CVE-2017-0465

CVE-2017-0465 describes an elevation of privilege vulnerability in the Qualcomm ADSPRPC driver that could allow a local attacker to execute arbitrary code in the kernel context on Android devices. Affected components/versions in the public records include the Android kernel (Kernel-3.10, Kernel-3...

CVE-2017-0574

CVE-2017-0574 describes an elevation-of-privilege vulnerability in the Broadcom Wi‑Fi driver on Android. The issue could allow a local malicious application to execute arbitrary code in the kernel context by exploiting the Wi‑Fi driver, with the Android platform and kernel versions specified as K...

CVE-2017-0581

CVE-2017-0581 is an elevation-of-privilege flaw in the Synaptics Touchscreen driver for Android. The issue could let a local malicious app execute arbitrary code in the kernel context after compromising a privileged process. The vulnerability affects the Android stack (kernel-3.18) and is describ...

CVE-2017-0582

CVE-2017-0582 is a moderate-e severity elevation-of-privilege issue affecting the Google Nexus 9 sensor hub. The vulnerability stems from the HTC OEM fastboot command which could allow a local attacker to execute code in the sensor hub context. Technical details from connected sources describe a ...

CVE-2022-48886

The CVE-2022-48886 issue affects the Linux kernel ice subsystem and is due to not validating kzalloc return, allowing NULL pointer dereference. The fix adds a return-value check for kzalloc and uses a goto-label for cleanup to share code paths. Connected advisories (SUSE/SU-2024:3209-1, SUSE/SU-2...

CVE-2022-48964

The CVE-2022-48964 entry concerns a use-after-free in the Linux kernel ravb_rx_gbeth() path. The vulnerability arises when a socket buffer (skb) is freed by napi_gro_receive(), and later dereferenced, leading to potential memory corruption. The connected sources consistently describe this as a fi...

CVE-2022-49018

CVE-2022-49018 involves a Linux kernel bug where a sleep in atomic context occurred during mptcp_close. The CVE entries in the provided documents confirm the issue was resolved by replacing the fast socket lock variant with sock_lock_nested() in the mptcp_close path (net/mptcp/protocol.c: close f...

CVE-2022-49765

CVE-2022-49765 concerns the Linux kernel 9p transport. The issue arises from inconsistent lock state between p9 client structures and the trans_fd transport path. Specifically, p9_req_put() and p9_tag_remove() interactions cross IRQ contexts but the trans_fd path used a different lock, leading to...

CVE-2023-52684

CVE-2023-52684 affects the Linux kernel’s Qualcomm QSEE communication driver (qseecom). The issue involves memory leaks in error paths where memory allocated for SCM calls could fail to be freed. The root cause was returning error codes directly instead of jumping to the cleanup labels that relea...

CVE-2023-52908

CVE-2023-52908 (Linux kernel): In drm/amdgpu, a potential NULL dereference could occur when the resource manager is NULL while printing debug information. The entry states this was fixed in the Linux kernel (drm/amdgpu: Fix potential NULL dereference). Concrete details in the connected docs point...

CVE-2024-38626

CVE-2024-38626 is a Linux kernel vulnerability related to FUSE. The issue occurs when a READ-INIT request is resent via a USE_NOTIFY_RESEND, causing the INIT request to be moved from processing to pending and potentially triggering a warning in fuse_request_end. The documented fix is to clear the...

CVE-2024-42275

In CVE-2024-42275, the Linux kernel’s drm/client path fixes an error code in drm_client_buffer_vmap_local() that previously returned success on a failure path, causing locking issues and an uninitialized map_copy in the caller. The vulnerability is resolved by the upstream kernel fix. No exploits...

CVE-2024-46696

CVE-2024-46696 concerns a Linux kernel vulnerability in nfsd4_cb_getattr_release where a use-after-free occurs after a delegation reference is dropped. The embedded fields become unsafe to access if not done last. Connected documents confirm this is a local issue in the kernel’s NFS daemon with a...

