CVE-2025-21675

The CVE-2025-21675 issue affects the Linux kernel code path for mlx5_lag_port_sel_create, where resource cleanup was incomplete and could lead to double-destruction of definers after a failure to create the port select structure. The resulting cleanup gap caused a NULL pointer dereference on erro...

CVE-2015-8539

CVE-2015-8539 is referenced in MiracleLinux AXSA-2018-2578 as a Linux kernel KEYS subsystem flaw fixed by updating the kernel to a version with mitigations. The vulnerability arises in the KEYS subsystem of the Linux kernel prior to 4.4, where crafted keyctl commands can negatively instantiate a ...

CVE-2017-2618

CVE-2017-2618 is a Linux kernel local vulnerability caused by how SELinux attributes are cleared on /proc/pid/attr. An empty write to that file can crash the system by triggering access to unmapped kernel memory. The connected Nessus entries (Unity Linux, MiracleLinux AXSA advisory, and related p...

CVE-2019-19227

The CVE-2019-19227 issue affects the Linux kernel AppleTalk subsystem prior to 5.1. The vulnerability is a potential NULL pointer dereference caused by register_snap_client returning NULL, which can trigger a denial of service in net/appletalk/aarp.c and net/appletalk/ddp.c (e.g., via unregister_...

CVE-2019-19536

CVE-2019-19536 is an info-leak vulnerability in the Linux kernel (<5.2.9) caused by a faulty handling of a malicious USB device in drivers/net/can/usb/peak_usb/pcan_usb_pro.c (CID-ead16e53c2f0). Some public advisories (Unity Linux UTSA-2026-*) reference this CVE and note the issue affects kern...

CVE-2021-38206

The CVE-2021-38206 issue affects the Linux kernel mac80211 subsystem before 5.12.13: when a 5 GHz-only device is used, injecting a frame with 802.11a rates can trigger a NULL pointer dereference in the radiotap parser, causing a Denial of Service. The vulnerability is addressed in Linux kernel 5....

CVE-2021-4159

CVE-2021-4159 is described in connected documents as a Linux kernel EBPF verifier flaw that could allow a local attacker to leak internal kernel memory by causing uninitialized or sensitive data to be exposed to userspace when handling internal data structures during eBPF code insertion. The issu...

CVE-2023-1611

CVE-2023-1611 is a use-after-free in btrfs_search_slot (fs/btrfs/ctree.c) in the Linux kernel, enabling local crashes and potentially kernel information leaks. Connected advisories (e.g., Red Hat and Astra/AL) confirm the issue and advocate updating the kernel to mitigate. Affected product is the...

CVE-2024-26772

CVE-2024-26772 describes a Linux kernel vulnerability in ext4 where block allocations could come from a corrupted group bitmap. The fix moves the group bitmap integrity check under the group lock in ext4_mb_find_by_goal(), ensuring that blocks are not allocated from a group whose bitmap is corrup...

CVE-2024-27020

In CVE-2024-27020, the Linux kernel nf_tables code had a potential data race when nft_unregister_expr() ran concurrently with __nft_expr_type_get() due to insufficient protection while iterating nf_tables_expressions. The fix involves iterating nf_tables_expressions with list_for_each_entry_rcu()...

CVE-2024-39472

CVE-2024-39472 affects the Linux kernel XFS log recovery path. The issue arises from incorrect h_size handling for the legacy h_size fixup during the initial umount record, where earlier changes to LR header block calculation allowed an out-of-bounds access when h_size didn’t originate from the o...

CVE-2024-40960

CVE-2024-40960: Linux kernel IPv6 routing (rt6_probe) NULL-pointer dereference. The code could dereference a non-canonical address due to missing NULL check in __in6_dev_get(); syzbot trace shows a crash (OOPs) in rt6_probe and call path through rt6_nh_find_match and fib6_table_lookup. The vulner...

