CVE-2011-2211

CVE-2011-2211 concerns the Linux kernel on the Alpha architecture. The vulnerability lies in the osf_wait4 function (arch/alpha/kernel/osf_sys.c), where an incorrect pointer is used in versions prior to 2.6.39.4. This can allow local users to gain elevated privileges by writing a specific integer...

CVE-2011-4916

CVE-2011-4916 affects the Linux kernel up to version 3.1, where local users could access /dev/pts/ and /dev/tty* to obtain sensitive keystroke information. The available connected sources (OSV/DEBIAN/NVD-style entries) confirm the local-priority impact but do not provide specific patch versions o...

CVE-2013-2890

CVE-2013-2890 affects the Linux kernel HID subsystem (drivers/hid/hid-sony.c). When CONFIG_HID_SONY is enabled, it allows physically proximate attackers to trigger a heap-based out-of-bounds write via a crafted USB device, leading to a denial of service. The vulnerability is described as existing...

CVE-2015-8950

CVE-2015-8950 affects the Linux kernel (arch/arm64/mm/dma-mapping.c) prior to 4.0.3, where uninitialized data structures in the ION memory-management path can be exposed via dma_mmap. This local-access vulnerability could allow a non-privileged user to read kernel memory. The public references in...

CVE-2016-5870

CVE-2016-5870 concerns the msm_ipc_router_close function in net/ipc_router/ipc_router_socket.c within the ipc_router component of the Linux kernel (3.x), as used in Qualcomm QuIC Android contributions for MSM devices. The vulnerability allows a denial of service via a NULL pointer dereference or ...

CVE-2016-6777

CVE-2016-6777 affects NVIDIA Tegra kernel driver (NVMAP) with a use-after-free vulnerability: referencing memory after it has been freed can lead to denial of service or possible privilege escalation. Base details in NVIDIA/Tegra entries show a CVSSv3.0 base score of 8.4 and a local/privilege-esc...

CVE-2017-0339

CVE-2017-0339 is an NVIDIA Tegra crypto-dev driver IOCTL handling vulnerability. The issue arises when a value is passed to the kernel driver without proper validation, potentially causing array index issues. Affected are NVIDIA Tegra-based platforms running Linux for Tegra in Android, notably Je...

CVE-2017-0445

CVE-2017-0445 is a kernel-privilege elevation in the HTC touchscreen driver affecting Google Pixel/Pixel XL devices (Android kernel 3.18). The connected CNVD entry confirms an HTC touchscreen driver flaw allowing a local malicious app to execute code in kernel context, i.e., a local privilege esc...

CVE-2017-0446

CVE-2017-0446: Elevation of privilege in the HTC touchscreen driver on Android kernel 3.18, allowing a local attacker to execute arbitrary code in kernel context. Exploitation requires compromising a privileged process and local access. Publicly available patch/fix details are not provided in the...

CVE-2017-0455

CVE-2017-0455 is an information-disclosure vulnerability in the Qualcomm bootloader that could allow a local malicious app to execute arbitrary code within the bootloader context on affected Android devices (Kernel 3.18). CNVD/OSV entries tie it to Google Pixel devices (Pixel/Pixel XL); Nessus no...

CVE-2017-0571

CVE-2017-0571 stems from Broadcom’s Wi‑Fi driver (bcmdhd) on Android. A WLFC TLV parity parsing path fails to validate length fields, allowing an attacker controlling the dongle to craft a TLV with a large length (e.g., 255) which overflows a stack buffer, enabling local code execution in the ker...

CVE-2017-0586

CVE-2017-0586 is an information-disclosure vulnerability in the Qualcomm sound driver affecting Android devices. The issue enables a local malicious application to access data outside its permissions, and is exploitable after compromising a privileged process. Affected: Android kernels around 3.1...

CVE-2017-0613

CVE-2017-0613 is a local elevation-of-privilege flaw in the Qualcomm Secure Execution Environment Communicator driver affecting Android, enabling a non-privileged, user-space process to gain arbitrary code execution in the kernel if a privileged process is first compromised. Affected kernel versi...

