CVE-2024-49928

The CVE CVE-2024-49928 affects the Linux kernel wifi: rtW89 driver, where reading TX power FW elements could read past the valid memory due to the loop expression causing an extra copy. The issue is mitigated by moving the entry copy into the loop body, preventing out-of-bounds access. The fix is...

CVE-2024-49935

CVE-2024-49935 involves the Linux kernel ACPI PAD path (exit_round_robin) where a crash can occur in cpumask_clear_cpu() due to clear_bit(nr) with nr = 0xffffffff and misaligned memory access. The fixed issue, as documented, is to validate tsk_in_cpu[tsk_index] != -1 before calling cpumask_clear_...

CVE-2024-50115

CVE-2024-50115 is a Linux kernel vulnerability affecting KVM nSVM where loading PDPTEs from memory incorrectly handles nCR3[4:0]. The issue can cause an out-of-bounds read if a target page is at the end of a memslot, due to not enforcing 32-byte alignment when PAE paging is used. The root cause i...

CVE-2024-50186

CVE-2024-50186 : Linux kernel vulnerability in net: explicitly clear the sk pointer when pf->create fails. Root cause: some pf->create implementations do not NULL the freed sk object in error paths, leaving a dangling pointer and enabling Use-After-Free. Fix: explicitly NULL the sk pointer ...

CVE-2024-50192

CVE-2024-50192: Linux kernel irqchip/gic-v4 vulnerability fixed by adding a vmapp_count check to prevent a VMOVP on a dying VPE. A small window could allow userspace to force a VPE affinity change while unmapped but the doorbell interrupt remains visible in /proc/irq/. The fix unifies vmapp_count...

CVE-2024-53133

CVE-2024-53133 concerns the Linux kernel DRM/AMD display driver. The vulnerability arises when a dml allocation fails, causing the current state’s dml contexts to become invalid. Subsequent calls to dc_state_copy_internal could shallow-copy these invalid pointers, and releasing the new state coul...

CVE-2024-53138

CVE-2024-53138 is tied to the Linux kernel’s net/mlx5e: kTLS path. The connected documents describe a root cause in page reference counting: the kTLS TX path mixes get_page() and page_ref_inc(), while the release path uses only put_page(). When pages from large folios are involved, get_page() ref...

CVE-2024-57900

CVE-2024-57900 is a Linux kernel vulnerability affecting the ila subsystem. A race in ila_add_mapping() can occur with concurrent ILA_CMD_ADD commands, observed as KASAN slab-use-after-free traces. The provided fix adds a mutex to ensure at most one thread calls nf_register_net_hooks(), preventin...

CVE-2024-58069

CVE-2024-58069 affects the Linux kernel RTC driver for PCF85063. The issue arises when an nvmem client uses a buffer smaller than 4 bytes while regmap_read assumes an unsigned int-sized destination, potentially causing an out-of-bounds write. The documented fix is to use an intermediary unsigned ...

CVE-2025-21715

CVE-2025-21715 is reported in the Astra Linux bulletin as a Linux kernel issue affecting the davicom net driver. The root cause is a use-after-free (UAF) of the netdev private data stored in the dm object inside dm9000_drv_remove. The code can dereference dm after free_netdev() has been called, l...

CVE-2025-21731

Root-cause: Linux kernel NBD subsystem UAF when reconnecting after a disconnect. Exploitation path involves grabbing nbd_config, disconnecting, reconfiguring, and a final workqueue-triggered use-after-free of nbd_config. A fix is implemented by clearing NBD_RT_BOUND in nbd_genl_disconnect(), caus...

CVE-2025-21922

CVE-2025-21922 concerns a Linux kernel PPP driver issue where a 2-byte header used by socket filter/BPF is not fully initialized, triggering a KMSAN “uninit-value” warning. The root cause, as described, is that only the first byte of the direction indicator is initialized while the second byte re...

