CVE-2021-47042

CVE-2021-47042: Linux kernel drm/amd/display fixes a memory leak in dc_link_construct() by freeing local data after use. The description includes stack backtrace and memory object details; no connected documents with exploit specifics are provided, monitor for updates and apply upstream fix when ...

CVE-2021-46998

Summary: CVE-2021-46998 affects the Linux kernel, specifically the enic driver path in ethernet/enic. A use-after-free occurs in enic_hard_start_xmit when an error in enic_queue_wq_skb() frees a skb via dev_kfree_skb(skb), but skb_tx_timestamp(skb) may still access it. Root cause: freed skb used ...

CVE-2021-47030

CVE-2021-47030 affects the Linux kernel MT76/MT7615: a memory leak in the mt7615_coredump_work path has been fixed (similar to the mt7921_coredump_work fix). The fix addresses a local-impact leak with HIGH availability impact; no exploitation details are provided in the supplied documents, and up...

CVE-2021-47021

CVE-2021-47021 is a Linux kernel vulnerability in the mt76 mt7915 driver area. The issue is a memory leak that occurs during mt7915_unregister_device(), with a specific root-cause: mt7915_tx_token_put() must be called before mt76_free_pending_txwi(). The description notes that the memory leak was...

CVE-2021-46983

CVE-2021-46983 corresponds to a Linux kernel issue in nvmet-rdma where a NULL pointer dereference could occur when SEND completes with error. The root cause is that nvmet_rdma_error_comp attempted to access the cq_context to obtain the queue, but the cq_context is no longer valid after switching ...

CVE-2021-46959

CVE-2021-46959 is a Linux kernel SPI subsystem use-after-free issue (devm_spi_alloc_{master,slave}) caused by relying on the devres list during spi_unregister_controller. The root cause is that devres_find() runs after the devres list has been torn down, leading to underflow of reference counters...

CVE-2021-47058

CVE-2021-47058 is a Linux kernel vulnerability affecting the regmap debugfs path. The issue arises from a memory leak in which debugfs_name is freed in regmap_debugfs_exit() but not recreated due to a conditional added by upstream commit cffa4b2122f5. The relevant sequence involves regmap_reinit_...

CVE-2023-52461

CVE-2023-52461 affects the Linux kernel DRM scheduler component, specifically drm_sched_entity_init(). The issue is a bounds-limiting fault where, if a malformed drm_sched_entity is encountered with an out-of-bounds priority value, the code previously allowed the value to slip into an invalid sta...

CVE-2021-46985

CVE-2021-46985 corresponds to a Linux kernel vulnerability in the ACPI subsystem: if acpi_device_set_name() fails, acpi_device_bus_id->bus_id must be freed to avoid a memory leak in the error path. The connected Nessus/NVL entries reference Tencent/TencentOS and Unity Linux advisories noting t...

CVE-2021-47028

CVE-2021-47028 affects the Linux kernel mt76 mt7915 driver stack. The issue is in tx rate reporting for mt7915e devices (cfg80211/mac80211 flow), where rate_info was not checked correctly, leading to unexpected or incorrect bitrate reporting. The connected NASL document confirms a fix in the txra...

CVE-2024-27008

CVE-2024-27008 is confirmed in the connected MiracleLinux advisories as a Linux kernel vulnerability affecting the drm nv04 driver. Description: when Output Resource (dcb->or) is assigned in fabricate_dcb_output(), there can be an out-of-bounds access to the dac_users array if dcb->or is ze...

CVE-2024-26614

CVE-2024-26614 : Linux kernel vulnerability where the accept_queue spinlocks were not initialized correctly, enabling a local attacker to trigger a denial of service. The issue surfaces in tcp handling and was observed in syz reproductions showing pvqspinlock corruption during queue operations. C...

CVE-2023-52492

CVE-2023-52492 refers to a Linux kernel vulnerability in the DMA engine where __dma_async_device_channel_unregister() could dereference a NULL chan->local if __dma_async_device_channel_register() failed and channels were unregistered. The fixed behavior adds a guard at the beginning of __dma_a...