CVE-2017-5547

The CVE-2017-5547 issue affects Linux kernel 4.9.x prior to 4.9.6, specifically the drivers/hid/hid-corsair.c path. The root cause is incorrect interaction with CONFIG_VMAP_STACK, enabling a local attacker to trigger a denial of service (system crash) or memory corruption by abusing more than one...

CVE-2021-47298

CVE-2021-47298 concerns the Linux kernel: a bpf/sockmap path could leak a message if skb_linearize fails, resolved by freeing the msg block before returning an error. Multiple connected advisories reference the same fix in the kernel; impact is a potential memory leak (no exploitation details pro...

CVE-2021-47312

The CVE-2021-47312 issue in Linux kernel nf_tables caused a NULL pointer dereference during error handling when flow is NULL (chain flags NFT_CHAIN_HW_OFFLOAD is false). The fix ensures nft_flow_rule_destroy is only called if flow is non-null, preventing the crash in the error path. Connected ven...

CVE-2021-47316

CVE-2021-47316 affects the Linux kernel NFSD: a NULL dereference in nfs3svc_encode_getaclres can occur in error paths when the dentry is NULL, prior to the patch 20798dfe249a. The issue is resolved by a fix in the kernel encoder, preventing the NULL dereference in error handling. Affected product...

CVE-2021-47568

CVE-2021-47568 concerns the ksmbd module in the Linux kernel, where a memory leak in get_file_stream_info() (fs/ksmbd/smb2pdu.c) could lead to resource exhaustion and a denial-of-service risk. The issue is resolved in the provided documents by applying a fix for the memleak; exploitation details ...

CVE-2022-3170

CVE-2022-3170 affects the Linux kernel sound subsystem. The vulnerability is an out-of-bounds access that can occur when the user-provided id->name does not end with a NUL character, allowing a privileged local user to trigger a crash or potentially escalate privileges via an ioctl() path. The...

CVE-2022-48719

CVE-2022-48719 concerns a Linux kernel issue in the neighbor subsystem where an NUD_FAILED entry could trigger an immediate probe due to neigh_event_send behavior when under certain managed state conditions. The root cause involved a potential deadlock path with NTF_MANAGED entries and a chain of...

CVE-2022-48762

CVE-2022-48762 refers to an arm64 Linux kernel issue in the extable path for load_unaligned_zeropad, where ex_handler_load_unaligned_zeropad() erroneously parsed register indices from ex->type instead of ex->data. The documented impact is a potential NULL pointer dereference on an MTE-enabl...

CVE-2022-48820

CVE-2022-48820: In the Linux kernel, a refcount leak was fixed in the stm32 USB PHY PLL enable path. The bug affected the stm32_usbphyc_pll_enable() error path where usbphyc->n_pll_cons.counter was not decremented, potentially leaking a reference. The provided connected documents confirm the f...

CVE-2022-48874

The CVE-2022-48874 issue is in the Linux kernel fastrpc subsystem. The description specifies a race condition between fastrpc_map_lookup() unlocking a mutex and the reference count increment in fastrpc_map_find() via fastrpc_map_get(), which can lead to use-after-free. The proposed fix merges fas...

CVE-2022-48881

CVE-2022-48881 (Linux kernel) affects the Linux kernel in the AMD platform x86 code. The vulnerability arises from a refcount leak in amd_pmc_probe, and a reference taken by pci_get_domain_bus_and_slot() that callers must release with pci_dev_put() after use. The fix adds pci_dev_put() in the err...

CVE-2022-48913

The CVE-2022-48913 issue is a Linux kernel use-after-free in blk_trace (blktrace) allocated when tracing a full disk, where created files under q->debugfs_dir are not removed if bt->dir is NULL, allowing stale pointers (dropped, msg) to be dereferenced. The result is a KASAN-triggered use-a...

