CVE-2024-49874

CVE-2024-49874 affects the Linux kernel’s i3c master subsystem (svc_i3c_master). The issue is a use-after-free race between the worker threads bound to master->hj_work and master->ibi_work during cleanup. If the module is removed, master->base can be freed while a worker may still access...

CVE-2017-17863

CVE-2017-17863 affects the Linux kernel 4.9.x up to 4.9.71, where the BPF verifier in kernel/bpf/verifier.c fails to check the relationship between pointer values and the BPF stack. This can allow local users to trigger a denial of service (integer overflow or invalid memory access) or potentiall...

CVE-2017-5123

CVE-2017-5123 is a Linux kernel local privilege-escalation vulnerability in the waitid path. The waitid handler in kernel/exit.c writes to user memory by calling unsafe_put_user without performing an access_ok() check, and without wrapping user-space writes in the required user_access_begin()/use...

CVE-2019-12881

The CVE-2019-12881 entry affects the Linux kernel 4.15.0 on Ubuntu 18.04.2, specifically the i915_gem_userptr_get_pages function in drivers/gpu/drm/i915/i915_gem_userptr.c. It allows local attackers to trigger a NULL pointer dereference and BUG via crafted ioctl calls to /dev/dri/card0, potential...

CVE-2021-47050

CVE-2021-47050 affects the Linux kernel memory/ Renesas Renesas-rpc-if path. The issue is a NULL pointer dereference: platform_get_resource_byname() can return NULL, and the code would immediately dereference it in resource_size(). The vulnerability’s root cause is dereferencing an unchecked NULL...

CVE-2021-47186

CVE-2021-47186 affects the Linux kernel TIPC subsystem: kmemdup can return NULL and is dereferenced in tipc_crypto_key_xmit if not checked. The provided docs confirm a NULL pointer dereference path and cite kernel commits improving null-checks as the fix. Impact is local with potential kernel den...

CVE-2021-47435

CVE-2021-47435 affects the Linux kernel device-mapper (dm) path, causing a crash via a NULL pointer dereference during IO completion. The issue stems from dm_io_dec_pending() calling end_io_acct() before the in-flight pending count is decremented, and a race if a DM table swap happens concurrentl...

CVE-2021-47459

CVE-2021-47459 describes a use-after-free in the Linux kernel can: j1939: j1939_netdev_start() related to rx_kref of j1939_priv. The issue arises during j1939_sk_bind and netdev_start when rx_kref is accessed without proper synchronization. Public advisories indicate this is fixed by kernel updat...

CVE-2021-47598

CVE-2021-47598 affects the Linux kernel (net/sched/sch_cake) where calling cake_destroy() from cake_init() during qdisc creation could trigger use-after-free in the cake/qdisc destroy path. The issue manifests when a qdisc invokes its own destroy() method during initialization, conflicting with t...

CVE-2022-48629

CVE-2022-48629 concerns the Linux kernel crypto/qcom-rng implementation. The issue arises when the RNG generate function can leave part of the destination buffer zeroed if qcom_rng_read() returns a success but qcom_rng_generate() does not verify the value, causing the destination to be only parti...

CVE-2022-48662

CVE-2022-48662 affects the Linux kernel i915 driver (i915_gem_context.link protection). The issue arises when removing a context from the gem.contexts list during context_close(), which can poison link.next while i915_perf holds a reference, leading to a general protection fault during i915_perf_...

CVE-2022-49147

Technical details for CVE-2022-49147 are not publicly provided in the supplied documents; no affected products, impact, or remediation are specified here. Monitor for updates from connected sources.

CVE-2022-49190

CVE-2022-49190 affects the Linux kernel (kernel/resource). Root cause: boot memory allocated via alloc_resource() may be leaked if callers use kfree directly, causing a kernel BUG; remediation leaks only a few bytes to avoid patching every call site. A fix was applied in the kernel (commit ebff7d...

CVE-2022-49664

CVE-2022-49664 concerns the Linux kernel TIPC subsystem. The issue is a NULL pointer dereference in tipc_bcast_rcv caused by a race where a node’s bc link is not yet created when a bc packet arrives and dereferences the link from the hashtable. The patch fixes this by moving the bc link creation ...

CVE-2023-52586

CVE-2023-52586 : In the Linux kernel DRM MSM DPU, a race between vblank enable/disable from different threads existed due to missing synchronization. The fix adds a mutex around control vblank IRQ handling (and removes vblank_ctl_lock usage), replacing an atomic refcount with a simple int counter...

CVE-2023-52693

The CVE-2023-52693 issue affects the Linux kernel ACPI video backlight code. Root cause: acpi_get_parent() can fail (e.g., acpi_ut_acquire_mutex() failure) and pass an uninitialized acpi_parent to acpi_get_pci_dev() during acpi_video_dev_register_backlight(). Impact: potential incorrect parent ha...

CVE-2023-52741

CVE-2023-52741 affects the Linux kernel CIFS implementation: a use-after-free in rdata->read_into_pages() can occur when the network is unstable during read operations. The issue is caused by improper return-condition sequencing, enabling UAF in readpages_fill_pages (and related paths such as ...

