CVE-2025-21937

CVE-2025-21937 (Linux kernel) : The vulnerability concerns a NULL dereference in Bluetooth mgmt_remote_name() from an unchecked mgmt_alloc_skb() return value. The fix adds a check for mgmt_alloc_skb() and validates its return value in mgmt_remote_name(), mitigating the issue. Connected advisories...

CVE-2017-10662

The CVE-2017-10662 issue affects the Linux kernel’s F2FS implementation: the sanity_check_raw_super function in fs/f2fs/super.c fails to validate the segment count, enabling local privilege escalation. Concretely, affected versions are before 4.11.1. Several connected advisories (e.g., UTSA/Euler...

CVE-2017-13694

CVE-2017-13694 affects the Linux kernel up to 4.12.9. The acpi_ps_complete_final_op() function in drivers/acpi/acpica/psobject.c does not flush the node and node_ext caches, enabling a local attacker to trigger a kernel memory disclosure and bypass KASLR via a crafted ACPI table. The issue is mit...

CVE-2022-3078

CVE-2022-3078 affects Linux kernels up to 5.16-rc6; it arises from a lack of a post-allocation check after vzalloc() and a missing free in drivers/media/test-drivers/vidtv/vidtv_s302m.c. This can enable memory mismanagement within the affected driver. A fix is available in kernel patch history (e...

CVE-2022-47946

CVE-2022-47946 affects the Linux kernel 5.10.x up to 5.10.155. It is a use-after-free in io_sqpoll_wait_sq (fs/io_uring.c) that can crash the kernel and cause a denial of service; finish_wait can be skipped. Exploitation scenarios include forking a process and terminating it quickly. Later kernel...

CVE-2022-48651

CVE-2022-48651 affects the Linux kernel ipvlan path. When an AF_PACKET socket uses PACKET_QDISC_BYPASS and the default xmit path is switched, skb->mac_header may remain at 65535, yielding slab-out-of-bounds in ipvlan_xmit_mode_l2. Root causes: packet_snd() only resets skb->mac_header for SO...

CVE-2022-48967

CVE-2022-48967 affects the Linux kernel NFC subsystem (NCI) and stems from a missing bounds check in nci_add_new_protocol, allowing a potential field-spanning write to target->sensf_res under Fortify and triggering an out-of-bounds write. The issue is concrete: a bounds error in net/nfc/nci/nt...

CVE-2022-49027

CVE-2022-49027 pertains to the Linux kernel: the iavf_init_module() path failed to destroy a workqueue when pci_register_driver() failed, causing a resource leak. The fix adds a destroy_workqueue() call in the error path to prevent leaks, aligning with the handling in a related commit for usb/hot...

CVE-2022-49334

The CVE-2022-49334 issue concerns the Linux kernel memory-management code for huge pages (mm/huge_memory). The root cause was that when xas_split_alloc() could not allocate required xarray nodes, it set xa_state to -ENOMEM, which xas_nomem() treated as a cue to “Please allocate more memory,” inst...

CVE-2022-49351

CVE-2022-49351 is tied to the Linux kernel fix in net: altera: Fix refcount leak in altera_tse_mdio_create. The issue arises in for_each_child_of_node() iterations where the previous node’s reference count is decremented and, on breaking out of the loop, of_node_put() was not called, leading to a...

CVE-2022-49827

Summary (CVE-2022-49827) : In the Linux kernel DRM stack, a possible null pointer dereference could occur during vblank cleanup when __drmm_add_action() fails and drm_vblank_init_release() runs for a vblank with a NULL worker, leading to kthread_destroy_worker() dereference. The fix adds a NULL c...

CVE-2023-0160

CVE-2023-0160 corresponds to a deadlock in the Linux kernel BPF subsystem that can be exploited locally to crash the system. Connected documents confirm the issue arises in the kernel’s eBPF/BPF path and affect Linux kernel versions including Astra Linux references to linux-5.10/5.15. The Amazon ...

