CVE-2026-31685

The connected Red Hat/SUSE/NVD entries confirm CVE-2026-31685 affects the Linux kernel netfilter component ip6t_eui64. The root cause is that eui64_mt6() derives a modified EUI-64 from the Ethernet source and compares it with the IPv6 low 64 bits, but the existing guard only rejects an invalid MA...

CVE-2012-2745

CVE-2012-2745 affects the Linux kernel prior to 3.3.2. The copy_creds function in kernel/cred.c may provide an invalid replacement session keyring to a child process, allowing local users to cause a denial of service (panic) via a crafted fork. Affected: Linux kernel

CVE-2023-52992

CVE-2023-52992 affects the Linux kernel; the vulnerability exists in BPF’s send_signal_common path where a task with pid=1 can trigger a kernel panic (kernel: “Attempted to kill init!”). A fix was applied to skip pid=1 in bpf_send_signal_common(), preventing this panic. Impact is local, with pote...

CVE-2023-53053

CVE-2023-53053 affects the Linux kernel: erspan handling relied on skb_mac_header() in ndo_start_xmit(), with drivers incorrectly assuming skb_mac_header(skb) == skb->data. The issue is fixed by using skb_network_offset() and skb_transport_offset() in erspan_fb_xmit() and ip6erspan_tunnel_xmit...

CVE-2023-53123

The CVE-2023-53123 issue affects Linux kernel on s390 where per-function PCI hot-plugging left stale MMIO resources in the PCI and zpci_bus structures, enabling a use-after-free when a VFs are removed and re-added. The fix removes the individually hot-unplugged PCI function’s resources from the P...

CVE-2024-24864

Technical details about CVE-2024-24864 are not provided in the supplied connected documents. Monitor for updates and forthcoming disclosures.

CVE-2024-26692

CVE-2024-26692 : In the Linux kernel, a regression in the SMB/NETFS path (caused by the 6.3 conversion) can lead to data corruption during large sequential writes when the negotiated maximum write size (or mount wsize) is not a multiple of 4096. The code may skip the end of the final page, riskin...

CVE-2024-26724

CVE-2024-26724 : In the Linux kernel, the mlx5 DPLL path (net/mlx5: DPLL) is affected by a use-after-free triggered by delayed-work timer handling. The issue is demonstrated by a KASAN slab-use-after-free in __run_timers and related callstack, with mlx5_dpll_probe allocating memory and mlx5_dpll_...

CVE-2024-35879

CVE-2024-35879 affects the Linux kernel’s dynamic handling of device trees: synchronization of of_changeset_destroy() with devlink removals in the OF stack. The issue arises during a two-step sequence (1) of_platform_depopulate() destroying devices and removing devlinks, then (2) of_overlay_remov...

CVE-2024-35920

CVE-2024-35920 refers to a Linux kernel issue in the media: mediatek: vcodec driver. The root cause is a race/NULL-pointer risk in vpu_dec_ipi_handler when the decoder context list (ctx_list) could be deleted due to SCP IP block behavior. The patch adds a lock around ctx_list to prevent illegal a...

CVE-2024-38566

CVE-2024-38566: In the Linux kernel, the bpf verifier had an incorrect assumption that socket->sk is valid when a trusted socket is used, which may not hold for sockets just created and passed to LSM socket_accept hooks. The fix relaxes the verifier assumption and updates tests. The vulnerabil...

CVE-2024-38569

CVE-2024-38569 concerns the Linux kernel driver for HISI PCIe in the perf subsystem. Description: the perf tool allows creating event groups; if the number of events in an event_group exceeds HISI_PCIE_MAX_COUNTERS, the driver may write past the end of the event_group array, causing an out-of-bou...

CVE-2024-39462

CVE-2024-39462 : Linux kernel vulnerability in bcm clk DV P. Root cause: after commit that annotated clk_hw_onecell_data with __counted_by, hws[] was accessed before ->num was initialized, triggering UBSAN array-index-out-of-bounds (drivers/clk/bcm/clk-bcm2711-dvp.c:59). Impact : potential out...

