CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Linux » Linux Kernel » * * * * : Security Vulnerabilities (Memory Corruption)

Cpe Name:cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-43057 416 Mem. Corr. 2021-10-28 2021-11-29
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in the Linux kernel before 5.14.8. A use-after-free in selinux_ptrace_traceme (aka the SELinux handler for PTRACE_TRACEME) could be used by local attackers to cause memory corruption and escalate privileges, aka CID-a3727a8bac0a. This occurs because of an attempt to access the subjective credentials of another task.
2 CVE-2021-37576 787 Mem. Corr. 2021-07-26 2021-10-18
7.2
None Local Low Not required Complete Complete Complete
arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e.
3 CVE-2021-22555 787 +Priv Mem. Corr. 2021-07-07 2022-01-06
4.6
None Local Low Not required Partial Partial Partial
A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space
4 CVE-2021-3564 416 Mem. Corr. 2021-06-08 2021-07-08
2.1
None Local Low Not required None None Partial
A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kernel versions starting from 3.13.
5 CVE-2020-25643 20 DoS Overflow Mem. Corr. 2020-10-06 2021-10-19
7.5
None Remote Medium ??? Partial Partial Complete
A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
6 CVE-2020-14390 787 DoS Mem. Corr. 2020-09-18 2020-11-02
4.6
None Local Low Not required Partial Partial Partial
A flaw was found in the Linux kernel in versions before 5.9-rc6. When changing screen size, an out-of-bounds memory write can occur leading to memory corruption or a denial of service. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.
7 CVE-2020-14386 787 +Priv Mem. Corr. 2020-09-16 2021-12-10
7.2
None Local Low Not required Complete Complete Complete
A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.
8 CVE-2020-9391 119 Overflow Mem. Corr. 2020-02-25 2021-07-21
2.1
None Local Low Not required None None Partial
An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6 on the AArch64 architecture. It ignores the top byte in the address passed to the brk system call, potentially moving the memory break downwards when the application expects it to move upwards, aka CID-dcde237319e6. This has been observed to cause heap corruption with the GNU C Library malloc implementation.
9 CVE-2019-19602 119 DoS Overflow Mem. Corr. 2019-12-05 2020-08-24
5.4
None Local Medium Not required Complete None Partial
fpregs_state_valid in arch/x86/include/asm/fpu/internal.h in the Linux kernel before 5.4.2, when GCC 9 is used, allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact because of incorrect fpu_fpregs_owner_ctx caching, as demonstrated by mishandling of signal-based non-cooperative preemption in Go 1.14 prereleases on amd64, aka CID-59c4bd853abc.
10 CVE-2019-11683 787 DoS Mem. Corr. 2019-05-02 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
udp_gro_receive_segment in net/ipv4/udp_offload.c in the Linux kernel 5.x before 5.0.13 allows remote attackers to cause a denial of service (slab-out-of-bounds memory corruption) or possibly have unspecified other impact via UDP packets with a 0 payload, because of mishandling of padded packets, aka the "GRO packet of death" issue.
11 CVE-2018-16880 787 Mem. Corr. 2019-01-29 2019-05-16
6.9
None Local Medium Not required Complete Complete Complete
A flaw was found in the Linux kernel's handle_rx() function in the [vhost_net] driver. A malicious virtual guest, under specific conditions, can trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host which may lead to a kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. Versions from v4.16 and newer are vulnerable.
12 CVE-2018-13095 787 DoS Mem. Corr. 2018-07-03 2020-08-24
4.3
None Remote Medium Not required None None Partial
An issue was discovered in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.17.3. A denial of service (memory corruption and BUG) can occur for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork.
13 CVE-2018-12233 119 Overflow Mem. Corr. 2018-06-12 2019-03-27
6.8
None Remote Medium Not required Partial Partial Partial
In the ea_get function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability can be triggered by an unprivileged user with the ability to create files and execute programs. A kmalloc call is incorrect, leading to slab-out-of-bounds in jfs_xattr.
