linux-lts

Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long

the return code of of tcf_classify is insufficiently validated before interpreting part of the result as a pointer in the network schedulers code

cbq_classify in net/sched/sch_cbq.c allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non- negative numbers...

memory corruption with IPV6_CHECKSUM socket option

use-after-free in io_sqpoll_wait_sq in fs/io_uring.c allows an attacker to crash the kernel, resulting in denial of service

out-of-bounds read memory can be written to a file, if DataOffset is 0 and Length is too large in SMB2_WRITE request of compound request in...

heap-overflow in set_ntacl_dacl() when setting a malformed file attribute under the label `security.NTACL` using SMB2_SET_INFO_HE followed by SMB2_QUERY_INFO_HE

memory leak in smb2_handle_negotiate() under error conditions

smb2_write() and smb2_write_pipe do not avlidate the length when no padding is used

use-after-free in smb2_tree_disconnect) when a danging pointer is accessed in compound requests

out of bound read in smb2_tree_connnect

null pointer dereference in net/sched/sch_api.c

send buffer overflow in NFSv2 READDIR

userspace can cause kernel memory corruption in drivers/usb/mon/mon_bin.c

use-after-free in net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req may allow code execution and leaking kernel memory (respectively)...

infoleak in net/bluetooth/l2cap_core.c's l2cap_parse_conf_req can be used to leak kernel pointers remotely

use-after-free in ufx_ops_open() due to race condition with ufx_usb_disconnect() when disconnecting a usb device while calling open() on the device

use-after-free when dvb_demux_open() is called between the two syncs of dvbdev->users and dvr_dvbdev->users in dvb_dmxdev_release()

I pxa3xx_gcu_write defined in  drivers/video/fbdev/pxa3xx-gcu.c, a count parameter of type size_t is passed to words of type int.  Then, copy_from_user()...

nfqnl_mangle in net/netfilter/nfnetlink_queue.c allows remote attackers to cause a denial of service in the case of a nf_queue verdict with a one-byte...

double xfrm_pols_put() in xfrm_bundle_lookup()

double-free in rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c

tcp clients could be fingerprinted due to insufficient randomness when selecting the source port

use-after-free in in gadgetfs driver when concurrently mounting and unmounting the gadgetfs filesystem between gadgetfs_fill_super() and race with gadgetfs_kill_sb()

integer type confusion in get_proc_long

use-after-free in nilfs_new_inode in fs/nilfs2/inode.c

memory leak when nilfs_attach_log_writer() fails to create a log writer thread

potential use-after-free in sch_sfb enqueue()

use-after-free in nfp6000_area_init in drivers/net/ethernet/netronome/nfp/nfpcore/nfp6000_pcie.c

memory leaks in net/unix/af_unix.c

use after free in spl2sw_nvmem_get_mac_address

memory leak in ipv6_renew_options() when one thread is converting an IPv6 socket into IPv4 with IPV6_ADDRFORM while another thread calls...

race-condition with xfrm_probe_algs() in net/key/af_key.c

In alloc_inode, inode_init_always() could return -ENOMEM if security_inode_alloc() fails, which causes inode->i_private uninitialized. Then...

NULL pointer dereference in kvm_irq_delivery_to_apic_fast() could cause the the host to crash

A double-free flaw was found in the Linux kernel in the ems_usb_start_xmit function. This flaw allows an attacker to create a memory leak and corrupt the...

mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free.

usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free.

A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a...

st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of...

A NULL pointer dereference flaw in the implementation of the X.25 set of standardized network protocols, which can result in denial of service.

A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access...

There are NPD and use-after-free vulnerabilities in net/ax25/ax25_timer.c of linux that allow attacker to crash linux kernel by simulating ax25 device from...

There are use-after-free vulnerabilities in net/ax25/af_ax25.c of linux that allow attacker to crash linux kernel by simulating ax25 device from user space.

There are null-ptr-deref vulnerability and use-after-free vulnerabilities in net/ax25/af_ax25.c of linux that allow attacker to crash linux kernel by...

There are use-after-free vulnerabilities in drivers/net/hamradio/6pack.c of linux that allow attacker to crash linux kernel by simulating ax25 device using...

A use-after-free vulnerability was found in drivers/net/hamradio in the Linux kernel. In this flaw, a local attacker with a user privilege may lead to a...

