CVE-2022-50070

CVE-2022-50070 affects the Linux kernel and relates to the mptcp datapath: a transmit could race with mptcp_close(), causing a closed subflow (ssk) to be re-transmitted. The root cause is a subflow-state check performed before acquiring the socket lock, enabling re-transmission on an already clos...

CVE-2022-50121

CVE-2022-50121 affects the Linux kernel remoteproc code for k3-r5, where a missing of_node_put() in for_each_available_child_of_node() can leak a refcount when breaking early from the loop. The root cause is that each iteration decrements the previous node’s reference count without explicit relea...

CVE-2022-50144

CVE-2022-50144 relates to the Linux kernel SoundWire subsystem. The issue arises during bind/unbind of SoundWire drivers where the probe stores driver ops in a per-slave structure and a previously introduced probed/probe_complete state isn’t reset on removal, enabling risky callbacks after .remov...

CVE-2022-50197

In CVE-2022-50197, the Linux kernel vulnerability affects the cpufreq: zynq component. The root cause is a refcount leak when retrieving a device node: of_find_compatible_node() returns a node pointer with an incremented refcount, and missing of_node_put() on cleanup leads to a leak. The fix adds...

CVE-2022-50207

Summary (CVE-2022-50207) : In the Linux kernel, ARM bcm Kona handling had a refcount leak in bcm_kona_smc_init. The root cause: of_find_matching_node() returns a node pointer with an incremented refcount and may not be released. The patch adds a missing of_node_put() to drop the reference when th...

CVE-2023-20839

CVE-2023-20839 affects the imgsys component. The root cause is an out-of-bounds read due to missing valid range checking, leading to local information disclosure with system execution privileges required and user interaction for exploitation. The vulnerability is documented across multiple source...

CVE-2023-32810

The CVE-2023-32810 entry applies to the Bluetooth driver in MediaTek devices. The vulnerability is an out-of-bounds read caused by improper input validation in the Bluetooth driver, which can lead to local information leakage and potentially System-level execution privileges. Exploitation is desc...

CVE-2023-52668

CVE-2023-52668 concerns the Linux kernel, specifically the btrfs zoned code path. The issue arises from incorrect lock ordering in btrfs_zone_activate(), where fs_info->zone_active_bgs_lock is taken after a block_group lock in some code paths, creating a potential circular locking dependency. ...

CVE-2023-52978

Summary (CVE-2023-52978) : A Linux kernel issue affecting riscv kprobe probing of illegal positions could trigger a kernel panic with stack-protector corruption (example: probing in the middle of an instruction). The fix adds arch_check_kprobe in arch_prepare_kprobe to prevent illegal probe posit...

CVE-2023-53009

The CVE-2023-53009 entry concerns the Linux kernel DRM/AMDKFD path. It describes a fix where a sync is added after creating a VRAM buffer (vram bo) to ensure initialization completes before memory is written by SVM. Without this synchronization there is a risk of data corruption on VRAM allocated...

CVE-2024-40991

CVE-2024-40991 pertains to the Linux kernel DMA engine, specifically the TI k3-udma-glue helper of_k3_udma_glue_parse_chn_by_id(). The issue: the function calls of_node_put() on the udmax_np device-node without previously incrementing its reference count, risking improper reference management. A ...

CVE-2024-41086

In Linux kernel context, CVE-2024-41086 concerns bcachefs. The vulnerability arises from incomplete validation in the downgrade handling code: bch2_sb_downgrade_validate() did not check for a downgrade entry that extends past the end of the superblock section, and for_each_downgrade_entry() used ...

CVE-2024-42111

CVE-2024-42111 affects the Linux kernel BTRFS qgroup handling. The root cause was a patch (b5357cb268c4) that skipped the qgroup inherit checks when qgroup is disabled, allowing a malformed btrfs_qgroup_inherit structure to pass. This could lead to a slab-out-of-bounds read (KASAN) during transac...

CVE-2024-43815

CVE-2024-43815 affects the Linux kernel crypto/mxs-dcp path. The vulnerability could leak stack memory via the AES payload field when using a hardware key from a key slot; the fix sets the payload field to 0 in these cases. The common path, where the key comes from main memory via the descriptor ...

CVE-2024-43816

CVE-2024-43816 : In the Linux kernel, the lpfc SCSI target code (lpfc_prep_embed_io) referenced a little-endian sgl->sge_len value when copying with memcpy, which could cause a memory out-of-bounds access on big-endian systems when FCP targets are zoned. The fix redefines the sgl pointer as a ...

CVE-2024-53205

CVE-2024-53205 – Linux kernel realtek USB PHY (rtk_usb2phy_probe) NULL dereference. In rtk_usb2phy_probe(), devm_kzalloc() may return NULL and the code does not check this, allowing a possible NULL pointer dereference. The vulnerability is described as local, with a LOW/medium access/availability...

CVE-2024-56743

CVE-2024-56743 affects the Linux kernel NFS path. The issue arises from holding RCU while calling nfsd_file_put_local; the RCU hold is moved from nfs_to_nfsd_file_put_local to nfs_to_nfsd_net_put, with the rcu-protective call nfsd_serv_put being the one that requires RCU. This change addresses a ...