CVE-2024-26612

CVE-2024-26612 affects the Linux kernel in the netfs/fscache path. The vulnerability stems from dereferencing a pointer in fscache_put_cache() before verifying it with IS_ERR_OR_NULL(), allowing a potential NULL pointer dereference. The fix changes the order to check first, then dereference. Conn...

CVE-2024-26608

The CVE-2024-26608 entry describes a Linux kernel ksmbd_nl_policy out-of-bounds read that was addressed by a patch to fix a global oob in ksmbd_nl_policy. The bug manifested as a read of size 1 at a netlink attribute parsing path, with the faulting address located in ksmbd_nl_policy+0x100/0xa80 a...

CVE-2024-41035

CVE-2024-41035 (Linux kernel USB core) : A duplicate-endpoint bug in usbcore was caused by assuming bEndpointAddress reserved bits are always 0, making endpoint_is_duplicate() misclassify descriptors that share direction and endpoint number. The fix clears the reserved bits when parsing endpoint ...

CVE-2024-26859

CVE-2024-26859: In the Linux kernel, a race in the bnX2x driver during EEH error handling could cause a read of freed memory when bnx2x_io_slot_reset() and bnx2x_nic_unload() race. The fix ensures page pool allocations are verified before freeing SGEs to prevent NULL-pointer dereferences and cras...

CVE-2024-26982

CVE-2024-26982 affects the Linux kernel Squashfs code. The vulnerability arises from an OOB read path in fill_meta_index() triggered by an inode number value of zero, which is treated as unused. After a faulty read aborts, an empty metadata index is invalidated with inode=0, and a subsequent read...

CVE-2024-26973

CVE-2024-26973 concerns the Linux kernel fat subsystem. The issue occurred when fat_encode_fh_nostale() encoded a file handle without a parent and stored only the first 10 bytes; since the file handle length must be a multiple of 4, the actual length is 12 bytes and the last two bytes could be un...

CVE-2024-26862

CVE-2024-26862 — Linux kernel data race (kernel 5.x/6.x) Root cause: missing READ_ONCE()/WRITE_ONCE() annotations for ignore_outgoing reads in packet code; read/write races observed between dev_queue_xmit_nit() and packet_setsockopt(). Syzkaller/KCSAN reported a data-race affecting packet_setsock...

CVE-2024-26999

CVE-2024-26999 — Linux kernel (serial/pmac_zilog) A vulnerability in the Linux kernel’s pmac_zilog serial driver was mitigated by a patch that was later removed. The mitigation intended to stop IRQs entirely caused a crash when pmac_zilog is used as a serial console. Specifically, a pr_err() path...

CVE-2024-26931

CVE-2024-26931 affects the Linux kernel driver for SCSI over Fibre Channel (scsi: qla2xxx). The issue arises when memory pressure prevents a command flush during cable pull recovery, causing the upper SCSI layer to modify scsi_cmnd improperly. When memory is freed and a subsequent cable pull trig...

CVE-2024-26872

The CVE-2024-26872 vulnerability affects the Linux kernel RDMA/srpt subsystem. A race condition allows a use-after-free situation in srpt_refresh_port() when an event handler is registered before the srpt device is fully initialized. The issue can impact confidentiality, integrity, and availabili...

CVE-2024-26874

CVE-2024-26874 is a Linux kernel vulnerability in the drm/mediatek driver where a race allows a NULL pointer dereference in mtk_drm_crtc_finish_page_flip if mtk_crtc->event is NULL. The root cause is that pending_needs_vblank is derived from mtk_crtc->event and a race occurs between atomic_...

CVE-2024-42084

CVE-2024-42084 : Linux kernel vulnerability in ftruncate() on 64-bit architectures. In 32-bit compat mode, off_t sign-extension caused a negative length to be interpreted as a valid positive size, allowing truncation to a size between 2 GiB and 4 GiB. The root cause was the compat syscall using a...

