Product:

Linux_kernel

(Linux)
Date Id Summary Products Score Patch Annotated
2025-01-31 CVE-2025-21671 In the Linux kernel, the following vulnerability has been resolved: zram: fix potential UAF of zram table If zram_meta_alloc failed early, it frees allocated zram->table without setting it NULL. Which will potentially cause zram_meta_free to access the table if user reset an failed and uninitialized device. Linux_kernel 7.8
2013-04-13 CVE-2013-2596 Integer overflow in the fb_mmap function in drivers/video/fbmem.c in the Linux kernel before 3.8.9, as used in a certain Motorola build of Android 4.1.2 and other products, allows local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted /dev/graphics/fb0 mmap2 system calls, as demonstrated by the Motochopper pwn program. Linux_kernel, Android 7.8
2014-05-07 CVE-2014-0196 The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings. Ubuntu_linux, Debian_linux, Big\-Ip_access_policy_manager, Big\-Ip_advanced_firewall_manager, Big\-Ip_analytics, Big\-Ip_application_acceleration_manager, Big\-Ip_application_security_manager, Big\-Ip_edge_gateway, Big\-Ip_global_traffic_manager, Big\-Ip_link_controller, Big\-Ip_local_traffic_manager, Big\-Ip_policy_enforcement_manager, Big\-Ip_protocol_security_module, Big\-Ip_wan_optimization_manager, Big\-Ip_webaccelerator, Big\-Iq_application_delivery_controller, Big\-Iq_centralized_management, Big\-Iq_cloud, Big\-Iq_cloud_and_orchestration, Big\-Iq_device, Big\-Iq_security, Enterprise_manager, Linux_kernel, Linux, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_server_eus, Suse_linux_enterprise_desktop, Suse_linux_enterprise_high_availability_extension, Suse_linux_enterprise_server N/A
2014-06-07 CVE-2014-3153 The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification. Ubuntu_linux, Linux_kernel, Opensuse, Linux, Enterprise_linux_server_aus, Linux_enterprise_desktop, Linux_enterprise_high_availability_extension, Linux_enterprise_real_time_extension, Linux_enterprise_server 7.8
2024-01-04 CVE-2023-6270 A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on `struct net_device`, and a use-after-free can be triggered by racing between the free on the struct and the access through the `skbtxq` global queue. This could lead to a denial of service condition or potential code execution. Fedora, Linux_kernel 7.0
2024-05-01 CVE-2024-26932 In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: fix double-free issue in tcpm_port_unregister_pd() When unregister pd capabilitie in tcpm, KASAN will capture below double -free issue. The root cause is the same capabilitiy will be kfreed twice, the first time is kfreed by pd_capabilities_release() and the second time is explicitly kfreed by tcpm_port_unregister_pd(). [ 3.988059] BUG: KASAN: double-free in tcpm_port_unregister_pd+0x1a4/0x3dc [ ... Linux_kernel 7.8
2024-12-02 CVE-2024-53104 In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the frames buffer in uvc_parse_streaming. Linux_kernel 7.8
2023-04-19 CVE-2023-2166 A null pointer dereference issue was found in can protocol in net/can/af_can.c in the Linux before Linux. ml_priv may not be initialized in the receive path of CAN frames. A local user could use this flaw to crash the system or potentially cause a denial of service. Linux_kernel 5.5
2023-06-05 CVE-2023-3079 Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Macos, Couchbase_server, Debian_linux, Fedora, Chrome, Linux_kernel 8.8
2019-07-17 CVE-2019-13272 In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor... Ubuntu_linux, Debian_linux, Fedora, Linux_kernel, Active_iq_unified_manager, Aff_a700s_firmware, E\-Series_performance_analyzer, E\-Series_santricity_os_controller, H410c_firmware, H610s_firmware, Hci_compute_node, Hci_management_node, Service_processor, Solidfire, Steelstore_cloud_integrated_storage, Enterprise_linux, Enterprise_linux_for_arm_64, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_real_time, Enterprise_linux_for_real_time_for_nfv, Enterprise_linux_for_real_time_for_nfv_tus, Enterprise_linux_for_real_time_tus 7.8