13804 matches found
CVE-2024-44963
CVE-2024-44963 — Linux kernel (btrfs): The issue occurs in btrfs_free_tree_block() when freeing a tree block and an error occurs creating a delayed reference. Instead of handling the error, a BUG_ON() could trigger, causing space leakage if memory allocation fails or other errors propagate via bt...
CVE-2024-44969
CVE-2024-44969 affects the Linux kernel, specifically the s390/sclp path. If a task waiting for a Store Data operation is interrupted and the halt attempt fails due to hardware/firmware issues, the SCLP facility might later store data into buffers referenced by the original operation. The fix pre...
CVE-2024-44988
CVE-2024-44988 : Linux kernel net: dsa mv88e6xxx driver vulnerability due to an ATU violation where a CPU Load can make SPID exceed DSA_MAX_PORTS, causing an out-of-bounds access in mv88e6xxx_chip. The fix bounds-checks the SPID to stay within the valid port range, mitigating the issue. Affected ...
CVE-2024-45007
The CVE-2024-45007 issue affects the Linux kernel component related to xillybus workqueues. Root cause: when a kref is decremented, destroy_workqueue() could be invoked from within a work item that is destroying its own workqueue, an illegal scenario. The documented fix introduces a module-global...
CVE-2024-46674
CVE-2024-46674 affects the Linux kernel USB/DWC3 ST platform path. The vulnerability stems from a probe error path that drops a platform device reference count due to an unused undo_platform_dev_alloc, causing unbalanced references and potential use-after-free when devm-managed resources are rele...
CVE-2024-46720
CVE-2024-46720 affects the Linux kernel; the issue is in the DRM AMDGPU path where a dereference after a null pointer check was fixed. The description from the initial document notes “drm/amdgpu: fix dereference after null check” and “check the pointer hive before use.” The connected Azure Linux ...
CVE-2024-46844
CVE-2024-46844: In the Linux kernel, the setup_one_line() path prints a pointer that could be uninitialized for *error_out, risking a NULL pointer dereference or incorrect prints. The fix initializes *error_out in all control paths, addressing the issue. The CVE is scored locally with high impact...
CVE-2024-47662
The CVE-2024-47662 entry concerns the Linux kernel component drm/amd/display (DCN35 DMCUB diagnostics). The issue is that a diagnostic register read was removed to prevent triggering a security violation when DMCUB timeouts occur, blocking Z8 entry. The fix is to stop reading that register from t...
CVE-2024-47731
CVE-2024-47731 affects the Linux kernel driver path: drivers/perf, specifically the ali_drw_pmu/ Alibaba uncore PMU handling. The vulnerability arises because the alibaba_uncore_pmu driver did not clear all interrupt statuses in its interrupt processing function, so after a PMU counter overflow a...
CVE-2024-49853
CVE-2024-49853 affects the Linux kernel firmware/arm_scmi path (OPTEE transport). The issue is a double-free in the OPTEE transport where channel descriptors can be freed twice when unloading the stack, due to channels being shared between protocols. This can lead to memory corruption or potentia...
CVE-2024-50217
CVE-2024-50217 pertains to the Linux kernel, specifically a use-after-free in btrfs when closing devices in a multi-device mount scenario. The issue occurs with two loop-backed images that share a single fsid but have different dev_uuids, where btrfs_device_1->bdev_file and btrfs_device_2->...
CVE-2024-50286
CVE-2024-50286 describes a slab-use-after-free race in the Linux kernel’s ksmbd subsystem, between ksmbd_smb2_session_create and ksmbd_expire_session. The patch adds the missing sessions_table_lock when adding/deleting a session from the global session table, addressing the race. The issue is roo...
CVE-2024-50292
CVE-2024-50292: Linux kernel ASoC stm32_spdifrx DMA channel release bug. If ctrl_chan DMA request fails and ctrl_chan is non-NULL, releasing the DMA channel can dereference a NULL pointer, leading to a kernel NULL dereference. The fix releases the channel only when the pointer is valid (non-NULL)...
