Lucene search
K
LinuxLinux Kernel

219 matches found

CVE
CVE
added 2024/02/27 6:47 p.m.3319 views

CVE-2021-46973

CVE-2021-46973 is a Linux kernel use-after-free in the MHI path for qrtr (net: qrtr: Avoid potential use after free in MHI send). The issue occurs because the MHI ul_callback could run immediately after queuing an skb, potentially decrementing the associated skb’s refcount and freeing it, which m...

8.4CVSS8.2AI score0.00236EPSS
CVE
CVE
added 2013/05/14 8:0 p.m.963 views

CVE-2013-2094

CVE-2013-2094 affects the Linux kernel: the perf_swevent_init code in kernel/events/core.c uses an incorrect integer type, enabling a local, unprivileged user to escalate privileges via a crafted perf_event_open call. The issue leads to out-of-bounds access of perf_swevent_enabled and has been fi...

8.4CVSS7.3AI score0.47709EPSS
In wild
CVE
CVE
added 2021/07/07 11:20 a.m.853 views

CVE-2021-22555

CVE-2021-22555 is a Linux kernel heap out-of-bounds write vulnerability in net/netfilter/x_tables.c, dating to 2.6.19-rc1. The issue allows a local attacker to gain privileges or cause a DoS via heap memory corruption in the username space. Public sources in the connected docs confirm the vulnera...

8.3CVSS8.3AI score0.78684EPSS
In wild
CVE
CVE
added 2023/06/05 9:40 p.m.836 views

CVE-2023-3079

Summary (CVE-2023-3079) : A type confusion in V8 in Google Chrome prior to 114.0.5735.110 can allow remote code execution via a crafted HTML page, with heap corruption as the underlying issue. The vulnerability affects Chrome’s Chromium-based rendering stack (V8 engine) and is rated High severity...

8.8CVSS8.6AI score0.32724EPSS
In wild
CVE
CVE
added 2022/02/11 5:40 p.m.814 views

CVE-2022-0185

CVE-2022-0185 is a Linux kernel vulnerability in the legacy_parse_param path of the Filesystem Context API. It is a heap-based buffer overflow in parameter length verification that can be triggered by an unprivileged local user when opening a filesystem that falls back to legacy handling, enablin...

8.4CVSS8.1AI score0.25151EPSS
In wild
CVE
CVE
added 2013/11/19 3:0 p.m.804 views

CVE-2013-6282

The CVE-2013-6282 issue affects the Linux kernel on ARM v6k/v7 where get_user and put_user do not validate certain addresses, enabling an unprivileged user to read/write arbitrary kernel memory. Exploitation was reported in the wild on Android devices in late 2013. Affected kernel versions includ...

8.8CVSS7.7AI score0.39711EPSS
In wild
CVE
CVE
added 2024/02/20 6:4 p.m.739 views

CVE-2023-52434

CVE-2023-52434 affects Linux kernel SMB/CIFS: the vulnerability is in smb2_parse_contexts() used by SMB2_open (mount.cifs path). Root cause: insufficient validation of offsets/lengths before dereferencing create contexts, enabling an out-of-bounds access that could trigger a kernel oops when serv...

8CVSS7.7AI score0.00561EPSS
CVE
CVE
added 2017/09/12 5:0 p.m.674 views

CVE-2017-1000251

CVE-2017-1000251 affects the Linux kernel Bluetooth subsystem (BlueZ) in L2CAP processing, causing a stack buffer overflow when handling configuration responses. Affected range includes kernels from 2.6.32 up to 4.13.1. Exploitation could crash the system or, in some deployments, allow remote cod...

8CVSS8AI score0.16181EPSS
CVE
CVE
added 2019/06/03 6:25 p.m.645 views

CVE-2019-3846

CVE-2019-3846 affects the upstream kernel’s Marvell mwifiex wireless kernel driver. The description documents a memory corruption flaw that could allow privilege escalation when connecting to a malicious wireless network. Connected sources confirm this is within the mwifiex driver and describe th...

8.8CVSS9.1AI score0.05649EPSS
CVE
CVE
added 2019/10/17 1:47 a.m.640 views

CVE-2019-17666

CVE-2019-17666 affects the Linux kernel Realtek rtlwifi driver (rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c). The root cause is a missing upper-bound check that leads to a buffer overflow. Impact stated in sources includes memory corruption and potential remote code execution, wit...

