13804 matches found
CVE-2024-26749
CVE-2024-26749 concerns the Linux kernel USB CDNS3 gadget path. The issue was a memory-use-after-free in cdns3_gadget_ep_disable(), where priv_req is freed via cdns3_gadget_ep_free_request() but list_del_init(&priv_req->list) used priv_req->list after it had been freed, triggering a use-aft...
CVE-2024-26788
CVE-2024-26788 affects Linux kernel’s dmaengine: fsl-qdma. The concrete issue is that qDMA IRQs could be enabled before registers were configured, allowing pending interrupts from the primary kernel to reach the irq handler prematurely and cause a panic. The connected Astra Linux advisory confirm...
CVE-2024-26844
Linux kernel vulnerability CVE-2024-26844 was resolved by patching the block layer to address a harmful iov_iter direction issue. A Syzkaller warning reported that an iov_iter could be used in both directions due to a transfer direction SG_DXFER_TO_FROM_DEV, which would copy user buffers into the...
CVE-2024-35825
Summary (CVE-2024-35825) : The issue in the Linux kernel USB gadget for CDC NCM NTB handling occurs when a zero wBlockLength is encountered. The code’s previous logic could repeatedly process the same NTB if block length is zero, risking a crash. The connected Astra Linux advisory confirms this v...
CVE-2024-36029
CVE-2024-36029 affects the Linux kernel’s MMC subsystem, specifically the mmc: sdhci-msm driver. The vulnerability arises because the sdhci-msm driver does not set the host->runtime_suspended flag, which protects access to the LED device registered by the generic sdhci code. As a result, acces...
CVE-2024-38549
CVE-2024-38549 affects the Linux kernel in the DRM/mediatek path: mtk_drm_gem_obj lacked a 0-byte allocation check, potentially leading to a kernel panic when a userspace app allocates a 0x0 GBM buffer. The fix adds a 0-byte allocation check in mtk_drm_gem_init, and testing on MT8188 confirms tha...
CVE-2024-41019
CVE-2024-41019 affects the Linux kernel component fs/ntfs3. The issue arises from insufficient validation when traversing the ff offset, where an initial check is performed on rt->first_free but subsequent walking by ff occurs without a bound check. This can lead to an out-of-bounds read if a ...
CVE-2024-42067
CVE-2024-42067 : In the Linux kernel, the vulnerability involves BPF/JIT memory protection. The function set_memory_rox() can fail, leaving memory unprotected. The fix makes the code check the return value of set_memory_rox() via bpf_jit_binary_lock_ro() and bail out if an error occurs, ensuring ...
CVE-2024-42314
CVE-2024-42314 (Linux kernel) affects btrfs by a use-after-free in the extent map when adding pages to compressed bio. The root cause is computing add_size after dropping the extent map reference; patch fixes this by computing add_size before releasing the reference. The NVD entry marks this as h...
CVE-2024-43829
CVE-2024-43829 involves a null-pointer dereference vulnerability in the Linux kernel related to the DRM/QXL driver. The advisory states that a check was added for drm_cvt_mode and that the return value of drm_cvt_mode() must be validated; if the function fails, the error is returned to prevent a ...
CVE-2024-43833
The CVE-2024-43833 entry is supported by connected documents (Astra Linux page) with concrete details: In the Linux kernel media stack (V4L), the vulnerability is in v4l2_async_create_ancillary_links(), which creates ancillary links between lens and flash sub-devices. The bug caused a NULL pointe...
CVE-2024-43859
CVE-2024-43859 affects the Linux kernel with the f2fs filesystem. The root cause is an uninitialized inode.i_crypt_info during mount paths that involve f2fs_gc/truncate, leading to a NULL pointer dereference in fscrypt-related code when handling preallocated blocks. The documented mitigation is t...
CVE-2024-46676
CVE-2024-46676 relates to a Linux kernel vulnerability in the NFC subsystem (pn533 driver). The issue occurs when a bad combination of protocol masks is supplied via Netlink (NFC_CMD_START_POLL): if im_protocols is 1 and tm_protocols is 0, the original check in nfc_start_poll() may pass, but afte...
