CVE-2017-8831

The CVE-2017-8831 issue affects the Linux kernel, specifically the saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c, with impact up to kernel version 4.11.5. It is a local, potentially privilege-escalating vulnerability described as a “double fetch” vulnerability caused by re-r...

CVE-2021-3411

CVE-2021-3411 describes a memory access violation in the Linux kernel prior to 5.10, caused by a padding int3 check during linking. The flaw can affect data confidentiality, integrity, and system availability. A Nessus Unity Linux advisory references this vulnerability (UTSA-2026-004638) and reit...

CVE-2021-47383

CVE-2021-47383 : In the Linux kernel, the tty imageblit out-of-bounds access is caused when an ioctl FBIOPUT_VSCREENINFO with only xres, yres, and bits_per_pixel is sent and the struct matches the previous ioctl. This leaves fb_var_screeninfo incomplete, causing updatescrollmode() to compute a wr...

CVE-2022-3061

Astra Linux advisories confirm a Linux kernel fix related to the pixclock divide-by-zero issue in i740/i740fb families, aligning with CVE-2022-3061. The fix involves validating pixclock before use (e.g., zero check in charger-like var handling such as savagefb_check_var / i740fb equivalent) and n...

CVE-2023-52707

CVE-2023-52707: Linux kernel sched/psi use-after-free in ep_remove_wait_queue() can occur when a non-root cgroup is removed while a thread is polling a pressure file; the polling thread may access a freed waitqueue during file close/exit, causing a use-after-free. The issue is rooted in cgroup_fi...

CVE-2023-52760

CVE-2023-52760 (Linux kernel, gfs2): The vulnerability is caused by a slab-use-after-free in gfs2_qd_dealloc, where in gfs2_put_super() the quota cleanup must occur via gfs2_quota_cleanup() regardless of withdrawal status. If cleanup is delayed (rcu callback) and gfs2_sbd is freed before all gfs2...

CVE-2023-52819

CVE-2023-52819 is resolved in the Linux kernel. The vulnerability was in drm/amd where UBSAN reported an array-index-out-of-bounds for Polaris/Tonga in pptable structs using flexible array sizes; the fix switches to using flexible arrays to avoid out-of-bounds access. Impact is local (CVSS: AV:L,...

CVE-2023-52878

CVE-2023-52878 : Linux kernel vulnerability in can_put_echo_skb() where out-of-bounds access to can_priv::echo_skb could crash the kernel. The fix enforces a bounds check and, on out-of-bounds access, issues a warning and returns an error instead of crashing. Affected component: CAN networking pa...

CVE-2024-26769

Technical details about CVE-2024-26769 are not publicly provided in the supplied documents. The connected entries mention CVE-2024-26769 among other CVEs but do not specify affected products, versions, impact, or fixes. Action: monitor for updates.

CVE-2024-26930

CVE-2024-26930 : In the Linux kernel, the SCSI/QLA2xxx double-free vulnerability occurs when ha->vp_map is freed twice (in qla2x00_mem_alloc and again in qla2x00_mem_free). The root cause is a use-after-free-like double free of ha->vp_map; the fix assigns NULL to vp_map and lets kfree handl...

CVE-2024-35810

CVE-2024-35810 : In the Linux kernel, a fix addresses a vulnerability in drm/vmwgfx where the lifetime of bo cursor memory could be mishandled during cleanup while an atomic update is active. The kernel previously allowed cleanup to invalidate memory acquired during the atomic update, potentially...

CVE-2024-35852

CVE-2024-35852 : In the Linux kernel (mlxsw spectrum_acl_tcam), a memory leak can occur when rehash work is canceled while pending, as hints allocated for the migration may remain referenced. The fix frees the associated hints when a pending rehash work is canceled. Connected advisories reference...

CVE-2024-35989

CVE-2024-35989 affects the Linux kernel dmaengine idxd driver. The vulnerability arises during rmmod/removal of the idxd driver on single-CPU systems, where an offline perf context migration could target an invalid recipient, causing a kernel oops (page fault on mutex_lock during perf_pmu_migrate...

