Vendor CVEs
Linux
All CVEs
15,975 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-31611 | Hig | 0.49 | 8.6 | 0.00 | Apr 24, 2026 | In the Linux kernel, the following vulnerability has been resolved: ksmbd: require 3 sub-authorities before reading sub_auth[2] parse_dacl() compares each ACE SID against sid_unix_NFS_mode and on match reads sid.sub_auth[2] as the file mode. If sid_unix_NFS_mode is the prefix… | ||
| CVE-2026-23457 | Hig | 0.49 | 8.6 | 0.00 | Apr 3, 2026 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_sip: fix Content-Length u32 truncation in sip_help_tcp() sip_help_tcp() parses the SIP Content-Length header with simple_strtoul(), which returns unsigned long, but stores the result in… | ||
| CVE-2026-23148 | Hig | 0.49 | 7.5 | 0.00 | Feb 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: nvmet: fix race in nvmet_bio_done() leading to NULL pointer dereference There is a race condition in nvmet_bio_done() that can cause a NULL pointer dereference in blk_cgroup_bio_start(): 1. nvmet_bio_done()… | ||
| CVE-2026-23139 | Hig | 0.49 | 7.5 | 0.00 | Feb 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conncount: update last_gc only when GC has been performed Currently last_gc is being updated everytime a new connection is tracked, that means that it is updated even if a GC wasn't performed.… | ||
| CVE-2026-23136 | Hig | 0.49 | 7.5 | 0.00 | Feb 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: libceph: reset sparse-read state in osd_fault() When a fault occurs, the connection is abandoned, reestablished, and any pending operations are retried. The OSD client tracks the progress of a sparse-read… | ||
| CVE-2026-23095 | Hig | 0.49 | 7.5 | 0.00 | Feb 4, 2026 | In the Linux kernel, the following vulnerability has been resolved: gue: Fix skb memleak with inner IP protocol 0. syzbot reported skb memleak below. [0] The repro generated a GUE packet with its inner protocol 0. gue_udp_recv() returns -guehdr->proto_ctype for "resubmit" in… | ||
| CVE-2026-23003 | Hig | 0.49 | 7.5 | 0.00 | Jan 25, 2026 | In the Linux kernel, the following vulnerability has been resolved: ip6_tunnel: use skb_vlan_inet_prepare() in __ip6_tnl_rcv() Blamed commit did not take care of VLAN encapsulations as spotted by syzbot [1]. Use skb_vlan_inet_prepare() instead of pskb_inet_may_pull(). [1] … | ||
| CVE-2026-22998 | Hig | 0.49 | 7.5 | 0.01 | Jan 25, 2026 | In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec Commit efa56305908b ("nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length") added ttag bounds checking and data_offset… | ||
| CVE-2026-22997 | Hig | 0.49 | 7.5 | 0.00 | Jan 25, 2026 | In the Linux kernel, the following vulnerability has been resolved: net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts Since j1939_session_deactivate_activate_next() in j1939_tp_rxtimer() is called only when the timer is… | ||
| CVE-2026-22992 | Hig | 0.49 | 7.5 | 0.00 | Jan 23, 2026 | In the Linux kernel, the following vulnerability has been resolved: libceph: return the handler error from mon_handle_auth_done() Currently any error from ceph_auth_handle_reply_done() is propagated via finish_auth() but isn't returned from mon_handle_auth_done(). This… | ||
| CVE-2026-22991 | Hig | 0.49 | 7.5 | 0.00 | Jan 23, 2026 | In the Linux kernel, the following vulnerability has been resolved: libceph: make free_choose_arg_map() resilient to partial allocation free_choose_arg_map() may dereference a NULL pointer if its caller fails after a partial allocation. For example, in decode_choose_args(),… | ||
| CVE-2026-22990 | Hig | 0.49 | 7.5 | 0.00 | Jan 23, 2026 | In the Linux kernel, the following vulnerability has been resolved: libceph: replace overzealous BUG_ON in osdmap_apply_incremental() If the osdmap is (maliciously) corrupted such that the incremental osdmap epoch is different from what is expected, there is no need to BUG. … | ||
