CVE-2025-38527

CVE-2025-38527 affects the Linux kernel smb client (cifs_oplock_break). A race during unmount can lead to a use-after-free of cinode when the superblock is deactivated. The vulnerability occurs because cifs_oplock_break() may access cinode after the last superblock reference is released, triggeri...

CVE-2025-38608

The CVE-2025-38608 issue is a Linux kernel vulnerability in bpf/ktls that can cause data corruption by failing to recalculate ciphertext length after plaintext length reduction via socket policy, resulting in uninitialized data being transmitted in TLS records. The impact is network-layer data in...

CVE-2025-38644

CVE-2025-38644 is a Linux kernel issue in the MAC80211 Wi‑Fi code. When a station not yet associated sent NL80211_TDLS_ENABLE_LINK, TDLS was processed before association, leaving sdata->u.mgd.tdls_peer uninitialized and triggering a WARN_ON() in code paths that expected a valid TDLS peer. The ...

CVE-2026-22990

CVE-2026-22990 affects the Linux kernel libceph component, where an overzealous BUG_ON in osdmap_apply_incremental() could misreact to a maliciously corrupted incremental osdmap epoch. The mitigation is to treat such an incongruent incremental osdmap as invalid rather than triggering a BUG. Conne...

CVE-1999-0330

The CVE-1999-0330 entry concerns the Linux bdash game and a buffer overflow that allows local users to gain root access. The connected documents corroborate a local-privilege-elevation flaw in the bdash game kernel/user-space handling, with no explicit product version, patch, or root-cause code s...

CVE-2004-2136

The CVE-2004-2136 entry concerns dm-crypt in the Linux kernel (2.6.x) used on certain filesystems with block sizes of 1024 or greater. The underlying issue is an IV computation weakness in the encryption mode that can allow watermarked files to be detected without decrypting the data. The availab...

CVE-2005-0204

CVE-2005-0204 affects the Linux kernel prior to 2.6.9 on AMD64/EM64T, where local users could exploit the OUTS instruction to write to privileged IO ports. The issue is documented in multiple advisories (RHSA-2005:293, SUSE CVE-2005-0204) and CentOS/CentOS-announce and is addressed by kernel secu...

CVE-2005-1368

The vulnerability CVE-2005-1368 affects Linux kernel 2.6.10 through 2.6.11.8, caused by the key_user_lookup() path in security/keys/key.c, enabling a local attacker to crash the system (kernel oops) via SMP. Fedora and Ubuntu advisories indicate that upgrading to a 2.6.11.8-based release or later...

CVE-2007-0822

CVE-2007-0822 describes a local-denial crash in umount when run on Linux kernel 2.6.15 with Slackware 10.2, triggered by passing a pathname to a USB pen drive that was mounted and then removed; this can lead to a NULL dereference and potential exposure of sensitive data such as core contents. Mul...

CVE-2009-3280

The CVE-2009-3280 issue affects the Linux kernel CFG80211 code. Specifically, an Integer signedness error in the find_ie function inside net/wireless/scan.c can be triggered by malformed packets, leading to a denial of service (soft lockup). Affected version range is before 2.6.31.1-rc1. Multiple...

CVE-2016-6779

CVE-2016-6779 is a local elevation-of-privilege in the HTC sound codec driver affecting Android kernel 3.10 (Nexus 9). The vulnerability could let a local malicious application execute arbitrary code in the kernel context if it can compromise a privileged process. The issue is categorized as High...

CVE-2016-8391

CVE-2016-8391 is an elevation-of-privilege in the Qualcomm sound driver on Android kernels (3.10, 3.18) that could allow a local malicious app to execute arbitrary kernel code. The issue requires compromising a privileged process. Public exploit details are not provided in the documents. The Andr...

CVE-2016-8420

The CVE-2016-8420 entry describes an elevation-of-privilege vulnerability in the Qualcomm Wi‑Fi driver for Android kernels (Kernel-3.10 and Kernel-3.18). A local malicious application could execute arbitrary code in kernel context after compromising a privileged process. The description lists And...

CVE-2016-8436

CVE-2016-8436 matches an elevation-of-privilege flaw in the Qualcomm video driver affecting Android kernels (Kernel-3.18). The vulnerability could let a local malicious app execute arbitrary code in the kernel context, potentially causing a permanent device compromise and requiring reflashing to ...

CVE-2016-8456

CVE-2016-8456 describes an elevation of privilege vulnerability in the Broadcom Wi‑Fi driver used by Android on devices such as Nexus/Pixel families. The issue allows a local malicious application to execute arbitrary code in the kernel context, and it is rated High because an attacker must first...

CVE-2016-8459

CVE-2016-8459 (Android) describes a possible buffer overflow in the storage subsystem, triggered by bad parameters in RPMB listener responses. The issue affects Android kernel 3.18 and is associated with the RPMB command handling, potentially leading to a write/overflow condition in kernel memory...

CVE-2016-8463

CVE-2016-8463 describes a denial-of-service vulnerability in the Qualcomm FUSE file system used by Android. A remote attacker could trigger a device hang or reboot by delivering a specially crafted file. Affected software includes Android on kernels 3.10 and 3.18. The connected documents do not s...

