CVE-2016-8400

CVE-2016-8400 describes an information-disclosure vulnerability in the NVIDIA librm library (libnvrm) on Android (Kernel 3.18). A local malicious application could read data outside its permission levels due to improper memory handling in LIBNVRM, potentially exposing sensitive data. The vulnerab...

CVE-2016-8432

CVE-2016-8432 describes an elevation-of-privilege in the NVIDIA GPU driver on Android with kernel-3.18, enabling a local malicious app to run arbitrary code in kernel context. Affected product: Android devices using NVIDIA GPU drivers (Pixel C cited in Google's patch table). Impact is labeled Cri...

CVE-2017-0329

CVE-2017-0329 is an elevation-of-privilege in the NVIDIA boot and power management processor driver on Android (Kernel 3.18). It could allow a local malicious application to execute arbitrary code within the boot/power management context after compromising a privileged process. The entry is backe...

CVE-2017-0430

CVE-2017-0430 affects Android, involving an elevation of privilege in the Broadcom Wi‑Fi driver that could allow a local malicious application to execute arbitrary code in the kernel context. Affected components are Android kernels 3.10 and 3.18 with Broadcom Wi‑Fi driver involvement; the issue i...

CVE-2017-0461

CVE-2017-0461 is an information-disclosure vulnerability in the Qualcomm Wi‑Fi driver affecting Android (kernel 3.10/3.18). The issue could allow a locally malicious app to access data outside its permissions, because exploitation requires compromising a privileged process. The connected document...

CVE-2017-0570

CVE-2017-0570 concerns a local elevation-of-privilege flaw in the Broadcom Wi‑Fi driver used by Android. The connected Seebug entry details a heap overflow in the wl_iw_get_essid ioctl path (SIOCGIWESSID): the driver allocates a 33-byte extras buffer and copies ssid.SSID_len bytes from the dongle...

CVE-2017-8062

CVE-2017-8062 concerns the Linux kernel vulnerability in drivers/media/usb/dvb-usb/dw2102.c. The issue affects kernel series 4.9.x and 4.10.x prior to 4.10.4, where interaction with CONFIG_VMAP_STACK can allow a local user to trigger a denial of service (system crash or memory corruption) or othe...

CVE-2020-36790

The CVE-2020-36790 entry refers to a Linux kernel issue where a memory leak in nvmet was fixed: specifically, the code failed to free the new_model_number. The connected documents consistently identify this as a resolved kernel vulnerability (nvmet: fix a memory leak) with no additional exploit d...

CVE-2021-47273

CVE-2021-47273 concerns the Linux kernel component for the usb dwc3-meson-g12a PHY glue. When PHY0 is disabled and only PHY1 is used (e.g., Odroid-HC4), regmap initialization erroneously targets the usb2 path, since PHY1 regmap entry isn’t initialized. This can lead to a kernel NULL pointer deref...

CVE-2021-47278

CVE-2021-47278 : Linux kernel vulnerability in the bus: mhi: pci_generic driver where the remove path used del_timer(), which may not wait for the timer handler to finish, causing a potential use-after-free. The fix is to replace del_timer() with del_timer_sync() to ensure the timer handler has f...

CVE-2021-47570

CVE-2021-47570 is addressed in the Linux kernel staging area (rt8188eu driver). The issue was a memory leak in rtw_wx_read32() where ptmp was not freed before returning -EINVAL. A fix (memory cleanup) has been applied to resolve this vulnerability; references point to kernel stable commits that i...

CVE-2022-48876

CVE-2022-48876 concerns the Linux kernel wifi/mac80211 path, where rx->link and rx->link_sta were not always initialized, risking a NULL pointer dereference in code paths such as __ieee80211_rx_h_amsdu invoked from fast-rx. The public records in the provided documents describe the vulnerabi...

