13804 matches found
CVE-2024-53113
CVE-2024-53113 (Linux kernel) : A NULL pointer de-reference can occur in alloc_pages_bulk_noprof when a task is migrated between cpusets with cpuset enabled; ac.preferred_zoneref may become NULL during zonelist traversal, leading to a crash. The fixes introduce a NULL pointer check on preferred_z...
CVE-2024-56647
CVE-2024-56647: In the Linux kernel, icmp host relookup can trigger ip_rt_bug when ARP/link conditions and xfrm are involved. The fix skips icmp relookup for locally generated packets (e.g., ICMP errors) to avoid dst->out being ip_rt_bug on loopback and similar scenarios. Reproduced scenario s...
CVE-2024-56688
CVE-2024-56688 (Linux kernel) : The vulnerability concerns sunrpc transport timeout handling. The fix resolves an issue where, during a transport reset, transport->sock can be set to NULL but xs_tcp_set_socket_timeouts() could still dereference it in xs_tcp_send_request(), potentially leading ...
CVE-2024-57807
CVE-2024-57807 is tied to the Linux kernel's SCSI megaraid_sas driver. The issue is a potential deadlock caused by a circular locking dependency between instance->reset_mutex and shost->scan_mutex, which could occur during lock ordering. The confirmed fix temporarily releases the reset_mute...
CVE-2025-21687
CVE-2025-21687 affects the Linux kernel’s vfio/platform code. The vulnerability arises because this path did not fully validate the combination of read/write syscall bounds with user-supplied count/offset, and only offset was capped to 40 bits. This can allow reading or writing beyond the device’...
CVE-2025-21785
The CVE-2025-21785 issue is in the Linux kernel (arm64) cacheinfo handling. A loop that detects/populates cache information previously did a bounds check on the array size but did not account for cache levels with separate data/instructions caches, allowing an out-of-bounds write to the cacheinfo...
CVE-2014-7970
CVE-2014-7970 is described in connected Lenovo advisories as a Linux kernel vulnerability where pivot_root() could be misused to trigger a local denial of service (mount-tree loop) via dot-path arguments. Lenovo’s advisory for PowerKVM lists affected product: PowerKVM v3.1, and states the issue i...
CVE-2016-0723
CVE-2016-0723 is a Linux kernel race condition in the tty_ioctl handler (drivers/tty/tty_io.c) that can allow a local attacker to obtain memory content or trigger a denial of service by manipulating a TIOCGETD call during a TIOCSETD operation. The initial description states the flaw exists in ker...
CVE-2016-2117
CVE-2016-2117 affects the Atheros L2 ethernet driver (atl2) in the Linux kernel up to version 4.5.2. The root cause is incorrect enablement of scatter/gather I/O, which can allow a remote attacker to read packet data and potentially obtain sensitive kernel memory information. Public documents fro...
CVE-2018-10124
CVE-2018-10124 affects the Linux kernel before 4.13, where the kill_something_info() function in kernel/signal.c may allow a local attacker to cause a denial of service via an INT_MIN argument when using an unspecified architecture and compiler. The vulnerability is a local DoS condition (availab...
CVE-2021-47432
CVE-2021-47432 relates to the Linux kernel. The vulnerability occurs in lib/generic-radix-tree.c: overflow in the peek() path when inode numbers are spread across the 64-bit inode space, triggering corner-case integer overflows in radix-tree usage. The connected Miracl e/MIRACLE_LINUX AXSA adviso...
CVE-2022-24122
CVE-2022-24122 affects the Linux kernel in versions 5.14–5.16.4 when unprivileged user namespaces are enabled. The issue is a use‑after‑free in the ucounts object that can outlive its namespace, enabling a local privilege escalation. The vulnerability is described in kernel/ucount.c and is docume...
CVE-2022-48992
CVE-2022-48992 pertains to the Linux kernel: the ASoC subsystem (soc-pcm) BE reparenting path had a NULL pointer dereference risk exposed during fuzzing. The root cause is a missing NULL check in the dpcm_be_reparent API, which could lead to kernel NULL pointer dereference. The fix adds an explic...
