13804 matches found
CVE-2022-50035
CVE-2022-50035 affects the Linux kernel DRM AMDGPU path. The issue is a use-after-free in amdgpu_bo_list mutex handling caused by double-unlocking of bo_list_mutex when amdgpu_cs_vm_handling returns non-zero, which can lead to a refcount underflow (as shown in the trace). The vulnerability is dem...
CVE-2022-50200
The CVE-2022-50200 issue affects the Linux kernel and stems from missing boundary checks in the selinux put_entry() path. The vulnerability could allow memory out-of-bounds access (local attack) with high impact to confidentiality or availability as described in the advisory (vector: LOCAL, compl...
CVE-2023-3866
CVE-2023-3866 : In the Linux kernel ksmbd, the compound-request handling failed to validate session and tree identifiers if the first operation is not an SMB2 ECHO. This could allow a NULL dereference when a subsequent operation accesses work->sess or work->tcon, leading to a local impact. ...
CVE-2023-52503
CVE-2023-52503: Linux kernel vulnerability in amdtee_close_session allows a local race causing use-after-free in amdtee_open_session due to non-atomic session destruction. The fix makes the decrement of sess->refcount and removal of sess from the session list an atomic/critical section in dest...
CVE-2023-52732
The CVE-2023-52732 issue affects the Linux kernel’s handling of Ceph clients (ceph) where a corrupted snap trace on kclient triggers a protection path. The documented mitigation patches block all further IO/MDS requests and evict the kclient to prevent potential data corruption on the MDS side. C...
CVE-2023-52999
CVE-2023-52999 : In the Linux kernel, the UaF in netns ops registration error path is resolved by skipping the dereference of the gen pointer when net_assign_generic() fails, preventing a slab-out-of-bounds write. The change fixes ops_init/error path behavior after failure, addressing an out-of-b...
CVE-2023-53008
CVE-2023-53008 (Linux kernel): CIFS session setup fix to prevent memory leaks by freeing cifs_ses::auth_key.response before allocating it. This addresses potential memory leaks during reconnect or mounting. The advisory states the fix in the CIFS session setup path; no exploit specifics are provi...
CVE-2023-53057
The CVE-2023-53057 entry corresponds to a Linux kernel Bluetooth HCI global-out-of-bounds bug. The issue arises in hci_init_stage_sync() looping a variable-length array, where amp_init1[] and amp_init2[] lacked an intentionally invalid final element, enabling out-of-bounds reads during hci_dev_op...
CVE-2023-53072
CVE-2023-53072 (Linux kernel, MPTCP) : A use-after-free UaF at token lookup during MPTCP passive socket initialization was fixed by changing cleanup order to destroy unaccepted MPTCP sockets via a workqueue, ensuring the MPC subflow cleanup ends with the msk released. The fix reuses the MPTCP_WOR...
CVE-2023-53098
CVE-2023-53098 summary (Linux kernel) : The vulnerability resides in the Media driver gpio-ir-recv under media: rc, where an added remove function plus runtime-pm cleanup is required. If runtime PM is enabled, systems must perform runtime PM cleanup to remove a cpu-latency QoS request; otherwise,...
CVE-2023-53110
The CVE-2023-53110 issue is in the Linux kernel net/smc path, where a race between smc_smcr_terminate_all() and smc_buf_create() can lead to a NULL sndbuf_desc being dereferenced in smc_cdc_tx_handler(), triggering a panic during SMC-R termination under stress. The available connected advisories ...
CVE-2024-26787
Technical details about CVE-2024-26787 are not provided in the supplied documents. Monitor official advisories for updates on affected products, impact, and fixes.
CVE-2024-26792
CVE-2024-26792 : Linux kernel bug in btrfs snapshot creation can cause a double free of an anonymous device number. Root cause: during snapshot creation, anon_dev is allocated, later freed in nested calls, and if the transaction path fails, the same anon_dev may be freed again even if it has been...
