CVE-2023-53093

In the Linux kernel, the following vulnerability has been resolved: tracing: Do not let histogram values have some modifiers Histogram values can not be strings, stacktraces, graphs, symbols,syscalls, or grouped in buckets or log. Give an error if a value is set todo so. Note, the histogram code wa...

CVE-2023-53138

In the Linux kernel, the following vulnerability has been resolved: net: caif: Fix use-after-free in cfusbl_device_notify() syzbot reported use-after-free in cfusbl_device_notify() [1]. Thiscauses a stack trace like below: BUG: KASAN: use-after-free in cfusbl_device_notify+0x7c9/0x870 net/caif/caif...

CVE-2024-27060

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Fix NULL pointer dereference in tb_port_update_credits() Olliver reported that his system crashes when plugging in Thunderbolt 1device: BUG: kernel NULL pointer dereference, address: 0000000000000020#PF: supervisor rea...

CVE-2024-35836

In the Linux kernel, the following vulnerability has been resolved: dpll: fix pin dump crash for rebound module When a kernel module is unbound but the pin resources were not entirelyfreed (other kernel module instance of the same PCI device have had keptthe reference to that pin), and kernel modul...

CVE-2024-38585

In the Linux kernel, the following vulnerability has been resolved: tools/nolibc/stdlib: fix memory error in realloc() Pass user_p_len to memcpy() instead of heap->len to prevent realloc()from copying an extra sizeof(heap) bytes from beyond the allocatedregion.

CVE-2024-39470

In the Linux kernel, the following vulnerability has been resolved: eventfs: Fix a possible null pointer dereference in eventfs_find_events() In function eventfs_find_events,there is a potential null pointerthat may be caused by calling update_events_attr which will performsome operations on the me...

CVE-2024-40964

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: cs35l41: Possible null pointer dereference in cs35l41_hda_unbind() The cs35l41_hda_unbind() function clears the hda_component entrymatching it's index and then dereferences the codec pointer held in thefirst element of t...

CVE-2024-41054

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix ufshcd_clear_cmd racing issue When ufshcd_clear_cmd is racing with the completion ISR, the completed tagof the request's mq_hctx pointer will be set to NULL by the ISR. Andufshcd_clear_cmd's call to ufshcd_mcq_...

CVE-2024-42075

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix remap of arena. The bpf arena logic didn't account for mremap operation. Add a refcnt formultiple mmap events to prevent use-after-free in arena_vm_close.

CVE-2024-42261

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Validate passed in drm syncobj handles in the timestamp extension If userspace provides an unknown or invalid handle anywhere in the handlearray the rest of the driver will not handle that well. Fix it by checking handle w...

CVE-2024-43836

In the Linux kernel, the following vulnerability has been resolved: net: ethtool: pse-pd: Fix possible null-deref Fix a possible null dereference when a PSE supports both c33 and PoDL, butonly one of the netlink attributes is specified. The c33 or PoDL PSEcapabilities are already validated in the e...

CVE-2024-44945

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink: Initialise extack before use in ACKs Add missing extack initialisation when ACKing BATCH_BEGIN and BATCH_END.

CVE-2024-44968

In the Linux kernel, the following vulnerability has been resolved: tick/broadcast: Move per CPU pointer access into the atomic section The recent fix for making the take over of the broadcast timer morereliable retrieves a per CPU pointer in preemptible context. This went unnoticed as compilers ho...

CVE-2024-44993

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Fix out-of-bounds read in v3d_csd_job_run() When enabling UBSAN on Raspberry Pi 5, we get the following warning: [ 387.894977] UBSAN: array-index-out-of-bounds in drivers/gpu/drm/v3d/v3d_sched.c:320:3[ 387.903868] index 7 ...

CVE-2024-44997

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk_wed: fix use-after-free panic in mtk_wed_setup_tc_block_cb() When there are multiple ap interfaces on one band and with WED on,turning the interface down will cause a kernel panic on MT798X. Previously, cb_priv w...

CVE-2024-45029

In the Linux kernel, the following vulnerability has been resolved: i2c: tegra: Do not mark ACPI devices as irq safe On ACPI machines, the tegra i2c module encounters an issue due to amutex being called inside a spinlock. This leads to the following bug: BUG: sleeping function called from invalid c...

CVE-2024-46672

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: cfg80211: Handle SSID based pmksa deletion wpa_supplicant 2.11 sends since 1efdba5fdc2c ("Handle PMKSA flush in thedriver for SAE/OWE offload cases") SSID based PMKSA del commands.brcmfmac is not prepared and tries ...

