CVE-2011-0699

The CVE-2011-0699 entry affects the Linux kernel 2.6.37, where an integer signedness error in the btrfs_ioctl_space_info function can allow a local user to trigger a denial of service via a heap-based buffer overflow or potentially other impact through a crafted slot value. Affected component: ke...

CVE-2011-1012

CVE-2011-1012 affects the Linux kernel, in particular the LDM partition handling. The flaw lies in ldm_parse_vmdb in fs/partitions/ldm.c, which does not validate the VBLK size in the VMDB structure of an LDM partition table. A crafted partition table can trigger a divide-by-zero and cause a kerne...

CVE-2012-0028

CVE-2012-0028 affects the Linux kernel’s futex implementation prior to version 2.6.28. The root cause is that processes executing an exec can write to memory in a child process due to improper futex handling, potentially allowing local users to cause a denial of service or to gain privileges. The...

CVE-2013-0216

CVE-2013-0216 refers to the Xen netback vulnerability in the Linux kernel prior to 3.7.8. Guest OS users could trigger ring-pointer corruption to cause a denial of service (loop). The linked connected documents ( MiracleLinux AXSA-2013-452:04 and Unity Linux advisories) explicitly list CVE-2013-0...

CVE-2013-1797

CVE-2013-1797 describes a use-after-free in arch/x86/kvm/x86.c of the Linux kernel up to version 3.8.4. The issue allows a guest OS user to trigger a GPA-related path during an MSR_KVM_SYSTEM_TIME kvm_set_msr_common operation, potentially causing host memory corruption and a denial of service, wi...

CVE-2013-2128

The CVE-2013-2128 issue affects the Linux kernel’s tcp_read_sock() in net/ipv4/tcp.c where skb consumption is not properly managed. This can allow local attackers to trigger a denial of service (system crash) by issuing a crafted splice() on a TCP socket. Evidence appears across multiple advisori...

CVE-2014-5206

CVE-2014-5206 : In Linux kernel versions up to 3.16.1, the do_remount function in fs/namespace.c fails to preserve the MNT_LOCK_READONLY flag across remounts of bind mounts. This allows a local user to bypass the intended read-only restriction by using a mount -o remount within a user namespace, ...

CVE-2015-7885

CVE-2015-7885 affects the Linux kernel: the dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c does not initialize a certain structure member, enabling a local attacker to read sensitive kernel memory via a crafted application. The issue is scoped to kernels up to version 4.3.3. Connect...

CVE-2016-2070

CVE-2016-2070 affects Linux kernels prior to 4.3.5. The tcp_cwnd_reduction function in net/ipv4/tcp_input.c can be triggered by crafted TCP traffic to cause a divide-by-zero DoS and system crash. According to connected advisories, upgrading to kernel 4.3.5 (as cited in ChangeLog-4.3.5) is the rem...

CVE-2017-15306

The CVE-2017-15306 entry concerns the Linux kernel (PowerPC) KVM. The vulnerable component is arch/powerpc/kvm/powerpc.c, specifically the kvm_vm_ioctl_check_extension function. The issue arises when handling the KVM_CHECK_EXTENSION KVM_CAP_PPC_HTM ioctl on /dev/kvm, allowing a local attacker to ...

CVE-2018-20449

CVE-2018-20449 affects the Linux kernel 4.14.90, specifically the hidma_chan_stats function in drivers/dma/qcom/hidma_dbg.c. It allows local users to obtain sensitive address information by reading callback= lines in a debugfs file. The issue is evidenced across multiple feeds (NVD, Red Hat, SUSE...

CVE-2020-15852

CVE-2020-15852 affects Linux kernel 5.5–5.7.9 (and Xen via 4.13.x for x86 PV guests). The issue stems from mishandling of tss_invalidate_io_bitmap, causing desynchronization between TSS I/O bitmaps and Xen, which may let an attacker gain I/O port permissions of an unrelated task. Public advisorie...

