CVE-2017-0527

CVE-2017-0527 describes an elevation-of-privilege vulnerability in the HTC Sensor Hub Driver on Android, enabling a local malicious app to execute arbitrary code in kernel context. Affected products/versions: Android on kernel 3.10 and 3.18. Root cause is operating in the context of the kernel af...

CVE-2021-47286

CVE-2021-47286 affects the Linux kernel MHI bus core. The issue arises when processing command completions: the channel ID read from the device event ring can be any value 0–255, risking out-of-bounds accesses. The fix adds a bounds check against the controller’s maximum channels and against chan...

CVE-2021-47349

The CVE-2021-47349 issue is a kernel-level deadlock in the mwifiex path: when removing the mwifiex interface or during firmware reset, cfg80211_unregister_wdev() may need to bring down the link, which then attempts to acquire the same wiphy lock already held. The provided traces show the lock/inv...

CVE-2022-48867

CVE-2022-48867 affects the Linux kernel DMA engine for idxd. The issue is a use-after-free during driver unload: when descriptors are flushed as part of idxd_dmaengine_drv_remove() path, a not-present-page fault can occur if descriptors still in use are freed. The root cause is freeing descriptor...

CVE-2022-48869

CVE-2022-48869 concerns the Linux kernel gadgetfs USB driver. The issue arises from a race between gadgetfs_fill_super() (mount path) and gadgetfs_kill_sb() (unmount path), where the_device could be deallocated while gadgetfs_fill_super() still uses it, resulting in a use-after-free. The provided...

CVE-2022-48870

CVE-2022-48870 : In the Linux kernel, a null pointer dereference could occur in spk_ttyio_release due to a null-ptr-defer in tty handling, which has been fixed (tty: fix possible null-ptr-defer in spk_ttyio_release). The vulnerability affects kernel code involved with the Speakup Speakup AUDPTR/T...

CVE-2022-48906

CVE-2022-48906 affects the Linux kernel MPTCP implementation (DATA_FIN timeout calculation in net/mptcp/protocol.c). Syzkaller/UBSAN revealed a shift-out-of-bounds when many DATA_FIN retransmits occur, causing timeout miscalculation. The fix limits the maximum timeout by restricting the shift siz...

CVE-2022-49004

CVE-2022-49004 (Linux kernel) affects riscv architectures. The EFI page table is initially copied from the kernel page table; with VMAP_STACK enabled, kernel stacks allocated in vmalloc may land on a new PGD, causing a trap when switching to the EFI page table and a kernel panic. The fix updates ...

CVE-2022-49047

CVE-2022-49047 corresponds to a Linux kernel UAF risk in ep93xx clock code (ep93xx_clk_register_gate()) that was addressed by a fix in arch/arm/mach-ep93xx/clock.c. The vulnerability manifested as a use-after-free (memory after it is freed) between IS_ERR(clk) handling and returning &psc->hw, ...

CVE-2022-49048

CVE-2022-49048 (Linux kernel) : The vulnerability relates to the IPv6 forwarding path where a kernel panic can occur in ip6_forward() if the input interface has no in6 device. The issue has been resolved in the Linux kernel (as described in multiple advisories), with reproduction steps involving ...

CVE-2022-49146

The CVE-2022-49146 entry describes a Linux kernel issue in virtio handling where drivers bypass the enable_cbs callback during virtio_device_restore(), causing suspend-resume traces and potential interrupt handling problems. The root cause is failure to call virtio_device_ready() in restore, so i...

CVE-2022-49553

CVE-2022-49553 is resolved in the Linux kernel: the NTFS driver code path fs/ntfs3 now validates the NTFS BOOT sectors_per_clusters field. If the field is > 0x80, it is treated as a shift value and the driver ensures the shift value is not too large for the NTFS max cluster size (2 MB). If too...

