CVE-2024-43844

CVE-2024-43844 affects the Linux kernel’s wifi rt w89 GTK offload path. The issue stems from rtw89_fw_h2c_wow_gtk_ofld handling, where a sk_buff could be oversized, causing skb_panic in net/core/skbuff.c and a kernel crash (BUG at skbuff.c:192). Affected data path: wow GTK offload H2C, leading to...

CVE-2024-44951

Idea: CVE-2024-44951 affects the Linux kernel’s serial driver for sc16is7xx (TX/RX channel handling).What’s affected: The regression caused by commit 4409df5866b7 that changed EFR locking to operate per channel introduced TX buffer data corruption where data from channel A could be written into c...

CVE-2024-53204

CVE-2024-53204 affects the Linux kernel Realtek USB PHY driver (rtk_usb3phy_probe). The root cause is a NULL dereference: devm_kzalloc() may return NULL in rtk_usb3phy_probe() and the value is not checked. The CVSS data indicates a Local attack vector, Low complexity, and High impact on availabil...

CVE-2024-56682

Summary (CVE-2024-56682) : In the Linux kernel RISCV IRQ domain handling, probing the APLIC driver before IMSIC can leave the parent MSI domain missing, causing a NULL pointer dereference in msi_create_device_irq_domain(). The fix defers the APLIC probe until the parent MSI domain is available an...

CVE-2024-58089

CVE-2024-58089 affects the Linux kernel (btrfs) and is due to a double accounting race in btrfs_run_delalloc_range() when it fails. The issue can cause a kernel crash/Oops with a sequence of BTRFS error messages and a kernel panic on configurations where block size is smaller than page size (4K v...

CVE-2025-21849

CVE-2025-21849: Linux kernel drm/i915/gt had potential deadlocks due to spin_lock/unlock() used in interrupt contexts. The fix saves irq state before acquiring locks. Version history shows v2 adds irq state save/restore around signal_irq_work locks; v3 uses spin_lock_irqsave() in guc_lrc_desc_unp...

CVE-2025-37848

The CVE-2025-37848 fix applies to the Linux kernel accel/ivpu MS IOCTLs path. It resolves a PM-related deadlock where runtime resume/suspend can be blocked while MS IOCTLs are in progress; a failed suspend would trigger ivpu_ms_cleanup() which attempts to acquire file_priv->ms_lock that is alr...

CVE-2025-38099

CVE-2025-38099 : In the Linux kernel, a SCO Bluetooth connection could lock up the controller if voice settings are not properly read or supported. SUSE/OpenSUSE advisories (e.g., openSUSE-SU-2025-20081-1) list CVE-2025-38099 among fixed kernel vulnerabilities with MEDIUM/LOW to HIGH impact range...

CVE-2025-38105

CVE-2025-38105 concerns the Linux kernel ALSA USB audio path. The issue arises when the USB-audio MIDI driver’s timer is initialized but the driver is freed without an explicit disconnect, potentially leaving an active timer and triggering a kernel warning under debug builds. The documented fix i...

CVE-2025-38126

CVE-2025-38126 affects the Linux kernel’s stmmac driver in timestamp configuration. The root cause is that clk_ptp_rate can become 0 (if clk_get_rate returns 0 and the driver does not override it), leading to a division by zero during PTP initialization. The issue is fixed by adding an explicit c...

CVE-2025-38136

The CVE-2025-38136 issue in the Linux kernel concerns Renesas USBHS on the RZ/V2H platform. Vulnerable path: in usbhs_probe(), clocks are sometimes not enabled before memory-mapped register access (iowrite16), causing a synchronous external abort. Root cause: initialization sequence in usbhs_prob...

CVE-2025-38148

CVE-2025-38148 affects the Linux kernel network driver path: net: phy: mscc. The issue is a memory leak when using one-step timestamping, where frames (skb) were not freed because the hardware may not generate an interrupt to signal timestamping. The described fix frees the frame in the one-step ...