CVE-2024-49942

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Prevent null pointer access in xe_migrate_copy xe_migrate_copy designed to copy content of TTM resources. When sourceresource is null, it will trigger a NULL pointer dereference inxe_migrate_copy. To avoid this situation, u...

CVE-2024-50043

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix possible badness in FREE_STATEID When multiple FREE_STATEIDs are sent for the same delegation stateid,it can lead to a possible either use-after-free or counter refcountunderflow errors. In nfsd4_free_stateid() under the ...

CVE-2024-50114

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Unregister redistributor for failed vCPU creation Alex reports that syzkaller has managed to trigger a use-after-free whentearing down a VM: BUG: KASAN: slab-use-after-free in kvm_put_kvm+0x300/0xe68 virt/kvm/kvm_main.c...

CVE-2024-50190

In the Linux kernel, the following vulnerability has been resolved: ice: fix memleak in ice_init_tx_topology() Fix leak of the FW blob (DDP pkg). Make ice_cfg_tx_topo() const-correct, so ice_init_tx_topology() can avoidcopying whole FW blob. Copy just the topology section, and only whenneeded. Reus...

CVE-2024-50213

In the Linux kernel, the following vulnerability has been resolved: drm/tests: hdmi: Fix memory leaks in drm_display_mode_from_cea_vic() modprobe drm_hdmi_state_helper_test and then rmmod it, the followingmemory leak occurs. The mode allocated in drm_mode_duplicate() called bydrm_display_mode_from_...

CVE-2024-56536

In the Linux kernel, the following vulnerability has been resolved: wifi: cw1200: Fix potential NULL dereference A recent refactoring was identified by static analysis tocause a potential NULL dereference, fix this!

CVE-2024-56542

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix a memleak issue when driver is removed Running "modprobe amdgpu" the second time (followed by a modprobe -ramdgpu) causes a call trace like: [ 845.212163] Memory manager not clean during takedown.[ 845.212170] ...

CVE-2024-56617

In the Linux kernel, the following vulnerability has been resolved: cacheinfo: Allocate memory during CPU hotplug if not done from the primary CPU Commit 5944ce092b97 ("arch_topology: Build cacheinfo from primary CPU") adds functionality that architectures can use to optionally allocate andbuild ca...

CVE-2024-56655

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: do not defer rule destruction via call_rcu nf_tables_chain_destroy can sleep, it can't be used from call_rcucallbacks. Moreover, nf_tables_rule_release() is only safe for error unwinding,while transaction mute...

CVE-2024-56682

In the Linux kernel, the following vulnerability has been resolved: irqchip/riscv-aplic: Prevent crash when MSI domain is missing If the APLIC driver is probed before the IMSIC driver, the parent MSIdomain will be missing, which causes a NULL pointer dereference inmsi_create_device_irq_domain(). Av...

CVE-2024-58003

In the Linux kernel, the following vulnerability has been resolved: media: i2c: ds90ub9x3: Fix extra fwnode_handle_put() The ub913 and ub953 drivers call fwnode_handle_put(priv->sd.fwnode) aspart of their remove process, and if the driver is removed multipletimes, eventually leads to put "overfl...

CVE-2024-58089

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix double accounting race when btrfs_run_delalloc_range() failed [BUG]When running btrfs with block size (4K) smaller than page size (64K,aarch64), there is a very high chance to crash the kernel atgeneric/750, with the fol...

CVE-2025-21774

In the Linux kernel, the following vulnerability has been resolved: can: rockchip: rkcanfd_handle_rx_fifo_overflow_int(): bail out if skb cannot be allocated Fix NULL pointer check in rkcanfd_handle_rx_fifo_overflow_int() tobail out if skb cannot be allocated.

CVE-2025-21902

In the Linux kernel, the following vulnerability has been resolved: acpi: typec: ucsi: Introduce a ->poll_cci method For the ACPI backend of UCSI the UCSI "registers" are just a memory copyof the register values in an opregion. The ACPI implementation in theBIOS ensures that the opregion content...

CVE-2025-21989

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix missing .is_two_pixels_per_container Starting from 6.11, AMDGPU driver, while being loaded with amdgpu.dc=1,due to lack of .is_two_pixels_per_container function in dce60_tg_funcs,causes a NULL pointer dereferen...

