14420 matches found
CVE-2023-52577
CVE-2023-52577 pertains to the Linux kernel DCCP handling. The issue stems from an incorrect assumption about the DCCP header field dh->dccph_x (the 9th byte, offset 8) and related ICMP message sizing, which could affect processing of DCCP packets and ICMP responses. The description notes that...
CVE-2023-52842
CVE-2023-52842 affects the Linux kernel virtio_vsock path. The issue arises from uninitialized buf_alloc and fwd_cnt fields in struct virtio_vsock_hdr when a new skb is allocated in virtio_transport_init_hdr(), leading to a KMSAN-uninitialized-value report. The connected Astra/SUSE advisories con...
CVE-2023-52844
CVE-2023-52844: Linux kernel vulnerability in media: vidtv psi where kstrdup() return value wasn't checked. The fix adds a check for kstrdup() and returns an error to avoid NULL pointer dereference. Affected kernel versions (Linux kernel series) have been updated with this patch; references point...
CVE-2023-52853
Technical details about CVE-2023-52853 (affected product, exact root cause, impact, and fixed versions) are not provided in the connected documents. The supplied materials only contain vendor advisories; monitor for official updates for concrete details.
CVE-2023-52860
CVE-2023-52860 relates to the Linux kernel; the root issue occurs in the perf driver when tearing down a hisi_hns3 PMU, where CPU hotplug callbacks could run after the PMU is unregistered, leading to a NULL pointer dereference. The fix uses cpuhp_state_remove_instance_nocalls() instead of cpuhp_s...
CVE-2023-52861
In CVE-2023-52861, the Linux kernel DRM bridge it66121 had a NULL pointer dereference when no monitor is connected and the sound card is opened from userspace. The fix returns an empty EDID buffer (zeros) to the sound framework when no connector is attached, preventing the dereference and its pot...
CVE-2023-52898
CVE-2023-52898 is a Linux kernel vulnerability in the xHCI USB host controller code. The issue is a potential null pointer dereference when the host dies, caused by a race between xhci_free_dev() freeing virt devices and xhci_kill_endpoint_urbs() iterating endpoints. The fix synchronizes access b...
CVE-2023-52940
CVE-2023-52940 affects the Linux kernel; it concerns the multi-gen LRU code during cgroup migration. The issue arises in lru_gen_migrate_mm(), which assumes lru_gen_add_mm() runs before it, but in a specific cross-CPU sequence (clone, cgroup_fork, cgroup_procs_write, cgroup_post_fork, task_lock, ...
CVE-2023-53062
Summary (CVE-2023-53062) : Affects the Linux kernel in the usb SMSC95xx driver. The vulnerability arises when the packet length retrieved from a descriptor may exceed the actual skb length, allowing a cloned skb to leak kernel memory contents as it traverses the network stack. The issue is docume...
CVE-2024-35974
CVE-2024-35974 affects the Linux kernel block subsystem. The vulnerability arises from a q->blkg_list corruption introduced when multiple gendisk instances are allocated for a single request queue during disk rebind, allowing a blkg to linger in q->blkg_list during blkcg_init_disk() and thu...
CVE-2024-35986
CVE-2024-35986 affects Linux kernel code for TI/TUSB1210 charger-detect. Unregistering a power_supply while a reference remains can trigger a WARN in power_supply_unregister and leave a dangling pointer, causing a crash on tusb1210_get_online() next use. The fix limits the power_supply reference ...
CVE-2024-36965
Technical details for CVE-2024-36965 are not publicly provided in the supplied documents. Please monitor official advisories and connected feeds for affected products, versions, impact, and fixes.
CVE-2024-36966
CVE-2024-36966 affects the Linux kernel EROFS file system. Root cause: in block device based mode, s_bdev could be uninitialised and misidentified as fscache mode when CONFIG_EROFS_FS_ONDEMAND is enabled, leading to ida_free on an unallocated id. The issue is resolved by ensuring erofs_sb_info is...
CVE-2024-42091
CVE-2024-42091 — Linux kernel, module: drm/xe. The issue arose when dumping PAT settings via debugfs without validating pat.ops, allowing a null or unset pat.ops pointer to be used, which could lead to a denial/Not-Provided detail? (NPD) scenario. The fixed behavior patches the code to check the ...
CVE-2024-44968
The connected Nessus entry for CVE-2024-44968 confirms a Linux kernel tick/broadcast timer regression where per-CPU pointer access was taken in a preemptible region due to compiler behavior. The fix moves the per-CPU pointer retrieval to the actual usage site, which is in a non-preemptible region...
CVE-2024-46701
CVE-2024-46701 affects the Linux kernel, where libfs offset-dir reads could loop infinitely during concurrent readdir/rename operations after switching tmpfs dir operations to simple_offset_dir_operations. The issue arose because each rename could insert a new dentry into dest dir’s maple tree wi...
CVE-2024-46785
CVE-2024-46785 affects the Linux kernel, specifically an issue in eventfs relating to SRCU-protected lists. The root cause is a NULL pointer access in tracefs when ei_child can be set to LIST_POISON1 after removal in eventfs_remove_rec, leading to a crash/panic. The vulnerability materializes whe...
