13804 matches found
CVE-2024-46797
CVE-2024-46797 : In the Linux kernel (PowerPC/MCS qspinlock), a deadlock can occur when an interrupt happens in queued_spin_lock_slowpath() after qnodesp->count is incremented but before node->lock is initialized. This can allow a CPU to see stale lock values and write the wrong qnode’s nex...
CVE-2024-50127
CVE-2024-50127 : The Linux kernel patch for the taprio_change() use-after-free fixes a dangling admin pointer caused by sched switch/removal via advance_sched(). The critical section protected by q->current_entry_lock is too small to prevent the scenario, and KASAN can detect the issue. The fi...
CVE-2024-53056
CVE-2024-53056 affects the Linux kernel in the drm/mediatek component, specifically the mtk_crtc_destroy() NULL-dereference risk caused by cleanup behavior when mtk_crtc_create() fails to obtain a channel via mbox_request_channel(). The issue arises because, if the call to mbox_request_channel() ...
CVE-2024-56608
CVE-2024-56608 affects the Linux kernel in the AMD display driver (drm/amd/display) where dcn21_link_encoder_create could perform an out-of-bounds access on the link_enc_hpd_regs array. The connected TencentOS NASL notes the issue is present in kernels prior to 5.15.182.1-1 and that a patch updat...
CVE-2025-21682
CVE-2025-21682 affects the Linux kernel bnxt Ethernet driver. When XDP is detached, features are not reliably recalculated, causing HW-GRO to stay off and potentially re-enable inconsistently during later reconfigurations. This can lead to a NULL pointer dereference in the RSS/path eventually, as...
CVE-2026-46243
The CVE-2026-46243 entry concerns the Linux kernel CIFS client. It fixes a bug where cifs.spnego key descriptions could be created by userspace (via request_key(2) or add_key(2)) and include fields (pid, uid, creduid, upcall_target) that are treated as kernel-origin inputs. The fix restricts acce...
CVE-2010-2521
CVE-2010-2521 affects the Linux kernel NFS server (fs/nfsd/nfs4xdr.c) prior to 2.6.34-rc6. The issue is due to multiple buffer overflows in the XDR implementation, exploitable via a crafted NFSv4 WRITE request, impacting the read_buf and nfsd4_decode_compound paths. Consequences include denial of...
CVE-2018-14609
CVE-2018-14609 affects the Linux kernel (up to 4.17.10) with an invalid pointer dereference in __del_reloc_root() of fs/btrfs/relocation.c when mounting a crafted Btrfs image. The issue is triggered by removing reloc rb_trees when reloc control has not been initialized, leading to potential denia...
CVE-2022-3176
CVE-2022-3176 describes a use-after-free in the Linux kernel’s io_uring subsystem. Signalfd_poll() and binder_poll() use a waitqueue whose lifetime is the current task, and the POLLFREE notification is sent to all waiters before the queue is freed, but io_uring poll does not handle POLLFREE. This...
CVE-2023-52621
CVE-2023-52621: In the Linux kernel, a fix was added to bpf map helpers (bpf_map_lookup_elem, bpf_map_update_elem, bpf_map_delete_elem) to check rcu_read_lock_trace_held() before use when running sleepable BPF programs. The vulnerability arises when sleepable BPF programs manipulate BPF maps unde...
CVE-2023-52832
CVE-2023-52832 affects the Linux kernel’s wireless stack (mac80211/nl80211). The issue arises when ieee80211_get_tx_power() can return INT_MIN (the internal sentinel for an “unset power level”), which can trigger a UBSAN signed‑integer overflow. The observed effect is a UBSAN warning in net/wirel...
CVE-2024-26707
The connected documents provide concrete details for CVE-2024-26707: in the Linux kernel net/hsr code, WARN_ONCE() in send_hsr_supervision_frame() is removed and replaced with netdev_warn_once(), and a similar change is suggested for send_prp_supervision_frame() to quiet syzkaller warnings. This ...
