CVE-2012-1583

CVE-2012-1583 : Affected software is the Linux kernel (net/ipv6/xfrm6_tunnel.c) with the xfrm6_tunnel module enabled. The issue is a double free in xfrm6_tunnel_rcv, allowing remote attackers to cause a denial of service (panic) via crafted IPv6 packets on kernels before 2.6.22. This vulnerabilit...

CVE-2012-2390

CVE-2012-2390 concerns a memory leak in mm/hugetlb.c of the Linux kernel up to version 3.4.2. The issue allows local users to trigger memory exhaustion or a system crash via invalid MAP_HUGETLB mmap operations. The connected Nessus advisories (UNITY_LINUX_UTSA and MIRACLE_LINUX AXSA entries) reit...

CVE-2012-3552

The CVE-2012-3552 issue is a race condition in the Linux kernel IP implementation that exists in versions before 3.0. According to the connected documents, remote attackers could trigger a denial of service (slab corruption and system crash) by sending packets to an application that sets socket o...

CVE-2013-0160

CVE-2013-0160 affects the Linux kernel up to version 3.7.9. It enables local attackers to obtain sensitive keystroke timing information by abusing the inotify API on the /dev/ptmx device. The impact is described as partial confidentiality loss; no guidance on exploit details or mitigation is prov...

CVE-2013-1767

CVE-2013-1767 is a Use-after-Free vulnerability in the Linux kernel’s shmem_remount_fs (mm/shmem.c) that allows local users to gain privileges or cause a denial of service by remounting a tmpfs without the mempolicy option. Affected: Linux kernel versions before 3.7.10. Impact per sources: local ...

CVE-2013-4511

CVE-2013-4511 concerns multiple integer overflows in the Linux kernel’s Alchemy LCD frame-buffer drivers (au1100fb_fb_mmap and au1200fb_fb_mmap). The issue allows a local attacker to craft mmap operations to create a read-write mapping of kernel memory, enabling privilege escalation. The descript...

CVE-2014-8172

CVE-2014-8172 affects the Linux kernel prior to 3.13, where files list handling uses an inappropriate locking approach around Asynchronous I/O (AIO). This local-denial-of-service flaw can cause soft lockups or a system crash. The available documentation confirms the vulnerability and its local at...

CVE-2014-8173

CVE-2014-8173 affects the Linux kernel before 3.13 on NUMA systems. The function pmd_none_or_trans_huge_or_clear_bad in include/asm-generic/pgtable.h fails to correctly identify PMD entries as transparent huge-table entries, allowing a local user to trigger a NULL pointer dereference and system c...

CVE-2015-8967

From connected documents: CVE-2015-8967 affects the Linux kernel's arch/arm64/kernel/sys.c prior to version 4.0. Local users with write access can bypass the kernel’s strict page permissions and modify the system-call table to gain privileges, implying local privilege escalation. A patch/commit a...

CVE-2017-17855

CVE-2017-17855 affects Linux kernel versions up to 4.14.8 in kernel/bpf/verifier.c, where improper use of pointers in place of scalars allows local users to cause a denial of service via memory corruption (impact described as high). The provided documents do not supply a confirmed exploit, mitiga...

CVE-2017-7277

CVE-2017-7277 affects the Linux kernel TCP stack up to version 4.10.6. It arises from mishandling SCM_TIMESTAMPING_OPT_STATS in net/core/skbuff.c and net/socket.c, enabling local users to read sensitive kernel socket data or cause a denial of service (out-of-bounds read) via crafted syscalls. Ups...

CVE-2018-12904

CVE-2018-12904 affects the Linux kernel’s KVM implementation on x86 when nested virtualization is enabled. The vulnerability arises in arch/x86/kvm/vmx.c due to insufficient CPL checks, potentially allowing a local attacker running in a guest VM (L1) to cause VMEXITs that may lead to privilege es...

CVE-2021-47301

Summary: CVE-2021-47301 affects the Linux kernel igb/igc driver stack. Root cause: a use-after-free in the reset path where next_to_watch is not cleared while cleaning the TX ring, risking a freed skb being freed again if igb_poll() executes during reset. Impact: potential invalid memory accesses...

