CVE-2023-52506

CVE-2023-52506 affects the Linux kernel on LoongArch. Root cause: early memblock_reserve() during memblock_init sets node id to MAX_NUMNODES, causing NODE_DATA(nid) NULL dereferences in reserve_bootmem_region() and chain calls, triggering a kernel panic on boot when DEFERRED_STRUCT_PAGE_INIT is e...

CVE-2023-52738

The CVE-2023-52738 issue concerns a Linux kernel AMDGPU fence driver bug where drm_sched_fini() was invoked without a successful drm_sched_init(), causing a crash (NULL dereference) during Steam Deck device probing. The root cause is non-matching init/fini sequencing for drm_sched; the fix adds a...

CVE-2023-52838

CVE-2023-52838 – Linux kernel fbdev: imsttfb resource leak (probe) . The issue arises when init_imstt() fails and the code does not call iounmap(par->cmap_regs), leading to a resource leak in probe. The vulnerability is addressed by rewriting the error handling to ensure iounmap(par->cmap_r...

CVE-2023-53141

CVE-2023-53141 is a Linux kernel vulnerability described in the Unity/Nessus materials. The issue is in ila_xlat_nl_cmd_get_mapping() for IPv6 ila (used by netlink): it can generate an empty skb, which would trigger a sanity check. The fix is to return an error code instead of generating an empty...

CVE-2024-26789

CVE-2024-26789 concerns the Linux kernel crypto path for ARM64 AES-CTR. The bit-sliced NEON implementation could perform out-of-bounds reads when processing short inputs or tail blocks that do not align to 128-byte blocks, because it would jump into the plain NEON helper which handles memory in 1...

CVE-2024-26796

The CVE-2024-26796 vulnerability affects the Linux kernel perf subsystem on RISCV with the PMU legacy path. The root cause is that the ctr_get_width function was not defined for the legacy configuration (CONFIG_RISCV_PMU_LEGACY=y, CONFIG_RISCV_PMU_SBI=n), causing a NULL pointer dereference in per...

CVE-2024-26910

CVE-2024-26910 – Linux kernel netfilter ipset swap operation is fixed by patch 28628fa9, which resolves a race between swap/destroy and kernel side add/del/test. The issue arose because a synchronize_rcu() added to the swap path slowed it down; the patch moves the synchronization to destroy and u...

CVE-2024-26912

The connected Nessus entry for CVE-2024-26912 provides concrete details: in the Linux kernel, the Nouveau driver leaked several GSP-RM DMA buffers (nvkm_gsp_mem objects) that were never deallocated. Some buffers could be freed soon after GSP-RM initialization, while others remained until driver u...

CVE-2024-35841

CVE-2024-35841 describes a Linux kernel vulnerability in the TLS path (net: tls) related to splice handling with MSG_SPLICE_PAGES. The issue occurs when moving user pages from msg to msg_pl; if more pages are added than MAX_MSG_FRAGS and the MORE flag is used, the code can attempt to re-fill a fu...

CVE-2024-35903

The CVE-2024-35903 entry: In the Linux kernel, x86/bpf: Fix IP after emitting call depth accounting. The issue adjusts the IP passed to emit_patch to compute the correct offset for a CALL when x86_call_depth_emit_accounting emits code; without this, instructions may be skipped and the system coul...

CVE-2024-35914

CVE-2024-35914 : In the Linux kernel, the nfsd rename error cleanup path could fail to drop the remount protection after taking an error bail-out, potentially leaving remount protection enabled and risking a deadlock. The cleanup path has been updated to properly drop the remount protection. Affe...

CVE-2024-35916

CVE-2024-35916 affects the Linux kernel: a NULL pointer dereference in the dma-buf sanitycheck() path when mock_chain() returns NULL due to allocation failure. The fix is to call dma_fence_enable_sw_signaling() only if mock_chain() succeeds. Affected products/versions are not listed in the initia...

