CVE-2008-4618

The CVE-2008-4618 issue affects the Linux kernel SCTP implementation prior to 2.6.27, where a protocol violation with an invalid parameter length could trigger a panic and denial-of-service via SCTP processing paths (sctp_sf_violation_paramlen, sctp_sf_abort_violation, sctp_make_abort_violation; ...

CVE-2009-2287

CVE-2009-2287 affects the Linux kernel’s KVM on x86, where KVM_SET_SREGS does not validate the page-table root (cr3). This can allow a local attacker to crash or hang the host (denial of service) via a crafted cr3 value, triggering a NULL pointer dereference in gfn_to_rmap. The issue is documente...

CVE-2012-3364

CVE-2012-3364 relates to multiple stack-based buffer overflows in the Linux kernel’s Near Field Communication Controller Interface (NCI) before version 3.4.5. The flaw allows remote attackers to crash the system and potentially execute arbitrary code via incoming frames with crafted length fields...

CVE-2013-2017

CVE-2013-2017 affects the Linux kernel veth driver: SKB handling during congestion is flawed, enabling a remote DoS (system crash) via lack of skb consumption and a double-free. Affected: kernel versions before 2.6.34; remediation is upgrading to a kernel version where the issue is fixed (2.6.34+...

CVE-2013-2546

CVE-2013-2546 concerns the Linux kernel 3.8.2 era: the crypto report API in the crypto user configuration API uses an incorrect string-copy function, enabling a local attacker with CAP_NET_ADMIN to leak information from kernel stack memory. The vulnerability is scoped to the report API in the ker...

CVE-2013-6763

CVE-2013-6763 : The Linux kernel function uio_mmap_physical (drivers/uio/uio.c) is vulnerable in all versions before 3.12 due to missing validation of the mmaped memory block size. This can enable local users to trigger memory corruption and potentially gain privileges through crafted mmap operat...

CVE-2014-7284

CVE-2014-7284 affects the Linux kernel’s net_get_random_once in net/core/utils.c for 3.13.x and 3.14.x before 3.14.5 on certain Intel CPUs. The issue is that the slow-path to seed randomness is not executed, increasing predictability of TCP sequence numbers, TCP/UDP port numbers, and IP ID values...

CVE-2015-2686

The CVE-2015-2686 issue affects the Linux kernel 3.19.x, specifically before 3.19.3. It arises from not validating certain range data for sendto/recvfrom in net/socket.c, enabling a local privilege escalation via a subsystem using the copy_from_iter function in the iov_iter interface, with the Bl...

CVE-2015-4177

CVE-2015-4177 affects the Linux kernel, where the collect_mounts function in fs/namespace.c before 4.0.5 may run after a path has been unmounted. This can enable local users with user-namespace root access to trigger a denial of service (system crash) via an MNT_DETACH umount2 call. The vulnerabi...

CVE-2015-7884

The CVE-2015-7884 issue affects the Linux kernel’s vivid-osd driver (vivid_fb_ioctl) which does not initialize a structure member, allowing local attackers to read kernel memory. Public advisories in openSUSE and Mageia document the same CVE and indicate remediation via kernel updates; e.g., open...

CVE-2016-10907

Vulnerability CVE-2016-10907 affects the Linux kernel in drivers/iio/dac/ad5755.c up to version 4.8.5, with an out-of-bounds write in the function ad5755_parse_dt. Exploitation could lead to memory corruption. The ChangeLog indicates the issue was addressed in kernel 4.8.6 (and later). Controlled...

CVE-2021-4454

CVE-2021-4454 - Linux kernel CAN/j1939 session deactivation race : The issue, resolved in Linux kernel CAN/j1939 transport, concerns j1939_session_deactivate() which can be invoked with a session ref-count below 2 in some concurrently-executed paths. The description notes that this is not a fatal...

