CVE-2024-26681

CVE-2024-26681 is a Linux kernel vulnerability affecting the netdevsim driver. The issue arises in nsim_dev_trap_report_work() where failure to grab a mutex could lead to a loop/backtrace scenario, potentially impacting system stability. The vulnerability details are grounded in a kernel trace an...

CVE-2024-26771

Linux kernel CVE-2024-26771Fix: The TI edma (dmaengine) driver now includes null-pointer checks in edma_probe to guard against NULL from devm_kasprintf() (which can return NULL on failure). This prevents a potential NULL dereference in the kasprintf allocation path. Patch references in the Linux ...

CVE-2024-35932

CVE-2024-35932 affects the Linux kernel DRM VC4 driver. The issue is in non-blocking commits where the check plane->state->fb == state->fb is not reliably protected, causing potential refcount underflow across prepare_fb/cleanup_fb. The root cause is that drm_plane.state should not be ac...

CVE-2024-35972

The CVE refers to a Linux kernel memory-leak in bnxt_en during bnxt_rdma_aux_device_init(), triggered when ulp = kzalloc() fails and the edev is not assigned to the cleanup path. The fix assigns the allocated edev immediately after kzalloc(), preventing leaks on error paths. Impact is memory leak...

CVE-2024-40921

CVE-2024-40921 impacts the Linux kernel’s networking stack, specifically the bridge/mst path: the change fixes passing a vlan group pointer to br_mst_vlan_set_state by using the already obtained group rather than dereferencing it again. Root cause is a non-functional dereference path related to a...

CVE-2024-40963

CVE-2024-40963 (Linux kernel, MIPS BMIPS BCM6358) : Affects devices where BMIPS CBR address can be 0, triggering kernel panic when arch_sync_dma_for_cpu_all is called. The root cause described is BMIPS_GET_CBR() returning 0 instead of a valid address and a non-failing read of read_c0_brcm_cmt_loc...

CVE-2024-42117

CVE-2024-42117 affects the Linux kernel DRM/AMD display path. The root cause was that find_disp_cfg_idx_by_plane_id and find_disp_cfg_idx_by_stream_id could return -1 and that value was used as an index, causing overrun/negative-return conditions. The fix is to return a valid positive index or ta...

CVE-2024-43857

CVE-2024-43857 — Linux kernel (f2fs): The patch fixes a potential NULL pointer dereference in is_end_zone_blkaddr() when checking the end of a zone, which could occur if f2fs is mounted as a single device. Affected component is the f2fs code path in the Linux kernel; root cause is a null referenc...

CVE-2024-46727

CVE-2024-46727 detail (mode C): Affects Linux kernel’s drm/amd/display path, specifically resource_log_pipe_topology_update. The issue arises from a missing NULL check on otg_master, which could trigger a NULL_RETURN path. A fix was implemented by adding an otg_master NULL check to prevent the NU...

CVE-2024-46729

CVE-2024-46729 (Linux kernel) : Affected component is drm/amd/display. Root cause: incorrect size calculation for a loop due to fe_clk_en having size 5 but sizeof(fe_clk_en) equal to 20 bytes, leading to two overrun conditions. Mitigation: fix implemented by computing element count via dividing t...

CVE-2024-46735

CVE-2024-46735 is a Linux kernel vulnerability where NULL pointer dereference could occur in ublk_ctrl_start_recovery when two UBLK_CMD_START_USER_RECOVERY commands race; the fix adds a NULL/zero-queues check and returns early in ublk_ctrl_start_recovery when ub->nr_queues_ready is zero. Conne...

CVE-2024-46825

CVE-2024-46825 involves the Linux kernel wifi (iwlwifi mvm) where the firmware link ID is checked using WARN_ON() instead of IWL_FW_CHECK. The fix changes the lookup function iwl_mvm_rcu_fw_link_id_to_link_conf() to use IWL_FW_CHECK() when validating firmware-provided input. Public docs show this...

