CVE-2025-37932

In the Linux kernel, the following vulnerability has been resolved: sch_htb: make htb_qlen_notify() idempotent htb_qlen_notify() always deactivates the HTB class and in fact couldtrigger a warning if it is already deactivated. Therefore, it is notidempotent and not friendly to its callers, like fq_...

CVE-2025-37967

In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: displayport: Fix deadlock This patch introduces the ucsi_con_mutex_lock / ucsi_con_mutex_unlockfunctions to the UCSI driver. ucsi_con_mutex_lock ensures the connectormutex is only locked if a connection is establi...

CVE-2023-53072

In the Linux kernel, the following vulnerability has been resolved: mptcp: use the workqueue to destroy unaccepted sockets Christoph reported a UaF at token lookup time after havingrefactored the passive socket initialization part: BUG: KASAN: use-after-free in __token_bucket_busy+0x253/0x260Read o...

CVE-2022-49863

In the Linux kernel, the following vulnerability has been resolved: can: af_can: fix NULL pointer dereference in can_rx_register() It causes NULL pointer dereference when testing as following:(a) use syscall(__NR_socket, 0x10ul, 3ul, 0) to create netlink socket.(b) use syscall(__NR_sendmsg, ...) to...

CVE-2022-49914

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix inode list leak during backref walking at resolve_indirect_refs() During backref walking, at resolve_indirect_refs(), if we get an errorwe jump to the 'out' label and call ulist_free() on the 'parents' ulist,which frees ...

CVE-2023-52911

In the Linux kernel, the following vulnerability has been resolved: drm/msm: another fix for the headless Adreno GPU Fix another oops reproducible when rebooting the board with the AdrenoGPU working in the headless mode (e.g. iMX platforms). Unable to handle kernel NULL pointer dereference at virtu...

CVE-2023-52928

In the Linux kernel, the following vulnerability has been resolved: bpf: Skip invalid kfunc call in backtrack_insn The verifier skips invalid kfunc call in check_kfunc_call(), whichwould be captured in fixup_kfunc_call() if such insn is not eliminatedby dead code elimination. However, this can lead...

CVE-2023-53133

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix an infinite loop error when len is 0 in tcp_bpf_recvmsg_parser() When the buffer length of the recvmsg system call is 0, we got theflollowing soft lockup problem: watchdog: BUG: soft lockup - CPU#3 stuck for 27s! ...

CVE-2023-53143

In the Linux kernel, the following vulnerability has been resolved: ext4: fix another off-by-one fsmap error on 1k block filesystems Apparently syzbot figured out that issuing this FSMAP call: struct fsmap_head cmd = {.fmh_count = ...;.fmh_keys = {{ .fmr_device = /* ext4 dev /, .fmr_physical = 0, }...

CVE-2024-38561

In the Linux kernel, the following vulnerability has been resolved: kunit: Fix kthread reference There is a race condition when a kthread finishes after the deadline andbefore the call to kthread_stop(), which may lead to use after free.

CVE-2024-38626

In the Linux kernel, the following vulnerability has been resolved: fuse: clear FR_SENT when re-adding requests into pending list The following warning was reported by lee bruce: ------------[ cut here ]------------WARNING: CPU: 0 PID: 8264 at fs/fuse/dev.c:300fuse_request_end+0x685/0x7e0 fs/fuse/d...

CVE-2024-40952

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix NULL pointer dereference in ocfs2_journal_dirty() bdev->bd_super has been removed and commit 8887b94d9322 change the usagefrom bdev->bd_super to b_assoc_map->host->i_sb. This introduces thefollowing NULL poin...

CVE-2024-41026

In the Linux kernel, the following vulnerability has been resolved: mmc: davinci_mmc: Prevent transmitted data size from exceeding sgm's length No check is done on the size of the data to be transmiited. This causesa kernel panic when this size exceeds the sg_miter's length. Limit the number of tra...

CVE-2024-41149

In the Linux kernel, the following vulnerability has been resolved: block: avoid to reuse hctx not removed from cpuhp callback list If the 'hctx' isn't removed from cpuhp callback list, we can't reuse it,otherwise use-after-free may be triggered.

CVE-2024-43862

In the Linux kernel, the following vulnerability has been resolved: net: wan: fsl_qmc_hdlc: Convert carrier_lock spinlock to a mutex The carrier_lock spinlock protects the carrier detection. While it isheld, framer_get_status() is called which in turn takes a mutex.This is not correct and can lead ...

CVE-2024-43881

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: change DMA direction while mapping reinjected packets For fragmented packets, ath12k reassembles each fragment as a normalpacket and then reinjects it into HW ring. In this case, the DMAdirection should be DMA_TO_DEVI...

