CVE-2024-57976

Summary (CVE-2024-57976) : In the Linux kernel, a race/path in btrfs delalloc handling can trigger a BUG_ON crash after a failed cow_file_range() (often via -ENOSPC in the space reservation code). The issue stems from error cleanup that clears delalloc and dirty flags but may leave pages dirty, l...

CVE-2024-58015

CVE-2024-58015 affects the Linux kernel wifi driver ath12k. The root cause is an out-of-bounds memory access in self-generated stats where an overly large length is passed to print_array_to_buf_index(). The fix reduces the buffer size by one to correct the upper bound. Impact is described as an o...

CVE-2024-58084

The CVE-2024-58084 issue in the Linux kernel relates to the Qualcomm SC M firmware (qcom_scm) read barriers. The advisory notes a missing read barrier in qcom_scm_get_tzmem_pool() and that a write barrier was previously added in probe. Access from concurrent contexts could fetch a stale __scm val...

CVE-2025-21921

CVE-2025-21921: In the Linux kernel, net: ethtool: netlink: Allow NULL nlattrs when getting a phy_device, the crash occurs in ethnl_req_get_phydev() when tb is NULL (e.g., ethnl notify path) and a phy_device lookup is performed. The fix passes the cmd index and nlattr array separately to allow NU...

CVE-2025-21958

Summary: CVE-2025-21958 concerns the Linux kernel where a revert of a Open vSwitch conntrack change causes a potential warning path in nf_ct_ext_add when a conntrack entry lacks the labels_ext extension. The code path in ovs_ct_get_conn_labels() may attempt to allocate labels_ext for a confirmed ...

CVE-2025-22006

CVE-2025-22006 affects the Linux kernel net/ethernet ti am65 cpsw driver: registering TX/RX DMA interrupts before their NAPI callbacks can cause a NULL pointer dereference. The issue has been fixed in kernel commits (see kernel.org references) and Astra/Oracle advisories indicate the vulnerabilit...

CVE-2025-38493

CVE-2025-38493 concerns the Linux kernel vulnerability in tracing/osnoise, specifically timerlat_dump_stack(). The root cause is a faulty memcpy that uses a size field containing garbage from the ring buffer, which can trigger a buffer overflow and kernel panic when stack data is dumped. The vuln...

CVE-1999-0986

The CVE-1999-0986 entry concerns the Linux ping command (Linux 2.0.3x) where local users can cause a denial of service by sending oversized packets using the -R (record route) option. The available data identifies the affected component as the ping utility and the root cause as improper handling ...

CVE-2001-0316

CVE-2001-0316 affects Linux kernels 2.2 and 2.4 where sysctl can be invoked with a negative length, allowing unprivileged local users to read kernel memory and potentially obtain root privileges. Mitigation in the public records points to upgrading to kernel 2.2.19 or later (and vendor advisories...

CVE-2001-1391

CVE-2001-1391 is an off-by-one vulnerability in the CPIA driver of the Linux kernel prior to 2.2.19 that allows a local user to write into kernel memory. The issue is documented in multiple advisories (Mandrake MDKSA-2001:037, Debian DSA-047-1) and is described as a problem in the CPIA driver’s b...

CVE-2003-0465

The CVE-2003-0465 issue affects the Linux kernel (2.4/2.5) where strncpy does not pad with null bytes on architectures other than x86, potentially allowing information leaks. Red Hat’s RHSA-2004:188 and related advisories document this as a kernel vulnerability with fixes in updated kernel packag...

CVE-2004-1069

CVE-2004-1069 describes a race condition affecting SELinux-enabled Linux kernels in the 2.6.x series (through 2.6.9) when handling AF_UNIX network packets. Local attackers could cause a kernel DoS (kernel crash) via SOCK_SEQPACKET Unix domain sockets due to improper handling in sock_dgram_sendmsg...

