14403 matches found
CVE-2025-37869
CVE-2025-37869 : Linux kernel fix for drm/xe: Use local fence in error path of xe_migrate_clear. The error path previously waited on m->fence (potential UAF) and was only stable under the job mutex. The patch changes to wait on the local fence to prevent the use-after-free. (Cherry-picked from...
CVE-2025-38181
CVE-2025-38181 affects the Linux kernel CALIPSO code path. A NULL pointer dereference could occur in calipso_req_setattr()/calipso_req_delattr() when CALIPSO options are allocated during socket option handling, tied to sk_to_full_sk() and the predicated rsk_listener being NULL after certain synco...
CVE-2024-26709
CVE-2024-26709 (Linux kernel, PowerPC). A refcount leak in spapr_tce_platform_iommu_attach_dev() occurs because iommu_group_put() is not called when the domain is already set, leading to a leak and a BUG_ON() during DLPAR remove on POWER10/pSeries platforms. The connected patch adds the missing i...
CVE-2024-26912
The connected Nessus entry for CVE-2024-26912 provides concrete details: in the Linux kernel, the Nouveau driver leaked several GSP-RM DMA buffers (nvkm_gsp_mem objects) that were never deallocated. Some buffers could be freed soon after GSP-RM initialization, while others remained until driver u...
CVE-2024-35841
CVE-2024-35841 describes a Linux kernel vulnerability in the TLS path (net: tls) related to splice handling with MSG_SPLICE_PAGES. The issue occurs when moving user pages from msg to msg_pl; if more pages are added than MAX_MSG_FRAGS and the MORE flag is used, the code can attempt to re-fill a fu...
CVE-2024-35889
The CVE-2024-35889 entry concerns a Linux kernel vulnerability in the idpf driver where idpf_rx_process_skb_fields could return early for unknown packet types, causing the skb protocol not to be set and potentially triggering a kernel panic (notably when tcpdump is active). The underlying issue i...
CVE-2024-35914
CVE-2024-35914 : In the Linux kernel, the nfsd rename error cleanup path could fail to drop the remount protection after taking an error bail-out, potentially leaving remount protection enabled and risking a deadlock. The cleanup path has been updated to properly drop the remount protection. Affe...
CVE-2024-38554
CVE-2024-38554 describes a Linux kernel AX25 driver issue where a reference-count leak in the net_device object can occur in ax25_dev_device_down when shutting down the device. The leak happens because the reference count may be dropped one or zero times depending on control flow, leading to memo...
CVE-2024-42155
The CVE-2024-42155 issue affects the Linux kernel on s390 architectures, where the k ey material of protected- or secure-keys should not be visible to the caller. The vulnerability notes that all copies of protected- or secure-keys must be wiped from the stack even if an error occurs. CVSS data p...
CVE-2024-42249
The CVE affects the Linux kernel SPI subsystem. The vulnerability stems from calling spi_maybe_unoptimize_message() in spi_async(), which risks corrupting a message that is likely queued or in use by the controller driver. The proper balancing call already occurs in spi_finalize_current_message()...
CVE-2024-44979
CVE-2024-44979 affects the Linux kernel: drm/xe component (xe_gt_pagefault) mishandled workqueue destruction, leading to potential memory retention on driver reload. A fix was applied to destroy the pagefault and access-counter workqueues, cherry-picked from commit 7586fc52b14e0b8edd0d1f8a434e0de...
CVE-2024-46850
CVE-2024-46850 – Linux kernel drm/amd/display race condition : The issue arises in dcn35_set_drr() when the DC state’s resource context is nulled by dc_state_destruct() while an IRQ path uses the timing generator. The documented root cause is a race where nulling happens after a NULL check, poten...
CVE-2024-46862
CVE-2024-46862 pertains to the Linux kernel ASoC path for Intel soc-acpi-intel-mtl). The issue involved missing handling for an empty item in the snd_soc_acpi_link_adr array; the code tested !link->num_adr as a loop-ending condition, requiring an empty item in the array to terminate correctly....
