CVE-2024-50253

In CVE-2024-50253, the Linux kernel fixes a memory-allocator bug in the BPF subsystem: nr_words can overflow nr_bits in bpf_iter_bits_new(), risking stack corruption via bpf_probe_read_kernel_common when nr_words is large (e.g., 0x0400-0001). The patch constrains nr_words to a maximum of 511 and ...

CVE-2024-50281

In CVE-2024-50281, the Linux kernel vulnerability affects the KEYS: trusted: dcp path where sealing/unsealing a key blob could exit before the AEAD cipher operation completes, risking NULL dereference in the DCP driver when the buffer has been removed from the stack. The underlying cause is not w...

CVE-2024-50298

Public details for CVE-2024-50298 are not provided in the connected documents; the initial description contains details, but there are no additional technical specifics available here.

CVE-2024-56697

CVE-2024-56697 affects the Linux kernel DRM/AMDGPU path. The issue was a memory allocation problem in amdgpu_discovery_get_nps_info() (mem_ranges) that could dereference a NULL pointer. The fix adds a failure check, switches to kvcalloc() to guard against integer overflow, and assigns output para...

CVE-2024-57852

CVE-2024-57852 affects the Linux kernel firmware: qcom: scm: smc handling of missing SCM device. The root cause is a NULL pointer dereference in qcom_scm_get_tzmem_pool(), which may return NULL and requires callers to handle it. The issue is addressed by the commit ca61d6836e6f, which makes the n...

CVE-2024-58095

CVE-2024-58095 (jfs: add check read-only before txBeginAnon() call) is confirmed as a concrete kernel fix. The patch introduces a read-only check prior to txBeginAnon() in extAlloc and extRecord within the JFS code path. This prevents write attempts on a read-only mounted filesystem, avoiding pot...

CVE-2025-21706

CVE-2025-21706 is a Linux kernel vulnerability in the MPTCP path-manager. The in-kernel path-manager’s netlink set_flags path allowed non-subflow endpoints to receive the fullmesh flag due to a permissive hook, enabling an issue observed by syzbot warnings in net/mptcp/pm_netlink.c. The root caus...

CVE-2025-21716

CVE-2025-21716 : In the Linux kernel, vxlan_vnifilter_dump() could access bytes beyond a netlink message when the payload length is smaller than sizeof(struct tunnel_msg), potentially causing an uninitialized-value access. The fix is to return an error if the payload is too short. Affected platfo...

CVE-2025-21742

CVE-2025-21742 affects the Linux kernel’s usbnet: ipheth handling within URB buffers. The vulnerability arose because the start of the NDP16 block could be placed anywhere in the URB based on wNdpIndex, allowing the fixed-length portion of NDP16 to extend past the URB end and trigger an OoB read....

CVE-2025-21929

The CVE-2025-21929 item concerns a Linux kernel use-after-free in the intel-ish-hid driver during module removal. The affected component is the HID intel-ish-hid stack (intel_ishtp_hid) where hid_ishtp_cl_remove() frees resources before ishtp_hid_remove() would, leading to potential access of fre...

CVE-2025-22043

The CVE-2025-22043 issue affects the Linux kernel’s ksmbd, where a missing bounds check for the durable handle context could enable local impact. The vulnerability has been resolved by adding the bounds check, per the description in the initial document and corroborated by connected sources refer...

CVE-2025-22068

The CVE-2025-22068 issue affects the Linux kernel ublk (userspace block driver). Root cause: ubq->canceling was not reliably observed when the queue froze, which could lead to improper dispatch decisions in uring_cmd and io_uring_cmd_complete_in_task(). The patch makes ubq->canceling be set...

CVE-2025-22127

CVE-2025-22127 affects the Linux kernel F2FS. The issue could cause a kernel hang when a compressed file system operation triggers IO errors during load of the error table to a dm device, while f2fs_write_data_pages holds the writepages lock. Root cause described: IO error looping in f2fs_prepare...