14 CVE-2017-1000112 362 Mem. Corr. 2017-10-05 2018-08-06
6.9
None Local Medium Not required Complete Complete Complete
Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. When building a UFO packet with MSG_MORE __ip_append_data() calls ip_ufo_append_data() to append. However in between two send() calls, the append path can be switched from UFO to non-UFO one, which leads to a memory corruption. In case UFO packet lengths exceeds MTU, copy = maxfraglen - skb->len becomes negative on the non-UFO path and the branch to allocate new skb is taken. This triggers fragmentation and computation of fraggap = skb_prev->len - maxfraglen. Fraggap can exceed MTU, causing copy = datalen - transhdrlen - fraggap to become negative. Subsequently skb_copy_and_csum_bits() writes out-of-bounds. A similar issue is present in IPv6 code. The bug was introduced in e89e9cf539a2 ("[IPv4/IPv6]: UFO Scatter-gather approach") on Oct 18 2005.
15 CVE-2017-18222 119 DoS Overflow Mem. Corr. 2018-03-08 2018-05-24
4.6
None Local Low Not required Partial Partial Partial
In the Linux kernel before 4.12, Hisilicon Network Subsystem (HNS) does not consider the ETH_SS_PRIV_FLAGS case when retrieving sset_count data, which allows local users to cause a denial of service (buffer overflow and memory corruption) or possibly have unspecified other impact, as demonstrated by incompatibility between hns_get_sset_count and ethtool_get_strings.
16 CVE-2017-17857 119 DoS Overflow Mem. Corr. 2017-12-27 2018-01-09
7.2
None Local Low Not required Complete Complete Complete
The check_stack_boundary function in kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging mishandling of invalid variable stack read operations.
17 CVE-2017-17856 119 DoS Overflow Mem. Corr. 2017-12-27 2018-01-09
7.2
None Local Low Not required Complete Complete Complete
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the lack of stack-pointer alignment enforcement.
18 CVE-2017-17855 119 DoS Overflow Mem. Corr. 2017-12-27 2018-01-09
7.2
None Local Low Not required Complete Complete Complete
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging improper use of pointers in place of scalars.
19 CVE-2017-17854 190 DoS Overflow Mem. Corr. 2017-12-27 2018-01-09
7.2
None Local Low Not required Complete Complete Complete
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (integer overflow and memory corruption) or possibly have unspecified other impact by leveraging unrestricted integer values for pointer arithmetic.
20 CVE-2017-17853 119 DoS Overflow Mem. Corr. 2017-12-27 2018-01-09
7.2
None Local Low Not required Complete Complete Complete
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect BPF_RSH signed bounds calculations.
21 CVE-2017-17852 119 DoS Overflow Mem. Corr. 2017-12-27 2018-01-09
7.2
None Local Low Not required Complete Complete Complete
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging mishandling of 32-bit ALU ops.
22 CVE-2017-16996 119 DoS Overflow Mem. Corr. 2017-12-27 2018-01-09
7.2
None Local Low Not required Complete Complete Complete
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging register truncation mishandling.
23 CVE-2017-16995 119 DoS Overflow Mem. Corr. 2017-12-27 2021-01-05
7.2
None Local Low Not required Complete Complete Complete
The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel through 4.4 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect sign extension.
24 CVE-2017-15129 416 Mem. Corr. 2018-01-09 2018-05-04
4.9
None Local Low Not required None None Complete
A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely.
25 CVE-2017-14497 119 DoS Overflow Mem. Corr. 2017-09-15 2018-01-13
7.2
None Local Low Not required Complete Complete Complete
The tpacket_rcv function in net/packet/af_packet.c in the Linux kernel before 4.13 mishandles vnet headers, which might allow local users to cause a denial of service (buffer overflow, and disk and memory corruption) or possibly have unspecified other impact via crafted system calls.
