CVE-2024-35866

CVE-2024-35866: Linux kernel SMB CIFS client use-after-free in cifs_dump_full_key() addressed by skipping sessions tearing down (status == SES_EXITING) to prevent UAF. Connected docs confirm this fix and list multiple downstream advisories (e.g., ALAS2KERNEL, ALAS2023, Debian DLA-4193-1) referenc...

CVE-2024-36031

CVE-2024-36031 is a Linux kernel vulnerability where, during key instantiation, the expiry time of a key is unconditionally overwritten to TIME64_MAX, effectively making it permanent and breaking DNS updates. The root cause is the unconditional key_set_expiry call during instantiation; the fix re...

CVE-2024-36945

In the Linux kernel, CVE-2024-36945 affects net/smc: fix of a neighbour and rtable leak in smc_ib_find_route(). The issue arises because the neighbour found by neigh_lookup() and the rtable resolved by ip_route_output_flow() were not released before returning, causing a refcount leak. The documen...

CVE-2024-38581

CVE-2024-38581 : Linux kernel vulnerability affecting the AMDGPU MES path. The issue is a use-after-free in drm/amdgpu/mes triggered by the ramdom use-after-free caused by the fence fallback timer. The fix deletes the fence fallback timer to resolve the issue, and this change moved to amdgpu_mes....

CVE-2024-46868

In CVE-2024-46868, the Linux kernel firmware: qcom: uefisecapp fix addresses a deadlock in qcuefi_acquire: if the __qcuefi pointer isn’t set, the original code could hold the lock and deadlock when set later. The fix drops the lock on the error path to match caller expectations. Impact and exploi...

CVE-2024-49860

CVE-2024-49860 relates to the Linux kernel ACPI subsystem, specifically the sysfs path and the _STR method. The vulnerability arises when the _STR method returns a value that is not a buffer object; only buffers are valid, and returning other data types can cause description_show() to access inva...

CVE-2024-56623

CVE-2024-56623 : In the Linux kernel, the qla2xxx SCSI driver contains a use-after-free during unload, causing a system crash with a stack trace in SLUB. The root cause is a double-thread termination signal: an UNLOADING flag may race with kthread_stop, leading to use-after-free on cleanup. The f...

CVE-2024-56748

CVE-2024-56748 affects the Linux kernel SCSI qedf driver (QLogic/QED) where memory allocated for sb (scsi block) was leaked on sb_init failure. The root cause was that the dma memory sb_virt allocated for the SB was not freed when qed_ops->common->sb_init failed, leading to a memory leak. T...

CVE-2024-56758

CVE-2024-56758 affects the Linux kernel (btrfs) and describes a race where, after folio unlock during relocation, another thread can modify the folio mapping before folio_lock() and lead to an invalid page, potentially causing a NULL pointer dereference during concurrent transaction aborts. The i...

CVE-2024-57798

CVE-2024-57798 affects the Linux kernel drm_dp_mst handling of MST up requests. If another thread removes MST topology during processing, mst_primary could be freed and set to NULL, risking a NULL pointer dereference in drm_dp_mst_handle_up_req(). The fix is to hold a reference to mst_primary whi...

CVE-2024-57890

CVE-2024-57890 affects the Linux kernel RDMA/uverbs path. The issue is an integer overflow in user-supplied values during multiplications: cmd.wqe_size * cmd.wr_count and cmd.sge_count * sizeof(struct ib_uverbs_sge). On 32‑bit systems these can overflow, and the result may wrap as it’s passed to ...

CVE-2017-16646

CVE-2017-16646 affects the Linux kernel driver for USB DVB devices: specifically drivers/media/usb/dvb-usb/dib0700_devices.c, with the vulnerability present in kernels up to 4.13.11. A crafted USB device can trigger a local-denial-of-service (BUG and system crash) or possibly other unspecified im...

