CVE-2021-47000

CVE-2021-47000 is confirmed to affect the Linux kernel with a fixed inode leak in the ceph path on getattr error in __fh_to_dentry. The available connected documents provide the concrete fix description, linking the CVE to ceph inode leak resolution in the kernel. Remediation requires deploying k...

CVE-2024-26813

The CVE-2024-26813 issue affects the Linux kernel vfio-platform subsystem (SET_IRQS) where loopback IRQ triggering can occur before an eventfd is configured, enabling a NULL dereference. The fix registers all IRQs in a disabled state during device open and ensures trigger changes are serialized w...

CVE-2024-42096

CVE-2024-42096 is a Linux kernel vulnerability in the x86 profiling code (profile_pc) used for timer-based profiling. The issue stemmed from the function’s assumptions about stack layout when accounting time spent in spinlocks, which could misattribute time and trigger KASAN warnings. The advisor...

CVE-2021-46992

CVE-2021-46992 affects the Linux kernel netfilter nftables hashtables. The issue arises from storing the number of buckets in 32-bit variables, allowing an overflow in nft_hash_buckets() when large sizes are encountered (sz Brent: 0x40000000 was observed). The syzbot report shows UBSAN: shift-out...

CVE-2024-26863

CVE-2024-26863 : In the Linux kernel, a vulnerability in the HSR/PRP framing layer allowed an uninitialized value to be accessed when the Ethernet header indicates a PRP/HSR packet but is not followed by an HSR tag. The issue arises in hsr_get_node() and can lead to uninit-value reads as shown by...

CVE-2023-52600

CVE-2023-52600 affects the Linux kernel JFS component. Root cause: a use-after-free in jfs_evict_inode where, if diMount(ipimap) fails, the released ipimap may be accessed in diFreeSpecial() as rcu_core() asynchronously frees it via jfs_free_node(). The fix ensures sbi->ipimap is not initializ...

CVE-2023-52603

CVE-2023-52603 : In Linux kernel, a UBSAN array-index-out-of-bounds was reported in JFS’s dtSplitRoot (dtree) when the value of fsi drops below -1, causing an out-of-bounds access previously guarded by a check that only handled -1. A patch was added to handle values less than 0, addressing the ro...

CVE-2024-26626

CVE-2024-26626 affects the Linux kernel and concerns a multicast route handling bug in ip_mr_forward that could cause a kernel panic via a NULL pointer dereference when forwarding multicast packets. The provided stacktrace and code reference ipmr.c:1985 document the root cause in ip_mr_forward, w...

CVE-2021-47033

Technical details about CVE-2021-47033 are not provided in the supplied documents. The initial entry only mentions a Linux kernel fix for mt76/mt7615 DMA unmapping and provides no product/version/patch specifics. Monitor for updates.

CVE-2023-52887

CVE-2023-52887 affects the Linux kernel’s CAN/J1939 stack. The issue is in net: can: j1939 where RTS messages arriving in quick succession were not handled as clearly as before; the fix replaces WARN_ON_ONCE backtraces with a dedicated error handling path in xtp_rx_rts_session_new, enabling early...

CVE-2023-52604

CVE-2023-52604 is a Linux kernel vulnerability affecting the JFS subsystem, specifically UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dmap.c (dbAdjTree). Public writeups note an out-of-bounds access (index 196694 in an s8[1365] buffer) encountered during Syzkaller fuzzing, leading to a kernel p...

CVE-2021-47079

CVE-2021-47079: Linux kernel platform/x86 ideapad-laptop NULL pointer dereference in dytc_cql_command (third parameter must not be NULL). The vulnerability was resolved in upstream kernel as described; attack vector LOCAL with LOW complexity and HIGH impact on availability per NVD metrics. Connec...

CVE-2021-47032

CVE-2021-47032 concerns the Linux kernel mt76 mt7915 driver: the fix ensures the first pointer in the txp is unmapped, preventing a leak of DMA mapping entries. The patch addresses a local DMA-mapping leak in the TX path; no remote/exploit details are provided in the sources beyond the fix. CVSS ...

