13804 matches found
CVE-2024-26712
CVE-2024-26712 is a Linux kernel flaw where page alignment in kasan_init_region could make an address (va) invalid during initial page block setup, enabling memory overwrites when k_start is not page-aligned. The issue stems from k_cur being computed before memblock_alloc and using block + k_cur ...
CVE-2024-26899
CVE-2024-26899 — Linux kernel deadlock fix details : Affected component is the block layer in the Linux kernel. The issue arises when bd_link_disk_holder() uses the global open_mutex to guard the creation of a symlink between a holding disk and a slave bdev during driver initialization/modificati...
CVE-2024-35805
CVE-2024-35805 affects the Linux kernel in the dm snapshot code path. The issue was a lockup when exiting a snapshot with many exceptions, resolved by adding a cond_resched in the loop that frees the exceptions in dm_exception_table_exit. The root cause is a lockup during exit of large dm-snapsho...
CVE-2024-35861
CVE-2024-35861: Linux kernel CIFS client vulnerability fixed by skipping sessions that are tearing down (status SES_EXITING) to avoid a use-after-free in cifs_signal_cifsd_for_reconnect(). The root cause was a potential UAF when reconnecting CIFS sessions. The patch prevents dereferencing freed o...
CVE-2024-35862
CVE-2024-35862 (Linux kernel SMB client) : The issue is a use-after-free (UAF) in smb2_is_network_name_deleted() when a session is tearing down. The fix, as described in connected advisories, is to skip sessions that are in the process of tearing down (status == SES_EXITING) to prevent UAF. This ...
CVE-2024-38618
CVE-2024-38618 affects the Linux kernel: ALSA timer start tick time had no lower bound, enabling very small values (e.g., 1 tick at 1ns) that could trigger an unexpected RCU stall by repeatedly queuing expire updates. The connected docs describe the fix as a patch adding a sanity check for the ti...
CVE-2024-39487
CVE-2024-39487 affects the Linux kernel bonding code, specifically the option handling in bond_option_arp_ip_targets_set. The root cause is an out-of-bounds read when newval->string is empty, causing a read of the byte after the string during in4_pton/strlen flow. The report shows a KASAN slab...
CVE-2024-41056
CVE-2024-41056 is a Linux kernel vulnerability in the firmware cs_dsp code. The issue was a potential overrun when parsing V1 wmfw file name fields stored as fixed-size, NUL-terminated strings. The fix replaces strlen() with strnlen() for the algorithm and coefficient name strings to guard agains...
CVE-2024-41060
CVE-2024-41060 (Linux kernel, DRM/Radeon) has a concrete patch: the code now checks bo_va->bo for NULL before dereferencing, preventing a NULL dereference when radeon_vm_clear_freed can clear bo_va->bo. The vulnerability arises from dereferencing bo_va->bo after a potential clear, enabli...
CVE-2024-42322
CVE-2024-42322 (Linux kernel) : A vulnerability in the IPVS path (net/netfilter/ipvs/ip_vs_ctl.c) arises from dereferencing a pointer named “pe” in ip_vs_add_service. The fix uses the pointer directly (use pe directly) to resolve a sparse-warnings issue and prevent a potential dereference issue. ...
CVE-2024-46857
CVE-2024-46857 is a Linux kernel vulnerability in net/mlx5 where bridge mode attribute operations crash when numvfs=0 (NULL pointer dereference in mlx5_add_flow_rules). Affected: Linux kernel with mlx5_core/eswitch code. Root cause: bridge mode operations attempted while no VFs exist trigger a NU...
CVE-2024-47737
CVE-2024-47737 is a Linux kernel vulnerability in NFSD where, when xdr_reserve_space returns NULL due to insufficient buffer, a missing cache_put after a successful cache_get can occur if idmap_lookup triggers lookup_fn. This can create a mismatch in the nfsd cache handling. The CVE has a CVSSv3....