CVE-2022-49925
CVE-2022-49925 : In the Linux kernel, a null-pointer dereference can occur in RDMA/core during ib_core_cleanup due to an unhandled failure of roce_gid_mgmt_init() (gid_cache_wq may be allocated and then freed during cleanup when not allocated). This is reported as a KASAN null-ptr-deref and is tr...
CVE-2023-1670
CVE-2023-1670 is a Linux kernel issue affecting the Xircom 16-bit PCMCIA (PC-card) Ethernet driver, where a use-after-free in the xirc2ps_cs network driver can allow a local attacker to crash the system or potentially escalate privileges. The vulnerability is described in the initial CVE entry as...
CVE-2023-26607
CVE-2023-26607 affects the Linux kernel, with an out-of-bounds read in ntfs_attr_find (fs/ntfs/attrib.c) reported for kernel 6.0.8. The connected documents confirm the issue and align on the impacted component and root cause, but do not provide a vendor/product patch version or explicit remediati...
CVE-2023-52637
CVE-2023-52637 refers to a Linux kernel vulnerability in the j1939 subsystem where a use-after-free (UAF) could occur due to modification of jsk->filters while receiving packets and during setsockopt(SO_J1939_FILTER). The fix adds locking on jsk->sk to prevent UAF and stabilize access to fi...
CVE-2023-52784
CVE-2023-52784 concerns the Linux kernel bonding subsystem. The issue arises when a lapbether device is created on a bonding device with no members, and adding a non-ARPHRD_ETHER member forces the bonding master to change type, potentially leading to misuse of devices. The documented fix is to ca...
CVE-2024-24855
CVE-2024-24855 describes a race condition in the Linux kernel’s SCSI lpfc_unregister_fcf_rescan() function that can cause a NULL pointer dereference, potentially leading to a kernel panic or denial of service. The vulnerability is tied to the kernel’s SCSI device driver (lpfc) and is referenced a...
CVE-2024-26855
CVE-2024-26855 – Linux kernel (net/ice) : The vulnerability is a NULL pointer dereference in ice_bridge_setlink(). If nlmsg_find_attr() returns NULL, br_spec may be dereferenced during nla_for_each_nested(), causing a crash/local impact. The fix adds an explicit check that br_spec is not NULL bef...
CVE-2024-35801
CVE-2024-35801 : Linux kernel x86/fpu vulnerability where per-CPU xfd_state could be out of sync with the MSR_IA32_XFD after CPU hotplug, causing XRSTOR to raise #NM and crash. The fix introduces xfd_set_state() to write xfd_state alongside MSR_IA32_XFD and updates all MSR_IA32_XFD writes to use ...
CVE-2024-35952
CVE-2024-35952 concerns the Linux kernel: a hard-to-reproduce soft-lockup was caused by a loop in ast_dp_set_on_off() that could infinite-loop because VGACRI-Dx scratch registers—actually MCU-controlled by DPMCU in the BMC—are protected by scu-lock. If scu-lock is enabled, DPMCU cannot update the...
CVE-2024-36896
The CVE entry CVE-2024-36896 concerns a Linux kernel USB core fix: usb_hub_to_struct_hub() can return NULL when the hub for a port is concurrently removed, and a dereference occurs before a NULL check. The patch removes an unnecessary dereference and adds a NULL check for hub (hub == NULL) to pre...
CVE-2024-36950
CVE-2024-36950 is a Linux kernel vulnerability resolved in the FireWire OHCI driver. The issue occurred in the interrupt handler when a bus reset interrupt could be unmasked and cause a freeze if the bus reset was not yet serviced. The fix masks bus reset interrupts in the IRQ handler and unmasks...
CVE-2024-36952
CVE-2024-36952 is a Linux kernel issue affecting the SCSI lpfc NPIV transport cleanup. The root cause is a race: when a vport is unregistered before the Remove All DA_ID CT and LOGO ELS are sent, the final DA_ID and LOGO can be skipped, because fc_remove_host() frees the ndlp rport object too ear...
