Lucene search
K
LinuxLinux Kernel

236 matches found

CVE
CVE
added 2012/05/24 11:0 p.m.973 views

CVE-2011-3188

CVE-2011-3188 affects the Linux kernel prior to 3.1, where IPv4 and IPv6 sequence numbers/Fragment IDs are generated with a modified MD4. This predictable value generation enables remote attackers to cause DoS or hijack sessions by crafting packets. The vulnerability is mitigated by upgrading the...

9.1CVSS8.7AI score0.05798EPSS
CVE
CVE
added 2019/09/24 5:55 a.m.722 views

CVE-2019-16746

CVE-2019-16746 : A buffer overflow in the Linux kernel (net/wireless/nl80211.c) can occur through improper bounds checking of variable-length elements in a beacon head, enabling potential arbitrary code execution or a system crash. The issue affects Linux kernels up to at least 5.2.17, with repor...

9.8CVSS9.1AI score0.12651EPSS
CVE
CVE
added 2022/02/16 6:35 p.m.659 views

CVE-2021-3773

CVE-2021-3773 is a netfilter information-disclosure vulnerability in the Linux kernel that could allow a network-connected attacker to infer the OpenVPN connection endpoint. The issue is described as an information leak through netfilter, enabling reconnaissance for further attacks. Exploitation ...

9.8CVSS8.9AI score0.05279EPSS
CVE
CVE
added 2019/10/04 11:57 a.m.594 views

CVE-2019-17133

CVE-2019-17133 affects Linux kernel up to 5.3.2, where cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c fails to reject an oversized SSID IE, causing a Buffer Overflow. The available connected docs confirm the vulnerability and its impact but do not provide a specific patched version or reme...

9.8CVSS9AI score0.06652EPSS
CVE
CVE
added 2022/03/25 12:0 a.m.570 views

CVE-2022-0435

CVE-2022-0435 is a Linux kernel TIPc stack overflow issue. The vulnerability occurs in TIPc domain record handling when a peer sends a domain with more than 64 members, enabling a remote attacker with access to the TIPc network to crash the system and potentially escalate privileges. Connected ad...

9CVSS9AI score0.67994EPSS
CVE
CVE
added 2019/05/07 1:4 p.m.493 views

CVE-2018-20836

CVE-2018-20836 : A race condition in the Linux kernel before 4.20, specifically in drivers/scsi/libsas/sas_expander.c (smp_task_timedout() vs smp_task_done()), can lead to a use-after-free. Affected: Linux kernel versions prior to 4.20. Impact is described as high by CVSS. The provided documents ...

9.3CVSS7.5AI score0.05111EPSS
CVE
CVE
added 2025/10/04 7:31 a.m.489 views

CVE-2025-39946

CVE-2025-39946 affects the Linux kernel TLS/record parsing path. When a record header is bogus and data arrives in small chunks, tls_rx_msg_size() may not abort early enough, risking skb space overflow due to repeated partial parsing. The fixed behavior aborts the TLS stream as soon as an invalid...

9.8CVSS6.4AI score0.08942EPSS
CVE
CVE
added 2021/11/02 10:13 p.m.463 views

CVE-2021-43267

The CVE-2021-43267 issue affects the Linux kernel up to version 5.14.16 in the TIPC crypto path (net/tipc/crypto.c). The vulnerability arises from insufficient validation of user-supplied sizes for the MSG_CRYPTO message type, enabling remote attackers to potentially corrupt memory or escalate pr...

9.8CVSS6.8AI score0.5758EPSS
CVE
CVE
added 2019/06/14 1:56 p.m.456 views

CVE-2019-10126

CVE-2019-10126 affects the Linux kernel Marvell mwifiex wireless kernel driver. The issue is a heap-based buffer overflow in mwifiex_uap_parse_tail_ies (drivers/net/wireless/marvell/mwifiex/ie.c) that can lead to memory corruption. Public documents in the Connected set identify the affected compo...

9.8CVSS9.8AI score0.06821EPSS
CVE
CVE
added 2019/09/04 8:33 p.m.435 views

CVE-2019-15926

CVE-2019-15926 targets the Linux kernel up to version 5.2.2, with an out-of-bounds access in the Marvell/ ath6kl wireless driver: the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx in drivers/net/wireless/ath/ath6kl/wmi.c. The connected Nessus entries confirm the flaw e...

