CVE-2024-27066

CVE-2024-27066 concerns a Linux kernel vulnerability in the virtio packed indirect descriptor handling. When use_dma_api and premapped are true, do_unmap may be left false, causing vring_unmap_extra_packed not to be invoked during detach_buf_packed and creating an unmap leak for the indirect desc...

CVE-2024-26946

CVE-2024-26946: In the Linux kernel, the vulnerability resides in kprobes/x86 where arch_adjust_kprobe_addr() could read from an unsafe address. The fix switches the read to copy_from_kernel_nofault() to prevent kernel panics when data is inaccessible, as Syzcaller reported. Public details confir...

CVE-2024-26947

CVE-2024-26947 affects the Linux kernel ARM path handling for remap/pfn validation. The description across connected docs shows that after the commit adding the new semantics for pfn_valid (to consider freed memory map alignment), a valid page for a reserved address could crash when memory was re...

CVE-2024-26985

CVE-2024-26985 affects the Linux kernel DRM/xe path, specifically the intel_fb_bo_framebuffer_init function where a Bo reference could leak. The connected advisories confirm the fix: add an unreference of the BO in the error path and return 0 on success to clarify the normal path. The change is d...

CVE-2024-26814

CVE-2024-26814 affects the Linux kernel vfio-fsl-mc driver. The eventfd_ctx trigger pointer for vfio_fsl_mc_irq can be NULL and may become NULL if the trigger is set to -1. The interrupt handler itself is guaranteed to have a valid trigger between request_irq() and free_irq(), but loopback tests ...

CVE-2024-26990

In CVE-2024-26990, the Linux kernel KVM x86/mmu vulnerability concerns write-protection of L2 SPTEs in the TDP MMU when clearing dirty status. The fix ensures that TDP MMU SPTEs are write-protected when using the L2 page table level with EPT disabled on L1 and PML enabled; since KVM disables PML ...

CVE-2024-26938

CVE-2024-26938 is a Linux kernel vulnerability in the drm/i915/bios path. The issue occurs when int​el_bios_encoder_supports_dp_dual_mode() encounters a NULL devdata for a DP encoder (e.g., if there is no VBT or the VBT does not declare the encoder). The kernel previously could oops or mis-handle...

CVE-2024-26963

CVE-2024-26963 affects the Linux kernel USB subsystem for the DWC3 controller on AM62 (usb: dwc3-am62). The vulnerability arises from runtime PM handling: when the kernel module is removed with runtime suspend active, the refclock may remain enabled and operations on device registers can occur. T...

CVE-2024-26607

The CVE-2024-26607 issue affects the Linux kernel sii902x bridge driver on TI platforms. Root cause: a probing race where drm_bridge_add() is invoked before the driver fully initializes the i2c EDID path, leading to a NULL pointer dereference in sii902x_bridge_get_edid during EDID reads. Impact: ...

CVE-2023-52490

The CVE-2023-52490 issue is a Linux kernel mm/migrate flaw where a race in page migration caused an incorrect page mapping for the target page, leading to NULL dereferences during dump of page state when memory hotplug/offlining occurs. The root cause was that the target page’s mapping field stor...

CVE-2024-27069

CVE-2024-27069 affects the Linux kernel overlayfs ovl_verify_area path. The issue was a WARN_ON assertion triggered by syzbot’s copy-up loop when a lower file’s size changes underneath overlayfs. The documented fix relaxes the WARN_ON in ovl_verify_area and aligns error handling (returning EIO fo...

CVE-2024-26811

CVE-2024-26811 affects the Linux kernel ksmbd component. Root cause: ksmbd.mountd can return an invalid IPC response if malicious ksmbd-tools are installed, allowing memory overrun/slab-out-of-bounds due to missing validation of IPC payload size. The patch adds validation for three IPC responses ...