Linux Kernel v5.2+: x86/kvm: cmpxchg_gpte can write to pfns outside the userspace region

race condition in snd_pcm_hw_free leading to use-after-free

CVE-2022-1016 pertains to uninitialized stack data in the nft_do_chain routine. CVE-2022-1016 is exploitable starting from commit 96518518cc41 (original...

CVE-2022-1015 pertains to an out of bounds access in nf_tables expression evaluation due to validation of user register indices. It leads to local privilege...

A denial of service (DOS) issue was found in the Linux kernel’s smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS)...

Non-transparent sharing of branch predictor within a context in some Intel® Processors may allow an authorized user to potentially enable information...

Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable...

In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL pointer dereference.

An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some...

In the Linux kernel 5.8 through 5.19.14, remote attackers are able to inject WLAN frames into the mac80211 stack could cause a NULL pointer dereference...

A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.14 could be used by remote attackers who are able to inject...

Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.14 could be used by remote attackers who are...

A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.14 could be used by remote attackers who are...

A buffer overflow flaw was found in the u8 overflow in cfg80211_update_notlisted_nontrans() in net/wireless/scan.c in the Linux kernel’s wifi subcomponent....

A use-after-free flaw was found in the Linux kernel’s io_uring interface subsystem in the way a user triggers a race condition between timeout flush and...

In the Linux kernel 5.17 before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c, if it finds an ARPHRD_ETHER type net device, it will hold the...

kernel/bpf/verifier.c in the Linux Kernel 5.8 through 5.15.14 allows local users to gain privileges because of missing sanity check for pointer arithmetic...

KGDB and KDB allow read and write access to kernel memory but were not restricted during lockdown

a sleep called in an atomic context could cause kernel panic during nfc firmware download

a user with CAP_NET_ADMIN can use a race condition between kobject creation and delete to leak kernel information

a user with the ability to create user/net namespaces can exploit an out-of-bounds write in netflter to achieve privilege escalation to root.

a user with the ability to create user/net namespaces can exploit a use-after-free write in netflter to achieve privilege escalation to root.

possible use-after-free due to race condition when simulating NFC device from user space

A use-after-free flaw was found in the Linux kernel’s performance events functionality. A user triggers a race condition in setting up performance...

In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device)...

In the Linux kernel before version 5.15.7, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who...

An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-bounds bug in the detach_capi_ctr function in...

An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-Process Communication (TIPC) functionality allows...

The firewire subsystem in the Linux kernel before version 5.15.1 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and...

dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c in the Linux kernel before version 5.14.16 allows a heap-based buffer...

prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before version 5.14.12 allows unprivileged users to trigger an eBPF multiplication...

loop_rw_iter in fs/io_uring.c in the Linux kernel through 5.14.6 allows local users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free...

A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13.

net/nfc/llcp_sock.c in the Linux kernel before 5.12.10 allows local unprivileged users to cause a denial of service (NULL pointer dereference and BUG) by...

drivers/usb/host/max3421-hcd.c in the Linux kernel before 5.13.6 allows physically proximate attackers to cause a denial of service (use-after-free and...

In kernel/bpf/hashtab.c in the Linux kernel before version 5.13.12, there is an integer overflow and out-of-bounds write when many elements are placed in a...

hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel before version 5.13.6 calls unregister_netdev without checking for the NETREG_REGISTERED...

An issue has been discovered in the Linux kernel mechanism to mitigate Speculative Store Bypass in BPF. On affected systems, an unprivileged BPF program can...

kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature Verification, aka CID-0c18f29aae7c. Without CONFIG_MODULE_SIG, verification that a...

net/can/bcm.c in the Linux kernel before 5.12.13 allows local users to obtain sensitive information from kernel stack memory because parts of a data...

An issue has been discovered in the Linux kernel mechanism to mitigate Speculative Store Bypass in BPF. On affected systems, an unprivileged BPF program can...

An privilege escalation security issue has been found in the filesystem layer of the Linux kernel before version 5.13.4. An unprivileged local attacker can...

In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged...

kernel/bpf/verifier.c in the Linux kernel before 5.12.8 enforces incorrect limits for pointer arithmetic operations, aka CID- bb01a1bba579. This can be...

In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing...

net/bluetooth/hci_request.c in the Linux kernel before version 5.12.4 has a race condition for removal of the HCI controller.

kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading to disclosure of stack content via side-channel...

