CVE-2025-21849

CVE-2025-21849: Linux kernel drm/i915/gt had potential deadlocks due to spin_lock/unlock() used in interrupt contexts. The fix saves irq state before acquiring locks. Version history shows v2 adds irq state save/restore around signal_irq_work locks; v3 uses spin_lock_irqsave() in guc_lrc_desc_unp...

CVE-2023-52807

CVE-2023-52807 affects the Linux kernel net/hns3 driver. The vulnerability arises from an array of strings used to display coalesce info, which may allow out-of-bounds reads when the kernel adds a new mode or state and coalesce info is read via debugfs. A patch fixes the bound-checking/array sizi...

CVE-2023-52901

The CVE-2023-52901 entry affects the Linux kernel USB xHCI host controller handling. The vulnerability arises when URBs are queued to all endpoints while the host is unresponsive, risking a NULL pointer dereference and kernel panic if an endpoint is dereferenced after becoming invalid. The fix ad...

CVE-2023-52983

The CVE-2023-52983 issue affects the Linux kernel’s bfq (multiqueue block I/O) subsystem. It describes a use-after-free (UAF) where bic_set_bfqq() could access a bfqq after it had been freed in certain contexts. The root cause was that bfqq was freed in the wrong place relative to bic_set_bfqq(),...

CVE-2023-53030

CVE-2023-53030 affects the Linux kernel in octeontx2-pf where GFP_KERNEL was used in a context with preemption disabled, triggering a warning (CONFIG_DEBUG_ATOMIC_SLEEP) and potential sleeping in atomic context. The issue is resolved by avoiding GFP_KERNEL in atomic contexts and disabling preempt...

CVE-2023-53138

CVE-2023-53138 corresponds to a Linux kernel vulnerability in the net/caif stack (cfusbl_device_notify). When NETDEV_UNREGISTER is delivered multiple times during device teardown, a use-after-free can occur and there can be an imbalance in the module’s reference count, potentially freeing the par...

CVE-2024-26762

In CVE-2024-26762, the Linux kernel patch fixes a CXL error-handling path where the CXL.mem device detach flow could lead to a crash during AER handling. Specifically, the code previously reaped RAS status registers after unbinding the memdev, which could crash on a subsequent AER notification wh...

CVE-2024-27061

CVE-2024-27061 affects the Linux kernel crypto sun8i-ce path (sun8i_ce_cipher_do_one) due to a use-after-free in unprepare. The root cause is use-after-free of memory when client callbacks may free memory before sun8i_ce_cipher_unprepare is called, leading to a potential pointer dereference and a...

CVE-2024-38561

CVE-2024-38561 is a Linux kernel vulnerability in kunit: Fix kthread reference. A race exists where a kthread finishes after the deadline but before kthread_stop(), which may lead to a use-after-free. The connected Nessus/NASL entry confirms a patch addressing the kunit kthread reference issue (C...

CVE-2024-38592

CVE-2024-38592 relates to the Linux kernel’s drm/mediatek code: when conn_routes is true an extra slot is allocated for ddp_comp but mtk_drm_crtc_create() didn’t initialize it in a test path, causing a crash while traversing the ddp_comp array in mtk_drm_crtc_mode_valid(). The issue appears mitig...

CVE-2024-38636

CVE-2024-38636 (Linux kernel, f2fs multi-device support) : The issue occurs when using multiple block devices with F2FS where reads on the non-primary device are mapped to the first block (address 0). This causes f2fs_map_blocks() to return a valid zero block address, but f2fs_iomap_begin() treat...

CVE-2024-40926

CVE-2024-40926 affects the Linux kernel DRM Nouveau driver. The issue occurs when runtime PM resumes on headless cards that lack display hardware, where hpd_work and hpd_lock are left uninitialized and scheduling hpd_work triggers a BUG. The patch adds a headless flag to DRM and instructs the sys...