CVE-2021-3736

CVE-2021-3736 affects the Linux kernel in mbochs_ioctl within samples/vfio-mdev/mbochs.c used by VFIO mediated devices. The flaw is a memory leak that could allow a local attacker to leak internal kernel information. Some sources note a patched kernel package (e.g., kernel 5.10.131.1-1 in Mariner...

CVE-2021-4440

CVE-2021-4440 (Linux kernel) fixed by commit afd30525a659ac0ae0904f0cb4a2ca75522c3123 upstream: in x86/xen, the paravirt USERGS_SYSRET64 path was dropped and the exit from user space now uses the iret exit from the start instead of sysret, avoiding stack-mangling prerequisites in Xen PV guests. T...

CVE-2021-47100

CVE-2021-47100 is a Linux kernel vulnerability that causes a use-after-free (UAF) during uninstall of ipmi_si and ipmi_msghandler modules, leading to kernel oops/panic. The issue occurs when rmmod ipmi_si is followed by ipmi_msghandler removal, triggering kref_put cleanup that schedules a work it...

CVE-2021-47117

Technical details about CVE-2021-47117 are not provided in the connected documents. The initial description mentions ext4/extents_status and a kernel patch, but no explicit vendor/product/version mappings or remediation specifics are given in the supplied sources.

CVE-2021-47145

CVE-2021-47145 affects the Linux kernel (btrfs) where a BUG_ON in link_to_fixup_dir can trigger a kernel panic during error paths in log recovery. The description shows a replay/recover flow (replay_one_buffer, btrfs_recover_log_trees, open_ctree) panicking with an invalid opcode in fs/btrfs/tree...

CVE-2021-47205

CVE-2021-47205 affects the Linux kernel clk: sunxi-ng component (CCU clocks/resets). The root cause is that during unbinding of a CCU driver, the device MMIO region is unmapped while clocks/resets and their providers remain registered, which can lead to page faults when clock operations access MM...

CVE-2021-47252

CVE-2021-47252 affects the Linux kernel batman-adv subsystem. The soft/batadv interface for a queued OGM could be modified between queuing and transmission, with WARN_ON used for kernel bugs rather than warnings. The vulnerability’s description and fixes are documented in connected advisories; th...

CVE-2021-47359

CVE-2021-47359 concerns the Linux kernel CIFS subsystem and a fix for a soft lockup during fsstress. The issue caused system hangs (example: watchdog: BUG: soft lockup — CPU#6 stuck for 26s) and has been resolved by a kernel patch described as fixing the soft lockup during fsstress. Connected adv...

CVE-2021-47423

CVE-2021-47423 is about the Linux kernel component drm/nouveau/debugfs. The root cause is a memory leak where, when using single_open() for opening, single_release() is not invoked, causing the 'op' allocated in single_open() to leak. The connected documents indicate this fix has been applied in ...

CVE-2021-47480

CVE-2021-47480 affects the Linux kernel SCSI subsystem. The issue arises when releasing a SCSI host: the low-level device driver (LLD) module could be unloaded before the SCSI host is fully released, because shost->hostt is needed during release, leading to a kernel panic (BUG: unable to handl...

CVE-2021-47616

CVE-2021-47616 affects the Linux kernel RDMA code. On error handling in rxe_qp_from_init(), the SQ queue is freed but a last reference drop occurs in rxe_create_qp(), risking a use-after-free. The fixed patch zeroes the qp->sq.queue pointer after freeing the queue in rxe_qp_from_init() to prev...

CVE-2021-47643

CVE-2021-47643 is a Linux kernel issue in the media/ ir_toy area; it fixes a leak in the error path by freeing a resource before exiting on error. Affected component is the kernel’s ir_toy driver code, where an error exit path could leak memory. The vulnerability is local in scope with a CVSS v3....

CVE-2022-20107

CVE-2022-20107 affects the subtitle service and is caused by an integer overflow that can crash the application, enabling local denial of service with SYSTEM privileges. The vulnerability is exploitable locally (attack vector: LOCAL, attack complexity: LOW) and does not require user interaction. ...

