CVE-2024-44977

In CVE-2024-44977, the Linux kernel module drm/amdgpu is affected by a missing TA binary size validation that could allow an out-of-bounds write. The issue is resolved by adding TA binary size validation to the TA handling path. The fix was cherry-picked from commit c0a04e3570d72aaf090962156ad085...

CVE-2024-45028

Summary (CVE-2024-45028) : The vulnerability is in the Linux kernel code path mmc_test, where the allocation of test->highmem via alloc_pages() can lead to a NULL dereference when __free_pages(test->highmem) executes after allocation failure. The fix changes the dereference handling to avoi...

CVE-2024-46803

CVE-2024-46803 (Linux kernel) affects the DRM AMD kernel component (amdkfd). In interrupt context, writing dbg_ev_file via a workqueue can occur after debug_trap_disable, yielding a NULL pointer dereference. The fix adds a guard by canceling the work item (debug_event_workarea) before setting dbg...

CVE-2024-46832

CVE-2024-46832 involves the Linux kernel, specifically the MIPS cevt-r4k path. The issue arose when get_c0_compare_int was called if a timer IRQ was installed, which could trigger a WARN/BUG: sleeping function called from invalid context on secondary CPU. The patch changes the flow to avoid calli...

CVE-2024-47663

Technical details about CVE-2024-47663 are not provided in the supplied documents. The entries summarize a kernel fix in ad9834 frequency handling but do not include vendor/product specifics or patch details. Monitor for updates.

CVE-2024-47681

CVE-2024-47681 concerns the Linux kernel wifi driver for the mt76 MT7996. The issue is a NULL pointer dereference in the mt7996_mcu_sta_bfer_he routine when adding an STA interface to the MT7996 driver. The description indicates the vulnerability is resolved by fixing the NULL pointer dereference...

CVE-2024-47734

CVE-2024-47734: In the Linux kernel, the bonding subsystem fixed unnecessary warnings/logs from bond_xdp_get_xmit_slave(). The patch removes a WARN_ON_ONCE() and adds rate limiting to netdev_err() to reduce log noise when XDP is used on bonded interfaces (e.g., with bond1 xdpdrv and bond0/slave v...

CVE-2024-47736

CVE-2024-47736 relates to the Linux kernel EROFS handling of overlapped pclusters in crafted images. The issue caused a potential task hang/deadlock while waiting on the folio lock during cache I/O, triggered by fuzzed images with overlapping big pclusters. Root causes described include mis-arran...

CVE-2024-47750

CVE-2024-47750: In the Linux kernel, RDMA/hns on HIP08 had a Use-After-Free of rsv_qp because rsv_qp was freed before ib_unregister_device() was called. The documented fix moves the release of rsv_qp to after ib_unregister_device(). Affected component: RDMA/hns in HIP08; impact is Use-After-Free,...

CVE-2024-49940

CVE-2024-49940 : In the Linux kernel, a tunnel refcount underflow could occur in L2TP handling. The issue stems from a race where session->tunnel is non-NULL in a window between session creation and tunnel refcount increment during l2tp_session_register, allowing a backpointer to a tunnel whos...

CVE-2024-50105

CVE-2024-50105 relates to the Linux kernel ASoC Qualcomm Soundwire path. The SC7280 Soundwire runtime stream allocation was not updated when allocation was moved to per-machine soundcard drivers, risking NULL pointer dereference or uninitialized memory during playback. The fix (commit 15c7fab0e04...

CVE-2024-50139

CVE-2024-50139 affects the Linux kernel’s KVM ARM64 implementation. The bug arises from a UBSAN-shift-out-of-bounds condition (shift exponent 33 is too large for a 32-bit int) encountered when running a VM with MTE enabled on the host. The vulnerability can cause a UBSAN crash/abort within arch/a...

CVE-2024-50157

CVE-2024-50157 concerns the Linux kernel RDMA/bnxt_re driver. The root cause is a loop waiting for the FIFO occupancy to drop below a threshold; under high pacing interrupts, this can cause a soft lockup on a processor. The fix adds a loop counter for FPGA and exits __wait_for_fifo_occupancy_belo...

