14330 matches found
CVE-2024-57927
CVE-2024-57927 relates to the Linux kernel’s NFS write-to-cache path. The root cause was that nfs_netfs_init_request() could be invoked with a NULL file pointer when netfslib copied freshly read data into a write request for the cache, causing an oops via nfs_file_open_context(). The fix prevents...
CVE-2025-21747
The CVE-2025-21747 entry concerns the Linux kernel DRM AST driver (drm/ast: astdp) where the video-signal enable path could trigger a kernel warning due to an insufficient timeout. Root cause: a timeout too short (200 ms) for enabling the ASTDP transmitter; the system may log a WARN_ON in ast_dp_...
CVE-2025-38029
CVE-2025-38029 (Linux kernel) : The issue occurs in kasan when apply_to_pte_range enters lazy MMU mode and invokes kasan_populate_vmalloc_pte(), which can sleep while allocating a single page. This can crash in-context on certain arches (e.g., s390) when preemption is manipulated during lazy MMU ...
CVE-2025-38069
Technical details for CVE-2025-38069 are not provided in the connected documents. Monitor for updates from upstream advisories.
CVE-2025-38301
CVE-2025-38301 affects the Linux kernel nvmem driver for zynqmp_nvmem; root cause: the driver expected a device pointer in context but nvmem_config.priv is never set, causing NULL pointer dereferences when accessing the device. A fix was committed to restore correct context handling (commit 29be4...
CVE-2025-38311
CVE-2025-38311 affects the Linux kernel iavf driver. Root cause: removal of the crit_lock to avoid error-prone try_locks, replacing it with netdev_lock in most cases. This change aims to fix deadlock scenarios observed during VF removal by canceling work without netdev_lock and by expanding the p...
CVE-2025-38446
CVE-2025-38446 affects the Linux kernel clock Framework for imx (ARM i.MX95 DT). The issue is an out-of-bounds access in dispmix_csr_clk_dev_data inside __clk_register() when num_parents is 4, accessing parent_names beyond the valid range. The bug manifests as a KASAN global-out-of-bounds read (s...
CVE-2025-38503
CVE-2025-38503 : Linux kernel BTRFS vulnerability with block_group_tree enabled can trigger an assertion while rebuilding the free space tree, causing a kernel BUG and machine halt. The issue occurs when processing an empty block group (no extents/items) and a ret value of 1 is returned by btrfs_...
CVE-2025-38548
CVE-2025-38548 affects the Linux kernel hwmon driver for Corsair Corsair-CPro. The root cause is improper validation of the input buffer size received by the USB command path, allowing potential mismatches between the reported and actual buffer lengths. The fix, as documented in the connected Ast...
CVE-2025-38550
CVE-2025-38550 is a Linux kernel issue in ipv6 multicast handling. The root cause is delaying the release of the reference to pmc->idev in mld_del_delrec(), while pmc->idev is also used by ip6_mc_clear_src(). The fix (as stated) is to put the reference after ip6_mc_clear_src() returns. The ...
CVE-2025-38601
Summary (CVE-2025-38601): Linux kernel ath11k SRNG deinit path bug can cause a page fault/panic on resume due to not resetting per-list initialized flags after reconfiguration. Root cause: after two resets, ath11k_hal_srng_deinit() destroys srng lists but does not clear per-list ->initialized,...
CVE-2025-38684
CVE-2025-38684 affects the Linux kernel’s net/sched ETS implementation. The issue arose from purging unused DRR queues during ets_qdisc_change(), where the code used the new value of q->nbands for cleanup. The fix ensures the purge uses the old values of q->nbands (and q->nstrict), so pu...
CVE-2026-23226
CVE-2026-23226 involves a kernel vulnerability in ksmbd where the ksmbd_chann_list xarray was lacking synchronization, allowing a use-after-free in multi-channel sessions between lookup_chann_list() and ksmbd_chann_del. The provided documents confirm the root cause and the fix: the patch adds a n...
CVE-2026-23392
The CVE-2026-23392 vulnerability affects the Linux kernel nf_tables flowtable handling. Root cause: during error paths, a hook may still reference a flowtable, exposing it to the packet path and nfnetlink control plane. The fix inserts synchronize_rcu() after unregistering hooks (rcu grace period...
CVE-2026-31709
In the Linux kernel SMB client (cifsacl), CVE-2026-31709 arises from insufficient validation of a server-provided DACL when rewriting security descriptors. The fix extends structural validation to ensure the DACL header, size, and per-ACE bounds are checked before any rewrite paths (replace_sids_...
CVE-1999-1441
CVE-1999-1441 concerns the Linux kernel (2.0.34) allowing a local user to deliver SIGIO signals to arbitrary processes, leading to denial of service if the target does not catch the signal. The root cause is improper restriction of SIGIO delivery across processes. Public references show a practic...
CVE-2013-3236
The CVE-2013-3236 issue affects the Linux kernel component vmci_transport_dgram_dequeue in net/vmw_vsock/vmci_transport.c; it fails to initialize a length variable, allowing local attackers to read kernel stack memory via crafted recvmsg/recvfrom. Affects kernels before 3.9-rc7. Multiple advisori...