CVE-2004-1333

The CVE-2004-1333 entry describes an integer overflow in the vc_resize function of Linux kernel 2.4 and 2.6 before 2.6.10, which allows local users to trigger a kernel crash (DoS) via a short new screen value that leads to a buffer overflow. This is the only concrete detail provided in the initia...

CVE-2005-0176

The CVE-2005-0176 issue affects the Linux kernel (2.6.9 and earlier) where shmctl-based locking of System V shared memory could be misused by local unprivileged users to unlock memory from other processes. This could cause sensitive memory contents to be swapped to disk and read by others after r...

CVE-2005-1913

CVE-2005-1913 affects the Linux kernel up to version 2.6.12.1. The vulnerability occurs when a non group-leader thread executes a different program while an itimer is pending; the expiry signal is delivered to the old group-leader task, which no longer exists, causing a kernel panic (local DoS). ...

CVE-2005-3807

CVE-2005-3807 describes a memory leak in the VFS lease handling (locks.c) in Linux kernels 2.6.10–2.6.15 that can lead to local denial of service (memory exhaustion) when Samba activities trigger re-allocation of an fasync entry after clean-up. Multiple connected advisories (Ubuntu USN-231-1 and ...

CVE-2005-4618

CVE-2005-4618 corresponds to a Linux kernel local-denial-of-service issue caused by a buffer overflow in sysctl writes. Affected are Linux kernel 2.6.x before 2.6.15; exploitation could corrupt user memory or cause a denial of service via a long string, with the caveat that the vulnerability may ...

CVE-2006-0482

CVE-2006-0482 affects Linux kernel 2.6.x on SPARC; get_compat_timespec() sanitization is insufficient, enabling local denial of service (hang) via date -s. Debian DSAs document a fix in kernel-source-2.6.8 packages (e.g., 2.6.8-16sarge2) and kernel upgrades; systems should upgrade and reboot to m...

CVE-2006-1342

CVE-2006-1342 is a local information-leak in the Linux kernel’s IPv4 socket-name handling. The root cause is that sockaddr_in.sin_zero is not cleared when returning IPv4 socket names from getsockname, getpeername, or accept, potentially exposing portions of kernel memory. Public advisories across...

CVE-2006-1524

The MADV_REMOVE issue (CVE-2006-1524) affects Linux kernel 2.6.16 up to 2.6.16.6, where madvise_remove does not enforce file/mmap restrictions, enabling a local user to bypass IPC permissions and overwrite portions of readonly tmpfs files with zeros. The problem is tied to the mprotect-related fl...

CVE-2006-4813

Concrete details found: CVE-2006-4813 affects the Linux kernel 2.6.x prior to 2.6.13, where __block_prepare_write in fs/buffer.c fails to clear buffers under certain error conditions, allowing a local user to read portions of files that have been unlinked. Impact is partial confidentiality; explo...

CVE-2006-7051

The CVE-2006-7051 vulnerability concerns the Linux kernel 2.6.x, specifically the sys_timer_create function in posix-timers.c. Local users can create a large number of posix timers, which are allocated in kernel memory but not counted as part of the process’s memory, leading to memory exhaustion ...

CVE-2008-2944

CVE-2008-2944 describes a double-free vulnerability in the Linux kernel’s utrace support, likely affecting 2.6.18-era builds, reported in Red Hat Enterprise Linux 5 and Fedora Core 6. Impact: local users can trigger a denial of service (o o p s) via a crash when running the GNU GDB testsuite; thi...

CVE-2012-6703

CVE-2012-6703: Integer overflow in Linux kernel ALSA snd_compr_allocate_buffer (sound/core/compress_offload.c) allows local users to trigger denial of service via crafted SNDRV_COMPRESS_SET_PARAMS; affected until 3.6-rc6-next-20120917. Connected documents confirm the exact function and patch time...

CVE-2013-1956

The CVE-2013-1956 issue affects the Linux kernel prior to 3.8.6, where create_user_ns in kernel/user_namespace.c may bypass filesystem restrictions by not verifying that a chroot directory differs from the namespace root during a crafted clone system call. This violation could allow local users t...