| CVE-2025-71066 | Hig | 0.49 | 7.5 | 0.00 | Jan 13, 2026 | In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change zdi-disclosures@trendmicro.com says: The vulnerability is a race condition between `ets_qdisc_dequeue` and… | ||
| CVE-2025-38566 | Hig | 0.49 | 7.5 | 0.01 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix handling of server side tls alerts Scott Mayhew discovered a security exploit in NFS over TLS in tls_alert_recv() due to its assumption it can read data from the msg iterator's kvec.. kTLS… | ||
| CVE-2024-24423 | Hig | 0.49 | 7.5 | 0.01 | Jan 21, 2025 | The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a buffer overflow in the decode_esm_message_container function at /nas/ies/EsmMessageContainer.cpp. This vulnerability allows attackers to cause a Denial… | ||
| CVE-2024-24422 | Hig | 0.49 | 7.5 | 0.01 | Jan 21, 2025 | The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a stack overflow in the decode_protocol_configuration_options function at /3gpp/3gpp_24.008_sm_ies.c. This vulnerability allows attackers to cause a… | ||
| CVE-2024-24419 | Hig | 0.49 | 7.5 | 0.01 | Jan 21, 2025 | The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a buffer overflow in the decode_traffic_flow_template_packet_filter function at /3gpp/3gpp_24.008_sm_ies.c. This vulnerability allows attackers to cause… | ||
| CVE-2024-24418 | Hig | 0.49 | 7.5 | 0.01 | Jan 21, 2025 | The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a buffer overflow in the decode_pdn_address function at /nas/ies/PdnAddress.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS)… | ||
| CVE-2024-24417 | Hig | 0.49 | 7.5 | 0.01 | Jan 21, 2025 | The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a buffer overflow in the decode_protocol_configuration_options function at /3gpp/3gpp_24.008_sm_ies.c. This vulnerability allows attackers to cause a… | ||
| CVE-2024-24416 | Hig | 0.49 | 7.5 | 0.01 | Jan 21, 2025 | The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a buffer overflow in the decode_access_point_name_ie function at /3gpp/3gpp_24.008_sm_ies.c. This vulnerability allows attackers to cause a Denial of… | ||
| CVE-2024-57791 | Hig | 0.49 | 7.5 | 0.01 | Jan 11, 2025 | In the Linux kernel, the following vulnerability has been resolved: net/smc: check return value of sock_recvmsg when draining clc data When receiving clc msg, the field length in smc_clc_msg_hdr indicates the length of msg should be received from network and the value should… | ||
| CVE-2023-39179 | Hig | 0.49 | 7.5 | 0.01 | Nov 18, 2024 | A flaw was found within the handling of SMB2 read requests in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive… | ||
| CVE-2024-50083 | Hig | 0.49 | 7.5 | 0.01 | Oct 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: tcp: fix mptcp DSS corruption due to large pmtu xmit Syzkaller was able to trigger a DSS corruption: TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. ------------[… | ||
| CVE-2024-49997 | Hig | 0.49 | 7.5 | 0.01 | Oct 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: ethernet: lantiq_etop: fix memory disclosure When applying padding, the buffer is not zeroed, which results in memory disclosure. The mentioned data is observed on the wire. This patch uses… | ||
| CVE-2024-42225 | Hig | 0.49 | 7.5 | 0.00 | Jul 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: replace skb_put with skb_put_zero Avoid potentially reusing uninitialized data | ||
| CVE-2023-52883 | Hig | 0.49 | 7.5 | 0.01 | Jun 20, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix possible null pointer dereference abo->tbo.resource may be NULL in amdgpu_vm_bo_update. | ||
| CVE-2022-48748 | Hig | 0.49 | 7.5 | 0.01 | Jun 20, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: bridge: vlan: fix memory leak in __allowed_ingress When using per-vlan state, if vlan snooping and stats are disabled, untagged or priority-tagged ingress frame will go to check pvid state. If the port… | ||
