CVE-2024-38551

CVE-2024-38551 : In the Linux kernel, the ASoC Mediatek path assigns a dummy codec to a DAI link if no real codec is present, to avoid NULL pointer errors during string comparisons. This vulnerability was resolved by the kernel fix described in the initial document, with MediaTek sound card drive...

CVE-2024-38563

CVE-2024-38563 affects the Linux kernel wifi driver for the MT76 MT7996. When reading the chip temperature, a memory leak could occur prior to the fix. The issue is resolved by a kernel commit that patches the MT7996 temperature-reading path; details are in the vendor/kernel advisories and linked...

CVE-2024-38574

CVE-2024-38574 affects the Linux kernel’s libbpf/bpf loading flow. The root cause is a NULL dereference: in bpf_object_load_prog(), obj->btf may be NULL when passed to btf_fd(), and the code path does not guard against NULL. This can cause segmentation faults (e.g., bpftool failing to load pro...

CVE-2024-39464

CVE-2024-39464 (Linux kernel) : The vulnerability lies in media: v4l: async: Fix notifier list entry init. The v4l2_async_notifier struct contains several list_head members, but notifier_entry was left zeroed while waiting_list and done_list were initialized, causing an uninitialized list_head. T...

CVE-2024-41037

CVE-2024-41037 affects the Linux kernel ASoC: SOF Intel ASoC HDA path. The vulnerability arises during system suspend entry when a stream is active: the core calls hw_params_upon_resume(), and on Intel platforms using HDA DMA this leads to a call chain that hits a null dereference. Specifically, ...

CVE-2024-42242

In CVE-2024-42242, the Linux kernel mmc: sdhci driver had a mismatch between two checks for max_segment_size. max_size was forced to PAGE_SIZE by blk_queue_max_segment_size() when it was below PAGE_SIZE, while blk_validate_limits() treated a max_segment_size below PAGE_SIZE as an error (returning...

CVE-2024-46833

CVE-2024-46833 is a Linux kernel vulnerability in the net:hns3 driver where SSU reg info reads loop up to tnl_num, which is hw-derived and not the array length, causing an out-of-bounds read. The description states the fix is to bound the loop so it does not exceed the array length. The connected...

CVE-2024-47729

CVE-2024-47729 affects the Linux kernel DRM-XE path. Affected component: user binds mapping to engines that can fault; the completion order can cause a deadlock between user binds and faulting devices. Root cause: binding to engines on faulting devices can deadlock due to how fault handling inter...

CVE-2024-56560

CVE-2024-56560: In the Linux kernel slab allocator, a too-strict alignment check in kmem_cache_create_args caused a kernel panic on m68k due to io_kiocb slab creation. The issue occurs because the minimum alignment of unsigned long can be 2 bytes on m68k, so assuming a fixed 4/8-byte alignment is...

CVE-2024-56655

Summary of CVE-2024-56655 (Linux kernel nf_tables) : The vulnerability arises from deferring rule destruction in nf_tables via call_rcu, where nf_tables_chain_destroy can sleep and is not safe to run from call_rcu callbacks. nf_tables_rule_release() is only safe for error unwinding while a transa...

CVE-2025-21789

CVE-2025-21789 concerns the Linux kernel IP checksum code. The issue arises from the LoongArch path where commit 69e3a6aa6be2 introduced a negative-length OoB access/undefined shift in the IP checksum, which could trigger an out-of-bounds read under certain conditions. A corresponding ARM64 fix w...

CVE-2025-21939

CVE-2025-21939 concerns the Linux kernel drm/xe/hmm path. The vulnerability stems from pnfs obtained via hmm_range_fault() referencing pages without holding the notifier lock, risking dereferencing struct page pointers and dirty/accessed marks. The fix builds the sg-table manually and maintains t...

