CVE-2019-19047

CVE-2019-19047 is a memory-leak & potential DoS in the Linux kernel's mlx5_fw_fatal_reporter_dump() (drivers/net/ethernet/mellanox/mlx5/core/health.c) triggered by mlx5_crdump_collect() failures. Affected: Linux kernel versions before 5.3.11. Impact is memory consumption leading to DoS; exploitat...

CVE-2021-3923

CVE-2021-3923 describes a local information-leak in the Linux kernel RDMA over InfiniBand path. A privileged local attacker can leak kernel stack data when issuing commands to /dev/infiniband/rdma_cm, with the impact noting potential to defeat kernel protections. Remediation/fixes are not detaile...

CVE-2024-26640

The CVE-2024-26640 entry is about a Linux kernel TCP RX zerocopy patch that adds sanity checks in can_map_frag(): pages must not be compound and page->mapping must be NULL. Connected docs confirm this as a concrete kernel fix (patches and CVSS details). Impact is described as a local denial of...

CVE-2024-26804

CVE-2024-26804 concerns a Linux kernel vulnerability in the net/ip_tunnel subsystem where headroom could inflate without bound when gre/ipip tunnels route in a cycle. The root cause, as described in the vulnerability report, is that ip_tunnel_xmit can trigger an ever-increasing needed_headroom on...

CVE-2024-26837

CVE-2024-26837 affects the Linux kernel MDB offload replay handling. A race between generating the replay list and new MDB memberships could cause duplicates of a single event, leaving hardware-mounted memberships orphaned on bridge destruction. The fix guards MDB replay against deferred events ...

CVE-2024-26840

CVE-2024-26840 affects the Linux kernel cachefiles subsystem. The available technical details show a memory leak in cachefiles_add_cache() after unbinding /dev/cachefiles, fixed by releasing/adjusting the cache_cred reference count. The documented fix paths include: (1) increase reference handlin...

CVE-2024-35925

The CVE-2024-35925 issue concerns the Linux kernel blk_rq_stat_sum() path. The root cause is a potential division by zero when computing stats, caused by the expression dst->nr_samples + src->nr_samples reaching zero due to overflow. Multiple connected advisories (Unity Linux security updat...

CVE-2024-38538

CVE-2024-38538 is a Linux kernel vulnerability in the bridge xmit path. The issue arises when a short skb (less than ETH_HLEN) is processed, risking uninitialized data in br_dev_xmit. The fix adds a guard to ensure the kernel only pulls the required ETH header bytes and does not assume availabili...

CVE-2024-39474

CVE-2024-39474 involves a Linux kernel vmalloc regression where __GFP_NOFAIL allocations may return NULL, due to a race with OOM-killer flow and GFP_KERNEL handling. The fix updates vm_area_alloc_pages() to not check fatal_signal_pending() when __GFP_NOFAIL is set, preventing a NULL vmalloc() ret...

CVE-2024-43905

CVE-2024-43905 affects the Linux kernel component drm/amd/pm specifically the vega10_hwmgr . The root cause was a potential null pointer dereference arising from insufficient null-check handling. The published fix adds validation of return values and proper null-pointer handling to prevent derefe...

CVE-2024-50282

The connected Astra Linux entry clarifies CVE-2024-50282 in the Linux kernel: a missing size check in drm/amdgpu_debugfs_gprwave_read() can cause a buffer overflow when size > 4K. The fix (cherry-picked commit f5d873f5825b40d886d03bd2aede91d4cf002434) adds the size check to prevent overflow. N...

CVE-2024-53140

CVE-2024-53140 — Linux kernel netlink dump cleanup issue : The vulnerability arises when a user closes the netlink socket during an asynchronous dump operation. Dumping is driven by .start/.dump/.done calls in response to socket recvmsg(), and cleanup could be deferred to a workqueue. If the sock...

CVE-2024-56757

The CVE-2024-56757 entry concerns the Linux kernel Bluetooth driver for MediaTek USB BT dongles (btusb/mediatek). The issue is the missing interface release flow when the USB disconnects, which can cause a kernel panic when unregistering the HCI device. A patch to introduce the interface release ...

