CVE-2024-57918

Technical details for CVE-2024-57918 are not publicly provided in the connected documents; monitor for updates.

CVE-2025-21746

The CVE-2025-21746 issue affects the Linux kernel Input: synaptics path for enabling a pass-through port. Root cause: when enabling a pass-through port, an interrupt may arrive before the psmouse driver binds, and the synaptics sub-driver may access a psmouse instance not yet attached, potentiall...

CVE-2025-21817

The CVE-2025-21817 entry concerns the Linux kernel block subsystem: GFP_NOIO is now required around sysfs ->store() to prevent potential deadlock when sysfs->store callbacks allocate memory via GFP_KERNEL during direct reclaim. This vulnerability vector arises from GFP_KERNEL allocations ta...

CVE-2025-21827

The CVE-2025-21827 entry is supported by connected sources describing a Linux kernel Bluetooth issue: Mediatek btusb lacked proper locking around usb_driver_claim_interface(), risking a NULL pointer dereference or an "Failed to claim iso interface" error when the code runs via the hci0 path durin...

CVE-2025-21987

CVE-2025-21987: In Linux kernel DRM/AMDGPU, the bug is in init return value in amdgpu_ttm_clear_buffer; an uninitialized value could be returned if amdgpu_res_cleared returns true for all regions. The issue has been fixed via a cherry-picked commit (commit 7c62aacc3b452f73a1284198c81551035fac6d71...

CVE-2025-37760

Technical details about CVE-2025-37760 are not provided in the supplied connected documents. No affected product/version or fix is specified here. Monitor for updates.

CVE-2025-37814

CVE-2025-37814 : In the Linux kernel, the TIOCL_SELMOUSEREPORT ioctl now requires CAP_SYS_ADMIN for all usages. A prior patch loosened this for some modes, but it introduced inconsistent logic and a potential local risk: enabling mouse reports could allow injection-like input into terminal-report...

CVE-2025-37846

CVE-2025-37846 (Linux kernel, arm64) is a vulnerability in the mops path that incorrectly dereferenced the source register during a SET* sequence. The root cause is that the source register (not used for SET* operations) could be read, leading to a UBSAN out-of-bounds array access when the MOPS e...

CVE-2025-38023

CVE-2025-38023 affects the Linux kernel: if nfs_get_lock_context() fails due to ENOMEM, a stored -ENOMEM in an nfs4_unlockdata could be treated as valid and lead to a NULL pointer dereference in nfs4_locku_prepare via rpc_run_task. The fix ensures nfs4_unlockdata is freed when allocation fails an...

CVE-2025-38024

CVE-2025-38024 pertains to the Linux kernel RDMA/rxe path. The issue is a slab-use-after-free Read in rxe_queue_cleanup, triggered when rxe_cq_from_init fails during CQ creation and the subsequent rxe_cleanup is responsible for freeing resources. Some memory has already been freed in rxe_cq_from_...

CVE-2025-38035

CVE-2025-38035 affects the Linux kernel nvmet-tcp path. The vulnerability arises from nvmet-tcp_queue handling where queue->state_change may be NULL when the TCP connection isn’t established, leading to an unnecessary restoration attempt of sock->sk->sk_state_change. The fix ensures that...

CVE-2025-38057

CVE-2025-38057 : In the Linux kernel, the espintcp driver leaked skbs on a few error paths and did not always call kfree_skb. The vulnerability is addressed by a fix to ensure proper skb freeing, as noted in the vulnerability description. Connected sources enumerate this CVE as resolved (with ref...

CVE-2025-38065

CVE-2025-38065 affects the Linux kernel (orangefs) where a 32-bit truncation occurs because len is stored as size_t from i_size_read(), potentially truncating file sizes to 4 GiB. Exploitation is described as local in the CVE metrics. The vulnerability is addressed by kernel fixes referenced in c...