CVE-2024-46684

In the Linux kernel, the following vulnerability has been resolved: binfmt_elf_fdpic: fix AUXV size calculation when ELF_HWCAP2 is defined create_elf_fdpic_tables() does not correctly account the space for theAUX vector when an architecture has ELF_HWCAP2 defined. Prior to thecommit 10e29251be0e ("...

CVE-2024-46696

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix potential UAF in nfsd4_cb_getattr_release Once we drop the delegation reference, the fields embedded in it are nolonger safe to access. Do that last.

CVE-2024-46741

In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix double free of 'buf' in error path smatch warning:drivers/misc/fastrpc.c:1926 fastrpc_req_mmap() error: double free of 'buf' In fastrpc_req_mmap() error path, the fastrpc buffer is freed infastrpc_req_munmap_impl...

CVE-2024-46768

In the Linux kernel, the following vulnerability has been resolved: hwmon: (hp-wmi-sensors) Check if WMI event data exists The BIOS can choose to return no event data in response to aWMI event, so the ACPI object passed to the WMI notify handlercan be NULL. Check for such a situation and ignore the...

CVE-2024-47717

In the Linux kernel, the following vulnerability has been resolved: RISC-V: KVM: Don't zero-out PMU snapshot area before freeing data With the latest Linux-6.11-rc3, the below NULL pointer crash is observedwhen SBI PMU snapshot is enabled for the guest and the guest is forcefullypowered-off. Unable...

CVE-2024-50119

In the Linux kernel, the following vulnerability has been resolved: cifs: fix warning when destroy 'cifs_io_request_pool' There's a issue as follows:WARNING: CPU: 1 PID: 27826 at mm/slub.c:4698 free_large_kmalloc+0xac/0xe0RIP: 0010:free_large_kmalloc+0xac/0xe0Call Trace:? __warn+0xea/0x330mempool_d...

CVE-2024-50213

In the Linux kernel, the following vulnerability has been resolved: drm/tests: hdmi: Fix memory leaks in drm_display_mode_from_cea_vic() modprobe drm_hdmi_state_helper_test and then rmmod it, the followingmemory leak occurs. The mode allocated in drm_mode_duplicate() called bydrm_display_mode_from_...

CVE-2024-50241

In the Linux kernel, the following vulnerability has been resolved: NFSD: Initialize struct nfsd4_copy earlier Ensure the refcount and async_copies fields are initialized early.cleanup_async_copy() will reference these fields if an error occursin nfsd4_copy(). If they are not correctly initialized,...

CVE-2024-50260

In the Linux kernel, the following vulnerability has been resolved: sock_map: fix a NULL pointer dereference in sock_map_link_update_prog() The following race condition could trigger a NULL pointer dereference: sock_map_link_detach(): sock_map_link_update_prog():mutex_lock(&sockmap_mutex);...sockma...

CVE-2024-50298

In the Linux kernel, the following vulnerability has been resolved: net: enetc: allocate vf_state during PF probes In the previous implementation, vf_state is allocated memory only when VFis enabled. However, net_device_ops::ndo_set_vf_mac() may be called beforeVF is enabled to configure the MAC ad...

CVE-2024-56536

In the Linux kernel, the following vulnerability has been resolved: wifi: cw1200: Fix potential NULL dereference A recent refactoring was identified by static analysis tocause a potential NULL dereference, fix this!

CVE-2024-56697

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix the memory allocation issue in amdgpu_discovery_get_nps_info() Fix two issues with memory allocation in amdgpu_discovery_get_nps_info()for mem_ranges: Add a check for allocation failure to avoid dereferencing a null...

CVE-2024-57878

In the Linux kernel, the following vulnerability has been resolved: arm64: ptrace: fix partial SETREGSET for NT_ARM_FPMR Currently fpmr_set() doesn't initialize the temporary 'fpmr' variable,and a SETREGSET call with a length of zero will leave thisuninitialized. Consequently an arbitrary value wil...

CVE-2024-57919

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix divide error in DM plane scale calcs dm_get_plane_scale doesn't take into account plane scaled size equal tozero, leading to a kernel oops due to division by zero. Fix by settingout-scale size as zero when the ...

CVE-2024-58089

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix double accounting race when btrfs_run_delalloc_range() failed [BUG]When running btrfs with block size (4K) smaller than page size (64K,aarch64), there is a very high chance to crash the kernel atgeneric/750, with the fol...

CVE-2025-21841

In the Linux kernel, the following vulnerability has been resolved: cpufreq/amd-pstate: Fix cpufreq_policy ref counting amd_pstate_update_limits() takes a cpufreq_policy reference but doesn'tdecrement the refcount in one of the exit paths, fix that.