CVE-2024-36921

CVE-2024-36921 security issue in Linux kernel wifi: iwlwifi (MVM) guarded against invalid STA ID on removal to prevent out-of-bounds accesses in iwl_mvm_mld_rm_sta_id. The vulnerability could occur during error handling if a station ID is invalid, risking memory corruption. The Microsoft Security...

CVE-2024-40940

The CVE-2024-40940 issue affects the Linux kernel mlx5 driver (net/mlx5). The root cause is in mlx5_lag_create_port_sel_table(): when a flow rule creation fails, the tainted pointer is deleted multiple times instead of using the correct flow rule pointers. The bug is fixed by using the correct fl...

CVE-2024-40977

CVE-2024-40977 is described in connected MiracleLinux advisory as a Linux kernel fix for the wifi: mt76: mt7921s: fix potential hung tasks during chip recovery. The root cause is a deadlock during chip recovery where kernel worker reset_work waits for stat_worker which itself waits for the same l...

CVE-2024-40978

CVE-2024-40978 affects the Linux kernel, specifically a qedi/scsi path vulnerability. The root cause is qedi_dbg_do_not_recover_cmd_read() calling sprintf() on a __user pointer, which can crash the kernel. The fix uses a small local stack buffer for sprintf() and then copies with simple_read_from...

CVE-2024-42284

CVE-2024-42284: In the Linux kernel, tipc_udp_addr2str() must return non-zero on error to avoid a buffer overflow in tipc_media_addr_printf(). The fix is to return 1 for an invalid UDP media address. Public docs in connected advisories (ALAS2KERNEL / ALAS2KERNEL-5.4/5.10 entries) confirm the issu...

CVE-2024-43817

The CVE CVE-2024-43817 describes a Linux kernel vulnerability in the virtio_net path: two missing checks in virtio_net_hdr_to_skb() can trigger a crash. The issues arise when after skb_segment the buffer remains non-linear (nr_frags != 0) and SKBTX_SHARED_FRAG is not set, preventing __skb_lineari...

CVE-2024-50014

CVE-2024-50014 – Linux kernel ext4 replay path issue Affects: Linux kernel ext4 on systems using fast-commit enabled filesystems (replay path). Affected code path is ext4_fc_replay during journal replay; the replay path attempts to lock sbi->s_bdev_wb_lock before it has been initialized. Root ...

CVE-2024-50019

In CVE-2024-50019 the IBM bulletin documents a Linux kernel issue where kthread unparked-per-CPU threads could be woken up during stop. Root cause: calling kthread_unpark unconditionally before ensuring the thread is inactive can cause a wakeup on a per-CPU kthread that has been bound via kthread...

CVE-2024-50117

CVE-2024-50117 affects the Linux kernel DRM/AMDGPU path (ATIF ACPI method). The vulnerability stems from bad data returned by BIOS ACPI ATIF calls, which could cause a NULL pointer dereference in the caller when amdgpu_atif_query_backlight_caps processes the result. The issue was resolved by guar...

CVE-2024-53060

CVE-2024-53060 (Linux kernel) affects drm/amdgpu: fixes a NULL pointer dereference when ATIF is not supported. The kernel may dereference buffer.pointer (obj) if acpi_evaluate_object() returns AE_NOT_FOUND, so the fix adds a bailout when AE_NOT_FOUND occurs to prevent NULL dereference. The Note i...

CVE-2024-53136

CVE-2024-53136 relates to the Linux kernel mm/shmem issue: reverting a previous fix for data-race in shmem_getattr() that could deadlock when accessing tmpfs over NFS. Public details indicate the change targeted the shmem_getattr() path (mm: shmem) and mentions the deadlock scenario, with remedia...

CVE-2024-56604

Summary (CVE-2024-56604): In the Linux kernel, Bluetooth RFCOMM can leave a dangling sk pointer in rfcomm_sock_alloc() when rfcomm_dlc_alloc() fails, leading to a use-after-free. The root cause is bt_sock_alloc() attaching the sk to the sock object and the code path not clearing the pointer on fa...