CVE-2024-46728
CVE-2024-46728 affects the Linux kernel (drm/amd/display) where there is a fix for using aux_rd_interval: the value of aux_rd_interval (size 7) must be checked before use. The connected Azure/Linux Nessus entries confirm the advisory references this vulnerability and describe the fix as preventin...
CVE-2024-46773
The CVE-2024-46773 issue in the Linux kernel concerns the drm/amd/display path where a division could be performed with a zero denominator (pbn_div). The root cause is a denominator that could be zero; upstream patch adds a check before use to prevent a DIVIDE_BY_ZERO. Public documents confirm th...
CVE-2024-46827
The CVE-2024-46827 entry describes a Linux kernel fix for ath12k Wi‑Fi: when an association request contains an Extended HE Capabilities Element with an invalid MCS-NSS, the driver passes a zero peer_nss to firmware, potentially crashing it. The remediation implements validation of peer_nss and f...
CVE-2024-47664
The CVE affects the Linux kernel SPI driver for Hisilicon Kunpeng (spi: hisi-kunpeng). The root cause is a division by zero in hisi_calc_effective_speed() when max_speed_hz (provided by firmware) is 0. The firmware-supplied value is treated as trusted, but 0 is now explicitly invalidated, and an ...
CVE-2024-50034
CVE-2024-50034 affects the Linux kernel net/smc, where INET_PROTOSW_ICSK can leave icsk_sync_mss unset for IPPROTO_SMC, triggering a NULL pointer dereference panic. The provided trace indicates a kernel oops when handling IPPROTO_SMC, with a failed icsk_mss synchronization. A patch sequence in st...
CVE-2024-50118
CVE-2024-50118 relates to the Linux kernel Btrfs remount/RW reconfiguration path. The issue arises during mounting different subvolumes with conflicting RO/RW flags: an initial read-only mount (ro) followed by an attempt to remount a subvolume as read/write, with options/feature checks being skip...
CVE-2024-50268
CVE-2024-50268: Linux kernel USB-C UCSI update path fix. The vulnerability stems from user-controlled *cmd via debugfs allowing new_cam values up to 255, while ucsi_ccg_update_set_new_cam_cmd() updates an updated[] buffer sized UCSI_MAX_ALTMODES (30), creating an out-of-bounds read. The issue occ...
CVE-2024-53092
CVE-2024-53092 is described in connected documentation as a Linux kernel vulnerability affecting virtio_pci admin virtqueue cleanup. Root cause: admin vq information pointer was stored in vp_dev->admin_vq.info, but cleanup logic in vp_modern_avq_cleanup() and vp_del_vqs() used vp_dev->vqs[]...
CVE-2024-56652
The Linux kernel vulnerability CVE-2024-56652 affects drm/xe reg_sr pool logic. A faulty register pool implementation can lead to use-after-free when krealloc moves memory, leaving xarray entries invalid and causing a use-after-free in xe_reg_sr_apply_mmio. The issue arises because memory relocat...
CVE-2024-58078
CVE-2024-58078 affects the Linux kernel’s misc subsystem. The issue stems from mismatched id allocation/free in dynamic/minor handling: misc_minor_alloc started using ida for all dynamic/misc minors, but misc_minor_free used ida_free regardless, creating a potential id-usage mismatch (reported tr...
CVE-2025-21775
CVE-2025-21775 affects the Linux kernel CAN ctucanfd component. When skb allocation fails, the can_frame pointer can be NULL, and one NULL check was missed in ctucan_err_interrupt(); a fix adding the NULL check was implemented in the kernel (see references to the can: ctucanfd: handle skb allocat...
CVE-2025-21809
Summary of CVE-2025-21809: In the Linux kernel, a race/lock order issue occurred in the RXRPC/AFS path. The afs address list held refs to rxrpc_peer objects and freed under RCU while a non-BH context could call into rxrpc_put_peer, risking deadlock when rxnet->peer_hash_lock (a spinlock) was h...
