CVE-2020-25673

CVE-2020-25673 is described in connected documents as a Linux kernel vulnerability where a non-blocking socket in llcp_sock_connect() can cause a memory leak and eventually hang the system. The Unity Linux UTSA-2026-001467 advisory and related Nessus plugins reiterate this issue, referencing a vu...

CVE-2021-29648

CVE-2021-29648 affects the Linux kernel up to version 5.11.11, with the BPF subsystem failing to treat resolved_ids and resolved_sizes as intentionally uninitialized in the vmlinux BTF. The consequence is a system crash on an unexpected access (in map_create and check_btf_info), caused by CID-350...

CVE-2022-36123

The CVE-2022-36123 entry pertains to the Linux kernel prior to 5.18.13, where an unclear clear operation for the .bss block may allow Xen PV guests to trigger a denial of service or privilege escalation. Affected component: Linux kernel (xen pv guest context) up to version 5.18.12; fixed in 5.18....

CVE-2023-4732

The CVE-2023-4732 issue affects the Linux Kernel memory management path, specifically pfn_swap_entry_to_page in the page table handling. It states that a local user could trigger a denial of service by exploiting a BUG referencing pmd_t x, leading to a DoS condition. The root cause is described a...

CVE-2024-25744

In CVE-2024-25744, Linux kernel versions before 6.6.7 are vulnerable: an untrusted VMM can trigger int80 syscall handling at any point due to code in arch/x86/coco/tdx/tdx.c and arch/x86/mm/mem_encrypt_amd.c. This is a local-privilege impact condition as described by the advisory, with a base sco...

CVE-2017-9077

CVE-2017-9077 : The Linux kernel's tcp_v6_syn_recv_sock in net/ipv6/tcp_ipv6.c mishandles inheritance, enabling a local attacker to cause a denial of service via crafted system calls. The connected CentOS/CSA entries corroborate kernel-level impact and note security updates; no remote exploit det...

CVE-2018-13406

CVE-2018-13406 affects the Linux kernel’s uvesafb_setcmap() in drivers/video/fbdev/uvesafb.c, where an integer overflow before kernel 4.17.4 could crash the kernel or allow privilege elevation because kmalloc_array is not used. A fix is available in kernel 4.17.4 (ChangeLog-4.17.4), so upgrading ...

CVE-2022-0487

CVE-2022-0487 is a use-after-free in the MOXART SD/MMC Host Controller support driver (memstick) in the Linux kernel. The flaw arises in the driver path rtsx_usb_ms_drv_remove and affects kernel versions older than 5.14-rc1. Local users with limited privileges could exploit this to impact confide...

CVE-2023-0468

CVE-2023-0468 : A use-after-free race in the Linux kernel’s io_uring/poll.c (io_poll_check_events, io_uring subcomponent) is triggered by a race on poll_refs, potentially causing a NULL pointer dereference. Impact: local attacker could cause a system crash/denial of service; CVSS indicates LOCAL ...

CVE-2018-5814

CVE-2018-5814 : Linux Kernel before 4.16.11, 4.14.43, 4.9.102, and 4.4.133 has race condition vulnerabilities in USB handling (probe, disconnect, rebind) that can trigger use-after-free or NULL dereference via multiple USB over IP packets. Fixes were released in kernel updates: 4.16.11, 4.14.43, ...

CVE-2019-3701

CVE-2019-3701 affects the Linux kernel CAN subsystem (can_can_gw_rcv in net/can/gw.c) up to version 4.19.13. The CAN frame modification rules can apply bitwise logic to can_dlc, enabling a privileged user with CAP_NET_ADMIN to create a can-gw rule that makes the DLC larger than the frame data. Wh...

CVE-2022-45887

CVE-2022-45887 affects the Linux kernel up to 6.0.9. The issue is a memory leak in drivers/media/usb/ttusb-dec/ttusb_dec.c caused by the absence of a dvb_frontend_detach call. Impact is potential denial of service via memory exhaustion (CVSS indicates HIGH availability impact). No remediation det...

