13804 matches found
CVE-2023-53092
The CVE-2023-53092 entry concerns a Linux kernel interconnect driver (exynos) where a node leak could occur in the PM QoS error path during probe. The documented fix ensures that the newly allocated interconnect node is added to the provider before the PM QoS request is applied, so that the node ...
CVE-2023-53099
CVE-2023-53099 concerns a Linux kernel issue where a sleepable memory allocation was performed from an atomic context in the Xilinx firmware driver, triggering a lockdep-detected “sleeping function called from invalid context” condition. The advisory notes the root cause is in firmware: xilinx an...
CVE-2024-26738
CVE-2024-26738 concerns the Linux kernel on PowerPC/pSeries. The root cause was that during DLPAR add of a PCI device, a newly allocated pci_controller could be created without calling iommu_device_register(), leaving an iommu_device unregistered and potentially triggering NULL pointer dereferenc...
CVE-2024-26834
The CVE-2024-26834 entry concerns the Linux kernel netfilter NFT_FLOW_OFFLOAD path. TECHNICAL DETAILS (from connected docs): Direct xmit path avoids calling dst_release() due to using dev_queue_xmit(), leaving a kmemleak-reported unreferenced object and a route stack path that can affect packet r...
CVE-2024-26847
CVE-2024-26847 concerns the Linux kernel on POWER platforms where RTAS function names were spelled inconsistently. The PAPR-specified name is ibm,reset-pe-dma-windows, but firmware in practice used ibm,reset-pe-dma-window in the device tree. This mismatch caused reverse lookups (token -> name)...
CVE-2024-41018
The CVE-2024-41018 detail is supported by the connected Tencent/TSSA advisory: it concerns the Linux kernel NTFS3 driver (fs/ntfs3) and a bounds check regression. The fix adds an attr_names/oatbl validation and out-of-bounds protection for ATTR_NAME_ENTRY to prevent invalid memory access. In prac...
CVE-2024-41054
CVE-2024-41054 is a Linux kernel vulnerability in the SCSI/UFS subsystem (ufshcd_clear_cmd racing with the completion ISR). The race can lead to a NULL pointer dereference when the ISR completes a request, with a backtrace showing blk_mq_unique_tag and ufshcd_clear_cmd paths in the ufshc_mediatek...
CVE-2024-42234
CVE-2024-42234 affects the Linux kernel in the area of memory management, specifically the deferred split and large folio migration path. The root cause is a race during deferred_split_scan() where folios are moved to a local list without proper synchronization, risking double frees and related B...
CVE-2024-42293
The CVE-2024-42293 entry describes an arm64 Linux kernel vulnerability in the mm subsystem related to lockless page-table walks when static and dynamic folding occur in a 4-level page table. The issue could cause random oops due to the p4d_offset_lockless() helper returning a stack-based address ...
CVE-2024-49570
The CVE is in the Linux kernel DRM- XE tracing code. A potential use-after-free (UAF) arises from TP_printk dereferencing xe_mem_type_to_name[] during tracing of xe_bo_move in the xe trace event, exposing a TP_printk-time UAF. The fix avoids dereferencing xe_mem_type_to_name[] at TP_printk time b...
CVE-2024-56646
Technical details about CVE-2024-56646 are not provided in the supplied documents. Monitor official advisories for affected products, impact, and fixes.
CVE-2025-21824
Technical details about CVE-2025-21824 are not publicly available in the provided connected documents; no vendor/product specifics or mitigations are provided. Monitor for updates.
CVE-2025-21834
Summary (mode C): CVE-2025-21834 relates to the Linux kernel where a seccomp passthrough for uretprobe systemcalls was not filtered. When uretprobes are attached to processes in Docker, the retprobe can cause the traced process to segfault because the default seccomp filters block this kernel-int...
CVE-2025-21965
The CVE-2025-21965 case concerns a Linux kernel sched_ext bug where a BPF scheduler may pass an invalid prev_cpu to scx_bpf_select_cpu_dfl(), outside the valid nr_cpu_ids range. The resulting behavior can crash the kernel. The fix adds validation of prev_cpu in scx_bpf_select_cpu_dfl() and trigge...
CVE-2025-37962
CVE-2025-37962 affects the Linux kernel’s ksmbd code path, specifically a memory leak in parse_lease_state. The root cause: when the created lease context bounds check fails, the function returns NULL without freeing the previously allocated lease_ctx_info, causing a memory leak. The patch fixes ...
CVE-2025-37988
CVE-2025-37988 (Linux kernel) : The issue involves races in MNT_TREE_BENEATH handling during do_move_mount(), where the object locked is the mountpoint of path->mnt rather than path, and the mount/dentry pair could become unpinned if the mount is moved or the filesystem is shut down while the ...
CVE-2025-38051
CVE-2025-38051 affects the Linux kernel CIFS client: a race in the readdir/concurrency path allows a use-after-free in cifs_fill_dirent when the rsp buffer is freed, leading to a reported KASAN-use-after-free. The vulnerability is tracked with a CVSSv3.1 vector of CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U...