CVE-2023-52567

CVE-2023-52567 : In the Linux kernel serial driver (8250_port), if a leaf driver uses IRQ polling (irq=0) and the IIR indicates an interrupt, the IRQ data can be NULL, potentially leading to a NULL pointer dereference. The published fix adds a check to ensure IRQ data is valid before wake-up hand...

CVE-2023-52576

CVE-2023-52576 affects the Linux kernel (x86/mm, kexec, ima). The issue was a use-after-free in memblock_isolate_range() caused by calling ima_free_kexec_buffer() after the memblock allocator had been torn down. The fix switches ima_free_kexec_buffer() to memblock_free_late() to avoid the bug. Wi...

CVE-2023-52582

CVE-2023-52582 affects the Linux kernel netfs path. The issue is in netfs_rreq_unlock_folios() where folio_start_fscache() could be invoked more than once per folio when a clamp_length() is used, potentially triggering an oops as described in the public advisory. The connected advisories confirm ...

CVE-2023-52925

CVE-2023-52925 relates to the Linux kernel nf_tables code. The vulnerability concerns how nf_tables handles inserts for duplicate set entries when some duplicates have expired. The description states that the system should ignore expired duplicates and not fail inserts, noting an asymmetry in nft...

CVE-2023-53068

CVE-2023-53068 is reported in the Linux kernel under net: usb: lan78xx: Limit packet length to skb->len. The vulnerability arises when the packet length read from the descriptor may exceed skb->len, causing a cloned skb passed up the network stack to leak kernel memory contents. A fix was a...

CVE-2023-53102

CVE-2023-53102 details (Linux kernel, ice driver). The issue arises in ice_qp_dis() for xsk/xdpsock, where txq interrupts were being disabled before the hardware flush completed, allowing a window where IRQs could fire during a pool detach. The documented bug trace shows a NULL pointer dereferenc...

CVE-2023-53124

VULNERABILITY SUMMARY: CVE-2023-53124 fixes a NULL pointer dereference in the Linux kernel SCSI driver mpt3sas during transport_port_add. The port is created by sas_port_alloc_num() and rphy by sas_end_device_alloc() or sas_expander_alloc(), any of which may return NULL, and the code would access...

CVE-2024-26842

The CVE-2024-26842 issue is a Linux kernel vulnerability in the SCSI UFS host controller code (ufshcd_clear_cmd). In MCQ mode, when task_tag >= 32 and sizeof(unsigned int) == 4, 1U <

CVE-2024-35885

Mode CThe CVE affects the mlxbf_gige Linux kernel driver. The issue is a NULL pointer dereference during shutdown in mlxbf_gige_handle_tx_complete, leading to kernel Oops and a fatal interrupt (kernel panic). It can leave NAPI enabled and the network interface in an inconsistent state if stop() i...

CVE-2024-37021

Technical details for CVE-2024-37021 are not publicly available in the provided connected documents. The initial description references fpga_manager owner/refcount changes in the Linux kernel, but no further technical specifics (affected products/versions/fixes) are given here. Monitor for updates.

CVE-2024-40976

CVE-2024-40976 — Linux kernel (drm/lima) Affected: drm/lima in the Linux kernel. Description details a race in which a rendering job may trigger the drm sched timeout handler and still complete before the hard reset, risking a refcount imbalance on lima_pm_idle and producing stack traces. Root ca...

CVE-2024-41036

CVE-2024-41036 - Linux kernel ks8851 deadlock fix (SPI variant). The issue arises when SMP is enabled and spinlocks are functional, causing a deadlock between ks8851_start_xmit_spi and ks8851_irq via the statelock. Affected: ks8851 TX path in the Linux kernel net driver. Impact: potential soft lo...

CVE-2024-41088

CVE-2024-41088 (Linux kernel) affects the can mcp251xfd driver. When mcp251xfd_start_xmit() fails, tx_ring->head is still incremented, causing the Transmit Event FIFO to reflect an outstanding TX while a response is expected, which can lead to an infinite loop in the interrupt routine if multi...

