CVE-2023-1990

CVE-2023-1990 describes a use-after-free in ndlc_remove() within Linux kernel’s drivers/nfc/st-nci/ndlc.c, enabling a local attacker to crash the system due to a race condition. The Astra Linux advisory (and Debian advisories with CVE lists) corroborate the same flaw in the Linux kernel. The prov...

CVE-2023-52560

CVE-2023-52560 affects the Linux kernel in the damon vaddr test paths (mm/damon/vaddr-test). The issue is a memory leak where damon_region and damon_target allocated by kmem_cache_alloc() and kmalloc() respectively are not freed after damon_destroy_ctx() was removed by a commit, and damon_region ...

CVE-2023-52751

CVE-2023-52751 : In the Linux kernel CIFS (smb2_query_info_compound), a race between open_cached_dir() and cached_dir_lease_break() can trigger a use-after-free in the cache entry for a newly created directory handle. The issue arises as the code drops the last reference to the new cfid while a l...

CVE-2023-52775

CVE-2023-52775 is a Linux kernel vulnerability affecting net/smc where a Decline message could cross or collide in SMC-R, causing data corruption during Redis/SRC testing. A patch doubles the client timeout to 2x the server value to prevent cross‑timeout conflicts; remediation is upgrading to a k...

CVE-2024-26830

Summary (CVE-2024-26830): In the Linux kernel i40e SR-IOV path, when a PF administratively sets a VF MAC and the VF is brought down, the VF’s primary MAC could be removed or zeroed if the VF is untrusted. This is caused by how MAC filters and primary MAC state are handled on VF down. The vulnerab...

CVE-2024-26903

CVE-2024-26903 (Linux kernel) : Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security. Root cause: after RFCOMM/L2CAP disconnect, the code could dereference a released l2cap_conn, leading to a null pointer access when calling hci_conn_security. Impact per CVSS: Medium (5.5) with high ava...

CVE-2024-27431

Technical details (affected products, impact, exploit info, and remediation specifics) are not publicly provided in the supplied documents. Monitor for official updates and vendor advisories for CVE-2024-27431.

CVE-2024-35878

CVE-2024-35878 : The connected documentation provides concrete details—this Linux kernel vulnerability concerns a NULL pointer dereference in vsnprintf() triggered by improper handling of the str/len parameters in of_modalias(). The issue could oops when a NULL pointer is passed unless length is ...

CVE-2024-35927

CVE-2024-35927 affects Linux kernel DRM-related code. The fix adds a guard in drm_kms_helper_poll_disable() to check that output polling is initialized before disabling, and updates drm_mode_config_helper_suspend()/resume() to avoid calling these helpers if polling isn’t initialized. This prevent...

CVE-2024-36899

CVE-2024-36899 affects the Linux kernel gpiolib, specifically the cdev path usedwhen closing a GPIO chip device file. The issue is a use-after-free involving watched_lines: during gpio_chrdev_release(), watched_lines is freed with bitmap_free(), but lineinfo_changed_nb notifier chain unregistrati...

CVE-2024-36930

In CVE-2024-36930, the Linux kernel SPI subsystem spi_sync is affected. When a non-empty SPI queue is used and the same spi_message is reused, the complete callback remains set after context clear, causing a null pointer dereference during spi_finalize_current_message(). The provided connectivity...

CVE-2024-36933

CVE-2024-36933: In the Linux kernel, the nsh_gso_segment() path could mishandle outer headers when NSH encapsulates other protocols, leading to outer header corruption after GSO segmentation. The fix restores the outer header position by computing outer header placement relative to the inner head...

CVE-2024-36941

CVE-2024-36941 is a Linux kernel vulnerability affecting the wifi nl80211 path. The issue is a NULL pointer dereference that could occur if parsing of the coalescing rule fails and the code dereferences NULL when freeing resources. The connected IBM advisory confirms the linux kernel fix for this...

CVE-2024-40984

CVE-2024-40984 is a Linux kernel vulnerability related to ACPICA mapping of operation regions (BARs). The root cause was a NULL pointer dereference when a memory mapping extended across page boundaries and a read/write length attempted to access beyond the mapped region. The fix is a revert of th...

CVE-2024-41063

In CVE-2024-41063, the Linux kernel Bluetooth stack (hci_core) fixes a deadlock when unregistering a device. The root cause involves hci_unregister_dev() racing with hci_error_reset() and hdev->req_workqueue/destroy_workqueue(), where pending work items may still be running during destroy. The...

CVE-2024-42131

CVE-2024-26929 is rejected/not used; this CVE entry is not an active vulnerability.

CVE-2024-46695

CVE-2024-46695 affects the Linux kernel; the root cause is a permissions bypass in the SELinux/Smack ininode_setsecctx hook. The bug allowed a privileged user (root) on an NFS client to change security labels on files on an NFS export with root squash enabled, due to incomplete permission checks ...

CVE-2024-50141

CVE-2024-50141 (Linux kernel) : The issue concerns ACPI PRM handling for EFI runtime services. PRMT previously selected a block of type EFI_CONVENTIONAL_MEMORY, which is incorrect for runtime services per the UEFI spec. The fix makes PRMT locate a block with EFI_MEMORY_RUNTIME for the PRM handler...

