219 matches found
CVE-2021-46973
CVE-2021-46973 is a Linux kernel use-after-free in the MHI path for qrtr (net: qrtr: Avoid potential use after free in MHI send). The issue occurs because the MHI ul_callback could run immediately after queuing an skb, potentially decrementing the associated skb’s refcount and freeing it, which m...
CVE-2013-2094
CVE-2013-2094 affects the Linux kernel: the perf_swevent_init code in kernel/events/core.c uses an incorrect integer type, enabling a local, unprivileged user to escalate privileges via a crafted perf_event_open call. The issue leads to out-of-bounds access of perf_swevent_enabled and has been fi...
CVE-2021-22555
CVE-2021-22555 is a Linux kernel heap out-of-bounds write vulnerability in net/netfilter/x_tables.c, dating to 2.6.19-rc1. The issue allows a local attacker to gain privileges or cause a DoS via heap memory corruption in the username space. Public sources in the connected docs confirm the vulnera...
CVE-2023-3079
Summary (CVE-2023-3079) : A type confusion in V8 in Google Chrome prior to 114.0.5735.110 can allow remote code execution via a crafted HTML page, with heap corruption as the underlying issue. The vulnerability affects Chrome’s Chromium-based rendering stack (V8 engine) and is rated High severity...
CVE-2022-0185
CVE-2022-0185 is a Linux kernel vulnerability in the legacy_parse_param path of the Filesystem Context API. It is a heap-based buffer overflow in parameter length verification that can be triggered by an unprivileged local user when opening a filesystem that falls back to legacy handling, enablin...
CVE-2013-6282
The CVE-2013-6282 issue affects the Linux kernel on ARM v6k/v7 where get_user and put_user do not validate certain addresses, enabling an unprivileged user to read/write arbitrary kernel memory. Exploitation was reported in the wild on Android devices in late 2013. Affected kernel versions includ...
CVE-2023-52434
CVE-2023-52434 affects Linux kernel SMB/CIFS: the vulnerability is in smb2_parse_contexts() used by SMB2_open (mount.cifs path). Root cause: insufficient validation of offsets/lengths before dereferencing create contexts, enabling an out-of-bounds access that could trigger a kernel oops when serv...
CVE-2017-1000251
CVE-2017-1000251 affects the Linux kernel Bluetooth subsystem (BlueZ) in L2CAP processing, causing a stack buffer overflow when handling configuration responses. Affected range includes kernels from 2.6.32 up to 4.13.1. Exploitation could crash the system or, in some deployments, allow remote cod...
CVE-2019-3846
CVE-2019-3846 affects the upstream kernel’s Marvell mwifiex wireless kernel driver. The description documents a memory corruption flaw that could allow privilege escalation when connecting to a malicious wireless network. Connected sources confirm this is within the mwifiex driver and describe th...
CVE-2019-17666
CVE-2019-17666 affects the Linux kernel Realtek rtlwifi driver (rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c). The root cause is a missing upper-bound check that leads to a buffer overflow. Impact stated in sources includes memory corruption and potential remote code execution, wit...
CVE-2019-14821
CVE-2019-14821 is a Linux kernel KVM issue: an out-of-bounds access in the Coalesced MMIO write path can occur if a host user controls the MMIO ring buffer indices (ring->first/ring->last). A local attacker with /dev/kvm access could crash the host kernel or potentially escalate privileges ...
CVE-2021-22543
CVE-2021-22543 is described in connected advisories as a local privilege-escalation through KVM and improper handling of VM_IO|VM_PFNMAP VMAs, which can bypass RO checks and allow reading/writing guest memory by a privileged VM operator. Technical details across sources indicate the vulnerability...
CVE-2020-28374
CVE-2020-28374 affects the Linux kernel’s SCSI target (LIO) code, specifically drivers/target/target_core_xcopy.c, where insufficient identifier checking could let a remote attacker read or write files via directory traversal in an XCOPY request. Affected component is the Linux kernel prior to 5....
