13804 matches found
CVE-2024-44941
CVE-2024-44941 relates to the Linux kernel's f2fs file system. The issue arises when the extent cache lock is not held during access to the largest extent entry, allowing a race that could lead to a use-after-free condition in sanity_check_extent_cache() during inode read paths. The documented ch...
CVE-2024-46749
CVE-2024-46749 affects the Linux kernel Bluetooth driver btnxpuart. The vulnerability stems from a NULL pointer dereference in btnxpuart_flush(), which could crash the kernel when removing the driver after a failed or incomplete firmware download. The fix adds a guard before freeing rx->skb in...
CVE-2024-46778
The CVE-2024-46778 entry describes a Linux kernel defect in drm/amd/display where UnboundedRequestEnabled was checked as a pointer (dml_bool_t *UnboundedRequestEnabled) instead of its boolean value, causing address-based checks rather than dereferenced value. This was fixed to address a reverse N...
CVE-2024-46845
CVE-2024-46845 (Linux kernel): The timerlat use-after-free occurs when a SIGTERM kills user-space tracing threads, causing an hrtimer to be freed twice during thread shutdown. The documented fix cancels the hrtimer only if the associated thread still exists and adds an interface_lock around tlat_...
CVE-2024-50091
CVE-2024-50091 is a Linux kernel vulnerability involving the dm vdo dedupe_context pointer. The official fixes clear the dedupe_context pointer in a data_vio once ownership of the context is lost, preventing vdo from accessing it after release. Root cause: dereferencing a freed or relinquished de...
CVE-2024-50175
CVE-2024-50175 concerns the CAMSS pipeline in the Linux kernel where a use_count guard in stop_streaming misinterprets the number of active streams as a user-space open count. This causes stop_streaming to leave buffers active and can lead to -EBUSY and broken restart behavior when multiple VCs s...
CVE-2024-50253
In CVE-2024-50253, the Linux kernel fixes a memory-allocator bug in the BPF subsystem: nr_words can overflow nr_bits in bpf_iter_bits_new(), risking stack corruption via bpf_probe_read_kernel_common when nr_words is large (e.g., 0x0400-0001). The patch constrains nr_words to a maximum of 511 and ...
CVE-2024-50281
In CVE-2024-50281, the Linux kernel vulnerability affects the KEYS: trusted: dcp path where sealing/unsealing a key blob could exit before the AEAD cipher operation completes, risking NULL dereference in the DCP driver when the buffer has been removed from the stack. The underlying cause is not w...
CVE-2024-50289
CVE-2024-50289 concerns the Linux kernel media/av7110 driver (av7110_ca.c) with a spectre-related flaw reported by the smatch tool in dvb_ca_ioctl() for av7110->ci_slot. The issue was fixed in the kernel through the patches referenced (e.g., git.kernel.org stable commits 458ea1c0... and f39272...
CVE-2024-50298
Public details for CVE-2024-50298 are not provided in the connected documents; the initial description contains details, but there are no additional technical specifics available here.
CVE-2024-53083
Technical details for CVE-2024-53083 are not present in the provided connected documents; only a brief kernel description is given. Monitor for updates.
CVE-2024-56697
CVE-2024-56697 affects the Linux kernel DRM/AMDGPU path. The issue was a memory allocation problem in amdgpu_discovery_get_nps_info() (mem_ranges) that could dereference a NULL pointer. The fix adds a failure check, switches to kvcalloc() to guard against integer overflow, and assigns output para...
CVE-2024-57895
CVE-2024-57895 affects the Linux kernel component ksmbd, where the code path for setting file times (mtime) would warn when ATTR_CTIME flags were not considered. The connected Azure Linux 3.0 security update notes that ksmbd was attempting to set atime/mtime via notify_change without setting ctim...
CVE-2024-58095
CVE-2024-58095 (jfs: add check read-only before txBeginAnon() call) is confirmed as a concrete kernel fix. The patch introduces a read-only check prior to txBeginAnon() in extAlloc and extRecord within the JFS code path. This prevents write attempts on a read-only mounted filesystem, avoiding pot...
CVE-2025-21706
CVE-2025-21706 is a Linux kernel vulnerability in the MPTCP path-manager. The in-kernel path-manager’s netlink set_flags path allowed non-subflow endpoints to receive the fullmesh flag due to a permissive hook, enabling an issue observed by syzbot warnings in net/mptcp/pm_netlink.c. The root caus...
CVE-2025-21716
CVE-2025-21716 : In the Linux kernel, vxlan_vnifilter_dump() could access bytes beyond a netlink message when the payload length is smaller than sizeof(struct tunnel_msg), potentially causing an uninitialized-value access. The fix is to return an error if the payload is too short. Affected platfo...
CVE-2025-21742
CVE-2025-21742 affects the Linux kernel’s usbnet: ipheth handling within URB buffers. The vulnerability arose because the start of the NDP16 block could be placed anywhere in the URB based on wNdpIndex, allowing the fixed-length portion of NDP16 to extend past the URB end and trigger an OoB read....