CVE-2024-53173

CVE-2024-53173 — Linux kernel NFSv4.0 use-after-free fix . The vulnerability arises when two threads open files concurrently and abort before a reply is seen, leading to use-after-free of the defunct rpc task pointer due to nfs_release_seqid() in nfs4_opendata_free(). The patch ensures that if th...

CVE-2024-56769

CVE-2024-56769 affects the Linux kernel media DVB frontends, specifically the dib3000mb driver. The issue is a KMSAN-detected uninitialized value in dib3000_read_reg, arising from an inadequate error handling path in i2c_transfer() where a read buffer rb[2] can end up with undefined values if the...

CVE-2018-15572

CVE-2018-15572: Linux kernel

CVE-2018-7492

The CVE-2018-7492 entry affects the Linux kernel prior to 4.14.7, where a NULL pointer dereference in net/rds/rdma.c __rds_rdma_map() can be triggered by local attackers via RDS_GET_MR / RDS_GET_MR_FOR_DEST. This leads to a system panic and denial-of-service. Affected versions are exposed to loca...

CVE-2021-3732

CVE-2021-3732 is a local-privilege escalation/information-disclosure flaw in the Linux kernel OverlayFS subsystem affecting how TmpFS is mounted under OverlayFS, allowing a local user to reveal files hidden in the original mount. Connected docs corroborate the issue across multiple sources (Astra...

CVE-2022-1882

CVE-2022-1882: A use-after-free in Linux kernel pipes handling (pipes.post_one_notification after free_pipe_info) allows a local user to crash the system and potentially escalate privileges. Documented in CVE-2022-1882 with CVSS v3 base 7.8 (LOCAL, LOW complexity, user is not required to interact...

CVE-2022-39190

CVE-2022-39190 affects the Linux kernel nf_tables_api.c and enables a local denial-of-service by binding to an already bound netfilter chain. The issue is described as present in Linux kernel versions up to 5.19.5 (before 5.19.6). A patch addressing this vulnerability is included in 5.19.6 (Chang...

CVE-2023-1249

CVE-2023-1249: A use-after-free in the Linux kernel core dump subsystem could allow a local user to crash the system; this requires patch 390031c94211 to be applied to be affected. Technical details are not publicly provided in the supplied documents. Monitor for updates.

CVE-2023-28464

CVE-2023-28464 is described in MiracleLinux/Alibaba Cloud Linux advisories as a use-after-free in the Linux kernel Bluetooth subsystem (hci_conn_cleanup in net/bluetooth/hci_conn.c) observed up to kernel 6.2.9, with a double-free leading to possible privilege escalation. The connected Nessus entr...

CVE-2023-6817

CVE-2023-6817 is a use-after-free in the Linux kernel nf_tables netfilter component (PIPAPO: Pile Packet Policies). The issue arises from nft_pipapo_walk not skipping inactive elements during a set walk, which can cause double deactivations of PIPAPO elements and lead to use-after-free. Evidence ...

CVE-2024-26900

CVE-2024-26900: Linux kernel md subsystem vulnerability fixed; kmemleak occurs when rdev->serial is not freed if kobject_add() fails in bind_rdev_to_array(). Root cause: missing free of rdev->serial during serial pool init; impact: local kmemleak exposure (no remote code execution). CVSS v3...

CVE-2024-45006

CVE-2024-45006 affects the Linux kernel xHCI Panther Point. Root cause: after a failed address-device command during re-enumeration of full-speed USB devices, the software bandwidth table pointers aren’t set, causing a NULL pointer dereference when usb_ep0_reinit() invokes xhci_configure_endpoint...

CVE-2024-50044

CVE-2024-50044 affects the Linux kernel Bluetooth RFCOMM path. The issue is a deadlock in rfcomm_sk_state_change caused by rfcomm_sock_ioctl attempting to lock sock_lock while another path already holds the lock, creating circular locking. The vulnerability is resolved in kernel code by ensuring ...

