14403 matches found
CVE-2024-26789
CVE-2024-26789 concerns the Linux kernel crypto path for ARM64 AES-CTR. The bit-sliced NEON implementation could perform out-of-bounds reads when processing short inputs or tail blocks that do not align to 128-byte blocks, because it would jump into the plain NEON helper which handles memory in 1...
CVE-2024-35856
CVE-2024-35856 affects the Linux kernel Bluetooth btusb mediatek component. The root cause is a double-free of the skb buffer in the coredump path, where hci_devcd_append() frees the skb on error, potentially leading to a double-free if the caller also frees it. The issue is triggered locally and...
CVE-2024-35879
CVE-2024-35879 affects the Linux kernel’s dynamic handling of device trees: synchronization of of_changeset_destroy() with devlink removals in the OF stack. The issue arises during a two-step sequence (1) of_platform_depopulate() destroying devices and removing devlinks, then (2) of_overlay_remov...
CVE-2024-35903
The CVE-2024-35903 entry: In the Linux kernel, x86/bpf: Fix IP after emitting call depth accounting. The issue adjusts the IP passed to emit_patch to compute the correct offset for a CALL when x86_call_depth_emit_accounting emits code; without this, instructions may be skipped and the system coul...
CVE-2024-35968
CVE-2024-35968 concerns the Linux kernel driver path in the pds_core module. The issue arises when fw_status == 0xff and the driver attempts a PCI reset via pci_reset_function() from the health thread, which can deadlock because pdsc_stop_health_thread() tries to stop/flush that thread. The publi...
CVE-2024-36888
CVE-2024-36888 : Linux kernel workqueue wake_cpu selection bug fixed by masking targeted CPU with cpu_online_mask via cpumask_any_and_distribute() to avoid arch_vcpu_is_preempted() on offline CPUs. Affected trace shows oops during multi-CPU bring-up when cpu_possible_mask=0-63 and cpu_online_mask...
CVE-2024-38557
CVE-2024-38557 affects the Linux kernel mlx5/YAML path handling. The issue arises in net/mlx5 when a lag (Link Aggregation) disable/enable sequence reloads representors: the code reloads all representors for the bond’s slaves, and a failure during slave representor load can unload all representor...
CVE-2024-38571
CVE-2024-38571 affects the Linux kernel tsens (thermal/drivers/tsens). Root cause: compute_intercept_slope(priv, p1, NULL, ONE_PT_CALIB) is invoked from calibrate_8960() (tsens-8960.c), which can dereference a NULL pointer if DEBUG or DYNAMIC_DEBUG is set. The bug is fixed by adding a NULL pointe...
CVE-2024-40969
CVE-2024-40969 (Linux kernel, f2fs) is confirmed to affect the f2fs shutdown path. The root cause is that shutdown does not verify the thaw error when the filesystem is read-only, which can lead to a deadlock during shutdown (via s b_start_write, set RO, and then thaw). The available connected do...
CVE-2024-42317
The CVE-2024-42317 issue affects the Linux kernel mm/huge_memory path on ARM64 with 64KB base pages. It stems from xarray not supporting arbitrary page cache sizes beyond MAX_PAGECACHE_ORDER, which can allow a 512 MB page cache in the collapsing path and triggers a warning when splitting an xarra...
CVE-2024-45001
CVE-2024-45001 affects the Linux kernel, specifically the MANA (Microsoft Azure Network Adapter) driver. The issue lies in RX buffer alloc_size alignment used when creating SKB via napi_build_skb(), where skb_shinfo(skb) is located at the end of the SKB. Incorrect alignment on ARM64 can cause ato...
CVE-2024-46838
CVE-2024-46838 affects the Linux kernel. The issue arises in userfaultfd when khugepaged yanks a page table, where previous BUG_ON() checks were incorrect after allowing retracting page tables in file mappings without the mmap lock. The fix removes these BUG_ON()s (and associated early block) to ...
