CVE-2024-40972

CVE-2024-40972 : In the Linux kernel, the ext4_xattr_set_entry() path creates new EA inodes while holding the external xattr block’s buffer lock, nesting allocation locks and risking deadlock. The fix moves EA inode allocation out of ext4_xattr_set_entry() to the callers, preventing lock nesting....

CVE-2024-41001

CVE-2024-41001: In the Linux kernel, io_uring/sqpoll may leak audit memory during connect handling due to path conditions in prep/issue auditing; a blanket NOP before SQPOLL mitigates this. The issue, rated CVSSv3.1: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, is locally exploitable and impacts availabi...

CVE-2024-42094

CVE-2024-42094 affects the Linux kernel where CONFIG_CPUMASK_OFFSTACK=y caused explicit cpumask var allocation on the stack in net/iucv to risk stack overflow. The fix is to use the *cpumask_var API(s) to allocate cpumask variables in a config-neutral way, leaving allocation strategy to CONFIG_CP...

CVE-2024-42302

CVE-2024-42302 : The Linux kernel fixed a use-after-free in PCI/DPC when a DPC event occurs concurrently with hot-removal on the same PCIe hierarchy. The underlying issue was that pci_bridge_wait_for_secondary_bus() did not hold a reference to the child pci_dev during a DPC event, allowing concur...

CVE-2024-47678

CVE-2024-47678 — Linux kernel ICMP rate-limit order fix . The vulnerability concerns the ICMP rate-limiting path where two rate-limiters were applied in this order after the patch: host-wide limit (icmp_global_allow) and per-destination limit (inetpeer). The fix reorders checks so that the per-de...

CVE-2024-49950

CVE-2024-49950 affects the Linux kernel Bluetooth L2CAP implementation (l2cap_connect), with a slab-use-after-free/KASAN issue reported in l2cap_connect.constprop.0. Connected advisories (Unity Linux UTSA-2026-005148, Azure Linux CVE advisory, MiracleLinux AXSA:2025-10392) confirm the fix has bee...

CVE-2024-50080

Technical details for CVE-2024-50080 are not publicly provided in the connected documents. The initial description summarizes the vulnerability, but no vendor/product/version specifics are disclosed here. Monitor for official advisories or patches.

CVE-2024-53110

CVE-2024-53110 (Linux kernel) : The IBM security bulletin confirms a fix for vp_vdpa where an id_table lacked a null terminator, risking visitation of undefined memory. The patch allocates one extra virtio_device_id as a null terminator to prevent vdpa_mgmtdev_get_classes() from iterating into in...

CVE-2024-56759

CVE-2024-56759 concerns the Linux kernel: when Btrfs COWs a tree block with tracing enabled (trace_btrfs_cow_block) and preemption is on, a use-after-free can occur on the COWed extent buffer. The root cause is that tracepoint handling could observe a buffer after it is freed via RCUs, if preempt...

CVE-2025-21694

CVE-2025-21694 : Linux kernel vulnerability in fs/proc/__read_vmcore (kdump path). Root cause: second loop in __read_vmcore could still hit softlockups; fix adds cond_resched() to yield in that loop. Impact: softlockups may interfere with RCU memory freeing and cause crashdump stalls in memory-co...

CVE-2015-5307

CVE-2015-5307 affects the Linux kernel KVM subsystem (through 4.2.6) and Xen (4.3.x–4.6.x). An attacker who has local access in a guest can trigger many #AC exceptions (Alignment Check), potentially causing a host panic/hang. Root cause involves svm.c/vmx.c handling of alignment-related events. P...

CVE-2016-10044

CVE-2016-10044 is supported by connected advisories: the Linux kernel up to version 4.7.7 contains a vulnerability in the aio_mount path. Specifically, the aio_mount function in fs/aio.c did not properly restrict execute access, enabling local users to bypass SELinux W^X policy and gain privilege...