CVE-2024-53067

The CVE-2024-53067 entry relates to the Linux kernel SCSI/UFS subsystem. A fix prevents RTC update work from starting before runtime PM in the UFS driver is fully initialized, addressing a crash (Oops) observed in the ufshcd_rtc_work path. The core issue is a race/ordering problem that could trig...

CVE-2024-53077

CVE-2024-53077 affects the Linux kernel rpcrdma subsystem, specifically the rpcrdma_device xa_array. The root cause is that xa_init_flags() in rpcrdma_add_one() may allocate memory in the xarray that is not released during removal because there is no matching xa_destroy() in rpcrdma_remove_one()....

CVE-2024-53086

Technical details about CVE-2024-53086 are not publicly provided in the supplied documents. Please monitor for updates from kernel commits and vendor advisories to obtain affected products, vulnerable components, and remediation.

CVE-2024-56680

CVE-2024-56680 affects the Linux kernel. The issue stems from IPU6 interrupt handling on shared IRQ lines: when the IPU6 device is disabled, an IRQ can be triggered by another device and ISR_STATUS may read 0xffffffff, risking system hang. The kernel fix adds defensive checks to avoid suspending ...

CVE-2024-56719

CVE-2024-56719 affects the Linux kernel net driver stmmac (TSO DMA path). The root cause was unbalanced DMA map/unmap: tx_skbuff_dma[] was populated later in stmmac_tso_xmit(), causing the dma cookie used by dma_unmap_single() to differ from dma_map_single() when priv->dma_cap.addr64 > 32. ...

CVE-2025-21674

CVE-2025-21674 affects the Linux kernel mlx5e/mlx5_core with IPsec tunnel offload in tunnel mode. The issue caused a kernel panic due to two problems: (1) in SA add, the _bh() variant should be used when marking SA mode, and (2) an unnecessary flush_workqueue in SA delete routine. The failure is ...

CVE-2025-21707

CVE-2025-21707 details (Linux kernel MPTCP issue). The vulnerability arises in MPTCP suboption status handling, where zeroing a bitmask is insufficient and certain per-suboption bitfields may fail to be cleared/initialized. Syzkaller reported KMSAN uninitialized value paths in __mptcp_expand_seq ...

CVE-2025-21723

Summary (CVE-2025-21723) In the Linux kernel, mpi3mr/scsi code was fixed to prevent a crash when BSG setup fails. If bsg_setup_queue() fails, bsg_queue may be non-NULL, causing mpi3mr_bsg_exit() to skip bsg_remove_queue() and trigger a NULL pointer dereference (kernel crash) as shown in the entry...

CVE-2025-21725

CVE-2025-21725 concerns the Linux kernel CIFS/SMB client. The issue arises when NETWORK_INTERFACE_INFO::LinkSpeed is not guaranteed to be set by the server, potentially causing an oops (divide error) in the cifs client path. The provided connected documents specify the fix as: fix by setting cifs...

CVE-2025-21732

CVE-2025-21732 pertains to the Linux kernel RDMA mlx5 path. It describes a race in the ODP MR handling where, during __mlx5_ib_dereg_mr(), a concurrent mlx5_ib_invalidate_range() can invalidate a freed lkey, triggering a CQE error and potentially placing the UMR QP in an error state. The disclose...

CVE-2025-21828

CVE-2025-21828 relates to the Linux kernel wifi/mac80211 subsystem. The issue arises when a station (STA) has not been uploaded to the driver (e.g., STA state pre-moved to AUTHORIZED in IBSS scenarios) and a failed insertion leads to a premature STA free, causing the driver to attempt flushing an...

CVE-2025-21833

CVE-2025-21833 : In the Linux kernel, the vulnerability affects iommu/vt-d logic where a NULL pointer could be dereferenced after a WARN_ON_ONCE if domain_remove_dev_pasid cannot find the pasid. The issue has been resolved in the kernel code path that avoids using a NULL pointer post-WARN_ON_ONCE...