CVE-2022-48932

CVE-2022-48932 affects the Linux kernel (net/mlx5). The issue is a slab-out-of-bounds in mlx5_cmd_dr_create_fte when adding a rule with 32 destinations, leading to a bug seen as KASAN slab-out-of-bounds. The patch fixes this by increasing allocated buffers to accommodate the needed actions and by...

CVE-2022-48940

CVE-2022-48940: In the Linux kernel, a crash can occur in BPF map handling when both a bpf_spin_lock and a bpf_timer are present in a map value. The root cause is that copy_map_value does not set both s_off and t_off when copying values in and out of the map, which can lead to overwriting the oth...

CVE-2022-49068

CVE-2022-49068 — Summary (Linux kernel, btrfs) The issue occurs in btrfs direct IO write path: during get_blocks_direct_write(), temporary delalloc extents are reserved and later released with btrfs_delalloc_release_extents(). If the length is modified in the COW path, fewer extents may be releas...

CVE-2022-49452

The provided documents describe CVE-2022-49452 affecting the DPAA2-ETH path in the Linux kernel. The issue arises when the TSO header is freed after dma_unmap, using a DMA-mapped buffer’s address that has already been unmapped. The fix implemented is to call dpaa2_iova_to_virt() before dma_unmap ...

CVE-2022-49844

The collection confirms CVE-2022-49844 affects the Linux kernel CAN subsystem. The issue arises from reading priv->ctrlmode in virtual CAN interfaces (e.g., vcan, vxcan) when some interfaces do not create struct can_priv at startup, causing an out-of-bounds read and CAN frame drops. The refere...

CVE-2023-20715

CVE-2023-20715 affects the wlan component in MediaTek-based devices. The issue is an out-of-bounds write caused by a missing bounds check, enabling local escalation of privileges with SYSTEM execution rights required. Exploitation reportedly does not require user interaction. The vulnerability’s ...

CVE-2023-52909

CVE-2023-52909: In the Linux kernel NFSD, a race in caching an opened NFSv4 file could leave nf_file NULL or leak a prior nf_file. The fix introduces nfsd_file_acquirei_opened, which uses an existing file pointer when present and preserves an existing valid nf_file, preventing leaks and oops. It ...

CVE-2023-52911

CVE-2023-52911 is a Linux kernel issue in the DRM/MSM driver related to a NULL pointer dereference when the Adreno GPU runs in headless mode (e.g., on i.MX platforms). The crash occurs during reboot in the msm_atomic_commit_tail path, with an oops/NULL dereference involving slab kmalloc and relat...

CVE-2023-52986

CVE-2023-52986 is a Linux kernel issue affecting bpf, sockmap where a listening socket linked to a sockmap can have its sk_prot overridden to a variant in tcp_bpf_prots. The root cause is that cloning a child from a TCP listener checked only for the TCP_BPF_BASE proto variant, whereas the listene...

CVE-2023-53003

CVE-2023-53003 concerns a use-after-free in the Linux kernel’s EDAC/qcom path. The LLCC driver allocates llcc_driv_data, which was previously passed as private info to the EDAC core (edac_device_ctl_info). On driver release this data could be freed, and a subsequent probe would use the freed memo...

CVE-2023-53144

CVE-2023-53144 concerns the Linux kernel erofs subsystem. The connected documentation describes an identified issue where kunmap could be applied to incorrect pages during LZMA decompression on HIGHMEM platforms, leading to a NULL pointer dereference in z_erofs_lzma_decompress and related call ch...

CVE-2024-37026

CVE-2024-37026 is a Linux kernel vulnerability affecting the DRM/xe path: the GuC context scheduling queue can deadlock when a migration job is queued behind a fault due to shared engines with user jobs. The issue arises because the migrate exec queue could be serviced behind non-reserved BCS ins...

