CVE-2025-37926

CVE-2025-37926 concerns the Linux kernel’s ksmbd component. A_use-after-free can occur due to a race between ksmbd_session_rpc_open() and __session_rpc_close(), potentially allowing exploitation when an attacker could trigger a session race. The fix adds a lock (rpc_lock) to the session to protec...

CVE-2025-37969

In CVE-2025-37969, the Linux kernel vulnerable component is the IIO IMU driver st_lsm6dsx (read_tagged_fifo). The issue allows a potential lockup when pattern_len is zero and the device FIFO is not empty, risking an infinite loop and elevated availability impact. The vulnerability has been fixed ...

CVE-2025-37973

CVE-2025-37973 affects the Linux kernel Wi-Fi stack, specifically the cfg80211 defragmentation logic for multi-link elements. The issue is a miscalculation during multi-link element defragmentation that adds the MLE length to the total IEs length, which can cause an out-of-bounds access if the ML...

CVE-2025-37983

CVE-2025-37983 is a Linux kernel issue where an inode allocation path could leak a dentry due to an OOM related leak in qibfs. The description confirms the vulnerability was resolved by a fix merged in the kernel ("qibfs: fix another leak"). Public connected sources (Azure Linux, Astra Linux, and...

CVE-2025-37991

CVE-2025-37991 describes a PA-RISC (parisc) Linux kernel issue where a SIGFPE exception can crash an application if a second SIGFPE is delivered in the signal handler. The root cause is traced to glibc using a double-word floating-point store to atomically update function descriptors, causing a t...

CVE-2025-38479

CVE-2025-38479 affects the Linux kernel dmaengine/fsl-edma remove path on i.MX platforms. The root cause was a missing check for txirq/errirq, which could trigger a kernel dump (Warning: devm_free_irq) on i.MX9. The fix adds a txirq/errirq check to prevent the warning and ensure proper irq releas...

CVE-2007-4567

CVE-2007-4567 affects the Linux kernel (ipv6_hop_jumbo in net/ipv6/exthdrs.c). The vulnerability arises from improper validation of the hop-by-hop IPv6 extended header, enabling remote attackers to trigger a denial of service via a crafted IPv6 packet that can cause a NULL pointer dereference and...

CVE-2009-2407

CVE-2009-2407 describes a heap-based buffer overflow in the parse_tag_3_packet function of fs/ecryptfs/keystore.c in the Linux kernel’s eCryptfs subsystem, exploitable via a crafted eCryptfs file. The issue affects Linux kernels before 2.6.30.4 and can lead to a denial of service (system crash) o...

CVE-2009-2908

CVE-2009-2908 affects the Linux kernel 2.6.31: the d_delete function in fs/ecryptfs/inode.c can lead to a negative dentry and a NULL pointer dereference. Local users can cause a kernel OOPS and potentially execute arbitrary code; exploitation demonstrated via a Mutt temporary directory in an eCry...

CVE-2009-4131

The CVE refers to EXT4_IOC_MOVE_EXT (move extents) in the Linux kernel’s ext4 filesystem, where the ioctl allows local users to overwrite arbitrary files due to insufficient permission checks. Affected: ext4 subsystem on kernel versions prior to 2.6.32-git6. Impact: local privilege-related overwr...

CVE-2010-4248

The CVE-2010-4248 issue affects the Linux kernel prior to 2.6.37-rc2. It is a race condition in the __exit_signal function (kernel/exit.c) that can be triggered by multithreaded exec paths, with related dynamics involving a thread group leader in kernel/posix-cpu-timers.c and the reassignment of ...

CVE-2010-4263

The CVE-2010-4263 issue involves the Intel igb driver (drivers/net/igb/igb_main.c) in the Linux kernel and its handling of VLAN-tagged frames when SR-IOV and promiscuous mode are enabled but no VLANs are registered. In kernels before 2.6.34, processing such frames could trigger a NULL pointer der...

