CVE-2025-38079

The CVE-2025-38079 entry concerns a vulnerability in the Linux kernel crypto/algif_hash: a double free in hash_accept when accept(2) is used on an algif_hash socket with MSG_MORE and crypto_ahash_import fails. This leads to a slab-use-after-free due to sk2 being freed in both hash_accept and af_a...

CVE-2025-39688

CVE-2025-39688: In the Linux kernel NFS server, the fix for nfsd addresses handling of delegated states. The change adds SC_STATUS_FREEABLE to nfs4_lookup_stateid()'s always-allowed status mask, ensuring revoked delegations can be located when searching by stateid. It also removes SC_STATUS_FREEA...

CVE-2008-0600

CVE-2008-0600 affects the Linux kernel vmsplice_to_pipe flaw present in 2.6.17–2.6.24.1. It allows an unprivileged local user to gain root privileges via crafted vmsplice calls. Several Nessus advisories place this in the context of affected distributions (e.g., MiracleLinux, Oracle Linux/OracleV...

CVE-2009-1337

CVE-2009-1337 : Affected: Linux kernel up to 2.6.30-rc1 (exit_notify in kernel/exit.c). Root cause: exit_notify does not restrict exit signals when CAP_KILL is held, enabling a local user to set a process exit_signal and use exec to launch a setuid program. Impact: local privilege escalation via ...

CVE-2009-1338

The CVE-2009-1338 issue is confirmed in the Linux kernel prior to 2.6.28, where the kill_something_info() function in kernel/signal.c did not respect PID namespaces when handling signals directed to PID -1. This allowed a local attacker to bypass namespace isolation and send signals to processes ...

CVE-2009-3286

CVE-2009-3286 affects the Linux kernel 2.6.18 (and possibly other versions) where NFSv4 O_EXCL creates are not properly cleaned up, causing files to be created with insecure settings (e.g., setuid bits) and potentially enabling local privilege escalation. The issue is tied to the do_open_permissi...

CVE-2009-3290

CVE-2009-3290 affects KVM in Linux kernel 2.6.25-rc1 and earlier than 2.6.31 on x86. The kvm_emulate_hypercall implementation fails to restrict MMU hypercalls by CPL, enabling a local guest user to crash the guest kernel and read/write guest memory via unspecified addresses. Root cause: CPL check...

CVE-2009-3939

CVE-2009-3939 affects the Linux kernel megaraid_sas driver: the poll_mode_io file has world-writable permissions in kernel 2.6.31.6 and earlier. This enables local users to change the driver I/O mode by modifying the file. The description notes local access and manipulation of driver behavior, wi...

CVE-2010-1084

CVE-2010-1084 affects Linux kernel 2.6.18–2.6.33 (and possibly other versions); vulnerability arises from memory corruption triggered by a large number of Bluetooth sockets, related to sysfs file sizing in net/bluetooth/l2cap.c, net/bluetooth/rfcomm/core.c, net/bluetooth/rfcomm/sock.c, and net/bl...

CVE-2010-2955

The CVE-2010-2955 issue affects the Linux kernel before 2.6.36-rc3-next-20100831, specifically the cfg80211_wext_giwessid function in net/wireless/wext-compat.c, which fails to initialize certain structure members. This enables a local attacker to exploit an off-by-one error in ioctl_standard_iw_...

CVE-2010-4248

The CVE-2010-4248 issue affects the Linux kernel prior to 2.6.37-rc2. It is a race condition in the __exit_signal function (kernel/exit.c) that can be triggered by multithreaded exec paths, with related dynamics involving a thread group leader in kernel/posix-cpu-timers.c and the reassignment of ...

CVE-2010-4347

CVE-2010-4347 affects the Linux kernel’s ACPI subsystem. The vulnerability arises in the debugfs interface (custom_method file) which, due to world-writable 0222 permissions, lets a local user place a custom ACPI method in interpreter tables via acpi_debugfs_init in drivers/acpi/debugfs.c. This c...