CVE-2018-1065

The CVE-2018-1065 entry affects the Linux kernel netfilter subsystem up to version 4.15.7. A rule blob containing a jump without a user-defined chain can be exploited by local users with CAP_NET_RAW or CAP_NET_ADMIN to trigger a NULL pointer dereference, causing denial of service. Affected code p...

CVE-2018-12233

CVE-2018-12233 is a memory-corruption flaw in the Linux kernel’s JFS implementation (fs/jfs/xattr.c) that can be triggered by calling setxattr twice with two different extended attribute names on the same file. The issue stems from an incorrect kmalloc leading to slab-out-of-bounds in jfs_xattr a...

CVE-2019-12615

CVE-2019-12615 affects the Linux kernel (SPARC) in get_vdev_port_node_info in arch/sparc/kernel/mdesc.c prior to/through version 5.1.6, due to an unchecked kstrdup_const of node_info->vdev_port.name that can trigger a NULL pointer dereference and system crash. This is a DoS vulnerability as de...

CVE-2021-29266

CVE-2021-29266 affects the Linux kernel prior to 5.11.9. The use-after-free vulnerability is in drivers/vhost/vdpa.c where v->config_ctx may hold an invalid value when a character device is reopened, enabling a use-after-free scenario. The issue is addressed in ChangeLog-5.11.9 (kernel patch f...

CVE-2022-49294

CVE-2022-49294 affects the Linux kernel (drm/amd/display) and is caused by an unchecked modulo division that can read 0, leading to a divide-by-zero panic. The available connected documents confirm the root cause and indicate a fix in the kernel to check for modulo == 0 before dividing. The explo...

CVE-2023-1476

CVE-2023-1476 refers to a Linux kernel vulnerability affecting the mm/mremap path. A use-after-free occurs due to a race between rmap walk and mremap, enabling a local user to crash the system and potentially escalate privileges by exploiting a stale TLB during a PUD move. Connected documents ide...

CVE-2023-23039

CVE-2023-23039 : In the Linux kernel (up to 6.2.0-rc2), the race condition in drivers/tty/vcc.c between vcc_open() and vcc_remove() can cause a use-after-free when a physically proximate attacker removes a VCC device while open() is invoked. This yields a potential impact on integrity and availab...

CVE-2023-52628

CVE-2023-52628 : Linux kernel netfilter nftables exthdr fix for a 4-byte stack OOB write. If priv->len is a multiple of 4, dst[len/4] can overflow the destination array, causing stack corruption. The bug affected the kernel since the 4.1 cycle and was carried forward with tcp/sctp and IP optio...

CVE-2024-26631

CVE-2024-26631 – data race in IPv6 multicast path (Linux kernel) Root cause: ipv6_mc_down path allows writing idev->mc_ifc_count without proper synchronization, enabling data races with ipv6/mld_work paths. What’s fixed: The patch encapsulates calls to mld_ifc_stop_work() (and mld_gq_stop_work...

CVE-2024-26678

CVE-2024-26678 affects the Linux kernel’s x86/efistub pathway. The vulnerability arises from using a 1:1 file:memory mapping for the PE/COFF .compat section, which is an 8-byte dummy section containing the 32-bit entrypoint address of a 64-bit kernel image when booted from 32-bit firmware (CONFIG...

CVE-2024-26717

CVE-2024-26717: Linux kernel HID I2C- HID OF driver fix for NULL pointer dereference on power-up failure. The OF driver did not initialize the client pointer, which is dereferenced when power-up fails, potentially leading to a NULL-deref. The entry documents a resolved issue in the HID i2c-hid-of...

CVE-2024-26843

CVE-2024-26843: In the Linux kernel, the EFI runtime subsystem had a fix for a potential overflow in the soft-reserved region size. Specifically, md_size could be narrowed when there are >= 4 GiB worth of pages in a soft-reserved region. The vulnerability is reported as a local vulnerability w...