CVE-2025-21931

CVE-2025-21931 affects the Linux kernel memory hotplug path (hwpoison) and was fixed by ensuring folio lock is held before unmapping hwpoisoned folio. The fix adds the folio lock around unmap calls in do_migrate_range/try_to_unmap to prevent the kernel BUG triggered when folio is not locked. The ...

CVE-2025-21980

The CVE-2025-21980 entry concerns the Linux kernel GRED scheduler. It covers a potential NULL pointer dereference when kzalloc in gred_init returns NULL and the error path leads to gred_destroy, which calls gred_offload and may pass a NULL pointer to memset, potentially crashing the kernel. The i...

CVE-2025-22025

CVE-2025-22025 concerns the Linux kernel NFS server (nfsd) where, before queuing dl_recall in nfsd4_run_cb, the code increments a reference count on dl_stid. If queuing fails, the callback path does not run, and the corresponding dl_stid reference is not decremented, leading to a leak of nfs4_sti...

CVE-2025-22037

CVE-2025-22037 (Linux kernel) : Affects ksmbd in the Linux kernel. A malformed SMB2 negotiate request could lead ksmbd to respond with an error and, if the client then proceeds to session setup, trigger a NULL pointer dereference in alloc_preauth_hash(). The patch introduces a new KSMBD_SESS_NEED...

CVE-2025-22040

CVE-2025-22040 affects the Linux kernel ksmbd multichannel path. A race between session setup and ksmbd_sessions_deregister can free a session before its connection is added to the session’s channel list. The fix adds a reference-count check before freeing the session. Documented impact is high (...

CVE-2025-22064

CVE-2025-22064 affects the Linux kernel nf_tables: when nf_tables_updchain encounters an error, the code path may unregister a hook that wasn’t registered if the table is dormant. Root cause: move the hook assignment into the registration block so dormant tables do not unregister. Impact per sour...

CVE-2025-37772

CVE-2025-37772 – Linux kernel RDMA CMA workqueue race condition. The vulnerability arises when multiple rapid calls to cma_netevent_callback() enqueue cma_netevent_work_handler() for the same rdma_cm_id, potentially overwriting a previously scheduled work item due to reusing the rdma_cm_id’s net_...

CVE-2025-37815

CVE-2025-37815 concerns the Linux kernel’s misc: microchip: pci1xxxx IRQ handling. The patch fixes a kernel panic during IRQ handler registration by acquiring the spinlock and saving the current interrupt state before processing the IRQ via generic_handle_irq. A previous fix substituted generic_h...

CVE-2025-37852

CVE-2025-37852 affects the Linux kernel DRM/AMDGPU stack. The root cause is errors from amdgpu_cgs_create_device() in amd_powerplay_create(), which could lead to a null pointer dereference if not handled. The fix propagates the failure to the caller, releases the hwmgr, and returns -ENOMEM instea...

CVE-2002-0510

CVE-2002-0510 describes a fingerprinting flaw in the UDP/IP stack of Linux 2.4.x: the IP Identification field is kept at 0 for non-fragmented packets, enabling remote observers to determine if a target runs Linux. The available connected documents reiterate the Linux kernel vulnerability and refe...

CVE-2009-0834

The CVE-2009-0834 issue affects the Linux kernel up to 2.6.28.7 on x86_64, where audit_syscall_entry mishandles 32-bit processes making 64-bit syscalls or 64-bit processes making 32-bit syscalls. This can allow local users to bypass certain syscall audit configurations, and is related to CVE-2009...

CVE-2009-2844

CVE-2009-2844 affects the Linux kernel’s cfg80211 code (net/wireless/scan.c) in 2.6.30-rc1 and earlier than 2.6.31-rc6. The vulnerability allows remote attackers to cause a denial of service (crash) by sending a crafted sequence of beacon frames: one frame omits the SSID Information Element, and ...

CVE-2009-3002

CVE-2009-3002 affects the Linux kernel prior to 2.6.31-rc7, where getname() implementations for IrDA, AppleTalk DDP, NET/ROM, and ROSE (and related sockets) did not initialize certain data structures before copying to user-space. This allowed a local user to leak information by calling getsocknam...