| CVE-2022-48747 | Hig | 0.49 | 7.5 | 0.01 | Jun 20, 2024 | In the Linux kernel, the following vulnerability has been resolved: block: Fix wrong offset in bio_truncate() bio_truncate() clears the buffer outside of last block of bdev, however current bio_truncate() is using the wrong offset of page. So it can return the uninitialized… | ||
| CVE-2024-38573 | Hig | 0.49 | 7.5 | 0.01 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: cppc_cpufreq: Fix possible null pointer dereference cppc_cpufreq_get_rate() and hisi_cppc_cpufreq_get_rate() can be called from different places with various parameters. So cpufreq_cpu_get() can return null as… | ||
| CVE-2024-36972 | Hig | 0.49 | 7.5 | 0.01 | Jun 10, 2024 | In the Linux kernel, the following vulnerability has been resolved: af_unix: Update unix_sk(sk)->oob_skb under sk_receive_queue lock. Billy Jheng Bing-Jhong reported a race between __unix_gc() and queue_oob(). __unix_gc() tries to garbage-collect close()d inflight sockets,… | ||
| CVE-2021-47486 | Hig | 0.49 | 7.5 | 0.01 | May 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: riscv, bpf: Fix potential NULL dereference The bpf_jit_binary_free() function requires a non-NULL argument. When the RISC-V BPF JIT fails to converge in NR_JIT_ITERATIONS steps, jit_data->header will be NULL,… | ||
| CVE-2021-47295 | Hig | 0.49 | 7.5 | 0.01 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: sched: fix memory leak in tcindex_partial_destroy_work Syzbot reported memory leak in tcindex_set_parms(). The problem was in non-freed perfect hash in tcindex_partial_destroy_work(). In… | ||
| CVE-2021-47259 | Hig | 0.49 | 7.5 | 0.01 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: NFS: Fix use-after-free in nfs4_init_client() KASAN reports a use-after-free when attempting to mount two different exports through two different NICs that belong to the same server. Olga was able to hit this… | ||
| CVE-2021-47241 | Hig | 0.49 | 7.5 | 0.01 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: ethtool: strset: fix message length calculation Outer nest for ETHTOOL_A_STRSET_STRINGSETS is not accounted for. This may result in ETHTOOL_MSG_STRSET_GET producing a warning like: calculated message… | ||
| CVE-2023-52696 | Hig | 0.49 | 7.5 | 0.01 | May 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv: Add a null pointer check in opal_powercap_init() kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. | ||
| CVE-2024-27405 | Hig | 0.49 | 7.5 | 0.01 | May 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs It is observed sometimes when tethering is used over NCM with Windows 11 as host, at some instances, the gadget_giveback has one byte appended… | ||
| CVE-2024-26854 | Hig | 0.49 | 7.5 | 0.01 | Apr 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: ice: fix uninitialized dplls mutex usage The pf->dplls.lock mutex is initialized too late, after its first use. Move it to the top of ice_dpll_init. Note that the "err_exit" error path destroys the mutex. And… | ||
| CVE-2024-26620 | Hig | 0.49 | 7.5 | 0.01 | Mar 11, 2024 | In the Linux kernel, the following vulnerability has been resolved: s390/vfio-ap: always filter entire AP matrix The vfio_ap_mdev_filter_matrix function is called whenever a new adapter or domain is assigned to the mdev. The purpose of the function is to update the guest's AP… | ||
| CVE-2023-46838 | Hig | 0.49 | 7.5 | 0.01 | Jan 29, 2024 | Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any of them may be of zero length, i.e. carry no data at all. Besides a certain initial portion of the to be transferred data, these parts… | ||
| CVE-2023-39198 | Hig | 0.49 | 7.5 | 0.00 | Nov 9, 2023 | A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the… | ||
| CVE-2023-32252 | Hig | 0.49 | 7.5 | 0.04 | Jul 24, 2023 | A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_LOGOFF commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this… | ||
| CVE-2023-32248 | Hig | 0.49 | 7.5 | 0.04 | Jul 24, 2023 | A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_TREE_CONNECT and SMB2_QUERY_INFO commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An… | ||