CVE-2016-8476

CVE-2016-8476 is an elevation-of-privilege vulnerability in the Qualcomm Wi‑Fi driver for Android, allowing a local malicious application to execute code in the kernel once a privileged process is compromised. The issue affects Android kernel versions 3.10 and 3.18; Android ID A-32879283. The NVD...

CVE-2017-0328

Summary (CVE-2017-0328) An information-disclosure vulnerability in the NVIDIA crypto driver could allow a local malicious Android process to access data outside its permission levels. Affected software: Android on kernel 3.10. Exploitation requires a privileged process, so impact is limited to lo...

CVE-2017-0336

CVE-2017-0336 is an information-disclosure flaw affecting the NVIDIA GPU driver on Android (Kernel-3.18). A local malicious app could access data outside its permission levels. The vulnerability is described as high-severity in the Android bulletin, with patches released as part of the 2017-03-01...

CVE-2017-0526

CVE-2017-0526 describes an elevation-of-privilege vulnerability in the HTC Sensor Hub Driver affecting Android on Kernel-3.10. The issue could allow a local, malicious application to execute arbitrary code within the kernel context after compromising a privileged process. The Android ID is A-3389...

CVE-2017-0533

CVE-2017-0533 corresponds to an information-disclosure vulnerability in the Qualcomm video driver on Android (kernel 3.18). The issue could allow a local malicious app to access data beyond its permissions, requiring initial compromise of a privileged process and user interaction per CVSS3 metric...

CVE-2017-0535

CVE-2017-0535 is an information disclosure in the HTC sound codec driver for Android hosted on Kernel-3.10. The issue permits a local attacker, after compromising a privileged process, to access data outside its permissions, implying a confidentiality risk limited to the affected kernel/device co...

CVE-2017-0607

CVE-2017-0607 describes an elevation-of-privilege vulnerability in the Qualcomm sound driver on Android, allowing a local malicious application to execute arbitrary code in the kernel context. The description specifies Product: Android and Kernel-3.18, with Android ID A-35400551 and references QC...

CVE-2017-0624

CVE-2017-0624 describes an information-disclosure vulnerability in the Qualcomm Wi‑Fi driver on Android, enabling a local malicious app to access data outside its permissions. Affected: Android devices (notably Nexus 5X, Pixel, Pixel XL) with Kernel 3.10/3.18; root cause: Qualcomm Wi‑Fi driver in...

CVE-2017-0626

CVE-2017-0626 is an information-disclosure vulnerability in the Qualcomm crypto engine driver, affecting Android kernel components (Kernel-3.10 and Kernel-3.18). A local malicious app could access data outside its permission levels due to this driver flaw. Evidence shows affected product as Andro...

CVE-2017-0634

CVE-2017-0634 is an information-disclosure vulnerability in the Synaptics touchscreen driver on Android, affecting Kernel-3.18. The issue allows a local malicious process to access data outside its permissions after bypassing privileged process protection. Impact is limited to the Synaptics drive...

CVE-2017-8071

CVE-2017-8071 affects the Linux kernel: the file drivers/hid/hid-cp2112.c in 4.9.x before 4.9.9 uses a spinlock that does not account for sleeping during a USB HID request callback, allowing a local attacker to cause a denial of service via deadlock. The vulnerability is specific to the HID CP210...

CVE-2022-49008

The CVE-2022-49008 issue affects the Linux kernel, specifically the can327 path: can327_feed_frame_to_netdev() failed to free the skb when the netdev is down, and all callers did not free allocated skbs, causing a potential skb leak. The patch adds kfree_skb() in can327_feed_frame_to_netdev() whe...

CVE-2022-49866

CVE-2022-49866 concerns a memory‑leak in the Linux kernel’s MHI/wwan path: the MHI driver registered a network device without marking needs_free_netdev, so free_netdev() wasn’t called on unregister. The public sources describe a patch that sets needs_free_netdev to true when registering the netwo...

CVE-2022-49895

CVE-2022-49895 concerns the Linux kernel fix for a NULL pointer dereference in the cxl/region path. When an intermediate port’s decoders are exhausted and a new region is added in its hierarchical path, cxl_port_attach_region() may fail to find a port decoder and fall through to cleanup. During t...

CVE-2022-50004

CVE-2022-50004 is a Linux kernel vulnerability in the xfrm policy path. A null pointer dereference can occur when transmitting an skb with metadata_dst where dst->dev is NULL, through the xfrm interface, due to a missing null check in xfrmi_xmit/xfrm_lookup_with_ifid. The impact is kernel cras...

CVE-2023-20663

CVE-2023-20663 describes a potential out-of-bounds write in wlan due to an integer overflow, enabling local privilege escalation with System execution privileges required and no user interaction. The vulnerability is tied to a patch ID ALPS07560741 / Issue ID ALPS07560741. Connected sources menti...