CVE-2015-1350

CVE-2015-1350 is confirmed in the Connected documents as a vulnerability in the Linux kernel VFS subsystem (3.x) where setattr operations underspecify removal of extended privilege attributes. This can allow local users to cause a denial of service by stripping capabilities from specific processe...

CVE-2017-15265

CVE-2017-15265 is a race condition in the ALSA sequencer subsystem of the Linux kernel, up to version 4.13.8. A local attacker can trigger a use-after-free via crafted /dev/snd/seq ioctl calls, leading to denial of service (crash) or potentially other impacts. The vulnerability is fixed in the up...

CVE-2019-7308

CVE-2019-7308 affects the Linux kernel’s BPF verifier in kernel/bpf/verifier.c prior to 4.20.6. The issue is undesirable out-of-bounds speculation on pointer arithmetic across branches with different state/limits, enabling potential side-channel attacks. Public sources in connected documents cons...

CVE-2022-3239

CVE-2022-3239 : In the Linux kernel video4linux em28xx driver, a use-after-free occurs in em28xx_usb_probe() during Empia 28xx TV card probing. This can allow a local user to crash the system or potentially escalate privileges. Connected sources confirm the em28xx use-after-free root cause. No pa...

CVE-2024-53141

CVE-2024-53141 affects the Linux kernel netfilter ipset bitmap_ip_uadt logic. When tb[IPSET_ATTR_IP_TO] is absent but tb[IPSET_ATTR_CIDR] is present, the ip and ip_to values can be swapped, causing a missing range check for ip. The fix adds the missing range checks and removes unnecessary ones. C...

CVE-2018-13095

CVE-2018-13095 affects the Linux kernel up to 4.17.3 in fs/xfs/libxfs/xfs_inode_buf.c. A corrupted XFS image with an inode in extent format that has more extents than fit in the inode fork can trigger memory corruption and a bug (DoS). The connected advisories (Unity Linux, various Nessus plugins...

CVE-2019-19526

The vulnerability CVE-2019-19526 affects the Linux kernel prior to 5.3.9, caused by a use-after-free in the drivers/nfc/pn533/usb.c USB NFC driver. A malicious USB device can trigger the bug, potentially impacting availability (high impact) while confidentiality/integrity remain unaffected. Affec...

CVE-2024-42070

CVE-2024-42070 affects the Linux kernel netfilter nft_tables component. The issue is in the NFT_DATA_VALUE store validation for data registers; the datatype can be NFT_DATA_VALUE or NFT_DATA_VERDICT, and a new helper to infer the register type from the set datatype removes a conditional check. Th...

CVE-2024-44990

CVE-2024-44990 is a Linux kernel vulnerability fixed in the bonding subsystem: the function bond_ipsec_offload_ok dereferenced a pointer without validating an active slave, risking a NULL pointer dereference. The connected docs confirm the root cause (checking for an active slave before dereferen...

CVE-2025-21700

CVE-2025-21700 is a Linux kernel vulnerability in net: sched that allowed a use-after-free (UAF) scenario to escalate privileges when replacing a child qdisc from one parent to another. The provided description and demonstration show steps manipulating tc qdisc/classqdisc layout and grafting, cul...

CVE-2026-46300

The CVE-2026-46300 issue affects the Linux kernel's net: skbuff code: skb_try_coalesce() can transfer paged frags from one skb to another while losing the SKBFL_SHARED_FRAG marker, breaking the invariant relied on by ESP decryption logic. This can allow an in-place decrypt path to operate on page...

CVE-2016-9794

CVE-2016-9794 is a local, use-after-free race in ALSA’s snd_pcm_period_elapsed() in the Linux kernel before 4.7. A crafted SNDRV_PCM_TRIGGER_START can trigger memory corruption, enabling a local attacker to cause a denial of service (and possibly other impact) on affected systems. Public write-up...

CVE-2017-14106

CVE-2017-14106 affects the Linux kernel TCP stack: the divide-by-zero in tcp_disconnect (net/ipv4/tcp.c) can be triggered by a local attacker via a specific tcp_recvmsg path, potentially causing a system crash (DoS). Connected advisories confirm the issue across multiple vendors (IBM IMM2 bulleti...

