CVE-2022-48789

CVE-2022-48789 concerns an AER-related use-after-free in the Linux kernel’s nvme-tcp transport error_recovery path. The vulnerability arises when nvme_tcp_submit_async_event_work checks ctrl/queue state while scheduling IO work, creating a race with the error_recovery handler that could lead to f...

CVE-2025-37857

CVE-2025-37857 affects the Linux kernel scsi: st driver. It fixes an array overflow in st_setup() by changing the array size from a fixed value to follow the parms size.

CVE-2025-37883

CVE-2025-37883 affects the Linux kernel in s390/sclp code. The fix adds a check for the return value of get_zeroed_page() in sclp_console_init() to prevent null pointer dereference, and introduces a free helper to address a memory leak from the loop allocation. Impact described in the sources inc...

CVE-2025-37921

The CVE-2025-37921 entry covers a Linux kernel VXLAN vnifilter issue where deleting a VNI could remove the default FDB entry without holding the hash lock. Root cause: unlocked deletion of the default FDB entry when a VNI is removed from a VXLAN device in vnifilter mode. Impact: described warning...

CVE-2025-37924

CVE-2025-37924 : Linux kernel ksmbd use-after-free in Kerberos authentication. A race could occur where a thread uses sess->user after it has been freed by ksmbd_free_user, prior to sess->user being set to NULL. The issue is fixed by setting sess->user = NULL to avoid dangling pointer. M...

CVE-2025-37928

CVE-2025-37928 refers to a Linux kernel vulnerability in the dm-bufio path where scheduling in atomic context can occur when try_verify_in_tasklet is enabled and CONFIG_DEBUG_ATOMIC_SLEEP is set. The bug arises from sleeping in an invalid context, potentially enabling local privilege escalation o...

CVE-2025-37930

CVE-2025-37930 affects Linux kernels containing the drm/nouveau fix for WARN_ON in nouveau_fence_context_kill(). The issue arises because nouveau_fence_done() can signal fences, leaving signaled fences in the pending list, and a concurrent call to nouveau_fence_context_kill() could attempt to set...

CVE-2025-37958

CVE-2025-37958 affects the Linux kernel THP path. The issue arises when migrating a THP: concurrent access to the PMD migration entry during a deferred split scan could dereference an invalid address. The fix adds a check of the PMD migration entry and returns early, since the PMD migration entry...

CVE-2025-37963

CVE-2025-37963 affects the Linux kernel on arm64 in the BPF subsystem. The vulnerability arises in the mitigation scope for eBPF: only cBPF programs loaded by unprivileged users are mitigated, as support for unprivileged eBPF is typically disabled and privileged users can still load the same prog...

CVE-2025-39778

Technical details about CVE-2025-39778 (affected product, impact, and fix specifics) are not provided in the connected documents. Monitor for official disclosures and vendor advisories for updates and patch information.

CVE-2008-5700

The CVE-2008-5700 entry concerns the Linux kernel Libata subsystem: it does not set minimum SG_IO timeouts, allowing local DoS via multiple SG_IO invocations. Connected docs (MiracleLinux AXSA advisories) explicitly list CVE-2008-5700 and state the issue affects kernel versions prior to 2.6.27.9,...

CVE-2009-3238

CVE-2009-3238 affects the Linux kernel (pre-2.6.30) where get_random_int in drivers/char/random.c produced insufficiently random numbers, enabling prediction of return values and potentially defeating defenses based on randomness. Several OS advisories (e.g., RHSA-2009:1438, ELSA-2009-1106/1438, ...

CVE-2010-0437

CVE-2010-0437 affects the Linux kernel, specifically versions prior to 2.6.27. The vulnerability resides in ip6_dst_lookup_tail() (net/ipv6/ip6_output.c) where certain conditions involving an IPv6 TUN interface and a large number of neighbors are mishandled, allowing a remote attacker to cause a ...

