13804 matches found
CVE-2024-43894
CVE-2024-43894 — kernel DRM NULL-deref fix : In the Linux kernel drm/client path, the function drm_client_modeset_probe can dereference a NULL after drm_mode_duplicate() fails because the returned pointer is assigned directly to modeset->mode. The patch adds a safety check to avoid NULL pointe...
CVE-2024-40987
Mode C: The CVE-2024-40987 issue affects the Linux kernel's DRM/amdgpu driver, where a UBSAN warning in kv_dpm.c is fixed by adding a bounds check for sumo_vid_mapping_entry. The patch targets the root cause (bounds check failure) and reports the fix as part of the kernel update. Public reference...
CVE-2024-40990
The CVE-2024-40990 issue is a Linux kernel vulnerability in RDMA/mlx5 where the srq max_sge attribute, supplied by users, was inserted/used without proper bounds checks. The fix adds verification against the maximum allowed value before use, addressing potential overflow/abuse locally. Applicable...
CVE-2024-41022
AFFECTED SOFTWARE: Linux kernel (drm/amdgpu) with a signedness bug in sdma_v4_0_process_trap_irq() where the local error-path handling depended on a signed instance counter. ROOT CAUSE: the instance variable needed to be signed to ensure correct error handling, and failure to do so could affect t...
CVE-2024-41046
CVE-2024-41046 affects the Linux kernel net: ethernet: lantiq_etop driver. The issue is a double-free in detach caused by never incrementing the currently released descriptor, leading to releasing the same skb multiple times. A patch addressing this is published in stable kernels (as cited by the...
CVE-2024-41050
CVE-2024-41050 (Linux kernel) affects the cachefiles subsystem, specifically the ondemand path handling of object reopening. The vulnerability arises from cyclic re-use of msg_id after a malicious reopen, which can cause a read request to remain unprocessed and lead to a hang. The root cause is r...
CVE-2024-41069
CVE-2024-41069 is a Linux kernel vulnerability in ASoC topology where references to freed memory were fixed. The changelog entries indicate root cause was pointers into topology file contents after parsing and releasing memory; the fix allocates memory via devm_kmemdup() to avoid dereferencing fr...
CVE-2024-42085
CVE-2024-42085 affects the Linux kernel USB DWC3 gadget, where when CONFIG_USB_DWC3_DUAL_ROLE is enabled and the system suspends (e.g., echo mem > /sys/power/state), a deadlock can occur during gadget suspend/resume. The triggering path is dwc3_suspend_common() taking dwc3->lock, then dwc3_...
CVE-2024-42095
CVE-2024-42095 affects the Linux kernel component serial: 8250_omap, implementing Errata i2310. The issue allows an erroneous timeout that, if not cleared, can trigger a storm of interrupts per TI’s Errata i2310 (TI TI sprz536, page 23). Public records in connected sources consistently cite imple...
CVE-2024-42126
CVE-2024-42126 pertains to the Linux kernel on powerpc where nmi_enter/nmi_exit can touch per-CPU state and crash the kernel when invoked during real-mode interrupt handling if percpu allocations come from the vmalloc area. The issue manifests under CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK with percp...
CVE-2024-42129
CVE-2024-42129 – Linux kernel (mlxreg LED driver) : The vulnerability arose because leds: mlxreg registered LEDs with devm_led_classdev_register(), but led_classdev_unregister() invoked a brightness callback that used a mutex already destroyed during module removal. The fix uses the devm API for ...
CVE-2024-42157
CVE-2024-42157 affects the Linux kernel (s390/pkey) and is tied to wiping sensitive data on failure. Proposed fix/remediation exists in the kernel, with commits referenced by kernel-stable history (e.g., c44a2151e5d21c66b070a056c26471f30719b575 and related commits) and multiple advisories noting ...
