CVE-2024-26652

CVE-2024-26652: Linux kernel net/pds_core fixes a possible double free in the error path when auxiliary_device_add() fails and later calls auxiliary_device_uninit(); the callback pdsc_auxbus_dev_release calls kfree(padev) and the patch removes the redundant kfree and moves error handling back to ...

CVE-2024-21803

CVE-2024-21803 is a Use-After-Free vulnerability in the Linux kernel’s Bluetooth code path (af_bluetooth.c) that allows Local code execution . The issue affects kernels from 2.6.12-rc2 up to but not including 6.8-rc1, with the vulnerable component being the Bluetooth modules in the kernel. The ro...

CVE-2024-26667

CVE-2024-26667 affects the Linux kernel DRM MSM DPU path: the vulnerability stems from dereferencing hw_pp in dpu_encoder_helper_phys_cleanup assuming validity. The fix adds a validity check for hw_pp before use, aligning with the commit 8b45a26f2ba9 and related patchwork note. Patch details show...

CVE-2024-35889

The CVE-2024-35889 entry concerns a Linux kernel vulnerability in the idpf driver where idpf_rx_process_skb_fields could return early for unknown packet types, causing the skb protocol not to be set and potentially triggering a kernel panic (notably when tcpdump is active). The underlying issue i...

CVE-2024-38554

CVE-2024-38554 describes a Linux kernel AX25 driver issue where a reference-count leak in the net_device object can occur in ax25_dev_device_down when shutting down the device. The leak happens because the reference count may be dropped one or zero times depending on control flow, leading to memo...

CVE-2024-39466

CVE-2024-39466 affects the Linux kernel: the qcom lmh thermal driver did not check SCM availability at probe, which could cause NULL pointer dereferences. The patch adds the SCM availability check during probe to prevent this; exploitation details are not provided in the available documents. The ...

CVE-2024-40969

CVE-2024-40969 (Linux kernel, f2fs) is confirmed to affect the f2fs shutdown path. The root cause is that shutdown does not verify the thaw error when the filesystem is read-only, which can lead to a deadlock during shutdown (via s b_start_write, set RO, and then thaw). The available connected do...

CVE-2024-44979

CVE-2024-44979 affects the Linux kernel: drm/xe component (xe_gt_pagefault) mishandled workqueue destruction, leading to potential memory retention on driver reload. A fix was applied to destroy the pagefault and access-counter workqueues, cherry-picked from commit 7586fc52b14e0b8edd0d1f8a434e0de...

CVE-2024-46862

CVE-2024-46862 pertains to the Linux kernel ASoC path for Intel soc-acpi-intel-mtl). The issue involved missing handling for an empty item in the snd_soc_acpi_link_adr array; the code tested !link->num_adr as a loop-ending condition, requiring an empty item in the array to terminate correctly....

CVE-2024-49984

CVE-2024-49984 : In the Linux kernel DRM/V3D, there was an out-of-bounds access bug in the performance query extensions. The issue arises from copying IDs when validating the number of perfmon userspace inputs for the copy and reset extensions; the kernel did not adequately bound-check the destin...

CVE-2024-50092

The CVE affects the Linux kernel netconsole code path. A warning is erroneously emitted when this_chunk equals zero in net: netconsole, instead of only when this_chunk is negative; userdata handling remains valid across iterations. This could mislead operators but the underlying userdata path is ...

CVE-2024-50204

CVE-2024-50204 affects the Linux kernel: during namespace copying, the code may call free_mnt_ns() to remove the new copy from the rbtree before the copy is actually added, leading to an invalid rbtree operation. The fix is to free the namespace skeleton directly after a successful copy, rather t...

CVE-2024-50270

CVE-2024-50270 targets the Linux kernel, specifically in mm/damon/core where damon_feed_loop_next_input() contains overflow-prone calculations (score_goal_diff_bp, compensation, etc.) related to a constant target score of 10,000. The fix rewrites the function to avoid overflows and removes the un...

