Vendor CVEs
Linux
All CVEs
15,976 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-42224 | Med | 0.40 | 6.1 | 0.00 | Jul 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: Correct check for empty list Since commit a3c53be55c95 ("net: dsa: mv88e6xxx: Support multiple MDIO busses") mv88e6xxx_default_mdio_bus() has checked that the return value of… | ||
| CVE-2022-48762 | Med | 0.40 | 6.2 | 0.00 | Jun 20, 2024 | In the Linux kernel, the following vulnerability has been resolved: arm64: extable: fix load_unaligned_zeropad() reg indices In ex_handler_load_unaligned_zeropad() we erroneously extract the data and addr register indices from ex->type rather than ex->data. As ex->type will… | ||
| CVE-2024-36910 | Med | 0.40 | 6.2 | 0.00 | May 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: uio_hv_generic: Don't free decrypted memory In CoCo VMs it is possible for the untrusted host to cause set_memory_encrypted() or set_memory_decrypted() to fail such that an error is returned and the resulting… | ||
| CVE-2024-36888 | Med | 0.40 | 6.2 | 0.00 | May 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: workqueue: Fix selection of wake_cpu in kick_pool() With cpu_possible_mask=0-63 and cpu_online_mask=0-7 the following kernel oops was observed: smp: Bringing up secondary CPUs ... smp: Brought up 1 node, 8… | ||
| CVE-2021-47535 | Med | 0.40 | 6.2 | 0.00 | May 24, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/msm/a6xx: Allocate enough space for GMU registers In commit 142639a52a01 ("drm/msm/a6xx: fix crashstate capture for A650") we changed a6xx_get_gmu_registers() to read 3 sets of registers. Unfortunately, we… | ||
| CVE-2021-47503 | Med | 0.40 | 6.2 | 0.00 | May 24, 2024 | In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Do not call scsi_remove_host() in pm8001_alloc() Calling scsi_remove_host() before scsi_add_host() results in a crash: BUG: kernel NULL pointer dereference, address: 0000000000000108 RIP:… | ||
| CVE-2023-52861 | Med | 0.40 | 6.2 | 0.00 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm: bridge: it66121: Fix invalid connector dereference Fix the NULL pointer dereference when no monitor is connected, and the sound card is opened from userspace. Instead return an empty buffer (of zeroes)… | ||
| CVE-2023-52858 | Med | 0.40 | 6.2 | 0.00 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data Add the check for the return value of mtk_alloc_clk_data() in order to avoid NULL pointer dereference. | ||
| CVE-2023-52844 | Med | 0.40 | 6.2 | 0.00 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: media: vidtv: psi: Add check for kstrdup Add check for the return value of kstrdup() and return the error if it fails in order to avoid NULL pointer dereference. | ||
| CVE-2023-52838 | Med | 0.40 | 6.2 | 0.00 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: fbdev: imsttfb: fix a resource leak in probe I've re-written the error handling but the bug is that if init_imstt() fails we need to call iounmap(par->cmap_regs). | ||
| CVE-2023-52829 | Med | 0.40 | 6.2 | 0.00 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix possible out-of-bound write in ath12k_wmi_ext_hal_reg_caps() reg_cap.phy_id is extracted from WMI event and could be an unexpected value in case some errors happen. As a result out-of-bound… | ||
| CVE-2023-52765 | Med | 0.40 | 6.2 | 0.00 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: mfd: qcom-spmi-pmic: Fix revid implementation The Qualcomm SPMI PMIC revid implementation is broken in multiple ways. First, it assumes that just because the sibling base device has been registered that means… | ||
