CVE-2023-53121

The CVE-2023-53121 vulnerability affects the Linux kernel where tcp_rtx_synack() can be invoked from process context, allowing tcp_make_synack() to touch per-CPU data with preemption enabled and trigger a BUG: using __this_cpu_add() in preemptible code. The root cause is a context-inappropriate c...

CVE-2024-26702

CVE-2024-26702 : In the Linux kernel, the iio: magnetometer RM3100 driver added a boundary check for the value read from RM3100_REG_TMRC to prevent an out-of-bounds access that could crash rm3100_common_probe. The crash was caused by out-of-bounds access of the rm3100_samp_rates array due to hard...

CVE-2024-26986

CVE-2024-26986 Root cause: In the Linux kernel’s DRM AMD/KFD path, a memory leak was introduced via a leaked mmget reference on the error path when creating KFD processes while a GPU reset is in progress. Impact: Memory leak in create_process failure for KFD, potentially exhausting memory or reso...

CVE-2024-35791

CVE-2024-35791 affects the Linux kernel KVM: SVM subsystem. It describes a use-after-free in svm_register_enc_region() that is mitigated by flushing converted pages under the kvm lock before releasing the lock, preventing region/pages from being freed by another task. The fix is a patch to perfor...

CVE-2024-35875

CVE-2024-35875 affects the Linux kernel “x86/coco” subsystem. The vulnerability stems from seeding the RNG at boot using RDRAND on CoCo systems; if RDRAND is broken or unavailable, the RNG may be left unseeded, potentially compromising cryptographic operations. The fix ensures an attempt to seed ...

CVE-2024-35949

CVE-2024-35949 affects the Linux kernel's btrfs subsystem. The root cause was that WRITTEN was not ensured on all metadata blocks, allowing potential corruption if extended leaf checks were skipped for blocks without WRITTEN. The fix adds checks to ensure WRITTEN is set and guarantees that __btrf...

CVE-2024-36479

Technical details about CVE-2024-36479 are not provided in the connected documents. Public information in the initial description is high level. Monitor for updates and additional details from vendor/maintainer advisories.

CVE-2024-39482

CVE-2024-39482 relates to the Linux kernel bug in bcache: it abused a fixed-length array in btree_iter when used with dynamically-sized iterators, triggering UBSAN. The fix introduces a flexible array member in btree_iter and a separate btree_iter_stack that embeds a btree_iter plus a data array,...

CVE-2024-41030

The CVE-2024-41030 vulnerability affects the Linux kernel’s ksmbd server: when opening a directory, write access could be inappropriately granted due to flags from the client, causing ksmbd to become incompatible with FUSE filesystems. The fix discards write access during directory opens, address...

CVE-2024-41034

CVE-2024-41034 — nilfs2 directory rename bug (Linux kernel) Affected component: nilfs2 in the Linux kernel. The issue occurs during a rename operation on a broken directory, where __block_write_begin_int() may fail due to an access beyond folio/page size when nilfs_dotdot() returns an invalid par...

CVE-2024-42092

CVE-2024-42092 — Linux kernel GPIO (DaVinci) vulnerability Affected: Linux kernel (gpio: davinci) where pdata->gpio_unbanked is read from the Device Tree. If DT is broken, this value may be invalid and could cause out-of-bounds access to chips->irqs in davinci_gpio_probe(). Root cause: lack...

CVE-2024-42106

CVE-2024-42106 : In the Linux kernel, the inet_diag path for raw sockets could read an uninitialized pad field in inet_diag_req_v2 when converting inet_diag_req to v2, leading to uninitialized reads in raw_lookup(). The root cause is that inet_diag_get_exact_compat() and inet_diag_dump_compat() d...

CVE-2024-42136

CVE-2024-42136 affects the Linux kernel cdrom subsystem. The issue stems from an arithmetic path in last_media_change that could trigger a signed integer overflow under UBSAN when running syzkaller; the issue is resolved by rearranging the check to avoid any arithmetic, preventing the overflow. T...

