163 matches found
CVE-2021-0920
CVE-2021-0920 is confirmed with concrete details in the connected sources: a race condition in unix_scm_to_skb within af_unix.c can trigger a use-after-free, potentially enabling local privilege escalation on the Android kernel. The vulnerability affects the Linux kernel used in Android (via the ...
CVE-2021-22555
CVE-2021-22555 is a Linux kernel heap out-of-bounds write vulnerability in net/netfilter/x_tables.c, dating to 2.6.19-rc1. The issue allows a local attacker to gain privileges or cause a DoS via heap memory corruption in the username space. Public sources in the connected docs confirm the vulnera...
CVE-2021-33909
CVE-2021-33909 affects the Linux kernel’s filesystem layer (fs/seq_file.c) across 3.16–5.13.x, with fixed releases in 5.13.4 and via patches noted in downstream advisories. The root cause is a size_t-to-int conversion that permits an integer overflow during seq buffer allocations, enabling an Out...
CVE-2021-33033
The connected sources confirm CVE-2021-33033 affects the Linux kernel up to 5.11.14, with a use-after-free in cipso_v4_genopt (net/ipv4/cipso_ipv4.c) due to mishandled CIPSO/CALIPSO DOI refcounting, enabling writing an arbitrary value. Exploitation would be local. Remediation is to upgrade to a f...
CVE-2020-24587
CVE-2020-24587 is referenced in the Amazon Linux 2 kernel advisory for Kernel-5.10-2022-002. The connected document confirms a flaw in the Linux kernel 802.11 wifi fragmentation handling where fragments encrypted under different keys can be reassembled and decrypted, enabling an attacker within w...
CVE-2021-29650
CVE-2021-29650 affects the Linux kernel prior to 5.11.11. The netfilter subsystem (net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h) may omit a full memory barrier when a new table value is assigned, enabling a local attacker to trigger a DoS/panic in netfilter. The issue is docume...
CVE-2020-24588
The CVE-2020-24588 entry relates to the 802.11 Wi‑Fi fragmentation/ A‑MSDU handling issue where the plaintext QoS header flag isn’t authenticated, enabling an attacker to inject packets by sending non‑SSP A‑MSDU frames (FragAttacks). Connected Astra Linux advisories describe this as a variant of ...
CVE-2021-29154
CVE-2021-29154 affects the Linux kernel BPF JIT implementation (arch/x86 net/bpf_jit_comp.c and bpf_jit_comp32.c). Connected advisories (e.g., ALAS2KERNEL-5.4-2022-003) confirm a local privilege escalation due to incorrect computation of branch displacements in the BPF JIT, enabling arbitrary cod...
CVE-2021-33034
CVE-2021-33034 is a use-after-free in Linux kernel before 5.12.4 in net/bluetooth/hci_event.c when destroying an hci_chan, enabling arbitrary writes. Affected: Linux kernel before 5.12.4 (Bluetooth HCI driver). Mitigation: upgrade to 5.12.4 or later (ChangeLog-5.12.4).
CVE-2021-41864
CVE-2021-41864 affects the Linux kernel (pre-5.14.12) in prealloc_elems_and_freelist() within kernel/bpf/stackmap.c. An unprivileged local user can trigger an eBPF multiplication overflow, causing an out-of-bounds write and potential memory corruption or system crash. The issue is fixed in Linux ...
CVE-2021-22543
CVE-2021-22543 is described in connected advisories as a local privilege-escalation through KVM and improper handling of VM_IO|VM_PFNMAP VMAs, which can bypass RO checks and allow reading/writing guest memory by a privileged VM operator. Technical details across sources indicate the vulnerability...
CVE-2021-3347
CVE-2021-3347 is a Linux kernel use-after-free in PI futex fault handling that could allow a local user to crash the kernel or escalate privileges. Multiple connected advisories confirm the issue and indicate fixes have been released across distributions (e.g., generic kernel updates and kernel l...
CVE-2020-28374
CVE-2020-28374 affects the Linux kernel’s SCSI target (LIO) code, specifically drivers/target/target_core_xcopy.c, where insufficient identifier checking could let a remote attacker read or write files via directory traversal in an XCOPY request. Affected component is the Linux kernel prior to 5....
