CVE-2010-3437

The vulnerability CVE-2010-3437 affects the Linux kernel (before 2.6.36-rc6) in pkt_find_dev_from_minor within drivers/block/pktcdvd.c. A crafted index value passed via PKT_CTRL_CMD_STATUS ioctl can cause a signedness error, enabling local attackers to read kernel memory or trigger a crash (DoS)....

CVE-2010-4080

CVE-2010-4080 affects the Linux kernel: snd_hdsp_hwdep_ioctl in sound/pci/rme9652/hdsp.c does not initialize a structure, enabling local attackers to leak kernel stack information via SNDRV_HDSP_IOCTL_GET_CONFIG_INFO. Affected products/versions: Linux kernel before 2.6.36-rc6. Impact is an inform...

CVE-2011-1017

CVE-2011-1017 relates to a heap-based buffer overflow in the Linux kernel’s LDM code path. Affected component: fs/partitions/ldm.c (ldm_frag_add) in kernel 2.6.37.2 and earlier. Root cause cited in connected docs: bugs in evaluating LDM partitions could crash the kernel for certain corrupted LDM ...

CVE-2011-1076

CVE-2011-1076 affects the Linux kernel up to 2.6.37 in dns_key.c; remote DNS servers sending invalid responses can trigger a NULL pointer dereference/OOPS, leading to a denial of service. Reports from SUSE/Red Hat/NVD corroborate. Remediation: upgrade to kernel 2.6.38 or newer (vendor patches). E...

CVE-2011-4086

The CVE-2011-4086 vulnerability affects the Linux kernel prior to 3.3.1, where journal_unmap_buffer in fs/jbd2/transaction.c mishandles _Delay and _Unwritten journal buffer head states. This can crash the system (local DoS) when an ext4 filesystem is mounted with a journal. Remediation: upgrade t...

CVE-2012-1601

CVE-2012-1601 concerns the KVM component of the Linux kernel. The vulnerability exists in the KVM implementation prior to version 3.3.6 and can be triggered by a host OS user making a KVM_CREATE_IRQCHIP ioctl after a virtual CPU already exists. The issue may lead to a NULL pointer dereference and...

CVE-2012-2373

CVE-2012-2373 affects the Linux kernel before 3.4.5 on x86 with Physical Address Extension (PAE) enabled. It arises from improper use of the Page Middle Directory (PMD), enabling a race condition that local users can trigger to cause a denial of service (panic) via a crafted application. The conn...

CVE-2013-2234

CVE-2013-2234: In the Linux kernel (net/key/af_key.c), the functions key_notify_sa_flush and key_notify_policy_flush do not initialize certain structure members in versions before 3.10, allowing local users to read sensitive information from kernel heap memory via a broadcast message on the IPSec...

CVE-2014-3181

CVE-2014-3181 affects the Linux kernel HID Magic Mouse driver (drivers/hid/hid-magicmouse.c, function magicmouse_raw_event) through version 3.16.3. It results in stack-based buffer overflows when processing large EHCI or XHCI data from a device, enabling physically proximate attackers to cause a ...

CVE-2014-9904

CVE-2014-9904 affects the Linux kernel ALSA subsystem: snd_compress_check_input in sound/core/compress_offload.c before 3.17 fails to check for an integer overflow. This can allow local users to cause a denial of service (insufficient memory allocation) or other unspecified impact via a crafted S...

CVE-2016-2547

The CVE-2016-2547 issue affects Linux kernel sound/core/timer.c prior to 4.4.1. The root cause is a locking approach that ignores slave timer instances, enabling a local attacker to trigger a denial-of-service via a crafted ioctl (race condition/use-after-free leading to system crash). Public adv...

CVE-2016-2549

CVE-2016-2549 affects the Linux kernel prior to version 4.4.1, where sound/core/hrtimer.c fails to prevent recursive callback access, enabling local users to trigger a denial of service (deadlock) via a crafted ioctl. Connected advisories (Unity Linux UTSA-2026-000840/000...) confirm this issue i...