CVE-2024-42153

The CVE CVE-2024-42153 affects the Linux kernel I2C pnx driver, where del_timer_sync() invoked from an ISR could emit a deadlock warning. The fix replaces del_timer_sync() with wait_for_completion_timeout() in isr, allowing removal of the timer and related code. This change removes the warning an...

CVE-2024-42224

CVE-2024-42224 relates to the Linux kernel mv88e6xxx DSA driver. The root cause was an incorrect check for an empty list: mv88e6xxx_default_mdio_bus() validated list_first_entry() is non-NULL, which does not properly detect an empty list. The fix uses list_first_entry_or_null(), which returns NUL...

CVE-2024-43912

CVE-2024-43912 in the Linux kernel affects the wifi nl80211 code:AP channel width setting is now disallowed when using non-standard widths (e.g., S1G or narrow channels). The issue arises from allowing non-standard AP channel widths while normal 20/40/… MHz progression is expected, and the patch ...

CVE-2024-44998

CVE-2024-44998 affects the Linux kernel ATM subsystem (atm: idt77252). The issue is a use-after-free in dequeue_rx where a socket/buffers (skb) dereference occurs after skb is released by vcc->push(), enabling a use-after-free scenario. A fix has been applied in upstream kernel; refer to the l...

CVE-2024-46680

CVE-2024-46680 concerns the Linux kernel Bluetooth Bluetooth: btnxpuart driver crash during driver removal. The vulnerability arises when ps_wakeup() in btnxpuart_close() schedules work that is executed after the btnxpuart module is removed, leading to a kernel crash during repeated load/unload t...

CVE-2024-46719

CVE-2024-46719 (Linux kernel) addresses a NULL pointer dereference in the USB Type-C UCSI code. The root cause is that ucsi_register_altmode considers NULL a valid alt pointer and, when CONFIG_TYPEC_DP_ALTMODE is disabled, ucsi_register_displayport can return NULL, leading to a NULL pointer deref...

CVE-2024-46780

CVE-2024-46780 (nilfs2): The Linux kernel fixed a sysfs read path where sysfs attribute show methods could access nilfs2’s superblock buffers without mutual exclusion, risking pointer dereference/memory access. The root cause was missing mutual exclusion for certain reads; the fix adds protection...

CVE-2024-46782

CVE-2024-46782 affects Linux kernel’s ila subsystem (net/ipv6/ila/ila_xlat.c, ila_nf_input) where a use-after-free occurs: ila_xlat_exit_net() frees the rhashtable and then nf_unregister_net_hooks() is called. The issue is the hook removal should occur before freeing resources; the fix reorders a...

CVE-2024-46830

CVE-2024-46830 affects the Linux kernel KVM for x86. The vulnerability arises when acquiring kvm->srcu while handling KVM_SET_VCPU_EVENTS, because KVM will forcibly leave nested VMX/SVM during SMM toggling and leaving nested VMX can read guest memory. The described fix: grab SRCU unconditional...

CVE-2024-49865

CVE-2024-49865 affects the Linux kernel’s DRM XE VM code. The root cause is a use-after-free risk caused by the timing of allocating VM IDs with xa_alloc, which allowed an Evil user to guess the next VM id before vm destroy/ioctl completes, potentially exposing references to the same VM that is s...

CVE-2024-49871

CVE-2024-49871 affects the Linux kernel adp5589-keys driver. A NULL pointer dereference can occur because i2c_set_clientdata() is only called at the end of probe, while the code passes the i2c client to i2c_get_clientdata() during early failure of probe. The connected document confirms a resolved...

CVE-2024-49926

CVE-2024-49926 affects the Linux kernel’s rcu-tasks path (rcu_tasks_need_gpcb). The root cause is an access to a non-existent percpu rtpcp variable when CONFIG_FORCE_NR_CPUS=y, causing nr_cpu_ids to resolve to NR_CPUS instead of the number of possible CPUs, which can lead to a kernel page fault a...

