14031 matches found
CVE-2023-22997
CVE-2023-22997 affects the Linux kernel prior to 6.1.2. The vulnerability resides in module/decompress.c where the function module_get_next_page can return an error pointer, but code treats it as NULL in the error case, potentially causing a denial of service. The issue is local in scope; CVSS in...
CVE-2024-43859
CVE-2024-43859 affects the Linux kernel with the f2fs filesystem. The root cause is an uninitialized inode.i_crypt_info during mount paths that involve f2fs_gc/truncate, leading to a NULL pointer dereference in fscrypt-related code when handling preallocated blocks. The documented mitigation is t...
CVE-2022-49139
CVE-2022-49139 affects the Linux kernel Bluetooth stack. The issue occurs in the HCI handling path: upon receiving a HCI_Synchronous_Connection_Complete for a BDADDR of an existing LE connection, with LE link type and a status triggering the second packet-processing case, a NULL pointer dereferen...
CVE-2022-49182
CVE-2022-49182 affects the Linux kernel net/hns3 VLAN handling. The vulnerability occurs when adding port base VLAN: removing the VF VLAN from HW and updating the VF VLAN list can lead to a use-after-free if the periodic task frees the same node. The patch adds a vlan list lock to protect the VLA...
CVE-2022-49414
CVE-2022-49414 affects the Linux kernel/ext4: a race between ext4_write and ext4_convert_inline_data can trigger a BUG_ON in ext4_jbd2, potentially leading to filesystem corruption (example trace in Unity/OpenVAS advisories). The public documents identify the issue and describe the underlying cau...
CVE-2022-49951
CVE-2022-49951 concerns the Linux kernel firmware_loader use-after-free during unregister. In firmware_upload_unregister(), device_unregister() could free fw_upload_priv via dev_release before module_put() dereferences it. The documented fix copies fw_upload_priv->module to a local variable an...
CVE-2023-35826
CVE-2023-35826 affects the Linux kernel before 6.3.2, with a use-after-free in cedrus_remove (drivers/staging/media/sunxi/cedrus/cedrus.c). The issue is described in the NVD entry and corroborated by related advisories; the root cause is a resource management/use-after-free in the cedrus driver. ...
CVE-2023-52510
CVE-2023-52510 affects the Linux kernel's ieee802154 ca8210 driver. The vulnerability is caused by a potential use-after-free when of_clk_add_provider() fails in ca8210_register_ext_clock(), which could lead to double clk_unregister() calls during ca8210_probe/ca8210_remove. The fix removes the f...
CVE-2023-52561
CVE-2023-52561 : Linux kernel (arm64) vulnerability affecting DB845c boards with Qualcomm sdm845-db845c DTs. The issue stems from not reserving the cont splash memory region (framebuffer memory used by the bootloader), which could trigger a kernel panic (arm-smmu: Unhandled context fault) on v5.1...
CVE-2023-52590
CVE-2023-52590 affects the Linux kernel OCFS2 rename path. The issue arises when renaming a directory where the parent does not change; the VFS could lock-touch the renamed directory, risking filesystem corruption. The fix ensures ocfs2 rename code avoids touching a renamed directory if its paren...
CVE-2023-52769
CVE-2023-52769 concerns the Linux kernel wireless driver ath12k. The issue arises in the htt_mlo_offset event handling path, where the code calling ath12k_mac_get_ar_by_pdev_id() was not protected by an RCU read-side critical section, potentially enabling use-after-free in active pdev contexts. T...
CVE-2023-52774
CVE-2023-52774 : In the Linux kernel (s390/dasd), the device queue could be accessed concurrently in dasd_profile_start(), allowing the queue to change while it is being read; this could trigger a kernel panic due to invalid pointer accesses when I/O is highly parallel (aliases). The root cause i...