CVE-2024-41039
CVE-2024-41039 (Linux kernel) : The vulnerability is resolved by fixing overflow checks when parsing wmfw headers in firmware handling. The patch splits the length check into three separate verifications for wmfw_header, wmfw_adsp?_sizes, and wmfw_footer, addressing cases where ADSP2 and Halo Cor...
CVE-2024-44987
Summary of CVE-2024-44987 (Linux kernel) : A use-after-free in ip6_send_skb() was reported by syzbot. After ip6_local_out() returns, dereferencing rt could occur without holding rcu_read_lock(), enabling a slab-use-after-free as shown in the kasan trace net/ipv6/ip6_output.c:1964. The issue is mi...
CVE-2024-46819
CVE-2024-46819: In the Linux kernel, the drm/amdgpu path for nbio_v7_4 could dereference an obj when ras_manager.obj is null, causing a warning and potential data leakage through NBIO data. The issue has been resolved in the cited update. The description notes a fix to avoid printing NBIO error d...
CVE-2024-50006
CVE-2024-50006 (Linux kernel): Affects ext4 with an i_data_sem unlock order issue during ext4_ind_migrate() causing a potential deadlock in jbd2_log_wait_commit when EXT4_IOC_MIGRATE is used with O_SYNC. The deadlock occurs if EXT4_IOC_MIGRATE races with write(2) and CONFIG_PROVE_LOCKING is enabl...
CVE-2024-50142
CVE-2024-50142 is a Linux kernel vulnerability where the xfrm selector validation can mishandle SA prefix lengths when sel.family is AF_UNSPEC. The root cause: an SA with AF_UNSPEC and prefixlen_s=128, combined with later assignment of AF_INET, led verify_newsa_info to validate prefix lengths wit...
CVE-2024-50201
CVE-2024-50201 (Linux kernel, drm/radeon) : The IBM bulletin confirms a resolved vulnerability in the Linux kernel where the encoder->possible_clones bitmask could be incorrect for a Radeon encoder. The fix, described as “Include the encoder itself in its possible_clones bitmask,” addresses a ...
CVE-2024-53063
CVE-2024-53063: Linux kernel DVB minor management (dvbdev) allowed potential OOM via a static minor-tracker when CONFIG_DVB_DYNAMIC_MINORS is unset and device/register calls para-mismatch occurred. The patch adds explicit boundary guards in dvb_register_device and dvb_device_open to prevent out-o...
CVE-2024-53097
CVE-2024-53097 affects the Linux kernel mm/krealloc path. Connected sources confirm a patch for mm: krealloc: Fix MTE false alarm in __do_krealloc, addressing a false KASAN/MTE slab-out-of-bounds error triggered when zeroing spare memory in __do_krealloc. Root cause: memory tagging mismatch due t...
CVE-2024-53135
CVE-2024-53135 concerns the Linux kernel KVM and Intel PT virtualization in guest/host mode. The fix hides pt_mode behind CONFIG_BROKEN to disable virtualization of Intel PT unless BROKEN=y, due to numerous bugs that can affect guest stability and host health. The described issues include: for th...
CVE-2024-56615
CVE-2024-56615 affects the Linux kernel and concerns BPF maps (devmap/xskmap) where an index used to access map entries could be a signed int, causing out-of-bounds writes. The fix changes the index type from int to u32 for both map element access and the iterator used during dev_map_free() to pr...
CVE-2024-57843
CVE-2024-57843 : In the Linux kernel, a vulnerability in virtio-net can cause overflow in virtnet_rq_alloc when a fragment spans a page and the total buffer size plus virtnet_rq_dma exceeds one page. This can lead to reliable VM crashes or SCP failures. Root cause: virtnet_rq_dma reserves 16 byte...
CVE-2025-21667
CVE-2025-21667 : Linux kernel vulnerability where on 32-bit builds iomap_write_delalloc_scan() used a 32-bit position due to folio_next_index() returning an unsigned long, truncating 64-bit offsets and potentially causing an infinite loop during writes to XFS. Connected documents confirm the root...