CVE-2010-4342

Vulnerability (CVE-2010-4342) in the Linux kernel affects the AUN path when Econet is enabled. The flaw is in the aun_incoming function (net/econet/af_econet.c) and allows remote attackers to trigger a NULL pointer dereference and kernel OOPS, causing a denial of service via UDP-based Acorn Unive...

CVE-2011-1170

CVE-2011-1170 affects the Linux kernel prior to 2.6.39 where net/ipv4/netfilter/arp_tables.c does not place the expected null terminator at the end of certain string values. This can allow a local user with CAP_NET_ADMIN to craft a request and read the argument to the modprobe process, potentiall...

CVE-2011-2497

CVE-2011-2497 is a Linux kernel Bluetooth L2CAP underflow/overflow issue. The vulnerability arises from an integer underflow in l2cap_config_req in net/bluetooth/l2cap_core.c, enabling remote attackers to trigger a heap memory corruption or buffer overflow via a small command-size value in an L2C...

CVE-2012-4444

The CVE-2012-4444 issue affects the Linux kernel prior to 2.6.36, where the ip6_frag_queue function in net/ipv6/reassembly.c can be exploited remotely to bypass certain network restrictions by sending overlapping IPv6 fragments. The vulnerability is consistently described in multiple sources (Lin...

CVE-2012-6537

CVE-2012-6537 affects the Linux kernel (before 3.6) in net/xfrm/xfrm_user.c where certain structures are not initialized, enabling local users with CAP_NET_ADMIN to leak sensitive kernel memory. The vulnerability is a local information disclosure through kernel memory exposure. Affected component...

CVE-2012-6547

CVE-2012-6547 is the Linux kernel issue where __tun_chr_ioctl in drivers/net/tun.c may leave a structure uninitialized, enabling local users to read kernel stack memory. It is described as affecting Linux kernels prior to 3.6; MiracleLinux advisories list this CVE among others in kernel packages ...

CVE-2013-2897

CVE-2013-2897 affects the Linux kernel HID multitouch driver (drivers/hid/hid-multitouch.c) with CONFIG_HID_MULTITOUCH enabled, up to kernel 3.11. The vulnerability allows physically proximate attackers to trigger a denial of service via crafted HID devices, causing heap memory corruption or a NU...

CVE-2013-3222

CVE-2013-3222 affects the Linux kernel: the vcc_recvmsg function in net/atm/common.c does not initialize a length variable, enabling a local attacker to read sensitive data from kernel stack memory via crafted recvmsg/recvfrom calls. The condition is “before 3.9-rc7”; the implication is a local i...

CVE-2014-0049

CVE-2014-0049 affects the Linux kernel up to version 3.13.5 via a buffer overflow in the complete_emulated_mmio path of arch/x86/kvm/x86.c. The flaw allows a guest OS user to trigger an invalid memory copy that can lead to arbitrary code execution on the host. The published fix is in Linux kernel...

CVE-2014-1690

The vulnerability CVE-2014-1690 affects the Linux kernel’s net/netfilter/nf_nat_irc.c before 3.12.8. An IRC DCC session with incorrect NAT mangle data can allow a remote attacker to read kernel memory. Impact is information disclosure; exploitation context is remote over the network. The fixed ve...

CVE-2015-1465

The CVE-2015-1465 issue affects the Linux kernel IPv4 code prior to 3.18.8, where the RCU grace period length is not properly considered when redirecting lookups without caching. This can allow remote attackers to cause a denial of service via a flood of packets, leading to memory consumption or ...

CVE-2016-2853

CVE-2016-2853 – Linux kernel aufs Privilege Escalation : The vulnerability arises in the aufs module (Linux kernel 3.x/4.x) where mount namespace restrictions are insufficient. A local attacker can mount an aufs filesystem atop a FUSE filesystem and, by executing a crafted setuid program, escalat...

CVE-2019-16921

In the Linux kernel before 4.17, hns_roce_alloc_ucontext in drivers/infiniband/hw/hns/hns_roce_main.c does not initialize the resp data structure, which may allow attackers to read sensitive information from kernel stack memory (CID-df7e40425813). This CVE affects the kernel code path associated ...

