CVE-2017-0575

An elevation of privilege vulnerability exists in the Qualcomm Wi‑Fi driver on Android. CVE-2017-0575 can allow a local attacker to execute arbitrary code in the kernel context after compromising a privileged process. Affected products/versions include Android with the kernel versions 3.10 and 3....

CVE-2021-47251

Summary: CVE-2021-47251 affects the Linux kernel’s wireless stack via mac80211, where the skb length check in ieee80211_scan_rx() was corrected. The fix replaces hard-coded header-length constants with dynamic calculation based on the frame type, preventing a validation WARN_ON in cfg80211 later....

CVE-2021-47271

The CVE-2021-47271 entry concerns a Linux kernel deadlock in usb/cdnsp Thread IRQ handling. The root cause is a mismatch where spin_lock/spin_unlock was used instead of spin_lock_irqsave/spin_lock_irqrestore in cdnsp_thread_irq_handler, leading to potential deadlocks (notably under NCM traffic). ...

CVE-2021-47279

CVE-2021-47279 affects the Linux kernel in the USB subsystem (usb: misc: brcmstb-usb-pinmap). The root cause is missing validation of the resource pointer returned by platform_get_resource(), which can lead to a null-ptr-deref. The vulnerability is resolved in the kernel by adding a check of the ...

CVE-2022-49009

The CVE-2022-49009 issue affects the Linux kernel component hwmon:asus-ec-sensors, where devm_kcalloc may return NULL and the return value must be checked to avoid NULL pointer dereference. The provided documents confirm a resolved vulnerability with a fix implementing checks for the NULL return ...

CVE-2022-49758

The CVE-2022-49758 entry concerns a Linux kernel issue in the uniphier-glue path where a call to resource_size(res) may dereference NULL if platform_get_resource() returns NULL. This is a local, low-privilege issue with high availability impact as described in the CVE (CVSS: AV:L/AC:L/PR:L/UI:N/S...

CVE-2022-49894

CVE-2022-49894 affects the Linux kernel cxl region handling: PATCH fixes region HPA ordering validation to skip regions without address space, preventing a NULL pointer dereference and kernel crash in store_targetN() path (drivers/cxl/core/region.c). Descriptions show the crash trace and affected...

CVE-2023-20845

CVE-2023-20845 affects imgsys. The vulnerability is an out-of-bounds read caused by missing valid range checking, leading to local information disclosure with system execution privileges required and user interaction for exploitation. Patch ID ALPS07197795 / Issue ID ALPS07340357 is associated wi...

CVE-2023-32246

CVE-2023-32246 refers to a race in ksmbd where rcu_barrier() is not invoked during module unload, potentially allowing unloading with pending RCU callbacks and unintended kernel code execution. Multiple sources indicate the vulnerability has been resolved in the Linux kernel; no exploitation deta...

CVE-2023-52914

The CVE-2023-52914 entry concerns a Linux kernel issue in the io_uring/poll path. The vulnerability arises when a ready poll request cannot complete inline, so a hash is not added, which can lead to loss of access to the poll request and a subsequent request leak, potentially stalling the ring ex...

CVE-2023-52987

CVE-2023-52987 affects the Linux kernel ASoC SOF component: ipc4-mtrace code path. The vulnerability arises from an underflow in sof_ipc4_priority_mask_dfs_write() caused by using a signed id that should be unsigned, leading to an array underflow. The available connected documents consistently st...

CVE-2024-46684

CVE-2024-46684 : In the Linux kernel, the binfmt_elf_fdpic path is affected. The vulnerability stems from an incorrect AUXV size calculation in create_elf_fdpic_tables() when ELF_HWCAP2 is defined, which could result in the last AUXV entry being zero and trigger a kernel BUG. The fix adds one to ...

CVE-2024-46690

The CVE-2024-46690 issue in the Linux kernel concerns nfsd4_deleg_getattr_conflict when a third‑party lease is present. The root cause was unsafe dereferencing of fl->c.flc_owner without verifying that fl->fl_lmops is the expected manager, leading to incorrect delegation handling. A patch r...

CVE-2024-46769

CVE-2024-46769 relates to the Linux kernel SPI Intel driver. A check for the pointer returned by devm_kasprintf() in intel_spi_populate_chip() was missing, allowing a NULL pointer to be used for pdata->name. The vulnerability has been resolved in the kernel with the fix described in the linked...

CVE-2024-46799

CVE-2024-46799 — Linux kernel net: ethernet: ti: am65-cpsw : The issue is a NULL pointer dereference in am65_cpsw_ndo_xdp_xmit() that occurs when the number of TX queues is set to 1 during XDP_TX. The Astra Linux entry and canonical description confirm the root cause and the fix: use actual TX qu...

CVE-2024-46837

CVE-2024-46837 affects the Linux kernel component for the DRM panthor uAPI, specifically the group_create path. The vulnerability arose from missing permission checks allowing non-privileged users to create high-priority groups. The underlying fix restricts who can set higher-than-MEDIUM prioriti...

