CVE-2016-10208

CVE-2016-10208 affects the Linux kernel ext4_fill_super(path) code: it fails to validate meta block groups when mounting an ext4 image, enabling a locally proximate attacker with physical access to trigger memory corruption via a crafted EXT4 image, resulting in an out-of-bounds read and system c...

CVE-2016-9588

CVE-2016-9588 affects the Linux kernel KVM arch/x86/kvm/vmx.c: it mismanages #BP and #OF exceptions, allowing a local attacker in an L2 guest to crash the L1 guest (DoS). The issue is fixed in kernel updates after 4.9, with advisories noting upgrades to 4.9.11+ (e.g., 4.9.11-1/2, 4.9.11+ upstream...

CVE-2017-5551

CVE-2017-5551 affects the Linux kernel; the simple_set_acl function in fs/posix_acl.c does not clear the setgid bit during a setxattr call on tmpfs, enabling a local user to gain group privileges if a setgid program exists with restricted execute permissions. This is tied to an incomplete fix of ...

CVE-2018-12232

CVE-2018-12232: In the Linux kernel up to 4.17.1, there is a race between fchownat and close when targeting the same socket file descriptor. fchownat does not increment the file descriptor reference count, allowing close to set the socket to NULL during fchownat’s execution, causing a NULL pointe...

CVE-2023-1582

CVE-2023-1582 is described in connected documents as a race condition in the Linux kernel's fs/proc/task_mmu.c under the memory management component. It may allow a local privileged user to cause a denial of service. The MiracleLinux advisory block lists the vulnerability and confirms the race co...

CVE-2024-23307

CVE-2024-23307 affects the Linux kernel (md, raid, raid5 modules) with an Integer Overflow or Wraparound vulnerability. The connected Astra/Linux bulletin reproduces the same description but provides no technical details or patch information in the supplied documents. No mitigation details are pr...

CVE-2024-35809

The CVE-2024-35809 entry describes a race in the Linux kernel's PCI runtime power management path: the .runtime_idle() callback in rtsx_pcr PCI driver can still be running when pm_runtime_get_sync() returns, leading to a race with the post-sync code and a potential kernel crash due to an unhandle...

CVE-2024-44931

CVE-2024-44931 describes a speculative information-leak in the Linux kernel gpio path: userspace can trigger a speculative read beyond the gpio descriptor array by calling gpio_ioctl() with an out-of-range offset. The fix sanitizes the offset before using it as an index by applying array_index_no...

CVE-2024-56763

The CVE applies to the Linux kernel tracing subsystem, specifically tracing_cpumask_write. A large count can trigger a warning in bitmap_parse_user and there is an additional zero-count check. The fix is described as: Prevent bad count for tracing_cpumask_write and also check zero for it. Connect...

CVE-2025-21666

CVE-2025-21666 involves a null-pointer dereference in the Linux kernel when vsock_*_has_data/has_space is invoked on a socket that has been de-assigned from a transport. The problem is mitigated by returning 0 (no space/data) with a warning to keep execution stable. Connected documents confirm th...

CVE-2010-4249

CVE-2010-4249 affects the Linux kernel before 2.6.37-rc3-next-20101125: the wait_for_unix_gc routine in net/unix/garbage.c does not properly select times for garbage-collecting inflight sockets, enabling local users to cause a denial of service (system hang) by crafting socketpair and sendmsg cal...

CVE-2019-20794

CVE-2019-20794 : The Linux kernel versions 4.18–5.6.11 are affected when unprivileged user namespaces are allowed. A user can create their own PID namespace and mount a FUSE filesystem; if the userspace component is terminated by killing PID 1, the interaction with the FUSE mount can hang the tas...

CVE-2020-27152

CVE-2020-27152 affects the Linux kernel prior to 5.9.2 in arch/x86/kvm/ioapic.c (ioapic_lazy_update_eoi). The issue is an infinite loop caused by improper interaction between a resampler and edge triggering. Affected software: Linux kernel up to 5.9.1, with fixed 5.9.2 per ChangeLog-5.9.2. Exploi...