CVE-2025-21786
CVE-2025-21786 concerns a Linux kernel workqueue use-after-free. The issue arises from a patch that reap workers via kthread_stop() and detaches the rescuer, but incorrectly does not preserve the rescuer’s reference to the pool and removes the code waiting for the rescuer in put_unbound_pool(). T...
CVE-2025-21886
CVE-2025-21886 summary (Linux kernel) This vulnerability affects the mlx5 RDMA path. The issue is related to implicit MR management during deregistration: on entering destroy_unused_implicit_child_mr(), the parent implicit MR’s refcount is incremented with refcount_inc_not_zero(), but a correspon...
CVE-2025-22016
CVE-2025-22016 affects the Linux kernel (dpll: fix xa_alloc_cyclic() error handling). The issue: returning ERR_PTR(1) from xa_alloc_cyclic() could cause IS_ERR() to be false, risking dereference of an unallocated pointer. Fix implemented by ensuring err is
CVE-2025-22028
CVE-2025-22028 affects the Linux kernel media/v4l2 subsystem, specifically the vimc video capture path. The issue arises in vimc_streamer_pipeline_terminate() where .s_stream() could be invoked for subdevs that were not started or are stopped. The root cause is an unnecessary .s_stream() operatio...
CVE-2025-22043
The CVE-2025-22043 issue affects the Linux kernel’s ksmbd, where a missing bounds check for the durable handle context could enable local impact. The vulnerability has been resolved by adding the bounds check, per the description in the initial document and corroborated by connected sources refer...
CVE-2025-22068
The CVE-2025-22068 issue affects the Linux kernel ublk (userspace block driver). Root cause: ubq->canceling was not reliably observed when the queue froze, which could lead to improper dispatch decisions in uring_cmd and io_uring_cmd_complete_in_task(). The patch makes ubq->canceling be set...
CVE-2009-1633
The CVE-2009-1633 issue affects the Linux kernel CIFS subsystem prior to 2.6.29.4. It describes multiple buffer overflows in CIFS that can be triggered by a malformed Unicode string (Unicode string area alignment in fs/cifs/sess.c) or long Unicode characters (fs/cifs/cifssmb.c and fs/cifs/readdir...
CVE-2009-3613
The CVE-2009-3613 issue affects the Linux kernel swiotlb implementation in the r8169 driver (drivers/net/r8169.c) and is exploitable before kernel version 2.6.27.22. Remote attackers can trigger a denial of service by sending large amounts of jumbo frames (e.g., flood ping), exhausting IOMMU spac...
CVE-2010-2066
CVE-2010-2066 affects the Linux kernel up to version 2.6.34. The flaw is in fs/ext4/move_extent.c: the mext_check_arguments routine, which can allow a local attacker to overwrite an append-only file when using the MOVE_EXT ioctl and designating that file as the donor. The issue arises from insuff...
CVE-2010-2803
CVE-2010-2803 affects the Linux kernel DRM subsystem. The drm_ioctl path in drivers/gpu/drm/drm_drv.c allows a local user to request a large memory allocation and may leak kernel memory contents. Affected trees/versions include 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2...
CVE-2011-0714
CVE-2011-0714 affects the Linux kernel 2.6.32 as patched for Red Hat Enterprise Linux 6, specifically involving the RPC server sockets functionality. The use-after-free vulnerability is triggered in a Red Hat patch related to lockd and the svc_xprt_received path, allowing remote attackers to cras...
CVE-2012-1179
CVE-2012-1179 affects the Linux kernel prior to 3.3.1 when KVM is used: guest OS users can trigger a host OS denial of service (host crash) via page faults related to huge pages in pmd_none_or_clear_bad. MiracleLinux and related advisories reference this CVE among fixes in kernel updates before/a...
CVE-2012-2744
The vulnerability CVE-2012-2744 affects the Linux kernel (net/ipv6/netfilter/nf_conntrack_reasm.c) when nf_conntrack_ipv6 is enabled. It allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via certain fragmented IPv6 packets. A fix is available in kern...
CVE-2013-4163
CVE-2013-4163 affects the Linux kernel IPv6 path (ip6_output.c: ip6_append_data_mtu). The bug stems from not correctly tracking whether IPV6_MTU was set via setsockopt, enabling local attackers to crash the system by crafting a UDP_CORK-reliant application. Impact is local denial of service/OS cr...
CVE-2013-6380
The CVE-2013-6380 entry concerns the Linux kernel up to version 3.12.1. The vulnerability exists in the aac_send_raw_srb function, located in drivers/scsi/aacraid/commctrl.c, where an insufficient validation of a size value allows a local attacker to trigger an invalid pointer dereference via an ...
CVE-2013-7270
The CVE-2013-7270 issue affects the Linux kernel prior to 3.12.4, where packet_recvmsg in net/packet/af_packet.c updates a length value before initializing an associated data structure. This can enable local attackers to read kernel memory via recvfrom, recvmmsg, or recvmsg. Remediation is to upg...