CVE-2024-26749
CVE-2024-26749 concerns the Linux kernel USB CDNS3 gadget path. The issue was a memory-use-after-free in cdns3_gadget_ep_disable(), where priv_req is freed via cdns3_gadget_ep_free_request() but list_del_init(&priv_req->list) used priv_req->list after it had been freed, triggering a use-aft...
CVE-2024-26844
Linux kernel vulnerability CVE-2024-26844 was resolved by patching the block layer to address a harmful iov_iter direction issue. A Syzkaller warning reported that an iov_iter could be used in both directions due to a transfer direction SG_DXFER_TO_FROM_DEV, which would copy user buffers into the...
CVE-2024-40909
CVE-2024-40909 is a Linux kernel vulnerability resolved in the bpf subsystem. After commit 1a80dbcb2dba, a race could cause a use-after-free when bpf_link is freed by link->ops->dealloc_deferred but the code still tests and uses link->ops->dealloc afterward. The fix ensures only one o...
CVE-2024-41027
CVE-2024-41027 affects the Linux kernel userfaultfd API. The issue arises when a feature not enabled in kernel config is requested: instead of returning an error, the kernel silently lists all features, potentially triggering a warning (as seen in zap_pte_range mortgage path). The fix is to have ...
CVE-2024-42273
CVE-2024-42273 is a Linux kernel vulnerability affecting f2fs where CURSEG_ALL_DATA_ATGC is incorrectly assigned to COMPR_ADDR when the page is GC’d with gcing flag, causing a kernel BUG at fs/f2fs/segment.c:3589 during writeback. The scenario involves creating a small file on a compressed f2fs f...
CVE-2024-43833
The CVE-2024-43833 entry is supported by connected documents (Astra Linux page) with concrete details: In the Linux kernel media stack (V4L), the vulnerability is in v4l2_async_create_ancillary_links(), which creates ancillary links between lens and flash sub-devices. The bug caused a NULL pointe...
CVE-2024-46728
CVE-2024-46728 affects the Linux kernel (drm/amd/display) where there is a fix for using aux_rd_interval: the value of aux_rd_interval (size 7) must be checked before use. The connected Azure/Linux Nessus entries confirm the advisory references this vulnerability and describe the fix as preventin...
CVE-2024-46798
CVE-2024-46798 (Linux kernel, ASoC: dapm) : A use-after-free in snd_soc_pcm_runtime is triggered during system suspend when snd_pcm_suspend_all() accesses a freed object. The issue was detected with KASAN configurations and occurs because snd_pcm_sync_stop() handles substream.runtime defensively,...
CVE-2024-46810
CVE-2024-46810 affects the Linux kernel UI path for displays: the drm/bridge tc358767 code may signal HPD events via IRQ before the connector is fully initialized, risking a NULL pointer dereference. The connected documents confirm a fix was applied by ensuring the connector is fully initialized ...
CVE-2024-47702
CVE-2024-47702 affects the Linux kernel BPF verifier. It exposes a sign-extension error when loading packet fields (__sk_buff->data/data_end/data_meta), where a 32‑bit sign extension can yield an invalid pointer if the value is treated as 64‑bit. The issue arises from how sign-extension intera...
CVE-2024-49976
CVE-2024-49976 concerns an ABBA deadlock in the Linux kernel related to timerlat/osnoise kthread handling. The issue arises because stop_kthread() (offline callback for trace/osnoise:online) could deadlock due to holding interface_lock while cpus_write_lock/cpus_read_lock paths are taken, enablin...
CVE-2024-49980
CVE-2024-49980 affects the Linux kernel VRF path. The issue stems from removing an RCU-bh critical section around dev_queue_xmit_nit, which violated an invariant and could cause an inconsistent lock state, potentially enabling a deadlock during packet reception when BH is disabled. The vulnerabil...
CVE-2024-50034
CVE-2024-50034 affects the Linux kernel net/smc, where INET_PROTOSW_ICSK can leave icsk_sync_mss unset for IPPROTO_SMC, triggering a NULL pointer dereference panic. The provided trace indicates a kernel oops when handling IPPROTO_SMC, with a failed icsk_mss synchronization. A patch sequence in st...