CVE-2020-36694

The CVE-2020-36694 issue affects the Linux kernel netfilter path prior to 5.10, enabling a use-after-free in the packet processing context due to mishandling of the per-CPU sequence counter during concurrent iptables rule replacements. Exploitation requires CAP_NET_ADMIN in an unprivileged namesp...

CVE-2021-28951

CVE-2021-28951 is a Linux kernel flaw affecting fs/io_uring.c up to 5.11.8 that can cause a denial of service (deadlock) when exit waits for a SQPOLL thread while the thread awaits a start signal. The issue is documented in multiple advisories (e.g., ALAS2KERNEL entries for Kernel-5.10/5.15 and r...

CVE-2023-52478

CVE-2023-52478 : The Linux kernel hides a TOCTOU race in logitech-hidpp HID++ handling (hidpp_connect_event) that can lead to a use-after-free during USB receiver disconnect. The issue arises as four TOCTOU races occur across probe/workqueue threads when retrieving the HIDPP protocol, updating th...

CVE-2023-5717

CVE-2023-5717 describes a heap out-of-bounds write in the Linux kernel’s perf subsystem (Perf events) caused by improper handling of event groups. When perf_read_group() runs and an event’s sibling_list is smaller than its child’s, memory writes can occur outside the allocated buffer, enabling lo...

CVE-2024-26641

CVE-2024-26641 affects the Linux kernel’s IPv6/IP tunneling path. The issue arises in ip6_tunnel when receiving inner headers in __ip6_tnl_rcv(), which could access uninitialized data via a chained path (KMSAN warnings). The fix, as described in the description, is to call pskb_inet_may_pull() to...

CVE-2024-26704

CVE-2024-26704 affects the Linux kernel ext4 filesystem. The issue was a double-free of blocks in ext4_move_extents: moved_len was only updated when all moves succeeded, causing potential overlap with preallocated extents to be freed twice and triggering a zero-division in mb_update_avg_fragment_...

CVE-2024-26808

CVE-2024-26808 affects the Linux kernel in the netfilter nft_chain_filter path. The issue arises when handling NETDEV_UNREGISTER for the inet/ingress basechain, potentially leaving a stale netdevice reference in the hook list. The fix removes the netdevice from the inet/ingress basechain when the...

CVE-2024-35947

Technical details about CVE-2024-35947 are not publicly provided in the supplied documents; the initial entry notes the Linux kernel BUG_ON fix but no affected products/versions or remediation specifics beyond references. Monitor for updates.

CVE-2024-36940

CVE-2024-36940 – Linux kernel pinctrl double-free issue Root cause: In the pinctrl core, freeing the pctldev is managed via devm_pinctrl_dev_release(), but the code in pinctrl_enable() frees that struct again, causing a double-free. The devm lifecycle is intended to release automatically; manual ...

CVE-2024-50064

CVE-2024-50064 refers to a Linux kernel ZRAM issue: on reset of a zram device with multi-streams, the code failed to free memory by kfree()ing secondary algorithm names, causing a memory leak. The connected Azure Linux advisory and Miracle Linux Nessus entries confirm the vulnerability and refere...

CVE-2024-53122

CVE-2024-53122 affects the Linux kernel in mptcp: racing subflow creation in mptcp_rcv_space_adjust can trigger a race when handling spooled data on a subflow, potentially causing a divide-by-zero during tcp_cleanup_rbuf() on newly created subflows. The fix adds a state check to ensure the subflo...

CVE-2024-56605

CVE-2024-56605 is a Linux kernel vulnerability in Bluetooth L2CAP handling. The issue arises when bt_sock_alloc() creates an sk object and attaches it to a sock; on error, l2cap_sock_alloc() frees the sk but leaves a dangling sk pointer attached to the sock, allowing a potential use-after-free in...

