CVE-2023-52453

In CVE-2023-52453, the Linux kernel vulnerability affects the hisi_acc_vfio_pci driver where the migration data pointer is not updated correctly when PRE_COPY is used. This can cause migration data corruption, and on the destination host may trigger error traces during device startup (as document...

CVE-2021-47036

CVE-2021-47036 concerns the Linux kernel UDP GRO path when NETIF_F_GRO_FRAGLIST or NETIF_F_GRO_UDP_FWD are enabled and UDP tunnels exist. The bug could allow udp_gro_receive() to perform L4 GRO aggregation (SKB_GSO_UDP_L4 or SKB_GSO_FRAGLIST) at the outer UDP tunnel level for packets that carry a...

CVE-2021-47014

CVE-2021-47014 affects the Linux kernel’s net/sched code, specifically the act_ct action used during IP fragment handling. The root cause was a wild memory access that occurred when a temporarily stored IP fragment was reassembled: restoring skb->cb could overwrite FRAG_CB(), causing invalid m...

CVE-2021-47011

CVE-2021-47011 is a Linux kernel memory-control (kmem/slab) issue fixed by patch series “Use obj_cgroup APIs to charge kmem pages” after Vietnam’s memcg slab work. The vulnerability revolves around certain corner objects (e.g., SLUB allocations larger than order-1 page, or pages from buddy alloca...

CVE-2024-26610

Mode C: The CVE-2024-26610 vulnerability affects the Linux kernel’s iwlwifi component (iwl_fw_ini_trigger_tlv::data) where data is a __le32*; copying to data + offset with a byte-based offset can overflow the buffer, causing memory corruption. Connected Astra Linux advisory confirms a fix in the ...

CVE-2021-47004

CVE-2021-47004 affects Linux kernel f2fs by fixing a get_victim() GC bug in CP-disabling mode. Two issues when using LFS or SSR/AT_SSR to pick a victim: (1) GC could choose a section with checkpointed data if only current-segment checks were performed; the fix adds section-level validation so a v...

CVE-2021-47016

CVE-2021-47016 is rejected/not used; not an active vulnerability entry.

CVE-2021-46999

CVE-2021-46999 affects the Linux kernel SCTP stack. A transport use-after-free occurs when processing a duplicate COOKIE-ECHO chunk in sctp_sf_do_dupcook_a(), where COOKIE-ACK and SHUTDOWN chunks can be allocated with the transport from the new asoc but are later sent via the old asoc after the n...

CVE-2024-26615

CVE-2024-26615 affects the Linux kernel net/smc code. A crash from NULL pointer dereference occurs when dumping SMC-D connections due to illegal rmb_desc access to conn->rmb_desc during an in-progress connection. The issue is fixed by adding a check before dumping to ensure rmb_desc has been i...

CVE-2024-41091

CVE-2024-41091, in the Linux kernel, is due to missing verification of frame length in the tun_xdp_one() path. This can allow a skb with insufficient Ethernet header length to be processed, risking out-of-bounds access or header-length inconsistencies in subsequent processing. A related path (tun...

CVE-2023-52498

CVE-2023-52498 : Linux kernel sleep deadlock in system-wide PM code in low-memory conditions. root cause: system-wide resume core code could deadlock because async_schedule_dev() sometimes runs the argument synchronously and may contend for a mutex; this could cause ordering issues in resume call...

CVE-2024-26619

CVE-2024-26619 concerns the Linux kernel on riscv, where a use-after-free was introduced by the order of kfree calls during module loading. The vulnerability is resolved by reversing the free order, preventing use-after-free conditions. The available details identify the affected component as the...

CVE-2024-26611

Technical details are not publicly available in the provided documents; no specific affected kernels, versions, or patch specifics are disclosed.

CVE-2023-52482

CVE-2023-52482 is a Linux kernel issue where x86 SRSO mitigation was added to address speculative return stack overflow on Hygon processors. The connected Nessus entry for MiracleLinux 9 references kernel commits that implement x86 srso mitigation for Hygon and notes this CVE’s resolution, aligni...

CVE-2024-26617

CVE-2024-26617 (Linux kernel) : The vulnerability stems from fs/proc/task_mmu where the mmu notification mechanism was moved inside the mm lock, preventing a race with components that depend on the notifier to invalidate memory ranges. The patch tightens the notifier scope inside the mm lock, red...

CVE-2024-26616

CVE-2024-26616 affects the Linux kernel Btrfs file system, specifically the scrub path. The bug occurs when a converted ext4-converted Btrfs with chunk layout causes Scrub to split a bio and free resources twice, leading to a use-after-free in scrub_read_endio/scrub_submit_initial_read. The root ...

CVE-2023-52493

CVE-2023-52493 concerns the Linux kernel’s bus: mhi: host subsystem. The vulnerability arises from locking the channel by taking both read and write locks in succession during parse_xfer_event, allowing a client callback to queue buffers while holding locks, which can lead to multiple locks and a...