CVE-2025-21926

CVE-2025-21926 : In the Linux kernel, the net: gso: fix ownership in __udp_gso_segment vulnerability is resolved. The bug occurs when __udp_gso_segment removes the skb destructor while keeping the socket reference intact, risking a skb_orphan-triggered kernel BUG with OpenVSwitch sequences (OVS_A...

CVE-2025-39735

CVE-2025-39735 affects the Linux kernel's JFS: a slab-out-of-bounds read in ea_get() can occur when processing extended attributes. The root cause is an overflow during clamping of ea_size against EALIST_SIZE(ea_buf->xattr) due to int upper-bound handling, causing a negative size to be used in...

CVE-2011-1494

CVE-2011-1494 affects the Linux kernel (2.6.38 and earlier) via an integer overflow in the _ctl_do_mpt_command function (drivers/scsi/mpt2sas/mpt2sas_ctl.c). This can allow local users to gain privileges or cause a denial of service (memory corruption) by issuing an ioctl with a crafted value tha...

CVE-2013-2547

CVE-2013-2547 concerns the Linux kernel: the crypto_report_one() path in crypto_user.c does not fully initialize certain kernel structures when copying data to userspace, risking leakage of kernel heap memory. The vulnerability requires CAP_NET_ADMIN in the base description, enabling a local atta...

CVE-2015-8785

CVE-2015-8785: The fuse_fill_write_pages function in fs/fuse/file.c of the Linux kernel (versions before 4.4) is exploitable locally to cause a denial of service via a writev call that triggers a zero-length first iov. This is a local, non-privileged issue with an attacker able to induce an infin...

CVE-2016-4486

CVE-2016-4486 affects the Linux kernel prior to 4.5.5, where the function rtnetlink.c: rtnl_fill_link_ifmap does not initialize a certain data structure. This allows a local attacker to read kernel stack memory via a crafted Netlink message, leading to information disclosure. Public references (i...

CVE-2017-7346

The CVE-2017-7346 issue is a Linux kernel vulnerability in vmwgfx where vmw_gb_surface_define_ioctl in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c fails to validate certain levels data, enabling a local attacker to cause a denial of service (system hang) via a crafted ioctl to /dev/dri/renderD* on ke...

CVE-2021-47001

CVE-2021-47001 (Linux kernel) is a local‑vector vulnerability in the rpcrdma/ xPRTRDMA path where after reconnect the reply handler opens the cwnd before rpcrdma_post_recvs() has posted enough Receive WRs, causing an RNR and immediate loss of the new connection. Root cause: race between cwnd upda...

CVE-2022-1204

CVE-2022-1204 is a use-after-free flaw in the Linux kernel’s Amateur Radio AX.25 protocol handling that can allow a local attacker to crash the system. Connected advisories confirm this is a kernel-level issue, with public reports across multiple distributions (Debian, Mageia, Mariner, etc.). Aff...

CVE-2024-26734

CVE-2024-26734 affects the Linux kernel devlink subsystem. The issue arises from use-after-free and memory leaks in devlink_init() due to the ordering of registration: the pernet operations structure must be registered before the generic netlink family, and a proper unregister path is needed if r...

CVE-2024-26835

CVE-2024-26835 affects the Linux kernel nf_tables (netfilter). When memory pressure causes hook registration to fail, a table can be marked active with no registered hooks, and on table/base chain deletion nf_tables may unregister hooks again, causing a core warn. The connected documents confirm ...

CVE-2024-35814

CVE-2024-35814 – Linux kernel swiotlb double-allocation fix Affects: Linux kernel SWIOTLB path used for DMA in virtio/vsock contexts (e.g., VM bouncing with restricted DMA pool). Root cause: A prior fix introduced a braino in alignment checks, causing swiotlb_alloc() to return non-page-aligned al...

CVE-2024-35838

CVE-2024-35838 is a Linux kernel vulnerability affecting the wifi/mac80211 stack. The issue arises when a station is allocated and links are added but not immediately marked valid (e.g., during AP MLD connection); if the station is removed before those links are marked valid, the links can leak. ...