CVE-2025-38154

CVE-2025-38154 affects the Linux kernel sockmap path (bpf/sockmap) where sk->sk_socket can be used after free due to a race with backlog/thread close paths. The description in the connected documents explains that sk_socket is not locked/referenced in the backlog, enabling a race with the rele...

CVE-2025-38160

CVE-2025-38160 affects the Linux kernel due to a NULL pointer dereference in the Raspberry Pi clock registration path. Specifically, raspberrypi_clk_register() does not handle a NULL return from devm_kasprintf(), which can occur if memory allocation fails. A fix has added a NULL check after devm_...

CVE-2025-38162

Summary: CVE-2025-38162 is a Linux kernel vulnerability in netfilter/nft_set_pipapo related to overflow in lookup table allocation. The description states the root cause as an overflow-prone calculation when determining the lookup table size. The fix involves guarding the multiplications with ove...

CVE-2025-38166

CVE-2025-38166 affects the Linux kernel’s BPF/KTLS path (sockmap) where bpf_exec_tx_verdict() can increase msg_pl->sg.size during cork handling, causing iov_iter_revert to miscalculate and potentially panic. The patch adjusts rollback logic to accommodate size changes and relies on zero-copy p...

CVE-2025-38187

Root-cause: In Linux kernel DRM Nouveau, a use-after-free occurs when sending large RPC fragments because the RPC container is freed prematurely after being passed to r535_gsp_rpc_send(). Fix: allocate a temporary RPC container for the initial fragment and free the caller’s container only after a...

CVE-2025-38197

CVE-2025-38197 affects the Linux kernel (platform/x86: dell_rbu). The root cause is using the wrong list head with list_for_each_entry*() when iterating the packet list, causing incorrect packet data reads via sysfs and a NULL pointer dereference when clearing the list. A patch fixes the issue by...

CVE-2025-38246

The CVE-2025-38246 issue is in the bnxt driver of the Linux kernel, where XDP_REDIRECT testing could trigger list corruption (next->prev vs prev) in the XDP redirect path, resulting in a kernel crash. The connected Astra/OpenSUSE/SUSE/NASL entries confirm the Linux kernel bnxt fix to properly ...

CVE-2025-38317

CVE-2025-38317 involves a buffer overflow in the Linux kernel wifi driver ath12k when writing to debugfs, causing memory corruption if more than 32 bytes are written. The issue is limited to debugfs and, per sources, is restricted to root users. Connected documents corroborate that this vulnerabi...

CVE-2025-38319

CVE-2025-38319 affects the Linux kernel’s DRM/AMD/PP path. The vulnerability arises because atomctrl_initialize_mc_reg_table() and atomctrl_initialize_mc_reg_table_v2_2() do not validate the return value of smu_atom_get_data_table(); if that call fails to obtain vram_info and returns NULL, a NULL...

CVE-2025-38320

CVE-2025-38320 affects the Linux kernel on arm64/ptrace, describing a stack-out-of-bounds read in regs_get_kernel_stack_nth() detected by KASAN. The issue is illustrated by a long kernel trace showing a read of size 8 at a stack address belonging to task 1.sh/2550, with the buggy frame located in...

CVE-2025-38326

CVE-2025-38326: Linux kernel AOE driver vulnerability where aoe device rq_list isn’t cleaned on down, causing blk_mq_freeze_queue() to sleep and hang. Fix clears the rq_list before blk_mq_freeze_queue(). No exploitation details provided; remediation is the kernel fix.

CVE-2025-38334

In CVE-2025-38334, the Linux kernel SGX path could reclaim EPC pages that are poisoned. Root cause: epc_page->poison is set during memory failure but the reclaimer logic does not check it, so poisoned EPC pages could be reclaimed and written out with EWB microcode operations, risking enclosure...