CVE-2024-42287
The connected documents confirm CVE-2024-42287 affects the Linux kernel scsi/qla2xxx path. Root cause: completing a command early (outside a lock) during unload leads to a race and a crash (NULL pointer dereference) when NPIV/FW reset paths are involved. The mitigation in the provided text is to ...
CVE-2024-42310
CVE-2024-42310 concerns a null pointer dereference in the Linux kernel's DRM GMA500 driver, specifically cdv_intel_lvds_get_modes. The bug arises when the return value of drm_mode_duplicate() is assigned to mode and drm_mode_duplicate() fails, potentially leading to an NPD. The issue has been fix...
CVE-2024-42320
CVE-2024-42320 affects the Linux kernel’s s390/dasd subsystem. The root cause is a missing validation of the result from dasd_add_busid() when an allocation fails, which could yield a NULL pointer dereference in dasd_copy_pair_store() . The fix adds a check using IS_ERR() and propagates the error...
CVE-2024-44985
Summary (CVE-2024-44985) : In the Linux kernel, the IPv6 xmit path (ip6_xmit) could suffer a use-after-free if skb_expand_head() returns NULL, freeing the skb and potentially the associated dst/idev. The issue is mitigated by ensuring RCUs protections (rcu_read_lock()) to prevent the UAF. The Ast...
CVE-2024-46717
The CVE-2024-46717 entry concerns a Linux kernel net/mlx5e SHAMPO defect: an incorrect SHAMPO header page release could cause SHAMPO header pages to be released more than once. The description specifies the root cause: when no skb has been created yet, header_size is 0 and the last SHAMPO header ...
CVE-2024-46829
The CVE-2024-46829 entry affects the Linux kernel and concerns a deadlock condition in rtmutex handling. Root cause: rt_mutex_handle_deadlock() is invoked with rt_mutex::wait_lock still held; in the deadlock path this could lead to an endless scheduling loop while the lock remains held and trigge...
CVE-2024-46870
CVE-2024-46870 concerns the Linux kernel’s DRM/AMD display path, where a race condition can occur in DCN35 when DMCUB timeout is not appropriate. The provided description states that DMCUB can take longer to process commands, and the old ASIC policy could continue after a diagnostic error, riskin...
CVE-2024-47669
CVE-2024-47669 involves the Linux kernel nilfs2 write path. After a694291a6211, two error-path flaws could leave writeback flags uncleared and inodes with NILFS_I_COLLECTED set, causing writeback hangs or potential data non-write during checkpointing. The fix applies a uniform call to nilfs_segct...
CVE-2024-47677
CVE-2024-47677 affects the Linux kernel exFAT implementation. The flaw: when exfat_load_upcase_table reaches the end and returns -EINVAL, allocated memory is not freed, and as exfat_load_default_upcase_table allocates more memory this can cause a memory leak. Details from connected advisories ind...
CVE-2024-47682
CVE-2024-47682 – Linux kernel scsi sd off-by-one fix (detailed in connected docs): The vulnerability arises in sd_read_block_characteristics() when a device returns page 0xb1 with length 8, potentially allowing an out-of-bounds memory access at offset 8 of the zoned field. The issue has been reso...
CVE-2024-49854
CVE-2024-49854 affects the Linux kernel’s block/bfq path. The root cause was a use-after-free (UAF): after bfq_split_bfqq(), if the current process is the last holder of bfqq, the bfqq can be freed and then bfqq->waker_bfqq could be accessed, with the waker potentially in the merge chain. The ...
CVE-2024-49910
CVE-2024-49910 concerns the Linux kernel DRM/AMD display path. The root cause was a null dereference risk in drm/amd/display's dcn401_set_output_transfer_func: set_output_gamma could be non-null checked, then dereferenced. The fix adds a null check for set_output_gamma before invoking it, elimina...
CVE-2024-50021
Technical details for CVE-2024-50021 are not publicly disclosed in the provided Connected documents. Monitor for updates from vendor/security advisories.
