CVE-2015-8964

The CVE-2015-8964 entry relates to the Linux kernel prior to 4.5, where the tty_set_termios_ldisc() function in drivers/tty/tty_ldisc.c can allow local users to read a tty data structure and disclose kernel memory. Evidence in connected documents confirms the affected component (tty_ldisc.c), the...

CVE-2018-7995

CVE-2018-7995 describes a race condition in Linux kernel’s store_int_with_restart() (arch/x86/kernel/cpu/mcheck/mce.c) up to version 4.15.7. This flaw lets a local attacker with root access to write to /sys/devices/system/machinecheck/machinecheck/check_interval and trigger a denial of service/pa...

CVE-2022-49371

CVE-2022-49371: In the Linux kernel, driver core: fix deadlock in __device_attach. The deadlock occurs when async_probe is scheduled while holding device_lock(dev); async_helper may also acquire dev, causing A-A deadlock. The fix moves async_schedule_dev outside the device_lock path, leveraging t...

CVE-2023-34324

The CVE describes a deadlock in Linux kernel Xen event channel handling when a close operation is performed in parallel with a Xen console action/interrupt in an unprivileged Xen guest. The issue occurs during removal of a paravirtual device or similar event-channel close, with 32-bit Arm guests ...

CVE-2023-52578

CVE-2023-52578 affects the Linux kernel, specifically in the bridge code path (net/bridge) where br_handle_frame_finish() can race across CPUs, risking data races on dev->stats fields. The fix adopts SMP-safe DEV_STATS_INC() to update dev->stats (including tx_dropped) safely across CPUs, mi...

CVE-2023-52581

CVE-2023-52581 : Linux kernel netfilter nft_tables memo‑leak when more than 255 elements expire. Root cause: u8 wrap occurs before boundary and nft_trans_gc_space() returns true, causing recycle of the initial gc container and loss of earlier elements. Also fixes dereferencing GC after handing it...

CVE-2024-35789

CVE-2024-35789 – Linux kernel : Vulnerability in wifi/mac80211 VLAN handling where on moving a station out of a VLAN and deleting the VLAN, the fast_rx entry could still point to the VLAN netdev, enabling a use-after-free. The fixed behavior is to immediately call ieee80211_check_fast_rx after VL...

CVE-2024-35888

Technical details of CVE-2024-35888 are not provided in the supplied documents. Please monitor for updates from official advisories; additional specifics (affected products, impact, and fixes) are not disclosed here.

CVE-2024-35904

CVE-2024-35904 relates to a Linux kernel fix for SELinux: avoid dereferencing a garbage pointer after a mount failure. The patch ensures that when kern_mount() fails, the code returns in the error branch instead of continuing, preventing dereferencing the error pointer, and it drops the selinuxfs...

CVE-2024-35942

CVE-2024-35942 relates to the Linux kernel and affects the imx8mp block clock handling. The issue occurs when the fdcc clock, intended for the HDMI RX domain, is added to the hdmimix domain while HDMI TX/LCDIF probe sequencing can disable it. If the clock is disabled before HDMI/LCDIF probe, LCDI...

CVE-2024-36006

CVE-2024-36006 affects the Linux kernel mlxsw spectrum_acl_tcam code. The root cause is incorrect list usage: both vchunk_migrate_all and vregion_rehash paths call list_first_entry() without ensuring the lists are non-empty, triggering warnings. The connected Astra Linux bulletin confirms the sam...

CVE-2024-38612

CVE-2024-38612 affects the Linux kernel; the flaw is in the ipv6 SR (seg6) unregister path. The error path in seg6_init() can skip genl_unregister_family() if CONFIG_IPV6_SEG6_LWTUNNEL is not defined and seg6_hmac_init() fails, due to a changed cleanup path (unregister_pernet_subsys() replaced by...