CVE-2025-38078

CVE-2025-38078 affects the Linux kernel ALSA PCM OSS path. A race in buffer-clearing during initialization/reconfiguration could access a potentially freed runtime->dma_area, risking a use-after-free. The mitigation moved the silence-buffer operation into the PCM core and synchronized it under...

CVE-2025-38127

CVE-2025-38127 affects the Linux kernel in the ice driver’s XDP path. When loading an XDP program, the callback can create new Tx queues and must update the Tx scheduler accordingly. A bug left some changes from the XDP preparation unrolled if the Tx scheduler failed, causing a crash (observed tr...

CVE-2025-38143

CVE-2025-38143 (Linux kernel) is addressed in Azure Linux 3.0 by a patch that fixes a NULL-dereference in backlight pm8941 when devm_kasprintf() returns NULL. The issue occurs in wled_configure() due to a missing NULL check after allocation. The fix adds the necessary NULL check after devm_kaspri...

CVE-2025-38185

CVE-2025-38185 (Linux kernel) : The vulnerability in the ATM subsystem (atm/atmtcp.c) arises from freeing an skb with an invalid length in atmtcp_c_send(). The code checks skb->len == 0 but does not fully guard against using skb->data as an atmtcp_hdr when len is non-zero, and when len == 0...

CVE-2025-38214

CVE-2025-38214 affects the Linux kernel fbdev path. The issue arises when fb_add_videomode() in fb_set_var() fails to allocate fb_videomode, potentially causing a null pointer dereference in fb_videomode_to_var() because fb_info->var is modified before modelist validation. The debug trace show...

CVE-2025-38217

The CVE-2025-38217 issue is in the Linux kernel hwmon code path: fts_read() for hwmon_pwm_auto_channels_temp. The bug is a TOCTOU race on data->fan_source[channel], which can be read twice without locking, allowing a change to FTS_FAN_SOURCE_INVALID (0xff) between checks and use, potentially c...

CVE-2025-38234

CVE-2025-38234 affects the Linux kernel sched/rt code. The issue is a race in push_rt_task that can race with task migration and wakeups, potentially leaving a task in a pushable list even after it has migrated or run, leading to scheduler crashes such as NULL dereferences or BUG_ON failures. A f...

CVE-2025-38249

The CVE CVE-2025-38249 affects the Linux kernel ALSA USB-audio path (snd_usb_get_audioformat_uac3). The root cause is that the length returned by snd_usb_ctl_msg() is used directly to allocate memory and then access the buffer as a uac3_cluster_header_descriptor without verifying the buffer size....

CVE-2025-38262

CVE-2025-38262 affects the Linux kernel’s tty/serial uartlite driver. A concurrency race during probe can allow a second instance to bypass uart driver registration, causing uart_add_one_port to run before full initialization and leading to a NULL pointer dereference and kernel panic. The documen...

CVE-2025-38290

CVE-2025-38290 is described in the Azure Linux 3.0 advisory as a Linux kernel vulnerability within the ath12k driver that can cause a kernel panic during WLAN recovery. The issue arises in the arvifs list handling: during WLAN halt, only the arvifs list head is reinitialized, which leaves the nod...

CVE-2025-38337

CVE-2025-38337 : Linux kernel data-race in jbd2_journal_dirty_metadata leading to potential null dereference of handle->h_transaction. The issue arises because handle may be NULL and is not checked before dereferencing, allowing a data race between jbd2_journal_dirty_metadata and ext4/jbd2 han...

CVE-2025-38343

Mode C: CVE-2025-38343 is a Linux kernel WiFi fragmentation issue in mt76/mt7996 where multicast/broadcast RAs fragments are dropped since fragmentation applies only to unicast frames. Connected docs indicate affected packages (e.g., kernel versions

CVE-2025-38363

CVE-2025-38363 : In the Linux kernel, a null pointer dereference could occur in the Tegra DRM driver. Specifically, in tegra_crtc_reset(), memory allocated with kzalloc() is not checked for failure; before calling __drm_atomic_helper_crtc_reset, the CRTC state should be validated to prevent deref...