CVE-2024-53072

CVE-2024-53072 affects the Linux kernel, specifically the platform/x86/amd/pmc component. The issue arises when STB is requested via amd_pmc enable_stb=1 and S2D_PHYS_ADDR_LOW/HIGH return 0, indicating STB is inaccessible. This causes ioremap warnings in arch/x86/mm/ioremap.c and can lead to kern...

CVE-2025-21665

The CVE-2025-21665 issue is a Linux kernel bug where 64-bit offsets were truncated to 32 bits in folio_seek_hole_data() on 32-bit kernels, potentially causing an infinite loop when writing to XFS. Several connected advisories document the fix across distributions (e.g., Debian, Amazon Linux 2/ALA...

CVE-2025-21959

CVE-2025-21959 affects the Linux kernel netfilter nf_conncount code. The issue arises from not initializing fields cpu and jiffies32 in struct nf_conncount_tuple during insertion (insert_tree()), after prior fixes added cpu/jiffies32 in nf_conncount_add() but count_tree() path remained uninitiali...

CVE-2017-16538

CVE-2017-16538 refers to a vulnerability in the Linux kernel (drivers/media/usb/dvb-usb-v2/lmedm04.c) up to version 4.13.11. A local user can cause a denial of service (general protection fault and system crash) or potentially other impact by plugging a crafted USB device. The root cause is a mis...

CVE-2017-7187

The CVE-2017-7187 issue affects the Linux kernel sg_ioctl in drivers/scsi/sg.c, where a large SG_NEXT_CMD_LEN ioctl can trigger a stack-based buffer overflow, leading to a DoS or potentially other impact via out-of-bounds writes in sg_write. Descriptions across connected sources (CNVD-2017-03858)...

CVE-2019-19076

CVE-2019-19076 concerns a memory leak in the Linux kernel function nfp_abm_u32_knode_replace() in drivers/net/ethernet/netronome/nfp/abm/cls.c, before version 5.3.6. The issue can allow a remote attacker to cause a denial of service via memory consumption. The upstream commit 78beef629fd9 was rev...

CVE-2021-26934

CVE-2021-26934 affects the Linux kernel versions 4.18 through 5.10.16 as used by Xen. The root cause is that the backend allocation (be-alloc) mode of the drm_xen_front drivers was not intended to be a supported configuration, but this was not clearly stated in its support status entry. Public do...

CVE-2021-38202

CVE-2021-38202 affects the Linux kernel before 5.13.4, where fs/nfsd/trace.h can allow remote attackers to trigger a denial-of-service via an out-of-bounds read in strlen when the trace event framework is used for nfsd. The vulnerability is triggered by NFS traffic sent over the network. A fix wa...

CVE-2021-47384

CVE-2021-47384 affects Linux kernel hwmon drivers (notably w83793, and related subcomponents) with a NULL pointer dereference risk when reading a temp value, caused by an unnecessary field and an obsolete lm75[] array. The fix removes the unused lm75[] and adjusts driver subclient detection (devm...

CVE-2022-27950

CVE-2022-27950 : A memory leak exists in Linux kernel drivers/hid/hid-elo.c for a hid_parse error condition, affecting kernels before 5.16.11. Exploitation details are not provided in the documents. A fix is in kernel 5.16.11 (and later). Recommendation: upgrade to a version containing the patch ...

CVE-2022-4128

CVE-2022-4128 is a NULL pointer dereference in the Linux kernel’s MPTCP implementation during subflow traversal at disconnect time. The issue can be triggered by a local user and may crash the host, resulting in a denial-of-service condition. The connected vulnerability listings (including Miracl...

CVE-2022-49323

CVE-2022-49323 affects the Linux kernel IOMMU ARM-SMMU code. The issue is a possible null pointer dereference in arm_smmu_device_probe() when resource retrieval returns NULL, which could occur when using the resource pointer before it is validated. The fix rearranges resource handling by deferrin...

CVE-2022-49636

CVE-2022-49636 affects the Linux kernel VLAN code, specifically a memory leak in vlan_newlink/vlan_changelink paths. The issue arises when a memory allocation fails in vlan_changelink() after prior allocations succeed; memory allocated for egress priority/vlan_dev structures may remain referenced...

CVE-2023-52520

CVE-2023-52520 : Linux kernel platform/x86: think-lmi had a reference leak when a duplicate attribute is found by kset_find_obj(); a reference to the attribute could be leaked if not disposed with kobject_put. The fix moves the setting name validation into a separate function to avoid duplicating...

CVE-2023-52572

CVE-2023-52572 is confirmed in the provided connected documents. The vulnerability is a use-after-free (UAF) in the CIFS/SMB protocol handling inside the Linux kernel, specifically in cifs_demultiplex_thread() and related paths, which can lead to a UAF in smb2_is_network_name_deleted and downstre...

CVE-2023-52599

Summary (CVE-2023-52599) : The Linux kernel JFS path diNewExt had an out-of-bounds UBSAN failure (index -878706688 for struct iagctl[128]) traced to fs/jfs/jfs_imap.c:2360. The issue arises when agno is too large, leading to overflow in agno handling. The fix described in the sources is to valida...

