1341 matches found
Linux Distros Unpatched Vulnerability : CVE-2019-11884
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The dohidpsockioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from...
CVE-2022-49232
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix a NULL pointer dereference in amdgpudmconnectoraddcommonmodes In amdgpudmconnectoraddcommonmodes, amdgpudmcreatecommonmode is assigned to mode and is passed to drmmodeprobedadd directly after that...
CVE-2025-21809 rxrpc, afs: Fix peer hash locking vs RCU callback
In the Linux kernel, the following vulnerability has been resolved: rxrpc, afs: Fix peer hash locking vs RCU callback In its address list, afs now retains pointers to and refs on one or more rxrpcpeer objects. The address list is freed under RCU and at this time, it puts the refs on those peers...
CVE-2025-21805 RDMA/rtrs: Add missing deinit() call
In the Linux kernel, the following vulnerability has been resolved: RDMA/rtrs: Add missing deinit call A warning is triggered when repeatedly connecting and disconnecting the rnbd: listadd corruption. prev-next should be next ffff88800b13e480, but was ffff88801ecd1338. prev=ffff88801ecd1340...
CVE-2025-21755
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2025-21787 team: better TEAM_OPTION_TYPE_STRING validation
In the Linux kernel, the following vulnerability has been resolved: team: better TEAMOPTIONTYPESTRING validation syzbot reported following splat 1 Make sure user-provided data contains one nul byte. 1 BUG: KMSAN: uninit-value in stringnocheck lib/vsprintf.c:633 inline BUG: KMSAN: uninit-value in...
CVE-2025-21777
In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Validate the persistent meta data subbuf array The meta data for a mapped ring buffer contains an array of indexes of all the subbuffers. The first entry is the reader page, and the rest of the entries lay out the...
CVE-2025-21776 USB: hub: Ignore non-compliant devices with too many configs or interfaces
In the Linux kernel, the following vulnerability has been resolved: USB: hub: Ignore non-compliant devices with too many configs or interfaces Robert Morris created a test program which can cause usbhubtostructhub to dereference a NULL or inappropriate pointer: Oops: general protection fault,...
CVE-2025-21755
...
CVE-2024-49570
In the Linux kernel, the following vulnerability has been resolved: drm/xe/tracing: Fix a potential TPprintk UAF The commit afd2627f727b "tracing: Check "%s" dereference via the field and not the TPprintk format" exposes potential UAFs in the xebomove trace event. Fix those by avoiding...
CVE-2025-21753 btrfs: fix use-after-free when attempting to join an aborted transaction
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free when attempting to join an aborted transaction When we are trying to join the current transaction and if it's aborted, we read its 'aborted' field after unlocking fsinfo-translock and without holding any...
CVE-2025-21753 btrfs: fix use-after-free when attempting to join an aborted transaction
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free when attempting to join an aborted transaction When we are trying to join the current transaction and if it's aborted, we read its 'aborted' field after unlocking fsinfo-translock and without holding any...
CVE-2025-21754 btrfs: fix assertion failure when splitting ordered extent after transaction abort
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix assertion failure when splitting ordered extent after transaction abort If while we are doing a direct IO write a transaction abort happens, we mark all existing ordered extents with the BTRFSORDEREDIOERR flag done at...
CVE-2025-21749 net: rose: lock the socket in rose_bind()
In the Linux kernel, the following vulnerability has been resolved: net: rose: lock the socket in rosebind syzbot reported a soft lockup in roseloopbacktimer, with a repro calling bind from multiple threads. rosebind must lock the socket to avoid this issue...
CVE-2025-21748
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix integer overflows on 32 bit systems On 32bit systems the addition operations in ipcmsgalloc can potentially overflow leading to memory corruption. Add bounds checking using KSMBDIPCMAXPAYLOAD to avoid overflow...
CVE-2025-21744
In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: fix NULL pointer dereference in brcmftxfinalize On removal of the device or unloading of the kernel module a potential NULL pointer dereference occurs. The following sequence deletes the interface: brcmfdetach...
CVE-2025-21743 usbnet: ipheth: fix possible overflow in DPE length check
In the Linux kernel, the following vulnerability has been resolved: usbnet: ipheth: fix possible overflow in DPE length check Originally, it was possible for the DPE length check to overflow if wDatagramIndex + wDatagramLength U16MAX. This could lead to an OoB read. Move the wDatagramIndex term t...
CVE-2025-21735
CVE-2025-21735 affects the Linux kernel NFC (nci) component, specifically nci_hci_create_pipe(). The pipe value is a net-sourced u8; if it exceeds 127, it can cause memory corruption in the caller, nci_hci_connect_gate(), per the advisory. The description confirms the issue has been resolved in t...
CVE-2025-21728
CVE-2025-21728: Linux kernel vulnerability where BPF programs in non-preemptible contexts calling bpf_send_signal() can sleep, causing issues. The fix changes irqs_disabled() to !preemptible(). Affects kernels with BPF support; CVSSv3.1 base 5.5 (LOCAL, LOW privileges, NONE user interaction, HIGH...
CVE-2025-21707
In the Linux kernel, the following vulnerability has been resolved: mptcp: consolidate suboption status MPTCP maintains the received sub-options status is the bitmask carrying the received suboptions and in several bitfields carrying per suboption additional info. Zeroing the bitmask before parsi...