CVE-2024-42317

The CVE-2024-42317 issue affects the Linux kernel mm/huge_memory path on ARM64 with 64KB base pages. It stems from xarray not supporting arbitrary page cache sizes beyond MAX_PAGECACHE_ORDER, which can allow a 512 MB page cache in the collapsing path and triggers a warning when splitting an xarra...

CVE-2024-45001

CVE-2024-45001 affects the Linux kernel, specifically the MANA (Microsoft Azure Network Adapter) driver. The issue lies in RX buffer alloc_size alignment used when creating SKB via napi_build_skb(), where skb_shinfo(skb) is located at the end of the SKB. Incorrect alignment on ARM64 can cause ato...

CVE-2024-45017

CVE-2024-45017 concerns the Linux kernel mlx5 IPsec RoCE functionality. A fix was implemented to prevent a call trace when creating IPsec over a slave device if the master does not support IPsec. The vulnerability path involves mlx5_ipsec_fs_roce_tx_destroy and related xfrm state destruction, lea...

CVE-2024-46682

The CVE-2024-46682 issue affects the Linux kernel NFS server (nfsd) handling of nfsv4.0 closed opens. A root cause was that states_show() relied on sc_type being valid, and after a commit splitting sc_status from sc_type, unhashing a stateid could leave sc_file NULL, causing an oops in nfs4_show_...

CVE-2024-46792

CVE-2024-46792 is a Linux kernel issue where riscv misalignment allowed userspace to access arbitrary kernel memory because raw_copy_to_user and raw_copy_from_user skip access_ok checks. The initial description notes this was resolved in the kernel. Connected documents corroborate this vulnerabil...

CVE-2024-46838

CVE-2024-46838 affects the Linux kernel. The issue arises in userfaultfd when khugepaged yanks a page table, where previous BUG_ON() checks were incorrect after allowing retracting page tables in file mappings without the mmap lock. The fix removes these BUG_ON()s (and associated early block) to ...

CVE-2024-46850

CVE-2024-46850 – Linux kernel drm/amd/display race condition : The issue arises in dcn35_set_drr() when the DC state’s resource context is nulled by dc_state_destruct() while an IRQ path uses the timing generator. The documented root cause is a race where nulling happens after a NULL check, poten...

CVE-2024-46863

CVE-2024-46863 affects the Linux kernel in the ASoC Intel stack (soc-acpi-intel-lnl-match). The issue stems from missing handling for an empty item in the snd_soc_acpi_link_adr array; the loop termination depended on !link->num_adr, but an empty item was required to avoid traversal problems in...

CVE-2024-50293

Technical details about CVE-2024-50293 (net/smc dangling sk in __smc_create) are not publicly provided in the supplied documents. Monitor for updates from official advisories.

CVE-2025-21657

CVE-2025-21657 relates to the Linux kernel sched_ext component. The root cause was that scx_ops_bypass() re-enqueued scx tasks across CPUs by acquiring rq_lock() for online CPUs regardless of CPU state, which could trigger a spurious rq_pin_lock() warning. The fix replaces rq_lock() with raw_spin...

CVE-2025-21798

CVE-2025-21798 concerns the Linux kernel FireWire kunit test. The vulnerability arises when kunit_kzalloc() returns NULL and test_state is dereferenced without a NULL check, potentially causing a NULL pointer dereference. A fix adds a NULL check for test_state to prevent dereferencing a NULL poin...

CVE-2025-23154

CVE-2025-23154 concerns the Linux kernel’s io_uring path. The issue arises from io_req_post_cqe being used for non-multishot requests, enabling abuse via a send bundle in io_uring/net. The fix adds a flag to indicate whether a request will post multiple CQEs; multishot (REQ_F_APOLL_MULTISHOT) sem...

CVE-2025-37783

CVE-2025-37783 — Linux kernel (drm/msm/dpu) The issue occurs where dpu_plane_virtual_atomic_check could dereference pointers returned by drm_atomic_get_plane_state without verifying for errors, leading to undefined behavior. The fix adds IS_ERR checks to ensure plane_state is valid before derefer...