CVE-2023-52857

Technical details about CVE-2023-52857 are not publicly provided in the supplied documents. Monitor for updates from vendors and advisories.

CVE-2023-52868

CVE-2023-52868 is a Linux kernel vulnerability in the thermal: core component that can cause a string overflow. The root cause is that the dev->id value is derived from ida_alloc() and can be up to INT_MAX; if it is too large, the sprintf() calls can overflow the buffer. The published descript...

CVE-2023-52974

CVE-2023-52974: Linux kernel scsi: iscsi_tcp fix UAF during login when accessing the shost ipaddress. If iscsi_sw_tcp_session_create() fails and userspace reads the host ipaddress during session teardown, a use-after-free occurs. The fix delays freeing by setting tcp_sw_host->session only afte...

CVE-2023-53039

CVE-2023-53039 : In the Linux kernel, the intel-ish-hid IPC path had a use-after-free when a reset-notify IPC message schedules a work function that uses a global ishtp_dev; if ish_probe() fails, resources are freed but the scheduled work is not cancelled. The fix uses devm_work_autocancel() so t...

CVE-2024-26655

CVE-2024-26655 affects the Linux kernel. The issue is a memory leak in posix_clock_open: if clk ops.open() returns an error, the pccontext allocated for the clock is not released. The fix reorganizes the code to make the behavior clearer and applies a patch in the kernel’s clock handling. Practic...

CVE-2024-26676

CVE-2024-26676 concerns the Linux kernel’s af_unix garbage collection. The issue arose when a socketpair self-send creates a self-referential GC candidate cycle that is not untangled due to missing MSG_OOB handling, causing a memory leak. The root cause was exposed after removing io_uring GC dead...

CVE-2024-26896

CVE-2024-26896 refers to a memory-leak issue in the Linux kernel wifi driver (wfx) when starting an AP. The root cause, as described in the sources, is that memory allocated by ieee80211_beacon_get() is never released, leading to kmemleak-reported unreferenced objects and potential memory exhaust...

CVE-2024-35806

The CVE-2024-35806 entry concerns the Linux kernel vulnerability in soc: fsl: qbman where IRQs must be disabled when taking cgr_lock to avoid deadlocks. The description states that smp_call_function_single already disables IRQs in the affected code path and that qman_update_cgr and qman_delete_cg...

CVE-2024-35922

The CVE-2024-35922 issue is a Linux kernel vulnerability in fbmon/fb_videomode_from_videomode() where htotal * vtotal can overflow to zero, risking division by zero. The root cause is overflow during videomode computation; the fix mirrors fb_var_to_videomode() by preventing division by zero. Affe...

CVE-2024-35935

CVE-2024-35935 – Linux kernel (btrfs: send: handle path ref underflow in header iterate_inode_ref()) Connected documents confirm a concrete fix in the Linux kernel: when building a path buffer for iterate_inode_ref(), a BUG_ON-based path underflow handling was replaced with proper error handling ...

CVE-2024-35936

CVE-2024-35936. In the Linux kernel, the btrfs relocation code (btrfs_relocate_sys_chunks) contains an unhandled corruption case in its chunk-tree lookup loop. The issue arises from two theoretically impossible conditions: (1) an inexact search yields a key with offset -1 for a chunk-tree item, a...

CVE-2024-36914

CVE-2024-36914 refers to a Linux kernel issue in drm/amd/display: writeback paths were incorrectly handled for DRM_MODE_CONNECTOR_WRITEBACK, causing KASAN slab-out-of-bounds messages. The root cause is a dynamic memory safety error detector triggering when writeback connectors do not initialize c...

CVE-2024-38565

CVE-2024-38565 : In the Linux kernel, the issue is “wifi: ar5523: enable proper endpoint verification.” Syzkaller reported a warning about an endpoint in use not having an expected type, and the fix is to validate the existence of all proper endpoints with their corresponding types. The patch is ...

CVE-2024-40939

CVE-2024-40939 (Linux kernel) : The issue affects the Linux kernel net/wwan/iosm path. When region creation fails in ipc_devlink_create_region(), the delete path used a tainted pointer that actually held an error code. The fix decreases the region index before performing the delete to avoid taint...

CVE-2024-40943

CVE-2024-40943 arises from a race in OCFS2 where hole punching and AIO/DIO co-exist, allowing an unwritten extent to be removed during I/O. The Linux kernel fix adds synchronization to wait for outstanding direct I/O before fallocate/punch_hole, preventing inconsistent extent state and potential ...

CVE-2024-40980

CVE-2024-40980 affects the Linux kernel where drop_monitor uses a spin_lock in trace_drop_common() executed with preemption disabled, problematic on RT kernels due to sleeping locks in atomic context. The vulnerability can lead to a crash (sleeping function called from invalid context) and potent...