CVE-2024-38584

In CVE-2024-38584, the Linux kernel net: ti: icssg_prueth prueth_probe() dereferenced a NULL pointer when emac_phy_connect() failed and of_phy_connect() returned NULL, leading to NULL pointer dereference in phy_attached_info(). The public fix is to check the return code of emac_phy_connect and fa...

CVE-2024-41026

CVE-2024-41026 is a Linux kernel issue in the davinci_mmc driver where the transmitted data size could exceed sg_miter length, causing a kernel panic. The vulnerability arises from lack of validation on the data size to be transmitted; the fix limits the number of transmitted bytes to sg_mmiter-&...

CVE-2024-42257

The CVE-2024-42257 issue affects the Linux kernel ext4 code: the s_volume_name field in ext4_super_block was not NUL terminated. The root cause was using the wrong string copy approach; memtostr_pad() should be used instead of strncpy(), aligning with prior nonstring annotations in ext4.h. The re...

CVE-2024-43822

CVE-2024-43822 is a Linux kernel vulnerability affecting the ASoc PCM6240 path, where a failed devm_kzalloc() in pcmdevice_i2c_probe() previously allowed a pcmdevice_remove() with a null pointer, risking dereference. The root cause is returning the wrong error path after an allocation failure, wh...

CVE-2024-45023

CVE-2024-45023 affects the Linux kernel’s MD raid1 path. Root cause: the recovery status was not checked in raid1’s choose_bb_rdev() (and similarly in choose_slow_rdev()), allowing unrecovered data to be read when a degraded array lands valid data on slow disks while a normal disk is still recove...

CVE-2024-46712

The documented CVE-2024-46712 affects the Linux kernel's DRM VMWGFX subsystem: coherent dumb buffers are enabled even when 3D is disabled, causing guest-only content to be retained and wasting guest-host synchronization efforts. The problem arises because coherent surfaces are only meaningful wit...

CVE-2024-50097

CVE-2024-50097 is resolved in OpenSUSE kernel-devel-longterm-6.12.11-1.1 on GA media. The issue in the Linux kernel’s fec driver could panics when saving PTP state if PTP is unsupported; the fix guards fec_ptp_save_state behind a PTP-support check, preventing the unconditional state save. Technic...

CVE-2025-21897

CVE-2025-21897: Linux kernel sched_ext vulnerability where pick_task_scx() could return non-queued tasks if balance() wasn’t called. The fix adds a workaround to emulate SCX_RQ_BAL_KEEP only when preceding balance_scx() is missing, and corrects the prior test that used @prev to decide if a task w...

CVE-2025-38563

CVE-2025-38563 affects the Linux kernel perf subsystem. The issue arises when perf mmap-based mappings can be split (VMA split) after initial mapping, causing mismatched offsets/sizes and leaking reference counts for ringbuffer/auxiliary buffers. The fix adds vm_operations_struct.may_split() and ...

CVE-1999-0400

CVE-1999-0400 affects Linux 2.2.0 where running the ldd command on a core file causes a denial of service. The connected documents confirm the affected component (ldd behavior on core files) and the impact (DoS). No explicit root cause, affected versions beyond Linux 2.2.0 are not detailed here, ...

CVE-1999-0460

CVE-1999-0460 describes a buffer overflow in the Linux autofs module triggered by excessively long directory names, allowing local users to cause a denial of service. The available connected documents confirm the affected component (Linux autofs module) and the vulnerability class (buffer overflo...

CVE-2001-1390

The CVE-2001-1390 entry concerns an unknown vulnerability in the Linux kernel component binfmt_misc prior to version 2.2.19, related to user pages. Connected advisories (Mandrake MDKSA-2001:037 and Debian DSA-047-1, among others) document that the core issue is an off-by-one error in the CPIA dri...

CVE-2001-1572

CVE-2001-1572 affects the Linux kernel Netfilter MAC module (versions 2.4.1–2.4.11) and allows remote attackers to bypass MAC-based packet filters by sending small packets. This is a network-vector, low-complexity, no-authentication exploit with partial impacts on confidentiality , integrity , an...