CVE-2017-18379

CVE-2017-18379 is an issue in the Linux kernel prior to 4.14, where an out-of-bounds access occurs in the nvme target driver, specifically in drivers/nvme/target/fc.c. The connected Nessus advisories (Unity Linux UTSA-2026-001233/002545/002935) reference the same vulnerability and reiterate that ...

CVE-2018-25015

CVE-2018-25015 affects the Linux kernel up to version 4.14.15, with a use-after-free in net/sctp/socket.c when a lock is held after a peel-off (CID-a0ff660058b8). Exploitation details are not provided in the supplied documents, but CVSS v3 indicates a high impact. The ChangeLog entry for 4.14.16 ...

CVE-2019-15791

CVE-2019-15791 describes a refcount underflow in the Linux kernel shiftfs implementation caused by a non-upstream patch in Ubuntu 5.0/5.3 kernels: shiftfs_btrfs_ioctl_fd_replace() can create a file descriptor to a lower-filesystem file without an extra reference, and closing the FD after the btrf...

CVE-2019-15792

CVE-2019-15792 affects the shiftfs implementation in Ubuntu's kernel series (5.0 and 5.3), where shiftfs_btrfs_ioctl_fd_replace() calls fdget(oldfd) and passes the resulting file* to shiftfs_real_fdget(), casting file->private_data (a void*) to a struct shiftfs_file_info *. Since private_data ...

CVE-2021-47070

CVE-2021-47070 is described in the connected docs as a Linux kernel vulnerability in the uio_hv_generic driver where memory allocated by vmbus_alloc_ring() during probe is leaked in error handling paths. The fix adds a missing vmbus_free_ring() call, noting that the memory is already freed in the...

CVE-2021-47078

CVE-2021-47078 affects the Linux kernel RDMA/rxe path. The root cause is in rxe_qp_from_init() where, if QP initialization fails, the code could leave QP fields garbage. This leads to a use-after-free scenario with a refcount underflow in refcount.c (totally described in the given stack trace), c...

CVE-2021-47659

CVE-2021-47659 affects the Linux kernel DRM plane path. The vulnerability arises because the range check for format_count is performed late in __drm_universal_plane_init(); if format_count > 64 yields a WARN_ON, it can leak the plane->format_types array and skip drm_mode_object_unregister()...

CVE-2022-40476

CVE-2022-40476: A NULL pointer dereference in fs/io_uring.c of the Linux kernel prior to 5.15.62 allows a local user to crash the system or potentially cause a denial of service. Affected software: Linux kernel (pre-5.15.62). Root cause: NULL pointer dereference in io_uring handling. Impact: loca...

CVE-2022-48839

The connected advisories confirm CVE-2022-48839 affects the Linux kernel net/packet area. Affected component: AF_PACKET sockets using PACKET_COPY_THRESH with mmap can queue skbs containing garbage in skb->cb[], leading to a too-big copy. Root cause described as slab-out-of-bounds/stack-out-of-...

CVE-2022-48853

The CVE-2022-48853 entry concerns a Linux kernel swiotlb information leak when using DMA_FROM_DEVICE during SCSI SG I/O. The description explains a multi-step scenario where a bounce buffer and swiotlb can expose non-zero data from user space, potentially leaking content when the TUR (Test Unit R...

CVE-2022-49033

CVE-2022-49033 affects the Linux kernel’s btrfs qgroup code, where a sleep was performed in an invalid context during qgroup inheritance. The advisory and connected documents describe the fix as: call qgroup_dirty() on the destination qgroup and update the limit item in btrfs_run_qgroups() later,...

CVE-2022-49188

CVE-2022-49188 affects the Linux kernel remoteproc: qcom_q6v5_mss path, where leaks can occur in q6v5_alloc_memory_region due to improper device_node handling. The root cause is that the device_node pointer returned by of_parse_phandle() or of_get_child_by_name() is not always balanced with of_no...