CVE-2016-9604

CVE-2016-9604 affects the Linux kernel prior to 4.11-rc8. A local attacker who can join the kernel session keyring can access internal keyrings (e.g., .dns_resolver, .builtin_trusted_keys) and bypass module signature verification by adding a self-generated public key to the keyring, enabling loca...

CVE-2017-6264

CVE-2017-6264 is an elevation-of-privilege vulnerability in the NVIDIA GPU driver used on Android, specifically within the gm20b_clk_throt_set_cdev_state path. An out-of-bounds memory read can be used as a function pointer, potentially allowing a local attacker to execute arbitrary code in kernel...

CVE-2021-47449

CVE-2021-47449 relates to the Linux kernel ice driver locking around the Tx timestamp tracker flush. The issue arises because a lock around the Tx timestamp tracker flow was introduced, and that lock is held during a call to ice_clear_phy_tstamp, which itself sends a PHY write command to firmware...

CVE-2022-2978

CVE-2022-2978 – NILFS use-after-free in Linux kernel : A local attacker could trigger a use-after-free in nilfs_mdt_destroy via security_inode_alloc, potentially crashing the system or enabling privilege escalation. This vulnerability is tied to the NILFS filesystem in the Linux kernel. The conne...

CVE-2022-3635

CVE-2022-3635 affects the Linux Kernel. The vulnerability is in the function tst_timer of drivers/atm/idt77252.c (IPsec component). It enables a use-after-free condition. A patch is recommended to fix the issue. The provided documents confirm the root cause and the vulnerable file/function, and d...

CVE-2022-47520

The CVE-2022-47520 entry concerns Linux kernel before 6.0.11. It stems from missing offset validation in drivers/net/wireless/microchip/wilc1000/hif.c of the WILC1000 wireless driver, allowing an out-of-bounds read while parsing an RSN information element from a Netlink packet. Impact is high for...

CVE-2022-49541

The CVE-2022-49541 issue is a Linux kernel CIFS vulnerability: a potential double free during a failed mount. It is classed as HIGH severity (LOCAL access, LOW attack complexity) with impact to confidentiality, integrity, and availability as per the CVSS metrics. Connected advisories (SUSE/RHEL-r...

CVE-2023-28866

The CVE-2023-28866 issue affects the Linux kernel up to 6.2.8, specifically net/bluetooth/hci_sync.c, where amp_init1[] and amp_init2[] were intended to include an invalid element but do not, enabling out-of-bounds access. The documented CVSS shows Network access with low attack complexity and no...

CVE-2023-51043

CVE-2023-51043 affects the Linux kernel prior to 6.4.5. The issue is a use-after-free in drivers/gpu/drm/drm_atomic.c caused by a race between a nonblocking atomic commit and a driver unload. The vulnerability results in a potentially exploitable crash if a race occurs during unload while a nonbl...

CVE-2024-26801

CVE-2024-26801 is a Linux kernel vulnerability in the Bluetooth stack. The root cause is a potential use-after-free of hci_dev when handling HCI_EV_HARDWARE_ERROR if the BT controller is unresponsive, triggered by the GPIO reset path freeing the device. The fix is to hold a reference to the hci_d...

CVE-2024-35840

The CVE-2024-35840 issue affects the Linux kernel MPTCP path. In subflow_finish_connect(), four fields (backup, join_id, thmac, none) may contain garbage unless OPTION_MPTCP_MPJ_SYNACK is set in mptcp_parse_option(), which is the root cause. The fix enables OPTION_MPTCP_MPJ_SYNACK in mptcp_parse_...

CVE-2024-35958

The connected Astra Linux bulletin reiterates CVE-2024-35958: a Linux kernel issue in ENA TX queue descriptor handling was fixed. The root cause was an incorrect free/destruction path in ena_free_tx_bufs(), where TX descriptors for XDP_REDIRECT/XDP_TX queues could be freed improperly after a VF r...

