13804 matches found
CVE-2024-26780
CVE-2024-26780 | Linux kernel (af_unix) — The vulnerability centers on a task hang during purging oob_skb in GC. The root cause is that list_for_each_entry_safe() is not actually safe when a single skb has references from multiple sockets; freeing such an skb can unlink current and next sockets i...
CVE-2024-26781
CVE-2024-26781: In the Linux kernel, a deadlock could occur in Multipath TCP (mptcp) subflow diagnostic code due to a circular locking dependency reported by Syzbot/Eric. The issue involves tcp_diag and related subflow diagnostic paths (tcp_diag_put_ulp, tcp_diag_get_aux, inet_diag_dump_icsk) and...
CVE-2024-26799
The CVE-2024-26799 vulnerability affects the Linux kernel ASoC: qcom driver, where __lpass_get_dmactl_handle could leave dmactl uninitialized when the driver dai_id is invalid. This could allow a garbage value to bypass a null check. It has been fixed by initializing dmactl to NULL (aligned with ...
CVE-2024-26823
CVE-2024-26823 affects the Linux kernel ITS quirk probing for ACPI-based systems. The issue arose when quirks for ACPI platforms were dropped during ITS probing, causing GICv4 functionality loss or boot failure on some systems (e.g., HIP07) unless booted with DT. The fix moves enabling of quirks ...
CVE-2024-26849
CVE-2024-26849 is a Linux kernel vulnerability affecting netlink attribute policy for NFTA_TARGET_REV. The minlen entry for NLA_BE32 is zero, causing validation to read past a malformed attribute (risk of kernelread). Concrete details appear in connected advisories (e.g., kernel commits a2ab02815...
CVE-2024-26867
CVE-2024-26867 concerns the Linux kernel issue in comedi_8255: subdevice initialization. The root cause, described across multiple sources, is a refactoring in comdrivers/comedi_8255.c where the io field in subdev_8255_private could be left NULL after initialization, because __subdev_8255_init() ...
CVE-2024-35836
CVE-2024-35836 affects the Linux kernel's dpll/pin handling logic. When a kernel module is unbound but pin resources for the same PCI device persist in memory, rebinding can leave the prop pointer stale to deallocated module memory. Invoking a pin-dump in this state crashes the kernel. The fix st...
CVE-2024-35948
In the Linux kernel (bcachefs), a missing bounds check in superblock validation allowed journal entries to overrun the end of the clean section. The issue has been fixed with a bounds-check in the superblock validation path. No repair code for individual items is available; the entire superblock ...
CVE-2024-36943
CVE-2024-36943 affects the Linux kernel’s pagemap/proc task_mmu path. The issue arises in the pattern used by make_uffd_wp_pte() where interleaving reads and writes could lose young/dirty bits during a pagemap scan, due to a race around ptep_modify_prot_start() and subsequent updates. The documen...
CVE-2024-36958
CVE-2024-36958 affects the Linux kernel NFSD component: nfsd4_encode_fattr4() can crash due to args.acl being used after lack of initialization, leading to an unconditional kfree() path. The documented impact is local access with potential availability degradation (CVSS: Local, Availability High)...
CVE-2024-38622
CVE-2024-38622 concerns a Linux kernel issue in drm/msm/dpu where dpu_core_irq_callback_handler() checks a callback pointer for NULL but then unconditionally calls it. The vulnerability arises from calling a possibly NULL function pointer, which could lead to kernel behavior disruption. The fix a...
CVE-2024-41061
CVE-2024-41061: In the Linux kernel’s DRM/AMD display code, an array-index-out-of-bounds can occur in dml2/FCLKChangeSupport when using out_lowest_state_idx as an index. The core fix is to always use index 0 in the condition to prevent out-of-bounds access. The vulnerability impact is rated HIGH ...
CVE-2024-42146
CVE-2024-42146: Linux kernel DRM/XE vulnerability fixed by adding outer runtime PM protection to xe_live_ktest@xe_dma_buf. The issue arose because kunit tests performing memory access did not use outer runtime_pm protections, leaving inner callers unprotected. Root cause: missing outer runtime PM...