8.8CVSS8.9AI score0.03017EPSS
CVE
CVE
added 2019/09/19 5:37 p.m.617 views

CVE-2019-14821

CVE-2019-14821 is a Linux kernel KVM issue: an out-of-bounds access in the Coalesced MMIO write path can occur if a host user controls the MMIO ring buffer indices (ring->first/ring->last). A local attacker with /dev/kvm access could crash the host kernel or potentially escalate privileges ...

8.8CVSS9AI score0.00763EPSS
CVE
CVE
added 2021/05/26 10:30 a.m.589 views

CVE-2021-22543

CVE-2021-22543 is described in connected advisories as a local privilege-escalation through KVM and improper handling of VM_IO|VM_PFNMAP VMAs, which can bypass RO checks and allow reading/writing guest memory by a privileged VM operator. Technical details across sources indicate the vulnerability...

8.7CVSS7.6AI score0.0066EPSS
CVE
CVE
added 2021/01/13 3:7 a.m.568 views

CVE-2020-28374

CVE-2020-28374 affects the Linux kernel’s SCSI target (LIO) code, specifically drivers/target/target_core_xcopy.c, where insufficient identifier checking could let a remote attacker read or write files via directory traversal in an XCOPY request. Affected component is the Linux kernel prior to 5....

8.1CVSS7.8AI score0.06563EPSS
CVE
CVE
added 2019/02/15 3:0 p.m.565 views

CVE-2019-6974

CVE-2019-6974 affects the Linux kernel KVM subsystem: a race in kvm_ioctl_create_device() mishandles reference counting, enabling a local user with access to /dev/kvm to cause a use-after-free, potentially crashing the guest or escalating privileges. The issue is fixed in kernel 4.20.8 and relate...

8.1CVSS7.7AI score0.16523EPSS
CVE
CVE
added 2022/02/04 10:29 p.m.560 views

CVE-2021-4154

CVE-2021-4154 is a Linux kernel use-after-free in cgroup v1 parsing (cgroup1_parse_param) that allows local privilege escalation via the fsconfig parameter, potentially enabling container breakout and system DoS. Affected component: kernel/cgroup/cgroup-v1.c in the Linux kernel. Root cause: use-a...

8.8CVSS8.1AI score0.01206EPSS
CVE
CVE
added 2020/11/23 4:15 p.m.433 views

CVE-2020-12351

CVE-2020-12351 corresponds to the Linux kernel Bluetooth vulnerability known as BleedingTooth. Exploitation involves Bluetooth L2CAP and related memory handling, with PoCs showing remote code execution from a nearby attacker. Root causes cited in public exploit data include a type-confusion error...

8.8CVSS9AI score0.07693EPSS
CVE
CVE
added 2021/09/29 7:41 p.m.432 views

CVE-2021-3653

The CVE-2021-3653 issue affects the KVM hypervisor AMD code dealing with SVM nested virtualization. The root cause is improper validation of the int_ctl field in the VMCB provided by an L1 guest, which could allow a malicious L1 to enable AVIC for an L2 guest. Consequences stated across connected...

8.8CVSS8.3AI score0.00413EPSS
CVE
CVE
added 2020/12/15 5:0 p.m.418 views

CVE-2020-29569

CVE-2020-29569 describes a use-after-free in the Linux kernel PV block backend (blkback) when Xen is used, where the kernel thread handler may not reset ring->xenblkd to NULL if the frontend toggles between connect/disconnect, allowing a misbehaving guest to trigger a dom0 crash. The issue aff...

8.8CVSS8.3AI score0.00388EPSS
CVE
CVE
added 2021/01/05 4:25 a.m.415 views

CVE-2020-36158

CVE-2020-36158 is a Linux kernel vulnerability in the Marvell mwifiex WiFi driver (join.c) that allows a long SSID to trigger a buffer overflow, potentially leading to system crash or arbitrary code execution. Affected trees include kernels up to 5.10.4; upstream patch (commit 5c455c5ab332) adds ...

8.8CVSS7.7AI score0.02209EPSS
CVE
CVE
added 2019/12/12 7:39 p.m.410 views

CVE-2019-19770

CVE-2019-19770 affects the Linux kernel 4.19.83 and is described as a use-after-free (read) in the debugfs_remove function (fs/debugfs/inode.c), which handles removal of files/dirs created via debugfs. Note: kernel developers dispute this as a debugfs issue, characterizing it as misuse of debugfs...