| CVE-2021-47375 | Med | 0.40 | 6.2 | 0.00 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: blktrace: Fix uaf in blk_trace access after removing by sysfs There is an use-after-free problem triggered by following process: P1(sda) P2(sdb) echo 0 > /sys/block/sdb/trace/enable … | ||
| CVE-2021-47329 | Med | 0.40 | 6.2 | 0.00 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: scsi: megaraid_sas: Fix resource leak in case of probe failure The driver doesn't clean up all the allocated resources properly when scsi_add_host(), megasas_start_aen() function fails during the PCI device… | ||
| CVE-2021-47244 | Med | 0.40 | 6.2 | 0.00 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: mptcp: Fix out of bounds when parsing TCP options The TCP option parser in mptcp (mptcp_get_options) could read one byte out of bounds. When the length is 1, the execution flow gets into the loop, reads one… | ||
| CVE-2021-47228 | Med | 0.40 | 6.2 | 0.00 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: x86/ioremap: Map EFI-reserved memory as encrypted for SEV Some drivers require memory that is marked as EFI boot services data. In order for this memory to not be re-used by the kernel after… | ||
| CVE-2021-47224 | Med | 0.40 | 6.2 | 0.00 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: ll_temac: Make sure to free skb when it is completely used With the skb pointer piggy-backed on the TX BD, we have a simple and efficient way to free the skb buffer when the frame has been transmitted.… | ||
| CVE-2024-35899 | Med | 0.40 | 6.1 | 0.00 | May 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: flush pending destroy work before exit_net release Similar to 2c9f0293280e ("netfilter: nf_tables: flush pending destroy work before netlink notifier") to address a race between exit_net… | ||
| CVE-2022-48646 | Med | 0.40 | 6.2 | 0.00 | Apr 28, 2024 | In the Linux kernel, the following vulnerability has been resolved: sfc/siena: fix null pointer dereference in efx_hard_start_xmit Like in previous patch for sfc, prevent potential (but unlikely) NULL pointer dereference. | ||
| CVE-2022-48635 | Med | 0.40 | 6.2 | 0.00 | Apr 28, 2024 | In the Linux kernel, the following vulnerability has been resolved: fsdax: Fix infinite loop in dax_iomap_rw() I got an infinite loop and a WARNING report when executing a tail command in virtiofs. WARNING: CPU: 10 PID: 964 at fs/iomap/iter.c:34 iomap_iter+0x3a2/0x3d0 … | ||
| CVE-2024-26799 | Med | 0.40 | 6.2 | 0.00 | Apr 4, 2024 | In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: Fix uninitialized pointer dmactl In the case where __lpass_get_dmactl_handle is called and the driver id dai_id is invalid the pointer dmactl is not being assigned a value, and dmactl contains a… | ||
| CVE-2021-47147 | Med | 0.40 | 6.2 | 0.00 | Mar 25, 2024 | In the Linux kernel, the following vulnerability has been resolved: ptp: ocp: Fix a resource leak in an error handling path If an error occurs after a successful 'pci_ioremap_bar()' call, it must be undone by a corresponding 'pci_iounmap()' call, as already done in the remove… | ||
| CVE-2023-52497 | Med | 0.40 | 6.1 | 0.00 | Mar 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: erofs: fix lz4 inplace decompression Currently EROFS can map another compressed buffer for inplace decompression, that was used to handle the cases that some pages of compressed data are actually not in-place… | ||
| CVE-2023-39193 | Med | 0.40 | 6.1 | 0.00 | Oct 9, 2023 | A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the flag_count field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. | ||
| CVE-2020-8647 | Med | 0.40 | 6.1 | 0.00 | Feb 6, 2020 | There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c. | ||
