CVE-2009-1961

CVE-2009-1961 is a local-denial-of-service vulnerability in the Linux kernel related to the inode double-locking path in fs/ocfs2/file.c. A sequence of splice system calls can deadlock between generic_file_splice_write, splice_from_pipe, and ocfs2_file_splice_write, preventing file creation/remov...

CVE-2010-0298

Summary: CVE-2010-0298 affects the x86 emulator in KVM 83, where CPL/IOPL checks are not applied to CPL3 memory accesses, enabling a guest OS user to crash the guest or gain privileges via an IO port or MMIO region (related to CVE-2010-0306). What is affected: KVM/x86 emulator code in affected Li...

CVE-2010-4077

CVE-2010-4077 affects the Linux kernel up to 2.6.36.1: the function ntty_ioctl_tiocgicount in drivers/char/nozomi.c fails to initialize a structure member, allowing local attackers to read potentially sensitive information from kernel stack memory via the TIOCGICOUNT ioctl. The connected advisori...

CVE-2010-4161

CVE-2010-4161 affects the Linux kernel 2.6.18 build used by Red Hat Enterprise Linux 5. The issue lies in udp_queue_rcv_skb in net/ipv4/udp.c, where a crafted socket filter and UDP traffic can trigger a denial of service (deadlock/system hang). The related CVE-2010-4158 is referenced. Connected d...

CVE-2011-1173

CVE-2011-1173 affects the Linux kernel on x86_64 prior to 2.6.39. The vulnerability is in the econet_sendmsg function (net/econet/af_econet.c) and allows a remote attacker to read uninitialized data from kernel stack memory via an Acorn Universal Networking (AUN) packet, enabling information disc...

CVE-2011-2905

CVE-2011-2905 refers to an untrusted search path vulnerability in the perf tool’s perf_config function (tools/perf/util/config.c) as distributed in the Linux kernel prior to 3.1. A local user can overwrite files via a crafted config file located in the current working directory. The vulnerability...

CVE-2012-4530

Technical details for CVE-2012-4530 are not publicly provided in the connected documents. Monitor for updates; current sources list this CVE among others but do not disclose product/version/root-cause/fix specifics.

CVE-2013-1928

CVE-2013-1928 affects the Linux kernel prior to 3.6.5. The do_video_set_spu_palette function in fs/compat_ioctl.c lacks an error check, potentially enabling local attackers to read sensitive kernel stack memory via a crafted VIDEO_SET_SPU_PALETTE ioctl on a /dev/dvb device. The issue is addressed...

CVE-2013-2930

CVE-2013-2930 affects the Linux kernel prior to 3.12.2, where the perf_trace_event_perm function does not properly restrict access to the perf subsystem. This allows local users to enable function tracing via a crafted application. The advisory indicates the impact is partial for confidentiality ...

CVE-2014-6416

CVE-2014-6416 describes a buffer overflow in net/ceph/auth_x.c used by Ceph within the Linux kernel prior to 3.16.3. An unencrypted, long auth ticket can be exploited remotely to trigger memory corruption and a kernel panic (DoS). Connected advisories reiter the same root cause and impact. Remedi...

CVE-2015-4003

CVE-2015-4003 affects the OZWPAN driver in the Linux kernel (drivers/staging/ozwpan/ozusbsvc1.c, function oz_usb_handle_ep_data) through kernel 4.0.5. A remote attacker can send a crafted packet to trigger a divide-by-zero and cause a system crash (DoS). The connected advisories (Unity Linux/Eule...

CVE-2015-8955

CVE-2015-8955 affects the Linux kernel on arm64 (arch/arm64/kernel/perf_event.c) prior to 4.1. The issue arises from events across multiple HW PMUs being mishandled, allowing local users to gain privileges or trigger a denial of service via an invalid pointer dereference. Impact is limited to loc...

CVE-2016-10723

CVE-2016-10723 affects the Linux kernel up to version 4.17.2. The issue is in the page allocator: it does not yield CPU resources to the owner of the oom_lock mutex, allowing a local unprivileged user to trap the system in a busy loop by wasting CPU time during oom-killer invocation. The root cau...

