14403 matches found
CVE-2021-47504
CVE-2021-47504 affects the Linux kernel io_uring cancel path. If a canceled work item also requires task_work processing, the item could sleep uninterruptibly in io_uring_cancel_generic() and never complete, blocking forward progress. The fix is within io_uring handling to ensure task_work runs d...
CVE-2021-47537
CVE-2021-47537 affects the Linux kernel in the octeontx2-af component, where in rvu_mbox_init() the mbox_regions pointer could be leaked on the switch-default path. The bug was a memory leak due to not freeing or returning the regions, and it is fixed by replacing a plain return err with a goto f...
CVE-2022-48846
CVE-2022-48846 affects the Linux kernel block layer. The root cause was a memory leak in rq QoS structures added by blkcg_init_queue() when a request queue could lack a disk (e.g., unpresent SCSI LUNs or NVMe admin queue) after a patch moved rq_qos_exit() into del_gendisk(). The fix restores prop...
CVE-2025-38200
Technical details about CVE-2025-38200 are not provided in the supplied documents. The initial entry mentions a Linux kernel MMIO underflow fix but contains no product/vendor/version specifics beyond kernel change. Monitor for updates.
CVE-2025-38239
CVE-2025-38239 affects the Linux kernel megaraid_sas driver. On systems with DRAM interleave enabled, an out-of-bounds access can occur due to an invalid node index in megasas_alloc_irq_vectors during megaraid_sas probing, which triggers UBSAN reports (array-index-out-of-bounds in topology.h: ind...
CVE-2025-38338
CVE-2025-38338 is a Linux kernel vulnerability affecting NFS read paths. A double-unlock in fs/nfs/read during truncation can cause a deadlock because folio_unlock() may be called twice, incorrectly clearing the PG_locked flag. This can lead to warnings in netfs_read_collection or to processes wa...
CVE-2025-38373
CVE-2025-38373 concerns the Linux kernel’s mlx5_ib MR deregistration deadlock. The description shows a flow where holding the mutex umem_mutex during dereg_mr() can lead kzalloc() to trigger reclaim paths (fs_reclaim, mmu_notifier_invalidate_range_start), which in turn calls mlx5_ib_invalidate_ra...
CVE-2003-0961
CVE-2003-0961: An integer overflow in the Linux kernel do_brk function (brk syscall) affects Linux kernels 2.4.22 and earlier, enabling local users to gain root privileges. The description notes local privilege escalation but the supplied documents do not publish a specific fixed version patch or...
CVE-2005-0003
CVE-2005-0003 affects 64‑bit Linux kernel 2.6 before 2.6.10. The issue is in 64‑bit ELF support where overlapping VMA allocations are not properly checked, enabling local attackers to crash the system (denial of service) or run arbitrary code via a crafted ELF or a.out. Affected component: kernel...
CVE-2005-0756
CVE-2005-0756 affects Linux kernel 2.6.8.1 on the amd64 platform, where ptrace() does not properly verify addresses, allowing a local attacker to crash the kernel (denial of service). The issue is reiterated across multiple advisories (Red Hat/CentOS RHSA-2005:514, Debian DSA-922/DSA-921, etc.), ...
CVE-2006-2444
CVE-2006-2444 affects the Linux kernel SNMP NAT Netfilter processing. The vulnerability in snmp_trap_decode (kernel = 2.6.16.18) or applying vendor patches where applicable. No additional exploitation details are provided in the documents.
CVE-2007-1496
CVE-2007-1496 affects nfnetlink_log in the Linux kernel prior to 2.6.20.3. The issue is triggered via netfilter’s nfnetlink path (nfulnl_recv_config) when handling netlink messages, including cases with multiple packets per netlink message and bridged packets, leading to a NULL pointer dereferenc...
CVE-2010-3448
CVE-2010-3448 affects the Linux kernel’s ThinkPad ThinkPad ACPI driver (drivers/platform/x86/thinkpad_acpi.c) on ThinkPad systems using X.Org prior to 2.6.34. The issue allows a local attacker to access and manipulate the video output control state without proper restriction, enabling a denial of...