CVE-2024-57799

CVE-2024-57799 — Linux kernel rockchip PHY (samsung-hdptx): The NULL pointer dereference can occur if rk_hdptx_phy_runtime_resume() runs before platform_set_drvdata() in probe. Fix: call platform_set_drvdata() before devm_pm_runtime_enable(). See kernel commits: https://git.kernel.org/stable/c/70...

CVE-2024-57934

The CVE-2024-57934 entry concerns a race in Linux kernel fgraph handling where fgraph_array[] access can race with updates to a fgraph_stub, potentially triggering a NULL pointer dereference. The fixed patch adds READ_ONCE() protection when accessing fgraph_array[] to ensure consistency between t...

CVE-2024-58060

CVE-2024-58060 affects the Linux kernel BPF struct_ops path. The issue occurs when a struct_ops contains a struct module *owner and CONFIG_MODULES=n, causing incorrect refcounting because the module btf_id is missing, leading to a potential use-after-free in tcp_congestion_ops. The patch disables...

CVE-2025-21730

CVE-2025-21730 affects the Linux kernel WiFi driver rtw89. The issue occurs during WoWLAN resume when an interface is re-added without removing the previous entry, causing mgnt_entry list to be initialized twice and leading to list corruption (list_add_tail on an already linked entry). The fix ad...

CVE-2025-21737

CVE-2025-21737: Linux kernel memory-leak in ceph_mds_auth_match fixed by freeing the temporary target path substring allocation on all branches; leak could trigger memory growth and kernel OOM. Connected docs corroborate the fix in ceph_mds_auth_match and the impact described in production. No ad...

CVE-2025-21841

CVE-2025-21841 : Linux kernel vulnerability in cpufreq/amd-pstate where amd_pstate_update_limits() takes a cpufreq_policy reference but fails to decrement the refcount on an exit path. This can lead to a use-after-free or resource mismanagement depending on refcount handling. The issue is resolve...

CVE-2025-21843

CVE-2025-21843 concerns the Linux kernel DRM panthor component (panthor_ioctl_dev_query). The issue is that priorities_info is uninitialized and its value can be copied to a user object when PANTHOR_UOBJ_SET() is invoked. The documented fix is to initialize priorities_info (e.g., via memset) to a...

CVE-2025-21901

Technical details about CVE-2025-21901 beyond the initial description are not provided in the connected documents. The entry notes a kernel patch for RDMA/bnxt_re with possible NULL dereference when the rdev is freed; monitor for updates.

CVE-2025-21940

Technical details about CVE-2025-21940 are not publicly provided in the supplied documents. No affected products, versions, or fixes are explicitly described here. Monitor for vendor advisories and patch releases.

CVE-2025-38047

CVE-2025-38047 : Linux kernel x86/FRED: The system can hang on S4 resume when FRED is enabled. The issue arises because, after loading a hibernation image, the image kernel reuses original page frames while the FRED MSRs may still hold values set by the restore kernel. The image kernel must ensur...

CVE-2025-38056

The CVE-2025-38056 vulnerability affects the Linux kernel ASoC: SOF Intel HDA path. Specifically, hda_generic_machine_select() appends -idisp to the tplg filename by allocating a new string and storing it into a global, which becomes a freed pointer after module unloads, enabling a use-after-free...

CVE-2026-23111

CVE-2026-23111 (Linux kernel) : A bug in netfilter nf_tables nft_map_catchall_activate() inverted the genmask check, causing catchall elements to be processed incorrectly during abort of a DELSET operation. The function skipped inactive elements and processed active ones, leading to a use-after-f...

CVE-1999-0074

CVE-1999-0074 describes a flaw where listening TCP ports are assigned sequentially, enabling spoofing. The connected documents do not specify affected products, versions, or root cause details beyond this mechanism. Exploitation status, impact scope, and fixes are not provided; some entries reite...

CVE-1999-0216

The CVE-1999-0216 entry concerns a Denial of Service of inetd on Linux triggered by SYN and RST packets. Connected documents consistently describe inetd on Linux as the affected component and the root cause as crafted TCP packets causing denial of service. Public details in the PT-1997-1097 entry...

CVE-1999-1339

CVE-1999-1339 affects Linux 2.2.10 and earlier (with ipchains) and FreeBSD 3.2 (with ipfw). The issue is triggered by a crafted ping -R (record route) packet, causing a remote attacker to induce a kernel panic and denial of service. The vulnerability arises from how NAT is handled when enabled, a...

CVE-2003-0643

CVE-2003-0643 involves an integer signedness error in the Linux Socket Filter (filter.c) in Linux kernels from 2.4.3-pre3 through 2.4.22-pre10, which can cause a crash (denial of service). The vulnerability is documented across multiple sources (NVD/CVE entries, Debian advisory CD/OSV). The initi...

CVE-2005-0137

CVE-2005-0137 refers to a vulnerability in the Linux kernel 2.6 on Itanium (ia64) where a missing Itanium syscall table entry could be exploited by a local user to trigger a denial of service. The core issue is a kernel-level handling gap for an Itanium syscall entry, enabling a local attacker to...

