CVE-2006-2936

CVE-2006-2936 affects the ftdi_sio USB/serial driver in Linux kernels 2.6.x (up to at least 2.6.17). The issue lets local users trigger memory consumption DoS by writing more data to a serial port than the hardware can handle, causing queued data and potential resource exhaustion. Public referenc...

CVE-2007-2764

The CVE-2007-2764 entry concerns the embedded Linux kernel in certain Sun-Brocade SilkWorm switches prior to 20070516. The issue arises when a non-root user creates a kernel process, which can lead to a denial of service (kernel oops) and device reboot via unspecified vectors. The NVD entry assig...

CVE-2007-3851

CVE-2007-3851 affects the Linux kernel’s i915 DRM path on Intel 965-era chipsets. The flaw lets a local user with access to an X11 session and DRM write to arbitrary memory via a crafted batchbuffer, enabling privilege escalation. The issue is tied to the DRM/i915 driver before kernel 2.6.22.2. P...

CVE-2007-6694

CVE-2007-6694 : A NULL pointer dereference in the CHRP PowerPC kernel code (chrp_show_cpuinfo in setup.c) may be triggered when of_get_property fails, potentially enabling a local denial-of-service (crash) on Linux kernel 2.4.21–2.6.18-53 running on PowerPC. Connected advisories (RHSA/ELSA) indic...

CVE-2008-2365

CVE-2008-2365 describes a race condition in Linux kernel ptrace/utrace support (kernel 2.6.9–2.6.25) used by RHEL4. A local user can cause a denial of service (oops) by issuing a long sequence of PTRACE_ATTACH calls that trigger a conflict between utrace_detach and report_quiescent due to a late ...

CVE-2010-1641

CVE-2010-1641 affects the Linux kernel’s gfs2 file operations. MiracleLinux AXSA-2010-377:12 notes the affected kernel (2.6.18-194.3.AXS3) and flags that do_gfs2_set_flags does not verify file ownership, allowing local bypass via a SETFLAGS ioctl. The vulnerability corresponds to Linux kernels be...

CVE-2011-1023

CVE-2011-1023 affects the Linux kernel RDS (Reliable Datagram Sockets) subsystem prior to 2.6.38. The issue arises in congestion map updates, allowing a local, unprivileged user to trigger a denial of service (BUG_ON and system crash) via loopback (loop) or InfiniBand (ib) transmit vectors. The v...

CVE-2011-1476

CVE-2011-1476 is an integer underflow in the Linux kernel OSS subsystem (specifically the MIDI/OSS sequencer driver) before 2.6.39 on unspecified non-x86 platforms. It allows local users to cause a denial of service via memory corruption by crafting writes to /dev/sequencer. Publicly documented f...

CVE-2011-2184

The CVE-2011-2184 entry concerns Linux kernel prior to 2.6.39.1 where key_replace_session_keyring fails to initialize a structure member, enabling local users to trigger a NULL pointer dereference and system crash via KEYCTL_SESSION_TO_PARENT in keyctl. This is a distinct issue from CVE-2010-2960...

CVE-2011-2898

CVE-2011-2898 concerns the Linux kernel AF_PACKET implementation. The flaw allows local users to read potentially sensitive kernel memory by exploiting inadequate restrictions on VLAN Tag Control Information data structures. The vulnerability is described as a kernel information leak in the AF_PA...

CVE-2011-4324

The CVE-2011-4324 entry affects the Linux kernel, specifically the NFSv4 implementation. A bug in encode_share_access() within fs/nfs/nfs4xdr.c allows local attackers to cause a denial of service and system crash by using mknod on an NFSv4 filesystem. The vulnerability exists in versions of the k...

CVE-2013-2898

The CVE-2013-2898 entry concerns the Linux kernel HID subsystem, specifically drivers/hid/hid-sensor-hub.c. When CONFIG_HID_SENSOR_HUB is enabled, the vulnerability affects the kernel up through version 3.11 and allows physically proximate attackers to obtain sensitive information from kernel mem...

