14330 matches found
CVE-2023-53092
The CVE-2023-53092 entry concerns a Linux kernel interconnect driver (exynos) where a node leak could occur in the PM QoS error path during probe. The documented fix ensures that the newly allocated interconnect node is added to the provider before the PM QoS request is applied, so that the node ...
CVE-2022-49929
CVE-2022-49929 relates to the Linux kernel RDMA/rxe path. The issue is a use-after-free-like leak in MR handling: rxe_recheck_mr() increments mr ref_cnt and, during RESPST_ERR_RNR, the code must call rxe_put(mr) to drop the extra reference to avoid a warning in __rxe_cleanup. The vulnerability is...
CVE-2022-49956
CVE-2022-49956 in the Linux kernel refers to a use-after-free bug in the rtl8712 staging driver. The issue arises because _Read/Write_MACREG callbacks are NULL, causing read/write_macreg_hdl() to only free the pcmd pointer. The fix removes these callbacks to prevent the use-after-free. The vulner...
CVE-2022-50002
CVE-2022-50002 concerns the Linux kernel where the LAG logic for MLX5 was fixed so that MLX5_LAG_FLAG_NDEVS_READY is set only when both netdevices are registered. The root cause was an asymmetry in how the flag is set vs cleared, which could leave the ready state set after one PF is unloaded, lea...
CVE-2022-50016
CVE-2022-50016 concerns the Linux kernel ASoC SOF Intel cnl driver. The issue arises when an IPC reply is processed before the FW_READY message, risking a NULL pointer dereference because reply_data is allocated only after FW_READY. The description notes this condition was observed with IPC4 firm...
CVE-2022-50030
CVE-2022-50030 is a vulnerability in the Linux kernel’s lpfc driver affecting debugfs input handling. According to the provided documents, malformed user input to debugfs can cause buffer overflow crashes due to input strings not fitting internal buffers (space for NULL terminators added). The CV...
CVE-2022-50040
CVE-2022-50040 affects the Linux kernel internal DSA path for sja1105 (net: dsa: sja1105). The vulnerability is a buffer overflow caused when an error occurs in dsa_devlink_region_create(), leading to a negative index (-1) access of priv->regions. The issue has been fixed in the cited commits,...
CVE-2022-50065
CVE-2022-50065 entry is rejected and does not represent an active vulnerability.
CVE-2022-50159
CVE-2022-50159 concerns the Linux kernel: the function that restores ima-kexec-buffer may read outside the addressable RAM if the previous kernel’s buffer lies beyond the new kernel’s memory map, risking kernel panic when booting with mem=X. A fix was implemented to validate the returned PFN rang...
CVE-2022-50166
CVE-2022-50166 affects the Linux kernel Bluetooth HCI subsystem. When the HCI work queue is drained, a delayed command could still be queued to the drained workqueue, triggering a timeout in hci_cmd_timeout and a kernel warning. The root cause is the draining of the command/event/data processing ...
CVE-2022-50187
CVE-2022-50187 involves the ath11k driver netdev open race in the Linux kernel. The issue occurs when ath11k_mac_op_start() runs before mon_reap_timer is set up, leading to a racing open() that can trigger a BUG_ON() in mod_timer(). The fixed advisory notes allocate necessary resources before dev...
CVE-2022-50221
CVE-2022-50221 : In the Linux kernel, the drm/fb-helper deferred I/O damage handling could compute an clipping range that allowed an out-of-bounds access when the fbdev screen buffer ended near the start of a page. The patch clamps the maximum memory range to the screen buffer size and also renam...
CVE-2023-20811
CVE-2023-20811 involves a boundary-check failure in the MediaTek IOMMU, causing an out-of-bounds write that could enable local privilege escalation with system privileges. Affected component: IOMMU sub-system (MediaTek). Root cause: missing bounds check leading to out-of-bounds write. Impact: loc...
CVE-2023-20838
CVE-2023-20838 concerns the imgsys component. Multiple connected sources confirm a race-condition–driven out-of-bounds read that can leak local information and, in some scenarios, enable system-level execution with user interaction required for exploitation. Affected references consistently descr...
CVE-2023-52744
CVE-2023-52744 concerns the Linux kernel RDMA/irdma path. The in_dev_get() function can return NULL, and the code may dereference idev in in_dev_for_each_ifa_rtnl(), causing a crash. A patch was added to check for NULL before dereferencing idev, mitigating the NULL pointer dereference. The issue ...
CVE-2023-52747
The CVE-2023-52747 issue affects the Linux kernel IB/hfi1 path and is caused by a resource leak that occurs when a copyout fails. The vulnerability is resolved by the kernel fix that restores allocated resources on failed copyout, preventing the leak. According to the provided description and met...
CVE-2023-52807
CVE-2023-52807 affects the Linux kernel net/hns3 driver. The vulnerability arises from an array of strings used to display coalesce info, which may allow out-of-bounds reads when the kernel adds a new mode or state and coalesce info is read via debugfs. A patch fixes the bound-checking/array sizi...