CVE-2025-37821

The CVE-2025-37821 issue in the Linux kernel’s scheduler (eevdf) caused se->slice to be set to U64_MAX during a complex dequeue sequence, leading to a large, destabilizing vruntime/vlag mismatch and a potential crash. The root cause was that, when dequeuing a delayed group entity whose parent ...

CVE-2025-37872

CVE-2025-37872 : Linux kernel fix in net: txgbe driver. The vulnerability arises when txgbe_sw_init() succeeds but error paths in txgbe_probe() fail, leaving wx->rss_key allocated (wx_init_rss_key()) and not freed, potentially leaking memory. The patch ensures rss_key is freed on error paths a...

CVE-2025-37876

The CVE-2025-37876 vulnerability affects the Linux kernel netfs subsystem. When CONFIG_NETFS_SUPPORTS=y is set but CONFIG_PROC_FS=n, netfs_init() can create /proc/fs/netfs, causing a kernel oops/BUG in mm/mempool.c and a crash. Root cause: /proc/fs/netfs is created without CONFIG_PROC_FS. Remedia...

CVE-2025-37904

CVE-2025-37904 affects the Linux kernel (btrfs) where a bug in btrfs_iget() can leak an inode if btrfs_alloc_path() fails, leaving a busy inode and triggering a kernel BUG in fs/super.c during unmount. The root cause is failure to release the previously allocated inode when btrfs_alloc_path() fai...

CVE-2025-37934

CVE-2025-37934 affects the Linux kernel’s ASoC simple-card-utils, specifically the graph_util_parse_link_direction pointer checks. The issue arises from writing to potentially-invalid pointers when playback_only is absent, causing UBSAN invalid-load warnings (example in imx-card.c). The vulnerabi...

CVE-2025-37951

CVE-2025-37951 affects the Linux kernel DRM/V3D path. When a CL/CSD job times out, if the GPU progressed, the kernel may skip the reset, keeping the job running; however, timedout_job() removes the job from the pending list, so it may not be freed, causing a memory leak. A patch adds the job back...

CVE-2025-37964

CVE-2025-37964 affects the Linux kernel’s x86/mm path, specifically a window during mm switching where an IPITLB flush could be suppressed. The root cause: should_flush_tlb() could skip TLB flushes between load_new_mm_cr3() and writing loaded_mm, in a window labeled LOADED_MM_SWITCHING. The fix: ...

CVE-2025-38014

CVE-2025-38014 : In the Linux kernel’s dmaengine idxd subsystem, a removal path was refactored to use an idxd_cleanup() helper, which fixes code duplication and also corrects a missing put_device() for idxd groups, engines, and work queues. The vulnerability is described as a local-access issue w...

CVE-2025-38022

The CVE-2025-38022 issue resides in the Linux kernel RDMA/core where KASAN reports a slab-use-after-free Read in ib_register_device. Root cause: ib_device_rename() renames the device name under a lock while kobject_uevent() accesses the name without lock protection, leading to a race. The fix is ...

CVE-2025-38037

The CVE-2025-38037 issue affects the Linux kernel’s VXLAN FDB handling. The root cause is a data race where the FDB entry’s fields used and updated may be concurrently accessed by multiple threads, triggering KCSAN reports in vxlan_xmit paths. The fix is to annotate these accesses with READ_ONCE(...

CVE-2025-38064

Vulnerability context: CVE-2025-38064 affects the Linux kernel virtio subsystem, notably virtio-console. Root cause: virtio-console may continue writing to MMIO after the underlying virtio-pci device has been reset during device_shutdown, with IOMMU resets ordering contributing to guest memory ac...

CVE-2025-38086

CVE-2025-38086 involves a Linux kernel vulnerability in net/ch9200 where mii_nway_restart() can trigger an uninitialised access through ch9200_mdio_read() due to not checking control_read() return value. The bug stems from an uninitialised local buffer (buff) being accessed when control_read() do...

