CVE-2025-21770

The CVE-2025-21770 entry notes a memory leak in the Linux kernel’s iommu path: iopf_queue_remove_device() fails to release the per-iommu iopf group after responding to hardware, which can leak the group structure for pending iopf objects. The fix is to call iopf_free_group() after the iopf group ...

CVE-2022-49393

The CVE-2022-49393 issue affects the Linux kernel in the misc: fastrpc: fix list iterator in fastrpc_req_mem_unmap_impl area. The root cause is an incorrect use of the list iterator with list_for_each_entry(), where the iterator value map is not NULL when the list is empty, causing logic that che...

CVE-2022-49415

The CVE-2022-49415 description is supported by multiple connected sources indicating a Linux kernel issue: ipmi:ipmb: Fix refcount leak in ipmi_ipmb_probe. The root cause is that of_parse_phandle() returns a node pointer with its refcount incremented, and the proper cleanup requires calling of_no...

CVE-2022-49550

CVE-2022-49550 affects the Linux kernel ntfs3 filesystem. The root cause is the absence of the ‘invalidate_folio’ method, which leads to a memory leak where cached written data are not freed after unmount. The documented fix is to add a new implementation, block_invalidate_folio, to ntfs3 to reso...

CVE-2022-49633

In the Linux kernel (CVE-2022-49633), a data-race was fixed in icmp_echo_enable_probe where readers could observe concurrent writes. The mitigation adds READ_ONCE() to readers to prevent reading torn data. The provided connected docs confirm this resolution and describe the underlying issue and f...

CVE-2022-49952

CVE-2022-49952 concerns the Linux kernel. The issue is in the misc: fastrpc path where memory could be corrupted during probe due to a missing sanity check on the probed-session count. When there are more than FASTRPC_MAX_SESSIONS sessions defined in the devicetree, memory could be corrupted beyo...

CVE-2022-49959

The CVE-2022-49959 entry concerns a memory-leak in the Linux kernel related to openvswitch datapath creation. The root cause was that ovs_dp_cmd_new()->ovs_dp_change()->ovs_dp_set_upcall_portids() allocated an array with kmalloc but did not always free dp->upcall_portids when new_vport()...

CVE-2022-49968

CVE-2022-49968 concerns a race condition in the Linux kernel’s ieee802154/adf7242 path causing a use-after-free between adf7242_remove and adf7242_channel due to the upper layer not synchronizing on detaching events. The root cause is that adf7242_channel can be called without checks while destro...

CVE-2022-49987

CVE-2022-49987 concerns the Linux kernel md subsystem. The provided documents show the vulnerability arises from md_stop path handling where __md_stop_writes should be stopped earlier to align with normal md-raid and fix a KASAN issue. Multiple advisories (Unity Linux UTSA-2026-004867/992895 and ...

CVE-2022-49999

CVE-2022-49999 : In the Linux kernel, a race between caching free space for a block group and returning free space to the in‑memory space cache for pinned extents can cause double‑adding free space, corrupting the Btrfs free space tree and space cache. Symptoms include EEXIST when re‑adding freed...

CVE-2022-50002

CVE-2022-50002 concerns the Linux kernel where the LAG logic for MLX5 was fixed so that MLX5_LAG_FLAG_NDEVS_READY is set only when both netdevices are registered. The root cause was an asymmetry in how the flag is set vs cleared, which could leave the ready state set after one PF is unloaded, lea...

CVE-2022-50040

CVE-2022-50040 affects the Linux kernel internal DSA path for sja1105 (net: dsa: sja1105). The vulnerability is a buffer overflow caused when an error occurs in dsa_devlink_region_create(), leading to a negative index (-1) access of priv->regions. The issue has been fixed in the cited commits,...

CVE-2022-50050

CVE-2022-50050 is reported in the Linux kernel ASoC: SOF: Intel: hda component. The vulnerability stems from using snprintf() which returns the would-be-filled size on overflow, risking a buffer overflow; the fix replaces snprintf() with a safer scnprintf() to paper over this potential issue. Con...

