linux-hardened

A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of...

A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this...

A security issue has been found in Linux <= 4.16.9, where an unprivileged attacker can hide a process from procps-ng's utilities by exploiting either a...

A denial of service has been found in Linux <= 4.16.9. An attacker can block any read() access to /proc/PID/cmdline by mmap()ing a FUSE file (Filesystem in...

An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used...

An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used...

The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service...

A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time...

The intr function in sound/oss/msnd_pinnacle.c in the Linux kernel before 4.13, 4.9.50, 4.4.99 and 4.1.45 allows local users to cause a denial of service...

The snd_msndmidi_input_read function in sound/isa/msnd/msnd_midi.c in the Linux kernel before 4.13, 4.9.50, 4.4.99 and 4.1.45 allows local users to cause a...

The snd_msnd_interrupt function in sound/isa/msnd/msnd_pinnacle.c in the Linux kernel before 4.13, 4.9.50, 4.4.99 and 4.1.45 allows local users to cause a...

A use-after-free vulnerability was found in DCCP socket code affecting the Linux kernel since 2.6.16. The dccp_disconnect function in net/dccp/proto.c...

An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used...

It was discovered that when the waitid() syscall in Linux kernel v4.13 was refactored, it accidentally stopped checking that the incoming argument was...

It has been discovered that kernel/bpf/verifier.c in the Linux kernel before 4.14.9 and 4.9.73 mishandles states_equal comparisons between the pointer data...

It has been discovered that kernel/bpf/verifier.c in the Linux kernel before 4.14.9 and 4.9.72 does not check the relationship between pointer values and...

It has been discovered that kernel/bpf/verifier.c in the Linux kernel before 4.14.9 and 4.9.72 ignore unreachable code, even though it would still be...

The check_stack_boundary function in kernel/bpf/verifier.c in the Linux kernel before 4.14.9 allows local users to cause a denial of service (memory...

It has been discovered that kernel/bpf/verifier.c in the Linux kernel before 4.14.9 allows local users to cause a denial of service (memory corruption) or...

It has been discovered that kernel/bpf/verifier.c in the Linux kernel before 4.14.9 allows local users to cause a denial of service (memory corruption) or...

It has been discovered that kernel/bpf/verifier.c in the Linux kernel before 4.14.9 allows local users to cause a denial of service (integer overflow and...

It has been discovered kernel/bpf/verifier.c in the Linux kernel before 4.14.9 allows local users to cause a denial of service (memory corruption) or...

It has been discovered that kernel/bpf/verifier.c in the Linux kernel before 4.14.9 allows local users to cause a denial of service (memory corruption) or...

The KEYS subsystem in the Linux kernel before 4.14.6, 4.9.69, 4.4.107, 3.18.88, 3.16.52 and 3.2.97 omitted an access-control check when adding a key to the...

The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8, 4.9.71, 4.4.107, 3.18.89, 3.16.52 and 3.2.97 does not validate that the...

The Salsa20 encryption algorithm in the Linux kernel before 4.14.8, 4.9.71, 4.4.107, 3.18.89, 3.16.52 and 3.2.97 does not correctly handle zero-length...

The KVM implementation in the Linux kernel through 4.14.7 allows attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio...

A flaw was found in the Linux kernel's implementation of raw_sendmsg before 4.14.11, 4.4.109 and 4.9.74 allowing a local attacker to panic the kernel or...

The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel before 4.14.8, 4.9.71, 4.4.107, 3.18.89,...

It has been discovered that net/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for add_callback and...

The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel before 4.14.11, 4.9.74, 4.4.109, 3.18.91 and 3.16.52 when...

It has been discovered that net/netfilter/nfnetlink_cthelper.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for new,...

An arbitrary memory r/w access issue was found in the Linux kernel before 4.14.9 compiled with the eBPF bpf(2) system call (CONFIG_BPF_SYSCALL) support. The...

An arbitrary memory r/w access issue was found in the Linux kernel before 4.14.9, 4.9.72 compiled with the eBPF bpf(2) system call (CONFIG_BPF_SYSCALL)...

The qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero...

The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service...

The dvb_frontend_free function in drivers/media/dvb- core/dvb_frontend.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service...

drivers/net/usb/asix_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system...

drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (BUG and system crash) or...

The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims- pcu.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service...

The parse_hid_report_descriptor function in drivers/input/tablet/gtco.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service...

Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have...

The waitid implementation in kernel/exit.c in the Linux kernel through 4.13.4 accesses rusage data structures in unintended cases, which allows local users...

Linux kernel Virtualization Module (CONFIG_KVM) for the Intel processor family (CONFIG_KVM_INTEL) before 4.14.6, 4.9.69, 4.4.106, 3.18.88, 3.16.52 and...

The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ld.so to where the stack is mapped allowing...

An issue was discovered in the size of the default stack guard page on PAX Linux (originally from GRSecurity but shipped by other Linux vendors),...

The offset2lib patch as used by the Linux Kernel contains a vulnerability, if RLIMIT_STACK is set to RLIM_INFINITY and 1 Gigabyte of memory is allocated...

The offset2lib patch as used in the Linux Kernel contains a vulnerability that allows a PIE binary to be execve()'ed with 1GB of arguments or environmental...

The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but does...

A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions...

A stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client....