13804 matches found
CVE-2025-38368
CVE-2025-38368 concerns the Linux kernel fix for a NULL dereference in the tps6594-pfsm subsystem. The issue arises in the misc: tps6594-pfsm driver where devm_kasprintf() could return NULL for pfsm->miscdev.name. The patch adds a NULL pointer check in tps6594_pfsm_probe() to prevent dereferen...
CVE-2025-38604
CVE-2025-38604 affects the Linux kernel RTL8187 family via a race in rtl8187_stop() where usb_kill_anchored_urbs() must be invoked before clearing b_tx_status.queue to avoid callbacks using freed skbs. The upstream fix changes the sequence to kill URBs prior to freeing the tx-status skb, addressi...
CVE-2025-38684
CVE-2025-38684 affects the Linux kernel’s net/sched ETS implementation. The issue arose from purging unused DRR queues during ets_qdisc_change(), where the code used the new value of q->nbands for cleanup. The fix ensures the purge uses the old values of q->nbands (and q->nstrict), so pu...
CVE-2016-10295
An information disclosure vulnerability in the Qualcomm LED driver (CVE-2016-10295) could allow a local malicious Android app to access data outside its permission levels. Affected product: Android; Kernel version: 3.18. Android ID: A-33781694. The issue is rated Moderate because exploitation req...
CVE-2016-6778
CVE-2016-6778 is an Elevation of Privilege affecting the Android kernel path via the HTC sound codec driver. The vulnerability could let a local malicious application execute arbitrary kernel code, requiring initial compromise of a privileged process before exploitation. Affected stack: Android o...
CVE-2016-8408
CVE-2016-8408 describes a local information-disclosure vulnerability in the NVIDIA video driver on Android (Kernel-3.10). The issue could allow a local malicious application to access data outside its permission levels, and is rated Moderate because exploitation requires compromising a privileged...
CVE-2022-50014
CVE-2022-50014 is a Linux kernel issue resolved by removing FOLL_COW and tightening COW handling in mm/gup. The advisories state that FOLL_FORCE could cause a read-only, shared page to become writable, enabling local exploitation similar to Dirty COW, particularly via exclusive anonymous pages an...
CVE-2022-50230
In the Linux kernel (arm64), the idmap access problem occurred on systems implementing FEAT_EPAN where UXN was not set on swapper page tables, causing idmap_kpti_install_ng_mappings to panic when accessing __idmap_kpti_flag. The issue was fixed upstream by applying UXN to the swapper PTEs as part...
CVE-2025-21747
The CVE-2025-21747 entry concerns the Linux kernel DRM AST driver (drm/ast: astdp) where the video-signal enable path could trigger a kernel warning due to an insufficient timeout. Root cause: a timeout too short (200 ms) for enabling the ASTDP transmitter; the system may log a WARN_ON in ast_dp_...
CVE-2025-38176
In Linux kernel, binder: fix use-after-free in binderfs_evict_inode() is the root cause of the vulnerability. The issue occurs within binderfs_evict_inode, leading to potential slab-use-after-free conditions observable under stress-ng with binderfs, and is mitigated by the referenced patch fix. C...
CVE-2025-38294
The CVE-2025-38294 entry concerns the Linux kernel wifi driver ath12k. The vulnerability arises when ath12k_mac_assign_vif_to_vdev() fails, causing a NULL radio handle (ar) to be dereferenced during debug logging via arvif, which is invalid in fail scenarios where the radio handle is NULL. The fi...
CVE-2025-38330
CVE-2025-38330 affects the Linux kernel, specifically a KUnit test path in firmware: cs_dsp_ctl_cache_init_multiple_offsets that could trigger an out-of-bounds read. root cause: mock_coeff_template.length_bytes used for register value allocations, later overridden to 8 bytes, causing incorrect te...
