CVE-2024-50200

CVE-2024-50200 corresponds to a Linux kernel maple_tree fix. Affected area is the maple tree implementation used for range inserts. The vulnerability arises during a spanning store across two leaf nodes where the right leaf is the rightmost child of the shared parent and the store fully consumes ...

CVE-2025-21760

CVE-2025-21760: Linux kernel vulnerability in NDISC code. The issue arises because ndisc_send_skb() could be called without RTNL or RCU held, risking use-after-free. The fix adds acquiring rcu_read_lock() earlier to enable use of dev_net_rcu() and prevent UAF. Connected docs also reference relate...

CVE-2025-21772

CVE-2025-21772 involves the Linux kernel partition probing path (mac partition handling). The fix addresses processing of bogus partition tables by: (1) using put_dev_sector() for the bailout when a bad partoffset occurs, after a successful read_part_sector(); (2) rejecting partition tables that ...

CVE-2025-21993

CVE-2025-21993 is a Linux kernel issue in iscsi_ibft: UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() when performing iSCSI boot over IPv6. The bug arises because the IPv6 prefix length (64) makes a shift exponent negative while reading /sys/firmware/ibft/ethernetX/subnet-mask, which is...

CVE-2016-4482

CVE-2016-4482 : The Linux kernel before 4.7 has a flaw in the proc_connectinfo handling. The proc_connectinfo function in drivers/usb/core/devio.c does not initialize a data structure, enabling local users to read sensitive data from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl. T...

CVE-2016-6136

CVE-2016-6136 is a Linux kernel race condition in audit_log_single_execve_arg (auditsc.c) that can allow a local user to bypass character-set restrictions or disrupt system-call auditing via a double-fetch flaw. Connected advisories confirm multiple vendors map this CVE to Linux kernel fixes; rem...

CVE-2019-19050

CVE-2019-19050 describes a memory leak in the Linux kernel’s crypto_reportstat() path (crypto/crypto_user_stat.c) that can cause a denial of service via memory consumption when crypto_reportstat_alg() fails, affected up to kernel 5.3.11. Connected Nessus advisories (Unity Linux UTSA-2026-003794 a...

CVE-2020-14304

CVE-2020-14304 describes a memory-disclosure flaw in the Linux kernel ethernet drivers, in how data is read from a device EEPROM. A local user can read uninitialized kernel memory, impacting confidentiality. The description notes a local-exploit vector and does not provide a patch or mitigation i...

CVE-2020-27194

CVE-2020-27194 affects the Linux kernel prior to 5.8.15. The issue is in the eBPF verifier: scalar32_min_max_or() incorrectly copies a 64‑bit value into a 32‑bit variable, causing integer truncation and incorrect bounds tracking. This misalignment between verifier time checks and actual execution...

CVE-2022-47518

CVE-2022-47518 affects the Linux kernel before 6.0.11, specifically the WILC1000 wireless driver (drivers/net/wireless/microchip/wilc1000/cfg80211.c). The issue is missing validation of the number of channels, which can trigger a heap-based buffer overflow when copying the list of operating chann...

CVE-2022-48672

CVE-2022-48672 is a Linux kernel issue in the device-tree flattening path: in unflatten_dt_nodes(), an off-by-one error can overflow the nps[] buffer due to an unfixed depth check in the loop. The problem was fixed by commit 78c44d910d3e, in which the depth handling during unflattening was correc...

CVE-2022-48747

CVE-2022-48747 affects the Linux kernel in the block.bio_truncate() path. The vulnerability stems from a wrong page offset being used, causing bio_truncate() to clear data outside the last block of a block device and potentially return uninitialized data when both truncated/corrupted FS and users...

CVE-2022-48988

In CVE-2022-48988, the Linux kernel memcg subsystem vulnerability was resolved: memcg_write_event_control() could race with file renames/removals because a file-type check was dropped when __file_cft() was altered. The fix resurrects the file-type check by validating the superblock and dentry typ...