CVE-2016-2062

The CVE-2016-2062 issue affects the Adreno GPU driver for the Linux kernel (3.x) as used in Qualcomm QuIC MSM Android contributions. The root cause is an incorrect integer data type in adreno_perfcounter_query_group within drivers/gpu/msm/adreno_perfcounter.c, which can lead to a denial of servic...

CVE-2017-17852

CVE-2017-17852 affects the Linux kernel’s BPF verifier (kernel/bpf/verifier.c) up to version 4.14.8. The root cause is mishandling of 32-bit ALU operations, which can allow local users to cause a denial of service (memory corruption) and possibly other impact. The connected Nessus entries repeat ...

CVE-2017-17854

CVE-2017-17854 affects the Linux kernel's kernel/bpf/verifier.c, with the vulnerability existing in images up to kernel version 4.14.8. The issue arises from unrestricted integer values used in pointer arithmetic, enabling local users to trigger a denial of service (integer overflow and memory co...

CVE-2018-14641

CVE-2018-14641 is a Linux kernel vulnerability affecting versions 4.19-rc1 through 4.19-rc3, with the flaw located in ip_frag_reasm() (net/ipv4/ip_fragment.c). Under certain non-default but not rare configurations on a victim host, an attacker can remotely trigger a crash in ip_do_fragment(), pro...

CVE-2019-11811

CVE-2019-11811 affects the Linux kernel up to version 5.0.4 (pre-5.0.4). The issue is a use-after-free on read access to /proc/ioports after the ipmi_si driver is removed, tied to ipmi_si_intf.c, ipmi_si_mem_io.c, and ipmi_si_port_io.c. Impact: local privilege/escalation risk if an attacker can u...

CVE-2021-47062

The CVE-2021-47062 vulnerability affects the Linux kernel KVM SVM path. The issue occurs when iterating vCPUs for SEV-encrypted VMSAs using created_vcpus, which does not guarantee a vCPU’s existence and can trigger a NULL pointer dereference. The documented fix switches to iterating with online_v...

CVE-2021-47064

CVE-2021-47064 concerns the Linux kernel mt76 wireless driver. The issue arises in the mt76_dma_tx_queue_skb_raw path where buf can be uninitialized, causing the field skip_unmap to inherit a non-zero value from stack garbage. As a result, DMA mappings for MCU command frames may not be unmapped a...

CVE-2021-47113

CVE-2021-47113 affects the Linux kernel, in the btrfs code path for rename_exchange. A failure to insert the second inode ref during a rename could leave the first ref dangling and corrupt the filesystem. The root cause is an error injection stress that may abort after the first successful inode-...

CVE-2021-47135

CVE-2021-47135 relates to the Linux kernel mt76 mt7921 driver. Public docs show a fix for an AOOB/array-out-of-bounds issue in mt7921_mcu_tx_rate_report and removal of an unnecessary variable, addressing an out-of-bounds access. References point to upstream stable commits (d874e6c069… and 6919e8a...

CVE-2021-47163

CVE-2021-47163 affects the Linux kernel TIPC subsystem. The vulnerability can crash the kernel by triggering a race during module removal: removing the TIPC module and then scheduling a work queue can call cleanup_beareri() after the module is gone, leading to a crash. The root cause is the timin...

CVE-2021-47176

CVE-2021-47176 affects the Linux kernel s390/dasd subsystem. The issue arises from an omitted discipline function, leading to a panic when the path verification function is invoked for FBA or DIAG devices. A fix defines a wrapper for dasd_generic_verify_path() to restore correct operation and pre...

CVE-2021-47183

CVE-2021-47183 affects the Linux kernel’s SCSI lpfc driver where a link-down transition with outstanding ABTS/ELS requests could trigger a NULL pointer dereference and, in some cases, driver unload hangs. The fix adds a flag to Abort handling to prevent link-traffic during failure conditions, avo...

