14403 matches found
CVE-2025-37822
CVE-2025-37822 resolves a Linux kernel issue in the RISC‑V uprobes path. The root cause was a missing fence.i after constructing the XOL (execute out-of-line) buffer used to single-step replaced instructions, which could lead to execution of stale/broken instructions. The vulnerability was observ...
CVE-2025-38348
The CVE-2025-38348 issue is in the Linux kernel wifi driver for the Intersil p54 interface. A malicious USB device could cause a buffer over-read in p54_rx_eeprom_readback() by tampering v1/v2 eeprom length fields, potentially crashing the host. A patch was applied to store the eeprom size in the...
CVE-2024-35987
CVE-2024-35987 : Linux kernel vulnerability in riscv NOMMU builds. A patch fixes loading 64-bit NOMMU kernels past the start of RAM by restoring the previous NOMMU mm initialization behavior, after a change that allowed RAM below the kernel load address to be used for the linear mapping. The root...
CVE-2024-35993
CVE-2024-35993: Linux kernel vulnerability in mm: folio_test_hugetlb can be fooled by concurrent folio splitting, potentially returning a folio that never belonged to hugetlbfs. The fix converts folio_test_hugetlb to a PageType and relies on page_mapcount() ignoring the PageType field for hugetlb...
CVE-2024-36892
The CVE-2024-36892 issue affects the Linux kernel SLUB allocator. The fix addresses a bug in single-object free: when init_on_free=1, the freepointer inside the freed object could be zeroed (or its handling was unsafe) and, under slub_debug=F and CONFIG_SLAB_FREELIST_HARDENED, do_slab_free() coul...
CVE-2024-38548
The CVE-2024-38548 issue is in the Linux kernel’s drm: bridge: cdns-mhdp8546 path. The root cause is a potential NULL pointer dereference in cdns_mhdp_atomic_enable() after drm_mode_duplicate() returns NULL, which is dereferenced in drm_mode_set_name(). The fix adds a check for mhdp_state->cur...
CVE-2024-38613
CVE-2024-38613 affects the Linux kernel on the m68k architecture, where a race in kernel thread creation can cause a spinlock recursion warning. Root cause: during context switch to a newly created thread, the status register may enable interrupts too early, since interrupts are not reliably disa...
CVE-2024-39467
CVE-2024-39467 (Linux kernel, f2fs) is rooted in a missing sanity check for i_xattr_nid in f2fs_iget(). In the fiemap path this allows current_nat_addr() to read from nat_bitmap using an invalid i_xattr_nid, triggering a KASAN slab-out-of-bounds bug. The issue is fixed by adding the sanity check ...
CVE-2024-42149
CVE-2024-42149 affects the Linux kernel and pertains to the block device thaw/mount handling. The issue occurs when a block device is frozen before a filesystem has claimed it, leading to a window where a concurrent mount may observe an elevated bd_fsfreeze_count and abort mounting, while a later...
CVE-2024-42151
The CVE-2024-42151 entry concerns the Linux kernel and a BPF-related test: test_1 in bpf_dummy_struct_ops has a first parameter that can be NULL. The vulnerability arises because the verifier could skip a NULL check, leading to a NULL pointer dereference under certain conditions when state is NUL...
CVE-2024-45012
The CVE-2024-45012 issue is in the Linux kernel related to the nouveau driver when SG_DEBUG is enabled with an active iommu. The crash trace shows a kernel BUG triggered in sg_init_one, indicating a failure in DMA handling within the nouveau firmware/driver path. The published fixes in connected ...
CVE-2024-46703
The CVE-2024-46703 issue is in the Linux kernel and stems from reverting the change “serial: 8250_omap: Set the console genpd always on if no console suspend,” which Kevin reported can crash during suspend on platforms that don’t use PM domains. The fix is to revert that commit, resolving the cra...