CVE-2024-26653

CVE-2024-26653 : In the Linux kernel, the USB ljca (ljca_auxdev_release) path double-freed the platform_data on error handling when auxiliary_device_add() fails. The issue is fixed by removing the redundant kfree() in callers and by freeing the passed-in platform_data only for errors that occur b...

CVE-2024-26876

The CVE-2024-26876 entry concerns the Linux kernel, specifically the DRM bridge adv7511. The vulnerability stems from a crash that could occur if an IRQ is pending during adv7511_probe before adv7511_cec_init, causing cec_received_msg_ts to access uninitialized data and trigger a kernel Oops. The...

CVE-2024-26954

CVE-2024-26954 (Linux kernel) is tied to a slab-out-of-bounds read in ksmbd during smb2_create_req processing. The issue arises when smb2_create_req’s NameOffset is smaller than its Buffer offset, allowing slab-out-of-bounds reads from smb2_open. The patch fixes this by enforcing a minimum value ...

CVE-2024-27079

CVE-2024-27079 affects the Linux kernel IAMMU VT-d code. Systems with kdump/crash kernel may crash due to NULL domain on device release in deferred_attach mode, triggering a NULL pointer dereference during device removal. The mitigated path uses the release_domain mechanism to clear the scalable ...

CVE-2023-52480

CVE-2023-52480 affects ksmbd (SMB3 server) in the Linux kernel. The vulnerability is a race condition between ksmbd_session_lookup and ksmbd_expire_session that could lead to a use-after-free, resolved by patching with a rwsem to synchronize session lookup and expiration. The description in conne...

CVE-2021-47031

CVE-2021-47031: Linux kernel mt76 mt7921 memory-leak in mt7921_coredump_work fixed. Affected component/file: kernel code path handling mt7921 coredump; root cause was a memory leak in mt7921_coredump_work. Remediation: upstream patch fixes the leak (see stable kernel references). CVSSv3.1; Base s...

CVE-2021-47047

CVE-2021-47047 concerns the Linux kernel SPI ZynqMP GQSPI driver. The root cause was that dma_map_single failures could lead to using an unmapped address, triggering a crash when reading large flash blocks. The fix adjusts the SPI controller to support a 44-bit DMA address width and to return imm...

CVE-2023-52476

CVE-2023-52476 refers to a Linux kernel vulnerability in the perf/x86/lbr path where a panic can occur if a vsyscall is made while LBR sampling is active. The issue arises when a vsyscall interrupt (NMI) leads to a decode path that dereferences next_byte pointing to the vsyscall address (e.g., ge...

CVE-2021-47069

CVE-2021-47069 is a Linux kernel race in IPC paths: do_mq_timedreceive may call wq_sleep with a stack-allocated ewq_addr that can be overwritten, leading to a later access by do_mq_timedsend and a crash. The root cause is a race between the receiver’s stack address and the sender’s use of that ad...

CVE-2021-46957

CVE-2021-46957 (Linux kernel, RISCV): The vulnerability arises when a kprobe is placed on sys_read; the first instruction is replaced with an ebreak, leading to a trap/SS single-step flow, an instruction page fault, and a subsequent path that can trigger a BUG_ON in fs/buffer.c:1251 via __find_ge...

CVE-2021-47027

CVE-2021-47027 concerns the Linux kernel mt7921e/mt76 PCI path where firmware download failure can trigger a kernel panic due to a PCI MSI handling bug. The crash trace points to free_msi_irqs (pci_disable_msi) during mt7921_pci_probe, resulting in a fatal exception and system halt. Public detail...

CVE-2024-41008

CVE-2024-41008 : In the Linux kernel, the vm->task_info handling for drm/amdgpu was reworked. task_info is now dynamically allocated and reference counted, with two new helpers amdgpu_vm_get_task_info and amdgpu_vm_put_task_info; the lifecycle ends with the last put freeing task_info from the ...

