CVE-2024-38619

CVE-2024-38619 (Linux kernel, usb-storage alauda) : The issue arises in the alauda media handling where the field uzonesize can stay zero if alauda_init_media() fails, potentially causing divide errors in alauda_read_data() and alauda_write_lba(). The fix, as described in the description, adds a ...

CVE-2024-56631

Summary: CVE-2024-56631 affects the Linux kernel SCSI sg driver, fixed in sg_release() to avoid slab-use-after-free. The bug occurred when kref_put(&sfp->f_ref, sg_remove_sfp) was called before releasing the open_rel_lock mutex, potentially freeing sfp/sdp and then dereferencing them after unl...

CVE-2014-8134

CVE-2014-8134 affects the Linux kernel’s KVM paravirt code path (arch/x86/kernel/kvm.c, paravirt_ops_setup) through version 3.18. The root cause is an improper paravirt_enabled setting for KVM guest kernels, which could allow a guest user to bypass ASLR via a crafted application that reads a 16‑b...

CVE-2017-10911

Summary: CVE-2017-10911 affects the Linux kernel driver path drivers/block/xen-blkback/blkback.c, related to Xen block-interface responses (XSA-216). The vulnerability arises from copying uninitialized padding fields in Xen blkback response structures, which can let a guest OS user read host (or ...

CVE-2017-12154

The CVE-2017-12154 entry describes a Linux kernel KVM/vmx issue (arch/x86/kvm/vmx.c: prepare_vmcs02) present through kernel 4.13.3. Root cause: it does not ensure that the CR8-load exiting and CR8-store exiting vmcs02 controls exist when L1 omits the use_TPR_shadow VMCS12 control, enabling a KVM ...

CVE-2017-17864

CVE-2017-17864 affects the Linux kernel up to version 4.14.8, specifically the BPF verifier code (kernel/bpf/verifier.c). The root cause is a mishandling of states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type, which can allow a local user to leak potentially sen...

CVE-2019-20806

CVE-2019-20806 affects the Linux kernel up to version 5.1 (i.e., before 5.2). The issue is a NULL pointer dereference in tw5864_handle_frame() (drivers/media/pci/tw5864/tw5864-video.c) that can lead to denial of service. The connected Nessus advisories reiterate the same root cause and state affe...

CVE-2021-3760

The CVE-2021-3760 entry describes a use-after-free in the Linux kernel’s NFC (NCI) driver stack. The vulnerability could allow a local attacker to cause memory corruption or a crash, potentially enabling privilege escalation and affecting confidentiality, integrity, or availability. Public detail...

CVE-2021-47274

CVE-2021-47274 (Linux kernel tracing): The issue stems from a length check in tracing that can cause memory corruption in ftrace data, leading to kernel crashes. A fix was added (commit b220c049d519) to validate the length before exposing the trace buffer, addressing overflow introduced by a prio...

CVE-2024-42078

The CVE-2024-42078 issue affects the Linux kernel’s NFS server (nfsd) where nfsd_info.mutex could be dereferenced after a new network namespace is created, potentially causing an oops. The fix, as described in the connected advisories, is to initialize nfsd_info.mutex earlier, before it can be de...

CVE-2024-42265

CVE-2024-42265 pertains to the Linux kernel and was resolved by protecting the fetch of ->fd[fd] in do_dup2() from mispredictions. The issue arose when a mispredicted path could cause tofree = fdt->fd[fd] to be speculatively executed, which is incorrect for bounds reasons. The documented fi...

CVE-2024-53057

CVE-2024-53057 affects Linux kernel net/sched: qdisc_tree_reduce_backlog can UAF when major handle ffff: exists (egress qdiscs). Root cause: ffff: assumed to be root/ingress, fixed by stopping at TC_H_ROOT; the fix updates to avoid iterating into an ingress qdisc and halts when parent is TC_H_ROO...

CVE-2024-56602

CVE-2024-56602 is confirmed by connected advisories as a Linux kernel issue in net: ieee802154: do not leave a dangling sk pointer in ieee802154_create(), where sock_init_data() attaches a sk to sock and on error the sk remains dangling, allowing use-after-free. The Astra Linux bulletin lists aff...

CVE-2015-8839

CVE-2015-8839 is a Linux kernel ext4 race-condition vulnerability (before 4.5) that local users could exploit to cause denial of service or disk corruption by writing to pages belonging to other users after unsynchronized hole punching and page faults. Public documents confirm the affected compon...

CVE-2018-13099

CVE-2018-13099 concerns the Linux kernel fs/f2fs/inline.c up to version 4.4, where a denial of service can occur via an out-of-bounds memory access and BUG when a modified f2fs image contains an inline inode with an invalid reserved blkaddr. The connected Nessus advisories (Unity Linux) describe ...

CVE-2023-4134

The CVE-2023-4134 issue affects the Linux kernel cyttsp4_core driver. A use-after-free occurs in the device cleanup routine due to a possible rearming of the watchdog_timer from the workqueue, enabling a local attacker to crash the system and cause a denial of service. The provided documents cons...