CVE-2011-3209

CVE-2011-3209 affects the Linux kernel on x86 prior to 2.6.26. The div_long_long_rem implementation in include/asm-x86/div64.h can trigger a Divide Error Fault and system panic when clock_gettime is invoked by local users, leading to a denial of service. The impact is local, with a complete avail...

CVE-2011-3637

CVE-2011-3637 is a vulnerability in the Linux kernel where the m_stop function in fs/proc/task_mmu.c can trigger an OOPS via vectors that cause an m_start error. Affected: Linux kernel versions prior to 2.6.39 (i.e., 2.6.38 and earlier). Impact: local denial of service (kernel oops) without remot...

CVE-2011-5327

The CVE-2011-5327 issue affects the Linux kernel prior to 3.1, where an off-by-one in the function drivers/target/loopback/tcm_loop.c: tcm_loop_make_naa_tpg() can cause memory corruption. This root cause is stated across the CVE entry and related advisories, with impact described as memory corrup...

CVE-2012-1090

CVE-2012-1090 affects the Linux kernel: the cifs_lookup function in fs/cifs/dir.c can trigger a local denial of service (OOPS) when a local user accesses a specially crafted file (e.g., a FIFO). The issue exists in kernel versions prior to 3.2.10. Exploitation requires local access. The documente...

CVE-2012-3430

CVE-2012-3430 : In the Linux kernel before 3.0.44, the function rds_recvmsg in net/rds/recv.c fails to initialize a structure member, allowing a local attacker to read potentially sensitive kernel stack memory via recvfrom or recvmsg on an RDS socket. Impact: information disclosure. Affected: Lin...

CVE-2012-4508

CVE-2012-4508 is a race condition in the Linux kernel's ext4 extents handling (fs/ext4/extents.c) that, before version 3.4.16, allows a local unprivileged user to read data from a deleted file by reading an extent that isn’t properly marked uninitialized. The issue is fixed in the 3.4.16 update (...

CVE-2013-0311

The CVE-2013-0311 issue affects the Linux kernel’s vhost translation logic. Specifically, the translate_desc function in drivers/vhost/vhost.c mishandles cross-region descriptors in kernels prior to 3.7, enabling a guest OS user with KVM privileges to escalate to host OS privileges. The vulnerabi...

CVE-2013-4205

CVE-2013-4205: Memory leak in the Linux kernel’s unshare_userns (kernel/user_namespace.c) allows local denial of service via invalid CLONE_NEWUSER unshare calls. Vulnerable on Linux kernels before 3.10.6 and observed in multiple advisories (e.g., EulerOS/Ubuntu entries referencing this CVE). The ...

CVE-2013-7470

The vulnerability CVE-2013-7470 affects the Linux kernel's cipso_v4_validate (net/cipso_ipv4.h) before 3.11.7 when CONFIG_NETLABEL is disabled, allowing a denial of service (infinite loop and crash) as demonstrated by icmpsic. Nessus/NVD entries confirm affected kernel versions include up to 3.11...

CVE-2014-2568

Use-after-free in Linux kernel: nfqnl_zcopy in nfnetlink_queue_core.c (up to 3.13.6) can leak kernel memory by exploiting missing orphaning; code later moved to skb_zerocopy before the vulnerability was announced. Affected component is the kernel’s net/netfilter/nfnetlink_queue_core.c path; explo...

CVE-2014-4014

The CVE-2014-4014 issue is a Linux kernel local privilege escalation affecting versions before 3.14.8. The root cause is that namespaces are inapplicable to inodes, allowing a local user who creates a user namespace to bypass chmod restrictions by setting the setgid bit on a file with root group ...

CVE-2014-9922

CVE-2014-9922 affects the Linux kernel’s eCryptfs subsystem, where the combination of eCryptfs and an overlayfs stack can let a local user gain privileges. The issue is triggered by a vulnerability in fs/ecryptfs/main.c and fs/overlayfs/super.c, with impact described as local privilege escalation...