CVE-2024-46709
CVE-2024-46709 concerns the Linux kernel’s drm/vmwgfx code. The issue arises when handling external buffers during mapping, where code could access pages directly instead of using the dma_buf interface. The fixed behavior requires that external buffers created from dma_bufs be mapped via the dma_...
CVE-2024-46793
CVE-2024-46793 affects the Linux kernel (ASoC: Intel boards) and resolves a NULL pointer dereference on BYT/CHT boards caused by dummy codec handling. The issue originated from creating a zero-sized dummy codec array (static struct snd_soc_dai_link_component dummy[]) and a subsequent dais[i].code...
CVE-2024-47694
CVE-2024-47694 affects the Linux kernel’s InfiniBand/RDMA stack, specifically mlx5-based drivers. The root cause is a broken UMR cleanup flow during driver init: the cited patch moved pd allocation to a new mlx5r_umr_cleanup() function, which could dereference a NULL pd in error paths, causing a ...
CVE-2024-49984
CVE-2024-49984 : In the Linux kernel DRM/V3D, there was an out-of-bounds access bug in the performance query extensions. The issue arises from copying IDs when validating the number of perfmon userspace inputs for the copy and reset extensions; the kernel did not adequately bound-check the destin...
CVE-2024-50204
CVE-2024-50204 affects the Linux kernel: during namespace copying, the code may call free_mnt_ns() to remove the new copy from the rbtree before the copy is actually added, leading to an invalid rbtree operation. The fix is to free the namespace skeleton directly after a successful copy, rather t...
CVE-2024-50266
CVE-2024-50266 concerns the Linux kernel clk/qcom/videocc-sm8350 path where a venus driver change could cause a stuck vcodec clock (example: video_cc_mvs0_clk) on certain ThinkPad hardware. The issue is triggered by runtime control mode in GDSCs and was resolved by using HW_CTRL_TRIGGER for vcode...
CVE-2024-50270
CVE-2024-50270 targets the Linux kernel, specifically in mm/damon/core where damon_feed_loop_next_input() contains overflow-prone calculations (score_goal_diff_bp, compensation, etc.) related to a constant target score of 10,000. The fix rewrites the function to avoid overflows and removes the un...
CVE-2024-51729
Technical details for CVE-2024-51729 are not provided in the connected documents. The supplied items reference a kernel fix at a high level but do not enumerate affected products/versions beyond generic kernel context; monitor for updates.
CVE-2024-56564
Technical details for CVE-2024-56564 are not publicly provided in the supplied documents. Please monitor for updates from the vendor/security advisories.
CVE-2024-57886
Technical details for CVE-2024-57886 are not provided in the supplied documents. No affected product/versions or remediation specifics are present here; monitor for updates from official advisories and connected sources.
CVE-2024-57984
The CVE-2024-57984 entry concerns the Linux kernel i3c subsystem (dw_i3c_master). It describes a use-after-free caused by a race between the worker dw_i3c_hj_work and the cleanup path in dw_i3c_common_remove, which frees master->base after device_unreg/is removed. The connected advisory notes ...
CVE-2025-21695
Summary: CVE-2025-21695 relates to a race condition in the Linux kernel platform/x86 dell-uart-backlight, where dell_uart_bl_serdev_probe() opens the serdev device before initializing client ops. This can trigger a NULL pointer dereference in the serdev controller’s receive_buf handler when SERPO...
CVE-2025-22000
CVE-2025-22000 affects the Linux kernel. The flaw is in mm/huge_memory where, after splitting a folio for EOF, folio refs may not be fully dropped unless folio_put_refs(folio, folio_nr_pages(folio)) is used. This can cause a memory leak when the blocksize > page_size and truncation creates fol...
CVE-2025-22052
The CVE-2025-22052 issue affects the Linux kernel (staging gpib driver, ni_usb). It causes a NULL dereference Oops after a USB dongle disconnect because bus_interface is set to NULL; previously NULL checks existed only in select paths. The fix adds a NULL check for bus_interface across all interf...
