13804 matches found
CVE-2023-1637
CVE-2023-1637 affects the Linux kernel X86 CPU Power Management options, described as a speculative-execution style vulnerability in suspend-to-RAM resume. Connected advisories (e.g., ALAS-2024-076 and related Nessus/Amazon/Linux entries) confirm the issue is a local-privilege/information disclos...
CVE-2023-52520
CVE-2023-52520 : Linux kernel platform/x86: think-lmi had a reference leak when a duplicate attribute is found by kset_find_obj(); a reference to the attribute could be leaked if not disposed with kobject_put. The fix moves the setting name validation into a separate function to avoid duplicating...
CVE-2023-52679
CVE-2023-52679 is a Linux kernel vulnerability: a double-free in of_parse_phandle_with_args_map was mitigated. The inner loop freed the previous reference via of_node_put(new) and assumed the next value was NULL. The fix ensures that the loop invariant holds by resetting the temporary to NULL aft...
CVE-2023-52707
CVE-2023-52707: Linux kernel sched/psi use-after-free in ep_remove_wait_queue() can occur when a non-root cgroup is removed while a thread is polling a pressure file; the polling thread may access a freed waitqueue during file close/exit, causing a use-after-free. The issue is rooted in cgroup_fi...
CVE-2024-26698
Linux kernel hv_netvsc is affected by a race between netvsc_probe and netvsc_remove. The root cause is napi_disable being invoked on non-enabled subchannels, causing hung behavior during device removal due to an infinite msleep in napi_disable. The fix (commit ac5047671758) disables NAPI before c...
CVE-2024-26740
CVE-2024-26740: In the Linux kernel, the net/sched act_mirred fix uses the Rx backlog for egress→ingress reversals to prevent socket lock deadlocks on certain redirect scenarios. The upstream patch ca22da2fbd69 implements this backlog-based handling; Nessus advisory AXSA references this CVE with ...
CVE-2024-26919
CVE-2024-26919 : In the Linux kernel, the USB ULPI driver had a debugfs directory leak due to a naming mismatch: the ULPI per-device debugfs root was created using the parent device name, while ulpi_unregister_interface attempted to remove a directory named after the ULPI device itself. This caus...
CVE-2024-35822
The connected documents confirm CVE-2024-35822 affects the Linux kernel USB gadget mass storage path (usb_udc) where a thread may disable an endpoint while the main thread queues a request. Root cause: a warning in usb_ep_queue() was triggered instead of a functional failure. Fix: replacing WARN_...
CVE-2024-35931
The CVE affects the Linux kernel DRM/AMDGPU stack. During RAS (Reliability, Availability, Serviceability) recovery, a mode-1 PCI error slot reset is erroneously issued, which could trigger GPU resets and system hangs (VRAM loss, kernel panic traces). The root cause is the PCI error slot reset bei...
CVE-2024-38559
CVE-2024-38559: In the Linux kernel, the qedf SCSI path copies a userspace buffer without guaranteeing a NUL terminator, risking an OOB read in kstrtouint. The fix uses memdup_user_nul instead of memdup_user. Affected: kernel SCSI qedf path; Root cause: missing termination of the copied buffer. R...
CVE-2024-38579
CVE-2024-38579 : Linux kernel vulnerability in crypto: bcm where spu2_dump_omd() increments ptr by ciph_key_len instead of hash_iv_len, risking buffer overrun. Root cause: incorrect pointer arithmetic in bcm cryptographic path. Affects the kernel crypto module, potential memory safety impact. Fix...
CVE-2024-38600
CVE-2024-38600 affects the Linux kernel ALSA subsystems. In snd_card_disconnect(), the patch fixes a deadlock that occurs when a callback deletes a kctl during disconnection for a suspended device. The root cause is the sequence: set card->shutdown, call callbacks, then sync power_ref_sleep wa...
CVE-2024-40904
CVE-2024-40904 affects the Linux kernel USB: class: cdc-wdm driver. The issue was a CPU soft lockup caused by excessive log messages from the interrupt URB handling, exacerbated by immediate resubmission of URBs with -EPROTO status and verbose kernel logging. The fix replaces two verbose dev_err(...
