CVE-2024-46869

CVE-2024-46869 : Linux kernel Bluetooth driver btintel_pcie failed to allocate memory for its private data (btintel_data). Fix commits add memory allocation during driver init to store internal state, mitigating potential driver instability. Affected: Linux kernel Bluetooth stack (btintel_pcie). ...

CVE-2024-49876

CVE-2024-49876 affects the Linux kernel DRM-Xe path. The issue is a use-after-free (UAF) around queue destruction where final destruction steps could run on a workqueue that outlives the driver instance, risking references to freed objects. The fix adds a fini step to ensure user queues are torn ...

CVE-2024-50037

CVE-2024-50037 affects the Linux kernel’s DRM framebuffer path (drm/fbdev-dma). The root cause was that drm_fbdev_dma_fb_destroy() unconditionally invoked fb_deferred_io_cleanup() even when struct fb_info.fbdefio was NULL, leading to a warning trace in an Apple Silicon display driver context. The...

CVE-2024-50165

CVE-2024-50165 concerns the Linux kernel BPF subsystem. The vulnerability arises in bpf_parse_param() where param->string was not preserved, risking a kmalloc leak if the string is later freed. The fix is to preserve the value of param->string so it can be freed correctly, preventing memory...

CVE-2024-55641

Technical details for CVE-2024-55641 (Linux kernel XFS inode unlock on error in xfs_trans_alloc_dir) are not present in the provided connected documents. Monitor for updates; the initial description notes the issue and patch, but no vendor/product/version specifics are provided here.

CVE-2024-56563

CVE-2024-56563: In the Linux kernel, the ceph MDS cred-check path leaks credentials due to get_current_cred() refcount increment without a matching put_cred() in ceph_mds_check_access(). Impact is confidentiality HIGH; exploit would be local with LOW privileges and no user interaction. The issue ...

CVE-2024-56784

Technical details for CVE-2024-56784 are not provided in the connected documents. The initial description notes a Linux kernel drm/amd/display fix, but explicit affected versions, root cause specifics, exploitability, or remediation are not disclosed here. Monitor for updates.

CVE-2024-57978

CVE-2024-57978 refers to a Linux kernel vulnerability in the media: imx-jpeg driver. The issue arises in detach_pm() where, if jpeg->pd_dev[i] is an error pointer, passing it to pm_runtime_suspended() can trigger an Oops. The description notes that existing checks cover error pointers and NULL...

CVE-2024-58006

CVE-2024-58006 : In the Linux kernel, the PCI Domain (dwc) endpoint driver could allow changing a BAR’s size/flags via pci_epc_set_bar() without clearing the previous BAR, if the new BAR config matches the old. This could cause the inbound address translation range to become smaller than the host...

CVE-2025-21946

The CVE-2025-21946 entry affects the Linux kernel ksmbd component; the issue is a slab-out-of-bounds in parse_sec_desc() caused by offsets (osidoffset, gsidoffset, dacloffset) exceeding the smb_ntsd structure, and by not verifying the subauth array size when validating a SID. The connected Astra ...

CVE-2025-22059

CVE-2025-22059 describes a Linux kernel UDP receive memory accounting overflow due to wraparounds in sk_rmem_alloc. The issue arises when sk_rcvbuf is set large (e.g., INT_MAX) and skb sizes are added unconditionally to sk_rmem_alloc, combined with signed/unsigned misalignment, enabling multiple ...

CVE-2025-37746

CVE-2025-37746 affects the Linux kernel (perf/dwc_pcie). During platform_device_register, using struct device pci_dev as platform_data caused a kmemdup copy of pci_dev; accessing the duplicated device leads to list corruption since the mutex content (e.g., list, magic) remains identical to the or...

CVE-2025-37764

CVE-2025-37764 affects the Linux kernel (drm/imagination/powervr): a vulnerability causing firmware memory leaks during firmware image processing, leading to leaks on module unload and in failure paths during module load. The fix releases memory used for firmware image processing results and dest...

