CVE-2025-38386

The CVE-2025-38386 entry relates to ACPICA in the Linux kernel. Root cause: AML/ACPICA could crash via use-after-free when a platform firmware update increased method parameter counts and callers weren’t updated. Fix: ACPICA now refuses to evaluate a method if the caller passes fewer arguments th...

CVE-2025-38403

Summary (CVE-2025-38403) : In the Linux kernel, the vmci transport path (vsock/vmci) had a fix to clear the vmci_transport_packet before populating fields in vmci_transport_packet_init to avoid leaving uninitialised data. This change addresses an information leakage/contamination risk related to ...

CVE-2025-38441

CVE-2025-38441 affects the Linux kernel netfilter flowtable nf_flow_pppoe_proto() where the Ethernet header was not accounted for in PPPoE offload logic, leading to potential use of uninitialized data (KMSAN). The vulnerability is locally exploitable; CVSS 3.1/AV:L/AC:L/PR:L/UI:N/S:U/I:N/A:H with...

CVE-2025-38449

CVE-2025-38449 affects the Linux kernel DRM/GEM subsystem. The issue arises when a GEM handle is released while the GEM buffer object remains attached to a DRM framebuffer, which can lead to releasing the dma-buf backing the buffer. Subsequent mode-setting operations may trigger a segmentation fa...

CVE-2025-38463

The CVE-2025-38463 issue is a Linux kernel vulnerability in the TCP skb remaining space calculation. The bug arises from signedness handling when computing copy = size_goal - skb->len, where copy becomes an unsigned result that is then assigned to a 64-bit signed copy, causing copy to stay non...

CVE-2025-38468

CVE-2025-38468 in the Linux kernel affects the net/sched path where htb_lookup_leaf may trigger BUG_ON when handling an empty red-black tree during HTB dequeue. The described stack shows a sequence ending with a BUG_ON in htb_lookup_leaf, which is resolved by returning NULL from htb_lookup_leaf (...

CVE-2025-38488

CVE-2025-38488 affects the Linux kernel SMB client path (crypt_message) where async crypto could lead to use-after-free when hardware accelerators return -EINPROGRESS. The issue arose after CVE-2024-50047 fixed async handling for all operations but hardware offload could still complete asynchrono...

CVE-1999-0183

CVE-1999-0183 affects Linux implementations of TFTP, described as allowing traversal to read files outside the restricted directory. The OpenVAS/Nessus entries confirm a directory-traversal vulnerability enabling arbitrary file reads via TFTP server responses (e.g., tftpd misconfiguration allows ...

CVE-2004-0986

The CVE-2004-0986 issue affects iptables before 1.2.11, where under certain conditions the required modules fail to load at system startup, causing firewall rules to not be loaded and leaving the system potentially exposed to remote attackers. Connected advisories (SUSE, Debian DSA-580-1, Ubuntu ...

CVE-2005-0178

CVE-2005-0178 describes a race condition in the setsid() handling of the Linux kernel before 2.6.8.1. Local users could crash the kernel and potentially access portions of kernel memory related to TTY changes, locking, and semaphores. Affected software: Linux kernel versions prior to 2.6.8.1 (per...

CVE-2006-3741

CVE-2006-3741 concerns the perfmonctl (sys_perfmonctl) system call in Linux kernels 2.4.x and 2.6.x prior to 2.6.18 on Itanium. The issue is an improper reference-count accounting for file descriptors, which can allow local users to exhaust file descriptors and cause a denial of service. The desc...

CVE-2006-6304

The CVE-2006-6304 issue affects Linux kernel 2.6.19 where do_coredump in fs/exec.c sets the O_EXCL flag but does not use it, enabling a context-dependent attacker to modify arbitrary files via a core-dump rewrite attack. A fix is available in the kernel changelog (2.6.19.1) and related advisories...

CVE-2007-0958

CVE-2007-0958 : In Linux kernel 2.6.x before 2.6.20, local users can read unreadable binaries by abusing the PT_INTERP interpreter mechanism, triggering a core dump. This is a local-privilege issue; the described impact is to read binaries via core-dump behavior. According to the changelog refere...