CVE-2024-26952

CVE-2024-26952 : In the Linux kernel, ksmbd had an out-of-bounds risk when buffer offset fields in some requests are invalid. The issue arises from insufficient validation of buffer offsets, and a patch increases the minimum allowed buffer offset to validate the buffer length. The Astra Linux adv...

CVE-2024-35965

CVE-2024-35965 affects the Linux kernel Bluetooth stack (L2CAP) where setsockopt input length is not validated before copying data. The root cause is missing validation of user input length, enabling potential memory/contagion issues as described in vendor advisories that reference this CVE (e.g....

CVE-2024-40954

The CVE-2024-40954 entry concerns a Linux kernel UAF: a dangling sk pointer may be created on socket creation failure when an fentry probe hits __sock_release() and bpf_get_socket_cookie() is invoked, enabling a use-after-free in __sock_gen_cookie. Reproducing scenario described via traceroute -I...

CVE-2024-40965

CVE-2024-40965 (Linux kernel: i2c/lpi2c): The provided documents confirm a fix for a deadlock scenario in i2c-lpi2c where repeated clk_get_rate() calls during transfers could lock the clk mutex and cause deadlock when a tlv320aic32x4 codec is added. The resolution caches the clock rate and uses a...

CVE-2024-47745

The CVE-2024-47745 entry describes a Linux kernel vulnerability where remap_file_pages bypassed W^X enforcement when using personality(READ_IMPLIES_EXEC) followed by a RW remap, due to the remap_file_pages path calling do_mmap() before the LSM security check. A fix adds a security_mmap_file LSM h...

CVE-2024-50062

CVE-2024-50062 concerns the Linux kernel vulnerability in RDMA/rtrs-srv for path establishment, where a null pointer dereference could occur if RTRS connections aren’t fully established before info exchange. The issue is resolved in the Linux kernel; Debian and other advisories note that an updat...

CVE-2024-50150

The CVE-2024-50150 entry describes a Linux kernel vulnerability in usb: typec: altmode where the altmode device release did not keep a reference to its parent. The fix registers a reference to the parent during altmode registration and stores it in the release path to prevent use-after-free scena...

CVE-2024-53120

CVE-2024-53120 relates to the Linux kernel mlx5 core offload path. The vulnerability occurs in net/mlx5e when offloading CT rules: in mlx5_tc_ct_entry_add_rule(), if ct_rule_add() returns an error, zone_rule->attr is used uninitialized, causing a NULL pointer dereference (kernel OOPS). The fix...

CVE-2025-21639

The CVE-2025-21639 issue is in the Linux kernel SCTP sysctl handling (rto_min/rto_max) where current->nsproxy was used to read netns, risking a NULL pointer dereference and Oops when the task is exiting. The fix, as described in the initial document, replaces current->nsproxy usage with ret...

CVE-2025-21718

CVE-2025-21718 affects the Linux kernel Rose timer handling. The issue arises when Rose timers acquire only the socket spinlock and do not verify socket ownership, enabling a race against user threads. The described fix adds a socket ownership check and rearms timers as needed, addressing a KASAN...

CVE-2025-37785

The CVE-2025-37785 issue affects the Linux kernel ext4 filesystem. A corrupted directory containing a '.' entry with rec_len equal to a full block could cause an out-of-bounds read when ext4_empty_dir() loads the '.' entry and derives '..' location, due to incorrect handling of directory entries ...

CVE-2016-8658

CVE-2016-8658: Stack-based buffer overflow in brcmf_cfg80211_start_ap (Linux kernel, brcmfmac cfg80211) before 4.7.5. Exploitation path involves sending a Netlink command with a long SSID Information Element, enabling a local attacker to trigger a denial-of-service (system crash) or potentially o...

CVE-2017-15274

CVE-2017-15274 affects the Linux kernel K ey Management subsystem: security/keys/keyctl.c fails to handle a NULL payload with a nonzero length, allowing local users to trigger a NULL pointer dereference and OOPS via crafted add_key or KEYCTL calls, resulting in DoS. The issue is chained to the ke...