CVE-2024-49869
Summary of CVE-2024-49869 (Linux kernel) : In btrfs send, overflow was due to name_cache_entry->name length not matching name_len (included NUL terminator). The fix avoids storing the NUL terminator for name entries, aligns name_len with actual name size, marks the field as __nonstring, and sw...
CVE-2024-49984
CVE-2024-49984 : In the Linux kernel DRM/V3D, there was an out-of-bounds access bug in the performance query extensions. The issue arises from copying IDs when validating the number of perfmon userspace inputs for the copy and reset extensions; the kernel did not adequately bound-check the destin...
CVE-2024-50094
Technical details for CVE-2024-50094 are not publicly disclosed in the provided connected documents. They reference the Linux kernel sfc/netpoll fix but do not specify affected versions, impact, or patch details. Monitor for updates.
CVE-2024-50123
CVE-2024-50123 affects the Linux kernel sockmap/BPF code. The root cause is a missing BPF_LINK_TYPE invocation for the sockmap link, which caused an out-of-bounds read in bpf_link_show_fdinfo() for the sockmap link fd. The patch fixes the issue by adding the missing BPF_LINK_TYPE invocation and u...
CVE-2024-50190
Summary (CVE-2024-50190) : The vulnerability is in the Linux kernel ice driver where a memory leak (memleak) occurs during ice_init_tx_topology(), leaking the FW blob for each PF. The root cause is that ice_cfg_tx_topo() did not need to copy the entire FW blob; the fix makes ice_cfg_tx_topo() @bu...
CVE-2024-50254
CVE-2024-50254 : In the Linux kernel, the bpf_iter_bits_destroy() path incorrectly used kit->nr_bits bit = kit->nr_bits on completion, uses !nr_bits || bits >= nr_bits to determine completion, and keeps nr_bits > 64 to indicate dynamic allocation. It also changes kit->nr_bits from ...
CVE-2024-50288
Technical details for CVE-2024-50288 are not available in the provided connected documents. The initial description mentions a buffer-overflow fix in the Linux kernel vivid driver, but there are no public details on affected versions, exploit status, or remediation beyond the patch.
CVE-2024-52319
CVE-2024-52319 — Linux kernel memory corruption/ information disclosure risk due to mm: use aligned address in clear_gigantic_page(). In current kernel, hugetlb_no_page() may call clear_gigantic_page() with a fault address that is not aligned to the huge page size, leading to potential memory cor...
CVE-2024-53192
CVE-2024-53192 affects the Linux kernel’s Loongson2 clock framework. A memory corruption risk exists in the flexible array member hws of struct clk_hw_onecell_data when allocating clks_num elements but not updating clp->clk_data.num accordingly. The code allocates clp with devm_kzalloc(dev, st...
CVE-2024-56559
CVE-2024-56559 : Linux kernel vulnerability in vmalloc/KASAN shadow VA handling where the TLB flush of multiple uses was not consolidated, causing a soft lockup on a 256-core machine during drain_vmap_area_work and Kasan vmap allocations. The issue is resolved by combining all TLB flush operation...
CVE-2024-57880
Technical details about CVE-2024-57880 are not provided in the connected documents. Public specifics, affected products, and fixes are not disclosed here; monitor for updates.
CVE-2025-21989
CVE-2025-21989 - Linux kernel (drm/amd/display, AMDGPU) The vulnerability stems from a missing .is_two_pixels_per_container function in dce60_tg_funcs when the AMDGPU driver loads with amdgpu.dc=1 (starting with kernel 6.11). This can cause a NULL pointer dereference on older GPUs (e.g., R9 280X)...
CVE-2025-21990
This CVE affects the Linux kernel DRM/AMDGPU path. The vulnerability arises when determining GFX12 page table entry (PTE) flags for BOs (backing stores). Specifically, PRT BOs may have no backing store, making bo->tbo.resource NULL. If this NULL is dereferenced, it can lead to a crash or other...
CVE-2025-22051
CVE-2025-22051 affects the Linux kernel staging gpib driver. The issue arises when an Agilent USB dongle is disconnected, causing a NULL pointer Oops on subsequent driver calls because bus_interface is set to NULL on disconnect. The root cause is that usb_dev was being assigned from the bus_inter...
CVE-2025-22067
Technical details about CVE-2025-22067 (affected products, versions, root cause, impact, or fixes) are not provided in the connected documents. Monitor for updates from official advisories and vulnerability feeds.
CVE-2025-22084
CVE-2025-22084 : In the Linux kernel, a NULL pointer dereference can occur in the serdev path due to a race: w1_uart_probe() calls w1_uart_serdev_open() (which includes devm_serdev_device_open()) before configuring client ops with serdev_device_set_client_ops(), causing serdev->ops to be unini...
