14330 matches found
CVE-2024-26730
The CVE-2024-26730 entry concerns the Linux kernel hwmon/nct6775 driver. The vulnerability arises from a mismatch between the number of temperature configuration registers and the total temperature registers, which can trigger out-of-bounds access (KASAN) in nct6775_probe/nct6775_core. The issue ...
CVE-2024-26780
CVE-2024-26780 | Linux kernel (af_unix) — The vulnerability centers on a task hang during purging oob_skb in GC. The root cause is that list_for_each_entry_safe() is not actually safe when a single skb has references from multiple sockets; freeing such an skb can unlink current and next sockets i...
CVE-2024-33847
CVE-2024-33847 relates to the Linux kernel’s f2fs compression feature. The root cause is a truncation bug on released compressed inodes that can corrupt a f2fs image if a partial truncation changes the valid block count without updating i_blocks/total_valid_block_count. The patch fixes by allowin...
CVE-2024-36027
CVE-2024-36027 affects the Linux kernel’s BTRFS zoned write path. The issue arises when btrfs_clear_buffer_dirty() marks an extent buffer as EXTENT_BUFFER_ZONED_ZEROOUT and a write IO is in progress (WRITEBACK, not DIRTY); a ZEROOUT flag could be added just before bio submission, potentially clea...
CVE-2024-38390
CVE-2024-38390 affects the Linux kernel DRM/MSM a6xx path. The vulnerability arises when speedbin setting fails, causing a null pointer dereference during cleanup if msm_gpu_init() did not complete (gpu->pdev is only assigned in a6xx_gpu_init -> adreno_gpu_init -> msm_gpu_init). The cano...
CVE-2024-38625
CVE-2024-38625 affects the Linux kernel ntfs3 NTFS driver. The root cause is a NULL folio pointer in fs/ntfs3 checks when bmap is invoked; this can lead to a crash. The CVSSv3.1 vector indicates Local, Low attack complexity, Low privileges, no user interaction, with Availability impact HIGH (I=NO...
CVE-2024-39464
CVE-2024-39464 (Linux kernel) : The vulnerability lies in media: v4l: async: Fix notifier list entry init. The v4l2_async_notifier struct contains several list_head members, but notifier_entry was left zeroed while waiting_list and done_list were initialized, causing an uninitialized list_head. T...
CVE-2024-43875
CVE-2024-43875 affects the Linux kernel PCI endpoint code, specifically vpci_scan_bus in drivers/pci/endpoint/functions/pci-epf-vntb.c. The issue is improper NULL checking and error handling: Smatch reported that vpci_bus could be NULL, leading to an error path that would crash instead of returni...
CVE-2024-44951
Idea: CVE-2024-44951 affects the Linux kernel’s serial driver for sc16is7xx (TX/RX channel handling).What’s affected: The regression caused by commit 4409df5866b7 that changed EFR locking to operate per channel introduced TX buffer data corruption where data from channel A could be written into c...
CVE-2024-44980
CVE-2024-44980 relates to the Linux kernel’s DRM/ XE opregion handling. The advisory reports a leak in opregion cleanup within xe_display_init_noirq/ intel_opregion_setup, traced to kmemleak_alloc/kmalloc_trace_noprof paths, resulting in an unreferenced object during probe/modprobe cleanup. The b...
CVE-2024-46833
CVE-2024-46833 is a Linux kernel vulnerability in the net:hns3 driver where SSU reg info reads loop up to tnl_num, which is hw-derived and not the array length, causing an out-of-bounds read. The description states the fix is to bound the loop so it does not exceed the array length. The connected...
CVE-2024-56655
Summary of CVE-2024-56655 (Linux kernel nf_tables) : The vulnerability arises from deferring rule destruction in nf_tables via call_rcu, where nf_tables_chain_destroy can sleep and is not safe to run from call_rcu callbacks. nf_tables_rule_release() is only safe for error unwinding while a transa...
CVE-2024-57839
Technical details for CVE-2024-57839 are not provided in the connected documents. Public info appears limited to the initial description; monitor for official advisories for affected products, impact, and fixes.