CVE-2021-47140

CVE-2021-47140 affects the Linux kernel’s IOMMU path for AMD. The root cause is that when changing the default IOMMU domain for an IOMMU group, dev->dma_ops is not cleared when switching from a DMA to an identity domain, causing the DMA layer to use dma-iommu ops on an identity domain and trig...

CVE-2021-47195

CVE-2021-47195 relates to the Linux kernel SPI subsystem. The issue is a use-after-free caused by unlocking a per-controller mutex (add_lock) after the controller has already been freed during spi_unregister_controller(ctlr) and subsequent put_device flow. The fix moves put_device() after the mut...

CVE-2021-47266

CVE-2021-47266 affects the Linux kernel’s RDMA/IPOIB path. After a change that sets rtnl_link_ops for ipoib interfaces, moving an IPoIB device to a non-initial netns can cause the device to disappear when the owning netns is deleted, due to default_device_exit() skipping interfaces with rtnl_link...

CVE-2021-47533

CVE-2021-47533 affects the Linux kernel drm/vc4: kms path. A use-after-free could occur when duplicating state due to a stale HVS FIFO commit pointer not being cleared after waiting on the previous FIFO user. The fix sets the HVS FIFO commit pointer to NULL once the wait completes to prevent carr...

CVE-2021-47561

CVE-2021-47561 affects the Linux kernel i2c virtio driver. The issue arises when a timeout occurs: the device can continue operating on buffers the guest has freed, risking data corruption on the I2C bus and potential memory corruption inside the guest. The root cause is improper timeout handling...

CVE-2022-3636

CVE-2022-3636 is a Linux kernel vulnerability affecting the function __mtk_ppe_check_skb in drivers/net/ethernet/mediatek/mtk_ppe.c (Ethernet Handler). The issue is a use-after-free in the MTK PPE path, leading to potential corruption or crash. A patch is recommended to fix the issue. The vulnera...

CVE-2022-48641

CVE-2022-48641 (Linux kernel) affects netfilter ebtables where a malformed blob can cause a memory leak. The fix corrected an incomplete patch that replaced a crash with a leak; the code path incorrectly embedded an assignment to ret in the conditional and this was not properly restored. Affected...

CVE-2022-48877

In CVE-2022-48877, the Linux kernel f2fs subsystem introduces a fix to avoid a panic when extent_tree is not created. The described crash trace (__lookup_extent_tree+0xd8/0x760; f2fs_do_write_data_page; f2fs_write_cache_pages) occurs during writeback of data pages, potentially leading to kernel p...

CVE-2022-48890

No connected documents with concrete technical details for CVE-2022-48890 beyond the initial description. Technical specifics (affected components/versions/exploit specifics) are not provided here; monitor for updates.

CVE-2022-48898

CVE-2022-48898 concerns the Linux kernel drm/msm/dp path where the DP controller’s aux ISR could prematurely complete dp_aux_cmd_fifo_tx() even when the interrupt was not for an aux transfer, causing potential data corruption in EDID transfers during boot and in the host buffer. Multiple connecte...

CVE-2022-48924

CVE-2022-48924 relates to the Linux kernel, describing a memory-leak in the int340x thermal driver during int3400_notify() on Tiger Lake, leading to unreferenced objects and potential memory pressure. The provided documents consistently show the root cause as a leak in the int3400_notify path and...

CVE-2022-48925

CVE-2022-48925 affects the Linux kernel RDMA/CMA path. The issue arises when the state is not idle: resolve_prepare_src() may overwrite route.addr.src_addr, potentially corrupting the source address and triggering a use-after-free trace in cma_cancel_listens() paths. The bug can occur with states...

CVE-2022-49067

CVE-2022-49067 is about a Linux kernel issue where virt_addr_valid() incorrectly returned true for vmalloc addresses in 64-bit Book3E (and related 32-bit behavior). Investigations across multiple advisories (NVD, Red Hat, Debian OSV, Unity/NASL/Nessus plugins) describe the root cause: __pa() can ...