8.2CVSS7.2AI score0.02447EPSS
CVE
CVE
added 2018/12/18 10:0 p.m.408 views

CVE-2018-16884

The CVE-2018-16884 issue affects the Linux kernel NFS4.1+ client: mounting NFS shares across different network namespaces can cause a use-after-free in bc_svc_process() leading to memory corruption and potential host panic. Exploitation details in the provided sources are host/container local, wi...

8CVSS7.8AI score0.01455EPSS
CVE
CVE
added 2022/11/23 2:11 p.m.408 views

CVE-2022-42896

CVE-2022-42896 affects the Linux kernel, specifically use-after-free in net/bluetooth/l2cap_core.c (l2cap_connect and l2cap_le_connect_req). A remote Bluetooth proximity attacker could trigger code execution or leak kernel memory. A fix is available by upgrading past the commit 711f8c3fb3db618970...

8.8CVSS8.7AI score0.02014EPSS
CVE
CVE
added 2021/03/17 12:0 a.m.394 views

CVE-2021-28660

CVE-2021-28660 affects the Realtek RTL8188EU WiFi driver (drivers/staging/rtl8188eu/os_dep/ioctl_linux.c) in the Linux kernel and is caused by writing beyond the end of the ssid[] array in rtw_wx_set_scan. The Connected documents confirm this exact issue across multiple advisories (e.g., Debian L...

8.8CVSS7.6AI score0.01316EPSS
CVE
CVE
added 2022/03/04 6:41 p.m.384 views

CVE-2021-3656

CVE-2021-3656 describes a flaw in the KVM hypervisor for AMD processors where the L1 guest can provide a VMCB with an improperly validated virt_ext field, allowing the L1 to disable VMLOAD/VMSAVE intercepts and VLS for the L2 guest. This enables the L2 guest to read/write portions of the host’s p...

8.8CVSS8.6AI score0.00658EPSS
CVE
CVE
added 2023/11/01 4:32 p.m.383 views

CVE-2023-5178

CVE-2023-5178 is a use-after-free vulnerability in the NVMe over Fabrics over TCP subsystem of the Linux kernel, specifically nvmet_tcp_free_crypto in drivers/nvme/target/tcp.c. The logical bug can lead to use-after-free and double-free conditions, with potential remote code execution or local pr...

8.8CVSS8.9AI score0.09141EPSS
CVE
CVE
added 2023/01/09 10:59 a.m.362 views

CVE-2022-2196

The CVE-2022-2196 entry concerns a regression in Linux kernel KVM/nVMX where speculative execution could leak from an L2 guest to the host L1 due to inadequate Spectre v2 mitigations (retpolines/IBPB/eIBRS context). The description states an L2 attacker with code execution can influence indirect ...

8.8CVSS7.5AI score0.00285EPSS
CVE
CVE
added 2021/06/04 1:40 a.m.361 views

CVE-2021-3491

CVE-2021-3491 concerns the Linux kernel io_uring PROVIDE_BUFFERS path, where the MAX_RW_COUNT limit could be bypassed, causing negative values to be used in mem_rw during /proc//mem reads. This could enable a heap overflow and potential arbitrary code execution in the kernel. The issue was addres...

8.8CVSS8.2AI score0.00629EPSS
CVE
CVE
added 2022/03/29 3:5 p.m.360 views

CVE-2022-1055

CVE-2022-1055 affects the Linux kernel: a use-after-free in tc_new_tfilter within net/sched/cls_api.c can enable privilege escalation when unprivileged user namespaces are in use. The issue allows a local attacker to escalate privileges; exploitation relies on specific local conditions. A fix is ...

8.6CVSS7.7AI score0.005EPSS
CVE
CVE
added 2022/08/05 12:0 a.m.357 views

CVE-2022-1012

CVE-2022-1012 affects the Linux kernel TCP source port generation (net/ipv4/tcp.c) due to a small table perturb size, enabling information leakage and potential denial of service. Multiple connected advisories reiterate the memory-leak flaw in the TCP source port algorithm and indicate a patched ...

8.2CVSS7.1AI score0.02972EPSS
CVE
CVE
added 2020/01/16 8:35 p.m.348 views

CVE-2019-9500

The CVE set concerns Broadcom brcmfmac WiFi driver flaws. CVE-2019-9500 is a heap buffer overflow in brcmf_wowl_nd_results triggered when Wake-on-WLAN is configured (pre-commit 1b5e2423164b3670e8bc9174e4762d297990deff); exploitation could enable arbitrary code execution on affected hosts or cause...