CVE-2025-21866

CVE-2025-21866 : In the Linux kernel, PowerPC text patching infrastructure allocated a virtual area and marked it VM_ALLOC, which is inappropriate since that memory is not vmalloc’d and isn’t initialized until __vmalloc_node_range() is called. This caused KASAN: vmalloc-out-of-bounds when booting...

CVE-2017-1000365

CVE-2017-1000365 affects the Linux kernel where size limits for arguments and environment strings passed via RLIMIT_STACK/RLIMIT_INFINITY do not properly account for the argument/environment pointers, enabling a local attacker to potentially execute arbitrary code. The issue is described as a lim...

CVE-2022-4696

CVE-2022-4696 is a use-after-free in the Linux kernel’s io_uring subsystem (IORING_OP_SPLICE). If IO_WQ_WORK_FILES is missing, a path including current->nsproxy can lead to reference counter mismanagement and a UAF. Affected component: io_uring/splice paths in kernel 5.10.x. Impact is local: p...

CVE-2022-48695

CVE-2022-48695 is a Linux kernel vulnerability in the scsi: mpt3sas driver that results in a use-after-free (refcount_t underflow) observed during controller reset. The issue is fixed in the kernel by the referenced commits listed in the connected sources. The vulnerability is described as a loca...

CVE-2022-48703

CVE-2022-48703 affects the Linux kernel’s thermal/int340x_thermal code path. A GDDV package can return a zero-length buffer, causing kmemdup() to yield ZERO_SIZE_PTR and data_vault_read() to dereference NULL. The patch fixes this by introducing checks that treat ZERO_SIZE_PTR and NULL as invalid,...

CVE-2023-52522

CVE-2023-52522 is a Linux kernel vulnerability related to store tearing in neigh_periodic_work() due to an RC list deletion without proper annotation. The issue arises when reading with rcu_deference(*np) while writers used an unsafe pointer update; the fix adds either rcu_assign_pointer() or WRI...

CVE-2023-52752

CVE-2023-52752 (Linux kernel) is backed by concrete fix details in connected docs: a use-after-free in the SMB/CIFS client code path (cifs_debug_data_proc_show) when reading /proc/fs/cifs/DebugData during mount/umount. The fix adds a check to skip SMB sessions that are tearing down (ses_status ==...

CVE-2024-26660

CVE-2024-26660 — In the Linux kernel, the AMDGPU display driver bound to DCN301 had a bounds check bug in stream encoder creation. The code used eng_id as an index into a four-element stream_enc_regs array, and an access with eng_id=5 caused a buffer/out-of-bounds condition. The issue was fixed i...

CVE-2024-26665

CVE-2024-26665 (Linux kernel) fixes a out-of-bounds access when constructing IPv6 PMTU ICMP errors in tunnels, triggered if the ICMPv6 error is built from a non-linear skb. The root cause is a slab-out-of-bounds read/write in the path that sums skb data (read of size 4) during PMTU error handling...

CVE-2024-26744

CVE-2024-26744: In the Linux kernel, loading the ib_srpt module with srpt_service_guid can trigger a NULL pointer dereference crash. The vulnerability stems from loadingib_srpt with the srpt_service_guid parameter, which previously caused a kernel BUG: NULL pointer dereference when parsing argume...

CVE-2024-26758

CVE-2024-26758 relates to the Linux kernel’s md subsystem: md_check_recovery() previously could fail to clear MD_RECOVERY_RUNNING when suspended, allowing a hanging sync_thread during suspend/resume of md devices. The fix ignores the suspended array in md_check_recovery(), addressing a hang where...

CVE-2024-26857

CVE-2024-26857 affects the Linux kernel, specifically the Geneve tunnel path. The issue stems from not safely handling skb/header state during inner header pull in geneve_rx(), risking uninitialized usage of headers after pskb_inet_may_pull(). The root cause is tied to how skb->network_header ...