CVE-2024-26826
Mode C: CVE-2024-26826 is a Linux kernel vulnerability affecting the MPTCP path handling. The issue is described as a broken check when re-injecting data on a stale subflow: the MPTCP PM uses a TCP-specific helper on an MPTCP socket to test for unacked data in the RTX queue, which could lead to u...
CVE-2024-26927
CVE-2024-26927 (Linux kernel, ASoC: SOF) has been fixed by adding bounds checks for firmware data to prevent underflow in head->full_size - head->header_size. The description notes Smatch detected potential negative values and an upper bounds check, addressing a bounds-related vulnerability...
CVE-2024-35950
CVE-2024-35950 concerns a Linux kernel DRM issue where the modes[] array (points to connectors’ mode list entries) was not protected by the same mutex as mode_config, risking use-after-free if elements reference freed memory. The fix extends protection to modes[] via dev->mode_config.mutex, ad...
CVE-2024-35973
CVE-2024-35973 affects the Linux kernel's geneve code path. The issue arises from incomplete header validation in geneve_xmit_skb, where skb->protocol handling could leave pskb_inet_may_pull() with an uninitialized or unexpected value, potentially triggering an uninit-value during transmission...
CVE-2024-36020
CVE-2024-36020 centers on the Linux kernel i40e driver: a regression caused a may-be-uninitialized VF pointer, leading to stale VF references and potential instability. The fix removes a redundant variable and uses a single VF pointer across the affected function to guarantee pointer validity. Th...
CVE-2024-43830
CVE-2024-43830 : Linux kernel vulnerability in leds: trigger race. The issue arises when unregistering trigger sysfs attributes after deactivate(), creating a window where trigger-data could be referenced post-free. The documented fix moves device_remove_groups() to before deactivate(), ensuring ...
CVE-2024-46743
CVE-2024-46743 affects the Linux kernel’s interrupt/IRQ handling in the of_irq_parse_raw path. When a device address is smaller than the interrupt parent node (involving #address-cells), KASAN detects a slab-out-of-bounds read while populating the initial match table during interrupt map walk. Th...
CVE-2024-49569
CVE-2024-49569 : In the Linux kernel, nvme-rdma: unquiesce admin_q before destroy it can cause a kernel hang when ctrl creation fails. The issue drains pending admin-queue requests, freezing at blk_mq_freeze_queue_wait(). Fix implemented by reusing nvme_rdma_teardown_admin_queue() to properly dra...
CVE-2024-49883
In CVE-2024-49883, the Linux kernel ext4 ext4_ext_insert_extent() is vulnerable to use-after-free when a path is reallocated in ext4_ext_create_new_leaf(), leaving a stale path in ext4_ext_insert_extent() and triggering UAF (KASAN) during map/write paths. The issue is reproduced via a realloc of ...
CVE-2024-49962
CVE-2024-49962 : In the Linux kernel, ACPICA toolchain fix guards against NULL returns from ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package(). If ACPI_ALLOCATE_ZEROED() fails, elements may be NULL, leading to a NULL pointer dereference. The linked Astra/IBM bulletins reference the same root ...
CVE-2024-50236
CVE-2024-50236 affects the Linux kernel’s ath10k wireless stack. It describes a memory leak in management TX where MSDU context memory was allocated but not freed on TX completion, with similar leaks in the cleanup path. The fix frees the memory during completion/cleanup and protects the mgmt_tx ...
CVE-2024-56739
CVE-2024-56739 affects the Linux kernel where a failed __rtc_read_time in rtc_timer_do_work() can leave struct rtc_time tm with uninitialized data, causing rtc_tm_to_ktime to yield a very large value and potentially trigger kernel softlockup via periodic timers. The published fix adds a check on ...
CVE-2025-21859
CVE-2025-21859 affects the Linux kernel USB gadget f_midi path; a deadlock occurs when a lock is acquired twice in a re-entrant f_midi_transmit. The fix is to schedule the inner f_midi_transmit via a high-priority work queue using queue_work() from the completion handler. Patched commits are refe...
