CVE-2023-39193

CVE-2023-39193 affects the Linux kernel Netfilter SCTP path, where sctp_mt_check fails to validate the flag_count field, enabling a local attacker with CAP_NET_ADMIN to trigger an out-of-bounds read that can crash the system or cause information disclosure. Connected advisories (Red Hat, AlmaLinu...

CVE-2021-22543

CVE-2021-22543 is described in connected advisories as a local privilege-escalation through KVM and improper handling of VM_IO|VM_PFNMAP VMAs, which can bypass RO checks and allow reading/writing guest memory by a privileged VM operator. Technical details across sources indicate the vulnerability...

CVE-2021-46953

The CVE-2021-46953 issue affects the Linux kernel ACPI GTDT driver. If a probe fails due to invalid firmware properties, the driver may unmap an interrupt it mapped earlier without verifying that the mapping succeeded, and if the firmware reports an interrupt number overlapping the GIC SGI range,...

CVE-2021-46918

CVE-2021-46918 is a Linux kernel vulnerability in the IDXDMA/DMAR DMA engine where MSIX permission entries were not cleared on device shutdown. The issue arose because MSIX entries were left enabled and pasid entries remained programmed when the device shut down, potentially enabling persistence ...

CVE-2019-15917

CVE-2019-15917 concerns a use-after-free in the Linux kernel before 5.0.5. The bug occurs when hci_uart_register_dev() fails in hci_uart_set_proto() within drivers/bluetooth/hci_ldisc.c, potentially after a local Bluetooth UART device setup. Affected: Linux kernel versions prior to 5.0.5. Impact ...

CVE-2025-21971

CVE-2025-21971 in the Linux kernel net_sched subsystem: creation of a Qdisc class with classid TC_H_ROOT (0xFFFFFFFF) could terminate traversal early during qdisc tree walk, causing incorrect root backlog statistics and potential CRASH in DRR. The fix prevents creating any Qdisc class with TC_H_R...

CVE-2020-10732

CVE-2020-10732 describes a Linux Kernel flaw in the Userspace core dumps implementation. According to connected IBM bulletin entries, the issue: allows a local authenticated attacker to obtain sensitive information or cause a program crash by exploiting the core-dump handling path. The vulnerabil...

CVE-2019-6974

CVE-2019-6974 affects the Linux kernel KVM subsystem: a race in kvm_ioctl_create_device() mishandles reference counting, enabling a local user with access to /dev/kvm to cause a use-after-free, potentially crashing the guest or escalating privileges. The issue is fixed in kernel 4.20.8 and relate...

CVE-2020-28374

CVE-2020-28374 affects the Linux kernel’s SCSI target (LIO) code, specifically drivers/target/target_core_xcopy.c, where insufficient identifier checking could let a remote attacker read or write files via directory traversal in an XCOPY request. Affected component is the Linux kernel prior to 5....

CVE-2021-46917

CVE-2021-46917 is a Linux kernel vulnerability tied to the dmaengine: idxd subsystem. The issue stems from a pre-release silicon erratum workaround where a wq reset did not clear WQCFG registers, leaking into upstream code and risking clobbering registers on future devices. The documented fix rep...

CVE-2022-1011

CVE-2022-1011: A use-after-free vulnerability in the Linux kernel FUSE implementation when a user triggers write(), enabling local privilege escalation. Affected component is the FUSE filesystem in the kernel; impact is unauthorized access to data from FUSE mounts and potential escalation. Connec...

CVE-2021-46938

CVE-2021-46938 affects the Linux kernel in the device-mapper (dm-mq) path for request-based mapped devices. When loading a device-mapper table, if the allocation/initialization of blk_mq_tag_set for the device fails, a subsequent dev_remove can trigger a double free during cleanup because the poi...

CVE-2021-4154

CVE-2021-4154 is a Linux kernel use-after-free in cgroup v1 parsing (cgroup1_parse_param) that allows local privilege escalation via the fsconfig parameter, potentially enabling container breakout and system DoS. Affected component: kernel/cgroup/cgroup-v1.c in the Linux kernel. Root cause: use-a...

CVE-2023-4155

CVE-2023-4155 describes a vulnerability in the Linux kernel’s KVM AMD SEV implementation. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race that causes the VMGEXIT handler to be invoked recursively. If the handler is called multiple times, this can lead to a ...

CVE-2021-46919

CVE-2021-46919 is a Linux kernel vulnerability in dmaengine/idxd where WQ size could be changed while the device was enabled. The fix changes the state check to ensure the WQ size is only modifiable when the device is disabled, addressing a race between device state and WQ configuration. Connecte...

CVE-2021-46954

CVE-2021-46954 affects the Linux kernel net/sched IPv4 path. When act_mirred attempts to fragment IPv4 packets that were previously reassembled by act_ct, sch_frag used a temporary dst_entry, which was later treated as an rtable pointer in the fragment/MTU flow. This caused a stack out-of-bounds ...

CVE-2019-12614

CVE-2019-12614 affects Linux kernels up to 5.1.6 in the PowerPC pseries dlpar.c: a NULL pointer dereference triggered by unchecked kstrdup of prop->name can allow a local attacker to crash the system via a crafted request. The issue is confirmed in the initial description and corroborated by c...