CVE-2024-26824
CVE-2024-26824: In the Linux kernel, the crypto/algif_hash zero-length error path incorrectly freed an SG list that was never allocated when hashing a zero-length message. The fix is to avoid freeing the SG list on the zero-length error path. Connected data (NVD entry and Nessus/UNPATCHED_CVE_202...
CVE-2024-26860
CVE-2024-26860: In the Linux kernel, the dm‑integrity path leaked memory for the checksums pointer if the data was rechecked after a checksum failure (due to the goto skip_io path). The fix frees the checksums memory before rechecking and uses the checksum_onstack buffer for storing the checksum ...
CVE-2024-26909
CVE-2024-26909 concerns the Linux kernel. A DRM bridge use-after-free in the qcom pmic_glink_altmode path could occur if the dp-hpd bridge is registered before resources are fully acquired, leading to a freed bridge being referenced during display init (possibly causing NULL dereference or attach...
CVE-2024-35851
CVE-2024-35851 affects Linux kernel Bluetooth (qca): NULL pointer dereference when waking up non-serdev Qualcomm ROME controllers during suspend due to a missing sanity check on the HCI UART serdev pointer. The fix adds a NULL-pointer check to prevent wakeup() from dereferencing a NULL in suspend...
CVE-2024-35871
CVE-2024-35871 concerns a kernel-level issue in riscv process handling that leaks the kernel global pointer (gp) via user-space observables. The vulnerability stems from how childregs (the user-context registers during syscall) can expose kernel gp in several ways (e.g., after execve, via ptrace,...
CVE-2024-36032
CVE-2024-36032 relates to the Linux kernel Bluetooth QCA driver: a fix for an info leak when fetching the fw build ID. The patch adds missing sanity checks and moves the 255-byte build-id buffer off the stack to prevent leaking stack data through debugfs if the build-info reply is malformed. Astr...
CVE-2024-36951
Mode C: CVE-2024-36951 affects the Linux kernel via the DRM/AMDKFD path. The root cause is a CP interrupt bug that can raise bad packet garbage exception codes; the fix performs a range check to ensure the debugger and runtime do not receive garbage codes. The update also guards exception code ty...
CVE-2024-39477
CVE-2024-39477 is a Linux kernel vulnerability affecting the mm/hugetlb path. The issue occurred when vma_needs_reservation() could return -ENOMEM if allocate_file_region_entries() failed to allocate the file_region struct for a reservation, causing a splat on __unmap_hugepage_range(). The mitiga...
CVE-2024-39493
The CVE CVE-2024-39493 concerns a Linux kernel crypto/qat issue (ADF_DEV_RESET_SYNC memory leak) resolved by changing the caller behavior to cancel_work_sync and then freeing the memory safely. This addresses a potential use-after-free scenario where the caller may not have waited for completion,...
CVE-2024-42290
Affected software: Linux kernel irqchip/imx-irqsteer on platforms such as i.MX8QM and i.MX8QXP. Issue: power-domain handling via clk_prepare could trigger a scheduling-while-atomic bug during device probing due to non-atomic runtime PM context. Root cause: runtime power management not synchronize...
CVE-2024-42296
CVE-2024-42296 refers to a Linux kernel issue in f2fs where f2fs_convert_inline_inode() could return 0 on readonly devices, triggering a panic during writeback of an inline inode’s dirty page. The fix changes the return to EROFS in readonly scenarios. The vulnerability is documented with affected...
CVE-2024-43851
CVE-2024-43851 summary (Linux kernel) The issue affects Linux kernel code for the Xilinx SoC path (soc: xilinx). The root cause is the per-CPU variable cpu_number1 being passed to xlnx_event_handler as the argument dev_id, but not used by that function; a patch renames cpu_number1 to dummy_cpu_nu...
CVE-2024-43864
CVE-2024-43864: In the Linux kernel mlx5e CT entry update path, a failure to allocate a new modify header could leave the old header pointer invalid, risking a panic when the old header is freed and potentially leaking the modify header context. The fix restores the old attr to attr on allocation...
