CVE-2024-26960

CVE-2024-26960 is described in connected Astra Linux and IBM bulletin entries as a Linux kernel race in mm/swap between free_swap_and_cache() and swapoff(). The vulnerability arises from a window where swapoff() could teardown a swap_info_struct while free_swap_and_cache() runs, potentially allow...

CVE-2024-36920

CVE-2024-36920 relates to a Linux kernel SCSI MPI3MR warning: a 128-byte memcpy was written into a 1-byte array (replay_buf[1]) in mpi3mr_bsg_in_reply_buf, triggering a field-spanning write warning. The description states the array is intended as a flexible length and the warning is a false posit...

CVE-2024-42223

CVE-2024-42223: Linux kernel vulnerability in media: dvb-frontends/tda10048 where state->xtal_hz (up to 16M) could overflow a 32-bit integer when multiplied by pll_mfactor. A 64-bit variable was introduced to hold the calculations, preventing overflow. The issue is resolved by this 64-bit calc...

CVE-2024-53076

CVE-2024-53076 concerns a memory-leak bug in the Linux kernel IIO GTS helper. The vulnerability occurs in iio_gts_build_avail_scale_table() when kcalloc fails inside the for loop, potentially preventing freeing of per_time_scales[0] and per_time_gains[0]. The root cause is improper cleanup on err...

CVE-2017-2647

CVE-2017-2647 affects the Linux kernel KEYS subsystem (keyring_search_iterator in keyring.c) and allows a local, authenticated user to trigger a NULL pointer dereference, enabling a crash or possible privilege escalation. The vulnerability is documented across multiple advisories; remediation is ...

CVE-2023-45862

CVE-2023-45862 affects the ENE UB6250 USB reader driver in Linux kernels prior to 6.2.5. The issue is a memory-allocation overrun in drivers/usb/storage/ene_ub6250.c where an object could extend beyond the end of an allocation. Risk details are not elaborated in the provided documents beyond this...

CVE-2024-35966

CVE-2024-35966 (Linux kernel) : A Bluetooth RFCOMM vulnerability where rfcomm_sock_setsockopt_old() could copy data beyond the input length, due to not validating user input in setsockopt. This caused KASAN slab-out-of-bounds access in copy_from_sockptr_offset and related code paths in net/blueto...

CVE-2024-53687

CVE-2024-53687 – Linux kernel (RISC-V) vulnerability. The issue arises when flush_tlb_kernel_range() uses IPIs to flush TLBs on all cores, triggering a warning with IRQs disabled. The fix preserves only flushing the local TLB and delegates potential faults from stale protected PTEs to the lazy kf...

CVE-2016-7913

CVE-2016-7913 affects the Linux kernel tuner driver xc2028 (drivers/media/tuners/tuner-xc2028.c). The vulnerability stems from xc2028_set_config: if the firmware name is omitted from a data structure, a local attacker can trigger a use-after-free, enabling privilege escalation or a denial of serv...

CVE-2022-1280

CVE-2022-1280 is a Linux kernel use-after-free in drm_lease_held (drivers/gpu/drm/drm_lease.c) caused by a race. Exploitation may enable local privilege attackers to cause DoS or kernel information leak. Connected docs also reference a separate disclosure chain noting a race between drm_setmaster...

CVE-2022-26878

CVE-2022-26878 refers to a memory leak in the Linux kernel’s VirtIO Bluetooth driver (drivers/bluetooth/virtio_bt.c) where socket buffers were allocated but not freed. Affected: Linux kernel before 5.16.3. Impact stated: memory leak (potential resource exhaustion). Remediation: patch released in ...

CVE-2022-41849

CVE-2022-41849 affects the Linux kernel, specifically drivers/video/fbdev/smscufx.c, where a race between ufx_ops_open and ufx_usb_disconnect can cause a use-after-free if a nearby attacker unplugs a USB device during open(). The vulnerability is locally exploitable with physical access and has a...