CVE-2024-42066

CVE-2024-42066: Linux kernel drm/xe fix for potential integer overflow in page size calculation. The vulnerability arises when computing min_page_size, addressed by explicitly casting tbo->page_alignment to a 64-bit type before performing the bit-shift. This prevents overflow during assignment...

CVE-2024-42091

CVE-2024-42091 — Linux kernel, module: drm/xe. The issue arose when dumping PAT settings via debugfs without validating pat.ops, allowing a null or unset pat.ops pointer to be used, which could lead to a denial/Not-Provided detail? (NPD) scenario. The fixed behavior patches the code to check the ...

CVE-2024-42144

In CVE-2024-42144, the Linux kernel vulnerability is in thermal/drivers/mediatek/lvts_thermal where lvts_data could be NULL. The root cause is a NULL pointer dereference; the fix adds a check that lvts_data is not NULL before use, mitigating a potential availability impact. Affected component: Li...

CVE-2024-42317

The CVE-2024-42317 issue affects the Linux kernel mm/huge_memory path on ARM64 with 64KB base pages. It stems from xarray not supporting arbitrary page cache sizes beyond MAX_PAGECACHE_ORDER, which can allow a 512 MB page cache in the collapsing path and triggers a warning when splitting an xarra...

CVE-2024-45017

CVE-2024-45017 concerns the Linux kernel mlx5 IPsec RoCE functionality. A fix was implemented to prevent a call trace when creating IPsec over a slave device if the master does not support IPsec. The vulnerability path involves mlx5_ipsec_fs_roce_tx_destroy and related xfrm state destruction, lea...

CVE-2024-46792

CVE-2024-46792 is a Linux kernel issue where riscv misalignment allowed userspace to access arbitrary kernel memory because raw_copy_to_user and raw_copy_from_user skip access_ok checks. The initial description notes this was resolved in the kernel. Connected documents corroborate this vulnerabil...

CVE-2024-46838

CVE-2024-46838 affects the Linux kernel. The issue arises in userfaultfd when khugepaged yanks a page table, where previous BUG_ON() checks were incorrect after allowing retracting page tables in file mappings without the mmap lock. The fix removes these BUG_ON()s (and associated early block) to ...

CVE-2024-46850

CVE-2024-46850 – Linux kernel drm/amd/display race condition : The issue arises in dcn35_set_drr() when the DC state’s resource context is nulled by dc_state_destruct() while an IRQ path uses the timing generator. The documented root cause is a race where nulling happens after a NULL check, poten...

CVE-2024-56695

CVE-2024-56695 affects the Linux kernel’s AMDGPU/KFD subsystem. The vulnerability arose from a large local cu_occupancy array in kfd_get_cu_occupancy(), risking stack overflow when AMDGPU_MAX_QUEUES is large. The fix replaces the static stack allocation with dynamic memory via kcalloc and ensures...

CVE-2024-57984

The CVE-2024-57984 entry concerns the Linux kernel i3c subsystem (dw_i3c_master). It describes a use-after-free caused by a race between the worker dw_i3c_hj_work and the cleanup path in dw_i3c_common_remove, which frees master->base after device_unreg/is removed. The connected advisory notes ...

CVE-2025-21695

Summary: CVE-2025-21695 relates to a race condition in the Linux kernel platform/x86 dell-uart-backlight, where dell_uart_bl_serdev_probe() opens the serdev device before initializing client ops. This can trigger a NULL pointer dereference in the serdev controller’s receive_buf handler when SERPO...

CVE-2025-21798

CVE-2025-21798 concerns the Linux kernel FireWire kunit test. The vulnerability arises when kunit_kzalloc() returns NULL and test_state is dereferenced without a NULL check, potentially causing a NULL pointer dereference. A fix adds a NULL check for test_state to prevent dereferencing a NULL poin...

CVE-2025-22000

CVE-2025-22000 affects the Linux kernel. The flaw is in mm/huge_memory where, after splitting a folio for EOF, folio refs may not be fully dropped unless folio_put_refs(folio, folio_nr_pages(folio)) is used. This can cause a memory leak when the blocksize > page_size and truncation creates fol...