CVE-2024-49873
CVE-2024-49873 : In the Linux kernel, memfd_pin_folios with THP-backed memory may panic or cause a NULL-pointer dereference when the requested start offset is not aligned to a huge page boundary. The issue arises because filemap_get_folios_contig could load a folio that is a sibling and then fail...
CVE-2024-56618
CVE-2024-56618 : In the Linux kernel, the pmdomain: imx: gpcv2 handshake delay caused a kernel panic when the handshake ended early. The fix involves waiting longer after the handshake (udelay) due to BUS clock enablement being handled by a separate driver; the observed data suggested udelay(10) ...
CVE-2024-57928
CVE-2024-57928 (Linux kernel) : The vulnerability is in netfs buffered reads. When netfs_read_to_pagecache() encounters an error from either ->prepare_read() or netfs_prepare_read_iterator(), it must decrement ->nr_outstanding, cancel the subrequest, and break the issuing loop. The patch fi...
CVE-2025-21798
CVE-2025-21798 concerns the Linux kernel FireWire kunit test. The vulnerability arises when kunit_kzalloc() returns NULL and test_state is dereferenced without a NULL check, potentially causing a NULL pointer dereference. A fix adds a NULL check for test_state to prevent dereferencing a NULL poin...
CVE-2025-23154
CVE-2025-23154 concerns the Linux kernel’s io_uring path. The issue arises from io_req_post_cqe being used for non-multishot requests, enabling abuse via a send bundle in io_uring/net. The fix adds a flag to indicate whether a request will post multiple CQEs; multishot (REQ_F_APOLL_MULTISHOT) sem...
CVE-2025-37826
CVE-2025-37826 pertains to the Linux kernel, specifically the SCSI: UFS core. The root cause is a missing NULL check on the hwq pointer returned by ufshcd_mcq_req_to_hwq(), which can occur in ufshcd_mcq_compl_pending_transfer(). The available connected documents describe a patch that adds a NULL ...
CVE-2025-37888
Technical details for CVE-2025-37888 are not provided in the supplied documents; only a high-level description of the Linux kernel fix is shown. Please monitor for vendor advisories for affected products and remediation.
CVE-2025-38005
CVE-2025-38005 : In the Linux kernel, the vulnerability stems from a missing locking in the TI k3-udma DMA engine path (udma_start in udma_check_tx_completion). The issue was observed as a warning trace in recent kernels and is resolved by a patch that adds the missing locking (see commits such a...
CVE-2025-38037
The CVE-2025-38037 issue affects the Linux kernel’s VXLAN FDB handling. The root cause is a data race where the FDB entry’s fields used and updated may be concurrently accessed by multiple threads, triggering KCSAN reports in vxlan_xmit paths. The fix is to annotate these accesses with READ_ONCE(...
CVE-2025-38062
Summary of CVE-2025-38062: The Linux kernel vulnerability affects the MSI/IOMMU path used for translating MSI addresses. The root cause is a use-after-free-like risk due to storing a cookie pointer (IOVA) in the MSI descriptor across two stages of MSI address translation, which can be race-condit...
CVE-2025-38065
CVE-2025-38065 affects the Linux kernel (orangefs) where a 32-bit truncation occurs because len is stored as size_t from i_size_read(), potentially truncating file sizes to 4 GiB. Exploitation is described as local in the CVE metrics. The vulnerability is addressed by kernel fixes referenced in c...
CVE-2025-38094
CVE-2025-38094 (Linux kernel, macb deadlock) Fix for a possible deadlock in the macb driver under cadence when THALT is high and TGO remains high. The issue occurred in contexts with interrupts disabled, where jiffies were not updated and the loop wouldn’t exit, potentially locking a sama5d4 devi...
CVE-2025-38095
CVE-2025-38095 concerns the Linux kernel dma-buf memory barrier ordering: smp_store_mb() currently inserts a memory barrier after storing, which can lead to a NULL pointer dereference if memory updates reorder. The vulnerability is fixed by ensuring the barrier is inserted before updating num_fen...