CVE-2025-21879

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free on inode when scanning root during em shrinking At btrfs_scan_root() we are accessing the inode's root (and fs_info) in acall to btrfs_fs_closing() after we have scheduled the inode for a delayediput, and ...

CVE-2025-21933

In the Linux kernel, the following vulnerability has been resolved: arm: pgtable: fix NULL pointer dereference issue When update_mmu_cache_range() is called by update_mmu_cache(), the vmfparameter is NULL, which will cause a NULL pointer dereference issue inadjust_pte(): Unable to handle kernel NUL...

CVE-2025-37760

In the Linux kernel, the following vulnerability has been resolved: mm/vma: add give_up_on_oom option on modify/merge, use in uffd release Currently, if a VMA merge fails due to an OOM condition arising on commitmerge or a failure to duplicate anon_vma's, we report this so the callercan handle it. ...

CVE-2025-37825

In the Linux kernel, the following vulnerability has been resolved: nvmet: fix out-of-bounds access in nvmet_enable_port When trying to enable a port that has no transport configured yet,nvmet_enable_port() uses NVMF_TRTYPE_MAX (255) to query the transportsarray, causing an out-of-bounds access: [ ...

CVE-2025-37842

In the Linux kernel, the following vulnerability has been resolved: spi: fsl-qspi: use devm function instead of driver remove Driver use devm APIs to manage clk/irq/resources and register the spicontroller, but the legacy remove function will be called first duringdevice detach and trigger kernel p...

CVE-2025-37877

In the Linux kernel, the following vulnerability has been resolved: iommu: Clear iommu-dma ops on cleanup If iommu_device_register() encounters an error, it can end up tearingdown already-configured groups and default domains, however thiscurrently still leaves devices hooked up to iommu-dma (and e...

CVE-2025-37888

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix null-ptr-deref in mlx5_create_{inner_,}ttc_table() Add NULL check for mlx5_get_flow_namespace() returns inmlx5_create_inner_ttc_table() and mlx5_create_ttc_table() to preventNULL pointer dereference.

CVE-2025-37892

In the Linux kernel, the following vulnerability has been resolved: mtd: inftlcore: Add error check for inftl_read_oob() In INFTL_findwriteunit(), the return value of inftl_read_oob()need to be checked. A proper implementation can befound in INFTL_deleteblock(). The status will be set asSECTOR_IGNO...

CVE-2025-38002

In the Linux kernel, the following vulnerability has been resolved: io_uring/fdinfo: grab ctx->uring_lock around io_uring_show_fdinfo() Not everything requires locking in there, which is why the 'has_lock'variable exists. But enough does that it's a bit unwieldy to manage.Wrap the whole thing in...

CVE-1999-1442

Bug in AMD K6 processor on Linux 2.0.x and 2.1.x kernels allows local users to cause a denial of service (crash) via a particular sequence of instructions, possibly related to accessing addresses outside of segments.

CVE-2002-0499

The d_path function in Linux kernel 2.2.20 and earlier, and 2.4.18 and earlier, truncates long pathnames without generating an error, which could allow local users to force programs to perform inappropriate operations on the wrong directories.

CVE-2002-0570

The encrypted loop device in Linux kernel 2.4.10 and earlier does not authenticate the entity that is encrypting data, which allows local users to modify encrypted data without knowing the key.

CVE-2004-0228

Integer signedness error in the cpufreq proc handler (cpufreq_procctl) in Linux kernel 2.6 allows local users to gain privileges.

CVE-2004-0424

Integer overflow in the ip_setsockopt function in Linux kernel 2.4.22 through 2.4.25 and 2.6.1 through 2.6.3 allows local users to cause a denial of service (crash) or execute arbitrary code via the MCAST_MSFILTER socket option.

CVE-2004-2136

dm-crypt on Linux kernel 2.6.x, when used on certain file systems with a block size 1024 or greater, has certain "IV computation" weaknesses that allow watermarked files to be detected without decryption.

CVE-2005-1368

The key_user_lookup function in security/keys/key.c in Linux kernel 2.6.10 to 2.6.11.8 may allow attackers to cause a denial of service (oops) via SMP.

CVE-2005-3527

Race condition in do_coredump in signal.c in Linux kernel 2.6 allows local users to cause a denial of service by triggering a core dump in one thread while another thread has a pending SIGSTOP.

CVE-2007-6733

The nfs_lock function in fs/nfs/file.c in the Linux kernel 2.6.9 does not properly remove POSIX locks on files that are setgid without group-execute permission, which allows local users to cause a denial of service (BUG and system crash) by locking a file on an NFS filesystem and then changing this...