CVE-2022-49469

CVE-2022-49469 is a Linux kernel issue affecting the btrfs subsystem. The vulnerability arises in create_subvol() where, on failures of btrfs_qgroup_inherit(), btrfs_alloc_tree_block, or btrfs_insert_root(), anon_dev could leak because error handling did not free it. The fix reorganizes the error...

CVE-2023-1252

CVE-2023-1252 is a Linux kernel use-after-free in the Ext4 file system when overlayfs triggers multiple file operations. The vulnerability arises from a use-after-free in ovl_aio_req; if unpatched, the local attacker could crash or potentially escalate privileges. The fix is available in patch 9a...

CVE-2024-26733

CVE-2024-26733 (Linux kernel) : A heap-based buffer overflow in arp_req_get() was fixed. The issue occurs when ioctl(SIOCGARP) copies neigh->ha into arpreq.arp_ha.sa_data (14-byte sockaddr) with a 14-byte copy, risking overflow into arp_flags and overwriting arp_netmask if dev->addr_len exc...

CVE-2024-50136

CVE-2024-50136 affects the Linux kernel’s mlx5 driver (net/mlx5) where the notifier for eswitch init could remain registered after an init failure, causing a later eswitch enable to emit warnings like “notifier callback eswitch_vport_event [mlx5_core] already registered.” The root cause described...

CVE-2000-0006

CVE-2000-0006 affects the strace utility. The issue allows local users to read arbitrary files via memory-mapped file names. The connected records identify strace as the affected component and describe the vulnerability as a local-read exposure through mmap-based file-name handling. No explicit e...

CVE-2017-12153

CVE-2017-12153 refers to a security flaw in the Linux kernel where nl80211_set_rekey_data() in net/wireless/nl80211.c does not validate required Netlink attributes, enabling a local attacker with CAP_NET_ADMIN to trigger a NULL pointer dereference and system crash. The vulnerability is described ...

CVE-2020-27830

CVE-2020-27830 is a Linux Kernel vulnerability where spk_ttyio_receive_buf2() can dereference spk_ttyio_synth when it is NULL, causing a NULL-pointer dereference crash. The connected Nessus advisories (Unity Linux UTSA-2026-001485, UTSA-2026-004226, UTSA-2026-003925) reference this CVE as part of...

CVE-2021-4150

CVE-2021-4150 is a Linux kernel use-after-free in add_partition (block/partitions/core.c). The vulnerability arises from missing cleanup when device_add fails while adding a partition, enabling a local attacker with user privileges to cause a denial of service. Affected component is the kernel’s ...

CVE-2022-48773

CVE-2022-48773 — Linux kernel (xprtrdma rpcrdma_ep_create): Affected code path dereferenced non-NULL pointers in error handling. When rpcrdma_ep_create fails, non-NULL pointers could be left with an error value, causing rpcrdma_ep_destroy to free them and trigger a kernel Oops. The fix adds point...

CVE-2024-50137

CVE-2024-50137 affects the Linux kernel, specifically the StarFive JH7110 reset driver. A fault in reset_control_status can cause data->asserted to be NULL on the JH7110 SoC, triggering errors when accessing an empty member. The issue has been fixed by adding a judgment condition to avoid null...

CVE-2024-56653

CVE-2024-56653 is a Linux kernel vulnerability in the Bluetooth btmtk pathway that can cause a slab-use-after-free in btmtk_process_coredump when handling coredumps. The issue arises because hci_devcd_append may release an sk_buff, after which the code can still access the freed object; a KASAN r...

CVE-2010-3705

The vulnerability CVE-2010-3705 affects the Linux kernel SCTP code: sctp_auth_asoc_get_hmac in net/sctp/auth.c does not validate the hmac_ids array from a remote peer, enabling remote attackers to trigger memory corruption and a kernel panic. Affected versions are Linux kernel before 2.6.36; reme...

CVE-2011-1093

CVE-2011-1093 affects the Linux kernel’s Datagram Congestion Control Protocol (DCCP). The vulnerable code path is dccp_rcv_state_process in net/dccp/input.c, which mishandles packets for a CLOSED endpoint. An attacker can trigger a NULL pointer dereference and OOPS by sending a DCCP-Close packet ...

