CVE-2025-22003

CVE-2025-22003 (Linux kernel, can: ucan): A one-byte out-of-bounds read was introduced in the can: ucan path due to a mismatch when using strscpy() with a length of len+1. The issue arises because strscpy() reads len+1 bytes from the source to detect truncation, even when the source is not NULL-t...

CVE-2025-22102

The CVE-2025-22102 vulnerability concerns the Linux kernel Bluetooth btnxpuart driver. During firmware release, a hardware defect can cause only one bootloader signature to be sent; the driver waits for consecutive signatures, leading to a timeout and a release_firmware call that can trigger a ke...

CVE-2025-22116

CVE-2025-22116 affects the Linux kernel idpf driver’s netdev handling. The patch adds an error check when creating vports, logs the vport number and error code, and ensures on removal that VPORT_REG_NETDEV is checked before unregister/free. It also introduces local variables (idx, vport_config, n...

CVE-2025-37857

CVE-2025-37857 affects the Linux kernel scsi: st driver. It fixes an array overflow in st_setup() by changing the array size from a fixed value to follow the parms size.

CVE-2025-37883

CVE-2025-37883 affects the Linux kernel in s390/sclp code. The fix adds a check for the return value of get_zeroed_page() in sclp_console_init() to prevent null pointer dereference, and introduces a free helper to address a memory leak from the loop allocation. Impact described in the sources inc...

CVE-2025-37921

The CVE-2025-37921 entry covers a Linux kernel VXLAN vnifilter issue where deleting a VNI could remove the default FDB entry without holding the hash lock. Root cause: unlocked deletion of the default FDB entry when a VNI is removed from a VXLAN device in vnifilter mode. Impact: described warning...

CVE-2025-37924

CVE-2025-37924 : Linux kernel ksmbd use-after-free in Kerberos authentication. A race could occur where a thread uses sess->user after it has been freed by ksmbd_free_user, prior to sess->user being set to NULL. The issue is fixed by setting sess->user = NULL to avoid dangling pointer. M...

CVE-2025-37928

CVE-2025-37928 refers to a Linux kernel vulnerability in the dm-bufio path where scheduling in atomic context can occur when try_verify_in_tasklet is enabled and CONFIG_DEBUG_ATOMIC_SLEEP is set. The bug arises from sleeping in an invalid context, potentially enabling local privilege escalation o...

CVE-2025-37930

CVE-2025-37930 affects Linux kernels containing the drm/nouveau fix for WARN_ON in nouveau_fence_context_kill(). The issue arises because nouveau_fence_done() can signal fences, leaving signaled fences in the pending list, and a concurrent call to nouveau_fence_context_kill() could attempt to set...

CVE-2025-37958

CVE-2025-37958 affects the Linux kernel THP path. The issue arises when migrating a THP: concurrent access to the PMD migration entry during a deferred split scan could dereference an invalid address. The fix adds a check of the PMD migration entry and returns early, since the PMD migration entry...

CVE-2025-37963

CVE-2025-37963 affects the Linux kernel on arm64 in the BPF subsystem. The vulnerability arises in the mitigation scope for eBPF: only cBPF programs loaded by unprivileged users are mitigated, as support for unprivileged eBPF is typically disabled and privileged users can still load the same prog...

CVE-2025-39778

Technical details about CVE-2025-39778 (affected product, impact, and fix specifics) are not provided in the connected documents. Monitor for official disclosures and vendor advisories for updates and patch information.

CVE-2008-5700

The CVE-2008-5700 entry concerns the Linux kernel Libata subsystem: it does not set minimum SG_IO timeouts, allowing local DoS via multiple SG_IO invocations. Connected docs (MiracleLinux AXSA advisories) explicitly list CVE-2008-5700 and state the issue affects kernel versions prior to 2.6.27.9,...

