13851 matches found
CVE-2024-42148
The CVE-2024-42148 has concrete technical details in connected docs: it concerns the bnx2x driver in the Linux kernel and UBSAN array-index-out-of-bounds warnings. The root cause is an out-of-bounds access on the stats_query_entry query array inside bnx2x_fw_stats_req (drivers/net/ethernet/broadc...
CVE-2024-44948
The CVE-2024-44948 entry applies to the Linux kernel vulnerability where mtrr_save_state() did not verify the fixed MTRR capability bit before accessing fixed MTRR MSRs. This missing capability check could cause a #GP on older CPUs that lack the fixed MTRR capability, though the RDMSR fault would...
CVE-2024-44986
CVE-2024-44986 affects the Linux kernel IPv6 path. A use-after-free can occur in ip6_finish_output2() if skb_expand_head() returns NULL, potentially freeing skb and its dst/idev; the code must hold rcu_read_lock() to keep dst/idev alive. The provided connected documents confirm a kernel fix in th...
CVE-2024-45011
CVE-2024-45011 in the Linux kernel relates to the xillybus/xillyusb driver probing a device and not validating USB endpoints before use. The patching guidance in the description indicates that every XillyUSB device must have a Bulk IN endpoint at address 1 and may have additional Bulk OUT endpoin...
CVE-2024-46714
CVE-2024-46714 in the Linux kernel is addressed by a fix in the DRM/AMD display path: the code now skips the wbscl_set_scaler_filter when the filter is null, preventing a potential NULL return from wbscl_get_filter_coeffs_16p from causing a null dereference. A null check was added to ensure filte...
CVE-2024-46716
CVE-2024-46716: Linux kernel vulnerability in dmaengine altera-msgdma where descriptors were not freed correctly due to an incorrect list handling. The fix, described in the connected Astra Linux bulletin and kernel notes, removes the list_del in msgdma_chan_desc_cleanup (which should be responsi...
CVE-2024-46804
CVE-2024-46804 affects the Linux kernel’s DRM/AMD display path, specifically HDCP DDC access. The vulnerability stems from an array index overrun due to not validating the index, which could lead to overrun/W earlier reports. The fix adds proper checks: validate the message id (msg_id) and ensure...
CVE-2024-47665
CVE-2024-47665 concerns the Linux kernel’s i3c: mipi-i3c-hci driver. The bug manifested during IBI DMA setup when the code checked if dma_get_cache_alignment * defined value > 256, and incorrectly BUG_ON()'ed during driver initialization. The vulnerability could cause a local fault due to a fa...
CVE-2024-47741
In CVE-2024-47741, the Linux kernel’s btrfs code had a race when multiple threads perform lseek (SEEK_DATA/SEEK_HOLE) on the same file descriptor. The bug stems from find_desired_extent() grabbing the file’s private_data while it may be NULL, allowing two threads to allocate separate file private...
CVE-2024-49866
CVE-2024-49866 : Linux kernel race in timerlat cpuhp processing can lead to timer corruption when timerlat/1 migration occurs during thread creation. Root cause: CPU online/offline timing mismatch with asynchronous osnoise workers can schedule a thread onto an offline CPU. Fix implemented: skip o...
CVE-2024-49893
CVE-2024-49893 affects the Linux kernel DRM display path (drm/amd/display). The issue arises when dc_state_get_stream_status can return NULL, so stream_status must be checked before use. The patch fixes a NULL_RETURNS issue reported by Coverity by adding a NULL check before accessing stream_statu...
CVE-2024-50000
CVE-2024-50000 affects the Linux kernel mlx5e driver: in mlx5e_tir_builder_alloc(), kvzalloc() may return NULL and the code dereferences it, causing a NULL pointer dereference. The vulnerability is fixed by the upstream patch in the Linux kernel; remediation is to upgrade to a version containing ...
CVE-2024-50025
CVE-2024-50025 affects the Linux kernel, specifically the scsi fnic driver. Root cause: in a patch, flush_work initialization was moved into a conditional block, risking dispatching a work item on an uninitialized work queue. Impact: this could cause the queued work to not be processed, which may...
CVE-2024-50210
The CVE-2024-50210 issue is in the Linux kernel posix-clock routine pc_clock_settime(). If get_clock_desc() succeeds, the code locks the clock’s fd and holds the rwsem; the error path failed to release the lock and fput the fd, causing unbalanced locking and a potential resource leak. The root ca...
CVE-2024-50231
CVE-2024-50231 affects the Linux kernel’s IIO subsystem (gts helper). The issue is a memory-leak in iio_gts_build_avail_scale_table() where per_time_gains elements/arrays are not freed, triggered when running iio-test-gts tests (gts_test_gains, gts_test_itimes). The leak manifests as unreferenced...
CVE-2024-53081
Public technical details (affected product/version/root cause/patch) for CVE-2024-53081 are not provided in the connected documents. Monitor for updates when new information becomes available.
CVE-2024-56550
The CVE-2024-56550 affects the Linux kernel (s390 architecture). The underlying issue was a return statement in arch_stack_walk_user_common() that could be executed when store_ip() fails, instead of a break. This could skip pagefault_enable(), causing subsequent page faults to be mishandled and p...