CVE-2020-36781

CVE-2020-36781: In the Linux kernel i2c: imx, a reference leak occurs when pm_runtime_get_sync returns (including failure). The leak happens because the PM runtime reference count is incremented on return from pm_runtime_get_sync, but code paths i2c_imx_xfer() and i2c_imx_remove() do not balance ...

CVE-2021-47066

CVE-2021-47066 describes a Linux kernel vulnerability in async_xor handling where an incorrect xor value is computed when dropping a destination page due to not updating src_offs alongside src_list. The root cause is that the xor value uses offsets per r5dev, and the patch sequence now records mu...

CVE-2021-47086

The CVE-2021-47086 entry concerns the Linux kernel Phonet/pep path. The connected Astra Linux bulletin repeats that the vulnerability arises in an ioctl that refines enabling an unbound pipe, where the socket may not be bound to a valid Phonet object. If the socket is not bound, two issues occur:...

CVE-2021-47194

CVE-2021-47194 : Linux kernel vulnerability in cfg80211 where switching from P2P_GO to ADHOC via NL80211_CMD_SET_INTERFACE failed to call cfg80211_stop_ap, allowing in-use data to be re-initialized (e.g., sdata->assigned_chanctx_list) while still in assigned_vifs, corrupting the linked list. D...

CVE-2021-47403

CVE-2021-47403 relates to the Linux kernel ipack: ipoctal subsystem, where a reference to the carrier module was taken on every open but released only when the final reference to the tty struct dropped. The root cause is a module reference leak during tty installation/open, leading to a lingering...

CVE-2021-47434

CVE-2021-47434 concerns the Linux kernel xHCI host controller where command ring pointer corruption could occur while aborting a command. The issue arises because the 64-bit CRCR is written in two 32-bit writes; when the upper 32 bits are not updated (they may remain zero) due to the command ring...

CVE-2021-47520

Summary (CVE-2021-47520): A Linux kernel issue in can: pch_can: pch_can_rx_normal leads to a use-after-free when dereferencing skb after netif_receive_skb(skb); the can_frame cf aliases skb memory and is dereferenced immediately after. The documented fix is a reordering of lines to prevent derefe...

CVE-2021-47547

CVE-2021-47547 is a Linux kernel vulnerability in the tulip de4x5 driver. The fix prevents an out-of-bounds access of the array lp->phy[8] when the loop ends with k==8, which could occur if all ids in lp->phy[8] are non-zero. The connected Astra Linux bulletin mirrors this kernel issue and ...

CVE-2021-47571

The CVE-2021-47571 issue affects the Linux kernel rtl8192e driver in staging. The root cause is a use-after-free in _rtl92e_pci_disconnect() where free_rtllib() frees the dev pointer, and the code reorders operations to avoid using the freed pointer. The vulnerability leads to potential use-after...

CVE-2021-47602

CVE-2021-47602 affects the Linux kernel mac80211 QoS admission-control path. The root cause was an uninitialized-value path triggered by non-QoS nullfunc packets, which could access the QoS header. The fix restricts all actions to QoS data packets, preventing misuse from non-QoS traffic. Remediat...

CVE-2021-47632

CVE-2021-47632 affects the Linux kernel on PowerPC where a spin_lock in change_page_attr() for set_memory caused spinlock recursion. The fix removes the read/modify/write sequence and the spin_lock(), and uses atomic handling of page-flag sets (_PAGE_KERNEL_RO/ROX/RW/RWX) by comparing flag sets t...

CVE-2022-3526

CVE-2022-3526 is a Linux kernel issue affecting the macvlan_handle_frame path in drivers/net/macvlan.c (skb). The connected OSV advisory (SUSE-SU-2022:4617-1) confirms a memory-leak vulnerability associated with CVE-2022-3526 and lists it among the fixed issues in kernel updates for SUSE Linux En...

