Greg Kroah-Hartman

14 exploits Active since Feb 2013
CVE-2013-1774 WRITEUP WRITEUP
Linux Kernel < 3.7.3 - Access Control
The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel before 3.7.4 allows local users to cause a denial of service (NULL pointer dereference and system crash) via an attempted /dev/ttyUSB read or write operation on a disconnected Edgeport USB serial converter.
CVE-2017-12146 WRITEUP HIGH WRITEUP
Linux kernel <4.12.1 - Privilege Escalation
The driver_override implementation in drivers/base/platform.c in the Linux kernel before 4.12.1 allows local users to gain privileges by leveraging a race condition between a read operation and a store operation that involve different overrides.
CVSS 7.0
CVE-2017-15102 WRITEUP MEDIUM WRITEUP
Linux Kernel < 4.8.1 - NULL Pointer Dereference
The tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel before 4.8.1 allows local users (who are physically proximate for inserting a crafted USB device) to gain privileges by leveraging a write-what-where condition that occurs after a race condition and a NULL pointer dereference.
CVSS 6.3
CVE-2017-16531 WRITEUP MEDIUM WRITEUP
Linux kernel <4.13.6 - DoS
drivers/usb/core/config.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to the USB_DT_INTERFACE_ASSOCIATION descriptor.
CVSS 6.6
CVE-2017-16534 WRITEUP MEDIUM WRITEUP
Linux kernel <4.13.6 - DoS
The cdc_parse_cdc_header function in drivers/usb/core/message.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.
CVSS 6.8
CVE-2017-7273 WRITEUP MEDIUM WRITEUP
Linux kernel <4.9.4 - DoS
The cp_report_fixup function in drivers/hid/hid-cypress.c in the Linux kernel 3.2 and 4.x before 4.9.4 allows physically proximate attackers to cause a denial of service (integer underflow) or possibly have unspecified other impact via a crafted HID report.
CVSS 6.6
CVE-2018-11232 WRITEUP MEDIUM WRITEUP
Linux Kernel < 4.10.2 - Improper Input Validation
The etm_setup_aux function in drivers/hwtracing/coresight/coresight-etm-perf.c in the Linux kernel before 4.10.2 allows attackers to cause a denial of service (panic) because a parameter is incorrectly used as a local variable.
CVSS 5.5
CVE-2018-18386 WRITEUP LOW WRITEUP
Linux Kernel <4.14.11 - DoS
drivers/tty/n_tty.c in the Linux kernel before 4.14.11 allows local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ.
CVSS 3.3
CVE-2018-20169 WRITEUP MEDIUM WRITEUP
Linux kernel <4.19.9 - Buffer Overflow
An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.
CVSS 6.8
CVE-2019-11486 WRITEUP HIGH WRITEUP
Linux Kernel <5.0.8 - Info Disclosure
The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel before 5.0.8 has multiple race conditions.
CVSS 7.0
CVE-2022-23220 WRITEUP HIGH WRITEUP
Usbview < 2.2 - Missing Authentication
USBView 2.1 before 2.2 allows some local users (e.g., ones logged in via SSH) to execute arbitrary code as root because certain Polkit settings (e.g., allow_any=yes) for pkexec disable the authentication requirement. Code execution can, for example, use the --gtk-module option. This affects Ubuntu, Debian, and Gentoo.
CVSS 7.8
CVE-2022-27223 WRITEUP HIGH WRITEUP
Linux Kernel < 4.9.304 - Improper Array Index Validation
In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not validated and might be manipulated by the host for out-of-array access.
CVSS 8.8
CVE-2023-0458 WRITEUP MEDIUM WRITEUP
Linux Kernel < 6.1.8 - NULL Pointer Dereference
A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The resource argument value is controlled and is used in pointer arithmetic for the 'rlim' variable and can be used to leak the contents. We recommend upgrading past version 6.1.8 or commit 739790605705ddcf18f21782b9c99ad7d53a8c11
CVSS 5.3
CVE-2023-1513 WRITEUP LOW WRITEUP
KVM - Info Disclosure
A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak.
CVSS 3.3