CVE-2022-50060

The CVE-2022-50060 entry concerns the Linux kernel and relates to octeontx2-af. The issue is a resource leak of MCAM entries during teardown in the FLR path: if a PF/VF detaches, the graceful shutdown may leave MCAM entries allocated. The fix ensures MCAM entries are freed even when LF is detache...

CVE-2022-50062

The CVE-2022-50062 issue concerns the Linux kernel net: bgmac path. A bug triggered by wrong bytes_compl can cause a kernel BUG_ON inside bgmac_dma_tx_free() when called from bgmac_poll(), due to a race between setting ring->end and netdev_sent_queue() and an RX interrupt. Reported on an ARM 4...

CVE-2022-50074

CVE-2022-50074 is a Linux kernel vulnerability related to apparmor memleak in aa_simple_write_to_buffer. The issue arises when copy_from_user fails: memory is freed by kvfree, but the management struct and data blob are allocated independently, so freeing only the data via kvfree leaks the memory...

CVE-2022-50077

The CVE-2022-50077 entry concerns the Linux kernel AppArmor path aa_pivotroot, where a reference-count bug leaks a previously incremented “target” when aa_replace_current_label() returns success. The fix is to decrement the refcount of target in that code path (build_pivotroot() increased it earl...

CVE-2022-50134

CVE-2022-50134 affects the Linux kernel RDMA/hfi1 path. The issue is a memory leak in setup_base_ctxt(): when allocating a uctxt->groups chunk via hfi1_alloc_ctxt_rcv_groups(), failure of init_user_ctxt() can leave uctxt->groups unreleased, causing a leak. The referenced advisories specify ...

CVE-2022-50142

CVE-2022-50142 : In the Linux kernel, the intel_th: msu component was fixed to account for DMA buffers that may be allocated via vmalloc() after the patch set removing CONFIG_DMA_REMAP, which could disrupt the mmapping code during faults (msc_mmap_fault). The described issue arises from a possibl...

CVE-2022-50176

In CVE-2022-50176, the Linux kernel’s drm/mcde mcde_dsi_bind had a refcount leak: every iteration of for_each_available_child_of_node() decremented the previous node’s refcount, but a missing of_node_put() on loop exit caused leaks. The fix is to add of_node_put() to restore correct refcount hand...

CVE-2022-50218

The CVE-2022-50218 entry describes a Linux kernel vulnerability in the iio: light: isl29028 driver where isl29028_remove() used a non-managed register function, breaking the release order relative to probe and causing a fault trace (null pointer dereference and a general protection fault) during ...

CVE-2023-20846

CVE-2023-20846 concerns MediaTek chips where the vulnerability resides in the imgsys_cmdq path, caused by missing valid range checking that enables an out-of-bounds read. The documented impact is local information disclosure with system-level execution privileges required, and exploitation report...

CVE-2023-52896

The CVE-2023-52896 issue affects the Linux kernel’s btrfs quota handling. A race between the quota rescan path and quota disable can lead the rescan worker to dereference a NULL quota_root, causing a NULL pointer dereference in btrfs_start_transaction. The root cause is that task B clears fs_info...

CVE-2024-39465

CVE-2024-39465 affects the Linux kernel's media: mgb4 path. A double removal of debugfs entries (debugfs_remove_recursive)—removing a parent directory and then its child—could trigger a kernel panic. The connected documents confirm a fix was applied in the Linux kernel to prevent this double-remo...

CVE-2024-40951

CVE-2024-40951 affects the Linux kernel (OCFS2 subsystem). The issue is a NULL pointer dereference in ocfs2_abort_trigger() caused by bdev->bd_super removal and an incorrect use of bh->b_assoc_map without proper initialization, leading to a crash when the function is invoked. The provided s...