CVE-2025-21857
CVE-2025-21857 affects the Linux kernel net/sched code (cls_api). The root cause is error handling in tcf_exts_miss_cookie_base_alloc() calling xa_alloc_cyclic() that can return 1 (wraps successfully), which is treated as an error by tcf_exts_init_ex() and causes exts to be NULL. fl_change() the...
CVE-2025-22103
CVE-2025-22103 causes a NULL pointer dereference in the Linux kernel net: l3mdev_l3_rcv path when deleting an ipvlan l3s link (ipvlan1 type ipvlan mode l3s). The issue arises because ipvlan_l3s_unregister() can set dev->l3mdev_ops to NULL, and l3mdev_l3_rcv() may still access master->l3mdev...
CVE-2025-37775
CVE-2025-37775 affects the Linux kernel in the ksmbd component. The issue centers on a warning in __kernel_write_iter that could relate to directory write attempts; the patch stabilizes behavior by not allowing writes to directories, as described in the initial advisory. The vulnerability is addr...
CVE-2025-37808
CVE-2025-37808 concerns the Linux kernel crypto: null algorithm. The issue arises because the default null algorithm may be freed in softirq context via af_alg, allowing a race that is mitigated by using spin locks instead of mutexes to protect the default null algorithm. The vulnerability is des...
CVE-2025-37842
CVE-2025-37842 affects the Linux kernel and is resolved by upgrading to kernel versions >= 6.6.112.1-2 (as noted by Mariner/Astra/SUSE advisories). Technical details from connected docs indicate the issue arises in the spi/fsl-qspi driver cleanup path: the driver previously used a legacy remov...
CVE-2025-37891
The provided documents confirm CVE-2025-37891 affects the Linux kernel’s ALSA: ump path, where SysEx messages could overflow an internal 4-byte buffer during MIDI 1.0 to UMP conversion. The root cause is that SysEx can be up to 6 bytes, exceeding the original 4-byte buffer, risking memory corrupt...
CVE-2025-37938
The CVE-2025-37938 entry affects the Linux kernel tracing subsystem. The issue arises in the trace event verifier when formats like "%*p.." are used; if an event references data that is freed before being read, the verifier may dereference freed memory, risking a kernel crash. The description ind...
CVE-1999-0590
Technical details are not publicly available in the provided documents for CVE-1999-0590; no affected products, versions, impact, or remediation are specified. Monitor for updates from the connected sources.
CVE-2008-4210
CVE-2008-4210 affects the Linux kernel prior to 2.6.22. fs/open.c does not properly strip setuid/setgid bits on writes, allowing local users to gain privileges of a different group and access sensitive information by creating an executable file in a setgid directory via truncate/ftruncate with me...
CVE-2010-2963
CVE-2010-2963 affects the Linux kernel’s Video4Linux (V4L) implementation on x86_64, where a flaw in the v4l2-compat ioctl32 code fails to validate the destination of a memory copy, enabling a local user to write arbitrary kernel memory via VIDIOCSTUNER on a /dev/video device followed by VIDIOCSM...
CVE-2010-3084
CVE-2010-3084 refers to a buffer overflow in the Linux kernel 2.6 series (niu_get_ethtool_tcam_all in drivers/net/niu.c) exploitable via the ETHTOOL_GRXCLSRLALL ethtool command. Affected: Linux kernel older than 2.6.36-rc4. Impact described as local denial of service and potential other effects (...
CVE-2010-3861
CVE-2010-3861 affects the Linux kernel up to version 2.6.36. The vulnerability arises in the ethtool_get_rxnfc function in net/core/ethtool.c, which fails to initialize a certain block of heap memory. This can allow a local user to obtain potentially sensitive information via an ETHTOOL_GRXCLSRLA...
