14374 matches found
CVE-2024-57918
Technical details for CVE-2024-57918 are not publicly provided in the connected documents; monitor for updates.
CVE-2024-57943
CVE-2024-57943 affects the Linux kernel exFAT path where a newly allocated buffer head could write uninitialized data from the page cache. The root cause is that buffers marked as new were not zeroed before write_end(), risking data leakage or corruption. The remediation is a kernel commit that c...
CVE-2025-21827
The CVE-2025-21827 entry is supported by connected sources describing a Linux kernel Bluetooth issue: Mediatek btusb lacked proper locking around usb_driver_claim_interface(), risking a NULL pointer dereference or an "Failed to claim iso interface" error when the code runs via the hci0 path durin...
CVE-2025-21987
CVE-2025-21987: In Linux kernel DRM/AMDGPU, the bug is in init return value in amdgpu_ttm_clear_buffer; an uninitialized value could be returned if amdgpu_res_cleared returns true for all regions. The issue has been fixed via a cherry-picked commit (commit 7c62aacc3b452f73a1284198c81551035fac6d71...
CVE-2025-22048
Summary of CVE-2025-22048 (Linux kernel LoongArch BPF issue) : The problem was triggered by sign-extending the BPF return value. After commit 73c359d1d356, a5 (BPF return value) was sign-extended to a0, and for native calls the a0 value was propagated back to a5. For bpf2bpf calls this propagatio...
CVE-2025-37762
CVE-2025-37762 affects the Linux kernel DRM virtio, where prepare_fb() error handling missed dmabuf unpinning, causing resource leaks on error paths. The vulnerability is fixed by correcting error handling in prepare_fb(), as noted in multiple sources (e.g., Astra Linux advisory citing the same d...
CVE-2025-37847
CVE-2025-37847: In the Linux kernel, a deadlock could occur in accel/ivpu during ivpu_ms_cleanup() when runtime resume acquires file_priv->ms_lock, leading to a cold boot path that calls ivpu_ms_cleanup_all(). The issue is resolved by preventing runtime resume after ms_lock is acquired, avoidi...
CVE-2025-37919
CVE-2025-37919 affects the Linux kernel (AMD SoC ASoC/ACPi2S) via a NULL pointer dereference in the function acp_i2s_set_tdm_slot . The root cause is dereferencing a NULL chip data reference when updating ACPI/I2S state. The remediation, as stated in the description, is to update chip data using ...
CVE-2025-38013
CVE-2025-38013 (Linux kernel) : Affected component is the wifi/mac80211 path. The issue is a UBSAN/array-index-out-of-bounds condition reported when setting n_channels during scan request construction, caused by allocating the scan request before the int_scan_req structure is allocated. The fix r...
CVE-2025-38043
CVE-2025-38043 affects the Linux kernel firmware/arm_ffa path: a fix sets the dma_mask for FFA devices to prevent DMA allocation using a raw device pointer, which previously triggered a kernel warning “dma_alloc_attrs” in mapping.c. The vulnerability’s impact, per the description, is to avoid mis...
CVE-2025-38044
CVE-2025-38044 affects the Linux kernel cx231xx media subsystem. The video_device for the MPEG encoder did not set device_caps, preventing registration and causing a WARN_ON. The fix adds device_caps for the 417 decoder path so the video device can register normally. This addresses a local-priori...
CVE-2025-38063
The CVE-2025-38063 entry concerns a Linux kernel vulnerability in the Linux DM (device-mapper) path where a bio submitted with REQ_PREFLUSH causes an unconditional IO throttle via wbt_wait, throttling the flush_bio that includes REQ_OP_WRITE | REQ_PREFLUSH | REQ_SYNC. The root cause is throttling...
CVE-2025-38111
The CVE-2025-38111 entry concerns the Linux kernel, specifically the MDIO bus driver (net/mdiobus). The issue arises from ioctl parameter handling that could accept MDIO addresses beyond PHY_MAX_ADDR (32), potentially enabling out-of-bounds reads/writes via mdiobus operations. The fix adds addres...