CVE-2024-56556
CVE-2024-56556 targets the Linux kernel binder: a race in binder_add_freeze_work() where proc->inner_lock is dropped while acquiring node->lock, allowing binder_node_release() to race and trigger a use-after-free. Impact is local privilege escalation/high, as indicated by multiple advisorie...
CVE-2024-56698
The CVE affects the Linux kernel’s DWC3 gadget USB driver. The root cause is a faulty accounting of scatter-gather entries: dwc3_request->num_queued_sgs is decremented on completion, and if a request is only partially completed, the total number of SG entries may be misreported, potentially le...
CVE-2024-56744
Technical details for CVE-2024-56744 are not publicly provided in the supplied documents; no affected products or fixes are confirmed here. Monitor for updates from kernel advisories or vendor bulletins.
CVE-2024-56768
CVE-2024-56768 (Linux kernel) : On x86-64, calling bpf_get_smp_processor_id() in builds with CONFIG_SMP disabled can trigger a page fault due to unavailable pcpu_hot. The fix in the patch inline returns 0 for the !CONFIG_SMP path, preventing the fault. References point to the kernel stable histor...
CVE-2024-57834
CVE-2024-57834 : In the Linux kernel, a null-pointer dereference in the video media driver (vidtv) was fixed. If dvb->mux is not successfully initialized by vidtv_mux_init() during vidtv_start_streaming(), stopping the streaming via vidtv_mux_stop_thread() could dereference a null mux pointer....
CVE-2024-58013
CVE-2024-58013 : In the Linux kernel, a slab-use-after-free in Bluetooth MGMT code (mgmt_remove_adv_monitor_sync) can lead to a crash (KASAN slab-use-after-free) via a read after free in the hci/mgmt path. The issue is triggered during advanced monitor removal (remove_adv_monitor) flow and is exp...
CVE-2025-21748
CVE-2025-21748 affects the Linux kernel’s ksmbd component on 32‑bit systems, where integer additions in ipc_msg_alloc() could overflow and cause memory corruption. The fix adds bounds checking via KSMBD_IPC_MAX_PAYLOAD to prevent the overflow. Connected documents confirm this exact description an...
CVE-2025-37765
CVE-2025-37765 relates to the Linux kernel drm/nouveau path where an oops occurs in ttm_bo_delayed_delete due to a dangling nouveau_bo reservation pointer after amdgpu_bo destruction. The root cause is that drm_prime_gem_destroy releases a shared dma_buf, destroying the amdgpu_bo, which leaves no...
CVE-2025-37778
CVE-2025-37778 affects the Linux kernel’s ksmbd/kerberos path. The issue is a dangling pointer in krb_authenticate: it frees sess->user and may not null it; ksmbd_krb5_authenticate reinitialises sess->user, but may return without doing so, causing smb2_sess_setup to access freed memory. The...
CVE-2025-37854
CVE-2025-37854 affects the Linux kernel drm/amdkfd path. A use-after-free race occurs when mode1 reset is used to recover a hung GPU: after KFD signals user space to abort, the cleanup may free or reuse system memory (and VRAM) still in use by user queues, potentially corrupting data structures a...
CVE-2026-31664
The CVE-2026-31664 issue resides in the Linux kernel xfrm subsystem: build_polexpire() fails to clear trailing padding in struct xfrm_user_polexpire, leaving uninitialized heap bytes that are sent to userspace via netlink multicast (XFRMNLGRP_EXPIRE). The consequence is potential leakage of kerne...
CVE-2008-5029
CVE-2008-5029 affects the Linux kernel 2.6.27.4, 2.6.26 and earlier via the __scm_destroy function in net/core/scm.c, which can cause indirect recursive calls when closing sockets after an SCM_RIGHTS message. This local DoS (panic) condition results from the kernel’s handling of UNIX domain socke...
CVE-2011-1044
CVE-2011-1044 affects the Linux kernel (pre-2.6.37) and is caused by ib_uverbs_poll_cq in drivers/infiniband/core/uverbs_cmd.c not initializing a certain response buffer. This allows local attackers to read potentially sensitive data from kernel memory via vectors that fill the buffer only partia...
CVE-2011-2482
Mode C (Normal, details available) CVE-2011-2482 is referenced in connected documentation tied to MiracleLinux 3: kernel-2.6.18-274.2.AXS3. The vulnerability affects the Linux kernel as used by that distribution, and stems from a Red Hat patch to the sctp_sock_migrate function in net/sctp/socket....
CVE-2011-2498
CVE-2011-2498 affects the Linux kernel: versions prior to 2.6.39 allow local unprivileged users to trigger creation of PTE pages, causing memory consumption and a denial of service. The issue is rooted in how PTE pages are accounted for during OOM scoring. Public disclosures reference Ubuntu, SUS...
CVE-2011-2918
CVE-2011-2918 affects the Linux kernel perf subsystem (Performance Events). The issue arises in the handling of event overflows for PERF_COUNT_SW_CPU_CLOCK, enabling a local attacker to cause a denial of service (system hang) via a crafted application. Public references in connected advisories co...