CVE-2021-47324

CVE-2021-47324 relates to the Linux kernel watchdog driver. The issue is a use-after-free risk in wdt_startup() caused by the remove path calling del_timer() instead of waiting for the timer handler to finish. The timer handler could still be running after the driver’s remove function returns, po...

CVE-2021-47342

CVE-2021-47342 affects the Linux kernel’s ext4 filesystem. A race during remounting a read-only, mmp-protected filesystem can cause a use-after-free (UAF) when the kmmpd thread may exit and leave sbi->s_mmp_tsk pointing at freed memory, triggering an object lifetime dereference in ext4_stop_mm...

CVE-2021-47344

CVE-2021-47344 affects the Linux kernel zr364xx USB video driver. The issue is a memory leak in the zr364xx_start_readpipe path caused by not freeing a URB when usb_submit_urb() fails, leading to leaked memory in non-freed URBs during driver probe/initialization. The description and backtrace in ...

CVE-2021-47443

CVE-2021-47443 affects the Linux kernel NFC digital subsystem. The vulnerability is a memory leak in digital_tg_listen_mdaa() where 'params' is allocated but not freed if digital_send_cmd() fails. The patch adds a free of 'params' on failure, reducing leak risk. Affected versions are Linux kernel...

CVE-2021-47590

CVE-2021-47590 affects the Linux kernel MPTCP path. The deadlock occurs when __mptcp_push_pending() calls mptcp_flush_join_list() while holding the subflow socket lock, enabling __mptcp_sockopt_sync() to lock the subflow socket. The fix uses __mptcp_flush_join_list() (not plain mptcp_flush_join_l...

CVE-2022-48948

CVE-2022-48948 concerns a Linux kernel vulnerability in the USB gadget UVC setup handler. The issue arises when a control transfer request carries up to 64 bytes (UVC_MAX_REQUEST_SIZE) while the data stage for OUT transfers copies bytes into a 60-byte uvc_event->data.data buffer, enabling a po...

CVE-2022-48966

The CVE-2022-48966 entry concerns the Linux kernel net/mvneta: out-of-bounds read in mvneta_config_rss(). The user-supplied pp->indir[0] is used in cpu_online(pp->rxq_def) inside mvneta_percpu_elect(), so the issue is a bounds-checking flaw on the cpu bitmap. A fix has been applied in the k...

CVE-2022-49096

Summary (CVE-2022-49096): In the Linux kernel net/sfc driver, changing rx/tx ring buffer size with ethtool -G led to a kernel panic when handling XDP_TX or XDP_REDIRECT because xdp queues (efx->xdp_tx_queues) were not reinitialized. The root cause was missing reinitialization of the XDP queues...

CVE-2022-49104

CVE-2022-49104 affects the Linux kernel, specifically the staging/vchiq_core code path. The issue is triggered when find_service_by_handle is given an invalid handle, which can return NULL and lead to a NULL pointer dereference. The description in the provided documents confirms this root cause a...

CVE-2022-49131

CVE-2022-49131 concerns a Linux kernel kernel-panic in the ath11k driver while unloading/loading modules on some ARM platforms. The root cause is a dereference path leading to an OOPS in napi_by_id during netif_napi_add, which could occur over repeated unload/load cycles. The fixed fix is to call...

CVE-2022-49159

CVE-2022-49159 affects the Linux kernel SCSI driver qla2xxx (SRB refcounting). The issue arises from a race between the timeout path and the normal completion path, where qla24xx_async_abort_cmd() could access a freed sp->qpair pointer, risking a kernel NULL pointer dereference. The documented...

CVE-2022-49209

CVE-2022-49209 concerns a memleak in the Linux kernel related to bpf/sockmap path when sk_msg_alloc() returns -ENOMEM during tcp_bpf_sendmsg and related paths (e.g., tls_sw_sendmsg). The root cause is partial memory allocation (msg_tx->sg.size > osize) leaving allocated memory unreleased if...

