VYPR

Vendor CVEs

Linux

All CVEs

15,976 total · sorted by risk
  • CVE-2024-39499HigJul 12, 2024
    risk 0.39cvss 7.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: vmci: prevent speculation leaks by sanitizing event in event_deliver() Coverity spotted that event_msg is controlled by user-space, event_msg->event_data.event is passed to event_deliver() and used as an index…

  • CVE-2024-39492HigJul 10, 2024
    risk 0.39cvss 7.0epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: mailbox: mtk-cmdq: Fix pm_runtime_get_sync() warning in mbox shutdown The return value of pm_runtime_get_sync() in cmdq_mbox_shutdown() will return 1 when pm runtime state is active, and we don't want to get…

  • CVE-2024-39487HigJul 9, 2024
    risk 0.39cvss 7.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() In function bond_option_arp_ip_targets_set(), if newval->string is an empty string, newval->string+1 will point to the byte after the string,…

  • CVE-2024-39486HigJul 6, 2024
    risk 0.39cvss 7.0epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: drm/drm_file: Fix pid refcounting race <maarten.lankhorst@linux.intel.com>, Maxime Ripard <mripard@kernel.org>, Thomas Zimmermann <tzimmermann@suse.de> filp->pid is supposed to be a refcounted pointer;…

  • CVE-2024-39471HigJun 25, 2024
    risk 0.39cvss 7.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: add error handle to avoid out-of-bounds if the sdma_v4_0_irq_id_to_seq return -EINVAL, the process should be stop to avoid out-of-bounds read, so directly return -EINVAL.

  • CVE-2024-39469HigJun 25, 2024
    risk 0.39cvss 7.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors The error handling in nilfs_empty_dir() when a directory folio/page read fails is incorrect, as in the old ext2 implementation, and if the…

  • CVE-2024-39467HigJun 25, 2024
    risk 0.39cvss 7.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode() syzbot reports a kernel bug as below: F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 ===========================================…

  • CVE-2024-27401HigMay 14, 2024
    risk 0.39cvss 7.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: firewire: nosy: ensure user_length is taken into account when fetching packet contents Ensure that packet_buffer_get respects the user_length provided. If the length of the head packet exceeds the user_length,…

  • CVE-2024-26894MedApr 17, 2024
    risk 0.39cvss 6.0epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit() After unregistering the CPU idle device, the memory associated with it is not freed, leading to a memory leak: unreferenced object…

  • CVE-2024-26843MedApr 17, 2024
    risk 0.39cvss 6.0epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: efi: runtime: Fix potential overflow of soft-reserved region size md_size will have been narrowed if we have >= 4GB worth of pages in a soft-reserved region.

  • CVE-2021-47099MedMar 4, 2024
    risk 0.39cvss 6.0epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: veth: ensure skb entering GRO are not cloned. After commit d3256efd8e8b ("veth: allow enabling NAPI even without XDP"), if GRO is enabled on a veth device and TSO is disabled on the peer device, TCP skbs will…

  • CVE-2023-52529MedMar 2, 2024
    risk 0.39cvss 6.0epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: HID: sony: Fix a potential memory leak in sony_probe() If an error occurs after a successful usb_alloc_urb() call, usb_free_urb() should be called.

  • CVE-2021-47060MedFeb 29, 2024
    risk 0.39cvss 6.0epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: KVM: Stop looking for coalesced MMIO zones if the bus is destroyed Abort the walk of coalesced MMIO zones if kvm_io_bus_unregister_dev() fails to allocate memory for the new instance of the bus. If it can't…

  • CVE-2023-51779HigFeb 29, 2024
    risk 0.39cvss 7.0epss 0.00

    bt_sock_recvmsg in net/bluetooth/af_bluetooth.c in the Linux kernel through 6.6.8 has a use-after-free because of a bt_sock_ioctl race condition.