CVE-2024-50295
CVE-2024-50295 : In the Linux kernel, the arc net driver fix addresses a DMA mapping issue where ndev->dev and pdev->dev may not be the same device. The correct device used for dma_map_single/dma_unmap_single is ndev->dev.parent, since ndev->dev.parent has the dma_mask, whereas ndev-&...
CVE-2024-53049
CVE-2024-53049: In the Linux kernel, the slub_kunit path triggers a warning when __kmalloc_cache_noprof is used directly, causing current->alloc_tag to be NULL and warning in alloc_tag_add_check. The root cause is unwrapped __kmalloc_cache_noprof usage outside kmalloc, leading to a missing all...
CVE-2024-53098
CVE-2024-53098 affects the Linux kernel DRM XE ufence path. The root cause is that access_ok() only checks for addr overflow and may also read the user-supplied address to catch invalid addresses, coupled with prefetching ufence addresses to detect bogus ones. The issue is remedied by a kernel fi...
CVE-2024-53132
CVE-2024-53132 affects the Linux kernel DRM XE OA subsystem (xe/oa). Root cause: missing outer runtime PM protection leading to a warning and potential mis-handling of runtime power management for xe/oa. Remedy: patch applied in commit b107c63d2953907908fd0cafb0e543b3c3167b75; kernel updates inco...
CVE-2024-58061
CVE-2024-58061 affects the Linux kernel wifi/mac80211 component. The issue arises when trying to deactivate all links via a debugfs write, where an internal WARN_ON is triggered and should have prevented deactivation; the patch fixes this to prohibit deactivating all links. This vulnerability is ...
CVE-2024-58080
CVE-2024-58080 is a Linux kernel issue in the QCOM clock framework (dispcc-sm6350). The root cause is a missing parent_map for clk_rcg2 when it has a parent, which can lead to a NULL pointer dereference during clk_set_rate. The provided description shows a call trace and explains that the fix add...
CVE-2024-58097
CVE-2024-58097 | Affected software: Linux kernel driver ath11k (wifi) in PCI WLAN on certain chips. Issue: during monitor destination ring processing, MSDUs are reaped by buf_id; if a valid buffer for a buf_id cannot be obtained, an infinite loop occurs in destination processing, leading to kerne...
CVE-2025-21734
Concrete details found for CVE-2025-21734 in connected documents: the Linux kernel fastrpc driver mishandles page size calculation for non-registered buffers by using absolute addresses instead of an offset-adjusted address, risking improper/out-of-bounds page sizes and memory issues. The fix is ...
CVE-2025-21750
CVE-2025-21750 affects the Linux kernel wifi driver brcmfmac. The issue results from not validating the return value of of_property_read_string_index(), which can leave tmp uninitialized when a property is missing, leading to a kernel crash (BUG/OOPS) from passing a random pointer to devm_kstrdup...
CVE-2025-21856
The CVE-2025-21856 issue affects Linux kernel on s390/ISM where devices must have a release function. The kernel previously freed a struct device after device_add() without waiting for other references (e.g., sysfs), allowing a use-after-free if a release function was not set. Root cause: missing...
CVE-2025-21870
Technical details for CVE-2025-21870 are not publicly provided in the supplied documents. Monitor for updates.
CVE-2025-21908
CVE-2025-21908 concerns the Linux kernel NFS subsystem. The issue arises when nfs_release_folio() can deadlock during writeback initiated by kcompactd, triggering a recursive path through NFS and the NFSD loopback on the same host. The patch adds PF_KCOMPACTD and a current_is_kcompactd() helper t...
CVE-2025-21945
CVE-2025-21945 affects the Linux kernel (ksmbd) with a use-after-free in smb2_lock. The issue occurs when smb_lock->zero_len is non-zero, causing the ->llist of smb_lock not to be deleted and the flock to reference a freed object during error handling. This is described in the Azure Linux 3...