CVE-1999-0165

Technical details about CVE-1999-0165 are not publicly available in the provided documents; no concrete affected products, versions, or fixes are specified. Monitor for updates from vendors and CVE sources.

CVE-2008-5300

CVE-2008-5300 affects the Linux kernel (example reference in CVE-2008-5300 entry) where local users can cause a denial of service by issuing a large number of sendmsg calls; the trigger is that AF_UNIX garbage collection does not block, leading to an OOM and process loss. The connected advisories...

CVE-2009-1633

The CVE-2009-1633 issue affects the Linux kernel CIFS subsystem prior to 2.6.29.4. It describes multiple buffer overflows in CIFS that can be triggered by a malformed Unicode string (Unicode string area alignment in fs/cifs/sess.c) or long Unicode characters (fs/cifs/cifssmb.c and fs/cifs/readdir...

CVE-2010-2066

CVE-2010-2066 affects the Linux kernel up to version 2.6.34. The flaw is in fs/ext4/move_extent.c: the mext_check_arguments routine, which can allow a local attacker to overwrite an append-only file when using the MOVE_EXT ioctl and designating that file as the donor. The issue arises from insuff...

CVE-2010-2803

CVE-2010-2803 affects the Linux kernel DRM subsystem. The drm_ioctl path in drivers/gpu/drm/drm_drv.c allows a local user to request a large memory allocation and may leak kernel memory contents. Affected trees/versions include 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2...

CVE-2010-2955

The CVE-2010-2955 issue affects the Linux kernel before 2.6.36-rc3-next-20100831, specifically the cfg80211_wext_giwessid function in net/wireless/wext-compat.c, which fails to initialize certain structure members. This enables a local attacker to exploit an off-by-one error in ioctl_standard_iw_...

CVE-2011-0695

CVE-2011-0695 is a race condition in the Linux kernel’s InfiniBand driver (cm_work_handler in drivers/infiniband/core/cma.c) on 2.6.x. The issue allows remote attackers to trigger a denial of service (panic) by issuing an InfiniBand request while other request handlers are active, causing an inva...

CVE-2011-0714

CVE-2011-0714 affects the Linux kernel 2.6.32 as patched for Red Hat Enterprise Linux 6, specifically involving the RPC server sockets functionality. The use-after-free vulnerability is triggered in a Red Hat patch related to lockd and the svc_xprt_received path, allowing remote attackers to cras...

CVE-2011-1767

CVE-2011-1767 affects the Linux kernel prior to 2.6.34, where ip_gre, if built as a module, can trigger a remote denial of service (OOPS) by processing a crafted packet during module loading in net/ipv4/ip_gre.c. Investigations in connected advisories confirm related patches exist to address GRE/...

CVE-2011-2183

CVE-2011-2183 targets the Linux kernel’s Kernel SamePage Merging (KSM) feature. When KSM is enabled, a race in scan_get_next_rmap_item in mm/ksm.c can allow a local user to trigger a NULL pointer dereference, potentially crashing the kernel or causing other unspecified impact. Affected: Linux ker...

CVE-2011-3359

CVE-2011-3359 affects the Linux kernel (pre-2.6.39), specifically the b43 wireless driver. The dma_rx path does not allocate receive buffers properly, enabling remote attackers to crash the system via a crafted frame (DoS). Affected code is in drivers/net/wireless/b43/dma.c. Remediation: upgrade ...

CVE-2012-6704

CVE-2012-6704 affects the Linux kernel prior to 3.5. The sock_setsockopt path in net/core/sock.c mishandles negative values for sk_sndbuf/sk_rcvbuf, enabling a local attacker with CAP_NET_ADMIN to trigger memory corruption and a possible denial of service (memory corruption/system crash). Affecte...