CVE-2023-52491

CVE-2023-52491 concerns a use-after-free in the Linux kernel’s media/mtk-jpeg driver. The issue arises from binding jpeg->job_timeout_work to mtk_jpeg_job_timeout_work in mtk_jpeg_probe and a path in mtk_jpeg_dec_device_run where an error in mtk_jpeg_set_dec_dst leads to a worker being started...

CVE-2023-52487

The CVE-2023-52487 entry relates to the Linux kernel, specifically the mlx5 Ethernet driver area (net/mlx5e). Root cause: a refactor of mlx5e_tc_del_fdb_peer_flow() caused the DUP flag to linger when a peer flow was still referenced concurrently, leading to attempts to remove a flow from eswitch ...

CVE-2021-46979

CVE-2021-46979 : Linux kernel iio subsystem vulnerability where ioctl handlers were removed twice (during iio_device_unregister() and then inside iio_device_unregister_eventset()/iio_buffers_free_sysfs_and_mask()). This double removal could cause a double free leading to kernel panic. The issue i...

CVE-2021-46963

CVE-2021-46963 affects the Linux kernel SCSI qla2xxx driver, where a crash occurred due to an incorrect free of the srb in qla2xxx_mqueuecommand(); srb is now allocated by upper layers. The fix resolves the crash (impact: HIGH availability) by correcting the free path. The cited advisories (SUSE/...

CVE-2024-26939

Summary (CVE-2024-26939) : In the Linux kernel, the DRM i915 driver’s VMA handling suffers a Use-After-Free when destroying a VMA during retirement race, leading to spurious frees of an active i915 VMA object. The root cause is a race between __active_retire() and i915_vma_destroy()/parked paths,...

CVE-2024-26817

CVE-2024-26817 affects the Linux kernel amdkfd component. The vulnerability arises from using kzalloc with a multiplication that can overflow; the fix replaces kzalloc with calloc to avoid integer overflow. Descriptions in connected Nessus advisories (Unity Linux UTSA advisories) reiterate the sa...

CVE-2021-46960

CVE-2021-46960 is a Linux kernel issue affecting CIFS, where an incorrect error code from smb2_get_enc_key could trigger warnings when errors propagate back through CIFS code paths. The description in the provided documents shows the root cause as the CIFS module returning the wrong error and a w...

CVE-2021-46961

CVE-2021-46961 involves the Linux kernel where handling of spurious interrupts in the GICv3 IRQ path could trigger a nested NMI and a BUG_ON(in_nmi()), causing a kernel panic. The root cause is enabling IRQs while processing spurious interrups; a rewrite of the commit moved spurious interrupt han...

CVE-2021-46990

CVE-2021-46990 affects powerpc/64s in the Linux kernel. The vulnerability arises from runtime patching of entry flush mitigations via a debugfs entry (entry_flush), which can be unsafe when CPUs are active, potentially causing a crash due to an LR restore issue. The fixed vulnerability patches ar...

CVE-2021-46955

CVE-2021-46955 affects the Linux kernel in combination with Open vSwitch. The issue arises in IPv4 packet fragmentation within ovs_fragment(), where a temporary dst_entry is misused as an rtable pointer during the ip_do_fragment() -> ip_skb_dst_mtu() -> ip_dst_mtu_maybe_forward() -> ip_m...

CVE-2021-46962

CVE-2021-46962 : Linux kernel mmc: uniphier-sd driver fix for resource leak in remove path. A missing tmio_mmc_host_free() balanced a prior tmio_mmc_host_alloc() in probe, creating a leak in the error path during removal. The fix adds the missing tmio_mmc_host_free() call in the remove function t...

CVE-2021-46966

CVE-2021-46966 affects the Linux kernel: a use-after-free vulnerability in ACPI custom_method code where cm_write() could access a freed buf if count

CVE-2022-48817

CVE-2022-48817 is a Linux kernel issue affecting the ar9331 MDIO switch under the DSA subsystem. The root cause is that mdiobus registration was done under devres and could be freed by devm_mdiobus_free() via device core shutdown, leading to a panic if the bus was still registered. The advisory e...

CVE-2021-46967

CVE-2021-46967 affects the Linux kernel vhost-vdpa virtqueue doorbell mapping. The issue stems from not setting necessary vm_flags (e.g., VM_PFNMAP) when mapping the doorbell, which could cause a kernel panic if userspace maps the doorbell via IOTLB. The connected Nessus/NASL entry confirms a pat...

CVE-2023-52644

CVE-2023-52644 relates to a Linux kernel WiFi component (b43) where the QoS-disabled path could map the IEEE 802.11 queue incorrectly due to a single-queue scenario. The root cause is that when QoS is off, the code may attempt to stop/wake a non-existent queue or fail to stop/wake the actual queu...

CVE-2023-52433

CVE-2023-52433 refers to a Linux kernel issue in netfilter nft_set_rbtree where new elements within a single transaction may expire before the transaction ends. To avoid a commit path walking over an already released object, the code skips sync garbage collection (GC) for those elements during th...

CVE-2023-52587

CVE-2023-52587 (Linux kernel) affects IB/ipoib multicast locking. The issue arose when priv->lock was released while iterating priv->multicast_list in ipoib_mcast_join_task(), creating a window for ipoib_mcast_dev_flush() to remove items mid-iteration. If a mcast item is removed after the l...