CVE-2022-49279

The CVE-2022-49279 issue affects the Linux kernel’s NFSD component and arises from an integer overflow on 32‑bit systems in the operation len * sizeof(*p). Public descriptions in the provided documents confirm the root cause and affected area, but do not specify a fixed patch version or remediati...

CVE-2022-49350

CVE-2022-49350 affects the Linux kernel in the net/mdio area, where the symbol mdio_bus_init is annotated with init and exported. The combination of EXPORT_SYMBOL with init places code in .init.text, which may be freed after init and lead to a kernel panic if accessed by modules. The public advis...

CVE-2022-49557

CVE-2022-49557 relates to the Linux kernel, specifically the x86 fpu KVM path. The vulnerability arises when the guest FPU uABI size is set to the host default instead of the historical KVM uABI size, causing the kernel to configure the XSAVE header in a way that can lead to out-of-bounds writes ...

CVE-2022-49804

CVE-2022-49804 refers to a Linux kernel issue affecting s390 where making current_stack_pointer a global register variable exposed a gcc bug. The vulnerability is tied to stack pointer handling and can lead to stack corruption on affected builds. Public description notes that to mitigate, the min...

CVE-2023-4611

CVE-2023-4611 is a use-after-free in the Linux kernel memory subsystem (mm/mempolicy.c) caused by a race between mbind() and VMA-locked page fault. The vulnerability could allow a local attacker to crash the system or leak kernel information. Connected sources confirm the affected component and t...

CVE-2023-52763

The CVE-2023-52763 issue concerns the Linux kernel i3c master driver (i3c: master: mipi-i3c-hci). The root cause is a use-after-init sequence: i3c_master_bus_init may attach I2C devices before the I3C bus is initialized, causing the DAT_data alloc_entry to be used before init, and, if init fails,...

CVE-2023-52812

CVE-2023-52812 affects the Linux kernel in the DRM/AMD path for updating PCIe parameters in SR-IOV environments. The root cause is that pcie_table->num_of_link_levels can be 0, making num_of_levels − 1 evaluate to an invalid index and potentially causing an out-of-bounds access. The vulnerabil...

CVE-2023-52846

The CVE-2023-52846 entry concerns a Linux kernel use-after-free in hsr's prp_create_tagged_frame, where prp_fill_rct() may fail and free the skb while the successful path returns the original skb. Impact is described as high for confidentiality, integrity, and availability with local access prere...

CVE-2023-53046

Summary: CVE-2023-53046 is a Linux kernel vulnerability in Bluetooth HCI path. A race between hci_cmd_sync_work and hci_cmd_sync_clear can cause a use-after-free of the cmd_sync_work_list entry, potentially leading to a kernel panic when hci_cmd_sync_work is processed. The issue is triggered duri...

CVE-2023-53077

CVE-2023-53077 affects the Linux kernel’s DRM AMD display path. The vulnerability arises in CalculateVMAndRowBytes when PTEBufferSizeInRequests is zero, causing UBSAN to warn due to dml_log2 returning an unexpectedly negative value (shift exponent 4294966273). The documented fix is to skip the dm...

CVE-2023-53079

The CVE-2023-53079 issue affects the Linux kernel mlx5 driver (net/mlx5) and related eswitch/vport flow-rule handling. Root cause: during EEH, vport MC/UC/multicast promiscuous rules aren’t deleted in teardown, and the firmware may reset these settings after EEH, causing the driver to attempt to ...

CVE-2023-53089

CVE-2023-53089 affects the Linux kernel ext4/xattr path. The issue occurs during eviction of inodes with extended attributes (EA) where ext4_xattr_delete_inode triggers a hang due to finding an EA inode (ea_inum = 15) that is in I_FREEING state and waiting for the EA inode’s deletion, causing an ...

CVE-2023-53113

The CVE-2023-53113 entry concerns the Linux kernel wifi NL80211 offchannel check. A NULL-pointer dereference could occur when a link was created by userspace in AP mode but not activated yet, resulting in a chandef that is invalid or has no channel. The vulnerability arises from dereferencing thi...

