CVE-2024-50301

CVE-2024-50301 is a Linux kernel vulnerability: slab-out-of-bounds in key_task_permission within security/keys, leading to a read as observed by KASAN and reported under stress-ng conditions. The issue stems from key management logic in the kernel keys subsystem; multiple advisories (ALAS2, ALAS2...

CVE-2023-52696

CVE-2023-52696: In the Linux kernel, powerpc/powernv: add a null pointer check in opal_powercap_init(); kasprintf() can return NULL on allocation failure. Connected advisories note this vulnerability is resolved, with Nessus entries describing Azure Linux 3.0 kernel security update and Unity Linu...

CVE-2023-52833

CVE-2023-52833 affects the Linux kernel Bluetooth stack (btusb). The fix, described as adding a NULL check for date->evt_skb in btusb_mtk_hci_wmt_sync, addresses a crash caused by NULL pointer dereferences in Bluetooth shutdown/write paths. The provided crash trace shows a kernel NULL pointer ...

CVE-2023-52869

Technical details (affected product/version, root cause, and fix) are not provided in the Connected documents. Please consult the original advisories or vendor notices for CVE-2023-52869 to obtain concrete technical information and remediation guidance.

CVE-2024-0564

CVE-2024-0564 concerns the Linux kernel memory deduplication mechanism (KSM) where the max page sharing setting can enable a side channel leakage of a victim’s page when an attacker and victim share a host. The connected OSV entries confirm patches in Rootio-Linux packages for Debian/Ubuntu (Root...

CVE-2024-27022

CVE-2024-27022: Linux kernel race in fork where child VMAs may be linked before full initialization. Root cause involves vma locking around hugetlb/vma handling; fix defers linking of vma until initialized. Debian security advisory DSA-5680-1 notes the fix in kernel 6.1.90-1 for bookworm. No expl...

CVE-2024-35823

CVE-2024-35823: Linux kernel vt buffer corruption when deleting characters has been fixed. Root cause: overlapping buffers in VT text handling; solution: replace memcpy() with memmove() (same approach as VGA text buffer fix). Affected component: vt in the Linux kernel. Remediation: upgrade to a k...

CVE-2024-35824

No public technical details are provided in the connected documents for CVE-2024-35824; monitor for updates.

CVE-2024-35991

CVE-2024-35991: In the Linux kernel, idxd dmaengine code changed from a spinlock-protected event log workqueue to a mutex-protected approach to safely call drain_workqueue(). The root cause was calling drain_workqueue() while holding a spinlock, risking a Call Trace due to possible task reschedul...

CVE-2024-36944

CVE-2024-36944 affects the Linux kernel. The issue arises from reverting the commit that simplified drm/qxl_fence_wait, which created a possible circular locking dependency between console_owner and the worker pool locking. Reverting the commit allows VMs to boot to completion but may reintroduce...

CVE-2024-36955

In CVE-2024-36955, the Linux kernel ALSA: hda: intel-sdw-acpi code had a path using device_get_named_child_node() that could leak a reference if fwnode_handle_put() was not called on the returned fwnode handle. The described fix adds a call to fwnode_handle_put() to prevent a leaked reference, ad...

CVE-2024-36974

The CVE-2024-36974 issue affects the Linux kernel net/sched taprio: if a TCA_TAPRIO_ATTR_PRIOMAP attribute is provided, taprio_parse_mqprio_opt() must validate it; otherwise, a second taprio_change() with crafted mqprio attributes can cause kernel problems after a first, valid call sets dev->n...

CVE-2024-40924

CVE-2024-40924 affects the Linux kernel, specifically the drm/i915/dpt path. The issue occurs when a DPT object is shrunk while the actual framebuffer remains, leading to rewriting PTEs with a stale CPU mapping and causing a kernel panic. The fix implements an approach to make the DPT object unsh...