CVE-2024-39276

CVE-2024-39276: Linux kernel ext4 mb_cache_entry e_refcnt leak fixed. In ext4_xattr_block_cache_find(), on failure from ext4_sb_bread() returning -ENOMEM, the ce’s e_refcnt could leak, triggering mb_cache_destroy(). Quick fix: call mb_cache_entry_put() on the -ENOMEM error path. Connected Astra L...

CVE-2024-39473

CVE-2024-39473 affects the Linux kernel ASoC: SOF ipc4-topology. The issue occurs when a process module lacks the base config extension: the same input format is applied to all inputs and process->base_config_ext becomes NULL, allowing a NULL dereference under specific topology/sequences. This...

CVE-2024-44970

CVE-2024-44970 (Linux kernel) affects mlx5e SHAMPO where, after consuming all strides in a WQE, an unlink could be executed again, corrupting the WQ list. The root cause is an extra unlink for a 0-sized consumed stride after a WQE is fully consumed and unlinked. The connected documents confirm a ...

CVE-2024-57850

CVE-2024-57850 affects the Linux kernel feature jffs2, where the rtime decompression code could corrupt memory outside the decompression buffer if compressed data is malformed. The issue is resolved by adding bounds checks during the rtime decompression pass. Supported documents confirm the vulne...

CVE-2025-21776

CVE-2025-21776 affects the Linux kernel USB hub driver where non‑compliant hubs with more than one config/interface can trigger a crash (usb_hub_to_struct_hub dereference). A fix exists: the driver now refuses hubs violating USB spec (more than one configuration or interface). Connected advisorie...

CVE-2016-0774

CVE-2016-0774 affects Linux kernel backports in Debian wheezy (before 3.2.73-2+deb7u3) and RHEL 7.1 (before 3.10.0-229.26.2). The flaw is in the pipe_read/pipe_write paths in fs/pipe.c where the side effects of failed __copy_to_user_inatomic/__copy_from_user_inatomic calls are not properly handle...

CVE-2020-10774

CVE-2020-10774: A local memory disclosure flaw in the Linux kernel sysctl subsystem allows reading uninitialized kernel memory when reading /proc/sys/kernel/rh_features, affecting kernel versions before 4.18.0-193.el8. Root cause is a memory disclosure in the sysctl path; impact is confidentialit...

CVE-2020-35499

CVE-2020-35499 describes a NULL pointer dereference in Linux kernel versions prior to 5.11 due to a missing sanity check in sco_sock_getsockopt (net/bluetooth/sco.c) when using BT_SNDMTU/BT_RCVMTU for SCO sockets. The issue allows a local attacker with elevated privileges to crash the system or l...

CVE-2021-38300

CVE-2021-38300 affects the Linux kernel on MIPS through arch/mips/net/bpf_jit.c, where the BPF JIT can emit incorrect machine code when transforming unprivileged cBPF programs. Root cause: conditional branches can exceed the 128 KB limit, enabling a local user to execute arbitrary code in kernel ...

CVE-2022-49647

CVE-2022-49647 affects the Linux kernel cgroups migration code. The vulnerability stems from overloading cset->mg_preload_node for both src and dst preload lists during task migrations, which could allow a cset to be simultaneously sourced and destined, risking a use-after-free if all tasks le...

CVE-2023-32269

The CVE-2023-32269 issue is a use-after-free in the Linux kernel (before 6.1.11) in net/netrom/af_netrom.c where accept is allowed for a connected AF_NETROM socket. Exploitation requires netrom routing to be configured or CAP_NET_ADMIN. This vulnerability can lead to local privilege/escalation im...

CVE-2024-26767

CVE-2024-26767 targets the Linux kernel’s drm/amd/display path. The issue stemmed from integer type widening in a loop condition and a missing null check, risking infinite loops and dereferencing NULL. The entry is fixed in the kernel (drm/amd/display: fixed integer types and null check locations...

CVE-2024-35817

The CVE-2024-35817 issue is in the Linux kernel’s DRM/amdgpu path. Specifically, amdgpu_ttm_gart_bind incorrectly sets the GTT bound flag and, after a GTT BO is released, amdgpu_ttm_backend_unbind may leave a stale GART page-table entry. If the GPU dereferences this stale GART address, it can rea...