CVE-2024-41021

CVE-2024-41021: Linux kernel (s390) fixes VM_FAULT_HWPOISON handling in do_exception. The s390 arch has no HWPOISON/MEMORY_FAILURE/ARCH_HAS_COPY_MC, so HWPOISON was not expected here; fix makes HWPOISON behave like VM_FAULT_SIGBUS (as for MEMORY_FAILURE on x86) and adds printing of unexpected fau...

CVE-2024-42249

The CVE affects the Linux kernel SPI subsystem. The vulnerability stems from calling spi_maybe_unoptimize_message() in spi_async(), which risks corrupting a message that is likely queued or in use by the controller driver. The proper balancing call already occurs in spi_finalize_current_message()...

CVE-2024-46741

The CVE-2024-46741 issue is in the Linux kernel’s misc/fastrpc subsystem. The root cause is a double free of the fastrpc buffer in the error path of fastrpc_req_mmap(): the buffer is freed in fastrpc_req_munmap_impl() on a successful unmap, but there is an unconditional call to fastrpc_buf_free()...

CVE-2024-50266

CVE-2024-50266 concerns the Linux kernel clk/qcom/videocc-sm8350 path where a venus driver change could cause a stuck vcodec clock (example: video_cc_mvs0_clk) on certain ThinkPad hardware. The issue is triggered by runtime control mode in GDSCs and was resolved by using HW_CTRL_TRIGGER for vcode...

CVE-2024-50277

In CVE-2024-50277, the Linux kernel fixes a crash in the device-mapper path when blk_alloc_disk fails. Specifically, if blk_alloc_disk returns an error, md->disk is set to an error value and cleanup_mapped_device may still access it, leading to a crash at md->disk->private_data = NULL. T...

CVE-2024-56555

CVE-2024-56555 affects the Linux kernel binder subsystem. A race in binder_add_freeze_work() can occur when the process’ rbtree (proc->nodes) lock is intermittently dropped to acquire node locks, allowing binder_deferred_release() to move nodes to binder_dead_nodes. This can corrupt the rb_nex...

CVE-2024-57844

CVE-2024-57844 – Linux kernel (drm/xe): A fault occurs when a userspace fd is kept open, the device is unbound, and the fd is closed; the driver may dereference hardware state, leading to a kernel page fault. The upstream fix guards the critical section with drm_dev_enter()/drm_dev_exit() to avoi...

CVE-2024-57941

CVE-2024-57941 concerns the Linux kernel netfs cache handling. When the cache is temporarily disabled, netfs_advance_write() may bail out without subrequests, leaving folios with PG_private_2 and discarding the request. The root cause is the use of the deprecated PG_private_2 path by netfslib (e....

CVE-2025-22114

CVE-2025-22114 affects the Linux kernel’s BTRFS subsystem. The root cause is a change in btrfs_validate_super() where a call to validate_sys_chunk_array() clobbers a previously set return value, negating earlier validity checks and potentially allowing mounting of invalid filesystems. The issue h...

CVE-2025-37802

CVE-2025-37802 affects the Linux kernel’s ksmbd path. The issue arises from wait_event_timeout() potentially leaving the current task in TASK_UNINTERRUPTIBLE and then acquiring a mutex in ksmbd_durable_scavenger_alive(), which can sleep while holding a lock. The fix removes the unnecessary mutex ...

CVE-2025-37843

CVE-2025-37843 : In the Linux kernel, a race between parent and child PCI hotplug ports can deadlock during nested PCI hotplug removal. A fix was implemented to avoid extra checks when the hotplug port itself was hot-removed, preventing the deadlock (particularly when removing multiple Thunderbol...

CVE-2025-37940

Technical details about CVE-2025-37940 are not provided in the supplied documents. Monitor for updates from vendors/advisories for affected products, versions, and fixes.