CVE-2024-49972

CVE-2024-49972 affects the Linux kernel DRM-AMD display path. The issue arises when creating DML memory during DC state changes: if the DML memory allocation fails, previously allocated memory was not deallocated, leaving an uninitialized, non-NULL structure. The documented fix deallocates the me...

CVE-2024-50170

CVE-2024-50170 affects the Linux kernel bcmasp driver (net/bcmasp). The vulnerability occurs when bcmasp_xmit() returns NETDEV_TX_OK after a mapping failure, leaking the skb. The fix adds a dev_kfree_skb() call to free the skb, correcting the memory leak on the transmit path. The documents do not...

CVE-2024-50188

CVE-2024-50188 : In the Linux kernel, the net: phy: dp83869 vulnerability caused memory corruption when enabling fiber. The DP83869 PHY driver called linkmode_set_bit() with a bit mask (1 <

CVE-2024-50232

CVE-2024-50232 affects the Linux kernel in the IIO ADC driver for ad7124. The root cause is a potential division by zero in ad7124_set_channel_odr() when ad7124_write_raw() passes a zero value to DIV_ROUND_CLOSEST(), invoked via iio_write_channel_raw() -> iio_write_channel_attribute() -> ii...

CVE-2024-50285

CVE-2024-50285 affects ksmbd in the Linux kernel. The issue occurs when a client issues simultaneous SMB operations, which can exhaust memory via ksmbd_work_cache and cause an OOM. A patch adds a check against exceeding max credits, treating each SMB request as consuming at least one credit to pr...

CVE-2024-53137

CVE-2024-53137 : In the Linux kernel, ARM: fix cacheflush with PAN. The cacheflush syscall was broken when PAN for LPAE was implemented, causing faults because user access was not enabled around the cache maintenance instructions. The CVSSv3.1 metrics show LOCAL access, LOW complexity, LOW privil...

CVE-2024-53143

CVE-2024-53143 affects the Linux kernel’s fsnotify path, fixing an ordering issue where iput() must complete before decrementing the watched_objects count. The patch ensures the superblock remains alive until iput() is done, preventing a potential use-after-free (UAF) of sb->s_fs_info in tmpfs...

CVE-2024-53212

CVE-2024-53212 is a Linux kernel vulnerability where a false positive warning in netlink extack could occur during dumps. The fix reworks the validation by using the netlink message header (nlh) instead of scanning skb->data, addressing a scenario where a dump is initiated but not completed du...

CVE-2024-56368

No public technical details about CVE-2024-56368 are provided in the connected documents; monitor for updates.

CVE-2024-56635

CVE-2024-56635 (Linux kernel) : A race between device and NETNS dismantles could cause a use‑after‑free in __dev_get_by_index accessed via default_operstate(), as syzbot observed a KASAN UAF. The root cause is a race after __rtnl_unlock() when netns/device lifetimes may not be alive; mitigation d...

CVE-2024-56742

The CVE-2024-56742 entry concerns the Linux kernel VFIO/MLX5 path. It fixes an unwind issue in mlx5vf_add_migration_pages() where pages allocated but not added to the SG table must be freed to prevent a memory leak; pages already added to the SG table are freed via mlx5vf_free_data_buffer(). Affe...

CVE-2024-56771

CVE-2024-56771 concerns the Linux kernel mtd/spinand/winbond NAND ECC handling. Four WINBOND 3D NAND chips (W25N512GW, W25N01GW, W25N01JW, W25N02JW) rely on a single-bit ECC engine on-die. The issue arises because querying per-chunk bitflips via ->get_status() is unnecessary and unsupported fo...

CVE-2024-57872

CVE-2024-57872 – Linux kernel vulnerability affecting the SCSI/ufs path. The issue is caused by not releasing the HBA during ufshcd_pltfrm_remove(), which can lead to memory leaks. The fix ensures proper cleanup by calling scsi_host_dev_release() to free the HBA and avoid leaks. The CVE is rated ...