9.4CVSS8.6AI score0.05189EPSS
CVE
CVE
added 2019/05/08 1:36 p.m.405 views

CVE-2019-11815

The CVE-2019-11815 issue affects Linux kernels with net/rds/tcp.c: rds_tcp_kill_sock contains a race that can cause a use-after-free during net namespace cleanup (pre-5.0.8). A fix was committed and released in 5.0.8; upgrading to 5.0.8+ (or applying the patch) is the advised remediation. The Uni...

9.3CVSS7.5AI score0.04458EPSS
CVE
CVE
added 2019/11/29 2:0 p.m.338 views

CVE-2019-14897

CVE-2019-14897 affects the Linux kernel (kernel-2.6.32) Marvell WiFi chip driver. A stack-based buffer overflow in this driver can allow a remote attacker to cause a denial of service (system crash) or possibly execute arbitrary code when a STA operates in IBSS mode and connects to another STA. T...

9.8CVSS9.6AI score0.02909EPSS
CVE
CVE
added 2019/11/29 1:50 p.m.325 views

CVE-2019-14895

CVE-2019-14895 is a heap-based buffer overflow in the Marvell WiFi chip driver (mwifiex) of the Linux kernel. Affected: Linux kernel 3.x and 4.x prior to 4.18.0; vulnerability can occur when a station negotiates a connection while handling remote country settings. Impact stated in public sources ...

9.8CVSS9.9AI score0.0776EPSS
CVE
CVE
added 2019/11/07 3:28 p.m.309 views

CVE-2019-18814

CVE-2019-18814 affects the Linux kernel up to version 5.3.9. The vulnerability is a use-after-free in aa_label_parse() when it fails inside aa_audit_rule_init() in security/apparmor/audit.c. The issue can lead to memory corruption via use-after-free, with potential impact to confidentiality, inte...

9.8CVSS8.8AI score0.02503EPSS
CVE
CVE
added 2024/10/21 11:53 a.m.297 views

CVE-2024-47685

In the Linux kernel, CVE-2024-47685 patches nf_reject_ipv6: nf_reject_ip6_tcphdr_put() could push garbage into the four reserved TCP bits (th->res1) per KMSAN. The fix clears the entire TCP header using skb_put_zero(), aligning with nf_reject_ip_tcphdr_put(). Connected Astra Linux bulletin rep...

9.1CVSS8.9AI score0.01367EPSS
CVE
CVE
added 2019/02/22 3:0 p.m.288 views

CVE-2018-20784

CVE-2018-20784 affects the Linux kernel prior to 4.20.2, where kernel/sched/fair.c mishandles leaf cfs_rq’s, allowing a denial of service via an infinite loop in update_blocked_averages and potentially other impact from induced high load. The publicly documented fix is in kernel version 4.20.2 (C...

9.8CVSS9.2AI score0.04173EPSS
CVE
CVE
added 2026/06/09 11:52 a.m.270 views

CVE-2026-46316

A vulnerability in Linux kernel KVM for ARM64 (vgic-its) is resolved. The issue stemmed from vgic_its_invalidate_cache() traversing the per-ITS translation cache with xa_for_each() and dropping the cache’s reference on each entry using vgic_put_irq(), but it dropped the reference of the pointer r...

9.3CVSS5.4AI score0.00197EPSS
CVE
CVE
added 2024/06/19 1:35 p.m.266 views

CVE-2024-38541

CVE-2024-38541: Linux kernel of_modalias() had a potential buffer overflow when the destination buffer was too small, causing len to become negative and str to point beyond the buffer. The fix adds a buffer overflow check after the first snprintf() and corrects the check after strlen() to account...

9.8CVSS8.3AI score0.01483EPSS
CVE
CVE
added 2019/11/27 3:30 p.m.264 views

CVE-2019-10220

CVE-2019-10220 affects the Linux kernel CIFS implementation when using kernel version 4.9.0, which is vulnerable to a relative path injection in directory entry lists. The connected Nessus advisories corroborate that this CVE is referenced in multiple advisory plugins, describing the affected com...

9.3CVSS8.9AI score0.05123EPSS
CVE
CVE
added 2019/11/07 1:8 p.m.246 views

CVE-2019-18805

CVE-2019-18805 affects the Linux kernel prior to 5.0.11. A signed integer overflow occurs in net/ipv4/sysctl_net_ipv4.c and in tcp_input.c (tcp_ack_update_rtt()) when a very large value is written to /proc/sys/net/ipv4/tcp_min_rtt_wlen, potentially causing a denial of service or other impact. Con...

