13692 matches found
CVE-2024-26922
CVE-2024-26922 affects the Linux kernel drm/amdgpu path and arises from insufficient validation of bo mapping operation parameters (amdgpu_vm_bo_(map/replace_map/clearing_mappings)). The vulnerability is addressed by validating parameters in a central location for amdgpu_vm_bo_* calls, with the i...
CVE-2024-26923
CVE-2024-26923 is a Linux kernel vulnerability in AF_UNIX garbage collection. The race occurs when a GC pass enqueues an embryo that has a peer carrying SCM_RIGHTS, causing the inflight set to differ between passes. This can leave a dangling pointer in the gc_inflight_list and may lead to memory ...
CVE-2024-26926
CVE-2024-26926 : The Linux kernel vulnerability concerns the binder subsystem. After commit 6d98eb95, an offset alignment check was removed from binder_alloc_copy_from_buffer()/check_buffer(), and answers were copied in binder_get_object() via copy_from_user(), which now requires an explicit offs...
CVE-2024-26920
CVE-2024-26920: In the Linux kernel, the tracing/trigger path (register_snapshot_trigger) could allocate a snapshot and erroneously report success (0) when allocation failed. The fix returns an error code on allocation failure, preventing registration of a snapshot trigger without error. This is ...
CVE-2023-52489
CVE-2023-52489 is tied to a Linux kernel race in mm/sparsemem memory sections (memory_section->usage) when PFNs span ZONE_NORMAL, ZONE_DEVICE, ZONE_NORMAL and memory compaction runs. The race occurs between pfn_valid()/pfn_section_valid() and section_deactivate, where ms->usage can be NULL ...
CVE-2024-26618
CVE-2024-26618 (Linux kernel, arm64 SME): The vulnerability is in sme_alloc() when existing storage is present and flushing is not in progress. It could allocate new storage, leaking the existing storage and corrupting state, due to missing separation between flushing and existing-storage checks ...
CVE-2023-52488
CVE-2023-52488 concerns the Linux kernel driver for SC16IS7XX UARTs. In burst mode, the SC16IS7XX can read/write FIFO data with an initial register address, and regmap_raw_read()/regmap_raw_write() do not increment the register in this path. This could corrupt the regmap cache when multi-byte tra...
CVE-2024-26643
CVE-2024-26643 is a Linux kernel vulnerability in netfilter nf_tables where the asynchronous rhashtable garbage-collection can race with the release of anonymous sets that have timeouts, leading to a potential collection of elements during commit path teardown. The root cause is a race between se...
CVE-2024-26620
CVE-2024-26620 affects the Linux kernel’s s390 VFIO AP mediated devices (vfio-ap). The issue stems from vfio_ap_mdev_filter_matrix: when a new adapter or domain is assigned to an mdev, only the APID/APQI for the new item was inspected. This could leave AP queues bound to no driver exposed to a gu...
CVE-2023-52494
CVE-2023-52494 concerns the Linux kernel bus: mhi driver. The vulnerability arises from an unaligned event ring read pointer reading 128-bit elements (struct mhi_ring_element). Although the code validates the pointer is within the buffer, an unaligned pointer could lead to DoS or ring-buffer memo...
CVE-2023-52495
CVE-2023-52495 affects the Linux kernel PMIC GLINK altmode driver (qcom) and is caused by an incomplete port sanity check. The driver supports at most two ports; a notification for an unsupported port could access memory beyond the port array, risking memory corruption. The issue is addressed by ...
CVE-2024-26642
CVE-2024-26642 in the Linux kernel’s netfilter nf_tables fixes a denial-of-service condition by disallowing anonymous sets with the timeout flag; the patch removes such sets from userspace usage, except for NFT_SET_EVAL to preserve legacy meters. The vulnerability is due to allowing a timeout fla...
CVE-2024-26921
CVE-2024-26921 is a Linux kernel issue where in the tx path, skb fragments could trigger a use-after-free of the socket when fragments are reassembled and the skb->sk field is freed prematurely. The fix, analyzed by Eric Dumazet, moves orphaning to the last safe moment, delaying skb->sk des...
CVE-2024-26925
CVE-2024-26925 affects the Linux kernel nf_tables component. The issue arises when the commit mutex is released during the abort path between nft_gc_seq_begin() and nft_gc_seq_end(), allowing an asynchronous GC worker to collect expired objects and obtain the released commit lock within the same ...
CVE-2024-27004
CVE-2024-27004 in the Linux kernel affects the clk subsystem, where runtime PM resuming/suspending a device while holding the clk prepare_lock can deadlock (ABBA) when walking the clock tree during disable_unused. The issue manifests as hung tasks (e.g., swapper/0 and a kworker) and a deadlock be...
CVE-2024-26936
CVE-2024-26936 affects the Linux kernel component ksmbd. The issue arises because the response buffer is allocated in smb2_allocate_rsp_buf() only after validating the request, while the patch shows that fields in the payload and the SMB2 header are used within smb2_allocate_rsp_buf(), enabling a...