CVE-2025-38375

CVE-2025-38375: In the Linux kernel, virtio-net could trigger an out-of-bounds read due to not validating the received length against the allocated size when reading buffers from the ring in xdp_linearize_page. The fix adds the missing length check. Affected entries in Debian/Amazon/RH advisories...

CVE-2025-38376

CVE-2025-38376 concerns the Linux kernel USB gadget: udc suspend/resume hang when the host continues data transfer while the bus is active and the controller is gated off. The root cause is that the USB device controller is suspended but the USB bus remains active, causing pending USB requests an...

CVE-2025-38399

CVE-2025-38399 affects the Linux kernel’s SCSI target subsystem, specifically the function core_scsi3_decode_spec_i_port() in target_core_mod. In the error path, it unconditionally calls core_scsi3_lunacl_undepend_item() with dest_se_deve, which may be NULL, risking a NULL pointer dereference and...

CVE-2025-38412

CVE-2025-38412 affects the Linux kernel, specifically the platform/x86 + dell-wmi-sysman component. The issue arises when WMI data blocks retrieved in sysfs callbacks are dereferenced without validating their integrity, potentially leading to use-after-free or invalid access. The associated advis...

CVE-2025-38465

CVE-2025-38465 is a Linux kernel netlink vulnerability related to wraparounds in sk->sk_rmem_alloc. The issue arises from reading and updating sk_rmem_alloc with a pattern like if (atomic_read(&sk->sk_rmem_alloc) > sk->sk_rcvbuf) atomic_add(skb->truesize, &sk->sk_rmem_alloc);, w...

CVE-2025-38485

CVE-2025-38485 affects the Linux kernel IIO FXLS8962AF accelerator driver. The flaw is a use-after-free in fxls8962af_fifo_flush where indio_dev->active_scan_mask is accessed while the device might exit buffer mode mid-interrupt, creating a race that can lead to a NULL pointer dereference. The...

CVE-1999-0381

CVE-1999-0381 affects the syslog utility in super 3.11.6 and other versions, where a buffer overflow allows a local user to gain root privileges. The issue originates from the syslog component, with the impact described as local privilege escalation (root). Available connected documents confirm t...

CVE-2003-0244

CVE-2003-0244 affects the Linux 2.4 kernel (route cache) and the Netfilter IP conntrack module, enabling remote attackers to cause CPU denial of service via forged packets that trigger a high number of hash collisions. The OpenVAS and Debian advisories reference kernel updates across various dist...

CVE-2005-1762

CVE-2005-1762 affects AMD64 Linux kernel 2.6.8.1 and 2.6.10; a ptrace() address verification flaw allows local users to crash the kernel (denial of service). Root cause: inadequate verification of non-canonical addresses in amd64 ptrace. Impact: kernel crash; exploitation requires local access. R...

CVE-2005-3359

CVE-2005-3359 affects Linux kernel 2.6.x (atm module) where certain socket calls can produce inconsistent references counts on loadable protocol modules, enabling a local user to trigger a denial of service (panic). Publicly documented in Debian/DSA-1103-1 and Red Hat/CESA-RHSA-2006:0493 style ad...

CVE-2006-2451

The CVE-2006-2451 issue affects Linux kernel 2.6.13 up to 2.6.17.4 inclusive, and 2.6.16 up to 2.6.16.24, where the suid_dumpable handling enables a local user to cause disk-based denial of service and potentially gain privileges via PR_SET_DUMPABLE when a core dump is created in a directory the ...

CVE-2007-4133

CVE-2007-4133 affects the Linux kernel prior to 2.6.19-rc4. The vulnerability lies in the hugetlbfs code: the functions hugetlb_vmtruncate_list and hugetlb_vmtruncate in fs/hugetlbfs/inode.c perform prio_tree calculations using HPAGE_SIZE instead of PAGE_SIZE units, enabling a local user to trigg...

