13804 matches found
CVE-2024-38570
CVE-2024-38570: Linux kernel gfs2 use-after-free during unmount fixed. When a DLM lockspace is released and locks remain, DLM would unlock and free glocks, bypassing bast callbacks which stay active until unlock. The patch moves glocks that should not be unlocked to the sd_dead_glocks list, relea...
CVE-2024-38615
CVE-2024-38615 : A Linux kernel cpufreq vulnerability was resolved. The issue centers on the cpufreq exit() callback which is now optional; code must not call exit() without validating the pointer first, and freq_table must be cleared even if the exit() callback is absent. The connected Astra Lin...
CVE-2024-40912
CVE-2024-40912 – Linux kernel (wifi/mac80211) deadlock fix. The issue arises in ieee80211_sta_ps_deliver_wakeup() where sta->ps_lock is taken with a non-IRQL-safe spin_lock(), allowing softirq to run on the same CPU and contend with ieee80211_tx_h_unicast_ps_buf(), creating a deadlock (RCU sta...
CVE-2024-41097
CVE-2024-41097 concerns the Linux kernel USB ATM cxacru driver. The issue stemmed from incomplete endpoint checking during cxacru_bind(), which could cause wrong endpoint types to be used when submitting URBs. The patch adds verification that required endpoint types are present for both IN and OU...
CVE-2024-46740
CVE-2024-46740 affects the Linux kernel binder subsystem. The issue arises when copying raw data between binder objects during transactions: there is no bounds check for data outside the target data section, so excess raw data can overwrite the offsets section. This can corrupt object indices dur...
CVE-2024-49959
CVE-2024-49959 (Linux kernel) : The issue occurs in journaling code (jbd2). During journal space waits, __jbd2_log_wait_for_space() may call jbd2_cleanup_journal_tail() to reclaim space; if an error happens inside that cleanup (e.g., EIO) the function could keep waiting instead of stopping, poten...
CVE-2024-49968
CVE-2024-49968 (from Miracle Linux AXSA advisory) concerns Linux kernel ext4. The vulnerability occurs when mounting an ext4 filesystem that does not have the casefold feature while the default hash version is DX_HASH_SIPHASH; in this scenario the mount operation exits, effectively preventing mou...
CVE-2024-49987
The CVE-2024-49987 issue affects the Linux kernel bpftool component. When netfilter has no entry to display, qsort is called with a NULL pointer and size 0, triggering undefined behavior as UBSan reports. The root cause is a NULL pointer passed to qsort; the advisory notes that the C standard gui...
CVE-2024-53128
The CVE-2024-53128 issue is in the Linux kernel’s sched/task_stack path: when CONFIG_KASAN_SW_TAGS and CONFIG_KASAN_STACK are enabled, object_is_on_stack() may yield incorrect results because tagged pointers in the object could differ from the untagged stack pointer. The result can trigger warnin...
CVE-2024-53217
The connected Astra Linux advisory and the CVE entry both describe a Linux kernel vulnerability: NFSD: Prevent NULL dereference in nfsd4_process_cb_update() where __nfsd4_find_backchannel() may leave @ses NULL and setup_callback_client() dereferences it, causing a segfault. The issue is resolved ...
CVE-2024-56751
Summary (CVE-2024-56751): A Linux kernel IPv6 issue involving releasing a nexthop on device removal. The vulnerability is tied to a hang in the pmtu self-test when removing a network device, caused by a stale or lingering nexthop/dst reference that prevents proper cleanup. The root cause is descr...
CVE-2024-56770
CVE-2024-56770 documents a Linux kernel netem backlog accounting bug when used with a child qdisc (e.g., netem as root with tbf child). The issue arises because netem’s qlen/backlog statistics were updated by child qdiscs via qdisc_tree_reduce_backlog, but netem did not decrement qlen accordingly...
