CVE-2025-38262

CVE-2025-38262 affects the Linux kernel’s tty/serial uartlite driver. A concurrency race during probe can allow a second instance to bypass uart driver registration, causing uart_add_one_port to run before full initialization and leading to a NULL pointer dereference and kernel panic. The documen...

CVE-2025-38289

The CVE-2025-38289 entry concerns the Linux kernel SCSI lpfc driver. It describes a potential use-after-free of an ndlp object in dev_loss_tmo_callbk during driver unload or fatal error handling, leading to a Denial of Service if triggered. The fix reorders code to avoid use-after-free when the i...

CVE-2025-38290

CVE-2025-38290 is described in the Azure Linux 3.0 advisory as a Linux kernel vulnerability within the ath12k driver that can cause a kernel panic during WLAN recovery. The issue arises in the arvifs list handling: during WLAN halt, only the arvifs list head is reinitialized, which leaves the nod...

CVE-2025-38304

CVE-2025-38304 : In the Linux kernel, a NULL pointer dereference in Bluetooth eir_get_service_data (len parameter can be NULL) is fixed. The vulnerability affects the Bluetooth EIR handling path and is rated with LOCAL attack vector and HIGH availability impact, implying potential kernel crash or...

CVE-2025-38332

CVE-2025-38332 (Linux kernel) affects the lpfc SCSI path where BIOSVersion handling could panic due to a misused strlcat/FORTIFY check. The root cause is improper assumptions about buffer sizes, leading to a likely false positive overflow check, and the fix replaces the problematic sequence with ...

CVE-2025-38337

CVE-2025-38337 : Linux kernel data-race in jbd2_journal_dirty_metadata leading to potential null dereference of handle->h_transaction. The issue arises because handle may be NULL and is not checked before dereferencing, allowing a data race between jbd2_journal_dirty_metadata and ext4/jbd2 han...

CVE-2025-38345

CVE-2025-38345: Linux kernel ACPICA ACPI operand cache leak in dswstate.c fixed by ACPICA patch (commit 987a3b5c...). Root cause: miscalculated stack top in acpi_ds_obj_stack_pop_and_delete() vs acpi_ds_obj_stack_push(), leading to kmem_cache_destroy Acpi-Operand memory leak during early terminat...

CVE-2025-38354

CVE-2025-38354 (Linux kernel, DRM/MSM GPU): A crash can occur when throttling GPU immediately during boot if the GPU is already hot, because of an early call to of_devfreq_cooling_register() that may access GMU registers before initialization. The root cause is that msm_devfreq_init may suspend d...

CVE-2025-38375

CVE-2025-38375: In the Linux kernel, virtio-net could trigger an out-of-bounds read due to not validating the received length against the allocated size when reading buffers from the ring in xdp_linearize_page. The fix adds the missing length check. Affected entries in Debian/Amazon/RH advisories...

CVE-2025-38384

CVE-2025-38384 affects the Linux kernel’s MTD spinand/ECC engine path. The root cause is a memory leak where ECC engine configuration memory allocated during ECC init is not released during spinand cleanup. The leak trace shows kmemleak reporting an unreferenced object during spinand probe/init p...

CVE-2025-38441

CVE-2025-38441 affects the Linux kernel netfilter flowtable nf_flow_pppoe_proto() where the Ethernet header was not accounted for in PPPoE offload logic, leading to potential use of uninitialized data (KMSAN). The vulnerability is locally exploitable; CVSS 3.1/AV:L/AC:L/PR:L/UI:N/S:U/I:N/A:H with...

CVE-2025-38463

The CVE-2025-38463 issue is a Linux kernel vulnerability in the TCP skb remaining space calculation. The bug arises from signedness handling when computing copy = size_goal - skb->len, where copy becomes an unsigned result that is then assigned to a 64-bit signed copy, causing copy to stay non...

CVE-2025-38485

CVE-2025-38485 affects the Linux kernel IIO FXLS8962AF accelerator driver. The flaw is a use-after-free in fxls8962af_fifo_flush where indio_dev->active_scan_mask is accessed while the device might exit buffer mode mid-interrupt, creating a race that can lead to a NULL pointer dereference. The...