CVE-2008-0009

The CVE-2008-0009 entry is supported by connected documents: it affects Linux kernel 2.6.22–2.6.24 where vmsplice_to_user dereferences a userspace pointer without validation, enabling local access to kernel memory. The issue is a local privilege‑escalation vulnerability; remediation is associated...

CVE-2009-0935

CVE-2009-0935 affects Linux kernel inotify_read across 2.6.27–2.6.27.13, 2.6.28–2.6.28.2, and 2.6.29-rc3. The issue allows local users to trigger a denial of service (OOPS) by reading with an invalid address to an inotify instance, causing the event list mutex to be unlocked twice and preventing ...

CVE-2009-1360

CVE-2009-1360 affects the Linux kernel prior to 2.6.29 when Network Namespace Support (NET_NS) is enabled. The vulnerability lies in __inet6_check_established in net/ipv6/inet6_hashtables.c, where crafted IPv6 traffic can trigger a NULL pointer dereference, enabling remote denial of service (syst...

CVE-2009-3556

The CVE-2009-3556 issue is confirmed in multiple connected sources: a Red Hat qla2xxx NPIV-related configuration step in the Linux kernel (2.6.18 on RHEL5) leaves /sys/class/scsi_host/vport_create and /sys/class/scsi_host/vport_delete world-writable, enabling local users to alter SCSI host attrib...

CVE-2009-4271

CVE-2009-4271 affects Linux kernel 2.6.9–2.6.17 on x86_64/amd64. A local unprivileged user can trigger a NULL pointer dereference when a crafted 32-bit process calls mprotect on the Virtual Dynamic Shared Object (VDSO) page, potentially causing a kernel panic (DoS). The issue is tied to memory pr...

CVE-2010-1643

CVE-2010-1643 affects the Linux kernel mm/shmem.c: when strict overcommit is enabled, export of shmemfs objects by knfsd is mishandled, allowing a denial of service via NULL pointer dereference and knfsd crash. The issue is fixed in the 2.6.28‑rc3 update (and later); affected users should upgrade...

CVE-2011-4913

CVE-2011-4913 affects the Linux kernel before 2.6.39. The rose_parse_ccitt function in net/rose/rose_subr.c does not validate FAC_CCITT_DEST_NSAP and FAC_CCITT_SRC_NSAP fields, allowing remote attackers to cause a denial of service (integer underflow, heap memory corruption, panic) with a small l...

CVE-2012-2119

CVE-2012-2119 : A buffer overflow in the Linux kernel macvtap device driver (before 3.4.5) can be triggered in certain configurations by a long descriptor with a long vector length, enabling privileged KVM guest users to crash the host (DoS). Affected component: macvtap driver in the Linux kernel...

CVE-2012-2669

CVE-2012-2669 affects the Linux kernel up to 3.4.5 in hv_kvp_daemon (tools/hv/hv_kvp_daemon.c) where Netlink message origin is not validated, allowing a local user to spoof Netlink communication via a crafted connector message. The issue is addressed by a patch included in Linux kernel 3.4.5 (via...

CVE-2013-4514

CVE-2013-4514 affects the Linux kernel up to version 3.11, specifically in drivers/staging/wlags49_h2/wl_priv.c. The vulnerability is caused by multiple buffer overflows in wl_priv.c related to handling a long station-name string, with exploitation requiring CAP_NET_ADMIN. The affected functions ...

CVE-2013-6376

The CVE-2013-6376 issue affects the Linux kernel’s KVM path: the recalculate_apic_map function in arch/x86/kvm/lapic.c, with impact described as a host-OS crash ( denial of service ) via a crafted ICR write in x2apic mode. The connected Nessus advisories (UNITY_LINUX_UTSA series) reproduce the sa...

CVE-2014-5045

CVE-2014-5045 – Linux kernel mountpoint_last bug (pre-3.15.8) Affected: Linux kernel versions prior to 3.15.8.Root cause: The mountpoint_last function in fs/namei.c does not properly maintain a reference count when unmount is used in conjunction with a symlink.Impact: Local users could cause deni...