CVE-2025-38127
CVE-2025-38127 affects the Linux kernel in the ice driver’s XDP path. When loading an XDP program, the callback can create new Tx queues and must update the Tx scheduler accordingly. A bug left some changes from the XDP preparation unrolled if the Tx scheduler failed, causing a crash (observed tr...
CVE-2025-38146
CVE-2025-38146 affects the Linux kernel net/openvswitch MPLS parsing. The issue can cause a dead loop when MPLS label stacks wrap, with a UBSAN array-index-out-of-bounds (index -1) in key_extract_l3l4 and related stack traces, potentially leading to soft lockup/CPU stall. A fix for the MPLS parse...
CVE-2025-38218
CVE-2025-38218 affects the Linux kernel’s F2FS file system. The vulnerability stems from a faulty sanity check on sit_bitmap_size that can lead to an out-of-bounds access in sit_bitmap when resizing an image, causing a kernel panic during mount. The root cause described is sit_i->bitmap_size b...
CVE-2025-38369
CVE-2025-38369 affects the Linux kernel DMA engine idxd path. Under certain container configurations running IDXD workloads with /dev mounted can trigger a call trace or kernel panic when the parent process of the container is terminated. Root cause described: Docker’s mount replication propagati...
CVE-2025-38386
The CVE-2025-38386 entry relates to ACPICA in the Linux kernel. Root cause: AML/ACPICA could crash via use-after-free when a platform firmware update increased method parameter counts and callers weren’t updated. Fix: ACPICA now refuses to evaluate a method if the caller passes fewer arguments th...
CVE-2025-38445
CVE-2025-38445 covers a Linux kernel issue in md/raid1 where raid1_reshape allocated a mempool on the stack and assigned it to conf->r1bio_pool, causing conf->r1bio_pool.wait.head to reference a stack address. Subsequent access in raid1_read_request/raid1_write_request paths could trigger a...
CVE-2025-38488
CVE-2025-38488 affects the Linux kernel SMB client path (crypt_message) where async crypto could lead to use-after-free when hardware accelerators return -EINPROGRESS. The issue arose after CVE-2024-50047 fixed async handling for all operations but hardware offload could still complete asynchrono...
CVE-2025-38617
CVE-2025-38617 concerns a Linux kernel race in the packet networking path (net/packet) between packet_set_ring() and packet_notifier(). When po->bind_lock is temporarily released during ring setup, a concurrent NETDEV_UP event could be processed by packet_notifier(), risking inconsistent socke...
CVE-2000-0506
The CVE refers to the Linux kernel capabilities feature prior to 2.2.16. Local users can cause a denial of service or gain privileges by manipulating capabilities to prevent a setuid program from dropping privileges. The provided documents do not include exploit details or a specified fix/patch i...
CVE-2004-0394
CVE-2004-0394 concerns a potential buffer overflow in the panic() function of Linux 2.4.x. The description explicitly indicates a possible overflow, but notes it may not be exploitable due to the function’s behavior. The connected OpenVAS entries reference this CVE among broader kernel advisories...
CVE-2004-0496
The CVE-2004-0496 entry refers to multiple local vulnerabilities in the Linux kernel 2.6, distinct from CVE-2004-0495, discovered via Sparse. Connected sources (Gentoo GLSA advisories GLSA-200407-02 and GLSA-200407-16, OpenVAS NASLs, and NVD/NVD-style listings) corroborate that CAN-2004-0496 conc...
CVE-2005-2490
CVE-2005-2490 describes a stack-based buffer overflow in the Linux kernel 2.6 sendmsg() path prior to 2.6.13.1. Local users could cause arbitrary code execution by calling sendmsg and altering message contents in another thread. Public sources in the connected documents corroborate the vulnerabil...
CVE-2005-3055
CVE-2005-3055 affects the Linux kernel 2.6.8 through 2.6.14-rc2. A local user-space process can issue a USB Request Block (URB) to a USB device and terminate before completion, causing a stale pointer reference and potential kernel OOPS/Denial of Service. Public sources in connected docs confirm ...