CVE-2024-36927

The CVE-2024-36927 issue is in the Linux kernel IPv4 path: uninit-value access in __ip_make_skb() due to a race with HDRINCL. The fix checks FLOWI_FLAG_KNOWN_NH on fl4->flowi4_flags instead of socket HDRINCL, and explicitly initializes fl4_icmp_type and fl4_icmp_code in raw_sendmsg() (the fiel...

CVE-2024-40945

CVE-2024-40945 : In the Linux kernel, iommu_sva_bind_device() should return a SVA bond handle or an ERR_PTR on error. Some drivers (idxd/uacce) previously only checked for IS_ERR(), which could lead to a NULL pointer dereference if NULL was returned in error paths. The public advisories indicate ...

CVE-2024-41038

CVE-2024-41038 affects the Linux kernel firmware for cs_dsp. The vulnerability is a buffer overrun risk when processing V2 algorithm headers due to the wmfw V2 format introducing variable-length strings in the header; the header length and field positions vary with string lengths. The issue is mi...

CVE-2024-41077

Concretely, CVE-2024-41077 affects the Linux kernel null_blk path. The issue arises from an insufficient validation of the block size: the size must be between 512 and PAGE_SIZE and must be a power of two. The faulty check allowed an invalid bs (e.g., 1536) to be accepted, which could cause a nul...

CVE-2024-42077

CVE-2024-42077 - OCFS2 DIO credit handling in Linux kernel : The vulnerability arises when ocfs2_dio_end_io_write() underestimates required transaction credits during large or multi-extents I/O, risking exhaustion of transaction credits and triggering a kernel panic via OCFS2 abort logic. The roo...

CVE-2024-42237

CVE-2024-42237 - Linux kernel cs_dsp payload length validation Affects: Linux kernel firmware cs_dsp loading paths (cs_dsp_load and cs_dsp_coeff_load).Cause: The block payload length could be used before validating the length, potentially enabling out-of-bounds processing.Fix: Move and perform th...

CVE-2024-42271

CVE-2024-42271 affects the Linux kernel’s IUCV subsystem. The issue is a use-after-free in iucv_sock_close() and iucv_sever_path() caused by a race on severing the path, with iucv_path_sever being called from both process and bh contexts. Without atomic compare-and-swap, a window may exist where ...

CVE-2024-43866

The CVE-2024-43866 issue is in the Linux kernel mlx5 driver: in shutdown, health work must be drained to avoid races/NULL pointer dereferences. The fix changes the shutdown callback to drain the health work queue (drain health WQ) to ensure no health work is left running during device shutdown. I...

CVE-2024-44934

CVE-2024-44934 — Linux kernel net: bridge: mcast: wait for previous gc cycles when removing port . Syzkaller triggered a use-after-free during port removal because old multicast garbage collection cycles may still be running when a port is freed. The fix is to ensure all prior garbage-collection ...

CVE-2024-44944

CVE-2024-44944: In the Linux kernel netfilter ctnetlink delete-expectation path, the code fails to call nf_expect_get_id() to compute the expectation ID, causing the least-significant-bit of the expectation object address to be leaked to userspace. This is fixed by introducing a call to nf_expect...

CVE-2024-44946

CVE-2024-44946 affects the Linux kernel kcm subsystem (kcm_sendmsg). The issue was a use-after-free/race: while MSG_MORE skb construction was in progress, another thread could touch it, leading to a double-free in kcm_release() when the skb remained in the write queue. The fix serialises kcm_send...

CVE-2024-53224

CVE-2024-53224 affects the Linux kernel RDMA mlx5_ib path. The issue stems from a race between device deregistration and pkey change work, fixed by moving the events notifier registration to occur after device registration and by adjusting the stage for pkey change work initialization/cleanup so ...

CVE-2025-21865

CVE-2025-21865 : In the Linux kernel, a list corruption scenario in gtp_net_exit_batch_rtnl() could trigger double dellink() on the same device when netns cleanup traverses multiple namespaces. The root cause is a for_each_netdev() loop that conflicts with existing netns destruction, enabling a p...