CVE-2023-5345

CVE-2023-5345 : A use-after-free in the Linux kernel kernel’s fs/smb/client component can enable local privilege escalation. Specifically, an error in smb3_fs_context_parse_param frees ctx->password but does not set it to NULL, risking a double-free scenario. The issue is documented in the CVE...

CVE-2023-39192

CVE-2023-39192 : A flaw in the Linux kernel Netfilter xt_u32 module allows a local privileged attacker to trigger an out-of-bounds read by crafting improper values in the xt_u32 structure. The root cause is missing validation of fields in xt_u32, leading to crash or information disclosure. Impact...

CVE-2020-12770

CVE-2020-12770 arises from the Linux kernel sg_write path in the SCSI generic (sg) driver not releasing internal resources in a specific error path because sg_remove_request is not called. This root cause is cited in multiple sources (e.g., ALAS2KERNEL-5.4-2022-012) and is described as a local-ac...

CVE-2021-46942

CVE-2021-46942 relates to the Linux kernel io_uring shared sqpoll cancellation hang. The root cause is an incorrect accounting of inflight requests when cancelling sqpoll contexts that share a sqpoll, caused by per-task counters that can count more requests than are present in the io_uring contex...

CVE-2021-46921

CVE-2021-46921 affects the Linux kernel’s locking/qrwlock code. The vulnerability arises in queued_write_lock_slowpath while the wait_lock is held: a reader can observe values before the writer has truly acquired the lock, due to an ordering gap between atomic_cond_read_acquire() and the subseque...

CVE-2022-0435

CVE-2022-0435 is a Linux kernel TIPc stack overflow issue. The vulnerability occurs in TIPc domain record handling when a peer sends a domain with more than 64 members, enabling a remote attacker with access to the TIPc network to crash the system and potentially escalate privileges. Connected ad...

CVE-2022-32250

CVE-2022-32250 : A local privilege-escalation vulnerability in the Linux kernel affects net/netfilter/nf_tables_api.c (up to 5.18.1). An incorrect NFT_STATEFUL_EXPR check leads to a use-after-free, allowing a local user with namespace creation capability to escalate to root. Affected: Linux kerne...

CVE-2025-21765

CVE-2025-21765 is a Linux kernel IPv6 issue where ip6_default_advmss() reads net structures that could disappear without proper protection. The root cause is missing RCU protection in ip6_default_advmss(), which could enable read-time inconsistency. The vulnerability is documented as a Local, Low...

CVE-2021-46933

The CVE-2021-46933 issue affects the Linux kernel USB gadget f_fs component. It occurred when ffs_data_clear was invoked indirectly via ffs_fs_kill_sb/ffs_ep0_release, causing eventfd_ctx_put to be called multiple times and leading to a refcount underflow. The documented fix zeroes out ffs_eventf...

CVE-2023-1192

CVE-2023-1192 denotes a use-after-free in CIFS smb2_is_status_io_timeout() within the Linux kernel, where memory freed during a system call and CIFS’ later access to that memory can trigger a denial of service. The connected advisories confirm this UAF issue exists in kernel CIFS code and link it...

CVE-2017-18017

CVE-2017-18017 affects the Linux kernel’s tcpmss_mangle_packet in net/netfilter/xt_TCPMSS.c. When xt_TCPMSS is used in an iptables action, a remote attacker can trigger a use-after-free and memory corruption, leading to a denial of service. Affected versions are Linux kernel before 4.11, and 4.9....

CVE-2021-32399

CVE-2021-32399 affects the Linux kernel’s Bluetooth HCI handling, specifically a race condition in removal of the HCI controller implemented in net/bluetooth/hci_request.c up to version 5.12.2. The connected Astra Linux entry references the same race condition in the Linux kernel, and a dated Lin...

CVE-2024-26590

Summary (CVE-2024-26590) : In the Linux kernel, the EROFS filesystem’s per-file compression format handling could become inconsistent when a crafted image uses an algorithm type not listed in sbi->available_compr_algs. This could trigger a NULL pointer dereference if the corresponding decompre...

CVE-2024-1086

CVE-2024-1086 is a use-after-free in Linux kernel nf_tables (netfilter). The vulnerability stems from nft_verdict_init() allowing positive values as drop errors in the hook verdict, enabling nf_hook_slow() to trigger a double-free when NF_DROP is issued with a drop error resembling NF_ACCEPT. Exp...

CVE-2019-14901

CVE-2019-14901 is a heap overflow in the Marvell WiFi driver (mwifiex) of the Linux kernel, affecting all 3.x/4.x prior to 4.18.0. It can allow a remote attacker to crash the system (DoS) or potentially execute code with root privileges, impacting confidentiality and integrity. Public advisories ...

CVE-2021-33624

CVE-2021-33624 affects the Linux kernel prior to 5.12.13, where the eBPF verifier in kernel/bpf/verifier.c could mispredict branches (e.g., due to type confusion), allowing an unprivileged BPF program to read arbitrary kernel memory locations via a side-channel attack. Several connected advisorie...