CVE-2024-57879

CVE-2024-57879 affects the Linux kernel Bluetooth stack (ISO) where the hdev device reference may not be released at the end of iso_listen_bis due to hci_get_route returning while still holding the device. The root cause is not releasing hdev with hci_dev_put on all code paths, including error ex...

CVE-2024-57946

CVE-2024-57946 affects Linux kernel virtio-blk: during system suspend, the PM callbacks previously kept the block queue frozen, risking deadlocks if code path invoked bio_queue_enter() while suspended. The fix replaces queue quiesce with a freeze-and-thaw approach in virtio-blk PM callbacks and d...

CVE-2025-21846

CVE-2025-21846 (Linux kernel) : The acct(2) path could trigger a NULL dereference when writing to a file that triggers an internal lookup (e.g., /sys/power/resume) after the task has exited. The fix reorganizes the code so the final write executes from a workqueue while preserving the caller’s cr...

CVE-2025-22010

CVE-2025-22010 affects the Linux kernel’s RDMA/hns: fixes a soft lockup during BT page loop when allocating very large buffers (e.g., MR > 100GB). The vulnerable path occurs in hns_roce_hw_v2: hem_list_alloc_mid_bt, hns_roce_hem_list_request, hns_roce_mtr_create, alloc_mr_pbl, and hns_roce_reg...

CVE-2025-22014

CVE-2025-22014 relates to the Linux kernel, specifically the QCOM SoC PDR path. The issue is a potential deadlock between processes when a client adds a service lookup (pdr_add_lookup) and a server locator update (pdr_locator_new_server), which can cause the response to queue on the same workqueu...

CVE-2025-37838

CVE-2025-37838 affects the Linux kernel HSI ssi_protocol: a use-after-free can occur due to a race between ssi_protocol_probe() binding ssi->work to ssip_xmit_work() and ssi_protocol_remove() freeing ssi via kfree(ssi) while the work is still potentially in use. The connected Azure Linux 3.0 a...

CVE-2014-3122

CVE-2014-3122 affects the Linux kernel local memory-management path. The advisory centers on the try_to_unmap_cluster function in mm/rmap.c, where the code path did not consistently lock pages, enabling a local user to trigger a memory-usage pattern that can force removal of page-table mappings a...

CVE-2014-3917

CVE-2014-3917 affects the Linux kernel up to 3.14.5, specifically kernel/auditsc.c when CONFIG_AUDITSYSCALL is enabled with certain syscall rules. Local users can obtain sensitive single-bit values from kernel memory or trigger a denial of service (OOPS) by using a large syscall number. Exploitat...

CVE-2014-9419

CVE-2014-9419 affects the Linux kernel (arch/x86/kernel/process_64.c) up to version 3.18.1. The issue fails to ensure TLS descriptors are loaded before proceeding with other steps, enabling a local attacker to bypass ASLR by crafting an application that reads a TLS base address. Connected advisor...

CVE-2015-8816

CVE-2015-8816 affects the Linux kernel prior to 4.3.5, where hub_activate in drivers/usb/core/hub.c mishandles hub-interface data. Physically proximate attackers can unplug a USB hub to trigger invalid memory access and a system crash (DoS); impact may be unspecified otherwise. A fixed version ex...

CVE-2016-4485

The CVE-2016-4485 issue affects the Linux kernel (net/llc/af_llc.c): the llc_cmsg_rcv path does not initialize a data structure, enabling a local attacker to read kernel stack memory and obtain sensitive information. Public references in connected documents indicate this vulnerability existed in ...

CVE-2016-4569

CVE-2016-4569 (Linux kernel) : The snd_timer_user_params function in sound/core/timer.c reportedly does not initialize a certain data structure in kernel versions up to 4.6, enabling a local attacker to leak information from kernel stack memory via the ALSA timer interface. This is an information...

