CVE-2024-49949

CVE-2024-49949 is a Linux kernel vulnerability in net: qdisc_pkt_len_init() under UFO where crafted GSO can underflow hdr_len and skb->len, risking a kernel crash in fq_codel. Fixes were applied via patches after commits that added sanity checks in virtio_net_hdr_to_skb and counting transport ...

CVE-2024-50009

The CVE-2024-50009 issue affects the Linux kernel’s cpufreq/amd-pstate path where cpufreq_cpu_get may return NULL, risking a NULL-dereference. The fix adds a proper return value check and aborts on error. Affects local/privilege-limited scenarios (per CVSS: LOCAL, LOW/LOW for user and privileges,...

CVE-2024-50022

The CVE-2024-50022 issue affects the Linux kernel device-dax path. The root cause is pgoff alignment in dax_set_mapping() using ALIGN() instead of ALIGN_DOWN(), which can misalign vmf->address to fault_size and cause memory address errors. This was observed during page fault handling in dev_da...

CVE-2024-50093

Summary: CVE-2024-50093 relates to the Linux kernel where the processor_thermal/intel int340x driver emitted a warning during module unload due to an unnecessary second pci_disable_device() call after enabling a PCI device with pcim_device_enable(). The connected Astra Linux and Debian Debian-LTS...

CVE-2024-50169

CVE-2024-50169 is a Linux kernel vulnerability in virtio_vsock/rx accounting. The connected Nessus entry confirms a concrete fix: after vtock read_skb(), the kernel now updates rx_bytes via virtio_transport_inc_rx_pkt() and virtio_transport_dec_rx_pkt() to keep rx_bytes in sync with dequeued pack...

CVE-2024-50191

Mode C: The CVE-2024-50191 entry concerns ext4 in the Linux kernel. The issue was that when a filesystem was mounted with errors=remount-ro, the kernel incorrectly set SB_RDONLY after errors, potentially confusing the filesystem freeze logic. The fix removes the SB_RDONLY modification and relies ...

CVE-2024-50278

The CVE-2024-50278 vulnerability affects the Linux kernel’s dm-cache (device-mapper) component. It can cause an out-of-bounds access in the dirty-bitset when the fast device is expanded before the first resume of the cache table, due to the first-resume size check not being performed. Reproductio...

CVE-2024-53099

CVE-2024-53099 refers to a Linux kernel vulnerability in BPF: it checks the validity of link->type in bpf_link_show_fdinfo(), preventing out-of-bounds access when a new link type is added but not invoked via BPF_LINK_TYPE(). Affected: Linux kernel releases prior to the patched version; multipl...

CVE-2024-53165

CVE-2024-53165 affects the Linux kernel and describes a use-after-free in the error handling path of sh: intc: register_intc_controller(). In the flawed path, the variable d is freed in the error handling without being removed from intc_list, which can lead to a use-after-free. The fix implemente...

CVE-2024-53232

CVE-2024-53232 refers to a Linux kernel vulnerability in the IOMMU code for s390, where during surprise hot-unplug of a PCI device, attaching the default domain could fail and lead to a NULL domain pointer and a use-after-free. The fix introduces a blocking domain to handle devices that were alre...

CVE-2024-56747

CVE-2024-56747 concerns the Linux kernel scsi/qedi memory leak. The vulnerable path occurs when the sb (shared memory) for qedi_sb_init is allocated but not freed if sb_init fails, leading to a memory leak. The fix adds dma_free_coherent() to release sb_virt, aligning with the handling in qedr_al...

CVE-2024-57809

Technical details about CVE-2024-57809 are not provided in the supplied documents. No affected products/versions or remediation steps are present. Monitor for vendor advisories for confirmation of impact and fixes.

CVE-2024-58055

Mode C: The connected Astra Linux bulletin corroborates the CVE-2024-58055 issue in the Linux kernel USB gadget f_tcm: the bug is a double-free caused by freeing the command before the sense/status completion. The fix is a kernel patch that prevents premature command free; the advisory notes the ...

CVE-2025-21697

CVE-2025-21697 affects the Linux kernel DRM/v3d driver. After a job completes, the corresponding device pointer must be set to NULL; failing to do so triggers a warning during driver unload, since it can appear the job is still active. The fix is to assign the job pointer to NULL after completion...

CVE-2017-6353

CVE-2017-6353 affects the Linux kernel up to 4.10.1. It arises from net/sctp/socket.c not properly restricting association peel-off operations during certain wait states, enabling a local attacker to cause a denial of service via an invalid unlock and a double free (linked to an incorrect fix for...

CVE-2019-19043

The CVE-2019-19043 vulnerability affects the Linux kernel’s i40e driver path: memory leak in i40e_setup_macvlans() within i40e_main.c up through kernel 5.3.11. Triggering i40e_setup_channel() failures can cause memory consumption leading to a denial of service. Connected advisories (Unity Linux U...

CVE-2022-47519

CVE-2022-47519 affects the Linux kernel prior to 6.0.11 due to missing validation of IEEE80211_P2P_ATTR_OPER_CHANNEL in the WILC1000 driver (drivers/net/wireless/microchip/wilc1000/cfg80211.c). This can trigger an out-of-bounds write when parsing the channel list attribute from Wi‑Fi management f...