CVE-2021-46928

CVE-2021-46928 affects the Linux kernel on parisc: a trap7 (Instruction access rights) could leave the cr19 IIR register with a stale value. The patch fixes this by overwriting the stale IIR with the constant 0xbaadf00d when the trap occurs, preventing confusing dump values. The issue arises beca...

CVE-2021-46937

The connected Nessus entry confirms CVE-2021-46937 affects the Linux kernel DAMON debugfs interface: repeated writes to the target_ids file increase pid reference counts without corresponding decreases, causing a memory leak of struct pid. The issue is fixed by a kernel patch that decrements PID ...

CVE-2024-53104

CVE-2024-53104 affects the Linux kernel USB Video Class (UVC) driver, specifically the uvc_parse_format logic which should skip frames of type UVC_VS_UNDEFINED. The fix prevents an out-of-bounds write in uvc_parse_streaming caused by mis-sized frame buffers, addressing an out-of-bounds write vuln...

CVE-2021-46947

CVE-2021-46947 is a Linux kernel issue in the sfc (Solarflare) driver where efx->xdp_tx_queue_count can reflect too many uninitialized slots after probing, risking a NULL pointer dereference (e.g., when running ethtool -S). The root cause is that xdp_tx_queue_count starts at num_possible_cpus(...

CVE-2022-0995

CVE-2022-0995 is an out-of-bounds memory write in the Linux kernel’s watch_queue event notification subsystem that can overwrite kernel state and may allow a local user to gain privileged access or cause a denial of service. Connected sources indicate affected kernel lines include 5.x series with...

CVE-2023-23454

CVE-2023-23454 affects the Linux kernel cbq_classify (net/sched/sch_cbq.c) up to version 6.1.4, enabling a local attacker to trigger a slab-out-of-bounds read via type confusion (non-negative values may be misinterpreted as TC_ACT_SHOT), causing denial of service. Connected advisories reference s...

CVE-2023-5090

CVE-2023-5090: A flaw in Linux kernel KVM (svm_set_x2apic_msr_interception) enables direct access to host x2apic MSRs when a guest resets its APIC, potentially causing denial of service. Connected advisories (Astra Linux, IBM Guardium bulletin, Amazon ALAS) reference this CVE as part of Linux ker...

CVE-2021-3752

Mode C: CVE-2021-3752 is a Linux kernel use-after-free vulnerability in the Bluetooth L2CAP path caused by a race between connect and disconnect. The flaw can allow a local attacker to crash the system or escalate privileges. Connected documents confirm this CVE is discussed in Debian advisories ...

CVE-2023-3567

CVE-2023-3567 is a use-after-free vulnerability in Linux kernel code (vc_screen.c: vcs_read in vc_screen) that can allow a local attacker to crash the system or leak kernel information. Connected advisories (Astra Linux, CIRCL sighting, and Amazon Linux advisories) confirm the same UAF issue and ...

CVE-2021-27365

CVE-2021-27365 affects the Linux kernel iSCSI subsystem. The issue is a heap overflow in iSCSI data handling where certain iSCSI data structures lack proper length checks and can exceed PAGE_SIZE; an unprivileged, local user can send a Netlink message (up to the maximum Netlink message length) an...

CVE-2021-4083

CVE-2021-4083 is a read-after-free in Linux kernel Unix domain socket GC triggered by a race between close() and fget(). Affected kernels are prior to 5.16-rc4. Local users could crash the system or escalate privileges. Affected products include upstream kernel and Linux distributions (Astra Linu...

CVE-2021-46923

CVE-2021-46923: Rejected reason; this CVE entry is not used.

CVE-2023-1829

CVE-2023-1829 affects the Linux kernel tcindex subsystem. A use-after-free can occur in tcindex_delete when filters are not properly deactivated for a perfect-hash underlying structure, potentially enabling local privilege escalation to root. The flaw is tied to the traffic control index filter (...

CVE-2017-1000253

CVE-2017-1000253 is a Linux kernel PIE stack buffer corruption vulnerability in load_elf_binary() that can allow local privilege escalation when PIE is used and memory mapping overlaps the stack region. The issue stems from not accounting for space for the entire binary, causing later PT_LOAD seg...

CVE-2019-15927

CVE-2019-15927: A Linux kernel issue before 4.20.2 allows an out-of-bounds access in build_audio_procunit() within sound/usb/mixer.c, enabling local exploitation under affected kernels. The vulnerability is triggered by an out-of-bounds access in the function, as documented in the CVE entry and t...

CVE-2020-10757

CVE-2020-10757 affects the Linux kernel (post 4.5-rc1) where mremap mishandles DAX Huge Pages, enabling a local attacker with DAX storage access to escalate privileges. Connected advisories (RHEL/CentOS, Amazon Linux 2, IBM QRadar-related entries) confirm kernel patches/fixes are available and re...

CVE-2008-4609

CVE-2008-4609 is a TCP state-exhaustion DoS vulnerability demonstrated by sockstress. It was described as affecting the TCP implementation in Linux, BSD-based platforms, Windows, Cisco products, and probably others. The issue enables a remote attacker to exhaust connection state, potentially rend...