CVE-2025-21919
CVE-2025-21919 (Linux kernel sched/fair): A memory-corruption issue was fixed in child_cfs_rq_on_list. The prev pointer used in converting to a cfs_rq could originate from rq->leaf_cfs_rq_list, making container_of incorrect and risking memory fault or garbage reads. The patch adds a guard: aft...
CVE-2025-21969
CVE-2025-21969 is a Linux kernel vulnerability in the Bluetooth stack (L2CAP). The issue is a slab-use-after-free in l2cap_send_cmd when the hci sync path releases l2cap_conn but a worker still references it. The root cause is a race between the hci receive data work queue and the l2cap_conn life...
CVE-2013-1059
CVE-2013-1059 affects the Linux kernel (net/ceph/auth_none.c) through version 3.10. A remote attacker can trigger a denial of service via an auth_reply message that leads to a NULL pointer dereference and system crash; the content implies possible other impact. In the connected Nessus entries for...
CVE-2014-0038
The CVE-2014-0038 issue affects the Linux kernel before 3.13.2 when CONFIG_X86_X32 is enabled: the compat_sys_recvmmsg function in net/compat.c can be exploited via recvmmsg with a crafted timeout pointer to gain local privileges. Public references document a local privilege escalation (exploitab...
CVE-2016-7911
CVE-2016-7911: Race condition in get_task_ioprio in block/ioprio.c of the Linux kernel allows local privilege escalation or use-after-free leading to DoS. A crafted ioprio_get system call can trigger the issue. This vulnerability was addressed by kernel patching in the 4.6.6 release; updating to ...
CVE-2017-14156
Summary: CVE-2017-14156 affects the Linux kernel up to 4.12.10. The atyfb_ioctl function in drivers/video/fbdev/aty/atyfb_base.c does not initialize a certain data structure, allowing local attackers to read padding bytes from kernel stack memory and disclose sensitive information. Impact: inform...
CVE-2017-15299
CVE-2017-15299 affects the Linux kernel KEYS subsystem: adding a key that already exists but is uninstantiated can cause a NULL pointer dereference, leading to a system crash (local DoS) or other impact. The issue is documented for kernels up to at least 4.13.7; remediation is to apply the kernel...
CVE-2017-6346
CVE-2017-6346 affects the Linux kernel net/packet/af_packet.c, describing a race condition in the PACKET_FANOUT fanout path that can cause a use-after-free in multithreaded user apps. The connected sources confirm this is a local vulnerability with potential denial of service and possible unspeci...
CVE-2018-10901
CVE-2018-10901 affects the Linux kernel’s KVM virtualization subsystem. The VMX path fails to restore the guest GDT.LIMIT to the host value, setting it to 64KB instead. This can allow a host userspace process to corrupt GDT entries (notably per-cpu variables), enabling local privilege escalation....
CVE-2021-38203
CVE-2021-38203 affects the btrfs component in the Linux kernel, with the issue present in versions before 5.13.4. The root cause is a race condition during allocations of new system chunks when space is scarce in space_info, which can lead to a denial-of-service (deadlock) for local attackers. Pu...
CVE-2021-47076
CVE-2021-47076 is a Linux kernel vulnerability affecting the RDMA/rxe path. The flaw was due to RXE not updating WQE status on LOCAL_WRITE failures, which could trigger a kernel panic when an atomic operation is sent with an invalid lkey. The issue has concrete remediation in the Linux kernel ups...
CVE-2021-47185
CVE-2021-47185 is addressed by a Linux kernel fix for a soft lockup in tty_buffer/flush_to_ldisc. In ARM64 when running the ltp pty04 test, a write race between a sender and the flush_to_ldisc workqueue on different cores could cause a long loop and a softlockup in flush_to_ldisc. The patch adds ...
CVE-2021-47373
CVE-2021-47373 is tied to the Linux kernel bug in irqchip/gic-v3-its where an off-by-one error occurs in vpe freeing when its_vpe_init() fails. The root cause is an incorrect count of VPEs to free in its_vpe_irq_domain_alloc; the fix passes the number allocated (the loop index) to the free operat...