CVE-2024-58022

CVE-2024-58022 relates to a NULL vs IS_ERR() handling bug in the Linux kernel’s mailbox th1520 path. The vulnerable code used to treat NULL returns from devm_ioremap() as errors consistent with IS_ERR() checks, which is incorrect since devm_ioremap() returns NULL on failure. The fixed description...

CVE-2025-21813

CVE-2025-21813 affects the Linux kernel timers/migration code. The root cause is an off-by-one mis-count during the migration of the top CPU group to a new root, where the old root is pre-accounted as a child of the new root. After attaching the upcoming CPU’s top group, the expected children cou...

CVE-2025-38021

CVE-2025-38021 affects the Linux kernel in the DRM AMD Display path (drm/amd/display), where update_dchubp_dpp and related code could dereference a null pipe_ctx->plane_state. The issue is a missing null check in the update path that could lead to a null pointer dereference; it is stated to be...

CVE-2025-38125

The CVE (CVE-2025-38125) affects the Linux kernel’s net: stmmac driver, where a 0 ptp_rate could propagate to EST configuration, causing a division by zero. The fix adds a guard to ensure ptp_rate is non-zero before configuring EST, with an error path if zero is encountered. According to SUSE/Ope...

CVE-2025-38500

CVE-2025-38500 : In the Linux kernel, a use-after-free could occur when changing xfrm interface collect_md state via xfrmi_changelink(), because the collect_md interface could be placed in both xfrmi_net and collect_md_xfrmi structures. The fix uses the xi from netdev_priv earlier in the path to ...

CVE-2026-31533

The CVE-2026-31533 entry concerns a Linux kernel net/tls use-after-free in tls_do_encryption() when crypto_aead_encrypt() returns -EBUSY. The underlying issue is double cleanup of encrypt_pending and the scatterlist entry due to distinct cleanup paths (async callback tls_encrypt_done() vs synchro...

CVE-1999-0401

CVE-1999-0401 describes a race condition in Linux kernel 2.2.1 that allows local users to read arbitrary memory from /proc files. The vulnerability arises from a race in the /proc handling in Linux 2.2.1, enabling partial/possible disclosure of memory contents to unprivileged local users. Affecte...

CVE-2002-0704

The CVE-2002-0704 entry concerns Netfilter (iptables) NAT capability leaking translated IP addresses in ICMP error messages for versions 1.2.6a and earlier. Affected component: Netfilter (iptables) NAT feature. Root cause: NAT leaks internal addresses in ICMP error messages. Impact: potential exp...

CVE-2002-1573

CVE-2002-1573 refers to an unspecified vulnerability in the Linux kernel’s pcilynx ieee1394 (pcilynx.c) driver, affected in kernels before 2.4.20 and related to wrap handling. The initial description notes unknown impact and attack vectors; public detail is limited. Public references describe the...

CVE-2005-0180

CVE-2005-0180 involves multiple signedness errors in sg_scsi_ioctl (scsi_ioctl.c) of Linux 2.6.x. The flaw lets a local user read or modify kernel memory by passing negative integers to the ioctl, bypassing a maximum-length check before copy_from_user/copy_to_user. Connected advisories (e.g., Man...

CVE-2005-1369

CVE-2005-1369 affects the it87 and via686a I2C drivers; prior to fixes in 2.6.11.8 and 2.6.12-rc2, these drivers created a writable sysfs file alarms, enabling a local attacker to cause CPU DoS by writing to it. Connected advisories indicate the issue is resolved by upgrading the kernel to a vers...

CVE-2005-2708

CVE-2005-2708 details: a flaw in Linux 2.4 kernel on 64‑bit x86 where exec.c’s search_binary_handler fails to check a return code under low virtual memory, enabling local users to trigger a denial of service (panic). Public discussions in Ubuntu/Bash contexts confirm the issue affects 64‑bit x86,...