| CVE-2019-3016 | Med | 0.40 | 6.2 | 0.01 | Jan 31, 2020 | In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This problem is limit to the host running linux kernel 4.10 with a guest running linux kernel 4.16 or later. The problem… | ||
| CVE-2019-19332 | Med | 0.40 | 6.1 | 0.01 | Jan 9, 2020 | An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access… | ||
| CVE-2019-3837 | Med | 0.40 | 6.1 | 0.00 | Apr 11, 2019 | It was found that the net_dma code in tcp_recvmsg() in the 2.6.32 kernel as shipped in RHEL6 is thread-unsafe. So an unprivileged multi-threaded userspace application calling recvmsg() for the same network socket in parallel executed on ioatdma-enabled hardware with net_dma… | ||
| CVE-2017-1000078 | Med | 0.40 | 6.1 | 0.01 | Jul 17, 2017 | Linux foundation ONOS 1.9 is vulnerable to XSS in the device. registration | ||
| CVE-2016-8658 | Med | 0.40 | 6.1 | 0.01 | Oct 16, 2016 | Stack-based buffer overflow in the brcmf_cfg80211_start_ap function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.7.5 allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a long… | ||
| CVE-2016-7042 | Med | 0.40 | 6.2 | 0.00 | Oct 16, 2016 | The proc_keys_show function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allows local users to cause a denial of service (stack memory… | ||
| CVE-2015-8955 | Hig | 0.40 | 7.3 | 0.00 | Oct 10, 2016 | arch/arm64/kernel/perf_event.c in the Linux kernel before 4.1 on arm64 platforms allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via vectors involving events that are mishandled during a span of multiple HW PMUs. | ||
| CVE-2016-4482 | Med | 0.40 | 6.2 | 0.01 | May 23, 2016 | The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call. | ||
| CVE-2016-2847 | Med | 0.40 | 6.2 | 0.01 | Apr 27, 2016 | fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes. | ||
| CVE-2016-2549 | Med | 0.40 | 6.2 | 0.00 | Apr 27, 2016 | sound/core/hrtimer.c in the Linux kernel before 4.4.1 does not prevent recursive callback access, which allows local users to cause a denial of service (deadlock) via a crafted ioctl call. | ||
| CVE-2016-2548 | Med | 0.40 | 6.2 | 0.00 | Apr 27, 2016 | sound/core/timer.c in the Linux kernel before 4.4.1 retains certain linked lists after a close or stop action, which allows local users to cause a denial of service (system crash) via a crafted ioctl call, related to the (1) snd_timer_close and (2) _snd_timer_stop functions. | ||
| CVE-2011-1776 | Med | 0.40 | 6.1 | 0.01 | Sep 6, 2011 | The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel before 2.6.39 does not check the size of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allows physically proximate attackers to cause a denial of service (heap-based buffer… | ||
| CVE-2026-53357 | mod | 0.39 | 7.0 | 0.00 | Jul 2, 2026 | kernel: Bluetooth: fix UAF in l2cap_sock_cleanup_listen() vs l2cap_conn_del() | ||
| CVE-2026-53341 | mod | 0.39 | 7.0 | 0.00 | Jul 1, 2026 | kernel: fhandle: fix UAF due to unlocked ->mnt_ns read in may_decode_fh() | ||
| CVE-2026-53354 | mod | 0.39 | 7.0 | 0.00 | Jul 1, 2026 | kernel: arm64: errata: Mitigate TLBI errata on various Arm CPUs | ||
| CVE-2026-53176 | imp | 0.39 | 7.0 | 0.01 | Jun 25, 2026 | kernel: IB/isert: Reject login PDUs shorter than ISER_HEADERS_LEN | ||
| CVE-2026-53196 | imp | 0.39 | 7.0 | 0.00 | Jun 25, 2026 | kernel: USB: serial: io_ti: fix heap overflow in get_manuf_info() | ||
| CVE-2026-53133 | mod | 0.39 | 7.0 | 0.00 | Jun 25, 2026 | kernel: RDMA/umem: Fix truncation for block sizes >= 4G | ||
| CVE-2026-53256 | mod | 0.39 | 7.0 | 0.00 | Jun 25, 2026 | kernel: Bluetooth: RFCOMM: hold listener socket in rfcomm_connect_ind() | ||