CVE-2007-6716

CVE-2007-6716 affects the Linux kernel before 2.6.23, where in the dio subsystem the file system’s direct-io path (fs/direct-io.c) may fail to zero out the dio struct. This can allow a local user to cause a denial of service (OOPS), as demonstrated by a fio test. The connected documents confirm t...

CVE-2007-6761

CVE-2007-6761 affects the Linux kernel up to version 2.6.23/24 era: the videobuf-vmalloc.c path (drivers/media/video) contains uninitialized videobuf_mapping data structures. This can allow a local attacker to trigger an incorrect memory-management state and a videobuf leak via unspecified vector...

CVE-2008-2544

CVE-2008-2544 describes a local bypass where mounting the /proc filesystem inside a chroot can occur in read-write mode, allowing a user to bypass the chroot and gain write access to files they would not normally access. The connected documents reiterate the same description but do not provide pr...

CVE-2009-0746

The CVE-2009-0746 entry concerns the Linux kernel ext4 code: make_indexed_dir in fs/ext4/namei.c fails to validate a rec_len field, allowing a local attacker to trigger a denial of service (OOPS) by mounting a crafted ext4 filesystem. Affected is kernel 2.6.27 up to 2.6.27.19 and 2.6.28 up to 2.6...

CVE-2010-1451

CVE-2010-1451 affects the SPARC build of the Linux kernel prior to 2.6.33, where TSB I-TLB load handling in arch/sparc/kernel/tsb.S fails to correctly obtain the _PAGE_EXEC_4U bit, resulting in an incompletely implemented non-executable stack. This could allow context-dependent local attackers to...

CVE-2010-2071

The CVE-2010-2071 entry corresponds to the Linux kernel issue where the btrfs_xattr_set_acl function in fs/btrfs/acl.c did not verify file ownership before applying ACLs. Affected: Linux kernel 2.6.34 and earlier. Impact: local users can bypass file permissions by setting arbitrary ACLs (demonstr...

CVE-2010-4343

CVE-2010-4343 affects the Linux kernel, where drivers/scsi/bfa/bfa_core.c may fail to initialize a port data structure in fc_host, enabling a local user to crash the system by reading the fc_host statistics file. This is fixed in kernel versions starting with 2.6.35 (i.e., patched in 2.6.35+). Ev...

CVE-2011-2909

Summary (CVE-2011-2909): The Linux kernel (do_devinfo_ioctl in drivers/staging/comedi/comedi_fops.c) before 3.1 allows local users to leak sensitive kernel memory content through a copy of a short string. This is described as an information leak in the kernel staging area. Impact is local confide...

CVE-2012-0055

CVE-2012-0055 concerns OverlayFS in the Linux kernel, affected in versions before 3.0.0-16.28 (as used in Ubuntu 10.04 LTS and 11.10). The vulnerability stems from missing inode security checks in OverlayFS, enabling an attacker to bypass security restrictions and perform unauthorized actions. Th...

CVE-2012-2745

CVE-2012-2745 affects the Linux kernel prior to 3.3.2. The copy_creds function in kernel/cred.c may provide an invalid replacement session keyring to a child process, allowing local users to cause a denial of service (panic) via a crafted fork. Affected: Linux kernel

CVE-2012-5532

The CVE-2012-5532 issue exists in the Linux kernel hypervkvpd hv_kvp_daemon: the main function in tools/hv/hv_kvp_daemon.c allows a local user to trigger a denial of service (daemon exit) via a crafted Netlink message. It is noted as a consequence of an incorrect fix for CVE-2012-2669, and a patc...

CVE-2015-2672

The CVE-2015-2672 entry concerns the Linux kernel’s xsave/xrstor implementation (arch/x86/include/asm/xsave.h). Vulnerable code paths exist in kernels before 3.19.2 where certain .altinstr_replacement pointers are created, failing to provide protection against instruction faulting. Local attacker...