CVE-2024-27000
Summary: CVE-2024-27000 is a Linux kernel vulnerability in the serial mxs-auart driver where uart_handle_cts_change() could be invoked without holding uport->lock, risking mis-synchronization. The issue is resolved by adding a spinlock around changing the CTS state. The described scenario invo...
CVE-2024-26897
CVE-2024-26897 — Linux kernel (ath9k/ath9k_htc): A race in the ath9k_wmi_event_tasklet can occur due to init-order data-structure initialization exposed to USB before driver init completes. This may cause NULL-pointer dereferences under certain WMI commands. A partial fix existed (aborting WMI_TX...
CVE-2024-26937
CVE-2024-26937 is a Linux kernel bug in the Intel i915 GPU driver where a preempt-to-busy race during engine parking could leave queue_priority_hint set. The heartbeat can trigger completion during parking, causing an assertion failure and a crash. The issue was resolved by resetting queue_priori...
CVE-2024-27001
CVE-2024-27001 is described in the Linux kernel context as a fix for a USB endpoint checking flaw in the comedi vmk80xx driver. The issue arose because vmk80xx_find_usb_endpoints() did not fully account for varying endpoint types (bulk vs interrupt) across hardware models, which could lead to an ...
CVE-2024-27437
CVE-2024-27437 — Linux kernel (vfio/pci) intrinsic IRQ handling: The issue arises from auto-enabling of exclusive INTx IRQs during masking/unmasking, creating a window where an interrupt could fire and double-increment the disable depth. The fix in the sources inlines the kernel logic to never au...
CVE-2024-26997
CVE-2024-26997 concerns the Linux kernel USB stack, specifically the dwc2 host controller. A dereference issue in the DDMA completion flow is fixed in the connected Astra Linux advisory, noting that a variable dereference was resolved in the DDMA completion flow. The advisory confirms the vulnera...
CVE-2024-26965
CVE-2024-26965 affects the Linux kernel clk/qcom:mmcc-msm8974. The issue stems from frequency table arrays not being terminated with an empty element, which can lead to out-of-bounds traversal by qcom_find_freq() or qcom_find_freq_floor(). The fix adds a terminating empty entry at the end of the ...
CVE-2024-26955
CVE-2024-26955 is a Linux kernel vulnerability in nilfs2. The issue arises when nilfs_get_block() can return success in a state where both searching and inserting a block fail due to a race, potentially leading to a read of an unmapped buffer and triggering a BUG_ON in submit_bh_wbc() via BH_Mapp...
CVE-2024-27075
CVE-2024-27075 targets Linux kernel media/dvb-frontends, specifically the stv0367 driver. The root cause is a stack-frame growth issue (stack frame size 3624 exceeds 2048) exposed by clang/KASAN_STACK, due to temporary i2c_msg structures on the stack in stv0367ter_set_frontend. The fix reworks st...
CVE-2024-27410
CVE-2024-27410 (Linux kernel) relates to a race in wifi nl80211 where mesh ID changes during an iftype change could overwrite wdev data. The issue is resolved by disallowing mesh ID changes while changing the interface type (i.e., disallow iftype changes when mesh ID is being set). Astra Linux no...
CVE-2024-26935
Concrete details confirm CVE-2024-26935 affects the Linux kernel SCSI core procfs host directory handling. The issue stems from a race/regression where procfs directories created during scsi_host_alloc() could be mishandled when hosts were allocated but not added, or removed during dev_release(),...
CVE-2023-52652
CVE-2023-52652 affects the Linux kernel NTB path: ntb_register_device() could leak the device name if device_register() failed, due to a missing put_device() in the error path. The fix releases the reference so that kobject_cleanup() can free the name. The NTB error path previously removed put_de...
CVE-2024-27065
CVE-2024-27065 is a Linux kernel issue affecting nf_tables: the verifier could incorrectly compare internal table flags during updates. The public advisories in connected documents reference a fix that “restores skipping transaction if table update does not modify flags,” applied as part of kerne...
CVE-2024-26951
CVE-2024-26951 (Linux kernel, WireGuard) : The bug occurs in the netlink dump when peers are removed with wg_peer_remove_all(): a cursored peer that has been removed can lead to iterating freed peers, causing a use-after-free. The fix changes the check from an empty peer_list to the dedicated is_...
CVE-2024-26953
CVE-2024-26953 is a Linux kernel vulnerability affecting the ESP path in net: esp. When skb fragments originating from a page_pool are released during esp_output (not inline), calling put_page can trigger a page_pool leak, potentially causing a crash. The connected documents describe the root cau...
CVE-2024-26877
The CVE-2024-26877 issue is in the Linux kernel crypto/xilinx path: crypto_finalize_request is invoked with BH enabled, triggering a call trace. The vulnerability is resolved in the kernel (patches linked in the entry), with the root cause described as needing BH to be disabled when finalize is c...
CVE-2024-27009
The vulnerability CVE-2024-27009 (Linux kernel, s390) is covered by connected security bulletins. A race in ccw_device_set_online() could leave a device in an inconsistent state if a path verification arrives after final state wait but before result state evaluation, causing subsequent online att...