CVE-2024-46863
CVE-2024-46863 affects the Linux kernel in the ASoC Intel stack (soc-acpi-intel-lnl-match). The issue stems from missing handling for an empty item in the snd_soc_acpi_link_adr array; the loop termination depended on !link->num_adr, but an empty item was required to avoid traversal problems in...
CVE-2024-56673
Technical details about CVE-2024-56673 are not provided in the supplied documents. Monitor for updates from the vendors/security advisories for affected products, fixes, and mitigations.
CVE-2024-57953
CVE-2024-57953 affects the Linux kernel RTC driver (rtc: tps6594). On 32-bit systems a 64-bit tmp variable overflows when calculating tmp = offset * TICKS_PER_HOUR, because offset is a long and TICKS_PER_HOUR is very large (32768*3600). The description states the overflow occurs in tps6594_rtc_se...
CVE-2024-58082
CVE-2024-58082 affects the Linux kernel media nuvoton driver (npcm_video_ece_init). The root cause is improper error handling: when of_find_device_by_node() fails it returns NULL instead of an error code, so the code path should check for NULL and return -ENODEV. The fix implements proper NULL ch...
CVE-2025-37745
CVE-2025-37745 : Linux kernel vulnerability in the hibernate subsystem where a write to /sys/module/hibernate/parameters/compressor could deadlock with ieee80211 device registration. The root cause is a potential deadlock involving system_transition_mutex held under param_lock in hibernate_compre...
CVE-2025-37934
CVE-2025-37934 affects the Linux kernel’s ASoC simple-card-utils, specifically the graph_util_parse_link_direction pointer checks. The issue arises from writing to potentially-invalid pointers when playback_only is absent, causing UBSAN invalid-load warnings (example in imx-card.c). The vulnerabi...
CVE-2025-38009
CVE-2025-38009 : In the Linux kernel, the wifi driver mt76 initializes and cleans up TX NAPI on removal. A fix disables TX NAPI before deleting the NAPI instance in mt76_dma_cleanup() to prevent a warning observed after commit 9dd05df8403b. The issue arises when driving removal of mt7921e/mt76 dr...
CVE-2025-38190
CVE-2025-38190 affects the Linux kernel ATM path. The issue arises when in the vcc_sendmsg() path, skb->truesize is accounted to sk_wmem_alloc via atm_account_tx(), but the corresponding revert is not performed on copy_from_iter_full() failure, potentially leaking a socket. The fixed approach ...
CVE-2025-38250
In CVE-2025-38250, the Linux kernel Bluetooth vhci_flush() path is affected by a use-after-free when a thread closes a vhci fd while another thread uses the device. The issue stems from a missing synchronization after unlinking hdev from hci_dev_list in hci_unregister_dev(), allowing another thre...
CVE-2025-38332
CVE-2025-38332 (Linux kernel) affects the lpfc SCSI path where BIOSVersion handling could panic due to a misused strlcat/FORTIFY check. The root cause is improper assumptions about buffer sizes, leading to a likely false positive overflow check, and the fix replaces the problematic sequence with ...
CVE-2025-38338
CVE-2025-38338 is a Linux kernel vulnerability affecting NFS read paths. A double-unlock in fs/nfs/read during truncation can cause a deadlock because folio_unlock() may be called twice, incorrectly clearing the PG_locked flag. This can lead to warnings in netfs_read_collection or to processes wa...
CVE-2025-38459
CVE-2025-38459: Linux kernel ATM CLIP module vulnerability causing Denial of Service via infinite recursion in clip_push(). Root cause: second ATMARP_MKIP ioctl triggers recursion when vcc->old_push is used after first call; mitigation implemented by checking vcc->user_back (clip_vcc) and u...
CVE-2026-31533
The CVE-2026-31533 entry concerns a Linux kernel net/tls use-after-free in tls_do_encryption() when crypto_aead_encrypt() returns -EBUSY. The underlying issue is double cleanup of encrypt_pending and the scatterlist entry due to distinct cleanup paths (async callback tls_encrypt_done() vs synchro...