CVE-2021-32399
CVE-2021-32399 affects the Linux kernel’s Bluetooth HCI handling, specifically a race condition in removal of the HCI controller implemented in net/bluetooth/hci_request.c up to version 5.12.2. The connected Astra Linux entry references the same race condition in the Linux kernel, and a dated Lin...
CVE-2021-27365
CVE-2021-27365 affects the Linux kernel iSCSI subsystem. The issue is a heap overflow in iSCSI data handling where certain iSCSI data structures lack proper length checks and can exceed PAGE_SIZE; an unprivileged, local user can send a Netlink message (up to the maximum Netlink message length) an...
CVE-2021-33624
CVE-2021-33624 affects the Linux kernel prior to 5.12.13, where the eBPF verifier in kernel/bpf/verifier.c could mispredict branches (e.g., due to type confusion), allowing an unprivileged BPF program to read arbitrary kernel memory locations via a side-channel attack. Several connected advisorie...
CVE-2021-27364
CVE-2021-27364 is a Linux kernel issue affecting the iSCSI libiscsi/iscsi subsystem (out-of-bounds read in the libiscsi module leading to possible kernel memory disclosure or crash). Connected advisories confirm related CVEs (27363, 27365) in the same area affecting sessions/handles and heap over...
CVE-2021-37576
CVE-2021-37576: Linux kernel on the PowerPC/KVM path (arch/powerpc/kvm/book3s_rtas.c) allows KVM guest OS users to cause host memory corruption via rtas_args.nargs. Affected: Linux kernel up to 5.13.5 for PowerPC; CVE-ID appears in multiple advisories (e.g., Astra Linux, Cloud Foundry mentions). ...
CVE-2021-28950
CVE-2021-28950 affects the Linux kernel FUSE path: the issue is in fs/fuse/fuse_i.h and causes a stall on the CPU when a retry loop keeps selecting the same bad inode. A patch-level fix exists in kernel releases up to 5.11.8 and later (addresses the underlying bad-inode handling in FUSE); some so...
CVE-2020-26558
CVE-2020-26558: Bluetooth Core 2.1–5.2 Passkey entry/mitm reflection vulnerability. Nearby attacker could identify the Passkey during pairing by reflecting public key and authentication evidence, enabling completion of authenticated pairing with the correct Passkey. Astra Linux bulletin repeats t...
CVE-2021-27363
CVE-2021-27363 affects the Linux kernel iSCSI subsystem. A flaw leaks the iSCSI transport’s kernel address via the sysfs handle (/sys/class/iscsi_transport/$TRANSPORT_NAME/handle), enabling a local attacker to leak the iscsi_transport pointer and potentially end arbitrary iSCSI connections. Conne...
CVE-2020-36385
CVE-2020-36385 is a use-after-free in the Linux kernel prior to 5.10, specifically in drivers/infiniband/core/ucma.c where the ctx is reachable via the ctx_list in certain ucma_migrate_id paths when ucma_close is called. This vulnerability affects the Linux kernel before 5.10; a fix is referenced...
CVE-2020-27171
The vulnerability CVE-2020-27171 affects Linux kernels before 5.11.8. The issue is in kernel/bpf/verifier.c, where an off-by-one error enables integer underflow that can trigger out-of-bounds speculation in pointer arithmetic, allowing side-channel leakage of kernel memory and defeating Spectre m...
CVE-2021-37159
CVE-2021-37159 affects the Linux kernel driver hso_free_net_device() in drivers/net/usb/hso.c. The code calls unregister_netdev without verifying NETREG_REGISTERED, causing use-after-free and double-free scenarios. Affected kernel versions include up to 5.13.4; the issue is mitigated by upgrading...
CVE-2021-29155
CVE-2021-29155 is a Linux kernel issue affecting the eBPF verifier path (kernel/bpf/verifier.c) that allows speculative-out-of-bounds memory accesses to leak kernel memory via side-channels. The description from connected documents ties the vulnerability to Spectre mitigations and notes that a lo...