CVE-2010-4563
The Connected documents provide concrete detail for CVE-2010-4563: when the Linux kernel handles IPv6, an attacker can probe for sniffing by sending an ICMPv6 Echo Request to a multicast address and observing whether an Echo Reply is returned (as shown by thcping). This affects the Linux kernel’s...
CVE-2010-4805
CVE-2010-4805 affects the Linux kernel socket backlog handling in net/core/sock.c prior to 2.6.35, allowing remote DoS via large traffic (backlog management related to sk_add_backlog and sk_rmem_alloc). The entry notes this vulnerability exists due to an incomplete fix for CVE-2010-4251. The conn...
CVE-2012-0028
CVE-2012-0028 affects the Linux kernel’s futex implementation prior to version 2.6.28. The root cause is that processes executing an exec can write to memory in a child process due to improper futex handling, potentially allowing local users to cause a denial of service or to gain privileges. The...
CVE-2012-6549
The CVE-2012-6549 entry concerns the Linux kernel vulnerability where isofs_export_encode_fh in fs/isofs/export.c did not initialize a structure member, allowing local attackers to read sensitive data from kernel heap memory via a crafted application. Affected: Linux kernel versions prior to 3.6....
CVE-2013-0216
CVE-2013-0216 refers to the Xen netback vulnerability in the Linux kernel prior to 3.7.8. Guest OS users could trigger ring-pointer corruption to cause a denial of service (loop). The linked connected documents ( MiracleLinux AXSA-2013-452:04 and Unity Linux advisories) explicitly list CVE-2013-0...
CVE-2013-1797
CVE-2013-1797 describes a use-after-free in arch/x86/kvm/x86.c of the Linux kernel up to version 3.8.4. The issue allows a guest OS user to trigger a GPA-related path during an MSR_KVM_SYSTEM_TIME kvm_set_msr_common operation, potentially causing host memory corruption and a denial of service, wi...
CVE-2013-3224
The CVE-2013-3224 issue affects the Linux kernel’s Bluetooth path: bt_sock_recvmsg in net/bluetooth/af_bluetooth.c before 3.9-rc7 does not fully initialize a length variable, enabling local attackers to leak sensitive data from kernel stack memory via crafted recvmsg/recvfrom calls. Impact is inf...
CVE-2016-5340
CVE-2016-5340 is tied to a vulnerability in the KGSL Linux Graphics Module exposed by a QuIC Android patch for Linux kernel 3.x. The issue arises from the function is_ashmem_file in drivers/staging/android/ashmem.c, where pointer validation is mishandled. This design flaw can allow an attacker to...
CVE-2016-6187
CVE-2016-6187 : The Linux kernel before 4.6.5 contains a vulnerability in the AppArmor LSM path. The function apparmor_setprocattr in security/apparmor/lsm.c does not validate the buffer size, enabling a local user to gain privileges by triggering a setprocattr hook. This is a local privilege-esc...
CVE-2017-6874
The CVE-2017-6874 entry corresponds to a Linux kernel race condition in kernel/ucount.c (through 4.10.2). The vulnerability allows local users to trigger a denial of service (use-after-free and system crash) via crafted system calls that affect the interaction between put_ucounts and get_ucounts....
CVE-2021-47117
Technical details about CVE-2021-47117 are not provided in the connected documents. The initial description mentions ext4/extents_status and a kernel patch, but no explicit vendor/product/version mappings or remediation specifics are given in the supplied sources.
CVE-2021-47122
CVE-2021-47122 refers to a Linux kernel issue in the CAIF stack where, on caif_enroll_dev() failure, the allocated link_support was not assigned to the target structure, leading to a memory leak in caif_device_notify. The fix adds a safe deallocation path to free the allocated pointer when an err...