CVE-2024-57942
CVE-2024-57942 (Linux kernel) affects netfs by addressing how ceph copy to cache is handled on write-begin. The vulnerability arises in netfs_unlock_read_folio() where folios marked for cache copy are not consistently queued, and netfs_pgpriv2_write_to_the_cache() expects to traverse folio_queue ...
CVE-2024-57975
CVE-2024-57975 affects the Linux kernel/Btrfs: when run_delalloc_nocow() fails, the cleanup path may unlock folios without clearing dirty flags, triggering a VM_BUG_ON_FOLIO during extent_unlock_delalloc/writeback and potentially crashing the system (CONFIG_DEBUG_VM enables test generic/476). The...
CVE-2025-21817
The CVE-2025-21817 entry concerns the Linux kernel block subsystem: GFP_NOIO is now required around sysfs ->store() to prevent potential deadlock when sysfs->store callbacks allocate memory via GFP_KERNEL during direct reclaim. This vulnerability vector arises from GFP_KERNEL allocations ta...
CVE-2025-21849
CVE-2025-21849: Linux kernel drm/i915/gt had potential deadlocks due to spin_lock/unlock() used in interrupt contexts. The fix saves irq state before acquiring locks. Version history shows v2 adds irq state save/restore around signal_irq_work locks; v3 uses spin_lock_irqsave() in guc_lrc_desc_unp...
CVE-2025-37825
CVE-2025-37825 – Linux kernel (nvmet): A vulnerability in nvmet_enable_port can cause a global out-of-bounds access when enabling a port with no transport configured yet. The code queried the transports array using NVMF_TRTYPE_MAX (255), leading to an out-of-bounds read. The fix prevents this by ...
CVE-2025-37846
CVE-2025-37846 (Linux kernel, arm64) is a vulnerability in the mops path that incorrectly dereferenced the source register during a SET* sequence. The root cause is that the source register (not used for SET* operations) could be read, leading to a UBSAN out-of-bounds array access when the MOPS e...
CVE-2025-37906
CVE-2025-37906 arises in the Linux kernel’s ublk subsystem, due to a race between io_uring_cmd_complete_in_task and ublk_cancel_cmd. The description states that ublk_cancel_cmd() may call io_uring_cmd_done() to complete uring_cmd, while task work scheduled by io_uring_cmd_complete_in_task() could...
CVE-2025-38018
CVE-2025-38018 affects the Linux kernel TLS stack. The vulnerability triggers a kernel NULL pointer dereference and panic when alloc_page fails in the TLS receive path, because frag_list handling (and full_len) isn’t reset, leading to use of a detached rcvq. The issue was fixed in the kernel; Ubu...
CVE-2025-38024
CVE-2025-38024 pertains to the Linux kernel RDMA/rxe path. The issue is a slab-use-after-free Read in rxe_queue_cleanup, triggered when rxe_cq_from_init fails during CQ creation and the subsequent rxe_cleanup is responsible for freeing resources. Some memory has already been freed in rxe_cq_from_...
CVE-2025-38063
The CVE-2025-38063 entry concerns a Linux kernel vulnerability in the Linux DM (device-mapper) path where a bio submitted with REQ_PREFLUSH causes an unconditional IO throttle via wbt_wait, throttling the flush_bio that includes REQ_OP_WRITE | REQ_PREFLUSH | REQ_SYNC. The root cause is throttling...
CVE-2025-38066
CVE-2025-38066 affects the Linux kernel in the dm-cache subsystem (policy SMQ). The issue arises when a cache device fails to resume due to mapping errors and a resumed operation is retried, which can leave a partially initialized policy object and trigger a BUG_ON during mapping reload. The conn...
CVE-2025-38081
CVE-2025-38081 affects the Linux kernel with a fix for spi-rockchip that prevents register out-of-bounds access. The issue occurred when handling GPIO chip selects, where GPIOs can be numbered higher than native chip selects, making the previous code logic invalid. The description notes the vulne...