CVE-2025-38359
CVE-2025-38359 affects the Linux kernel on s390/x architectures. The issue is a fix in in_atomic() handling in do_secure_storage_access() where kernel user-space accesses to not-exported pages in atomic context can trigger a page fault handling path. The described impact involves a potential slee...
CVE-2025-38454
CVE-2025-38454: In the Linux kernel, ALSA: ad1816a: Fix potential NULL pointer deref in snd_card_ad1816a_pnp(); switches to pr_warn() when 'pdev' is NULL to avoid NULL pointer dereference. The description indicates the fix is kernel-side and targets the ad1816A soundcard driver; no details on aff...
CVE-2025-38526
CVE-2025-38526 relates to the Linux kernel ice driver. The issue arises from missing NULL checks in eswitch lag checking: ice_lag_is_switchdev_running() may be invoked from outside the LAG event handler, causing lag->upper_netdev to be NULL and risking a NULL pointer dereference. A fix adds a ...
CVE-2025-38531
CVE-2025-38531 affects the Linux kernel IIO common/st_sensors code. The issue arises from using uninitialized indio_dev->dev in probe paths, which can trigger a kernel panic in st_sensors_power_enable() when devm_regulator_bulk_get_enable() fails and later calls dev_err_probe() with an uniniti...
CVE-2025-38535
CVE-2025-38535 relates to the Linux kernel on Tegra XUSB where regulator disable logic became unbalanced when leaving USB_ROLE_DEVICE. The fix moves regulator control into tegra186_xusb_padctl_id_override() and disables the regulator only when transitioning from USB_ROLE_HOST to USB_ROLE_NONE aft...
CVE-2025-38538
CVE-2025-38538 : In the Linux kernel DMA engine nbpfaxi, memory corruption could occur due to out-of-bounds access in nbpf_probe() where nbpf->chan[] is allocated with num_channels elements but three loops could index one past the end. The second loop copies data from irqbuf[] to nbpf->chan...
CVE-2025-38562
CVE-2025-38562 affects the Linux kernel ksmbd component. When a client performs two session setups with krb5 authentication to ksmbd, a null pointer dereference in generate_encryptionkey could occur if sess->Preauth_HashValue is NULL while the session is valid. The fix ensures the encryption k...
CVE-2025-38569
CVE-2025-38569 (Linux kernel benet) arises from a bug in the be2net SR-IOV VF MAC address configuration flow where be_cmd_set_mac_list() calls dma_free_coherent() while still under spin_lock_bh, leading to a kernel crash (BUG at mm/vmalloc.c and OOPs) when SR-IOV VFs are created. The linked advis...
CVE-2025-38587
CVE-2025-38587 affects the Linux kernel IPv6 code: fib6_info_uses_dev() may loop indefinitely due to relying on RCU without explicit protection, risking an infinite loop if anchors are removed by fib6_del_route() or fib6_add_rt2node(). The vulnerability has been resolved in the kernel; advisories...
CVE-2025-38588
CVE-2025-38588 affects the Linux kernel IPv6 path: an infinite loop in rt6_nlmsg_size() due to list_del_rcu() interactions with rt6_nh structures, potentially causing denial of service. The patch reworks the loop by restarting when f6i->fib6_nsiblings is zero, and kernel live patches/advisorie...
CVE-2025-38601
Summary (CVE-2025-38601): Linux kernel ath11k SRNG deinit path bug can cause a page fault/panic on resume due to not resetting per-list initialized flags after reconfiguration. Root cause: after two resets, ath11k_hal_srng_deinit() destroys srng lists but does not clear per-list ->initialized,...
CVE-2025-38653
CVE-2025-38653: In the Linux kernel, the vulnerability stems from checking proc_lseek directly via pde->proc_ops->proc_lseek, which can cause a use-after-free in a module removal (rmmod) scenario. The issue is a gap in proc_reg_open() that was later addressed by applying the same mitigation...