CVE-2013-2850

CVE-2013-2850: Heap-based buffer overflow in the Linux kernel’s iSCSI target subsystem (iscsi_add_notunderstood_response in drivers/target/iscsi/iscsi_target_parameters.c) affects kernel versions up to 3.9.4. The flaw can allow remote attackers to trigger memory corruption and OOPS, with potentia...

CVE-2013-2897

CVE-2013-2897 affects the Linux kernel HID multitouch driver (drivers/hid/hid-multitouch.c) with CONFIG_HID_MULTITOUCH enabled, up to kernel 3.11. The vulnerability allows physically proximate attackers to trigger a denial of service via crafted HID devices, causing heap memory corruption or a NU...

CVE-2014-9710

CVE-2014-9710 affects the Linux kernel’s Btrfs xattr handling prior to 3.19. The vulnerability arises because the visible xattr state may not be consistent with a requested replacement, enabling local attackers to bypass ACLs and gain privileges through standard filesystem operations during an xa...

CVE-2015-7509

Summary (CVE-2015-7509 + related advisory) The issue affects the Linux kernel’s ext4/namei.c logic for non-journal filesystems. In kernels before 3.7.3, the ext4_orphan_del/ orphan-list handling can be bypassed by crafted filesystems, allowing physically proximate attackers to trigger a denial of...

CVE-2017-18202

The CVE-2017-18202 issue affects the Linux kernel prior to 4.14.4, where __oom_reap_task_mm in mm/oom_kill.c mishandles gather operations. This can enable a local attacker to cause a denial of service via a TLB entry leak or use-after-free, potentially with other unspecified impacts by triggering...

CVE-2019-16230

CVE-2019-16230 in Linux kernel 5.2.14 (drivers/gpu/drm/radeon/radeon_display.c) does not check the return value of alloc_workqueue, enabling a NULL pointer dereference during device initialization (boot). Unity Linux 20.1070e and Unity UTSA-2026 advisories reproduce this issue for kernel 5.2.14; ...

CVE-2019-18812

CVE-2019-18812 corresponds to a memory-leak vulnerability in the Linux kernel’s sof_dfsentry_write() (sound/soc/sof/debug.c). The issue, present in kernel builds up to 5.3.9, can be exploited to cause a denial of service via memory consumption. The connected Nessus advisories (Unity Linux UTSA-20...

CVE-2020-36782

CVE-2020-36782 covers a Linux kernel vulnerability in the I2C imx-lpi2c driver where the PM reference count could leak due to an unbalanced increment on return from pm_runtime_get_sync failures. The root cause is that pm_runtime_get_sync increments the PM usage count even when the operation fails...

CVE-2021-46994

CVE-2021-46994 concerns the Linux kernel, specifically the can: mcp251x CAN driver. The vulnerability arises when resuming from suspend: since commit 8ce8c0abcba3, the driver queues work via priv->restart_work even if the interface was not previously enabled. This can lead to a NULL pointer de...

CVE-2021-47077

CVE-2021-47077 affects the Linux kernel scsi qedf driver. The vulnerability stems from qedf_update_link_speed() dereferencing shost_data when it has not been initialised, causing a NULL pointer dereference and potentially an impact on availability. The fix adds a NULL pointer check before using s...

CVE-2021-47142

CVE-2021-47142 concerns the Linux kernel’s DRM/AMDGPU stack. The vulnerability stems from a use-after-free in the AMDGPU TTM memory backend when cleaning up objects, specifically due to not clearing ttm->sg (the sg table) which can lead to a general protection fault during teardown. The connec...

CVE-2021-47267

CVE-2021-47267 affects the Linux kernel USB gadget code: if a gadget driver calls usb_assign_descriptors() with a NULL super-speed-plus descriptor and the system runs at 10Gbps, a null pointer dereference can crash the kernel when a 10Gbps device port, cable, and host port are detected. The docum...