CVE-2025-37947
CVE-2025-37947 affects ksmbd (Linux kernel SMBv3 server). Root cause: ksmbd_vfs_stream_write() could perform an out-of-bounds write when *pos >= v_len due to missing bounds check; patch adds a check to ensure *pos
CVE-2025-37968
CVE-2025-37968 (Linux kernel) affects the iio: light: opt3001 driver. The issue is a deadlock in a threaded IRQ path caused by reading the same flag twice (once for mutex_lock, once for mutex_unlock). The fix standardizes the flag handling by reading it into a local variable and reusing that valu...
CVE-2026-31635
CVE-2026-31635 affects the Linux kernel rxrpc component. The vulnerability stems from an inverted length check in rxgk_verify_response(), where oversized RESPONSE authenticators can be accepted and later cause a contradictory length that leads to a BUG_ON(len) in skb_to_sgvec(). This can crash th...
CVE-2009-1630
CVE-2009-1630 affects the Linux kernel nfs client: the nfs_permission function in fs/nfs/dir.c (kernel 2.6.29.3 and earlier) does not check execute (MAY_EXEC) permission bits when atomic_open is available. This allows local users to bypass permissions and execute files, as demonstrated by files o...
CVE-2009-4308
CVE-2009-4308 affects the Linux kernel ext4 filesystem: the ext4_decode_error function in fs/ext4/super.c can cause a NULL pointer dereference and potential other impact when processing a read-only, journal-less filesystem, enabling user‑assisted remote denial of service. The vulnerability is fix...
CVE-2010-3698
The CVE-2010-3698 entry concerns the KVM implementation in Linux kernels prior to 2.6.36. The root cause is that the kernel does not properly reload the FS and GS segment registers when handling KVM_RUN with a modified Local Descriptor Table (LDT). Impact: host OS users can cause a denial of serv...
CVE-2010-3874
CVE-2010-3874: Heap-based buffer overflow in the bcm_connect function of net/can/bcm.c (Broadcast Manager) in the Linux kernel CAN implementation. Affects 64-bit kernels, before 2.6.36.2, enabling local attackers to cause memory corruption and a denial of service via a connect operation. The conn...
CVE-2010-4165
CVE-2010-4165 affects the Linux kernel prior to 2.6.37-rc2. The do_tcp_setsockopt function does not properly constrain TCP_MAXSEG (MSS) values, allowing a local user to trigger a denial of service via a setsockopt with a small value, leading to a divide-by-zero or signed-integer misuse. Evidence ...
CVE-2011-1770
CVE-2011-1770 affects the Linux kernel up to version 2.6.33.14, where an integer underflow in dccp_parse_options (net/dccp/options.c) can be triggered by a DCCP packet with an invalid feature options length, causing a buffer over-read and remote denial of service. The vulnerability is exploitable...
CVE-2012-2313
The CVE-2012-2313 issue affects the Linux kernel up to version 3.3.7, where rio_ioctl in drivers/net/ethernet/dlink/dl2k.c does not restrict access to the SIOCSMIIREG ioctl. This allows local attackers to write data to an Ethernet adapter via an ioctl call. The vulnerability is rooted in insuffic...
CVE-2016-2548
CVE-2016-2548 affects the Linux kernel’s sound/core/timer.c prior to 4.4.1. The issue arises because the kernel may retain certain linked lists after a close or stop action (snd_timer_close and _snd_timer_stop), enabling a local attacker to trigger a denial-of-service (system crash) via a crafted...
CVE-2017-0630
CVE-2017-0630 : Information disclosure in Android’s kernel trace subsystem. An attacker must first compromise a privileged process to access data beyond its permissions. Affected products include Android kernel versions 3.10 and 3.18 (Android ID A-34277115). The description notes an information d...