CVE-2013-4312

The CVE-2013-4312 issue affects the Linux kernel prior to 4.4.1, where a local attacker could bypass per-process file-descriptor limits by sending descriptors over a local UNIX domain socket before closing them, causing memory exhaustion and potential denial of service. The root cause is the hand...

CVE-2016-5829

CVE-2016-5829 is a Linux kernel vulnerability in the hiddev driver (hiddev_ioctl_usage in drivers/hid/usbhid/hiddev.c) that allows a local user to trigger heap-based buffer overflows by sending crafted ioctls (HIDIOCGUSAGES or HIDIOCSUSAGES). Affected kernels are up to 4.6.3 (through 4.6.3). The ...

CVE-2016-6480

CVE-2016-6480 is a race condition in the Adaptec AAC RAID driver (ioctl_send_fib in drivers/scsi/aacraid/commctrl.c) that could allow a local attacker to trigger a denial of service via an out-of-bounds access or system crash. Technical details show a TOCTTOU-like bug in FIB message handling; exp...

CVE-2017-12193

CVE-2017-12193 affects the Linux kernel: the function assoc_array_insert_into_terminal_node in lib/assoc_array.c mishandles node splitting, leading to a NULL pointer dereference and kernel panic via a crafted application. The vulnerability is in kernels prior to 4.13.11, enabling local attackers ...

CVE-2017-17712

Technical details about CVE-2017-17712 are not publicly available in the provided connected documents. Monitor for updates from vendor advisories and upstream kernel patches.

CVE-2019-19055

CVE-2019-19055 is a memory-leak DoS in Linux kernel code path nl80211_get_ftm_responder_stats() (net/wireless/nl80211.c) that can be triggered by nl80211hdr_put() failures, through 5.3.11. The issue occurs on a code path where a successful allocation has already occurred, per notes in the entry, ...

CVE-2023-52622

CVE-2023-52622 concerns an ext4 online resizing failure when flexbg_size is oversized. Affected Linux kernel workflows (mkfs.ext4 -G, mount, resize2fs) could trigger WARN_ON at __alloc_pages/__kmalloc during ext4_resize_fs, caused by MAX_RESIZE_BG exceeding available memory groups. The minimum MA...

CVE-2024-35930

CVE-2024-35930 concerns the Linux kernel SCSI lpfc driver. It fixes a memory leak in lpfc_rcv_padisc() where a failed return from lpfc_sli4_resume_rpi() could leave an elsiocb unreleased and its resources leaked. The remediation is to check the return value of lpfc_sli4_resume_rpi() and, on failu...

CVE-2024-35995

CVE-2024-35995 describes a Linux kernel issue where the ACPI CPPC code misread system memory by relying on bit_width, risking incorrect memory access. The fix switches to using access_width for size calculation and reads/writes using an offset and width, with a fallback to bit_width if access_wid...

CVE-2024-40901

CVE-2024-40901 affects the Linux kernel SCSI MPT3SAS path. The issue is a potential out-of-bounds access from test_bit()/set_bit() on a single word, where operations can exceed word boundaries. Mitigation implemented by ensuring allocations are at least sizeof(unsigned long) to provide space for ...

CVE-2024-43892

The CVE-2024-43892 entry concerns a race in the Linux kernel memcg subsystem: concurrent idr_remove() calls for mem_cgroup_idr could race with idr_alloc()/idr_replace() and lead to multiple memcgs obtaining the same ID, which in turn can destabilize memcg-related structures and trigger crashes in...

CVE-2024-43904

CVE-2024-43904 is a Linux kernel issue affecting the AMD display pipeline. The vulnerability stemmed from missing null checks in drm/amd/display code, where the variables stream and plane could be dereferenced without verifying non-null values in dcn30_apply_idle_power_optimizations, risking a nu...

CVE-2024-56601

CVE-2024-56601 is a Linux kernel vulnerability in the inet/ code path. The issue arises because sock_init_data() attaches a kernel socket (sk) to a sock, and if inet_create() fails later, the sk is freed but the sock retains a dangling sk pointer, enabling a use-after-free on the sock. The docume...