CVE-2024-46723

CVE-2024-46723 is a Linux kernel vulnerability involving the DRM AMDGPU driver: a ucode out-of-bounds read warning that could occur when reading the ucode array. Connected advisories across vendors (Astla/Astra Linux, CIRCL, Debian LTS advisories, Amazon Linux ALAS entries, and Red Hat references...

CVE-2024-46759

CVE-2024-46759 : Linux kernel hwmon: adc128d818 underflow when writing limit attributes. The issue stemmed from DIV_ROUND_CLOSEST() after kstrtol() allowing large negative values (e.g., -9223372036854775808) to underflow. The patch reorders clamp_val() and DIV_ROUND_CLOSEST() to fix the underflow...

CVE-2024-49862

The CVE-2024-49862 entry describes a Linux kernel vulnerability in powercap/intel_rapl: an off-by-one in get_rpi() on rp->priv->rpi, where the array can be rpi_msr or rpi_tpmi with NR_RAPL_PRIMITIVES elements. The incorrect comparison (>) could access beyond bounds, enabling local access...

CVE-2024-50162

CVE-2024-50162 : In the Linux kernel, the bugJohn path is in BPF devmap redirects. After a redirect via BPF_MAP_TYPE_DEVMAP, the RX queue (rxq) pointer isn’t set in the post-redirect BPF program, causing a NULL pointer dereference when code accesses pkt->ingress_ifindex (as shown by the crash ...

CVE-2024-50202

CVE-2024-50202 (nilfs2) is a Linux kernel issue where nilfs_find_entry() ignored errors loading a directory folio/page, allowing corrupted images with large i_size to trigger repeated error messages and a task hang in vcs_open(). The root cause is error suppression when nilfs_get_folio() fails; t...

CVE-2024-53094

The CVE-2024-53094 entry concerns the Linux kernel, specifically the RDMA/siw path. The connected document UNPATCHED_CVE_2024_53094.NASL provides concrete technical details: when running ISER over SIW, an initiator observes a warning from skb_splice_from_iter() about a slab page being used in sen...

CVE-2024-53157

CVE-2024-53157 affects the Linux kernel with a flaw in firmware/arm_scpi DVFS handling: when the SCPI firmware returns an OPP count of zero, the kernel may dereference a NULL pointer during dvfs recalculation, causing a crash (kernel oops) as shown in the trace. The issue arises from dvfs_info.op...

CVE-2024-57980

Summary of CVE-2024-57980 (Linux kernel) : The vulnerability is in the media: uvcvideo path where, if uvc_status_init() fails to allocate the int_urb, the code frees dev->status but does not set it to NULL. This leads to a double-free in uvc_status_cleanup() when the memory is freed again. The...

CVE-2025-21719

CVE-2025-21719 concerns the Linux kernel IPv4 multicast (ipmr) subsystem. The issue arises from calling mr_mfc_uses_dev() for unresolved (unres) mcast routes, which can crash because c->mfc_un.res.minvif and maxvif alias to a struct sk_buff_head that contains pointers. The vulnerability is roo...

CVE-2015-3339

CVE-2015-3339 affects the Linux kernel (before 3.19.6) and stems from a race condition between chown and execve when changing the owner of a setuid binary to root. An unprivileged local user could exploit the window where ownership is updated but the setuid bit is not yet stripped to gain root pr...

CVE-2016-2143

CVE-2016-2143 affects the Linux kernel, specifically the fork implementation on s390 platforms. The issue occurs when four page-table levels are used, which can allow a local unprivileged user to crash the system (DoS) or potentially cause other unspecified impacts via crafted applications, relat...

CVE-2021-47671

The CVE-2021-47671 issue affects the Linux kernel can: etas_es58x driver. In es58x_rx_err_msg(), when can->do_set_mode() fails, the code previously returned and did not free the skb allocated by alloc_can_err_skb(), causing a memory leak. A patch was applied to remove the return in the error p...