CVE-2023-52893
Summary: CVE-2023-52893 is a Linux kernel vulnerability where a call path using get_variable with a NULL attr triggers a null-deref/panic in the gsmi subsystem. Root cause: The patch accompanying the EFI varstore change (efi: pstore: Omit efivars caching EFI varstore access layer) added a new get...
CVE-2023-52907
The CVE-2023-52907 issue affects the Linux kernel NFC PN533 USB flow. A use-after-free occurs when in_urb completes before out_urb, freeing the transfer buffer skb in pn533_send_async_complete() earlier than the out_urb callback. The fix delays in_urb submission until the out_urb callback runs an...
CVE-2024-27409
The CVE-2024-27409 entry concerns the Linux kernel HDMA path of the dmaengine (dw-edma). The vulnerability stems from a race: the Linked list element/pointer may be written to memory and the doorbell register toggled before the full write completes, because the linked list and controller register...
CVE-2024-38636
CVE-2024-38636 (Linux kernel, f2fs multi-device support) : The issue occurs when using multiple block devices with F2FS where reads on the non-primary device are mapped to the first block (address 0). This causes f2fs_map_blocks() to return a valid zero block address, but f2fs_iomap_begin() treat...
CVE-2024-43838
CVE-2024-43838 affects the Linux kernel BPF path. The root cause is an incorrect overflow check in adjust_jmp_off(), where insn->imm was used for all overflow checks instead of insn->off for the general jump case. The issue is resolved by using insn->off for the overflow check in the gen...
CVE-2024-53204
CVE-2024-53204 affects the Linux kernel Realtek USB PHY driver (rtk_usb3phy_probe). The root cause is a NULL dereference: devm_kzalloc() may return NULL in rtk_usb3phy_probe() and the value is not checked. The CVSS data indicates a Local attack vector, Low complexity, and High impact on availabil...
CVE-2024-56730
CVE-2024-56730: In the Linux kernel, a memory allocation failure in net/9p/usbg (trans_usbg.c) was fixed by correcting kzalloc() failure handling to return NULL instead of ERR_PTR. The issue was detected in linux-next (next-20241108, vanilla kernel) and could affect memory exhaustion scenarios. T...
CVE-2025-21851
CVE-2025-21851 — Linux kernel (ARM64 64KB pages) The issue caused segmentation faults and soft lockups on aarch64 kernels with 64KB page size when arena_htab tests ran. Root cause: arena_map_free() can pass an unaligned address to apply_to_pte_range() via bpf_arena_get_kern_vm_start() if the addr...
CVE-2025-21860
The CVE-2025-21860 entry relates to a Linux kernel zswap bug in which inconsistent accounting occurs when zswap_store_page() fails to swap an entire folio after some base pages were swapped. The root cause was skipping charging zswap entries on failed swaps, which could lead to uncharged entries ...
CVE-2025-37868
Technical details beyond the initial Linux kernel description are not provided in the connected documents. Monitor for updates; this entry notes a fix for notifier vs folio deadlock in drm/xe/userptr in the Linux kernel, cherry-picked from a commit.
CVE-2025-37977
The CVE-2025-37977 issue affects the Linux kernel SCSI UFS Exynos path. Root cause: when the dma-coherent property is not set, descriptors become non-cacheable and iocc shareability bits must be disabled; otherwise UFS may configure incompatibly and experience random cache-related stability issue...
CVE-2025-38034
CVE-2025-38034 : The connected Azure Linux 3.0 Nessus entry confirms a Linux kernel issue affecting btrfs paths where btrfs__prelim_ref calls wrong order of oldref/newref, causing a NULL pointer dereference in trace_btrfs_prelim_ref_insert(). The backtrace shows the call path ending in prelim_ref...
CVE-2025-38075
CVE-2025-38075 affects the Linux kernel’s SCSI target (iscsi). The issue stems from the nopin response timer potentially restarting after expiration on a deleted connection, leading to a NULL pointer dereference when handling NOPIN timeouts. The documented fix is to stop the nopin timer before st...
CVE-2025-38108
CVE-2025-38108 affects the Linux kernel’s network scheduler, specifically the RED qdisc. The issue is a race in __red_change() where the SFQ perturb timer can fire at an inopportune time, allowing an underflow of a parent qlen during a concurrent qdisc_tree_flush/backlog sequence. The race scenar...
CVE-2025-38112
CVE-2025-38112 (Linux kernel) : A TOCTOU race in sk_is_readable() can occur when a socket resides in a sockmap. If sk->sk_prot is reloaded after the initial check, sk->sk_prot->sock_is_readable may have become NULL, causing a potential null pointer dereference. The issue stems from the f...
CVE-2025-38131
CVE-2025-38131 affects the Linux kernel coresight subsystem. The issue arises when enabling an active config via cscfg_csdev_enable_active_config() but the config could be deactivated via configfs/sysfs during unloading, potentially leading to use-after-free of config_desc after the module unload...
CVE-2025-38198
CVE-2025-38198 – Linux kernel fbcon : A fix resolves an out-of-bounds access when writing to store_modes if con2fb_map contains -1 for an unregistered console. The issue stems from fbcon_info_from_console accessing fbcon_registered_fb[con2fb_map[console]]; the patch changes this to handle invalid...