CVE-2024-41092

CVE-2024-41092: Linux kernel drm/i915/gt had a potential use-after-free in fence revocation. Root cause: race between revocation of fence registers and completion callbacks, with vma->fence->active idleness not guaranteed before vma eviction. The fix is to wait for idleness of vma->fence...

CVE-2024-42291

CVE-2024-42291 (Linux kernel, ice driver) : The vulnerability arises from a per-VF limit on FDIR filters. A malicious or misbehaving VF could request more than the soft limit, exhausting resources and impacting other VFs. The fix adds an equivalent per-VF cap in the ice driver to mirror the iAVF ...

CVE-2024-46673

CVE-2024-46673: In the Linux kernel, the aacraid SCSI driver could double-free aac_dev::queues during probe if aac_init_adapter() failed after initial allocation. The hardware-specific init path calls into aac_init_adapter(), which on error frees queues but does not clear the pointer, and the err...

CVE-2024-47742

CVE-2024-47742 : Linux kernel firmware_loader path traversal vulnerability. Several code paths construct firmware filenames from device or userspace data (e.g., lpfc_sli4_request_firmware_update, nfp_net_fw_find, module_flash_fw_schedule). The issue arises when dynamic firmware names can include ...

CVE-2024-50099

CVE-2024-50099 concerns the Linux kernel arm64 uprobes for LDR (literal) and LDRSW (literal). The two functions, simulate_ldr_literal() and simulate_ldrsw_literal(), were originally written for kprobes and use plain C memory accesses. When uprobes were added, these were reused unmodified, but the...

CVE-2024-50148

CVE-2024-50148 affects the Linux kernel Bluetooth bnep, where proto_unregister could wild-memory-access due to bnep_init() ignoring bnep_sock_init()’s return value. The fix is to propagate bnep_sock_init()’s return value in bnep_exit(), preventing cleanup of resources on module removal from leavi...

CVE-2024-50163

The CVE-2024-50163 entry documents a Linux kernel fix for bpf redirect flag overlap: the internal UAPI bpf_redirect flags were sharing the same ri->flags values for SKB and XDP paths, causing a crash under certain redirect use. The patch makes bpf_redirect_info stack-allocated per path, avoids...

CVE-2024-53052

Mode C: CVE-2024-53052 affects the Linux kernel io_uring rw path. The issue was a missing IOCB_NOWAIT handling for O_DIRECT start_write, causing a deadlock with the filesystem freezer when a write blocks on kiocb_start_write() while the mount is being frozen. The fix makes the io_uring side honor...

CVE-2024-53126

In CVE-2024-53126, the Linux kernel fixes a UB bug in vdpa/solidrun code where a string placed on the stack in psnet_open_pf_bar() and snet_open_vf_bar() could be used after the stack frame disappeared. The string is not copied by pcim_iomap_regions() or its callees, leading to undefined behavior...

CVE-2024-56595

CVE-2024-56595 concerns the Linux kernel JFS (Journaling File System) code path in dbAdjTree. The issue is an array-index-out-of-bounds that can occur when lp is 0 at the start of a for loop, which may become negative on the next assignment if not bailed out. The available connected documents con...

CVE-2024-56672

CVE-2024-56672 affects the Linux kernel blk-cgroup component. The issue is a use-after-free (UAF) in blkcg_unpin_online() where blkcg_parent(blkcg) is read after blkcg_destroy_blkgs(blkcg) could free the blkcg. The fix reads the parent pointer before destroying the blkcg’s blkg’s, preventing UAF....

CVE-2025-21791

CVE-2025-21791 affects the Linux kernel VRF path: l3mdev_l3_out() could be invoked without RCU protection, enabling a potential use-after-free. The root cause is missing rcu_read_lock()/rcu_read_unlock() around the call chain (raw_sendmsg -> ip_push_pending_frames -> ip_send_skb -> ip_lo...

CVE-2025-21934

CVE-2025-21934 : In the Linux kernel, the rapidio Rio driver had an API misusage where rio_add_net() could pathologically free resources when device_register() failed. The patch fixes this by using put_device() instead of kfree() and by nulling mport->net to avoid a use-after-free. Impact is l...

