CVE-2022-50098

CVE-2022-50098: Linux kernel SCSI qla2xxx crash due to stale SRB access during I/O timeouts; fix ensures SRB is returned during timeout escalation or fails escalation path if not possible. Connected advisories list the CVE but provide no technical details or patch specifics.

CVE-2022-50158

CVE-2022-50158 relates to the Linux kernel vulnerability in mtd: partitions where of_get_child_by_name() returns a node pointer with an incremented refcount and is not put back, leading to a refcount leak. The issue is fixed by adding a missing of_node_put() when the pointer is no longer needed. ...

CVE-2023-20811

CVE-2023-20811 involves a boundary-check failure in the MediaTek IOMMU, causing an out-of-bounds write that could enable local privilege escalation with system privileges. Affected component: IOMMU sub-system (MediaTek). Root cause: missing bounds check leading to out-of-bounds write. Impact: loc...

CVE-2023-20843

CVE-2023-20843 involves an out-of-bounds read in the imgsys_cmdq component caused by missing valid range checking. Impact: local information disclosure with the potential for system-level execution privileges required, and exploitation reportedly needs user interaction. Affected context is MediaT...

CVE-2023-20850

The CVE concerns the imgsys_cmdq component in MediaTek chips, where an out-of-bounds write can occur due to missing valid range checking. This could permit local escalation of privilege with system execution privileges required, and user interaction is needed for exploitation. Documented impact i...

CVE-2023-52744

CVE-2023-52744 concerns the Linux kernel RDMA/irdma path. The in_dev_get() function can return NULL, and the code may dereference idev in in_dev_for_each_ifa_rtnl(), causing a crash. A patch was added to check for NULL before dereferencing idev, mitigating the NULL pointer dereference. The issue ...

CVE-2023-53022

CVE-2023-53022 concerns a deadlock in the Linux kernel’s enetc driver. The vulnerability stems from a locking sequence in enetc_tx_onestep_tstamp() where a work item runs in process context with softirqs enabled and holds netif_tx_lock. If a transmission interrupt occurs, the NET_TX softirq can r...

CVE-2023-53029

The CVE-2023-53029 entry concerns the Linux kernel, specifically the octeontx2-pf driver. The vulnerability/issue arises from GFP_KERNEL usage in atomic contexts for the rt (real-time) kernel, triggering sleep warnings in atomic context (BUG: sleeping function called from invalid context) and rel...

CVE-2024-26729

In CVE-2024-26729, the Linux kernel’s DRM AMD display code (dc_dmub_srv) had potential null pointer dereferences in dc_dmub_srv_cmd_list_queue_execute() and dc_dmub_srv_is_hw_pwr_up(). The root cause was dereferencing the dc_dmub_srv pointer before a null check, which could crash or corrupt memor...

CVE-2024-35793

CVE-2024-35793 affects the Linux kernel debugfs remove path. The issue was a logic error in the removal cancelation flow: if a refcount is non-zero, cancellations must be triggered; otherwise, removal can finish without cancellations, but the existing loop could never run. The fix adjusts wait/ca...

CVE-2024-38306

Summary (CVE-2024-38306) A race in the Linux kernel’s Btrfs path: during allocation/attachment of an extent buffer, the code previously used page-private ownership under a lock, but a refactor (alloc_extent_buffer) enabled an allocate-then-attach sequence that may allow a competing release to und...

CVE-2024-39492

CVE-2024-39492 : The Linux kernel fix targets mailbox: mtk-cmdq where pm_runtime_get_sync() could warn during mbox shutdown. Root cause: return value of pm_runtime_get_sync() could be 1 when runtime is active, leading to a WARN_ON() trigger. The patch changes the conditional to treat WARN_ON() ca...

CVE-2024-42251

CVE-2024-42251 is a Linux kernel vulnerability that was resolved by removing folio_try_get_rcu() from mm: page_ref. The issue manifested as a kernel bug (invalid opcode) in non-SMP builds and was fixed in the upstream kernel (mm/gup.c) with the change in include/linux/page_ref.h:275. Affected com...

