CVE-2025-38248

CVE-2025-38248 : In the Linux kernel, a use-after-free flaw occurs in bridge multicast routing port handling. When per-VLAN multicast snooping is active, per-port multicast context is disabled and ports are removed from the global router port list, but can be re-added, leaving stale entries. This...

CVE-2025-38472

In CVE-2025-38472, the issue is in the Linux kernel nf_conntrack path (netfilter) where a race during removal of a conntrack entry can result in a crash when unlinking from the hash bucket list. The crash is linked to a partially initialised nf_conn struct and mis-handling of the conntrack entry’...

CVE-1999-0317

CVE-1999-0317 concerns a buffer overflow in the Linux su command that enables local users to gain root privileges. The core vulnerability is described as a buffer overflow affecting su, leading to full compromise of the local system. The provided connected documents reiterate the issue in differe...

CVE-2006-1527

CVE-2006-1527 affects the SCTP-netfilter code in the Linux kernel; an invalid SCTP chunk size can cause for_each_sctp_chunk to loop indefinitely, enabling a remote attacker to trigger a denial of service. The issue is in kernels prior to 2.6.16.13 and is addressed by the upstream 2.6.16.13 patch....

CVE-2006-4997

CVE-2006-4997 involves the Linux kernel ATM subsystem (clip_mkip in net/atm/clip.c). The issue allows a remote attacker to trigger a denial of service (panic) by causing the ATM subsystem to dereference memory of socket buffers after they have been freed. This is triggered by memory access patter...

CVE-2006-5755

CVE-2006-5755 affects the Linux kernel on x86_64 where, during a context switch, EFLAGS were not properly saved/restored. This can allow a local user to trigger a denial-of-service crash by causing SYSENTER to set an NT flag, which may crash on the IRET of the next task. The vulnerability is docu...

CVE-2007-1496

CVE-2007-1496 affects nfnetlink_log in the Linux kernel prior to 2.6.20.3. The issue is triggered via netfilter’s nfnetlink path (nfulnl_recv_config) when handling netlink messages, including cases with multiple packets per netlink message and bridged packets, leading to a NULL pointer dereferenc...

CVE-2007-3843

The CVE-2007-3843 issue affects the Linux kernel (pre-2.6.23-rc1) CIFS handling: the mount option sec= is checked against the wrong global variable, which could allow remote attackers to spoof CIFS network traffic intended to be signed with security signatures (e.g., lack of signing despite sec=n...

CVE-2007-3848

CVE-2007-3848 affects the Linux kernel (notably 2.4.35 and other versions) by allowing a local user to send arbitrary signals to a higher-privilege child process via a setuid-root parent dying and delivering an attacker-controlled death signal (PR_SET_PDEATHSIG). The issue is listed in advisories...

CVE-2007-5093

The CVE-2007-5093 issue affects the Linux kernel pwc (Philips USB Webcam) driver in 2.6.x up to 2.6.22.5, where disconnect relies on user space to close the device. This can allow a user-assisted local attacker to cause a denial of service (USB subsystem hang and khubd CPU usage) by not closing t...

CVE-2007-6151

CVE-2007-6151 affects the Linux kernel ISDN subsystem (ISDN ioctl path). The description in the Initial document states a local user can trigger a denial-of-service via a crafted ioctl struct where iocts is not null-terminated, causing a buffer overflow in isdn_common.c. Connected documents (RHSA...

CVE-2007-6762

The vulnerability is in the Linux kernel before 2.6.20, caused by an off-by-one error in net/netlabel/netlabel_cipso_v4.c that can overflow the doi_def->tags[] array. Affected component is the kernel’s netlabel CipSO v4 handling. The provided connected sources confirm the off-by-one overflow c...

CVE-2009-0029

This CVE affects the Linux kernel 2.6.28 and earlier on s390, powerpc, sparc64, and mips 64-bit platforms. The root cause is that a 32-bit user-space argument in a 64‑bit register was not verifiably sign-extended when passed to a system call, allowing local users to crash the kernel or potentiall...