CVE-2023-52485

CVE-2023-52485 affects the Linux kernel; the issue stems from wake DMCUB before issuing DMUB commands in the AMD display path, which could deadlock if the DMCUB is not powered. The description indicates a fix to rework command submission to exit idle power optimizations and reenable them after su...

CVE-2024-26812

CVE-2024-26812: In the Linux kernel, vfio/pci: Create persistent INTx handler vulnerability allowed signaling of eventfds with a NULL context after the IRQ handler was unregistered (via SET_IRQS ioctl or unmask irqfd) when an INTx interrupt was pending. The fix moves INTx interrupt handler config...

CVE-2024-27006

CVE-2024-27006 concerns the Linux kernel. The issue arises in thermal/debugfs where the count field in trip_stats must be incremented in thermal_debug_tz_trip_up() to properly reflect temperature trips. The patch addresses two scenarios: (1) when a trip point is crossed on the way up for the firs...

CVE-2024-27067

The CVE-2024-27067 issue is in the Linux kernel (xen/evtchn) where unbinding a user event channel could cause a WARN() in the handler if the kernel is built with CONFIG_DEBUG_SHIRQ. The fix adds an "unbinding" flag to struct user_event to short-circuit the handler, preventing the WARN() when unbi...

CVE-2021-46965

CVE-2021-46965 : Linux kernel mtd/physmap/physmap-bt1-rom vulnerability where casting &data to (char ) caused unintentional stack access; the fix corrects the byte offset calculation (data is u32) to prevent out-of-bounds/stacks access. Affected code and root cause are documented in the upstream ...

CVE-2024-27027

According to the connected advisories, CVE-2024-27027 affects the Linux kernel DPLL driver where multiple registrations of the same pin on a DPLL device could leave stale list entries if the reference count was not zero. The root cause was that unregistration and freeing of the registration were ...

CVE-2024-27397

CVE-2024-27397 affects the Linux kernel nf_tables in netfilter. The root cause is a race where set elements could expire during unfinished control-plane transactions. The fix adds a timestamp field at the start of a transaction and stores it per-netns, updating the set backends’ insert, deactivat...

CVE-2024-27063

CVE-2024-27063 affects the Linux kernel LED subsystem for leds: trigger: netdev. The issue stems from a refactor where the trigger_data’s dev could reference the old net_dev while a new net_dev is being established, causing get_device_state() to operate on an invalid net_dev and potentially trigg...

CVE-2024-27036

CVE-2024-27036 affects the Linux kernel CIFS writeback path. The vulnerability arises when cifs_extend_writeback() considers an extra folio but would overrun the wsize, causing the xarray scanning loop to rely on xas_pause(), which advances the counter and can skip a page. The fix is to call xas_...

CVE-2023-52656

CVE-2023-52656 concerns the Linux kernel io_uring subsystem. The connected documents confirm that the vulnerability arises from dropping any code related to SCM_RIGHTS, i.e., dead code after removing support for passing io_uring fds over SCM_RIGHTS. The practical effect described is that the code...

CVE-2021-46968

CVE-2021-46968 concerns the Linux kernel s390/zcrypt subsystem. The issue was a memleak on hot-unplug for zcard and zqueue due to a mismatch in get/put for an embedded kref counter. The fix adjusts kref handling: the counter starts at 1 on init and must drop to zero on unregister (for both card a...

CVE-2024-36904

The provided connected advisories confirm CVE-2024-36904 affects the Linux kernel TCP TIME-WAIT handling. Specifically, a race window during connect() could allow refcount mismanagement in tcp_twsk_unique() if a TIME-WAIT sk is reused with zero refcnt, potentially leading to a use-after-free. The...

CVE-2021-46971

The CVE-2021-46971 entry corresponds to a Linux kernel fix in perf/core: the lockdown state was queried unconditionally, but its result is only needed if PERF_SAMPLE_REGS_INTR is set in attr.sample_type. This unconditional check could trigger SELinux lockdown hooks unnecessarily, potentially caus...

