CVE-2025-21790

CVE-2025-21790 fixes a kernel-space issue in the vxlan code. The vulnerable path is in vxlan_vnigroup_init() not being checked by vxlan_init(), which can lead to a NULL dereference or general protection fault later when vxlan_dev is created/unregistered (local attacker with access to the kernel c...

CVE-2025-21793

CVE-2025-21793 concerns the Linux kernel SPI SN-F-OSPI path. The linked Azure/Linux Nessus entry confirms the issue: when there is no dummy cycle in spi-nor commands, dummy bus cycle bytes and width become zero, risking a divide-by-zero warning. The fix is to return zero to avoid such calculation...

CVE-2025-21944

CVE-2025-21944 concerns the ksmbd component of the Linux kernel, where a bug in trap handling for smb2_lock can occur if the lock count exceeds 1. The root cause is that the code checked flags from the wrong source (flags) instead of the flags of smb_lock, which may lead to an erroneous trap in t...

CVE-2025-21986

CVE-2025-21986 affects the Linux kernel net: switchdev notification path. The root cause is a blocking notification chain that uses a read-write semaphore to protect the chain, which allows recursive notifications to cause the semaphore to be acquired twice for reading. In certain bridge/offload ...

CVE-2025-22022

CVE-2025-22022 concerns the Linux kernel USB xHCI driver, where NEC isochronous endpoints with NEC uPD720200 controllers could trigger IOMMU faults due to mis-handling of missed service errors. The description notes a faulty behavior involving transfer descriptors around isochronous rings and a c...

CVE-2025-22049

CVE-2025-22049 concerns the Linux kernel LoongArch support. The issue arises from ARCH_DMA_MINALIGN being too small (default 1) for certain LoongArch devices (e.g., APBDMA), risking cacheline write errors when buffers are small. The documented fix increases ARCH_DMA_MINALIGN to 16, mitigating DMA...

CVE-2025-37914

CVE-2025-37914 is a Linux kernel network scheduler vulnerability in net_sched: ets where a netem child qdisc can trigger reentrant enqueue, causing the same classifier to be added twice to the active_list and potentially memory corruption. The patch adds an active check (cl_is_active) and guards ...

CVE-2025-37937

CVE-2025-37937 refers to a Linux kernel vulnerability in the objtool/media path for the dib8000 DVB frontend. The issue occurs when dib8000_set_dds() calls dib8000_read32() and receives zero, causing a divide-by-zero. The kernel fix prevents this division by zero, addressing an UBSAN warning seen...

CVE-2025-37990

CVE-2025-37990 affects the Linux kernel’s wifi/brcm80211 fmac, where brcmf_usb_dl_writeimage() did not validate the return value of brcmf_usb_dl_cmd(), leaving state.state and state.bytes uninitialized if the call failed. The fix adds error handling to jump to the error path when brcmf_usb_dl_cmd...

CVE-2009-0745

CVE-2009-0745 concerns the Linux kernel ext4 resize path. The ext4_group_add function in fs/ext4/resize.c fails to properly initialize the group descriptor during a resize (resize2fs), which can allow a local attacker to trigger a denial of service (OOPS) by manipulating crafted values in memory....

CVE-2009-1298

CVE-2009-1298 affects the Linux kernel: the function ip_frag_reasm in net/ipv4/ip_fragment.c can be triggered by long IP packets due to an incorrect argument passed to IP_INC_STATS_BH. This enables remote attackers to cause a denial of service via a NULL pointer dereference and kernel hang. Affec...

CVE-2010-0410

CVE-2010-0410 affects the Linux kernel up to version 2.6.32.7, via drivers/connector/connector.c, allowing local users to cause memory exhaustion and a system crash by flooding NETLINK_CONNECTOR messages. The MiracleLinux advisories (AXSA:2010-285:05 and AXSA:2010-323:11) explicitly include CVE-2...

CVE-2010-3066

The CVE-2010-3066 issue affects the Linux kernel (fs/aio.c: io_submit_one) in versions prior to 2.6.23. A crafted io_submit call with IOCB_FLAG_RESFD can trigger a NULL pointer dereference, allowing a local user to cause a denial of service. The problem is rooted in the asynchronous I/O path (io_...