CVE-2021-47495
CVE-2021-47495 involves the Linux kernel usbnet vulnerability where a zero maxpacket caused an invalid division and a kernel oops. The description notes a sanity check for maxpacket and that a 0 value is nonsensical, leading to a failure to divide by it. The accompanying notes indicate a fix was ...
CVE-2022-49451
Summary: CVE-2022-49451 affects the Linux kernel firmware: arm_scmi base protocol enumeration of SCMI protocols. The vulnerability arises when validating the number of returned protocols via BASE_DISCOVER_LIST_PROTOCOLS, where a sum of unsigned integers could overflow, allowing the check to be si...
CVE-2023-52580
CVE-2023-52580 affects the Linux kernel net/core ETH_P_1588 flow dissector. When a PTP Ethernet raw frame larger than 256 bytes is followed by 0xff, the nhoff calculation uses hdr->message_length (0xffff) and may override nhoff, causing incorrect header length and a kernel crash. The disclosed...
CVE-2023-52698
CVE-2023-52698: The Linux kernel fix addresses a memory leak in netlbl_calipso_add_pass() when IPv6 is disabled at boot (ipv6.disable=1). In this scenario, netlbl_calipso_ops_register() may not be called and netlbl_calipso_ops_get() returns NULL, causing allocated doi_def memory in netlbl_calipso...
CVE-2023-52831
CVE-2023-52831 (Linux kernel) : The issue resides in cpu/hotplug logic when CPUs are isolated with isolcpus=. Offline-ing the last non-isolated (housekeeping) CPU can cause a WARN_ON in build_sched_domains and a subsequent panic due to an empty CPU mask in partition_sched_domains_locked(), leadin...
CVE-2024-26629
CVE-2024-26629: Linux kernel nfsd: fix RELEASE_LOCKOWNER. Connected advisories document a patch correcting a test on so_count in nfsd4_release_lockowner(), which could transiently report locks held and cause NFS4 errors. The fix reverts to check_for_locks() (made to not sleep) and prevents false ...
CVE-2024-35843
CVE-2024-35843 concerns the Linux kernel IOMMU VT-d I/O page fault path. The vulnerability stemmed from how the faulting device was located: the code previously used pci_get_domain_bus_and_slot() to find the PCI device, which could permit a use-after-free scenario if the device was released by th...
CVE-2024-36919
CVE-2024-36919 — Linux kernel (bnx2fc): The Unity/Miracle/NASL advisories confirm a patch that removes spin_lock_bh when releasing resources after upload in the bnx2fc session offload flow. Root cause: session resources are used by FW/driver during offload; after upload they are no longer needed,...
CVE-2024-40927
CVE-2024-40927 : Linux kernel xhci TD clearing for multiple streams is fixed. When an endpoint has >1 in-flight TDs across streams and is stopped, the driver now defers processing of additional TDs and issues a Set TR Dequeue Pointer for each, by deferring subsequent TDs until the first is pro...
CVE-2024-40929
CVE-2024-40929 : Linux kernel vulnerability in wifi/iwlwifi/mvm where the ssids pointer could be accessed when n_ssids is 0, causing an out-of-bounds read. The fix adds a check for n_ssids before dereferencing the ssids pointer. Documented impact per CVE: LOCAL access with LOW privileges required...
CVE-2024-40966
CVE-2024-40966 affects the Linux kernel tty subsystem. The fix adds an option to have a tty reject a new line discipline (ldisc) and limits virtual terminals to N_TTY, preventing con_write() from sleeping while holding a spinlock (which previously could trigger a BUG: sleeping function called fro...
CVE-2024-41005
CVE-2024-41005 involves a race in the Linux kernel netpoll code. The issue stems from netpoll_owner_active reading napi->poll_owner non-atomically to determine lock ownership, allowing a data race between net_rx_action and netpoll_send_skb. The fix replaces the non-atomic check with an atomic ...