CVE-2024-53225

The CVE-2024-53225 issue affects the Linux kernel IOMMU/tegra241-cmdqv path. A misconfiguration with PAGE_SIZE=4KB and CMA alignment could cause VM CMDQ alignment tests to fail, triggering a WARN_ON in arm-smmu-v3.c during queue initialization (arm_smmu_init_one_queue). The root cause is an align...

CVE-2024-56564

Technical details for CVE-2024-56564 are not publicly provided in the supplied documents. Please monitor for updates from the vendor/security advisories.

CVE-2025-21949

CVE-2025-21949: LoongArch Linux kernel vulnerability in hugetlb mmap base address alignment. The issue occurred when the base address allocated from hugetlbfs was not aligned to the PMD size, triggering a kernel BUG in mm/hugetlb.c. A patch was added to check hugetlbfs mappings and align the mmap...

CVE-2025-22084

CVE-2025-22084 : In the Linux kernel, a NULL pointer dereference can occur in the serdev path due to a race: w1_uart_probe() calls w1_uart_serdev_open() (which includes devm_serdev_device_open()) before configuring client ops with serdev_device_set_client_ops(), causing serdev->ops to be unini...

CVE-2025-22112

CVE-2025-22112 affects the Linux kernel bnxt ethernet driver. The vulnerability arises from out-of-range access to the vnic_info array in bnxt_queue_start/stop where bp->nr_vnics is exceeded, allowing access to bp->vnic_info[bp->nr_vnics]. The issue is fixed in the publicly released comm...

CVE-2025-37745

CVE-2025-37745 : Linux kernel vulnerability in the hibernate subsystem where a write to /sys/module/hibernate/parameters/compressor could deadlock with ieee80211 device registration. The root cause is a potential deadlock involving system_transition_mutex held under param_lock in hibernate_compre...

CVE-2025-37806

CVE-2025-37806 affects Linux kernel fs/ntfs3 write path. A NULL pointer dereference can occur in __generic_file_write_iter when an ioctl clears the file’s compress flag during a write, causing is_compressed() to return 0 and the code to call the wrong AOP, leading to a null dereference in write_b...

CVE-2025-38052

CVE-2025-38052 concerns the Linux kernel where a slab-use-after-free in net/tipc/crypto.c during tipc_aead_encrypt_done can occur after the tipc_crypto tx is freed when a namespace is deleted. The issue arises when simd_aead_encrypt is interrupted and crypto_simd_usable() returns false, allowing ...

CVE-2025-38072

CVE-2025-38072 affects the Linux kernel in the libnvdimm/labels component. A faulty CXL memory device can report a zero LSA size, causing config_size to be zero and leading to max_xfer being zero. This triggers a division by zero in the nd_label_data_init/label handling flow (divide error in libn...

CVE-2025-38103

CVE-2025-38103 relates to the Linux kernel HID path (usbhid). The issue, described in connected sources, is an out-of-bounds bug in usbhid_parse() that could arise from HID descriptor handling. The fix updates the HID descriptor struct to align with USB HID 1.11 (reflecting mandatory vs. optional...

CVE-2025-38220

CVE-2025-38220 affects the Linux kernel ext4 subsystem. The vulnerability occurs when processing an orphan-list symlink inode during truncation; partial block zeroing calls ext4_dirty_journalled_data() which invokes folio_mark_dirty() via mapping->a_ops->dirty_folio(), but symlink inodes la...

CVE-2025-38342

CVE-2025-38342 affects the Linux kernel; it stems from an out-of-bounds check in software_node_get_reference_args(), which may cause OOB access when reading the @index-th element due to a length check that can’t be guaranteed. The fix replaces the check with ((index + 1) * sizeof(*ref) > prop-...