CVE-2021-43267
The CVE-2021-43267 issue affects the Linux kernel up to version 5.14.16 in the TIPC crypto path (net/tipc/crypto.c). The vulnerability arises from insufficient validation of user-supplied sizes for the MSG_CRYPTO message type, enabling remote attackers to potentially corrupt memory or escalate pr...
CVE-2021-3490
Technical details about CVE-2021-3490 are not publicly provided in the supplied documents. Monitor for updates.
CVE-2020-36322
The CVE-2020-36322 issue affects the Linux kernel FUSE filesystem implementation, where fuse_do_getattr() could call make_bad_inode() in inappropriate situations, potentially causing a system crash. The vulnerability is tied to the FUSE path and was partially addressed by a fix, with the incomple...
CVE-2021-44733
CVE-2021-44733 is a use-after-free in the Linux kernel TEE subsystem (drivers/tee/tee_shm.c) that can occur during freeing of a shared memory object due to a race in tee_shm_get_from_id. Affects Linux kernels up to 5.15.11; exploitation could lead to denial of service and, in some configurations,...
CVE-2021-3612
CVE-2021-3612 is an out-of-bounds memory write flaw in the Linux kernel joystick subsystem exploitable by a local user via the JSIOCSBTNMAP ioctl. The advisory notes potential system crash and possible privilege escalation. Affected disclosures reference pre-5.13.2 revisions (e.g., fixes upstream...
CVE-2021-43056
CVE-2021-43056 affects the Linux kernel for POWERPC (Power8) prior to 5.14.15. The root cause is a bug in arch/powerpc/kvm/book3s_hv_rmhandlers.S handling of SRR1 values, which can allow a malicious KVM guest to crash the host (availability impact). The issue is documented across multiple sources...
CVE-2020-24586
CVE-2020-24586 describes a fragmentation cache issue in the Linux kernel Wi‑Fi stack: received fragments are not cleared from memory on reconnect, enabling an attacker within Wi‑Fi range to inject arbitrary packets or exfiltrate data when fragments encrypted with WEP/CCMP/GCMP are involved. Conne...
CVE-2021-3653
The CVE-2021-3653 issue affects the KVM hypervisor AMD code dealing with SVM nested virtualization. The root cause is improper validation of the int_ctl field in the VMCB provided by an L1 guest, which could allow a malicious L1 to enable AVIC for an L2 guest. Consequences stated across connected...
CVE-2021-3679
CVE-2021-3679 affects the Linux kernel tracing subsystem (trace ring buffer) prior to 5.14-rc3. The flaw arises in how a user uses the trace ring buffer, enabling a privileged local attacker (CAP_SYS_ADMIN) to starve CPU resources and cause denial of service. The connected documents consistently ...
CVE-2021-3655
CVE-2021-3655 is a Linux kernel SCTP vulnerability (present in kernels prior to affected fixes) where missing size validations on inbound SCTP packets may allow reading uninitialized memory. The initial description and connected advisories confirm the issue exists in the Linux kernel SCTP impleme...
CVE-2021-23134
CVE-2021-23134 is a Linux kernel NFC LLCP use-after-free in nfc sockets (pre-5.12.4). The issue arises from refcount handling during bind/connect fixes, enabling a local attacker with CAP_NET_RAW to trigger a crash or memory corruption. A related CVE discussion confirms the fix: after nfc_llcp_lo...
CVE-2021-21781
CVE-2021-21781 is a local-information-disclosure vulnerability in the Linux kernel’s ARM SIGPAGE handling, where SIGPAGE may not be fully initialised and can leak kernel memory contents when read by a userland process. Affected: Linux kernel ARM SIGPAGE implementation (v5.4.66/v5.4.54) with fixes...
CVE-2020-36158
CVE-2020-36158 is a Linux kernel vulnerability in the Marvell mwifiex WiFi driver (join.c) that allows a long SSID to trigger a buffer overflow, potentially leading to system crash or arbitrary code execution. Affected trees include kernels up to 5.10.4; upstream patch (commit 5c455c5ab332) adds ...