CVE-2024-26898

Summary: CVE-2024-26898 relates to the AoE driver in the Linux kernel where aoecmd_cfg_pkts() incorrectly handled the refcnt of net_device, enabling a potential use-after-free via racing with tx paths. The issue has been resolved by patch f98364e92662, which stops calling dev_put(ifp) in the succ...

CVE-2024-35835

CVE-2024-35835 is a Linux kernel vulnerability involving a double-free in arfs_create_groups. When the input allocation (kvzalloc) fails, arfs_create_groups frees ft->g, but arfs_create_table (the caller) then calls mlx5e_destroy_flow_table, which frees ft->g again, causing a potential doub...

CVE-2024-35867

CVE-2024-35867 pertains to the Linux kernel SMB client. The vulnerability arises from a potential use-after-free in cifs_stats_proc_show(), mitigated by skipping sessions that are tearing down (status SES_EXITING) to prevent UAF. The fix resolves a local-attack scenario with high impact on confid...

CVE-2024-38627

CVE-2024-38627 (Linux kernel) : The vuln is a local double-free in the stm class during stm_register_device(). The code path frees the same stm object twice: the first free happens when stm_device_release() is triggered by put_device(&stm->dev), and a subsequent vfree(stm) on the next line res...

CVE-2024-39499

CVE-2024-39499 (Linux kernel, vmci): The vulnerability allows speculative leaks via event_deliver() because user-controlled event_msg->event_data.event was used as an index without sanitization. The fix sanitizes the index to mitigate speculative information leaks. The issue is exploitable loc...

CVE-2024-41064

CVE-2024-41064 is a Linux kernel vulnerability affecting the powerpc/eeh path. Root cause: during eeh_pe_report_edev(), edev->pdev can change if a PCI device is removed, risking a crash. The documented fix is to hold the PCI rescan/remove lock while taking a copy of edev->pdev->bus to pr...

CVE-2024-42225

CVE-2024-42225 : Linux kernel WiFi mt76 vulnerability due to reusing uninitialized data in the MT76 path; root cause is use of uninitialized skb data. A remote attacker could execute arbitrary code. A fix replaces skb_put with skb_put_zero in wifi: mt76, and patches are available in the cited ker...

CVE-2024-42294

CVE-2024-42294 : The Azure/MiracleLinux and Linux kernel records describe a fix for a deadlock in the Linux kernel caused by blocking ABBA between sd_remove and sd_release. The issue arises when a SCSI/USB device is disconnected while the block/SD stack is mutexp-locked during device removal, lea...

CVE-2024-49960

CVE-2024-49960 concerns ext4 on the Linux kernel. The issue is a timer use-after-free during failed mounts: the s_err_report timer can remain active while sbi is freed, because ext4_handle_error re-arms the timer before kfree(sbi). The root cause is not canceling the s_err_report timer after ext4...

CVE-2017-18360

CVE-2017-18360 affects the Linux kernel: in drivers/usb/serial/io_ti.c, change_port_settings before version 4.11.3 allows a local attacker to trigger a division-by-zero in the serial device layer when attempting to set very high baud rates, causing a denial of service. Public references (NVD entr...

CVE-2018-13096

CVE-2018-13096 : A vulnerability in the Linux kernel (fs/f2fs/super.c) up to version 4.14 allows a denial of service via out-of-bounds memory access when mounting a crafted f2fs image. The issue occurs on abnormal bitmap sizes and can trigger a BUG. The connected Nessus advisories reiterate this ...

CVE-2022-3521

CVE-2022-3521 is a race-condition vulnerability in the Linux Kernel KCM subsystem (function kcm_tx_work in net/kcm/kcmsock.c). The issue can allow a local attacker to trigger a crash via race conditions in the KCM path. Technical details in connected sources confirm the affected component and roo...