CVE-2024-41023
CVE-2024-41023 — Linux kernel vulnerability in sched/deadline: a task_struct reference leak occurs when a timer is canceled before expiration after start_dl_timer() increments the refcount. The leak happens because the timer callback is supposed to decrement the reference count, but an early-canc...
CVE-2024-41041
Technical details about CVE-2024-41041 are not publicly provided in the connected documents. No specific affected products/versions or remediation are listed here. Monitor official advisories and vendor/public sources for updates.
CVE-2024-41049
CVE-2024-41049: Linux kernel filelock: fix potential use-after-free in posix_lock_inode. The root cause was a race where a tracepoint pointer could be freed before the tracepoint fired, as the request pointer in trace_posix_lock_inode() was moved to a lock entry in an inode’s list and then freed ...
CVE-2024-46771
CVE-2024-46771 (Linux kernel, can: bcm): A proc entry is created per BCM socket on connect and is leaked when the bound netdev is unregistered, due to bcm_notify/bcm_proc_read handling. Reproducer uses connect to vxcan1, unregisters dev, and a second connect attempts to allocate a proc entry with...
CVE-2024-46800
CVE-2024-46800 affects the Linux kernel's netem (sch/netem) code. The issue is a use-after-free in netem_dequeue when enqueuing a packet to an inner qdisc that later returns __NET_XMIT_STOLEN; the packet is dropped but qdisc_tree_reduce_backlog() may not update the parent q.len, causing a use-aft...
CVE-2024-47141
CVE-2024-47141 affects the Linux kernel pinctrl/pinmux path. When two processes (A and B) concurrently call pinctrl_select_state() for the same pin, the code may dereference desc->mux_owner as NULL due to a race between updates to desc->mux_usecount and desc->mux_owner. The advisory stat...
CVE-2024-47668
CVE-2024-47668 affects the Linux kernel, specifically the radix tree code path in lib/generic-radix-tree.c. The flaw arises from a rare race in __genradix_ptr_alloc() when the tree depth is increased: a preallocated node may be created before another thread increases depth, and that node could la...
CVE-2024-47706
Markdown: CVE-2024-47706 is tied to a Linux kernel issue in the bfq/I/O scheduler where an UAF could occur when bfqq structures are merged across BICs (bfqq1 → bfqq2 → bfqq3). The connected Astra Linux bulletin reproduces the scenario: on insert, a bfqq handle is obtained from the merge chain, bu...
CVE-2024-49889
CVE-2024-49889: Linux kernel ext4 uses-after-free in ext4_ext_show_leaf() and related ext4 extents handling. The issue arises when EXT_DEBUG is defined and a saved path pointer may be freed during extent handling, leading to use-after-free in ext4_ext_show_leaf() or during ext4_ext_handle unwritt...
CVE-2024-49934
CVE-2024-49934: Linux kernel fault in fs/inode dump_mapping() when dumping mappings can access an invalid dentry.d_name.name during memory hot-remove, causing a crash. The advisory explains the root cause and notes a safer approach to retrieve the filename without relying on %pd, acknowledging th...
CVE-2024-49937
CVE-2024-49937 relates to the Linux kernel wifi stack (cfg80211) where starting CAC in non-AP modes could leave chandef.chan as NULL, triggering a CPU warning. Root cause: incorrect Chandef handling when CAC starts in certain modes. Impact: local attacker could potentially observe instability fro...
CVE-2024-49938
Linux kernel CVE-2024-49938 affects the ath9k_htc wifi driver. The issue arises from skb_trim() being used on an uninitialised skb length in error paths, leading to an invalid urb reset before resubmission. The patch switches to __skb_set_length(skb, 0) (which already calls skb_reset_tail_pointer...
CVE-2024-50038
CVE-2024-50038 : Linux kernel fix for netfilter xtables UNSPEC handling. The patch ensures matches/targets no longer assume skb_network_header() validity when UNSPEC is used, and restricts registration to NFPROTO_IPV4/NIPv6 (and ARP for MARK target). This prevents ebtables traversal from misproce...