CVE-2025-38005

CVE-2025-38005 : In the Linux kernel, the vulnerability stems from a missing locking in the TI k3-udma DMA engine path (udma_start in udma_check_tx_completion). The issue was observed as a warning trace in recent kernels and is resolved by a patch that adds the missing locking (see commits such a...

CVE-2025-38013

CVE-2025-38013 (Linux kernel) : Affected component is the wifi/mac80211 path. The issue is a UBSAN/array-index-out-of-bounds condition reported when setting n_channels during scan request construction, caused by allocating the scan request before the int_scan_req structure is allocated. The fix r...

CVE-2025-38059

The CVE-2025-38059 entry documents a Linux kernel data integrity issue in btrfs: when using rescue=idatacsums, scrub can trigger a NULL pointer dereference due to not loading the csum tree. Concrete root cause: scrub path may call btrfs_search_slot() on a NULL pointer because the NO_DATA_CSUMS fl...

CVE-2025-38159

CVE-2025-38159: Linux kernel wifi/rtw88 fix to prevent out-of-bounds read by enlarging the para buffer from 2 to 6 bytes, since code reads data[0]..data[4] in rtw_fw_bt_wifi_control. Affected component is the kernel’s wifi driver, with Svace-detected reading that could access 5 bytes. Patch/mitig...

CVE-2025-38192

The CVE-2025-38192 issue is in the Linux kernel. A NAT46/ingress BPF path could flip packet SKB protocols without clearing dst, leading to a NULL pointer dereference in ip6_rcv_core when an IPv4 multicast path loops back and IP6 processing runs with a stale IPv4 dst. The fix, described in the adv...

CVE-2025-38436

CVE-2025-38436 affects the Linux kernel’s DRM Scheduler. The issue occurs when killing an entity from application B: drm_sched_entity_kill() removes all jobs for that entity via drm_sched_entity_kill_jobs_work(), but if application A’s job depends on a scheduled fence from application B’s job, th...

CVE-2025-38460

The Astra Linux bulletin confirms CVE-2025-38460 in the Linux kernel: atm: clip: Fix potential null-ptr-deref in to_atmarpd(). The vulnerability arises because to_atmarpd() can be invoked without the RTNL lock, and clip_neigh_solicit() / neigh_ops->solicit() are unsleepable, with no RTNL depen...

CVE-2004-0447

Technical details about CVE-2004-0447 are not publicly available in the provided connected documents. Monitor for updates and new advisories.

CVE-2004-0685

The CVE-2004-0685 issue affects Linux kernel 2.4 USB drivers that use copy_to_user on uninitialized structures, enabling local attackers to read memory not cleared from prior usage and potentially leak sensitive information. The description specifies local/partial impacts on confidentiality and i...

CVE-2004-1137

CVE-2004-1137 affects the Linux kernel 2.4.x (2.4.22–2.4.28) and 2.6.x (up to 2.6.9). The flaws are in IGMP handling (ip_mc_source decrements a counter to -1; igmp_marksources may perform an out-of-bounds read), allowing local or remote attackers to cause denial of service or potentially execute ...

CVE-2005-0449

Technical details beyond the CVE description are not provided in the connected documents; monitor for updates.

CVE-2005-0504

CVE-2005-0504 is a buffer overflow in the MoxaDriverIoctl function of the MOXA serial driver (moxa.c) in Linux 2.2.x, 2.4.x, and 2.6.x prior to 2.6.22. This vulnerability could allow a local unprivileged user to execute arbitrary code via a modified length value. The CVE is referenced in multiple...

CVE-2005-3053

The CVE-2005-3053 issue is a Linux kernel 2.6.x local vulnerability where set_mempolicy accepts a negative first argument, triggering a BUG() and a potential denial of service. The Debian DSAs enumerate CVE-2005-3053 among several local/remote problems in kernel-source-2.6.8 and recommend upgradi...