CVE-2024-49882
CVE-2024-49882 : In the Linux kernel’s ext4 code, a double free/UAF issue was fixed in ext4_ext_try_to_merge_up() where path[1].p_bh could be freed twice if not NULL after release. The problem manifested as a warning “brelse a buffer twice” during writeback when ext4 extents were merged and buffe...
CVE-2024-50084
Technical details for CVE-2024-50084 are not provided in the connected documents. Monitor for updates; no product/version/impact specifics are disclosed in the supplied materials.
CVE-2024-50135
CVE-2024-50135 pertains to the Linux kernel nvme-pci driver. A race between reset and nvme_dev_disable() could corrupt dev->online_queues, causing invalid values to be passed to blk_mq_update_nr_hw_queues(). The Linux kernel advisory states the fix is to lock the shutdown_lock mutex before usi...
CVE-2024-50195
The CVE-2024-50195 entry is supported by connected documents showing a Linux kernel fix for posix-clock: missing timespec64 range check in pc_clock_settime(). The root cause was that timespec64_valid() only validates the structure, not the value range, so pc_clock_settime() now performs a strict ...
CVE-2024-50199
CVE-2024-50199 (Linux kernel): The issue is in mm/swapfile handling where HugeTLB pages could be leaked after swapoff due to pud_none_or_clear_bad path, causing a bad pud error. The described fix is to skip HugeTLB pages for unuse_vma, preventing leakage when swapping. Affected areas are the swap...
CVE-2024-50237
CVE-2024-50237 is a Linux kernel vulnerability in wifi/mac80211: get_txpower path where a stopped virtual interface (vif) could be passed to the driver, risking a crash from uninitialized private data. The issue has been fixed in the kernel; Astra Linux advisories cite the same fix across affecte...
CVE-2024-50262
CVE-2024-50262 – Linux kernel trie_get_next_key() out-of-bounds write Root cause: trie_get_next_key() allocates a node stack with size trie->max_prefixlen but writes trie->max_prefixlen+1 nodes when the path is full, leading to an out-of-bounds write. This can occur for tries with max_prefi...
CVE-2024-53166
The CVE-2024-53166 entry concerns a Linux kernel bfq UAF in block/bfq. Root cause: bfq_limit_depth() dereferences bfqq loaded from bic without holding bfqd->lock, enabling a use-after-free when io_context is shared by multiple tasks (e.g., io_uring). Astra Linux security bulletin confirms a fi...
CVE-2024-57979
The CVE-2024-57979 entry is supported by connected documents detailing a Linux kernel use-after-free in pps during device teardown. The root cause is described as pps_device_destruct() freeing the pps_device immediately after cdev_del(), while fops from previously opened cdevs may still be callab...
CVE-2025-22004
The CVE-2025-22004 issue is in the Linux kernel’s ATM driver (net: atm) where the skb is freed during lec_send(), risking use-after-free. The fix saves the skb length before calling the send() operation to prevent freeing the length-dependent data, and is reflected in kernel security advisories r...
CVE-2014-8133
CVE-2014-8133 affects the Linux kernel TLS implementation (arch/x86/kernel/tls.c) up to version 3.18.1. A local attacker can exploit a crafted application that uses set_thread_area and subsequently reads a 16‑bit value to bypass the espfix protection and, in turn, bypass ASLR. The description con...
CVE-2017-12188
CVE-2017-12188 affects arch/x86/kvm/mmu.c in the Linux kernel up to 4.13.5 where nested virtualization can mis-traverse guest page tables, enabling L1 guests to run arbitrary host code or trigger host denial of service. Connected advisories ( MiracleLinux AXSA-2018-2625, Unity Linux UTSA advisori...
CVE-2019-14763
CVE-2019-14763 affects the Linux kernel prior to 4.16.4, where a double-locking error in drivers/usb/dwc3/gadget.c may deadlock with f_hid. Exploitation context from connected Nessus advisories links CVE-2019-14763 to kernel fixes (4.16.4) and security advisories (e.g., USN/EulerOS entries). The ...