CVE-2021-47229

CVE-2021-47229 concerns the Linux kernel PCI aardvark driver. A kernel panic could occur when a new PIO transfer is started before the previous one finished; the kernel will issue an External Abort/SSeror interrupt leading to a reboot. The root cause analysis noted a previously added Trusted Firm...

CVE-2021-47380

The CVE-2021-47380 entry describes a NULL pointer dereference in the Linux kernel related to HID amd_sfh: the function devm_add_action_or_reset() could call amd_mp2_pci_remove() before data was initialized. The fix moves the data initialization prior to devm_add_action_or_reset() to prevent deref...

CVE-2021-47418

CVE-2021-47418 refers to a Linux kernel vulnerability in net_sched: a NULL pointer dereference inside fifo_set_limit() that could OOPS when adjusting limits on certain qdiscs (notably pfifo_fast, which lacks a change() operation). The issue was reproduced via syzbot and the fix makes fifo_set_lim...

CVE-2021-47612

CVE-2021-47612 (Linux kernel) — A vulnerability in nf cGenl dump paths can cause a null-pointer dereference and kernel crash when kmalloc in nfc_genl_dump_devices() fails, leading to a segfault in nfc_genl_dump_devices_done and related netlink/worker threads. The issue is fixed in the Linux kerne...

CVE-2021-47637

CVE-2021-47637: In the Linux kernel ubifs deadlock during concurrent rename whiteout and inode writeback. Root cause is a deadlock between the ui_mutex held during ubifs_write_inode/lock and the whiteout budget path, causing hung tasks in writeback and rename code (rename_whiteout → ubifs_rename ...

CVE-2021-47641

CVE-2021-47641 (Linux kernel) affects the video fbdev Cirrus driver (cirrusfb) within the kernel’s fbdev subsystem. The issue arises in cirrusfb_check_pixclock when pixclock can be zero, causing a divide by zero that Syzkaller reported. The driver then rounds up pixclock to approximate maxclock, ...

CVE-2021-47670

CVE-2021-47670 (can: peak_usb) is a use-after-free in the Linux kernel can subsystem. After peak_usb_netif_rx_ni(skb) is called, the skb may be dereferenced, and the can_frame cf that aliases skb memory can access memory that has been freed. The issue is resolved by reordering code lines to preve...

CVE-2022-48633

CVE-2022-48633: In the Linux kernel, the gma500/psb_gem Unpin path could trigger a WARN_ON (lock->magic != lock) due to ww_mutex being destroyed by drm_gem_object_release(). The fix relocates drm_gem_object_release() to occur after psb_gem_unpin(), preventing the invalid lock state. Affected c...

CVE-2022-48689

CVE-2022-48689 pertains to a Linux kernel issue in TCP zerocopy where pfmemalloc status could be misinterpreted by page_is_pfmemalloc() in certain paths. The Astra Linux note confirms the advisory and reiterates the same vulnerability in the kernel and notes a prereq backport: 84ce071e38a6 (net: ...

CVE-2022-48693

CVE-2022-48693 affects the Linux kernel’s brcmstb PM subsystem (soc: brcmstb: pm-arm). The two leak bugs are in brcmstb_pm_probe() and include: (1) missing of_node_put() when for_each__matching_node() breaks, and (2) missing iounmap() for each iomap in the failure path. Public information in conn...

CVE-2022-48710

CVE-2022-48710 concerns the Linux kernel Radeon driver. Inradeon_fp_native_mode() , the code assigns the return ofdrm_mode_duplicate() to a mode pointer and may dereference a NULL on failure. The issue is resolved by adding a NULL-pointer check to avoid NP: when drm_mode_duplicate() fails, and th...

CVE-2022-48788

CVE-2022-48788 (Linux kernel nvme-rdma) : A use-after-free in the nvme-rdma transport error_recovery logic was fixed. The issue involved a race between submit_async_event_work and the error recovery handler when destroying the admin queue and changing the ctrl state; the fix requires flushing asy...

