CVE-2016-10741

CVE-2016-10741 – Linux kernel local DoS (xfs_aops race) Affected: Linux kernel before 4.9.3. Issue: a race between direct I/O and memory-mapped I/O (hole handling) in fs/xfs/xfs_aops.c is incorrectly handled with BUG_ON, leading to a system crash under local access. Impact: denial of service via ...

CVE-2016-2847

CVE-2016-2847 affects the Linux kernel, where fs/pipe.c does not cap unread data in pipes, enabling local users to cause memory exhaustion and a denial of service. The description and connected sources confirm the vulnerability lies in the per-user pipe data handling and that the risk is local Do...

CVE-2016-9806

CVE-2016-9806 describes a race condition in the Linux kernel netlink_dump function (net/netlink/af_netlink.c) that can be triggered by local users via craftedsendmsg calls, leading to a double-free and potentially other impacts. Public advisories from MiracleLinux, Unity Linux, and Oracle Linux d...

CVE-2018-14617

CVE-2018-14617 affects the Linux kernel up to 4.17.10. A NULL pointer dereference and panic occur in hfsplus_lookup() when opening a file in an HFS+ filesystem with malformed catalog data mounted read-only without a metadata directory, potentially causing a kernel panic. Connected Nessus entry co...

CVE-2018-18386

The CVE-2018-18386 issue affects the Linux kernel up to version 4.14.10, in drivers/tty/n_tty.c, where an EXTPROC vs ICANON confusion in TIOCINQ allows local attackers with access to pseudo terminals to hang or block further use of any PTY. The root cause is a terminal/TTY handling inconsistency,...

CVE-2020-28097

CVE-2020-28097 affects the Linux kernel’s vgacon subsystem; versions before 5.8.10 mishandle software scrollback, causing a vgacon_scrolldelta out-of-bounds read . This is a local issue that can read kernel memory via the vgacon pathway. The public references note the fix in kernel release 5.8.10...

CVE-2023-47233

CVE-2023-47233: Linux kernel brcm80211/brcmfmac use-after-free in brcmf_cfg80211_detach during USB hotplug unplug. Root cause: escan_timeout_worker accesses cfg after brcmf_cfg80211_detach frees it. Fix: cancel the escan timeout timer and cancel the worker in brcmf_cfg80211_detach before freeing ...

CVE-2023-52513

The CVE-2023-52513 entry maps to a Linux kernel RDMA/siw issue where a NULL listener dereference in siw_cm_work_handler() could crash when an immediate MPA request failed. The fix unlinks the listening endpoint, cancels the useless MPA timeout, and suppresses scheduling a TCP socket read in sk_da...

CVE-2023-52643

CVE-2023-52643: Linux kernel iio subsystem memleak in iio_device_register_sysfs_group on failure to free iio_dev_opaque->chan_attr_group.attrs. The MiracleLinux AXSA advisory confirms the patch and remediation via updated kernel, with no exploitation details provided. Upgrade to a kernel versi...

CVE-2023-52730

CVE-2023-52730 concerns the Linux kernel mmc_sdio subsystem. The issue arises when sdio_add_func() or sdio_init_func() fail: resources may not be released because the sdio function isn’t present to trigger of_node_put() or put_device(). The patch changes logic so that sdio_func_present() only gat...

CVE-2024-27056

CVE-2024-27056 affects the Linux kernel wifi: iwlwifi mvm. The issue arises on resume: the TX queue for the offloading TID may not have been allocated if no packets were sent on TID 0, causing a crash when the code tries to sync the write pointer. The fix is to ensure the offloading TID queue exi...

CVE-2024-35924

In CVE-2024-35924, the Linux kernel fixes a UCSI (usb: typec) read-size overflow for legacy UCSI v1.2. The change truncates read size using the UCSI version to prevent overflowing MESSAGE_IN (size increased from 16 to 256 bytes between v1.2 and v2.0). The fix is described in the CVE entry and ups...