CVE-2014-8989
CVE-2014-8989 affects the Linux kernel up to 3.17.4, where dropping supplemental group memberships in certain namespace scenarios is not properly restricted. This enables a local attacker to bypass file permissions by abusing a POSIX ACL entry for the group category that is more restrictive than ...
CVE-2016-5728
CVE-2016-5728 is a local-privilege vulnerability in the Linux kernel MIC VOP driver (drivers/misc/mic/vop/vop_vringh.c). The race condition occurs in vop_ioctl where the driver performs two successive reads from user space to read a variable-length data structure, enabling a local user to either ...
CVE-2020-36782
CVE-2020-36782 covers a Linux kernel vulnerability in the I2C imx-lpi2c driver where the PM reference count could leak due to an unbalanced increment on return from pm_runtime_get_sync failures. The root cause is that pm_runtime_get_sync increments the PM usage count even when the operation fails...
CVE-2021-47077
CVE-2021-47077 affects the Linux kernel scsi qedf driver. The vulnerability stems from qedf_update_link_speed() dereferencing shost_data when it has not been initialised, causing a NULL pointer dereference and potentially an impact on availability. The fix adds a NULL pointer check before using s...
CVE-2021-47142
CVE-2021-47142 concerns the Linux kernel’s DRM/AMDGPU stack. The vulnerability stems from a use-after-free in the AMDGPU TTM memory backend when cleaning up objects, specifically due to not clearing ttm->sg (the sg table) which can lead to a general protection fault during teardown. The connec...
CVE-2021-47354
CVE-2021-47354 affects the Linux kernel’s DRM scheduler. The issue arises from not waiting for all dependencies of a job to complete before terminating it, which could lead to data corruption. The published notes describe the vulnerable component as the kernel’s DRM/sched path and the fix as ensu...
CVE-2022-48425
CVE-2022-48425 affects the Linux kernel up to 6.2.7, specifically the NTFS3 inode.c path. The issue is an invalid kfree introduced by not validating MFT flags before replaying logs, as described in the initial CVE entry. Consequences are consistent with the CVSS high scores listed in the document...
CVE-2022-48799
CVE-2022-48799 corresponds to a Linux kernel perf subsystem issue: list corruption in perf_cgroup_switch() affecting the cgrp_cpuctx_list during event removal. The root cause is a risky iteration over a list while removing entries; the recommended fix is to replace list_for_each_entry with list_f...
CVE-2022-48946
CVE-2022-48946 concerns a Linux kernel issue in udf preallocation handling. When the first preallocation extent is the first in an extent block, the code could corrupt the extent tree header. The fix changes the behavior to discard or correctly manage preallocation at the indirect extent boundary...
CVE-2022-48962
CVE-2022-48962 affects the Linux kernel net layer via the hisilicon driver code path net: hisilicon: Fix potential use-after-free in hisi_femac_rx(). The skb can be delivered to napi_gro_receive() which may free it; dereferencing the skb after that may trigger a use-after-free. The connected Tena...
CVE-2022-49368
CVE-2022-49368 relates to a Linux kernel out-of-bounds read in net: ethernet: mtk_eth_soc, triggered by an invalid fsp->location that comes from user via ethtool_get_rxnfc(). The vulnerability is fixed by validating the location parameter to prevent the read, with upstream kernel patches refer...
CVE-2022-49516
CVE-2022-49516 affects the Linux kernel: the ice network driver could dereference a VSI pointer returned by ice_get_vf_vsi without validating it, which could be NULL in scenarios such as resets when a VSI is removed and recreated. The published fix is to check the return value of ice_get_vf_vsi e...
CVE-2022-49969
CVE-2022-49969 : In the Linux kernel, the drm/amd/display driver vulnerability “clear optc underflow before turn off odm clock” is fixed. After ODM clock off, the optc underflow bit could remain and clearing it before clock-off was ineffective. The fix adds a clear operation to reset this bit whe...
CVE-2023-2430
CVE-2023-2430 concerns the Linux kernel io_uring IOPOLL path. The root cause is a missing lock in io_cqring_event_overflow(), allowing a locally privileged user to trigger a Denial of Service via the io_uring subsystem. Public advisories (Debian, SUSE, Amazon Linux) indicate patches exist in upda...
CVE-2023-52563
The CVE CVE-2023-52563 affects the Linux kernel's DRM Meson bridge code. It fixes a memory leak in the ->hpd_notify callback where the EDID returned by drm_bridge_get_edid() was not freed. The mitigation is a kernel patch that frees the EDID, addressing the leak exposed on affected Meson DRM p...
CVE-2023-52843
CVE-2023-52843 (Linux kernel): The vulnerability arises in LLC processing where mac headers are read via eth_hdr without verifying that skb contains an Ethernet header. Syzbot demonstrated entry into llc_rcv on a tun device, with tun injections that can bypass mac_len validation. The fix adds a m...
CVE-2024-26648
CVE-2024-26648 affects the Linux kernel’s drm/amd/display path (AMDGPU) where in edp_setup_replay() a dereference of “struct dc *dc” and “struct dmub_replay *replay” occurred before validating NULL pointers for “link” and the replay, leading to a potential crash. The fix updates the AMD display c...