CVE-2022-48868

The CVE-2022-48868 issue affects the Linux kernel’s dmaengine: idxd driver. The root cause is in the probe/enabling path: drv_enable_wq() may return success on failure to enable the workqueue, allowing the driver to load while allocations intended for the workqueue enablement were never valid, wh...

CVE-2022-48875

CVE-2022-48875 affects the Linux kernel’s wireless stack (mac80211). The vulnerability arises when AMPDU start handling in the driver path can encounter a NULL sdata during deauthentication, leading to a NULL dereference. Specifically, ieee80211_tx_ba_session_handle_start() may receive NULL for s...

CVE-2022-48919

CVE-2022-48919 affects the Linux kernel’s CIFS mount flow. The issue is a double-free race in cifs_get_root() when a mount fails inside cifs_smb3_do_mount(); deactivate_locked_super() leads to delayed_free(), potentially freeing resources twice if code continues to the out: path. The vulnerabilit...

CVE-2022-49005

CVE-2022-49005 is tied to a Linux kernel issue in ASoC: ops where _sx controls use a non-standard max field. The root cause is an incorrect bounds check in snd_soc_put_volsw_sx(): the max value must be treated as the number of steps and checked accordingly against the maximum. Connected Astra Lin...

CVE-2022-49012

In CVE-2022-49012, the Linux kernel fixes an afs_put_server cleanup leak where atomic_read was inadvertently replaced with atomic_inc_return, preventing server cleanup and causing rmmod to hang with a purge warning. The vulnerability is tied to the AFS server cleanup path and affects server deall...

CVE-2022-49106

CVE-2022-49106 affects the Linux kernel (staging: vchiq_arm). The root cause is a potential NULL pointer dereference in vchiq_dump_platform_instances when vchiq_get_state() may return NULL. The vulnerability could impact kernel availability with local access required. A fix is included in upstrea...

CVE-2022-49151

CVE-2022-49151 is a Linux kernel vulnerability in the CAN/USB subsystem (can: mcba_usb) where usb_submit_urb() could warn due to an incorrect endpoint type. Syzbot reported a bogus urb transfer when the pipe’s type did not match the endpoint, prompting a code path change: pipes are now saved in m...

CVE-2022-49176

CVE-2022-49176: Linux kernel fix for a use-after-free in bfq_dispatch_request (bfq) causing potential memory corruption in SCSI-mq paths. The issue is addressed by kernel patches referenced in the linked advisories (Unity Linux UTSA updates and Astra/Linux advisories). Exploitation status is not ...

CVE-2022-49189

CVE-2022-49189 : In the Linux kernel (clk-rcg2, Qualcomm display pixel clock), final D calculation for the M/N ratio could fall outside the accepted range, causing underflow. The fix updates the D-value calculation to respect the valid range for given M and N, preventing underflow. Affected compo...

CVE-2022-49201

The CVE-2022-49201 entry concerns a race in ibmvnic where ibmvnic_xmit() can access a tx_scrq after it has been freed in reset, potentially crashing the kernel. The connected Astra Linux/SUSE OSV records reiterate the Linux kernel fix and describe the root cause as a race between reset/open and t...

CVE-2022-49206

CVE-2022-49206 affects the Linux kernel RDMA/mlx5 path. The issue is a memory leak in the error flow of the subscribe event routine where a second xa_insert() failure leaves obj_event unreleased. The fix adds proper memory cleanup in the error unwinding path to prevent the leak. The documented im...

CVE-2022-49258

The CVE-2022-49258 issue is in the Linux kernel crypto/ccree: a use-after-free in cc_cipher_exit() where ctx_p->user.key is freed by kfree_sensitive() but still used on the following line. The fix prevents UAF by moving kfree_sensitive(ctx_p->user.key) after dev_dbg(), effectively ensuring ...

CVE-2022-49282

CVE-2022-49282 is a Linux kernel issue affecting f2fs quota handling. The vulnerability stems from an incorrect loop condition in f2fs_quota_sync() where cnt should be passed to sb_has_quota_active() to correctly determine active quotas. When type is -1, the compiler may discard the check, potent...