CVE-2016-6790
CVE-2016-6790 affects NVIDIA libomx (libnvomx) in Android devices (notably Pixel C) with kernel 3.18. Root cause: NVIDIA OpenMAX component copies an input buffer to an output buffer without validating the input size, enabling local exploitation; the NVIDIA bulletin labels this as a high‑severity ...
CVE-2016-6791
CVE-2016-6791 is an elevation-of-privilege vulnerability in the Qualcomm sound driver affecting Android devices. The issue allows a local malicious application to execute arbitrary code in the kernel context, requiring initial compromise of a privileged process. Affected components/versions inclu...
CVE-2016-8394
CVE-2016-8394 describes an elevation-of-privilege vulnerability in the Synaptics touchscreen driver on Android. The issue could allow a local malicious application to execute arbitrary code in the kernel context by exploiting the Synaptics driver, requiring initial compromise of a privileged proc...
CVE-2016-8403
CVE-2016-8403 describes an information-disclosure vulnerability in Android’s kernel components, including the ION subsystem, Binder, USB driver, and networking subsystem. The issue could allow a local malicious application to access data outside its permission levels, with confidentiality impact ...
CVE-2016-8410
CVE-2016-8410 is an information-disclosure vulnerability in the Qualcomm sound driver affecting Android devices. The issue could allow a local malicious application to access data outside its permission levels, and is rated Moderate because exploitation requires first compromising a privileged pr...
CVE-2016-8415
CVE-2016-8415 describes an elevation-of-privilege flaw in the Qualcomm Wi‑Fi driver that lets a local malicious app execute code in the kernel context. Affected software is Android with kernel versions 3.10 and 3.18; exploitation requires compromising a privileged process. The issue is categorize...
CVE-2016-8437
CVE-2016-8437 describes an improper input validation in Android’s Access Control APIs, with the kernel 3.18 memory range check potentially mishandled. Affected product: Android (Kernel 3.18). Official description notes a memory-range check issue but does not provide exploit paths or a concrete fi...
CVE-2025-38050
CVE-2025-38050 affects the Linux kernel hugetlb memory management. A race between __update_and_free_hugetlb_folio() and replace_free_hugepage_folios() can cause folio_hstate(folio) to see a NULL pointer, leading to a kernel NULL pointer dereference and crash. The description explains the root cau...
CVE-2025-38175
The CVE-2025-38175 entry concerns a use-after-free in the Linux kernel binder subsystem (binder_devices) that could occur when a binder device is released without first being removed from the binder_devices list. The Astra Linux bulletin documents the root cause in binder_remove_device within bin...
CVE-2025-38223
CVE-2025-38223 : Linux kernel fix for a kernel BUG triggered by an encrypted inode with an unaligned file size (e.g., 33K or 1K) in Ceph-related code paths. The issue manifests as a kernel OOPS/crash via a bug in ceph_msg_data_cursor_init in net/ceph/messenger.c during ceph_con_workfn processing,...
CVE-2025-38339
CVE-2025-38339 (Linux kernel, powerpc/ arch): The issue arises from a miscalculated JIT size for the BPF trampoline during the dummy pass. arch_bpf_trampoline_size() estimates the JIT code size before the final image buffer is allocated, and the total emitted trampoline instructions depend on the...
CVE-2025-38538
CVE-2025-38538 : In the Linux kernel DMA engine nbpfaxi, memory corruption could occur due to out-of-bounds access in nbpf_probe() where nbpf->chan[] is allocated with num_channels elements but three loops could index one past the end. The second loop copies data from irqbuf[] to nbpf->chan...
CVE-2025-38562
CVE-2025-38562 affects the Linux kernel ksmbd component. When a client performs two session setups with krb5 authentication to ksmbd, a null pointer dereference in generate_encryptionkey could occur if sess->Preauth_HashValue is NULL while the session is valid. The fix ensures the encryption k...
CVE-2025-38584
The CVE-2025-38584 issue is a Linux kernel vulnerability in the padata subsystem. A race condition/use-after-free could occur in padata_reorder after a padata item is enqueued but before the next item is prepared, potentially allowing premature dereference of the pd reference. The fix updates the...
CVE-2025-38585
CVE-2025-38585 concerns Linux kernel staging/atomisp: a stack buffer overflow in gmin_get_var_int() triggered when gmin_get_config_var() calls EFI get_variable() with a larger-than-expected EFI variable. The bug stems from two issues: (1) gmin_get_config_var() returning a stale error code on EFI ...
CVE-2025-38610
CVE-2025-38610 affects the Linux kernel powercap codebase, specifically the dtpm_cpu path. The vulnerability is caused by a NULL dereference in get_pd_power_uw() when em_cpu_get() returns NULL, which can occur if a CPU becomes unavailable at runtime and get_cpu_device() yields NULL, propagating t...