CVE-1999-0183

CVE-1999-0183 affects Linux implementations of TFTP, described as allowing traversal to read files outside the restricted directory. The OpenVAS/Nessus entries confirm a directory-traversal vulnerability enabling arbitrary file reads via TFTP server responses (e.g., tftpd misconfiguration allows ...

CVE-2003-0244

CVE-2003-0244 affects the Linux 2.4 kernel (route cache) and the Netfilter IP conntrack module, enabling remote attackers to cause CPU denial of service via forged packets that trigger a high number of hash collisions. The OpenVAS and Debian advisories reference kernel updates across various dist...

CVE-2005-3359

CVE-2005-3359 affects Linux kernel 2.6.x (atm module) where certain socket calls can produce inconsistent references counts on loadable protocol modules, enabling a local user to trigger a denial of service (panic). Publicly documented in Debian/DSA-1103-1 and Red Hat/CESA-RHSA-2006:0493 style ad...

CVE-2007-6716

CVE-2007-6716 affects the Linux kernel before 2.6.23, where in the dio subsystem the file system’s direct-io path (fs/direct-io.c) may fail to zero out the dio struct. This can allow a local user to cause a denial of service (OOPS), as demonstrated by a fio test. The connected documents confirm t...

CVE-2008-5702

CVE-2008-5702 concerns a buffer underflow in the Linux kernel watchdog driver IB700 SBC (ib700wdt.c) via the ibwdt_ioctl path. Affected software is the Linux kernel prior to 2.6.28-rc1; exploitation could occur through a WDIOC_SETTIMEOUT ioctl on /dev/watchdog by a local user. The Initial Descrip...

CVE-2010-0623

The CVE-2010-0623 issue affects the Linux kernel versions prior to 2.6.33-rc7, where futex_lock_pi in kernel/futex.c mishandles a reference count. This allows local users to trigger a denial of service (OOPS) by exploiting an unmount of an ext3 filesystem. The SUSE entry confirms the same descrip...

CVE-2010-1643

CVE-2010-1643 affects the Linux kernel mm/shmem.c: when strict overcommit is enabled, export of shmemfs objects by knfsd is mishandled, allowing a denial of service via NULL pointer dereference and knfsd crash. The issue is fixed in the 2.6.28‑rc3 update (and later); affected users should upgrade...

CVE-2011-1169

CVE-2011-1169 affects the Linux kernel before 2.6.38.1 via an array index error in the AudioScience HPI driver (sound/pci/asihpi/hpioctl.c) that can memory-corrupt local kernel data and may allow local privilege escalation. Connected advisories (SUSE/Ubuntu) confirm the root cause and impact, wit...

CVE-2011-1477

CVE-2011-1477 affects the Linux kernel (sound/oss/opl3.c) through multiple array index errors before 2.6.39. These flaws allow local users to cause a denial of service via heap memory corruption and, potentially, gain privileges by writing to /dev/sequencer. The issue is tied to Yamaha YM3812/OPL...

CVE-2011-2942

CVE-2011-2942 is tied to a Red Hat patch affecting the Linux kernel 2.6.18-... on RHEL 5. The issue is in the bridge forward path, specifically br_forward.c __br_deliver, enabling a remote attacker on a bridged network to trigger a NULL pointer dereference and system crash (DoS) or potentially ot...

CVE-2011-4913

CVE-2011-4913 affects the Linux kernel before 2.6.39. The rose_parse_ccitt function in net/rose/rose_subr.c does not validate FAC_CCITT_DEST_NSAP and FAC_CCITT_SRC_NSAP fields, allowing remote attackers to cause a denial of service (integer underflow, heap memory corruption, panic) with a small l...

CVE-2011-4914

The CVE-2011-4914 issue affects the Linux kernel ROSE protocol implementation prior to 2.6.39. It arises because data-length values are not verified against the actual data sent, enabling remote attackers to read kernel memory (out-of-bounds read) or cause a denial of service via crafted data to ...