CVE-2016-10764

In CVE-2016-10764, the vulnerability is in the Linux kernel before 4.9.6: the cadence-quadspi.c file in drivers/mtd/spi-nor contains an off-by-one error in cqspi_setup_flash() where the f_pdata array uses CQSPI_MAX_CHIPSELECT elements and the comparison should be >= instead of >. This is co...

CVE-2017-9986

The CVE-2017-9986 issue affects the Linux kernel’s sound/oss/msnd_pinnacle.c: the intr function is vulnerable to a double-fetch scenario when the message queue head pointer is read between two kernel reads, up to kernel versions through 4.11.7. This local condition allows a unprivileged user to c...

CVE-2021-47083

CVE-2021-47083 affects the Linux kernel’s pinctrl Mediatek code: when the eint virtual EINT number exceeds the GPIO count, it can trigger a global-out-of-bounds write to desc[eint_n]. The issue was fixed in the mediatek pinctrl path (pinctrl: mediatek: fix global-out-of-bounds issue). No exploit ...

CVE-2021-47152

CVE-2021-47152 concerns a Linux kernel vulnerability in the MPTCP data path that can cause data stream corruption. The root cause is that mptcp_frag_can_collapse_to() could reuse memory fragments when non-MPTCP protocols allocate page fragments, leading to corruption of mptcp_data_frag. The fix, ...

CVE-2021-47160

CVE-2021-47160 corresponds to a Linux kernel vulnerability where PCR_MATRIX was set to all-ones when VLAN filtering was enabled and not reset when disabled, potentially allowing VLAN traffic leaks between bridges br0 and br1. The issue is addressed by removing the PCR_MATRIX write from mt7530_por...

CVE-2021-47161

CVE-2021-47161 affects the Linux kernel SPI driver spi-fsl-dspi, where a resource leak could occur in an error path during probe. The issue is mitigated by ensuring that dspi_request_dma() is properly undone with a matching dspi_release_dma() call in the probe’s error handling path (as already do...

CVE-2021-47180

The CVE-2021-47180 entry concerns a Linux kernel NFC component memory-leak in nci_allocate_device, with nfcmrvl_disconnect failing to free the hci_dev field and a fix to release hci_dev in nci_free_device. Connected documents (Astra Linux and Nessus-derived advisories) confirm the issue and its r...

CVE-2021-47206

CVE-2021-47206 is a Linux kernel vulnerability in the usb: host: ohci-tmio path. The root cause is a missing check of the return value from platform_get_resource(), which can lead to a NULL pointer dereference and a potential crash (availability impact). The vulnerability is resolved in the kerne...

CVE-2021-47223

The CVE-2021-47223 issue is a Linux kernel vulnerability in the bridge/net subsystem: a tunnel_dst null pointer dereference during VLAN tunnel egress caused by a lockless access pattern when deleting a VLAN tunnel. The patch fixes this by using READ/WRITE_ONCE for tunnel_id, applying RCUs for tun...

CVE-2021-47226

CVE-2021-47226 describes a Linux kernel issue where an XRSTOR on a user-buffered FPU state could fail with a page fault yet modify the destination task’s FPU state. The root cause is that during __fpu__restore_sig(), XRSTOR could run with preserved registers for a different task (fpu_fpregs_owner...

CVE-2021-47245

CVE-2021-47245 affects the Linux kernel netfilter synproxy TCP option parser. The vulnerability arises from an out-of-bounds read in synproxy_parse_options when parsing TCP options; if length equals 1, the loop reads an opcode byte and, if it is not TCPOPT_EOL or TCPOPT_NOP, reads one more byte, ...

CVE-2021-47346

The CVE-2021-47346 entry concerns a Linux kernel vulnerability in coresight’s tmc-etf path. A global-out-of-bounds read (KASAN) occurred in tmc_update_etf_buffer() due to reading barrier_pkt beyond its allocated size after barrier_pkt trailing null removal in a prior patch. The issue is triggered...