CVE-2021-47048

CVE-2021-47048 affects the Linux kernel SPI driver spi-zynqmp-gqspi. The vulnerability arises when handling op->addr, where a buffer (tmpbuf) is freed and subsequently used, leading to a use-after-free. The root cause is use-after-free in zynqmp_qspi_exec_op, which can trigger Kasan warnings. ...

CVE-2021-47046

Summary (CVE-2021-47046) : In Linux kernel DRM/AMD display, the hdmi_14_process_transaction() path suffered an off-by-one read overflow due to a missing hdcp_i2c_offsets entry for HDCP_MESSAGE_ID_WRITE_CONTENT_STREAM_TYPE. A fix added the missing entry and copied the 0x0 offset from similar code,...

CVE-2024-27388

CVE-2024-27388 (Linux kernel SUNRPC) is a memory-leak issue in gssx_dec_option_array where creds and oa->data were not freed in error paths. Connected sources confirm the fix adds deallocation in the corresponding error-handling paths to prevent leaks. Public exploit details are not provided i...

CVE-2021-46981

CVE-2021-46981 affects the Linux kernel nbd subsystem where a NULL pointer in flush_workqueue could be dereferenced when opening /dev/nbdX and then disconnecting, leading to a kernel crash. The fix adds a guard in nbd_disconnect_and_put to check nbd->recv_workq before use. Connected advisories...

CVE-2021-47049

CVE-2021-47049 affects the Linux kernel driver hv: vmbus. The vulnerability is a use-after-free in __vmbus_open() caused by freeing open_info without removing it from the vmbus_connection. The fix is to remove open_info from the chn_msg_list before freeing it (explicit in the advisory). Impact is...

CVE-2021-47008

CVE-2021-47008 relates to the Linux kernel KVM/SVM path where GHCB is updated in SIPI handling and MSR operations. The vulnerability arises if SIPIs occur without a corresponding AP Reset Hold, risking a NULL pointer dereference when GHCB is not mapped, and similarly a potential GHCB access issue...

CVE-2021-47041

The CVE-2021-47041 issue is a Linux kernel nvmet-tcp locking bug: in nvmet_tcp_state_change, a write_lock was used for TCP state changes, causing a deadlock with nvme-tcp when both run on the same system. The fix described is to stop taking a write_lock and use a read lock instead, addressing the...

CVE-2021-47024

The CVE-2021-47024 issue is in the Linux kernel vsock/virtio path, where a memory leak occurs when closing a socket due to not draining the RX queue after the socket is definitively closed. The advisory notes partial remediation via ac03046ece2b, but the proper fix is to drain the RX queue before...

CVE-2021-47025

CVE-2021-47025 affects the Linux kernel's Mediatek IOMMU driver. Root cause: mtK IOMMU runtime suspend incorrectly disables the clock if m4u_dom is null, risking a warning and unnecessary clock disable. The fix enables the clock on runtime resume and reduces clock management during init (mtk_iomm...

CVE-2021-47081

CVE-2021-47081 is rejected/not used; this CVE entry does not represent an active vulnerability.

CVE-2021-47012

CVE-2021-47012 concerns Linux kernel RDMA/siw. The connected Astra Linux advisories describe a use-after-free in siw_alloc_mr where mem is assigned to mr->mem in siw_mr_add_mem and later freed via kfree(mem) if xa_alloc_cyclic() fails, leaving mr->mem pointing to freed memory. The patch tim...

CVE-2021-47051

CVE-2021-47051 affects the Linux kernel SPI driver for the Freescale/NXP fsl-lpspi. The issue is a PM (power management) reference leak in lpspi_prepare_xfer_hardware(): pm_runtime_get_sync increments the PM usage counter even when the operation fails, leading to an unbalanced reference. The fix ...