This vulnerability allows local attackers to escalate privileges on affected installations of the Linux kernel before version 5.12.4. An attacker must first...

An issue was discovered in the Linux kernel. synic_get in arch/x86/kvm/hyperv.c has a NULL pointer dereference for certain accesses to the SynIC Hyper-V...

A security issue has been found in the Linux kernel before version 5.11.12. There is a race condition between check and use of the nested VMCB controls in KVM.

An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because...

An issue was discovered in the Linux kernel before 5.11.11. The user mode driver (UMD) has a copy_process() memory leak, related to a lack of cleanup steps...

An issue was discovered in the Linux kernel before 5.11.11. The BPF subsystem does not properly consider that resolved_ids and resolved_sizes are...

An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel...

An issue was discovered in the Linux kernel before 5.11.11. tipc_nl_retrieve_key in net/tipc/node.c does not properly validate certain data sizes, aka...

An issue was discovered in the Linux kernel before 5.11.9. drivers/vhost/vdpa.c has a use-after-free because v->config_ctx has an invalid value upon...

An issue was discovered in the Linux kernel before 5.11.7. usbip_sockfd_store in drivers/usb/usbip/stub_dev.c allows attackers to cause a denial of service...

An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver allows...

An issue has been discovered in the Linux kernel before version 5.11.16 in the mechanism to mitigate speculatively out-of-bounds loads (Spectre mitigation)....

An issue has been discovered in the Linux kernel up to version 5.11.12 that can be abused by unprivileged local users to escalate privileges. The issue is...

In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a...

In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as...

A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service...

An issue was discovered in the Linux kernel through 5.11.8. The sound/soc/qcom/sdm845.c soundwire device driver has a buffer overflow when an unexpected...

An issue was discovered in fs/io_uring.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (deadlock) because exit may be...

An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A "stall on CPU" can occur because a retry loop continually finds the same...

A security issue was found in the Linux kernel before version 5.11.11, as used by Xen. The fix for CVE-2021-26930, a.k.a. XSA-365, includes initialization...

rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array....

An issue was discovered in the Linux kernel through 5.11.6. fastrpc_internal_invoke in drivers/misc/fastrpc.c does not prevent user applications from...

An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors...

An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can...

An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user...

An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure....

An issue was discovered in the Linux kernel 3.2 up to 5.10.17, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of...

An issue was discovered in the Linux kernel 2.6.39 up to 5.10.17, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug,...

An issue was discovered in the Linux kernel 3.11 up to 5.10.17, as used by Xen. To service requests to the PV backend, the driver maps grant references...

A use after free security issue has been found in the Linux kernel before version 5.12.4 in the implementation of nfc sockets (in net/nfc/llcp_sock.c),...

A race condition was found in the Linux kernel before version 5.12.4 in sctp_destroy_sock. If sctp_destroy_sock is called without...

A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause...

An issue was discovered in the Linux KVM· through Improper handling of VM_IO|VM_PFNMAP, vmas in KVM can bypass RO checks and can lead to pages being freed...

An attacker with a low-privileged user on a Linux machine before kernel version 5.14.12 with an overlay mount can escalate his privileges up to root when...

A security issue was found in the Linux kernel before version 5.9. The specific flaw exists within DRM memory management. The issue results from the lack of...

There is a vulnerability in the Linux kernel versions higher than 5.2 and before version 5.11 (if the kernel is compiled with config params...

A flaw was found in the Linux kernels implementation of string matching within a packet.  A privileged user ( with root or CAP_NET_ADMIN ) when inserting...

A security issue has been found in the Linux kernel. There is a NULL pointer dereference in kvm_dirty_ring_get() in virt/kvm/dirty_ring.c via a KVM...

A security issue in the Linux kernel's implementation of RDMA communications manager listener code allowed an attacker with local access to setup socket to...

A security issue was found in the io-workqueue implementation in the Linux kernel before version 5.15. The kernel can panic when an improper cancellation...

On the Linux kernel 3.6 and later before version 5.15.5, it is possible for an attacker to leak or change data that resides on hugetlbfs. Such data can...

When a map is read-only for the ebpf program and is frozen, the ebpf verifier will directly take the value from the map and directly use the value to...

In the Linux kernel before version 5.14.15, there is an array-index- out-bounds bug in detach_capi_ctr in drivers/isdn/capi/kcapi.c. During this process,...