CVE-2025-37912

CVE-2025-37912 affects the Linux kernel ICE driver. The root cause is a missing null pointer check on the value returned by ice_get_vf_vsi(), which could lead to using a NULL VSI pointer in ice_vc_add_fdir_fltr(). The fix, described in commit baeb705fd6a7 ("ice: always check VF VSI pointer values...

CVE-2025-37913

Summary: CVE-2025-37913 affects the Linux kernel’s net_sched/qfq when a netem child qdisc can cause the parent enqueue callback to be reentrant, risking memory corruption from adding the same classifier twice. The root cause is a double list add in the class when reentry occurs; the fix adds a gu...

CVE-2025-37920

CVE-2025-37920 affects the Linux kernel in the AF_XDP path. The issue is a race condition in the generic RX path when multiple sockets share the same xsk_buff_pool (shared umem), with RX queues being socket-exclusive and FILL queues sharable. The fix moves the rx_lock from xsk_socket to the share...

CVE-2025-37933

CVE-2025-37933 is a Linux kernel vulnerability affecting the octeon_ep driver. The issue occurs when the host loses heartbeat messages from the device and the driver’s device-specific stop function (ndo_stop) frees resources; if the driver is unloaded during this window, resources may be freed tw...

CVE-2025-37946

CVE-2025-37946 concerns the Linux kernel, specifically the s390 PCI subsystem. The issue arises from a duplicate pci_dev_put() in disable_slot() when a PF has child VFs, introduced during a change that added a lock to zpci_dev state. The extra pci_dev_put() can lead to a use-after-free if the pci...

CVE-2025-37953

CVE-2025-37953 affects the Linux kernel sch_htb component. The issue stems from a regression caused when htb_qlen_notify() and htb_deactivate() interactions could leave prt pointers NULL, enabling a NULL pointer dereference path via htb_next_rb_node() and in certain qlen/dequeue_backlog sequences...

CVE-2025-37974

CVE-2025-37974: Linux kernel s390/pci vulnerability where zpci_create_device() may return an error pointer that is not checked before dereferencing it as a struct zpci_dev in __clp_add(); the fix adds a missing check so the device is not added to the scan_list, preventing the previous behavior. T...

CVE-2025-38049

CVE-2025-38049 (Linux kernel) : In x86 resctrl, allocation of the cleanest CLOSID could dereference NULL on platforms without LLC occupancy counters, causing a NULL pointer dereference when creating a new control group. The issue arises from code that searched for the CLOSID with the fewest dirty...

CVE-2004-1073

The CVE-2004-1073 entry affects the Linux kernel (2.4.x up to 2.4.27 and 2.6.x up to 2.6.8). It is caused by the open_exec path of the execve functionality (exec.c), where the interpreter (PT_INTERP) handling can allow local users to read non-readable ELF binaries. The description specifies local...

CVE-2006-2932

CVE-2006-2932 is a regression in the restore_all code path of the 4/4GB split support for non-hugemem kernels in Red Hat Enterprise Linux 4 (Desktop/Enterprise) that allows a local user to cause a denial of service (panic) via unspecified vectors. The issue is documented in Red Hat advisories RHS...

CVE-2008-0598

CVE-2008-0598 affects the Linux kernel 2.6.9, 2.6.18 (and likely other versions) via the 32-bit/64-bit emulation. The issue allows local attackers to read uninitialized memory through crafted binaries, indicating a local, unauthenticated attack with LOW complexity and complete confidentiality imp...

CVE-2008-1375

CVE-2008-1375 describes a race condition in the Linux kernel’s directory notification subsystem (dnotify). It affects Linux kernel 2.6.x before 2.6.24.6, and 2.6.25 before 2.6.25.1. Successful exploitation could allow local users to cause a denial of service (OOPS) and possibly gain privileges vi...