CVE-2023-52574

CVE-2023-52574 : In the Linux kernel, a NULL pointer dereference can occur in vlan_dev_hard_header when a VLAN device is enslaved to a team device and the team device type changes from non-ether to ether. The underlying issue is that header_ops can incorrectly switch to vlan_header_ops for the no...

CVE-2023-52791

CVE-2023-52791 affects the Linux kernel i2c core: Run atomic i2c xfer when !preemptible to ensure atomicity during restart sequences, preventing voluntary context switches within RCU read-side critical sections. The fix, tied to preemption handling (switching to !preemptible()), aligns with pre-v...

CVE-2024-26761

CVE-2024-26761 : Linux kernel fix in the cxl/pci HDM setup to prevent a system hang when the DVSEC CXL range is not found in a CFMWS window. If the Host Physical Address (HPA) is not a System Physical Address (SPA), the CXL range may not map to a CFMWS window, causing the HDM decoder to be disabl...

CVE-2024-26802

The CVE-2024-26802 entry concerns a Linux kernel issue in the stmmac driver where destroy_workqueue() drains the queue but does not clear the workqueue pointer, risking NULL pointer dereference/panic when resuming a suspended driver. Connected docs (Astra Linux bulletin and related IBM/CIRCL refe...

CVE-2024-27415

CVE-2024-27415 affects Linux kernel netfilter/bridge. Root cause: nf_confirm and conntrack race when multicast/broadcast frames clone, causing a shared nf_conn entry to be referenced twice before confirmation. Result: a multicast flow can lead to a clone skb’s nfct being unconfirmed and race agai...

CVE-2024-27434

CVE-2024-27434 : In the Linux kernel, the wifi driver iwlwifi/mvm incorrectly set the MFP flag for GTK, which could crash the firmware when an AP uses TKIP with MFPC. The patch ensures GTK is not marked with MFP, mitigating the issue. CVSS v3.1 base score 5.5 (LOCAL, LOW attack complexity, LOW pr...

CVE-2024-35872

CVE-2024-35872 — Linux kernel mm/secretmem vulnerability : The issue arises from the folio_is_secretmem() check that relied on secretmem folios having the LRU flag. Folios can be in a batch without LRU set, or lose the LRU flag temporarily, making the check unreliable and allowing GUP-fast to gra...

CVE-2024-36880

CVE-2024-36880 details (from provided documents): In the Linux kernel, a Bluetooth subsystem issue in the qca firmware parsing was resolved by adding missing sanity checks for firmware files before download, to prevent memory access violations beyond the allocated vmalloc buffer. This vulnerabili...

CVE-2024-38558

CVE-2024-38558 concerns the Linux kernel's net/openvswitch handling of ICMPv6 in the OVS_PACKET_CMD_EXECUTE path. The root cause is a misuse of a shared IPv6 field between Neighbor Discovery (ND) state and conntrack original tuple (ct_orig) during packet-key parsing. When parsing ICMPv6, the code...

CVE-2024-39488

The CVE-2024-39488 issue is a Linux kernel arm64 bug related to end padding of bug_entry structures. When CONFIG_DEBUG_BUGVERBOSE=n, final bug_table entries in modules may lack trailing padding, causing the last entry to be ignored and potentially leading to an unexpected kernel panic during modu...

CVE-2024-39502

CVE-2024-39502 : Linux kernel vulnerability in the Ionic driver where use-after-free can occur in netif_napi_del handling. If multiple TX/RX queues are configured (e.g., 4) but only 3 are used, ionic_qcq_enable may call napi_enable() for a queue that was unregistered by netif_napi_del(), since ne...

CVE-2024-41055

CVE-2024-41055 : Linux kernel vulnerability in the mm subsystem where a NULL pointer dereference could occur in pfn_section_valid() due to a race with section_deactivate() and an insufficient READ_ONCE() around ms->usage. The fix adds a value check on ms->usage before dereferencing and reli...