CVE-2024-42113

CVE-2024-42113 affects the Linux kernel: net: txgbe: initialize num_q_vectors for MSI/INTx interrupts. When MSI/INTx are used, wx->num_q_vectors remains uninitialized, causing a kernel panic in wx_alloc_q_vectors() when allocating queue vectors. The description confirms the issue is resolved i...

CVE-2025-21709

CVE-2025-21709 (Linux kernel) involves a race in dup_mmap() that can leave an incomplete mm_struct in an unsafe state when forking or mmap-failure paths are hit. The patch adds MMF_OOM_SKIP to avoid iterating vmas on the out‑of‑memory path and MMF_UNSTABLE to prevent use of a partially initialise...

CVE-2025-21800

CVE-2025-21800 : Linux kernel fix for net/mlx5: HWS, where definer’s HWS_SET32 macro used a negative bit offset, triggering UBSAN shift-out-of-bounds in drivers/net/ethernet/mellanox/mlx5/core/steering/hws/definer.c (offset -8). This is a local issue with high impact to confidentiality/integrity/...

CVE-2025-21851

CVE-2025-21851 — Linux kernel (ARM64 64KB pages) The issue caused segmentation faults and soft lockups on aarch64 kernels with 64KB page size when arena_htab tests ran. Root cause: arena_map_free() can pass an unaligned address to apply_to_pte_range() via bpf_arena_get_kern_vm_start() if the addr...

CVE-2025-21860

The CVE-2025-21860 entry relates to a Linux kernel zswap bug in which inconsistent accounting occurs when zswap_store_page() fails to swap an entire folio after some base pages were swapped. The root cause was skipping charging zswap entries on failed swaps, which could lead to uncharged entries ...

CVE-2025-23153

The CVE-2025-23153 entry is confirmed with concrete details in connected sources: Linux kernel affected area is arm/crc-t10dif, where a bug caused an out-of-scope array access in crc_t10dif_arch(). The issue is fixed by the patch(es) referenced from kernel stable commits, addressing the use-after...

CVE-2025-37868

Technical details beyond the initial Linux kernel description are not provided in the connected documents. Monitor for updates; this entry notes a fix for notifier vs folio deadlock in drm/xe/userptr in the Linux kernel, cherry-picked from a commit.

CVE-2025-38045

CVE-2025-38045 is a Linux kernel vulnerability affecting the wifi driver (iwlwifi). The issue arises from an incorrect order of debug actions; the fix adds a dump split and executes the FW reset in the middle of the dump rather than causing the FW to kill itself on error. This change means that s...

CVE-2025-38063

The CVE-2025-38063 entry concerns a Linux kernel vulnerability in the Linux DM (device-mapper) path where a bio submitted with REQ_PREFLUSH causes an unconditional IO throttle via wbt_wait, throttling the flush_bio that includes REQ_OP_WRITE | REQ_PREFLUSH | REQ_SYNC. The root cause is throttling...

CVE-2025-38066

CVE-2025-38066 affects the Linux kernel in the dm-cache subsystem (policy SMQ). The issue arises when a cache device fails to resume due to mapping errors and a resumed operation is retried, which can leave a partially initialized policy object and trigger a BUG_ON during mapping reload. The conn...

CVE-2025-38067

CVE-2025-38067 : In the Linux kernel, the rseq registration path could segfault if the user-space rseq_cs field is non-zero. The field is supposed to be set to 0 before registration, but this wasn’t enforced, allowing a faulty rseq_cs value to cause a segfault when returning to user-space. The fi...

CVE-2025-38074

CVE-2025-38074 affects the Linux kernel vhost-scsi path used by virtio-scsi/QEMU. The root cause is a race where vq->log_base can be accessed after vq->log_used is set to false, because the completion path may evaluate log_used and then access log_base before proper synchronization. The fix...

CVE-2025-38091

CVE-2025-38091 affects the Linux kernel’s AMD display stack. It fixes a false positive warning in drm/amd/display when querying plane_id in DML21, which could trigger a warning during mode1 reset. The issue arises from insufficient checks in dml2_map_dc_pipes and is resolved by a patch cherry-pic...