CVE-2015-5697

CVE-2015-5697 (Linux kernel) : The get_bitmap_file function in drivers/md/md.c in the Linux kernel before 4.1.6 does not initialize a bitmap data structure, allowing local attackers to read sensitive kernel memory via the GET_BITMAP_FILE ioctl. This is a local information disclosure vulnerability...

CVE-2015-8963

CVE-2015-8963 : The Linux kernel contains a race condition in kernel/events/core.c related to swevent handling during a CPU unplug operation. Affected: Linux kernel versions before 4.4. Impact: local privilege escalation or denial of service (use‑after‑free) as described in the vulnerability entr...

CVE-2016-2063

CVE-2016-2063 is a stack-based overflow in the MSM Thermal driver for the Linux kernel 3.x. The vulnerability resides in supply_lm_input_write within drivers/thermal/supply_lm_core.c and can be triggered by sending a large amount of data via the debugfs interface, enabling a local attacker to cau...

CVE-2016-2546

CVE-2016-2546 : In the Linux kernel, sound/core/timer.c uses an incorrect mutex type, enabling local attackers to trigger a denial of service via a crafted ioctl. Root cause is a mutex type misusage that can cause race conditions and use-after-free leading to system crashes. Affected function/fil...

CVE-2019-18786

In CVE-2019-18786, the Linux kernel up to version 5.3.8 contains an uninitialized f->fmt.sdr.reserved in rcar_drif_g_fmt_sdr_cap (drivers/media/platform/rcar_drif.c), enabling an information disclosure (memory disclosure) vulnerability. Connected advisories (Unity Nessus plugins) restate that ...

CVE-2020-36778

CVE-2020-36778 affects the Linux kernel i2c xiic subsystem. The issue is a reference leak in the PM runtime path: pm_runtime_get_sync incorrectly increments the PM usage count on return even when the operation fails, leading to a leak if the balanced put is forgotten. The fix replaces the final o...

CVE-2021-47202

Summary (concrete details from connected docs): CVE-2021-47202 affects the Linux kernel’s thermal subsystem. The vulnerability arises in of_parse_thermal_zones(), which registers a thermal_zone for each subnode of thermal-zones. If a thermal zone uses a thermal sensor whose device has not yet pro...

CVE-2021-47345

Concrete details found: CVE-2021-47345 affects the Linux kernel’s RDMA/cma path, specifically a memory leak in rdma_resolve_route() when called repeatedly on the same rdma_cm_id. The trigger described in multiple sources is that cma_query_handler() may cause RDMA_CM_EVENT_ROUTE_ERROR, returning t...

CVE-2021-47391

CVE-2021-47391 – Linux kernel RDMA CMA race (use-after-free risk) Vulnerability summary from connected advisories: The RDMA/cma component can allow a second rdma_resolve_ip() for the same id_priv due to an invariant violation when the FSM cycles between RDMA_CM_IDLE, RDMA_CM_ADDR_QUERY and RDMA_C...

CVE-2021-47438

The CVE concerns the Linux kernel mlx5e driver: net/mlx5e memory leak in mlx5_core_destroy_cq() when an error path occurs. A patch fixes the destroy flow to ensure all cleanup steps run before returning an error, and relocates mlx5_debug_cq_remove() to the start of mlx5_core_destroy_cq() to mirro...

CVE-2022-48628

The CVE-2022-48628 entry concerns a Linux kernel issue in ceph: drop messages from MDS when unmounting. The description in the primary doc states that during unmount, dirty buffers are flushed and after the last OSD request finishes, the last i_count reference is released and dirty caps/snaps are...

CVE-2022-49134

Technical details about CVE-2022-49134 are not publicly provided in the supplied documents; no affected products/versions/fixes are specified here. Monitor for updates.