CVE-2019-19531

CVE-2019-19531 affects the Linux kernel prior to 5.2.9. The issue is a use-after-free triggered by a malicious USB device in the drivers/usb/misc/yurex.c component (CID-fc05481b2fca). Exploitation would occur locally (physical access) via crafted USB input, with the kernel potentially resolving t...

CVE-2019-3887

CVE-2019-3887 covers a KVM x2APIC MSR access flaw that can allow a L1 guest to read L0 APIC values via a L2 guest when nested virtualization is enabled, potentially crashing the host kernel (DoS). Affected: Linux kernel with nested=1 supporting x2APIC mode; cited in multiple Unity Linux/Nessus ad...

CVE-2021-29649

The CVE-2021-29649 issue affects the Linux kernel prior to 5.11.11. It is a memory leak in the user mode driver (UMD) caused by incomplete cleanup in kernel/usermode_driver.c and kernel/bpf/preload/bpf_preload_kern.c. The vulnerability is local and does not imply remote code execution by itself; ...

CVE-2022-3107

CVE-2022-3107 affects the Linux kernel (up to 5.16-rc6) and is triggered in the netvsc driver (drivers/net/hyperv/netvsc_drv.c) where netvsc_get_ethtool_stats does not properly check the return value of kvmalloc_array(), leading to a NULL pointer dereference. The connected TencentOS/TSSA advisory...

CVE-2022-48655

CVE-2022-48655 in the Linux kernel: vulnerability in the SCMI firmware path (arm_scmi) where reset domains descriptors could be accessed by index, risking out-of-bounds due to SCMI driver misbehavior. The root cause is lack of an internal consistency check before domain descriptor accesses. The f...

CVE-2024-26774

CVE-2024-26774 — Linux kernel ext4 fix for zero-division risk . The vulnerability arises in ext4_mb_update_avg_fragment_size() when the block bitmap is corrupted, potentially causing a divide-by-zero if bb_fragments is 0 and the code uses bb_free. The fix changes the check to determine bb_fragmen...

CVE-2024-26803

Technical details beyond the initial description are not provided in the connected documents. Public specifics about affected products, versions, or fixes are not available here; monitor for official updates.

CVE-2024-33621

Technical details about CVE-2024-33621 are not present in the provided documents. The connected materials do not specify affected products, impact, or fixes for this CVE. Monitor for updates from official advisories.

CVE-2024-35905

CVE-2024-35905 is a Linux kernel issue where a patch re-introduced protection against negative stack-access sizes in BPF code. The fix guards against out-of-bounds accesses in check_stack_range_initialized() when an access size can overflow its signed int representation. The vulnerability was mit...

CVE-2024-36286

CVE-2024-36286 (Linux kernel) : Affects netfilter nfnetlink_queue logic where nf_reinject() could be called without proper rcu_read_lock, triggering suspicious RCU usage in instance_destroy_rcu. The Astra Linux security bulletin (connected doc) mirrors the Linux kernel fix and notes the vulnerabi...

CVE-2024-36960

The CVE-2024-36960 entry maps to a Linux kernel issue in drm/vmwgfx where the length field for drm_event was incorrectly set to the parent structure, causing out-of-bounds reads when drm_read copies events to userspace. The provided documents confirm the root cause and fix: set drm_event length t...

CVE-2024-38555

CVE-2024-38555: In the Linux kernel, the net/mlx5 driver fixes a use-after-free by discarding FW command completions arriving during an internal error state. The patch prevents calling the completion handler when the device will flush the command interface, avoiding use-after-free/refcount underf...

CVE-2024-41007

CVE-2024-41007 relates to a Linux kernel TCP issue where a socket using TCP_USER_TIMEOUT could have the retransmit timer emit packets for minutes after the user timeout expired if the peer reduced its window to zero. The underlying cause was tcp_retransmit_timer() ignoring icsk_user_timeout under...