CVE-2013-6432

CVE-2013-6432 affects the Linux kernel ping_recvmsg in net/ipv4/ping.c and can cause a local denial of service via a NULL pointer dereference when interacting with read() on ping sockets. The vulnerability exists in kernel versions prior to 3.12.4. The provided connected documents corroborate the...

CVE-2015-4176

CVE-2015-4176 affects the Linux kernel up to 4.0.2, where fs/namespace.c mishandles mount connectivity in the context of user namespaces. This allows a local attacker to read arbitrary files by leveraging user-namespace root access during deletion of a file or directory. The vulnerability is docu...

CVE-2016-6761

CVE-2016-6761 describes an elevation of privilege vulnerability in Qualcomm media codecs on Android. A local malicious app could execute arbitrary code within the context of a privileged process due to this flaw in the media codecs. Affected devices include Nexus 5X/6/6P, Nexus 9, Android One, Ne...

CVE-2016-6789

CVE-2016-6789 is an elevation-of-privilege in the NVIDIA libomx library (LIBNVOMX.SO) that could allow a local attacker to execute arbitrary code with privileged process rights. Affected environment is Android (kernel 3.18) using NVIDIA components. The vulnerability is scored as CVSS v3.0 base 9....

CVE-2016-8424

CVE-2016-8424 is an elevation-of-privilege in the NVIDIA Tegra GPU driver (NVMAP) that can let a local, unprivileged process execute code in kernel context by referencing memory after it has been freed (use-after-free). Affected: Android devices using the NVIDIA Tegra kernel driver (Kernel-3.10)....

CVE-2017-0427

CVE-2017-0427 is an elevation-of-privilege vulnerability in the Android kernel file system. A local attacker could execute arbitrary code in the kernel context on devices running Kernel-3.10 or Kernel-3.18, with a potential for permanent device compromise. The CVE’s patch status is not publicly a...

CVE-2017-0429

CVE-2017-0429 is an elevation-of-privilege vulnerability in the NVIDIA kernel driver’s i2c-hid component, enabling a local attacker to write arbitrary values to kernel memory and potentially execute code with kernel privileges. Public descriptions tie the issue to the NVIDIA kernel driver on Andr...

CVE-2017-0440

CVE-2017-0440 describes an elevation-of-privilege flaw in the Qualcomm Wi‑Fi driver for Android kernels 3.10 and 3.18. A local malicious app could exploit it to execute code in the kernel context, after compromising a privileged process. The vulnerability is classified as High severity in the pub...

CVE-2021-47125

CVE-2021-47125 concerns a Linux kernel local vulnerability due to a refcount leak in the HTB offload path. The root cause was an incorrect NULL handling around qdisc_refcount_inc in htb_parent_to_leaf_offload, which could leak references if new_q was NULL. The fix adds a NULL pointer check to gua...

CVE-2021-47519

CVE-2021-47519 concerns the Linux kernel CAN subsystem, specifically a memory leak in can/m_can_read_fifo. According to connected sources, if the second call to m_can_fifo_read() fails, code paths jump to an out_fail label and return before freeing the skb created by alloc_can_skb(), resulting in...

CVE-2022-48764

CVE-2022-48764 concerns the Linux kernel KVM x86 CPUID handling. The provided documents consistently describe a memory-leak issue where the kernel did not free the kvm_cpuid_entry2 array after successful post-KVM_RUN KVM_SET_CPUID{,2} calls, potentially leaving an unreferenced 2048-byte object (e...

CVE-2022-48832

In CVE-2022-48832, the Linux kernel audit subsystem was fixed to prevent dereferencing the openat2 open_how.args in audit_match_perm(), which could cause an oops/page-fault. The root cause was unsafe access to syscall arguments when checking permissions, leading to potential instability. The reso...

CVE-2022-48889

CVE-2022-48889 - Linux kernel ASoC: Intel sof-nau8825 alias overflow . The issue arises from the 20-character limit for a platform_device_id entry (including the trailing NUL). The sof_nau8825.c file exceeded this limit, causing a build error: illegal character encoding in string literal in MODUL...