| CVE-2023-32247 | Hig | 0.49 | 7.5 | 0.04 | Jul 24, 2023 | A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_SESSION_SETUP commands. The issue results from the lack of control of resource consumption. An attacker can leverage this vulnerability to… | ||
| CVE-2023-3312 | Hig | 0.49 | 7.5 | 0.01 | Jun 19, 2023 | A vulnerability was found in drivers/cpufreq/qcom-cpufreq-hw.c in cpufreq subsystem in the Linux Kernel. This flaw, during device unbind will lead to double release problem leading to denial of service. | ||
| CVE-2023-2156 | Hig | 0.49 | 7.5 | 0.06 | May 9, 2023 | A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion failure. This may allow an unauthenticated remote attacker to… | ||
| CVE-2022-0400 | Hig | 0.49 | 7.5 | 0.01 | Aug 29, 2022 | An out-of-bounds read vulnerability was discovered in linux kernel in the smc protocol stack, causing remote dos. | ||
| CVE-2021-38202 | Hig | 0.49 | 7.5 | 0.03 | Aug 8, 2021 | fs/nfsd/trace.h in the Linux kernel before 5.13.4 might allow remote attackers to cause a denial of service (out-of-bounds read in strlen) by sending NFS traffic when the trace event framework is being used for nfsd. | ||
| CVE-2020-25672 | Hig | 0.49 | 7.5 | 0.03 | May 25, 2021 | A memory leak vulnerability was found in Linux kernel in llcp_sock_connect | ||
| CVE-2002-2438 | Hig | 0.49 | 7.5 | 0.04 | May 18, 2021 | TCP firewalls could be circumvented by sending a SYN Packets with other flags (like e.g. RST flag) set, which was not correctly discarded by the Linux TCP stack after firewalling. | ||
| CVE-2020-25705 | Hig | 0.49 | 7.4 | 0.07 | Nov 17, 2020 | A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as… |
- risk 0.49cvss 8.6epss 0.00
In the Linux kernel, the following vulnerability has been resolved: ksmbd: require 3 sub-authorities before reading sub_auth[2] parse_dacl() compares each ACE SID against sid_unix_NFS_mode and on match reads sid.sub_auth[2] as the file mode. If sid_unix_NFS_mode is the prefix…
- risk 0.49cvss 8.6epss 0.00
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_sip: fix Content-Length u32 truncation in sip_help_tcp() sip_help_tcp() parses the SIP Content-Length header with simple_strtoul(), which returns unsigned long, but stores the result in…
- risk 0.49cvss 7.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: nvmet: fix race in nvmet_bio_done() leading to NULL pointer dereference There is a race condition in nvmet_bio_done() that can cause a NULL pointer dereference in blk_cgroup_bio_start(): 1. nvmet_bio_done()…
- risk 0.49cvss 7.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conncount: update last_gc only when GC has been performed Currently last_gc is being updated everytime a new connection is tracked, that means that it is updated even if a GC wasn't performed.…
- risk 0.49cvss 7.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: libceph: reset sparse-read state in osd_fault() When a fault occurs, the connection is abandoned, reestablished, and any pending operations are retried. The OSD client tracks the progress of a sparse-read…
- risk 0.49cvss 7.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: gue: Fix skb memleak with inner IP protocol 0. syzbot reported skb memleak below. [0] The repro generated a GUE packet with its inner protocol 0. gue_udp_recv() returns -guehdr->proto_ctype for "resubmit" in…
- risk 0.49cvss 7.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: ip6_tunnel: use skb_vlan_inet_prepare() in __ip6_tnl_rcv() Blamed commit did not take care of VLAN encapsulations as spotted by syzbot [1]. Use skb_vlan_inet_prepare() instead of pskb_inet_may_pull(). [1] …
- risk 0.49cvss 7.5epss 0.01
In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec Commit efa56305908b ("nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length") added ttag bounds checking and data_offset…
- risk 0.49cvss 7.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts Since j1939_session_deactivate_activate_next() in j1939_tp_rxtimer() is called only when the timer is…