CVE-2020-16120

The CVE-2020-16120 issue concerns Overlayfs in the Linux kernel where permission checks during copy-up were inadequate when used inside a user namespace. It was introduced in kernel 4.19 (ovl: stack file ops) and fixed in kernel 5.8 by patches that verify permissions in ovl_path_open(), switch to...

CVE-2020-29371

CVE-2020-29371 affects Linux kernel romfs_dev_read (fs/romfs/storage.c) prior to 5.8.4, where uninitialized memory leaks to userspace. The vulnerability stems from uninitialized memory paths, enabling leakage to user space. Affected component is the ROMFS code in the kernel; no exploit details ar...

CVE-2021-45095

CVE-2021-45095 affects the Linux kernel PhoNet (pep_sock_accept in net/phonet/pep.c). Root cause: reference-count leak in certain error paths, enabling memory exhaustion. Affected: Linux kernel up to 5.15.x (examples cite 5.15.8); remediation: patch released, kernels updated to 5.15.18.1-1 (Marin...

CVE-2015-3288

CVE-2015-3288 affects the Linux kernel prior to 4.1.4. It arises from mishandling anonymous pages in mm/memory.c, allowing a local user to gain privileges or cause a denial of service by writing to page zero. The issue is fixed in 4.1.4 (per ChangeLog-4.1.4 and related advisories referenced in th...

CVE-2020-29370

CVE-2020-29370 (Linux kernel): An issue in kmem_cache_alloc_bulk (mm/slub.c) before 5.5.11 where the slowpath path does not increment the TID as required (CID-fd4d9c7d0c71). Affected: Linux kernel prior to 5.5.11. Impact described in connected advisories as a vulnerability in the kernel memory al...

CVE-2021-3501

CVE-2021-3501 affects Linux kernels prior to 5.12. The vulnerability arises from the KVM API: the internal.ndata value is mapped to an array index and can be updated by a user process at any time, enabling an out-of-bounds write. Documented impact is data integrity and system availability. A patc...

CVE-2022-2961

CVE-2022-2961 concerns the Linux kernel’s PLP Rose functionality. The vulnerability is a use-after-free flaw caused by a race: a local user can trigger a race between calling bind and the rose_bind() function, potentially crashing the kernel or escalating privileges. Impact is described as local ...

CVE-2022-42328

Technical details about CVE-2022-42328 (and related CVEs) are not provided in the connected documents. Monitor the cited Xen/XenServer advisories and AWS Amazon/Linux advisories for updates and fixes.

CVE-2023-1075

CVE-2023-1075 is a Linux kernel TLS TLS: tls_is_tx_ready vulnerability. The issue arises from tls_is_tx_ready() performing a flawed check of list emptiness on a tls-related list, allowing a type-confused entry to be treated as a valid list_head and potentially leaking the last byte of a field tha...

CVE-2023-40283

CVE-2023-40283 affects the Linux kernel before 6.4.10. It stems from a use-after-free in l2cap_sock_release (net/bluetooth/l2cap_sock.c) where the children of an sk are mishandled. The vulnerability allows a local attacker to run arbitrary code or cause a denial of service by crafting a targeted ...

CVE-2024-0443

CVE-2024-0443 : Linux kernel flaw in the blkgs destruction path (block/blk-cgroup.c) causes a cgroup blkio memory leak during destruction. The leak stems from cgroup_rstat_flush() being invoked only from css_release_work_fn() when the blkcg refcount reaches 0, creating a circular dependency that ...

CVE-2024-53088

CVE-2024-53088 in the Linux kernel i40e driver describes a race condition where MAC/VLAN filters could be corrupted under heavy concurrent filter/memory operations. The root cause is a use-after-free like scenario where a filter freed by one thread is accessed by another during i40e_sync_vsi_filt...