CVE-2024-42162
CVE-2024-42162 : In the Linux kernel gve driver, reading NIC statistics could access priv->stats_report->stats when the NIC reported stats for only a subset of queues. The fix adds accounting for stopped queues to prevent invalid access. This is a high‑severity (CVSS v3.1 base score 7.0) lo...
CVE-2024-43875
CVE-2024-43875 affects the Linux kernel PCI endpoint code, specifically vpci_scan_bus in drivers/pci/endpoint/functions/pci-epf-vntb.c. The issue is improper NULL checking and error handling: Smatch reported that vpci_bus could be NULL, leading to an error path that would crash instead of returni...
CVE-2024-43877
The CVE-2024-43877 vulnerability affects the Linux kernel’s media: pci: ivtv implementation. When DMA mapping fails, dma->SG_length can be 0, and code later accesses dma->SGarray[dma->SG_length - 1], causing an out-of-bounds read. The fix adds an early return on invalid DMA map results a...
CVE-2024-44978
CVE-2024-44978 affects the Linux kernel DRM/XE subsystem. The issue is a use-after-free risk where the last xe_exec_queue_put could destroy the VM if job->vm becomes invalid. The fix prevents this by freeing the job before xe_exec_queue_put, cherry-picking commit 32a42c93b74c8ca6d0915ea3eba21b...
CVE-2024-57923
CVE-2024-57923 covers a Linux kernel issue in btrfs zlib HW compression on s390 where input length passed to zlib_compress_folios() could exceed input range due to strm.avail_in calculation becoming a multiple of PAGE_SIZE. The result is an assertion in btrfs_compress_folios() (total_in > orig...
CVE-2025-21713
CVE-2025-21713 affects the PowerPC/ pSeries IOMMU path in the Linux kernel. The issue occurs when reusing the same vfio container across different IOMMU groups, where spapr_tce_set_window() may lead to cleanup that dereferences a null or invalid tbl, causing a kernel crash (NULL pointer dereferen...
CVE-2025-21907
CVE-2025-21907 documents a Linux kernel memory-management issue: during folio migration, unmap_poisoned_folio() must set TTU_HWPOISON for anon folio (and align policy with hwpoison_user_mappings for pagecache). The patch series mm: memory_failure: unmap poisoned folio during migrate properly fixe...
CVE-2025-37825
CVE-2025-37825 – Linux kernel (nvmet): A vulnerability in nvmet_enable_port can cause a global out-of-bounds access when enabling a port with no transport configured yet. The code queried the transports array using NVMF_TRTYPE_MAX (255), leading to an out-of-bounds read. The fix prevents this by ...
CVE-2025-37826
CVE-2025-37826 pertains to the Linux kernel, specifically the SCSI: UFS core. The root cause is a missing NULL check on the hwq pointer returned by ufshcd_mcq_req_to_hwq(), which can occur in ufshcd_mcq_compl_pending_transfer(). The available connected documents describe a patch that adds a NULL ...
CVE-2025-37950
CVE-2025-37950 concerns the Linux kernel, specifically the ocfs2 subsystem. The issue arises when the folio array allocation fails (ENOMEM) during an update that converts w_pages to w_folios, and the free-path code expects valid folio pointers or NULLs. If -ENOMEM is encountered, a panic can occu...
CVE-2025-38058
CVE-2025-38058 affects the Linux kernel. The vulnerability exists in __legitimize_mnt(), where a check for MNT_SYNC_UMOUNT must be performed under mount_lock; otherwise, after umount(2) verifies the victim is not busy but before MNT_SYNC_UMOUNT is set, __legitimize_mnt() may not detect safety to ...
CVE-2025-38061
CVE-2025-38061 (Linux kernel, net: pktgen) is described in connected Nessus/OS advisories as a fix for an out-of-bounds memory access in pktgen_thread_write. The root cause is failing to honor the user-supplied buffer size in strn_len() calls, which could cause memory access outside the buffer. T...