CVE-2025-22112

In the Linux kernel, the following vulnerability has been resolved: eth: bnxt: fix out-of-range access of vnic_info array The bnxt_queue_{start | stop}() access vnic_info as much as allocated,which indicates bp->nr_vnics.So, it should not reach bp->vnic_info[bp->nr_vnics].

CVE-2025-37822

In the Linux kernel, the following vulnerability has been resolved: riscv: uprobes: Add missing fence.i after building the XOL buffer The XOL (execute out-of-line) buffer is used to single-step thereplaced instruction(s) for uprobes. The RISC-V port was missing aproper fence.i (i$ flushing) after c...

CVE-2025-37827

In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: return EIO on RAID1 block group write pointer mismatch There was a bug report about a NULL pointer dereference in__btrfs_add_free_space_zoned() that ultimately happens because aconversion from the default metadata pro...

CVE-2025-37888

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix null-ptr-deref in mlx5_create_{inner_,}ttc_table() Add NULL check for mlx5_get_flow_namespace() returns inmlx5_create_inner_ttc_table() and mlx5_create_ttc_table() to preventNULL pointer dereference.

CVE-2000-0344

The knfsd NFS server in Linux kernel 2.2.x allows remote attackers to cause a denial of service via a negative size value.

CVE-2001-0405

ip_conntrack_ftp in the IPTables firewall for Linux 2.4 allows remote attackers to bypass access restrictions for an FTP server via a PORT command that lists an arbitrary IP address and port number, which is added to the RELATED table and allowed by the firewall.

CVE-2001-0851

Linux kernel 2.0, 2.2 and 2.4 with syncookies enabled allows remote attackers to bypass firewall rules by brute force guessing the cookie.

CVE-2003-0956

Multiple race conditions in the handling of O_DIRECT in Linux kernel prior to version 2.4.22 could cause stale data to be returned from the disk when handling sparse files, or cause incorrect data to be returned when a file is truncated as it is being read, which might allow local users to obtain s...

CVE-2003-0986

Various routines for the ppc64 architecture on Linux kernel 2.6 prior to 2.6.2 and 2.4 prior to 2.4.24 do not use the copy_from_user function when copying data from userspace to kernelspace, which crosses security boundaries and allows local users to cause a denial of service.

CVE-2004-0415

Linux kernel does not properly convert 64-bit file offset pointers to 32 bits, which allows local users to access portions of kernel memory.

CVE-2005-0529

Linux kernel 2.6.10 and 2.6.11rc1-bk6 uses different size types for offset arguments to the proc_file_read and locks_read_proc functions, which leads to a heap-based buffer overflow when a signed comparison causes negative integers to be used in a positive context.

CVE-2005-0531

The atm_get_addr function in addr.c for Linux kernel 2.6.10 and 2.6.11 before 2.6.11-rc4 may allow local users to trigger a buffer overflow via negative arguments.

CVE-2005-3110

Race condition in ebtables netfilter module (ebtables.c) in Linux 2.6, when running on an SMP system that is operating under a heavy load, might allow remote attackers to cause a denial of service (crash) via a series of packets that cause a value to be modified after it has been read but before it...

CVE-2005-3179

drm.c in Linux kernel 2.6.10 to 2.6.13 creates a debug file in sysfs with world-readable and world-writable permissions, which allows local users to enable DRM debugging and obtain sensitive information.

CVE-2005-3858

Memory leak in the ip6_input_finish function in ip6_input.c in Linux kernel 2.6.12 and earlier might allow attackers to cause a denial of service via malformed IPv6 packets with unspecified parameter problems, which prevents the SKB from being freed.

CVE-2007-1388

The do_ipv6_setsockopt function in net/ipv6/ipv6_sockglue.c in Linux kernel before 2.6.20, and possibly other versions, allows local users to cause a denial of service (oops) by calling setsockopt with the IPV6_RTHDR option name and possibly a zero option length or invalid option value, which trigg...

CVE-2007-5498

The Xen hypervisor block backend driver for Linux kernel 2.6.18, when running on a 64-bit host with a 32-bit paravirtualized guest, allows local privileged users in the guest OS to cause a denial of service (host OS crash) via a request that specifies a large number of blocks.

CVE-2008-2944

Double free vulnerability in the utrace support in the Linux kernel, probably 2.6.18, in Red Hat Enterprise Linux (RHEL) 5 and Fedora Core 6 (FC6) allows local users to cause a denial of service (oops), as demonstrated by a crash when running the GNU GDB testsuite, a different vulnerability than CV...