CVE-2025-38382

CVE-2025-38382 corresponds to a Linux kernel (btrfs) issue fixed in the log replay extref iteration. The root cause was an uninitialized victim_name.len when we jump to the next loop iteration from __inode_add_ref() while processing extrefs, leading to invalid memory access. The fix initializes v...

CVE-2025-38391

CVE-2025-38391 in the Linux kernel addresses a vulnerability in USB Type-C Alt Mode handling for DisplayPort. A misbehaving port partner could claim pin assignment capabilities beyond the valid range, causing an out-of-bounds access in pin_assignment_show. The fix adds a DP_PIN_ASSIGN_MAX constan...

CVE-2025-38406

CVE-2025-38406 affects the Linux kernel wifi driver ath6kl: the vulnerability originates from an unnecessary WARN_ON() when firmware input is bad. The description clarifies that bad firmware input is unrelated to the driver stack and does not constitute an exploitable condition; the fix instead p...

CVE-2025-38409

CVE-2025-38409 affects the Linux kernel, specifically the drm/msm path. The issue is a leak in the submit error path where put_unused_fd() fails to free the installed file if fd_install() has already occurred, leading to a leaked resource (sync_file). The patch fixes the leak by freeing the sync_...

CVE-2025-38416

Mode C: CVE-2025-38416 affects the Linux kernel NFC: nci: uart path. The vulnerability arises from setting tty->disc_data before the NCI device open/driver request succeeds, creating a small window where the device may start sending data and leaving state inconsistent on error paths. The fix e...

CVE-2025-38418

CVE-2025-38418 affects the Linux kernel remoteproc subsystem. The root cause is a failure path in rproc_attach() where, if rproc_handle_resources() fails while the remote processor is in state RPROC_DETACHED, rproc->clean_table is not released, leading to a memory leak (observed in a kworker t...

CVE-2025-38426

Technical details about CVE-2025-38426 are not provided in the supplied documents. Open items reference the issue at a high level; monitor for updates from the OSV/OpenVAS/Tenable sources for concrete affected components, root cause, and fixes.

CVE-2025-38427

Summary: CVE-2025-38427 in the Linux kernel fixes a framebuffer relocation bug where screen_info frames were tied to boot CPU addresses, not accounting for PCI host-bridge offsets. During boot, firmware may assign a different PCI memory offset, relocating PCI graphics framebuffer addresses. The k...

CVE-2025-38430

CVE-2025-38430 affects the Linux kernel NFS server (nfsd). The issue arises when processing NFSv4 compound requests; if the request is not NFSPROC4_COMPOUND, examining cstate may yield undefined results. A patch adds a guard to verify that the RPC procedure being executed is NFSPROC4_COMPOUND, pr...

CVE-2025-38443

CVE-2025-38443 affects the Linux kernel (nbd subsystem). A use-after-free occurs in the nbd_genl_connect() error path when nbd_start_device() is called but cleanup continues to use nbd->config, leading to freeing of memory in recv_work. The issue is triggered during certain error paths after d...

CVE-2001-0317

The CVE covers a race condition in Linux kernel ptrace handling that lets an unprivileged local user attach to and modify a running setuid process to gain root. Affected: Linux kernel 2.2.x and 2.4.x (ptrace/procfs/execve paths cited). Root cause: race in ptrace usage during privileged operations...

CVE-2003-0619

The CVE-2003-0619 issue is an Integer signedness error in the decode_fh function of nfs3xdr.c in the Linux kernel prior to 2.4.21. Remote attackers could trigger a denial of service (kernel panic) by supplying a negative size value within XDR data of an NFSv3 procedure call. Public references not...

CVE-2004-0003

Technical details for CVE-2004-0003 are not publicly available in the provided documents. No concrete description of affected component, root cause, or remediation is present; monitor for updates from the sources.

CVE-2004-0177

CVE-2004-0177 affects Linux 2.4.x (before 2.4.26) due to improper initialization of journal descriptor blocks in ext3, causing an information leak where in-memory kernel data could be written to the device and read back via raw-device access. Impact: privileged users could obtain portions of kern...