CVE-2022-48658

CVE-2022-48658 affects the Linux kernel:mm/slub: flush_cpu_slab()/__free_slab() invocations were moved out of IRQ context into a global workqueue. When flush_all_cpu_locked() runs from task context, a WQ_MEM_RECLAIM-enabled workqueue may flush the global workqueue, causing a dependency issue duri...

CVE-2022-48705

CVE-2022-48705 concerns the Linux kernel WiFi driver mt76 mt7921e. When a device driver fails during a chip reset, the reset sequence may loop, leaving tx_napi disabled/waiting for a state change and potentially causing a system crash. The fix changes the reset flow to avoid waiting on napi state...

CVE-2022-48709

CVE-2022-48709 : In the Linux kernel, the ice switch path could leak memory if ice_add_special_words() failed, because the error path did not release the remaining resources before exiting. The fix adds the proper cleanup path by jumping to the err_unroll label to ensure the rm is released. The v...

CVE-2022-48825

CVE-2022-48825 concerns the Linux kernel fix for scsi: qedf: Add stag_work to all the vports. The issue manifested as a call trace when NPIV ports are created, with only 32 of 64 ports online because stag work was not initialized for vports. The provided Linux kernel data shows a 4.18.0-348.el8.x...

CVE-2022-48891

CVE-2022-48891 – Linux kernel regulator (da9211): The issue arises if the IRQ handler is enabled before regulator structures are ready (e.g., when booting from kexec), potentially causing a crash due to an unreadable memory access. The patch fixes the initialization order to ensure the IRQ handle...

CVE-2022-49243

CVE-2022-49243 is a Linux kernel vulnerability affecting ASoC: atmel via the at91sam9g20ek_audio_probe path. The issue is a refcount mismatch: of_parse_phandle() returns a node pointer with a refcount that is incremented in the probe function, but a missing of_node_put() caused a leak. A fix was ...

CVE-2022-49310

CVE-2022-49310 corresponds to a Linux kernel vulnerability in the xillybus driver where a refcount leak occurs in cleanup_dev(). The root cause is the sequence: usb_get_dev is acquired in xillyusb_probe and usb_put_dev is not paired before xdev is released, leading to a potential resource leak. T...

CVE-2022-49336

CVE-2022-49336 concerns the Linux kernel, specifically the DRM subsystem driver etnaviv. The vulnerability arises in etnaviv_iommu_unmap_gem: if a mapping has already been reaped, the unmap operation must be a no-op to avoid removing the mapping twice and corrupting kernel data structures. The is...

CVE-2022-49431

CVE-2022-49431 concerns the Linux kernel powerpc iommu: a missing of_node_put in iommu_init_early_dart leads to a refcount leak for the device_node returned by of_find_compatible_node. The issue is local in scope (AV:L, AC:L, PR:L, UI:N) with a high impact on availability and a moderate base scor...

CVE-2022-49473

The CVE-2022-49473 entry concerns the Linux kernel ASoC: ti: j721e-evm area. The issue is described as a refcount leak in j721e_soc_probe_* where of_parse_phandle() returns a node pointer with an incremented refcount; the fix adds a missing of_node_put() to release it when no longer needed. Conne...

CVE-2022-49490

CVE-2022-49490: In the Linux kernel, drm/msm/mdp5 had a NULL dereference risk in mdp5_pipe_release when mdp5_get_global_state could return an error (-EDEADLK) during modeset lock handling. The fix propagates such errors from mdp5_get_global_state to mdp5_pipe_release and returns a proper error in...

CVE-2022-49498

CVE-2022-49498 affects the Linux kernel, specifically the ALSA PCM path. The issue: a pointer substream could be dereferenced before a null check (PCM_RUNTIME_CHECK), risking a crash/denial of service if triggered locally. The connected advisories (e.g., Astra Linux, SUSE SU-2025 updates) confirm...