CVE-2025-38612
CVE-2025-38612 affects the Linux kernel staging driver fbtft (staging: fbtft). The vulnerability is due to a memory leak in fb_deferred_io_init() where memory allocated for info->pagerefs in the fb_info error path was not freed after fb_info allocation completed. The fix adds the cleanup on th...
CVE-2025-38691
Technical details about CVE-2025-38691 are not publicly provided in the supplied connected documents. Monitor vendor advisories (Debian, Mageia, Amazon Linux) for patches and mitigations and update accordingly.
CVE-2026-23231
CVE-2026-23231 affects the Linux kernel nf_tables code. The root cause is a use-after-free in nf_tables_addchain(), where a new chain is published to a table via list_add_tail_rcu() before hooks are registered; on failure the error path frees the chain without an RCU grace period, creating use-af...
CVE-2026-23234
CVE-2026-23234 affects the Linux kernel F2FS subsystem. A use-after-free can occur in f2fs_write_end_io() due to a race with kill_f2fs_super freeing sbi before writeback complete, allowing access to freed sbi during page cache/inode cleanup. The published fix relocates the checkpoint thread wakeu...
CVE-2026-23410
CVE-2026-23410 – Linux kernel (AppArmor) race condition has a documented use-after-free in rawdata handling. The issue occurs when rawdata inodes aren’t refcounted, allowing an attacker to open a rawdata file while the last reference is removed (e.g., via profile removal), freeing the aa_loaddata...
CVE-2026-46056
The CVE-2026-46056 entry documents a Linux kernel Bluetooth UAF vulnerability in the SSP passkey handlers (hci_event path). The issue arises when hci_conn lookup and field access are performed without holding the hdev lock, creating a window where a connection could be freed concurrently in hci_u...
CVE-2026-46262
CVE-2026-46262 concerns the Linux kernel ASoC fsl_xcvr module. The issue stems from a deadlock: a read lock is acquired while a write lock is already held in the same thread within fsl_xcvr_mode_put(), which is invoked by the upper ALSA core via snd_ctl_elem_write(). This caused a hung task. The ...
CVE-1999-0781
The CVE-1999-0781 entry concerns KDE: local users can run arbitrary commands by setting the KDEDIR environment variable to alter KDE’s executable search path. This documents the affected component as KDE and the root cause as the KDEDIR env var influencing how KDE locates executables, enabling lo...
CVE-2002-1963
The CVE-2002-1963 entry affects Linux kernel versions 2.4.1–2.4.19. The root cause is that the NR_RESERVED_FILES limit is set to 10, enabling local users to exhaust resources by opening 10 setuid binaries, causing a denial of service. Publicly provided documents confirm the affected kernel range ...
CVE-2005-3810
CVE-2005-3810 affects the Linux kernel 2.6.14 family (2.6.14 up to 2.6.14.3). The vulnerable component is ip_conntrack_proto_icmp.c in the ctnetlink module, where a lack of ICMP_ID information in an ICMP IPv4 message can cause a kernel oops, i.e., a NULL dereference leading to a denial of service...
CVE-2006-6333
The CVE-2006-6333 issue affects Linux kernel 2.6.19: the tr_rx function in ibmtr.c can assign the wrong flag to ip_summed, enabling remote attackers to trigger a memory-corruption DoS by crafting packets that mislead the kernel to treat a field as an offset. The vulnerability is supported by mult...
CVE-2016-8407
CVE-2016-8407 is an information disclosure vulnerability in Android’s kernel components (ION subsystem, Binder, USB driver, and networking). The issue could allow a local malicious app to access data outside its permission levels after compromising a privileged process. Affected products/versions...
CVE-2016-8450
CVE-2016-8450 is an elevation-of-privilege flaw in the Qualcomm sound driver affecting Android kernel space (Kernel-3.10). The NVD entry describes a local attacker compromising a privileged process to gain code execution in the kernel context. The vulnerability is tied to the Qualcomm sound drive...
CVE-2024-58000
CVE-2024-58000 affects the Linux kernel Io_uring reg-wait path. The root cause is speculative execution on a kernel array indexed by user input when using ENTER_EXT_ARG_REG, which could interpret an offset into a pre-mapped memory region as an argument. The documented fix is to prevent speculativ...
CVE-2025-21822
CVE-2025-21822: Technical details are not publicly provided in the supplied documents. Monitor for updates.
CVE-2025-38096
The connected SUSE/OpenSUSE advisory confirms CVE-2025-38096 is addressed by an openSUSE Leap 16.0 kernel security update (openSUSE-SU-2025-20081-1). The CVE concerns the Linux kernel wifi/iwlwifi code, specifically iwl_trans_reclaim warning behavior when the FW is not alive or a FW restart is pe...
CVE-2025-38176
In Linux kernel, binder: fix use-after-free in binderfs_evict_inode() is the root cause of the vulnerability. The issue occurs within binderfs_evict_inode, leading to potential slab-use-after-free conditions observable under stress-ng with binderfs, and is mitigated by the referenced patch fix. C...