CVE-2025-38088
CVE-2025-38088 affects the Linux kernel’s memtrace mmap in the PowerPC powernv memory tracing path. The root cause is an out-of-bounds issue when mmap-ing within the memtrace region. The patch fixes this by validating that the requested mapping size does not exceed the allocated memtrace region, ...
CVE-2025-38118
CVE-2025-38118 affects the Linux kernel Bluetooth MGMT subsystem. The flaw is a use-after-free in mgmt_remove_adv_monitor_complete (MGMT_OP_REMOVE_ADV_MONITOR path) caused by using mgmt_pending_add, leading to KASAN crashes. The issue is resolved by reworking MGMT_OP_REMOVE_ADV_MONITOR to avoid m...
CVE-2025-38142
The CVE-2025-38142 issue affects the Linux kernel hwmon path (asus-ec-sensors) where read_string() could read a non-existent sensor because find_ec_sensor_index() returned a negative value (for example -ENOENT) and was used without validation. The fix introduces a check to ensure sensor_index is ...
CVE-2025-38167
The CVE-2025-38167 entry pertains to the Linux kernel, specifically the ntfs3 filesystem driver. Root cause: hdr_first_de() may return NULL, and error handling for this return value should be implemented consistently. The description notes that error handling already exists at other call sites. I...
CVE-2025-38173
CVE-2025-38173 affects the Linux kernel’s crypto path for marvell/cesa. The vulnerability arises from handling zero-length skcipher requests, where code could access invalid memory. The fix makes zero-length requests return 0 instead of reading memory. This is a local vulnerability with the kerne...
CVE-2025-38174
The CVE-2025-38174 issue is in the Linux kernel Thunderbolt path: tb_cfg_request_work/tb_cfg_request_dequeue can schedule the same configuration request twice, causing a double list_del on ctl->request_queue and a potential general protection fault (non-canonical address 0xdead000000000122). T...
CVE-2025-38189
CVE-2025-38189: In the Linux kernel, the drm/v3d driver was updated to avoid a NULL pointer dereference in v3d_job_update_stats(). The issue manifested as an oops and a kernel panic when a file descriptor associated with GPU jobs was closed before submitted jobs finished, leading to an attempt to...
CVE-2025-38215
In CVE-2025-38215, the Linux kernel fbdev subsystem had a null-ptr-deref risk in fb_videomode_to_var when do_register_framebuffer allocated fb_videomode memory unsuccessfully. The fix prevents registering fb_info unless its mode is set and moves fb_add_videomode() earlier in do_register_framebuff...
CVE-2025-38229
CVE-2025-38229 – Linux kernel (cxusb/dvb-usb I2C path) – concrete details : The issue arises in the I2C transfer path for cxusb-based DVB devices. When a usb_bulk_msg() write succeeds but rlen > 0, the subsequent read may still occur; however, if the write fails and rlen is 1, the read path is...
CVE-2025-38231
CVE-2025-38231 affects the Linux kernel nfsd component. The vulnerability arises when laundromat_work starts before nfsd_ssc is initialized, risking a NULL pointer dereference in nfs4_state_start_net() via nfs4_laundromat -> nfsd4_ssc_expire_umount. The documented fix moves nfsd_ssc initializa...
CVE-2025-38260
CVE-2025-38260 concerns a Linux kernel bug in Btrfs where a corrupted csum (checksum) tree root could lead to a crash when mounting with rescue=ibadroots. The provided description details that normally this option should set BTRFS_FS_STATE_NO_DATA_CSUMS to skip csum searches for future data reads...
CVE-2025-38265
The CVE-2025-38265 issue affects the Linux kernel in the serial/jsm path (jsm_uart_port_init). The root cause is a NULL pointer dereference in serial_base_ctrl_add when no device is set, leading to a crash in serial_core_register_port during probe. The provided data notes a fix and references ker...