CVE-2005-4351

CVE-2005-4351 – Summary (concrete details from connected docs): The vulnerability affects BSD Securelevels implementations in FreeBSD (up to 6.0-STABLE and 7.0-CURRENT), OpenBSD (up to 3.8), DragonFly (up to 1.2), and Linux (up to 2.6.15). The root cause is that, while securelevels protect files ...

CVE-2008-4410

CVE-2008-4410 affects Linux kernel 2.6.26.5: the vmi_write_ldt_entry function in arch/x86/kernel/vmi_32.c invokes write_idt_entry where write_ldt_entry was intended, enabling local users to trigger a denial of service (persistent application failure) through crafted function calls. The descriptio...

CVE-2009-3623

CVE-2009-3623 affects the Linux kernel (nfsd4) via the lookup_cb_cred function in fs/nfsd/nfs4callback.c. When a client uses AUTH_NULL for NFSv4, the code may access the credentials cache and trigger a NULL pointer dereference, causing a denial of service (system crash). The public details come f...

CVE-2009-4410

The CVE-2009-4410 issue affects the Linux kernel 2.6.29-rc1 through 2.6.30.y, specifically the fuse_ioctl_copy_user path in fs/fuse/file.c. The bug stems from using the wrong variable as an argument to kunmap in the ioctl handler, enabling local users to trigger a denial of service (panic) via un...

CVE-2010-1488

The CVE-2010-1488 issue affects the Linux kernel prior to 2.6.34-rc4, where proc_oom_score in fs/proc/base.c selects a candidate for the OOM killer using inappropriate data structures. This could allow local users to trigger a denial of service via certain task-creation patterns. The vulnerabilit...

CVE-2012-4467

The vulnerability CVE-2012-4467 affects the Linux kernel (pre-3.5.4). The affected code paths are the do_siocgstamp and do_siocgstampns functions in net/socket.c, which use an incorrect argument order, enabling local users to either read sensitive kernel memory or trigger a denial of service (sys...

CVE-2013-4129

The CVE-2013-4129 issue affects the Linux kernel up to version 3.10.3, in the bridge multicast code (net/bridge/br_mdb.c and net/bridge/br_multicast.c). The underlying flaw is a timer state check: a timer’s timeout value can be modified without confirming whether the timer is armed, enabling a lo...

CVE-2016-6759

CVE-2016-6759 is an elevation of privilege vulnerability in Qualcomm Media Codecs on Android. It could allow a local malicious app to execute arbitrary code within the context of a privileged process. Affected components/conditions: Android devices using Kernel-3.10 or Kernel-3.18 with Qualcomm M...

CVE-2016-8401

CVE-2016-8401 is an information-disclosure vulnerability in Android’s kernel components, including the ION subsystem, Binder, USB driver, and networking stack. The issue allows a local malicious application to access data outside its permission level, requiring compromise of a privileged process ...

CVE-2017-0306

CVE-2017-0306 affects the NVIDIA Tegra GPU driver (NVHOST) within the Android kernel (Kernel-3.10). A vulnerability in the NVHOST driver copies an input buffer to an output buffer without validating size, which can lead to denial of service and may enable local privilege escalation by a malicious...

CVE-2017-0331

CVE-2017-0331 (NVIDIA Tegra kernel driver, NVMAP): An elevation-of-privilege/DoS issue where untrusted data can change between validation and use, potentially allowing a local attacker to escalate privileges or cause kernel-state impact. Affected context references Android on kernel 3.10 and the ...

CVE-2017-0338

CVE-2017-0338 describes an elevation-of-privilege vulnerability in the NVIDIA GPU driver affecting Android devices with Kernel-3.18. A local malicious application could run code in the kernel context, leading to a potentially permanent device compromise that may require reflashing the OS. Exploit...

CVE-2017-0441

CVE-2017-0441 is a Qualcomm Wi‑Fi driver elevation-of-privilege vulnerability affecting Android kernels (Kernel-3.10, Kernel-3.18). The connected documents describe a local attacker could run a malicious application to execute arbitrary code in the kernel context, after compromising a privileged ...

