VYPR

Kernel

by Linux

Source repositories

CVEs (15,869)

  • CVE-2016-2186MedMay 2, 2016
    risk 0.23cvss 4.6epss 0.01

    The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.

  • CVE-2016-2185MedMay 2, 2016
    risk 0.23cvss 4.6epss 0.01

    The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.

  • CVE-2015-8324MedMay 2, 2016
    risk 0.23cvss 4.6epss 0.00

    The ext4 implementation in the Linux kernel before 2.6.34 does not properly track the initialization of certain data structures, which allows physically proximate attackers to cause a denial of service (NULL pointer dereference and panic) via a crafted USB device, related to the…

  • CVE-2024-42154MedJul 30, 2024
    risk 0.22cvss 4.4epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: tcp_metrics: validate source addr length I don't see anything checking that TCP_METRICS_ATTR_SADDR_IPV4 is at least 4 bytes long, and the policy doesn't have an entry for this attribute at all (neither does it…

  • CVE-2020-35501LowMar 30, 2022
    risk 0.22cvss 3.4epss 0.00

    A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the audit subsystem

  • CVE-2021-20317MedSep 27, 2021
    risk 0.22cvss 4.4epss 0.00

    A flaw was found in the Linux kernel. A corrupted timer tree caused the task wakeup to be missing in the timerqueue_add function in lib/timerqueue.c. This flaw allows a local attacker with special user privileges to cause a denial of service, slowing and eventually stopping the…

  • CVE-2021-20177MedMay 26, 2021
    risk 0.22cvss 4.4epss 0.00

    A flaw was found in the Linux kernel's implementation of string matching within a packet. A privileged user (with root or CAP_NET_ADMIN) when inserting iptables rules could insert a rule which can panic the system. Kernel before kernel 5.5-rc1 is affected.

  • CVE-2019-20806MedMay 27, 2020
    risk 0.22cvss 4.4epss 0.00

    An issue was discovered in the Linux kernel before 5.2. There is a NULL pointer dereference in tw5864_handle_frame() in drivers/media/pci/tw5864/tw5864-video.c, which may cause denial of service, aka CID-2e7682ebfc75.

  • CVE-2019-19072MedNov 18, 2019
    risk 0.22cvss 4.4epss 0.00

    A memory leak in the predicate_parse() function in kernel/trace/trace_events_filter.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-96c5c6e6a5b6.

  • CVE-2019-19067MedNov 18, 2019
    risk 0.22cvss 4.4epss 0.00

    Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption) by triggering mfd_add_hotplug_devices() or pm_genpd_add_device() failures, aka…

  • CVE-2019-19045MedNov 18, 2019
    risk 0.22cvss 4.4epss 0.01

    A memory leak in the mlx5_fpga_conn_create_cq() function in drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering mlx5_vector2eqn() failures, aka CID-c8c2a057fdc7.

  • CVE-2016-9604MedJul 11, 2018
    risk 0.22cvss 4.4epss 0.00

    It was discovered in the Linux kernel before 4.11-rc8 that root can gain direct access to an internal keyring, such as '.dns_resolver' in RHEL-7 or '.builtin_trusted_keys' upstream, by joining it as its session keyring. This allows root to bypass module signature verification by…

  • CVE-2015-2877LowMar 3, 2017
    risk 0.22cvss 3.3epss 0.01

    Kernel Samepage Merging (KSM) in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other guest OS instances via a Cross-VM ASL INtrospection (CAIN) attack. NOTE: the…

  • CVE-2015-7509MedDec 28, 2015
    risk 0.22cvss 4.4epss 0.00

    fs/ext4/namei.c in the Linux kernel before 3.7 allows physically proximate attackers to cause a denial of service (system crash) via a crafted no-journal filesystem, a related issue to CVE-2013-2015.

  • CVE-2014-8134LowDec 12, 2014
    risk 0.22cvss 3.3epss 0.01

    The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an improper paravirt_enabled setting for KVM guest kernels, which makes it easier for guest OS users to bypass the ASLR protection mechanism via a crafted application that reads a…

  • CVE-2026-22978LowJan 23, 2026
    risk 0.21cvss 3.3epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: wifi: avoid kernel-infoleak from struct iw_point struct iw_point has a 32bit hole on 64bit arches. struct iw_point { void __user *pointer; /* Pointer to the data (in user space) */ __u16 …

  • CVE-2025-71148LowJan 23, 2026
    risk 0.21cvss 3.3epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: net/handshake: restore destructor on submit failure handshake_req_submit() replaces sk->sk_destruct but never restores it when submission fails before the request is hashed. handshake_sk_destruct() then…

  • CVE-2025-39964LowOct 13, 2025
    risk 0.21cvss 3.3epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg Issuing two writes to the same af_alg socket is bogus as the data will be interleaved in an unpredictable fashion. Furthermore, concurrent writes…

  • CVE-2022-50522LowOct 7, 2025
    risk 0.21cvss 3.3epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: mcb: mcb-parse: fix error handing in chameleon_parse_gdd() If mcb_device_register() returns error in chameleon_parse_gdd(), the refcount of bus and device name are leaked. Fix this by calling put_device() to…

  • CVE-2021-47671LowApr 17, 2025
    risk 0.21cvss 3.3epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: can: etas_es58x: es58x_rx_err_msg(): fix memory leak in error path In es58x_rx_err_msg(), if can->do_set_mode() fails, the function directly returns without calling netif_rx(skb). This means that the skb…

Page 583 of 794