CVE-2024-23848

CVE-2024-23848 : Linux kernel up to 6.7.1 contains a use-after-free in cec_queue_msg_fh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c. The connected IBM/Linux kernel bulletin also lists this CVE among resolved issues. Public technical details about root cause ...

CVE-2024-26782

CVE-2024-26782: In the Linux kernel, the mptcp double-free on socket dismantle is triggered when a server-side listener is cloned for an incoming connection, causing the inet_opt pointer of the new socket to alias the original. This leads to a use-after-free/double-free scenario observed by KASAN...

CVE-2024-50035

CVE-2024-50035 affects the Linux kernel PPP path, specifically a fault in ppp_async_encode() that can be triggered by a zero-size pppoe_sendmsg() followed by an empty skb, leading to a possible uninitialized access (KMSAN) in drivers/net/ppp/ppp_async.c. The issue was fixed in upstream Linux comm...

CVE-2024-53121

The CVE-2024-53121 issue is in the Linux kernel’s mlx5 offload path (net/mlx5) where a two‑step delete of an FTE could race with a new rule add. Specifically, the deletion sequence first removes the FTE from hardware and clears its deletion function, then removes the software copy from the xarray...

CVE-2024-56658

CVE-2024-56658 affects the Linux kernel (net subsystem). The issue is a slab-use-after-free in the dst_destroy path triggered when net namespaces dismantle, specifically around xfrm6_net_init()/xfrm4_net_init() where copied dst_ops templates in net→xfrm can be freed before dst callbacks finish. T...

CVE-2024-56664

CVE-2024-56664 is a Linux kernel issue in bpf, sockmap where replacing an element (with a different socket) can race with the socket’s close(), causing sock_map_delete to unref the wrong element. The result is a potential use-after-free/refcount mismanagement during sock map deletions (as detaile...

CVE-2017-16537

CVE-2017-16537 affects the Linux kernel: the imon_probe function in drivers/media/rc/imon.c up to version 4.13.11 allows a local user to trigger a NULL pointer dereference via a crafted USB device, leading to a denial of service (system crash) and potentially other impact. The connected Nessus en...

CVE-2018-10876

A confirmed vulnerability in the Linux kernel ext4 filesystem: CVE-2018-10876 is a use-after-free in ext4_ext_remove_space() when mounting a crafted ext4 image, allowing a local attacker to crash the system and, per some sources, potentially execute arbitrary code. Public references in the connec...

CVE-2021-46984

CVE-2021-46984 : Linux kernel kyber driver had an out-of-bounds read due to a race between blk_mq_get_ctx() calls when a thread is preempted, causing ctx->index_hw[hctx->type] to differ from hctx. The fix passes the request_queue to kyber_bio_merge() (via ->bio_merge()) so Kyber can map ...

CVE-2024-36013

CVE-2024-36013 : Linux kernel Bluetooth L2CAP contains a slab-use-after-free in l2cap_connect() (read of chan->conf_state after chan is freed). The patch extends the critical section protecting chan allocation/association and changes l2cap_connect() return type to void to avoid exposing a free...

CVE-2024-36917

CVE-2024-36917 : In the Linux kernel, a vulnerability in blk_ioctl_discard() allowed an overflow of start+len, potentially causing a hung task when a discard ioctl with start=0x80000000000ff000 and len=0x8000000000fff000 was submitted. A patch was added to validate the overflow, preventing the NU...

CVE-2024-39471

CVE-2024-39471 is addressed in the Unity Linux advisory UTSA-2025-990372. The issue arises from the Linux kernel AMDGPU driver: when sdma_v4_0_irq_id_to_seq returns -EINVAL, an out-of-bounds read may occur. The patch adds an explicit error path to stop processing and return -EINVAL to prevent the...

CVE-2024-42244

CVE-2024-42244 concerns the Linux kernel USB serial mos7840 driver. The vulnerability caused a crash on resume when multiple port read URBs were submitted after resume, due to the second URB’s context pointer remaining tied to the core instead of the mos7840 port. A dedicated suspend/resume imple...

CVE-2024-53103

CVE-2024-53103 refers to a Linux kernel vulnerability in hv_sock where, on release of an hvs, vsk->trans could be left uninitialized, creating a dangling pointer. The issue is resolved by explicitly initializing vsk->trans to NULL to prevent use-after-free scenarios. Connected advisories (A...

CVE-2024-56767

CVE-2024-56767 affects the Linux kernel in dmaengine/at_xdmac where at_xdmac_memset_create_desc may return NULL, risking a null pointer dereference and a potential crash (availability impact). Connected sources confirm the issue in upstream kernel code and note patches/upgraded packages: e.g., De...

CVE-2010-4258

The CVE-2010-4258 issue affects the Linux kernel versions prior to 2.6.36.2. The do_exit function in kernel/exit.c mishandles a KERNEL_DS get_fs value, bypassing access_ok checks and enabling local privilege escalation by overwriting arbitrary kernel memory. Exploitation vectors include use of th...

CVE-2011-1495

CVE-2011-1495 affects the Linux kernel up to 2.6.38, in drivers/scsi/mpt2sas/mpt2sas_ctl.c. The issue arises because length and offset values are not validated before memory copy operations, potentially allowing a local user to gain privileges, cause memory corruption (DoS), or read sensitive ker...