CVE-2025-38071
CVE-2025-38071 affects the Linux kernel (x86/mm). Root cause: memblock_phys_alloc_range() may return 0 on failure when CONFIG_PHYSICAL_START=0x100000, causing memblock_phys_free() to mis-handle the first 4 MiB of memory and crash. The vulnerability is resolved in the kernel by checking the return...
CVE-2025-38272
CVE-2025-38272 : In the Linux kernel, the bcm63xx DSA switch could attempt to enable EEE on external PHYs connected to multiple RGMII ports, causing a system hang when accessing non-existent EEE registers. The fix is to gate EEE configuration by actually checking switch support before enabling it...
CVE-2025-38351
CVE-2025-38351 affects the Linux kernel KVM component (x86) when Hyper-V hypercalls are enabled. The issue arises in PV TLB flush processing where non-canonical GVAs can reach INVVPID/INVLPGA paths, potentially triggering VM-Fail on Intel hardware (AMD may ignore). In practice, this can allow a g...
CVE-2025-38389
CVE-2025-38389 affects the Linux kernel i915 DRM stack (drm/i915/gt). The vulnerability arises when ring submission allocation fails during VMA allocation, leaving the engine’s legacy timeline referenced and not released on driver unbind, potentially causing a left-held timeline and related insta...
CVE-2025-38474
CVE-2025-38474 affects the Linux kernel USB Sierra network driver. The issue arises from not verifying that the driver’s third USB endpoint is an interrupt input, since the code only checked for three endpoints and bulk in/out. The fix “rectifies the omission” by validating the endpoint type. Ups...
CVE-2026-23092
CVE-2026-23092 relates to a Linux kernel fix in iio: dac: ad3552r-hs_write_data_source where out-of-bounds writes could occur. The issue stemmed from using the write-return count as the index for null termination instead of the actual number of bytes copied by simple_write_to_buffer(). If count e...
CVE-2000-0289
Summary: CVE-2000-0289 concerns the Linux kernel IP Masquerade (NAT) feature on 2.2.x, where the UDP DLOOSE behavior can allow an attacker to send arbitrary UDP packets to hosts behind a vulnerable NAT by matching only destination IP/port, potentially affecting existing sessions. What is affected...
CVE-2003-0246
CVE-2003-0246 affects the Linux kernel (2.4.x) where the ioperm system call does not properly restrict privileges, enabling a local user to gain read and/or write access to certain I/O ports on 2.4.20 and earlier. The connected OpenVAS and advisory records reference Debian and other vendor adviso...
CVE-2004-0887
CVE-2004-0887 affects SUSE Linux Enterprise Server 9 on the S/390 platform, where the SACF privileged instruction is not handled correctly, allowing a local user to gain root privileges. Connected sources also reference Debian advisories for kernel-source-2.4.27 updates (DSA-1018-1/2) that addres...
CVE-2004-2302
CVE-2004-2302 is a race condition in the Linux kernel’s sysfs_read_file and sysfs_write_file, present in 2.6.10 and earlier. It can let local users read kernel memory and cause a denial of service (crash) by exploiting large offsets in sysfs files. Public advisories (e.g., Debian DSA-922-1) docum...
CVE-2005-0529
CVE-2005-0529 concerns Linux kernel versions 2.6.10 and 2.6.11rc1-bk6, where proc_file_read and locks_read_proc use mismatched size types for offsets, causing a heap-based buffer overflow when a signed comparison yields negative values used in a positive context. Several connected advisories conf...
CVE-2006-1055
CVE-2006-1055: The Linux kernel
CVE-2006-1858
CVE-2006-1858 affects the Linux kernel SCTP chunk length handling. The vulnerability arises when a chunk length is inconsistent with the actual parameters, enabling remote attackers to trigger a crash and potentially execute arbitrary code. Connected advisories show mitigations via kernel securit...
CVE-2007-1000
The CVE-2007-1000 issue affects the Linux kernel up to version 2.6.20.2, where the ipv6_getsockopt_sticky function in net/ipv6/ipv6_sockglue.c can trigger a NULL dereference through certain getsockopt calls, allowing local users to read arbitrary kernel memory. The vulnerability stems from a NULL...
CVE-2007-1353
CVE-2007-1353 affects the Linux kernel’s Bluetooth stack (L2CAP and HCI) and can allow a context-dependent attacker to read kernel memory via the copy_from_user call accessing an uninitialized stack buffer in the setsockopt pathway. The vulnerability is present in kernel versions prior to 2.4.34....
CVE-2007-3513
CVE-2007-3513 : In the Linux kernel, the lcd_write function in drivers/usb/misc/usblcd.c does not limit memory used by a caller, allowing a local user to exhaust memory and cause a denial of service. Affected until 2.6.22-rc7; remediation is upgrading to 2.6.22-rc7 or later where the issue is fix...
CVE-2008-5395
CVE-2008-5395 is a Linux kernel vulnerability affecting PA-RISC where parisc_show_stack in arch/parisc/kernel/traps.c can be triggered by unwinding a stack containing userspace addresses, allowing local users to crash the system (denial of service). The issue is fixed in the 2.6.28-rc7 kernel (an...