CVE-2024-50243
CVE-2024-50243 affects the Linux kernel ntfs3 path; the issue is a general protection fault in run_is_mapped_full leading to a local denial of service. The fix (and related NTFS attribute handling fix) was committed in the kernel; affected advisories reference kernel 6.1.x updates. Remediation is...
CVE-2024-58056
The CVE-2024-58056 entry documents a Linux kernel remoteproc issue in which rproc_alloc() can trigger ida_free() via rproc_type_release() on an error path before ida_alloc() has been called. The underlying cause is rproc->index being initialized to 0, making rproc->index >= 0 true when t...
CVE-2024-58086
CVE-2024-58086 affects the Linux kernel DRM/V3D path. The issue arises when destroying an active perfmon: the kernel previously left v3d->active_perfmon as a stale pointer, potentially causing undefined behavior and instability. The description notes a patch to stop the active perfmon before d...
CVE-2025-21705
CVE-2025-21705 affects the Linux kernel MPTCP implementation (mptcp: handle fastopen disconnect correctly). Root cause: internal disconnect() during FASTOPEN errors was not properly accounted, risking data stream corruption. Fix: increase the socket disconnect counter so other threads waiting on ...
CVE-2025-21738
CVE-2025-21738 affects the Linux kernel, specifically the SFF/ATA path in libata. The issue can allow a write beyond the allocated buffer in ata_pio_sector() when handling a SCSI_IOCTL_SEND_COMMAND with an ATA_NOP and related conditions, potentially overwriting memory. The description notes that ...
CVE-2025-21739
CVE-2025-21739 affects the Linux kernel SCSI UFS path. A use-after-free occurs when crypto private data (struct ufs_hba::crypto_profile) is released as part of ufshcd_dealloc_host() during driver removal or error handling, while a cleanup handler registered by devm_blk_crypto_profile_init() still...
CVE-2025-21743
CVE-2025-21743 affects the Linux kernel’s usbnet/ipheth handling. The vulnerability stems from an overflow in the DPE length check when wDatagramIndex + wDatagramLength could exceed U16_MAX, allowing an OoB read. The fix moves the wDatagramIndex term across the inequality, preserving the existing...
CVE-2025-21792
CVE-2025-21792 affects the AX25 path in the Linux kernel. When binding an AX25 device to a socket, either via ax25_bind() or the SO_BINDTODEVICE option, the kernel may leak refcounts due to missing increments for the bound device’s refcount, leading to memory leaks in ax25_release(). The fixIncre...
CVE-2025-21884
CVE-2025-21884 affects the Linux kernel. The issue arises when kernel sockets are dismantled during pernet_operations->exit; freeing can be delayed by tx packets still in qdisc/device queues because of skb_set_owner_w() usage, leading to incorrect reference tracking. The fix adds sk_net_refcnt...
CVE-2025-21918
CVE-2025-21918 is a Linux kernel vulnerability described in connected Azure Linux advisory: usb: typec: ucsi: Fix NULL pointer access. The issue arises from premature resource release; the fix ensures resources are freed only after the associated workqueue completes, preventing NULL-pointer acces...
CVE-2025-22071
CVE-2025-22071 concerns the Linux kernel spufs subsystem. The issue is a leak in spufs_create_context() that occurs when setting CPU affinity and spufs_mkdir() fails, requiring the code to drop the reference to the neighbor. The problem was fixed by this leak remediation, with historical notes th...
CVE-2025-22085
CVE-2025-22085 affects the Linux kernel RDMA/core. The description documents a use-after-free (slab) in the netlink/name rename path, caused by a use-after-free in nla_put during device-name rename handling. The issue manifests as a slab-use-after-free Read in nla_put, traced through netlink/nlde...