CVE-2024-43838

CVE-2024-43838 affects the Linux kernel BPF path. The root cause is an incorrect overflow check in adjust_jmp_off(), where insn->imm was used for all overflow checks instead of insn->off for the general jump case. The issue is resolved by using insn->off for the overflow check in the gen...

CVE-2024-46764

CVE-2024-46764 affects Linux kernel’s BPF/BTF handling: btf_name_valid_section() can pass an invalid 1-byte name if name[0] is a NULL byte, enabling an out-of-bounds condition. The fix adds a check for a NULL first byte and that the first character is printable. The initial entry indicates the vu...

CVE-2024-46789

CVE-2024-46789 (Linux kernel) details from connected documents show a concrete fix: in mm/slub, the tagging logic now checks s->flags in alloc_tagging_slab_free_hook to avoid calling alloc_tag_add when SLAB_NO_OBJ_EXT or SLAB_NOLEAKTRACE are set. This prevents the NULL ref (ref->ct) and the...

CVE-2024-56676

CVE-2024-56676 affects the Linux kernel, specifically in the thermal testing code. The issue arises when variables annotated with __free() are not initialized if the function can return before they are updated for the first time; upon function return, freeing these uninitialized pointers may cras...

CVE-2025-21644

CVE-2025-21644: Linux kernel DRM/xe tlb_invalidation bug. Root cause: GuC load failure could leave initialization incomplete, leading to NULL pointer dereference during wedging. Fix: move xe_gt_tlb_invalidation_init() to xe_gt_init_early() so locks/seqno are initialized early (software-only init)...

CVE-2025-21751

CVE-2025-21751 affects the Linux kernel net/mlx5 HWS: when a firmware error occurs during the matcher disconnect flow, the kernel previously attempted to reconnect the matcher and could free a matcher that was still on the list, causing use-after-free and a crash. The patch changes the error path...

CVE-2025-37895

The CVE affects the Linux kernel BNXT Ethernet driver (bnxt_en). The root cause is in bnxt_init_chip() where a failure path triggers cancel_work_sync() on uninitialized dim work because BNXT_STATE_NAPI_DISABLED is not set during bnxt_open(). The fix sets BNXT_STATE_NAPI_DISABLED during initializa...

CVE-2025-37896

CVE-2025-37896 addresses a divide-by-zero in spi-mem duration calculation (spi_mem_calc_op_duration) when dummy bytes are zero in certain SPI flash operations (e.g., Winbond SPINAND write_cache/update_cache). The fix skips the ncylcles calculation when dummy bytes are zero, preventing the divide ...

CVE-2025-37977

The CVE-2025-37977 issue affects the Linux kernel SCSI UFS Exynos path. Root cause: when the dma-coherent property is not set, descriptors become non-cacheable and iocc shareability bits must be disabled; otherwise UFS may configure incompatibly and experience random cache-related stability issue...

CVE-2025-38034

CVE-2025-38034 : The connected Azure Linux 3.0 Nessus entry confirms a Linux kernel issue affecting btrfs paths where btrfs__prelim_ref calls wrong order of oldref/newref, causing a NULL pointer dereference in trace_btrfs_prelim_ref_insert(). The backtrace shows the call path ending in prelim_ref...

CVE-2025-38075

CVE-2025-38075 affects the Linux kernel’s SCSI target (iscsi). The issue stems from the nopin response timer potentially restarting after expiration on a deleted connection, leading to a NULL pointer dereference when handling NOPIN timeouts. The documented fix is to stop the nopin timer before st...

CVE-2025-38112

CVE-2025-38112 (Linux kernel) : A TOCTOU race in sk_is_readable() can occur when a socket resides in a sockmap. If sk->sk_prot is reloaded after the initial check, sk->sk_prot->sock_is_readable may have become NULL, causing a potential null pointer dereference. The issue stems from the f...