CVE-2013-1773

CVE-2013-1773 involves a buffer overflow in the Linux kernel VFAT UTF-8 to UTF-16 conversion during a VFAT write when utf8 mount option is used. Affects Linux kernel before 3.3; local privilege escalation or system crash possible. The connected advisory set includes references to kernel patches (...

CVE-2013-2015

The vulnerability CVE-2013-2015 affects the Linux kernel’s ext4 implementation. Specifically, ext4/namei.c: the function ext4_orphan_del mishandles orphan-list entries for non-journal filesystems, allowing physically proximate attackers to cause a denial of service (system hang) by presenting a c...

CVE-2014-0100

CVE-2014-0100 refers to a race condition in the Linux kernel’s inet_frag_intern function (net/ipv4/inet_fragment.c) that affects kernel versions up to 3.13.6. The vulnerability can be triggered by a large sequence of fragmented ICMP Echo Request packets under heavy CPU load, leading to a use-afte...

CVE-2014-9900

CVE-2014-9900 affects the Linux kernel (ethtool_get_wol in net/core/ethtool.c) up to version 4.7. It can leak kernel memory due to uninitialized data, enabling local information disclosure. Reported impact seen on Android devices (Nexus 5/2013 era) with Android before 2016-08-05. Public advisorie...

CVE-2015-2877

CVE-2015-2877 affects Kernel Samepage Merging (KSM) in Linux kernels 2.6.32–4.x. The write-timing side channel allows a guest OS user to defeat ASLR on other guest instances via Cross-VM ASL Introspection (CAIN). The entry notes that disabling deduplication mitigates the attack vector. No explici...

CVE-2016-3139

CVE-2016-3139 : The Linux kernel before 3.17 is vulnerable in drivers/input/tablet/wacom_sys.c (wacom_probe). A crafted endpoints value in a USB device descriptor can be exploited by a physically proximate attacker to trigger a NULL pointer dereference, causing a denial of service (system crash)....

CVE-2021-47291

CVE-2021-47291 corresponds to a Linux kernel vulnerability where a slab-out-of-bounds occurs in ipv6 fib6_nh_flush_exceptions during KASAN-self-test scenarios. The issue is tied to the handling/initialization of fib6_metrics when an nh is provided, and the fix mirrors an earlier patch by explicit...

CVE-2021-47631

CVE-2021-47631 affects the Linux kernel (ARM: da850-evm path) where a NULL pointer dereference could occur in da850_evm_config_emac() during boot on palmetto-bmc/QEMU setups. The root cause is emac_pdata being NULL because davinci_soc_info is populated only on Davinci machines, while the function...

CVE-2022-47941

The CVE-2022-47941 issue affects ksmbd in Linux kernels 5.15–5.19 prior to 5.19.2. The root cause is a missing kfree in smb2pdu error paths in fs/ksmbd/smb2pdu.c, causing a memory leak. Impact is availability concerns due to memory leaks; no confidentiality or integrity impact stated. Affected ve...

CVE-2022-48970

CVE-2022-48970 : In the Linux kernel, a NULL pointer dereference in af_unix handling can occur when unix_diag_get_exact() processes a netlink message because a newly allocated skb may not have skb->sk. The root cause is that unix_diag_get_exact() must obtain the user namespace from the NETLINK...

CVE-2022-48994

CVE-2022-48994 affects the Linux kernel ALSA sequencing path. The issue arises from a prototype mismatch: seq_copy_in_user() and seq_copy_in_kernel() did not match snd_seq_dump_func_t, leading to -Wcast-function-type-strict checks with Clang. The patch fixes the function prototypes and removes ca...

CVE-2022-49259

The CVE-2022-49259 item concerns a Linux kernel bug where a kobject (queue) could be deleted before its child kobjects, triggering a kernel WARN. The vulnerability stems from improper deletion order in the sysfs/kobject lifecycle, leading to a possible sysfs group not found warning (e.g., 'sysfs...