CVE-2023-1074

CVE-2023-1074 is a memory-leak flaw in the Linux kernel SCTP implementation that can allow a local attacker to exhaust resources and cause a denial of service when a malicious networking service connects. The issue is described across multiple connected sources (e.g., Debian/AlmaLinux advisories ...

CVE-2023-52438

CVE-2023-52438 concerns a Linux kernel use-after-free in the binder shrinker path. The issue arises because the mmap read lock is held during the shrinker’s callback, making alloc->vma unsafe to access when munmap races with shrink. The fix downgrades or avoids the unsafe path by isolating the...

CVE-2024-50134

CVE-2024-50134 affects the Linux kernel driver drm/vboxvideo (vbva_mouse_pointer_shape). The issue stems from a fake VLA at the end of vbva_mouse_pointer_shape triggering a field-spanning memcpy write in hgsmi_base.c:154. The patch replaces the fake VLA with a real VLA to fix the warning and pote...

CVE-2025-38236

CVE-2025-38236 concerns a Linux kernel af_unix use-after-free involving consecutive consumed OOB skbs in unix_stream_read_generic(), triggered when OOB data is read but the corresponding skb remains on the recv queue. The root cause is the handling of consumed OOB skbs and the SO_PEEK_OFF path, w...

CVE-2016-9555

The CVE-2016-9555 issue affects the Linux kernel SCTP implementation. The sctp_sf_ootb function in net/sctp/sm_statefuns.c lacks chunk-length checking for the first SCTP chunk, and resides in kernel versions before 4.8.8. This can permit remote attackers to cause a denial of service via out-of-bo...

CVE-2018-14734

CVE-2018-14734 affects the Linux kernel before 4.17.11, where ucma_leave_multicast can access a data structure after cleanup in ucma_process_join, enabling a use-after-free that leads to DoS. The vulnerability is in drivers/infiniband/core/ucma.c. Exploitation status is not provided in the suppli...

CVE-2018-5344

CVE-2018-5344 : The Linux kernel vulnerability affects the driver code at drivers/block/loop.c, where improper lo_release serialization can lead to a use-after-free in __lock_acquire. This can cause a local denial of service (system crash) and may have unspecified other impact. The description in...

CVE-2022-26966

CVE-2022-26966 affects the Linux kernel up to 5.16.12, via the drivers/net/usb/sr9700.c component. A local attacker can attach a specially crafted USB device and cause information disclosure by leaking heap memory from the device, as described in multiple connected documents (upstream kernel note...

CVE-2023-52444

CVE-2023-52444 : In Linux kernel f2fs, a dirent corruption risk during cross-directory rename (dir/.. links) was fixed. The issue arose in f2fs_rename() when the sourceDir and targetDir differ and a whiteout is not present; a missing f2fs_set_link() could fail to update the ".." inumber, causing ...

CVE-2011-2189

Summary (CVE-2011-2189): The Linux kernel (2.6.32 and earlier) has a flaw in net_namespace.c that mishandles a high rate of network-namespace creation/cleanup. This can allow remote attackers to cause a denial of service via memory consumption in a daemon that creates a separate namespace per con...

CVE-2020-10781

CVE-2020-10781 affects the Linux kernel ZRAM module: a local attacker who can read /sys/class/zram-control/hot_add can create ZRAM device nodes in /dev, and repeated reads can allocated memory and trigger OOM killer, potentially making the system inoperable. Connected advisories (e.g., ALAS2KERNE...

CVE-2020-26088

CVE-2020-26088 affects the Linux kernel up to version 5.8.2, where a missing CAP_NET_RAW check in NFC socket creation (net/nfc/rawsock.c) could let a local attacker create raw sockets and bypass security mechanisms. This is demonstrated in multiple Nessus advisories (Unity Linux/OpenSUSE/EulerOS ...

CVE-2020-35508

CVE-2020-35508 is a Linux kernel issue describing a race condition and incorrect initialization of the child/parent process ID handling when filtering signal handlers. The flaw permits a local attacker to bypass checks and send signals to a privileged process. Multiple Nessus/MiracleLinux Unity a...