CVE-2014-3645

CVE-2014-3645 affects the Linux kernel KVM implementation in arch/x86/kvm/vmx.c, with versions before 3.12. The root cause is that the code path handling the INVEPT instruction lacks an exit handler, which can allow a guest OS user to trigger a denial of service by crashing the guest via a crafte...

CVE-2014-7841

CVE-2014-7841 affects the Linux kernel SCTP implementation (net/sctp/sm_make_chunk.c) with ASCONF enabled. A malformed INIT chunk can trigger a NULL pointer dereference, causing a system crash (DoS). Affected: kernel versions before 3.17.4; fix: upgrade to 3.17.4 or later (kernel changelog confir...

CVE-2014-9529

CVE-2014-9529: A race condition in Linux kernel key garbage collection (key_gc_unused_keys in security/keys/gc.c) up to 3.18.2 can enable local users to cause DoS or memory corruption during key garbage collection via keyctl. Connected advisory confirms kernel upstream fix and lists commit a3a878...

CVE-2015-0569

CVE-2015-0569 is a heap-based buffer overflow in the WLAN private wireless extensions IOCTL path (wlan_hdd_wext.c) of the Linux kernel 3.x–4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices. The vulnerability allows a local attacker to escalate privileges via ...

CVE-2017-7294

The CVE-2017-7294 issue affects the Linux kernel up to 4.10.6, specifically vmwgfx vmw_surface_define_ioctl() in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c. A crafted ioctl to /dev/dri/renderD* can trigger an integer overflow and out-of-bounds write, causing denial of service (system hang/crash) and...

CVE-2021-47018

CVE-2021-47018 – Mode C (details available) Affected software: Linux kernel on PPC64 (powerpc/64). Issue: PPC64 fixmap area was defined at the top of the address space or just below KASAN, which is not valid for PPC64. The fix implements using the top of the I/O space for the fixmap area, with a ...

CVE-2022-1973

CVE-2022-1973 describes a use-after-free in the Linux kernel NTFS3 filesystem, specifically in the log_replay path (fs/ntfs3/fslog.c). It allows a local attacker to crash the system and may lead to kernel information leakage. The connected Astra Linux note corroborates the same description of the...

CVE-2022-49365

The CVE-2022-49365 issue is an off-by-one error in the Linux kernel AMDGPU DMUB outbox1 low IRQ handling (dm_dmub_outbox1_low_irq), where a comparison against ARRAY_SIZE() allowed an out-of-bounds access. Public advisories confirm fixes have been applied in multiple distributions’ kernel branches...

CVE-2022-49429

CVE-2022-49429 affects the Linux kernel’s RDMA/hfi1 subsystem. When the hfi1 module is loaded with SDMA disabled (HFI1_CAP_SDMA off), a call to hfi1_write_iter() can dereference a NULL pointer, causing a kernel panic through the I/O path (sdma_select_user_engine → hfi1_user_sdma_process_request →...

CVE-2022-49639

CVE-2022-49639 refers to a Linux kernel issue in the cipso subsystem where sysctl read operations could race with concurrent writes. The root cause is missing synchronization while reading cipso sysctl variables, and the fix is to add READ_ONCE() to prevent data races. Public documents in the con...

CVE-2023-52634

Summary (CVE-2023-52634) : In the Linux kernel, the DRM/AMD display driver had a logic issue in the disable_otg_wa path that could cause a system hang during HDMI mode switches due to simultaneous FIFO/HPO state changes. The root cause was that enabling/disabling FIFO could affect multiple regist...

CVE-2023-52690

CVE-2023-52690 is a Linux kernel vulnerability affecting powerpc/powernv where kasprintf() can return NULL on allocation failure and a null pointer check was missing in scom_debug_init_one(). The fix adds a null pointer check and ensures proper release of ent to avoid memory leaks. Connected advi...