CVE-2024-36926

CVE-2024-36926 affects the Linux kernel on PowerPC pseries hardware, where LPARs boot with a frozen PE may lack the ibm,dma-window property. This can cause a NULL pointer dereference while configuring PCI, leading to an oops/panic during boot. The vulnerability is described with kernel traces (pc...

CVE-2024-36953

CVE-2024-36953 affects the Linux kernel KVM for arm64 with vgic-v2. The issue: vgic_v2_parse_attr() searches for a vCPU matching the CPUID and may receive a NULL from kvm_get_vcpu_by_id() if the ID is invalid. Unlike the safe GICv3 flow, the code did not verify the returned vCPU object. Affected ...

CVE-2024-42228

CVE-2024-42228 : Linux kernel vulnerability involving the AMDGPU driver. The issue arises from using an uninitialized value (*size) when calling amdgpu_vce_cs_reloc, which can lead to arbitrary code execution or denial of service via a crafted relocation path. The fix initializes the size prior t...

CVE-2024-47710

CVE-2024-47710 : Linux kernel vulnerability where destroying a sock_map with many buckets could trigger soft lockups. The fix adds a cond_resched() in sock_hash_free() to yield the CPU when needed, addressing repeated syzbot soft lockup reports. Affected component: sock_map/sock_hash_free in Linu...

CVE-2024-49991

The CVE-2024-49991 issue affects the Linux kernel DRM/AMD stack: amdkfd_free_gtt_mem cleared the wrong pointer, causing a use-after-free when amdgpu_bo_unref resets the pointer. The patch passes the correct pointer reference to amdgpu_bo_unref to ensure the original pointer is NULL’d correctly. T...

CVE-2024-50049

CVE-2024-50049 affects the Linux kernel DRM AMD display path. The vulnerability arises from dereferencing a se pointer that could be NULL after a prior null check in the same function, leading to a FORWARD_NULL condition. Exploitation would be LOCAL with LOW privileges and no user interaction, po...

CVE-2024-50073

CVE-2024-50073: Linux kernel tty/n_gsm use-after-free in gsm_cleanup_mux (UAF on gsm_msg in gsm_mux tx lists). Unity Linux advisory confirms fix: protect gsm_msg by adding a gsm tx lock to prevent multi-threaded free via ioctl. Affects kernel 6.11.0+; patch details referenced in Unity/Nessus desc...

CVE-2024-53074

The CVE-2024-53074 issue affects the Linux kernel wireless stack (iwlwifi, mvm). The vulnerability arises from not releasing the link mapping resource when an AP is removed, leading to a leak of a link on AP removal. This specifically impacts devices that do not support the MLD API (9260 and earl...

CVE-2024-53093

In CVE-2024-53093, the Linux kernel vulnerability affects nvme-multipath: partition scanning could deadlock if the partition scan runs inside the controller's scan_work context. The fix defers the partition scan to a non-blocking context to prevent IO stalls when a path error occurs. Affected com...

CVE-2013-4563

CVE-2013-4563 applies to the Linux kernel UDP Fragmentation Offload (UFO) path. The udp6_ufo_fragment function in net/ipv6/udp_offload.c can mis-evaluate a size comparison before inserting a fragment header when UFO is enabled, enabling remote attackers to trigger a denial of service (panic) by s...

CVE-2021-20320

CVE-2021-20320 : A flaw in the Linux kernel, specifically in s390 eBPF JIT (bpf_jit_insn in arch/s390/net/bpf_jit_comp.c). The vulnerability could let a local attacker with restricted privileges bypass the verifier and cause a confidentiality impact. Connected advisories (Unity Linux UTSA-2026-00...

CVE-2021-4001

CVE-2021-4001 is a race condition in the Linux kernel ebpf verifier between bpf_map_update_elem and bpf_map_freeze caused by a missing lock in kernel/bpf/syscall.c. A local user with cap_sys_admin or cap_bpf can modify the frozen mapped address space. The flaw affects kernel versions prior to 5.1...