CVE-2025-21920
CVE-2025-21920 (Linux kernel VLAN subtype): The issue occurs when creating VLAN devices on non-Ethernet underlying devices, which can trigger an out-of-bounds read by dev_mc_add due to __dev_mc_add using dev->addr_len as the multicast length. The underlying cause is not enforcing the underlyin...
CVE-2014-8171
CVE-2014-8171 affects the Linux kernel memcg (memory resource controller). The description shows that a local user can spawn new processes within a memory-constrained cgroup, and this handling of OOM could lead to a deadlock, yielding a local denial of service. The incident is tied to the memcg O...
CVE-2015-2922
CVE-2015-2922 is a Linux kernel IPv6 Neighbor Discovery flaw in the ndisc_router_discovery path that lets a crafted Router Advertisement with a small hop_limit reconfigure the hop-limit on the receiving interface. It affects the IPv6 stack prior to kernel 3.19.6; the impact is loss of connectivit...
CVE-2016-3156
CVE-2016-3156 affects the Linux kernel IPv4 implementation. A use-after-free in the destruction of inet device objects can be exploited by a local attacker (guest OS user) to cause a host networking outage by exhausting rtnl_lock with a large number of IP addresses. Impact is a denial of service ...
CVE-2016-8645
CVE-2016-8645 : Linux kernel TCP stack mishandles skb truncation, enabling a local attacker to crash the system (DoS) via crafted sendto calls. Affected: kernels prior to 4.8.10. Remediation: upgrade to the fixed kernel (e.g., 4.8.10+; see changelogs/OS advisories).
CVE-2019-19079
CVE-2019-19079: A memory leak in the qrtr_tun_write_iter() function (net/qrtr/tun.c) of the Linux kernel before 5.3 allows a remote attacker to trigger memory consumption and Denial of Service. The issue is documented in multiple advisories (e.g., Unity Linux UTSA advisories) as affecting kernels...
CVE-2021-28691
Summary (CVE-2021-28691) In the Linux kernel Xen hypervisor integration, xen-netback may suffer a use-after-free when tearing down the backend. The root cause is that the RX task thread can be freed if the frontend triggers a thread stop during backend teardown, leading to a stale pointer being u...
CVE-2021-4093
CVE-2021-4093 : A flaw in the KVM AMD SEV-ES code allows a malicious VM using SEV-ES to trigger out-of-bounds reads/writes in the host kernel via a VMGEXIT with a string I/O instruction (e.g., outs/ins) using exit reason SVM_EXIT_IOIO. This can crash the host or enable a guest-to-host escape. Aff...
CVE-2022-3169
CVE-2022-3169 - Linux kernel NVMe host driver. A denial-of-service condition may occur when NVME_IOCTL_RESET and NVME_IOCTL_SUBSYS_RESET are issued in sequence via the device file, potentially causing a PCIe link disconnect. Affected component is the Linux kernel’s NVMe host/driver pathway; the f...
CVE-2022-49058
CVE-2022-49058 involves a buffer overflow in the Linux kernel CIFS implementation when handling symlinks. The root cause, per the provided description, is that Smatch flags the variable link_len as untrusted (coming from sscanf), which can lead to an out-of-bounds copy into dctx->buf. The fixe...
CVE-2022-49273
CVE-2022-49273: In the Linux kernel rtc/pl031 code, clearing the RTC_FEATURE_ALARM bit was performed before ldata->rtc is allocated, risking a null pointer dereference when there is no interrupt line. The fix is to clear RTC_FEATURE_ALARM after the rtc device is allocated. Public advisories (S...
CVE-2022-49316
CVE-2022-49316 affects the Linux kernel’s NFSv4 layout management. The issue arises when performing layoutget as part of an open() compound: locks for the layoutget are held across multiple RPC calls, which can trigger recalls and deadlock. The connected advisories (EulerOS/Unity/Nessus OSS) conf...
CVE-2023-1990
CVE-2023-1990 describes a use-after-free in ndlc_remove() within Linux kernel’s drivers/nfc/st-nci/ndlc.c, enabling a local attacker to crash the system due to a race condition. The Astra Linux advisory (and Debian advisories with CVE lists) corroborate the same flaw in the Linux kernel. The prov...