CVE-2012-2119

CVE-2012-2119 : A buffer overflow in the Linux kernel macvtap device driver (before 3.4.5) can be triggered in certain configurations by a long descriptor with a long vector length, enabling privileged KVM guest users to crash the host (DoS). Affected component: macvtap driver in the Linux kernel...

CVE-2012-2669

CVE-2012-2669 affects the Linux kernel up to 3.4.5 in hv_kvp_daemon (tools/hv/hv_kvp_daemon.c) where Netlink message origin is not validated, allowing a local user to spoof Netlink communication via a crafted connector message. The issue is addressed by a patch included in Linux kernel 3.4.5 (via...

CVE-2013-0313

CVE-2013-0313 affects the Linux kernel: when EVM is enabled, the evm_update_evmxattr function in security/integrity/evm/evm_crypto.c in versions before 3.7.5 is vulnerable to a local-denial-of-service via an attempted removexattr operation on a sockfs inode, causing a NULL pointer dereference and...

CVE-2013-4514

CVE-2013-4514 affects the Linux kernel up to version 3.11, specifically in drivers/staging/wlags49_h2/wl_priv.c. The vulnerability is caused by multiple buffer overflows in wl_priv.c related to handling a long station-name string, with exploitation requiring CAP_NET_ADMIN. The affected functions ...

CVE-2016-9919

The CVE-2016-9919 entry concerns the Linux kernel y icmp6_send in net/ipv6/icmp.c, vulnerable through kernel version 4.8.12. The flaw omits a check of the dst data structure, allowing remote attackers to trigger a denial of service (panic) by sending a fragmented IPv6 packet. Connected advisories...

CVE-2017-0627

The CVE-2017-0627 entry concerns an information-disclosure vulnerability in the Android kernel UVC driver (affecting Kernel-3.10 and Kernel-3.18). The vulnerability could let a local, privileged process access data outside its normal permissions. The description indicates the issue is triggered b...

CVE-2017-18200

CVE-2017-18200 affects the f2fs implementation in the Linux kernel prior to 4.14. The root cause is mishandled reference counts associated with f2fs_wait_discard_bios calls, which can enable a local user to cause a denial of service, demonstrated by fstrim. Public exploit details are not provided...

CVE-2017-9984

The CVE-2017-9984 issue affects the Linux kernel’s snd_msnd_interrupt path (sound/isa/msnd/msnd_pinnacle.c) and is a local, double-fetch vulnerability that can allow over-boundary access to a message queue head pointer, potentially enabling DoS or other impact. The advisory notes vulnerable until...

CVE-2021-47083

CVE-2021-47083 affects the Linux kernel’s pinctrl Mediatek code: when the eint virtual EINT number exceeds the GPIO count, it can trigger a global-out-of-bounds write to desc[eint_n]. The issue was fixed in the mediatek pinctrl path (pinctrl: mediatek: fix global-out-of-bounds issue). No exploit ...

CVE-2021-47091

CVE-2021-47091 affects the Linux kernel mac80211 component. Root cause: locking in ieee80211_start_ap error path where local channel context release wasn’t guaranteed to hold local->mtx, risking improper synchronization. The fix enforces holding local->mtx when releasing the channel context...

CVE-2021-47109

CVE-2021-47109: In the Linux kernel, IFF_POINTOPOINT interfaces use NUD_NOARP entries for IPv6. An attacker can force GC of NUD_NOARP entries by overflowing the neighbour table, leading to valid connections being dropped. The issue is tied to a change around neighbor garbage collection (commit 58...

CVE-2021-47139

CVE-2021-47139 affects the Linux kernel hns3 driver. A race occurs because the netdevice is registered before client initialization completes, creating a window where changes to channels or rx CPU map can trigger hns3_set_rx_cpu_rmap() twice, leading to a crash (BUG at lib/cpu_rmap.c). The fix, a...

