CVE-2025-38165

CVE-2025-38165 affects the Linux kernel (bpf, sockmap) and can trigger a kernel panic when skb_linearize is called in the backlog path. The root cause, introduced by a prior skb_get usage to fix race conditions, caused panics for large RX payloads (e.g., when using the strparser to accumulate up ...

CVE-2025-38184

CVE-2025-38184 affects the Linux kernel TIPC subsystem. A null-ptr-deref can occur when acquiring the remote IP of an ethernet bearer (e.g., via TIPC_NL_UDP_GET_REMOTEIP with media name set to tun), due to a race where bearer_list[bid] may be NULL or another media when another thread updates it. ...

CVE-2025-38188

CVE-2025-38188 affects the Linux kernel DRM MSM (a7xx) path. The vulnerability arises from missing CP_RESET_CONTEXT_STATE handling when switching contexts, risking userspace submissions in one context causing another context to hang (DoS) without data leakage. The fix ensures CP_RESET_CONTEXT_STA...

CVE-2025-38194

CVE-2025-38194 affects the Linux kernel’s JFFS2 file system. The issue arises when jffs2_sum_write_sumnode does not validate the return value of jffs2_prealloc_raw_node_refs, allowing an preallocation error to propagate into jffs2_link_node_ref and potentially cause a kernel BUG at fs/jffs2/nodel...

CVE-2025-38229

CVE-2025-38229 – Linux kernel (cxusb/dvb-usb I2C path) – concrete details : The issue arises in the I2C transfer path for cxusb-based DVB devices. When a usb_bulk_msg() write succeeds but rlen > 0, the subsequent read may still occur; however, if the write fails and rlen is 1, the read path is...

CVE-2025-38230

CVE-2025-38230 concerns the Linux kernel’s JFS subsystem. The issue arises from not validating AG parameters in dbMount(), allowing corrupted metadata to reach dbAllocAG and cause crashes. A UBSAN shift-out-of-bounds occurs in fs/jfs/jfs_dmap.c:1400 during dbAllocAG, as demonstrated by the trace ...

CVE-2025-38231

CVE-2025-38231 affects the Linux kernel nfsd component. The vulnerability arises when laundromat_work starts before nfsd_ssc is initialized, risking a NULL pointer dereference in nfs4_state_start_net() via nfs4_laundromat -> nfsd4_ssc_expire_umount. The documented fix moves nfsd_ssc initializa...

CVE-2025-38251

CVE-2025-38251 refers to a NULL-dereference in the Linux kernel ATM clip subsystem (clip_push) when clip_devs is NULL, caused by vcc_destroy_socket() calling clip_push() with a NULL skb. The vulnerability is fixed by upstream commits cited in the CVE entry and is reflected in multiple advisories ...

CVE-2025-38292

The CVE-2025-38292 issue affects the Linux kernel’s wifi driver ath12k, where in ath12k_dp_rx_msdu_coalesce() the code may access rxcb->is_continuation after freeing the associated skb, causing a use-after-free. The fix is to locally copy the is_continuation value from rxcb so further referenc...

CVE-2025-38336

The CVE is a Linux kernel issue (CVE-2025-38336) affecting ata: pata_via when using ATAPI devices on VT6415/VT6330. The vulnerability stems from a hardware bug in the VIA controller that can cause a hard hang of the system during ATAPI DMAs, with potential boot-time failure depending on the attac...

CVE-2025-38345

CVE-2025-38345: Linux kernel ACPICA ACPI operand cache leak in dswstate.c fixed by ACPICA patch (commit 987a3b5c...). Root cause: miscalculated stack top in acpi_ds_obj_stack_pop_and_delete() vs acpi_ds_obj_stack_push(), leading to kmem_cache_destroy Acpi-Operand memory leak during early terminat...

CVE-2025-38354

CVE-2025-38354 (Linux kernel, DRM/MSM GPU): A crash can occur when throttling GPU immediately during boot if the GPU is already hot, because of an early call to of_devfreq_cooling_register() that may access GMU registers before initialization. The root cause is that msm_devfreq_init may suspend d...