CVE-2019-6974
CVE-2019-6974 affects the Linux kernel KVM subsystem: a race in kvm_ioctl_create_device() mishandles reference counting, enabling a local user with access to /dev/kvm to cause a use-after-free, potentially crashing the guest or escalating privileges. The issue is fixed in kernel 4.20.8 and relate...
CVE-2021-4154
CVE-2021-4154 is a Linux kernel use-after-free in cgroup v1 parsing (cgroup1_parse_param) that allows local privilege escalation via the fsconfig parameter, potentially enabling container breakout and system DoS. Affected component: kernel/cgroup/cgroup-v1.c in the Linux kernel. Root cause: use-a...
CVE-2020-12351
CVE-2020-12351 corresponds to the Linux kernel Bluetooth vulnerability known as BleedingTooth. Exploitation involves Bluetooth L2CAP and related memory handling, with PoCs showing remote code execution from a nearby attacker. Root causes cited in public exploit data include a type-confusion error...
CVE-2021-3653
The CVE-2021-3653 issue affects the KVM hypervisor AMD code dealing with SVM nested virtualization. The root cause is improper validation of the int_ctl field in the VMCB provided by an L1 guest, which could allow a malicious L1 to enable AVIC for an L2 guest. Consequences stated across connected...
CVE-2020-29569
CVE-2020-29569 describes a use-after-free in the Linux kernel PV block backend (blkback) when Xen is used, where the kernel thread handler may not reset ring->xenblkd to NULL if the frontend toggles between connect/disconnect, allowing a misbehaving guest to trigger a dom0 crash. The issue aff...
CVE-2020-36158
CVE-2020-36158 is a Linux kernel vulnerability in the Marvell mwifiex WiFi driver (join.c) that allows a long SSID to trigger a buffer overflow, potentially leading to system crash or arbitrary code execution. Affected trees include kernels up to 5.10.4; upstream patch (commit 5c455c5ab332) adds ...
CVE-2019-19770
CVE-2019-19770 affects the Linux kernel 4.19.83 and is described as a use-after-free (read) in the debugfs_remove function (fs/debugfs/inode.c), which handles removal of files/dirs created via debugfs. Note: kernel developers dispute this as a debugfs issue, characterizing it as misuse of debugfs...
CVE-2018-16884
The CVE-2018-16884 issue affects the Linux kernel NFS4.1+ client: mounting NFS shares across different network namespaces can cause a use-after-free in bc_svc_process() leading to memory corruption and potential host panic. Exploitation details in the provided sources are host/container local, wi...
CVE-2022-42896
CVE-2022-42896 affects the Linux kernel, specifically use-after-free in net/bluetooth/l2cap_core.c (l2cap_connect and l2cap_le_connect_req). A remote Bluetooth proximity attacker could trigger code execution or leak kernel memory. A fix is available by upgrading past the commit 711f8c3fb3db618970...
CVE-2021-28660
CVE-2021-28660 affects the Realtek RTL8188EU WiFi driver (drivers/staging/rtl8188eu/os_dep/ioctl_linux.c) in the Linux kernel and is caused by writing beyond the end of the ssid[] array in rtw_wx_set_scan. The Connected documents confirm this exact issue across multiple advisories (e.g., Debian L...
CVE-2021-3656
CVE-2021-3656 describes a flaw in the KVM hypervisor for AMD processors where the L1 guest can provide a VMCB with an improperly validated virt_ext field, allowing the L1 to disable VMLOAD/VMSAVE intercepts and VLS for the L2 guest. This enables the L2 guest to read/write portions of the host’s p...
CVE-2023-5178
CVE-2023-5178 is a use-after-free vulnerability in the NVMe over Fabrics over TCP subsystem of the Linux kernel, specifically nvmet_tcp_free_crypto in drivers/nvme/target/tcp.c. The logical bug can lead to use-after-free and double-free conditions, with potential remote code execution or local pr...