CVE-2015-3214
CVE-2015-3214 affects QEMU prior to 2.3.1 (pit_ioport_read in i8254.c) and Linux kernel prior to 2.6.33. The flaw does not distinguish between read and write lengths, potentially allowing a privileged guest user (with PIT emulation enabled) to trigger an invalid index and cause arbitrary host cod...
CVE-2017-5897
CVE-2017-5897 involves an out-of-bounds read in the Linux kernel’s IPv6 GRE handling (ip6_gre.c, ip6gre_err). Connected sources (Debian DSA-3791-1 and Cloud Foundry USN-3265-2) confirm the issue and note mitigation via kernel updates (e.g., Debian Jessie fix in linux 3.16.39-1+deb8u1; vendor advi...
CVE-2019-19037
CVE-2019-19037 affects the Linux kernel ext4 implementation: ext4_empty_dir in fs/ext4/namei.c up to kernel 5.3.12 can trigger a NULL pointer dereference when ext4_read_dirblock(inode,0,DIRENT_HTREE) evaluates to zero. Connected Nessus advisories (Unity Linux UTSA-2026-003782/003750/001396) echo ...
CVE-2021-34866
The connected sources confirm CVE-2021-34866 affects Linux Kernel 5.14-rc3. Root cause: improper validation of user-supplied eBPF programs leading to a type confusion condition in the kernel’s eBPF handling. Impact: local privilege escalation and potential arbitrary code execution in kernel conte...
CVE-2022-1974
CVE-2022-1974 describes a use-after-free in the Linux kernel NFC core due to a race between kobject creation and deletion. The vulnerability permits a local attacker with CAP_NET_ADMIN to leak kernel information. The description and references indicate this is tied to the Linux NFC subsystem and ...
CVE-2022-33742
Summary: CVE-2022-33742 is tied to Linux Block and Network PV frontends leaking data due to sharing memory regions without zeroing and because grant-table granularity may expose data within the same 4K page as data shared with a backend. This is described alongside related CVEs (CVE-2022-26365, C...
CVE-2023-52528
CVE-2023-52528 is a Linux kernel USB networking issue in the smsC75xx driver. The bug caused an uninitialized read in __smsc75xx_read_reg during the bind/probe sequence, leading to a potential uninit-value access in the smsc75xx_wait_ready path when binding the device. The deduced root cause is u...
CVE-2023-52607
CVE-2023-52607 is a Linux kernel vulnerability affecting the powerpc architecture, where a null-pointer dereference could occur in pgtable_cache_add due to a potentially NULL kasprintf() return when memory allocation fails. The issue arises because kasprintf() can return NULL and the code did not...
CVE-2024-24858
CVE-2024-24858 describes a race condition in the Linux kernel's Bluetooth code (net/bluetooth) specifically in {conn,adv}_{min,max}_interval_set() that can cause I2cap connection or broadcast abnormalities, potentially leading to a denial of service. The Astra Linux security bulletin also referen...
CVE-2024-26759
The CVE-2024-26759 issue is a Linux kernel race in swap caching. Two threads swapping the same entry with SWP_SYNCHRONOUS_IO can end up installing different pages (A and B), causing ABA and possible data corruption when the entry is freed and reused. The fix uses swapcache_prepare to pin the swap...
CVE-2024-35854
CVE-2024-35854 : In the Linux kernel, the mlxsw: spectrum_acl_tcam component could trigger a use-after-free during rehash. The root cause is destruction of a region that still has filters when migration can fail (despite non-negative credits), leading to OOB/dereference via use-after-free. The fi...
CVE-2024-35912
Technical details about CVE-2024-35912 are not provided in the connected documents. No information on affected products/versions/vulnerability specifics is available here; monitor for updates from vendor/security advisories.
CVE-2024-35937
CVE-2024-35937 affects the Linux kernel wifi stack: cfg80211 A-MSDU handling can read data out of bounds if a subframe header appears but is not fully present. The vulnerability root cause is insufficient validation of A-MSDU subframes; the fix tightens checks to ensure a subframe header can actu...