CVE-2024-57930

CVE-2024-57930 : Linux kernel tracing fix. The vulnerability arises because process_string() did not consistently handle cases where a %s argument in TP_printk() referred to an array, risking unsafe dereferences of string data in trace events. The fix expands process_string() to treat references ...

CVE-2024-57935

The CVE-ID describes a Linux kernel flaw in RDMA/hns: when destroying a QP, an invalid dip_ctx pointer could be accessed if the QP could not be modified to RTR, due to the dip_ctx not being attached. This is a local-attack surface with potential kernel access to cause a denial of service or crash...

CVE-2024-58054

CVE-2024-58054 concerns the Linux kernel staging media driver for max96712. The issue causes a kernel oops when removing the module, due to a pointer mix-up in v4l2_i2c_subdev_init(): i2c_set_cliendata() overwrites the private pointer with the struct driver data (sd) instead of the driver’s priva...

CVE-2025-21808

CVE-2025-21808: Linux kernel vulnerability in net: xdp where device-bound programs could be attached in generic mode, causing metadata kfuncs to run in an invalid context and crash. The fix adds a guard to disallow attaching device-bound programs in generic XDP mode, preventing invalid-context ex...

CVE-2025-21847

CVE-2025-21847 concerns the Linux kernel ASoC: SOF path — stream-ipc handling. The root cause is a missing NULL check for sps->cstream in sof_ipc_msg_data(), which can lead to a NULL pointer dereference if sps->stream is NULL or cstream is NULL. The issue is mitigated by the published patch...

CVE-2025-21869

Summary: CVE-2025-21869 is tied to a Linux kernel PowerPC code-patching issue where KASAN reports could trigger during patching on certain hardware (Talos II with kernel 6.13). Root cause: patching instructions could write into user-address-space memory under KASAN instrumentation, causing a KASA...

CVE-2025-21950

CVE-2025-21950 affects the Linux kernel driver path drivers: virt: acrn: hsm. In pmcmd_ioctl, three kmalloc-allocated memory objects initialized by hcall_get_cpu_state are copied to user space, risking information leakage from uninitialized bytes. The fix uses kzalloc to zero memory, mitigating l...

CVE-2025-23149

CVE-2025-23149 refers to a Linux kernel vulnerability in TPM handling. The issue is triggered when TPM_CHIP_FLAG_SUSPENDED is checked after tpm_find_get_ops(), which can spuriously invoke tpm_chip_start() while the TPM chip is suspended. The provided logs show a sequence leading to a potential tr...

CVE-2025-23155

The CVE-2025-23155 issue affects the Linux kernel net: stmmac path, where stmmac_request_irq_multi_msi() passes a pointer to a stack-allocated cpu_mask to irq_set_affinity_hint(). After return, the pointer becomes dangling and the affinity_hint is exposed via /proc with read permissions. Reading ...

CVE-2025-37801

The CVE-2025-37801 issue affects the Linux kernel’s SPI driver for i.MX (spi-imx). The root cause is that spi_imx_setupxfer() may return an error while leaving rx/tx function pointers NULL, leading to a NULL pointer dereference during a PIO transfer path. The documented impact is a kernel crash w...

CVE-2025-37879

CVE-2025-37879 affects the Linux kernel 9p/net subsystem (p9_client_write/p9_client_read_once). The root cause is signed negative counts being treated as valid due to signed arithmetic; the fix converts relevant counters to unsigned. This vulnerability can lead to improper handling of bogus negat...

CVE-2025-38003

CVE-2025-38003 affects the Linux kernel: the bcm subsystem generates procfs content for bcm_op objects, and removal without proper rcu protection could expose use-after-free data. The patch adds missing rcu_read_lock() and ensures list entries are removed under RCU, addressing UAF in procfs outpu...