CVE-2022-49331

In the Linux kernel, the nfc: st21nfca driver was fixed to address memory leaks in EVT_TRANSACTION handling. The error paths did not free previously allocated memory, and the patch adds devm_kfree() to those failure paths to prevent leaks. The CVE entry CVE-2022-49331 reflects this fix. The avail...

CVE-2022-49449

The CVE-2022-49449 issue affects Linux kernel pinctrl: renesas: rzn1. The root cause is a possible null-ptr-deref when using 'res' if platform_get_resource() returns NULL. The patch defers dereferencing 'res' by performing devm_ioremap_resource() first (which validates the resource) and then uses...

CVE-2022-49581

CVE-2022-49581 : In the Linux kernel, the be2net driver had a buffer overflow in be_get_module_eeprom due to improper handling of buffer length in be_cmd_read_port_transceiver_data. The vulnerable path could copy more data than available when the buffer is smaller than PAGE_DATA_LEN (or twice tha...

CVE-2022-49643

CVE-2022-49643 — Linux kernel : The issue affects ima_appraise_measurement in the kernel; when ima-modsig is enabled, a negative rc passed to evm_verifyxattr() can trigger an integer overflow. The vulnerability is addressed by a kernel patch in the Linux kernel (fixes integer overflow in ima_appr...

CVE-2022-49701

The CVE-2022-49701 entry documents a Linux kernel issue in the ibmvfc SCSI driver where queue resources (sub-queues and event pool) are allocated/freed on every CRQ connection event (e.g., reset, LPM) instead of only during probe/remove. This can cause memory inefficiency, potential allocation fa...

CVE-2022-50053

CVE-2022-50053 concerns the Linux kernel iavf driver: a reset error handling path could lead to deadlock due to double napi_disable and a stuck iavf_remove when VF removal occurs during rapid resets. The fix removes the call to iavf_close in reset error handling and instead calls iavf_disable_vf ...

CVE-2022-50068

CVE-2022-50068 affects the Linux kernel DRM TTM path (drm/ttm). The issue is a null pointer dereference in ttm_bo_validate during and after bo initialization, triggered by inspecting a NULL bo->resource in mem_type handling, potentially causing a kernel crash (general protection fault) and a l...

CVE-2022-50136

The CVE-2022-50136 issue affects the Linux kernel RDMA/siw path, where siw_recv_mpa_rr returning -EAGAIN could cause IW_CM_EVENT_CONNECT_REPLY to be reported incorrectly, triggering a kernel call trace (iw_cm) and a BUG at iwcm.c:894. A patch/fix has been applied in kernel code (e.g., commits lin...

CVE-2022-50211

CVE-2022-50211 : Linux kernel md-raid10 path had a slab-out-of-bounds KASAN warning in raid10_remove_disk during an lvm-based reshape test. The fix verifies that the value “number” is valid to prevent an out-of-bounds read (Read of size 8) from 256-byte kmalloc slab. The issue is tied to KASAN re...

CVE-2023-0615

CVE-2023-0615 affects the Linux kernel V4L2 and vivid test code paths. The vulnerability is a memory leak with potential divide-by-zero and integer overflow when triggering ioctls such as VIDIOC_S_DV_TIMINGS, which could allow a local user to crash the system if vivid test code is enabled. Public...

CVE-2023-52608

CVE-2023-52608 — Linux kernel (ARM SCMI): The issue is a race condition in the A2P channel where a late reply can be mis-associated with a newly enqueued SCMI command, causing the SMT area to be overwritten and potentially delaying or misrouting responses. The vulnerability is addressed by a cons...

CVE-2023-52694

CVE-2023-52694 relates to the Linux kernel drm/bridge tpd12s015 driver. The issue arises from marking tpd12s015_remove() with __exit, which causes the function to be discarded when the driver is built-in; on unbind, cleanup may be skipped, leading to resource leakage. The vulnerability was resolv...