CVE-2010-1085

CVE-2010-1085 affects the Linux kernel before 2.6.32.x/2.6.33-rc4 on the AMD780V chipset. The vulnerability is in the azx_position_ok function in hda_intel.c, where certain inputs can trigger a divide-by-zero and cause a crash (DoS). Public advisories from MiracleLinux and Oracle Linux list this ...

CVE-2010-4805

CVE-2010-4805 affects the Linux kernel socket backlog handling in net/core/sock.c prior to 2.6.35, allowing remote DoS via large traffic (backlog management related to sk_add_backlog and sk_rmem_alloc). The entry notes this vulnerability exists due to an incomplete fix for CVE-2010-4251. The conn...

CVE-2012-2383

CVE-2012-2383 affects the Linux kernel DRM/i915 component: an integer overflow in i915_gem_execbuffer2() within drivers/gpu/drm/i915/i915_gem_execbuffer.c. On 32-bit platforms and prior to kernel 3.3.5, this allows a local user to trigger an out-of-bounds write via a crafted ioctl, leading to a p...

CVE-2013-2895

CVE-2013-2895 affects the Linux kernel HID Logitech DJ driver (drivers/hid/hid-logitech-dj.c) up to version 3.11 when CONFIG_HID_LOGITECH_DJ is enabled. The vulnerability allows physically proximate attackers to cause a denial of service via a NULL pointer dereference and OOPS, or to read sensiti...

CVE-2014-9410

The CVE-2014-9410 entry affects the MSM-VFE31 driver for the Linux kernel 3.x (as used in Qualcomm Innovation Center Android contributions). The vulnerability is in vfe31_proc_general, which does not validate a specific id value, enabling a local attacker to gain privileges or cause memory corrup...

CVE-2015-5327

CVE-2015-5327 affects the Linux kernel (4.3-rc1 and later); the flaw is an out-of-bounds memory read in x509_decode_time within x509_cert_parser.c. Impact is partially confidentiality (per CVSS2) and high confidentiality (per CVSS3); the issue is fixed by kernel patches (as noted in referenced ad...

CVE-2016-3135

CVE-2016-3135 is an integer overflow in xt_alloc_table_info (net/netfilter/x_tables.c) of the Linux kernel up to 4.5.2 on 32-bit platforms, enabling local privilege escalation or heap corruption leading to DoS via IPT_SO_SET_REPLACE. Connected documents corroborate the 32-bit overflow in xt_alloc...

CVE-2018-1095

CVE-2018-1095 concerns the Linux kernel up to 4.15.15, where ext4_xattr_check_entries in fs/ext4/xattr.c fails to validate xattr sizes, causing misinterpretation of a size as an error code. This can enable a crafted ext4 image to trigger a get_acl NULL pointer dereference and crash the system, i....

CVE-2021-47134

CVE-2021-47134 affects the Linux kernel boot path: if no valid FDT is found, setup_arch() calls efi_init()->efi_get_fdt_params() and initial_boot_params becomes NULL, causing a panic. The patch fixes this by stopping further FDT processing when no valid FDT is found (observed on riscv). Remedi...

CVE-2021-47275

CVE-2021-47275 concerns the Linux kernel w.r.t. the bcache cache-miss path. In cached_dev_cache_miss(), the calculation of the read size for missing cache data can overflow the 16-bit size field embedded in the bkey (via the sectors value), causing oversized inserts into the internal B+ tree. Thi...

CVE-2021-47335

CVE-2021-47335 (Linux kernel, f2fs) : A race on the global fsync_entry_slab across multi filesystem instances caused a use-after-free in the slab cache during f2fs recovery. The root cause is concurrent access to the slab pointer when multiple f2fs mounts exist, leading to a use-after-free during...

CVE-2021-47339

In CVE-2021-47339, the Linux kernel fix targets media: v4l2-core, addressing uninitialized kernel stack data that could be used as input for driver ioctl handlers due to mistakes in compat ioctl implementation. The resolution requires explicitly clearing the entire ioctl input buffer before conve...