CVE-2022-48882

CVE-2022-48882: In the Linux kernel, a macsec null-dereference could occur in the net/mlx5e hw-offload path when updating a SecY with extended packet number (epn) enabled. The macsec SA initialization would fetch salt and ssci from the rx_sa context, which may be unavailable during SecY property ...

CVE-2022-48984

The connected documents provide concrete details for CVE-2022-48984 affecting Linux kernel can: slcan: fix freed work crash. The issue manifests as a NULL pointer dereference in slcan when the LTP pty03 test crashes, with a crash trace in process_one_work and workqueue handling. Root cause: slcan...

CVE-2022-49383

CVE-2022-49383 describes a Linux kernel issue where during restart the watchdog driver for rzg2l_wdt could hit a BUG: Invalid wait context. The fix patches the restart sequence to use clk_prepare_enable() instead of pm_runtime_get_sync() to turn on clocks, addressing the invalid-wait context obse...

CVE-2022-49464

CVE-2022-49464 relates to a Linux kernel erofs tail pcluster handling bug: when ztailpacking is used, the second part of an uncompressed tail pcluster may not match rq->pageofs_out, causing a use-after-free in z_erofs_shifted_transform and potential memory access after free. A fix was implemen...

CVE-2022-49899

CVE-2022-49899 concerns the Linux kernel’s fscrypt handling of fscrypt_master_key. The connected docs describe a fix that stops storing fscrypt_master_key structs as payloads inside the keyrings subsystem and instead keeps them in a regular kernel data structure with revised reference counting an...

CVE-2022-49932

CVE-2022-49932 affects the Linux kernel KVM/vMX path where /dev/kvm is exposed before VMX initialization is complete. The EulerOS advisories (EulerOS-SA-2025-2464/2483, EulerOS-SA-2025-2436/2447) flag this issue as part of kernel fixes and describe the root cause as incomplete initialization prio...

CVE-2023-52704

CVE-2023-52704 pertains to the Linux kernel, specifically the freezer/umh path. The issue arises in call_usermode_helper_exec() for the KILLABLE case after the core freezer logic rewrite, where an unconditional wait_for_completion() was not optional and could leave an on-stack completion unused a...

CVE-2023-52929

The CVE-2023-52929 entry concerns a Linux kernel nvmem core cleanup bug: if dev_set_name() fails, nvmem->wp_gpio remains leaked because the cleanup path doesn’t release it. The described fix prefers reworking initialization and cleanup by splitting device_register() and reusing the nvmem_relea...

CVE-2023-52995

CVE-2023-52995 concerns a Linux kernel vulnerability in riscv/kprobe instruction simulation for JALR when probing vfs_write. The flaw could cause a crash (kernel Oops) with an invalid user-memory access, as shown in the crash trace (e.g., Unable to handle kernel access to user memory without uacc...

CVE-2023-53240

The CVE-2023-53240 issue concerns the Linux kernel’s xsk path. If a napi id is marked on an interface not brought up, xsk_sendmsg /xsk_poll can call xsk_xmit(), which may dereference a NULL pointers to xs->dev when IFF_UP is not set, causing a kernel NULL pointer dereference. The fix restructu...

CVE-2024-40952

CVE-2024-40952 affects the Linux kernel ocfs2 path, causing a NULL pointer dereference in ocfs2_journal_dirty() after bdev->bd_super was replaced with b_assoc_map->host->i_sb, when b_assoc_map isn’t initialized. The fix described in the connected documents is to abort the transaction and...

CVE-2024-42255

CVE-2024-42255: The Linux kernel contains a fix for a NULL pointer dereference in the TPM HMAC handling path. Specifically, in tpm_buf_check_hmac_response(), the code previously dereferenced auth after NULL checking, which could crash if tpm2_sessions_init() was not called when TCG_TPM2_HMAC was ...

CVE-2024-46704

In the Linux kernel workqueue code, CVE-2024-46704 is a data race fix in __flush_work() when flushing a work item for cancellation. The root cause was reading @work->data before testing from_cancel, which could spuriously trigger KCSAN reports. A patch reorganized the code to test @from_cancel...