CVE-2021-47052

CVE-2021-47052 relates to the Linux kernel crypto-sa2ul path (rxd) where two error paths failed to free the rxd buffer, causing a memory leak. The vulnerability was resolved by fixing those paths to ensure rxd is freed on error exits. The provided documents confirm the issue in the crypto: sa2ul ...

CVE-2021-47002

CVE-2021-47002 references a SUNRPC NULL pointer dereference in the Linux kernel. Issue arises when alloc_pages_node() returns null and svc_rqst_free() dereferences a null rq_scratch_page during put_page(); the patch adds a null check in the failure path (svc_rqst_alloc()) to prevent dereferencing...

CVE-2024-26866

CVE-2024-26866 (Linux kernel, spi/lpspi) : The issue arises from a use-after-free in fsl_lpspi_probe() where memory allocated with spi_alloc_host()/spi_alloc_target() is freed in probe, but later referenced by devm_spi_register_controller(), leading to a NULL dereference when the controller is un...

CVE-2024-26879

CVE-2024-26879: In the Linux kernel, the issue is within the clock framework (meson/axg_clk_regmaps) where some clocks were missing, causing a NULL pointer dereference and kernel panic when reading /sys/kernel/debug/clk/clk_summary. Root cause: missing clocks in axg_clk_regmaps lead to regmap_rea...

CVE-2021-47038

CVE-2021-47038: Linux kernel Bluetooth deadlock fix. The vulnerability arose from a new dependency between socket lock and hci_dev->lock introduced by commit adding BT_PHY socket option, causing hci_conn_get_phy() to use hdev->lock while the caller holds other Bluetooth locks (possible circ...

CVE-2020-36785

CVE-2020-36785 concerns the Linux kernel media/atomisp subsystem. The vulnerability arises from a use-after-free in atomisp_alloc_css_stat_bufs(), where the s3a_buf is freed along with items from asd->s3a_stats, causing a double free and use-after-free condition. The initial entry indicates th...

CVE-2024-26895

CVE-2024-26895 — Linux kernel (wifi: wilc1000) use-after-free during vif cleanup . The issue occurs when unregistering net devices while traversing the vif list, because a netdevice’s private vif data is freed (due to needs_free_netdev being set during registration) and the loop subsequently acce...

CVE-2024-26878

In CVE-2024-26878, the Linux kernel quota NULL pointer dereference is addressed: a race between dquot_free_inode (or related) and quota_off can dereference an inode quota pointer after it is nulled. The fix uses a temporary pointer to prevent the use-after-free: if inode quota pointers are access...

CVE-2024-27395

The CVE-2024-27395 issue is in the Linux kernel: net/openvswitch: Use-After-Free in ovs_ct_exit due to kfree_rcu being invoked outside the RCU read lock during ovs_ct_limit_exit traversal, creating a window where the freed key may be accessed after the grace period. The published fix changes the ...

CVE-2021-46995

CVE-2021-46995 affects the Linux kernel can: mcp251xfd driver. Root cause: in mcp251xfd_probe, converting to dev_err_probe() accidentally removed a return, causing an OOPs when devm_clk_get() fails and clk_get_rate() is called on the next line. Impact: local attacker requires privileges (per CVSS...

CVE-2021-46991

CVE-2021-46991 is a Linux kernel use-after-free in the i40e driver, where pf->cinst->lan_info is accessed after pf->cinst is freed during i40e_client_del_instance. The vulnerability arises because the code frees the object and then continues to access a member of it, leading to a potenti...

CVE-2024-27396

CVE-2024-27396 affects the Linux kernel net/gtp code: a Use-After-Free in gtp_dellink during RCU traversal (hlist_for_each_entry_rcu) because the traversal isn’t inside the RCU read critical section. The fix replaces the traversal with hlist_for_each_entry_safe to ensure the key isn’t freed durin...