CVE-2024-40941
CVE-2024-40941 is disclosed in MiracleLinux advisories for kernel-4.18.x (e.g., 4.18.0-553.22.1.el8_10) and related AXSA advisories. The issue in wifi: iwlwifi: mvm causes reading past the mfuart notification when the firmware claims more data than available. The advisory states the overflow is m...
CVE-2024-40959
The CVE-2024-40959 entry concerns a Linux kernel issue where ip6_dst_idev() can return NULL, and xfrm6_get_saddr() must handle that, otherwise a NULL pointer dereference may occur. The vulnerability arises in xfrm6_policy.c (xfrm6_get_saddr) and could lead to denial of service via a kernel NULL d...
CVE-2024-41065
The CVE-2024-41065 issue is in the Linux kernel’s powerpc/pseries code related to usercopy hardening. When CONFIG_HARDENED_USERCOPY is enabled, reading the dispatch log from /sys/kernel/debug/powerpc/dtl/cpu-* could trigger a kernel BUG in usercopy (mm/usercopy.c). The root cause involves copying...
CVE-2024-42270
Technical details (affected product/version, exploit, and patch) for CVE-2024-42270 are not provided in the supplied documents. Monitor official advisories and CVE records for updates from kernel maintainers and CVE databases.
CVE-2024-43900
CVE-2024-43900 affects the Linux kernel’s media: xc2028 path. A worker thread can dereference a freed dvb_frontend object after tuner_probe() allocates a tuner and module removal frees the dvb_frontend, leading to a use-after-free in load_firmware_cb() triggered by request_firmware_work_func. The...
CVE-2024-46853
CVE-2024-46853 is a Linux kernel issue corrected by updating to a patched kernel. The vulnerability stems from a KASAN slab-out-of-bounds bug in the nxp-fspi driver (spi/nxp-fspi) when handling data not aligned to 4 bytes written to TX FIFO. The issue could cause a read beyond the allocated regio...
CVE-2024-47748
CVE-2024-47748: Linux kernel vhost_vdpa code fixes an irq bypass producer token life-cycle bug. The token formerly registered in vhost_vdpa_setup_vq_irq() could outlive the eventfd_ctx, risking use-after-free when the eventfd is released. The patch binds the token lifecycle to VHOST_SET_VRING_CAL...
CVE-2024-50024
The CVE CVE-2024-50024 is a Linux kernel issue: an unsafe loop in a list was fixed when deleting a genetlink family, risking a crash if listeners remain. The change replaces the unsafe loop with a safe iteration because an element is removed inside the loop, addressing an Oops: Kernel access of b...
CVE-2024-50251
CVE-2024-50251 is a Linux kernel netfilter nft_payload vulnerability. The issue arises when nft_payload sanitization of offset and length fails, allowing skb_checksum() to access beyond the sk_buff boundary if offset+length exceeds the skb length, triggering a BUG_ON(). Connected advisories confi...
CVE-2024-53213
CVE-2024-53213 – Linux kernel (LAN78xx USB Ethernet driver) Connected sources confirm a concrete issue in lan78xx where a buffer allocated in lan78xx_probe() was freed twice: once via usb_free_urb(dev->urb_intr) with URB_FREE_BUFFER and again by kfree(buf). The root cause is the double free st...
CVE-2024-56604
Summary (CVE-2024-56604): In the Linux kernel, Bluetooth RFCOMM can leave a dangling sk pointer in rfcomm_sock_alloc() when rfcomm_dlc_alloc() fails, leading to a use-after-free. The root cause is bt_sock_alloc() attaching the sk to the sock object and the code path not clearing the pointer on fa...
CVE-2024-57938
CVE-2024-57938 affects the Linux kernel net/sctp code; an overflow in sctp_association_init() can occur when max_autoclose is set to UINT_MAX. Patch fixes the overflow; no exploit details are provided in the documents.