| CVE-2026-53264 | mod | 0.39 | 7.0 | 0.00 | Jun 25, 2026 | kernel: net/sched: act_api: use RCU with deferred freeing for action lifecycle | ||
| CVE-2026-53230 | mod | 0.39 | 7.0 | 0.00 | Jun 25, 2026 | kernel: net/mlx5: Fix slab-out-of-bounds in mlx5_query_nic_vport_mac_list | ||
| CVE-2026-53143 | imp | 0.39 | 7.0 | 0.00 | Jun 25, 2026 | kernel: drm/amdkfd: Fix buffer overflow in SDMA queue checkpoint/restore on GFX11 | ||
| CVE-2026-53148 | imp | 0.39 | 7.0 | 0.00 | Jun 25, 2026 | kernel: thunderbolt: Clamp XDomain response data copy to allocation size | ||
| CVE-2026-53212 | mod | 0.39 | 7.0 | 0.00 | Jun 25, 2026 | kernel: netfilter: nft_tunnel: fix use-after-free on object destroy | ||
| CVE-2026-53228 | mod | 0.39 | 7.0 | 0.01 | Jun 25, 2026 | kernel: ipv6: sit: reload inner IPv6 header after GSO offloads |
- risk 0.40cvss 6.1epss 0.00
In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: Correct check for empty list Since commit a3c53be55c95 ("net: dsa: mv88e6xxx: Support multiple MDIO busses") mv88e6xxx_default_mdio_bus() has checked that the return value of…
- risk 0.40cvss 6.2epss 0.00
In the Linux kernel, the following vulnerability has been resolved: arm64: extable: fix load_unaligned_zeropad() reg indices In ex_handler_load_unaligned_zeropad() we erroneously extract the data and addr register indices from ex->type rather than ex->data. As ex->type will…
- risk 0.40cvss 6.2epss 0.00
In the Linux kernel, the following vulnerability has been resolved: uio_hv_generic: Don't free decrypted memory In CoCo VMs it is possible for the untrusted host to cause set_memory_encrypted() or set_memory_decrypted() to fail such that an error is returned and the resulting…
- risk 0.40cvss 6.2epss 0.00
In the Linux kernel, the following vulnerability has been resolved: workqueue: Fix selection of wake_cpu in kick_pool() With cpu_possible_mask=0-63 and cpu_online_mask=0-7 the following kernel oops was observed: smp: Bringing up secondary CPUs ... smp: Brought up 1 node, 8…
- risk 0.40cvss 6.2epss 0.00
In the Linux kernel, the following vulnerability has been resolved: drm/msm/a6xx: Allocate enough space for GMU registers In commit 142639a52a01 ("drm/msm/a6xx: fix crashstate capture for A650") we changed a6xx_get_gmu_registers() to read 3 sets of registers. Unfortunately, we…
- risk 0.40cvss 6.2epss 0.00
In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Do not call scsi_remove_host() in pm8001_alloc() Calling scsi_remove_host() before scsi_add_host() results in a crash: BUG: kernel NULL pointer dereference, address: 0000000000000108 RIP:…
- risk 0.40cvss 6.2epss 0.00
In the Linux kernel, the following vulnerability has been resolved: drm: bridge: it66121: Fix invalid connector dereference Fix the NULL pointer dereference when no monitor is connected, and the sound card is opened from userspace. Instead return an empty buffer (of zeroes)…
- risk 0.40cvss 6.2epss 0.00
In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data Add the check for the return value of mtk_alloc_clk_data() in order to avoid NULL pointer dereference.
- risk 0.40cvss 6.2epss 0.00
In the Linux kernel, the following vulnerability has been resolved: media: vidtv: psi: Add check for kstrdup Add check for the return value of kstrdup() and return the error if it fails in order to avoid NULL pointer dereference.
- risk 0.40cvss 6.2epss 0.00
In the Linux kernel, the following vulnerability has been resolved: fbdev: imsttfb: fix a resource leak in probe I've re-written the error handling but the bug is that if init_imstt() fails we need to call iounmap(par->cmap_regs).