CVE-2025-38365

CVE-2025-38365 affects the Linux kernel’s Btrfs filesystem. A race between a rename and directory inode logging could lead to file loss on crash/power-fail due to log replay deleting an intended entry. The fix pins the log root during renames before removing the old directory entry and unpins aft...

CVE-2025-38424

CVE-2025-38424 is a Linux kernel fix. The issue arose when perf sampling could access user-space state while the kernel was tearing down a process, risking a crash on ARM64 during do_exit(). The patch changes the teardown order to stop perf earlier in do_exit() and hardens PERF_SAMPLE_CALLCHAIN a...

CVE-2025-38458

The CVE-2025-38458 entry concerns the Linux kernel vulnerability in atm/clip: a NULL pointer dereference in vcc_sendmsg(), which can lead to a kernel crash (OOPS) when atmarpd_dev_ops does not implement the send method. The provided trace shows a NULL address dereference and a call path through v...

CVE-2025-38466

CVE-2025-38466 is a Linux kernel vulnerability where uprobes could be misused during instruction fetch; the fix reverts to requiring CAP_SYS_ADMIN for uprobes, mitigating local misuse. Multiple connected advisories acknowledge the issue and reference upstream kernel fixes. Technical details confi...

CVE-2025-38487

CVE-2025-38487 relates to the Linux kernel ASPEED SoC LPC snoop driver. The vulnerability arises from disabling channels that aren’t enabled, which can lead to a NULL pointer dereference and a kernel Oops on ARM systems, as illustrated by the provided trace. The Ubuntu/Astra Linux advisory confir...

CVE-2004-0427

The CVE-2004-0427 issue affects Linux kernels: do_fork in 2.4.x prior to 2.4.26 and 2.6.x prior to 2.6.6 fails to decrement mm_count when an error occurs after activating the child mm_struct, causing a memory leak and a local denial-of-service via CLONE_VM. The description specifies the root caus...

CVE-2005-1041

The CVE-2005-1041 issue affects the Linux kernel and is caused by the fib_seq_start() function in fib_hash.c, allowing a local attacker to crash the system via /proc/net/route (Denial of Service). Public advisories confirm affected distributions and provide fixes: Ubuntu USN-131-1 upgrades to ker...

CVE-2005-3180

The CVE-2005-3180 issue concerns the Linux kernel Orinoco wireless driver (orinoco.c). In kernels up to 2.6.13 and earlier, memory from a previously used packet is not cleared when the packet length is increased, which can allow a remote attacker to observe sensitive information (information leak...

CVE-2005-3784

CVE-2005-3784 concerns the Linux kernel 2.6.x series: auto-reap of child processes can include ptrace-attached children, causing a dangling ptrace reference that leads to local denial of service (crash) and potential root privileges. The description specifies the vulnerable condition is present i...

CVE-2005-4811

CVE-2005-4811 concerns the Linux 2.6 kernel hugepage code (hugetlb.c). In certain configurations, a local user could trigger an mmap error before a prefault, causing an error in unmap_hugepage_area and potentially crash the system (local DoS). The connected advisories confirm this as a kernel fla...

CVE-2006-1856

CVE-2006-1856 is a confirmed issue in the Linux kernel up to 2.6.8 where the readv and writev LSM hooks could be bypassed due to a missing file_permission check. The Debian advisory DSA-1184-2 and related distributions (e.g., Ubuntu USN-302-1) document this as one of several vulnerabilities fixed...

CVE-2006-4535

CVE-2006-4535 describes a local denial-of-service in the Linux kernel SCTP implementation where a socket with a specific SO_LINGER value can crash the kernel. Affected are kernel versions 2.6.17.10, 2.6.17.11 and 2.6.18-rc5 (and older kernels backported CVE-2006-3745 patches). Public sources (Red...

CVE-2006-6053

CVE-2006-6053 affects the Linux kernel 2.6.x: the ext3fs_dirhash function can crash the kernel via a malformed ext3 stream, enabling a local user to cause a denial of service. The issue is tied to the ext3 filesystem code in the 2.6.x series and is listed among kernel vulnerabilities addressed by...