CVE-2024-42087

CVE-2024-42087 affects the Linux kernel in the drm/panel/ilitek-ili9881c GPIO reset implementation. The issue arises from using gpiod_set_value() for a GPIO controller that may sleep, which triggers warnings. A fix replaces the non-sleeping call with gpiod_set_value_cansleep(), addressing the war...

CVE-2024-42295

CVE-2024-42295 — Linux kernel nilfs2 issue : Syzbot detected a buffer state inconsistency in nilfs_btnode_create_block that could occur when the argument block address is a virtual block number reallocated due to bitmap corruption. The patch changes nilfs_btnode_create_block() and its callers to ...

CVE-2024-43880

CVE-2024-43880 affects the Linux kernel mlxsw Spectrum ACL TCAM handling. The issue arises in the TCAM masking logic where object aggregation hints could form nested objects (A-TCAM/C-TCAM) due to an aggregation‑helper in the objagg library and driver interaction. This could produce non‑optimal o...

CVE-2024-43883

CVE-2024-43883 is a Linux kernel issue in the usb vhci-hcd driver. The bug allowed stale references to be carried due to dropping existing references before new ones are gained, potentially enabling use-after references. The description and linked advisories show the root cause as racing/dropping...

CVE-2024-46738

CVE-2024-46738 affects the Linux kernel VMCI subsystem. A use-after-free occurs in vmci_resource_remove() when removing a resource from vmci_resource_table if two resources share the same handle (same context and resource fields) but differ by type; the code previously could free the wrong object...

CVE-2024-46802

CVE-2024-46802 affects the Linux kernel’s DRM-AMD display path. The vulnerability is a NULL-dereference in drm/amd/display when validating a stream, caused by missing NULL checks for dc or stream. The fixed code adds a NULL check at the start of dc_validate_stream to prevent invalid memory access...

CVE-2024-49864

CVE-2024-49864 (Linux kernel, rxrpc) : A race existed between rxrpc_open_socket() creating the UDP socket and the I/O thread that handles it, allowing a UDP packet to arrive at rxrpc_encap_rcv() before the I/O thread exists, which could cause an oops when waking the not-yet-created thread. The qu...

CVE-2024-49947

CVE-2024-49947 affects the Linux kernel net stack, specifically a vulnerability in virtio_net_hdr_to_skb() where an incorrectly set skb->csum_start could place the transport header before or after the network header when processing injected packets via af_packet. Syzbot-triggered warnings show...

CVE-2024-53221

Technical details about CVE-2024-53221 (affected products/versions, impact, and fixes) are not provided in the supplied documents. Public specifics are not available here; please monitor for updates from official advisories or connected sources.

CVE-2024-56540

The CVE-2024-56540 entry concerns the Linux kernel, affecting the acceleration driver path for ivpu. It patches IPC send/receive flows to avoid triggering recovery during probe/resume by exposing ivpu_send_receive_internal() and adjusting ivpu_probe() and ivpu_resume() paths to propagate errors g...

CVE-2024-56684

CVE-2024-56684: In the Linux kernel, mailbox: mtk-cmdq had a wrong sizeof usage in cmdq_get_clocks() where a data pointer was passed to devm_kcalloc(); the allocation should be sizeof(struct clk_bulk_data). The patch fixes the allocation size, addressing a potential memory/overflow issue when con...

CVE-2024-56687

The CVE-2024-56687 issue affects the Linux kernel USB MUSB gadget path, where a request’s complete callback could be invoked from usb_ep_queue(), risking a hardware lockup and potential deadlock in the RX path. Root cause involves complex interaction between RXPKTRDY handling, IRQs, and the callb...

CVE-2024-56689

Technical details for CVE-2024-56689 are not publicly provided in the supplied documents. The initial description indicates a kernel fix for a NULL-dereference in PCI endpoint handling, but no product/version specifics or exploit information are given here. Monitor for updates.