CVE-2025-38113
CVE-2025-38113 affects the Linux kernel: ACPI: CPPC: Fix NULL pointer dereference when nosmp is used. With nosmp in the kernel command line, CPUs aren’t brought up and their cpc_desc_ptr can be NULL, leading to NULL dereferences when CPU0 iterates over possible CPUs and panics. The issue is docum...
CVE-2025-38123
CVE-2025-38123 affects the Linux kernel in Azure Linux 3.0 environments, where the t7xx NAPI RX polling path could use an invalid netdev after dellink-triggered disconnects, causing a NULL pointer dereference and kernel panic during skb processing. The issue arises when the driver processes napi_...
CVE-2025-38135
CVE-2025-38135 – Linux kernel (serial/mlb_usio_probe) NULL pointer dereference fix : The vulnerability arises when devm_ioremap() returns NULL on error and mlb_usio_probe() fails to check it, potentially leading to a NULL pointer dereference. The fix adds a NULL check after devm_ioremap() to prev...
CVE-2025-38154
CVE-2025-38154 affects the Linux kernel sockmap path (bpf/sockmap) where sk->sk_socket can be used after free due to a race with backlog/thread close paths. The description in the connected documents explains that sk_socket is not locked/referenced in the backlog, enabling a race with the rele...
CVE-2025-38158
CVE-2025-38158 affects the Linux kernel (hisi_acc_vfio_pci) and fixes an XQE/AEQE DMA address error observed after migration. The root cause is an incorrect address construction when reading hardware registers, causing wrong DMA addresses for EQE/AEQE and guest kernel‑mode encryption services to ...
CVE-2025-38160
CVE-2025-38160 affects the Linux kernel due to a NULL pointer dereference in the Raspberry Pi clock registration path. Specifically, raspberrypi_clk_register() does not handle a NULL return from devm_kasprintf(), which can occur if memory allocation fails. A fix has added a NULL check after devm_...
CVE-2025-38174
The CVE-2025-38174 issue is in the Linux kernel Thunderbolt path: tb_cfg_request_work/tb_cfg_request_dequeue can schedule the same configuration request twice, causing a double list_del on ctl->request_queue and a potential general protection fault (non-canonical address 0xdead000000000122). T...
CVE-2025-38188
CVE-2025-38188 affects the Linux kernel DRM MSM (a7xx) path. The vulnerability arises from missing CP_RESET_CONTEXT_STATE handling when switching contexts, risking userspace submissions in one context causing another context to hang (DoS) without data leakage. The fix ensures CP_RESET_CONTEXT_STA...
CVE-2025-38197
CVE-2025-38197 affects the Linux kernel (platform/x86: dell_rbu). The root cause is using the wrong list head with list_for_each_entry*() when iterating the packet list, causing incorrect packet data reads via sysfs and a NULL pointer dereference when clearing the list. A patch fixes the issue by...
CVE-2025-38214
CVE-2025-38214 affects the Linux kernel fbdev path. The issue arises when fb_add_videomode() in fb_set_var() fails to allocate fb_videomode, potentially causing a null pointer dereference in fb_videomode_to_var() because fb_info->var is modified before modelist validation. The debug trace show...
CVE-2025-38230
CVE-2025-38230 concerns the Linux kernel’s JFS subsystem. The issue arises from not validating AG parameters in dbMount(), allowing corrupted metadata to reach dbAllocAG and cause crashes. A UBSAN shift-out-of-bounds occurs in fs/jfs/jfs_dmap.c:1400 during dbAllocAG, as demonstrated by the trace ...
CVE-2025-38251
CVE-2025-38251 refers to a NULL-dereference in the Linux kernel ATM clip subsystem (clip_push) when clip_devs is NULL, caused by vcc_destroy_socket() calling clip_push() with a NULL skb. The vulnerability is fixed by upstream commits cited in the CVE entry and is reflected in multiple advisories ...
