed via bundle_skb->len. The patch mitigates this by updating skb_len after freeing bundle_skb. Affec...

7.8CVSS6.8AI score0.00238EPSS
CVE
CVE
added 2024/05/01 5:19 a.m.6068 views

CVE-2024-26957

CVE-2024-26957 relates to the Linux kernel’s s390/zcrypt subsystem, where reference counting on zcrypt card objects was fixed to prevent a use-after-free of the zcrypt_card during hot-plug/probe/remove cycles. The issue could allow freeing a zcrypt card object while it is still in use, as demonst...

7.8CVSS6.4AI score0.00239EPSS
CVE
CVE
added 2024/02/28 8:13 a.m.6032 views

CVE-2021-46998

Summary: CVE-2021-46998 affects the Linux kernel, specifically the enic driver path in ethernet/enic. A use-after-free occurs in enic_hard_start_xmit when an error in enic_queue_wq_skb() frees a skb via dev_kfree_skb(skb), but skb_tx_timestamp(skb) may still access it. Root cause: freed skb used ...

7.8CVSS6.4AI score0.00242EPSS
CVE
CVE
added 2024/02/29 10:31 p.m.6020 views

CVE-2021-46959

CVE-2021-46959 is a Linux kernel SPI subsystem use-after-free issue (devm_spi_alloc_{master,slave}) caused by relying on the devres list during spi_unregister_controller. The root cause is that devres_find() runs after the devres list has been torn down, leading to underflow of reference counters...

7.8CVSS6.6AI score0.00245EPSS
CVE
CVE
added 2024/02/29 10:37 p.m.6012 views

CVE-2021-47058

CVE-2021-47058 is a Linux kernel vulnerability affecting the regmap debugfs path. The issue arises from a memory leak in which debugfs_name is freed in regmap_debugfs_exit() but not recreated due to a conditional added by upstream commit cffa4b2122f5. The relevant sequence involves regmap_reinit_...

7.8CVSS6.5AI score0.00246EPSS
CVE
CVE
added 2024/02/28 8:13 a.m.5965 views

CVE-2021-47028

CVE-2021-47028 affects the Linux kernel mt76 mt7915 driver stack. The issue is in tx rate reporting for mt7915e devices (cfg80211/mac80211 flow), where rate_info was not checked correctly, leading to unexpected or incorrect bitrate reporting. The connected NASL document confirms a fix in the txra...

7.8CVSS6.5AI score0.00245EPSS
CVE
CVE
added 2024/05/01 5:29 a.m.5962 views

CVE-2024-27008

CVE-2024-27008 is confirmed in the connected MiracleLinux advisories as a Linux kernel vulnerability affecting the drm nv04 driver. Description: when Output Resource (dcb->or) is assigned in fabricate_dcb_output(), there can be an out-of-bounds access to the dac_users array if dcb->or is ze...

7.8CVSS6.2AI score0.00293EPSS
CVE
CVE
added 2024/02/29 3:52 p.m.5862 views

CVE-2024-26608

The CVE-2024-26608 entry describes a Linux kernel ksmbd_nl_policy out-of-bounds read that was addressed by a patch to fix a global oob in ksmbd_nl_policy. The bug manifested as a read of size 1 at a netlink attribute parsing path, with the faulting address located in ksmbd_nl_policy+0x100/0xa80 a...

7.8CVSS7.1AI score0.00234EPSS
CVE
CVE
added 2024/05/01 5:27 a.m.5733 views

CVE-2024-26982

CVE-2024-26982 affects the Linux kernel Squashfs code. The vulnerability arises from an OOB read path in fill_meta_index() triggered by an inode number value of zero, which is treated as unused. After a faulty read aborts, an empty metadata index is invalidated with inode=0, and a subsequent read...

7.1CVSS7.5AI score0.0028EPSS
CVE
CVE
added 2024/04/17 10:27 a.m.5658 views

CVE-2024-26872

The CVE-2024-26872 vulnerability affects the Linux kernel RDMA/srpt subsystem. A race condition allows a use-after-free situation in srpt_refresh_port() when an event handler is registered before the srpt device is fully initialized. The issue can impact confidentiality, integrity, and availabili...

7CVSS6.3AI score0.00235EPSS
CVE
CVE
added 2024/04/01 8:33 a.m.5580 views

CVE-2024-26653

CVE-2024-26653 : In the Linux kernel, the USB ljca (ljca_auxdev_release) path double-freed the platform_data on error handling when auxiliary_device_add() fails. The issue is fixed by removing the redundant kfree() in callers and by freeing the passed-in platform_data only for errors that occur b...

7.8CVSS6.8AI score0.00236EPSS
CVE
CVE
added 2024/05/01 5:18 a.m.5512 views

CVE-2024-26954

CVE-2024-26954 (Linux kernel) is tied to a slab-out-of-bounds read in ksmbd during smb2_create_req processing. The issue arises when smb2_create_req’s NameOffset is smaller than its Buffer offset, allowing slab-out-of-bounds reads from smb2_open. The patch fixes this by enforcing a minimum value ...

7.1CVSS6.7AI score0.0025EPSS
CVE
CVE
added 2024/02/29 5:43 a.m.5493 views

CVE-2023-52480

CVE-2023-52480 affects ksmbd (SMB3 server) in the Linux kernel. The vulnerability is a race condition between ksmbd_session_lookup and ksmbd_expire_session that could lead to a use-after-free, resolved by patching with a rwsem to synchronize session lookup and expiration. The description in conne...

7CVSS6.3AI score0.0018EPSS
CVE
CVE
added 2024/03/01 9:15 p.m.5466 views

CVE-2021-47069

CVE-2021-47069 is a Linux kernel race in IPC paths: do_mq_timedreceive may call wq_sleep with a stack-allocated ewq_addr that can be overwritten, leading to a later access by do_mq_timedsend and a crash. The root cause is a race between the receiver’s stack address and the sender’s use of that ad...

7CVSS6.3AI score0.00258EPSS
Total number of security vulnerabilities4037