CVE-2025-38665
CVE-2025-38665 (Linux kernel CAN): A NULL pointer dereference in netlink can_changelink() when restarting a CAN device, due to missing can_priv::do_set_mode callback. Two code paths call this callback: manual restart via can_changelink() and delayed automatic restart after bus off. The fix preven...
CVE-2007-6434
CVE-2007-6434 affects Linux kernel 2.6.23. A local attacker can create low pages in virtual userspace memory and bypass mmap_min_addr protection by supplying a crafted executable that calls do_brk. This is a local-attack scenario with partial impact on availability as per CVSS 2.0 (low base score...
CVE-2014-9903
CVE-2014-9903 (Linux kernel) : Affects Linux kernel 3.14-rc1 to 3.14-rc3 (and earlier rc builds) where sched_read_attr in kernel/sched/core.c uses an incorrect size. This enables a local attacker to obtain sensitive information from kernel stack memory via a crafted sched_getattr system call. The...
CVE-2023-53218
The CVE-2023-53218 entry concerns the Linux kernel rxrpc path. A call created by sendmsg() could be aborted only after a connection assignment, but interrupted scheduling could cause subsequent sendmsg() calls to fail with EBUSY until an assignment occurs. The fix ensures that such a waiting rxrp...
CVE-2023-53248
CVE-2023-53248 affects the Linux kernel DRM/AMDGPU subsystem. The fix installs a stub fence into potentially unused page-table update fences instead of NULL to avoid NULL dereferences when dma_fence_wait() is called on those pointers during CPU-based page-table updates. This targets the scenario ...
CVE-2025-21822
CVE-2025-21822: Technical details are not publicly provided in the supplied documents. Monitor for updates.
CVE-2025-38130
Technical details for CVE-2025-38130 are not publicly provided in the connected documents. The materials only reiterate a kernel HDMI audio callback fix; monitor official advisories and patches for affected kernels and platforms.
CVE-2025-38223
CVE-2025-38223 : Linux kernel fix for a kernel BUG triggered by an encrypted inode with an unaligned file size (e.g., 33K or 1K) in Ceph-related code paths. The issue manifests as a kernel OOPS/crash via a bug in ceph_msg_data_cursor_init in net/ceph/messenger.c during ceph_con_workfn processing,...
CVE-2025-38341
CVE-2025-38341 pertains to the Linux kernel fbnic driver. The issue is described as a double-free scenario when DMA-mapping a FW message fails within fbnic_mbx_map_msg(), with the documented behavior that the caller retains ownership of the message on error and the page is freed by existing calle...
CVE-2025-38503
CVE-2025-38503 : Linux kernel BTRFS vulnerability with block_group_tree enabled can trigger an assertion while rebuilding the free space tree, causing a kernel BUG and machine halt. The issue occurs when processing an empty block group (no extents/items) and a ret value of 1 is returned by btrfs_...
CVE-2025-38506
CVE-2025-38506 : In Linux, KVM can reschedule CPU while setting per-page memory attributes for SEV-SNP guests with very large memory (1TB+), causing host CPU soft lockups during kvm_vm_set_mem_attributes(). The issue arises while looping over guest memory attributes and invoking cond_resched() to...
CVE-2025-38520
In CVE-2025-38520, the Linux kernel’s DRM/AMDKFD path could deadlock during MMU notifier callbacks when a process exits, potentially leaking VRAM. The root cause was calling mmput from the MMU notifier callback, risking release of the mm struct and exit_mmap/free_pgtable. The fix takes a non-zero...
CVE-2025-38529
CVE-2025-38529 relates to the Linux kernel Comedi driver (aio_iiro_16) where an unchecked userspace-derived value in it->options[1] could cause a shift out of bounds or negative shift; the fix adds a bounds check on it->options[1] before evaluating the (1 <options[1]) & 0xdcfc test. Affe...