CVE-2025-37821

The CVE-2025-37821 issue in the Linux kernel’s scheduler (eevdf) caused se->slice to be set to U64_MAX during a complex dequeue sequence, leading to a large, destabilizing vruntime/vlag mismatch and a potential crash. The root cause was that, when dequeuing a delayed group entity whose parent ...

CVE-2025-37876

The CVE-2025-37876 vulnerability affects the Linux kernel netfs subsystem. When CONFIG_NETFS_SUPPORTS=y is set but CONFIG_PROC_FS=n, netfs_init() can create /proc/fs/netfs, causing a kernel oops/BUG in mm/mempool.c and a crash. Root cause: /proc/fs/netfs is created without CONFIG_PROC_FS. Remedia...

CVE-2025-37904

CVE-2025-37904 affects the Linux kernel (btrfs) where a bug in btrfs_iget() can leak an inode if btrfs_alloc_path() fails, leaving a busy inode and triggering a kernel BUG in fs/super.c during unmount. The root cause is failure to release the previously allocated inode when btrfs_alloc_path() fai...

CVE-2025-37951

CVE-2025-37951 affects the Linux kernel DRM/V3D path. When a CL/CSD job times out, if the GPU progressed, the kernel may skip the reset, keeping the job running; however, timedout_job() removes the job from the pending list, so it may not be freed, causing a memory leak. A patch adds the job back...

CVE-2025-37964

CVE-2025-37964 affects the Linux kernel’s x86/mm path, specifically a window during mm switching where an IPITLB flush could be suppressed. The root cause: should_flush_tlb() could skip TLB flushes between load_new_mm_cr3() and writing loaded_mm, in a window labeled LOADED_MM_SWITCHING. The fix: ...

CVE-2025-38014

CVE-2025-38014 : In the Linux kernel’s dmaengine idxd subsystem, a removal path was refactored to use an idxd_cleanup() helper, which fixes code duplication and also corrects a missing put_device() for idxd groups, engines, and work queues. The vulnerability is described as a local-access issue w...

CVE-2025-38022

The CVE-2025-38022 issue resides in the Linux kernel RDMA/core where KASAN reports a slab-use-after-free Read in ib_register_device. Root cause: ib_device_rename() renames the device name under a lock while kobject_uevent() accesses the name without lock protection, leading to a race. The fix is ...

CVE-2025-38037

The CVE-2025-38037 issue affects the Linux kernel’s VXLAN FDB handling. The root cause is a data race where the FDB entry’s fields used and updated may be concurrently accessed by multiple threads, triggering KCSAN reports in vxlan_xmit paths. The fix is to annotate these accesses with READ_ONCE(...

CVE-2025-38064

Vulnerability context: CVE-2025-38064 affects the Linux kernel virtio subsystem, notably virtio-console. Root cause: virtio-console may continue writing to MMIO after the underlying virtio-pci device has been reset during device_shutdown, with IOMMU resets ordering contributing to guest memory ac...

CVE-2025-38085

CVE-2025-38085 affects the Linux kernel mm/hugetlb logic, specifically the race between huge_pmd_unshare() and GUP-fast. The vulnerability arises when huge_pmd_unshare() drops a reference on a page table that may have been shared across processes, creating a page table that can be used by another...

CVE-2025-38086

CVE-2025-38086 involves a Linux kernel vulnerability in net/ch9200 where mii_nway_restart() can trigger an uninitialised access through ch9200_mdio_read() due to not checking control_read() return value. The bug stems from an uninitialised local buffer (buff) being accessed when control_read() do...

CVE-2025-38163

CVE-2025-38163: A fault in the Linux kernel’s F2FS truncation path caused a kernel BUG due to an inconsistent sbi->total_valid_block_count versus mapped blocks, potentially leading to a crash/denial of service. The issue is in f2fs: with sbi->total_valid_block_count not matching inode-index...