A security issue has been found in the Linux kernel. An attacker with a low-privileged user on a Linux machine with an overlay mount which has a file...

A memory leak in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel before 5.14.10 allows attackers to cause a denial of...

A use-after-free vulnerability of ndev->rf_conn_info object has been found in the Linux kernel NFC stack before version 5.14.15. The root cause is that...

A memory overflow was found in the Linux kernel before 5.15, in the ipc functionality of the memcg subsystem in the way user calls semget for many times...

An out-of-bounds read due to a race condition has been found in the Linux kernel before version 5.14.2. The root cause of this vulnerability is that the...

A use after free vulnerability has been found in the Linux kernel's bluetooth module.

A memory leak in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel before version 5.14.10 allows attackers to cause a...

An out-of-bounds (OOB) memory read security issue was found in the Qualcomm IPC router protocol in the Linux kernel before version 5.14. A missing sanity...

A null pointer dereference bug was discovered in the btrfs_rm_device function in fs/btrfs/volumes.c in the Linux kernel before version 5.14.1, where...

A security issue was found in overlayfs implementation of the Linux kernel before version 5.13.11 where a local attacker with an unprivileged account who...

A lack of CPU resources in the Linux kernel tracing module functionality was found in the way users use the trace ring buffer in specific way. Only...

A security issue was found in the Linux kernel. Reading /proc/sysvipc/shm does not scale with large shared memory segment counts, which could lead to...

A security issue has been found in the KVM's AMD code for supporting SVM nested virtualization in the Linux kernel before version 5.13.20. This issue is...

A vulnerability was found in the Linux kernel. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory.

A security issue has been found in the KVM's AMD code for supporting SVM nested virtualization in the Linux kernel before version 5.13.20. This issue is...

A use after free vulnerability has been found in sco_send_frame() in the Bluetooth stack of the Linux kernel before version 5.15.3, similar to...

An out-of-bounds memory write security issue was found in the Linux kernel’s joystick devices subsystem before version 5.13.2, in the way the user calls...

A race condition in net/can/bcm.c in the Linux kernel before version 5.13.2 allows for local privilege escalation to root. The CAN BCM networking protocol...

A use after free vulnerability has been found in the hci_sock_bound_ioctl() function of the Linux kernel. It can allow attackers to corrupt kernel heaps...

A security issue has been found in Bluetooth subsystem of the Linux kernel. HCI device initialization failure can lead to unexpected results, like...

A null pointer dereference in the Nitro Enclaves Linux kernel driver was found in the way that Enclaves VMs forces closures on the enclave file descriptor....

An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel. A bounds check failure allows a local attacker...

A security issue was found in the Linux kernel before version 5.11.16. The value of internal.ndata, in the KVM API, is mapped to an array index, which can...

A security issue was found in the Linux kernel before version 5.12.4. It was discovered that the io_uring PROVIDE_BUFFERS operation allowed the MAX_RW_COUNT...

A security issue was found in the Linux kernel before version 5.12.4. It was discovered that eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR)...

A security issue was found in the Linux kernel before version 5.12.4. It was discovered that eBPF RINGBUF bpf_ringbuf_reserve did not check that the...

A security issue has been found in the Linux kernel before version 5.11.12 in Linux/drivers/firewire/nosy.c. Nosy is an IEEE 1394 packet sniffer which is...

A security issue was found in the Linux kernel before version 5.9. A denial of service problem is identified if an extent tree is corrupted in a crafted...

nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after-free that could be triggered by local attackers...

An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to...

fs/nfsd/nfs3xdr.c in the Linux kernel before version 5.10.10 and 5.4.92, when there is an NFS export of a subdirectory of a filesystem, allows remote...

mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel might allow remote attackers to execute arbitrary code...

In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote...

A numeric error in the Linux kernel mechanism to mitigate speculatively out-of-bounds loads (Spectre mitigation) has been identified. Unprivileged BPF...

A gap in the Linux kernel mechanism to mitigate speculatively out-of- bounds loads (Spectre mitigation) has been identified. Unprivileged BPF programs...

An issue was discovered in the Linux kernel before version 5.12.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of...

An issue was discovered in the Linux kernel before version 5.12.9. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast...

An issue was discovered in the Linux kernel before version 5.12.9. The Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of...