CVE-2022-2196
The CVE-2022-2196 entry concerns a regression in Linux kernel KVM/nVMX where speculative execution could leak from an L2 guest to the host L1 due to inadequate Spectre v2 mitigations (retpolines/IBPB/eIBRS context). The description states an L2 attacker with code execution can influence indirect ...
CVE-2021-3491
CVE-2021-3491 concerns the Linux kernel io_uring PROVIDE_BUFFERS path, where the MAX_RW_COUNT limit could be bypassed, causing negative values to be used in mem_rw during /proc//mem reads. This could enable a heap overflow and potential arbitrary code execution in the kernel. The issue was addres...
CVE-2022-1055
CVE-2022-1055 affects the Linux kernel: a use-after-free in tc_new_tfilter within net/sched/cls_api.c can enable privilege escalation when unprivileged user namespaces are in use. The issue allows a local attacker to escalate privileges; exploitation relies on specific local conditions. A fix is ...
CVE-2022-1012
CVE-2022-1012 affects the Linux kernel TCP source port generation (net/ipv4/tcp.c) due to a small table perturb size, enabling information leakage and potential denial of service. Multiple connected advisories reiterate the memory-leak flaw in the TCP source port algorithm and indicate a patched ...
CVE-2019-9500
The CVE set concerns Broadcom brcmfmac WiFi driver flaws. CVE-2019-9500 is a heap buffer overflow in brcmf_wowl_nd_results triggered when Wake-on-WLAN is configured (pre-commit 1b5e2423164b3670e8bc9174e4762d297990deff); exploitation could enable arbitrary code execution on affected hosts or cause...
CVE-2022-41674
CVE-2022-41674 affects the Linux kernel (pre-5.19.16) and is triggered by injecting WLAN frames, causing a buffer overflow in ieee80211_bss_info_update() within net/mac80211/scan.c. Reported impact includes high confidentiality and high availability risk (I=None, A=High, C=High) with adjacent att...
CVE-2018-14633
CVE-2018-14633 affects the Linux kernel iSCSI target code, specifically chap_server_compute_md5(), where an unauthenticated remote attacker can trigger a stack-based buffer overflow, potentially causing a denial of service or exposing data from an iSCSI target. Public disclosures in 2018 indicate...
CVE-2026-43503
The CVE-2026-43503 entry concerns Linux kernel net/skbuff handling: when frags are moved by frag-transfer helpers (notably __pskb_copy_fclone() and skb_shift()), the SKBFL_SHARED_FRAG flag was not propagated to the destination skb, causing destination pages to remain shared while skb_has_shared_f...
CVE-2020-14305
Mode C: CVE-2020-14305 is a Linux kernel vulnerability described in connected documents as an out-of-bounds memory write affecting the Voice Over IP H.323 connection tracking for ipv6 port 1720. An unauthenticated remote attacker could crash the system, causing DoS, with high impact on confidenti...
CVE-2021-4157
CVE-2021-4157 concerns the Linux kernel NFS subsystem and a memory-bound write flaw. The description in the initial document states an out-of-bounds write of 1–2 bytes could be triggered when using mirroring/replication over NFS, potentially allowing a user with NFS mount access to crash the syst...
CVE-2021-31440
CVE-2021-31440 affects the Linux kernel, with the vulnerability in the eBPF verifier: improper validation of user-supplied eBPF programs can allow a local attacker to escalate privileges and execute code in kernel context. The issue is rooted in the handling/verification of eBPF programs, leading...
CVE-2018-1087
CVE-2018-1087 describes a vulnerability in the Linux kernel KVM where exceptions delivered after a stack switch (via Mov SS or Pop SS) were not properly handled. The flaw could allow an unprivileged KVM guest user to crash the guest or potentially escalate privileges within the guest. The descrip...
CVE-2026-43284
Summary of CVE-2026-43284 (Linux kernel): The issue occurs in ESP decryption for UDP paths when using shared skb frags. Specifically, after MSG_SPLICE_PAGES attaches pages to an skb, and SKBFL_SHARED_FRAG is set, ESP input could decrypt in place on data not privately owned by the skb, if the frag...