  • CVE-2024-26593HigFeb 23, 2024
    risk 0.39cvss 7.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: i2c: i801: Fix block process call transactions According to the Intel datasheets, software must reset the block buffer index twice for block process call transactions: once before writing the outgoing data to…

  • CVE-2023-4273MedAug 9, 2023
    risk 0.39cvss 6.0epss 0.01

    A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a…

  • CVE-2020-10742MedJun 2, 2021
    risk 0.39cvss 6.0epss 0.00

    A flaw was found in the Linux kernel. An index buffer overflow during Direct IO write leading to the NFS client to crash. In some cases, a reach out of the index after one memory allocation by kmalloc will cause a kernel panic. The highest threat from this vulnerability is to…

  • CVE-2020-10711MedMay 22, 2020
    risk 0.39cvss 5.9epss 0.03

    A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import'…

  • CVE-2016-10906HigAug 19, 2019
    risk 0.39cvss 7.0epss 0.00

    An issue was discovered in drivers/net/ethernet/arc/emac_main.c in the Linux kernel before 4.5. A use-after-free is caused by a race condition between the functions arc_emac_tx and arc_emac_tx_clean.

  • CVE-2018-7273MedFeb 21, 2018
    risk 0.39cvss 5.5epss 0.02

    In the Linux kernel through 4.15.4, the floppy driver reveals the addresses of kernel functions and global variables using printk calls within the function show_floppy in drivers/block/floppy.c. An attacker can read this information from dmesg and use the addresses to find the…

  • CVE-2018-1000004MedJan 16, 2018
    risk 0.39cvss 5.9epss 0.04

    In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition.

  • CVE-2017-16994MedNov 27, 2017
    risk 0.39cvss 5.5epss 0.02

    The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel before 4.14.2 mishandles holes in hugetlb ranges, which allows local users to obtain sensitive information from uninitialized kernel memory via crafted use of the mincore() system call.

  • CVE-2017-12168MedSep 20, 2017
    risk 0.39cvss 6.0epss 0.00

    The access_pmu_evcntr function in arch/arm64/kvm/sys_regs.c in the Linux kernel before 4.8.11 allows privileged KVM guest OS users to cause a denial of service (assertion failure and host OS crash) by accessing the Performance Monitors Cycle Count Register (PMCCNTR).

  • CVE-2017-14489MedSep 15, 2017
    risk 0.39cvss 5.5epss 0.01

    The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel through 4.13.2 allows local users to cause a denial of service (panic) by leveraging incorrect length validation.

  • CVE-2017-9150MedMay 22, 2017
    risk 0.39cvss 5.5epss 0.01

    The do_check function in kernel/bpf/verifier.c in the Linux kernel before 4.11.1 does not make the allow_ptr_leaks value available for restricting the output of the print_bpf_insn function, which allows local users to obtain sensitive address information via crafted bpf system…

  • CVE-2017-7472MedMay 11, 2017
    risk 0.39cvss 5.5epss 0.02

    The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls.

  • CVE-2014-9940HigMay 2, 2017
    risk 0.39cvss 7.0epss 0.02

    The regulator_ena_gpio_free function in drivers/regulator/core.c in the Linux kernel before 3.19 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted application.

  • CVE-2017-2671MedApr 5, 2017
    risk 0.39cvss 5.5epss 0.01

    The ping_unhash function in net/ipv4/ping.c in the Linux kernel through 4.10.8 is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which allows local users to cause a denial of service (panic) by leveraging access to…

  • CVE-2016-10200HigMar 7, 2017
    risk 0.39cvss 7.0epss 0.00

    Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel before 4.8.14 allows local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED…

  • CVE-2016-10088HigDec 30, 2016
    risk 0.39cvss 7.0epss 0.00

    The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by…

  • CVE-2015-8963HigNov 16, 2016
    risk 0.39cvss 7.0epss 0.01

    Race condition in kernel/events/core.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect handling of an swevent data structure during a CPU unplug operation.

  • CVE-2016-6828MedOct 16, 2016
    risk 0.39cvss 5.5epss 0.01

    The tcp_check_send_head function in include/net/tcp.h in the Linux kernel before 4.7.5 does not properly maintain certain SACK state after a failed data copy, which allows local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a…

  • CVE-2016-4578MedMay 23, 2016
    risk 0.39cvss 5.5epss 0.01

    sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2)…

  • CVE-2015-8551MedApr 13, 2016
    risk 0.39cvss 6.0epss 0.00

    The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with…

  • CVE-2015-8543HigDec 28, 2015
    risk 0.39cvss 7.0epss 0.01

    The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol identifiers for certain protocol families, which allows local users to cause a denial of service (NULL function pointer dereference and system…