CVE-2005-3055

CVE-2005-3055 affects the Linux kernel 2.6.8 through 2.6.14-rc2. A local user-space process can issue a USB Request Block (URB) to a USB device and terminate before completion, causing a stale pointer reference and potential kernel OOPS/Denial of Service. Public sources in connected docs confirm ...

CVE-2005-3181

CVE-2005-3181 affects the Linux kernel audit subsystem when CONFIG_AUDITSYSCALL is enabled. The flaw arises from using an incorrect function to free names_cache memory, preventing proper tracking by AUDITSYSCALL and causing a memory leak that can lead to local denial of service via memory exhaust...

CVE-2006-1863

CVE-2006-1863 is a directory traversal vulnerability in CIFS on Linux 2.6.16 and earlier that allows a local user to escape chroot restrictions for an SMB-mounted filesystem via "..\" sequences. The issue is mitigated by applying a kernel update (e.g., as per ChangeLog-2.6.16.11). Mode: C (detail...

CVE-2008-0001

CVE-2008-0001 affects the Linux kernel: VFS in kernels before 2.6.22.16 and 2.6.23.x before 2.6.23.14 tests access permissions using the flag variable instead of the acc_mode flag, potentially allowing a local, unprivileged user to bypass file-write permissions and remove directories. The issue i...

CVE-2008-0010

CVE-2008-0010 concerns the Linux kernel vulnerability in copy_from_user_mmap_sem (fs/splice.c) affecting kernels 2.6.22 through 2.6.24. The root cause is a failure to validate a userspace pointer before dereferencing, which allows a local attacker to read from arbitrary kernel memory locations. A...

CVE-2008-2358

The CVE-2008-2358 entry concerns the Linux kernel DCCP module: an integer overflow in dccp_feat_change within net/dccp/feat.c on kernels 2.6.17–2.6.20 and 2.6.18, enabling a local attacker to trigger a heap-based buffer overflow and gain privileges. Connected advisories reference this issue as pa...

CVE-2008-2372

CVE-2008-2372 affects the Linux kernel versions 2.6.24 and 2.6.25 before 2.6.25.9. The root cause is a lack of ZERO_PAGE optimization in get_user_pages, causing the allocation of many useless newly zeroed pages and enabling a local user to trigger a denial of service through memory exhaustion. Th...

CVE-2009-3001

Technical details about CVE-2009-3001 are not provided in the connected documents; the initial description states a kernel infoleak via getsockname on AF_LLC, but no vendor/product/version specifics or fixes are included. Monitor for updates.

CVE-2009-3722

CVE-2009-3722 affects the Linux kernel KVM subsystem, specifically the x86 VMX path where the handle_dr function in arch/x86/kvm/vmx.c does not properly verify the Current Privilege Level before accessing a debug register. This allows a guest OS user to trigger a denial-of-service (trap) on the h...

CVE-2009-4272

CVE-2009-4272 relates to a Red Hat patch for net/ipv4/route.c in the Linux kernel 2.6.18 on RHEL 5. It enables remote attackers to cause a denial of service (deadlock) by sending crafted packets that trigger collisions in the IPv4 routing hash table, prompting a routing “emergency” with a hash ch...

CVE-2011-0463

CVE-2011-0463 affects the OCFS2 code path in the Linux kernel. The issue is in the function ocfs2_prepare_page_for_write where holes crossing page boundaries are not handled correctly, enabling a local user to read potentially sensitive data from uninitialized disk locations. The description indi...

CVE-2011-2700

CVE-2011-2700 affects the Linux kernel prior to 2.6.39.4 on the N900 platform, where multiple buffer overflows in si4713_write_econtrol_string (drivers/media/radio/si4713-i2c.c) can be triggered by a crafted s_ext_ctrls operation using V4L2_CID_RDS_TX_PS_NAME or V4L2_CID_RDS_TX_RADIO_TEXT. The is...