VYPR

Vendor CVEs

Linux

All CVEs

15,999 total · sorted by risk
  • CVE-2024-53240MedDec 24, 2024
    risk 0.30cvss 5.7epss 0.01

    In the Linux kernel, the following vulnerability has been resolved: xen/netfront: fix crash when removing device When removing a netfront device directly after a suspend/resume cycle it might happen that the queues have not been setup again, causing a crash during the attempt…

  • CVE-2024-49934MedOct 21, 2024
    risk 0.30cvss 4.6epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: fs/inode: Prevent dump_mapping() accessing invalid dentry.d_name.name It's observed that a crash occurs during hot-remove a memory device, in which user is accessing the hugetlb. See calltrace as following: …

  • CVE-2021-47476MedMay 22, 2024
    risk 0.30cvss 4.6epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: comedi: ni_usb6501: fix NULL-deref in command paths The driver uses endpoint-sized USB transfer buffers but had no sanity checks on the sizes. This can lead to zero-size-pointer dereferences or overflowed…

  • CVE-2021-47129MedMar 15, 2024
    risk 0.30cvss 4.6epss 0.01

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_ct: skip expectations for confirmed conntrack nft_ct_expect_obj_eval() calls nf_ct_ext_add() for a confirmed conntrack entry. However, nf_ct_ext_add() can only be called for…

  • CVE-2024-24860MedFeb 5, 2024
    risk 0.30cvss 4.6epss 0.01

    A race condition was found in the Linux kernel's bluetooth device driver in {min,max}_key_size_set() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.

  • CVE-2024-24859MedFeb 5, 2024
    risk 0.30cvss 4.6epss 0.01

    A race condition was found in the Linux kernel's net/bluetooth in sniff_{min,max}_interval_set() function. This can result in a bluetooth sniffing exception issue, possibly leading denial of service.

  • CVE-2024-24858MedFeb 5, 2024
    risk 0.30cvss 4.6epss 0.00

    A race condition was found in the Linux kernel's net/bluetooth in {conn,adv}_{min,max}_interval_set() function. This can result in I2cap connection or broadcast abnormality issue, possibly leading to denial of service.

  • CVE-2024-24857MedFeb 5, 2024
    risk 0.30cvss 4.6epss 0.00

    A race condition was found in the Linux kernel's net/bluetooth device driver in conn_info_{min,max}_age_set() function. This can result in integrity overflow issue, possibly leading to bluetooth connection abnormality or denial of service.

  • CVE-2023-4010MedJul 31, 2023
    risk 0.30cvss 4.6epss 0.01

    A flaw was found in the USB Host Controller Driver framework in the Linux kernel. The usb_giveback_urb function has a logic loophole in its implementation. Due to the inappropriate judgment condition of the goto statement, the function cannot return under the input of a specific…

  • CVE-2022-3903MedNov 14, 2022
    risk 0.30cvss 4.6epss 0.00

    An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the resources, causing denial of service or potentially crashing the…

  • CVE-2019-15291MedAug 20, 2019
    risk 0.30cvss 4.6epss 0.01

    An issue was discovered in the Linux kernel through 5.2.9. There is a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver.

  • CVE-2019-15213MedAug 19, 2019
    risk 0.30cvss 4.6epss 0.01

    An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver.

  • CVE-2019-15098MedAug 16, 2019
    risk 0.30cvss 4.6epss 0.01

    drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor.

  • CVE-2018-19985MedMar 21, 2019
    risk 0.30cvss 4.6epss 0.01

    The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitrary read in the kernel…

  • CVE-2017-8924MedMay 12, 2017
    risk 0.30cvss 4.6epss 0.00

    The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel before 4.10.4 allows local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB…

  • CVE-2016-5011MedApr 11, 2017
    risk 0.30cvss 4.6epss 0.00

    The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.

  • CVE-2016-3951MedMay 2, 2016
    risk 0.30cvss 4.6epss 0.01

    Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor.

  • CVE-2016-3689MedMay 2, 2016
    risk 0.30cvss 4.6epss 0.01

    The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface.

  • CVE-2016-3138MedMay 2, 2016
    risk 0.30cvss 4.6epss 0.01

    The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor.

  • CVE-2016-3137MedMay 2, 2016
    risk 0.30cvss 4.6epss 0.01

    drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the…

  • CVE-2026-53358modJul 2, 2026
    risk 0.29cvss 5.5epss 0.00

    kernel: Bluetooth: L2CAP: use chan timer to close channels in cleanup_listen()

  • CVE-2026-53347lowJul 1, 2026
    risk 0.29cvss 5.5epss 0.00

    kernel: drm/virtio: Fix driver removal with disabled KMS

  • CVE-2026-53339lowJul 1, 2026
    risk 0.29cvss 5.5epss 0.00

    kernel: i2c: qcom-cci: Fix NULL pointer dereference in cci_remove()

  • CVE-2026-53348lowJul 1, 2026
    risk 0.29cvss 5.5epss 0.00

    kernel: ASoC: SDCA: fix NULL pointer dereference in sdca_dev_unregister_functions

  • CVE-2026-53340lowJul 1, 2026
    risk 0.29cvss 5.5epss 0.00

    kernel: i2c: imx: fix clock and pinctrl state inconsistency in runtime PM

  • CVE-2026-53326lowJul 1, 2026
    risk 0.29cvss 5.5epss 0.00

    kernel: debugobjects: Don't call fill_pool() in early boot hardirq context

  • CVE-2026-53352lowJul 1, 2026
    risk 0.29cvss 5.5epss 0.00

    kernel: signal: clear JOBCTL_PENDING_MASK for caller in zap_other_threads()