  • CVE-2013-4588HigNov 20, 2013
    risk 0.39cvss 7.0epss 0.00

    Multiple stack-based buffer overflows in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 2.6.33, when CONFIG_IP_VS is used, allow local users to gain privileges by leveraging the CAP_NET_ADMIN capability for (1) a getsockopt system call, related to the do_ip_vs_get_ctl…

  • CVE-2011-1573MedFeb 2, 2012
    risk 0.39cvss 5.9epss 0.03

    net/sctp/sm_make_chunk.c in the Linux kernel before 2.6.34, when addip_enable and auth_enable are used, does not consider the amount of zero padding during calculation of chunk lengths for (1) INIT and (2) INIT ACK chunks, which allows remote attackers to cause a denial of…

  • CVE-2009-3621MedOct 22, 2009
    risk 0.39cvss 5.5epss 0.01

    net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows local users to cause a denial of service (system hang) by creating an abstract-namespace AF_UNIX listening socket, performing a shutdown operation on this socket, and then performing a series of connect…

  • CVE-2008-4302MedSep 29, 2008
    risk 0.39cvss 5.5epss 0.01

    fs/splice.c in the splice subsystem in the Linux kernel before 2.6.22.2 does not properly handle a failure of the add_to_page_cache_lru function, and subsequently attempts to unlock a page that was not locked, which allows local users to cause a denial of service (kernel BUG and…

  • CVE-2023-32253MedAug 2, 2025
    risk 0.38cvss 5.9epss 0.00

    A flaw was found in the Linux kernel's ksmbd component. A deadlock is triggered by sending multiple concurrent session setup requests, possibly leading to a denial of service.

  • CVE-2023-2593MedJul 30, 2025
    risk 0.38cvss 5.9epss 0.01

    A flaw exists within the Linux kernel's handling of new TCP connections. The issue results from the lack of memory release after its effective lifetime. This vulnerability allows an unauthenticated attacker to create a denial of service condition on the system.

  • CVE-2025-22037MedApr 16, 2025
    risk 0.38cvss 5.5epss 0.28

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference in alloc_preauth_hash() The Client send malformed smb2 negotiate request. ksmbd return error response. Subsequently, the client can send smb2 session setup even thought…

  • CVE-2023-39176MedNov 18, 2024
    risk 0.38cvss 5.8epss 0.01

    A flaw was found within the parsing of SMB2 requests that have a transform header in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this…

  • CVE-2021-47544MedMay 24, 2024
    risk 0.38cvss 5.9epss 0.01

    In the Linux kernel, the following vulnerability has been resolved: tcp: fix page frag corruption on page fault Steffen reported a TCP stream corruption for HTTP requests served by the apache web-server using a cifs mount-point and memory mapping the relevant file. The root…

  • CVE-2023-52776MedMay 21, 2024
    risk 0.38cvss 5.9epss 0.01

    In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix dfs-radar and temperature event locking The ath12k active pdevs are protected by RCU but the DFS-radar and temperature event handling code calling ath12k_mac_get_ar_by_pdev_id() was not…

  • CVE-2024-35910MedMay 19, 2024
    risk 0.38cvss 5.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: tcp: properly terminate timers for kernel sockets We had various syzbot reports about tcp timers firing after the corresponding netns has been dismantled. Fortunately Josef Bacik could trigger the issue more…

  • CVE-2024-27402MedMay 17, 2024
    risk 0.38cvss 5.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: phonet/pep: fix racy skb_queue_empty() use The receive queues are protected by their respective spin-lock, not the socket lock. This could lead to skb_peek() unexpectedly returning NULL or a pointer to an…

  • CVE-2024-26864MedApr 17, 2024
    risk 0.38cvss 5.9epss 0.01

    In the Linux kernel, the following vulnerability has been resolved: tcp: Fix refcnt handling in __inet_hash_connect(). syzbot reported a warning in sk_nulls_del_node_init_rcu(). The commit 66b60b0c8c4a ("dccp/tcp: Unhash sk from ehash for tb2 alloc failure after…

  • CVE-2021-3714MedAug 23, 2022
    risk 0.38cvss 5.9epss 0.01

    A flaw was found in the Linux kernels memory deduplication mechanism. Previous work has shown that memory deduplication can be attacked via a local exploitation mechanism. The same technique can be used if an attacker can upload page sized files and detect the change in access…

  • CVE-2020-36516MedFeb 26, 2022
    risk 0.38cvss 5.9epss 0.01

    An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session.

Page 79 of 320