CVE-2024-35944

CVE-2024-35944: In the Linux kernel VMCI path, a run-time warning triggered by memcpy was observed when a field-spanning write occurred in vmci_datagram.c. The code copies a vmci_datagram dg into a local dg_info->msg with memcpy(&dg_info->msg, dg, dg_size), while dg_size = VMCI_DG_HEADERSIZ...

CVE-2021-46974

CVE-2021-46974 — Linux kernel BPF masking negation bug: when the off_reg is in the destination, negation could flip an add to a sub incorrectly. The fix performs a final bitwise AND into AX from off_reg unconditionally, then moves from src to dst and uses AX as the source for the original pointer...

CVE-2021-46970

CVE-2021-46970 affects the Linux kernel’s MHI PCI generic bus driver. The issue arises from a dedicated state-change workqueue created with both WQ_HIGHPRI and WQ_MEM_RECLAIM flags, where the state-change work (mhi_pm_st_worker) cannot guarantee forward progress under memory pressure and may bloc...

CVE-2024-27035

CVE-2024-27035 concerns the Linux kernel’s f2fs compression path. The issue arises when a data block inside a compressed cluster is not persisted with its metadata during checkpoint; after SPOR, this can lead to data corruption. The published fix guarantees that the compressed page is written by ...

CVE-2024-26654

Summary (CVE-2024-26654) : In the Linux kernel, the ALSA: sh: aica path could dereference a freed aica_channel due to a race between mod_timer/del_timer during PCM close, causing a use-after-free (UAF). Connected advisories confirm affected kernel families include Astra Linux advisories for Linux...

CVE-2021-46969

CVE-2021-46969 affects the Linux kernel bus: mhi: core. The vulnerability arises when mhi_queue incorrectly returns an error if the doorbell is not accessible in a non-M0 state (e.g., M3). The device is awakened to M0 before updating the doorbell, and treating this as an error delayed the doorbel...

CVE-2021-46972

CVE-2021-46972 affects Linux kernel overlayfs (ovl). The issue is a leaked dentry that occurs when metacopy errors happen during unmount, due to overlayfs not creating a temporary dentry after a metacopy error. The fix (commit 6815f479ca90) switches ovl_lookup() to use only the uppermetacopy stat...

CVE-2021-46964

CVE-2021-46964 is a Linux kernel issue fixed by the patch that reserves extra IRQ vectors for qla2xxx SCSI/UFS paths. The change limits MSI‑X vectors to the number of CPUs, which affected qla83xx_iospace_config(), qla24xx_enable_msix(), and qla2x00_iospace_config() by computing max_qpairs as msix...

CVE-2024-36004

CVE-2024-36004 is a Linux kernel issue where the i40e driver's workqueue was created with the WQ_MEM_RECLAIM flag, triggering a check_flush_dependency warning when i40e and i40iw are loaded. The fix removes the flag on i40e’s workqueue, mirroring a similar fix in ice, and is documented in several...

CVE-2024-35900

CVE-2024-35900 affects the Linux kernel nf_tables (netfilter). The issue arises when the dormant table flag is toggled; during commit, hooks are iterated across both existing and new chains, which can lead to an inconsistent state. This may trigger a warning when unregistering a chain that is alr...

CVE-2024-27398

CVE-2024-27398 – Linux kernel Bluetooth SCO use-after-free . The vulnerability stems from a use-after-free in sco_sock_timeout: after a SCO connection is established, releasing the SCO socket may schedule timeout_work, but the socket can be freed yet still dereferenced by sco_sock_timeout, leadin...

CVE-2024-26656

CVE-2024-26656 affects the Linux kernel AMDGPU DRM driver. A use-after-free in amdgpu_hmm_unregister called during amdgpu_gem_object_free after an amdgpu_gem_userptr_ioctl with invalid address/size can cause access to a bad address; kernel crash may occur. The issue has a published fix, and patch...

