14031 matches found
CVE-2022-49581
CVE-2022-49581 : In the Linux kernel, the be2net driver had a buffer overflow in be_get_module_eeprom due to improper handling of buffer length in be_cmd_read_port_transceiver_data. The vulnerable path could copy more data than available when the buffer is smaller than PAGE_DATA_LEN (or twice tha...
CVE-2022-49620
CVE-2022-49620 (Linux kernel, net: tipc) Affects the Tipc subsystem: a potential refcount leak in tipc_sk_create() when tipc_sk_insert() fails. The fix ensures the sk is freed on failure, preventing a leak. The public description notes local attack vector with low privileges required and no user ...
CVE-2022-49668
The CVE-2022-49668 entry corresponds to a Linux kernel issue where refcount leaks occur in the devfreq helper path: of_get_child_by_name() returns a node with an incremented refcount, and of_node_put() was missing in error paths. The fix adds the missing of_node_put() calls to prevent a refcount ...
CVE-2022-49727
CVE-2022-49727 : In the Linux kernel, the vulnerability affects the IPv6 L2TP send path (ipv6_sendmsg) where a signed integer overflow can occur when len >= INT_MAX - transhdrlen, causing ulen = len + transhdrlen to overflow. The fix mirrors the approach used in udpv6 by subtracting transhdrle...
CVE-2022-49960
CVE-2022-49960 concerns a Linux kernel vulnerability in the i915 DRM driver where a null pointer dereference in tgl_get_bw_info() (bi_next) can cause a kernel panic. The issue manifests during Asus Chromebooks booting on v5.17-rc1, producing an Oops and a fatal exception. The bug was fixed by the...
CVE-2022-50072
CVE-2022-50072 is a Linux kernel use-after-free vulnerability in NFSv4/pnfs related to open operations. The issue occurs when an open RPC call is cancelled: the kernel must not free the open slot or layoutget arguments still in use by the hung RPC. The entry states this was resolved by a fix in t...
CVE-2022-50212
CVE-2022-50212 affects the Linux kernel netfilter nf_tables subsystem. The vulnerability arises when looking up chains by ID without ensuring the chain belongs to the same table; a chain from another table can be linked in, and removing the source table can leave a rule connected to the wrong cha...
CVE-2023-22999
The CVE-2023-22999 issue affects the Linux kernel prior to 5.16.3, specifically the drivers/usb/dwc3/dwc3-qcom.c path. The root cause is that dwc3_qcom_create_urs_usb_platdev’s return value is misinterpreted in error cases (expected NULL but it is an error pointer), leading to an incorrect handli...
CVE-2023-2898
CVE-2023-2898 is a Linux kernel vulnerability: a null-pointer dereference in f2fs_write_end_io (fs/f2fs/data.c) can be triggered by a local, privileged user to cause a denial of service. Public documentation confirms this flaw and ties it to the f2fs filesystem on the Linux kernel, with advisorie...
CVE-2023-39180
CVE-2023-39180 affects the Linux kernel ksmbd module. The root cause is improper memory release after the memory’s lifetime in SMB2_READ handling, enabling a network-based DoS without authentication on systems with ksmbd enabled. Public details confirm impact as denial-of-service; no vendor patch...
CVE-2023-52517
CVE-2023-52517 affects the Linux kernel SPI sun6i driver where a race between DMA RX completion and RX FIFO drain could corrupt data. The fix separates RX FIFO drain from DMA mode by draining RX FIFO only in interrupt mode and by waiting for RX DMA completion before returning when DMA is used, en...
CVE-2023-52742
The CVE-2023-52742 entry concerns the Linux kernel USB plusb driver. The vulnerability arises from treating a zero-length control-OUT transfer as a read instead of a write, triggering a WARNING in urb.c when usb_submit_urb is executed. The provided connected details specify the root cause as inco...
CVE-2023-52805
CVE-2023-52805 affects the Linux kernel/JFS inode allocation. The issue is an array-index-out-of-bounds in diAlloc caused by lack of validation of the iag’s agno during new inode allocation, which could lead to fragmentation. A fix was added to perform the necessary check, and multiple connected ...
CVE-2023-52879
CVE-2023-52879 describes a Linux kernel vulnerability in tracing, specifically adding ref counters to trace_event_file to prevent use-after-free when a kprobe event is deleted while its tracefs file is still open. The issue can cause a kernel NULL pointer dereference and crash (local privilege no...
CVE-2024-26677
CVE-2024-26677 : In the Linux kernel’s rxrpc implementation, the vulnerability stems from how delayed ACKs were constructed with a reference serial number, making them unsuitable as an RTT reference. The issue has been resolved in the kernel by fixing the construction of delayed ACKs to avoid set...
CVE-2024-26715
CVE-2024-26715 affects the Linux kernel's USB subsystem, specifically the DWC3 gadget driver. The issue is a NULL pointer dereference in dwc3_gadget_suspend that can occur when plug-out/plug-in cycles race with gadget_driver being cleared, allowing a path where a non-NULL dwc->gadget_driver is...