9.8CVSS9.1AI score0.03431EPSS
CVE
CVE
added 2018/02/11 6:0 p.m.233 views

CVE-2017-18174

In Linux kernel before 4.7, the amd_gpio_remove function in drivers/pinctrl/pinctrl-amd.c calls pinctrl_unregister, leading to a double free. Affected: kernels prior to 4.7 (various distributions). The issue was addressed in later kernel updates (e.g., commits from Linus Torvalds’ tree referenced...

9.8CVSS8AI score0.03399EPSS
CVE
CVE
added 2019/12/17 5:58 a.m.231 views

CVE-2019-19816

CVE-2019-19816 affects the Linux kernel 5.0.21: mounting a crafted btrfs image can trigger a slab-out-of-bounds write in __btrfs_map_block in fs/btrfs/volumes.c due to mishandling of the data stripes value = 1. The connected Nessus advisory blocks (Unity Linux UTSA-2026-004332 and related plugin ...

9.3CVSS7.1AI score0.03293EPSS
CVE
CVE
added 2016/11/16 4:49 a.m.226 views

CVE-2016-7910

CVE-2016-7910 is a Linux kernel use-after-free vulnerability in the disk_seqf_stop function (block/genhd.c) that allows a local attacker to gain elevated privileges by taking advantage of a stop operation after a failed start. Affected: Linux kernel versions before 4.7.1. Root cause: use-after-fr...

9.3CVSS7.4AI score0.02966EPSS
CVE
CVE
added 2022/03/18 11:20 a.m.222 views

CVE-2022-0742

CVE-2022-0742: Memory leak in Linux kernel ICMPv6 implementation (Linux kernel 5.13+) can allow a remote attacker to cause a DoS by flooding with ICMPv6 packets of type 130/131, exhausting memory. The advisory references a fix via a commit: 2d3916f3189172d5c69d33065c3c21119fe539fc. Connected sour...

9.1CVSS8.1AI score0.04919EPSS
CVE
CVE
added 2016/11/16 4:49 a.m.212 views

CVE-2016-7913

CVE-2016-7913 affects the Linux kernel tuner driver xc2028 (drivers/media/tuners/tuner-xc2028.c). The vulnerability stems from xc2028_set_config: if the firmware name is omitted from a data structure, a local attacker can trigger a use-after-free, enabling privilege escalation or a denial of serv...

9.3CVSS7.7AI score0.02156EPSS
CVE
CVE
added 2024/05/24 3:9 p.m.206 views

CVE-2021-47548

CVE-2021-47548 (Linux kernel ethernet: hisilicon: hns: hns_dsaf_misc) fixes an array overflow in hns_dsaf_ge_srst_by_port(). The port check was port >= DSAF_GE_NUM (8), but dsaf_dev->mac_cb has length DSAF_MAX_PORT_NUM (6); ports 6–7 could access dsaf_dev->mac_cb[port] and overflow. The ...

9.8CVSS8.1AI score0.01358EPSS
CVE
CVE
added 2024/05/21 2:20 p.m.200 views

CVE-2021-47274

CVE-2021-47274 (Linux kernel tracing): The issue stems from a length check in tracing that can cause memory corruption in ftrace data, leading to kernel crashes. A fix was added (commit b220c049d519) to validate the length before exposing the trace buffer, addressing overflow introduced by a prio...

9.8CVSS9.2AI score0.01261EPSS
CVE
CVE
added 2024/05/30 3:23 p.m.190 views

CVE-2024-36031

CVE-2024-36031 is a Linux kernel vulnerability where, during key instantiation, the expiry time of a key is unconditionally overwritten to TIME64_MAX, effectively making it permanent and breaking DNS updates. The root cause is the unconditional key_set_expiry call during instantiation; the fix re...

9.8CVSS8.4AI score0.00747EPSS
CVE
CVE
added 2024/05/21 3:31 p.m.185 views

CVE-2023-52832

CVE-2023-52832 affects the Linux kernel’s wireless stack (mac80211/nl80211). The issue arises when ieee80211_get_tx_power() can return INT_MIN (the internal sentinel for an “unset power level”), which can trigger a UBSAN signed‑integer overflow. The observed effect is a UBSAN warning in net/wirel...

9.1CVSS8.3AI score0.01263EPSS
CVE
CVE
added 2017/03/23 4:0 p.m.184 views

CVE-2017-5897

CVE-2017-5897 involves an out-of-bounds read in the Linux kernel’s IPv6 GRE handling (ip6_gre.c, ip6gre_err). Connected sources (Debian DSA-3791-1 and Cloud Foundry USN-3265-2) confirm the issue and note mitigation via kernel updates (e.g., Debian Jessie fix in linux 3.16.39-1+deb8u1; vendor advi...