CVE-2012-6537

CVE-2012-6537 affects the Linux kernel (before 3.6) in net/xfrm/xfrm_user.c where certain structures are not initialized, enabling local users with CAP_NET_ADMIN to leak sensitive kernel memory. The vulnerability is a local information disclosure through kernel memory exposure. Affected component...

CVE-2012-6545

The CVE-2012-6545 issue affects the Linux kernel Bluetooth RFCOMM implementation. The connected MiracleLinux advisory documents this vulnerability as: before version 3.6, RFCOMM does not properly initialize certain structures, allowing a local attacker to obtain sensitive information from kernel ...

CVE-2013-0349

CVE-2013-0349 affects the Linux kernel’s HIDP path: hidp_setup_hid in net/bluetooth/hidp/core.c fails to copy a certain name field, enabling a local attacker to read sensitive kernel memory by setting an oversized name and issuing HIDPCONNADD. The issue exists in kernel versions before 3.7.6. Mit...

CVE-2013-1860

CVE-2013-1860 is a heap-based buffer overflow in the Linux kernel’s wdm_in_callback (drivers/usb/class/cdc-wdm.c) present in versions prior to 3.8.4. The vulnerability allows physically proximate attackers to crash the system or potentially execute arbitrary code through a crafted cdc-wdm USB dev...

CVE-2013-1943

CVE-2013-1943 affects the KVM subsystem of the Linux kernel prior to 3.0. It arises because memory slots in a guest’s physical address space may be allocated without validating kernel addresses, enabling local users to gain privileges or read kernel memory. Affected components: arch/x86/kvm/pagin...

CVE-2014-9428

CVE-2014-9428 affects the Linux kernel’s B.A.T.M.A.N. fragmentation code (batadv_frag_merge_packets in net/batman-adv/fragmentation.c) up to version 3.18.1, where an incorrect length field in a memory calculation can be exploited by remote attackers to cause a denial of service (mesh-node system ...

CVE-2015-1465

The CVE-2015-1465 issue affects the Linux kernel IPv4 code prior to 3.18.8, where the RCU grace period length is not properly considered when redirecting lookups without caching. This can allow remote attackers to cause a denial of service via a flood of packets, leading to memory consumption or ...

CVE-2017-17857

The CVE-2017-17857 vulnerability affects the Linux kernel’s verifier.c check_stack_boundary in versions up to 4.14.8, allowing local users to trigger memory corruption and potential denial of service or other impact by mishandling invalid variable stack read operations. Connected advisories (Unit...

CVE-2018-12714

The CVE-2018-12714 entry concerns the Linux kernel up to 4.17.2, where filter parsing in kernel/trace/trace_events_filter.c could be invoked with no filter (N=0), causing an N−1 index access. This can lead to a slab out-of-bounds write via crafted perf_event_open and mmap, resulting in denial-of-...

CVE-2021-46980

The CVE-2021-46980 item concerns Linux kernel USB Type-C UCSI: the code previously retrieved only the first 4 power data objects (PDOs) due to a 16-byte MESSAGE_IN limit. This could cause an out-of-bounds access in ucsi_psy_get_voltage_now() when a PD source advertises more than 4 PDOs (up to 7 a...

CVE-2021-47071

CVE-2021-47071 in the Linux kernel affects the uio_hv_generic path. If vmbus_establish_gpadl() fails, the recv/gpadl paths are not updated, and the error-path free in hv_uio_cleanup() may not release the associated buffer, causing a memory leak. The description in the initial document confirms th...

CVE-2021-47086

The CVE-2021-47086 entry concerns the Linux kernel Phonet/pep path. The connected Astra Linux bulletin repeats that the vulnerability arises in an ioctl that refines enabling an unbound pipe, where the socket may not be bound to a valid Phonet object. If the socket is not bound, two issues occur:...