CVE-2009-3238

CVE-2009-3238 affects the Linux kernel (pre-2.6.30) where get_random_int in drivers/char/random.c produced insufficiently random numbers, enabling prediction of return values and potentially defeating defenses based on randomness. Several OS advisories (e.g., RHSA-2009:1438, ELSA-2009-1106/1438, ...

CVE-2010-0437

CVE-2010-0437 affects the Linux kernel, specifically versions prior to 2.6.27. The vulnerability resides in ip6_dst_lookup_tail() (net/ipv6/ip6_output.c) where certain conditions involving an IPv6 TUN interface and a large number of neighbors are mishandled, allowing a remote attacker to cause a ...

CVE-2011-3209

CVE-2011-3209 affects the Linux kernel on x86 prior to 2.6.26. The div_long_long_rem implementation in include/asm-x86/div64.h can trigger a Divide Error Fault and system panic when clock_gettime is invoked by local users, leading to a denial of service. The impact is local, with a complete avail...

CVE-2011-3637

CVE-2011-3637 is a vulnerability in the Linux kernel where the m_stop function in fs/proc/task_mmu.c can trigger an OOPS via vectors that cause an m_start error. Affected: Linux kernel versions prior to 2.6.39 (i.e., 2.6.38 and earlier). Impact: local denial of service (kernel oops) without remot...

CVE-2011-5327

The CVE-2011-5327 issue affects the Linux kernel prior to 3.1, where an off-by-one in the function drivers/target/loopback/tcm_loop.c: tcm_loop_make_naa_tpg() can cause memory corruption. This root cause is stated across the CVE entry and related advisories, with impact described as memory corrup...

CVE-2012-1090

CVE-2012-1090 affects the Linux kernel: the cifs_lookup function in fs/cifs/dir.c can trigger a local denial of service (OOPS) when a local user accesses a specially crafted file (e.g., a FIFO). The issue exists in kernel versions prior to 3.2.10. Exploitation requires local access. The documente...

CVE-2012-3430

CVE-2012-3430 : In the Linux kernel before 3.0.44, the function rds_recvmsg in net/rds/recv.c fails to initialize a structure member, allowing a local attacker to read potentially sensitive kernel stack memory via recvfrom or recvmsg on an RDS socket. Impact: information disclosure. Affected: Lin...

CVE-2012-4508

CVE-2012-4508 is a race condition in the Linux kernel's ext4 extents handling (fs/ext4/extents.c) that, before version 3.4.16, allows a local unprivileged user to read data from a deleted file by reading an extent that isn’t properly marked uninitialized. The issue is fixed in the 3.4.16 update (...

CVE-2013-0311

The CVE-2013-0311 issue affects the Linux kernel’s vhost translation logic. Specifically, the translate_desc function in drivers/vhost/vhost.c mishandles cross-region descriptors in kernels prior to 3.7, enabling a guest OS user with KVM privileges to escalate to host OS privileges. The vulnerabi...

CVE-2013-4205

CVE-2013-4205: Memory leak in the Linux kernel’s unshare_userns (kernel/user_namespace.c) allows local denial of service via invalid CLONE_NEWUSER unshare calls. Vulnerable on Linux kernels before 3.10.6 and observed in multiple advisories (e.g., EulerOS/Ubuntu entries referencing this CVE). The ...

CVE-2013-7470

The vulnerability CVE-2013-7470 affects the Linux kernel's cipso_v4_validate (net/cipso_ipv4.h) before 3.11.7 when CONFIG_NETLABEL is disabled, allowing a denial of service (infinite loop and crash) as demonstrated by icmpsic. Nessus/NVD entries confirm affected kernel versions include up to 3.11...

CVE-2014-2568

Use-after-free in Linux kernel: nfqnl_zcopy in nfnetlink_queue_core.c (up to 3.13.6) can leak kernel memory by exploiting missing orphaning; code later moved to skb_zerocopy before the vulnerability was announced. Affected component is the kernel’s net/netfilter/nfnetlink_queue_core.c path; explo...