CVE-2024-26663

CVE-2024-26663 (Linux kernel) concerns TIPc bearer handling. Connected sources confirm concrete technical details: when tipc_nl_bearer_add() is invoked with the TIPC_NLA_BEARER_UDP_OPTS attribute, the code may call tipc_udp_nl_bearer_add() even if the bearer is not UDP, leading to an invalid medi...

CVE-2024-26773

Summary (CVE-2024-26773): The Linux kernel ext4 allocator could allocate blocks from a group whose block bitmap was corrupted, due to a concurrency window where ac_b_ex was used in ext4_mb_try_best_found(). The issue was tied to validating whether a group bitmap is corrupted before block allocati...

CVE-2024-27019

The CVE-2024-27019 issue affects the Linux kernel nf_tables code. It describes a potential data race when nft_unregister_obj() runs concurrently with __nft_obj_type_get(), due to lack of protection while iterating nf_tables_objects. Mitigation in the advisory includes using list_for_each_entry_rc...

CVE-2024-35910

CVE-2024-35910: In the Linux kernel, TCP timer termination for kernel sockets was improved. Previously, inet_csk_clear_xmit_timers() stopped timers via del_timer(), which could allow in-flight kernel-timers to finish after the associated netns had been dismantled, risking use-after-free when the ...

CVE-2024-39503

CVE-2024-39503 : Linux kernel netfilter ipset race in the list:set type (namespace cleanup vs. gc) has a confirmed fix. The issue was a race that could cause use-after-free by GC data being accessed after the set is destroyed. The patch changes destruction order: when destroying all sets, first r...

CVE-2024-42283

The CVE-2024-42283 issue in the Linux kernel concerns net/nexthop: two reserved fields in the nexthop_grp were not initialized by nla_put_nh_group(), allowing garbage to leak from the kernel. The public description notes these fields are reserved and currently unused, but their non‑zero values ca...

CVE-2024-50151

Technical details about CVE-2024-50151 are not publicly provided in the connected documents. They mention an SMB2_IOCTL OOB issue in the CIFS client, but no affected versions, root-cause, or fix specifics are given here. Monitor for updates.

CVE-2024-56756

The CVE-2024-56756 issue occurs in the Linux kernel’s nvme-pci driver, where the HMB descriptor table could be freed with an incorrect size. The root cause is that __nvme_alloc_host_mem might exit earlier on memory allocation failure and end up using fewer descriptors than planned, causing an inc...

CVE-2015-8970

CVE-2015-8970 affects the Linux kernel prior to 4.4.2. The vulnerability is in crypto/algif_skcipher.c where a setkey operation on an AF_ALG socket may not be verified before an accept system call is processed, allowing a local attacker to trigger a NULL pointer dereference and system crash via a...

CVE-2019-19525

CVE-2019-19525 affects the Linux kernel prior to 5.3.6, where a use-after-free can be triggered by a malicious USB device via drivers/net/ieee802154/atusb.c (CID-7fd25e6fc035). The vulnerability has an availability impact and a MEDIUM base score (CVSS v3.1: 4.6) with LOCAL/PHYSICAL factors descri...

CVE-2022-1419

CVE-2022-1419 affects the Linux kernel DRM/vgem path: ioctl DRM_IOCTL_MODE_DESTROY_DUMB can concurrently reduce the refcount of drm_vgem_gem_object created by vgem_gem_dumb_create, while that create path may access the freed object. The public description for this CVE notes that on 32-bit systems...

CVE-2023-3006

CVE-2023-3006 describes a Spectre-BHB (Branch History Injection) cache-speculation vulnerability affecting AmpereOne hardware. Malicious code can use the CPU Branch History Buffer to influence mispredicted branches, triggering speculative execution that leads to cache allocation and potential inf...

CVE-2024-35866

CVE-2024-35866: Linux kernel SMB CIFS client use-after-free in cifs_dump_full_key() addressed by skipping sessions tearing down (status == SES_EXITING) to prevent UAF. Connected docs confirm this fix and list multiple downstream advisories (e.g., ALAS2KERNEL, ALAS2023, Debian DLA-4193-1) referenc...