CVE-2024-26760
CVE-2024-26760 affects the Linux kernel SCAN: scsi: target: pscsi. The issue arises in the bio lifecycle after the change to allocate bio with bio_kmalloc(); the bios must be freed via bio_uninit() and kfree() but this is not done correctly in the error path, leading to WARN and potential NULL po...
CVE-2024-27411
CVE-2024-27411 relates to the Linux kernel nouveau driver (drm/nouveau). The vulnerability arises because two DMA buffers required for suspend/resume were deallocated after GPU init, which can cause kernel module errors and a system-wide rendering freeze on multi-GPU systems. The fix moves the de...
CVE-2024-27433
CVE-2024-27433 affects the Linux kernel clock driver: mediatek mt7622-apmixedsys. The root cause was an error path where clk_data, allocated via mtk_devm_alloc_clk_data(), could be double-freed if mtk_free_clk_data() remained in the remove path. The fix removes this redundant deallocation in the ...
CVE-2024-35785
CVE-2024-35785 affects the Linux kernel: a bug in the error path when registering devices on the TEE bus could trigger a kernel panic due to an incorrect error handling flow, specifically following the supplicant-based device enumeration change (commit 7269cba53d90). The issue manifests as a tran...
CVE-2024-35919
CVE-2024-35919: The Linux kernel vulnerability involves a race/NULL dereference in media: mediatek: vcodec code where vpu_enc_ipi_handler may access a deleted ctx_list, potentially leading to a NULL pointer dereference when SCP IP block behavior deletes the list. A lock was added to protect the e...
CVE-2024-36900
CVE-2024-36900 affects the Linux kernel’s net/hns3 driver. The vulnerability arises when a devlink reload occurs during hardware initialization: the reload can access hardware resources before initialization, potentially causing a kernel crash. The fix is to register devlink after hardware initia...
CVE-2024-38546
CVE-2024-38546 : Linux kernel (drm: vc4) fix for a NULL pointer dereference in vc4_hdmi_audio_init. of_get_address() may return NULL and be dereferenced; patch adds a NULL check to prevent the crash. This applies to the vc4 HDMI audio path in the kernel DRM vc4 driver; no exploits/public advisori...
CVE-2024-42264
CVE-2024-42264 affects the Linux kernel drm/v3d component; the issue is an out-of-bounds access in performance query extensions due to unchecked perfmon user input when copying IDs. A fix was cherry-picked from commit f32b5128d2c440368b5bf3a7a356823e235caabb and backported to address an out-of-bo...
CVE-2024-45013
CVE-2024-45013 is a Linux kernel nvme issue where stopping keep-alive was not moved to nvme_uninit_ctrl(), allowing a keep-alive task to remain pending and cause a use-after-free when the host driver is unloaded. The connected patch fixes kernel panic in nvme/uninit paths by moving stopping keep-...
CVE-2024-45029
CVE-2024-45029 affects the Linux kernel i2c Tegra driver on ACPI machines. The root cause is a mutex being used inside a spinlock during power-runtime handling, which can lead to a sleeping function call from an invalid context when __pm_runtime_resume() triggers acpi_subsys_runtime_resume(). The...
CVE-2024-46767
Technical details about CVE-2024-46767 are not provided in the connected documents. Monitor for updates.
CVE-2024-47717
Technical details for CVE-2024-47717 are not publicly provided in the supplied documents; monitor for updates.
CVE-2024-49941
CVE-2024-49941 in the Linux kernel relates to gpiolib’s gpiod_get_label() where a NULL label could be dereferenced if srcu_dereference_check() returns NULL, leading to accessing label->str without verifying label. The patch adds a proper NULL check for label and removes the label->str != NU...
CVE-2024-50227
The CVE-2024-50227 entry concerns the Linux kernel Thunderbolt code, where KASAN reported a stack-out-of-bounds read in tb_retimer_scan(). The issue arises from a loop that increments a counter causing max to become 3 instead of 2, allowing the second loop to read past a stack array. The fix is t...
CVE-2024-57805
CVE-2024-57805: In the Linux kernel ASoC: SOF: Intel: hda-dai, the link DMA was released on STOP, enabling a potential stream mix-up if a new stream starts before the previous is fully closed. This may lead to firmware errors or a crash. Root cause: releasing the link DMA on STOP rather than wait...
CVE-2025-23143
CVE-2025-23143 is a Linux kernel issue where unloading a module (e.g., CIFS/NFS) can race with a TCP socket still alive, leading to a NULL pointer dereference in lockdep when hlock_class() is called after the module is gone. The root cause is that CIFS assigns a different lock class to the socket...
CVE-2025-37784
CVE-2025-37784 affects the Linux kernel ICSS IEP driver (net: ti: icss-iep). The vulnerability was caused by a NULL pointer dereference when disabling PPS/PEROUT during icss_iep_exit(), due to lingering perout state referenced by icss_iep_perout_enable_hw. The fix updates icss_iep_perout_enable_h...