CVE-2008-2812

CVE-2008-2812 affects the Linux kernel prior to 2.6.25.10, with NULL pointer dereferences in tty handling (notably in drivers/net/ such as hamradio, irda, ppp, slip, wan, and wireless components) potentially enabling local privilege escalation or a system crash. The issue arises from missing chec...

CVE-2009-0322

CVE-2009-0322 affects the Linux kernel Dell RBU (Remote BIOS Update) driver: reading zero bytes from image_type or packet_size under /sys/devices/platform/dell_rbu/ can cause a local DoS (system crash). Concrete references in connected advisories show affected kernels include 2.6.27.x (before 2.6...

CVE-2009-0778

CVE-2009-0778 affects the Linux kernel prior to 2.6.25 when configured as a router with a REJECT route. The icmp_send code in net/ipv4/icmp.c can mishandle the Protocol Independent Destination (DST) cache, potentially leaking DST state and allowing remote attackers to cause a denial of service (c...

CVE-2009-4031

CVE-2009-4031 affects the KVM x86 emulator (arch/x86/kvm/emulate.c) in the Linux kernel prior to 2.6.32-rc8-next-20091125. The do_insn_fetch path could interpret instructions longer than valid, failing to enforce the 15-byte limit per instruction, which guest OS users can abuse to cause a denial ...

CVE-2010-0007

CVE-2010-0007 affects the Linux kernel’s ebtables in netfilter, where netfilter/ebtables.c allows local users to modify rules without CAP_NET_ADMIN, bypassing access restrictions and enabling arbitrary network-traffic filtering via a modified ebtables user-space tool. Vulnerable: kernel before 2....

CVE-2010-0298

Summary: CVE-2010-0298 affects the x86 emulator in KVM 83, where CPL/IOPL checks are not applied to CPL3 memory accesses, enabling a guest OS user to crash the guest or gain privileges via an IO port or MMIO region (related to CVE-2010-0306). What is affected: KVM/x86 emulator code in affected Li...

CVE-2010-1087

CVE-2010-1087 affects the Linux kernel family 2.6.x up to 2.6.33-rc5. The vulnerability is in nfs_wait_on_request (fs/nfs/pagelist.c) and can cause a denial of service (kernel OOPS) via unknown vectors related to truncating a file and an operation that is not interruptible. The impact is a DoS on...

CVE-2010-1146

The CVE-2010-1146 entry concerns the Linux kernel (2.6.33.2 and earlier) where, if a ReiserFS filesystem exists, read/write access to the .reiserfs_priv directory is not restricted. Local attackers could exploit this by modifying extended attributes or ACLs, demonstrated by deleting a file under ...

CVE-2011-1771

CVE-2011-1771 affects the Linux kernel up to version 2.6.38, specifically the cifs_close function in fs/cifs/file.c. If a local user opens a CIFS file with the O_DIRECT flag, it can trigger a NULL pointer dereference (and BUG), causing a denial of service or unspecified impact. Mitigation: upgrad...

CVE-2011-3638

CVE-2011-3638 affects the Linux kernel’s ext4 extents handling. The vulnerability occurs in fs/ext4/extents.c where a modified extent may not be marked_dirty during certain extent-splitting paths, enabling a local attacker to trigger a denial of service (kernel crash) through ext4 unmount/mount o...

CVE-2011-4326

CVE-2011-4326 affects the Linux kernel’s UDP fragment handling for IPv6 when UDP Fragmentation Offload (UFO) is enabled. Specifically, the vulnerability lies in udp6_ufo_fragment in net/ipv6/udp.c, allowing remote attackers to crash the system by sending fragmented IPv6 UDP packets to a bridge. T...

CVE-2012-0044

CVE-2012-0044 is an integer overflow in drm_mode_dirtyfb_ioctl() within Linux kernel drivers/gpu/drm/drm_crtc.c, vulnerable before 3.1.5. The flaw allows local users to gain privileges or trigger memory corruption/DoS via a crafted ioctl. Public sources (including MiracleLinux AXSA-2012-646:05) c...