CVE-2022-48922

CVE-2022-48922 (Linux kernel, riscv) : Root cause is a NULL pointer dereference when irqsoff latency tracer is enabled because trace_hardirqs_on/off rely on the frame pointer (CALLER_ADDR1). If the frame pointer is repurposed, memory access faults can occur during boot. The issue was mitigated by...

CVE-2022-49558

CVE-2022-49558 affects the Linux kernel nf_tables/netfilter path. The issue is a double unregistration of hooks in netns path: __nft_release_hooks() unregisters hooks during pre_netns exit, and NETDEV_UNREGISTER triggers unregister again, leading to potential hook handling inconsistencies. The pr...

CVE-2022-49576

CVE-2022-49576 is a Linux kernel vulnerability in IPv4 sysctl_fib_multipath_hash_fields where readers could observe data races while the value is updated concurrently. The root cause is concurrent modification without proper synchronization; fix implemented by adding READ_ONCE() to the readers. T...

CVE-2022-49654

CVE-2022-49654 pertains to the Linux kernel, specifically the net: dsa: qca8k component. The issue occurs when MAX_FRAME_SIZE (MTU) is changed while the CPU port is enabled, causing the switch to panic and stop sending packets, which can render the device unreachable; a switch reset may be requir...

CVE-2022-49662

CVE-2022-49662 : Linux kernel vulnerability involving a lockdep splat in in6_dump_addrs() due to incorrect use of rcu_dereference() without rcu_read_lock() held. Affects net/ipv6/addrconf.c (illustrated at line ~5175) and is shown in the provided stack trace (in6_dump_addrs → inet6_dump_addr → ne...

CVE-2022-49717

In CVE-2022-49717, the Linux kernel issue concerns irqchip/apple-aic: a refcount leak in build_fiq_affinity. The problem was that of_find_node_by_phandle() returns a node pointer with an incremented refcount, and the fix is to call of_node_put() when the node is no longer needed to avoid the leak...

CVE-2022-49831

The CVE relates to the Linux kernel btrfs zoned feature. The issue occurs during seeding on a zoned filesystem if each zoned device’s btrfs_zoned_device_info is not initialized, causing a NULL pointer dereference when mounting. Multiple sources confirm this vulnerability and its resolution in the...

CVE-2022-49919

CVE-2022-49919 : In the Linux kernel, the nf_tables flow rule object release path was fixed. The underlying issue was a use-after-free (UAF) triggered by races with the netlink notifier, observed when the flow rule object is accessed only from the control plane (no data packets traverse it). The ...

CVE-2022-49963

The CVE-2022-49963 entry describes a Linux kernel issue in drm/i915/ttm CCS handling. Root cause: in migrate_copy(), plain integer arithmetic can overflow when handling large objects; emitting PTEs uses the full object size, and copies fail because only a few fixed-size windows exist for mapping ...

CVE-2022-50036

CVE-2022-50036 affects the Linux kernel component drm/sun4i: dsi. The underflow occurred when computing packet sizes due to subtracting packet overhead with unsigned arithmetic; with a short sync pulse the subtraction could wrap to a large unsigned value. The remediation is a fix that uses signed...

CVE-2022-50038

CVE-2022-50038 affects the Linux kernel in drm/meson, specifically the meson_vpu_has_available_connectors() function. The issue consists of two refcount leak bugs: (1) missing of_node_put() for the 'ep' when exiting for_each_endpoint_of_node(), and (2) missing of_node_put() for the reference from...

CVE-2022-50059

CVE-2022-50059 affects the Linux kernel; the issue occurs in the ceph path where handle_cap_grant on an IMPORT operation may fail to release the snap_rwsem, potentially causing a deadlock. The vulnerability detail is supported by multiple connected Nessus/OpenVAS advisories (e.g., EulerOS/Unity L...