CVE-2009-3612

CVE-2009-3612 affects the Linux kernel’s net/sched/cls_api.c tcf_fill_node in the netlink subsystem. The issue is that a tcm__pad2 structure member is not initialized, potentially allowing local attackers to read sensitive kernel memory. Affected: kernel 2.6.x prior to 2.6.32-rc5 and 2.4.37.6 and...

CVE-2010-3080

CVE-2010-3080 is a double-free vulnerability in the Linux kernel’s snd_seq_oss_open() (sound/core/seq/oss/seq_oss_init.c) affecting kernels before 2.6.36-rc4. An unsuccessful open of /dev/sequencer could trigger kernel memory corruption, leading to local denial of service and potentially other im...

CVE-2011-2492

CVE-2011-2492 affects the Linux kernel Bluetooth subsystem prior to 3.0-rc4, where certain data structures are not properly initialized. The flaw is exploited via a crafted getsockopt system call in the l2cap_sock_getsockopt_old and rfcomm_sock_getsockopt_old paths, enabling local users to obtain...

CVE-2012-0038

CVE-2012-0038 affects the Linux kernel prior to 3.1.9. An integer overflow in fs/xfs/xfs_acl.c (xfs_acl_from_disk) can be triggered by a malformed ACL on a filesystem, leading to a heap-based buffer overflow and a local-denial-of-service (panic). A fix was released in 3.1.9. Users should upgrade ...

CVE-2012-2319

CVE-2012-2319 refers to multiple buffer overflows in the Linux kernel’s hfsplus filesystem implementation, exploitable locally to gain privileges via a crafted HFS+ filesystem. Affected: Linux kernel before 3.3.5. Root cause: buffer overflow in hfsplus code (related to CVE-2009-4020). Impact, as ...

CVE-2014-1438

The CVE-2014-1438 entry concerns the Linux kernel prior to 3.12.8 on AMD K7/K8 platforms. The restore_fpu_checking function in arch/x86/include/asm/fpu-internal.h does not clear pending FPU exceptions before an EMMS instruction, enabling local users to cause a denial of service (task kill) or pot...

CVE-2014-1739

CVE-2014-1739 affects the Linux kernel before 3.14.6, where the function media_device_enum_entities in drivers/media/media-device.c fails to initialize a data structure. This leads to an information disclosure vulnerability: a local attacker with access to /dev/media0 can read kernel memory throu...

CVE-2014-9803

CVE-2014-9803 affects the Linux kernel and Android deployments using affected kernels prior to 3.15-rc5-next-20140519 (notably on Nexus 5X/6P before 2016-07-05). The issue arises in arch/arm64/include/asm/pgtable.h where execute-only pages are mishandled, enabling a local attacker to gain privile...

CVE-2015-0573

CVE-2015-0573 affects the Linux kernel 3.x TSC driver (drivers/media/platform/msm/broadcast/tsc.c) as used in Qualcomm Innovation Center (QuIC) Android MSM builds. The vulnerability is a use of the TSC_GET_CARD_STATUS ioctl that can trigger an invalid pointer dereference, leading to a denial of s...

CVE-2016-2543

CVE-2016-2543 affects the Linux kernel before 4.4.1: the snd_seq_ioctl_remove_events path in sound/core/seq/seq_clientmgr.c does not verify FIFO assignment before clearing, enabling local users to trigger a NULL pointer dereference and an OOPS (denial of service). Remediation: upgrade to kernel 4...

CVE-2017-10662

The CVE-2017-10662 issue affects the Linux kernel’s F2FS implementation: the sanity_check_raw_super function in fs/f2fs/super.c fails to validate the segment count, enabling local privilege escalation. Concretely, affected versions are before 4.11.1. Several connected advisories (e.g., UTSA/Euler...

CVE-2017-13694

CVE-2017-13694 affects the Linux kernel up to 4.12.9. The acpi_ps_complete_final_op() function in drivers/acpi/acpica/psobject.c does not flush the node and node_ext caches, enabling a local attacker to trigger a kernel memory disclosure and bypass KASLR via a crafted ACPI table. The issue is mit...