CVE-2022-49747

Summary (concrete details found in connected docs): CVE-2022-49747 refers to a Linux kernel issue where the offset calculation in erofs/zmap.c was incorrect, causing iomap->length to be set to 0 and triggering a WARN_ON in iomap_iter_done(). The issue affects the kernel’s handling path involvi...

CVE-2022-49766

The CVE-2022-49766 entry concerns the Linux kernel netlink path: it fixes a bounds-check issue in the creation of struct nlmsgerr. The underlying cause was related to a memcpy across a composite flexible array struct, which is mitigated by switching from __nlmsg_put to nlmsg_put() and explaining ...

CVE-2022-50023

The CVE-2022-50023 issue affects the Linux kernel's DMAengine dw-axi-dmac component. When a channel has no descriptor and an interrupt is raised, the kernel can OOPS. The root cause is not validating the descriptor result; the fix is to check the outcome of vchan_next_desc() in axi_chan_block_xfe...

CVE-2022-50048

In Linux kernels affected by CVE-2022-50048, the vulnerability is in netfilter nf_tables: if nft_expr_clone() fails, dst->ops is set before the module refcount is bumped, causing an underflow in nft_expr_destroy(). This is a kernel-level issue that can affect systems using nf_tables, and is de...

CVE-2022-50192

CVE-2022-50192 : In the Linux kernel, the vulnerability affects the SPI Tegra tegra20-slink path. After calling spi_unregister_master(), the master’s refcount can drop to 0 and the master (and its associated device data) may be freed, causing a use-after-free when using tspi. The fix ensures the ...

CVE-2022-50204

CVE-2022-50204 concerns a Linux kernel issue affecting ARM OMAP2+ where pdata-quirks leaked a refcount in pdata_quirks_init_clocks due to a missing of_node_put() after using of_find_node_by_name() in a loop. The vulnerability is mitigated by a kernel fix that corrects the refcount handling, preve...

CVE-2022-50219

In CVE-2022-50219, the issue is in the Linux kernel’s BPF subsystem. Syzbot reported a use-after-free in compute_effective_progs when detaching BPF links, where a freed memory path could be dereferenced by update_effective_progs() leading to a KASAN UAF. The fix removes the pointer from the cgrou...

CVE-2023-20810

CVE-2023-20810 affects the IOMMU component in MediaTek platforms. Root cause: improper input validation in the IOMMU leading to potential local information disclosure with required system execution privileges. Exploitation described as local, with no user interaction needed. Impact per documents:...

CVE-2023-39176

CVE-2023-39176 concerns the ksmbd kernel module in Linux, where parsing of SMB2 transform-header requests allows reading past the end of an allocated buffer. This results in information disclosure on affected systems with ksmbd enabled. Public sources in the connected documents consistently descr...

CVE-2023-52706

The CVE-2023-52706 issue affects the Linux kernel gpio-sim, where an inverted logic in gpio_sim_remove_hogs() prevented freeing GPIO hog structures, causing a memory leak. A fix was applied in the kernel to correct the logic and free the hog structures, mitigating the leak. The vulnerability was ...

CVE-2023-52895

CVE-2023-52895 concerns a race in the Linux kernel io_uring/poll for multishot requests. A prior commit fixed a poll race that applies only to multishot, where a spurious wakeup can be ignored since the waitqueue isn’t left. A blunt reissue of a multishot armed request could leak a buffer if prov...

CVE-2023-52996

CVE-2023-52996 : Linux kernel IPv4 code in fib_metrics_match() uses @type as an array index, which could enable a spectre v1 gadget. The connected advisories indicate this is resolved in the kernel, with mitigation by preventing speculative access to fi->fib_metrics->metrics[type-1]. The vu...

CVE-2024-40955

CVE-2024-40955 corresponds to a Linux kernel ext4 slab-out-of-bounds in ext4_mb_find_good_group_avg_frag_lists, triggered by setting mb_group_prealloc to a very large value (2147483647) and performing specific mkfs/mount/write actions. The bug is in ext4’s block allocation logic (mb_alloc/mb_grou...