CVE-2024-38632

CVE-2024-38632 : Linux kernel vulnerability in vfio/pci memory leak when vfio_irq_ctx_alloc() fails could leak the 'name' memory during vfio_intx_enable(). The issue is resolved in kernel updates per Unity Linux UTSA-2026-005048 (OS kernel patch block). Affected: vfio/pci in the Linux kernel; Roo...

CVE-2024-40911

CVE-2024-40911 affects the Linux kernel WiFi stack: linux wifi cfg80211_get_station may dereference a NULL pointer if the wiphy is not locked, leading to an Unable to handle kernel NULL pointer dereference. The fix locks the wiphy before rdev_get_station() (see ieee80211_get_station lockdep asser...

CVE-2024-40958

CVE-2024-40958 relates to the Linux kernel: get_net_ns() may perform a refcount increment on a net namespace with zero refcount, triggering a use-after-free warning and potential kernel panic. The root cause is an addition on 0 refcount via get_net_ns(), surfaced during operations like netns swit...

CVE-2024-40995

CVE-2024-40995 affects the Linux kernel net/sched: act_api where repeated adds of actions with the same index could hang by causing an infinite loop in tcf_idr_check_alloc. The fix returns -EAGAIN to prevent the loop while preserving documented behavior. Syzbot reported tasks blocked waiting on r...

CVE-2024-41066

CVE-2024-41066: In the Linux kernel, ibmvnic transmit path could leak an skb if free_map and tx_buff arrays became out of sync. The patch adds a conditional to verify that the skb address is NULL before proceeding; if not, it warns the user and frees the old pointer to prevent memory leaks and TC...

CVE-2024-41093

CVE-2024-41093 – Linux kernel drm/amdgpu null framebuffer object fix : The vulnerability arises in the kernel’s DRM/amdgpu path where code could dereference a null framebuffer object when accessing state->fb->obj[0]. The patch changes the access to obtain the framebuffer object via drm_gem_...

CVE-2024-43842

CVE-2024-43842 : In the Linux kernel wifi driver rtw89, a bounds check bug in rtw89_sta_info_get_iter() occurs when comparing status->he_gi to the array size, but rate->he_gi is used as the index. This copy-paste mistake can lead to out-of-bounds access if rate->he_gi != status->he_gi...

CVE-2024-49894

CVE-2024-49894 : Linux kernel DRM/AMD display degamma translation had an index-out-of-bounds in cm_helper_translate_curve_to_degamma_hw_format when i exceeded TRANSFER_FUNC_POINTS. A bounds check was added to ensure i stays within transfer function points; otherwise the function returns an error....

CVE-2024-50036

CVE-2024-50036 is a Linux kernel vulnerability where dst_entries_add() uses per-CPU data that can be freed during netns dismantle, making dst_entries_destroy() race with dst_release() and potentially causing a use-after-free. The issue arises because the count of dsts must be decremented earlier,...

CVE-2024-50046

CVE-2024-50046: In the Linux kernel, a NULL-pointer dereference could occur in NFSv4 when copying files saved in the mountpoint (nfs42_complete_copies()), leading to an SMP kernel crash during state recovery for an open NFS file. The issue manifests as kernel oops and related logs and is resolved...

CVE-2025-21673

CVE-2025-21673 affects the Linux kernel CIFS/SMB client logic. The flaw is a double free of TCP_Server_Info::hostname during server shutdown in cifs_put_tcp_session(), where cifsd threads reconnect to multiple DFS targets and may still hold server->hostname, risking use-after-free or kernel in...

CVE-2025-21964

CVE-2025-21964 affects the Linux kernel CIFS mount option acregmax. The issue arises when user-provided acregmax (u32) is not yet validated; its value is converted from seconds to jiffies, which can overflow an integer. This is a local vulnerability in which an attacker with local access could po...

CVE-2016-2069

CVE-2016-2069 describes a race condition in arch/x86/mm/tlb.c of the Linux kernel that could allow local privilege escalation by a process triggering access to a paging structure on another CPU. The connected Nessus advisories confirm affected Linux kernel lines and reference Kernel versions befo...