CVE-2025-38204
CVE-2025-38204 affects the Linux kernel’s JFS filesystem. The issue is an array-index-out-of-bounds read in add_missing_indices, where stbl (s8) must map to offsets 0–127. A bound check was added and -EIO is returned if the check fails; jfs_readdir is also updated to propagate errors from add_mis...
CVE-2025-38288
CVE-2025-38288 concerns the Linux kernel, fixed in the SUSE/OpenSUSE advisory as part of a kernel update. The vulnerability arises from calling smp_processor_id() in preemptible contexts within the smartpqi SCSI driver, which could lead to an invalid call trace and potential instability. The patc...
CVE-2025-38313
CVE-2025-38313 affects the Linux kernel in the bus: fsl-mc path. The issue is a double-free of mc_dev on error paths when the MC device is a DPRC, where mc_bus is allocated and mc_dev points to one field; only the mc_bus should be freed in that path. The description notes a fix/workaround impleme...
CVE-2025-38387
CVE-2025-38387 affects the Linux kernel’s RDMA/mlx5 subsystem. The issue arises when an obj_event is inserted into a list before its obj_sub_list is initialized, risking a poisonous pointer if the event is loaded immediately after insertion. The referenced fix initializes obj_event->obj_sub_li...
CVE-2025-38409
CVE-2025-38409 affects the Linux kernel, specifically the drm/msm path. The issue is a leak in the submit error path where put_unused_fd() fails to free the installed file if fd_install() has already occurred, leading to a leaked resource (sync_file). The patch fixes the leak by freeing the sync_...
CVE-2025-38416
Mode C: CVE-2025-38416 affects the Linux kernel NFC: nci: uart path. The vulnerability arises from setting tty->disc_data before the NCI device open/driver request succeeds, creating a small window where the device may start sending data and leaving state inconsistent on error paths. The fix e...
CVE-2025-38453
CVE-2025-38453 affects the Linux kernel: the io_uring/msg_ring path can free an io_kiocb at an unsafe time, leading to use-after-free scenarios. The documented fix defers freeing via RC/RCU mechanics by adding an rcU head and switching to kfree_rcu() in both the freeing paths (io_msg_tw_complete(...
CVE-2026-46113
CVE-2026-46113 (Linux kernel KVM x86 shadow paging use-after-free) is a resolved vulnerability in the KVM shadow paging path. The issue arises when the shadow MMU computes GFNs for direct shadow pages using sp->gfn plus the SPTE index and guest page-table modifications between VM entries can c...
CVE-2004-0178
The vulnerability lies in the Linux 2.4.x sb16 Sound Blaster driver (OSS) in 16-bit mode; under odd-sized samples it can crash local users. Affects Linux 2.4.x before 2.4.26. Remediation: upgrade to Linux 2.4.26 or newer.
CVE-2004-1016
CVE-2004-1016 affects the Linux kernel (2.4.x up to 2.4.28 and 2.6.x up to 2.6.9) where the scm_send function in the kernel SCM layer can be triggered by local users. By crafting auxiliary messages passed to sendmsg, this can lead to a deadlock and a system hang (denial of service). Public record...
CVE-2005-0135
Technical details for CVE-2005-0135 are not publicly provided in the connected documents. The sources reference kernel updates and include CVE lists, but do not specify affected products/versions, root cause, impact, or remediation. Monitor for updates.
CVE-2005-3257
Summary: CVE-2005-3257 affects the Linux kernel (examples: 2.6.12 and possibly 2.6.14.4) where a local user can exploit the KDSKBSENT ioctl on terminals of other users to escalate privileges, demonstrated by modifying key bindings via loadkeys. Affected components: vt_ioctl.c in the VT subsystem ...
CVE-2006-1525
CVE-2006-1525 affects the Linux kernel 2.6 series (before 2.6.16.8). The vulnerability arises in ip_route_input, where a local user can trigger a NULL pointer dereference by requesting a route for a multicast IP address, leading to a denial of service (panic). Public references in Debian/DSA advi...
CVE-2006-1857
The CVE-2006-1857 entry describes a buffer overflow in the SCTP implementation of the Linux kernel up to version 2.6.16.17. A remote attacker could trigger this via a malformed HB-ACK chunk, potentially causing a crash (DoS) and possibly executing arbitrary code. A fix is available in kernel 2.6....
CVE-2006-4623
The vulnerability CVE-2006-4623 affects the Linux kernel DVB ULE decapsulation path: Unidirectional Lightweight Encapsulation (ULE) in dvb-core/dvb_net.c of the kernel 2.6.17.8. A remote attacker can cause a denial of service (crash) by sending a ULE packet with an SNDU length of 0. Public adviso...
CVE-2006-5174
CVE-2006-5174 concerns the Linux kernel 2.6 copy_from_user() implementation on s390/s390x where a local user could read kernel memory due to improper clearing of a kernel buffer. Affected platform: Linux kernel 2.6 before 2.6.19-rc1 on s390. The issue is an information leak (partial confidentiali...