236 matches found
CVE-2011-3188
CVE-2011-3188 affects the Linux kernel prior to 3.1, where IPv4 and IPv6 sequence numbers/Fragment IDs are generated with a modified MD4. This predictable value generation enables remote attackers to cause DoS or hijack sessions by crafting packets. The vulnerability is mitigated by upgrading the...
CVE-2019-16746
CVE-2019-16746 : A buffer overflow in the Linux kernel (net/wireless/nl80211.c) can occur through improper bounds checking of variable-length elements in a beacon head, enabling potential arbitrary code execution or a system crash. The issue affects Linux kernels up to at least 5.2.17, with repor...
CVE-2021-3773
CVE-2021-3773 is a netfilter information-disclosure vulnerability in the Linux kernel that could allow a network-connected attacker to infer the OpenVPN connection endpoint. The issue is described as an information leak through netfilter, enabling reconnaissance for further attacks. Exploitation ...
CVE-2019-17133
CVE-2019-17133 affects Linux kernel up to 5.3.2, where cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c fails to reject an oversized SSID IE, causing a Buffer Overflow. The available connected docs confirm the vulnerability and its impact but do not provide a specific patched version or reme...
CVE-2022-0435
CVE-2022-0435 is a Linux kernel TIPc stack overflow issue. The vulnerability occurs in TIPc domain record handling when a peer sends a domain with more than 64 members, enabling a remote attacker with access to the TIPc network to crash the system and potentially escalate privileges. Connected ad...
CVE-2018-20836
CVE-2018-20836 : A race condition in the Linux kernel before 4.20, specifically in drivers/scsi/libsas/sas_expander.c (smp_task_timedout() vs smp_task_done()), can lead to a use-after-free. Affected: Linux kernel versions prior to 4.20. Impact is described as high by CVSS. The provided documents ...
CVE-2025-39946
CVE-2025-39946 affects the Linux kernel TLS/record parsing path. When a record header is bogus and data arrives in small chunks, tls_rx_msg_size() may not abort early enough, risking skb space overflow due to repeated partial parsing. The fixed behavior aborts the TLS stream as soon as an invalid...
CVE-2021-43267
The CVE-2021-43267 issue affects the Linux kernel up to version 5.14.16 in the TIPC crypto path (net/tipc/crypto.c). The vulnerability arises from insufficient validation of user-supplied sizes for the MSG_CRYPTO message type, enabling remote attackers to potentially corrupt memory or escalate pr...
CVE-2019-10126
CVE-2019-10126 affects the Linux kernel Marvell mwifiex wireless kernel driver. The issue is a heap-based buffer overflow in mwifiex_uap_parse_tail_ies (drivers/net/wireless/marvell/mwifiex/ie.c) that can lead to memory corruption. Public documents in the Connected set identify the affected compo...
CVE-2019-15926
CVE-2019-15926 targets the Linux kernel up to version 5.2.2, with an out-of-bounds access in the Marvell/ ath6kl wireless driver: the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx in drivers/net/wireless/ath/ath6kl/wmi.c. The connected Nessus entries confirm the flaw e...
CVE-2019-11815
The CVE-2019-11815 issue affects Linux kernels with net/rds/tcp.c: rds_tcp_kill_sock contains a race that can cause a use-after-free during net namespace cleanup (pre-5.0.8). A fix was committed and released in 5.0.8; upgrading to 5.0.8+ (or applying the patch) is the advised remediation. The Uni...
CVE-2019-14897
CVE-2019-14897 affects the Linux kernel (kernel-2.6.32) Marvell WiFi chip driver. A stack-based buffer overflow in this driver can allow a remote attacker to cause a denial of service (system crash) or possibly execute arbitrary code when a STA operates in IBSS mode and connects to another STA. T...
CVE-2019-14895
CVE-2019-14895 is a heap-based buffer overflow in the Marvell WiFi chip driver (mwifiex) of the Linux kernel. Affected: Linux kernel 3.x and 4.x prior to 4.18.0; vulnerability can occur when a station negotiates a connection while handling remote country settings. Impact stated in public sources ...