CVE-2021-47090

CVE-2021-47090 affects the Linux kernel memory manager (mm/hwpoison) where MF_COUNT_INCREASED is not cleared before retrying get_any_page, triggering a kernel BUG in release_pages() when MADV_SOFT_OFFLINE is tested. The issue leads to a kernel panic/BUG_ON scenario (VM_BUG_ON_PAGE) during page re...

CVE-2021-47260

In CVE-2021-47260, the Linux kernel NFS client had a potential NULL dereference in nfs_get_client(), which callers did not expect and could trigger an Oops. The issue is resolved by returning an error pointer instead of NULL. The description notes this is likely dead code and may not affect many ...

CVE-2021-47496

The CVE relates to the Linux kernel net/tls implementation: tls_err_abort() sign handling was flipped, causing sk->sk_err to be used with a positive value and leading to memory corruption in downstream code (e.g., tls_sw_do_sendpage and splice_from_pipe_feed). The root cause is inconsistent ne...

CVE-2021-47571

The CVE-2021-47571 issue affects the Linux kernel rtl8192e driver in staging. The root cause is a use-after-free in _rtl92e_pci_disconnect() where free_rtllib() frees the dev pointer, and the code reorders operations to avoid using the freed pointer. The vulnerability leads to potential use-after...

CVE-2021-47599

CVE-2021-47599 covers a Linux kernel bug in btrfs: during pruning/moving devices, btrfs_show_devname() could fail to find devices and emit a warning. The fix updates the device list handling so latest_dev->name is shown reliably in /proc/self/mounts, with devices kept alive under RCU protectio...

CVE-2021-47644

CVE-2021-47644 affects the Linux kernel where the “media: staging: media: zoran” code path was updated to move videodev allocation out of zr36057_init() and create new handling functions for zr->video_dev. The change fixes a memory leak in zr->video_dev and improves code readability. The vu...

CVE-2021-47645

CVE-2021-47645 affects the Linux kernel media subsystem (staging: media: zoran). The root cause is a miscalculated buffer index in zoran_reap_stat_com when tmp_dcim=1, which can lead to a NULL pointer dereference. Patches were applied to correct the calculation and add a defensive check to preven...

CVE-2022-2308

CVE-2022-2308 describes a vulnerability in the Linux kernel’s vDPA with the VDUSE backend. The VDUSE kernel driver does not validate that the device config space size matches the features advertised by the VDUSE userspace app, causing Virtio config read helpers to pass uninitialized memory to vdu...

CVE-2022-3633

CVE-2022-3633 affects the Linux kernel, specifically the function j1939_session_destroy in net/can/j1939/transport.c. The issue is a memory leak caused by the manipulation of this routine. Multiple connected sources (e.g., Chainguard security.json entry, Astra Linux bulletin, CNVD/CNNVD entries, ...

CVE-2022-3910

CVE-2022-3910 is a Local Use-After-Free in the Linux kernel’s io_uring path. The root cause is an improper update of the reference count when io_msg_ring is invoked with a fixed file, causing a use-after-free and local privilege escalation. The issue arises because fixed files are permanently reg...

CVE-2022-48631

The CVE-2022-48631 issue affects the Linux kernel’s ext4 extents parsing. Specifically, ext4_ext_binsearch_idx() could operate on an extent header with eh_depth > 0 when eh_entries is 0, leading to garbage indices and kernel crash (BUG at fs/ext4/extents.c:2258) observed in the provided traces...

CVE-2022-48960

The CVE-2022-48960 issue is a Linux kernel use-after-free in net: hisilicon/hix5hd2_rx(), where a skb may be freed by napi_gro_receive() and later dereferenced. The connected sources confirm a fix was applied in the kernel (via stable tree commits referenced in the CVE entry). The vulnerability a...

CVE-2022-48981

CVE-2022-48981 is a Linux kernel vulnerability related to DRM SHMEM: the error-path handling in drm/shmem-helper and the ownership of references in drm_gem_shmem_mmap() can cause a use-after-free of a GEM object. The root cause is that drm_gem_shmem_mmap() does not own a reference, potentially fr...