CVE-2024-41043

The CVE-2024-41043 entry concerns a Linux kernel netfilter nfnetlink_queue issue where a WARN_ON can be triggered when rules are flushed/deleted while a packet is in flight. The root cause is a bogus WARN_ON that existed since v4.14; the fix removes this WARN_ON and uses a more recent fixes tag i...

CVE-2024-42100

Technical details for CVE-2024-42100 are not provided in the connected documents. The materials reference the CVE but do not specify affected products, versions, root cause, impact, or fixes beyond the initial description; monitor for updates.

CVE-2024-46790

CVE-2024-46790 concerns the Linux kernel: when freeing PG_hwpoison pages they are isolated rather than released, leading to a warning: “alloc_tag was not set.” The Astra Linux bulletin confirms the issue and states the fix is to “clear the page tag reference after the page got isolated and accoun...

CVE-2025-21842

CVE-2025-21842 concerns the Linux kernel amdkfd code: a destructor for GTT memory (amdgpu_amdkfd_free_gtt_mem) takes void** but may be called with a void* due to implicit casting, causing errors during execution. The issue was fixed in the kernel (as described in the Astra Linux advisory and the ...

CVE-2025-37966

CVE-2025-37966 affects the Linux kernel (RISC‑V) where a PR_SET_TAGGED_ADDR_CTRL path crashes if the Supm extension is unavailable. The fixed version checks Supm availability to prevent Oops, addressing a LOCAL, LOW‑complexity issue with HIGH availability impact per the provided metrics.

CVE-2025-37981

CVE-2025-37981 – Linux kernel (scsi: smartpqi) vulnerability : The smartpqi driver used the reset_devices flag to detect kdump, causing inappropriate adjustments after a regular kexec reboot. This led to abnormally low parameters (e.g., max_transfer_size) and, more seriously, memory corruption fr...

CVE-2025-38238

CVE-2025-38238 : In the Linux kernel, the SCSI fnic driver (fnic_wq_cmpl_handler) crashes when both FDMI RHBA and RPA requests time out due to reusing the same frame to send ABTS for both. The root cause is the double-free of a frame on send completion. The fix allocates separate frames for RHBA ...

CVE-2025-38291

CVE-2025-38291 affects the Linux kernel wifi driver ath12k. The issue occurs when the host sends WMI commands to firmware during firmware crash/recovery, triggering kernel call traces. The fix sets ATH12K_FLAG_CRASH_FLUSH and ATH12K_FLAG_RECOVERY on the host driver upon receiving the firmware cra...

CVE-2025-38355

CVE-2025-38355 involves the Linux kernel DRM/xe path where deferred GGTT node removals could be drained later than device unwinding, potentially unmapping MMIO/GSM mappings during unwinding and causing a page fault. The fixes add a managed-device action to explicitly drain the ggtt node removals ...

CVE-1999-0628

The CVE-1999-0628 issue involves the rwho/rwhod service, which exposes machine status and user information. Documents reference the vulnerable component as the rwho/rwhod service; no specific product/vendor/version is named. The impact description indicates partial confidentiality exposure, with ...

CVE-1999-1018

CVE-1999-1018 concerns Linux kernels 2.2.10 and earlier, where the IP fragmentation reassembly step is performed after some header checks. The issue allows a remote attacker to bypass IP filtering rules by sending multiple fragments with 0 offsets, undermining filters that rely on header informat...

CVE-2001-0405

Concrete details: CVE-2001-0405 affects ip_conntrack_ftp inside the Linux 2.4 iptables RELATED connection tracking. A crafted FTP PORT command could cause the firewall to allow an arbitrary IP/port through the RELATED table, bypassing access restrictions. Implication: arbitrary firewall holes for...

CVE-2002-0060

CVE-2002-0060 affects the Linux kernel netfilter IRC DCC connection-tracking helper in 2.4.x (notably 2.4.14–2.4.18-pre8/9). The bug sets an overly broad conntrack mask, causing firewall rules to be more permissive than intended and potentially allowing inbound connections that bypass restriction...