CVE-2025-21867
CVE-2025-21867 concerns the Linux kernel’s BPF test_run path, where eth_skb_pkt_type() could read skb data without an Ethernet header if bpf_prog_test_run_xdp() passed an invalid user_data value. KMSAN reported a use-after-free in this path. The root cause is access to data that may not contain E...
CVE-2025-21997
CVE-2025-21997 : In the Linux kernel, a vulnerability in the XDP socket (xsk) path fixes an integer overflow in xp_create_and_assign_umem(). Because i and pool->chunk_size are 32‑bit values, their product can wrap and be cast to 64‑bit, which may cause two distinct XDP buffers to point to the ...
CVE-2014-8159
CVE-2014-8159 describes a flaw in the Linux kernel InfiniBand/RDMA subsystem where the uverbs interface used to register memory regions can be abused by a local user to access arbitrary physical memory, potentially crash the system or escalate privileges via /dev/infiniband/uverbsX. The initial e...
CVE-2014-9584
CVE-2014-9584 affects the Linux kernel where the function parse_rock_ridge_inode_internal in fs/isofs/rock.c does not validate a length value in the ER System Use Field, enabling local users to obtain sensitive kernel memory via a crafted iso9660 image. This vulnerability exists in kernels before...
CVE-2016-3841
CVE-2016-3841 affects the Linux kernel IPv6 stack before 4.3.3. A crafted sendmsg can mishandle options data, allowing local users to gain privileges or cause a denial of service via a use-after-free leading to a system crash. Public documents (e.g., MiracleLinux AXSA-2016-1135:09 and Unity Linux...
CVE-2021-47383
CVE-2021-47383 : In the Linux kernel, the tty imageblit out-of-bounds access is caused when an ioctl FBIOPUT_VSCREENINFO with only xres, yres, and bits_per_pixel is sent and the struct matches the previous ioctl. This leaves fb_var_screeninfo incomplete, causing updatescrollmode() to compute a wr...
CVE-2022-2905
CVE-2022-2905 is an out-of-bounds memory read in the Linux kernel’s BPF subsystem, exploitable by a local user via bpf_tail_call with a map key larger than max_entries. The Debian LTS advisory DLA-3173-1 (linux-5.10) lists CVE-2022-2905 among others and notes that an update to linux-5.10-149-2~de...
CVE-2022-48804
CVE-2022-48804 is resolved in the Linux kernel’s vt_ioctl/vt_setactivate path. The vulnerability stems from an array_index_nospec handling that could allow a transient integer underflow when an out-of-bounds value is decremented after zero, specifically affecting vsa.console handling. The descrip...
CVE-2022-48943
CVE-2022-48943: In the Linux kernel KVM x86/mmu code, a bug in asynchronous page-fault (APF) handling could cause a guest to hang by confusing a valid token with a zero value, potentially delaying or losing READY events. The fix ensures the APF token is non-zero, preventing misinterpretation of t...
CVE-2022-49133
The CVE-2022-49133 issue affects the Linux kernel DRM/AMDKFD component where svm range restore work deadlocks during process exit. The fix moves flush of svm_range_restore_work to kfd_process_wq_release and makes svm_range_restore_work take a task mm reference to prevent deadlock when the last us...
CVE-2023-52811
In CVE-2023-52811, the Linux kernel ibmvfc driver fix removes a BUG_ON when an event pool is empty and instead returns NULL from ibmvfc_get_event(). All call sites were updated to check for NULL and handle the failure or recovery path. This prevents a potential junk pointer path and kernel crash ...
CVE-2024-26646
CVE-2024-26646 : In the Linux kernel, a vulnerability in the HFI (host firmware interface) handling during suspend/hibernate could lead to memory corruption if the second memory buffer (restored kernel) reprograms the HFI location and the image kernel uses a stale buffer. The fix disables HFI whe...
CVE-2024-26691
CVE-2024-26691 affects Linux kernel KVM for arm64. The circular locking arises when pkvm_create_hyp_vm() acquires kvm->lock while kvm_vcpu_ioctl() holds vcpu->mutex. The fix is to protect the hyp VM handle with config_lock (instead of keeping the vcpu->mutex under kvm->lock), mitigati...