CVE-2024-46713

CVE-2024-46713 affects the Linux kernel perf/aux path. The root cause was that event->mmap_mutex alone was insufficient to serialize the AUX buffer, enabling race conditions. The fix adds a per-RB mutex to fully serialize AUX buffer access and corrects the previous lock order issue where perf_...

CVE-2024-46722

CVE-2024-46722 is a Linux kernel vulnerability affecting the DRM AMDGPU driver where a read of mc_data[i-1] could go out of bounds. The connected Astra/DEBIAN/CBLMARINER advisories reference the same issue in the kernel and confirm a fix was applied in the AMDGPU/mc_data path to address the out-o...

CVE-2024-47660

CVE-2024-47660 : Linux kernel fsnotify race causing lock contention. When removing watches on a directory with many dentries, __fsnotify_update_child_dentry_flags() races with __fsnotify_parent() on children, risking softlockup reports. The fix, per the bulletin, is to set PARENT_WATCHED only whe...

CVE-2024-47739

CVE-2024-47739 is a Linux kernel vulnerability in the padata serialization path. When more than 2^32 padata objects are submitted to padata_do_serial, the sorting of overflowed seq_nr values can place new objects before existing ones, causing a deadlock in the serialization process because padata...

CVE-2024-49856

CVE-2024-49856 — Linux kernel, x86 SGX: deadlock in SGX NUMA node search. When the current node lacks an EPC section and other EPCs are exhausted, the loop searching for a remote EPC page can deadlock, causing a soft lockup. The root cause is that nid_of_current is not set in sgx_numa_mask, so ni...

CVE-2024-49881

In CVE-2024-49881, the Linux kernel ext4 caller path handling was fixed: in ext4_find_extent(), if a path is reallocated after being freed when depth exceeds path[0].p_maxdepth, orig_path was not updated, leaving the caller with a valid path but a NULL ppath. This could cause a NULL pointer deref...

CVE-2024-49977

The CVE-2024-49977 entry concerns a Linux kernel vulnerability in the net: stmmac pathway where port_transmit_rate_kbps could be set to 0, passed to div_s64 when tc-cbs is disabled, causing a zero-division error. The connected Astra Linux and CIRCL sources reproduce the same description and fix d...

CVE-2024-50205

CVE-2024-50205 affects the Linux kernel ALSA: firewire-lib component, where apply_constraint_to_size() could encounter a division by zero due to a zero-initialized step variable. The issue arises if the loop does not modify step, causing division to operate on zero in snd_interval_test() data der...

CVE-2024-53091

CVE-2024-53091 —The issue in the Linux kernel concerns TLS handling in sockmap with vsock and AF_UNIX sockets. The fix adds an IS_ICSK check to tls_sw_has_ctx_tx/rx because these socket types do not use inet_connection_sock, so tls_get_ctx could otherwise return an invalid pointer and trigger a p...

CVE-2024-53203

CVE-2024-53203 is a Linux kernel issue: a potential array underflow in usb: typec ucsi_ccg_sync_control() could be triggered when the user controls the command via debugfs, if con_index is zero leading to an access of ucsi.connector[con_index-1]. The vulnerability is resolved in the Linux kernel;...

CVE-2024-53239

CVE-2024-53239 relates to the Linux kernel ALSA 6fire driver. The vulnerability arises when resources are released immediately after usb6fire_chip_abort(), while the card object may still be in use (the code calls snd_card_free_when_closed()). This can lead to a use-after-free scenario. The docum...

CVE-2024-56599

CVE-2024-56599 records a Linux kernel vulnerability in the wifi/ath10k SDIO path where rmmod ath10k could panic if CONFIG_INIT_ON_FREE_DEFAULT_ON is enabled. The root cause is a NULL-pointer path involving destroying the sdio workqueue before ath10k_core_destroy frees the wiphy/cfg80211 device, l...