CVE-2025-37870
Technical details about CVE-2025-37870 are not publicly provided in the supplied documents. Please monitor for updates from vendors and security advisories.
CVE-2025-37893
The CVE-2025-37893 issue affects the Linux kernel’s LoongArch BPF JIT path. Debugging shows that when BPF programs mix bpf2bpf and tailcalls, build_prologue() can generate N instructions in the first pass and N+1 in the second, causing epilogue_offset to be off by one. This can cause the JITed ep...
CVE-2025-37901
CVE-2025-37901 affects the Linux kernel in the IRQ chip handling for Qualcomm MPM. The issue occurs when non-wake GPIOs (which lack a corresponding MPM pin) are processed within the MPM driver due to an missing check, causing crashes during interrupt setup. The root cause is the IRQ domain hierar...
CVE-2025-37922
CVE-2025-37922 concerns Linux kernel memory management: when section vmemmap start addresses are misaligned across namespaces, an altmap page may be reused by a different namespace, causing the previous namespace to free a page incorrectly and crash the kernel. The connected documents describe a ...
CVE-2025-37949
CVE-2025-37949 affects the Linux kernel xenbus subsystem. The issue arises when a request’s wake-up path (xs_wake_up) may coexist with a freed req, causing a NULL-dereference on resume due to lifetimes tracked by a single kref. The fix introduces two kref tracks per request (one for the caller, o...
CVE-2025-37972
CVE-2025-37972 — The Linux kernel vulnerability in the mtk-pmic-keys driver can cause a NULL pointer dereference in mtk_pmic_keys_probe when the device-tree button node is absent (e.g., left floating). The fix uses the generic regs structure defined for all platforms and allows the key register t...
CVE-2025-38109
CVE-2025-38109 — Linux kernel : Affected component is the mlx5/eswitch path used for ECVF vports on BlueField devices. The issue is a use-after-free (UAF) during shutdown when a virtual function is created on the embedded BlueField chip, causing the vport ACL ingress table to not be properly dest...
CVE-2025-38471
CVE-2025-38471 affects the Linux kernel TLS path. A bug in TLS where the code may operate on an old skb during queue decrypt-state checks can lead to a use-after-free (observed in tls_strp_check_rcv). The issue arises after net-next TCP changes that compact skbs more aggressively, triggering the ...
CVE-2002-2438
CVE-2002-2438 describes a TCP/IP flaw where Linux TCP stack could bypass firewalls by receiving SYN packets that include additional flags (e.g., SYN+RST). The vulnerability arises because such packets were not consistently discarded by some stacks after firewalling, allowing a potential connectio...
CVE-2004-0883
CVE-2004-0883 concerns multiple vulnerabilities in the Samba filesystem (smbfs) within the Linux kernel (versions 2.4 and 2.6). The description states that remote Samba servers could cause a denial of service (kernel crash) or information disclosure by triggering one of several flawed packet-hand...
CVE-2004-1072
CVE-2004-1072 describes a vulnerability in the Linux kernel where the binfmt_elf loader (binfmt_elf.c) may create an interpreter name string that is not NULL terminated, allowing strings longer than PATH_MAX to be used. This can cause buffer overflows that may lead to a local denial of service (h...
CVE-2005-2458
CVE-2005-2458 affects the Linux kernel where inflate.c in the zlib routines used by the kernel before 2.6.12.5 can be exploited by remote attackers to crash the kernel via a crafted compressed file (improper tables). The connected advisories confirm this vulnerability across multiple distribution...
CVE-2006-6921
CVE-2006-6921 is an in-kernel local denial-of-service vulnerability where a zombie/p wedged process could be created if a parent died and init could not reap it. It is referenced across multiple advisories (e.g., RHSA-2007-0939, ELSA-2008-0154, CESAs) and Linux distributions have patched the kern...
CVE-2009-0269
CVE-2009-0269 refers to a local kernel vulnerability in the Linux kernel’s eCryptfs inode handling. The flaw, described as a readlink error path in fs/ecryptfs/inode.c, can lead to denial of service (fault or memory corruption) and possibly other unspecified effects by causing the code to use a -...
CVE-2009-1046
CVE-2009-1046 affects the Linux kernel (2.6.28 prior to 2.6.28.4, 2.6.25, and possibly earlier). When the UTF-8 console is used, selecting certain 3-byte UTF-8 characters can trigger an off-by-two memory error, leading to memory corruption and a possible denial of service. The impact is described...
CVE-2009-2849
CVE-2009-2849 affects the Linux kernel md driver (drivers/md/md.c) prior to version 2.6.30.2. The issue allows local attackers to trigger a NULL pointer dereference in suspend_lo_store and suspend_hi_store via writable sysfs suspend_* attributes, potentially causing a denial of service. The vulne...
CVE-2009-4021
CVE-2009-4021 affects the fuse_direct_io function in fs/fuse/file.c of the Linux kernel (fuse subsystem) prior to 2.6.32-rc7, enabling a potential denial of service via invalid pointer dereference possibly tied to memory consumption. Affected environment examples in connected documents include Mi...