CVE-2023-52679

CVE-2023-52679 is a Linux kernel vulnerability: a double-free in of_parse_phandle_with_args_map was mitigated. The inner loop freed the previous reference via of_node_put(new) and assumed the next value was NULL. The fix ensures that the loop invariant holds by resetting the temporary to NULL aft...

CVE-2024-26661

Public technical details for CVE-2024-26661 are not provided in the connected documents; monitor for updates from vendors/advisories.

CVE-2024-26672

CVE-2024-26672 affects the Linux kernel AMDGPU driver: amdgpu_mca_smu_get_mca_entry() dereferences mca_funcs before a NULL check, leading to potential NULL-pointer dereference in UE/CE error handling paths. The issue is evidenced by code paths where mca_funcs is used to read max_ue_count/max_ce_c...

CVE-2024-26698

Linux kernel hv_netvsc is affected by a race between netvsc_probe and netvsc_remove. The root cause is napi_disable being invoked on non-enabled subchannels, causing hung behavior during device removal due to an infinite msleep in napi_disable. The fix (commit ac5047671758) disables NAPI before c...

CVE-2024-26740

CVE-2024-26740: In the Linux kernel, the net/sched act_mirred fix uses the Rx backlog for egress→ingress reversals to prevent socket lock deadlocks on certain redirect scenarios. The upstream patch ca22da2fbd69 implements this backlog-based handling; Nessus advisory AXSA references this CVE with ...

CVE-2024-26919

CVE-2024-26919 : In the Linux kernel, the USB ULPI driver had a debugfs directory leak due to a naming mismatch: the ULPI per-device debugfs root was created using the parent device name, while ulpi_unregister_interface attempted to remove a directory named after the ULPI device itself. This caus...

CVE-2024-35822

The connected documents confirm CVE-2024-35822 affects the Linux kernel USB gadget mass storage path (usb_udc) where a thread may disable an endpoint while the main thread queues a request. Root cause: a warning in usb_ep_queue() was triggered instead of a functional failure. Fix: replacing WARN_...

CVE-2024-35931

The CVE affects the Linux kernel DRM/AMDGPU stack. During RAS (Reliability, Availability, Serviceability) recovery, a mode-1 PCI error slot reset is erroneously issued, which could trigger GPU resets and system hangs (VRAM loss, kernel panic traces). The root cause is the PCI error slot reset bei...

CVE-2024-38559

CVE-2024-38559: In the Linux kernel, the qedf SCSI path copies a userspace buffer without guaranteeing a NUL terminator, risking an OOB read in kstrtouint. The fix uses memdup_user_nul instead of memdup_user. Affected: kernel SCSI qedf path; Root cause: missing termination of the copied buffer. R...

CVE-2024-40904

CVE-2024-40904 affects the Linux kernel USB: class: cdc-wdm driver. The issue was a CPU soft lockup caused by excessive log messages from the interrupt URB handling, exacerbated by immediate resubmission of URBs with -EPROTO status and verbose kernel logging. The fix replaces two verbose dev_err(...

CVE-2024-40959

The CVE-2024-40959 entry concerns a Linux kernel issue where ip6_dst_idev() can return NULL, and xfrm6_get_saddr() must handle that, otherwise a NULL pointer dereference may occur. The vulnerability arises in xfrm6_policy.c (xfrm6_get_saddr) and could lead to denial of service via a kernel NULL d...

CVE-2024-42240

CVE-2024-42240: Linux kernel x86/bhi vulnerability where, when BHI mitigation is enabled, an entry_SYSENTER_compat() sequence could trigger a #DB handler warning due to the TF single-step bit handling. The fix changes the order to clear the TF flag before or after clearing branch history as appro...

CVE-2024-43900

CVE-2024-43900 affects the Linux kernel’s media: xc2028 path. A worker thread can dereference a freed dvb_frontend object after tuner_probe() allocates a tuner and module removal frees the dvb_frontend, leading to a use-after-free in load_firmware_cb() triggered by request_firmware_work_func. The...

CVE-2024-46724

CVE-2024-46724 is a Linux kernel vulnerability in drm/amdgpu where an out-of-bounds read of df_v1_7_channel_number could occur. The issue stems from not validating fb_channel_number range, leading to an array read error. A patch/mitigation has been applied in upstream kernel releases, and several...

CVE-2024-46853

CVE-2024-46853 is a Linux kernel issue corrected by updating to a patched kernel. The vulnerability stems from a KASAN slab-out-of-bounds bug in the nxp-fspi driver (spi/nxp-fspi) when handling data not aligned to 4 bytes written to TX FIFO. The issue could cause a read beyond the allocated regio...

CVE-2024-47748

CVE-2024-47748: Linux kernel vhost_vdpa code fixes an irq bypass producer token life-cycle bug. The token formerly registered in vhost_vdpa_setup_vq_irq() could outlive the eventfd_ctx, risking use-after-free when the eventfd is released. The patch binds the token lifecycle to VHOST_SET_VRING_CAL...