Greg Kroah-Hartman

20 exploits Active since Feb 2013
CVE-2014-0196 WRITEUP MEDIUM WRITEUP
Linux Kernel < 3.14.3 - Denial of Service and Privilege Escalation via Race Condition in n_tty_write
The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings.
CVSS 5.5
CVE-2016-3136 WRITEUP MEDIUM WRITEUP
Linux Kernel < 4.5.1 - Denial of Service via Crafted USB Device
The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors.
CVSS 4.6
CVE-2016-3140 WRITEUP MEDIUM WRITEUP
Linux Kernel < 4.5.1 - Denial of Service via Crafted USB Device Descriptor
The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
CVSS 4.6
CVE-2016-3955 WRITEUP CRITICAL WRITEUP
Linux Kernel < 4.5.3 - Denial of Service via USB/IP Packet Length Mismatch
The usbip_recv_xbuff function in drivers/usb/usbip/usbip_common.c in the Linux kernel before 4.5.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted length value in a USB/IP packet.
CVSS 9.8
CVE-2022-25258 WRITEUP MEDIUM WRITEUP
Linux Kernel < 5.16.10 - Memory Corruption via USB Gadget Interface OS Descriptor Request
An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. The USB Gadget subsystem lacks certain validation of interface OS descriptor requests (ones with a large array index and ones associated with NULL function pointer retrieval). Memory corruption might occur.
CVSS 4.6
CVE-2022-25375 WRITEUP MEDIUM WRITEUP
Linux kernel <5.16.10 - Info Disclosure
An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory.
CVSS 5.5
CVE-2013-1774 WRITEUP WRITEUP
Linux Kernel < 3.7.3 - Denial of Service via Edgeport USB Serial Converter Disconnect
The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel before 3.7.4 allows local users to cause a denial of service (NULL pointer dereference and system crash) via an attempted /dev/ttyUSB read or write operation on a disconnected Edgeport USB serial converter.
CVE-2017-12146 WRITEUP HIGH WRITEUP
Linux kernel <4.12.1 - Privilege Escalation
The driver_override implementation in drivers/base/platform.c in the Linux kernel before 4.12.1 allows local users to gain privileges by leveraging a race condition between a read operation and a store operation that involve different overrides.
CVSS 7.0
CVE-2017-15102 WRITEUP MEDIUM WRITEUP
Linux kernel < 4.8.1 - Local Privilege Escalation via USB Legousbtower Race Condition
The tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel before 4.8.1 allows local users (who are physically proximate for inserting a crafted USB device) to gain privileges by leveraging a write-what-where condition that occurs after a race condition and a NULL pointer dereference.
CVSS 6.3
CVE-2017-16531 WRITEUP MEDIUM WRITEUP
Linux Kernel < 3.2.95 - Denial of Service via USB_DT_INTERFACE_ASSOCIATION Descriptor
drivers/usb/core/config.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to the USB_DT_INTERFACE_ASSOCIATION descriptor.
CVSS 6.6
CVE-2017-16534 WRITEUP MEDIUM WRITEUP
Linux Kernel < 4.4.92 - Denial of Service via cdc_parse_cdc_header Out-of-Bounds Read
The cdc_parse_cdc_header function in drivers/usb/core/message.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.
CVSS 6.8
CVE-2017-7273 WRITEUP MEDIUM WRITEUP
Linux Kernel 3.2 and 4.x < 4.9.4 - Integer Underflow in HID Cypress Driver
The cp_report_fixup function in drivers/hid/hid-cypress.c in the Linux kernel 3.2 and 4.x before 4.9.4 allows physically proximate attackers to cause a denial of service (integer underflow) or possibly have unspecified other impact via a crafted HID report.
CVSS 6.6
CVE-2018-11232 WRITEUP MEDIUM WRITEUP
Linux Kernel < 4.10.2 - Denial of Service via etm_setup_aux Parameter Misuse
The etm_setup_aux function in drivers/hwtracing/coresight/coresight-etm-perf.c in the Linux kernel before 4.10.2 allows attackers to cause a denial of service (panic) because a parameter is incorrectly used as a local variable.
CVSS 5.5
CVE-2018-18386 WRITEUP LOW WRITEUP
Linux Kernel < 4.14.11 - Denial of Service via TIOCINQ EXTPROC/ICANON Confusion
drivers/tty/n_tty.c in the Linux kernel before 4.14.11 allows local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ.
CVSS 3.3
CVE-2018-20169 WRITEUP MEDIUM WRITEUP
Linux kernel <4.19.9 - Buffer Overflow
An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.
CVSS 6.8
CVE-2019-11486 WRITEUP HIGH WRITEUP
Linux Kernel <5.0.8 - Info Disclosure
The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel before 5.0.8 has multiple race conditions.
CVSS 7.0
CVE-2022-23220 WRITEUP HIGH WRITEUP
USBView < 2.2 - Unauthenticated Remote Code Execution via Polkit pkexec
USBView 2.1 before 2.2 allows some local users (e.g., ones logged in via SSH) to execute arbitrary code as root because certain Polkit settings (e.g., allow_any=yes) for pkexec disable the authentication requirement. Code execution can, for example, use the --gtk-module option. This affects Ubuntu, Debian, and Gentoo.
CVSS 7.8
CVE-2022-27223 WRITEUP HIGH WRITEUP
Linux Kernel < 5.16.12 - Out-of-Bounds Write via USB Gadget Endpoint Index
In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not validated and might be manipulated by the host for out-of-array access.
CVSS 8.8
CVE-2023-0458 WRITEUP MEDIUM WRITEUP
Linux Kernel < 6.1.8 - Speculative Pointer Dereference in do_prlimit()
A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The resource argument value is controlled and is used in pointer arithmetic for the 'rlim' variable and can be used to leak the contents. We recommend upgrading past version 6.1.8 or commit 739790605705ddcf18f21782b9c99ad7d53a8c11
CVSS 5.3
CVE-2023-1513 WRITEUP LOW WRITEUP
Linux Kernel < 6.2 - Information Disclosure via KVM_GET_DEBUGREGS Uninitialized Memory
A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak.
CVSS 3.3