CVE-2025-22067
Technical details about CVE-2025-22067 (affected products, versions, root cause, impact, or fixes) are not provided in the connected documents. Monitor for updates from official advisories and vulnerability feeds.
CVE-2025-22092
The CVE-2025-22092 issue affects the Linux kernel PCI/SR-IOV path. Root cause: NULL dereference when handling virtfn creation error paths and during device removal, caused by an error handling flow after pci_setup_device() fails. The fix adds pci_iov_scan_device() to manage virtfn allocation/setu...
CVE-2025-22112
CVE-2025-22112 affects the Linux kernel bnxt ethernet driver. The vulnerability arises from out-of-range access to the vnic_info array in bnxt_queue_start/stop where bp->nr_vnics is exceeded, allowing access to bp->vnic_info[bp->nr_vnics]. The issue is fixed in the publicly released comm...
CVE-2025-37806
CVE-2025-37806 affects Linux kernel fs/ntfs3 write path. A NULL pointer dereference can occur in __generic_file_write_iter when an ioctl clears the file’s compress flag during a write, causing is_compressed() to return 0 and the code to call the wrong AOP, leading to a null dereference in write_b...
CVE-2025-37821
The CVE-2025-37821 issue in the Linux kernel’s scheduler (eevdf) caused se->slice to be set to U64_MAX during a complex dequeue sequence, leading to a large, destabilizing vruntime/vlag mismatch and a potential crash. The root cause was that, when dequeuing a delayed group entity whose parent ...
CVE-2025-37904
CVE-2025-37904 affects the Linux kernel (btrfs) where a bug in btrfs_iget() can leak an inode if btrfs_alloc_path() fails, leaving a busy inode and triggering a kernel BUG in fs/super.c during unmount. The root cause is failure to release the previously allocated inode when btrfs_alloc_path() fai...
CVE-2025-38014
CVE-2025-38014 : In the Linux kernel’s dmaengine idxd subsystem, a removal path was refactored to use an idxd_cleanup() helper, which fixes code duplication and also corrects a missing put_device() for idxd groups, engines, and work queues. The vulnerability is described as a local-access issue w...
CVE-2025-38052
CVE-2025-38052 concerns the Linux kernel where a slab-use-after-free in net/tipc/crypto.c during tipc_aead_encrypt_done can occur after the tipc_crypto tx is freed when a namespace is deleted. The issue arises when simd_aead_encrypt is interrupted and crypto_simd_usable() returns false, allowing ...
CVE-2025-38219
CVE-2025-38219 affects the Linux kernel F2FS code path. The issue is a downgrade-related negative i_nlink scenario that could trigger a kernel warning; the vulnerability was resolved in the cited upstream code path (f2fs_i_links_write -> f2fs_drop_nlink -> f2fs_unlink), as shown in the conn...
CVE-2025-38280
CVE-2025-38280 affects the Linux kernel’s BPF/JIT path. When a BPF program is compiled with JIT and CONFIG_BPF_JIT_ALWAYS_ON is not set while bpf_jit_enable is 1, the arch may attempt JIT the program, fail due to FAULT_INJECTION, and incorrectly treat the program as valid, causing a WARN_ON_ONCE ...
CVE-2025-38464
CVE-2025-38464 affects the Linux kernel Tipc subsystem. The issue is a use-after-free in tipc_conn_close() that can occur when tipc_topsrv_stop() iterates tipc_net(net)->topsrv->conn_idr and calls tipc_conn_close() for each tipc_conn after releasing the IDR lock. If tipc_conn_recv_work() is...
CVE-2026-46275
CVE-2026-46275 affects the Linux kernel Bluetooth hci_uart subsystem, with Use-After-Free and race conditions in lifecycle teardown (init/close paths) that can trigger UAFs and NPDs when workqueues and protocol paths are torn down. The documented fix involves reordering ttys close handling (clear...
