VYPR

Vendor CVEs

Linux

All CVEs

15,999 total · sorted by risk
  • CVE-2024-26847MedApr 17, 2024
    risk 0.33cvss 5.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: use correct function name for resetting TCE tables The PAPR spec spells the function name as "ibm,reset-pe-dma-windows" but in practice firmware uses the singular form: …

  • CVE-2023-52633MedApr 2, 2024
    risk 0.33cvss 5.0epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: um: time-travel: fix time corruption In 'basic' time-travel mode (without =inf-cpu or =ext), we still get timer interrupts. These can happen at arbitrary points in time, i.e. while in timer_read(), which…

  • CVE-2024-24855MedFeb 5, 2024
    risk 0.33cvss 5.0epss 0.00

    A race condition was found in the Linux kernel's scsi device driver in lpfc_unregister_fcf_rescan() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.

  • CVE-2023-39189MedOct 9, 2023
    risk 0.33cvss 5.1epss 0.00

    A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode controlled opt_num field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or…

  • CVE-2020-16120MedFeb 10, 2021
    risk 0.33cvss 5.1epss 0.00

    Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if, for example, unprivileged user namespaces were allowed. It was possible to have a file not readable by an unprivileged user to be…

  • CVE-2017-7558MedJul 26, 2018
    risk 0.33cvss 5.1epss 0.04

    A kernel data leak due to an out-of-bound read was found in the Linux kernel in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() functions present since version 4.7-rc1 through version 4.13. A data leak happens when these functions fill in sockaddr data structures used…

  • CVE-2016-7917MedNov 16, 2016
    risk 0.33cvss 5.0epss 0.02

    The nfnetlink_rcv_batch function in net/netfilter/nfnetlink.c in the Linux kernel before 4.5 does not check whether a batch message's length field is large enough, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (infinite…

  • CVE-2015-8956MedOct 10, 2016
    risk 0.33cvss 6.1epss 0.00

    The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket.

  • CVE-2016-6480MedAug 6, 2016
    risk 0.33cvss 5.1epss 0.00

    Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a "double fetch" vulnerability.

  • CVE-2016-6156MedAug 6, 2016
    risk 0.33cvss 5.1epss 0.00

    Race condition in the ec_device_ioctl_xcmd function in drivers/platform/chrome/cros_ec_dev.c in the Linux kernel before 4.7 allows local users to cause a denial of service (out-of-bounds array access) by changing a certain size value, aka a "double fetch" vulnerability.

  • CVE-2016-3140MedMay 2, 2016
    risk 0.33cvss 4.6epss 0.02

    The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.

  • CVE-2016-3136MedMay 2, 2016
    risk 0.33cvss 4.6epss 0.02

    The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint…

  • CVE-2014-9717MedMay 2, 2016
    risk 0.33cvss 6.1epss 0.00

    fs/namespace.c in the Linux kernel before 4.0.2 processes MNT_DETACH umount2 system calls without verifying that the MNT_LOCKED flag is unset, which allows local users to bypass intended access restrictions and navigate to filesystem locations beneath a mount by calling umount2…

  • CVE-2016-3139MedApr 27, 2016
    risk 0.33cvss 4.6epss 0.02

    The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.

  • CVE-2016-2782MedApr 27, 2016
    risk 0.33cvss 4.6epss 0.02

    The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a…

  • CVE-2016-2547MedApr 27, 2016
    risk 0.33cvss 5.1epss 0.00

    sound/core/timer.c in the Linux kernel before 4.4.1 employs a locking approach that does not consider slave timer instances, which allows local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call.

  • CVE-2016-2546MedApr 27, 2016
    risk 0.33cvss 5.1epss 0.00

    sound/core/timer.c in the Linux kernel before 4.4.1 uses an incorrect type of mutex, which allows local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call.

  • CVE-2016-2545MedApr 27, 2016
    risk 0.33cvss 5.1epss 0.00

    The snd_timer_interrupt function in sound/core/timer.c in the Linux kernel before 4.4.1 does not properly maintain a certain linked list, which allows local users to cause a denial of service (race condition and system crash) via a crafted ioctl call.

  • CVE-2016-2544MedApr 27, 2016
    risk 0.33cvss 5.1epss 0.00

    Race condition in the queue_delete function in sound/core/seq/seq_queue.c in the Linux kernel before 4.4.1 allows local users to cause a denial of service (use-after-free and system crash) by making an ioctl call at a certain time.