CVE-2024-50091
CVE-2024-50091 is a Linux kernel vulnerability involving the dm vdo dedupe_context pointer. The official fixes clear the dedupe_context pointer in a data_vio once ownership of the context is lost, preventing vdo from accessing it after release. Root cause: dereferencing a freed or relinquished de...
CVE-2024-50161
CVE-2024-50161 refers to a Linux kernel vulnerability in the BPF/C API: when repeating BTF fields for an array of nested structs, the code failed to validate the remaining info_cnt, causing a UBSAN array-index-out-of-bounds condition (index 11 out of range for btf_field_info[11]). Affected compon...
CVE-2024-50268
CVE-2024-50268: Linux kernel USB-C UCSI update path fix. The vulnerability stems from user-controlled *cmd via debugfs allowing new_cam values up to 255, while ucsi_ccg_update_set_new_cam_cmd() updates an updated[] buffer sized UCSI_MAX_ALTMODES (30), creating an out-of-bounds read. The issue occ...
CVE-2024-52559
CVE-2024-52559 affects the Linux kernel DRM MSM GEM submit path. The vulnerability arises from an integer overflow when user-supplied submit->cmd[i].size and submit->cmd[i].offset (u32) are processed, leading to wrapping. The fix switches to size_add() to prevent the overflow. Patch referen...
CVE-2024-53149
Technical details (affected product, root cause, impact, fix) are not publicly provided in the connected documents; monitor for updates.
CVE-2024-57895
CVE-2024-57895 affects the Linux kernel component ksmbd, where the code path for setting file times (mtime) would warn when ATTR_CTIME flags were not considered. The connected Azure Linux 3.0 security update notes that ksmbd was attempting to set atime/mtime via notify_change without setting ctim...
CVE-2024-58078
CVE-2024-58078 affects the Linux kernel’s misc subsystem. The issue stems from mismatched id allocation/free in dynamic/minor handling: misc_minor_alloc started using ida for all dynamic/misc minors, but misc_minor_free used ida_free regardless, creating a potential id-usage mismatch (reported tr...
CVE-2025-21729
The CVE-2025-21729 vulnerability affects the Linux kernel wifi driver rtw89 (rtwdev) with a race between cancel_hw_scan and hw_scan completion. Root cause: rtwdev->scanning was not mutex-protected, allowing cancel_hw_scan to observe/modify state while hw_scan completion could unset the flag an...
CVE-2025-21754
The CVE-2025-21754 affects Linux kernel btrfs behavior. When a direct IO write triggers a transaction abort, ordered extents are marked with BTRFS_ORDERED_IOERR, and if an ordered extent still has bytes remaining, btrfs_split_ordered_extent() asserts on flags. The documented root cause is an asse...
CVE-2025-21775
CVE-2025-21775 affects the Linux kernel CAN ctucanfd component. When skb allocation fails, the can_frame pointer can be NULL, and one NULL check was missed in ctucan_err_interrupt(); a fix adding the NULL check was implemented in the kernel (see references to the can: ctucanfd: handle skb allocat...
CVE-2025-21793
CVE-2025-21793 concerns the Linux kernel SPI SN-F-OSPI path. The linked Azure/Linux Nessus entry confirms the issue: when there is no dummy cycle in spi-nor commands, dummy bus cycle bytes and width become zero, risking a divide-by-zero warning. The fix is to return zero to avoid such calculation...
CVE-2025-21809
Summary of CVE-2025-21809: In the Linux kernel, a race/lock order issue occurred in the RXRPC/AFS path. The afs address list held refs to rxrpc_peer objects and freed under RCU while a non-BH context could call into rxrpc_put_peer, risking deadlock when rxnet->peer_hash_lock (a spinlock) was h...