26 CVE-2017-14051 190 DoS Overflow Mem. Corr. 2017-08-31 2018-03-16
4.9
None Local Low Not required None None Complete
An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel through 4.12.10 allows local users to cause a denial of service (memory corruption and system crash) by leveraging root access.
27 CVE-2017-7533 362 DoS +Priv Mem. Corr. 2017-08-05 2018-01-05
6.9
None Local Medium Not required Complete Complete Complete
Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions.
28 CVE-2017-7482 190 Mem. Corr. 2018-07-30 2019-10-09
7.2
None Local Low Not required Complete Complete Complete
In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the data pointer going over the end of the buffer. This could possibly lead to memory corruption and possible privilege escalation.
29 CVE-2017-2634 119 Overflow Mem. Corr. 2018-07-27 2019-10-09
7.8
None Remote Low Not required None None Complete
It was found that the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation before 2.6.22.17 used the IPv4-only inet_sk_rebuild_header() function for both IPv4 and IPv6 DCCP connections, which could result in memory corruptions. A remote attacker could use this flaw to crash the system.
30 CVE-2016-9793 119 DoS Overflow Mem. Corr. 2016-12-28 2018-01-05
7.2
None Local Low Not required Complete Complete Complete
The sock_setsockopt function in net/core/sock.c in the Linux kernel before 4.8.14 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option.
31 CVE-2016-9083 119 DoS Overflow Mem. Corr. Bypass 2016-11-28 2018-01-05
7.2
None Local Low Not required Complete Complete Complete
drivers/vfio/pci/vfio_pci.c in the Linux kernel through 4.8.11 allows local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a "state machine confusion bug."
32 CVE-2016-8650 20 DoS Mem. Corr. 2016-11-28 2018-06-20
4.9
None Local Low Not required None None Complete
The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel through 4.8.11 does not ensure that memory is allocated for limb data, which allows local users to cause a denial of service (stack memory corruption and panic) via an add_key system call for an RSA key with a zero exponent.
33 CVE-2016-8636 190 DoS Overflow Mem. Corr. +Info 2017-02-22 2017-03-01
7.2
None Local Low Not required Complete Complete Complete
Integer overflow in the mem_check_range function in drivers/infiniband/sw/rxe/rxe_mr.c in the Linux kernel before 4.9.10 allows local users to cause a denial of service (memory corruption), obtain sensitive information from kernel memory, or possibly have unspecified other impact via a write or read request involving the "RDMA protocol over infiniband" (aka Soft RoCE) technology.
34 CVE-2016-7042 119 DoS Overflow Mem. Corr. 2016-10-16 2018-01-05
4.9
None Local Low Not required None None Complete
The proc_keys_show function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allows local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file.
35 CVE-2016-5728 119 DoS Overflow Mem. Corr. +Info 2016-06-27 2016-11-28
5.4
None Local Medium Not required Partial None Complete
Race condition in the vop_ioctl function in drivers/misc/mic/vop/vop_vringh.c in the MIC VOP driver in the Linux kernel before 4.6.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (memory corruption and system crash) by changing a certain header, aka a "double fetch" vulnerability.
36 CVE-2016-5343 120 DoS Overflow Mem. Corr. 2016-10-10 2020-08-03
7.5
None Remote Low Not required Partial Partial Partial
drivers/soc/qcom/qdsp6v2/voice_svc.c in the QDSP6v2 Voice Service driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write request, as demonstrated by a voice_svc_send_req buffer overflow.
37 CVE-2016-4997 264 DoS +Priv Mem. Corr. 2016-07-03 2019-12-27
7.2
None Local Low Not required Complete Complete Complete
The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement.
38 CVE-2016-4805 416 DoS Mem. Corr. 2016-05-23 2019-12-27
7.2
None Local Low Not required Complete Complete Complete
Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions.