CVE-2019-18814
CVE-2019-18814 affects the Linux kernel up to version 5.3.9. The vulnerability is a use-after-free in aa_label_parse() when it fails inside aa_audit_rule_init() in security/apparmor/audit.c. The issue can lead to memory corruption via use-after-free, with potential impact to confidentiality, inte...
CVE-2024-47685
In the Linux kernel, CVE-2024-47685 patches nf_reject_ipv6: nf_reject_ip6_tcphdr_put() could push garbage into the four reserved TCP bits (th->res1) per KMSAN. The fix clears the entire TCP header using skb_put_zero(), aligning with nf_reject_ip_tcphdr_put(). Connected Astra Linux bulletin rep...
CVE-2018-20784
CVE-2018-20784 affects the Linux kernel prior to 4.20.2, where kernel/sched/fair.c mishandles leaf cfs_rq’s, allowing a denial of service via an infinite loop in update_blocked_averages and potentially other impact from induced high load. The publicly documented fix is in kernel version 4.20.2 (C...
CVE-2026-46316
A vulnerability in Linux kernel KVM for ARM64 (vgic-its) is resolved. The issue stemmed from vgic_its_invalidate_cache() traversing the per-ITS translation cache with xa_for_each() and dropping the cache’s reference on each entry using vgic_put_irq(), but it dropped the reference of the pointer r...
CVE-2024-38541
CVE-2024-38541: Linux kernel of_modalias() had a potential buffer overflow when the destination buffer was too small, causing len to become negative and str to point beyond the buffer. The fix adds a buffer overflow check after the first snprintf() and corrects the check after strlen() to account...
CVE-2019-10220
CVE-2019-10220 affects the Linux kernel CIFS implementation when using kernel version 4.9.0, which is vulnerable to a relative path injection in directory entry lists. The connected Nessus advisories corroborate that this CVE is referenced in multiple advisory plugins, describing the affected com...
CVE-2019-18805
CVE-2019-18805 affects the Linux kernel prior to 5.0.11. A signed integer overflow occurs in net/ipv4/sysctl_net_ipv4.c and in tcp_input.c (tcp_ack_update_rtt()) when a very large value is written to /proc/sys/net/ipv4/tcp_min_rtt_wlen, potentially causing a denial of service or other impact. Con...
CVE-2017-18174
In Linux kernel before 4.7, the amd_gpio_remove function in drivers/pinctrl/pinctrl-amd.c calls pinctrl_unregister, leading to a double free. Affected: kernels prior to 4.7 (various distributions). The issue was addressed in later kernel updates (e.g., commits from Linus Torvalds’ tree referenced...
CVE-2019-19816
CVE-2019-19816 affects the Linux kernel 5.0.21: mounting a crafted btrfs image can trigger a slab-out-of-bounds write in __btrfs_map_block in fs/btrfs/volumes.c due to mishandling of the data stripes value = 1. The connected Nessus advisory blocks (Unity Linux UTSA-2026-004332 and related plugin ...
CVE-2016-7910
CVE-2016-7910 is a Linux kernel use-after-free vulnerability in the disk_seqf_stop function (block/genhd.c) that allows a local attacker to gain elevated privileges by taking advantage of a stop operation after a failed start. Affected: Linux kernel versions before 4.7.1. Root cause: use-after-fr...
CVE-2022-0742
CVE-2022-0742: Memory leak in Linux kernel ICMPv6 implementation (Linux kernel 5.13+) can allow a remote attacker to cause a DoS by flooding with ICMPv6 packets of type 130/131, exhausting memory. The advisory references a fix via a commit: 2d3916f3189172d5c69d33065c3c21119fe539fc. Connected sour...
CVE-2016-7913
CVE-2016-7913 affects the Linux kernel tuner driver xc2028 (drivers/media/tuners/tuner-xc2028.c). The vulnerability stems from xc2028_set_config: if the firmware name is omitted from a data structure, a local attacker can trigger a use-after-free, enabling privilege escalation or a denial of serv...