CVE-2025-21988

CVE-2025-21988 affects the Linux kernel’s fs/netfs/read_collect logic. When multiple subrequests donate data to the same next request, the prev_donated field can be overwritten, causing data corruption and a BUG() crash ("Can't donate prior to front"). The issue has been resolved in the kernel (p...

CVE-2025-37906

CVE-2025-37906 arises in the Linux kernel’s ublk subsystem, due to a race between io_uring_cmd_complete_in_task and ublk_cancel_cmd. The description states that ublk_cancel_cmd() may call io_uring_cmd_done() to complete uring_cmd, while task work scheduled by io_uring_cmd_complete_in_task() could...

CVE-2025-37919

CVE-2025-37919 affects the Linux kernel (AMD SoC ASoC/ACPi2S) via a NULL pointer dereference in the function acp_i2s_set_tdm_slot . The root cause is dereferencing a NULL chip data reference when updating ACPI/I2S state. The remediation, as stated in the description, is to update chip data using ...

CVE-2025-37965

Concretely described CVE-2025-37965 affects the Linux kernel DRM/AMD display code. The root cause is GFP_KERNEL memory allocations in populate_dml_plane_cfg_from_plane_state(), which are unsafe in atomic contexts. The fix removes dynamic allocations by passing a pointer to scaler_data within the ...

CVE-2025-38018

CVE-2025-38018 affects the Linux kernel TLS stack. The vulnerability triggers a kernel NULL pointer dereference and panic when alloc_page fails in the TLS receive path, because frag_list handling (and full_len) isn’t reset, leading to use of a detached rcvq. The issue was fixed in the kernel; Ubu...

CVE-2025-38044

CVE-2025-38044 affects the Linux kernel cx231xx media subsystem. The video_device for the MPEG encoder did not set device_caps, preventing registration and causing a WARN_ON. The fix adds device_caps for the 417 decoder path so the video device can register normally. This addresses a local-priori...

CVE-2025-38145

CVE-2025-38145 affects the Linux kernel in the ASPEED SoC driver (aspeed_lpc_enable_snoop). The vulnerability is due to not checking the return value of devm_kasprintf(), which can return NULL on memory allocation failure, leading to a NULL pointer dereference. The connected documentation confirm...

CVE-2025-38147

Technical details about CVE-2025-38147 (affected software, impact, exploitability, and fix specifics) are not publicly provided in the supplied documents. Please monitor for updates from vendors and security bulletins.

CVE-2025-38151

Technical details about CVE-2025-38151 are not publicly provided in the supplied documents; no explicit information on affected kernel versions, root cause, impact, or patch is included. Monitor for updates.

CVE-2025-38154

CVE-2025-38154 affects the Linux kernel sockmap path (bpf/sockmap) where sk->sk_socket can be used after free due to a race with backlog/thread close paths. The description in the connected documents explains that sk_socket is not locked/referenced in the backlog, enabling a race with the rele...

CVE-2025-38167

The CVE-2025-38167 entry pertains to the Linux kernel, specifically the ntfs3 filesystem driver. Root cause: hdr_first_de() may return NULL, and error handling for this return value should be implemented consistently. The description notes that error handling already exists at other call sites. I...

CVE-2025-38186

CVE-2025-38186 (Linux kernel, bnxt_en/RoCE driver) : The issue arises from a double invocation path where bnxt_ulp_stop() and bnxt_ulp_start() can be invoked in sequence after bnxt_ulp_restart(), causing the RoCE driver’s aux driver suspend() to run twice and potentially dereference a NULL pointe...

CVE-2025-38189

CVE-2025-38189: In the Linux kernel, the drm/v3d driver was updated to avoid a NULL pointer dereference in v3d_job_update_stats(). The issue manifested as an oops and a kernel panic when a file descriptor associated with GPU jobs was closed before submitted jobs finished, leading to an attempt to...

CVE-2025-38259

The CVE CVE-2025-38259 affects the Linux kernel ASoC: codecs/wcd9335 regulator handling. The issue was that the driver acquired and enabled regulator supplies in probe paths (wcd9335_parse_dt, wcd9335_power_on_reset) but failed to cleanup in error paths and unbind, causing memory leaks and an unb...