CVE-2022-49211

CVE-2022-49211 concerns a Linux kernel issue in the MIPS CDMM code path where of_find_compatible_node() returns a node pointer with an incremented refcount and the code omits of_node_put() to release it. The fixed description states: add the missing of_node_put() to release the refcount. Affected...

CVE-2022-49364

CVE-2022-49364 : In the Linux kernel, a f2fs inode eviction bug was fixed. The root cause is that the inode node and the dnode share the same nid, causing dnode truncation to invalidate the NAT entry during f2fs_evict_inode() and leaving the inode marked dirty. The fix clears the dirty flag on th...

CVE-2022-49428

The CVE-2022-49428 entry concerns Linux kernel f2fs: the fix adds a sanity check for inline_dots in inodes to prevent a NULL pointer dereference during f2fs_lookup (__recover_dot_dentries path). The root cause is that for special files (character, block, fifo, socket), f2fs did not initialize the...

CVE-2022-49762

CVE-2022-49762: In the Linux kernel, ntfs_attr_find() can overflow when iterating ATTR_RECORDs in MFT records, due to adding le32_to_cpu(a->length) to the current pointer and wrapping on 32‑bit systems. A patch adds bounds checks when computing the end address of the current ATTR_RECORD to pre...

CVE-2022-49957

CVE-2022-49957 concerns a Linux kernel issue in the kcm path where strp_init() is invoked before the csk->sk_user_data check. The vulnerability arises because strp_init() initializes strp->work (and others); calling strp_done() to cancel it is unnecessary if sk_user_data isn’t checked yet. ...

CVE-2022-49982

CVE-2022-49982 affects the Linux kernel media driver pvrusb2. The leak arises from error handling in pvr2_hdw_create: the v4l2 device is not unregistered when control flow returns to pvr2_context_create, causing pvr2_hdw_destroy to exit early. The fix adds v4l2_device_unregister to decrement the ...

CVE-2022-50026

CVE-2022-50026 concerns a Linux kernel vulnerability where the NIC queue offset calculation could shift out of bounds during NIC queue validation. The root cause is related to how habanalabs/gaudi handling interacts with NIC queues, leading to potential out-of-bounds access. The CVSS metrics indi...

CVE-2022-50094

CVE-2022-50094 relates to Linux kernel spmi trace: trace_spmi_write_begin() and trace_spmi_read_end() use memcpy() with length len + 1, causing a potential stack-out-of-bounds read. A KASAN report demonstrates an out-of-bounds read in trace_event_raw_event_spmi_read_end. The issue affects the SPM...

CVE-2022-50099

CVE-2022-50099 affects the Linux kernel video fbdev Arkfb component. In arkfb_set_par(), user input can set screen_size larger than info->screen_size, risking a kernel page fault (LOCAL, high impact). The mitigation described is to check screen_size before memset_io() and apply the provided pa...

CVE-2022-50103

CVE-2022-50103: In the Linux kernel, sched/cpuset handling with cgroup v2 can lead to a panic when cpus_allowed is empty, causing dl_cpu_busy() to crash due to an out-of-bounds percpu access. The fix uses the effective_cpus mask instead of cpus_allowed, for both v1 (where they’re the same) and v2...

CVE-2022-50104

CVE-2022-50104 affects the Linux kernel, specifically the powerpc/xive subsystem. The root cause is a refcount leak caused by a node pointer returned by of_find_node_by_path() with an incremented refcount and missing of_node_put() when done. The remediation is a patch that adds the missing of_nod...

CVE-2022-50118

CVE-2022-50118 describes a Linux kernel issue in the PowerPC perf PMU path. A new pmi_irq_pending check in hw_irq.h is used by power_pmu_disable to warn if PMI is pending when no counter overflows. The patch set removes the WARN_ON for PMI in this scenario and adds an optimization to clear pendin...