9.8CVSS8.3AI score0.04953EPSS
CVE
CVE
added 2024/06/19 1:56 p.m.183 views

CVE-2024-38612

CVE-2024-38612 affects the Linux kernel; the flaw is in the ipv6 SR (seg6) unregister path. The error path in seg6_init() can skip genl_unregister_family() if CONFIG_IPV6_SEG6_LWTUNNEL is not defined and seg6_hmac_init() fails, due to a changed cleanup path (unregister_pernet_subsys() replaced by...

9.8CVSS9.2AI score0.01107EPSS
CVE
CVE
added 2015/05/27 10:0 a.m.178 views

CVE-2015-3331

CVE-2015-3331 affects the Linux kernel up to 3.19.2, where __driver_rfc4106_decrypt in arch/x86/crypto/aesni-intel_glue.c mishandles memory locations for encrypted data, enabling a context-dependent attacker to trigger a buffer overflow via a crypto API call (e.g., with a libkcapi test program us...

9.3CVSS6.6AI score0.10108EPSS
CVE
CVE
added 2017/11/14 5:0 p.m.178 views

CVE-2017-6264

CVE-2017-6264 is an elevation-of-privilege vulnerability in the NVIDIA GPU driver used on Android, specifically within the gm20b_clk_throt_set_cdev_state path. An out-of-bounds memory read can be used as a function pointer, potentially allowing a local attacker to execute arbitrary code in kernel...

9.3CVSS7.2AI score0.01593EPSS
CVE
CVE
added 2024/05/20 9:41 a.m.178 views

CVE-2024-35960

The CVE-2024-35960 entry concerns a Linux kernel mlx5 flow rule handling bug. Affected component is net/mlx5 rules in the flow table; the root cause was that add_rule_fg could attach a newly created rule to the tree only when its refcount was 1, while create_flow_handle could reference an existin...

9.1CVSS6.9AI score0.01401EPSS
CVE
CVE
added 2024/05/30 3:29 p.m.175 views

CVE-2024-36896

The CVE entry CVE-2024-36896 concerns a Linux kernel USB core fix: usb_hub_to_struct_hub() can return NULL when the hub for a port is concurrently removed, and a dereference occurs before a NULL check. The patch removes an unnecessary dereference and adds a NULL check for hub (hub == NULL) to pre...

9.1CVSS8.4AI score0.00923EPSS
CVE
CVE
added 2016/11/16 4:49 a.m.168 views

CVE-2016-7911

CVE-2016-7911: Race condition in get_task_ioprio in block/ioprio.c of the Linux kernel allows local privilege escalation or use-after-free leading to DoS. A crafted ioprio_get system call can trigger the issue. This vulnerability was addressed by kernel patching in the 4.6.6 release; updating to ...

9.3CVSS7AI score0.01541EPSS
CVE
CVE
added 2016/05/09 10:0 a.m.167 views

CVE-2015-0571

CVE-2015-0571 is a local privilege-escalation in the WLAN driver for the Linux kernel as used in Qualcomm QuIC Android contributions (MSM devices and related products). The issue arises from the driver’s lack of authorization checks for private SET IOCTL calls, allowing a crafted application to g...

9.3CVSS7.2AI score0.01354EPSS
CVE
CVE
added 2016/05/09 10:0 a.m.165 views

CVE-2015-0569

CVE-2015-0569 is a heap-based buffer overflow in the WLAN private wireless extensions IOCTL path (wlan_hdd_wext.c) of the Linux kernel 3.x–4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices. The vulnerability allows a local attacker to escalate privileges via ...

9.3CVSS7.5AI score0.06468EPSS
CVE
CVE
added 2023/07/10 3:9 p.m.165 views

CVE-2023-32250

CVE-2023-32250 : A race condition in the Linux kernel ksmbd SMB server’s handling of SMB2_SESSION_SETUP commands due to missing locking can allow an attacker to execute code in kernel context. The vulnerability is tied to the in-kernel ksmbd implementation and is reflected in multiple advisories ...

9CVSS8.4AI score0.02593EPSS
CVE
CVE
added 2024/05/21 3:3 p.m.162 views

CVE-2021-47378

CVE-2021-47378 affects the Linux kernel nvme-rdma code: destroying cm_id before destroying the qp can cause a use-after-free in RDMA error flow. The fix documented in multiple sources is to always destroy cm_id before destroying the qp, with qp subsequently destroyed in nvme_rdma_alloc_queue() af...