CVE-2017-5972
CVE-2017-5972 affects the Linux kernel 3.x TCP stack. The issue is that SYN cookies protection is not correctly applied for fast-network connection scenarios, enabling remote attackers to cause CPU denial of service by sending a flood of TCP SYN packets (as demonstrated against kernel-3.10.0 in C...
CVE-2018-12930
CVE-2018-12930 targets the ntfs_end_buffer_async_read function in the ntfs.ko driver of Linux kernel 4.15.0. A crafted NTFS filesystem can trigger a stack-based out-of-bounds write, leading to a denial of service (kernel oops or panic) and possibly unspecified other impacts. The connected documen...
CVE-2018-5703
The CVE-2018-5703 issue affects the Linux kernel’s IPv6 stack, specifically tcp_v6_syn_recv_sock in net/ipv6/tcp_ipv6.c, through version 4.14.11. It enables a slab out-of-bounds write that can cause denial of service (DoS) and potentially other impacts via TLS-related vectors. Multiple vendor adv...
CVE-2019-0145
CVE-2019-0145 : Buffer overflow in the i40e driver for Intel(R) Ethernet 700 Series Controllers, affecting versions before 7.0. An authenticated local user can potentially escalate privileges. The vulnerability arises in the i40e driver implementation and is documented in multiple advisories refe...
CVE-2019-18675
CVE-2019-18675 affects the Linux kernel up to version 5.3.13, due to a start_offset+size integer overflow in cpia2_remap_buffer (drivers/media/usb/cpia2/cpia2_core.c) when cpia2 uses its own mmap. This allows a local user with access to /dev/video0 to read/write kernel physical pages, potentially...
CVE-2020-36783
CVE-2020-36783 is a Linux kernel I2C (img-scb) reference-count leak issue: pm_runtime_get_sync increments the PM reference count even on failure in img_i2c_xfer and img_i2c_init, leading to leaks. The fix replaces that return path with pm_runtime_resume_and_get to keep the usage counter balanced....
CVE-2021-47045
CVE-2021-47045 affects Linux kernel SCSI lpfc (lpfc_prep_els_iocb). The vulnerability arises when lpfc_issue_els_plogi() is called with a did that has no matching ndlp, causing a NULL pointer dereference to lpfc_nodelist. The fix returns an error status if no valid ndlp is found and updates ndlp ...
CVE-2021-47056
CVE-2021-47056 affects Linux kernel components involving the Intel QAT crypto path (qat_dh895xccvf, adf_iov_putmsg, adf_vf2pf_shutdown). The issue is that ADF_STATUS_PF_RUNNING was set unconditionally; vf2pf_lock is initialized in adf_dev_init() and may be uninitialized/destroyed if init fails, l...
CVE-2021-47315
CVE-2021-47315 affects the Linux kernel memory driver fsl_ifc (fsl_ifc_ctrl_probe). The issue is a leak of IO memory on probe failure due to not releasing gregs on error, as reported by Smatch. The resolved description states the fix is to unmap the IO memory when probe errors occur. The impact d...
CVE-2022-48794
CVE-2022-48794 affects the Linux kernel wireless stack for the IEEE 802.15.4 at86rf230 driver. On error, ieee802154_xmit_complete() is not invoked and skb structures are leaked after manual wake_queue() calls in Tx paths. The fix described in the sources is to free the skb upon error before retur...
CVE-2022-48829
CVE-2022-48829 affects the Linux kernel NFSD (NFSv3) and concerns how SETATTR/CREATE handle large file sizes. The issue stems from ia_size being a loff_t and the risk of client sizes exceeding s64_max; silently capping caused mismatches. The fix removes the min_t() check in decode_sattr3(), preve...
CVE-2022-48842
CVE-2022-48842 describes a race in the Linux kernel ice driver during interface enslave (bonding). The vulnerability occurs when an auxiliary device is re-created: ice_plug_aux_dev() is invoked from ice_service_task() context, potentially creating an aux device while another thread holds RTNL loc...