CVE-2009-3640

CVE-2009-3640 affects the Linux kernel KVM component (arch/x86/kvm/x86.c). The update_cr8_intercept function does not properly handle missing APIC, causing a local denial of service via a NULL pointer dereference and, potentially, privilege escalation through kvm_vcpu_ioctl. Affected: kernels bef...

CVE-2009-3725

CVE-2009-3725 affects the Linux kernel prior to 2.6.31.5 and relates to the connector layer not requiring CAP_SYS_ADMIN for certain interactions with uvesafb, pohmelfs, dst, or dm, enabling local users to bypass access restrictions and escalate privileges. Public references corroborate a local-pr...

CVE-2009-4026

CVE-2009-4026 affects the Linux kernel mac80211 subsystem prior to 2.6.32-rc8-next-20091201. A crafted Delete Block ACK (DELBA) packet can cause a remote denial of service (panic) due to an erroneous “code shuffling patch.” A fix is provided in the patch referenced as 2.6.32-rc8-next-20091201, an...

CVE-2010-0623

The CVE-2010-0623 issue affects the Linux kernel versions prior to 2.6.33-rc7, where futex_lock_pi in kernel/futex.c mishandles a reference count. This allows local users to trigger a denial of service (OOPS) by exploiting an unmount of an ext3 filesystem. The SUSE entry confirms the same descrip...

CVE-2010-1436

CVE-2010-1436 involves the Linux kernel 2.6.18 (and possibly other versions) where the gfs2_quota struct can span two pages, leading to an out-of-bounds write and a local denial of service (kernel panic) when manipulating gfs2 and ext3 file systems. The MiracleLinux AXSA-2010-377:12 advisory list...

CVE-2011-1021

The CVE-2011-1021 entry describes a local privilege escalation in the Linux kernel caused by the ACPI debugfs interface. Vulnerable component: drivers/acpi/debugfs.c. Affected software: Linux kernel versions before 3.0. Root-level access is required to write to /sys/kernel/debug/acpi/custom_metho...

CVE-2011-1477

CVE-2011-1477 affects the Linux kernel (sound/oss/opl3.c) through multiple array index errors before 2.6.39. These flaws allow local users to cause a denial of service via heap memory corruption and, potentially, gain privileges by writing to /dev/sequencer. The issue is tied to Yamaha YM3812/OPL...

CVE-2011-1759

CVE-2011-1759 affects the Linux kernel on ARM with OABI compatibility enabled. The flaw is an integer overflow in sys_oabi_semtimedop (arch/arm/kernel/sys_oabi-compat.c) prior to release 2.6.39, allowing local users to gain privileges or trigger a denial of service via heap memory corruption due ...

CVE-2012-6539

CVE-2012-6539: In Linux kernel prior to 3.6, dev_ifconf in net/socket.c fails to initialize a structure, allowing local attackers to read kernel stack memory. SUSE advisories (SUSE-SU-2014:0536-1) roll up fixes and list this CVE among many kernel mitigations; patching/upgrading to kernel 3.6+ is ...

CVE-2013-1826

The CVE-2013-1826 issue affects the Linux kernel’s xfrm_state_netlink() in net/xfrm/xfrm_user.c prior to 3.5.7. The vulnerability stems from not properly handling error conditions in dump_one_state() calls, which can allow a local user with CAP_NET_ADMIN to gain privileges or trigger a denial of ...

CVE-2013-2894

CVE-2013-2894 affects the Linux kernel HID subsystem, specifically drivers/hid/hid-lenovo-tpkbd.c. When CONFIG_HID_LENOVO_TPKBD is enabled, the vulnerability permits a physically proximate attacker to trigger a denial of service via a heap-based out-of-bounds write using a crafted USB device. The...

CVE-2016-2064

The CVE-2016-2064 entry concerns the MSM QDSP6 audio driver (Linux kernel 3.x) in sound/soc/msm/qdsp6v2/msm-audio-effects-q6-v2.c, used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices. The vulnerability arises from an ioctl handling flaw that allows a crafted applicatio...