CVE-2023-52486
CVE-2023-52486 affects the Linux kernel DRM subsystem. The root cause is a logic error in drm_mode_page_flip_ioctl() where, after a deadlock is encountered, the framebuffer reference is unref’d and the operation retried without resetting the fb pointer to NULL. If another error occurs before the ...
CVE-2024-26992
The CVE-2024-26992 entry concerns the Linux kernel KVM: x86/pmu feature to disable adaptive PEBS. The advisory states that adaptive PEBS support is dropped due to architectural/breakage and because adaptive PEBS could leak host LBRs/addresses to guests. Root causes include: (1) improper handling ...
CVE-2023-52647
The CVE-2023-52647 issue affects the Linux kernel media/nxp imx8-isi crossbar driver. In the crossbar subdev translation from source to sink streams, the code may dereference a NULL remote pad when a stream targets an unconnected crossbar sink, potentially crashing the system. The advisory states...
CVE-2024-27389
CVE-2024-27389 affects the Linux kernel pstore code. The issue arises when unloading a modular pstore backend with records in pstorefs, where dput() and d_drop() were used together, causing a reference-counting problem. The root cause is that d_invalidate() is the correct contender for invalidati...
CVE-2024-27080
CVE-2024-27080 resolves a race in the Linux kernel's btrfs fiemap handling. The change stops locking the entire fiemap target range to avoid a deadlock with memory-mapped buffers, but creates a race where delalloc ranges in holes can be missed. As a result, fiemap consumers may not see delalloc d...
CVE-2024-38629
In CVE-2024-38629, the Linux kernel’s dmaengine: idxd driver had a use-after-free risk where ida_destroy(&file_ida) could run after file_ida was already destroyed during WQ cdev teardown, risking a kernel panic. The fix removes ida_destroy(&file_ida) since file_ida is allocated on cdev open and f...
CVE-2024-27039
The CVE-2024-27039 issue affects the Linux kernel clock framework for Hisilicon hi3559a. The root cause is an array p_clk that is allocated before iterating over clocks to register, and is incremented each loop iteration. If a clk_register() call fails, p_clk may point to memory that should not b...
CVE-2023-52648
CVE-2023-52648 – Linux kernel flaw in drm/vmwgfx: unmap the surface before resetting it on a plane state. Root cause: when switching to a new plane state surfaces are unreferenced, but the mapped flag may not be reset, allowing a plane backed by a bo to be treated as mapped, causing null derefs d...
CVE-2024-27391
CVE-2024-27391 concerns the Linux kernel wireless driver wilc1000. The issue arises from how wilc_netdev_ifc_init creates a workqueue; it reallocates the workqueue on each added interface, overwriting the existing one and causing a leakage across netdevs. The description notes that a single workq...
CVE-2024-27390
CVE-2024-27390 : In the Linux kernel, the mutex/barrier introduced in ipv6_mc_down() via synchronize_net() is removed (ipv6: mcast: remove one synchronize_net() barrier in ipv6_mc_down()). The change is aimed at reducing latency under load since synchronize_net() can delay 200 µs to 5 ms and may ...
CVE-2023-52497
CVE-2023-52497 affects the Linux kernel EROFS: the vulnerability stems from in-place LZ4 decompression where two mapped buffers could cause data corruption due to overlapping buffers and buffer ordering, especially on newer Intel CPUs with FS RM. The fix switches to using the decompressed buffer ...
CVE-2024-26959
CVE-2024-26959 affects the Linux kernel Bluetooth subsystem (btnxpuart). The issue is a scheduling while atomic BUG in btnxpuart_close that could leave the transmit queue unpurged and skb release unsafe. The fixed path is in btnxpuart_close, with related call chain through tty/serdev/uart during ...
CVE-2024-27034
CVE-2024-27034 : In the Linux kernel, the f2fs compression path had a fix for normal cluster writes overlapped with compressed clusters. If a compressed cluster is overwritten by a normal cluster, unlocking cp_rwsem during f2fs_write_raw_pages() could cause data corruption when partial blocks wer...
CVE-2024-26948
The CVE-2024-26948 entry concerns the Linux kernel DRM/AMD display path: a NULL state check is added in dc_state_release to prevent operating on a NULL dc_state. The issue is described as a local-attack surface with low privileges and no user interaction, but with a high availability impact. A fi...
CVE-2024-26621
CVE-2024-26621 affects the Linux kernel mm subsystem: huge_memory/THP alignment on 32-bit architectures. The issue arose from a change that aligned larger anonymous mappings on THP boundaries, which is problematic on 32-bit virtual address spaces. The vulnerability is resolved in the provided adv...
CVE-2024-27007
The CVE-2024-27007 issue affects the Linux kernel, specifically the userfaultfd path for UFFDIO_MOVE. The root cause was an incorrect update of src_folio (mapping/index) before the page-table is cleared and after unpin, risking memory corruption and swapout/migration failure. A fix was implemente...
CVE-2024-35938
CVE-2024-35938 : Linux kernel wifi/ath11k MHI channel buffers were reduced from the default 64KB to 8KB by setting buf_len to 8KB for QCA6390/WCN6855. This avoids large allocations that can fail under memory fragmentation when memory compaction/reclaim is not allowed, reducing risk of page‑alloca...