CVE-2010-4082
CVE-2010-4082 affects the Linux kernel prior to 2.6.36-rc5, where viafb_ioctl_get_viafb_info in drivers/video/via/ioctl.c fails to initialize a structure member. This can allow local users to leak potentially sensitive information from kernel stack memory via a VIAFB_GET_INFO ioctl call. The issu...
CVE-2010-4162
CVE-2010-4162: Linux kernel before 2.6.36.2 contains multiple integer overflows in fs/bio.c that allow local users to cause a denial of service (system crash) via a crafted device ioctl to a SCSI device. MiracleLinux AXSA:2011-57 lists CVE-2010-4162 among affected kernel issues and references a f...
CVE-2011-2491
The CVE-2011-2491 issue affects the Linux kernel’s NFS client NLM protocol implementation. It allows a local attacker to cause a denial of service (system hang) by abusing a LOCK_UN flock system call. The vulnerability is rooted in the NLM handling in the kernel prior to 3.0. The referenced fix/c...
CVE-2011-2723
CVE-2011-2723 affects the Linux kernel prior to 2.6.39.4 where the skb_gro_header_slow handling under GRO can reset fields incorrectly, enabling remote attackers to cause a denial of service (system crash) via crafted network traffic. Connected advisories confirm this CVE is referenced alongside ...
CVE-2011-3363
The CVE-2011-3363 issue affects the Linux kernel up to version 2.6.38, specifically the setup_cifs_sb function in fs/cifs/connect.c. The root cause is improper handling of DFS referrals, enabling a remote CIFS server to trigger a denial-of-service (system crash) by placing a referral at the root ...
CVE-2013-1827
CVE-2013-1827 affects the Linux kernel: net/dccp/ccid.h before 3.5.4. It allows local privilege escalation or denial of service (NULL pointer dereference and system crash) via CAP_NET_ADMIN on a getsockopt call (sender or receiver). The connected advisories/bulletins (Unity/Linux Nessus entries) ...
CVE-2013-2147
CVE-2013-2147 affects the Linux kernel drivers for HP Smart Array/Compaq SMART2 (cpqarray/cciss). The root cause is uninitialized data structures in ida_locked_ioctl (via /dev/ida) and cciss_ioctl32_passthru (via /dev/cciss), allowing local attackers to read kernel memory how? through crafted IDA...
CVE-2015-4002
CVE-2015-4002 affects the OZWPAN driver in the Linux kernel (drivers/staging/ozwpan/ozusbsvc1.c) up to version 4.0.5. The issue is a length-value handling flaw where certain length values are not sufficiently large, enabling remote attackers to cause a denial of service (system crash or large loo...
CVE-2015-8746
CVE-2015-8746 affects the Linux kernel NFS client (fs/nfs/nfs4proc.c). The root cause is that memory is not properly initialized for migration recovery operations in the NFS client, which can be exploited by remote NFS servers to trigger a denial of service via a null pointer dereference and kern...
CVE-2018-12929
CVE-2018-12929 concerns the Linux kernel ntfs_read_locked_inode vulnerability in ntfs.ko on kernel 4.15.0, which can trigger a use-after-free read and potentially cause a denial of service (kernel oops or panic) via a crafted NTFS filesystem. The available documents confirm the CVE ID and the aff...
CVE-2021-3714
CVE-2021-3714 (Linux kernel) affects the kernel’s memory deduplication mechanism. The connected sources describe a local-exploitation style attack where an adversary can upload page-sized files and observe access-time changes from a networked service to infer whether pages have been merged. This ...
CVE-2021-47010
CVE-2021-47010 is a Linux kernel issue affecting the global tcp congestion control default when set from the init netns. The root cause is that tcp_set_default_congestion_control() writes to net.ipv4.tcp_congestion_control in a non-namespaced way and toggles TCP_CONG_NON_RESTRICTED, changing the ...
CVE-2021-47053
In the Linux kernel, CVE-2021-47053 affects crypto: sun8i-ss where the pad object could leak memory due to several failure return paths not freeing the pad. The issue has been fixed in the kernel (memory leak); patches are available in the linked stableKernel commits. Impact is a resource leak (l...