CVE-2025-38115

CVE-2025-38115 — Linux kernel net_sched SFQ crash fix A vulnerability in the SFQ qdisc of net_sched allowed a crash when handling gso_skb due to an inflated sch->q.len after a blamed commit. This could enable an enqueue on an already-empty SFQ queue followed by an immediate drop. The issue was...

CVE-2025-38132

CVE-2025-38132 : Linux kernel coresight race condition when removing cscfg from csdev. The issue occurs if a module load and config deactivate path races with iterating/removing config_csdev_list entries while holding csdev->cscfg_csdev_lock, allowing an entry delete to race with an active con...

CVE-2025-38182

CVE-2025-38182 affects the Linux kernel ublk (userspace block driver). The connected advisories confirm the issue is fixed in the kernel by sanitizing arguments from userspace when adding a device and by sanity-checking the queue depth/number of queues obtained from userspace. Root cause: inadequ...

CVE-2025-38183

CVE-2025-38183 relates to a Linux kernel lan743x driver issue where lan743x_ptp_io_event_clock_get() could write past ptp->extts[] because LAN743X_PTP_N_EXTTS was 4 while channel could be up to 7. The root cause is an out-of-bounds write in extts[channel] when updating local timestamps. The fi...

CVE-2025-38256

CVE-2025-38256 involves io_uring/rsrc folio unpinning in the Linux kernel. The issue arises when pinning a folio’s tail page and then unpinning the head page via unpin_user_page*, which can trigger a debug warning in mm/gup.c. The provided connected Astra Linux bulletin confirms the root cause an...

CVE-2025-38282

CVE-2025-38282 affects the Linux kernel kernfs draining guard. The issue stems from a too-sensitive WARN in kernfs_should_drain_open_files() due to the active reference break/unbreak lifecycle, which can transiently misclassify legitimate callers as a condition requiring drain. Upstream fixes ind...

CVE-2025-38385

Summary: CVE-2025-38385 affects the Linux kernel in the LAN78xx USB Ethernet driver, where a WARN can be triggered during USB disconnect when NAPI is still enabled. Root cause (per provided data): In the disconnect path, netif_napi_del() was redundantly called even though unregister_netdev() hand...

CVE-2025-38389

CVE-2025-38389 affects the Linux kernel i915 DRM stack (drm/i915/gt). The vulnerability arises when ring submission allocation fails during VMA allocation, leaving the engine’s legacy timeline referenced and not released on driver unbind, potentially causing a left-held timeline and related insta...

CVE-2025-38451

CVE-2025-38451 affects the Linux kernel’s md/md-bitmap code. The issue caused a GPF in bitmap_get_stats() when handling external or internal bitmaps due to missing super-block validation. The fix adds a super-block existence check for both internal and external cases, preventing the non-canonical...

CVE-1999-0431

CVE-1999-0431 affects Linux kernels 2.2.3 and earlier, where a flaw in IP fragment handling lets a remote attacker perform an IP fragmentation attack to cause a denial of service. The Red Hat and CVE records consistently describe the issue as a remote DoS via IP fragmentation. Public details in t...

CVE-2002-1380

CVE-2002-1380 affects Linux kernel 2.2.x where a local user can cause a denial of service (crash) by invoking mmap() with PROT_READ to access non-readable memory pages via /proc/pid/mem. The underlying issue is a memory access vulnerability in the kernel that enables local DoS. Multiple connected...

CVE-2004-0138

CVE-2004-0138 affects the Linux kernel 2.4 series prior to 2.4.25. The vulnerability lies in the ELF loader: a crafted ELF with an invalid interpreter arch triggers a BUG() when an invalid VMA is unmapped, allowing local denial of service (crash). The issue is mitigated by upgrading to 2.4.25 or ...