CVE-2021-47369

CVE-2021-47369 — Linux kernel (s390/qeth): The issue is a NULL dereference in qeth_clear_working_pool_list() triggered when qeth_set_online() rolls back after an error in qeth_hardsetup_card(), before card->qdio.in_q has been allocated by qeth_alloc_qdio_queues() via qeth_mpc_initialize(). Thi...

CVE-2021-47370

CVE-2021-47370 affects the Linux kernel and concerns the MPTCP path: a signed/unsigned comparison in the code path that refills the TX cache can misbehave when size_goal is smaller than skb->len, causing the core TCP path to allocate an skb without the MPTCP extension. The fix rewrites the exp...

CVE-2021-47422

CVE-2021-47422 affects the Linux kernel’s drm/nouveau/kms/nv50- component. The issue is a memory leak where an op allocated by single_open() is not freed if single_release() is not called. The vulnerability is described as a local-privilege context with a potential availability impact, with CVSS ...

CVE-2021-47523

CVE-2021-47523 affects the Linux kernel’s IB/hfi1 path. The issue is a leak of rcvhdrtail_dummy_kvaddr which is allocated in hfi1_init() and can be overwritten on a reinit path, leading to a memory leak. The fix moves the allocation to hfi1_alloc_devdata() and deallocation to hfi1_free_devdata(),...

CVE-2021-47564

CVE-2021-47564 relates to a Linux kernel issue in the marvell prestera driver where an error-path double free could crash the driver. The vulnerability stems from fixable error-path handling in prestera_bridge_port_join(), leading to a crash on the prestera device (trace includes prestera_bridge_...

CVE-2022-2327

CVE-2022-2327 affects the Linux kernel io_uring path: use of work_flags to determine identity for IORING_OP may cause missing types, leading to incorrect reference counts and a double free. The primary public advisory notes the root cause is in the kernel io_uring identity handling and recommends...

CVE-2022-48645

CVE-2022-48645 – Linux kernel ENETC offload: The TSN features (taprio, cbs, gate, police) could be configured via PF registers but were not intended to be accessible from VFs. Accessing VF-exposed registers could trigger kernel paging faults and a crash. The fix split enetc_setup_tc() into separa...

CVE-2022-48667

The connected documents confirm CVE-2022-48667 affects the Linux kernel SMB3 insert-range path, where an affected cached region is not discarded, risking temporary file data corruption. The issue has been fixed in kernel code (see related commits and advisories from Astra Linux, SUSE, Microsoft, ...

CVE-2022-48671

CVE-2022-48671 affects the Linux kernel in the cgroup subsystem: a missing cpus_read_lock() in cgroup_attach_task_all() allowed a deadlock with threadgroup_rwsem, mitigated by adding cpus_read_lock() (aligned with cgroup_procs_write_start()). The issue was observed by syzbot at cpuset_attach() an...

CVE-2022-48717

CVE-2022-48717 concerns the Linux kernel ASoC max9759 driver, where an underflow could occur in speaker_gain_control_put() if priv->gain is negative, risking out-of-bounds access via snd_ctl_elem_write_user()/snd_ctl_elem_write()/kctl->put(). The fix adds a check for negative values of priv...

CVE-2022-48720

The CVE-2022-48720 issue in the Linux kernel affects the macsec netdev offload path. The root cause is that NETDEV_UNREGISTER handling in the macsec netdev notify path released only software resources, leaving macsec HW offload resources under the underlay driver uncleaned, causing a resource lea...

CVE-2022-48724

CVE-2022-48724 concerns a memory leak in the Linux kernel’s IOMMU VT-d path during intel_setup_irq_remapping. The description in multiple connected documents states that after commit e3beca48a45b, the tear-down path could leak memory when dmar_enable_qi() errors, and that free() of the function p...

CVE-2022-48756

CVE-2022-48756 relates to the Linux kernel DRM MSM DSI driver. The vulnerability stems from an invalid parameter check in msm_dsi_phy_enable where the function uses the PHY input before validating it, risking a NULL pointer dereference. The fix is to initialize the dev variable after performing t...