CVE-2016-7916

CVE-2016-7916 is a Linux kernel local privilege disclosure affecting the environ_read path in fs/proc/base.c. The race condition between environment-variable copying and process setup allows a local user to read sensitive data from kernel memory by accessing a /proc/*/environ file during the setu...

CVE-2017-17975

CVE-2017-17975: Use-after-free in Linux kernel’s usbtv_probe (drivers/media/usb/usbtv/usbtv-core.c) up to kernel 4.14.10 can allow local attackers to trigger audio registration failure, potentially causing a denial of service (system crash) or other unspecified impact due to improper handling of ...

CVE-2017-6951

CVE-2017-6951 : A local denial-of-service in the Linux kernel is caused by a NULL pointer dereference in keyring_search_aux in security/keys/keyring.c when a request_key is used on the dead type. Exploitation could crash the system (OOPS). Affected: Linux kernel up to 3.14.79; impact is local, wi...

CVE-2021-47103

CVE-2021-47103 is a Linux kernel vulnerability in the inet path where sk->sk_rx_dst was protected by RCU without proper documentation and ordering of dst_release and pointer clearing. The issue arose in tcp_v4_do_rcv/tcp_v6_do_rcv and related demux logic, creating potential use-after-free scen...

CVE-2022-48943

CVE-2022-48943: In the Linux kernel KVM x86/mmu code, a bug in asynchronous page-fault (APF) handling could cause a guest to hang by confusing a valid token with a zero value, potentially delaying or losing READY events. The fix ensures the APF token is non-zero, preventing misinterpretation of t...

CVE-2022-49111

CVE-2022-49111 is a Linux kernel vulnerability in the Bluetooth stack where a use-after-free occurs in hci_send_acl, triggered by HCI_EV_DISCONN_PHY_LINK_COMPLETE and improper handling of AMP_LINK cleanup. The trace (KASAN) shows a use-after-free in hci_send_acl leading to memory corruption, and ...

CVE-2023-52662

CVE-2023-52662 is a Linux kernel issue. The vulnerability is a memleak in drm/vmwgfx: vmw_gmrid_man_get_node. If ida_alloc_max fails, resources allocated before may not be freed, including memory allocated by kmalloc and ttm_resource_init. The connected Azure Linux Nessus entries reference the sa...

CVE-2024-26659

The CVE-2024-26659 issue concerns the Linux kernel xHCI isochronous transfer handling. Affected component: xHCI driver handling isoc Transaction/ Babble errors in multi-TRB TDs. Root cause: the driver may release a TD after an early error, freeing or overwriting remaining TRBs, which obscures the...

CVE-2024-26700

CV E-2024-26700 is a Linux kernel issue: drm/amd/display had a fix to prevent MST null-pointer dereference on RV platforms. The crash trace shows a NULL pointer dereference in drm_dp_atomic_find_time_slots during DP MST time-slot calculation, leading to a kernel oops. Affected code path involves ...

CVE-2024-35963

CVE-2024-35963: In the Linux kernel, the Bluetooth subsystem (hci_sock) was fixed for not validating user input passed to setsockopt. The fix validates input length before copying data, mitigating a potential improper input handling vector in Bluetooth setsockopt. The vulnerability is described i...

CVE-2024-36891

CVE-2024-36891 : Linux kernel issue in maple_tree where mas_start() could yield a NULL maple node and later dereference in mas_data_end(), potentially causing a kernel oops if a user unmapps all VMA regions and re-maps a VMA to recreate the empty maple tree. The fix prevents writing offsets when ...

CVE-2024-36954

CVE-2024-36954 affects the Linux kernel and is resolved by a fix in the tipc subsystem. The vulnerability arises from a memory leak in tipc_buf_append when __skb_linearize() fails, because the skb is not freed on the error path. The documented patch moves the assignment *buf = NULL after the __sk...

CVE-2024-38570

CVE-2024-38570: Linux kernel gfs2 use-after-free during unmount fixed. When a DLM lockspace is released and locks remain, DLM would unlock and free glocks, bypassing bast callbacks which stay active until unlock. The patch moves glocks that should not be unlocked to the sd_dead_glocks list, relea...