CVE-2022-3633

CVE-2022-3633 affects the Linux kernel, specifically the function j1939_session_destroy in net/can/j1939/transport.c. The issue is a memory leak caused by the manipulation of this routine. Multiple connected sources (e.g., Chainguard security.json entry, Astra Linux bulletin, CNVD/CNNVD entries, ...

CVE-2022-48656

CVE-2022-48656 relates to a refcount leak in Linux kernel dmaengine: ti: k3-udma-private (of_xudma_dev_get). The issue stems from a missing of_node_put() in the error/fail path, causing a reference leak. The fix moves of_node_put() before the check to ensure proper reference handling. Impact is m...

CVE-2022-48697

In CVE-2022-48697, Linux kernel nvmet/nvme contains a use-after-free in blk_mq_complete_request_remote that is triggered in the nvmet path during IO handling, as detailed by the fixed commit in the kernel (nvmet: fix a use-after-free) with the related call trace and KASAN exposure. The issue was ...

CVE-2022-48858

CVE-2022-48858 - Linux kernel mlx5 race (net/mlx5): The vulnerability results from a race on command flush, causing a refcount use-after-free when a command is freed while another process may still access it. The root cause is improper synchronization around command entry refcount, leading to a p...

CVE-2022-48960

The CVE-2022-48960 issue is a Linux kernel use-after-free in net: hisilicon/hix5hd2_rx(), where a skb may be freed by napi_gro_receive() and later dereferenced. The connected sources confirm a fix was applied in the kernel (via stable tree commits referenced in the CVE entry). The vulnerability a...

CVE-2022-48979

Summary: CVE-2022-48979: in the Linux kernel, the DRM/AMD display DCN32 DML path had an array index out-of-bounds. Root cause: the LinkCapacitySupport array was indexed by the number of voltage states rather than the total number of voltage states (the max DPPs), causing an out-of-bounds access. ...

CVE-2022-49017

CVE-2022-49017 (Linux kernel) : A use-after-free in Tipc processing was mitigated by re-fetching the skb control block from the newly allocated skb after tipc_msg_validate(), preventing dereferencing a freed skb. The issue manifested as a KASAN use-after-free in tipc_crypto_rcv_complete and relat...

CVE-2022-49044

CVE-2022-49044 affects the Linux kernel dm‑integrity driver. When tag_size is smaller than the digest size, a portion of the digest is written beyond the end of ic->recalc_tags, corrupting memory in integrity_recalc->integrity_sector_checksum->crypto_shash_final. The fix increases the ta...

CVE-2022-49055

CVE-2022-49055 : In the Linux kernel, the drm/amdkfd code fixes a null-pointer dereference risk by validating the return value of kmalloc_array(). The vulnerable path could dereference event_waiters[i].wait if kmalloc_array() returns NULL. The fix adds a NULL check before using the allocated memo...

CVE-2022-49248

CVE-2022-49248 relates to the Linux kernel ALSA: firewire-lib, where the deferrable AV/C transaction flag could be left uninitialized for non-control/notify AV/C transactions. UBSAN reported an invalid-load in fcp.c when handling AV/C responses, with the status flag being read as a boolean. The i...

CVE-2022-49346

CVE-2022-49346 is a Linux kernel vulnerability in the net: dsa: lantiq_gswip path. The issue is a refcount leak in gswip_gphy_fw_list caused by every iteration of for_each_available_child_of_node() decrementing the previously referenced node, and a missing explicit of_node_put() when breaking ear...

CVE-2022-49367

Summary (CVE-2022-49367) In the Linux kernel, the mv88e6xxx DSA MDIO registration path contains a refcount leak. The function of_get_child_by_name() returns a node pointer with an incremented refcount, but of_node_put() is not called when finished, leaking references. mv88e6xxx_mdio_register() fo...

CVE-2022-49491

CVE-2022-49491 affects the Linux kernel driver path drm/rockchip vop. Public details confirm a null-pointer dereference in resource_size() when platform_get_resource() returns NULL. The root cause is a sequencing issue: resource_size() must be invoked after devm_ioremap_resource() to ensure res i...