CVE-2025-21857
CVE-2025-21857 affects the Linux kernel net/sched code (cls_api). The root cause is error handling in tcf_exts_miss_cookie_base_alloc() calling xa_alloc_cyclic() that can return 1 (wraps successfully), which is treated as an error by tcf_exts_init_ex() and causes exts to be NULL. fl_change() the...
CVE-2025-22022
CVE-2025-22022 concerns the Linux kernel USB xHCI driver, where NEC isochronous endpoints with NEC uPD720200 controllers could trigger IOMMU faults due to mis-handling of missed service errors. The description notes a faulty behavior involving transfer descriptors around isochronous rings and a c...
CVE-2025-22068
The CVE-2025-22068 issue affects the Linux kernel ublk (userspace block driver). Root cause: ubq->canceling was not reliably observed when the queue froze, which could lead to improper dispatch decisions in uring_cmd and io_uring_cmd_complete_in_task(). The patch makes ubq->canceling be set...
CVE-2025-22103
CVE-2025-22103 causes a NULL pointer dereference in the Linux kernel net: l3mdev_l3_rcv path when deleting an ipvlan l3s link (ipvlan1 type ipvlan mode l3s). The issue arises because ipvlan_l3s_unregister() can set dev->l3mdev_ops to NULL, and l3mdev_l3_rcv() may still access master->l3mdev...
CVE-2025-37914
CVE-2025-37914 is a Linux kernel network scheduler vulnerability in net_sched: ets where a netem child qdisc can trigger reentrant enqueue, causing the same classifier to be added twice to the active_list and potentially memory corruption. The patch adds an active check (cl_is_active) and guards ...
CVE-2025-37938
The CVE-2025-37938 entry affects the Linux kernel tracing subsystem. The issue arises in the trace event verifier when formats like "%*p.." are used; if an event references data that is freed before being read, the verifier may dereference freed memory, risking a kernel crash. The description ind...
CVE-2025-37990
CVE-2025-37990 affects the Linux kernel’s wifi/brcm80211 fmac, where brcmf_usb_dl_writeimage() did not validate the return value of brcmf_usb_dl_cmd(), leaving state.state and state.bytes uninitialized if the call failed. The fix adds error handling to jump to the error path when brcmf_usb_dl_cmd...
CVE-1999-0590
Technical details are not publicly available in the provided documents for CVE-1999-0590; no affected products, versions, impact, or remediation are specified. Monitor for updates from the connected sources.
CVE-2007-2453
CVE-2007-2453 concerns the Linux kernel RNG. Affected: Linux kernel 2.6 before 2.6.20.13 and 2.6.21.x before 2.6.21.4. Root cause: the entropy pool was not properly seeded when no entropy source, and entropy was extracted using an incorrect cast, which might cause the RNG to produce identical val...
CVE-2008-4210
CVE-2008-4210 affects the Linux kernel prior to 2.6.22. fs/open.c does not properly strip setuid/setgid bits on writes, allowing local users to gain privileges of a different group and access sensitive information by creating an executable file in a setgid directory via truncate/ftruncate with me...
CVE-2009-0745
CVE-2009-0745 concerns the Linux kernel ext4 resize path. The ext4_group_add function in fs/ext4/resize.c fails to properly initialize the group descriptor during a resize (resize2fs), which can allow a local attacker to trigger a denial of service (OOPS) by manipulating crafted values in memory....
CVE-2009-1298
CVE-2009-1298 affects the Linux kernel: the function ip_frag_reasm in net/ipv4/ip_fragment.c can be triggered by long IP packets due to an incorrect argument passed to IP_INC_STATS_BH. This enables remote attackers to cause a denial of service via a NULL pointer dereference and kernel hang. Affec...
CVE-2010-2803
CVE-2010-2803 affects the Linux kernel DRM subsystem. The drm_ioctl path in drivers/gpu/drm/drm_drv.c allows a local user to request a large memory allocation and may leak kernel memory contents. Affected trees/versions include 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2...