CVE-1999-0128
CVE-1999-0128 refers to a historic Ping of Death, where oversized ICMP echo packets can cause a denial of service. The initial entry and connected Red Hat/RedHat advisory records reiterate the same description without listing affected products, versions, root cause details, or exploitable vectors...
CVE-2007-2875
CVE-2007-2875 concerns an Integer underflow in cpuset_tasks_read of the Linux kernel when the cpuset filesystem is mounted. The issue affects kernels prior to 2.6.20.13 and 2.6.21.x prior to 2.6.21.4, allowing a local attacker to read kernel memory contents by supplying a large offset while readi...
CVE-2008-2931
The CVE-2008-2931 issue affects the Linux kernel (fs/namespace.c) prior to version 2.6.22, where do_change_type does not verify CAP_SYS_ADMIN, enabling a local user to gain privileges or cause a denial of service by modifying mountpoint properties. The vulnerability is documented across multiple ...
CVE-2008-3276
The CVE-2008-3276 flaw is an integer overflow in the Linux kernel’s DCCP stack (dccp_setsockopt_change in net/dccp/proto.c) affecting kernel versions 2.6.17-rc1 through 2.6.26.2. It allows remote attackers to trigger a denial of service (panic) via crafted Change L/Change R options when dccpsf_va...
CVE-2008-3525
Vulnerability (CVE-2008-3525) affects the Linux kernel 2.6.26.3 wan driver (sbni.c) where sbni_ioctl fails to perform CAP_NET_ADMIN checks before handling four ioctls (SIOCDEVRESINSTATS, SIOCDEVSHWSTATE, SIOCDEVENSLAVE, SIOCDEVEMANSIPATE). This permits a local user to bypass intended capability r...
CVE-2009-0029
This CVE affects the Linux kernel 2.6.28 and earlier on s390, powerpc, sparc64, and mips 64-bit platforms. The root cause is that a 32-bit user-space argument in a 64‑bit register was not verifiably sign-extended when passed to a system call, allowing local users to crash the kernel or potentiall...
CVE-2009-4141
CVE-2009-4141 is a local-privilege escalation in the Linux kernel (fs/fcntl.c: fasync_helper) where enabling O_ASYNC on a locked file and closing it can grant privileges. Affected: Linux kernel before 2.6.33-rc4-git1. Root cause: use-after-free in fasync_helper. Mitigation: apply the upstream pat...
CVE-2009-4895
CVE-2009-4895 describes a race condition in the Linux kernel's tty_fasync path (drivers/char/tty_io.c) prior to 2.6.32.6, enabling local users to cause a denial of service via a NULL pointer dereference and system crash. The issue is tied to put_tty_queue and __f_setown, with a note that it was a...
CVE-2010-1148
CVE-2010-1148 – Linux kernel vulnerability : The cifs_create function in fs/cifs/dir.c (affected in Linux kernel 2.6.33.2 and earlier) can be triggered by a POSIX file-creation request to a server that supports UNIX extensions when the nd field is a NULL nameidata. This can lead to a NULL pointer...
CVE-2010-3448
CVE-2010-3448 affects the Linux kernel’s ThinkPad ThinkPad ACPI driver (drivers/platform/x86/thinkpad_acpi.c) on ThinkPad systems using X.Org prior to 2.6.34. The issue allows a local attacker to access and manipulate the video output control state without proper restriction, enabling a denial of...
CVE-2011-0699
The CVE-2011-0699 entry affects the Linux kernel 2.6.37, where an integer signedness error in the btrfs_ioctl_space_info function can allow a local user to trigger a denial of service via a heap-based buffer overflow or potentially other impact through a crafted slot value. Affected component: ke...
CVE-2011-1012
CVE-2011-1012 affects the Linux kernel, in particular the LDM partition handling. The flaw lies in ldm_parse_vmdb in fs/partitions/ldm.c, which does not validate the VBLK size in the VMDB structure of an LDM partition table. A crafted partition table can trigger a divide-by-zero and cause a kerne...