CVE-2022-49139

CVE-2022-49139 affects the Linux kernel Bluetooth stack. The issue occurs in the HCI handling path: upon receiving a HCI_Synchronous_Connection_Complete for a BDADDR of an existing LE connection, with LE link type and a status triggering the second packet-processing case, a NULL pointer dereferen...

CVE-2022-49390

The CVE-2022-49390 entry concerns a Linux kernel macsec vulnerability in which a new macsec device could be created without holding a reference to the underlying real_dev, enabling a use-after-free in macsec_get_iflink and related paths. Root cause: lack of proper reference handling for real_dev ...

CVE-2022-49951

CVE-2022-49951 concerns the Linux kernel firmware_loader use-after-free during unregister. In firmware_upload_unregister(), device_unregister() could free fw_upload_priv via dev_release before module_put() dereferences it. The documented fix copies fw_upload_priv->module to a local variable an...

CVE-2023-22997

CVE-2023-22997 affects the Linux kernel prior to 6.1.2. The vulnerability resides in module/decompress.c where the function module_get_next_page can return an error pointer, but code treats it as NULL in the error case, potentially causing a denial of service. The issue is local in scope; CVSS in...

CVE-2023-3108

CVE-2023-3108 affects the Linux kernel, specifically the get_user_pages_fast path in the skcipher_recvmsg interface for symmetric-key ciphers (crypto/algif_skcipher.c). The flaw allows a local user to crash the system. Public details in the provided documents confirm the vulnerable component and ...

CVE-2023-35826

CVE-2023-35826 affects the Linux kernel before 6.3.2, with a use-after-free in cedrus_remove (drivers/staging/media/sunxi/cedrus/cedrus.c). The issue is described in the NVD entry and corroborated by related advisories; the root cause is a resource management/use-after-free in the cedrus driver. ...

CVE-2023-52769

CVE-2023-52769 concerns the Linux kernel wireless driver ath12k. The issue arises in the htt_mlo_offset event handling path, where the code calling ath12k_mac_get_ar_by_pdev_id() was not protected by an RCU read-side critical section, potentially enabling use-after-free in active pdev contexts. T...

CVE-2023-52773

CVE-2023-52773 concerns a NULL pointer dereference in the Linux kernel’s DRM/AMD display path. The issue is in amdgpu_dm_i2c_xfer(), which can dereference a null pointer when performing a DDC/I2C transfer. The description states that on ddc_service_construct(), the code now checks both the link t...

CVE-2023-52774

CVE-2023-52774 : In the Linux kernel (s390/dasd), the device queue could be accessed concurrently in dasd_profile_start(), allowing the queue to change while it is being read; this could trigger a kernel panic due to invalid pointer accesses when I/O is highly parallel (aliases). The root cause i...

CVE-2023-53017

The CVE-2023-53017 entry concerns a memory leak in the Linux kernel Bluetooth stack (hci_sync path). Root cause: in hci_update_adv_data(), if hci_cmd_sync_queue() fails, the allocated inst_ptr was not freed. Mitigation: switch to using ERR_PTR/PTR_ERR to pass the instance to the callback, so no a...

CVE-2024-26714

CVE-2024-26714 affects the Linux kernel interconnect/qcom sc8180x module. Root cause: CO0 BCM must stay up as a keepalive to prevent hardware such as the UFS controller from losing connectivity, which can hang the platform and trigger heavy logspam. Documented fix marks CO0 BCM keepalive to ensur...

CVE-2024-26727

CVE-2024-26727 (Linux kernel, btrfs subvolume creation) Concrete details are present in connected Astra/Linux advisory. The issue arises when creating a new subvolume under btrfs: after inserting the root item, a backref/read could access the subvolume before a preallocated anonymous device (anon...

CVE-2024-26748

CVE-2024-26748 (Linux kernel) — Affects the usb cdns3 gadget driver. A memory double-free could occur when handling a zero-length packet that was queued as an extra request. The patch adds a check at line 829 to skip usb_gadget_giveback_request() for this additional zero-length request, avoiding ...