  • CVE-2026-53353lowJul 1, 2026
    risk 0.29cvss 5.5epss 0.00

    kernel: hsr: Remove WARN_ONCE() in hsr_addr_is_self()

  • CVE-2026-53349modJul 1, 2026
    risk 0.29cvss 5.5epss 0.00

    kernel: netfilter: nf_conntrack: destroy stale expectfn expectations on unregister

  • CVE-2026-53333lowJul 1, 2026
    risk 0.29cvss 5.5epss 0.00

    kernel: mm/mincore: handle non-swap entries before !CONFIG_SWAP guard

  • CVE-2026-53327lowJul 1, 2026
    risk 0.29cvss 5.5epss 0.00

    kernel: debugobjects: Do not fill_pool() if pi_blocked_on

  • CVE-2026-53350lowJul 1, 2026
    risk 0.29cvss 5.5epss 0.00

    kernel: ASoC: wm_adsp: Fix NULL dereference when removing firmware controls

  • CVE-2026-53337lowJul 1, 2026
    risk 0.29cvss 5.5epss 0.00

    kernel: net: bonding: fix NULL pointer dereference in bond_do_ioctl()

  • CVE-2026-53187modJun 25, 2026
    risk 0.29cvss 5.5epss 0.00

    kernel: RDMA/core: Validate cpu_id against nr_cpu_ids in DMAH alloc

  • CVE-2026-53257modJun 25, 2026
    risk 0.29cvss 5.5epss 0.00

    kernel: wifi: cfg80211: enforce HE/EHT cap/oper consistency

  • CVE-2026-52925modJun 24, 2026
    risk 0.29cvss 5.5epss 0.00

    kernel: vrf: Fix a potential NPD when removing a port from a VRF

  • CVE-2026-53100lowJun 24, 2026
    risk 0.29cvss 5.5epss 0.00

    kernel: wifi: mt76: fix deadlock in remain-on-channel

  • CVE-2026-53127lowJun 24, 2026
    risk 0.29cvss 5.5epss 0.00

    kernel: block: fix zones_cond memory leak on zone revalidation error paths

  • CVE-2026-52930modJun 24, 2026
    risk 0.29cvss 5.5epss 0.00

    kernel: ipc/shm: serialize orphan cleanup with shm_nattch updates

  • CVE-2026-46269MedJun 3, 2026
    risk 0.29cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: pinctrl: canaan: k230: Fix NULL pointer dereference when parsing devicetree When probing the k230 pinctrl driver, the kernel triggers a NULL pointer dereference. The crash trace showed: [ 0.732084] Unable…

  • CVE-2026-46268MedJun 3, 2026
    risk 0.29cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: PCI/P2PDMA: Fix p2pmem_alloc_mmap() warning condition Commit b7e282378773 has already changed the initial page refcount of p2pdma page from one to zero, however, in p2pmem_alloc_mmap() it uses…

  • CVE-2026-46262MedJun 3, 2026
    risk 0.29cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: ASoC: fsl_xcvr: Revert fix missing lock in fsl_xcvr_mode_put() This reverts commit f51424872760 ("ASoC: fsl_xcvr: fix missing lock in fsl_xcvr_mode_put()"). The original patch attempted to acquire the…

  • CVE-2026-46261MedJun 3, 2026
    risk 0.29cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: spi: wpcm-fiu: Fix potential NULL pointer dereference in wpcm_fiu_probe() platform_get_resource_byname() can return NULL, which would cause a crash when passed the pointer to resource_size(). Move the…

  • CVE-2026-46258MedJun 3, 2026
    risk 0.29cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: gpio: cdev: Avoid NULL dereference in linehandle_create() In linehandle_create(), there is a statement like this: retain_and_null_ptr(lh); Soon after, there is a debug printout that dereferences "lh", which…

  • CVE-2026-46257MedJun 3, 2026
    risk 0.29cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: clocksource/drivers/timer-sp804: Fix an Oops when read_current_timer is called on ARM32 platforms where the SP804 is not registered as the sched_clock. On SP804, the delay timer shares the same clkevt instance…

  • CVE-2026-46256MedJun 3, 2026
    risk 0.29cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: NFS/localio: prevent direct reclaim recursion into NFS via nfs_writepages LOCALIO is an NFS loopback mount optimization that avoids using the network for READ, WRITE and COMMIT if the NFS client and server are…

  • CVE-2026-46255MedJun 3, 2026
    risk 0.29cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-edma: don't explicitly disable clocks in .remove() The clocks in fsl_edma_engine::muxclk are allocated and enabled with devm_clk_get_enabled(), which automatically cleans these resources up, but…

  • CVE-2026-46254MedJun 3, 2026
    risk 0.29cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: AppArmor: Allow apparmor to handle unaligned dfa tables The dfa tables can originate from kernel or userspace and 8-byte alignment isn't always guaranteed and as such may trigger unaligned memory accesses on…

  • CVE-2026-46252MedJun 3, 2026
    risk 0.29cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix locking in regulator_resolve_supply() error path If late enabling of a supply regulator fails in regulator_resolve_supply(), the code currently triggers a lockdep warning: WARNING:…

  • CVE-2026-46249MedJun 3, 2026
    risk 0.29cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Fix PF driver crash with kexec kernel booting During a kexec reboot the hardware is not power-cycled, so AF state from the old kernel can persist into the new kernel. When AF and PF drivers are…

Page 209 of 320