9.8CVSS8.4AI score0.01166EPSS
CVE
CVE
added 2024/05/17 2:40 p.m.162 views

CVE-2024-35845

CVE-2024-35845 : In the Linux kernel, the wifi iwlwifi dbg-tlv path (iwl_fw_ini_debug_info_tlv) could be used to trigger a denial-of-service through an improperly terminated string. The root cause is a missing NUL termination, which could be exploited remotely (network) and yields a CRITICAL impa...

9.1CVSS6.7AI score0.0117EPSS
CVE
CVE
added 2023/07/17 12:0 a.m.160 views

CVE-2023-38426

The CVE-2023-38426 issue affects the Linux kernel prior to 6.3.4, specifically ksmbd’s SMB2 path where an out-of-bounds read occurs in smb2_find_context_vals if create_context’s name_len exceeds the tag length. Public references (kernel commit and ChangeLog-6.3.4) confirm the vulnerability contex...

9.1CVSS8.7AI score0.02435EPSS
CVE
CVE
added 2019/12/17 5:27 a.m.158 views

CVE-2019-19814

CVE-2019-19814 affects Linux kernel 5.0.21 when mounting a crafted f2fs filesystem image. The bug is in the __remove_dirty_segment slab code: an array is bounded by 8 dirty types, but an index can exceed this bound, causing a slab-out-of-bounds write and potential memory corruption. The provided ...

9.3CVSS7.3AI score0.03297EPSS
CVE
CVE
added 2017/05/12 3:0 p.m.153 views

CVE-2016-10277

CVE-2016-10277 : An elevation-of-privilege in the Motorola bootloader allows a local app to run arbitrary code in the bootloader context by exploiting kernel command-line injection, leading to potential full device compromise. Affected: Android with Kernel-3.10 and Kernel-3.18. Exploitation evide...

9.3CVSS7.3AI score0.09465EPSS
CVE
CVE
added 2024/05/01 12:54 p.m.153 views

CVE-2024-27053

CVE-2024-27053 affects the Linux kernel WiFi Wilc1000 driver in the connect path. The root cause is incorrect RCU usage in wilc1000/hif.c during target BSS parameter parsing in the cfg80211 connect flow, which can dereference an RCU pointer outside an RCU critical section. A fix moves the RCU-der...

9.1CVSS6.4AI score0.01635EPSS
CVE
CVE
added 2023/07/17 12:0 a.m.149 views

CVE-2023-38427

The connected documents confirm CVE-2023-38427 affects the Linux kernel (ksmbd) via an integer underflow and an out-of-bounds read in fs/smb/server/smb2pdu.c (deassemble_neg_contexts) and that a fix was released in Linux kernel 6.3.8. Practical impact is high due to potential data exposure and co...

9.8CVSS8.8AI score0.01129EPSS
CVE
CVE
added 2023/07/10 3:11 p.m.146 views

CVE-2023-32254

CVE-2023-32254 affects the Linux kernel ksmbd SMB server, due to missing locking when processing SMB2_TREE_DISCONNECT commands. The flaw can allow code execution in kernel context. Multiple connected sources (Ubuntu USNs 6173/6283, Astra Linux bulletin, CBL-Mariner entries) confirm ksmbd involvem...

9.8CVSS8.6AI score0.02937EPSS
CVE
CVE
added 2023/07/17 12:0 a.m.146 views

CVE-2023-38431

The CVE-2023-38431 issue affects the Linux kernel ksmbd (fs/smb/server/connection.c) prior to 6.3.8, where NetBIOS header length is not validated against SMB header sizes, via pdu_size in ksmbd_conn_handler_loop, causing an out-of-bounds read. Remediation: upgrade to kernel 6.3.8 or later (per Ch...

9.1CVSS8.8AI score0.01059EPSS
CVE
CVE
added 2018/01/14 6:0 a.m.145 views

CVE-2017-15126

CVE-2017-15126 affects the Linux kernels fs/userfaultfd.c, where an improper fork handling during event processing can cause a fork event to be removed from an already freed list, i.e., a use-after-free condition. Affected are kernels before 4.13.6 (fixed in 4.13.6), with the issue having high im...

9.3CVSS8.1AI score0.04075EPSS
CVE
CVE
added 2013/06/08 10:0 a.m.142 views

CVE-2011-1180

The CVE-2011-1180 issue affects the Linux kernel’s IrDA code, specifically the iriap_getvaluebyclass_indication function in net/irda/iriap.c. It describes multiple stack-based buffer overflows caused by unvalidated length fields for names and attributes, allowing remote attackers to trigger memor...

9.8CVSS9.5AI score0.02983EPSS
Total number of security vulnerabilities236