CVE-2021-47405

CVE-2021-47405 affects the Linux kernel HID usbhid subsystem. The issue is a memory leak from unsent raw_report buffers when a USB HID device is removed; a patch/fix has been released in the kernel to address this. The CVSS metrics in the initial record show a MEDIUM base score (5.5) with LOCAL a...

CVE-2021-47623

CVE-2021-47623 affects the PowerPC path in the Linux kernel where unmapping a fixmap entry via __set_fixmap() (FIXMAP_PAGE_CLEAR) ends up calling map_kernel_page(), which fails if invoked a second time for the same page. The connected documents confirm the root cause in arch/powerpc/mm/pgtable.c ...

CVE-2022-48799

CVE-2022-48799 corresponds to a Linux kernel perf subsystem issue: list corruption in perf_cgroup_switch() affecting the cgrp_cpuctx_list during event removal. The root cause is a risky iteration over a list while removing entries; the recommended fix is to replace list_for_each_entry with list_f...

CVE-2022-48840

CVE-2022-48840: Linux kernel iavf hang on reboot/shutdown due to a new wait-loop in iavf_remove() that could loop indefinitely when adapter is already removed during shutdown. The fix adds a state check at the start of iavf_remove() and skips rest of the function if the adapter is in __IAVF_REMOV...

CVE-2022-48946

CVE-2022-48946 concerns a Linux kernel issue in udf preallocation handling. When the first preallocation extent is the first in an extent block, the code could corrupt the extent tree header. The fix changes the behavior to discard or correctly manage preallocation at the indirect extent boundary...

CVE-2022-48973

CVE-2022-48973 is a Linux kernel vulnerability in the gpio/amd8111 path related to a reference-count leak for PCI devices. The issue arises because for_each_pci_dev() is implemented via pci_get_device(), which increments the reference count for the returned pci_dev but may not decrement the input...

CVE-2022-49138

CVE-2022-49138 in the Linux kernel Bluetooth hci_event path caused memory corruption when multiple conn complete events arrive for the same handle. The vulnerability arises because the device could be registered multiple times for a single connection. The fixes add handling to ignore redundant ev...

CVE-2022-49292

CVE-2022-49292 is tied to the Linux kernel ALSA oss PCM buffer allocation overflow. The vulnerability occurs when snd_pcm_plug_alloc() may allocate an oversized temporary buffer during data conversion if hardware parameters allow larger-than-expected period/buffer sizes, risking an INT_MAX overfl...

CVE-2022-49354

CVE-2022-49354 is a Linux kernel issue where a refcount leak in octeon_pata_OCTEON code was fixed. The vulnerability stems from refcount handling in pata_octeon_cf during octeon_cf_probe and in the usage of of_find_device_by_node() which took a reference but was not released with put_device(). Th...

CVE-2022-49381

CVE-2022-49381 (Linux kernel, jffs2) The issue arises from a memory leak in jffs2_sum_init() when jffs2_iget() or d_make_root() in jffs2_do_fill_super() return an error; allocated resources are not released, leading to kmemleak reports. The provided connected descriptions explain that the leak is...

CVE-2022-49455

CVE-2022-49455 (Linux kernel) fixes a double-free bug in ocxl_file_register_afu: info_release() could be invoked during device_unregister() when info->dev’s refcount was 0, making an extra ocxl_afu_put()/kfree() unnecessary. The patch adds free_minor() and returns to the err_unregister path to...

CVE-2022-49478

CVE-2022-49478 affects the Linux kernel via the media: pvrusb2 driver, specifically a faulty check in pvr2_i2c_core_init that permits an array index of -1 to be used. The issue arises when hdw->unit_number is initialized to -1 and may remain unchanged if the init-table walk fails, leading to o...

CVE-2022-49516

CVE-2022-49516 affects the Linux kernel: the ice network driver could dereference a VSI pointer returned by ice_get_vf_vsi without validating it, which could be NULL in scenarios such as resets when a VSI is removed and recreated. The published fix is to check the return value of ice_get_vf_vsi e...