CVE-2018-11506

CVE-2018-11506 affects the Linux kernel’s sr_do_ioctl (drivers/scsi/sr_ioctl.c) through version 4.16.12. The issue arises because sense buffers at the CDROM layer and SCSI layer use different sizes, enabling a local attacker to trigger a stack-based buffer overflow via CDROMREADMODE2 ioctl, poten...

CVE-2018-6555

CVE-2018-6555 is a Linux kernel local use-after-free via the irda_setsockopt path in irda/af_irda.c (and later in staging/irda), potentially causing memory corruption, denial of service, or a system crash. Affected trees reference IRDA socket usage as the attack vector. The vulnerability is addre...

CVE-2018-8043

CVE-2018-8043 : The Linux kernel’s unimac_mdio_probe (drivers/net/phy/mdio-bcm-unimac.c) fails to validate certain resource states, enabling a local attacker to trigger a NULL pointer dereference and cause a denial of service. The issue affects kernel versions up to 4.15.8. Connected advisories (...

CVE-2021-47497

The CVE-2021-47497 entry details a Linux kernel UBSAN issue in nvmem: when a cell’s nbits is a multiple of 8, the code does a shift GENMASK((cell->nbits%BITS_PER_BYTE) - 1, 0) which becomes a shift by 64 (or more) and is undefined. The fix adds a guard to ensure there are bits to mask before p...

CVE-2022-33741

CVE-2022-33741 concerns Linux PV frontend frontends (Block and Network) used by Xen that leak data through memory sharing with the backend. The root cause described across sources is that these frontends do not zero memory regions before sharing them with the backend, and the grant table granular...

CVE-2022-48701

The CVE-2022-48701 issue is in the Linux kernel ALSA usb-audio driver: an out-of-bounds read can occur in __snd_usb_parse_audio_interface() when parsing a USB device (USB ID 0x04fa:0x4201) that has fewer than 4 interfaces. The fix is to validate the interface count before parsing. Public referenc...

CVE-2022-49080

CVE-2022-49080 affects the Linux kernel mempolicy path, where allocating mpol_new and leaking it can occur if a restart loop drops sp->lock before refcnt is initialized. The issue arises in shared_policy_replace when mempolicy is updated on a shared shmem file under concurrent access, potentia...

CVE-2022-49319

CVE-2022-49319 affects the Linux kernel, specifically iommu/arm-smmu-v3. The vulnerability is a NULL pointer dereference that occurs when platform_get_resource() returns NULL, due to a missing return-value check. Affected component/area: ARM SMMU platform resource handling in the IOMMU path. Impa...

CVE-2023-2598

The CVE-2023-2598 issue arises from a flaw in Linux kernel io_uring buffer registration (io_sqe_buffer_register) that can trigger out-of-bounds access to physical memory beyond the end of the buffer, enabling local privilege escalation. Public discussions and PoC-like exploits demonstrate local e...

CVE-2023-4385

CVE-2023-4385 : Linux kernel JFS NULL pointer dereference in dbFree (fs/jfs/jfs_dmap.c) may allow local privilege or system crash due to missing sanity check. Connected entries reference the same issue and point to a fixing commit in the kernel source (commit 0d4837fdb796f99369cf7691d33de1b856bca...

CVE-2023-52635

The CVE-2023-52635 entry concerns a Linux kernel devfreq timer race. Description: frequent governor switches (e.g., simple_ondemand and performance) on a devfreq device may race with timer cancellation and expiration, risking timer_list corruption when cancel_delayed_work_sync() is followed by ex...

CVE-2023-52757

CVE-2023-52757 : Linux kernel SMB client deadlock fix. The issue arose when releasing mids under server->mid_lock could lead to a deadlock with cifs_tcp_ses_lock and smb2_find_smb_tcon if mids were released without proper references. The patch removes an unnecessary spinlock in release_mid() c...