CVE-2021-47357

CVE-2021-47357 : In the Linux kernel, the atm: iphase removal path calls del_timer(), which can leave a timer handler running after the driver remove completes, causing a possible use-after-free. The fix uses del_timer_sync() to wait for the timer handler to finish and prevent rescheduling. Conne...

CVE-2021-47368

CVE-2021-47368 concerns a Linux kernel vulnerability in enetc where irq_set_affinity_hit() stores a cpumask_t reference in an irq descriptor, referencing memory on the stack. This leads to illegal accesses when the affinity_hint is read via procfs, potentially causing paging oops. The issue is mi...

CVE-2021-47376

CVE-2021-47376 is a Linux kernel issue where an oversize allocation in kmalloc path could trigger a warning during BPF verification. The provided description and connected advisories indicate the fix adds an oversize check before kvcalloc() via the commit that introduces the guard in mm/kvmalloc(...

CVE-2021-47382

The CVE-2021-47382 entry concerns the Linux kernel component s390/qeth. Root cause: a deadlock risk in qeth_do_reset() where discipline_mutex could be held on an error path, preserving the original deadlock potential when a qeth channel path is offline. The vulnerability arises from a race betwee...

CVE-2021-47395

CVE-2021-47395 : Linux kernel/mac80211 vulnerability where the rate limiting for injected VHT MCS/NSS in ieee80211_parse_tx_radiotap was tightened to fix a syzkaller warning. Affected component: mac80211 (ieee80211_parse_tx_radiotap, ieee80211_rate_set_vht). Reported impact in the public docs is ...

CVE-2021-47399

Technical details about CVE-2021-47399 (ixgbe NULL pointer dereference) are not provided in the supplied documents. Monitor for updates from vendors; no concrete technical details are included here.

CVE-2021-47409

CVE-2021-47409 concerns a Linux kernel vulnerability in the USB: dwc2 subsystem where a NULL return from platform_get_resource() could lead to a NULL pointer dereference. The issue is triggered when the return value is not checked, as described in the CVE entry and echoed in connected advisories ...

CVE-2021-47493

CVE-2021-47493 is a Linux kernel issue affecting ocfs2 where a race between searching chunks and releasing journal_head from a buffer_head can lead to a page fault or panic. The root cause is a race between ocfs2_test_bg_bit_allocatable() and jbd2_journal_put_journal_head(), with bg_bh->b_priv...

CVE-2021-47542

CVE-2021-47542 affects the Linux kernel’s qlcnic logic for certain 83xx devices. In function qlcnic_83xx_add_rings() , the indirect call through ahw->hw_ops->alloc_mbx_args() can return NULL on allocation failure, and the code could dereference this NULL pointer. The patch adds a guard to v...

CVE-2021-47546

CVE-2021-47546 is a Linux kernel vulnerability affecting IPv6 nftables rules. When a fib6_rule_suppress path and a suppress_prefix rule exist, memory leaks occur in ip6_dst_cache per-packet allocations. The root cause is a mismatch between generic FIB_LOOKUP_NOREF and the IPv6-specific RT6_LOOKUP...

CVE-2021-47552

CVE-2021-47552 – Linux kernel : The vulnerability stems from blk-mq dispatch cancellation logic. Previously, blk_mq_quiesce_queue() was not invoked in blk_cleanup_queue(), delaying cancellation to disk_release(), which allowed a race where a scsi_device could be freed before blk_release_queue() r...

CVE-2021-47619

CVE-2021-47619 concerns the i40e Linux kernel XDP path. A PF queue pile fragmentation caused by placing a flow director VSI immediately after the main VSI could prevent the main VSI from resizing its queue allocation when XDP is enabled on systems with many CPUs and an X722 NIC, leading to a NULL...

CVE-2022-1943

CVE-2022-1943 describes an out-of-bounds memory write in the Linux kernel UDF file system, triggered by user-initiated file operations that invoke udf_write_fi(). The flaw could allow a local attacker to crash the system (and, per connected advisories, is associated with Ubuntu and other mappings...