CVE-2024-58068

CVE-2024-58068 affects the Linux kernel OPP subsystem. If a bandwidth table is not created (e.g., interconnect properties missing in the OPP consumer node) and a driver calls dev_pm_opp_find_bw_ceil() or dev_pm_opp_find_bw_floor(), the kernel may NULL-dereference when reading bandwidth from _read...

CVE-2025-21724

CVE-2025-21724: In the Linux kernel’s iommufd/iova_bitmap, UBSAN shift-out-of-bounds occurred in iova_bitmap_offset_to_index() when shifting the constant 1 by bitmap->mapped.pgshift (unsigned long). If pgshift > 31, the 32-bit int shift overflowed, causing undefined behavior. The fix promot...

CVE-2025-21784

CVE-2025-21784 affects the Linux kernel’s drm/amdgpu path. The vulnerability arises in psp_init_cap_microcode() where the code must bail out on firmware load failure to avoid invalid memory access. The connected Astra Linux bulletin reiterates this fix for psp_init_cap_microcode(). The practical ...

CVE-2025-21875

CVE-2025-21875 affects the Linux kernel mptcp PM path: the PM may send RM_ADDR notifications over an msk socket without first holding the msk socket lock, due to an optimization path when there are no subflows. The issue is triggered in the PM netlink flow (mptcp_pm_nl_addr_send_ack and related c...

CVE-2025-22015

CVE-2025-22015 : In the Linux kernel, the vulnerability lies in mm/migrate where a shmem folio can be in page cache or swap cache but not both. The root cause is that __folio_migrate_mapping() used folio_test_swapbacked() to determine how many xarray entries to update, which conflates shmem in pa...

CVE-2025-23129

CVE-2025-23129: In the Linux kernel, the ath11k PCI driver (ath11k_pci) could log a warning when error paths freed a shared IRQ without clearing the IRQ affinity hint. The root cause was setting the IRQ affinity hint after irq vector allocation in ath11k_pci_alloc_msi(), which caused free_irq in ...

CVE-2025-37824

CVE-2025-37824 affects the Linux kernel TIPC monitor path. The issue is a NULL pointer dereference in tipc_mon_reinit_self() caused by a race between enabling and disabling the bearer, where mon->self may be NULL during reinitialization. A fix has been applied in tipc_mon_reinit_self() (net/ti...

CVE-2025-37873

CVE-2025-37873: In the Linux kernel bnxt Ethernet driver, the ring index trim was not applied on error paths, leading to a crash when DMA mapping fails. The issue has been resolved in the kernel fixing commit for bnxt, as referenced by the vulnerability entry and multiple OSV/ELSAs linking to CVE...

CVE-2025-37989

Technical details about CVE-2025-37989 are not publicly provided in the connected documents. Monitor for updates from official advisories; the current sources do not reveal affected products, versions, impact, or fixes beyond the description.

CVE-2025-38089

The CVE-2025-38089 issue affects the Linux kernel sunrpc auth path. A remotely triggerable crash can occur when a specially crafted RPC reply yields SVC_GARBAGE without setting rq_accept_statp, risking NULL dereference or memory scribble. The bug arises because a SVC_GARBAGE return was treated as...

CVE-2009-3620

CVE-2009-3620 affects the ATI Rage 128 (r128) driver in the Linux kernel, where the driver fails to properly verify Concurrent Command Engine (CCE) state initialization. This local vulnerability can cause a NULL pointer dereference and system crash (DoS) and may allow privilege escalation via uns...

CVE-2010-1437

CVE-2010-1437 is a race condition in the Linux kernel’s keyring handling (find_keyring_by_name in security/keys/keyring.c) affecting version 2.6.34-rc5 and earlier. A local user can exploit this via keyctl session commands that access a dead keyring being deleted by key_cleanup, leading to memory...