CVE-2025-38471

CVE-2025-38471 affects the Linux kernel TLS path. A bug in TLS where the code may operate on an old skb during queue decrypt-state checks can lead to a use-after-free (observed in tls_strp_check_rcv). The issue arises after net-next TCP changes that compact skbs more aggressively, triggering the ...

CVE-2003-0961

CVE-2003-0961: An integer overflow in the Linux kernel do_brk function (brk syscall) affects Linux kernels 2.4.22 and earlier, enabling local users to gain root privileges. The description notes local privilege escalation but the supplied documents do not publish a specific fixed version patch or...

CVE-2005-0003

CVE-2005-0003 affects 64‑bit Linux kernel 2.6 before 2.6.10. The issue is in 64‑bit ELF support where overlapping VMA allocations are not properly checked, enabling local attackers to crash the system (denial of service) or run arbitrary code via a crafted ELF or a.out. Affected component: kernel...

CVE-2006-2444

CVE-2006-2444 affects the Linux kernel SNMP NAT Netfilter processing. The vulnerability in snmp_trap_decode (kernel = 2.6.16.18) or applying vendor patches where applicable. No additional exploitation details are provided in the documents.

CVE-2006-3626

CVE-2006-3626 is a local-privilege-escalation flaw in the Linux kernel (affected: 2.6.17.4 and earlier) caused by a race in the proc filesystem via prctl(PR_SET_DUMPABLE) that can set /proc/self/environ to setuid root. Exploitation would require local access and is not described as remote. The is...

CVE-2007-3105

CVE-2007-3105 affects the Linux kernel before 2.6.22, where a stack-based buffer overflow in the RNG can be triggered by setting the default wakeup threshold larger than the output pool size. This may allow local root users to cause a denial of service or gain privileges due to the pool transfer ...

CVE-2007-4571

CVE-2007-4571 affects the ALSA portion of the Linux kernel before 2.6.22.8. The snd_mem_proc_read function in sound/core/memalloc.c does not return the correct write size, enabling a local user to read kernel memory contents via a small count argument (demonstrated by reading /proc/driver/snd-pag...

CVE-2008-2931

The CVE-2008-2931 issue affects the Linux kernel (fs/namespace.c) prior to version 2.6.22, where do_change_type does not verify CAP_SYS_ADMIN, enabling a local user to gain privileges or cause a denial of service by modifying mountpoint properties. The vulnerability is documented across multiple ...

CVE-2008-3525

Vulnerability (CVE-2008-3525) affects the Linux kernel 2.6.26.3 wan driver (sbni.c) where sbni_ioctl fails to perform CAP_NET_ADMIN checks before handling four ioctls (SIOCDEVRESINSTATS, SIOCDEVSHWSTATE, SIOCDEVENSLAVE, SIOCDEVEMANSIPATE). This permits a local user to bypass intended capability r...

CVE-2010-4650

The CVE-2010-4650 issue affects the Linux kernel’s fuse_do_ioctl in fs/fuse/file.c, where a buffer overflow could be exploited by a CUSE server to achieve local denial of service or potential other impact. Multiple connected sources confirm a fix in kernel 2.6.37 and note that exploitation requir...

CVE-2011-1581

CVE-2011-1581 affects the Linux kernel bonding driver (drivers/net/bonding/bond_main.c). When a network device with many receive queues is installed and the default tx_queues is used, the code fails to properly constrain queue indexes, enabling a remote attacker to cause a denial of service or sy...

CVE-2012-5517

CVE-2012-5517 is referenced in multiple advisories. The connected documents confirm a vulnerability in the Linux kernel before 3.6 where the online_pages function in mm/memory_hotplug.c can be abused by local users to cause a denial of service via a NULL pointer dereference when memory hot-added ...

CVE-2013-2146

CVE-2013-2146 affects the Linux kernel (pre-3.8.9) in the x86 Perf Event subsystem. The vulnerable component is arch/x86/kernel/cpu/perf_event_intel.c, which uses an incorrect bitmask when the Performance Events Subsystem is enabled. Under this condition, a local user can trigger a denial of serv...