- risk 0.49cvss 7.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: libceph: return the handler error from mon_handle_auth_done() Currently any error from ceph_auth_handle_reply_done() is propagated via finish_auth() but isn't returned from mon_handle_auth_done(). This…
- risk 0.49cvss 7.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: libceph: make free_choose_arg_map() resilient to partial allocation free_choose_arg_map() may dereference a NULL pointer if its caller fails after a partial allocation. For example, in decode_choose_args(),…
- risk 0.49cvss 7.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: libceph: replace overzealous BUG_ON in osdmap_apply_incremental() If the osdmap is (maliciously) corrupted such that the incremental osdmap epoch is different from what is expected, there is no need to BUG. …
- risk 0.49cvss 7.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change zdi-disclosures@trendmicro.com says: The vulnerability is a race condition between `ets_qdisc_dequeue` and…
- risk 0.49cvss 7.5epss 0.01
In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix handling of server side tls alerts Scott Mayhew discovered a security exploit in NFS over TLS in tls_alert_recv() due to its assumption it can read data from the msg iterator's kvec.. kTLS…
- risk 0.49cvss 7.5epss 0.01
The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a buffer overflow in the decode_esm_message_container function at /nas/ies/EsmMessageContainer.cpp. This vulnerability allows attackers to cause a Denial…
- risk 0.49cvss 7.5epss 0.01
The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a stack overflow in the decode_protocol_configuration_options function at /3gpp/3gpp_24.008_sm_ies.c. This vulnerability allows attackers to cause a…
- risk 0.49cvss 7.5epss 0.01
The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a buffer overflow in the decode_traffic_flow_template_packet_filter function at /3gpp/3gpp_24.008_sm_ies.c. This vulnerability allows attackers to cause…
- risk 0.49cvss 7.5epss 0.01
The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a buffer overflow in the decode_pdn_address function at /nas/ies/PdnAddress.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS)…
- risk 0.49cvss 7.5epss 0.01
The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a buffer overflow in the decode_protocol_configuration_options function at /3gpp/3gpp_24.008_sm_ies.c. This vulnerability allows attackers to cause a…
- risk 0.49cvss 7.5epss 0.01
The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a buffer overflow in the decode_access_point_name_ie function at /3gpp/3gpp_24.008_sm_ies.c. This vulnerability allows attackers to cause a Denial of…
- risk 0.49cvss 7.5epss 0.01
In the Linux kernel, the following vulnerability has been resolved: net/smc: check return value of sock_recvmsg when draining clc data When receiving clc msg, the field length in smc_clc_msg_hdr indicates the length of msg should be received from network and the value should…
- risk 0.49cvss 7.5epss 0.01
A flaw was found within the handling of SMB2 read requests in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive…
- risk 0.49cvss 7.5epss 0.01
In the Linux kernel, the following vulnerability has been resolved: tcp: fix mptcp DSS corruption due to large pmtu xmit Syzkaller was able to trigger a DSS corruption: TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. ------------[…
- risk 0.49cvss 7.5epss 0.01
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: lantiq_etop: fix memory disclosure When applying padding, the buffer is not zeroed, which results in memory disclosure. The mentioned data is observed on the wire. This patch uses…
- risk 0.49cvss 7.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: replace skb_put with skb_put_zero Avoid potentially reusing uninitialized data
- risk 0.49cvss 7.5epss 0.01
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix possible null pointer dereference abo->tbo.resource may be NULL in amdgpu_vm_bo_update.