CVE-2005-3272
CVE-2005-3272 affects the Linux kernel prior to 2.6.12. The issue lets remote attackers poison the bridge forwarding table with frames that have already been dropped by filtering, causing the bridge to forward spoofed packets. The vulnerability stems from how bridge/frame filtering handling inter...
CVE-2006-4093
CVE-2006-4093 affects Linux kernel 2.x on PowerPC PPC970: HID0 attention enable at boot time can crash the kernel (denial of service). Vulnerable: 2.6.x up to 2.6.17.9 and 2.4.x up to 2.4.33.1. Exploitation details are not provided in the initial documents, but multiple advisories (e.g., RHSA, SU...
CVE-2006-4814
CVE-2006-4814 is a mincore-related Linux kernel vulnerability restricted to older kernels (before 2.4.33.6) where access to user space was not properly locked, potentially causing a system hang (deadlock). Public sources in connected advisories confirm this CVE as part of multiple kernel updates,...
CVE-2006-5751
CVE-2006-5751 concerns the Linux kernel (pre-2.6.18.4) where an integer overflow in get_fdb_entries (net/bridge/br_ioctl.c) allows a local user to trigger arbitrary code execution by supplying a large maxnum in an ioctl. The issue is rooted in kernel networking bridge ioctl handling and could ena...
CVE-2007-5904
The CVE-2007-5904 issue is a kernel vulnerability in the CIFS VFS of the Linux 2.6.23 and earlier kernels. It involves multiple buffer overflows triggered by long SMB responses in the SendReceive function, enabling a remote attacker to cause a crash and, potentially, arbitrary code execution. Pub...
CVE-2008-3527
CVE-2008-3527 affects the Linux kernel (arch/i386/sysenter/vDSO). The vulnerability stems from missing boundary checks in vDSO install_special_mapping, syscall, and syscall32_nopage in the Linux kernel prior to 2.6.21, permitting local users to gain privileges or cause a denial of service. Affect...
CVE-2008-5025
CVE-2008-5025: Linux kernel before 2.6.28-rc1 suffers a stack-based buffer overflow in hfs_cat_find_brec() within fs/hfs/catalog.c when processing an HFS image with an invalid catalog namelength, enabling memory corruption or a system crash and a DoS. The MiracleLinux advisory and related OpenVAS...
CVE-2009-3624
CVE-2009-3624 affects the Linux kernel KEYS subsystem. The get_instantiation_keyring function in security/keys/keyctl.c fails to properly maintain the reference count of a keyring when a keyring is not specified by ID, enabling a local attacker to gain privileges or trigger a denial of service (O...
CVE-2010-1451
CVE-2010-1451 affects the SPARC build of the Linux kernel prior to 2.6.33, where TSB I-TLB load handling in arch/sparc/kernel/tsb.S fails to correctly obtain the _PAGE_EXEC_4U bit, resulting in an incompletely implemented non-executable stack. This could allow context-dependent local attackers to...
CVE-2010-2960
CVE-2010-2960 affects Linux kernel 2.6.35.4 and earlier: the keyctl_session_to_parent function assumes a parent session keyring exists, allowing local users to cause a NULL pointer dereference and system crash (denial of service) via a KEYCTL_SESSION_TO_PARENT argument. Root cause pertains to ses...
CVE-2010-4076
CVE-2010-4076 affects Linux kernel 2.6.36.1 and earlier. The rs_ioctl function in drivers/char/amiserial.c does not initialize a structure member, enabling local users to read potentially sensitive information from kernel stack memory via TIOCGICOUNT. A fix is to apply the kernel update that addr...
CVE-2010-4648
CVE-2010-4648 affects the Linux kernel wireless orinoco driver (orinoco_ioctl_set_auth in drivers/net/wireless/orinoco/wext.c) prior to 2.6.37, where TKIP protection was not correctly implemented. This could allow a remote attacker to read Wi‑Fi frames and gain access to the network. The issue is...