CVE-2024-35842

Summary: CVE-2024-35842 in the Linux kernel fixes a NULL pointer dereference in ASoC: mediatek sof-common by adding a NULL check for the normal_link string in sof_conn_stream entries. The issue arises because not all sof_conn_stream entries declare a normal_link (non-SOF, direct link) string, par...

CVE-2023-52442

CVE-2023-52442 concerns the Linux kernel KSMBD SMB server. The issue arises in compound SMB2 requests where smb2_get_msg() would return the first command header, causing the tree ID check to be skipped if SMB2_TREE_CONNECT_HE is first. The root cause is incorrect command selection within a compou...

CVE-2024-35844

CVE-2024-35844 concerns a Linux kernel f2fs compress reserve_cblocks counting bug that occurs when a file needs only one direct_node and the filesystem runs out of space. The issue can leave a file unrecoverable because, on ENOSPC return, reserved_blocks is not updated, causing fsck to miss repai...

CVE-2024-27401

CVE-2024-27401 affects the Linux kernel’s firewire nosy code path. The vulnerability arises because packet_buffer_get could read beyond the user-supplied length if the head packet length exceeded user_length, potentially allowing a user-space overflow. The fix ensures the function returns 0 when ...

CVE-2024-26891

CVE-2024-26891 is a Linux kernel local-privilege issue in the IOMMU/VT-d path where ATS invalidation can be sent for a hotplug-disconnected device, potentially causing a hard lockup/system hang. The linked advisories show concrete fixes in Linux kernel streams for AL2 kernels: Amazon Linux 2 kern...

CVE-2024-26870

CVE-2024-26870 describes a Linux kernel vulnerability in NFSv4.2 where listxattr could trigger a kernel BUG in mm/usercopy.c when size handling is incorrect. The connected Astra Linux entry mirrors the issue and provides a concrete fix: modify nfs4_listxattr() so that if size > 0 and the funct...

CVE-2024-27399

CVE-2024-27399 affects the Linux kernel Bluetooth stack (l2cap). It is caused by a race between l2cap_chan_timeout() and l2cap_chan_del(), where deleting a channel can set chan->conn to NULL but a dereference may occur in mutex_lock() inside l2cap_chan_timeout(), leading to a NULL pointer dere...

CVE-2024-41090

CVE-2024-41090 and CVE-2024-41091 pertain to the Linux kernel’s handling of short frames in TAP/TUN paths. The bug stems from missing verification of frame length in the tap_get_user_xdp() path (CVE-2024-41090) and in the tun_xdp_one()/ETH header handling (CVE-2024-41091), potentially allowing a ...

CVE-2024-39508

CVE-2024-39508 affects the Linux kernel’s io_uring io-wq path. The advisory details data-race issues on io_worker->flags exposed under concurrency (io_worker_handle_work and io_wq_activate_free_worker) and shows that the fix refactors flag manipulation to atomic operations using set_bit() and ...

CVE-2021-47035

CVE-2021-47035 is rejected and not an active vulnerability entry.

CVE-2021-47029

CVE-2021-47029 concerns a Linux kernel issue in the mt76 Connac driver (mt76_connac_mcu_uni_add_dev) that emitted a kernel-warning trace when adding a monitor interface during EEPROM init (mt7921e path). The problem was addressed by fixing the kernel warning in the mt76_connac_mcu_uni_add_dev rou...

CVE-2021-47055

CVE-2021-47055 — Linux kernel mtd ioctl protection bug Connected sources confirm a concrete Linux kernel vulnerability in the mtd subsystem: certain ioctls (MEMLOCK, MEMUNLOCK, OTPLOCK) modify protection bits and historically required write permission, with MEMLOCK potentially being write-once on...

CVE-2021-47040

CVE-2021-47040 relates to the Linux kernel io_uring subsystem. The vulnerability stems from overflow checks in provide_buffers() for io_provide_buffers_prep(), with prior attempts not addressing the overflow/sign-extension issue. It was resolved by introducing robust overflow checks via helper fu...