CVE-2024-56554

CVE-2024-56554: Linux kernel binder use-after-free due to freeze work left queued when cleaning up a binder reference. The issue occurs when a reference is freed while ref->freeze.work remains queued in the process workqueue, triggering KASAN slab-use-after-free in binder_release_work. A patch...

CVE-2024-57905

In CVE-2024-57905, Linux kernel iio: adc: ti-ads1119 is fixed: the scan path pushed data from a triggered buffer used a local struct with an uninitialized hole between sample and timestamp, risking information leakage to userspace. The fix initializes the scan struct to zero before use to avoid p...

CVE-2024-57919

CVE-2024-57919: In the Linux kernel, the drm/amd/display path (dm_get_plane_scale) diverts a divide-by-zero when the destination plane size is zero, leading to a kernel oops. The fix sets out-scale size to zero when dst size is zero (consistent with drm_calc_scale), addressing cursor overlay logi...

CVE-2024-58075

CVE-2024-58075: In the Linux kernel, crypto: tegra may transfer a request even when tegra_cmac_init/tegra_sha_init returns an error (e.g., memory exhaustion). A patch in kernel code fixes that the request must not be transferred on init failure. Affected: Linux kernel crypto/tegra components; imp...

CVE-2025-21797

The CVE-2025-21797 entry concerns the Linux kernel HID driver for Corsair void headsets. The vulnerability arises from a missed cancel_delayed_work_sync() in corsair_void_remove(), causing a use-after-free. The issue affects the kernel component handling headset status and is rated with CVSS v3.1...

CVE-2025-21845

Technical details about CVE-2025-21845 are not provided in the connected documents. The initial description summarizes the issue; monitor for updates.

CVE-2025-21879

CVE-2025-21879 describes a Linux kernel use-after-free in the btrfs code. In btrfs_scan_root(), the kernel could dereference inode->root->fs_info after scheduling the inode for delayed iput, if the cleaner kthread ran iput first, leading to a use-after-free of the inode and potential crash....

CVE-2025-21932

CVE-2025-21932: In the Linux kernel, a merge-forcing path in vma_modify() can corrupt VMG start/end when an out-of-memory occurs during commit of a merge across VMAs. The fix adds a bail-out path and stores start/end in locals to keep VMG state pristine after a failed merge. The issue is tied to ...

CVE-2025-38501

CVE-2025-38501 concerns the Linux kernel component ksmbd. The vulnerability arises from allowing repeated connections from the same IP, which can exhaust the server’s maximum connections and deny access to normal clients. The connected sources indicate a patch was applied to limit repeated connec...

CVE-1999-0195

Summary (CVE-1999-0195) : This is a DoS in the RPC portmapper where attackers can register/unregister RPC services or spoof services using a spoofed source IP (e.g., 127.0.0.1). Multiple connected records corroborate the behaviour, including Red Hat and SUSE advisories. The exact affected product...

CVE-1999-1352

CVE-1999-1352 describes a local privilege/vulnerability in Linux 2.2 where mknod follows symbolic links, potentially allowing a local user to overwrite files or gain privileges. The connected sources reiterate this behavior but do not provide concrete exploitation details, specific vulnerable ver...

CVE-2000-0227

The CVE-2000-0227 entry concerns the Linux 2.2.x kernel where the number of Unix domain sockets is not restricted by the wmem_max parameter. This allows a local attacker to cause a denial of service by requesting a large number of sockets. The linked sources confirm the affected platform and vuln...

CVE-2001-1056

The CVE affects the ip_masq_irc IP masquerading module 2.2. A remote attacker can bypass firewall restrictions by inducing the target to send a DCC SEND to a malicious server listening on port 6667, which may cause the module to treat that traffic as valid and permit the connection to the port sp...

CVE-2001-1400

CVE-2001-1400 describes a local denial-of-service issue in the Linux kernel before 2.2.19 where UDP port allocation could deadlock a system. Connected advisories confirm the vulnerability affects the Linux kernel up to 2.2.18 and are corrected in the 2.2.19 release (e.g., Mandrake MDKSA-2001:037 ...

CVE-2001-1551

Summary: CVE-2001-1551 affects the Linux kernel 2.2.19. The issue arises because CAP_SYS_RESOURCE is enabled for setuid processes, allowing local users to exceed disk quota restrictions during execution of setuid programs. What’s affected: Linux kernel 2.2.19 (setuid/process context). Impact (as ...

CVE-2002-2254

The CVE describes a vulnerability in the Linux kernel’s Netfilter/IPTables: the experimental IP packet queuing feature in kernels 2.4 (up to 2.4.19) and 2.5 (up to 2.5.31). If a privileged process exits while traffic is not queued, a later process with the same PID may access network traffic that...

CVE-2004-0626

The CVE-2004-0626 issue affects the Linux kernel 2.6 netfilter subsystem when using iptables with TCP options. Affected code path is tcp_find_option; a large option length can produce a negative value after casting to char, causing an infinite loop that consumes CPU and leads to remote DoS. This ...

CVE-2004-0658

CVE-2004-0658 describes an integer overflow in the hpsb_alloc_packet function of the IEEE 1394 (Firewire) driver (versions 2.4 and 2.6). This vulnerability can allow local users to cause a denial of service (crash) and potentially execute arbitrary code through the functions raw1394_write, state_...