CVE-2024-41072

CVE-2024-41072 affects the Linux kernel wifi subsystem (cfg80211 wext). The fix adds an extra validation in cfg80211_wext_siwscan() to ensure the number of channels passed via ioct(SIOCSIWSCAN, ...) does not exceed IW_MAX_FREQUENCIES; requests that exceed this limit are rejected with -EINVAL. Thi...

CVE-2024-42148

The CVE-2024-42148 has concrete technical details in connected docs: it concerns the bnx2x driver in the Linux kernel and UBSAN array-index-out-of-bounds warnings. The root cause is an out-of-bounds access on the stats_query_entry query array inside bnx2x_fw_stats_req (drivers/net/ethernet/broadc...

CVE-2024-44948

The CVE-2024-44948 entry applies to the Linux kernel vulnerability where mtrr_save_state() did not verify the fixed MTRR capability bit before accessing fixed MTRR MSRs. This missing capability check could cause a #GP on older CPUs that lack the fixed MTRR capability, though the RDMSR fault would...

CVE-2024-45011

CVE-2024-45011 in the Linux kernel relates to the xillybus/xillyusb driver probing a device and not validating USB endpoints before use. The patching guidance in the description indicates that every XillyUSB device must have a Bulk IN endpoint at address 1 and may have additional Bulk OUT endpoin...

CVE-2024-46714

CVE-2024-46714 in the Linux kernel is addressed by a fix in the DRM/AMD display path: the code now skips the wbscl_set_scaler_filter when the filter is null, preventing a potential NULL return from wbscl_get_filter_coeffs_16p from causing a null dereference. A null check was added to ensure filte...

CVE-2024-46716

CVE-2024-46716: Linux kernel vulnerability in dmaengine altera-msgdma where descriptors were not freed correctly due to an incorrect list handling. The fix, described in the connected Astra Linux bulletin and kernel notes, removes the list_del in msgdma_chan_desc_cleanup (which should be responsi...

CVE-2024-46804

CVE-2024-46804 affects the Linux kernel’s DRM/AMD display path, specifically HDCP DDC access. The vulnerability stems from an array index overrun due to not validating the index, which could lead to overrun/W earlier reports. The fix adds proper checks: validate the message id (msg_id) and ensure...

CVE-2024-47665

CVE-2024-47665 concerns the Linux kernel’s i3c: mipi-i3c-hci driver. The bug manifested during IBI DMA setup when the code checked if dma_get_cache_alignment * defined value > 256, and incorrectly BUG_ON()'ed during driver initialization. The vulnerability could cause a local fault due to a fa...

CVE-2024-47741

In CVE-2024-47741, the Linux kernel’s btrfs code had a race when multiple threads perform lseek (SEEK_DATA/SEEK_HOLE) on the same file descriptor. The bug stems from find_desired_extent() grabbing the file’s private_data while it may be NULL, allowing two threads to allocate separate file private...

CVE-2024-49866

CVE-2024-49866 : Linux kernel race in timerlat cpuhp processing can lead to timer corruption when timerlat/1 migration occurs during thread creation. Root cause: CPU online/offline timing mismatch with asynchronous osnoise workers can schedule a thread onto an offline CPU. Fix implemented: skip o...

CVE-2024-49893

CVE-2024-49893 affects the Linux kernel DRM display path (drm/amd/display). The issue arises when dc_state_get_stream_status can return NULL, so stream_status must be checked before use. The patch fixes a NULL_RETURNS issue reported by Coverity by adding a NULL check before accessing stream_statu...

CVE-2024-50000

CVE-2024-50000 affects the Linux kernel mlx5e driver: in mlx5e_tir_builder_alloc(), kvzalloc() may return NULL and the code dereferences it, causing a NULL pointer dereference. The vulnerability is fixed by the upstream patch in the Linux kernel; remediation is to upgrade to a version containing ...

CVE-2024-50025

CVE-2024-50025 affects the Linux kernel, specifically the scsi fnic driver. Root cause: in a patch, flush_work initialization was moved into a conditional block, risking dispatching a work item on an uninitialized work queue. Impact: this could cause the queued work to not be processed, which may...

CVE-2024-50210

The CVE-2024-50210 issue is in the Linux kernel posix-clock routine pc_clock_settime(). If get_clock_desc() succeeds, the code locks the clock’s fd and holds the rwsem; the error path failed to release the lock and fput the fd, causing unbalanced locking and a potential resource leak. The root ca...

CVE-2024-50231

CVE-2024-50231 affects the Linux kernel’s IIO subsystem (gts helper). The issue is a memory-leak in iio_gts_build_avail_scale_table() where per_time_gains elements/arrays are not freed, triggered when running iio-test-gts tests (gts_test_gains, gts_test_itimes). The leak manifests as unreferenced...

CVE-2024-53081

Public technical details (affected product/version/root cause/patch) for CVE-2024-53081 are not provided in the connected documents. Monitor for updates when new information becomes available.

CVE-2024-56550

The CVE-2024-56550 affects the Linux kernel (s390 architecture). The underlying issue was a return statement in arch_stack_walk_user_common() that could be executed when store_ip() fails, instead of a break. This could skip pagefault_enable(), causing subsequent page faults to be mishandled and p...