CVE-2024-35915

The CVE-2024-35915 issue affects the Linux kernel NFC stack (nfc: nci) where nci_rx_work() could read uninitialized payload when a received packet had a zero-length payload. The root cause is an uninit-value access in the handling of certain message types, reported by syzbot. The fix, as describe...

CVE-2024-26892

Technical details about CVE-2024-26892 are not provided in the given documents. Public information appears limited here; no vendor/product/fix specifics are available. Monitor vendor advisories for updates and patch status.

CVE-2024-26865

CVE-2024-26865 involves a use-after-free in the Linux kernel’s RDS TCP path (reqsk_timer_handler) that can occur when a per-netns listener is created, a reqsk is formed, the process exits, and the netns is dismantled before the timer expires. The issue is fixed by a patch (commit 740ea3c4a0b2) wh...

CVE-2024-26944

CVE-2024-26944 affects the Linux kernel, specifically a use-after-free in btrfs when handling device replacements during zone finish. The issue is a use-after-free in do_zone_finish() caused by dereferencing a freed btrfs_device in the mapping during the dev_replace workflow (btrfs_dev_replace_st...

CVE-2024-26941

CVE-2024-26941 affects the Linux kernel DRM subsystem, specifically the DP DisplayPort driver. Description from the provided documents shows a divide-by-zero regression when unplugging a StarTech MSTDP122DP DisplayPort 1.2 MST hub while using the nouveau driver. The regression occurs in the drm_d...

CVE-2024-26988

CVE-2024-26988 concerns the Linux kernel where a memory overflow could occur in init/main.c during static_command_line construction. The bug stemmed from allocating xlen + strlen(boot_command_line) + 1 bytes for static_command_line but then copying extra_command_line and command_line into it, ins...

CVE-2023-52601

The CVE-2023-52601 entry refers to a Linux kernel flaw in the XFS-like JFS file system: a missing bound check in dbAdjTree when accessing dmt_stree can cause an array-index-out-of-bounds. The fix introduces a bool is_ctl to determine size, as described in the cited kernel commits. Affected/affect...

CVE-2024-26928

CVE-2024-26928 relates to the Linux kernel SMB/CIFS client. The advisory notes a use-after-free (UAF) in cifs_debug_files_proc_show() triggered by session teardown. The fix adds a guard to skip sessions in status SES_EXITING during teardown, preventing UAF. Multiple connected sources (Astra Linux...

CVE-2024-26810

Technical details about CVE-2024-26810 are not provided in the supplied documents. The Astra bulletin repeats the vulnerability description without specifying affected products/versions or remediation. Monitor for official advisories to obtain precise impact and fixes.

CVE-2024-26993

The CVE-2024-26993 issue in the Linux kernel’s fs: sysfs_break_active_protection() leaks a kobject reference in the error path if kernfs_find_and_get() fails. The root cause was an obvious reference leak when kn is NULL, which prevented the corresponding sysfs_unbreak_active_protection() from rel...

CVE-2024-27043

In CVE-2024-27043, the Linux kernel vulnerability is a use-after-free in DVB convolution: dvb_register_device assigns *pdvbdev to dvbdev and frees dvbdev in error paths without nulling *pdvbdev, enabling UAFs via the dvb device lifecycle. A fix exists (kernel patch) to null the pointer after free...

CVE-2023-52585

The CVE-2023-52585 vulnerability affects the Linux kernel AMDGPU driver (drm/amdgpu). A NULL dereference could occur in amdgpu_ras_query_error_status_helper() when handling error info and an invalid block id; the fix returns -EINVAL for invalid block ids and prevents the NULL dereference. Affecte...

CVE-2024-26981

CVE-2024-26981 affects the Linux kernel nilfs2 implementation. The flaw is an out-of-bounds access in nilfs_set_de_type: the index into nilfs_type_by_mode is computed as (mode & S_IFMT) >> S_SHIFT, but the array size is defined as S_IFMT >> S_SHIFT, which can produce an OOB when mode ...