CVE-2021-47160

CVE-2021-47160 corresponds to a Linux kernel vulnerability where PCR_MATRIX was set to all-ones when VLAN filtering was enabled and not reset when disabled, potentially allowing VLAN traffic leaks between bridges br0 and br1. The issue is addressed by removing the PCR_MATRIX write from mt7530_por...

CVE-2021-47161

CVE-2021-47161 affects the Linux kernel SPI driver spi-fsl-dspi, where a resource leak could occur in an error path during probe. The issue is mitigated by ensuring that dspi_request_dma() is properly undone with a matching dspi_release_dma() call in the probe’s error handling path (as already do...

CVE-2021-47180

The CVE-2021-47180 entry concerns a Linux kernel NFC component memory-leak in nci_allocate_device, with nfcmrvl_disconnect failing to free the hci_dev field and a fix to release hci_dev in nci_free_device. Connected documents (Astra Linux and Nessus-derived advisories) confirm the issue and its r...

CVE-2021-47206

CVE-2021-47206 is a Linux kernel vulnerability in the usb: host: ohci-tmio path. The root cause is a missing check of the return value from platform_get_resource(), which can lead to a NULL pointer dereference and a potential crash (availability impact). The vulnerability is resolved in the kerne...

CVE-2021-47216

CVE-2021-47216 affects the Linux kernel SCSI AdvanSys driver. The root cause is a kernel pointer leak caused by printing pointers cast to unsigned long with %lx instead of using %p/%px. A patch fixes the issue by changing pointer printing format from %lx to %p, effectively printing the hashed poi...

CVE-2021-47223

The CVE-2021-47223 issue is a Linux kernel vulnerability in the bridge/net subsystem: a tunnel_dst null pointer dereference during VLAN tunnel egress caused by a lockless access pattern when deleting a VLAN tunnel. The patch fixes this by using READ/WRITE_ONCE for tunnel_id, applying RCUs for tun...

CVE-2021-47226

CVE-2021-47226 describes a Linux kernel issue where an XRSTOR on a user-buffered FPU state could fail with a page fault yet modify the destination task’s FPU state. The root cause is that during __fpu__restore_sig(), XRSTOR could run with preserved registers for a different task (fpu_fpregs_owner...

CVE-2021-47245

CVE-2021-47245 affects the Linux kernel netfilter synproxy TCP option parser. The vulnerability arises from an out-of-bounds read in synproxy_parse_options when parsing TCP options; if length equals 1, the loop reads an opcode byte and, if it is not TCPOPT_EOL or TCPOPT_NOP, reads one more byte, ...

CVE-2021-47262

CVE-2021-47262 concerns the Linux kernel KVM subsystem. The issue arises in the x86 KVM tracepoint handling for nested VM-Enter failures, where string literals used by the “nested VM-Enter failed” tracepoint could outlive memory they reference if the tracepoint is emitted from modules (e.g., kvm-...

CVE-2021-47343

CVE-2021-47343 is a Linux kernel issue in the device-mapper (dm) btree removal path. The bug could cause an uninitialized value to be assigned to new_root when removal fails, leading to out-of-bounds access in dm-thin metadata (details_root/details_info) and potential general protection faults. T...

CVE-2021-47346

The CVE-2021-47346 entry concerns a Linux kernel vulnerability in coresight’s tmc-etf path. A global-out-of-bounds read (KASAN) occurred in tmc_update_etf_buffer() due to reading barrier_pkt beyond its allocated size after barrier_pkt trailing null removal in a prior patch. The issue is triggered...

CVE-2021-47369

CVE-2021-47369 — Linux kernel (s390/qeth): The issue is a NULL dereference in qeth_clear_working_pool_list() triggered when qeth_set_online() rolls back after an error in qeth_hardsetup_card(), before card->qdio.in_q has been allocated by qeth_alloc_qdio_queues() via qeth_mpc_initialize(). Thi...

CVE-2021-47370

CVE-2021-47370 affects the Linux kernel and concerns the MPTCP path: a signed/unsigned comparison in the code path that refills the TX cache can misbehave when size_goal is smaller than skb->len, causing the core TCP path to allocate an skb without the MPTCP extension. The fix rewrites the exp...