CVE-2022-49532

CVE-2022-49532 affects the Linux kernel DRM virtio driver (virtio_gpu_conn_get_modes) where drm_cvt_mode may return NULL, leading to a NULL pointer dereference. The issue is demonstrated by a KASAN report showing a null deref while reading a 4-byte value from a NULL pointer. The connected advisor...

CVE-2022-49704

CVE-2022-49704 is discussed in Connected documents as a Linux kernel issue affecting 9p (v9fs_vfs_get_link fid refcount leak). The fix moves the protocol version check earlier to avoid operating on a fid before validating version, reducing refcount leakage risk. Astra Linux security bulletin conf...

CVE-2022-49837

The CVE-2022-49837 issue affects the Linux kernel’s BPF subsystem, specifically memory leaks in __check_func_call and related exit handling. The root cause is that, in prepare_func_exit(), the callee is not released in abnormal paths after state->curframe--, so the frame is not fully freed bef...

CVE-2022-49873

The CVE-2022-49873 entry concerns the Linux kernel eBPF verifier. The release_reference() path could leave memory-allocated resources unfreed, causing registers tied to released pointers to be marked as SCALAR_VALUE, which in turn may allow an unprivileged user to observe a kernel pointer when st...

CVE-2022-50100

CVE-2022-50100 affects the Linux kernel sched/core: Do not requeue a task on a CPU excluded from cpus_mask. The issue arises from a ttwu wakeup optimization that could queue a task on the wrong CPU, triggering an early-boot warning on large machines. The commit c6e7bd7afaeb implements a fix by en...

CVE-2023-52510

CVE-2023-52510 affects the Linux kernel's ieee802154 ca8210 driver. The vulnerability is caused by a potential use-after-free when of_clk_add_provider() fails in ca8210_register_ext_clock(), which could lead to double clk_unregister() calls during ca8210_probe/ca8210_remove. The fix removes the f...

CVE-2023-52561

CVE-2023-52561 : Linux kernel (arm64) vulnerability affecting DB845c boards with Qualcomm sdm845-db845c DTs. The issue stems from not reserving the cont splash memory region (framebuffer memory used by the bootloader), which could trigger a kernel panic (arm-smmu: Unhandled context fault) on v5.1...

CVE-2023-52783

CVE-2023-52783 affects the Linux kernel and fixes a local kernel-panic scenario in the net/wangxun path. When a device uses a custom subsystem vendor ID, wx_sw_init() may return before wx->mac_table is allocated, causing a NULL pointer dereference and a kernel panic. The connected documents co...

CVE-2023-53000

CVE-2023-53000 is a Linux kernel vulnerability affecting the netlink attribute handling. The issue arises when the netlink attribute type (nla_type) is used as an index after validation, enabling a possible Spectre v1 gadget to leak kernel memory to a local attacker. The public description notes ...

CVE-2023-53084

CVE-2023-53084 – Linux kernel (drm/shmem) 손상 문제 확인 Impact: In the Linux kernel, the error path in drm_gem_shmem_mmap() could fail to drop a reference, causing a dma-buf shmem GEM object to be freed prematurely and potentially leading to a use-after-free. Affected component: drm/shmem-helper and r...

CVE-2023-53132

CVE-2023-53132 concerns a memory leak in the Linux kernel driver for SCSI mpi3mr, specifically mpi3mr_hba_port. The connected documents state that the leak was fixed in mpi3mr_remove(), with the driver freeing mpi3mr_hba_port at .remove. The affected software is the Linux kernel (mpi3mr SCSI driv...

CVE-2024-26750

CVE-2024-26750 affects the Linux kernel. The vulnerability was in af_unix garbage collection: a self-referencing oob_skb/FD scenario could cause __unix_gc() to hang due to a loop that fails to purge inflight sockets. The fix drops the oob_skb reference before purging the queue, allowing __skb_que...