CVE-2024-26670

CVE-2024-26670 : Linux kernel arm64 workaround for speculative unpriv load (Cortex-A520/A510 errata) fix. The patch ensures the TLBI+DSB sequence is executed after all explicit memory accesses and places it immediately before the ERET when pagetable isolation is disabled. It reworks the KPTI/eret...

CVE-2024-26743

Technical details about CVE-2024-26743 are not provided in the supplied documents. Please monitor vendor advisories for affected products, impact, and fixes.

CVE-2024-26779

CVE-2024-26779 : In the Linux kernel, the wifi/mac80211 code had a race condition enabling fast-xmit before the station (STA) is uploaded to the driver. This could cause the driver to process a not-yet-uploaded STA via drv_tx calls, leading to potential crashes due to uninitialized drv_priv data....

CVE-2024-26815

The CVE-2024-26815 entry concerns the Linux kernel taprio qdisc: taprio_parse_tc_entry() fails to validate TCA_TAPRIO_TC_ENTRY_INDEX, allowing negative values to be fed and triggering a UBSAN shift-out-of-bounds in net/sched/sch_taprio.c. The patch fixes the check by ensuring the index is within ...

CVE-2024-26978

The CVE-2024-26978 entry relates to a Linux kernel issue: creating a max14830 I2C device from userspace could trigger a NULL pointer dereference in max310x during I2C instantiation. The fix adds a validity check for the devtype and aborts the probe with a clear error message. Connected advisories...

CVE-2024-35790

CVE-2024-35790 in the Linux kernel : The issue was in the DisplayPort/USB Type-C subsystem where sysfs nodes could be exposed before the driver finished setup, risking NULL pointer dereferences in hpd_show/pin_assignment_show due to dev_get_drvdata() returning NULL. The fix removes manual sysfs n...

CVE-2024-36968

CVE-2024-36968 (Linux kernel) : A Bluetooth L2CAP issue in the kernel could cause div-by-zero and integer overflow due to hdev->le_mtu potentially being out of range. The fix moves MTU validation from hci_dev to hci_conn, halting connection setup when MTU is invalid, and adds validation in rea...

CVE-2024-41044

CVE-2024-41044 : Linux kernel PPP handling vulnerability. The issue arises in ppp_async_encode() which assumes LCP packets have valid body (codes 1–7). An attacker could craft a claim-as-LCP packet that is actually malformed, enabling a local denial-of-service. The fix adds ppp_check_packet() to ...

CVE-2024-43871

CVE-2024-43871 (Linux kernel) is resolved by fixing a memory leakage in the devres path when using driver API devm_free_percpu to free memory allocated by devm_alloc_percpu. The root cause was that devm_free_percpu() called devres_destroy(), which could leak memory; the patch uses devres_release(...

CVE-2024-43889

CVE-2024-43889 affects the Linux kernel: a not easily reproducible divide-by-0 panic in padata_mt_helper() can occur at boot due to ps->chunk_size being 0 when min_chunk is 0. The fix ensures chunk_size is at least 1 regardless of input parameters, preventing the divide-by-zero panic. Connecte...

CVE-2024-49994

CVE-2024-49994 : A Linux kernel vulnerability in the block layer (BLKSECDISCARD) is resolved. The flaw arises from an integer overflow in the discard path, causing a near-infinite loop inside blkdev_issue_secure_erase() when a crafted 64-bit range (e.g., r = {512, 18446744073709551104}) is passed...

CVE-2024-50057

CVE-2024-50057 affects the Linux kernel USB Type-C tipd path. The vulnerability stems from freeing IRQs in polling mode when no IRQ was requested; the fix calls devm_free_irq() only if client->irq is set, preventing the warning observed during tps6598x removal. Public details in the connected ...

CVE-2024-50279

CVE-2024-50279 affects the Linux kernel dm-cache component. The issue is an index/bounds bug in bitset iteration when shrinking the fast device, which caused an out-of-bounds access to the dirty bitset. The vulnerability is triggered during resize operations (as described in the reproduce steps a...