CVE-2024-35978
CVE-2024-35978 details (Grounded in provided docs): Linux kernel Bluetooth stack has a memory leak in hci_req_sync_complete() where previous sync state is not freed before reassigning a new one. The Astra Linux security bulletin confirms the same Linux kernel vulnerability with the same fix acros...
CVE-2024-36015
In CVE-2024-36015, the Linux kernel exposes a flaw in ppdev: register_device does not validate the index returned by ida_simple_get, risking use of an invalid index. The fix is to check the index after ida_simple_get, and if abnormal, print a warning, drop the port, and record the value. Public a...
CVE-2024-40998
CVE-2024-40998 — Normal (details provided) Affects Linux kernel ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super(). The root cause is registering sysfs before s_msg_ratelimit_state.lock is initialized, allowing concurrent updates to rs->interval (non-zero) to trigge...
CVE-2024-42158
CVE-2024-42158 concerns the Linux kernel s390/pkey code where memory cleanup was updated to use kfree_sensitive() instead of memzero_explicit() and kfree() to address Coccinelle warnings. The connected sources explicitly state the fix involves replacing those calls with kfree_sensitive() to align...
CVE-2024-43906
CVE-2024-43906 affects the Linux kernel, specifically the drm/admgpu path. The issue arises when user space passes an invalid ta type, causing the pointer context to be empty and leading to a potential null pointer dereference. The provided connected materials indicate the vulnerability has been ...
CVE-2024-50039
CVE-2024-50039 : Linux kernel net/sched vulnerability where accepting TCA_STAB on non-root qdiscs could crash via NULL pointer dereference (syzbot) when using a TBF/SFQ combo. The fix restricts STAB handling to root qdisc (per-qdisc storage isn’t maintained for arbitrary levels). Connected docs i...
CVE-2024-53161
CVE-2024-53161 is tied to the Linux kernel EDAC/bluefield issue: the 64-bit get-DIMM-info SMC argument used mem_ctrl_idx left-shifted by 16 and OR’d with the DIMM index; with mem_ctrl_idx treated as 32-bit this can truncate the upper 16 bits, risking data loss. The advisory states the mem_ctrl_id...
CVE-2025-21640
Summary (CVE-2025-21640) : In the Linux kernel, the sctp: sysctl: cookie_hmac_alg path was fixed to avoid using current->nsproxy. The root cause involved dereferencing current->nsproxy (which can be NULL, e.g., when the task is exiting), leading to an OOPs condition. The patch replaces the ...
CVE-2009-2698
CVE-2009-2698 affects the Linux kernel UDP implementation (net/ipv4/udp.c and net/ipv6/udp.c) prior to 2.6.19. Local users can gain privileges or cause a denial of service (NULL pointer dereference/system crash) via UDP socket use with MSG_MORE. Oracle Linux/MiracleLinux advisories reference this...
CVE-2011-1833
The CVE-2011-1833 issue affects the Linux kernel’s eCryptfs subsystem, specifically the ecryptfs_mount path (fs/ecryptfs/main.c). A race condition during mounting with a mismatched uid could let a local attacker bypass file permissions. This vulnerability is present in kernel versions before 3.1....
CVE-2015-8964
The CVE-2015-8964 entry relates to the Linux kernel prior to 4.5, where the tty_set_termios_ldisc() function in drivers/tty/tty_ldisc.c can allow local users to read a tty data structure and disclose kernel memory. Evidence in connected documents confirms the affected component (tty_ldisc.c), the...
CVE-2017-16536
CVE-2017-16536 affects the Linux kernel cx231xx USB card driver (cx231xx_usb_probe in drivers/media/usb/cx231xx/cx231xx-cards.c) up to version 4.13.11. The issue allows a local attacker to trigger a NULL pointer dereference leading to a denial of service or system crash via a crafted USB device. ...