CVE-2025-38163

CVE-2025-38163: A fault in the Linux kernel’s F2FS truncation path caused a kernel BUG due to an inconsistent sbi->total_valid_block_count versus mapped blocks, potentially leading to a crash/denial of service. The issue is in f2fs: with sbi->total_valid_block_count not matching inode-index...

CVE-2025-38200

Technical details about CVE-2025-38200 are not provided in the supplied documents. The initial entry mentions a Linux kernel MMIO underflow fix but contains no product/vendor/version specifics beyond kernel change. Monitor for updates.

CVE-2025-38250

In CVE-2025-38250, the Linux kernel Bluetooth vhci_flush() path is affected by a use-after-free when a thread closes a vhci fd while another thread uses the device. The issue stems from a missing synchronization after unlinking hdev from hci_dev_list in hci_unregister_dev(), allowing another thre...

CVE-2025-38369

CVE-2025-38369 affects the Linux kernel DMA engine idxd path. Under certain container configurations running IDXD workloads with /dev mounted can trigger a call trace or kernel panic when the parent process of the container is terminated. Root cause described: Docker’s mount replication propagati...

CVE-2025-40364

CVE-2025-40364 : In the Linux kernel, the io_uring path titled “io_req_prep_async with provided buffers” has been resolved. The issue allowed io_req_prep_async() to import provided buffers and then commit the ring state by giving up on that path, with the buffers potentially being reimported late...

CVE-1999-0128

CVE-1999-0128 refers to a historic Ping of Death, where oversized ICMP echo packets can cause a denial of service. The initial entry and connected Red Hat/RedHat advisory records reiterate the same description without listing affected products, versions, root cause details, or exploitable vectors...

CVE-2000-0506

The CVE refers to the Linux kernel capabilities feature prior to 2.2.16. Local users can cause a denial of service or gain privileges by manipulating capabilities to prevent a setuid program from dropping privileges. The provided documents do not include exploit details or a specified fix/patch i...

CVE-2004-0497

CVE-2004-0497 describes a local privilege escalation in the Linux kernel 2.x family (notably 2.4/2.6-rc3) due to missing DAC controls in sys_chown, enabling a local user to modify the group ownership of files (including NFS-exported files) they do not own. The underlying issue allows changing fil...

CVE-2005-2456

CVE-2005-2456 refers to an array index overflow in the Linux kernel 2.6, in xfrm_user.c within xfrm_sk_policy_insert. A local user can trigger the overflow by supplying a p->dir value larger than XFRM_POLICY_OUT, causing writes beyond sock->sk_policy and resulting in a kernel crash (DoS) an...

CVE-2005-4605

CVE-2005-4605 concerns the Linux kernel procfs implementation. A signedness error in the proc_misc.c code (pre-2.6.15) allows a local attacker to read sensitive kernel memory by manipulating a signed value added to an unsigned value, disclosed via /proc interactions. Public reports document the a...

CVE-2006-4814

CVE-2006-4814 is a mincore-related Linux kernel vulnerability restricted to older kernels (before 2.4.33.6) where access to user space was not properly locked, potentially causing a system hang (deadlock). Public sources in connected advisories confirm this CVE as part of multiple kernel updates,...

CVE-2006-6054

The CVE-2006-6054 issue affects the Linux kernel 2.6.x ext2 file system code, where a malformed ext2 stream can cause ext2_check_page to crash due to a length smaller than the minimum, enabling a local denial of service. Several connected advisories indicate this flaw was fixed in kernel updates ...

CVE-2007-0771

CVE-2007-0771 concerns the Linux kernel utrace support (notably in 2.6.18 and related 2.6.x lines) where local attackers can trigger a DoS via a race/spin failure between utrace_attach and related code paths when using ptrace (as exemplified by the ptrace-thrash scenario). The vulnerability manif...