CVE-2024-27432

CVE-2024-27432 affects the Linux kernel net: ethernet: mtk_eth_soc (MTK PPE) where PPE could hang when disabling during reboot due to PPE scan mode not being disabled first. A patch in MediaTek’s GPL SDK fixes this by disabling PPE scan mode before PPE shutdown. The advisory notes explicit root c...

CVE-2024-35797

CVE-2024-35797 is confirmed in the MiracleLinux advisory tied to kernel 5.14.0-427.35.1 (AXSA:2024-8827:29). The advisory cites the same Linux kernel fix described in CVE-2024-35797: two shmem-related bugs in mm: cachestat. First, a poisoned swap entry could lead to an out-of-bounds access in swa...

CVE-2024-36910

CVE-2024-36910 affects the Linux kernel uio_hv_generic code used by CoCo VMs. If set_memory_encrypted() or set_memory_decrypted() fails, memory could be returned as decrypted/shared to the page allocator, causing functional or security issues. The VMBus device UIO driver could free decrypted/shar...

CVE-2024-40908

The CVE-2024-40908 issue affects the Linux kernel in the bpf component, specifically the rawtp test_run callback. The root cause is that the run context (task->bpf_ctx) was not properly set for the test_run callback, which SYZBOT reported could crash when a rawtp program called bpf_get_attach_...

CVE-2024-42086

CVE-2024-42086 pertains to the Linux kernel iio: chemical: bme680 driver, where overflow could occur in compensate() functions due to bit shifting in internal calculations. The issue affects the kernel’s IIO BME680 support and was fixed by a code patch addressing the overflow paths in compensate(...

CVE-2024-42137

CVE-2024-42137 concerns a Linux kernel Bluetooth issue for Qualcomm Atheros (QCA6390). The vulnerability stemmed from a regression introduced by commit 272970be3dab, which fixed a use-after-free in qca_serdev_shutdown() but caused Bluetooth enablement to fail after a warm reboot if enable-gpios w...

CVE-2024-42274

CVE-2024-42274 affects the Linux kernel’s ALSA firewire-lib. Reverting commit 7ba5ca32fe6e caused by removing the process-context workqueue from amdtp_domain_stream_pcm_pointer() and update_pcm_pointers() introduced AB/BA deadlock competition for the substream lock, potentially freezing systems u...

CVE-2024-43818

The CVE-2024-43818 issue is in the Linux kernel ASoC: amd code. acpi_get_first_physical_node() may return NULL in cases like absent device or ACPI errors, but the original check only emitted an error without returning. This could lead to a NULL dereference in devm_acpi_dev_add_driver_gpios(). The...

CVE-2024-43819

CVE-2024-43819 : In the Linux kernel, KVM for s390 was updated to reject user memory region operations on ucontrol VMs. Specifically, KVM_SET_USER_MEMORY_REGION and KVM_SET_USER_MEMORY_REGION2 ioctls are now rejected for ucontrol VMs because their kvm->arch.gmap is set to 0, which could lead t...

CVE-2024-44941

CVE-2024-44941 relates to the Linux kernel's f2fs file system. The issue arises when the extent cache lock is not held during access to the largest extent entry, allowing a race that could lead to a use-after-free condition in sanity_check_extent_cache() during inode read paths. The documented ch...

CVE-2024-46749

CVE-2024-46749 affects the Linux kernel Bluetooth driver btnxpuart. The vulnerability stems from a NULL pointer dereference in btnxpuart_flush(), which could crash the kernel when removing the driver after a failed or incomplete firmware download. The fix adds a guard before freeing rx->skb in...

CVE-2024-46778

The CVE-2024-46778 entry describes a Linux kernel defect in drm/amd/display where UnboundedRequestEnabled was checked as a pointer (dml_bool_t *UnboundedRequestEnabled) instead of its boolean value, causing address-based checks rather than dereferenced value. This was fixed to address a reverse N...

CVE-2024-46845

CVE-2024-46845 (Linux kernel): The timerlat use-after-free occurs when a SIGTERM kills user-space tracing threads, causing an hrtimer to be freed twice during thread shutdown. The documented fix cancels the hrtimer only if the associated thread still exists and adds an interface_lock around tlat_...