CVE-2024-57908

CVE-2024-57908 affects the Linux kernel’s IIO KMX61 driver (iio: imu: kmx61). The vulnerability arises from using a local buffer to push data to userspace from a triggered buffer without initializing inactive channels, potentially leaking information. The documented fix is to initialize the buffe...

CVE-2025-21928

CVE-2025-21928 : In the Linux kernel HID intel-ish-hid driver, a use-after-free issue in ishtp_hid_remove() can occur, leading to a random crash minutes after the driver is removed. The root cause is improper memory handling where the code frees driver_data inside the loop that destroys HID devic...

CVE-2025-21991

The CVE-2025-21991 issue affects the Linux kernel’s AMD microcode loader for x86. It could trigger an out-of-bounds access when iterating NUMA nodes with empty or CPU-less nodes, potentially accessing cpu_data beyond its bounds during a microcode update. The root cause is that load_microcode_amd(...

CVE-2012-6701

CVE-2012-6701 : An integer overflow in fs/aio.c of the Linux kernel before 3.4.1 allows local users to trigger a denial of service (and possibly other impact) via a large AIO iovec. Public sources describe exploitation locally and indicate a fix was applied in 3.4.1 (Linux kernel changelog refere...

CVE-2017-11473

CVE-2017-11473 describes a buffer overflow in the Linux kernel, specifically in arch/x86/kernel/acpi/boot.c::mp_override_legacy_irq(), up to version 3.2. An attacker with local access can escalate privileges by presenting a crafted ACPI table. Exploitation is local and does not require user inter...

CVE-2017-16994

The CVE-2017-16994 vulnerability affects the Linux kernel’s walk_hugetlb_range function in mm/pagewalk.c, where holes in hugetlb ranges are mishandled. This allows a local attacker to obtain sensitive information from uninitialized kernel memory via a crafted mincore() call. Public sources attrib...

CVE-2019-15223

CVE-2019-15223 affects the Linux kernel up to version 5.1.7 where a NULL pointer dereference can be triggered by a malicious USB device in the sound/usb/line6/driver.c driver. This is a local physical attack vector through USB, potentially causing a kernel crash by dereferencing a NULL pointer. T...

CVE-2019-19071

CVE-2019-19071 is a DoS vulnerability in the RSI 91x WiFi driver of the Linux kernel, caused by a memory leak in rsi_send_beacon() that can be triggered when rsi_prepare_beacon() fails. The issue affects the Linux kernel up to version 5.3.11 and is reported in the RSI_91x wireless driver (drivers...

CVE-2021-30178

The CVE-2021-30178 issue is a Linux kernel vulnerability affecting arch/x86/kvm/hyperv.c: synic_get can dereference a NULL pointer under certain accesses to the SynIC Hyper-V context, potentially enabling information leakage via KVM_GET_DEBUGREGS on 32-bit systems. Concrete fix is referenced in c...

CVE-2022-2318

CVE-2022-2318 is a use-after-free vulnerability in the Linux kernel's Rose (net/rose/rose_timer.c) timer handler that can cause denial of service (crash) with local privileges. Connected advisories confirm the vulnerability affects Linux kernel releases and note fixed versions: Debian security ad...

CVE-2022-49572

CVE-2022-49572 affects the Linux kernel tcp path. The issue is a data race around reading the sysctl_tcp_slow_start_after_idle variable, where reads could race with concurrent writes. The published fix adds a READ_ONCE() to the readers to prevent concurrent modification during reads. The vulnerab...

CVE-2023-52672

CVE-2023-52672 affects the Linux kernel pipe handling code. A regression in pipe resizing caused writers to deadlock when a pipe was full during a resize because wakeups on pipe->wr_wait could occur before pipe->max_usage was updated. The fix changes the sequence: set max_usage (and nr_acco...

CVE-2023-52686

CVE-2023-52686 involves a Linux kernel vulnerability where a null pointer check is missing in powerpc/powernv opal_event_init() and kasprintf() can return NULL on allocation failure. Exploitation could lead to a denial of service via NULL pointer dereference; this has been addressed with a kernel...