CVE-2022-49000

CVE-2022-49000 – Linux kernel (iommu/vt-d) refcount leak fix . The issue stems from for_each_pci_dev() implemented via pci_get_device(); the returned pci_dev’s reference count is incremented, but input dev is not always decremented, leading to a potential refcount leak. The patch adds a pci_dev_p...

CVE-2022-49138

CVE-2022-49138 in the Linux kernel Bluetooth hci_event path caused memory corruption when multiple conn complete events arrive for the same handle. The vulnerability arises because the device could be registered multiple times for a single connection. The fixes add handling to ignore redundant ev...

CVE-2022-49467

CVE-2022-49467 is a Linux kernel issue: a memory‑leak in the DRM MSM driver during mdp5_crtc_cursor_set() caused by incorrect handling in drm_gem_object_lookup/drm_gem_object_get and cursor_bo when msm_gem_get_and_pin_iova fails. Affected components/impact are within the kernel’s DRM subsystem (d...

CVE-2022-49491

CVE-2022-49491 affects the Linux kernel driver path drm/rockchip vop. Public details confirm a null-pointer dereference in resource_size() when platform_get_resource() returns NULL. The root cause is a sequencing issue: resource_size() must be invoked after devm_ioremap_resource() to ensure res i...

CVE-2022-49751

CVE-2022-49751 corresponds to a Linux kernel issue where, during removal of the ds2482 driver, a warning is produced: do not call blocking ops when !TASK_RUNNING; state=1 in w1_process(). The fix involves altering w1_process() so that when the loop breaks, the task state is set to TASK_RUNNING to...

CVE-2023-23586

CVE-2023-23586 affects the Linux kernel io_uring subsystem. A time namespace vvar page can be leaked into a process via a page fault because timens_install’s single-thread check ignores io_uring io_worker threads; when the time namespace is destroyed, the vvar page may remain and a subsequent pag...

CVE-2023-52825

CVE-2023-52825 — Linux kernel (drm/amdkfd) race condition fix . A race in vram buffer unref (prange->svm_bo) could occur in both the MMU callback and a callback after migrating to system RAM, across async tasks. The issue allowed a potential use-after-free in the AMDGPU SVM path. The vulnerabi...

CVE-2023-52855

CVE-2023-52855: Linux kernel USB-DWC2 driver race condition. When _dwc2_hcd_urb_enqueue() and _dwc2_hcd_urb_dequeue() run concurrently, urb->hcpriv can be NULL-checked before urb->hcpriv is assigned NULL, enabling a NULL dereference in dwc2_hcd_urb_dequeue. The connected documents confirm t...

CVE-2023-53057

The CVE-2023-53057 entry corresponds to a Linux kernel Bluetooth HCI global-out-of-bounds bug. The issue arises in hci_init_stage_sync() looping a variable-length array, where amp_init1[] and amp_init2[] lacked an intentionally invalid final element, enabling out-of-bounds reads during hci_dev_op...

CVE-2023-53087

The CVE-2023-53087 issue affects the Linux kernel’s DRM driver path drm/i915/active. It centers on misuse of non-idle barriers treated as fence trackers within a composite tracker, where a barrier deletion may be attempted concurrently without honoring its return value. This can leave a tracker s...

CVE-2024-26770

CVE-2024-26770 concerns the Linux kernel HID for the Nvidia Shield: a missing null-pointer check in LED initialization (led init path) could dereference NULL after devm_kasprintf() returns NULL. The issue arises during LED initialization within the Nvidia Shield HID handling; the CVSSv3.1 vector ...

CVE-2024-26787

Technical details about CVE-2024-26787 are not provided in the supplied documents. Monitor official advisories for updates on affected products, impact, and fixes.

CVE-2024-35799

CVE-2024-35799 relates to the Linux kernel, specifically the DRM/AMD display path. The issue occurs when disabling a stream encoder, where a function invoked during disable no longer exists. The fix adds a null-check for the function declaration in the disable-stream encoder path to prevent a cra...