CVE-2003-0501

The CVE-2003-0501 issue concerns the Linux /proc filesystem allowing a local attacker to read sensitive information by opening entries in /proc/self before a setuid program runs, potentially preventing proper ownership/permission changes. Connected advisories confirm this can be triggered in Linu...

CVE-2003-1604

CVE-2003-1604 relates to the Linux kernel vulnerability in net/netfilter/nf_nat_redirect.c: nf_nat_redirect_ipv4. The connected Nessus entries indicate that Linux kernels before 4.4 are affected, where remote attackers can cause a denial of service (NULL pointer dereference/system crash) by sendi...

CVE-2004-0816

CVE-2004-0816: Integer underflow in the Linux kernel’s iptables firewall logging rules prior to 2.6.8 can allow a remote attacker to crash the system via a malformed IP packet. Multiple sources (Mandrake MDKSA-2005:022, SUSE advisory, NVD, Exploit-DB/Seebug pages) confirm the vulnerability exists...

CVE-2005-0532

The CVE-2005-0532 issue affects the Linux kernel: the reiserfs_copy_from_user_to_file_region function in reiserfs/file.c is vulnerable on 64-bit architectures for kernel 2.6.10/2.6.11 before 2.6.11-rc4, where casting discrepancies between size_t and int can trigger a local buffer overflow. Impact...

CVE-2005-2548

CVE-2005-2548 affects vlan_dev.c in the Linux kernel 2.6.8 VLAN code. It allows remote attackers to cause a kernel oops (denial of service) via certain UDP packets that trigger a function argument error; demonstrated with snmpwalk on snmpd. Public advisories from Debian, SUSE, Mandriva, Ubuntu, a...

CVE-2005-3858

Technical details about CVE-2005-3858 are not publicly available in the provided connected documents. Monitor for updates.

CVE-2006-0557

CVE-2006-0557 : In the Linux kernel 2.6.x, the sys_mbind path in mempolicy.c failed to sanity-check the maxnod value before computing in get_nodes, enabling a local user to trigger a kernel crash (DoS). Public advisories tie this to local exploitation with kernel crashes, not remote code executio...

CVE-2007-1388

CVE-2007-1388 affects the Linux kernel IPv6 stack (do_ipv6_setsockopt in net/ipv6/ipv6_sockglue.c). A local user can trigger a NULL pointer dereference by calling setsockopt with IPV6_RTHDR (and possibly a zero/invalid option length), causing a kernel crash (DoS). The issue is addressed by kernel...

CVE-2008-2750

CVE-2008-2750 affects the Linux kernel (2.6.x) prior to 2.6.26-rc6. The vulnerability is in pppol2tp_recvmsg (drivers/net/pppol2tp.c) and can be triggered by a crafted PPPOL2TP packet that sets an abnormally large length value. Impact per the sources: remote attackers can cause a denial of servic...

CVE-2009-0787

The CVE-2009-0787 issue affects the Linux kernel 2.6.28 series (before 2.6.28.9) in the eCryptfs component. The root cause is an incorrect size being used when writing kernel memory to the eCryptfs file header, which triggers an out-of-bounds read and allows a local user to obtain portions of ker...

CVE-2011-2518

The CVE-2011-2518 entry concerns the Linux kernel code path security/tomoyo/mount.c: tomoyo_mount_acl calls kern_path with arguments from the mount system call. This allows local users to trigger a denial of service (OOPS) or possibly other impact via a NULL device name in kernels before 2.6.39.2...

CVE-2011-4087

CVE-2011-4087 affects the Linux kernel up to version 2.6.38, where the function br_parse_ip_options in net/bridge/br_netfilter.c fails to initialize a data structure properly. This can allow remote attackers to cause a denial of service by manipulating connectivity to an Ethernet bridge-enabled n...