Linus Torvalds

23 exploits Active since Mar 2013
CVE-2012-6701 WRITEUP HIGH WRITEUP
Linux Kernel < 3.0.33 - Integer Overflow
Integer overflow in fs/aio.c in the Linux kernel before 3.4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec.
CVSS 7.8
CVE-2013-0914 WRITEUP WRITEUP
Linux kernel <3.8.4 - Privilege Escalation
The flush_signal_handlers function in kernel/signal.c in the Linux kernel before 3.8.4 preserves the value of the sa_restorer field across an exec operation, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application containing a sigaction system call.
CVE-2013-1979 WRITEUP WRITEUP
Linux Kernel < 3.8.10 - Access Control
The scm_set_cred function in include/net/scm.h in the Linux kernel before 3.8.11 uses incorrect uid and gid values during credentials passing, which allows local users to gain privileges via a crafted application.
CVE-2013-2141 WRITEUP WRITEUP
Linux Kernel < 3.8.8 - Resource Management Error
The do_tkill function in kernel/signal.c in the Linux kernel before 3.8.9 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via a crafted application that makes a (1) tkill or (2) tgkill system call.
CVE-2013-4483 WRITEUP WRITEUP
Linux Kernel < 3.9.11 - Numeric Error
The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service (memory consumption or system crash) via a crafted application.
CVE-2013-4511 WRITEUP WRITEUP
Linux kernel <3.12 - Privilege Escalation
Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c.
CVE-2015-3339 WRITEUP WRITEUP
Linux kernel <3.19.6 - Privilege Escalation
Race condition in the prepare_binprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped.
CVE-2016-9178 WRITEUP MEDIUM WRITEUP
Linux <4.7.5 - Info Disclosure
The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux kernel before 4.7.5 does not initialize a certain integer variable, which allows local users to obtain sensitive information from kernel stack memory by triggering failure of a get_user_ex call.
CVSS 5.5
CVE-2016-9576 WRITEUP HIGH WRITEUP
Linux Kernel < 4.4.38 - Use After Free
The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device.
CVSS 7.8
CVE-2017-14140 WRITEUP MEDIUM WRITEUP
Linux kernel <4.12.9 - Info Disclosure
The move_pages system call in mm/migrate.c in the Linux kernel before 4.12.9 doesn't check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite ASLR.
CVSS 5.5
CVE-2017-14340 WRITEUP MEDIUM WRITEUP
Linux kernel <4.13.2 - DoS
The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h in the Linux kernel before 4.13.2 does not verify that a filesystem has a realtime device, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via vectors related to setting an RHINHERIT flag on a directory.
CVSS 5.5
CVE-2018-18386 WRITEUP LOW WRITEUP
Linux Kernel <4.14.11 - DoS
drivers/tty/n_tty.c in the Linux kernel before 4.14.11 allows local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ.
CVSS 3.3
CVE-2018-20169 WRITEUP MEDIUM WRITEUP
Linux kernel <4.19.9 - Buffer Overflow
An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.
CVSS 6.8
CVE-2018-20784 WRITEUP CRITICAL WRITEUP
Linux Kernel < 4.14.93 - Infinite Loop
In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfs_rq's, which allows attackers to cause a denial of service (infinite loop in update_blocked_averages) or possibly have unspecified other impact by inducing a high load.
CVSS 9.8
CVE-2018-5344 WRITEUP HIGH WRITEUP
Linux kernel <4.14.13 - DoS
In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lo_release serialization, which allows attackers to cause a denial of service (__lock_acquire use-after-free) or possibly have unspecified other impact.
CVSS 7.8
CVE-2019-11486 WRITEUP HIGH WRITEUP
Linux Kernel <5.0.8 - Info Disclosure
The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel before 5.0.8 has multiple race conditions.
CVSS 7.0
CVE-2020-28097 WRITEUP MEDIUM WRITEUP
Linux Kernel < 5.8.10 - Out-of-Bounds Read
The vgacon subsystem in the Linux kernel before 5.8.10 mishandles software scrollback. There is a vgacon_scrolldelta out-of-bounds read, aka CID-973c096f6a85.
CVSS 5.9
CVE-2020-9383 WRITEUP HIGH WRITEUP
Linux Kernel < 5.5.6 - Out-of-Bounds Read
An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2.
CVSS 7.1
CVE-2021-35039 WRITEUP HIGH WRITEUP
Linux kernel <5.12.14 - Signature Verification
kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature Verification, aka CID-0c18f29aae7c. Without CONFIG_MODULE_SIG, verification that a kernel module is signed, for loading via init_module, does not occur for a module.sig_enforce=1 command-line argument.
CVSS 7.8
CVE-2021-3753 WRITEUP MEDIUM WRITEUP
Linux Kernel - Info Disclosure
A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_ioctl (KDSETMDE). The highest threat from this vulnerability is to data confidentiality.
CVSS 4.7
CVE-2022-33981 WRITEUP LOW WRITEUP
Linux kernel <5.17.6 - DoS
drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.
CVSS 3.3
CVE-2023-3108 WRITEUP MEDIUM WRITEUP
Linux Kernel - Local DoS
A flaw was found in the subsequent get_user_pages_fast in the Linux kernel’s interface for symmetric key cipher algorithms in the skcipher_recvmsg of crypto/algif_skcipher.c function. This flaw allows a local user to crash the system.
CVSS 6.2
CVE-2023-6915 WRITEUP MEDIUM WRITEUP
Linux Kernel < 6.7 - NULL Pointer Dereference
A Null pointer dereference problem was found in ida_free in lib/idr.c in the Linux Kernel. This issue may allow an attacker using this library to cause a denial of service problem due to a missing check at a function return.
CVSS 6.2