39 CVE-2016-3135 189 DoS Overflow +Priv Mem. Corr. 2016-04-27 2017-09-08
7.2
None Local Low Not required Complete Complete Complete
Integer overflow in the xt_alloc_table_info function in net/netfilter/x_tables.c in the Linux kernel through 4.5.2 on 32-bit platforms allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.
40 CVE-2016-3134 119 DoS Overflow +Priv Mem. Corr. 2016-04-27 2018-01-05
7.2
None Local Low Not required Complete Complete Complete
The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.
41 CVE-2016-2066 269 DoS +Priv Mem. Corr. 2016-06-13 2020-08-06
6.8
None Remote Medium Not required Partial Partial Partial
Integer signedness error in the MSM QDSP6 audio driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (memory corruption) via a crafted application that makes an ioctl call.
42 CVE-2016-2065 787 DoS Mem. Corr. 2016-08-07 2020-08-03
6.8
None Remote Medium Not required Partial Partial Partial
sound/soc/msm/qdsp6v2/msm-audio-effects-q6-v2.c in the MSM QDSP6 audio driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service (out-of-bounds write and memory corruption) or possibly have unspecified other impact via a crafted application that makes an ioctl call triggering incorrect use of a parameters pointer.
43 CVE-2016-2061 269 DoS Overflow +Priv Mem. Corr. 2016-06-13 2020-08-04
6.8
None Remote Medium Not required Partial Partial Partial
Integer signedness error in the MSM V4L2 video driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (array overflow and memory corruption) via a crafted application that triggers an msm_isp_axi_create_stream call.
44 CVE-2015-8962 415 DoS +Priv Mem. Corr. 2016-11-16 2017-01-18
9.3
None Remote Medium Not required Complete Complete Complete
Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call.
45 CVE-2015-5283 119 DoS Overflow Mem. Corr. 2015-10-19 2016-12-08
4.7
None Local Medium Not required None None Complete
The sctp_init function in net/sctp/protocol.c in the Linux kernel before 4.2.3 has an incorrect sequence of protocol-initialization steps, which allows local users to cause a denial of service (panic or memory corruption) by creating SCTP sockets before all of the steps have finished.
46 CVE-2015-5156 119 DoS Overflow Mem. Corr. 2015-10-19 2017-11-04
6.1
None Local Network Low Not required None None Complete
The virtnet_probe function in drivers/net/virtio_net.c in the Linux kernel before 4.2 attempts to support a FRAGLIST feature without proper memory allocation, which allows guest OS users to cause a denial of service (buffer overflow and memory corruption) via a crafted sequence of fragmented packets.
47 CVE-2015-4036 119 DoS Overflow Mem. Corr. 2015-08-31 2016-12-22
7.2
None Local Low Not required Complete Complete Complete
Array index error in the tcm_vhost_make_tpg function in drivers/vhost/scsi.c in the Linux kernel before 4.0 might allow guest OS users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted VHOST_SCSI_SET_ENDPOINT ioctl call. NOTE: the affected function was renamed to vhost_scsi_make_tpg before the vulnerability was announced.
48 CVE-2015-0568 416 DoS +Priv Mem. Corr. 2016-08-07 2020-08-04
7.2
None Local Low Not required Complete Complete Complete
Use-after-free vulnerability in the msm_set_crop function in drivers/media/video/msm/msm_camera.c in the MSM-Camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (memory corruption) via an application that makes a crafted ioctl call.
49 CVE-2014-9529 362 DoS Mem. Corr. 2015-01-09 2020-05-21
6.9
None Local Medium Not required Complete Complete Complete
Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key.
50 CVE-2014-9410 20 DoS +Priv Mem. Corr. 2016-08-07 2020-11-17
7.2
None Local Low Not required Complete Complete Complete
The vfe31_proc_general function in drivers/media/video/msm/vfe/msm_vfe31.c in the MSM-VFE31 driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate a certain id value, which allows attackers to gain privileges or cause a denial of service (memory corruption) via an application that makes a crafted ioctl call.
Total number of vulnerabilities : 103   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.