Use-after-free vulnerability in the Linux kernel's RAID5 MD driver where the function raid5_release_stripe() prematurely releases a stripe handle (sh) reference, but the code continues to dereference sh in subsequent conditional statements. This affects local attackers with unprivileged user privileges who can trigger the vulnerability through direct kernel interactions, potentially leading to denial of service, information disclosure, or local privilege escalation. The vulnerability is not currently listed as actively exploited (KEV status unknown from provided data), but the high CVSS score (7.8) and straightforward local attack vector indicate moderate real-world risk requiring prioritization for systems with untrusted local users.
Double-free vulnerability in the Linux kernel's s390 architecture implementation that occurs when fork() fails after task duplication but before thread initialization. A local, unprivileged attacker can trigger this memory corruption vulnerability through syscall fuzzing or crafted fork operations, potentially achieving local privilege escalation or denial of service. The vulnerability affects s390x systems and has been demonstrated to cause kernel panics via trinity fuzzing tests.
Use-after-free vulnerability in the Linux kernel's USB gadget subsystem (drivers/usb/gadget/udc/core.c) that occurs when the usb_udc_uevent() function races with gadget driver unregistration. An attacker with local access and unprivileged user privileges can trigger a crash or potential information disclosure by exploiting the missing mutex protection around driver pointer dereferences. The vulnerability affects Linux kernel versions prior to the fix being merged, with CVSS 7.8 severity and confirmed exploitability via syzbot fuzzing.
Privilege escalation vulnerability in the Linux kernel's AMD display driver (drm/amd/display) where an OPTC underflow bit persists after ODM clock shutdown, preventing proper clearing of the underflow condition. A local authenticated attacker with low privileges can exploit this to achieve high-impact denial of service or potential kernel memory corruption. The vulnerability affects multiple Linux kernel versions and is not known to be actively exploited in the wild, though the high CVSS score (7.8) indicates significant local system compromise potential.
Use-after-free vulnerability in the Linux kernel's RTL8712 WiFi driver (staging/rtl8712) where NULL callback functions (_Read/Write_MACREG) cause premature deallocation of command pointers, leading to potential memory corruption. This affects Linux kernel versions containing the vulnerable staging driver code, allowing local attackers with low privilege to achieve code execution or denial of service. The vulnerability has a CVSS score of 7.8 (high severity) but requires local access and low-level privileges, making it moderately exploitable in practice.
Use-after-free (UAF) vulnerability in the Linux kernel's mac80211 wireless stack that allows a local attacker with low privileges to cause a denial of service or potentially execute arbitrary code with kernel privileges. The vulnerability exists in ieee80211_scan_rx() where scan_req is accessed after being freed due to a race condition between scan completion and RCU read critical sections. This affects multiple Linux kernel versions across various distributions and has a high CVSS score of 7.8 (local attack vector, low complexity, requiring low privileges).
CVE-2025-38022 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation. Vendor patch is available.
Use-after-free (UAF) vulnerability in the Linux kernel's ALSA BCD2000 USB audio driver that occurs during device probe failure when snd_card_register() fails. An attacker with local access can trigger device removal or error conditions to cause a kernel crash or potential code execution, as the driver frees a URB before properly killing it, leaving a dangling pointer that can be accessed by pending USB callbacks. This vulnerability affects Linux kernel versions with the vulnerable BCD2000 driver code path and has a CVSS 7.8 severity rating indicating high impact on system integrity and availability.
Use-after-free vulnerability in the Linux kernel's usbnet subsystem affecting multiple USB Ethernet drivers (aqc111, asix_devices, ax88179_178a, ch9200, smsc75xx). An unprivileged local attacker can trigger the vulnerability by causing a link change event during USB device disconnect, leading to memory corruption after network device deallocation. The vulnerability has a CVSS score of 7.8 (High) with local attack vector and low complexity. KEV and EPSS data are not specified in provided intelligence, but the vulnerability affects core kernel networking code with demonstrated real-world impact across multiple vendor drivers.
Double-free memory corruption vulnerability in the Linux kernel's ASoC SOF (Sound Open Firmware) ipc3-topology module that occurs when byte control sanity checks fail. An unprivileged local attacker can trigger this vulnerability to cause kernel memory corruption, leading to denial of service or potential privilege escalation. The vulnerability affects Linux kernel versions with the vulnerable ASoC SOF code path; exploitation requires local access and moderate complexity but can result in complete system compromise.