CVE-2021-45485
CVE-2021-45485 affects the Linux kernel IPv6 path: net/ipv6/output_core.c exposes an information leak due to how a hash table is used, enabling IPv6 source address-based observation. Impact is partial confidentiality exposure; no integrity/availability impact stated. Affected: Linux kernel prior ...
CVE-2021-33200
CVE-2021-33200 affects the Linux kernel’s eBPF verifier (kernel/bpf/verifier.c) where incorrect limits for pointer arithmetic operations allow out-of-bounds reads/writes in kernel memory, enabling local privilege escalation to root. The issue exists in kernels up to 5.12.7 (upstream). The root ca...
CVE-2021-3348
CVE-2021-3348 is a race condition in the Linux kernel’s nbd.c driver (ndb_queue_rq) that can trigger a use-after-free during NBD device setup. The vulnerability is locally exploitable by a user with access to an NBD device, potentially causing a crash or memory corruption and, per Debian’s adviso...
CVE-2020-26147
CVE-2020-26147: Linux kernel 5.8.9 vulnerability where fragmented frames reassembly can occur with plaintext fragments under WEP/CCMP/GCMP, allowing packet injection or selective fragment exfiltration. Connected advisories indicate fixes are provided via updated kernels (e.g., ALAS2KERNEL advisor...
CVE-2021-42739
CVE-2021-42739 is a heap/buffer overflow in the Linux kernel’s FireWire FireDTV driver (firedtv-avc.c, firedtv-ci.c) caused by avc_ca_pmt failing to perform proper bounds checking. It affects the kernel’s FireWire path and can lead to memory corruption, crashes, or potentially privilege escalatio...
CVE-2021-38160
CVE-2021-38160 affects the Linux kernel “virtio_console” driver. In drivers/char/virtio_console.c, if an untrusted device supplies a buf->len value larger than the destination buffer, data corruption or loss can occur. The issue is fixed in Linux kernel 5.13.4 (ChangeLog-5.13.4). The vendor no...
CVE-2020-36311
CVE-2020-36311 affects the Linux kernel prior to 5.9. In arch/x86/kvm/svm/sev.c, destroying a large SEV VM (unregistering many encrypted regions) can trigger a denial of service (soft lockup). The connected advisories confirm the issue and point to a fix in kernel 5.9 (and changelog indicating th...
CVE-2021-28660
CVE-2021-28660 affects the Realtek RTL8188EU WiFi driver (drivers/staging/rtl8188eu/os_dep/ioctl_linux.c) in the Linux kernel and is caused by writing beyond the end of the ssid[] array in rtw_wx_set_scan. The Connected documents confirm this exact issue across multiple advisories (e.g., Debian L...
CVE-2021-3489
CVE-2021-3489 concerns the Linux kernel eBPF RINGBUF: the bpf_ringbuf_reserve() function could allocate a size larger than the ringbuf, enabling out-of-bounds writes and potential arbitrary code execution. The issue was fixed by commit 4b81ccebaeee ("bpf, ringbuf: Deny reserve of buffers larger t...
CVE-2021-43976
CVE-2021-43976 affects the Linux kernel, specifically the Marvell mwifiex_usb_recv() function in drivers/net/wireless/marvell/mwifiex/usb.c. A local attacker with access to a crafted USB device can trigger a denial of service (skb_over_panic). The advisory notes the vulnerability exists in kernel...
CVE-2021-3444
CVE-2021-3444 affects the Linux kernel’s eBPF verifier, where mod32 destination register truncation can be mishandled when the source is known to be zero. This enables a local attacker loading BPF programs to read kernel memory (information disclosure) and potentially perform out-of-bounds writes...
CVE-2021-3573
CVE-2021-3573 is a local-use-after-free vulnerability in the Linux kernel Bluetooth HCI subsystem (function hci_sock_bound_ioctl) where a race between ioct HCIUNBLOCKADDR and hci_unregister_dev() and calls such as hci_sock_blacklist_add()/del(), hci_get_conn_info(), and hci_get_auth_info() can le...