CVE-2025-38257
The CVE-2025-38257 vulnerability is in the Linux kernel (s390/pkey) where the size calculation for memdup_user() can overflow because the number of apqn target list entries (nr_apqns) is supplied by userspace via ioctl, causing the allocated area size to diverge from its description and leading t...
CVE-2025-38263
The CVE-2025-38263 issue in the Linux kernel affects the bcache subsystem, specifically a NULL pointer dereference in cache_set_flush() that could occur during error handling in register_cache_set()/bch_cache_set_alloc(). The crash path can lead to kernel oops and a NULL dereference when cache se...
CVE-2025-38264
CVE-2025-38264 : In the Linux kernel nvme-tcp code, a flaw in nvme_tcp_handle_r2t allows a malicious R2T PDU to be injected into the request list if the request is not properly validated against the list, enabling a loop in list processing. The issue was fixed by sanitizing the request list handl...
CVE-2025-38286
CVE-2025-38286 affects the Linux kernel with a fault in pinctrl/at91: at91_gpio_probe() not validating the OF alias, allowing out-of-bounds access to gpio_chips when indexing with an invalid value. The bug, which could be exposed if BUG() is compiled out, is mitigated by a kernel fix/workaround d...
CVE-2025-38345
CVE-2025-38345: Linux kernel ACPICA ACPI operand cache leak in dswstate.c fixed by ACPICA patch (commit 987a3b5c...). Root cause: miscalculated stack top in acpi_ds_obj_stack_pop_and_delete() vs acpi_ds_obj_stack_push(), leading to kmem_cache_destroy Acpi-Operand memory leak during early terminat...
CVE-2025-38346
CVE-2025-38346: Linux kernel ftrace UAF when lookup kallsyms after ftrace is disabled. Root cause: use-after-free accessing mod->name during module removal when ftrace_disable is active. Impact per CVSS: Local access with Low privileges required, High confidentiality/integrity/availability imp...
CVE-2025-38363
CVE-2025-38363 : In the Linux kernel, a null pointer dereference could occur in the Tegra DRM driver. Specifically, in tegra_crtc_reset(), memory allocated with kzalloc() is not checked for failure; before calling __drm_atomic_helper_crtc_reset, the CRTC state should be validated to prevent deref...
CVE-2025-38392
CVE-2025-38392 (Linux kernel) describes a concurrency issue in the idpf driver where a control queue mutex (cq_lock) is held across operations that may sleep, triggering warnings during module load when VIRTCHNL2_CAP_MACFILTER is ON. The fix converts cq_lock from a mutex to a spinlock to avoid sl...
CVE-2025-38393
CVE-2025-38393 affects the Linux kernel (NFSv4/pNFS) where a race to wake on NFS_LAYOUT_DRAIN could occur. The issue occurs when multiple tasks wait for a page lock during writeback and a waiter/waker race with pnfs_update_layout() occurs while pnfs_layout_hdr’s plh_outstanding count is zero. The...
CVE-2025-38400
No additional technical details about CVE-2025-38400 are provided in the connected documents beyond the initial description. Monitor for updates.
CVE-2025-38458
The CVE-2025-38458 entry concerns the Linux kernel vulnerability in atm/clip: a NULL pointer dereference in vcc_sendmsg(), which can lead to a kernel crash (OOPS) when atmarpd_dev_ops does not implement the send method. The provided trace shows a NULL address dereference and a call path through v...
CVE-2025-38482
CVE-2025-38482 : In the Linux kernel, the comedi das6402 IRQ check used an unchecked user-supplied value for the shift amount, allowing a negative or out-of-range shift. The test now requires it->options[1] to be within bounds before applying the test, with valid IRQ values in [1,15] and 0 dis...