CVE-2005-0001
CVE-2005-0001 describes a race condition in the Linux kernel page fault handler (fault.c) that affects multiprocessor systems. Affected kernel lines include 2.2.x to 2.2.7, 2.4 up to 2.4.29, and 2.6 up to 2.6.10. The vulnerability enables local attackers to execute arbitrary code by exploiting co...
CVE-2008-2826
The vulnerability CVE-2008-2826 is present in the Linux kernel prior to 2.6.25.9, where an integer overflow in sctp_getsockopt_local_addrs_old (net/sctp/socket.c) allows local users to trigger a denial of service through a large addr_num in the sctp_getaddrs_old structure. The issue is mitigated ...
CVE-2008-4934
The CVE-2008-4934 issue affects the Linux kernel 2.6.x prior to 2.6.28-rc1 in the hfsplus code path. Specifically, hfsplus_block_allocate in fs/hfsplus/bitmap.c fails to verify the return value of read_mapping_page before invoking kmap, enabling a crafted hfsplus filesystem image to trigger a den...
CVE-2009-2691
CVE-2009-2691 affects the Linux kernel (2.6.30.4 and earlier) via the mm_for_maps path in fs/proc/base.c, allowing a local attacker to read maps and smaps files under /proc during ELF loading for a setuid process, due to a race condition. Impact is information exposure (maps/smaps); exploitation ...
CVE-2010-4650
The CVE-2010-4650 issue affects the Linux kernel’s fuse_do_ioctl in fs/fuse/file.c, where a buffer overflow could be exploited by a CUSE server to achieve local denial of service or potential other impact. Multiple connected sources confirm a fix in kernel 2.6.37 and note that exploitation requir...
CVE-2012-5517
CVE-2012-5517 is referenced in multiple advisories. The connected documents confirm a vulnerability in the Linux kernel before 3.6 where the online_pages function in mm/memory_hotplug.c can be abused by local users to cause a denial of service via a NULL pointer dereference when memory hot-added ...
CVE-2012-6549
The CVE-2012-6549 entry concerns the Linux kernel vulnerability where isofs_export_encode_fh in fs/isofs/export.c did not initialize a structure member, allowing local attackers to read sensitive data from kernel heap memory via a crafted application. Affected: Linux kernel versions prior to 3.6....
CVE-2013-2128
The CVE-2013-2128 issue affects the Linux kernel’s tcp_read_sock() in net/ipv4/tcp.c where skb consumption is not properly managed. This can allow local attackers to trigger a denial of service (system crash) by issuing a crafted splice() on a TCP socket. Evidence appears across multiple advisori...
CVE-2013-2146
CVE-2013-2146 affects the Linux kernel (pre-3.8.9) in the x86 Perf Event subsystem. The vulnerable component is arch/x86/kernel/cpu/perf_event_intel.c, which uses an incorrect bitmask when the Performance Events Subsystem is enabled. Under this condition, a local user can trigger a denial of serv...
CVE-2013-3224
The CVE-2013-3224 issue affects the Linux kernel’s Bluetooth path: bt_sock_recvmsg in net/bluetooth/af_bluetooth.c before 3.9-rc7 does not fully initialize a length variable, enabling local attackers to leak sensitive data from kernel stack memory via crafted recvmsg/recvfrom calls. Impact is inf...
CVE-2013-4125
The CVE-2013-4125 issue affects the Linux kernel IPv6 stack: fib6_add_rt2node in net/ipv6/ip6_fib.c (up to and including 3.10.1) mishandles Router Advertisement messages in ECMP scenarios, allowing a remote attacker to crash the system via a crafted sequence of RA messages. Connected advisories (...