CVE-2022-50160

CVE-2022-50160 affects the Linux kernel mtd maps code. The root cause is a refcount leak from of_find_matching_node(): the returned node pointer’s refcount isn’t decremented when no longer needed. The fixed code adds a of_node_put() to avoid the leak, and related patches are documented in kernel ...

CVE-2022-50175

CVE-2022-50175 affects the Linux kernel media driver for tw686x. The vulnerability is a memory leak in tw686x_video_init: video_device_alloc() allocates memory for vdev, and if video_register_device() fails, the memory is not released, causing a leak. The fix is to call video_device_release() to ...

CVE-2022-50199

Mode C: The CVE-2022-50199 issue affects the Linux kernel on ARM (OMAP2+). The root cause is a refcount leak in omapdss_init_of: omapdss_find_dss_of_node() calls of_find_compatible_node() which returns a node with a refcount incremented, but of_node_put() is not always called. The fix adds missin...

CVE-2022-50222

CVE-2022-50222 affects the Linux kernel in the VT/TTY subsystem, specifically the Unicode screen buffer initialization. According to the provided description, a kernel infoleak could occur in vcs_read() when the screen buffer is read immediately after a resize. The remediation implemented is to i...

CVE-2022-50226

CVE-2022-50226 affects the Linux kernel crypto: ccp subsystem, where sev ioctl interfaces could allocate memory with kmalloc to handle input up to SEV_FW_BLOB_MAX_SIZE but were not fully overwritten by PSP firmware, risking uninitialized slab memory. The issue is resolved by changing ioctl memory...

CVE-2023-52688

CVE-2023-52688 affects the Linux kernel wifi driver ath12k, where an error path in the core rfkill config fail path did not free allocated resources. The issue could cause resource leaks by not destroying the core pdev when rfkill config initialization fails. The accompanying fix adds a call to c...

CVE-2023-52936

CVE-2023-52936 affects the Linux kernel, specifically the irqdomain.c path where debugfs_lookup() results were not being released with dput(), causing a memory leak over time. The advisory notes the fix is to replace the call with debugfs_lookup_and_remove(), which handles the necessary cleanup i...

CVE-2024-26850

CVE-2024-26850 concerns the Linux kernel bug in mm/debug_vm_pgtable related to pud_advanced_tests for PUD entries on architectures such as powerpc. Affected code could trigger a kernel panic (BUG_ON) when debug checks are active (CONFIG_DEBUG_VM), with traces pointing to radix_pgtable.c and pgtab...

CVE-2024-41003

The CVE-2024-41003 entry concerns a Linux kernel BPF verifier bug: after a prior OR, line 19 triggers a REG INVARIANTS VIOLATION due to a corrupted fake_reg when reg_set_min_max is applied to a known-constant branch. The issue arises in the BPF subsystem’s handling of register invariants during a...

CVE-2024-41052

CVE-2024-41052 : In the Linux kernel, the VFIO PCI subsystem misused an uninitialized local variable named count during collection of hot-reset devices, causing device-counting mistakes and possible userspace crashes when invoking the hot‑reset info path. The issue has been resolved by initializi...

CVE-2024-41053

The CVE-2024-41053 issue affects the Linux kernel’s SCSI/ufs path. It concerns ufshcd_abort_one racing with the completion ISR, which can cause the request’s mq_hctx pointer to be NULL at ISR completion and may lead to a kernel NULL pointer dereference (as shown in the backtrace). The description...

CVE-2024-42150

CVE-2024-42150 concerns the Linux kernel networking driver for Intel Rhine (txgbe). The issue arises when using MSI or INTx interrupts: request_irq() for pdev->irq can conflict with request_threaded_irq() for txgbe->misc.irq, potentially causing a system crash. The fix removes the separate ...

CVE-2024-44936

CVE-2024-44936 pertains to the Linux kernel driver for rt5033 power supply. The issue arose after reworking the driver to use devm_power_supply_register(), which dropped i2c_set_clientdata (and the remove callback), while other parts of the driver still relied on i2c clientdata, leading to kernel...