CVE-2005-1764

CVE-2005-1764 is a kernel vulnerability affecting Linux 2.6 on 64-bit x86 (x86_64). The issue arises because the 47‑bit address page guard is not used, leaving the system vulnerable to local DoS via AMD K8 bug exploitation. Documents confirm the flaw and note that updates/patches were released (e...

CVE-2005-2617

The CVE-2005-2617 entry describes a vulnerability in Linux kernel 2.6.12 and later on 64-bit x86 where syscall32_setup_pages (syscall32.c) does not check the return value of insert_vm_struct. This can allow local users to trigger a memory leak via a crafted 32‑bit ELF header. Affected component: ...

CVE-2006-0454

The CVE-2006-0454 issue affects the Linux kernel (2.6.x) where icmp_send mishandles failures in ip_options_echo, enabling remote attackers to crash the host via crafted ICMP options (record-route, timestamp with needaddr and truncated value). Public advisories from SUSE, Red Hat, Fedora, Ubuntu d...

CVE-2006-2446

CVE-2006-2446 describes a race condition between kfree_skb and __skb_unlink in Linux kernel socket buffer handling (Linux kernel 2.6.9 and possibly others) that can allow remote attackers to cause a denial of service (crash) as demonstrated by TCP stress tests in the LTP suite. Connected document...

CVE-2006-5331

CVE-2006-5331 affects the Linux kernel on 64-bit PowerPC systems. The altivec_unavailable_exception function mishandles the path where CONFIG_ALTIVEC is defined and the CPU supports Altivec, but Altivec support was not detected by the kernel, enabling a local user to trigger an Altivec instructio...

CVE-2007-3720

The CVE-2007-3720 entry describes a vulnerability in the Linux kernel 2.4 process scheduler that uses CPU billing from periodic sampling ticks. This design allows local users to cause a denial of service (CPU consumption) by calling voluntary nanosecond sleeps, making the process inactive during ...

CVE-2009-1243

The issue affects the Linux kernel prior to 2.6.29.1, where an unlocking step in the udp seq_file infrastructure can be triggered under certain conditions. This allows local users to cause a denial of service (panic) by reading zero bytes from /proc/net/udp (and unspecified other files). Root cau...

CVE-2010-2938

CVE-2010-2938 affects the Linux kernel 2.6.18 on Red Hat Enterprise Linux 5, specifically arch/x86/hvm/vmx/vmcs.c VMCS handling. The flaw occurs on Intel platforms without Extended Page Tables (EPT) where VMCS fields are accessed without confirming hardware support. Local users can cause a denial...

CVE-2011-2209

The CVE-2011-2209 issue affects the Linux kernel on the Alpha architecture, where an integer signedness error in osf_sysinfo (arch/alpha/kernel/osf_sys.c) could allow local users to obtain sensitive information from kernel memory via a crafted call. Vulnerable when using kernel versions before 2....

CVE-2011-4112

CVE-2011-4112 affects the Linux kernel net subsystem prior to 3.1. The issue arises from improper restriction of the IFF_TX_SKB_SHARING flag, enabling local users with CAP_NET_ADMIN to access /proc/net/pktgen/pgctrl and, using the pktgen package with a bridge device for a VLAN interface, trigger ...

CVE-2016-8412

CVE-2016-8412 is an elevation-of-privilege vulnerability in the Qualcomm camera that could allow a local malicious app to execute arbitrary code in the kernel context. The issue affects Android kernel versions 3.10 and 3.18 and is rated High because exploitation requires first compromising a priv...

CVE-2016-8425

CVE-2016-8425 affects the NVIDIA Tegra kernel driver (NVHOST). The issue is a use-after-free in memory handling that can allow a local unprivileged process to escalate to the kernel, potentially enabling arbitrary code execution or denial of service. Exploitation status is not provided in the sup...

CVE-2017-0435

CVE-2017-0435 is an elevation-of-privilege in the Qualcomm sound driver affecting Android kernels (Kernel-3.10 and Kernel-3.18). The vulnerability could let a local malicious app execute arbitrary code in the kernel context after compromising a privileged process. The CVE is documented with Qualc...

CVE-2017-0444

CVE-2017-0444 is a local elevation-of-privilege issue in the Realtek sound driver affecting Android devices (kernel 3.10). Connected sources (e.g., CNVD, NVD entries) describe exploitation that allows a locally executed, malicious application to run code in the kernel context via the Realtek driv...

CVE-2017-0452

CVE-2017-0452 describes an information-disclosure vulnerability in the Qualcomm camera driver on Android (kernel 3.10). The issue could allow a local malicious application to access data outside its permission levels after compromising a privileged process. Affected devices include Nexus 5X, Nexu...

CVE-2017-0454

CVE-2017-0454 is an elevation-of-privilege vulnerability in the Qualcomm audio driver that allows a local malicious application to execute arbitrary code in the kernel context. Affected product: Android with kernel versions 3.10 and 3.18. Root cause is exploitation within the Qualcomm audio drive...