CVE-2021-47314
CVE-2021-47314 refers to a Linux kernel issue in the fsl_ifc memory handling: on probe failure the driver could leak private memory. The connected Astra/OpenVAS/Nessus advisories reproduce that the fix was to switch to resource-managed allocation to free memory when probe errors occur, mitigating...
CVE-2021-47355
CVE-2021-47355 relates to the Linux kernel ATM nicstar driver. The issue is a use-after-free in nicstar_cleanup() caused by removing a timer with del_timer() instead of del_timer_sync(), which may allow the timer handler to still run after the device removal. The fix ensures the timer finishes an...
CVE-2021-47365
The CVE-2021-47365 issue affects Linux kernel afs: a loop in afs_extend_writeback() could leak pages when expanding a writeback, due to removing the cleanup loop after switching from find_get_pages_contig() to xarray scanning. The fix adds an early-break handling that places the page on a referen...
CVE-2021-47431
The CVE affects the Linux kernel DRM AMDGPU: gart.bo pin_count leak due to gmc_v{9,10}_0_gart_disable() not being paired with gart_enable in SR-IOV. A fix has been applied in the kernel; impact is pin_count leak on driver unload. Dereferenced details are taken from connected advisories (Unity Lin...
CVE-2021-47480
CVE-2021-47480 affects the Linux kernel SCSI subsystem. The issue arises when releasing a SCSI host: the low-level device driver (LLD) module could be unloaded before the SCSI host is fully released, because shost->hostt is needed during release, leading to a kernel panic (BUG: unable to handl...
CVE-2021-47499
CVE-2021-47499 – Linux kernel, iio: accel: kxcjk-1013 : The issue was a memory leak in the probe path for iio_triggered_buffer_setup, caused when ACPI type is ACPI_SMO8500 and data->dready_trig was not set, preventing freeing of allocated memory. The root cause is the probe-path logic leaving ...
CVE-2021-47500
The CVE-2021-47500 issue affects the Linux kernel IIO mma8452 driver. The driver assigned a trigger to the IIO device without first obtaining a reference, which allowed the trigger to be freed during use and caused a use-after-free. The documented fix is to obtain a reference to the trigger befor...
CVE-2021-47651
Summary : CVE-2021-47651 involves the Linux kernel driver path soc: qcom: rpmpd, where data->domains could be NULL if an allocation fails. The vulnerability stems from not validating a possible NULL return from devm_kcalloc, risking a NULL pointer dereference later. The public description indi...
CVE-2022-48654
The CVE-2022-48654 entry concerns a Linux kernel netfilter issue: nfnetlink_osf (nf_osf_find) could incorrectly return true on a mismatch, causing copying of uninitialized memory in nft_osf and leaking stale kernel stack data to userspace. Connected Astra Linux advisory mirrors this vulnerability...
CVE-2022-48673
CVE-2022-48673 affects the Linux kernel net/smc implementation. Root cause: after modifying a QP to Error, the code completes RX work with IB_WC_WR_FLUSH_ERR but destroys the QP and frees the link group without waiting for the tasklet to finish, risking access to freed memory in tasklet context. ...
CVE-2022-48761
CVE-2022-48761 affects the Linux kernel USB xhci-plat code. The issue occurs on platforms like i.MX8QM during suspend with remote wake enabled, where xhci_suspend disables the hub wake and then accesses registers after the device clock is gated by run-time suspend. The underlying root cause was t...
CVE-2022-48865
CVE-2022-48865 affects the Linux kernel TIPc bearer path; root cause is a race where monitoring data is not yet allocated when a bearer is enabled, leading to a NULL pointer dereference (mon->dom_gen) during tipc_mon_prep(). The issue was fixed by allocating the monitoring data before enabling...
CVE-2022-48910
The CVE-2022-48910 case concerns the Linux kernel IPv6 addrconf path: when NETDEV_DOWN is triggered for reasons other than actual interface down, repeated calls can leak one ifmcaddr6 per multicast group by leaking idev->mc_tomb. The fix is to ensure ipv6_mc_down() runs at most once per state ...