CVE-2007-3731

CVE-2007-3731 affects the Linux kernel 2.6.20/2.6.21. The vulnerability arises from handling an invalid LDT segment selector in %cs during ptrace single-step operations, enabling a local user to trigger a NULL pointer dereference and an OOPS, via PTRACE_SETREGS and PTRACE_SINGLESTEP (TRACE_IRQS_O...

CVE-2008-2826

The vulnerability CVE-2008-2826 is present in the Linux kernel prior to 2.6.25.9, where an integer overflow in sctp_getsockopt_local_addrs_old (net/sctp/socket.c) allows local users to trigger a denial of service through a large addr_num in the sctp_getaddrs_old structure. The issue is mitigated ...

CVE-2008-3276

The CVE-2008-3276 flaw is an integer overflow in the Linux kernel’s DCCP stack (dccp_setsockopt_change in net/dccp/proto.c) affecting kernel versions 2.6.17-rc1 through 2.6.26.2. It allows remote attackers to trigger a denial of service (panic) via crafted Change L/Change R options when dccpsf_va...

CVE-2008-3833

CVE-2008-3833 affects the Linux kernel up to version 2.6.18 (vulnerable in 2.6.18 and earlier) where generic_file_splice_write in fs/splice.c does not properly strip setuid/setgid bits on writes via splice to a file. This allows local users to gain privileges of a different group or access sensit...

CVE-2010-4076

CVE-2010-4076 affects Linux kernel 2.6.36.1 and earlier. The rs_ioctl function in drivers/char/amiserial.c does not initialize a structure member, enabling local users to read potentially sensitive information from kernel stack memory via TIOCGICOUNT. A fix is to apply the kernel update that addr...

CVE-2011-1019

The CVE-2011-1019 issue affects the Linux kernel up to version 2.6.38, where dev_load in net/core/dev.c allows local users with CAP_NET_ADMIN to bypass CAP_SYS_MODULE and load arbitrary modules. This constitutes a local privilege escalation. Remediation is to upgrade to kernel 2.6.38 or newer (as...

CVE-2011-1474

CVE-2011-1474 affects pax-linux versions 2.6.32.33-test79.patch, 2.6.38-test3.patch, and 2.6.37.4-test14.patch. The root cause is a bad bounds check in arch_get_unmapped_area_topdown triggered by mmap after a MAP_GROWSDOWN mmap, which can loop indefinitely and not release the VM semaphore, potent...

CVE-2011-1479

CVE-2011-1479 : A double-free in the Linux kernel’s inotify subsystem (kernel versions before 2.6.39) allows local users to crash the system via paths involving failed file creation. The issue stems from an incorrect fix related to CVE-2010-4250. Affected product: Linux kernel; vulnerability type...

CVE-2011-3593

CVE-2011-3593 : The Linux kernel 2.6.32 on Red Hat Enterprise Linux 6 is affected by a vulnerability in the VLAN patch within net/8021q/vlan_core.c (vlan_hwaccel_do_receive). This enables remote attackers to cause a denial of service (system crash) via priority-tagged VLAN frames. Connected advis...

CVE-2011-4348

Technical details for CVE-2011-4348 are not publicly provided in the connected documents. The material references the CVE in advisories but does not describe affected products, versions, root causes, or fixes. Monitor for updates.

CVE-2013-0217

The CVE-2013-0217 entry concerns memory leakage in the Linux kernel Xen netback driver (drivers/net/xen-netback/netback.c). The issue affects the Xen netback functionality in Linux kernel versions prior to 3.7.8, enabling a guest OS user to trigger error conditions that lead to memory exhaustion ...

CVE-2013-0309

CVE-2013-0309 affects arch/x86/include/asm/pgtable.h in the Linux kernel prior to 3.6.2 when Transparent Huge Pages are used. The issue: PROT_NONE memory regions are not properly supported, enabling a local user to trigger a denial of service (system crash). The connected Nessus advisories for Un...