CVE-2012-6538

CVE-2012-6538 affects the Linux kernel prior to 3.6. The vulnerability lives in net/xfrm/xfrm_user.c: the function copy_to_user_auth uses an incorrect C library function for copying a string, enabling local users with CAP_NET_ADMIN to read sensitive information from kernel heap memory. The Miracl...

CVE-2015-8812

CVE-2015-8812 affects the Linux kernel CXGB3 driver; a use-after-free in drivers/infiniband/hw/cxgb3/iwch_cm.c can be triggered by crafted packets to remotely execute code or cause a denial of service. Impact is a remote-code execution/DoS via network traffic with the vulnerability labeled as hig...

CVE-2018-14678

CVE-2018-14678 affects the Linux kernel up to 4.17.11 (and Xen up to 4.11.x). The xen_failsafe_callback entry in arch/x86/entry/entry_64.S does not properly preserve RBX, enabling local attackers to trigger uninitialized memory usage, causing a denial of service; 64-bit x86 PV Linux guests may cr...

CVE-2020-12465

CVE-2020-12465: An array overflow in mt76_add_fragment (drivers/net/wireless/mediatek/mt76/dma.c) of the Linux kernel before 5.5.10 can cause memory corruption by an oversized packet with too many RX fragments. The issue is documented in the Uniti/Miracle Linux advisories referencing CVE-2020-124...

CVE-2022-1205

CVE-2022-1205 is a NULL pointer dereference in the Linux kernel’s Amateur Radio AX.25 protocol handler that occurs during connection setup, enabling a local attacker to crash the system (local DoS). Affected component is the AX.25 hamradio implementation in the kernel; the issue is not a remote e...

CVE-2022-2873

CVE-2022-2873 refers to an out-of-bounds memory access in the Linux kernel’s Intel iSMT SMBus 2.0 host controller driver, triggered by I2C_SMBUS_BLOCK_DATA with malicious input. The vulnerability allows a local attacker to crash the system (local denial of service); CVSSv3.1 base score 5.5 (Local...

CVE-2022-3619

CVE-2022-3619 is a memory-leak vulnerability in the Linux kernel Bluetooth subsystem (function l2cap_recv_acldata in net/bluetooth/l2cap_core.c). The Connected documents confirm the issue and its inclusion in kernel security advisories, and several sources list it among fixes in kernel updates. T...

CVE-2022-48627

CVE-2022-48627 (Linux kernel) describes a memory overlap bug in vt buffer character deletion caused by an overlapping copy when using scr_memcpyw, which may lead to data corruption or leakage if destination overlaps source. The issue is mitigated by replacing scr_memcpyw with scr_memmovew; severa...

CVE-2023-3090

CVE-2023-3090 is a Linux kernel vulnerability affecting the ipvlan driver. It causes a heap out-of-bounds write due to missing skb->cb initialization, and is exploitable when CONFIG_IPVLAN is enabled. The issue enables local privilege escalation as described in multiple sources (e.g., Astra Li...

CVE-2023-52475

CVE-2023-52475 : Linux kernel powermate driver has a use-after-free when the device is disconnected. The issue occurs when an asynchronous control message completes after the powermate_device is freed, leaving a dead lock reference. The recommended fix is to cancel in-progress requests on disconn...

CVE-2014-0181

The CVE-2014-0181 issue affects the Linux kernel Netlink implementation prior to 3.14.1, where there is no authorization based on the opener of a Netlink socket. This can allow a local user to bypass intended access restrictions and modify network configurations by using a Netlink socket for the ...

CVE-2018-5332

CVE-2018-5332 affects the Linux kernel up to version 3.2, where rds_message_alloc_sgs() does not validate a value used during DMA page allocation, causing a heap-based out-of-bounds write in net/rds/rdma.c (via rds_rdma_extra_size). Exploitation would rely on local access to trigger DMA-related a...