CVE-2015-3332
CVE-2015-3332 affects the Linux kernel TCP Fast Open code before 3.18, where a count is not correctly maintained, allowing a local user to crash the system (DoS) via the Fast Open feature. Demonstrated on certain 3.10.x–3.16.x kernels by visiting chrome://flags/#enable-tcp-fast-open. The issue is...
CVE-2015-5706
CVE-2015-5706 is a local-use-after-free vulnerability in the Linux kernel (path_openat in fs/namei.c) affecting 3.x and 4.x before 4.0.4. An attacker can trigger a denial of service (and possibly other impact) via O_TMPFILE filesystem operations that leverage a duplicate cleanup operation. Remedi...
CVE-2015-7885
CVE-2015-7885 affects the Linux kernel: the dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c does not initialize a certain structure member, enabling a local attacker to read sensitive kernel memory via a crafted application. The issue is scoped to kernels up to version 4.3.3. Connect...
CVE-2016-6187
CVE-2016-6187 : The Linux kernel before 4.6.5 contains a vulnerability in the AppArmor LSM path. The function apparmor_setprocattr in security/apparmor/lsm.c does not validate the buffer size, enabling a local user to gain privileges by triggering a setprocattr hook. This is a local privilege-esc...
CVE-2017-15306
The CVE-2017-15306 entry concerns the Linux kernel (PowerPC) KVM. The vulnerable component is arch/powerpc/kvm/powerpc.c, specifically the kvm_vm_ioctl_check_extension function. The issue arises when handling the KVM_CHECK_EXTENSION KVM_CAP_PPC_HTM ioctl on /dev/kvm, allowing a local attacker to ...
CVE-2017-18550
CVE-2017-18550 affects Linux kernels up to 4.12: in drivers/scsi/aacraid/commctrl.c, aac_get_hba_info does not initialize hbainfo, exposing kernel stack memory. Severity is low (CVSS v3: 5.5) but local access required. The Unity Nessus advisories reproduce this issue and reference a kernel fix pr...
CVE-2018-20449
CVE-2018-20449 affects the Linux kernel 4.14.90, specifically the hidma_chan_stats function in drivers/dma/qcom/hidma_dbg.c. It allows local users to obtain sensitive address information by reading callback= lines in a debugfs file. The issue is evidenced across multiple feeds (NVD, Red Hat, SUSE...
CVE-2019-9857
CVE-2019-9857 affects the Linux kernel up to 5.0.2: inotify_update_existing_watch() in fs/notify/inotify/inotify_user.c omits calling fsnotify_put_mark() with IN_MASK_CREATE after fsnotify_find_mark(), causing a memory leak (refcount leak) and ultimately a denial of service. The connected Nessus/...
CVE-2020-25221
CVE-2020-25221 affects Linux kernel 5.7.x and 5.8.x before 5.8.7. The vulnerability arises in get_gate_page() implemented in mm/gup.c, due to incorrect reference counting of the backing struct page for the vsyscall page, causing a refcount underflow. It can be triggered by any 64-bit process that...
CVE-2021-4441
Technical details such as affected products, exact root cause, impact, and patch versions are not publicly provided in the provided documents. Monitor for updates.
CVE-2021-47100
CVE-2021-47100 is a Linux kernel vulnerability that causes a use-after-free (UAF) during uninstall of ipmi_si and ipmi_msghandler modules, leading to kernel oops/panic. The issue occurs when rmmod ipmi_si is followed by ipmi_msghandler removal, triggering kref_put cleanup that schedules a work it...
CVE-2021-47114
Technical details about CVE-2021-47114 are not publicly provided in the supplied documents. The sources reference the ocfs2 fallocate data corruption fix but do not specify affected versions, root cause specifics, exploit details, or remediation steps beyond the general description. Monitor for u...
CVE-2021-47122
CVE-2021-47122 refers to a Linux kernel issue in the CAIF stack where, on caif_enroll_dev() failure, the allocated link_support was not assigned to the target structure, leading to a memory leak in caif_device_notify. The fix adds a safe deallocation path to free the allocated pointer when an err...