CVE-2014-4014

The CVE-2014-4014 issue is a Linux kernel local privilege escalation affecting versions before 3.14.8. The root cause is that namespaces are inapplicable to inodes, allowing a local user who creates a user namespace to bypass chmod restrictions by setting the setgid bit on a file with root group ...

CVE-2014-9922

CVE-2014-9922 affects the Linux kernel’s eCryptfs subsystem, where the combination of eCryptfs and an overlayfs stack can let a local user gain privileges. The issue is triggered by a vulnerability in fs/ecryptfs/main.c and fs/overlayfs/super.c, with impact described as local privilege escalation...

CVE-2015-5697

CVE-2015-5697 (Linux kernel) : The get_bitmap_file function in drivers/md/md.c in the Linux kernel before 4.1.6 does not initialize a bitmap data structure, allowing local attackers to read sensitive kernel memory via the GET_BITMAP_FILE ioctl. This is a local information disclosure vulnerability...

CVE-2015-8963

CVE-2015-8963 : The Linux kernel contains a race condition in kernel/events/core.c related to swevent handling during a CPU unplug operation. Affected: Linux kernel versions before 4.4. Impact: local privilege escalation or denial of service (use‑after‑free) as described in the vulnerability entr...

CVE-2016-2063

CVE-2016-2063 is a stack-based overflow in the MSM Thermal driver for the Linux kernel 3.x. The vulnerability resides in supply_lm_input_write within drivers/thermal/supply_lm_core.c and can be triggered by sending a large amount of data via the debugfs interface, enabling a local attacker to cau...

CVE-2016-2546

CVE-2016-2546 : In the Linux kernel, sound/core/timer.c uses an incorrect mutex type, enabling local attackers to trigger a denial of service via a crafted ioctl. Root cause is a mutex type misusage that can cause race conditions and use-after-free leading to system crashes. Affected function/fil...

CVE-2019-18786

In CVE-2019-18786, the Linux kernel up to version 5.3.8 contains an uninitialized f->fmt.sdr.reserved in rcar_drif_g_fmt_sdr_cap (drivers/media/platform/rcar_drif.c), enabling an information disclosure (memory disclosure) vulnerability. Connected advisories (Unity Nessus plugins) restate that ...

CVE-2020-36778

CVE-2020-36778 affects the Linux kernel i2c xiic subsystem. The issue is a reference leak in the PM runtime path: pm_runtime_get_sync incorrectly increments the PM usage count on return even when the operation fails, leading to a leak if the balanced put is forgotten. The fix replaces the final o...

CVE-2021-47202

Summary (concrete details from connected docs): CVE-2021-47202 affects the Linux kernel’s thermal subsystem. The vulnerability arises in of_parse_thermal_zones(), which registers a thermal_zone for each subnode of thermal-zones. If a thermal zone uses a thermal sensor whose device has not yet pro...

CVE-2021-47345

Concrete details found: CVE-2021-47345 affects the Linux kernel’s RDMA/cma path, specifically a memory leak in rdma_resolve_route() when called repeatedly on the same rdma_cm_id. The trigger described in multiple sources is that cma_query_handler() may cause RDMA_CM_EVENT_ROUTE_ERROR, returning t...

CVE-2021-47391

CVE-2021-47391 – Linux kernel RDMA CMA race (use-after-free risk) Vulnerability summary from connected advisories: The RDMA/cma component can allow a second rdma_resolve_ip() for the same id_priv due to an invariant violation when the FSM cycles between RDMA_CM_IDLE, RDMA_CM_ADDR_QUERY and RDMA_C...

CVE-2021-47438

The CVE concerns the Linux kernel mlx5e driver: net/mlx5e memory leak in mlx5_core_destroy_cq() when an error path occurs. A patch fixes the destroy flow to ensure all cleanup steps run before returning an error, and relocates mlx5_debug_cq_remove() to the start of mlx5_core_destroy_cq() to mirro...