CVE-2024-50291

CVE-2024-50291 : In the Linux kernel, the DVB core function dvb_vb2_expbuf() did not validate the buffer index, potentially enabling a local fault. The fix adds a check for a valid buffer index. Affected component: media/dvb-core (kernel). Impact/mitigation: per the provided description, the issu...

CVE-2024-53238

Technical details about CVE-2024-53238 are not publicly provided in the supplied documents. Please monitor vendor advisories and connected feeds for affected products, impact, and remediation.

CVE-2024-56537

Technical details for CVE-2024-56537 are not publicly available in the provided documents. No vendor/product specifics or remediation are given here. Monitor for official advisories and patch notes for affected kernel components.

CVE-2024-57852

CVE-2024-57852 affects the Linux kernel firmware: qcom: scm: smc handling of missing SCM device. The root cause is a NULL pointer dereference in qcom_scm_get_tzmem_pool(), which may return NULL and requires callers to handle it. The issue is addressed by the commit ca61d6836e6f, which makes the n...

CVE-2025-21929

The CVE-2025-21929 item concerns a Linux kernel use-after-free in the intel-ish-hid driver during module removal. The affected component is the HID intel-ish-hid stack (intel_ishtp_hid) where hid_ishtp_cl_remove() frees resources before ishtp_hid_remove() would, leading to potential access of fre...

CVE-2025-21960

CVE-2025-21960 affects Linux kernel code related to nbd: the reconnection path after a disconnect can trigger a use-after-free via the nbd_config reference in the disconnect/reconnect sequence. The TencentOS/Nessus entry details the root cause: after obtaining a temporary reference to nbd_config,...

CVE-2025-21972

The CVE-2025-21972 issue concerns the Linux kernel, specifically the net:mctp reassembly path. The root cause is that frag_list used for reassembly could be shared with other packets, allowing incorrect reassembly when packets are cloned and creating a memory leak via circular references with skb...

CVE-2025-22039

CVE-2025-22039 is a Linux kernel vulnerability in ksmbd where an overflow in the dacloffset bounds check could bypass the DACL checks, causing out-of-bounds access and a kernel crash when dereferencing a DACL pointer. The fix converts dacloffset from int to unsigned int and uses check_add_overflo...

CVE-2025-22127

CVE-2025-22127 affects the Linux kernel F2FS. The issue could cause a kernel hang when a compressed file system operation triggers IO errors during load of the error table to a dm device, while f2fs_write_data_pages holds the writepages lock. Root cause described: IO error looping in f2fs_prepare...

CVE-2025-37911

CVE-2025-37911 affects the bnxt_en driver in the Linux kernel. The issue is an out-of-bounds memcpy when retrieving a firmware coredump via ethtool -w, which can lead to memory corruption. The root cause is a mismatch between the DMA-length returned by the firmware and info->dest_buf size when...

CVE-1999-0165

Technical details about CVE-1999-0165 are not publicly available in the provided documents; no concrete affected products, versions, or fixes are specified. Monitor for updates from vendors and CVE sources.

CVE-2007-2453

CVE-2007-2453 concerns the Linux kernel RNG. Affected: Linux kernel 2.6 before 2.6.20.13 and 2.6.21.x before 2.6.21.4. Root cause: the entropy pool was not properly seeded when no entropy source, and entropy was extracted using an incorrect cast, which might cause the RNG to produce identical val...

CVE-2008-5300

CVE-2008-5300 affects the Linux kernel (example reference in CVE-2008-5300 entry) where local users can cause a denial of service by issuing a large number of sendmsg calls; the trigger is that AF_UNIX garbage collection does not block, leading to an OOM and process loss. The connected advisories...

CVE-2009-3889

CVE-2009-3889 affects the Linux kernel megaraid_sas driver; the dbg_lvl file is world-writable in kernels before 2.6.27, enabling local users to modify driver behavior and logging level. MiracleLinux AXSA:2010-141 references this issue among others and indicates a fix in kernel 2.6.27+ as part of...