CVE-2019-12984

CVE-2019-12984 is a NULL pointer dereference in the Linux kernel before 5.1.13, specifically in nfc_genl_deactivate_target() within net/nfc/netlink.c. A malicious user-mode program that omits certain NFC attributes can trigger this vulnerability, resulting in denial of service. Affected software ...

CVE-2020-27675

CVE-2020-27675 describes a race condition in the Xen event-channel handling code (drivers/xen/events/events_base.c) that permits removal of an event channel during event handling, causing a use-after-free or NULL dereference and potentially a dom0 crash. The issue is present in the Linux kernel u...

CVE-2023-4569

CVE-2023-4569 – Linux kernel nf_tables memory leak : A memory leak is triggered by nft_set_catchall_flush in net/netfilter/nf_tables_api.c. Several connected advisories describe this as a local issue that can leak memory when catchall elements are deactivated. Affected software is the Linux kerne...

CVE-2023-52477

In CVE-2023-52477, the Linux kernel USB hub code (drivers/usb/core/hub.c/hub.h) incorrectly accessed fields inside udev->bos without verifying that the BOS descriptor was allocated/initialized. If usb_get_bos_descriptor() fails, udev->bos can be NULL, causing a NULL pointer dereference and ...

CVE-2024-1151

CVE-2024-1151 is described in connected sources as a Linux kernel vulnerability affecting the Open vSwitch (OVS) sub‑component. The flaw occurs when a recursive operation calls into the same code block without validating stack depth, allowing a stack overflow that can crash the kernel or cause re...

CVE-2024-38780

CVE-2024-38780 affects the Linux kernel's dma-buf/sw-sync path. The root cause was replacing spin_unlock_irqrestore() with spin_unlock_irq() in sync_print_obj() (and in sync_debugfs_show()) after commit a6aa8fca4d79, triggering a lockdep warning about inconsistent lock state. The fix uses plain s...

CVE-2024-56600

CVE-2024-56600 (Linux kernel) : The issue arises in inet6_create() where sock_init_data() attaches an allocated sk to the sock, and if inet6_create() later fails, the sock keeps a dangling sk pointer, risking use-after-free. The fix, as described, is to clear the sock’s sk pointer on error to pre...

CVE-2015-8767

CVE-2015-8767 affects the Linux kernel SCTP path: net/sctp/sm_sideeffect.c fails to properly synchronize a lock with a socket during heartbeat timeout processing, allowing a local attacker to cause a denial of service (deadlock) via crafted sctp_accept calls. Affected: Linux kernel before 4.3 (pe...

CVE-2015-8956

CVE-2015-8956 detailed in connected sources: The Linux kernel’s rfcomm_sock_bind in net/bluetooth/rfcomm/sock.c, vulnerable before 4.2, may allow a local attacker to obtain sensitive information or cause a denial of service (NULL pointer dereference) via a bind system call on a Bluetooth RFCOMM s...

CVE-2016-8650

CVE-2016-8650 affects the Linux kernel: the mpi_powm function in lib/mpi/mpi-pow.c can fail to allocate memory for limb data, permitting a local attacker to trigger a denial of service (stack memory corruption/panic) via an add_key RSA operation with a zero exponent. Public advisories (F5) confir...

CVE-2017-17806

CVE-2017-17806 affects the Linux kernel before 4.14.8. The HMAC implementation (crypto/hmac.c) does not validate that the underlying hash algorithm is unkeyed, allowing a local attacker who can use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and SHA-3 (CONFIG_CRYPTO_SHA3) to tri...

CVE-2024-42079

CVE-2024-42079 is a Linux kernel vulnerability in the gfs2 subsystem that could lead to a NULL pointer dereference during log flush operations. The root cause is a race between outstanding glock work and unmount, which could cause gfs2_log_flush() to dereference a freed or NULL sdp->sd_jdesc. ...

CVE-2024-50033

CVE-2024-50033 relates to the Linux kernel slip/slhc.c, where slhc_remember() failed to validate packets against malicious inputs. The issue allowed uninit reads due to insufficient checks on packet contents beyond a 20-byte minimum, risking exposure via PPP/SLIP processing when IPv4 and TCP head...