8.3CVSS7.8AI score0.03844EPSS
CVE
CVE
added 2022/10/13 12:0 a.m.344 views

CVE-2022-41674

CVE-2022-41674 affects the Linux kernel (pre-5.19.16) and is triggered by injecting WLAN frames, causing a buffer overflow in ieee80211_bss_info_update() within net/mac80211/scan.c. Reported impact includes high confidentiality and high availability risk (I=None, A=High, C=High) with adjacent att...

8.1CVSS8.2AI score0.03763EPSS
CVE
CVE
added 2018/09/25 12:0 a.m.341 views

CVE-2018-14633

CVE-2018-14633 affects the Linux kernel iSCSI target code, specifically chap_server_compute_md5(), where an unauthenticated remote attacker can trigger a stack-based buffer overflow, potentially causing a denial of service or exposing data from an iSCSI target. Public disclosures in 2018 indicate...

8.3CVSS7.9AI score0.08743EPSS
CVE
CVE
added 2026/05/23 11:44 a.m.337 views

CVE-2026-43503

The CVE-2026-43503 entry concerns Linux kernel net/skbuff handling: when frags are moved by frag-transfer helpers (notably __pskb_copy_fclone() and skb_shift()), the SKBFL_SHARED_FRAG flag was not propagated to the destination skb, causing destination pages to remain shared while skb_has_shared_f...

8.8CVSS5.8AI score0.00135EPSS
CVE
CVE
added 2020/12/02 12:48 a.m.333 views

CVE-2020-14305

Mode C: CVE-2020-14305 is a Linux kernel vulnerability described in connected documents as an out-of-bounds memory write affecting the Voice Over IP H.323 connection tracking for ipv6 port 1720. An unauthenticated remote attacker could crash the system, causing DoS, with high impact on confidenti...

8.3CVSS7.8AI score0.05114EPSS
CVE
CVE
added 2022/03/25 6:2 p.m.327 views

CVE-2021-4157

CVE-2021-4157 concerns the Linux kernel NFS subsystem and a memory-bound write flaw. The description in the initial document states an out-of-bounds write of 1–2 bytes could be triggered when using mirroring/replication over NFS, potentially allowing a user with NFS mount access to crash the syst...

8CVSS7.6AI score0.01584EPSS
CVE
CVE
added 2021/05/21 2:30 p.m.323 views

CVE-2021-31440

CVE-2021-31440 affects the Linux kernel, with the vulnerability in the eBPF verifier: improper validation of user-supplied eBPF programs can allow a local attacker to escalate privileges and execute code in kernel context. The issue is rooted in the handling/verification of eBPF programs, leading...

8.8CVSS7.4AI score0.01754EPSS
CVE
CVE
added 2018/05/15 4:0 p.m.314 views

CVE-2018-1087

CVE-2018-1087 describes a vulnerability in the Linux kernel KVM where exceptions delivered after a stack switch (via Mov SS or Pop SS) were not properly handled. The flaw could allow an unprivileged KVM guest user to crash the guest or potentially escalate privileges within the guest. The descrip...

8CVSS6.3AI score0.00773EPSS
CVE
CVE
added 2026/05/08 7:21 a.m.314 views

CVE-2026-43284

Summary of CVE-2026-43284 (Linux kernel): The issue occurs in ESP decryption for UDP paths when using shared skb frags. Specifically, after MSG_SPLICE_PAGES attaches pages to an skb, and SKBFL_SHARED_FRAG is set, ESP input could decrypt in place on data not privately owned by the skb, if the frag...

8.8CVSS5.8AI score0.93235EPSS
In wild
CVE
CVE
added 2018/10/22 4:0 p.m.306 views

CVE-2018-18559

CVE-2018-18559 affects the Linux kernel up to 4.19, caused by a use-after-free in a race between fanout_add from setsockopt and bind on AF_PACKET sockets. The issue stems from an incomplete fix (15fe076...) and a multithreaded sequence where a packet_do_bind unregister action followed by a packet...

8.1CVSS7.6AI score0.02612EPSS
CVE
CVE
added 2023/09/29 12:0 a.m.302 views

CVE-2023-44466

CVE-2023-44466 is described as a Linux kernel issue in net/ceph/messenger_v2.c (before 6.4.5) with a signedness error that enables a buffer overflow and remote code execution via HELLO or AUTH frames, caused by an untrusted length from a TCP packet in ceph_decode_32. The Connected documents reite...