CVE-2014-9892

The CVE-2014-9892 issue affects the Linux kernel (up to 4.7) in the snd_compr_tstamp path used by Android on Nexus 5/7 devices. Root cause: snd_compr_tstamp does not initialize a timestamp data structure, enabling a crafted app to obtain sensitive information. Impact: information disclosure possi...

CVE-2016-4440

The CVE-2016-4440 issue affects the Linux kernel (up to 4.6.3) in arch/x86/kvm/vmx.c where APICv on/off state is mishandled. This allows guest OS users to access direct host APIC MSRs via x2APIC, enabling potential host denial of service (crash) or arbitrary code execution. A fix exists in the up...

CVE-2017-18552

CVE-2017-18552 affects the Linux kernel up to version 4.10 in net/rds/af_rds.c, where rds_recv_track_latency contains an out-of-bounds write and read. The connected Nessus advisories (Unity Linux UTSA advisories) mirror this issue and reference kernel versions before 4.11, with a commit in the Li...

CVE-2021-47294

The CVE-2021-47294 issue affects the Linux kernel NETROM implementation where sock timer handling changed to sock timer API. sk_reset_timer() may increase the sock refcount when called on an inactive timer, so if the timer expires the handler must decrease the refcount to avoid a leak. A patch (c...

CVE-2021-47296

CVE-2021-47296 affects the Linux kernel KVM on PPC. The issue is a leak in vcpu_load due to vcpu_put not being called when a user copy fails, which can corrupt preempt notifiers and cause crashes. The vulnerability is resolved via a kernel patch (details present in the connected advisories), with...

CVE-2021-47340

CVE-2021-47340 is a Linux kernel vulnerability in the JFS subsystem. The issue arises when diFree() processes an inode without a valid ipimap, causing a NULL dereference via JFS_IP(ipimap) and leading to a GFP-related fault. The fix prevents passing an inode with IPIMAP == NULL to diFree, avoidin...

CVE-2021-47444

CVE-2021-47444 relates to the Linux kernel DRM/EDID handling. The issue stems from connector_bad_edid() assuming the EDID buffer could hold edid[0x7e] + 1 blocks, while ignoring the actual allocated size indicated by num_blocks. A bounds check was added to prevent reading beyond allocated memory,...

CVE-2021-47536

CVE-2021-47536 – Linux kernel (net/smc) . A bug in smc_lgr_cleanup_early wrongly deletes the list head instead of the link group from the link group list, causing memory corruption and a list corruption panic. Affected: Linux kernel with SMC subsystem (as described in the provided advisories). Im...

CVE-2022-48639

CVE-2022-48639 involves a refcount leak in Linux kernel net: sched tc_new_tfilter(). The fix requires tfilter_put to release the refcount obtained from tp->ops->get when chain->tmplt_ops is non-NULL and differs from tp->ops. Connected sources confirm the vulnerability exists in the Li...

CVE-2022-48640

The CVE-2022-48640 entry documents a NULL dereference in the Linux kernel bonding subsystem. Root cause: when a bond is created with an initial mode other than Round Robin (mode != 0), the memory for the bonding.rr_tx_counter is not allocated, so switching modes later does not verify allocation, ...

CVE-2022-48723

CVE-2022-48723 : In the Linux kernel, the uniphier SPI driver’s probe code leaks refcounts for the dma_rx and dma_tx objects on several error paths when dma_get_slave_caps() or devm_spi_register_master() fail. The leak occurs because the reference count is not decremented in those error paths. Th...

CVE-2022-48751

CVE-2022-48751 is a Linux kernel vulnerability in the net/smc clcsock race that could cause a NULL pointer dereference when accessing clcsock after it is released (smc_setsockopt). The connected advisories/documentation describe a fix that hold-in release lock (clcsock_release_lock) and verify cl...

CVE-2022-48768

CVE-2022-48768 concerns a memory‑leak in the Linux kernel tracing/histogram path. The issue arises where kstrdup() allocates memory but kfree() is not called on an error path, leaving the memory allocated for data->params[i] (p) potentially unreleased. The described fix is to free the allocate...