CVE-2025-38081
CVE-2025-38081 affects the Linux kernel with a fix for spi-rockchip that prevents register out-of-bounds access. The issue occurred when handling GPIO chip selects, where GPIOs can be numbered higher than native chip selects, making the previous code logic invalid. The description notes the vulne...
CVE-2025-38090
CVE-2025-38090 concerns the Linux kernel: a heap overwrite could occur in drivers/rapidio/rio_cm.c due to incomplete validation in riocm_ch_send() when handling rio_ch_hdr data during RIO_CM_CHAN_SEND. The issue arises because cm_chan_msg_send() allocates space and checks userspace data size, but...
CVE-2025-38095
CVE-2025-38095 concerns the Linux kernel dma-buf memory barrier ordering: smp_store_mb() currently inserts a memory barrier after storing, which can lead to a NULL pointer dereference if memory updates reorder. The vulnerability is fixed by ensuring the barrier is inserted before updating num_fen...
CVE-2025-38100
CVE-2025-38100 affects the Linux kernel (x86/iopl). The issue arises when a task with TIF_IO_BITMAP set lacks an installed bitmap, causing tss_update_io_bitmap() to dereference NULL. Two problems are fixed: (1) io_bitmap_exit() no longer calls task_update_io_bitmap() for non-current tasks (cleanu...
CVE-2025-38111
The CVE-2025-38111 entry concerns the Linux kernel, specifically the MDIO bus driver (net/mdiobus). The issue arises from ioctl parameter handling that could accept MDIO addresses beyond PHY_MAX_ADDR (32), potentially enabling out-of-bounds reads/writes via mdiobus operations. The fix adds addres...
CVE-2025-38117
Summary: CVE-2025-38117 affects the Linux kernel Bluetooth MGMT path, specifically the mgmt_pending list. The root cause is a concurrency issue where the list access could lead to a slab-use-after-free in hci_sock_get_channel, triggering a crash under KASAN reports. The vulnerability is mitigated...
CVE-2025-38161
The CVE-2025-38161 entry concerns a Linux kernel issue in RDMA/mlx5 where firmware failure during RQ destruction could lead to partial cleanup and a use-after-free condition. The fix ensures proper rollback of the object to its original state when the firmware command fails, preventing the underf...
CVE-2025-38193
CVE-2025-38193 affects the Linux kernel net_sched component sch_sfq. The issue is a missing range check for perturb_period, which could cause perturb_period * HZ to overflow and become invalid, enabling a race condition. The provided examples show invalid values producing errors and a valid value...
CVE-2025-38202
CVE-2025-38202 affects the Linux kernel: bpf_map_lookup_percpu_elem() used by BPF per-CPU hashmap lookups may trigger a warning when used in a sleepable BPF program if BPF JIT is disabled or on 32-bit hosts, due to a missing rcu_read_lock_trace_held() check. The patch adds the missing check to cl...
CVE-2025-38206
CVE-2025-38206 concerns the Linux kernel exfat subsystem, where a double free could occur in the delayed_free pathway during exfat_kill_sb() via exfat_free_upcase_table(). The vulnerability arises when freeing vol_utbl twice due to an error return path in exfat_create_upcase_table() leading to a ...
CVE-2025-38257
The CVE-2025-38257 vulnerability is in the Linux kernel (s390/pkey) where the size calculation for memdup_user() can overflow because the number of apqn target list entries (nr_apqns) is supplied by userspace via ioctl, causing the allocated area size to diverge from its description and leading t...
CVE-2025-38285
CVE-2025-38285 – Linux kernel : The issue stems from a WARN_ON_ONCE in the BPF tracing path (get_bpf_raw_tp_regs) triggered by a corner case involving trace_mmap_lock and stack maps. The issue surfaces during BPF stack retrieval and is reported in kernel/bpf_trace.c, with inline calls in bpf_get_...