CVE-2022-48824

CVE-2022-48824 : In the Linux kernel, the scsi myrs driver can crash during error handling. If privdata->hw_init() fails non‑zero, myrs_detect() leaves cs->disable_intr as NULL and myrs_cleanup() dereferences a NULL pointer, causing a kernel crash with a NULL pointer dereference. The issue ...

CVE-2022-48826

Mode C: CVE-2022-48826 affects the Linux kernel drm/vc4, where a deadlock can occur during DSI device attach error when the host device lock is held. Specifically, in the device attach error path, un-registering the host can deadlock with a call trace involving device_del/unregister, mipi_dsi_hos...

CVE-2022-49061

The CVE-2022-49061 issue affects the Linux kernel net: ethernet: stmmac altr_tse_pcs when using a fixed-link. The driver crashes with a null-pointer dereference because phy_device is not provided to tse_pcs_fix_mac_speed. The patch adds a check for phy_dev before calling tse_pcs_fix_mac_speed() a...

CVE-2022-49089

CVE-2022-49089 (Linux kernel) resolves a race condition in IB/rdmavt code by adding a lock around a call to rvt_error_qp, which the function’s documentation requires both r_lock and s_lock to be held. The issue occurred because a commit in Fixes left the rvt_error_qp call in rvt_ruc_loopback unco...

CVE-2022-49232

CVE-2022-49232 is a Linux kernel vulnerability in the DRM/AMD display path. In amdgpu_dm_connector_add_common_modes(), the code assigns the result of amdgpu_dm_create_common_mode() to mode and then passes it to drm_mode_probed_add(). If amdgpu_dm_create_common_mode() fails, mode may be NULL and d...

CVE-2022-49269

The CVE-2022-49269 issue affects the Linux kernel CAN subsystem: isotp_bind() incorrectly validates CAN IDs, allowing a state machine path that can be reached with non-standard IDs (ex: 0x6000001 and 0xC28001) that map to 11-bit IDs 0x001. The fix sanitizes SFF/EFF CAN ID values before address ch...

CVE-2022-49352

CVE-2022-49352 relates to the Linux kernel ext4: fix warning in ext4_handle_inode_extension, where a write path can trigger inode size accounting inconsistencies under memory pressure. The issue describes an observed sequence where inode.i_size is 4096, but EXT4_I(inode)->i_disksize is set to ...

CVE-2022-49432

CVE-2022-49432 affects the Linux kernel on PowerPC/xics: a refcount leak in icp_opal_init() was fixed. The root cause is that of_find_compatible_node() returns a node pointer with refcount already incremented, and the fix is to call of_node_put() on it when done. The upstream description notes th...

CVE-2022-49438

CVE-2022-49438 : In the Linux kernel, the refcount leak occurs in the path handling for device tree lookups. Specifically, of_find_node_by_path() using of_find_node_opts_by_path() returns a node pointer with an incremented refcount, but the code did not call of_node_put() when done, causing a ref...

CVE-2022-49446

CVE-2022-49446 affects the Linux kernel’s NVDIMM path, describing deadlock risks in CXL/NVDIMM interactions. The advisory notes possible unsafe locking scenarios involving nd_region keys, nvdimm_bus->reconfig_mutex, system_transition_mutex, and cxl_root/acpi_scan_lock chains, triggered by hold...

CVE-2022-49555

The CVE-2022-49555 issue affects the Linux kernel’s Bluetooth hci_qca path. The root cause is use of del_timer() before freeing a timer, risking timer-list corruption; the fix applies del_timer_sync() before freeing and adjusts wake_retrans_timer/work queue destruction by moving the workqueue des...

CVE-2022-49556

The CVE-2022-49556 issue affects the Linux kernel KVM: SVM sev ioctl interfaces. It could cause leakage of uninitialized kernel memory when the length parameter is between SEV_FW_BLOB_MAX_SIZE and the returned data, due to using kmalloc. The fix uses kzalloc for sev ioctl interfaces to allocate c...