CVE-2025-21805

CVE-2025-21805 affects the Linux kernel RDMA/rtrs path. The root cause is a missing deinit() invocation for the IB event handler, introduced by commit 667db86bcbe8, which leads to a warning (list_add corruption) during repeated connect/disconnect of rnbd. The fix is to call deinit() to unregister...

CVE-2025-21840

CVE-2025-21840 affects the Linux kernel thermal netlink interface. The intel-lpmd tool segfaults because THERMAL_GENL_ATTR_CPU_CAPABILITY’s raw value changed in a commit, while intel_lpmd still used the old value. The documented fix moves THERMAL_GENL_ATTR_TZ_PREV_TEMP to the end of enum thermal_...

CVE-2025-38137

Technical details about CVE-2025-38137 (Linux kernel PCI/pwrctrl use-after-free due to rescan handling) are not provided in the connected documents. Public disclosures here list the CVE but do not elaborate affected versions, root cause, or fixes. Monitor for updates.

CVE-2025-38491

CVE-2025-38491 — Linux kernel TLS (TLS ULP) handling. The vulnerability stems from data disappearing from under the TLS ULP on certain reads, which could lead to undefined behavior. The fix replaces the WARN_ON() and buggy early exit (which left a freed skb anchor) with proper error handling: it ...

CVE-1999-0451

CVE-1999-0451 affects Linux 2.0.36 and describes a local Denial of Service where local users can prevent any server from listening on a non-privileged port. The connected Red Hat and CVE payloads reiterate the same description. The sources do not provide concrete exploit details, affected package...

CVE-2000-0344

The CVE-2000-0344 entry affects the knfsd NFS server in Linux kernel 2.2.x. The vulnerability is a denial of service triggered by a negative size value, exploitable by remote attackers. The available sources confirm the affected component and the impact (denial of service) but do not provide expl...

CVE-2002-1571

CVE-2002-1571 affects the Linux 2.4 kernel pre-2.4.19. The root cause is that the fninit instruction is assumed to clear all registers, which can cause an information leak on processors that do not clear all relevant SSE registers. The practical impact is potential leakage of information (partial...

CVE-2002-1976

CVE-2002-1976 affects Linux kernel 2.2+ where ifconfig fails to report when an interface is in promiscuous mode if activated via PACKET_MR_PROMISC, potentially allowing an attacker with local access to sniff network traffic without detection. The vulnerability description is supported by multiple...

CVE-2005-1589

The CVE-2005-1589 issue affects the Linux kernel’s pktcdvd (and raw device) ioctl handler. In kernel 2.6.12-rc4 and earlier, pkt_ioctl in pktcdvd.c calls the wrong function when issuing an ioctl to the block device, which can leak kernel address space to user space. This local-privilege scenario ...

CVE-2005-3119

CVE-2005-3119 affects the Linux kernel 2.6.10 through 2.6.13, where a memory leak in request_key_auth_destroy (within request_key_auth) can be exploited by a local user to cause denial of service via excessive authorization token keys. The connected advisories indicate this vulnerability is addre...

CVE-2006-0555

Vulnerability: CVE-2006-0555 affects the Linux kernel prior to 2.6.15.5, where NFS client operations using O_DIRECT can cause the kernel to panic and crash (local denial of service). Affected product is the Linux kernel; root cause relates to direct I/O handling for NFS. Public advisories from Re...

CVE-2006-1624

The CVE-2006-1624 entry concerns the Linux sysklogd package (syslogd) where the default configuration does not enable the -x option (disable name lookups). This enables remote attackers to induce a denial of service via traffic amplification using messages with spoofed source IP addresses. The av...