CVE-2025-38275
The CVE-2025-38275 entry concerns the Linux kernel, fixing a NULL vs IS_ERR() bug in the qcom-qmp-usb driver. The qmp_usb_iomap() helper previously returned devm_ioremap() results directly for non-exclusive mappings, which could be NULL. If callers only checked IS_ERR(), a NULL pointer could bypa...
CVE-2025-38289
The CVE-2025-38289 entry concerns the Linux kernel SCSI lpfc driver. It describes a potential use-after-free of an ndlp object in dev_loss_tmo_callbk during driver unload or fatal error handling, leading to a Denial of Service if triggered. The fix reorders code to avoid use-after-free when the i...
CVE-2025-38290
CVE-2025-38290 is described in the Azure Linux 3.0 advisory as a Linux kernel vulnerability within the ath12k driver that can cause a kernel panic during WLAN recovery. The issue arises in the arvifs list handling: during WLAN halt, only the arvifs list head is reinitialized, which leaves the nod...
CVE-2025-38300
CVE-2025-38300: In the Linux kernel sun8i-ce-cipher path (sun8i_ce_cipher_prepare), two DMA cleanup issues on the error path are fixed. 1) On the theend_sgs error path, dma_unmap is now performed only if the corresponding dma_map_sg() succeeded for areq->dst. 2) On the theend_iv path, dma_unma...
CVE-2025-38328
CVE-2025-38328 concerns the Linux kernel JFFS2 subsystem. The issue arises from insufficient validation after jffs2_prealloc_raw_node_refs() completion, allowing a null pointer dereference in jffs2_link_node_ref and leading to a local, attacker-controlled disruption as described by the Syzkaller ...
CVE-2025-38353
CVE-2025-38353: Linux kernel drm/xe wedge handling fix. Affected component: xe DRM path. Root cause: taking an invalid wedge lock when device wedges on GuC upload, leaving state uninitialized and submission not enabled. Impact: device wedged with recovery required; observed WARN/lock debugging ou...
CVE-2025-38361
CVE-2025-38361 – Kernel (drm/amd/display) fix summary : In the Linux kernel’s AMD display driver, a null dereference could occur if dce_hwseq is used without a prior null check. The fix adds a guard to ensure dce_hwseq is checked before it is dereferenced in the relevant code path (the hws contex...
CVE-2025-38410
CVE-2025-38410 affects the Linux kernel; specifically, the drm/msm fence leak in the submit error path could fail to call drm_sched_entity_push_job() and msm_job_free(), allowing a stale s_fence reference to persist. The issue is fixed in kernel updates (the Debian/openSUSE/Ubuntu advisories indi...
CVE-2025-38412
CVE-2025-38412 affects the Linux kernel, specifically the platform/x86 + dell-wmi-sysman component. The issue arises when WMI data blocks retrieved in sysfs callbacks are dereferenced without validating their integrity, potentially leading to use-after-free or invalid access. The associated advis...
CVE-2025-38417
The CVE-2025-38417 issue affects the Linux kernel ice/eswitch path where memory for VF port representors could be allocated during reset and not freed in legacy (non-switchdev) mode. The fix adds a mode check to allocate required port memory only in switchdev mode and prevents blindly allocating ...
CVE-2025-38418
CVE-2025-38418 affects the Linux kernel remoteproc subsystem. The root cause is a failure path in rproc_attach() where, if rproc_handle_resources() fails while the remote processor is in state RPROC_DETACHED, rproc->clean_table is not released, leading to a memory leak (observed in a kworker t...
CVE-2025-38420
CVE-2025-38420 ffecting the Linux kernel’s wifi Carl9170 driver. The issue occurs when the device that failed firmware loading is pinged; since ieee80211_register_hw() fails, the internal workqueue created by ieee80211_queue_work() is not yet present, causing a null pointer dereference if a queue...
CVE-2025-38424
CVE-2025-38424 is a Linux kernel fix. The issue arose when perf sampling could access user-space state while the kernel was tearing down a process, risking a crash on ARM64 during do_exit(). The patch changes the teardown order to stop perf earlier in do_exit() and hardens PERF_SAMPLE_CALLCHAIN a...