CVE-2025-38098

CVE-2025-38098 affects the Linux kernel’s DRM/AMD display path. The vulnerability stems from improper handling of a wb (writeback) connector and an amdgpu_dmConnector, where dereferencing aconnector->base could lead to unintended behavior. The issue is localized (requires local access) and the...

CVE-2025-38106

Mode C: Concrete details found. The CVE-2025-38106 issue is in the Linux kernel io_uring/sqpoll path, where a use-after-free of sq->thread could occur when __io_uring_show_fdinfo() uses a freed task_struct. The SUSE/OpenSUSE advisory notes the fix: assign and look up sq->thread under RCU wi...

CVE-2025-38108

CVE-2025-38108 affects the Linux kernel’s network scheduler, specifically the RED qdisc. The issue is a race in __red_change() where the SFQ perturb timer can fire at an inopportune time, allowing an underflow of a parent qlen during a concurrent qdisc_tree_flush/backlog sequence. The race scenar...

CVE-2025-38120

CVE-2025-38120 affects the Linux kernel netfilter nf_set_pipapo_avx2. The issue: if the first field does not cover the entire start map, the remainder must be zeroed to prevent leaking bits into the next match round map. The early fix was incomplete and only addressed the generic C implementation...

CVE-2025-38131

CVE-2025-38131 affects the Linux kernel coresight subsystem. The issue arises when enabling an active config via cscfg_csdev_enable_active_config() but the config could be deactivated via configfs/sysfs during unloading, potentially leading to use-after-free of config_desc after the module unload...

CVE-2025-38138

CVE-2025-38138 concerns the Linux kernel TI DMA engine, specifically the ti udmaProbe path. The root cause is a NULL pointer dereference when devm_kasprintf() returns NULL due to memory allocation failure, because udma_probe() did not check this return value. The vulnerability is mitigated by a p...

CVE-2025-38153

CVE-2025-38153 (Linux kernel) is documented in connected sources as a vulnerability in the aqc111 USB network driver. The issue arises from incomplete sanitation of usbnet read results, where usbnet_read_cmd() may return fewer bytes than expected and aqc111_read_cmd() may not validate the result,...

CVE-2025-38198

CVE-2025-38198 – Linux kernel fbcon : A fix resolves an out-of-bounds access when writing to store_modes if con2fb_map contains -1 for an unregistered console. The issue stems from fbcon_info_from_console accessing fbcon_registered_fb[con2fb_map[console]]; the patch changes this to handle invalid...

CVE-2025-38203

The CVE-2025-38203 entry concerns the Linux kernel JFS file-system driver. A concurrency-related null pointer dereference in jfs_ioc_trim can occur when JFS_SBI(ipbmap->i_sb)->bmap is NULL and is dereferenced, leading to a kernel crash. The issue is tied to a previously fixed patch, but und...

CVE-2025-38210

CVE-2025-38210 concerns the Linux kernel in the configfs-tsm-report path. The root cause is a NULL-dereference risk when tsm_ops have been unregistered but certain code paths (tsm_report_privlevel_store(), tsm_report_provider_show()) did not verify the removal, leading to potential config-item ac...

CVE-2025-38216

CVE-2025-38216 (Linux kernel) affects iommu/vt-d context entry setup order for aliased PCI devices behind PCIe-to-PCI bridges. The issue arose after commit 2031c469f816 changed domain attach context entry setup from set-and-check to clear-and-reset, regressing PCI aliased devices and causing inpu...

CVE-2025-38260

CVE-2025-38260 concerns a Linux kernel bug in Btrfs where a corrupted csum (checksum) tree root could lead to a crash when mounting with rescue=ibadroots. The provided description details that normally this option should set BTRFS_FS_STATE_NO_DATA_CSUMS to skip csum searches for future data reads...