CVE-2025-22106
CVE-2025-22106 affects the Linux kernel vmxnet3 driver. The root cause was that vmxnet3 did not unregister xdp_rxq_info in vmxnet3_reset_work(), because vmxnet3_rq_destroy() was not invoked in that path. The fix moves the unregister code from vmxnet3_rq_destroy() to vmxnet3_rq_cleanup(), preventi...
CVE-2025-22118
Linux kernel vulnerability CVE-2025-22118 affects the ice driver where queue quanta parameters could lead to out-of-bounds access. The fix adds queue wraparound prevention in quanta configuration and ensures end_qid cannot overflow by validating start_qid and num_queues. This is a local-privilege...
CVE-2025-37748
CVE-2025-37748 : In the Linux kernel, the iommu/mediatek fix prevents a NULL pointer dereference in mtk_iommu_device_group during probe. The issue occurred because iommu_device_register could be called before the driver data’s hw_list was initialized, causing a dereference when list_first_entry i...
CVE-2025-37817
Linux kernel vulnerability CVE-2025-37817 involves a double free in the mcb path: in chameleon_parse_gdd(), if mcb_device_register() fails, the code could release mdev via put_device() and then free it again on the error path. The fixed behavior is to return early if mcb_device_register() fails, ...
CVE-2025-37864
CVE-2025-37864 relates to the Linux kernel DSA subsystem: a cleanup path for FDB, MDB and VLAN entries on unbind was added to fix a scenario where bridge bypass operations could leave stale entries and trigger a leak/warn on unbind. The vulnerability stems from the assumption that higher layers b...
CVE-2025-37874
CVE-2025-37874 is a Linux kernel vulnerability affecting the ngbe driver (net: ngbe). The issue is a memory leak in ngbe_probe() error paths after ngbe_sw_init(), where memory allocated for wx->rss_key in wx_init_rss_key() was not freed on error, and a double-free risk could occur if mac_table...
CVE-2025-37967
CVE-2025-37967 affects the Linux kernel USB Type-C UCSI driver (displayport) and fixes a deadlock when handling DP Alt Mode. The patch adds ucsi_con_mutex_lock and ucsi_con_mutex_unlock so the connector mutex is only acquired when a connection exists and the partner pointer is valid, preventing a...
CVE-2025-37999
The CVE-2025-37999 issue affects the Linux kernel's EROFS fileio path. When bio_add_folio() fails, erofs_fileio_scan_folio() submits a new I/O request and retries with an empty bio, but erofs_onlinefolio_split() had already run, incrementing folio->private. The retry then calls erofs_onlinefol...
CVE-2010-4175
Technical details for CVE-2010-4175 are not provided in the supplied documents; monitor for updates.
CVE-2010-4527
The CVE-2010-4527 entry concerns the Linux kernel OSS sound driver (load_mixer_volumes in sound/oss/soundcard.c). It arises because a name field is not guaranteed to end with a NUL, enabling a local user to trigger a buffer overflow via SOUND_MIXER_SETLEVELS, with potential to escalate privileges...
CVE-2011-3353
CVE-2011-3353 : In the Linux kernel, a buffer/length handling issue in fuse_notify_inval_entry (fs/fuse/dev.c) before 3.1 can allow a local attacker mounting a FUSE filesystem to trigger a BUG_ON and system crash, i.e., local denial of service. Public advisories (e.g., OpenSUSE, Red Hat/Oracle/Li...
CVE-2012-4398
The CVE-2012-4398 issue affects the Linux kernel (kernel/kmod.c) where the __request_module function in versions before 3.4 does not set a certain killable attribute, enabling local attackers to trigger a denial of service (memory consumption) via a crafted application. The connected advisories i...
CVE-2013-0231
CVE-2013-0231 is discussed in connected advisories as affecting the Xen PCI backend: the pciback_enable_msi function in drivers/xen/pciback/conf_space_capability_msi.c on Linux kernels 2.6.18 and 3.8 allows guest OS users with PCI device access to trigger a denial of service by generating a large...