CVE-2025-38315
CVE-2025-38315 concerns a Linux kernel Bluetooth driver issue (btintel). The root cause is a mismatch between the EFI variable size and the known struct btintel_dsbr size, which could lead to a stack overflow if the EFI variable is larger than expected. The fix alters the check to rely on the kno...
CVE-2025-38338
CVE-2025-38338 is a Linux kernel vulnerability affecting NFS read paths. A double-unlock in fs/nfs/read during truncation can cause a deadlock because folio_unlock() may be called twice, incorrectly clearing the PG_locked flag. This can lead to warnings in netfs_read_collection or to processes wa...
CVE-2025-38362
The CVE-2025-38362 issue is in the Linux kernel’s DRM AMD display path. The function get_first_active_display() could return NULL when the display list is empty, and mod_hdcp_hdcp1_enable_encryption() did not check this return value, risking a NULL pointer dereference in mod_hdcp_hdcp2_enable_enc...
CVE-2025-38365
CVE-2025-38365 affects the Linux kernel’s Btrfs filesystem. A race between a rename and directory inode logging could lead to file loss on crash/power-fail due to log replay deleting an intended entry. The fix pins the log root during renames before removing the old directory entry and unpins aft...
CVE-2025-38373
CVE-2025-38373 concerns the Linux kernel’s mlx5_ib MR deregistration deadlock. The description shows a flow where holding the mutex umem_mutex during dereg_mr() can lead kzalloc() to trigger reclaim paths (fs_reclaim, mmu_notifier_invalidate_range_start), which in turn calls mlx5_ib_invalidate_ra...
CVE-2025-38392
CVE-2025-38392 (Linux kernel) describes a concurrency issue in the idpf driver where a control queue mutex (cq_lock) is held across operations that may sleep, triggering warnings during module load when VIRTCHNL2_CAP_MACFILTER is ON. The fix converts cq_lock from a mutex to a spinlock to avoid sl...
CVE-2025-38393
CVE-2025-38393 affects the Linux kernel (NFSv4/pNFS) where a race to wake on NFS_LAYOUT_DRAIN could occur. The issue occurs when multiple tasks wait for a page lock during writeback and a waiter/waker race with pnfs_update_layout() occurs while pnfs_layout_hdr’s plh_outstanding count is zero. The...
CVE-2025-38410
CVE-2025-38410 affects the Linux kernel; specifically, the drm/msm fence leak in the submit error path could fail to call drm_sched_entity_push_job() and msm_job_free(), allowing a stale s_fence reference to persist. The issue is fixed in kernel updates (the Debian/openSUSE/Ubuntu advisories indi...
CVE-2025-38417
The CVE-2025-38417 issue affects the Linux kernel ice/eswitch path where memory for VF port representors could be allocated during reset and not freed in legacy (non-switchdev) mode. The fix adds a mode check to allocate required port memory only in switchdev mode and prevents blindly allocating ...
CVE-2025-38420
CVE-2025-38420 ffecting the Linux kernel’s wifi Carl9170 driver. The issue occurs when the device that failed firmware loading is pinged; since ieee80211_register_hw() fails, the internal workqueue created by ieee80211_queue_work() is not yet present, causing a null pointer dereference if a queue...
CVE-2025-38425
CVE-2025-38425 affects the Linux kernel i2c: tegra SMBUS block read path. Root cause: SMBUS block read reads the device-provided length without proper validation, continuing reads when length is 0 or exceeds allowed bytes. The vulnerability allows local attackers with lower privileges to potentia...
CVE-2025-38429
The CVE-2025-38429 issue affects the Linux kernel’s bus: mhi: ep path. Root cause: in mhi_ep_ring_add_element, the read pointer (rd_offset) was advanced before the corresponding buffer write, allowing a race where the host could observe an updated read pointer prior to the element being fully wri...
CVE-2025-38444
CVE-2025-38444 affects the Linux kernel raid10 path. When raid10_read_request or raid10_write_request registers a new request with REQ_NOWAIT, a malloc from the mempool may not be freed, causing a memory leak. Connected docs confirm concrete fix in raid10_make_request and related raid10 handling ...