CVE-2004-0178

The vulnerability lies in the Linux 2.4.x sb16 Sound Blaster driver (OSS) in 16-bit mode; under odd-sized samples it can crash local users. Affects Linux 2.4.x before 2.4.26. Remediation: upgrade to Linux 2.4.26 or newer.

CVE-2004-1058

CVE-2004-1058 is a race-condition vulnerability in the Linux kernel that can allow a local user to read environment variables of another process that is still spawning via /proc/.../cmdline. The initial description specifies Linux kernel 2.6 as affected. Connected advisories confirm this CVE is r...

CVE-2004-1068

CVE-2004-1068 involves a missing serialization flaw in the unix_dgram_recvmsg path of Linux kernels 2.4.27 and earlier, and 2.6.x up to 2.6.9. The issue enables local users to potentially gain privileges due to a race condition. The description explicitly states the vulnerability is a local privi...

CVE-2004-1237

CVE-2004-1237 : A vulnerability in the system call filtering code of the Red Hat Enterprise Linux 3 audit subsystem could allow a local user to cause a denial of service (system crash) when auditing is enabled. The issue is addressed in the Red Hat kernel security advisory RHSA-2005:043, which up...

CVE-2005-3257

Summary: CVE-2005-3257 affects the Linux kernel (examples: 2.6.12 and possibly 2.6.14.4) where a local user can exploit the KDSKBSENT ioctl on terminals of other users to escalate privileges, demonstrated by modifying key bindings via loadkeys. Affected components: vt_ioctl.c in the VT subsystem ...

CVE-2005-3271

CVE-2005-3271 affects the Linux kernel 2.6 series. Description and multiple advisories (SUSE, Debian, Mandriva) show exec() does not properly clear posix-timers in multi-threaded environments, causing a resource leak. This can enable a large number of local users to cause a denial of service by e...

CVE-2006-0744

CVE-2006-0744 affects the Linux kernel before 2.6.16.5. The issue arises from handling uncanonical return addresses on Intel EM64T CPUs, where an exception is reported in SYSRET instead of the next instruction, causing the kernel exception handler to run on the user stack with an incorrect GS. Im...

CVE-2006-1525

CVE-2006-1525 affects the Linux kernel 2.6 series (before 2.6.16.8). The vulnerability arises in ip_route_input, where a local user can trigger a NULL pointer dereference by requesting a route for a multicast IP address, leading to a denial of service (panic). Public references in Debian/DSA advi...

CVE-2006-1857

The CVE-2006-1857 entry describes a buffer overflow in the SCTP implementation of the Linux kernel up to version 2.6.16.17. A remote attacker could trigger this via a malformed HB-ACK chunk, potentially causing a crash (DoS) and possibly executing arbitrary code. A fix is available in kernel 2.6....

CVE-2006-5174

CVE-2006-5174 concerns the Linux kernel 2.6 copy_from_user() implementation on s390/s390x where a local user could read kernel memory due to improper clearing of a kernel buffer. Affected platform: Linux kernel 2.6 before 2.6.19-rc1 on s390. The issue is an information leak (partial confidentiali...

CVE-2009-1388

CVE-2009-1388 affects the Linux kernel 2.6.18, where the ptrace_start function does not properly handle simultaneous execution with do_coredump, enabling local users to trigger a deadlock (DoS) via ptrace and a coredumping thread. The connected MiracleLinux doc explicitly lists CVE-2009-1388 amon...

CVE-2010-2538

CVE-2010-2538: Integer overflow in btrfs_ioctl_clone (fs/btrfs/ioctl.c) of the Linux kernel before 2.6.35 may allow local users to obtain sensitive information via BTRFS_IOC_CLONE_RANGE. Public references confirm impact on local privilege/user data exposure with no remote vector. Affected compone...