A buffer overflow vulnerability exists in the Linux kernel's Dell WMI System Management (dell-wmi-sysman) driver in the current_password_store() function, where an empty string input causes an out-of-bounds array access via index underflow (length - 1 when length equals zero). A local, low-privilege attacker can exploit this to achieve read/write memory corruption, potentially leading to privilege escalation or denial of service. This vulnerability is not currently listed in CISA KEV catalog and requires local access with unprivileged user privileges.
Use-after-free vulnerability in the Linux kernel's ext4 filesystem that allows a local attacker with low privileges to cause a kernel panic (denial of service) and potentially achieve code execution. The vulnerability exists in ext4_mb_clear_bb() and ext4_free_blocks() functions where block ranges are validated before use but can be adjusted after validation on bigalloc filesystems, leading to out-of-bounds memory access on corrupted filesystems. While not actively exploited in the wild per KEV data, the vulnerability was discovered via syzkaller fuzzing and affects Linux kernel versions through 5.19.
A buffer overrun vulnerability exists in the Linux kernel's LZO compression implementation (crypto/lzo) where the compression code fails to validate output buffer boundaries before writing data, unlike the decompression counterpart. This allows a local attacker with low privileges to trigger a heap/stack buffer overflow, potentially leading to arbitrary code execution or denial of service. The vulnerability affects all Linux kernel versions using the vulnerable LZO compression code path in cryptographic operations.
Memory management vulnerability in the Linux kernel's eBPF JIT compiler for x86_64 that causes incorrect freeing of a 2MB memory page when compiling eBPF programs with multiple subprograms. A local unprivileged attacker with BPF capabilities can trigger this vulnerability to corrupt kernel memory or cause denial of service. The vulnerability was discovered via syzbot fuzzing and is patched in Linux kernel versions after the fix; while not currently listed in CISA KEV, the CVSS 7.8 score reflects high privilege escalation and memory corruption potential.
Reference counting bug in the Linux kernel's AX.25 network protocol implementation where device tracker objects are incorrectly shared among multiple socket control blocks, causing double-free conditions and kernel warnings. This affects Linux kernel versions prior to the fix and impacts systems using AX.25 networking (amateur radio, packet radio networks). An unprivileged local attacker with CAP_NET_ADMIN or similar privileges can trigger the vulnerability through socket binding/release operations, potentially causing denial of service or local privilege escalation.
Memory allocation flag misuse vulnerability in the Linux kernel's USB Cadence3 (cdns3) driver that triggers kernel warnings and potentially causes memory allocation failures during driver initialization. The vulnerability affects systems using the cdns3 USB controller driver (primarily ARM-based systems like i.MX8), and while the CVSS score is 7.8 (high), the actual impact is denial of service through resource exhaustion rather than privilege escalation. The issue is not actively exploited in the wild, but the fix is straightforward and widely available in upstream kernel patches.
Local privilege escalation vulnerability in the Linux kernel's vt8623fb framebuffer driver where improper validation of user-supplied screen size parameters allows writing beyond allocated memory boundaries via memset_io(). A local attacker with unprivileged user access can trigger a heap overflow through the FB_SET_VAR ioctl, potentially achieving arbitrary kernel code execution or denial of service. The vulnerability affects the framebuffer subsystem across multiple Linux distributions and requires local access to exploit, making it a moderate-to-high severity issue for multi-user systems.
Local privilege escalation vulnerability in the Linux kernel's arkfb (Ark Logic framebuffer) driver where improper validation of user-supplied screen size parameters in arkfb_set_par() allows local attackers with user-level privileges to write beyond allocated memory boundaries via memset_io(), potentially achieving code execution or denial of service. The vulnerability affects Linux kernel versions with vulnerable arkfb driver code and requires local access; no evidence of active exploitation in the wild or public POC availability was identified at analysis time.