CVE-2025-38263

The CVE-2025-38263 issue in the Linux kernel affects the bcache subsystem, specifically a NULL pointer dereference in cache_set_flush() that could occur during error handling in register_cache_set()/bch_cache_set_alloc(). The crash path can lead to kernel oops and a NULL dereference when cache se...

CVE-2025-38264

CVE-2025-38264 : In the Linux kernel nvme-tcp code, a flaw in nvme_tcp_handle_r2t allows a malicious R2T PDU to be injected into the request list if the request is not properly validated against the list, enabling a loop in list processing. The issue was fixed by sanitizing the request list handl...

CVE-2025-38265

The CVE-2025-38265 issue affects the Linux kernel in the serial/jsm path (jsm_uart_port_init). The root cause is a NULL pointer dereference in serial_base_ctrl_add when no device is set, leading to a crash in serial_core_register_port during probe. The provided data notes a fix and references ker...

CVE-2025-38275

The CVE-2025-38275 entry concerns the Linux kernel, fixing a NULL vs IS_ERR() bug in the qcom-qmp-usb driver. The qmp_usb_iomap() helper previously returned devm_ioremap() results directly for non-exclusive mappings, which could be NULL. If callers only checked IS_ERR(), a NULL pointer could bypa...

CVE-2025-38279

CVE-2025-38279: Linux kernel bpf verifier backtracking bug in __mark_chain_precision (verifier) when handling precise registers; a test demonstrating a r10-related path and a patch that stops including stack ptr in precision backtracking was provided. Affected component: Linux kernel BPF verifier...

CVE-2025-38300

CVE-2025-38300: In the Linux kernel sun8i-ce-cipher path (sun8i_ce_cipher_prepare), two DMA cleanup issues on the error path are fixed. 1) On the theend_sgs error path, dma_unmap is now performed only if the corresponding dma_map_sg() succeeded for areq->dst. 2) On the theend_iv path, dma_unma...

CVE-2025-38346

CVE-2025-38346: Linux kernel ftrace UAF when lookup kallsyms after ftrace is disabled. Root cause: use-after-free accessing mod->name during module removal when ftrace_disable is active. Impact per CVSS: Local access with Low privileges required, High confidentiality/integrity/availability imp...

CVE-2025-38361

CVE-2025-38361 – Kernel (drm/amd/display) fix summary : In the Linux kernel’s AMD display driver, a null dereference could occur if dce_hwseq is used without a prior null check. The fix adds a guard to ensure dce_hwseq is checked before it is dereferenced in the relevant code path (the hws contex...

CVE-2025-38395

CVE-2025-38395 involves the Linux kernel regulator GPIO driver. The root cause is an out-of-bounds access in drvdata::gpiods because memory was allocated for only one pointer, while config::ngpios can exceed 1. The vulnerability can occur when more than one GPIO descriptor is configured. The fix ...

CVE-2025-38437

CVE-2025-38437 : In the Linux kernel, a use-after-free in ksmbd during oplock/lease break ack was fixed. If ksmbd_iov_pin_rsp returns an error, use-after-free can occur by accessing opinfo->state and opinfo_put, and ksmbd_fd_put could be called twice. The vulnerability affects the ksmbd compon...

CVE-2025-38455

CVE-2025-38455: Linux kernel KVM-SEV-ES intra-host migration is rejected when vCPU creation is in-flight to prevent SEV-ES VM with non-SEV-ES vCPU. Root cause: vCPU creation runs largely outside kvm->lock, allowing sev_info.es_active to toggle during svm_vcpu_create(), causing issues when free...

CVE-2025-38457

CVE-2025-38457 concerns a Linux kernel net/sched bug where grafting a qdisc to a non-existent parent class could cause a failure during qdisc initialization. The fix introduces early validation via qdisc_leaf so that attempting to attach to a non-class parent aborts before qdisc_create. Affected ...