CVE-2025-38277

CVE-2025-38277 affects the Linux kernel mtd: nand: ecc-mxic code. The bug occurs when ctx->steps is zero: the loop over ECC steps is skipped and ret is left uninitialized, later checked/returned, causing undefined behavior and potential user-space disruption or kernel crashes. The fix initiali...

CVE-2025-38286

CVE-2025-38286 affects the Linux kernel with a fault in pinctrl/at91: at91_gpio_probe() not validating the OF alias, allowing out-of-bounds access to gpio_chips when indexing with an invalid value. The bug, which could be exposed if BUG() is compiled out, is mitigated by a kernel fix/workaround d...

CVE-2025-38288

CVE-2025-38288 concerns the Linux kernel, fixed in the SUSE/OpenSUSE advisory as part of a kernel update. The vulnerability arises from calling smp_processor_id() in preemptible contexts within the smartpqi SCSI driver, which could lead to an invalid call trace and potential instability. The patc...

CVE-2025-38293

Technical details (affected versions, vulnerable components, exploit conditions, and remediation steps) are not provided in the Connected documents. The Initial document offers a general description of the fix but lacks concrete/public technical specifics; monitor for updates.

CVE-2025-38310

CVE-2025-38310 refers to a Linux kernel vulnerability in seg6 where validation of nexthop addresses could read uninitialized memory if the provided length exceeded the actual data; the fix enforces that the provided length exactly matches the specified length. The connected advisories confirm the...

CVE-2025-38328

CVE-2025-38328 concerns the Linux kernel JFFS2 subsystem. The issue arises from insufficient validation after jffs2_prealloc_raw_node_refs() completion, allowing a null pointer dereference in jffs2_link_node_ref and leading to a local, attacker-controlled disruption as described by the Syzkaller ...

CVE-2025-38331

CVE-2025-38331 fixes a Linux kernel vulnerability in the cortina Ethernet driver where TOE/TSO must be used on all TCP traffic to prevent driver instability, lockups, and crashes. The issue arises from a mismatch between TOE and segmentation; the data path offloads IP/TCP parsing, checksums, and ...

CVE-2025-38364

CVE-2025-38364 pertains to Linux kernel Maple_tree: MA_STATE_PREALLOC handling in mas_preallocate. The flaw prevented allocations when MA_STATE_PREALLOC was set; preallocation checks could undercount, leading to a WARN_ON() and a subsequent null pointer dereference on larger future requests (e.g....

CVE-2025-38371

CVE-2025-38371 affects the Linux kernel DRM v3D component on Raspberry Pi; the issue occurs when an interrupt is triggered during GPU reset, potentially causing GPU hangs and a kernel NULL pointer dereference. The fix is to disable interrupts before resetting the GPU. The openSUSE/SUSE references...

CVE-2025-38377

CVE-2025-38377 : Linux kernel vulnerability in rose_rt_device_down() can cause use-after-free by corrupting the neighbour loop (loop bound altered and index increment after removal). A reverse-iteration fix with a fixed loop bound was applied to ensure all entries are examined and removals do not...

CVE-2025-38387

CVE-2025-38387 affects the Linux kernel’s RDMA/mlx5 subsystem. The issue arises when an obj_event is inserted into a list before its obj_sub_list is initialized, risking a poisonous pointer if the event is loaded immediately after insertion. The referenced fix initializes obj_event->obj_sub_li...

CVE-2025-38401

The CVE-2025-38401 issue affects the Linux kernel’s mtk-sd driver, where a DMA map failure in msdc_prepare_data() could lead to memory corruption if data DMA is started with stale settings. The vulnerability’s description and related advisories (including Debian LTS DLA entries and Amazon Linux A...

CVE-2025-38422

CVE-2025-38422 affects the Linux kernel lan743x PCI1xxxx device support. The fix modifies EEPROM and OTP size handling: maximum OTP size is now 8 KB and EEPROM size 64 KB for hearthstone PCI1xxxx devices, updates max size definitions, and ensures the correct EEPROM length is returned depending on...