Local privilege escalation vulnerability in the Linux kernel's s3fb framebuffer driver where improper input validation in the s3fb_set_par() function allows a local attacker with low privileges to write beyond allocated memory boundaries via memset_io(), potentially causing kernel panic or code execution. The vulnerability affects Linux kernel versions with the vulnerable s3fb driver and requires local access with user-level privileges to exploit.
Race condition in the Linux kernel's MPTCP (Multipath TCP) implementation where the packet scheduler can attempt to transmit data on subflows that have already been closed, occurring when mptcp-level retransmission races with mptcp_close(). This vulnerability affects Linux kernel versions through 5.19.x and allows a local authenticated attacker to cause a denial of service (kernel crash/memory corruption) with high integrity impact. No active KEV status or public PoC is documented, but the CVSS score of 7.8 reflects local privilege escalation risk.
Use-after-free vulnerability in the Linux kernel's Btrfs filesystem that occurs when a transaction commit fails during block group relocation setup. An unprivileged local user can trigger this vulnerability through a specific sequence of ioctl operations (balance followed by defrag), potentially achieving arbitrary code execution or system crash. The vulnerability requires local access and user-level privileges but has not been reported as actively exploited in the wild (KEV status unknown from provided data).
Buffer overflow vulnerability in the Linux kernel's ASoC SOF (Sound Open Firmware) debug subsystem caused by improper use of snprintf() which can return values exceeding the buffer size, potentially enabling local privilege escalation. The vulnerability affects Linux kernel versions with the vulnerable ASoC SOF debug code and requires local access with limited privileges to exploit. While the CVSS score is 7.8 (high severity), the practical exploitability is considered low as the buffer overflow condition is described as 'unrealistic' and requires specific debug code paths to be triggered.
Buffer overflow vulnerability in the Linux kernel's ASoC SOF Intel HDA driver caused by improper use of snprintf() instead of scnprintf(). An attacker with local access and low privileges could potentially trigger a buffer overflow condition through manipulation of audio subsystem parameters, leading to information disclosure, code execution, or denial of service. While the vulnerability is rated CVSS 7.8 (high), the practical exploitability is considered low as it requires specific conditions and local access, with no known active exploitation or public POC at the time of disclosure.
CVE-2022-49999 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation. Vendor patch is available.
CVE-2022-49995 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation. Vendor patch is available.
CVE-2025-38082 is an out-of-bounds write vulnerability in the Linux kernel's gpio-virtuser driver that occurs when input exceeds buffer capacity, potentially allowing a local attacker with limited privileges to corrupt kernel memory and achieve privilege escalation or denial of service. The vulnerability affects Linux kernel versions with the vulnerable gpio-virtuser implementation; while not currently listed in CISA KEV, the CVSS 7.8 score and local attack vector indicate moderate real-world risk requiring timely patching.
CVE-2025-38056 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation. Vendor patch is available.
CVE-2025-38069 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation. Vendor patch is available.
Cloudflare quiche, a QUIC protocol implementation, contains a congestion control vulnerability (CVE-2025-4821) where an unauthenticated remote attacker can manipulate ACK frames to artificially inflate the congestion window beyond safe limits, causing excessive data transmission rates and potential denial of service through integer overflow panics. The vulnerability affects quiche versions prior to 0.24.4. While the CVSS score is 7.5 (high severity with network attack vector and no privileges required), real-world exploitation requires completing a QUIC handshake and active manipulation, limiting opportunistic exploitation.
Path traversal vulnerability in Lychee photo-management tool (versions 6.6.6 through 6.6.9) that allows unauthenticated remote attackers to read arbitrary files from the server, including environment variables, configuration secrets, nginx logs, and other users' uploaded images. The vulnerability exists in SecurePathController.php and has a CVSS score of 7.5 (high severity) with straightforward network-based exploitation requiring no authentication or user interaction. A patch is available in version 6.6.10.
The CSV Me WordPress plugin versions up to 2.0 contains an arbitrary file upload vulnerability in the 'csv_me_options_page' function due to insufficient file type validation. Authenticated administrators can exploit this to upload arbitrary files to the server, potentially enabling remote code execution. This is a post-authentication privilege abuse vulnerability with high impact on confidentiality, integrity, and availability.