CVE-2015-5364

The CVE-2015-5364 issue affects the Linux kernel prior to 4.0.6, where udp_recvmsg/udpv6_recvmsg fail to handle processor yielding correctly, enabling remote attackers to trigger a denial of service (system hang) via UDP packet flood with incorrect checksums. Related CVE-2015-5366 also concerns U...

CVE-2017-1000363

CVE-2017-1000363: Linux kernel lp driver bounds-check flaw in lp.c allows a local attacker with write access to kernel command line arguments to overflow parport_nr and execute arbitrary code. Root cause: missing bounds check in arg handling. Public disclosures include Debian security advisories ...

CVE-2017-7477

CVE-2017-7477 affects the Linux kernel MACsec driver (drivers/net/macsec.c) up to version 4.10.12. It is a heap-based buffer overflow triggered by using MAX_SKB_FRAGS+1 with NETIF_F_FRAGLIST, causing denial of service and potentially other unspecified impacts via skb_to_sgvec. Public details in c...

CVE-2021-3739

CVE-2021-3739 is a local NULL pointer dereference in the Linux kernel’s btrfs_rm_device() (fs/btrfs/volumes.c) that requires CAP_SYS_ADMIN to trigger. The issue can crash the system or leak kernel information, with impact to availability and, to a lesser extent, confidentiality. Multiple connecte...

CVE-2024-26633

CVE-2024-26633 affects the Linux kernel’s ip6_tunnel code, specifically the NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim(). Syzbot reported that frag_off could be read before enough bytes were pulled into skb->head, causing reads of uninitialized or garbage data. The issue is exposed...

CVE-2024-26846

CVE-2024-26846 affects the Linux kernel’s nvme-fc unloading path. A race between nvme_delete_ctrl and ida_destroy could double-free IDs, causing module unload hangs. The fix adds synchronization to ensure nvme_delete_ctrl code runs before leaving nvme_fc_exit_module and flushes the nvme_delete_wq...

CVE-2024-35896

CVE-2024-35896 concerns the Linux kernel’s netfilter/SockOpt path. The description shows a fix for validating user input length in nf_setsockopt, preventing a slab-out-of-bounds read traced to copy_from_sockptr_offset used during iptables/setsockopt handling. The issue manifested as a read of siz...

CVE-2024-35946

CVE-2024-35946 affects the Linux kernel’s wifi rt89 (rtw89) driver, where a null pointer dereference could occur during abort/cancel of a scan because the code might reference a vif that wasn’t scanning. The public description and connected advisories confirm the issue and cite resolving it by en...

CVE-2024-42268

Technical details about CVE-2024-42268 are not provided in the connected documents; no vendor/product specifics or fixes are included here. Monitor for updates.

CVE-2024-53146

Technical details about CVE-2024-53146 are not provided in the connected documents. The initial description lacks concrete product/version/remediation details. Monitor for updates.

CVE-2024-53194

CVE-2024-53194 is a Linux kernel use-after-free vulnerability in PCI hot‑remove handling. A pci_slot may reference the underlying pci_bus after the bus has been destroyed if pciehp is unbound in the wrong order, causing a use-after-free when slot->bus is accessed. The root cause is missing a r...

CVE-2024-56642

CVE-2024-56642 fixes a Linux kernel tipc use-after-free involving UDP sockets in cleanup_bearer(). The bug occurred when bearer_disable() leads to tipc_udp_disable(), and cleanup_bearer() decrements tipc_net(net)->wq_count too early, allowing a socket to be freed before its cleanup work comple...

CVE-2025-21689

The CVE concerns Linux kernel USB: serial (quatech2) where qt2_process_read_urb() could dereference NULL due to an out-of-bounds access. The root cause was an incorrect bounds check using if (newport > serial->num_ports) which allowed newport to reach serial->num_ports and make port NULL...

CVE-2025-21862

CVE-2025-21862 affects the Linux kernel drop_monitor path. Root cause: incorrect initialization order leading to a spinlock not being initialized if drop_monitor is loaded as a module, enabling a potential race during module loading. Impact: may cause instability or erroneous behavior in netlink/...

CVE-2015-2150

CVE-2015-2150 affects Xen 3.3.x–4.5.x and the Linux kernel up to 3.19.1, where access to PCI command registers is not properly restricted. This can allow a local guest OS user to cause a denial of service (unexpected NMI, host crash) by disabling memory or I/O decoding for a PCI Express device an...

CVE-2016-4565

CVE-2016-4565 affects the Linux kernel InfiniBand (IB) stack prior to 4.5.3, where certain IB interfaces improperly rely on write() semantics via a uAPI interface. This could allow a local unprivileged user to cause a denial of service (kernel memory write) and potentially other impact/escalation...

CVE-2017-13695

CVE-2017-13695 affects the Linux kernel up to 4.12.9. The vulnerability stems from acpi_ns_evaluate() in drivers/acpi/acpica/nseval.c not flushing the operand cache, which can cause a kernel memory disclosure via a crafted ACPI table and may bypass KASLR (kernel