CVE-2019-18885
CVE-2019-18885 affects the Linux kernel (fs/btrfs/volumes.c) with a NULL pointer dereference in btrfs_verify_dev_extents when processing a crafted btrfs image. Root cause: fs_devices->devices is mishandled in find_device, enabling NULL dereferences in btrfs_verify_dev_extents. Impact per publi...
CVE-2021-47386
The CVE-2021-47386 issue affects the Linux kernel hwmon driver w83791d. The vulnerability stems from a NULL pointer dereference that can occur when a specific readval bit pattern is encountered, potentially leading to a kernel NULL dereference if conditions (val & 0x08), !(val & 0x80), and ((val ...
CVE-2021-47560
The CVE-2021-47560 issue affects the Linux kernel mlxsw: spectrum driver. When processing port up/down events from device firmware, the driver failed to bail out for CPU port 0 (local port 0), which exists but lacks a netdev, risking a NULL pointer dereference on netif_carrier_{on,off}(). The emb...
CVE-2022-29156
The CVE-2022-29156 issue is a Linux kernel vulnerability: a double free in drivers/infiniband/ulp/rtrs/rtrs-clt.c (rtrs_clt_dev_release) present in kernels before 5.16.12. This is a local-attackable condition with high impact on confidentiality, integrity, and availability as reflected by CVSS. R...
CVE-2022-49114
The CVE-2022-49114 issue in the Linux kernel concerns a use-after-free in the SCSI/libfc path, specifically fc_exch_abts_resp(). The bug arises because fc_exch_release(ep) reduces the ep’s refcount to zero while ep is still used, leading to use-after-free. The fix is to Return after the fc_exch_r...
CVE-2023-31085
CVE-2023-31085 – Linux kernel 6.2 (drivers/mtd/ubi/cdev.c) shows a divide-by-zero in do_div(sz,mtd-> erasesize) when mtd->erasesize is 0, triggered via ctrl_cdev_ioctl. Connected advisories reference upstream Linux commits and vendor advisories (e.g., Astra Linux and Amazon Linux 2) noting ...
CVE-2023-3111
CVE-2023-3111 is a use-after-free in the Btrfs filesystem driver (fs/btrfs/relocation.c, function prepare_to_relocate). The flaw can be triggered by calling btrfs_ioctl_balance() before btrfs_ioctl_defrag(), leading to potential kernel memory corruption. Public documentation in connected advisori...
CVE-2024-23851
CVE-2024-23851 affects the Linux kernel; the issue is in copy_params() in drivers/md/dm-ioctl.c (up to 6.7.1) where it may allocate more than INT_MAX bytes due to a missing param_kernel->data_size check, leading to a crash. Several connected advisories note a patched kernel is available; apply...
CVE-2024-27057
CVE-2024-27057 affects the Linux kernel ASoC: SOF ipc4-pcm path. The issue arises when suspend occurs with audio active; sof_ipc4_pcm_hw_free() resets pipelines, but if the firmware crashes or the state change via sof_ipc4_set_multi_pipeline_state() fails, kernel/firmware state can become misalig...
CVE-2024-35869
CVE-2024-35869 is a Linux kernel vulnerability in the SMB/CIFS client code path. The issue arises from failing to properly refcount all child objects when traversing DFS referrals, DFS mount failover, or sessions, risking a use-after-free of session-related references. The flaw is tied to maintai...
CVE-2024-35960
The CVE-2024-35960 entry concerns a Linux kernel mlx5 flow rule handling bug. Affected component is net/mlx5 rules in the flow table; the root cause was that add_rule_fg could attach a newly created rule to the tree only when its refcount was 1, while create_flow_handle could reference an existin...
CVE-2024-39291
CVE-2024-39291 (Linux kernel) affects the amdgpu path in gfx_v9_4_3.c. The vulnerable code path is gfx_v9_4_3_init_microcode() and related rlc/mec microcode init, where the ucode_prefix buffer was too small, risking truncation when writing strings like amdgpu/%s_rlc.bin or amdgpu/%s_mec.bin with ...