CVE-2005-0210

CVE-2005-0210 is a Netfilter-related vulnerability in Linux kernel 2.6.8.1 where certain fragmented packets reassembled twice cause a data structure to be allocated twice, leading to memory exhaustion and potential denial of service. The connected documents confirm this issue and show that multip...

CVE-2005-0749

The CVE-2005-0749 issue affects the Linux kernel prior to 2.6.11.6. The vulnerability arises in load_elf_library where freeing an invalid pointer via a crafted ELF library or executable can trigger a kernel crash (DoS). Affected component: kernel’s ELF loading/free path (load_elf_library). The pu...

CVE-2005-1264

The CVE-2005-1264 issue is a concrete flaw in Linux kernel 2.6.x where raw devices (raw.c) call the wrong function before passing an ioctl to block devices, exposing kernel address space to userspace. This local, privilege-escalation risk is corroborated across multiple advisories (e.g., RHSA-200...

CVE-2005-2457

CVE-2005-2457 affects the Linux kernel zisofs driver for compressed ISO files. The vulnerability in the driver in older kernels (before 2.6.12.5) allows local users and remote attackers to trigger a denial of service (kernel crash) by crafting a compressed ISO filesystem. The issue is confirmed a...

CVE-2005-2500

CVE-2005-2500: A buffer overflow in the Linux kernel 2.6.12 code path (xdr_xcode_array2 in xdr.c) used by SuSE Linux Enterprise Server 9 can be triggered by crafted XDR data for the nfsacl protocol, potentially allowing remote denial of service and possibly arbitrary code execution. The vulnerabi...

CVE-2005-2873

Technical details for CVE-2005-2873 are not provided in the connected documents. Available sources reference related CVEs and kernel updates but do not specify affected product/version, root cause, or remediation for this CVE.

CVE-2005-3847

CVE-2005-3847 affects Linux kernel 2.6.11 up to but not including 2.6.13 and 2.6.12.6, allowing local users to cause a deadlock by sending SIGKILL to a real-time thread that is dumping core. SUSE/ Debian OpenVOS references confirm the issue and its remediation. The known fix is in 2.6.12.6 via th...

CVE-2005-3848

CVE-2005-3848 concerns a memory leak in the Linux kernel’s icmp_push_reply() that can be triggered by crafting a large number of ICMP packets, causing memory consumption and a denial of service. Public details in the initial entry specify Linux kernels before 2.6.12.6 and 2.6.13 are affected, wit...

CVE-2006-0456

CVE-2006-0456 affects the Linux kernel prior to 2.6.16 on IBM S/390, where strnlen_user can return an incorrect value. This can enable local users to cause a denial of service via unknown vectors. Connected sources confirm the issue and reference the IBM S/390/strnlen_user function, with remediat...

CVE-2006-1242

CVE-2006-1242 affects the Linux kernel (2.4.x and 2.6.x up to before 2.6.16). The ip_push_pending_frames function increments the IP ID when sending a RST after unsolicited TCP SYN-ACKs, enabling remote Idle-Scan (nmap -sI) bypassing certain protections. Affected versions: Linux 2.4.x and 2.6.x be...

CVE-2006-2445

CVE-2006-2445 is a race-condition bug in Linux kernels prior to 2.6.16.21 affecting run_posix_cpu_timers. A local attacker can trigger a denial-of-service (BUG_ON crash) by attaching a timer to a process that is exiting on a single CPU. The connected SUSE/Ubuntu/Mandriva advisories describe the s...

CVE-2008-7256

CVE-2008-7256 affects the Linux kernel’s mm/shmem.c prior to 2.6.28-rc8 when strict overcommit is enabled and CONFIG_SECURITY is disabled. The vulnerability arises in how knfsd exports shmemfs objects, allowing a denial of service via NULL pointer dereference and knfsd crash, with possible other ...

CVE-2013-1828

The CVE-2013-1828 issue affects the Linux kernel prior to 3.8.4, where sctp_getsockopt_assoc_stats in net/sctp/socket.c does not validate the requested size before a copy_from_user, enabling local privilege escalation via SCTP_GET_ASSOC_STATS getsockopt. Affected are kernel versions before 3.8.4;...

CVE-2014-0102

CVE-2014-0102 affects the Linux kernel up to version 3.13.6. The vulnerability is in the function keyring_detect_cycle_iterator (security/keys/keyring.c), which does not correctly determine whether keyrings are identical. This can allow local users to cause a denial of service (OOPS) by issuing c...

CVE-2014-2739

The CVE-2014-2739 issue affects Linux kernel 3.14.x–3.14.1, specifically the cma_req_handler in drivers/infiniband/core/cma.c. The root cause is an incorrect pointer dereference when resolving a RoCE address already resolved in a different module, which can lead to a denial of service via crafted...

CVE-2017-0403

CVE-2017-0403 is an elevation-of-privilege vulnerability in the Android kernel performance subsystem. The issue could allow a local malicious application to execute arbitrary code within the kernel context, requiring initial access via a privileged process. Affected software is Android’s kernel w...