- risk 0.40cvss 6.2epss 0.00
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix possible out-of-bound write in ath12k_wmi_ext_hal_reg_caps() reg_cap.phy_id is extracted from WMI event and could be an unexpected value in case some errors happen. As a result out-of-bound…
- risk 0.40cvss 6.2epss 0.00
In the Linux kernel, the following vulnerability has been resolved: mfd: qcom-spmi-pmic: Fix revid implementation The Qualcomm SPMI PMIC revid implementation is broken in multiple ways. First, it assumes that just because the sibling base device has been registered that means…
- risk 0.40cvss 6.2epss 0.00
In the Linux kernel, the following vulnerability has been resolved: blktrace: Fix uaf in blk_trace access after removing by sysfs There is an use-after-free problem triggered by following process: P1(sda) P2(sdb) echo 0 > /sys/block/sdb/trace/enable …
- risk 0.40cvss 6.2epss 0.00
In the Linux kernel, the following vulnerability has been resolved: scsi: megaraid_sas: Fix resource leak in case of probe failure The driver doesn't clean up all the allocated resources properly when scsi_add_host(), megasas_start_aen() function fails during the PCI device…
- risk 0.40cvss 6.2epss 0.00
In the Linux kernel, the following vulnerability has been resolved: mptcp: Fix out of bounds when parsing TCP options The TCP option parser in mptcp (mptcp_get_options) could read one byte out of bounds. When the length is 1, the execution flow gets into the loop, reads one…
- risk 0.40cvss 6.2epss 0.00
In the Linux kernel, the following vulnerability has been resolved: x86/ioremap: Map EFI-reserved memory as encrypted for SEV Some drivers require memory that is marked as EFI boot services data. In order for this memory to not be re-used by the kernel after…
- risk 0.40cvss 6.2epss 0.00
In the Linux kernel, the following vulnerability has been resolved: net: ll_temac: Make sure to free skb when it is completely used With the skb pointer piggy-backed on the TX BD, we have a simple and efficient way to free the skb buffer when the frame has been transmitted.…
- risk 0.40cvss 6.1epss 0.00
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: flush pending destroy work before exit_net release Similar to 2c9f0293280e ("netfilter: nf_tables: flush pending destroy work before netlink notifier") to address a race between exit_net…
- risk 0.40cvss 6.2epss 0.00
In the Linux kernel, the following vulnerability has been resolved: sfc/siena: fix null pointer dereference in efx_hard_start_xmit Like in previous patch for sfc, prevent potential (but unlikely) NULL pointer dereference.
- risk 0.40cvss 6.2epss 0.00
In the Linux kernel, the following vulnerability has been resolved: fsdax: Fix infinite loop in dax_iomap_rw() I got an infinite loop and a WARNING report when executing a tail command in virtiofs. WARNING: CPU: 10 PID: 964 at fs/iomap/iter.c:34 iomap_iter+0x3a2/0x3d0 …
- risk 0.40cvss 6.2epss 0.00
In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: Fix uninitialized pointer dmactl In the case where __lpass_get_dmactl_handle is called and the driver id dai_id is invalid the pointer dmactl is not being assigned a value, and dmactl contains a…
- risk 0.40cvss 6.2epss 0.00
In the Linux kernel, the following vulnerability has been resolved: ptp: ocp: Fix a resource leak in an error handling path If an error occurs after a successful 'pci_ioremap_bar()' call, it must be undone by a corresponding 'pci_iounmap()' call, as already done in the remove…
- risk 0.40cvss 6.1epss 0.00
In the Linux kernel, the following vulnerability has been resolved: erofs: fix lz4 inplace decompression Currently EROFS can map another compressed buffer for inplace decompression, that was used to handle the cases that some pages of compressed data are actually not in-place…
- risk 0.40cvss 6.1epss 0.00
A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the flag_count field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure.
- risk 0.40cvss 6.1epss 0.00
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c.