- risk 0.49cvss 7.5epss 0.01
In the Linux kernel, the following vulnerability has been resolved: net: bridge: vlan: fix memory leak in __allowed_ingress When using per-vlan state, if vlan snooping and stats are disabled, untagged or priority-tagged ingress frame will go to check pvid state. If the port…
- risk 0.49cvss 7.5epss 0.01
In the Linux kernel, the following vulnerability has been resolved: block: Fix wrong offset in bio_truncate() bio_truncate() clears the buffer outside of last block of bdev, however current bio_truncate() is using the wrong offset of page. So it can return the uninitialized…
- risk 0.49cvss 7.5epss 0.01
In the Linux kernel, the following vulnerability has been resolved: cppc_cpufreq: Fix possible null pointer dereference cppc_cpufreq_get_rate() and hisi_cppc_cpufreq_get_rate() can be called from different places with various parameters. So cpufreq_cpu_get() can return null as…
- risk 0.49cvss 7.5epss 0.01
In the Linux kernel, the following vulnerability has been resolved: af_unix: Update unix_sk(sk)->oob_skb under sk_receive_queue lock. Billy Jheng Bing-Jhong reported a race between __unix_gc() and queue_oob(). __unix_gc() tries to garbage-collect close()d inflight sockets,…
- risk 0.49cvss 7.5epss 0.01
In the Linux kernel, the following vulnerability has been resolved: riscv, bpf: Fix potential NULL dereference The bpf_jit_binary_free() function requires a non-NULL argument. When the RISC-V BPF JIT fails to converge in NR_JIT_ITERATIONS steps, jit_data->header will be NULL,…
- risk 0.49cvss 7.5epss 0.01
In the Linux kernel, the following vulnerability has been resolved: net: sched: fix memory leak in tcindex_partial_destroy_work Syzbot reported memory leak in tcindex_set_parms(). The problem was in non-freed perfect hash in tcindex_partial_destroy_work(). In…
- risk 0.49cvss 7.5epss 0.01
In the Linux kernel, the following vulnerability has been resolved: NFS: Fix use-after-free in nfs4_init_client() KASAN reports a use-after-free when attempting to mount two different exports through two different NICs that belong to the same server. Olga was able to hit this…
- risk 0.49cvss 7.5epss 0.01
In the Linux kernel, the following vulnerability has been resolved: ethtool: strset: fix message length calculation Outer nest for ETHTOOL_A_STRSET_STRINGSETS is not accounted for. This may result in ETHTOOL_MSG_STRSET_GET producing a warning like: calculated message…
- risk 0.49cvss 7.5epss 0.01
In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv: Add a null pointer check in opal_powercap_init() kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure.
- risk 0.49cvss 7.5epss 0.01
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs It is observed sometimes when tethering is used over NCM with Windows 11 as host, at some instances, the gadget_giveback has one byte appended…
- risk 0.49cvss 7.5epss 0.01
In the Linux kernel, the following vulnerability has been resolved: ice: fix uninitialized dplls mutex usage The pf->dplls.lock mutex is initialized too late, after its first use. Move it to the top of ice_dpll_init. Note that the "err_exit" error path destroys the mutex. And…
- risk 0.49cvss 7.5epss 0.01
In the Linux kernel, the following vulnerability has been resolved: s390/vfio-ap: always filter entire AP matrix The vfio_ap_mdev_filter_matrix function is called whenever a new adapter or domain is assigned to the mdev. The purpose of the function is to update the guest's AP…
- risk 0.49cvss 7.5epss 0.01
Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any of them may be of zero length, i.e. carry no data at all. Besides a certain initial portion of the to be transferred data, these parts…
- risk 0.49cvss 7.5epss 0.00
A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the…
- risk 0.49cvss 7.5epss 0.04
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_LOGOFF commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this…
- risk 0.49cvss 7.5epss 0.04
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_TREE_CONNECT and SMB2_QUERY_INFO commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An…
- risk 0.49cvss 7.5epss 0.04
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_SESSION_SETUP commands. The issue results from the lack of control of resource consumption. An attacker can leverage this vulnerability to…
- risk 0.49cvss 7.5epss 0.01
A vulnerability was found in drivers/cpufreq/qcom-cpufreq-hw.c in cpufreq subsystem in the Linux Kernel. This flaw, during device unbind will lead to double release problem leading to denial of service.
- risk 0.49cvss 7.5epss 0.06
A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion failure. This may allow an unauthenticated remote attacker to…
- risk 0.49cvss 7.5epss 0.01
An out-of-bounds read vulnerability was discovered in linux kernel in the smc protocol stack, causing remote dos.
- risk 0.49cvss 7.5epss 0.03
fs/nfsd/trace.h in the Linux kernel before 5.13.4 might allow remote attackers to cause a denial of service (out-of-bounds read in strlen) by sending NFS traffic when the trace event framework is being used for nfsd.
- risk 0.49cvss 7.5epss 0.03
A memory leak vulnerability was found in Linux kernel in llcp_sock_connect
- risk 0.49cvss 7.5epss 0.04
TCP firewalls could be circumvented by sending a SYN Packets with other flags (like e.g. RST flag) set, which was not correctly discarded by the Linux TCP stack after firewalling.
- risk 0.49cvss 7.4epss 0.07
A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as…
Page 44 of 320