Kernel
by Linux
Source repositories
CVEs (15,869)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-10208 | Med | 0.21 | 4.3 | 0.00 | Feb 6, 2017 | The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.9.8 does not properly validate meta block groups, which allows physically proximate attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image. | ||
| CVE-2026-53342 | mod | 0.19 | — | 0.00 | Jul 1, 2026 | kernel: arm64: mm: call pagetable dtor when freeing hot-removed page tables | ||
| CVE-2019-19073 | Med | 0.19 | 4.0 | 0.01 | Nov 18, 2019 | Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures. This affects the htc_config_pipe_credits() function, the… | ||
| CVE-2019-13272 | Hig | 0.19 | 7.8 | 0.52 | KEV | Jul 17, 2019 | In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process… | |
| CVE-2016-0823 | Med | 0.19 | 4.0 | 0.00 | Mar 12, 2016 | The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721. | ||
| CVE-2015-8575 | Med | 0.19 | 4.0 | 0.01 | Feb 8, 2016 | The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel before 4.3.4 does not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application. | ||
| CVE-2015-8374 | Med | 0.19 | 4.0 | 0.01 | Dec 28, 2015 | fs/btrfs/inode.c in the Linux kernel before 4.3.3 mishandles compressed inline extents, which allows local users to obtain sensitive pre-truncation information from a file via a clone action. | ||
| CVE-2023-32251 | Low | 0.17 | 3.7 | 0.00 | Jul 31, 2025 | A vulnerability has been identified in the Linux kernel's ksmbd component (kernel SMB/CIFS server). A security control designed to prevent dictionary attacks, which introduces a 5-second delay during session setup, can be bypassed through the use of asynchronous requests. This… | ||
| CVE-2023-52746 | Low | 0.16 | 2.5 | 0.00 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: xfrm/compat: prevent potential spectre v1 gadget in xfrm_xlate32_attr() int type = nla_type(nla); if (type > XFRMA_MAX) { return -EOPNOTSUPP; } @type is then used as an array index and can… | ||
| CVE-2023-52620 | Low | 0.16 | 2.5 | 0.00 | Mar 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: disallow timeout for anonymous sets Never used from userspace, disallow these parameters. | ||
| CVE-2023-0386 | Hig | 0.16 | 7.8 | 0.08 | KEV | Mar 22, 2023 | A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a… | |
| CVE-2019-11191 | Low | 0.16 | 2.5 | 0.01 | Apr 12, 2019 | The Linux kernel through 5.0.7, when CONFIG_IA32_AOUT is enabled and ia32_aout is loaded, allows local users to bypass ASLR on setuid a.out programs (if any exist) because install_exec_creds() is called too late in load_aout_binary() in fs/binfmt_aout.c, and thus the… | ||
| CVE-2021-47440 | Low | 0.15 | 2.3 | 0.00 | May 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: encx24j600: check error in devm_regmap_init_encx24j600 devm_regmap_init may return error which caused by like out of memory, this will results in null pointer dereference later when reading or writing… | ||
| CVE-2021-3923 | Low | 0.15 | 2.3 | 0.00 | Mar 27, 2023 | A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a privileged local account can leak kernel stack information when issuing commands to the /dev/infiniband/rdma_cm device node. While this access is unlikely to leak sensitive user… | ||
| CVE-2018-1118 | Low | 0.15 | 2.3 | 0.00 | May 10, 2018 | Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading… | ||
| CVE-2026-46057 | Low | 0.14 | 3.3 | 0.00 | May 27, 2026 | In the Linux kernel, the following vulnerability has been resolved: landlock: Fix LOG_SUBDOMAINS_OFF inheritance across fork() hook_cred_transfer() only copies the Landlock security blob when the source credential has a domain. This is inconsistent with… | ||
| CVE-2024-41027 | Low | 0.14 | 3.3 | 0.00 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: Fix userfaultfd_api to return EINVAL as expected Currently if we request a feature that is not set in the Kernel config we fail silently and return all the available features. However, the man page indicates… | ||
| CVE-2024-41007 | Low | 0.14 | 3.3 | 0.00 | Jul 15, 2024 | In the Linux kernel, the following vulnerability has been resolved: tcp: avoid too many retransmit packets If a TCP socket is using TCP_USER_TIMEOUT, and the other peer retracted its window to zero, tcp_retransmit_timer() can retransmit a packet every two jiffies (2 ms for… | ||
| CVE-2024-26992 | Low | 0.14 | 3.3 | 0.00 | May 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: KVM: x86/pmu: Disable support for adaptive PEBS Drop support for virtualizing adaptive PEBS, as KVM's implementation is architecturally broken without an obvious/easy path forward, and because exposing… | ||
| CVE-2020-36766 | Low | 0.14 | 3.3 | 0.00 | Sep 18, 2023 | An issue was discovered in the Linux kernel before 5.8.6. drivers/media/cec/core/cec-api.c leaks one byte of kernel memory on specific hardware to unprivileged users, because of directly assigning log_addrs with a hole in the struct. |
- risk 0.21cvss 4.3epss 0.00
The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.9.8 does not properly validate meta block groups, which allows physically proximate attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image.