CVE-2025-38473

CVE-2025-38473 affects the Linux kernel Bluetooth subsystem. A null-ptr-deref in l2cap_sock_resume_cb() can occur when handling l2cap sockets during resume/kill sequences. The fix adds a guard to ensure chan->data is not NULL, avoiding use-after-free/killed-socket access. The description refer...

CVE-2025-38478

CVE-2025-38478 concerns a Linux kernel bug in the Comedi driver where some subdevice instruction handlers may read uninitialized data. The issue arises because do_insn_ioctl() and do_insnlist_ioctl() allocate at least MIN_SAMPLES (16) data elements for instructions that write to a subdevice, but ...

CVE-2025-38483

CVE-2025-38483 concerns the Linux kernel’s comedi das16m1 IRQ validation. The test for valid IRQs uses a bitmask check on (1 <options[1]), but it->options[i] is an unchecked int from userspace, allowing the shift amount to be negative or out of bounds. The fix adds a bounds check on it->...

CVE-2001-0317

The CVE covers a race condition in Linux kernel ptrace handling that lets an unprivileged local user attach to and modify a running setuid process to gain root. Affected: Linux kernel 2.2.x and 2.4.x (ptrace/procfs/execve paths cited). Root cause: race in ptrace usage during privileged operations...

CVE-2004-0001

The CVE-2004-0001 issue is described across multiple advisories as a local privilege escalation in the AMD64 Linux kernel ptrace emulation, due to incorrect eflags handling in 32-bit ptrace. Affected: AMD64 Linux kernels; root cause: eflags processing in the ptrace emulation path; impact: local u...

CVE-2004-0010

This CVE describes a stack-based buffer overflow in the ncp_lookup function of ncpfs in Linux kernel 2.4.x, enabling local privilege escalation. The provided documents do not specify affected kernel versions beyond 2.4.x, nor remediation or exploit status. No connected documents add concrete tech...

CVE-2005-0531

CVE-2005-0531 refers to a bug in the Linux kernel (2.6.10 and 2.6.11 before 2.6.11-rc4) where the atm_get_addr function in addr.c could be triggered by negative length arguments, allowing a local user to overwrite substantial kernel memory. The issue stems from insufficient input validation in th...

CVE-2005-0815

CVE-2005-0815 affects the Linux kernel iso9660 filesystem handler in versions up to 2.6.11 (and earlier). The issue is described as multiple range-checking flaws in the ISO-9660 file system code, which could be triggered by mounting a crafted/corrupted ISO image on CD-ROM. Impact stated in connec...

CVE-2005-3275

CVE-2005-3275 describes a race in the Linux kernel NAT code (ip_nat_proto_tcp.c and ip_nat_proto_udp.c) where a variable is incorrectly declared static. This enables a remote attacker to cause memory corruption by NATing two packets for the same protocol simultaneously, leading to a denial of ser...

CVE-2005-3276

CVE-2005-3276 affects the Linux 2.6 kernel: the sys_get_thread_area path in process.c may copy an uninitialized data structure to userspace, exposing kernel memory to a local user. Affected versions are 2.6 before 2.6.12.4 and 2.6.13. The impact is information disclosure of kernel data to untrust...

CVE-2005-3356

CVE-2005-3356 is a kernel vulnerability in Linux 2.6.x where the mq_open system call can be tricked into decrementing an internal counter twice, potentially leading to a kernel panic and local denial of service. The connected documents describe the root cause as a faulty sequence in mntput/dentry...

CVE-2006-2448

Concrete details found: CVE-2006-2448 affects the Linux kernel on PowerPC, specifically versions before 2.6.16.21 and 2.6.17. The root cause is missing access_ok checks in PowerPC signal handling (signal_64.c, potentially signal_32.c). Impact as stated: local users could read arbitrary kernel mem...