CVE-2017-0453

CVE-2017-0453 : Elevation of privilege in the Qualcomm Wi‑Fi driver could allow a local malicious Android application to execute arbitrary code in the kernel context. Affected: Android on Kernel-3.10. First an attack requires compromising a privileged process. CVSS metrics indicate high impact an...

CVE-2017-0564

CVE-2017-0564 relates to an Elevation of Privilege in the Android kernel ION subsystem. The issue could allow a local malicious app to execute code with kernel privileges (local EoP). Affected are Android kernels 3.10 and 3.18. Public documents identify the kernel ION subsystem as the vulnerable ...

CVE-2017-0573

CVE-2017-0573 describes an elevation of privilege in the Broadcom Wi‑Fi driver used by Android, enabling a local malicious application to execute arbitrary code in the kernel. Affected: Android on Kernel-3.10 and Kernel-3.18. Root cause: elevation of privilege via Broadcom Wi‑Fi driver; no specif...

CVE-2017-8068

CVE-2017-8068 affects the Linux kernel 4.9.x before 4.9.11, where drivers/net/usb/pegasus.c interacts incorrectly with CONFIG_VMAP_STACK. This enables a local attacker to trigger a denial of service or memory corruption by exploiting use of more than one virtual page for a DMA scatterlist. The is...

CVE-2022-48871

In CVE-2022-48871, the Linux kernel fix targets tty: serial: qcom-geni-serial slab-out-of-bounds on the RX FIFO buffer. The probe allocates port->rx_fifo using a default depth (e.g., 16); during serial startup, port->rx_fifo_depth is updated to match device capabilities (e.g., 32). The RX U...

CVE-2022-48894

In the Linux kernel, CVE-2022-48894 affects the iommu/arm-smmu-v3 path. The issue arises from unregistering IOMMU groups during shutdown via iommu_device_unregister(), which can cause NULL pointer dereferences in DMA API calls due to uncoordinated shutdown of devices. The documented fix changes s...

CVE-2022-48965

CVE-2022-48965 concerns a refcount leak in rockchip_gpiolib_register() within linux-5.x kernels. The root cause is a missing of_node_put() for the parent node after obtaining it with of_get_parent(). The fix adds of_node_put() at the end of of_pinctrl_get() to balance the refcount. Multiple advis...

CVE-2022-49079

CVE-2022-49079 involves the Linux kernel Btrfs zoned code. Root cause: btrfs_can_activate_zone() could be invoked with fs_devices->device_list_mutex already held, risking deadlock through a long call chain (insert_dev_extents -> find_free_extent -> can_allocate_chunk etc.). Mitigation de...

CVE-2022-49423

Summary: CVE-2022-49423 relates to the Linux kernel where RTLA tracing could dereference a NULL record in several tracing tools. Root cause (as documented): NULL pointer dereference of the variable record in multiple files (osnoise_hist.c, osnoise_top.c, timerlat_hist.c, timerlat_top.c) before ca...

CVE-2022-49500

CVE-2022-49500 describes a Linux kernel issue affecting the wl1251 driver where memory allocated for DMA was done in a way that conflicts with vmap’ed stacks, leading to kernel panics. The vulnerability is documented as impacting the wl1251 paths (e.g., via SDIO) and rendering affected devices (s...

CVE-2022-49828

CVE-2022-49828 affects the Linux kernel hugetlbfs: when a HugeTLB page is poisoned, the page was previously truncated from the page cache; the patch keeps the poisoned page in the cache. As described, subsequent reads/mappings can trigger the allocation of a new hugepage instead of signaling pois...

CVE-2022-49867

CVE-2022-49867 : In the Linux kernel IOSM driver (net: wwan: iosm), the device was registered without setting needs_free_netdev and free_netdev() was not called on unregister, causing a memory leak. The published patch enables needs_free_netdev to true at registration, so the netdev subsystem wil...