CVE-2024-26930
CVE-2024-26930 : In the Linux kernel, the SCSI/QLA2xxx double-free vulnerability occurs when ha->vp_map is freed twice (in qla2x00_mem_alloc and again in qla2x00_mem_free). The root cause is a use-after-free-like double free of ha->vp_map; the fix assigns NULL to vp_map and lets kfree handl...
CVE-2024-31076
CVE-2024-31076: Linux kernel CPU hotplug vector leak in genirq/cpuhotplug (x86/vector). Root cause: when interrupt affinity is reconfigured via procfs, old APIC vectors aren’t reclaimed if the old CPU goes offline before the next trigger on the new CPU, leaving apicd->prev_vector in vector_mat...
CVE-2024-35989
CVE-2024-35989 affects the Linux kernel dmaengine idxd driver. The vulnerability arises during rmmod/removal of the idxd driver on single-CPU systems, where an offline perf context migration could target an invalid recipient, causing a kernel oops (page fault on mutex_lock during perf_pmu_migrate...
CVE-2024-36932
CVE-2024-36932 pertains to the Linux kernel, where a use-after-free can occur in thermal_debugfs after cdev removal. The root cause is that thermal_debug_cdev_remove() runs without holding cdev->lock, potentially freeing the thermal_debugfs object while thermal_debug_cdev_state_update() may st...
CVE-2024-39497
CVE-2024-39497: In the Linux kernel, drm/shmem-helper fix for a BUG_ON() triggered by mmap(PROT_WRITE, MAP_PRIVATE) in drm_gem_shmem_mmap. The issue arose from a missing check for copy-on-write (COW) mappings, which could lead to a kernel panic at vmf_insert_pfn_prot when a VMA has VM_PFNMAP and ...
CVE-2024-40989
CVE-2024-40989 affects the Linux kernel (ARM64 KVM). During teardown of a redistributor region, a vCPU could maintain a dangling pointer to that region, risking use-after-free in the hypervisor path. The available connected docs indicate a kernel patch was applied to disassociate vcpus from the r...
CVE-2024-42238
CVE-2024-42238 : In the Linux kernel, the vulnerability in firmware CS_DSP handling was resolved. The issue allowed processing to overrun when a block header exceeded remaining data, due to prior behavior in cs_dsp_load()/cs_dsp_load_coeff() which would loop until enough data remained instead of ...
CVE-2024-42284
CVE-2024-42284: In the Linux kernel, tipc_udp_addr2str() must return non-zero on error to avoid a buffer overflow in tipc_media_addr_printf(). The fix is to return 1 for an invalid UDP media address. Public docs in connected advisories (ALAS2KERNEL / ALAS2KERNEL-5.4/5.10 entries) confirm the issu...
CVE-2024-43817
The CVE CVE-2024-43817 describes a Linux kernel vulnerability in the virtio_net path: two missing checks in virtio_net_hdr_to_skb() can trigger a crash. The issues arise when after skb_segment the buffer remains non-linear (nr_frags != 0) and SKBTX_SHARED_FRAG is not set, preventing __skb_lineari...
CVE-2024-46871
The CVE-2024-46871 entry concerns the Linux kernel's DRM/AMD display component. It fixes an incorrect definition for AMDGPU_DMUB_NOTIFICATION_MAX, where the enum dmub_notification_type was actually exposing 6 types instead of 5. The undercount could lead to out-of-bounds access when allocating th...
CVE-2024-49851
The CVE CVE-2024-49851 affects the Linux kernel TPM subsystem. The vulnerability originated from tpm_dev_transmit preparing TPM space before transmission and not rolling back this preparation if a command fails, potentially leaking transient TPM handles when the device is closed afterwards. The p...
CVE-2024-49859
The CVE-2024-49859 vulnerability concerns the f2fs filesystem in the Linux kernel. It affects f2fs ioctl interfaces (notably f2fs_ioc_set_pin_file(), f2fs_move_file_range(), and f2fs_defragment_range()) where atomic_write status was not properly checked, creating a potential race condition. The i...