8.8CVSS8.9AI score0.54577EPSS
CVE
CVE
added 2022/10/13 12:0 a.m.293 views

CVE-2022-42719

Summary of CVE-2022-42719 : A use-after-free in the mac80211 wireless stack when parsing a multi-BSSID element in the Linux kernel (versions 5.2–5.19.14) could allow a remote attacker who can inject WLAN frames to crash the kernel and potentially execute code. The vulnerability impacts the Linux ...

8.8CVSS8.3AI score0.0123EPSS
CVE
CVE
added 2022/10/21 12:0 a.m.292 views

CVE-2022-3640

CVE-2022-3640 is a Linux Kernel issue affecting the Bluetooth layer. The vulnerability stems from a use-after-free in the l2cap_conn_del function in net/bluetooth/l2cap_core.c. The Astra Linux bulletin confirms the same flaw and notes affected kernel lines (linux-5.10, linux-5.15), indicating the...

8.8CVSS7.2AI score0.01067EPSS
CVE
CVE
added 2019/01/03 4:0 p.m.274 views

CVE-2018-16882

CVE-2018-16882 is a use-after-free in the Linux kernel KVM hypervisor when handling posted interrupts with nested virtualization. In nested_get_vmcs12_pages(), an error while processing the posted interrupt address can leave pi_desc_page unmapped without resetting the pi_desc descriptor, which is...

8.8CVSS8.1AI score0.0036EPSS
CVE
CVE
added 2018/11/06 5:0 p.m.259 views

CVE-2018-9363

CVE-2018-9363 is a Linux-kernel vulnerability in the HIDP Bluetooth driver: hidp_process_report can overflow a buffer due to incorrect length handling, potentially causing memory corruption and DoS, with possible remote code execution. Public documents across Debian/Ubuntu/CentOS‑related advisori...

8.4CVSS7.7AI score0.00456EPSS
CVE
CVE
added 2024/02/12 12:0 a.m.259 views

CVE-2024-25744

In CVE-2024-25744, Linux kernel versions before 6.6.7 are vulnerable: an untrusted VMM can trigger int80 syscall handling at any point due to code in arch/x86/coco/tdx/tdx.c and arch/x86/mm/mem_encrypt_amd.c. This is a local-privilege impact condition as described by the advisory, with a base sco...

8.8CVSS6.3AI score0.00278EPSS
CVE
CVE
added 2024/05/30 3:28 p.m.246 views

CVE-2024-36886

The CVE-2024-36886 issue is a use-after-free in TIPC (tipc_buf_append) in the Linux kernel, leading to a remote code execution vulnerability via the tipc path. The associated advisories (e.g., ALSA-2024:4583) confirm a fix in kernel security updates and list CVE-2024-36886 among fixed items. Affe...

8.1CVSS8.2AI score0.01305EPSS
CVE
CVE
added 2023/10/04 6:3 p.m.245 views

CVE-2023-39191

The CVE-2023-39191 issue affects the Linux kernel eBPF subsystem: improper validation of dynamic pointers in user-supplied eBPF programs can be exploited by a user with CAP_BPF privileges to escalate privileges and run code in kernel context. Multiple connected advisories (e.g., Red Hat RHSA entr...

8.2CVSS8.2AI score0.00516EPSS
CVE
CVE
added 2016/04/27 5:0 p.m.236 views

CVE-2016-3134

The CVE-2016-3134 issue affects the Linux kernel netfilter/ip_tables.c, where the mark_source_chains() path can process an IPT_SET_REPLACE entry with an unvalidated next_offset. This can lead to out-of-bounds writes that enable local privilege escalation or cause a denial of service (heap memory ...

8.4CVSS6.1AI score0.01234EPSS
CVE
CVE
added 2022/03/15 11:51 p.m.234 views

CVE-2022-27223

The CVE-2022-27223 entry concerns Linux kernel code, specifically the udc-xilinx USB gadget driver (drivers/usb/gadget/udc/udc-xilinx.c). Affected are kernel builds before 5.16.12 where the endpoint index is not validated and can be manipulated by the host to trigger out-of-array access. The desc...

8.8CVSS8.1AI score0.021EPSS
CVE
CVE
added 2017/02/06 6:4 a.m.231 views

CVE-2017-2583

CVE-2017-2583 affects the Linux kernel’s KVM emulation for x86, where load of a null stack selector can be incorrectly handled in long mode. The flaw allows a guest-host user to crash the guest OS (DoS) or potentially escalate privileges within the guest on affected CPUs, due to improper emulatio...

8.4CVSS7.9AI score0.00582EPSS
Total number of security vulnerabilities219