CVE-2022-48628

The CVE-2022-48628 entry concerns a Linux kernel issue in ceph: drop messages from MDS when unmounting. The description in the primary doc states that during unmount, dirty buffers are flushed and after the last OSD request finishes, the last i_count reference is released and dirty caps/snaps are...

CVE-2022-49134

Technical details about CVE-2022-49134 are not publicly provided in the supplied documents; no affected products/versions/fixes are specified here. Monitor for updates.

CVE-2022-49139

CVE-2022-49139 affects the Linux kernel Bluetooth stack. The issue occurs in the HCI handling path: upon receiving a HCI_Synchronous_Connection_Complete for a BDADDR of an existing LE connection, with LE link type and a status triggering the second packet-processing case, a NULL pointer dereferen...

CVE-2022-49390

The CVE-2022-49390 entry concerns a Linux kernel macsec vulnerability in which a new macsec device could be created without holding a reference to the underlying real_dev, enabling a use-after-free in macsec_get_iflink and related paths. Root cause: lack of proper reference handling for real_dev ...

CVE-2022-49951

CVE-2022-49951 concerns the Linux kernel firmware_loader use-after-free during unregister. In firmware_upload_unregister(), device_unregister() could free fw_upload_priv via dev_release before module_put() dereferences it. The documented fix copies fw_upload_priv->module to a local variable an...

CVE-2023-22997

CVE-2023-22997 affects the Linux kernel prior to 6.1.2. The vulnerability resides in module/decompress.c where the function module_get_next_page can return an error pointer, but code treats it as NULL in the error case, potentially causing a denial of service. The issue is local in scope; CVSS in...

CVE-2023-3108

CVE-2023-3108 affects the Linux kernel, specifically the get_user_pages_fast path in the skcipher_recvmsg interface for symmetric-key ciphers (crypto/algif_skcipher.c). The flaw allows a local user to crash the system. Public details in the provided documents confirm the vulnerable component and ...

CVE-2023-35826

CVE-2023-35826 affects the Linux kernel before 6.3.2, with a use-after-free in cedrus_remove (drivers/staging/media/sunxi/cedrus/cedrus.c). The issue is described in the NVD entry and corroborated by related advisories; the root cause is a resource management/use-after-free in the cedrus driver. ...

CVE-2023-52769

CVE-2023-52769 concerns the Linux kernel wireless driver ath12k. The issue arises in the htt_mlo_offset event handling path, where the code calling ath12k_mac_get_ar_by_pdev_id() was not protected by an RCU read-side critical section, potentially enabling use-after-free in active pdev contexts. T...

CVE-2023-52773

CVE-2023-52773 concerns a NULL pointer dereference in the Linux kernel’s DRM/AMD display path. The issue is in amdgpu_dm_i2c_xfer(), which can dereference a null pointer when performing a DDC/I2C transfer. The description states that on ddc_service_construct(), the code now checks both the link t...

CVE-2023-52774

CVE-2023-52774 : In the Linux kernel (s390/dasd), the device queue could be accessed concurrently in dasd_profile_start(), allowing the queue to change while it is being read; this could trigger a kernel panic due to invalid pointer accesses when I/O is highly parallel (aliases). The root cause i...

CVE-2023-53017

The CVE-2023-53017 entry concerns a memory leak in the Linux kernel Bluetooth stack (hci_sync path). Root cause: in hci_update_adv_data(), if hci_cmd_sync_queue() fails, the allocated inst_ptr was not freed. Mitigation: switch to using ERR_PTR/PTR_ERR to pass the instance to the callback, so no a...

CVE-2024-26714

CVE-2024-26714 affects the Linux kernel interconnect/qcom sc8180x module. Root cause: CO0 BCM must stay up as a keepalive to prevent hardware such as the UFS controller from losing connectivity, which can hang the platform and trigger heavy logspam. Documented fix marks CO0 BCM keepalive to ensur...