CVE-2024-44943
CVE-2024-44943 relates to the Linux kernel mm/gup code where pinning folio in CMA memory during SEV VM startup could trigger a warning due to misusing try_grab_folio in both fast and slow paths. The issue stems from the longterm pinning check causing fallback paths to also fail, producing a kerne...
CVE-2024-44967
CVE-2024-44967 affects the Linux kernel in the DRM mgag200 path. The issue arises from binding the lifetime of the I2C adapter to the DRM device: cleanup via devm_add_action_or_reset() releases the I2C adapter when the Linux device goes away, but the connector retains a stale pointer in struct dr...
CVE-2024-47733
CVE-2024-47733 affects the Linux kernel netfs subsystem: netfs_init()/fscache_proc_init() creates a dentry under fs/netfs, but netfs_exit() only removes the proc entry, not its subtree, causing a non-empty directory to be removed and a leak of entries (e.g., 'requests'). The fix is to use remove_...
CVE-2024-50260
CVE-2024-50260 affects the Linux kernel sock_map subsystem. The issue is a NULL-pointer dereference between sock_map_link_detach and sock_map_link_update_prog under sockmap_mutex, potentially dereferencing sockmap_link->map when a link is being released during an update. The fix adds a NULL po...
CVE-2024-57875
Summary of CVE-2024-57875 (Linux kernel): A block-layer memory-reference issue was resolved by ensuring proper RC(U) protection when a disk’s conventional-zones bitmap is updated. The fix adds RCU-aware handling around disk->conv_zones_bitmap access: disk_zone_is_conv() now operates under the ...
CVE-2024-57997
CVE-2024-57997 (Linux kernel) : The vulnerability lies in the wifi/wcn36xx driver memory allocation for wcn->chan_survey, caused by an incorrect size calculation that could leave uninitialized memory. The fix switches to memory allocation via kcalloc to ensure proper initialization when there ...
CVE-2024-58012
CVE-2024-58012 affects the Linux kernel ASoC: SOF Intel hda-dai path. The vulnerability arises from topologies not creating the correct number of DAI widgets for aggregated amps, allowing a NULL pointer dereference when associating a CPU DAI with a widget. The fixed code adds a validity check to ...
CVE-2025-21930
CVE-2025-21930 affects the Linux kernel wireless subsystem (iwlwifi/mvm). The vulnerability arises when the driver talks to firmware that may be dead; before sending a command it now checks that the firmware is alive, preventing commands on an unresponsive firmware. Impact: local attacker could c...
CVE-2025-21984
CVE-2025-21984 affects the Linux kernel (mm/userfaultfd_move and swapcache handling). The issue occurs when userfaultfd_move treats a PTE as a swap entry without updating the folio’s destination index, creating a race window between swap PTE moves and swapcache invalidate/folio migration. In this...
CVE-2025-23130
CVE-2025-23130 affects the Linux kernel F2FS code. The issue arises when fallocation fails for pinfile, risking a kernel panic in get_new_segment due to concurrent pinfile allocations exhausting free sections. The fix expands pin_sem lock coverage to include f2fs_gc to reclaim space, tightens err...
CVE-2025-37744
CVE-2025-37744 affects the Linux kernel’s ath12k PCI wireless driver, where a memory allocated during ath12k_pci_probe() could leak if ATH12K_FLAG_QMI_FAIL is set and ath12k_fw_unmap() is not invoked in ath12k_pci_remove(). The issue is mitigated by a fixed sequence in the kernel fix, documented ...
CVE-2025-37915
CVE-2025-37915 affects the Linux kernel’s net_sched code, specifically the drr scheduler when a netem child qdisc is involved. The issue was a double addition of the same classifier to the active_list, which could cause memory corruption due to reentrancy in the parent qdisc enqueue path (not a U...