CVE-2009-4307

The CVE-2009-4307 issue affects the Linux kernel ext4 subsystem: the ext4_fill_flex_info function in fs/ext4/super.c allows a remote attacker to trigger a divide-by-zero and panic when a malformed ext4 super block has a large FLEX_BG group size (s_log_groups_per_flex). Impact is denial of service...

CVE-2010-3086

CVE-2010-3086 affects the Linux kernel (pre-2.6.25) via futex.h: exception fixup code replaced LOCK_PREFIX with a no-op, enabling local users to trigger a page fault and cause a denial of service (panic). Public advisories (e.g., MiracleLinux AXSA-2010-500:18 and OSV/RHSA entries) reference this ...

CVE-2010-5331

CVE-2010-5331 affects the Linux kernel prior to 2.6.34, due to a range-check off-by-one issue in drivers/gpu/drm/radeon/atombios.c that can cause a buffer overflow. The vulnerability is rooted in how a value is used in that path; at least one Linux maintainer believes the CVE may be incorrectly a...

CVE-2011-0695

CVE-2011-0695 is a race condition in the Linux kernel’s InfiniBand driver (cm_work_handler in drivers/infiniband/core/cma.c) on 2.6.x. The issue allows remote attackers to trigger a denial of service (panic) by issuing an InfiniBand request while other request handlers are active, causing an inva...

CVE-2011-1767

CVE-2011-1767 affects the Linux kernel prior to 2.6.34, where ip_gre, if built as a module, can trigger a remote denial of service (OOPS) by processing a crafted packet during module loading in net/ipv4/ip_gre.c. Investigations in connected advisories confirm related patches exist to address GRE/...

CVE-2012-1146

The vulnerability CVE-2012-1146 affects the Linux kernel, specifically mem_cgroup_usage_unregister_event in mm/memcontrol.c, when running versions before 3.2.10. The issue arises from how multiple events attached to the same eventfd are handled, enabling a local attacker to trigger a NULL pointer...

CVE-2012-6704

CVE-2012-6704 affects the Linux kernel prior to 3.5. The sock_setsockopt path in net/core/sock.c mishandles negative values for sk_sndbuf/sk_rcvbuf, enabling a local attacker with CAP_NET_ADMIN to trigger memory corruption and a possible denial of service (memory corruption/system crash). Affecte...

CVE-2013-0190

The CVE-2013-0190 entry concerns the xen_failsafe_callback function in the Xen hypervisor on Linux kernels (notably 2.6.23 and related versions). In 32-bit PVOPS guests, a local attacker can trigger an iret fault that leads to an incorrect stack pointer and stack corruption, enabling a denial of ...

CVE-2014-1445

Technical details for CVE-2014-1445 are not publicly provided in the supplied documents. The initial description contains core details, but no additional technical specifics are found in connected documents. Monitor for updates.

CVE-2015-6526

CVE-2015-6526 affects the Linux kernel on ppc64 where perf_callchain_user_64 can enter an infinite loop due to a deep 64-bit userspace backtrace. The evidence points to Linux kernel versions before 4.0.2 (fixed in 4.0.2) and local DoS via a crafted backtrace. Affected component: arch/powerpc/perf...

CVE-2015-7509

Summary (CVE-2015-7509 + related advisory) The issue affects the Linux kernel’s ext4/namei.c logic for non-journal filesystems. In kernels before 3.7.3, the ext4_orphan_del/ orphan-list handling can be bypassed by crafted filesystems, allowing physically proximate attackers to trigger a denial of...

CVE-2017-18218

CVE-2017-18218 affects the Linux kernel's HNS Ethernet driver (drivers/net/ethernet/hisilicon/hns/hns_enet.c) pre-4.13. Local users can trigger a denial of service via use-after-free/BUG by exploiting differences in skb handling between hns_nic_net_xmit_hw and hns_nic_net_xmit. The connected docu...