CVE-2024-23850

CVE-2024-23850 affects the Linux kernel (through 6.7.1) in btrfs_get_root_ref (fs/btrfs/disk-io.c): subvolumes can be read too soon after their root item is inserted during subvolume creation, leading to an assertion failure and crash. Connected advisories confirm this issue across multiple Linux...

CVE-2024-26689

CVE-2024-26689 affects the Linux kernel via the Ceph subsystem: in fs/ceph/caps.c, encode_cap_msg() previously could perform a use-after-free due to a race between refcount increment and free in arg->xattr_buf handling. The race around ceph_buffer_get/ceph_buffer_put(ci->i_xattrs.blob) allo...

CVE-2024-26719

CVE-2024-26719 involves the Linux kernel nouveau subsystem. The vulnerability description confirms a deadlock between fctx lock and the irq lock. The fix described offloads the processing from the IRQ handler into a workqueue, breaking the deadlock by moving fence uevents work to a separate threa...

CVE-2024-26883

CVE-2024-26883 : In the Linux kernel, a vulnerability was fixed that affects 32-bit architectures in the stackmap handling used by BPF. The overflow risk arises when roundup_pow_of_two() is used to compute the number of hash buckets, as a 32‑bit left shift can overflow and cause undefined behavio...

CVE-2024-27052

CVE-2024-27052 affects the Linux kernel driver for rtl8xxxu (wifi) and is fixed by adding cancel_work_sync() in rtl8xxxu_stop() to prevent a potential use-after-free when the driver’s workqueue is still running after stop. The initial entry describes the issue and patch in general terms; connecte...

CVE-2024-35898

CVE-2024-35898 affects the Linux kernel’s netfilter nft_tables flowtable type lookup. The issue is a data race where nft_unregister_flowtable_type() in nf_flow_inet_module_exit() can run concurrently with __nft_flowtable_type_get() in nf_tables_newflowtable(), and there was no protection while it...

CVE-2024-36882

CVE-2024-36882 is a Linux kernel vulnerability in the memory management subsystem: mm/page_cache_ra_order() could reclaim file-backed pages in a way that may deadlock, resolved by using memalloc_nofs_save() in the readahead path (commit f2c817bed58d). The issue was observed during readahead and p...

CVE-2024-41089

CVE-2024-41089 relates to the Linux kernel DRM/Nouveau code path: in nv17_tv_get_hd_modes(), the return of drm_mode_duplicate() (and drm_cvt_mode()) could be NULL on failure, leading to a NULL pointer dereference. The fix adds a NULL check to avoid dereferencing a NULL mode object. Impact is a lo...

CVE-2024-43882

CVE-2024-43882 is a Linux kernel race Condition (ToCToU) in exec path: permission checks for a file are done at do_filp_open(), but the metadata (mode/UID/GID) used later in execve() can be changed before execution, enabling potential root privilege escalation. The issue is exploitable in scenari...

CVE-2024-46725

CVE-2024-46725 refers to a Linux kernel vulnerability where the drm/amdgpu path could trigger an out-of-bounds write warning. The connected Astra Linux bulletin confirms the issue as a kernel-level flaw and notes the fix was to validate the ring type value to prevent the OOB write. The vulnerabil...

CVE-2024-47713

CVE-2024-47713 is a Linux kernel vulnerability in wifi/mac80211: two-phase skb reclamation is needed in ieee80211_do_stop to ensure work is done with interrupts enabled. The patch moves the actual skb work outside the IRQ-disabled region to avoid warning and potential issues when backtracing thro...

CVE-2024-49875

CVE-2024-49875: Linux kernel fix where EBADMSG during nfsd buffered readdir and ext4 checksum path could trigger a non-standard nfserrno warning; fix maps EBADMSG to nfserr_io to avoid the warning. Affects nfsd and ext4_readdir on Linux 5.x; remediation patch added in stable releases (kernel comm...