CVE-2024-26795

CVE-2024-26795 — Linux kernel (riscv): Sparse-Memory/vmemmap out-of-bounds fix Affects: Linux kernel on riscv architectures with Sparse-Memory/vmemmap. The issue was that vmemmap could be mapped in a way that violated its bounds during pfn_to_page()/page_to_pfn() operations. The fix re-offsets vm...

CVE-2024-26818

CVE-2024-26818 affects the Linux kernel (rtla/ utils.c) where a fscanf call uses mount_point with a size of MAX_PATH but the format can write up to MAX_PATH+1, risking a buffer overflow. The connected Astra/Tencent/Tenable data confirms the root cause and documents the fix: increase the mount_poi...

CVE-2024-27050

Summary (CVE-2024-27050): In the Linux kernel libbpf code, the bpf_xdp_query_opts struct gained fields feature_flags and xdp_zc_max_segs. The code updating these fields did not use the OPTS_SET() macro, causing writes to the fields unconditionally and risking stack corruption for programs built a...

CVE-2024-27394

CVE-2024-27394 affects the Linux kernel, in the tcp_ao_connect_init path. The vulnerability arises because call_rcu is used during hlist_for_each_entry_rcu traversal outside the RCU read critical section, allowing the RCU grace period to pass while the key may still be referenced, creating a Use-...

CVE-2024-35826

CVE-2024-35826 — Linux kernel: fix page refcounts for unaligned buffers in __bio_release_pages(). This patch corrects the number of pages released for buffers that do not start at the beginning of a page, addressing a vulnerability in block I/O handling. Impact, as described in the FP: local acce...

CVE-2024-35956

CVE-2024-35956 affects the Linux kernel's btrfs quota groups handling. During subvolume create/snapshot/delete, metadata reservations are made via btrfs_subvolume_reserve_metadata(). When quotas are enabled, a PREALLOC qgroup reservation is created and later converted to PERTRANS after the operat...

CVE-2024-36478

CVE-2024-36478 affects the Linux kernel null_blk driver. The issue is a NULL pointer dereference that occurs when power and submit_queues are configured concurrently, leading to a kernel panic via a race between del_gendisk and NR HW queue updates. The fixes consolidate protection by reusing a gl...

CVE-2024-36898

CVE-2024-36898 affects Linux kernel gpiolib: cdev. The issue is an uninitialised kfifo when software debounce is active and edge-detection is re-enabled, causing events to be written/read from an uninitialised queue. The published fix initializes the kfifo in the debounce-active path. Connected a...

CVE-2024-38580

CVE-2024-38580 is a Linux kernel vulnerability in the epoll path where epoll could race with the last fput(), causing a file reference to go dead and potentially leading to use-after-free when epoll calls into vfs_poll(). The fix adds a validation to ensure a valid file reference is held before d...

CVE-2024-38637

The CVE-2024-38637 issue affects the Linux kernel, specifically the greybus lights driver. The root cause is that get_channel_from_mode may return null when a channel for the given node is not found, and the code used this return value without validating the pointer in two places. This could lead...

CVE-2024-41002

The connected documents confirm CVE-2024-41002 affects the Linux kernel crypto path for Hisilicon SEC (AIV resource) where releasing SEC resources could leak memory. The root cause is improper synchronization of AIV release with sec resource cleanup, leading to a memory leak when resources are fr...

CVE-2024-41078

CVE-2024-41078 (Linux kernel, btrfs qgroup) fixes a quota root leak that occurs if quota disable cleanup fails, leaking the quota root via fs_info->quota_root. The root cause is a missing btrfs_put_root() on the out path when dropping quota root references; a NULL assignment previously happene...

CVE-2024-41087

CVE-2024-41087 (Linux kernel) : The issue stems from the libata-core path “ata_host_alloc” where, on error, control may jump to err_out and call devres_release_group(), which triggers ata_host_release() and a subsequent kfree(host). If kfree(host) runs again in the normal path, a double free occu...