CVE-2013-2206

CVE-2013-2206 concerns the Linux kernel SCTP implementation. The sctp_sf_do_5_2_4_dupcook function in net/sctp/sm_statefuns.c does not properly handle associations during processing of a duplicate COOKIE ECHO chunk, allowing remote attackers to trigger a denial of service via NULL pointer derefer...

CVE-2014-6410

The vulnerability CVE-2014-6410 affects the Linux kernel (through 3.16.3) in the UDF filesystem: the __udf_read_inode function does not restrict ICB indirection, enabling a local, physically proximate attacker to cause a denial of service (infinite loop or stack consumption) via a crafted inode. ...

CVE-2016-4470

CVE-2016-4470 affects the Linux kernel keyring handling: in key_reject_and_link() an uninitialized pointer may be dereferenced after an error, enabling a local attacker to trigger a denial of service (system crash) via crafted keyctl request2. Connected advisories confirm this is a kernel issue w...

CVE-2016-4998

CVE-2016-4998 affects the Linux kernel netfilter IPT_SO_SET_REPLACE handling. The vulnerability allows a local attacker (e.g., with container/root access) to trigger an out-of-bounds read and potentially leak kernel heap memory or cause a Denial of Service by supplying a crafted offset that cross...

CVE-2017-5970

Summary (CVE-2017-5970): The Linux kernel (ipv4_pktinfo_prepare in net/ipv4/ip_sockglue.c) up to version 4.9.9 is affected. A flaw can cause a denial of service (system crash) when triggered by (1) crafted system calls from an application or (2) IPv4 traffic carrying invalid IP options. The root ...

CVE-2017-7472

CVE-2017-7472 affects the KEYS subsystem of the Linux kernel prior to version 4.10.13. A local attacker can exhaust memory by repeatedly invoking keyctl_set_reqkey_keyring on KEY_REQKEY_DEFL_THREAD_KEYRING, leading to a denial of service. The vulnerability is triggered by a sequence of calls in t...

CVE-2017-9242

CVE-2017-9242 affects the Linux kernel prior to a fix that corrects an out-of-order overwrite check in the IPv6 stack. The vulnerability stems from the __ip6_append_data function in net/ipv6/ip6_output.c, where the overwrite check is performed too late, allowing a local attacker to crash the syst...

CVE-2019-19377

CVE-2019-19377 concerns Linux kernel 5.0.21 where mounting a crafted btrfs image, performing actions, and unmounting can trigger a use-after-free in btrfs_queue_work (fs/btrfs/async-thread.c). Connected Nessus advisories for Unity Linux (UTSA-2026-004393) reiterate this, tying the issue to kernel...

CVE-2019-19535

CVE-2019-19535 affects the Linux kernel up to 5.2.8 via the PCAN-USB FD driver (drivers/net/can/usb/peak_usb/pcan_usb_fd.c). A malicious USB device can trigger an info-leak in this driver (CID-30a8beeb3042), causing partial information disclosure. Affected product: Linux kernel before 5.2.9; vuln...

CVE-2021-45402

CVE-2021-45402 affects the Linux kernel where check_alu_op() in kernel/bpf/verifier.c does not update bounds properly when handling mov32, enabling local attackers to leak potentially sensitive addresses (pointer leak). The description is consistently cited across multiple connected advisories (e...

CVE-2021-47548

CVE-2021-47548 (Linux kernel ethernet: hisilicon: hns: hns_dsaf_misc) fixes an array overflow in hns_dsaf_ge_srst_by_port(). The port check was port >= DSAF_GE_NUM (8), but dsaf_dev->mac_cb has length DSAF_MAX_PORT_NUM (6); ports 6–7 could access dsaf_dev->mac_cb[port] and overflow. The ...

CVE-2022-49173

In the Linux kernel, CVE-2022-49173 affects the SPI FSI path where data transfer routines poll a status register and may hang if a hardware bad state occurs. The fix adds a timeout to polling and returns an error when exceeded, preventing infinite loops. Affected component: spi: fsi in the Linux ...