CVE-2011-0709
CVE-2011-0709 affects the Linux kernel’s networking bridge code: the br_mdb_ip_get function in net/bridge/br_multicast.c is vulnerable when there is no multicast table, allowing remote attackers to trigger a NULL pointer dereference and crash the system via IGMP traffic. Affected: Linux kernel ve...
CVE-2012-0810
CVE-2012-0810 affects the Linux kernel up to version prior to 3.3, where the int3 handler uses a per-CPU debug stack and can be abused by a local, unprivileged user to cause stack corruption and a denial of service via crafted lock-contention scenarios. Publicly available connected documents conf...
CVE-2012-5374
CVE-2012-5374: In the Linux kernel's Btrfs CRC32C hashing, pre-3.8-rc1 versions allow local users to trigger a denial of service by creating many files whose names map to the same CRC32C hash, extending kernel runtime. Verified by Nessus plugins describing a local DoS in Btrfs hashing within affe...
CVE-2013-4516
CVE-2013-4516 affects the Linux kernel: the mp_get_count function in drivers/staging/sb105x/sb_pci_mp.c before 3.12 does not initialize a data structure, enabling local users to read sensitive data from kernel stack memory via a TIOCGICOUNT ioctl. Reports reference the specific vulnerable code pa...
CVE-2014-6417
CVE-2014-6417 affects net/ceph/auth_x.c in Ceph usage within the Linux kernel prior to 3.16.3. The issue arises from not handling kmalloc failure, enabling a remote attacker to cause a denial of service (system crash) or potentially other impact via a long unencrypted auth ticket. Public advisori...
CVE-2014-9888
CVE-2014-9888 affects the Linux kernel on ARM: memory allocated for DMA buffers could be mapped with executable permissions due to insufficient validation in arch/arm/mm/dma-mapping.c, before version 3.13. This is noted as affecting Android on Nexus devices (Nexus 5 and 7 2013) prior to 2016-08-0...
CVE-2017-0569
CVE-2017-0569 is a local elevation-of-privilege flaw in the Broadcom Wi‑Fi driver (bcmdhd) used by Android. The root cause is a kernel‑level heap/buffer risk in handling a crafted WLC_E_PFN_SWC event: an attacker controlling the Wi‑Fi dongle can force a mismatch between total_count and pkt_count,...
CVE-2017-8063
The CVE-2017-8063 issue affects Linux kernel 4.9.x and 4.10.x before 4.10.12, where the cxusb.c driver in drivers/media/usb/dvb-usb mishandles interaction with CONFIG_VMAP_STACK, allowing a local user to cause a denial of service (system crash) or other unspecified impact by leveraging more than ...
CVE-2021-47318
CVE-2021-47318 concerns the Linux kernel’s topology management. The vulnerability arises in arch_topology where topology_scale_freq_tick() may dereference a pointer to a previously cleared scale_freq_data , due to missing protection before the data is freed. The issue is localized to the kernel’s...
CVE-2021-47336
CVE-2021-47336 affects the Linux kernel via the smackfs path: the function smk_set_cipso() incorrectly handles a bytes-count restriction, due to a mistaken cross-check that applied only to the SMK_FIXED24_FMT path. The issue was addressed in the patch sequence starting with commit 7ef4c19d245f3dc...
CVE-2021-47470
CVE-2021-47470 affects the Linux kernel. The issue is in the mm/slab subsystem (slab_debugfs_fops) where a use-after-free can occur if sysfs_slab_add fails, because the slab object “s” is freed soon after and then used later by slab_debugfs_fops. The connected Astra Linux advisory confirms this d...
CVE-2021-47528
CVE-2021-47528 in the Linux kernel USB CDNSP code fixes a NULL pointer dereference in cdnsp_endpoint_init() by adding a check for pep->ring after cdnsp_ring_alloc() (previously dereferenced on potential failure). The vulnerability could occur when cdnsp_ring_alloc() fails and pep->ring is N...
CVE-2021-47532
CVE-2021-47532 concerns a leak in the Linux kernel related to the DRM MSM devfreq OPP reference counter. The vulnerability is described as a local issue in the kernel’s OPP handling that could leak references in the OPP (Operating Performance Point) management path within the drm/msm/devfreq subs...
CVE-2021-47668
CVE-2021-47668 is a Linux kernel use-after-free vulnerability in the CAN restart path. The issue occurs when, after calling netif_rx_ni(skb), the code dereferences the same skb memory (specifically cf->len from the can_frame cf aliasing skb), which is unsafe and can lead to memory corruption. ...
CVE-2022-48641
CVE-2022-48641 (Linux kernel) affects netfilter ebtables where a malformed blob can cause a memory leak. The fix corrected an incomplete patch that replaced a crash with a leak; the code path incorrectly embedded an assignment to ret in the conditional and this was not properly restored. Affected...
CVE-2022-48707
CVE-2022-48707 (Linux kernel, cxl/region) : The issue arises when destroying a region that includes a host bridge with a single root port and a decoupled HDM/CXL device, where the region driver creates a special pass-through decoder without a commit/reset callback. Before the fix, the ->reset(...