CVE-2013-2635

The CVE-2013-2635 issue affects the Linux kernel’s rtnetlink path: rtnl_fill_ifinfo in net/core/rtnetlink.c does not initialize a structure member, enabling a local attacker to read kernel stack memory. The vulnerability is associated with Linux kernel versions prior to 3.8.4; the documented fix ...

CVE-2013-3224

The CVE-2013-3224 issue affects the Linux kernel’s Bluetooth path: bt_sock_recvmsg in net/bluetooth/af_bluetooth.c before 3.9-rc7 does not fully initialize a length variable, enabling local attackers to leak sensitive data from kernel stack memory via crafted recvmsg/recvfrom calls. Impact is inf...

CVE-2014-7283

The vulnerability CVE-2014-7283 affects the Linux kernel xfs implementation: xfs_da3_fixhashpath in fs/xfs/xfs_da_btree.c fails to compare btree hash values correctly, before 3.14.2. This can allow local users to trigger filesystem corruption and OOPs/panic via operations on directories with hash...

CVE-2015-3291

CVE-2015-3291 concerns the Linux kernel before 4.1.6 on the x86_64 platform. The issue is that nested NMI processing is not properly detected, allowing a local attacker to trigger a denial of service (skipped NMI) by manipulating the rsp register, issuing a syscall, and triggering an NMI. Affecte...

CVE-2015-3332

CVE-2015-3332 affects the Linux kernel TCP Fast Open code before 3.18, where a count is not correctly maintained, allowing a local user to crash the system (DoS) via the Fast Open feature. Demonstrated on certain 3.10.x–3.16.x kernels by visiting chrome://flags/#enable-tcp-fast-open. The issue is...

CVE-2017-18549

CVE-2017-18549 affects the Linux kernel component drivers/scsi/aacraid/commctrl.c in versions prior to 4.13. The root cause is that aac_send_raw_srb does not initialize the reply structure, which can lead to exposure of kernel stack memory. The connected Nessus entries (Unity Linux advisories) re...

CVE-2017-6874

The CVE-2017-6874 entry corresponds to a Linux kernel race condition in kernel/ucount.c (through 4.10.2). The vulnerability allows local users to trigger a denial of service (use-after-free and system crash) via crafted system calls that affect the interaction between put_ucounts and get_ucounts....

CVE-2019-9857

CVE-2019-9857 affects the Linux kernel up to 5.0.2: inotify_update_existing_watch() in fs/notify/inotify/inotify_user.c omits calling fsnotify_put_mark() with IN_MASK_CREATE after fsnotify_find_mark(), causing a memory leak (refcount leak) and ultimately a denial of service. The connected Nessus/...

CVE-2021-47102

CVE-2021-47102 pertains to the Linux kernel marvell prestera code. The issue is a faulty structure access in prestera: upper = info->upper_dev; this field is only valid for specific notifiers (e.g., NETDEV_CHANGEUPPER). For other events, this can read info->upper_dev beyond its valid contex...

CVE-2021-47116

CVE-2021-47116 concerns the Linux kernel ext4 memory leak. According to the primary description, the vulnerability is triggered when memory leaks on the error path of ext4_mb_init_backend, occurring if a filesystem is corrupted with an illegally large s_log_groups_per_flex. The issue is resolved ...

CVE-2021-47123

CVE-2021-47123 concerns a Linux kernel use-after-free risk caused by an io_uring timeout path: a double free can occur if a linked timeout is not removed from the master request link list, potentially leading to use-after-free scenarios. The description states the fix is to always remove linked t...

CVE-2021-47137

CVE-2021-47137 affects the Linux kernel in the net/lantiq RX ring handling. When memory allocation or DMA mapping fails, an invalid address can be programmed into the RX descriptor, causing memory corruption. The fix updates the RX path to drop/reuse skb mappings appropriately and increments the ...