CVE-2022-32981

CVE-2022-32981 : Linux kernel up to 5.18.3 on powerpc 32-bit platforms contains a buffer overflow in ptrace PEEKUSER/POKEUSER when accessing floating point registers. The issue is described as a local‑level vulnerability in the kernel’s ptrace access path. The provided documents do not specify af...

CVE-2022-49006

CVE-2022-49006 concerns Linux kernel tracing: when a dynamic event (e.g., a kprobe) is added and later removed, the event type number recycled after 65535 can cause the parsing logic for new events to misinterpret the binary blob. The vulnerability stems from reusing the former type number for a ...

CVE-2023-52920

The CVE-2023-52920 entry concerns the Linux kernel BPF precision-tracking update. Affected component: BPF verifier’s precision/backtracking path, specifically handling spill/fill of registers to the stack (notably non-r10 registers after copying r10). Root cause/impact: per-instruction history fl...

CVE-2024-26674

CVE-2024-26674 affects the Linux kernel x86/mm code, specifically a fixup path for get_user()/put_user(). In kernel builds >= 6.4 memory-error-injection can trigger a machine-check and panic due to a revert from _ASM_EXTABLE_UA() to a more generic fixup type. The issue arose when MCA handling ...

CVE-2024-26853

CVE-2024-26853: In the Linux kernel igc driver, a memory corruption risk in XDP_REDIRECT was fixed. If a frame cannot be transmitted (e.g., full queue) and xdp_return_frame_rx_napi is erroneously invoked inside igc_xdp_xmit, memory can be corrupted; the caller is responsible for freeing frames. T...

CVE-2024-26949

CVE-2024-26949 affects the Linux kernel AMDGPU power management path. The vulnerability is a NULL pointer dereference in drm/amdgpu/pm when obtaining the power limit, caused by powerplay_table initialization being skipped in SR-IOV scenarios. A fix ensures default lower/upper OD values are set if...

CVE-2024-36922

CVE-2024-36922 is grounded in the Linux kernel wifi stack: the iwlwifi driver could read txq->read_ptr without holding the lock, risking reading the same value twice and later reclaiming the same entry twice, triggering a WARN_ONCE. The vulnerability is resolved by reading txq->read_ptr und...

CVE-2024-36928

The CVE-2024-36928 issue affects the Linux kernel on s390/qeth: after the hsuid attribute is set for an IQD Layer3 device while the network interface is UP, the kernel may dereference a NULL napi function pointer, causing a kernel panic. Root cause described: modern qeth flow no longer calls dev_...

CVE-2024-38588

Summary of CVE-2024-38588 (Linux kernel) : A use-after-free in ftrace_location was reported by KASAN and fixed. The race occurs when ftrace_location accesses ftrace pages of a module that is being freed during module unloading (ftrace_release_mod). The root cause is a window where ftrace_location...

CVE-2024-39292

The CVE describes a race in the Linux kernel where registering a winch IRQ could occur before the winch is added to winch_handlers, risking a panic during winch_cleanup if the IRQ is scheduled for a freed winch. The confirmed fix, as detailed in connected advisories, is to add the winch to winch_...

CVE-2024-41095

CVE-2024-41095 concerns the Linux kernel's DRM Nouveau driver. The root cause is a NULL pointer dereference in nv17_tv_get_ld_modes() when drm_mode_duplicate() fails and its return value is assigned to mode without checking for NULL. The patch adds a guard to prevent the NULL pointer dereference ...

CVE-2024-44960

The CVE-2024-44960 entry concerns a Linux kernel issue in usb gadget core where a descriptor may be unset, causing a null pointer panic. The resolution involves ensuring the descriptor is set before inspecting maxpacket, addressing cases where an endpoint for the current speed is not properly con...

CVE-2024-49929

CVE-2024-49929 affects the Linux kernel wifi: iwlwifi (MVM) code. The vulnerability stems from iwl_mvm_sta_from_mac80211 potentially dereferencing a NULL ieee80211_sta when sta is NULL, leading to a NULL pointer dereference in iwl_mvm_tx_skb_sta() and iwl_mvm_tx_mpdu(). The fix is to validate the...