CVE-2012-0045

CVE-2012-0045 relates to the Linux kernel KVM 32-bit syscall emulation. A flaw in arch/x86/kvm/emulate.c where the 0f05 (syscall) opcode is not handled correctly allows a user in a 32-bit guest to crash the guest OS (denial of service). Public references in the provided connected documents confir...

CVE-2012-0957

CVE-2012-0957 affects the Linux kernel prior to 3.4.16. The override_release function in kernel/sys.c can let a local user leak kernel stack memory by calling uname with the UNAME26 personality. This is a local-privilege scenario; no remote vector is described in the provided documents. Affected ...

CVE-2012-4461

CVE-2012-4461 overview: The Linux kernel KVM subsystem (pre-3.6.9) on hosts using qemu userspace without XSAVE is vulnerable. A local attacker can trigger a denial of service (kernel OOPS) by calling KVM_SET_SREGS to enable the X86_CR4_OSXSAVE bit in the guest CR4, then issuing KVM_RUN. The conne...

CVE-2012-6712

The CVE-2012-6712 issue affects the Linux kernel prior to 3.4, where a buffer overflow in the Intel Wireless iwlwifi driver (iwl-agn-sta.c) can cause memory corruption. Exploitation details are not provided in the documents, but the vulnerability is documented across multiple feeds with reference...

CVE-2013-4592

CVE-2013-4592: Memory leak in Linux kernel

CVE-2014-4322

CVE-2014-4322 affects the Linux kernel 3.x QSEECOM driver. The qseecom.c ioctl logic does not validate certain offset, length, and base values, enabling a crafted application to escalate privileges or trigger memory corruption. Affected component: drivers/misc/qseecom.c in the QSEECOM driver used...

CVE-2016-2854

CVE-2016-2854 concerns the AUFS module in the Linux kernel (versions 3.x/4.x), which does not properly maintain POSIX ACL xattr data. This can allow a local attacker to gain privileges by exploiting a group-writable setgid directory. The connected documents confirm the vulnerability and its local...

CVE-2018-11412

CVE-2018-11412 affects the Linux kernel versions 4.13–4.16.11, where ext4_read_inline_data() in fs/ext4/inline.c copies data with a length that can be untrusted in certain crafted filesystem layouts (storing system.data in a dedicated inode). This can enable out-of-bounds memory access leading to...

CVE-2020-36779

CVE-2020-36779 affects the Linux kernel i2c stm32f7 driver. The issue is a PM reference leak where pm_runtime_get_sync increments the usage count on return even when it fails, in stm32f7_i2c_xx functions (local attack vector). The patch replaces the problematic path with pm_runtime_resume_and_get...

CVE-2021-47020

CVE-2021-47020 is a Linux kernel vulnerability in the SoundWire subsystem. The issue is a memory leak in the stream config error path for soundwire: stream: when stream config fails, the master runtime releases slave_runtimes from the slave_rt_list but the slave runtime is not added to that list ...

CVE-2021-47105

CVE-2021-47105 : In the Linux kernel, the ice: xsk path had a bug where cleaning the SW ring NULLed xdp_buff but did not return the buffers to the xsk pool. This caused buffers in the umem to leak and become unusable. The fix adds a missing xsk_buff_free() in the cleanup path and ensures only the...

CVE-2021-47168

CVE-2021-47168 affects the Linux kernel NFS code, specifically filelayout_decode_layout. The bug stems from sizeof(struct nfs_fh) being two bytes larger than the actual NFS_MAXFHSIZE buffer, risking memory corruption. The fix changes the size to match NFS_MAXFHSIZE (the buffer for ->data[]) an...

CVE-2021-47182

The CVE-2021-47182 entry concerns the Linux kernel scsi_mode_sense() implementation. Affected component: scsi core. Issues: improper handling of the MODE SENSE(10) allocation length field (16-bit, truncating lengths >255) and buffer length adjustments that could corrupt memory when len is too ...