CVE-2025-38487
CVE-2025-38487 relates to the Linux kernel ASPEED SoC LPC snoop driver. The vulnerability arises from disabling channels that aren’t enabled, which can lead to a NULL pointer dereference and a kernel Oops on ARM systems, as illustrated by the provided trace. The Ubuntu/Astra Linux advisory confir...
CVE-2025-38494
CVE-2025-38494 (Linux kernel) : In the HID core, hid_hw_raw_request() checks were bypassed by a low-level transport path, allowing the use of invalid parameters. The vulnerability was resolved in the Linux kernel; advisories from Debian/Amazon/RHEL references confirm the fix. Impact is high (loca...
CVE-2026-43494
CVE-2026-43494 affects the Linux kernel’s net/rds zerocopy path. When iov_iter_get_pages2() fails in rds_message_zcopy_from_user(), pinned pages are released and rm->data.op_mmp_znotifier is cleared, but rm->data.op_nents may not be reset. This leads to the cleanup loop in rds_message_purge...
CVE-2026-46054
CVE-2026-46054 affects the Linux kernel SELinux overlayfs access checks for mmap() and mprotect(). The issue arises from insufficient enforcement of backing-file access between the user file and backing file, potentially bypassing policies. A patch introduces security_mmap_backing_file() to enfor...
CVE-2026-46323
CVE-2026-46323 affects the Linux kernel’s networking GRO path. The issue occurs in skb_gro_receive() where fragments can be copied between the source and GRO skbs without respecting zerocopy status, notably when SKBFL_MANAGED_FRAG_REFS is set. When this flag is present, pages in shinfo->frags ...
CVE-1999-0381
CVE-1999-0381 affects the syslog utility in super 3.11.6 and other versions, where a buffer overflow allows a local user to gain root privileges. The issue originates from the syslog component, with the impact described as local privilege escalation (root). Available connected documents confirm t...
CVE-2003-0244
CVE-2003-0244 affects the Linux 2.4 kernel (route cache) and the Netfilter IP conntrack module, enabling remote attackers to cause CPU denial of service via forged packets that trigger a high number of hash collisions. The OpenVAS and Debian advisories reference kernel updates across various dist...
CVE-2004-0565
CVE-2004-0565 affects Linux 2.4.x kernel code where the MFH bit is checked without verifying the FPH owner in the context switch path. This enables local attackers to read register values of other processes, exposing partial confidentiality. The vulnerability description explicitly states the iss...
CVE-2004-0685
The CVE-2004-0685 issue affects Linux kernel 2.4 USB drivers that use copy_to_user on uninitialized structures, enabling local attackers to read memory not cleared from prior usage and potentially leak sensitive information. The description specifies local/partial impacts on confidentiality and i...
CVE-2005-3273
CVE-2005-3273 affects the ROSE (rose) packet router ioctl in the Linux kernel (ROSE code in rose_route.c) for 2.6 kernels before 2.6.12 and 2.4 before 2.4.29. The root cause is improper verification of the ndigis argument when creating a new route, which can trigger array out-of-bounds conditions...
CVE-2005-3660
CVE-2005-3660 affects the Linux kernel 2.4.x and 2.6.x. The vulnerability occurs when a process creates a large number of connected file descriptors or socketpairs and uses a large data transfer buffer, which can exhaust memory and cause a kernel panic or denial of service. The underlying issue c...
CVE-2007-0772
The CVE-2007-0772 entry applies to the Linux kernel 2.6.13 and earlier, with the issue fixed in 2.6.20.1. A crafted NFSACL 2 ACCESS request could trigger a free of an incorrect pointer, leading to a remote denial of service (oops). Affected versions before 2.6.20.1 are vulnerable; mitigation is t...
CVE-2007-6761
CVE-2007-6761 affects the Linux kernel up to version 2.6.23/24 era: the videobuf-vmalloc.c path (drivers/media/video) contains uninitialized videobuf_mapping data structures. This can allow a local attacker to trigger an incorrect memory-management state and a videobuf leak via unspecified vector...