Privilege escalation vulnerability in IBM webMethods Integration Server affecting versions 10.5, 10.7, 10.11, and 10.15, where a privileged user can escalate their privileges when the system handles external entities due to unnecessary privilege execution. With a CVSS score of 7.2 and high impact across confidentiality, integrity, and availability, this vulnerability requires administrative credentials to exploit but provides complete system compromise potential. No public confirmation of active exploitation (KEV status) or proof-of-concept availability is evident, making this a moderate-to-high priority based on the barrier to entry (privileged user requirement) despite the severe impact if exploited.
Linux kernel vulnerability in the gpio-fan hwmon driver that fails to validate cooling state parameters before using them as array indices, enabling an out-of-bounds memory access. Local privileged users (PR:L) can trigger kernel panics or information disclosure by writing arbitrary cooling state values to the thermal device sysfs interface. This vulnerability has a CVSS score of 7.1 with high impact on confidentiality and availability; while not listed as actively exploited in CISA KEV, the straightforward nature of the vulnerability (direct array indexing without bounds checking) makes it a practical local DoS/info leak vector.
CVE-2022-49961 is a security vulnerability (CVSS 7.1). High severity vulnerability requiring prompt remediation. Vendor patch is available.
CVE-2022-50221 is an out-of-bounds memory access vulnerability in the Linux kernel's DRM framebuffer helper subsystem, specifically in the deferred I/O damage handling mechanism. An attacker with local privileges can trigger an out-of-bounds read/write by exploiting page boundary misalignment in the fbdev screen buffer, potentially leading to information disclosure or denial of service. The vulnerability affects Linux kernel versions prior to patches addressing the drm/fb-helper module; no public evidence of active exploitation or POC availability has been confirmed, though the CVSS 7.1 score reflects moderate-to-high severity due to local privilege requirement.
Resource leak vulnerability in the Linux kernel's turbostat utility that fails to properly close file pointers when fscanf operations fail, potentially leading to file descriptor exhaustion. The vulnerability affects Linux kernel versions containing the vulnerable turbostat code (tools/power/x86/turbostat/turbostat.c). While the CVSS score of 7.1 is moderate-to-high, the practical impact is limited to local denial-of-service through file descriptor exhaustion; there is no evidence of active exploitation in the wild or publicly available proof-of-concept code.
Heap buffer out-of-bounds read vulnerability in the ARM64 NEON implementation of the Linux kernel's Poly1305 cryptographic authenticator. The vulnerability allows local attackers with low privileges to read sensitive memory beyond buffer boundaries, potentially leading to information disclosure or denial of service. A proof-of-concept exists demonstrating reproducible exploitation through crafted input to the crypto subsystem.
CVE-2022-50182 is an out-of-bounds read vulnerability in the Linux kernel's imx-jpeg media driver that occurs when buffer sizes are not properly aligned upwards during JPEG encoding and decoding operations. The vulnerability affects Linux kernel versions with the vulnerable imx-jpeg driver on ARM-based systems (NXP i.MX processors), allowing local authenticated users to read sensitive kernel memory or cause a denial of service. While the CVSS score is 7.1 (high), real-world exploitation requires local access and requires process privileges, limiting the immediate threat surface.
CVE-2022-50147 is an out-of-bounds memory read vulnerability in the Linux kernel's memory policy subsystem (mm/mempolicy) where the get_nodes() function fails to properly validate user-supplied node counts, allowing a local attacker with low privileges to read sensitive kernel memory or trigger a denial of service. The vulnerability affects Linux kernel versions prior to the fix and requires local access; while not known to be actively exploited in the wild, the high CVSS score of 7.1 and exploitability from low-privileged users makes it a significant risk for multi-tenant systems and shared hosting environments.
Heap buffer overflow vulnerability in the Linux kernel's BPF JIT compiler that allows a local, unprivileged user to read out-of-bounds memory and cause a denial of service. The vulnerability stems from improper range checking of array indices using imprecise tnum (tristate number) representations instead of concrete scalar values, enabling potential information disclosure and crash of the kernel. This affects Linux kernel versions prior to the fix and requires local access with unprivileged user privileges to exploit.
Kernel BUG in the Linux kernel's BPF cgroup subsystem that can be triggered via a memory allocation failure during BPF program detachment, causing a denial of service (kernel panic). Local unprivileged users with BPF capabilities can trigger this by exploiting a race condition between program attachment/detachment and memory pressure, resulting in high availability impact with potential information disclosure. The vulnerability affects Linux kernel versions before the fix was merged (approximately 5.19.0+).