CVE-2021-47548
CVE-2021-47548 (Linux kernel ethernet: hisilicon: hns: hns_dsaf_misc) fixes an array overflow in hns_dsaf_ge_srst_by_port(). The port check was port >= DSAF_GE_NUM (8), but dsaf_dev->mac_cb has length DSAF_MAX_PORT_NUM (6); ports 6–7 could access dsaf_dev->mac_cb[port] and overflow. The ...
CVE-2021-47274
CVE-2021-47274 (Linux kernel tracing): The issue stems from a length check in tracing that can cause memory corruption in ftrace data, leading to kernel crashes. A fix was added (commit b220c049d519) to validate the length before exposing the trace buffer, addressing overflow introduced by a prio...
CVE-2024-36031
CVE-2024-36031 is a Linux kernel vulnerability where, during key instantiation, the expiry time of a key is unconditionally overwritten to TIME64_MAX, effectively making it permanent and breaking DNS updates. The root cause is the unconditional key_set_expiry call during instantiation; the fix re...
CVE-2023-52832
CVE-2023-52832 affects the Linux kernel’s wireless stack (mac80211/nl80211). The issue arises when ieee80211_get_tx_power() can return INT_MIN (the internal sentinel for an “unset power level”), which can trigger a UBSAN signed‑integer overflow. The observed effect is a UBSAN warning in net/wirel...
CVE-2017-5897
CVE-2017-5897 involves an out-of-bounds read in the Linux kernel’s IPv6 GRE handling (ip6_gre.c, ip6gre_err). Connected sources (Debian DSA-3791-1 and Cloud Foundry USN-3265-2) confirm the issue and note mitigation via kernel updates (e.g., Debian Jessie fix in linux 3.16.39-1+deb8u1; vendor advi...
CVE-2024-38612
CVE-2024-38612 affects the Linux kernel; the flaw is in the ipv6 SR (seg6) unregister path. The error path in seg6_init() can skip genl_unregister_family() if CONFIG_IPV6_SEG6_LWTUNNEL is not defined and seg6_hmac_init() fails, due to a changed cleanup path (unregister_pernet_subsys() replaced by...
CVE-2015-3331
CVE-2015-3331 affects the Linux kernel up to 3.19.2, where __driver_rfc4106_decrypt in arch/x86/crypto/aesni-intel_glue.c mishandles memory locations for encrypted data, enabling a context-dependent attacker to trigger a buffer overflow via a crypto API call (e.g., with a libkcapi test program us...
CVE-2017-6264
CVE-2017-6264 is an elevation-of-privilege vulnerability in the NVIDIA GPU driver used on Android, specifically within the gm20b_clk_throt_set_cdev_state path. An out-of-bounds memory read can be used as a function pointer, potentially allowing a local attacker to execute arbitrary code in kernel...
CVE-2024-35960
The CVE-2024-35960 entry concerns a Linux kernel mlx5 flow rule handling bug. Affected component is net/mlx5 rules in the flow table; the root cause was that add_rule_fg could attach a newly created rule to the tree only when its refcount was 1, while create_flow_handle could reference an existin...
CVE-2024-36896
The CVE entry CVE-2024-36896 concerns a Linux kernel USB core fix: usb_hub_to_struct_hub() can return NULL when the hub for a port is concurrently removed, and a dereference occurs before a NULL check. The patch removes an unnecessary dereference and adds a NULL check for hub (hub == NULL) to pre...
CVE-2016-7911
CVE-2016-7911: Race condition in get_task_ioprio in block/ioprio.c of the Linux kernel allows local privilege escalation or use-after-free leading to DoS. A crafted ioprio_get system call can trigger the issue. This vulnerability was addressed by kernel patching in the 4.6.6 release; updating to ...
CVE-2015-0571
CVE-2015-0571 is a local privilege-escalation in the WLAN driver for the Linux kernel as used in Qualcomm QuIC Android contributions (MSM devices and related products). The issue arises from the driver’s lack of authorization checks for private SET IOCTL calls, allowing a crafted application to g...