- risk 0.40cvss 6.2epss 0.01
In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This problem is limit to the host running linux kernel 4.10 with a guest running linux kernel 4.16 or later. The problem…
- risk 0.40cvss 6.1epss 0.01
An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access…
- risk 0.40cvss 6.1epss 0.00
It was found that the net_dma code in tcp_recvmsg() in the 2.6.32 kernel as shipped in RHEL6 is thread-unsafe. So an unprivileged multi-threaded userspace application calling recvmsg() for the same network socket in parallel executed on ioatdma-enabled hardware with net_dma…
- risk 0.40cvss 6.1epss 0.01
Linux foundation ONOS 1.9 is vulnerable to XSS in the device. registration
- risk 0.40cvss 6.1epss 0.01
Stack-based buffer overflow in the brcmf_cfg80211_start_ap function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.7.5 allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a long…
- risk 0.40cvss 6.2epss 0.00
The proc_keys_show function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allows local users to cause a denial of service (stack memory…
- risk 0.40cvss 7.3epss 0.00
arch/arm64/kernel/perf_event.c in the Linux kernel before 4.1 on arm64 platforms allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via vectors involving events that are mishandled during a span of multiple HW PMUs.
- risk 0.40cvss 6.2epss 0.01
The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call.
- risk 0.40cvss 6.2epss 0.01
fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes.
- risk 0.40cvss 6.2epss 0.00
sound/core/hrtimer.c in the Linux kernel before 4.4.1 does not prevent recursive callback access, which allows local users to cause a denial of service (deadlock) via a crafted ioctl call.
- risk 0.40cvss 6.2epss 0.00
sound/core/timer.c in the Linux kernel before 4.4.1 retains certain linked lists after a close or stop action, which allows local users to cause a denial of service (system crash) via a crafted ioctl call, related to the (1) snd_timer_close and (2) _snd_timer_stop functions.
- risk 0.40cvss 6.1epss 0.01
The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel before 2.6.39 does not check the size of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allows physically proximate attackers to cause a denial of service (heap-based buffer…
- risk 0.39cvss 7.0epss 0.00
kernel: Bluetooth: fix UAF in l2cap_sock_cleanup_listen() vs l2cap_conn_del()
- risk 0.39cvss 7.0epss 0.00
kernel: fhandle: fix UAF due to unlocked ->mnt_ns read in may_decode_fh()
- risk 0.39cvss 7.0epss 0.00
kernel: arm64: errata: Mitigate TLBI errata on various Arm CPUs
- risk 0.39cvss 7.0epss 0.01
kernel: IB/isert: Reject login PDUs shorter than ISER_HEADERS_LEN
- risk 0.39cvss 7.0epss 0.00
kernel: USB: serial: io_ti: fix heap overflow in get_manuf_info()
- risk 0.39cvss 7.0epss 0.00
kernel: RDMA/umem: Fix truncation for block sizes >= 4G
- risk 0.39cvss 7.0epss 0.00
kernel: Bluetooth: RFCOMM: hold listener socket in rfcomm_connect_ind()
- risk 0.39cvss 7.0epss 0.00
kernel: net/sched: act_api: use RCU with deferred freeing for action lifecycle
- risk 0.39cvss 7.0epss 0.00
kernel: net/mlx5: Fix slab-out-of-bounds in mlx5_query_nic_vport_mac_list
- risk 0.39cvss 7.0epss 0.00
kernel: drm/amdkfd: Fix buffer overflow in SDMA queue checkpoint/restore on GFX11
- risk 0.39cvss 7.0epss 0.00
kernel: thunderbolt: Clamp XDomain response data copy to allocation size
- risk 0.39cvss 7.0epss 0.00
kernel: netfilter: nft_tunnel: fix use-after-free on object destroy
- risk 0.39cvss 7.0epss 0.01
kernel: ipv6: sit: reload inner IPv6 header after GSO offloads
Page 76 of 320