CVE-2022-48787

The CVE-2022-48787 vulnerability concerns iwlwifi use-after-free in the Linux kernel. When no firmware is present or parsing fails, device_release_driver()/remove()/iwl_drv_stop() may free the drv struct, but the code can still access it. The fix involves avoiding the access after the object is f...

CVE-2022-48859

CVE-2022-48859 concerns the Linux kernel fix for a refcount leak in the marvell prestera path. The issue arises from a missing of_node_put() return value from of_find_compatible_node(), which increments a node’s refcount; without a corresponding of_node_put(), the reference could leak. The OSV en...

CVE-2022-48872

CVE-2022-48872 concerns a Linux kernel use-after-free race in the fastrpc maps. The vulnerability arises between fastrpc_map_get() and fastrpc_free_map(), where a concurrent thread could call fastrpc_map_lookup() and obtain a reference to a map about to be deleted, leading to a potential use-afte...

CVE-2022-49050

CVE-2022-49050 maps to a Linux kernel issue in memory: renesas-rpc-if where a flash platform-device leak could occur in the error path if registration fails during probe. The fixed code ensures the flash platform device is freed on probe error. The vulnerability is local in scope with a medium ba...

CVE-2022-49052

The CVE-2022-49052 entry concerns a Linux kernel zram swap issue: when CLONE_VM occurs, a race could map zeroed data to userspace due to swap_slot_free_notify not counting swap slots, enabling a process to observe or rely on incorrect data until the fix patches out that notification and relies on...

CVE-2022-49077

CVE-2022-49077 — Linux kernel : A vulnerability where an mremap(old_size=0) path could reach move_page_tables() and trigger unnecessary invalidate_range_start()/invalidate_range_end() on an empty range, causing a WARN in KVM mmu_notifier. The published fix is to short‑circuit with an early return...

CVE-2022-49233

The CVE-2022-49233 issue is in the Linux kernel DRM/AMD display path where a porting error left a stream assignment for a link encoder unreleased, causing a memory leak. The documented fix reintroduces the intended dc_stream_release() call to release the stream as part of the original patch. The ...

CVE-2022-49496

The CVE-2022-49496 entry concerns the Linux kernel Mediatek vcodec driver (mtk_vcodec_dec). If the driver runs in subdev mode, dev->pm.dev can be NULL during mtk_vcodec_dec_remove, causing a kernel crash on rmmod mtk-vcodec-dec.ko. All connected documents describe the crash scenario and indica...

CVE-2022-49510

CVE-2022-49510 concerns a Linux kernel issue in the DRM/OMAP driver where a NULL pointer (r_ovl) dereference occurs when accessing ovl->idx, triggering a NULL-deref in omap_overlay.c. The vulnerability stems from a coccicheck warning that was fixed by correcting r_ovl->idx to ovl->idx. T...

CVE-2022-49540

CVE-2022-49540 refers to a race in the Linux kernel’s RCU Tasks Rude grace-period handling. The issue occurs during boot when multiple CPUs come online and the rcu_tasks_rude_wait_gp() flow calls schedule_on_each_cpu(), which can mis-handle the online cpumask and produce a call trace in __flush_w...

CVE-2022-49560

Summary: CVE-2022-49560 affects the Linux kernel exfat code. A slab-out-of-bounds read in exfat_clear_bitmap was triggered by truncating to size 0, reported by Syzbot. Root cause/fix in connected docs: the patch moves the is_valid_cluster() helper from fatent.c to a common header to allow reuse, ...

CVE-2022-49628

Linux kernel CVE-2022-49628 concerns the net: stmmac driver leaking resources during probe. Connected documents confirm the vulnerability and provide a fix: two error paths in probe are corrected to clean up before returning, addressing leaks in the probe sequence. The affected component is the L...