CVE-2012-1097
CVE-2012-1097 affects the Linux kernel before 3.2.10, where the regset (register set) path mishandles absence of .get/.set methods. This can allow a local attacker to trigger a NULL pointer dereference via PTRACE_GETREGSET or PTRACE_SETREGSET, possibly causing denial of service or other impact. R...
CVE-2014-4655
CVE-2014-4655 affects the Linux kernel ALSA control path: snd_ctl_elem_add in sound/core/control.c does not correctly maintain user_ctl_count, enabling a local DoS via a large number of SNDRV_CTL_IOCTL_ELEM_REPLACE calls to /dev/snd/controlCX. Affected: Linux kernel prior to 3.15.2 (ALSA control ...
CVE-2015-8844
CVE-2015-8844 affects the Linux kernel on PowerPC where the signal implementation does not validate an MSR with both the S and T bits set. This can enable a local attacker to cause a denial of service (TM Bad Thing exception and panic) via a crafted application. The vulnerability is fixed in the ...
CVE-2016-5243
CVE-2016-5243 affects the Linux kernel up to 4.6.3. The tipc_nl_compat_link_dump function in net/tipc/netlink_compat.c does not properly copy a string, enabling a local attacker to read sensitive data from kernel stack memory via a Netlink message. Impact is information disclosure with LOCAL acce...
CVE-2020-35501
CVE-2020-35501 is rejected; this CVE ID is not a valid vulnerability entry.
CVE-2021-47162
CVE-2021-47162 affects the Linux kernel TIPC path. The vulnerability arises when reassembling messages and appending a frag skb to a skb’s frag_list: if the frag_list already contains skbs from elsewhere (e.g., cloned/shared by multiple skbs), the appended frag skb may be observed by multiple skb...
CVE-2021-47517
CVE-2021-47517 affects the Linux kernel’s ethtool handling: during net-device unregistration a reference to the device can be used, enabling operations after unregister begins. The fix moves the operation into an rtnl-locked path on the netlink side so the net device won’t be found post-unregiste...
CVE-2022-0400
The CVE-2022-0400 entry concerns an out-of-bounds read in the Linux kernel’s SMC protocol stack that can enable remote denial of service. Connected sources (NVD, OSV, Debian-related OSV entries) confirm the affected component and impact but do not provide a patched version or explicit remediation...
CVE-2022-2590
Astra Linux bulletin confirms CVE-2022-2590 was addressed in Linux kernel MM/GUP logic by fixing FOLL_FORCE COW security issue and removing FOLL_COW. The patch targets races where a read-only shared page could become writable via FOLL_FORCE during COW, enabling unprivileged local writes to read‑o...
CVE-2022-3112
CVE-2022-3112 affects the Linux kernel up to 5.16-rc6. The issue is in amvdec_set_canvases (drivers/staging/media/meson/vdec/vdec_helpers.c) where kzalloc() return value is not checked, leading to a NULL pointer dereference. Connected sources confirm the same defect across various advisories (e.g...
CVE-2022-48953
CVE-2022-48953 — Linux kernel rtc-cmos init-order bug. The issue arises when rtc_handler() accesses driver data before cmos_do_probe() has completed, causing a NULL pointer dereference if the RTC fixed event fires at boot. The fix changes initialization order so that cmos_wake_setup() is called a...
CVE-2022-49025
CVE-2022-49025 affects the Linux kernel driver net/mlx5e. The vulnerability arises when multiple dests use termination tables and a second (or later) dest initialization fails; the driver reverts the term tables but does not reset the corresponding attr->dests[num_vport_dests].termtbl referenc...
CVE-2022-49142
CVE-2022-49142 relates to a Linux kernel net skb handling issue where skb_end_offset() preservation in skb_unclone_keeptruesize() and interactions with kfence could cause a WARN_ON_ONCE(delta
CVE-2022-49305
CVE-2022-49305 affects the Linux kernel driver path drivers/staging/rtl8192u where a deadlock in ieee80211_beacons_stop() could occur. The root cause is a lock-order interaction: del_timer_sync() waited while holding ieee->beacon_lock in ieee80211_beacons_stop(), but the timer handler also nee...
CVE-2022-49309
CVE-2022-49309 (Linux kernel) describes a deadlock in drivers: staging: rtl8723bs, specifically in rtw_surveydone_event_callback(). The issue occurs when a thread holds pmlmepriv->lock inside the callback and calls del_timer_sync() to stop a timer that is also needed by the timer handler, caus...
CVE-2022-49325
CVE-2022-49325 affects the Linux kernel’s TCP path, specifically the snd_cwnd field. The advisory notes historical bugs where tp->snd_cwnd could be zero or otherwise illegal, and that syzbot WARN_ON_ONCE(!tp->prior_cwnd) could trigger. The fix introduces accessors to read/set tp->snd_cwn...
CVE-2022-49561
CVE-2022-49561 : In the Linux kernel netfilter conntrack path, the vulnerability arises when a conntrack entry is re-fetched after insertion, and a clash can cause the skb->_nfct to be freed and then rebound to an already-confirmed entry. The issue stems from freeing the conntrack entry/extens...