CVE-2024-26933

CVE-2024-26933 is described in connected advisories as a Linux kernel USB core fix: it resolves a deadlock in the port "disable" sysfs attribute handling. The show/store callbacks for the disable sysfs file in port.c acquire the hub’s device lock, while removing a hub (and potentially changing it...

CVE-2024-27012

Summary (CVE-2024-27012) : Linux kernel vulnerability in netfilter nf_tables where deleting a set could fail to restore element refcounts, leaving a mismatched state on abort paths. The fix moves inactive-element checks into the set iterator callback and reverses logic for activate, toggling the ...

CVE-2024-50058

CVE-2024-50058: Linux kernel serial subsystem vulnerability where uart_shutdown() could dereference a NULL uart_port (uport) after a patch added NULL checks. The commit af224ca2df29 added safety checks, but a call to uart_port_dtr_rts(uport, false) remained unprotected if HUPCL is set. The incons...

CVE-2017-12146

The CVE-2017-12146 issue affects the Linux kernel driver_override in drivers/base/platform.c prior to 4.12.1. A race between reads and stores of different overrides can allow a local user to gain privileges. Evidence from connected Nessus advisories (Unity Linux, EulerOS, OracleVM) confirms the v...

CVE-2017-17558

Technical details about CVE-2017-17558 are not publicly provided in the supplied documents. Monitor for official advisories for affected products, impact, and mitigations; no concrete exploit information or patch details are available here.

CVE-2018-20511

The CVE-2018-20511 vulnerability affects Linux kernel older than 4.18.11, where ipddp_ioctl in drivers/net/appletalk/ipddp.c allows local users with CAP_NET_ADMIN to read the ipddp_route and next fields via SIOCFINDIPDDPRT, leading to kernel address disclosure (information leakage). Unity/Linux a...

CVE-2019-19061

CVE-2019-19061 is tied to a memory leak in the Linux kernel’s ADIS16400 IIO IMU driver: adis_update_scan_mode_burst() in drivers/iio/imu/adis_buffer.c before 5.3.9. The issue can cause denial of service via memory exhaustion. Affected component: Linux kernel (ADIS16400 IIO IMU driver). Root cause...

CVE-2021-42327

CVE-2021-42327 is a Linux kernel heap-based buffer overflow in the AMDGPU display driver debugfs path (amdgpu_dm_debugfs.c). The flaw occurs in dp_link_settings_write where parse_write_buffer_into_params copies a userspace buffer into a 40-byte heap buffer without proper size checks against copy_...

CVE-2021-47101

CVE-2021-47101: In the Linux kernel, a fix for an uninitialized read in the ASIX USB Ethernet driver was applied. asix_read_cmd() could read fewer bytes than sizeof(smsr), leaving smsр uninitialized and potentially exposing uninitialized data during later use. The issue was observed in KMSAN repo...

CVE-2023-52664

The CVE-2023-52664 issue affects the Linux kernel net: Atlantic driver, where a logic error in ring data allocation/free can lead to a double-free scenario in error handling if memory allocation fails. The root cause is using the ring pointer as a failure indicator, while only ring data is alloca...

CVE-2024-24857

Summary (CVE-2024-24857) : A race condition in the Linux kernel’s net/bluetooth driver function conn_info_{min,max}age_set() may cause an integrity overflow, potentially causing Bluetooth connection abnormalities or DoS. Public sources place this as a kernel issue affecting the Bluetooth subsyste...

CVE-2024-26671

CVE-2024-26671 describes a Linux kernel IO hang caused by blk-mq wakeup/race where __add_wait_queue() can be reordered with blk_mq_get_driver_tag() on tag failure, leading __sbitmap_queue_wake_up() to miss the waiter and not wake up, while blk_mq_mark_tag_wait() cannot obtain a driver tag. The fi...

CVE-2024-50074

CVE-2024-50074 — Linux kernel parport out-of-bounds fix : The vulnerability concerns array bounds in the parallel port (parport) code. The fix replaces blind snprintf calls with scnprintf to ensure the written length reflects actual output, addressing potential overflows in length calculations. A...