CVE-2025-22112
CVE-2025-22112 affects the Linux kernel bnxt ethernet driver. The vulnerability arises from out-of-range access to the vnic_info array in bnxt_queue_start/stop where bp->nr_vnics is exceeded, allowing access to bp->vnic_info[bp->nr_vnics]. The issue is fixed in the publicly released comm...
CVE-2025-37776
CVE-2025-37776 : In the Linux kernel, ksmbd has a use-after-free in smb_break_all_levII_oplock() caused by a race when unlocking in the middle of the loop. A patch adds a read lock to protect the whole loop. This vulnerability has a local attack vector with high impact (C/H/I/A) per CVSS v3.1, an...
CVE-2025-37777
CVE-2025-37777: In the Linux kernel ksmbd path, a use-after-free could occur in __smb2_lease_break_noti() when the connection is disconnected, because ksmbd_conn_write may touch freed structures if conn->ksmbd_transport is already freed. The fix moves the tcp_transport free to ksmbd_conn_free,...
CVE-2025-37822
CVE-2025-37822 resolves a Linux kernel issue in the RISC‑V uprobes path. The root cause was a missing fence.i after constructing the XOL (execute out-of-line) buffer used to single-step replaced instructions, which could lead to execution of stale/broken instructions. The vulnerability was observ...
CVE-2025-37872
CVE-2025-37872 : Linux kernel fix in net: txgbe driver. The vulnerability arises when txgbe_sw_init() succeeds but error paths in txgbe_probe() fail, leaving wx->rss_key allocated (wx_init_rss_key()) and not freed, potentially leaking memory. The patch ensures rss_key is freed on error paths a...
CVE-2025-38064
Vulnerability context: CVE-2025-38064 affects the Linux kernel virtio subsystem, notably virtio-console. Root cause: virtio-console may continue writing to MMIO after the underlying virtio-pci device has been reset during device_shutdown, with IOMMU resets ordering contributing to guest memory ac...
CVE-2025-38103
CVE-2025-38103 relates to the Linux kernel HID path (usbhid). The issue, described in connected sources, is an out-of-bounds bug in usbhid_parse() that could arise from HID descriptor handling. The fix updates the HID descriptor struct to align with USB HID 1.11 (reflecting mandatory vs. optional...
CVE-2025-38110
The CVE-2025-38110 issue affects the Linux kernel net/mdiobus path. It describes insufficient verification of ioctl parameters when performing Clause 45 (C45) read/write operations via mdiobus, allowing an address value beyond PHY_MAX_ADDR (32) to be passed and potentially enabling out-of-bounds ...
CVE-2025-38145
CVE-2025-38145 affects the Linux kernel in the ASPEED SoC driver (aspeed_lpc_enable_snoop). The vulnerability is due to not checking the return value of devm_kasprintf(), which can return NULL on memory allocation failure, leading to a NULL pointer dereference. The connected documentation confirm...
CVE-2025-38245
In the Linux kernel ATM subsystem, CVE-2025-38245 is due to releasing atm_dev_mutex before procfs/sysfs removal in atm_dev_deregister(), creating a race window where a device may still appear in procfs while the device list no longer contains it. This can trigger a splat warning during atm_dev_re...
CVE-2025-38279
CVE-2025-38279: Linux kernel bpf verifier backtracking bug in __mark_chain_precision (verifier) when handling precise registers; a test demonstrating a r10-related path and a patch that stops including stack ptr in precision backtracking was provided. Affected component: Linux kernel BPF verifier...
CVE-2025-38348
The CVE-2025-38348 issue is in the Linux kernel wifi driver for the Intersil p54 interface. A malicious USB device could cause a buffer over-read in p54_rx_eeprom_readback() by tampering v1/v2 eeprom length fields, potentially crashing the host. A patch was applied to store the eeprom size in the...
CVE-2003-0984
CVE-2003-0984 affects the Linux kernel RTC code: RTC routines in kernel 2.4.23 and earlier do not properly initialize their structures, which could leak kernel data to user space. Exploitation would require local access (per CVSS data), with partial impact on confidentiality, integrity, and avail...
CVE-2004-0497
CVE-2004-0497 describes a local privilege escalation in the Linux kernel 2.x family (notably 2.4/2.6-rc3) due to missing DAC controls in sys_chown, enabling a local user to modify the group ownership of files (including NFS-exported files) they do not own. The underlying issue allows changing fil...
CVE-2004-1070
Technical details (affected kernel versions, vulnerable component, impact, or remediation) are not publicly available in the provided documents. Monitor for updates.
CVE-2006-1527
CVE-2006-1527 affects the SCTP-netfilter code in the Linux kernel; an invalid SCTP chunk size can cause for_each_sctp_chunk to loop indefinitely, enabling a remote attacker to trigger a denial of service. The issue is in kernels prior to 2.6.16.13 and is addressed by the upstream 2.6.16.13 patch....
CVE-2006-4997
CVE-2006-4997 involves the Linux kernel ATM subsystem (clip_mkip in net/atm/clip.c). The issue allows a remote attacker to trigger a denial of service (panic) by causing the ATM subsystem to dereference memory of socket buffers after they have been freed. This is triggered by memory access patter...