- risk 0.19cvss —epss 0.00
kernel: arm64: mm: call pagetable dtor when freeing hot-removed page tables
- risk 0.19cvss 4.0epss 0.01
Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures. This affects the htc_config_pipe_credits() function, the…
- risk 0.19cvss 7.8epss 0.52
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process…
- risk 0.19cvss 4.0epss 0.00
The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721.
- risk 0.19cvss 4.0epss 0.01
The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel before 4.3.4 does not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application.
- risk 0.19cvss 4.0epss 0.01
fs/btrfs/inode.c in the Linux kernel before 4.3.3 mishandles compressed inline extents, which allows local users to obtain sensitive pre-truncation information from a file via a clone action.
- risk 0.17cvss 3.7epss 0.00
A vulnerability has been identified in the Linux kernel's ksmbd component (kernel SMB/CIFS server). A security control designed to prevent dictionary attacks, which introduces a 5-second delay during session setup, can be bypassed through the use of asynchronous requests. This…
- risk 0.16cvss 2.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: xfrm/compat: prevent potential spectre v1 gadget in xfrm_xlate32_attr() int type = nla_type(nla); if (type > XFRMA_MAX) { return -EOPNOTSUPP; } @type is then used as an array index and can…
- risk 0.16cvss 2.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: disallow timeout for anonymous sets Never used from userspace, disallow these parameters.
- risk 0.16cvss 7.8epss 0.08
A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a…
- risk 0.16cvss 2.5epss 0.01
The Linux kernel through 5.0.7, when CONFIG_IA32_AOUT is enabled and ia32_aout is loaded, allows local users to bypass ASLR on setuid a.out programs (if any exist) because install_exec_creds() is called too late in load_aout_binary() in fs/binfmt_aout.c, and thus the…
- risk 0.15cvss 2.3epss 0.00
In the Linux kernel, the following vulnerability has been resolved: net: encx24j600: check error in devm_regmap_init_encx24j600 devm_regmap_init may return error which caused by like out of memory, this will results in null pointer dereference later when reading or writing…
- risk 0.15cvss 2.3epss 0.00
A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a privileged local account can leak kernel stack information when issuing commands to the /dev/infiniband/rdma_cm device node. While this access is unlikely to leak sensitive user…
- risk 0.15cvss 2.3epss 0.00
Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading…
- risk 0.14cvss 3.3epss 0.00
In the Linux kernel, the following vulnerability has been resolved: landlock: Fix LOG_SUBDOMAINS_OFF inheritance across fork() hook_cred_transfer() only copies the Landlock security blob when the source credential has a domain. This is inconsistent with…
- risk 0.14cvss 3.3epss 0.00
In the Linux kernel, the following vulnerability has been resolved: Fix userfaultfd_api to return EINVAL as expected Currently if we request a feature that is not set in the Kernel config we fail silently and return all the available features. However, the man page indicates…
- risk 0.14cvss 3.3epss 0.00
In the Linux kernel, the following vulnerability has been resolved: tcp: avoid too many retransmit packets If a TCP socket is using TCP_USER_TIMEOUT, and the other peer retracted its window to zero, tcp_retransmit_timer() can retransmit a packet every two jiffies (2 ms for…
- risk 0.14cvss 3.3epss 0.00
In the Linux kernel, the following vulnerability has been resolved: KVM: x86/pmu: Disable support for adaptive PEBS Drop support for virtualizing adaptive PEBS, as KVM's implementation is architecturally broken without an obvious/easy path forward, and because exposing…
- risk 0.14cvss 3.3epss 0.00
An issue was discovered in the Linux kernel before 5.8.6. drivers/media/cec/core/cec-api.c leaks one byte of kernel memory on specific hardware to unprivileged users, because of directly assigning log_addrs with a hole in the struct.
Page 586 of 794