CVE-2024-26861

CVE-2024-26861 affects the Linux kernel wireguard receive path, where a data race around keypair->receiving_counter.counter was identified (READ_ONCE/WRITE_ONCE annotations used to mark the race as intentional). The race occurs between wg_packet_decrypt_worker and wg_packet_rx_poll, potentiall...

CVE-2021-46956

CVE-2021-46956 : In the Linux kernel, a memory leak in virtiofs was fixed. When the same tag was passed twice to qemu, virtio_fs_probe() leaked kmemleak-tracked memory, evidenced by a log line like “virtiofs: probe of virtio5 failed with error -17.” The issue is located in the virtiofs subsystem ...

CVE-2024-26816

CVE-2024-26816 affects the Linux kernel on x86 where, when CONFIG_XEN_PV=y, .text symbols are emitted into the .notes section. Relocations in .notes were previously possible and could leak the KASLR base via /sys/kernel/notes. The fixes instruct the kernel to skip performing relocations in the .n...

CVE-2024-26809

CVE-2024-26809 is a Linux kernel vulnerability in netfilter nft_set_pipapo logic. The issue arises when destroying set elements: clone path may destroy elements twice because it did not always use a current view of the lookup table. The root cause is that destruction could proceed without the lat...

CVE-2021-47013

CVE-2021-47013 concerns a use-after-free in Linux kernel’s net:emac/emac-mac path, specifically emac_mac_tx_buf_send. The issue arises when emac_tx_fill_tpd() errors cause skb to be freed (dev_kfree_skb(skb)), yet skb->len is still read by netdev_sent_queue(skb->len). The description states...

CVE-2021-47068

The CVE-2021-47068 entry concerns the Linux kernel NFC LLCP paths (llcp_sock_bind/llcp_sock_connect). Root cause: a refcount leak in bind/connect was fixed but introduced a use-after-free when the same local is bound to two sockets. The vulnerability is tied to the NFC LLCP implementation in the ...

CVE-2021-47017

The CVE-2021-47017 vulnerability is in the Linux kernel's ath10k_htc_send_bundle path, where a use-after-free could occur if bundle_skb is freed by dev_kfree_skb_any(bundle_skb) but later accessed via bundle_skb->len. The patch mitigates this by updating skb_len after freeing bundle_skb. Affec...

CVE-2021-47005

CVE-2021-47005 affects the Linux kernel PCI Express endpoint subsystem. The vulnerability arises from get_features() returning NULL in pci_epc_ops, leading to a NULL pointer dereference in pci_epf_test_alloc_space. The fix adds a NULL check for the pci_epc_feature pointer in pci_epf_test_bind and...

CVE-2020-36787

CVE-2020-36787 describes a Linux kernel clock-handling flaw for Aspeed video engine on AST2500/AST2600 SoCs. The issue arises from reset sequencing of the video engine when enabling eclk and vclk, potentially causing improper reset and sporadic DMA transfers that can corrupt memory and trigger ke...

CVE-2022-48828

CVE-2022-48828: Linux kernel NFSD ia_size underflow fix. ia_size is loff_t (signed 64-bit) while NFSv3/v4 file sizes are unsigned 64-bit, allowing a client to send values > S64_MAX. decode_fattr4() can dump a full u64 into ia_size, causing underflow when the value exceeds S64_MAX. The patch co...

CVE-2024-26957

CVE-2024-26957 relates to the Linux kernel’s s390/zcrypt subsystem, where reference counting on zcrypt card objects was fixed to prevent a use-after-free of the zcrypt_card during hot-plug/probe/remove cycles. The issue could allow freeing a zcrypt card object while it is still in use, as demonst...

CVE-2021-47009

CVE-2021-47009 relates to the Linux kernel KEYS: trusted subsystem. The issue is a memory leak in the object td where two error return paths failed to free td, leading to leaked memory. The fix changes control flow to return via an error path that securely frees td with kfree. The description als...

CVE-2021-46987

CVE-2021-46987: Linux kernel/btrfs deadlock when cloning inline extents with qgroups. Root cause: while cloning, a transaction flush can occur with destination iotree range locked and delalloc flush needing the same range, potentially deadlocking. This occurs specifically when qgroups reserve met...

CVE-2021-47022

The CVE-2021-47022 issue concerns the Linux kernel driver for mt76 mt7615. The vulnerability is a memory leak that occurs in the mt7615 unregister path, specifically relating to the order of cleanup calls: mt7615_tx_token_put() should be invoked before mt76_free_pending_txwi(). A patch fixes meml...

CVE-2023-52583

The CVE-2023-52583 entry describes a Linux kernel issue in the ceph component where dget() usage could lead to a deadlock due to incorrect lock ordering between dentry and its parent. The dead code path was never used because the parent directory is always supplied by callers, so the fix removes ...

CVE-2021-47003

CVE-2021-47003 concerns the Linux kernel’s dmaengine idxd path. A null pointer dereference could occur when code calls idxd_cmd_exec with a null status pointer; a later assignment to *status could dereference a null. The fix is to perform a null check on status before the assignment, preventing t...