CVE-2024-42112

Summary (CVE-2024-42112): In the Linux kernel, the txgbe driver mishandled isb resource freeing when using MSI/INTx interrupts, risking reads from freed memory. The fix moves wx_free_isb_resources() from txgbe_close() to txgbe_remove() and corrects the isb free action in the txgbe_open() error pa...

CVE-2024-43836

CVE-2024-43836 affects the Linux kernel net: ethtool pse-pd path. A null dereference can occur when a PSE supports both c33 and PoDL but only one Netlink attribute is provided; the vulnerability arises although the c33/PoDL capabilities are validated by ethnl_set_pse_validate(). The issue has bee...

CVE-2024-43862

CVE-2024-43862 affects the Linux kernel’s net: wan: fsl_qmc_hdlc component. The root cause is using a spinlock (carrier_lock) to protect carrier detection while framer_get_status() may take a mutex, creating a potential deadlock. The issue is addressed by converting carrier_lock from a spinlock t...

CVE-2024-44945

CVE-2024-44945 affects the Linux kernel netfilter nfnetlink: the vulnerability arises from missing extack initialisation when ACKing BATCH_BEGIN and BATCH_END. The issue is in extack handling, which could impact the ACK path for those batch operations. The provided CVE details indicate the fix is...

CVE-2024-53235

The CVE-2024-53235 entry documents a Linux kernel issue where erofs file-backed mounts over FUSE caused a null pointer dereference in fuse_read_args_fill during reads (fuse_read_folio path), potentially affecting read I/O that requires valid file pointers on certain network/FUSE filesystems. The ...

CVE-2024-56711

CVE-2024-56711 is a Linux kernel vulnerability affecting the DRM panel driver for himax-hx83102. The issue arises when drm_mode_duplicate() can return NULL due to memory allocation failure, after which code may dereference NULL pointers. The fix adds a explicit NULL check to prevent a NULL pointe...

CVE-2024-57988

In the Linux kernel, the Bluetooth driver btbcm had a NULL pointer dereference in btbcm_get_board_name() when devm_kstrdup() could return NULL. The fix adds a NULL check in btbcm_get_board_name() to prevent the dereference.

CVE-2024-58062

CVE-2024-58062: In the Linux kernel, the iwlwifi mvm code was fixed to avoid NULL pointer dereference when iterating over active links of a virtual interface (vif). The root cause was a missing check that the link pointer exists before dereferencing it; the patch adds usage of for_each_vif_active...

CVE-2025-21752

CVE-2025-21752 (Linux kernel, Btrfs) The issue arises when modifying keys in the RAID stripe-tree using btrfs_set_item_key_safe, which can lead to tree corruption. The root cause of the tree-order issue is not clearly detailed in the provided documents. A practical mitigation suggested in the sou...

CVE-2025-38012

CVE-2025-38012 concerns the Linux kernel vulnerability in sched_ext where bpf_iter_scx_dsq_new() may leave an uninitialized BPF iterator after an error return, causing bpf_iter_scx_dsq_next() to dereference garbage data. The patch ensures bpf_iter_scx_dsq_new() always clears kit->dsq, making n...

CVE-2025-38356

CVE-2025-38356 (Linux kernel) . The issue affects the DRM frontend (drm/xe/guc) where during driver probe the code may briefly run in CT safe mode (driven by a delayed work). If probe aborts early, unwind can destroy a pending delayed work that would restart itself, triggering a WARN in the workq...

CVE-2026-23243

CVE-2026-23243 is a Linux kernel vulnerability involving RDMA/umad_write, where user-controlled MAD header size mismatch could yield a negative data_len, leading to an out-of-bounds memset in alloc_send_rmpp_list. The issue has a concrete upstream fix that rejects negative data_len before creatin...

CVE-1999-0461

CVE-1999-0461 affects rpcbind implementations (Linux, IRIX and Wietse Venema’s rpcbind). The issue allows a remote attacker to insert and delete entries by spoofing the source address. Exploitation status is mentioned in multiple sources, but no specific patch/versions with a fix are provided in ...