CVE-2018-18559
CVE-2018-18559 affects the Linux kernel up to 4.19, caused by a use-after-free in a race between fanout_add from setsockopt and bind on AF_PACKET sockets. The issue stems from an incomplete fix (15fe076...) and a multithreaded sequence where a packet_do_bind unregister action followed by a packet...
CVE-2023-44466
CVE-2023-44466 is described as a Linux kernel issue in net/ceph/messenger_v2.c (before 6.4.5) with a signedness error that enables a buffer overflow and remote code execution via HELLO or AUTH frames, caused by an untrusted length from a TCP packet in ceph_decode_32. The Connected documents reite...
CVE-2022-42719
Summary of CVE-2022-42719 : A use-after-free in the mac80211 wireless stack when parsing a multi-BSSID element in the Linux kernel (versions 5.2–5.19.14) could allow a remote attacker who can inject WLAN frames to crash the kernel and potentially execute code. The vulnerability impacts the Linux ...
CVE-2022-3640
CVE-2022-3640 is a Linux Kernel issue affecting the Bluetooth layer. The vulnerability stems from a use-after-free in the l2cap_conn_del function in net/bluetooth/l2cap_core.c. The Astra Linux bulletin confirms the same flaw and notes affected kernel lines (linux-5.10, linux-5.15), indicating the...
CVE-2018-16882
CVE-2018-16882 is a use-after-free in the Linux kernel KVM hypervisor when handling posted interrupts with nested virtualization. In nested_get_vmcs12_pages(), an error while processing the posted interrupt address can leave pi_desc_page unmapped without resetting the pi_desc descriptor, which is...
CVE-2018-9363
CVE-2018-9363 is a Linux-kernel vulnerability in the HIDP Bluetooth driver: hidp_process_report can overflow a buffer due to incorrect length handling, potentially causing memory corruption and DoS, with possible remote code execution. Public documents across Debian/Ubuntu/CentOS‑related advisori...
CVE-2024-25744
In CVE-2024-25744, Linux kernel versions before 6.6.7 are vulnerable: an untrusted VMM can trigger int80 syscall handling at any point due to code in arch/x86/coco/tdx/tdx.c and arch/x86/mm/mem_encrypt_amd.c. This is a local-privilege impact condition as described by the advisory, with a base sco...
CVE-2024-36886
The CVE-2024-36886 issue is a use-after-free in TIPC (tipc_buf_append) in the Linux kernel, leading to a remote code execution vulnerability via the tipc path. The associated advisories (e.g., ALSA-2024:4583) confirm a fix in kernel security updates and list CVE-2024-36886 among fixed items. Affe...
CVE-2023-39191
The CVE-2023-39191 issue affects the Linux kernel eBPF subsystem: improper validation of dynamic pointers in user-supplied eBPF programs can be exploited by a user with CAP_BPF privileges to escalate privileges and run code in kernel context. Multiple connected advisories (e.g., Red Hat RHSA entr...
CVE-2016-3134
The CVE-2016-3134 issue affects the Linux kernel netfilter/ip_tables.c, where the mark_source_chains() path can process an IPT_SET_REPLACE entry with an unvalidated next_offset. This can lead to out-of-bounds writes that enable local privilege escalation or cause a denial of service (heap memory ...
CVE-2022-27223
The CVE-2022-27223 entry concerns Linux kernel code, specifically the udc-xilinx USB gadget driver (drivers/usb/gadget/udc/udc-xilinx.c). Affected are kernel builds before 5.16.12 where the endpoint index is not validated and can be manipulated by the host to trigger out-of-array access. The desc...
CVE-2017-2583
CVE-2017-2583 affects the Linux kernel’s KVM emulation for x86, where load of a null stack selector can be incorrectly handled in long mode. The flaw allows a guest-host user to crash the guest OS (DoS) or potentially escalate privileges within the guest on affected CPUs, due to improper emulatio...