  • CVE-2016-2543MedApr 27, 2016
    risk 0.33cvss 6.2epss 0.01

    The snd_seq_ioctl_remove_events function in sound/core/seq/seq_clientmgr.c in the Linux kernel before 4.4.1 does not verify FIFO assignment before proceeding with FIFO clearing, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a…

  • CVE-2015-1339MedApr 27, 2016
    risk 0.33cvss 6.2epss 0.00

    Memory leak in the cuse_channel_release function in fs/fuse/cuse.c in the Linux kernel before 4.4 allows local users to cause a denial of service (memory consumption) or possibly have unspecified other impact by opening /dev/cuse many times.

  • CVE-2015-8785MedFeb 8, 2016
    risk 0.33cvss 6.2epss 0.01

    The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov.

  • CVE-2015-8767MedFeb 8, 2016
    risk 0.33cvss 6.2epss 0.00

    net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call.

  • CVE-2013-4312MedFeb 8, 2016
    risk 0.33cvss 6.2epss 0.01

    The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c.

  • CVE-2023-34324MedJan 5, 2024
    risk 0.32cvss 4.9epss 0.01

    Closing of an event channel in the Linux kernel can result in a deadlock. This happens when the close is being performed in parallel to an unrelated Xen console action and the handling of a Xen console interrupt in an unprivileged guest. The closing of an event channel is e.g.…

  • CVE-2020-35513MedJan 26, 2021
    risk 0.32cvss 4.9epss 0.01

    A flaw incorrect umask during file or directory modification in the Linux kernel NFS (network file system) functionality was found in the way user create and delete object using NFSv4.2 or newer if both simultaneously accessing the NFS by the other process that is not using new…

  • CVE-2019-19081MedNov 18, 2019
    risk 0.32cvss 5.9epss 0.03

    A memory leak in the nfp_flower_spawn_vnic_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allows attackers to cause a denial of service (memory consumption), aka CID-8ce39eb5a67a.

  • CVE-2019-19080MedNov 18, 2019
    risk 0.32cvss 5.9epss 0.03

    Four memory leaks in the nfp_flower_spawn_phy_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allow attackers to cause a denial of service (memory consumption), aka CID-8572cea1461a.

  • CVE-2019-19076MedNov 18, 2019
    risk 0.32cvss 5.9epss 0.03

    A memory leak in the nfp_abm_u32_knode_replace() function in drivers/net/ethernet/netronome/nfp/abm/cls.c in the Linux kernel before 5.3.6 allows attackers to cause a denial of service (memory consumption), aka CID-78beef629fd9. NOTE: This has been argued as not a valid…

  • CVE-2019-1010252MedJul 18, 2019
    risk 0.32cvss 4.9epss 0.01

    The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. The impact is: A network administrator (or attacker) can install unintended flow rules in the switch by mistake. The component is: applyFlowRules() and apply() functions in FlowRuleManager.java.…

  • CVE-2019-1010250MedJul 18, 2019
    risk 0.32cvss 4.9epss 0.01

    The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. The impact is: A network administrator (or attacker) can install unintended flow rules in the switch by mistake. The component is: createFlow() and createFlows() functions in FlowWebResource.java…

  • CVE-2019-1010249MedJul 18, 2019
    risk 0.32cvss 4.9epss 0.01

    The Linux Foundation ONOS 2.0.0 and earlier is affected by: Integer Overflow. The impact is: A network administrator (or attacker) can install unintended flow rules in the switch by mistake. The component is: createFlow() and createFlows() functions in FlowWebResource.java…

  • CVE-2013-7470MedApr 23, 2019
    risk 0.32cvss 5.9epss 0.03

    cipso_v4_validate in include/net/cipso_ipv4.h in the Linux kernel before 3.11.7, when CONFIG_NETLABEL is disabled, allows attackers to cause a denial of service (infinite loop and crash), as demonstrated by icmpsic, a different vulnerability than CVE-2013-0310.

  • CVE-2016-5696MedAug 6, 2016
    risk 0.32cvss 4.8epss 0.15

    net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-window attack.

  • CVE-2012-3552MedOct 3, 2012
    risk 0.32cvss 5.9epss 0.03

    Race condition in the IP implementation in the Linux kernel before 3.0 might allow remote attackers to cause a denial of service (slab corruption and system crash) by sending packets to an application that sets socket options during the handling of network traffic.