CVE-2025-38200

Technical details about CVE-2025-38200 are not provided in the supplied documents. The initial entry mentions a Linux kernel MMIO underflow fix but contains no product/vendor/version specifics beyond kernel change. Monitor for updates.

CVE-2025-38226

CVE-2025-38226 targets the Linux kernel, specifically the media/v4l2-tpg path used by vivid. The issue is a KASAN-detected vmalloc-out-of-bounds access in tpg_fill_plane_pattern and tpg_fill_plane_buffer (v4l2-tpg-core.c:2608 and 2705), causing a write of size 1440 to a kernel address during vivi...

CVE-2025-38349

The CVE-2025-38349 entry concerns a Linux kernel eventpoll use-after-free risk due to dropping the epoll refcount while the ep mutex is still held. Description and related details explain that incrementing/decrementing the ep refcount in the wrong order combined with unlock timing can allow a con...

CVE-2025-38415

CVE-2025-38415 is a Linux kernel vulnerability affecting Squashfs where sb_min_blocksize(sb, SQUASHFS_DEVBLK_SIZE) can return 0, causing msblk->devblksize to be 0 and leading to an out-of-bounds shift (64) in msblk->devblksize_log2. The issue stems from not handling a 0 return from sb_min_b...

CVE-2025-38461

CVE-2025-38461 : In the Linux kernel, a TOCTOU race was introduced around vsock transport assignment where a new_transport could become a stale pointer if a module is unloaded concurrently. The fix protects the transport from racing with module unload by adding synchronization around new_transpor...

CVE-2025-38498

CVE-2025-38498 affects the Linux kernel and concerns do_change_type(): the code now refuses to operate on unmounted or not-our mounts. The fix ensures that propagation settings can only be changed for mounts located in the caller’s mount namespace, aligning permission checking with the rest of mo...

CVE-2025-40364

CVE-2025-40364 : In the Linux kernel, the io_uring path titled “io_req_prep_async with provided buffers” has been resolved. The issue allowed io_req_prep_async() to import provided buffers and then commit the ring state by giving up on that path, with the buffers potentially being reimported late...

CVE-1999-0128

CVE-1999-0128 refers to a historic Ping of Death, where oversized ICMP echo packets can cause a denial of service. The initial entry and connected Red Hat/RedHat advisory records reiterate the same description without listing affected products, versions, root cause details, or exploitable vectors...

CVE-2004-0394

CVE-2004-0394 concerns a potential buffer overflow in the panic() function of Linux 2.4.x. The description explicitly indicates a possible overflow, but notes it may not be exploitable due to the function’s behavior. The connected OpenVAS entries reference this CVE among broader kernel advisories...

CVE-2004-0497

CVE-2004-0497 describes a local privilege escalation in the Linux kernel 2.x family (notably 2.4/2.6-rc3) due to missing DAC controls in sys_chown, enabling a local user to modify the group ownership of files (including NFS-exported files) they do not own. The underlying issue allows changing fil...

CVE-2005-0001

CVE-2005-0001 describes a race condition in the Linux kernel page fault handler (fault.c) that affects multiprocessor systems. Affected kernel lines include 2.2.x to 2.2.7, 2.4 up to 2.4.29, and 2.6 up to 2.6.10. The vulnerability enables local attackers to execute arbitrary code by exploiting co...

CVE-2005-0756

CVE-2005-0756 affects Linux kernel 2.6.8.1 on the amd64 platform, where ptrace() does not properly verify addresses, allowing a local attacker to crash the kernel (denial of service). The issue is reiterated across multiple advisories (Red Hat/CentOS RHSA-2005:514, Debian DSA-922/DSA-921, etc.), ...

CVE-2006-4145

CVE-2006-4145 affects the Linux kernel UDF filesystem driver (2.6.17 and earlier). The issue allows a local user to trigger a hang or crash by performing operations on truncated files (illustrated via dd). Public documents in connected feeds confirm this CVE and indicate that updated kernel packa...