An issue was discovered in the Linux kernel before version 5.12.9. An Access Point (AP) forwards EAPOL frames to other clients even though the sender has...

A memory leak has been found in the perf_event_parse_addr_filter function of Linux before 5.9.7, leading to a denial of service.

A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality in versions prior to versions 5.11.3 and 5.10.20 in the way...

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in...

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a...

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments...

A heap buffer overflow flaw was found in the way the Linux kernel’s Bluetooth implementation processed extended advertising report events. This flaw allows...

Hadar Manor reported that by reusing a DCCP socket with an attached dccps_hc_tx_ccid as a listener,  in Linux <= 5.9, it will be used after being released,...

A memory corruption flaw was found in the Linux kernel before 5.9-rc4 in net/packet/af_packet.c. A local attacker with CAP_NET_RAW privileges can exploit...

An information leak flaw was found in the way the Linux kernel's Bluetooth stack implementation handled initialization of stack memory when handling certain...

A flaw was found in the way the Linux kernel Bluetooth implementation handled L2CAP packets with A2MP CID. A remote attacker in adjacent range could use...

An out-of-bounds access flaw was found in the Linux kernel’s implementation of the eBPF code verifier, where an incorrect register bounds calculation while...

An information disclosure flaw was found in the Linux kernel's Intel Running Average Power Limit (RAPL) implementation. A local non- privileged attacker...

rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel before 5.3.9, 4.19.82, 4.14.152, 4.9.199, 4.4.199 lacks a certain...

An excessive resource consumption flaw was found in the way the Linux kernel's networking subsystem processed TCP segments. If the Maximum Segment Size...

An excessive resource consumption flaw was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment (SACK) segments....

An integer overflow has been discovered in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A sequence of SACKs may be crafted such...

In the Linux kernel 4.14.x before 4.14.75 and 4.18.x before 4.18.13, faulty computation of numeric bounds in the BPF verifier permits out- of-bounds memory...

A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of...

A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this...

A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time...

Systems with microprocessors utilising speculative execution and address translations may allow unauthorised disclosure of information residing in the L1...

Systems with microprocessors utilising speculative execution and address translations may allow unauthorised disclosure of information residing in the L1...

Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of...

A security issue has been found in Linux <= 4.16.9, where an unprivileged attacker can hide a process from procps-ng's utilities by exploiting either a...

A denial of service has been found in Linux <= 4.16.9. An attacker can block any read() access to /proc/PID/cmdline by mmap()ing a FUSE file (Filesystem in...

Linux kernel Virtualization Module (CONFIG_KVM) for the Intel processor family (CONFIG_KVM_INTEL) before 4.14.6, 4.9.69, 4.4.106, 3.18.88, 3.16.52 and...

The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ld.so to where the stack is mapped allowing...

The offset2lib patch as used by the Linux Kernel contains a vulnerability, if RLIMIT_STACK is set to RLIM_INFINITY and 1 Gigabyte of memory is allocated...

The offset2lib patch as used in the Linux Kernel contains a vulnerability that allows a PIE binary to be execve()'ed with 1GB of arguments or environmental...

The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but does...

A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions...

A stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client....

It has been discovered that kernel/bpf/verifier.c in the Linux kernel before 4.14.9 and 4.9.73 mishandles states_equal comparisons between the pointer data...

It has been discovered that kernel/bpf/verifier.c in the Linux kernel before 4.14.9 and 4.9.72 does not check the relationship between pointer values and...

It has been discovered that kernel/bpf/verifier.c in the Linux kernel before 4.14.9 and 4.9.72 ignore unreachable code, even though it would still be...

The check_stack_boundary function in kernel/bpf/verifier.c in the Linux kernel before 4.14.9 allows local users to cause a denial of service (memory...

It has been discovered that kernel/bpf/verifier.c in the Linux kernel before 4.14.9 allows local users to cause a denial of service (memory corruption) or...

It has been discovered that kernel/bpf/verifier.c in the Linux kernel before 4.14.9 allows local users to cause a denial of service (memory corruption) or...

It has been discovered that kernel/bpf/verifier.c in the Linux kernel before 4.14.9 allows local users to cause a denial of service (integer overflow and...

It has been discovered kernel/bpf/verifier.c in the Linux kernel before 4.14.9 allows local users to cause a denial of service (memory corruption) or...