CVE-2025-37917
CVE-2025-37917 involves the Linux kernel net/ethernet MTK Star EMAC driver. The root cause is spinlock recursion that can occur when DMA interrupts are re-enabled during rx/tx poll. The vulnerability arises from using plain spin_lock/spin_unlock in mtk_star_emac, instead of the appropriate irq-sa...
CVE-2003-0985
CVE-2003-0985 affects Linux kernel 2.4.x (pre-2.4.21, possibly before 2.4.24). The do_mremap path lacks proper bounds checking, enabling local users to cause a denial of service and potentially gain privileges by remapping a VMA to a zero-length VMA. Connected data confirms CVE-2005-0528 is a dup...
CVE-2004-1335
The CVE-2004-1335 entry describes a memory leak in the Linux kernel’s ip_options_get function (pre-2.6.10) that can cause local denial of service via repeated ip_cmsg_send calls. Affected component is the kernel networking stack; impact is partial availability due to memory exhaustion. The vulner...
CVE-2008-5182
The connected Nessus advisory for MiracleLinux 3 (AXSA:2009-22:03) references CVE-2008-5182 in the inotify subsystem of the Linux kernel. Affected product: MiracleLinux 3 running kernel 2.6.18-53.21AXS3. Vulnerability type/root cause: a race condition related to inotify watch removal and unmount,...
CVE-2010-4079
CVE-2010-4079 affects the Linux kernel ivtvfb driver (ivtvfb_ioctl in drivers/media/video/ivtv/ivtvfb.c) prior to 2.6.36-rc8. The root cause is failure to initialize a structure member, enabling local users to leak information from kernel stack memory via the FBIOGET_VBLANK ioctl. Affected versio...
CVE-2010-4250
CVE-2010-4250 concerns a memory leak in the inotify_init1 path of the Linux kernel’s inotify subsystem (fs/notify/inotify/inotify_user.c) prior to kernel 2.6.37. The issue is triggered by failed attempts to create files, allowing local users to exhaust memory and potentially cause a denial of ser...
CVE-2011-2494
The CVE-2011-2494 issue affects the Linux kernel (taskstats.c) up to version before 3.1. Local users can obtain sensitive I/O statistics by sending taskstats commands to a netlink socket, with the description noting this could reveal password length information. The vulnerability’s root cause is ...
CVE-2013-0228
CVE-2013-0228 affects the Linux kernel before 3.7.9 on 32-bit Xen paravirt_ops platforms, where xen_iret in arch/x86/xen/xen-asm_32.S mishandles an invalid DS segment value. This allows guest OS users to gain guest OS privileges via a crafted application. Remediation is a kernel update to include...
CVE-2013-2634
CVE-2013-2634 affects the Linux kernel prior to 3.8.4. The issue: net/dcb/dcbnl.c does not initialize certain structures, enabling a local attacker to read sensitive data from kernel stack memory via a crafted application. Connected advisories (e.g., MiracleLinux AXSA-2013-592:07) corroborate the...
CVE-2013-4350
CVE-2013-4350 affects the Linux kernel IPv6 SCTP code (net/sctp/ipv6.c) up to version 3.11.1. The vulnerability arises because the data structures and function calls fail to trigger an intended IPsec encryption configuration, enabling remote attackers to sniff traffic and obtain sensitive informa...
CVE-2014-2038
CVE-2014-2038 affects the Linux kernel via the nfs_can_extend_write flaw in fs/nfs/write.c (before 3.13.3). The vulnerability relies on a write delegation to extend a write operation without an up‑to‑date verification, enabling local attackers to obtain sensitive kernel memory data by writing to ...
CVE-2016-2085
CVE-2016-2085 : The Linux kernel (before 4.5) contains an info leak/vulnerability in evm_verify_hmac in security/integrity/evm/evm_main.c, where improper data copy enables local users to forge MAC values via a timing side-channel attack. Affected: Linux kernel up to version 4.4.x (prior to 4.5). ...