Linus Torvalds

40 exploits Active since Jun 2012
CVE-2016-9576 WRITEUP HIGH WRITEUP
Linux Kernel 4.0-4.4.37 - Use-After-Free in blk_rq_map_user_iov
The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device.
CVSS 7.8
CVE-2017-14140 WRITEUP MEDIUM WRITEUP
Linux kernel <4.12.9 - Info Disclosure
The move_pages system call in mm/migrate.c in the Linux kernel before 4.12.9 doesn't check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite ASLR.
CVSS 5.5
CVE-2017-14340 WRITEUP MEDIUM WRITEUP
Linux Kernel < 4.13.2 - Denial of Service via XFS Real-Time Inode Flag Handling
The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h in the Linux kernel before 4.13.2 does not verify that a filesystem has a realtime device, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via vectors related to setting an RHINHERIT flag on a directory.
CVSS 5.5
CVE-2018-18386 WRITEUP LOW WRITEUP
Linux Kernel < 4.14.11 - Denial of Service via TIOCINQ EXTPROC/ICANON Confusion
drivers/tty/n_tty.c in the Linux kernel before 4.14.11 allows local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ.
CVSS 3.3
CVE-2018-20169 WRITEUP MEDIUM WRITEUP
Linux kernel <4.19.9 - Buffer Overflow
An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.
CVSS 6.8
CVE-2018-20784 WRITEUP CRITICAL WRITEUP
Linux Kernel < 4.20.2 - Denial of Service via Infinite Loop in update_blocked_averages
In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfs_rq's, which allows attackers to cause a denial of service (infinite loop in update_blocked_averages) or possibly have unspecified other impact by inducing a high load.
CVSS 9.8
CVE-2018-5344 WRITEUP HIGH WRITEUP
Linux Kernel < 4.14.13 - Use-After-Free in Loop Device Release
In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lo_release serialization, which allows attackers to cause a denial of service (__lock_acquire use-after-free) or possibly have unspecified other impact.
CVSS 7.8
CVE-2019-11486 WRITEUP HIGH WRITEUP
Linux Kernel <5.0.8 - Info Disclosure
The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel before 5.0.8 has multiple race conditions.
CVSS 7.0
CVE-2020-28097 WRITEUP MEDIUM WRITEUP
Linux Kernel < 5.8.10 - Out-of-bounds Read in vgacon_scrolldelta
The vgacon subsystem in the Linux kernel before 5.8.10 mishandles software scrollback. There is a vgacon_scrolldelta out-of-bounds read, aka CID-973c096f6a85.
CVSS 5.9
CVE-2020-9383 WRITEUP HIGH WRITEUP
Linux Kernel 3.16-5.5.6 - Out-of-bounds Read in Floppy Disk Driver
An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2.
CVSS 7.1
CVE-2021-35039 WRITEUP HIGH WRITEUP
Linux kernel <5.12.14 - Signature Verification
kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature Verification, aka CID-0c18f29aae7c. Without CONFIG_MODULE_SIG, verification that a kernel module is signed, for loading via init_module, does not occur for a module.sig_enforce=1 command-line argument.
CVSS 7.8
CVE-2021-3753 WRITEUP MEDIUM WRITEUP
Linux Kernel < 5.15 - Out-of-bounds Read via VT IOCTL Race Condition
A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_ioctl (KDSETMDE). The highest threat from this vulnerability is to data confidentiality.
CVSS 4.7
CVE-2022-33981 WRITEUP LOW WRITEUP
Linux Kernel < 5.17.6 - Use-After-Free in Floppy Driver raw_cmd_ioctl
drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.
CVSS 3.3
CVE-2023-3108 WRITEUP MEDIUM WRITEUP
Linux Kernel < 4.0 - Denial of Service via Race Condition in skcipher_recvmsg
A flaw was found in the subsequent get_user_pages_fast in the Linux kernel’s interface for symmetric key cipher algorithms in the skcipher_recvmsg of crypto/algif_skcipher.c function. This flaw allows a local user to crash the system.
CVSS 6.2
CVE-2023-6915 WRITEUP MEDIUM WRITEUP
Linux Kernel < 6.7 - Denial of Service via Null Pointer Dereference in ida_free
A Null pointer dereference problem was found in ida_free in lib/idr.c in the Linux Kernel. This issue may allow an attacker using this library to cause a denial of service problem due to a missing check at a function return.
CVSS 6.2