CVE-2025-39728

The CVE-2025-39728 issue is in the Linux kernel clock framework for Samsung clocks. With UBSAN_ARRAY_BOUNDS=y, code dereferences ctx->clk_data.hws before setting ctx->clk_data.num, causing an UBSAN array bounds panic. The fix moves the assignment of nr_clks (ctx->clk_data.num) before der...

CVE-2015-3331

CVE-2015-3331 affects the Linux kernel up to 3.19.2, where __driver_rfc4106_decrypt in arch/x86/crypto/aesni-intel_glue.c mishandles memory locations for encrypted data, enabling a context-dependent attacker to trigger a buffer overflow via a crypto API call (e.g., with a libkcapi test program us...

CVE-2016-2184

CVE-2016-2184 affects the Linux kernel snd-usb-audio driver (pre-4.5.1). The vulnerability stems from create_fixed_stream_quirk in sound/usb/quirks.c, which allows a physically proximate attacker to trigger a denial of service via a crafted endpoints value in a USB device descriptor. Consequences...

CVE-2017-1000370

CVE-2017-1000370 affects the Linux kernel (4.11.5 and earlier) on i386. The offset2lib patch vulnerability lets a PIE binary be execve’d with an enormous 1 GB argument/environment list, causing the stack to occupy 0x80000000 and the PIE binary to be mapped above 0x40000000, bypassing the patch’s ...

CVE-2017-14340

CVE-2017-14340 affects the Linux kernel prior to 4.13.2. The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h does not verify that a filesystem has a realtime device, enabling a local user to trigger a NULL pointer dereference and OOPS when setting the RHINHERIT flag on a directory. The issue re...

CVE-2021-32606

CVE-2021-32606 affects the Linux kernel 5.11–5.12.2, where isotp_setsockopt in net/can/isotp.c permits local privilege escalation to root via a use-after-free. Exploitation details are not provided in the documents; impact is limited to environments with the affected kernel. Ongoing references in...

CVE-2021-4023

CVE-2021-4023 affects the Linux kernel io-workqueue, with pre-5.15-rc1 kernels able to panic if an improper cancellation triggers new io-uring submissions during memory shortage. The flaw enables a local user with io-uring permissions to crash the system. Connected sources indicate patches/versio...

CVE-2022-45888

CVE-2022-45888 affects the Linux kernel up to 6.0.9, specifically the xillybus/xillyusb.c driver, where a race condition and use-after-free can occur during physical removal of a USB device. Connected advisories confirm fixes in later kernel releases (e.g., Debian 6.1.x: 6.1.119-1~deb11u1; SUSE a...

CVE-2022-49753

CVE-2022-49753: In the Linux kernel, dmaengine_dma_chan_get() had a double increment of channel client_count for public channels, causing resources to be freed late or not at all. The issue manifested as a refcount underflow/use-after-free in kernel logs and was observed during repeated module lo...

CVE-2023-3106

CVE-2023-3106 is reported in Unity Linux advisories as a NULL pointer dereference in netlink_dump. The issue occurs when a Netlink socket receives a message (sendmsg) for XFRM_MSG_GETSA or XFRM_MSG_GETPOLICY with the DUMP flag set, potentially causing a denial of service. The description notes pr...

CVE-2023-52501

The connected MiracleLinux advisory confirms CVE-2023-52501 affects the Linux kernel ring-buffer code. The issue occurs when iterating a live ring buffer: if the last event sits at the end of a page with only 4 bytes left, the event length check can misread the length (first 4 bytes, or the lengt...

CVE-2023-52803

The CVE-2023-52803 entry corresponds to a Linux kernel vulnerability: SUNRPC RPC client dereferenced freed pipefs dentries due to a mismatch of the current and original pipefs superblock during cleanup, potentially freeing dentries of the previously released pipefs. The issue occurs when a pipefs...

CVE-2023-7042

CVE-2023-7042 affects the Linux kernel in the ath10k wireless driver: a null pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() can lead to a denial of service. Connected advisories confirm the issue is mitigated by updating to patched kernels (examples: Debian security notices list...