CVE-2021-4135

CVE-2021-4135 affects the Linux kernel, specifically the netdevsim (Simulated networking device) driver’s eBPF path. The issue is a memory leak in the nsim_map_alloc_elem path that can be triggered by user-controlled use of BPF for the device, enabling a local attacker to access kernel data. Publ...

CVE-2022-49376

CVE-2022-49376 affects the Linux kernel SCSI subsystem (sd driver). The issue arises when sd_probe() hits an early error before sdkp->device is initialized, leading to a NULL pointer dereference inside sd_is_zoned() due to an unintended call to sd_zbc_release_disk(). The fix removes the sd_zbc...

CVE-2023-52610

CVE-2023-52610 is a Linux kernel vulnerability in the net/sched: act_ct path. The issue arises when defragmenting fragments (ooo frag) where skb references are mishandled, leaking skb buffers and potentially crashing the kernel when skb is cloned/shared. The root cause is the previous use of skb_...

CVE-2024-1085

CVE-2024-1085 is a Linux kernel nf_tables use-after-free vulnerability that can enable local privilege escalation. The issue stems from nft_setelem_catchall_deactivate() freeing a catch-all set element based on the current generation, while it is only marked inactive for the next generation, allo...

CVE-2024-22099

Technical details for CVE-2024-22099 are not publicly provided in the supplied documents. Monitor for updates.

CVE-2024-26708

CVE-2024-26708 affects the Linux kernel MPTCP subsystem. Description in provided docs: fastopen race between Fastopen and PM-trigger subflow shutdown can race; initial patch missed a state change before subflow_state_change callback. The fix copies all states reachable from TCP_FIN_WAIT1 to handl...

CVE-2024-27059

CVE-2024-27059 refers to a Linux kernel vulnerability in the usb-storage isd200 sub-driver. The issue arises from using ATA ID values HEADS and SECTORS to derive cylinder/head for READ/WRITE CDBs; division/modulus by zero could occur if either value is 0. The fix blocks binding to devices with AT...

CVE-2024-27062

CVE-2024-27062 relates to the Linux kernel nouveau driver, where the client object tree lacked locking and races occurred when adding/removing client objects (notably VRAM BAR mappings). The fix locks the client object tree to prevent race conditions during add/remove operations, addressing a gen...

CVE-2024-35863

CVE-2024-35863 (Linux kernel, SMB client) is addressed in the Miracle Linux advisory and linked Nessus entries, which confirm a use-after-free (UAF) condition in the SMB client when breaking oplocks. The root cause is a race during session teardown; the fix skips processing on sessions in teardow...

CVE-2024-36481

CVE-2024-36481 affects the Linux kernel tracing/btf parsing: btf_find_struct_member() may return NULL or an ERR_PTR, but parse_btf_field() only checked NULL before. The fix uses IS_ERR() and propagates the error up the stack. Affected component is the kernel’s tracing probes; impact is a local vu...

CVE-2024-36939

CVE-2024-36939 affects the Linux kernel nfs subsystem. Root cause: rpc_proc_register() errors in init_nfs_fs() could be ignored, causing nfs_net_exit() to run during netns destruction and trigger warning paths. The issue was addressed by properly handling the rpc_proc_register() error in nfs_net_...

CVE-2024-38596

CVE-2024-38596 is a Linux kernel vulnerability in af_unix data races between unix_release_sock/unix_stream_sendmsg. The races occur because sk_shutdown is written atomically by unix_release_sock() (WRITE_ONCE) but read non‑atomically by unix_stream_sendmsg(), triggering a KCSAN data race (BUG: KC...

CVE-2024-38598

CVE-2024-38598 — Linux kernel (md/raid10) softlockup during resync Technical details from the provided documents indicate that the issue arises in the md bitmap synchronization path for raid10 during lvextend/lvchange --syncaction, leading to a soft lockup (CPU 3) due to a logic error in md_bitma...