CVE-2006-1859

CVE-2006-1859 is a memory leak in the Linux kernel before 2.6.16.16, caused by a flaw in __setlease() within fs/locks.c. This leak can be exploited by a local attacker to cause a Denial of Service by consuming kernel memory. Multiple connected advisories reiterate the same root cause and link it ...

CVE-2009-3288

The CVE-2009-3288 entry affects the Linux kernel 2.6.28-rc1 through 2.6.31-rc8. It concerns the sg_build_indirect function in drivers/scsi/sg.c, which uses an incorrect variable when accessing an array, allowing a local user to cause a Denial of Service via a kernel OOPS and NULL pointer derefere...

CVE-2009-4306

CVE-2009-4306 concerns the Linux kernel’s ext4 filesystem, specifically the EXT4_IOC_MOVE_EXT (move extents) ioctl in 2.6.32-git6 and earlier. The vulnerability enables local users to trigger a denial of service through filesystem corruption via unknown vectors, and is described as distinct from ...

CVE-2010-5329

The CVE-2010-5329 issue affects Linux kernels (video_usercopy in drivers/media/video/v4l2-ioctl.c) before 2.6.39. The flaw is that it relies on the count value of a v4l2_ext_controls data structure to determine a kmalloc size, which could allow local users to trigger memory exhaustion (DoS). The ...

CVE-2013-3232

The CVE-2013-3232 issue is a Linux kernel local information disclosure caused by nr_recvmsg in net/netrom/af_netrom.c not initializing a data structure. Affected: Linux kernel versions prior to 3.9-rc7 (per the description). Impact: local users may read kernel stack memory via crafted recvmsg/rec...

CVE-2013-4220

The CVE-2013-4220 entry concerns the Linux kernel (ARM64) and the bad_mode handler in arch/arm64/kernel/traps.c. The vulnerability arises when a local user triggers a register access path that yields an unexpected ESR value, enabling a Denial of Service via a system crash on affected ARM64 kernel...

CVE-2016-8429

CVE-2016-8429 concerns the NVIDIA Tegra kernel driver (NVMAP) in Android. The connected NVIDIA bulletins describe a memory safety issue in NVMAP where memory references after free can lead to denial of service and possible privilege escalation, enabling a local attacker to execute code in the ker...

CVE-2017-0449

CVE-2017-0449 describes an elevation-of-privilege in the Broadcom Wi‑Fi driver for Android devices using the 3.10 kernel (e.g., Nexus 6P/Nexus 6). A local, privileged process could be exploited by a malicious user/application to execute arbitrary code in the kernel context. The CNVD entry corrobo...

CVE-2017-0451

CVE-2017-0451 describes an information-disclosure vulnerability in the Qualcomm sound driver on Android. The issue enables a local malicious application to access data outside its granted permissions after compromising a privileged process. Affected components include Android kernels around 3.10 ...

CVE-2017-0463

CVE-2017-0463 is an elevation-of-privilege in the Qualcomm networking driver affecting Android kernels (Kernel-3.10 and Kernel-3.18). The issue could let a local malicious app run code in kernel context after compromising a privileged process. The available connected sources confirm the vulnerabi...

CVE-2017-0464

CVE-2017-0464 is a local elevation-of-privilege vulnerability in the Qualcomm Wi‑Fi driver used by Android. The flaw allows a locally malicious application to execute arbitrary code in the kernel context after compromising a privileged process. Public documentation identifies the affected stack a...

CVE-2017-0521

CVE-2017-0521 is a local elevation-of-privilege issue in the Qualcomm camera driver that could allow a malicious local app to execute arbitrary code in the kernel. The vulnerability targets Android and is tied to kernel versions 3.10 and 3.18, with referenced impact described as high for a compro...

CVE-2017-0534

CVE-2017-0534 describes an information disclosure in the Qualcomm video driver for Android, enabling a local malicious application to access data outside its permission levels. Connected CNVD/NVD entries reiterate the issue and affected component (Qualcomm video driver) but do not provide explici...