Out-of-bounds memory read vulnerability in the Linux kernel's Broadcom Raspberry Pi clock driver (clk-bcm-rpi) caused by unsafe assumptions about firmware-provided data structures. The vulnerability affects Raspberry Pi systems running vulnerable Linux kernel versions and allows a local attacker with user-level privileges to read sensitive kernel memory, potentially leading to information disclosure or denial of service. This is a kernel-level vulnerability requiring local access, with moderate real-world risk due to the local attack vector requirement.
A register out-of-bounds access vulnerability in the Linux kernel's spi-rockchip driver allows local attackers with low privileges to cause a denial of service and potentially leak sensitive information. The vulnerability occurs when the driver attempts to write native chip select configuration for GPIO-based chip selects, which can have numerically higher GPIO indices than native CS pins support, causing writes to invalid memory regions. This is a local privilege escalation concern affecting systems using Rockchip SPI controllers with GPIO chip selects.
Boundary check bypass vulnerability in the Linux kernel's SELinux subsystem, specifically in the put_entry() function, allowing out-of-bounds memory read access. Affected Linux kernel versions prior to the fix require local privilege escalation (requires user-level access) to exploit, enabling attackers to read sensitive kernel memory and potentially crash the system (denial of service). This vulnerability was not widely exploited in the wild at disclosure but represents a real local privilege escalation risk in multi-tenant environments and shared systems.
CVE-2022-50169 is an information disclosure vulnerability in the Linux kernel's Qualcomm wil6210 WiFi driver debugfs implementation, where the wil_write_file_wmi() function fails to fully initialize a buffer before use, allowing local authenticated users to leak kernel memory. The vulnerability affects Linux kernels with the wil6210 driver enabled and has a CVSS score of 7.1 (high severity) with local attack vector and high confidentiality impact. There is no evidence of active exploitation in the wild or public proof-of-concept code, making this a lower real-world priority despite the high CVSS rating.
CVE-2022-50103 is a security vulnerability (CVSS 7.1). High severity vulnerability requiring prompt remediation. Vendor patch is available.
CVE-2022-50079 is an out-of-bounds read vulnerability in the Linux kernel's AMD display driver (amd/display) affecting DCN303 hardware. The vulnerability occurs due to insufficient bounds checking on stream encoder instance IDs, which can only be 0 or 1 on DCN303 but may be accessed beyond these limits, potentially exposing kernel memory or causing a denial of service. This vulnerability requires local access and low privileges to exploit; it is not known to be actively exploited in the wild, but the CVSS 7.1 score reflects the combination of high confidentiality impact and high availability impact.
CVE-2022-50026 is an out-of-bounds shift vulnerability in the Linux kernel's habanalabs/gaudi driver that occurs when validating NIC queues due to improper offset calculation logic. The vulnerability affects Linux kernel versions with the habanalabs Gaudi accelerator driver and requires local access with limited privileges to exploit. An authenticated local attacker can trigger an out-of-bounds memory access leading to information disclosure (confidentiality impact) and potential denial of service (availability impact), with a CVSS score of 7.1 indicating high severity.
Heap buffer out-of-bounds read vulnerability in the Linux kernel's RAID10 module (raid10_remove_disk function) triggered during LVM raid reshape operations. A local attacker with low privileges can crash the system or potentially leak sensitive kernel memory by exploiting invalid array indexing during disk removal in RAID10 configurations. The vulnerability affects Linux kernels through 5.19.0-rc6 and requires local access; no active exploitation in the wild has been documented, but the issue was identified through routine KASAN testing.
Memory access vulnerability in the Linux kernel's Intel IOMMU VT-d driver that occurs when NUMA node validation is bypassed. When ACPI NUMA is disabled via command line, pxm_to_node() can return NUMA_NO_NODE (-1), which is incorrectly passed to bitops functions as an unsigned value, causing an out-of-bounds memory read. This affects Linux kernel versions prior to the fix and can be exploited by local attackers with user privileges to leak sensitive kernel memory or trigger a denial of service.