CVE-2001-1392

The supplied documents confirm CVE-2001-1392 affects the Linux kernel prior to 2.2.19, due to missing unregister calls for CPUID and MSR drivers, which could crash the system on unloading/loading (local DoS). Remediation is to upgrade to kernel 2.2.19 or later (as noted in Mandrake/Debian/NVD ref...

CVE-2004-1144

Summary: CVE-2004-1144: A local privilege escalation in the Linux 2.4 AMD64 32‑bit emulation code was identified (Petr Vandrovec). The issue affects the AMD64 path in the 2.4 kernel, allowing a local attacker to gain privileges. Affected context (from connected sources): Red Hat and SUSE advisori...

CVE-2004-1151

CVE-2004-1151 involves multiple buffer overflows in the Linux 2.6.x kernel, specifically in sys32_ni_syscall() and sys32_vm86_warning() within sys_ia32.c. Exploitation could allow a local attacker to modify kernel memory and escalate privileges (root). Several advisories confirm affected kernels ...

CVE-2005-0937

The CVE-2005-0937 issue is a Linux kernel vulnerability in futex.c (2.6.x) where get_user may be invoked while mmap_sem is held. This can lead to a deadlock in do_page_fault if another thread is executing mmap or related operations, as described in the Linux kernel advisories. Public references (...

CVE-2005-1263

CVE-2005-1263 affects the Linux kernel: the elf_core_dump path in binfmt_elf.c can trigger a negative length in create_elf_tables, causing a buffer overflow that enables local attackers to execute arbitrary code. Affected: Linux kernel 2.x up to listed pre-release/rc versions across multiple line...

CVE-2005-2099

CVE-2005-2099 affects the Linux kernel (pre-2.6.12.5) where a keyring that is not instantiated properly is not destroyed, allowing local users or remote attackers to trigger a kernel oops via a payload in the keyring, leading to a denial of service. The affected code path is in the keyring destru...

CVE-2005-3179

CVE-2005-3179 affects the Linux kernel, specifically the drm.c path in kernel versions 2.6.10 through 2.6.13. The vulnerability arises because a debug file is created in sysfs with world‑readable and world‑writable permissions. This allows a local user to enable DRM debugging and potentially obta...

CVE-2006-0037

CVE-2006-0037 concerns the Linux kernel 2.6.14 (and other versions) where the PPTP NAT helper (netfilter/ip_nat_helper_pptp.c) is vulnerable. A crafted outbound packet can trigger an incorrect offset calculation from pointer arithmetic when non-linear SKBs are used, enabling a local user to cause...

CVE-2006-6535

CVE-2006-6535 affects the Linux kernel 2.6 series, where a flaw in the dev_queue_xmit() error handling path in the network subsystem can lead to data corruption. Multiple advisories and scanners (e.g., Debian DSA-1304-1, Red Hat/CentOS RHSA-2007:0014, OpenVAS entries) map this to a local data cor...

CVE-2008-0352

CVE-2008-0352 affects the Linux kernel 2.6.20–2.6.21.1. A remote attacker can cause a denial of service (panic) by sending a certain IPv6 packet, possibly involving the Jumbo Payload hop-by-hop option (jumbogram). The issue has a known fix in 2.6.21.2 (and later); apply the kernel update to mitig...

CVE-2008-1675

The CVE-2008-1675 issue affects the Linux kernel 2.6.x up to 2.6.25.1, where the bdx_ioctl_priv function in the tehuti driver (tehuti.c) does not properly validate register-size related information. This can lead to an unspecified impact, with local attack vectors and potential kernel memory acce...

CVE-2009-0024

The CVE-2009-0024 entry concerns the Linux kernel vulnerability in the sys_remap_file_pages function (mm/fremap.c) present in versions prior to 2.6.24.1. The issue arises from the vm_file structure member and related mmap_region and do_munmap paths, allowing local users to cause a denial of servi...