CVE-2017-0568

CVE-2017-0568 is a Broadcom Wi‑Fi driver elevation-of-privilege issue in Android kernels (3.10/3.18). An attacker controlling the dongle can abuse WLC_GET_VALID_CHANNELS results to inflate list->count, causing an out‑of‑bounds write when populating default_chan_list and enabling arbitrary code...

CVE-2019-3837

CVE-2019-3837 affects the 2.6.32 kernel as shipped in RHEL6. The net_dma code in tcp_recvmsg() is thread-unsafe, so an unprivileged multi-threaded userspace application calling recvmsg() for the same socket in parallel on ioatdma-enabled hardware with net_dma enabled can leak memory, crash the ho...

CVE-2021-4218

CVE-2021-4218 concerns a flaw in the Linux kernel related to reading the SVC RDMA counters. The vulnerability occurs when a local attacker with access triggers reading the counter via a sysctl, which panics the system and can cause a denial of service during reboot. The issue is described as spec...

CVE-2021-47093

CVE-2021-47093: SUSE advisories SIG- Linux kernel (SUSE SLES/openSUSE) notes a memleak in intel_pmc_core during module init when platform device registration fails. The fix frees the platform device with platform_device_put() to release resources (e.g., device name). Connected documents confirm t...

CVE-2021-47150

CVE-2021-47150 is a Linux kernel issue in the network driver fec/enet: the fix addresses a potential memory leak in fec_enet_init(). When cbd_base allocation fails, memory allocated for the queues must be freed; otherwise a leak occurs. If allocation for the queues fails, the function now returns...

CVE-2021-47215

CVE-2021-47215 affects the Linux kernel mlx5e kTLS flow. The root cause is list corruption in TLS RX resync flow: entries are now protected against movements from resync_handle_seq_match() until resync handling in napi completes. This fixes stability/crashes in the RX resync path. The entry docum...

CVE-2021-47218

CVE-2021-47218: Linux kernel SELinux hashtab allocation failure could lead to NULL dereference. Root cause: on hashtab_init() allocation failure, h->size remains non-zero while h->htable is NULL, breaking hashtab_map() and hashtab_destroy() which assume non-empty hashtab. Mitigation in the ...

CVE-2021-47233

Summary of CVE-2021-47233 (Linux kernel): The issue is a NULL pointer dereference in regulator rt4801 when priv->enable_gpios is NULL, with devm_gpiod_get_array_optional possibly returning NULL if no GPIO is assigned. The vulnerability has been resolved in the Linux kernel; multiple advisories...

CVE-2021-47302

In CVE-2021-47302, the Linux kernel igc driver is affected by a use-after-free during TX ring reset. The fix cleans the next_to_watch descriptor when cleaning the TX ring, preventing a possible free of an skb that was already freed if igc_poll() runs during a reset. The described impact is memory...

CVE-2021-47360

In CVE-2021-47360, the Linux kernel binder subsystem is affected. During BC_FREE_BUFFER processing, cleanup of BINDER_TYPE_FDA objects may close one or more fds, and because close operations run via the task work mechanism, the thread must return to userspace for the file object to be dereference...

CVE-2021-47367

Affected software: Linux kernel virtio-net component. Issue: when using build_skb() in big mode, unused pages chained via private in big mode were not released, causing page leakage. Root cause: failure to release those pages after skb construction in big mode. Impact: potential resource leak; CV...

CVE-2021-47413

CVE-2021-47413 concerns a NULL pointer dereference in the Linux kernel (usb: chipidea: ci_hdrc_imx) when a 'phys' phandle is provided in devicetree on i.MX7/i.MX8MM. The chipidea core populates usb_phy in ci_hdrc, while charger logic checks data->usb_phy in imx_usbmisc_data, causing a NULL der...

CVE-2021-47530

CVE-2021-47530: Linux kernel vulnerability in drm/msm where the submitqueue reference leak was not dropped across all paths, notably when the fence had already signaled. The fix (described as extracting a helper to normalize handling across different returns) resolves the leak. Public advisories ...