CVE-2022-49738

Summary (CVE-2022-49738) : In the Linux kernel’s f2fs subsystem, a sanity check missing for .i_extra_isize in is_alive() leads to a potential slab-out-of-bounds access in data_blkaddr during garbage collection, as observed in the f2fs_gc path (gc_data_segment -> is_alive -> data_blkaddr -&g...

CVE-2022-49790

CVE-2022-49790 concerns a Linux kernel vulnerability in the input driver for iforce. Syzbot reports an uninitialized value in iforce_init_device(), stemming from a length-check bug: the code in 6ac0aec6b0a6 allowed a read because it compared the requested read size against a valid length that cou...

CVE-2022-50027

CVE-2022-50027 is a Linux kernel issue affecting the SCSI lpfc path, where a missing free for the iocbq on failure to issue the CMF WQE can cause a memory leak. The root cause is that if lpfc_sli4_issue_wqe fails (ret_val non-zero), the iocbq request structure is not consistently freed, leading t...

CVE-2022-50028

CVE-2022-50028 concerns the Linux kernel gadgetfs subsystem. The issue arises in gadgetfs: ep_io where, after usb_ep_queue(), if wait_for_completion_interruptible() is interrupted, the kernel must wait for the IRQ to finish; otherwise complete() called from epio_complete() can corrupt the stack. ...

CVE-2023-52645

CVE-2023-52645 is a Linux kernel race condition affecting mediatek power domains managed by genpd. The issue arises if power domains are registered first with genpd and later powered on in the driver’s probe, creating a potential race with genpd’s on/off operations. The described fix involves seq...

CVE-2023-52743

CVE-2023-52743 involves the Linux kernel. The issue arises when both the ice and irdma drivers are loaded: ice’s workqueue is created with the WQ_MEM_RECLAIM flag while irdma’s is not, triggering a warning in check_flush_dependency during memory reclamation. The root cause, per the advisory, is t...

CVE-2023-52747

The CVE-2023-52747 issue affects the Linux kernel IB/hfi1 path and is caused by a resource leak that occurs when a copyout fails. The vulnerability is resolved by the kernel fix that restores allocated resources on failed copyout, preventing the leak. According to the provided description and met...

CVE-2023-52790

The CVE-2023-52790 issue affects the Linux kernel swiotlb when CONFIG_SWIOTLB_DYNAMIC is enabled. The root cause is an out-of-bounds allocation on the free list for IO TLB slots, where swiotlb_area_find_slots() could allocate slots beyond a transient IO TLB buffer. The fix limits the free list le...

CVE-2023-52886

The CVE-2023-52886 entry describes a race in the Linux kernel USB core where hub_port_init() can overwrite udev->descriptor while read_descriptors() (sysfs.c) is reading it, enabling a slab-out-of-bounds read (KASAN) observed in syzbot. The root cause is a race between read_descriptors() and h...

CVE-2023-53032

CVE-2023-53032 concerns the Linux kernel netfilter/ipset bitmap_ip_create() overflow handling. When first_ip = 0, last_ip = 0xFFFFFFFF, and netmask = 31, the expression 2 <

CVE-2023-53054

CVE-2023-53054 affects the Linux kernel’s USB DWC2 driver (dwc2) where suspend/resume could leak device resources: __dwc2_lowlevel_hw_enable calls devm_add_action_or_reset() on every PM cycle, creating new devres entries; there is also a second issue where regulator_bulk_disable() is never invoke...

CVE-2023-53143

CVE-2023-53143 is a Linux kernel ext4 off-by-one fsmap bug for 1k-block filesystems. The crash stems from insufficient range validation in ext4_getfsmap_datadev when querying GETFSMAP, due to s_first_data_block being nonzero on 1k blocks, causing an underflow and invalid group calculation. A fix ...

CVE-2024-23196

CVE-2024-23196 : Astra Linux security bulletin reports a race condition in the Linux kernel sound/hda driver, in snd_hdac_regmap_sync(), which can trigger a NULL pointer dereference and may lead to a kernel panic or denial of service. This mirrors the initial description. The connected documents ...