It has been discovered that kernel/bpf/verifier.c in the Linux kernel before 4.14.9 allows local users to cause a denial of service (memory corruption) or...

The KEYS subsystem in the Linux kernel before 4.14.6, 4.9.69, 4.4.107, 3.18.88, 3.16.52 and 3.2.97 omitted an access-control check when adding a key to the...

The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8, 4.9.71, 4.4.107, 3.18.89, 3.16.52 and 3.2.97 does not validate that the...

The Salsa20 encryption algorithm in the Linux kernel before 4.14.8, 4.9.71, 4.4.107, 3.18.89, 3.16.52 and 3.2.97 does not correctly handle zero-length...

The KVM implementation in the Linux kernel through 4.14.7 allows attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio...

A flaw was found in the Linux kernel's implementation of raw_sendmsg before 4.14.11, 4.4.109 and 4.9.74 allowing a local attacker to panic the kernel or...

The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel before 4.14.8, 4.9.71, 4.4.107, 3.18.89,...

It has been discovered that net/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for add_callback and...

The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel before 4.14.11, 4.9.74, 4.4.109, 3.18.91 and 3.16.52 when...

It has been discovered that net/netfilter/nfnetlink_cthelper.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for new,...

An arbitrary memory r/w access issue was found in the Linux kernel before 4.14.9 compiled with the eBPF bpf(2) system call (CONFIG_BPF_SYSCALL) support. The...

An arbitrary memory r/w access issue was found in the Linux kernel before 4.14.9, 4.9.72 compiled with the eBPF bpf(2) system call (CONFIG_BPF_SYSCALL)...

The qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero...

The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service...

The dvb_frontend_free function in drivers/media/dvb- core/dvb_frontend.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service...

drivers/net/usb/asix_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system...

drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (BUG and system crash) or...

The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims- pcu.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service...

The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service...

The parse_hid_report_descriptor function in drivers/input/tablet/gtco.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service...

Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have...

The waitid implementation in kernel/exit.c in the Linux kernel through 4.13.4 accesses rusage data structures in unintended cases, which allows local users...

The intr function in sound/oss/msnd_pinnacle.c in the Linux kernel before 4.13, 4.9.50, 4.4.99 and 4.1.45 allows local users to cause a denial of service...

The snd_msndmidi_input_read function in sound/isa/msnd/msnd_midi.c in the Linux kernel before 4.13, 4.9.50, 4.4.99 and 4.1.45 allows local users to cause a...

The snd_msnd_interrupt function in sound/isa/msnd/msnd_pinnacle.c in the Linux kernel before 4.13, 4.9.50, 4.4.99 and 4.1.45 allows local users to cause a...

A use-after-free vulnerability was found in DCCP socket code affecting the Linux kernel since 2.6.16. The dccp_disconnect function in net/dccp/proto.c...

A local privilege escalation vulnerability has been found in the Linux kernel. Chaitin Security Research Lab discovered that xfrm_replay_verify_len(), as...

A use-after-free vulnerability has been discovered in the DCCP implementation in the Linux kernel. The dccp_rcv_state_process function in net/dccp/input.c...

Race condition in kernel/events/core.c in the Linux kernel before 4.9.7 allows local users to gain privileges via a crafted application that makes...

It was reported that with Linux kernel, earlier than version v4.10-rc8, an application may trigger a BUG_ON in sctp_wait_for_sndbuf if the socket tx buffer...

An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used...

An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used...

An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used...

It was discovered that when the waitid() syscall in Linux kernel v4.13 was refactored, it accidentally stopped checking that the incoming argument was...

A race condition flaw was found in the N_HLDC Linux kernel driver when accessing the n_hdlc.tbuf list that can lead to double free. A local, unprivileged...

The Linux kernel > 3.6-rc1, when built with Kernel-based Virtual Machine (CONFIG_KVM) support, is vulnerable to an incorrect segment selector (SS) value...

The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which...

The icmp6_send function in net/ipv6/icmp.c in the Linux kernel through 4.8.12 omits a certain check of the dst data structure, which allows remote attackers...

Linux kernel built with the KVM visualization support (CONFIG_KVM), with nested visualization(nVMX) feature enabled(nested=1), is vulnerable to an uncaught...

A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets implementation in the Linux kernel networking subsystem...

A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read- only memory mappings. An...