CVE-2023-52875

CVE-2023-52875 affects the Linux kernel clock driver for Mediatek MT2701 (clk-mt2701). The issue arises from an unchecked return value of mtk_alloc_clk_data(), leading to a NULL pointer dereference. The publicly available documents indicate that a fix was implemented by adding a check for the all...

CVE-2024-26711

CVE-2024-26711 is a Linux kernel issue in the IIO subsystem: iio: adc: ad4130, where clk_init_data was not fully initialized, potentially affecting exposure of the internal clock on the CLK pin. The root cause is partial initialization of the clk_init_data structure. The documented fix is to zero...

CVE-2024-26745

CVE-2024-26745 pertains to the Linux kernel on pSeries POWER systems where the IOMMU table is not initialized for kdump over SR-IOV, causing a NULL pointer dereference when the kdump kernel initializes IOMMU/TCEs for SR-IOV devices. The root cause is IOMMU table initialization logic that only con...

CVE-2024-26902

CVE-2024-26902 concerns the Linux kernel: a RISCV perf PMU overflow panic when setting bits for overflowed_ctrs due to using (1 <

CVE-2024-35909

CVE-2024-35909 affects the Linux kernel wwan/t7xx path where 64-bit register accesses could fault due to 32-bit alignment in some 64‑bit platforms. The fix splits 64-bit accesses into 32-bit pairs to ensure proper alignment, preventing OOPS/paging faults as shown in the crash trace. Remediation i...

CVE-2024-36018

CVE-2024-36018 : In the Linux kernel, the remap operation for nouveau/uvmm had incorrect addr/range calculations, causing an unmap from 0x3fffed0000+0xf0000 and a 0x100000 range to corrupt pagetables and oops the kernel. The fix changes the calculations to use explicit start/end and then maps bac...

CVE-2024-36895

The CVE-2024-36895 issue in the Linux kernel affects usb gadget uvc configfs parsing. A heap-allocated temp buffer used by __uvcg_iter_item_entries() was not constrained by a computed max size (previously size-checked via sizeof()), causing overly small max item sizes on some architectures (7 byt...

CVE-2024-36906

CVE-2024-36906: In the Linux kernel for ARM64, KASAN stack-poison was not cleared on exit via cpuidle, causing out-of-bounds reports when returning to the idle path. Root cause: instrumented functions leave stack shadow poisoned as CPUs unwind through idle, and prior context restoration can forge...

CVE-2024-38603

Mode C CVE-2024-38603 (Linux kernel) affects drivers/perf: hisi: hns3. Root cause: pci_alloc_irq_vectors() allocates an irq vector; if devm_add_action() fails, the irq vector is not freed, causing a memory leak. Fix: replace devm_add_action() with devm_add_action_or_reset() so the irq vector can ...

CVE-2024-46718

CVE-2024-46718 affects the Linux kernel DRM/xe identity VRAM mapping. The issue is overmapping the identity VRAM mapping, which could trigger hardware bugs on certain platforms. The fix uses 2M pages for the last unaligned (to 1G) VRAM chunk, with v2/v3 updates tightening page usage and checks (2...

CVE-2024-46869

CVE-2024-46869 : Linux kernel Bluetooth driver btintel_pcie failed to allocate memory for its private data (btintel_data). Fix commits add memory allocation during driver init to store internal state, mitigating potential driver instability. Affected: Linux kernel Bluetooth stack (btintel_pcie). ...

CVE-2024-49876

CVE-2024-49876 affects the Linux kernel DRM-Xe path. The issue is a use-after-free (UAF) around queue destruction where final destruction steps could run on a workqueue that outlives the driver instance, risking references to freed objects. The fix adds a fini step to ensure user queues are torn ...

CVE-2024-50037

CVE-2024-50037 affects the Linux kernel’s DRM framebuffer path (drm/fbdev-dma). The root cause was that drm_fbdev_dma_fb_destroy() unconditionally invoked fb_deferred_io_cleanup() even when struct fb_info.fbdefio was NULL, leading to a warning trace in an Apple Silicon display driver context. The...