  • CVE-2011-2918MedMay 24, 2012
    risk 0.32cvss 5.5epss 0.01

    The Performance Events subsystem in the Linux kernel before 3.1 does not properly handle event overflows associated with PERF_COUNT_SW_CPU_CLOCK events, which allows local users to cause a denial of service (system hang) via a crafted application.

  • CVE-2011-2707MedMay 24, 2012
    risk 0.32cvss 6.0epss 0.00

    The ptrace_setxregs function in arch/xtensa/kernel/ptrace.c in the Linux kernel before 3.1 does not validate user-space pointers, which allows local users to obtain sensitive information from kernel memory locations via a crafted PTRACE_SETXTREGS request.

  • CVE-2026-23210MedFeb 14, 2026
    risk 0.31cvss 4.7epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: ice: Fix PTP NULL pointer dereference during VSI rebuild Fix race condition where PTP periodic work runs while VSI is being rebuilt, accessing NULL vsi->rx_rings. The sequence was: 1.…

  • CVE-2026-23207MedFeb 14, 2026
    risk 0.31cvss 4.7epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: spi: tegra210-quad: Protect curr_xfer check in IRQ handler Now that all other accesses to curr_xfer are done under the lock, protect the curr_xfer NULL check in tegra_qspi_isr_thread() with the spinlock.…

  • CVE-2026-23110MedFeb 4, 2026
    risk 0.31cvss 4.7epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: scsi: core: Wake up the error handler when final completions race against each other The fragile ordering between marking commands completed or failed so that the error handler only wakes when the last running…

  • CVE-2026-23101MedFeb 4, 2026
    risk 0.31cvss 4.7epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: leds: led-class: Only Add LED to leds_list when it is fully ready Before this change the LED was added to leds_list before led_init_core() gets called adding it the list before led_classdev.set_brightness_work…

  • CVE-2026-23071MedFeb 4, 2026
    risk 0.31cvss 4.7epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: regmap: Fix race condition in hwspinlock irqsave routine Previously, the address of the shared member '&map->spinlock_flags' was passed directly to 'hwspin_lock_timeout_irqsave'. This creates a race condition…

  • CVE-2026-22986MedJan 23, 2026
    risk 0.31cvss 4.7epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: gpiolib: fix race condition for gdev->srcu If two drivers were calling gpiochip_add_data_with_key(), one may be traversing the srcu-protected list in gpio_name_to_desc(), meanwhile other has just added its…

  • CVE-2025-71111MedJan 14, 2026
    risk 0.31cvss 4.7epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: hwmon: (w83791d) Convert macros to functions to avoid TOCTOU The macro FAN_FROM_REG evaluates its arguments multiple times. When used in lockless contexts involving shared driver data, this leads to…

  • CVE-2025-71074MedJan 13, 2026
    risk 0.31cvss 4.7epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: functionfs: fix the open/removal races ffs_epfile_open() can race with removal, ending up with file->private_data pointing to freed object. There is a total count of opened files on functionfs (both ep0 and…

  • CVE-2025-68749MedDec 24, 2025
    risk 0.31cvss 4.7epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix race condition when unbinding BOs Fix 'Memory manager not clean during takedown' warning that occurs when ivpu_gem_bo_free() removes the BO from the BOs list before it gets unmapped. Then…

  • CVE-2025-68214MedDec 16, 2025
    risk 0.31cvss 4.7epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: timers: Fix NULL function pointer race in timer_shutdown_sync() There is a race condition between timer_shutdown_sync() and timer expiration that can lead to hitting a WARN_ON in expire_timers(). The issue…

  • CVE-2025-40039MedOct 28, 2025
    risk 0.31cvss 4.7epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix race condition in RPC handle list access The 'sess->rpc_handle_list' XArray manages RPC handles within a ksmbd session. Access to this list is intended to be protected by 'sess->rpc_lock' (an…

  • CVE-2025-39961MedOct 9, 2025
    risk 0.31cvss 4.7epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: iommu/amd/pgtbl: Fix possible race while increase page table level The AMD IOMMU host page table implementation supports dynamic page table levels (up to 6 levels), starting with a 3-level configuration that…

  • CVE-2023-53623MedOct 7, 2025
    risk 0.31cvss 4.7epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: mm/swap: fix swap_info_struct race between swapoff and get_swap_pages() The si->lock must be held when deleting the si from the available list. Otherwise, another thread can re-add the si to the available…

Page 200 of 320