CVE-2019-16230

CVE-2019-16230 in Linux kernel 5.2.14 (drivers/gpu/drm/radeon/radeon_display.c) does not check the return value of alloc_workqueue, enabling a NULL pointer dereference during device initialization (boot). Unity Linux 20.1070e and Unity UTSA-2026 advisories reproduce this issue for kernel 5.2.14; ...

CVE-2020-36786

The CVE-2020-36786 entry concerns a memory leak in the Linux kernel’s media: atomisp driver (staging) where, if lm3554_platform_data_func returns an error, flash object memory is leaked on the error return path. The fix introduces an error return path that frees flash and renames labels (fail2→fa...

CVE-2021-46986

CVE-2021-46986: Linux kernel dwc3 gadget code flaw where freeing the gadget structure before endpoints are freed caused use-after-free/dangling-pointer issues. The description explains that dwc3_gadget_release() frees dwc->gadget upon device removal, but endpoints created by dwc3_gadget_init_e...

CVE-2021-47054

The CVE-2021-47054 issue is a Linux kernel vulnerability in the bus/qcom subsystem where a reference count leak could occur if the loop using for_each_available_child_of_node() is broken. The fix ensures the child node is put before returning, correcting manual decrement paths for the child when ...

CVE-2021-47112

CVE-2021-47112 affects the Linux kernel’s x86/kvm PV features (Async PF, PV EOI, steal time) used with hypervisors. The issue is that these PV features share memory with the hypervisor, and after hibernation the kernel must teardown all such features to prevent the hypervisor from writing to stal...

CVE-2021-47320

CVE-2021-47320 is a Linux kernel vulnerability describing an ACL memory leak in the NFS code path. The issue centers on leaked entries in acl memory when creating posix_acl_create() paths, specifically in the NFS routines nfs3_proc_create() and nfs3_proc_mknod() error handling. The connected Ness...

CVE-2021-47492

CVE-2021-47492 affects the Linux kernel: mm, thp collapse_file may bail out early for writeback pages when blocksize ≥ pagesize for XFS, because the code filters writeback pages via page_has_private/try_to_release_page instead of explicitly checking PG_writeback. This can cause end_page_writeback...

CVE-2021-47589

In CVE-2021-47589, the Linux kernel igbvf driver contains a double-free / use-after-free path in igbvf_probe. If register_netdev() fails, control flows to err_hw_init then err_ioremap, and free_netdev attempts to clean dev->napi_list entries while adapter->rx_ring (which holds napi) has alr...

CVE-2022-48840

CVE-2022-48840: Linux kernel iavf hang on reboot/shutdown due to a new wait-loop in iavf_remove() that could loop indefinitely when adapter is already removed during shutdown. The fix adds a state check at the start of iavf_remove() and skips rest of the function if the adapter is in __IAVF_REMOV...

CVE-2022-48971

CVE-2022-48971 describes a Linux kernel Bluetooth initialization issue: if bt_init fails after registering an LED via bt_leds_init(), bt_leds_cleanup() may not run, potentially allowing a freed bluetooth-power text to be accessed by later led_trigger_register() calls. The result can be a kernel p...

CVE-2022-48973

CVE-2022-48973 is a Linux kernel vulnerability in the gpio/amd8111 path related to a reference-count leak for PCI devices. The issue arises because for_each_pci_dev() is implemented via pci_get_device(), which increments the reference count for the returned pci_dev but may not decrement the input...

CVE-2022-48977

The CVE-2022-48977 vulnerability affects the Linux kernel CAN subsystem. It fixes a NULL pointer dereference in can_rcv_filter, triggered by missing initialization of ml_priv in the receive path for CAN frames. The issue arises because dev->type may be ARPHRD_CAN in CAN-capable devices, but so...