CVE-2005-0135

Technical details for CVE-2005-0135 are not publicly provided in the connected documents. The sources reference kernel updates and include CVE lists, but do not specify affected products/versions, root cause, impact, or remediation. Monitor for updates.

CVE-2005-0529

CVE-2005-0529 concerns Linux kernel versions 2.6.10 and 2.6.11rc1-bk6, where proc_file_read and locks_read_proc use mismatched size types for offsets, causing a heap-based buffer overflow when a signed comparison yields negative values used in a positive context. Several connected advisories conf...

CVE-2005-0867

CVE-2005-0867 involves an integer overflow in the Linux kernel 2.6 sysfs_write_file() function. The Ubuntu USN-110-1 and Red Hat RHSA-2005:366 describe a local user could exploit this to crash the kernel or possibly execute code with root privileges by writing to a user-writable sysfs file under ...

CVE-2005-2973

CVE-2005-2973 : Linux kernel vn UDPv6 port handling flaw in udp_v6_get_port (in Linux 2.6 before 2.6.14-rc5) allows a local user, when IPv6 is enabled, to trigger an infinite loop and kernel crash (local DoS). Ubuntu advisory USN-219-1 references this CVE and notes kernel updates as remediation. ...

CVE-2005-3107

CVE-2005-3107 affects the Linux kernel 2.6 family, where a local attacker tracing a thread that shares the same memory map can cause a denial of service (deadlock) by forcing a core dump when the traced thread is in TASK_TRACED. Public advisories (e.g., RHSA-2006:0437, CESA-2006:0437) document th...

CVE-2005-3108

CVE-2005-3108 affects the Linux kernel 2.6 on AMD64 (and a bug in the ioremap() path). Local users could trigger a denial of service or information leak by performing an ioremap on a memory map and causing iounmap to look up a non-existent page. Public advisories from Debian, Ubuntu, Red Hat/Cent...

CVE-2005-3109

The CVE-2005-3109 entry affects the Linux 2.6 kernel HFS and HFS+ (hfsplus) modules. The issue allows a local attacker to cause a kernel oops/denial of service by mounting a filesystem that is not HFS/HFS+. Public disclosures in Debian (DSA-922-1) and Red Hat/CentOS advisories confirm this vulner...

CVE-2005-3857

The CVE-2005-3857 entry refers to a vulnerability in the Linux kernel before 2.6.15-rc3 where the time_out_leases function in locks.c can exhaust memory and fill system logs. Local attackers could trigger a denial of service by creating a large number of broken leases, pumping printk log messages...

CVE-2006-0558

CVE-2006-0558 affects the Linux kernel perfmon subsystem on IA-64. The vulnerability enables local users to trigger a denial of service (crash) by interrupting a task while another process is accessing the mm_struct, causing a BUG_ON in put_page_testzero. Public context across connected documents...

CVE-2006-1855

The CVE-2006-1855 case concerns Linux kernel code (choose_new_parent) containing obsolete debugging paths that can be exploited locally to cause a kernel panic/Denial of Service. The vulnerability is described as a local issue in the kernel prior to a fixed release (notably reflected across multi...

CVE-2007-3719

CVE-2007-3719 concerns the Linux kernel scheduler around version 2.6.16, which gives preference to “interactive” processes that perform voluntary sleeps. This bias can be exploited by a local user to trigger a denial of service via CPU consumption. The connected documents reiterate the vulnerabil...

CVE-2007-5498

The CVE-2007-5498 issue affects the Xen hypervisor block backend driver for Linux kernel 2.6.18. When running on a 64-bit host with a 32-bit paravirtualized guest, a local privileged user in the guest can trigger a denial of service (host OS crash) by issuing a request that specifies a very large...

CVE-2008-4302

CVE-2008-4302 affects the Linux kernel splice subsystem specifically fs/splice.c. The root cause is a failure in add_to_page_cache_lru, after which code attempts to unlock a page that was not locked, enabling a local user to trigger a kernel BUG and system crash (denial of service). Public adviso...