CVE-2024-40967
CVE-2024-40967 affects the Linux kernel serial: imx subsystem. The root cause is a potential deadlock while waiting for USR2_TXDC in transmitter empty handling. The patch introduces a timeout of at most 1 second; if the timeout occurs, the driver ignores the transmitter state and continues optimi...
CVE-2024-40988
CVE-2024-40988 affects the Linux kernel DRM/Radeon driver. The issue is a UBSAN warning caused by a missing bounds check in kv_dpm.c (sumo_vid_mapping_entry). The patch adds the necessary bounds check, resolving the UBSAN warning. The description indicates the change is a bounds validation fix ra...
CVE-2024-42124
CVE-2024-42124 affects the Linux kernel and fixes a preemption bug in qedf by making qedf_execute_tmf() non-preemptible. The issue was triggered by calling smp_processor_id() from preemptible code in qedf_execute_tmf90, causing a BUG_ON on RT kernels. Affected context is kernel-level SCSI qedf dr...
CVE-2024-44947
CVE-2024-44947 is a Linux kernel information-leak vulnerability in the fuse subsystem. The issue arises from fuse_notify_store() not enabling page zeroing like fuse_do_readpage(), causing beyond-EOF page contents to remain uninitialized and potentially be exposed to userspace via mmap when init-o...
CVE-2024-47692
CVE-2024-47692 : Linux kernel NFS server (nfsd) vulnerability where namelen can be 0 if main.sqlite is corrupted, causing memdup_user() to return ZERO_SIZE_PTR and leading to NULL pointer dereference when accessing name.data in nfs4_client_to_reclaim(). The issue is resolved by adding a namelen v...
CVE-2024-49948
CVE-2024-49948 : In the Linux kernel, the vulnerability stems from insufficient sanity checks in net/core qdisc handling together with virtio_net_hdr_to_skb() parsing. A crafted GSO packet (80 bytes total: 20 IPv4 + 60 TCP + small GSO size) could be misclassified, making skb->len appear larger...
CVE-2024-50008
Technical details about CVE-2024-50008 are not publicly provided in the connected documents. The initial description mentions a Linux kernel fix related to mwifiex, but no concrete affected products/versions/root cause or remediation are given here. Monitor for updates.
CVE-2024-53127
CVE-2024-53127 involves the Linux kernel where the fix was to revert the change that raised max_req_size for IDMAC operations with pages bigger than 4K. Affected behavior includes panics booting kernel/rootfs from SD on Rockchip RK3566 and StarFive JH7100, and swiotlb buffer/full data corruption ...
CVE-2024-53237
CVE-2024-53237 is a Linux kernel vulnerability describing a use-after-free in the Bluetooth device lifecycle, specifically in the function device_for_each_child. The issue was surfaced by KASAN and tied to a scenario where a parent device could be freed while a child device still holds a referenc...
CVE-2025-38001
The CVE-2025-38001 issue is in the Linux kernel HFSC scheduler under net_sched. The vulnerability permits bypassing the patch in hfsc_enqueue (HFSC_RSC path) and allows inserting the same class twice into the eltree, which can lead to a UAF when HFSC is used with NETEM and may cause an infinite l...
CVE-2014-9322
CVE-2014-9322 affects the Linux kernel pre-3.17.5 where arch/x86/kernel/entry_64.S mishandles faults on the Stack Segment (SS) during IRET, allowing a local user to escalate privileges by accessing a GS Base address from the wrong space. Public PoC/exploitation (BadIRET) exists, illustrating loca...
CVE-2015-5156
CVE-2015-5156 affects the Linux kernel’s virtio-net implementation. The vulnerability arises in virtnet_probe (drivers/net/virtio_net.c) where a FRAGLIST feature is supported without proper memory allocation, enabling a remote attacker on the local network to trigger a buffer overflow/memory corr...
CVE-2016-10741
CVE-2016-10741 – Linux kernel local DoS (xfs_aops race) Affected: Linux kernel before 4.9.3. Issue: a race between direct I/O and memory-mapped I/O (hole handling) in fs/xfs/xfs_aops.c is incorrectly handled with BUG_ON, leading to a system crash under local access. Impact: denial of service via ...