CVE-2015-0569
CVE-2015-0569 is a heap-based buffer overflow in the WLAN private wireless extensions IOCTL path (wlan_hdd_wext.c) of the Linux kernel 3.x–4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices. The vulnerability allows a local attacker to escalate privileges via ...
CVE-2023-32250
CVE-2023-32250 : A race condition in the Linux kernel ksmbd SMB server’s handling of SMB2_SESSION_SETUP commands due to missing locking can allow an attacker to execute code in kernel context. The vulnerability is tied to the in-kernel ksmbd implementation and is reflected in multiple advisories ...
CVE-2021-47378
CVE-2021-47378 affects the Linux kernel nvme-rdma code: destroying cm_id before destroying the qp can cause a use-after-free in RDMA error flow. The fix documented in multiple sources is to always destroy cm_id before destroying the qp, with qp subsequently destroyed in nvme_rdma_alloc_queue() af...
CVE-2024-35845
CVE-2024-35845 : In the Linux kernel, the wifi iwlwifi dbg-tlv path (iwl_fw_ini_debug_info_tlv) could be used to trigger a denial-of-service through an improperly terminated string. The root cause is a missing NUL termination, which could be exploited remotely (network) and yields a CRITICAL impa...
CVE-2023-38426
The CVE-2023-38426 issue affects the Linux kernel prior to 6.3.4, specifically ksmbd’s SMB2 path where an out-of-bounds read occurs in smb2_find_context_vals if create_context’s name_len exceeds the tag length. Public references (kernel commit and ChangeLog-6.3.4) confirm the vulnerability contex...
CVE-2019-19814
CVE-2019-19814 affects Linux kernel 5.0.21 when mounting a crafted f2fs filesystem image. The bug is in the __remove_dirty_segment slab code: an array is bounded by 8 dirty types, but an index can exceed this bound, causing a slab-out-of-bounds write and potential memory corruption. The provided ...
CVE-2016-10277
CVE-2016-10277 : An elevation-of-privilege in the Motorola bootloader allows a local app to run arbitrary code in the bootloader context by exploiting kernel command-line injection, leading to potential full device compromise. Affected: Android with Kernel-3.10 and Kernel-3.18. Exploitation evide...
CVE-2024-27053
CVE-2024-27053 affects the Linux kernel WiFi Wilc1000 driver in the connect path. The root cause is incorrect RCU usage in wilc1000/hif.c during target BSS parameter parsing in the cfg80211 connect flow, which can dereference an RCU pointer outside an RCU critical section. A fix moves the RCU-der...
CVE-2023-38427
The connected documents confirm CVE-2023-38427 affects the Linux kernel (ksmbd) via an integer underflow and an out-of-bounds read in fs/smb/server/smb2pdu.c (deassemble_neg_contexts) and that a fix was released in Linux kernel 6.3.8. Practical impact is high due to potential data exposure and co...
CVE-2023-32254
CVE-2023-32254 affects the Linux kernel ksmbd SMB server, due to missing locking when processing SMB2_TREE_DISCONNECT commands. The flaw can allow code execution in kernel context. Multiple connected sources (Ubuntu USNs 6173/6283, Astra Linux bulletin, CBL-Mariner entries) confirm ksmbd involvem...
CVE-2023-38431
The CVE-2023-38431 issue affects the Linux kernel ksmbd (fs/smb/server/connection.c) prior to 6.3.8, where NetBIOS header length is not validated against SMB header sizes, via pdu_size in ksmbd_conn_handler_loop, causing an out-of-bounds read. Remediation: upgrade to kernel 6.3.8 or later (per Ch...
CVE-2017-15126
CVE-2017-15126 affects the Linux kernels fs/userfaultfd.c, where an improper fork handling during event processing can cause a fork event to be removed from an already freed list, i.e., a use-after-free condition. Affected are kernels before 4.13.6 (fixed in 4.13.6), with the issue having high im...
CVE-2011-1180
The CVE-2011-1180 issue affects the Linux kernel’s IrDA code, specifically the iriap_getvaluebyclass_indication function in net/irda/iriap.c. It describes multiple stack-based buffer overflows caused by unvalidated length fields for names and attributes, allowing remote attackers to trigger memor...