CVE-2025-38568
In the Linux kernel, net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing (CVE-2025-38568). The TCA_MQPRIO_TC_ENTRY_INDEX policy allowed up to TC_QOPT_MAX_QUEUE (16), causing a 4-byte out-of-bounds write in the fp[] stack array. The fix changes the policy to allow only up to TC_QO...
CVE-2025-38584
The CVE-2025-38584 issue is a Linux kernel vulnerability in the padata subsystem. A race condition/use-after-free could occur in padata_reorder after a padata item is enqueued but before the next item is prepared, potentially allowing premature dereference of the pd reference. The fix updates the...
CVE-2025-38602
CVE-2025-38602 affects the Linux kernel’s iwlwifi driver. Root cause: missing check for alloc_ordered_workqueue return value, which may yield NULL, leading to NULL dereference. Impact: local attacker could exploit a vulnerability with high impact on availability, per the CVSS metrics (LOCAL, LOW ...
CVE-2025-38609
CVE-2025-38609 is a Linux kernel vulnerability in the PM/devfreq subsystem where code could dereference governor->name if governor is NULL. The fix, implemented by moving the NULL check before accessing governor->name, updates the handling of the governor to prevent a null pointer exception...
CVE-2025-38612
CVE-2025-38612 affects the Linux kernel staging driver fbtft (staging: fbtft). The vulnerability is due to a memory leak in fb_deferred_io_init() where memory allocated for info->pagerefs in the fb_info error path was not freed after fb_info allocation completed. The fix adds the cleanup on th...
CVE-2026-23334
The CVE-2026-23334 issue affects the Linux kernel in the can: usb: f81604 path, where interrupt URBs of incorrect length could be misinterpreted as valid data. The vulnerability is addressed by upstream kernel fixes, and Mageia advisories reference kernel version 6.6.130 as the fixing baseline, w...
CVE-2026-46244
The CVE-2026-46244 issue affects the Linux kernel netfilter nft_inner path. In nft_inner_parse_l2l3(), while handling inner IPv6 packets, ipv6_find_hdr() computes the transport header offset correctly across extension headers, but the code later overwrites this value with nhoff + sizeof(_ip6h) (4...
CVE-2022-50232
CVE-2022-50232 affects the Linux kernel on arm64 with FEAT_EPAN: UXN was not set on swapper PTEs, causing idmap_kpti_install_ng_mappings to panic when accessing __idmap_kpti_flag. Upstream fix sets UXN on swapper page tables; originated from a boot-flow refactor (commit c3cee924bd85) and a simple...
CVE-2025-38128
Technical details on CVE-2025-38128 are not publicly provided in the connected documents. The advisories reference the vulnerability at a high level but do not expand on affected products, versions, root cause, exploit details, or fixes within this dataset. Monitor for updates.
CVE-2025-38253
CVE-2025-38253 affects the Linux kernel HID driver for Wacom devices. The issue arises when wacom_remove() does not cancel the pending delayed work aes_battery_work, which can cause hard crashes or general protection faults when aes_battery_work runs after device removal (e.g., after resume from ...
CVE-2025-38314
CVE-2025-38314 affects the Linux kernel’s virtio-pci admin command path. The issue was that virtio_pci_admin_dev_parts_get() reported a result size 8 bytes larger than the actual data because result_sg_size was filled with virtqueue_get_buf() length (data + 8 bytes status). The oversized size cou...
CVE-2025-38329
CVE-2025-38329 – Linux kernel: firmware: cs_dsp: fixes OOB memory read in KUnit test (wmfw info). KASAN reported out-of-bounds access in cs_dsp_mock_wmfw_add_info() where source string length was rounded up to the allocation size. Impact: local attacker with LOW privileges; confidentiality and av...
CVE-2025-38339
CVE-2025-38339 (Linux kernel, powerpc/ arch): The issue arises from a miscalculated JIT size for the BPF trampoline during the dummy pass. arch_bpf_trampoline_size() estimates the JIT code size before the final image buffer is allocated, and the total emitted trampoline instructions depend on the...