CVE-2024-56760

The CVE-2024-56760 issue is a Linux kernel PCI/MSI handling bug where a lack of irqdomain on RISCV platforms triggered a bogus legacy fallback warning. The root cause is an incorrect legacy-mode check in the PCI MSI domain path; the fix updates pci_msi_domain_supports() to evaluate legacy mode an...

CVE-2015-3636

CVE-2015-3636 affects the Linux kernel up to 4.0.2, in the ping_unhash path of net/ipv4/ping.c. The issue arises because a certain list data structure is not initialized during an unhash operation, enabling a local user with ping socket access to crash the system or potentially gain privileges by...

CVE-2017-14140

CVE-2017-14140 describes a Linux kernel vulnerability in the move_pages system call (mm/migrate.c): it does not validate the effective UID of the target process, allowing a local attacker to learn the memory layout of a setuid-executable despite ASLR. The issue is a local information disclosure r...

CVE-2017-17450

CVE-2017-17450 affects the Linux kernel up to 4.14.4 in net/netfilter/xt_osf.c, where add_callback/remove_callback do not require CAP_NET_ADMIN, allowing local users to bypass intended access controls because xt_osf_fingers is shared across net namespaces. The vulnerability is rooted in privilege...

CVE-2018-5953

CVE-2018-5953 concerns the Linux kernel vulnerability where the function swiotlb_print_info (lib/swiotlb.c) in kernels up to 4.14.14 can leak sensitive address information via a software IO TLB printk in dmesg, exploitable by a local attacker. The connected Nessus entries for Unity Linux 20.x (ke...

CVE-2021-20261

CVE-2021-20261 is a local race-condition vulnerability in the Linux kernel floppy disk drive controller (fd0) driver. The issue’s impact is mitigated by default file permissions on /dev/fd0 being root-only; changes to device permissions can greatly increase risk. The initial description notes a l...

CVE-2023-46862

CVE-2023-46862 (Linux kernel) affects kernels up to 6.5.9. A race during SQ thread exit can trigger a NULL pointer dereference in io_uring_show_fdinfo (io_uring/fdinfo.c), potentially crashing the system or causing denial of service. The issue is tied to the io_uring subsystem and occurs under sp...

CVE-2023-52530

CVE-2023-52530 affects the Linux kernel’s wifi/mac80211 component. A use-after-free could occur when ieee80211_key_link() is called by ieee80211_gtk_rekey_add() and returns 0 due to KRACK protection (identical key reinstall); ieee80211_gtk_rekey_add() may still return a pointer into the key, crea...

CVE-2023-52597

CVE-2023-52597 affects the Linux kernel KVM for s390. The vulnerability arises in kvm_arch_vcpu_ioctl_set_fpu(), which can set the FLOATING-POINT CONTROL (FPC) register of a guest and, due to a test of validity, may corrupt the host process’s fpc if an interrupt occurs during the test. The patch ...

CVE-2024-26679

CVE-2024-26679 : Linux kernel vulnerability where inet_recv_error() reads sk->sk_family without holding the socket lock, enabling a mutation from IPv6 to IPv4 via IPV6_ADDRFORM and potentially triggering a KCSAN warning. Documented fixes exist in kernel commits (see references to stable/commit...

CVE-2024-26882

CVE-2024-26882 relates to the Linux kernel vulnerability in the IPv4 IP tunnel receive path. The issue stems from not preserving the original skb->network_header when pulling inner headers during decapsulation in ip_tunnel_rcv(), which could interact with skb_head handling and header recomputa...

CVE-2024-36901

CVE-2024-36901 affects the Linux kernel IPv6 stack. The issue is a NULL dereference in ip6_output() when ip6_dst_idev() returns NULL, causing a general protection fault. The syzbot report indicates a crash path in ip6_output+0x231/0x3f0, traceable to net/ipv6/ip6_output.c:237, with a NULL idev de...