Filtered by vendor Linux
Subscriptions
Filtered by product Kernel
Subscriptions
Total
15 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-52584 | 1 Linux | 1 Kernel | 2024-12-19 | 3.8 Low |
In the Linux kernel, the following vulnerability has been resolved: spmi: mediatek: Fix UAF on device remove The pmif driver data that contains the clocks is allocated along with spmi_controller. On device remove, spmi_controller will be freed first, and then devres , including the clocks, will be cleanup. This leads to UAF because putting the clocks will access the clocks in the pmif driver data, which is already freed along with spmi_controller. This can be reproduced by enabling DEBUG_TEST_DRIVER_REMOVE and building the kernel with KASAN. Fix the UAF issue by using unmanaged clk_bulk_get() and putting the clocks before freeing spmi_controller. | ||||
CVE-2021-47482 | 1 Linux | 1 Kernel | 2024-12-19 | 5.3 Medium |
In the Linux kernel, the following vulnerability has been resolved: net: batman-adv: fix error handling Syzbot reported ODEBUG warning in batadv_nc_mesh_free(). The problem was in wrong error handling in batadv_mesh_init(). Before this patch batadv_mesh_init() was calling batadv_mesh_free() in case of any batadv_*_init() calls failure. This approach may work well, when there is some kind of indicator, which can tell which parts of batadv are initialized; but there isn't any. All written above lead to cleaning up uninitialized fields. Even if we hide ODEBUG warning by initializing bat_priv->nc.work, syzbot was able to hit GPF in batadv_nc_purge_paths(), because hash pointer in still NULL. [1] To fix these bugs we can unwind batadv_*_init() calls one by one. It is good approach for 2 reasons: 1) It fixes bugs on error handling path 2) It improves the performance, since we won't call unneeded batadv_*_free() functions. So, this patch makes all batadv_*_init() clean up all allocated memory before returning with an error to no call correspoing batadv_*_free() and open-codes batadv_mesh_free() with proper order to avoid touching uninitialized fields. | ||||
CVE-2023-3611 | 3 Debian, Linux, Redhat | 11 Debian Linux, Kernel, Linux Kernel and 8 more | 2024-11-21 | 7.8 High |
An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. The qfq_change_agg() function in net/sched/sch_qfq.c allows an out-of-bounds write because lmax is updated according to packet sizes without bounds checks. We recommend upgrading past commit 3e337087c3b5805fe0b8a46ba622a962880b5d64. | ||||
CVE-2017-6259 | 4 Freebsd, Linux, Nvidia and 1 more | 4 Freebsd, Kernel, Gpu Driver and 1 more | 2024-11-21 | N/A |
NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where an incorrect detection and recovery from an invalid state produced by specific user actions may lead to denial of service. | ||||
CVE-2017-6257 | 5 Freebsd, Linux, Microsoft and 2 more | 5 Freebsd, Kernel, Windows and 2 more | 2024-11-21 | N/A |
NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where a NULL pointer dereference may lead to denial of service or potential escalation of privileges | ||||
CVE-2016-0957 | 4 Adobe, Apple, Linux and 1 more | 5 Dispatcher, Experience Manager, Mac Os X and 2 more | 2024-11-21 | N/A |
Dispatcher before 4.1.5 in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 does not properly implement a URL filter, which allows remote attackers to bypass dispatcher rules via unspecified vectors. | ||||
CVE-2014-2649 | 2 Hp, Linux | 2 Operations Manager, Kernel | 2024-11-21 | N/A |
Unspecified vulnerability in HP Operations Manager 9.20 on UNIX allows remote attackers to execute arbitrary code via unknown vectors. | ||||
CVE-2010-0309 | 2 Linux, Redhat | 3 Kernel, Enterprise Linux, Rhel Virtualization | 2024-11-21 | N/A |
The pit_ioport_read function in the Programmable Interval Timer (PIT) emulation in i8254.c in KVM 83 does not properly use the pit_state data structure, which allows guest OS users to cause a denial of service (host OS crash or hang) by attempting to read the /dev/port file. | ||||
CVE-2009-3624 | 1 Linux | 2 Kernel, Linux Kernel | 2024-11-21 | N/A |
The get_instantiation_keyring function in security/keys/keyctl.c in the KEYS subsystem in the Linux kernel before 2.6.32-rc5 does not properly maintain the reference count of a keyring, which allows local users to gain privileges or cause a denial of service (OOPS) via vectors involving calls to this function without specifying a keyring by ID, as demonstrated by a series of keyctl request2 and keyctl list commands. | ||||
CVE-2009-2847 | 2 Linux, Redhat | 6 Kernel, Linux, Linux Kernel and 3 more | 2024-11-21 | N/A |
The do_sigaltstack function in kernel/signal.c in Linux kernel 2.4 through 2.4.37 and 2.6 before 2.6.31-rc5, when running on 64-bit systems, does not clear certain padding bytes from a structure, which allows local users to obtain sensitive information from the kernel stack via the sigaltstack function. | ||||
CVE-2009-2844 | 1 Linux | 2 Kernel, Linux Kernel | 2024-11-21 | N/A |
cfg80211 in net/wireless/scan.c in the Linux kernel 2.6.30-rc1 and other versions before 2.6.31-rc6 allows remote attackers to cause a denial of service (crash) via a sequence of beacon frames in which one frame omits an SSID Information Element (IE) and the subsequent frame contains an SSID IE, which triggers a NULL pointer dereference in the cmp_ies function. NOTE: a potential weakness in the is_mesh function was also addressed, but the relevant condition did not exist in the code, so it is not a vulnerability. | ||||
CVE-2009-2767 | 1 Linux | 2 Kernel, Linux Kernel | 2024-11-21 | N/A |
The init_posix_timers function in kernel/posix-timers.c in the Linux kernel before 2.6.31-rc6 allows local users to cause a denial of service (OOPS) or possibly gain privileges via a CLOCK_MONOTONIC_RAW clock_nanosleep call that triggers a NULL pointer dereference. | ||||
CVE-2009-2406 | 2 Linux, Redhat | 4 Kernel, Linux Kernel, Enterprise Linux and 1 more | 2024-11-21 | N/A |
Stack-based buffer overflow in the parse_tag_11_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving a crafted eCryptfs file, related to not ensuring that the key signature length in a Tag 11 packet is compatible with the key signature buffer size. | ||||
CVE-2009-1389 | 2 Linux, Redhat | 5 Kernel, Linux Kernel, Enterprise Linux and 2 more | 2024-11-21 | N/A |
Buffer overflow in the RTL8169 NIC driver (drivers/net/r8169.c) in the Linux kernel before 2.6.30 allows remote attackers to cause a denial of service (kernel memory corruption and crash) via a long packet. | ||||
CVE-2009-1385 | 3 Intel, Linux, Redhat | 6 E1000, Kernel, Linux Kernel and 3 more | 2024-11-21 | N/A |
Integer underflow in the e1000_clean_rx_irq function in drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel before 2.6.30-rc8, the e1000e driver in the Linux kernel, and Intel Wired Ethernet (aka e1000) before 7.5.5 allows remote attackers to cause a denial of service (panic) via a crafted frame size. |
Page 1 of 1.