CVE-2023-52980

The CVE-2023-52980 issue affects the Linux kernel ublk driver, specifically the SPDK ublk target when assigning very large queue depths. The root cause is that UBLK_MAX_QUEUE_DEPTH is 4096, and the calculation sizeof(struct ublk_queue) + depth * sizeof(struct ublk_io) can exceed 65535 when depth ...

CVE-2023-53004

CVE-2023-53004 concerns a Linux kernel overlay (ovl) tmpfile leak due to a missed error cleanup. The vulnerability is resolved in the kernel with patches referenced by the stable commits listed in the sources. The CVSSv3.1 vector indicates LOCAL attack vector, LOW attack complexity and privileges...

CVE-2024-58004

CVE-2024-58004 affects the Linux kernel’s media: intel/ipu6 path. The issue arises when a cpu latency QoS request is not removed on the error path, causing a corruption in the cpu latency QoS list (list_add corruption). The kernel log excerpt illustrates a corrupted list prev/next pointers during...

CVE-2024-58042

CVE-2024-58042 relates to the Linux kernel and fixes a potential deadlock in rhashtable growth logic. The original implementation could trigger a deadlock chain involving nested locks between the rhashtable bucket, rq lock, and dsq lock. The fix moves the hash table growth check and work scheduli...

CVE-2024-58066

The CVE-2024-58066 entry concerns a Linux kernel vulnerability in the clk: mmp: pxa1908-apbcp component. The issue was a NULL vs IS_ERR() check related to devm_kzalloc() returning NULL on error, not an error-pointer, and the code was updated to align the check with the actual return value. Affect...

CVE-2025-21771

CVE-2025-21771 affects the Linux kernel sched_ext subsystem. It stems from incorrect autogroup migration detection in the cgroup/migration path where scx_move_task() could misclassify a non-root cgroup migration as autogroup root migration, triggering a warning. The fix changes the call path by a...

CVE-2025-21942

CVE-2025-21942 affects the Linux kernel btrfs zoned code. A hang can occur in cow_file_range() when unlocking extents if there is no active zone finish path or after partial allocations, due to unlock code being moved outside the loop by a commit. The fix sets the end to the end of the allocated ...

CVE-2025-38139

In Linux kernels with netfs, CVE-2025-38139 is resolved by correcting the write-retry path: netfs_retry_write_stream() now uses the iterator-reset function, ensuring the subrequest length accounts for any shortened data after a retry. The bug could cause a KASAN slab-out-of-bounds read in iov_ite...

CVE-2025-38546

CVE-2025-38546 (Linux kernel: ATM clip memory leak) The vulnerability is in the ATM subsystem’s clip code. The ioctl ATMARPD_CTRL path assigns NULL to vcc->push(), which breaks the expected cleanup path and leaks memory for the allocated struct clip_vcc during ATMARP handling. The root cause i...

CVE-2025-38556

The Connected documents confirm CVE-2025-38556 affects the Linux kernel HID core, where the s32ton() conversion could crash when invoked with 0 bits. The fix HardenS32ton() so that it returns a reasonable result instead of faulting on 0-bit input, aligning behavior with snto32(). This CVE entry i...

CVE-2025-38565

CVE-2025-38565: In the Linux kernel perf_mmap() path, if buffer allocation fails the code still invokes event_mapped(), which can increment perf_rdpmc_allowed on x86 and leaks references because perf_mmap_close() is not called. The documented fix is to return early on failure to prevent the refer...

CVE-2025-40300

The CVE-2025-40300 issue affects the Linux kernel’s x86/vmscape mitigation. The vulnerability arises from insufficient branch predictor isolation between a guest and a userspace hypervisor, which is mitigated by conditionally issuing an IBPB after VMexit and before returning to userspace. The fix...

CVE-2026-31661

The CVE-2026-31661 issue affects the Linux kernel brcmsmac Wi‑Fi driver where dma_free_coherent() may free a size different from what dma_alloc_consistent() allocated (size may change for alignment). The fix changes the free size to the allocation size. Descriptions across multiple advisories (NV...

CVE-1999-1341

CVE-1999-1341 concerns the Linux kernel before 2.3.18 or 2.2.13pre15, when compiled with SLIP and PPP options, allowing a local unprivileged user to forge IP packets via the TIOCSETD option on tty devices. The vulnerability enables local access to tamper with packet data, with partial impacts to ...

CVE-1999-1442

The CVE-1999-1442 entry describes a bug in AMD K6 processors running Linux 2.0.x and 2.1.x kernels where a specific sequence of instructions can be used by a local attacker to trigger a denial of service (kernel crash). Affected component: AMD K6 processor in these Linux kernel versions; root cau...

CVE-2002-0570

CVE-2002-0570 : The encrypted loop device in Linux kernel 2.4.10 and earlier does not authenticate the entity that is encrypting data, allowing local users to modify encrypted data without knowing the key. The affected component is the loop device encryption code in these kernels. The provided do...

CVE-2002-1319

The CVE-2002-1319 issue affects the Linux kernel on x86, specifically versions 2.4.20 and earlier and 2.5.x. The root cause is a flaw in emulation mode where TF and NT EFLAGS are not properly cleared, enabling a local user to cause a denial of service (hang). The impact is a local DoS without rem...