CVE-2024-26971

Technical details of CVE-2024-26971 are not publicly provided in the supplied documents. Monitor for updates.

CVE-2021-47015

CVE-2021-47015 affects the Linux kernel bnxt_en driver. The root cause is incorrect RX consumer index handling in bnxt_rx_pkt(): the driver passed the previous index (raw_cons) to bnxt_discard_rx() instead of the current index (tmp_raw_cons), causing potential out-of-order RX buffer completion an...

CVE-2024-26625

The CVE-2024-26625 entry concerns a Linux kernel issue in the LLC path where a stale sk->sk_wq pointer could remain after releasing an LLC socket. The trace indicates a use-after-free path triggered by sock_wfree and related sk_buff paths. The fix involves a commit that clears sock->sk afte...

CVE-2021-47072

CVE-2021-47072 (Linux kernel, btrfs) : The vulnerability concerns the btrfs filesystem where, after moving an inode between directories and logging both old and new dentries, a power-failure can leave the old dentry present when only the new one should exist. The bug occurs because the old parent...

CVE-2021-47043

CVE-2021-47043 affects the Linux kernel media: venus: core subsystem. The issue is a resource leak in the error path of venus_probe(): if an error occurs after a successful of_icc_get() call, the operation must be undone. The mitigation is to replace of_icc_get() with devm_of_icc_get(), update th...

CVE-2021-47037

CVE-2021-47037 affects the Linux kernel's ASoC q6afe-clocks driver. The issue arises because the driver could be reprobed (e.g., APR services restart after firmware crash) and would oops since hw.init is cleared during the first probe. The vulnerability has been mitigated by rewriting the driver ...

CVE-2021-47019

The CVE-2021-47019 entry concerns the Linux kernel mt76/mt7921 path, where a race could lead to invalid register access after suspend when the PCIe host controller is suspended. Public details describe a fix that disables interrupts and synchronizes pending IRQ handlers to ensure the irq tasklet ...

CVE-2024-26943

The CVE-2024-26943 issue affects the Linux kernel driver path nouveau/dmem, where kcalloc() could fail and return NULL in nouveau_dmem_evict_chunk(), leading to NULL dereferences when dereferencing src_pfns, dst_pfns, or dma_addrs. The patch adds a __GFP_NOFAIL flag to kcalloc() and switches from...

CVE-2021-46989

CVE-2021-46989 — Linux kernel hfsplus truncate corruption Root cause: in shrinking truncate, when shrinking into the middle of an extent within the extents overflow file, the logic in hfsplus_file_truncate() unguards a call to hfs_brec_remove(), potentially removing the last matching extent recor...

CVE-2021-47060

CVE-2021-47060 affects the Linux kernel KVM MMIO coalesced zones. When kvm_io_bus_unregister_dev() fails to allocate memory for a new bus instance, unregister_dev() destroys all devices on the bus except the target, but does not notify the caller, which can lead to a deleted list entry being dere...

CVE-2024-26622

CVE-2024-26622 affects the Linux kernel’s tomoyo subsystem. The issue is a use-after-free/write-after-free in tomoyo_write_control() when long lines are written. The root cause is that head->write_buf must be fetched after head->io_sem is held; otherwise concurrent write() calls can trigger...

CVE-2021-46978

CVE-2021-46978 : Linux kernel KVM nVMX fix for mapping eVMCS after migration. When enlightened VMCS is used and nested state is migrated via vmx_get_nested_state()/vmx_set_nested_state(), evmcs page could not be mapped immediately because evmcs GPA lacked the expected struct kvm_vmx_nested_state_...

CVE-2024-27026

CVE-2024-27026 concerns the Linux kernel vmxnet3 driver. The issue is a missing reserved tailroom in non-dataring paths, corrected by using rbi->len instead of rcd->len for length calculations, which could trigger a driver warning and tailroom problems during XDP processing (as shown by XDP...