CVE-2022-49556

The CVE-2022-49556 issue affects the Linux kernel KVM: SVM sev ioctl interfaces. It could cause leakage of uninitialized kernel memory when the length parameter is between SEV_FW_BLOB_MAX_SIZE and the returned data, due to using kmalloc. The fix uses kzalloc for sev ioctl interfaces to allocate c...

CVE-2022-49677

In CVE-2022-49677, the Linux kernel ARM CNS3xxx codefix resolves a refcount leak in cns3xxx_init. The issue arises because of_find_compatible_node() returns a node pointer with its refcount incremented, and the patch adds a call to of_node_put() when finished to avoid leaking references. This vul...

CVE-2022-49680

CVE-2022-49680 relates to the Linux kernel (ARM Exynos): a refcount leak in exynos_map_pmu was introduced by not releasing the of_node pointer after of_find_matching_node() yields it. The fix adds a missing of_node_put() (and clarifies that of_node_put() handles NULL). Impact described in sources...

CVE-2022-49709

CVE-2022-49709 is a Linux kernel issue where using RCU_NONIDLE during the __cfi_slowpath_diag cpuidle code path can leave the RCU state invalid. The concrete details across connected documents show the root cause: improper RCU usage in cpuidle, leading to a warning trace (rcu_eqs_enter, rcu_idle_...

CVE-2022-49915

The CVE-2022-49915 issue affects the Linux kernel mISDN path and is caused by a memory leak in mISDN_register_device due to how device names were allocated. After the commit 1fa5ae857bb1 (driver core: get rid of struct device's bus_id string array), the device name is allocated dynamically and fr...

CVE-2022-50006

CVE-2022-50006 affects the Linux kernel in NFSv4.2 handling of __nfs42_ssc_open. The issue arises when a destination server processes a COPY and should not accept a passed filehandle if it’s not a regular filehandle; additionally, if alloc_file_pseudo() fails, the kernel must drop the reference t...

CVE-2022-50034

CVE-2022-50034 affects the Linux kernel USB cdns3 gadget workaround 2. A use-after-free occurs in cdns3_wa2_remove_old_request when priv_req->request.buf is freed before the list node is removed with list_del_init(), leaving a dangling pointer in the list. The patch reorders the sequence, movi...

CVE-2022-50177

CVE-2022-50177 concerns the Linux kernel where rcutorture ksoftirqd boosting timing/iteration could fail, causing RCU priority boosting to break under certain CPU configurations. The documented root causes are: (1) when the total CPUs exceed booted online CPUs, leading to boosting not applying to...

CVE-2023-23002

The CVE-2023-23002 issue affects Linux kernels before 5.16.3, where drivers/bluetooth/hci_qca.c misinterprets the return value of devm_gpiod_get_index_optional (treats an error pointer as NULL in error cases). This misinterpretation can lead to incorrect error handling, contributing to an availab...

CVE-2023-52611

CVE-2023-52611 (Linux kernel, wifi: rtw88 SDIO): Fixes address skb_over_panic by ensuring the driver can receive more than 1536 bytes from the SDIO card. Root causes include an Amlogic A311D (G12B) SDIO controller hardware bug (DMA transfers blocked; uses SRAM up to 1536 bytes) and rtw88 not spli...

CVE-2023-52829

The CVE affects Linux kernel wifi driver ath12k (ext_hal_reg_caps path). A reg_cap.phy_id value extracted from a WMI event could be unexpected after errors, enabling an out-of-bounds write to soc->hal_reg_cap. The public description states the issue is corrected by validating reg_cap.phy_id be...

CVE-2023-53023

The CVE-2023-53023 entry describes a use-after-free in the Linux kernel NFC local_cleanup path. Specifically, kfree_skb() can be invoked twice during nfc daemon teardown (e.g., neard) after detaching an NFC device, because local_cleanup() frees local->rx_pending and decrements local->ref tw...

CVE-2023-53050

In CVE-2023-53050, the Linux kernel vulnerability affects thunderbolt margining and was resolved by fixing a memory leak in usb4->margining where memory was not released for the upstream router port, even though the router device removal released the debugfs directory. The issue is tied to the...