CVE-2022-49075
CVE-2022-49075 : In the Linux kernel, a qgroup reserve overflow in btrfs can occur when fallocate spans more than 4 GiB. The root cause is that extent_changeset->bytes_changed is stored as an unsigned int, causing overflow and potentially breaking the qgroup limit. The advisory notes that regu...
CVE-2022-49092
CVE-2022-49092 concerns a Linux kernel net/ipv4 routing issue where deleting a route that points to a nexthop ID (without nhid) triggers a warning in fib_nh_match when a nexthop object is present. The root cause is a match operation on a fib_info with a nexthop object; the fix is to skip such mat...
CVE-2022-49095
CVE-2022-49095 : In the Linux kernel, the zorro7xx SCSI driver had a resource leak in zorro7xx_remove_one() where an allocated resource was not freed in the remove path. Some error paths required undoing an ioremap(). A missing iounmap() call was added in the remove function to fix the leak. Vers...
CVE-2022-49157
CVE-2022-49157 affects the Linux kernel scsi/qla2xxx driver. After a recoverable PCI error is detected and recovered, the qla2xxx driver may perform premature hardware access if the error condition persists or resume signaling is not yet received. The description and logs show a PCI disconnect an...
CVE-2022-49230
CVE-2022-49230 concerns the Linux kernel, specifically the mt76 mt7915 driver. The issue was a memory-leak in mt7915_mcu_add_sta where allocated skbs could be leaked on failures. The resolution is to free the allocated skb in the failure path. The CVE’s CVSSv3 base score is 5.5 (Medium) with LOCA...
CVE-2022-49243
CVE-2022-49243 is a Linux kernel vulnerability affecting ASoC: atmel via the at91sam9g20ek_audio_probe path. The issue is a refcount mismatch: of_parse_phandle() returns a node pointer with a refcount that is incremented in the probe function, but a missing of_node_put() caused a leak. A fix was ...
CVE-2022-49337
In the Linux kernel OCFS2 code, CVE-2022-49337 relates to dlmfs user_dlm_destroy_lock: on failure, flags like USER_LOCK_IN_TEARDOWN and USER_LOCK_BUSY may not be cleared, causing a use-after-free risk and a kernel panic during unlink. The fix reverts USER_LOCK_IN_TEARDOWN on failure and ensures e...
CVE-2022-49418
The CVE affects the Linux kernel in NFSv4 handling, where an uninitialized nfs4_label could be freed during referral lookup, leading to a crash. The fix reuses the already-allocated fattr with nfs4_fs_locations and drops the memcpy of fattr, avoiding two extra allocations and preventing the crash...
CVE-2022-49473
The CVE-2022-49473 entry concerns the Linux kernel ASoC: ti: j721e-evm area. The issue is described as a refcount leak in j721e_soc_probe_* where of_parse_phandle() returns a node pointer with an incremented refcount; the fix adds a missing of_node_put() to release it when no longer needed. Conne...
CVE-2022-49493
CVE-2022-49493: Linux kernel ASoC rt5645 cleanup order bug can cause use-after-free due to rt5645_i2c_remove() cancelling jack_detect_work before del_timer_sync, which may race with rt5645_btn_check_callback(). The fix moves del_timer_sync before cancel_delayed_work_sync, addressing the race. Con...
CVE-2022-49518
The CVE-2022-49518 entry maps to a Linux kernel issue in ASoC SOF ipc3-topology where sof_get_control_data() could perform out-of-bounds access if the payload is not bytes. The fix adjusts control counting and data storage: for non-bytes controls, store a pointer to the data and its size (instead...
CVE-2022-49522
CVE-2022-49522 concerns a Linux kernel MMC driver issue (mmc: jz4740) where DMA maps could exceed the DMA engine’s capabilities. The root cause is not a research-level flaw but an inadequate limit on the maximum segment size for DMA data transfers. The fix enforces DMA engine limits on the jz4740...