CVE-2022-48866

CVE-2022-48866: In the Linux kernel HID thrustmaster driver, a slab-out-of-bounds read occurred in thrustmaster_probe() due to missing validation of actual endpoints in usb_host_interface::endpoint. The fix adds a validation check comparing the actual number of endpoints to the expected number an...

CVE-2022-49287

CVE-2022-49287 concerns a Linux kernel refcount issue in tpm_chip handling that can trigger a use-after-free when interacting with TPM devices. The description details a sequence where a TPM command is written to /dev/tpmrm after unloading tpm_tis_spi, causing a refcount warning: refcount_t: addi...

CVE-2022-49328

CVE-2022-49328 is a vulnerability in the Linux kernel mt76 driver where a use-after-free can occur in mt76_txq_schedule due to an unprotected wcid pointer (non-RCU). The issue is addressed by guarding the mtxq->wcid with an rcu_lock between mt76_txq_schedule and sta_info_alloc/free, per the re...

CVE-2022-49520

CVE-2022-49520 (Linux kernel, arm64 compat): The vulnerability occurs when a compat process executes an unknown syscall above __ARM_NR_COMPAT_END; the kernel incorrectly uses the syscall number as ESR_ELx for the fault, causing arm64_show_signal() to print bogus ESR messages. The fix is to stop u...

CVE-2022-49653

The CVE refers to a Linux kernel i2c piix4 EFCH MMIO memory leak introduced by EFCH MMIO support. The root cause was release_resource() not freeing memory, causing leak; the fix uses release_mem_region() to free memory and restore symmetry between legacy and MMIO paths. Affected component: Linux ...

CVE-2023-52632

CVE-2023-52632 describes a Linux kernel lockdep warning in drm/amdkfd where a potential circular locking dependency can occur between srcu and a work-queue based lock. The provided details show a chain: srcu -> info->lock#2 -> (work_completion) svms->deferred_list_work, with the risk ...

CVE-2023-52676

The CVE-2023-52676 issue affects the Linux kernel BPF verifier where stack bounds were inconsistently checked for 32-bit offsets, potentially overflowing 32-bit arithmetic when combining a 64-bit register with an offset. The patch moves stack-bound checks into the 64-bit domain and enforces tight...

CVE-2023-52749

CVE-2023-52749: In the Linux kernel, a race condition can cause a null pointer dereference during resume if a synchronous SPI transfer is active when suspending. The issue arises when a transfer context resumes after cur_msg was reset to NULL during suspend. Public details state a fix: ensure syn...

CVE-2023-52845

CVE-2023-52845 affects the Linux kernel TIPC subsystem. The root cause is untyped/bearer-related link names not guaranteed to be null-terminated, enabling potential buffer overruns when such names pass through netlink. The patch changes nla_policy for bearer-related names from NLA_STRING to NLA_N...

CVE-2024-26739

CVE-2024-26739 affects the Linux kernel net/sched component (act_mirred) where overriding the skb return value after routing could lead to Use-After-Free if tcf_mirred_forward() had been called. The fix moves the retval override to the error path that actually requires it, preventing UaF when the...

CVE-2024-26838

CVE-2024-26838 – Linux kernel (RDMA/irdma): A KASAN-reported race occurs when freeing an IRQ where a tasklet could still be pending on another core during irq deletion. The fix adds a guarantee that any scheduled tasklet is killed after the irq is deleted, mitigating a potential use-after-free in...

CVE-2024-27016

CVE-2024-27016 affects the Linux kernel netfilter flowtable path and is mitigated by a fix that ensures sufficient room to access the PPPoE header’s protocol field. The patch validates the protocol field before the flowtable lookup and uses a helper to access it, preventing out-of-bounds access. ...

CVE-2024-27018

CVE-2024-27018 affects the Linux kernel br_netfilter component. The issue arises when a bridge device is in promiscuous mode, causing certain bridge-tapped packets to bypass conntrack input handling; a patch resets the conntrack state for these packets. The crash/reply trace and warnings (br_nf_l...

CVE-2024-35884

The CVE-2024-35884 vulnerability is in the Linux kernel UDP GRO handling for tunneled packets. When rx-udp-gro-forwarding is enabled, GRO can be applied to UDP packets that land in a tunnel, causing various issues due to mismatched geneve/frag_list handling. The issue manifested as incorrect GSO ...

CVE-2024-35957

The CVE-2024-35957 vuln in the Linux kernel/IOMMU VT-d path arises from probing code that tracked all probed devices in an rbtree by source ID, assuming uniqueness that VT-d does not guarantee. The fix, per the linked advisories, is to only track devices that have PCI ATS capabilities in the iomm...

CVE-2024-36270

CVE-2024-36270 : Linux kernel netfilter/tproxy vulnerability fixed. The bug caused a general protection fault / NULL pointer dereference in nf_tproxy_laddr4 when ip address handling hit a NULL device on the in_dev_rcu path. The corrigendum notes __in_dev_get_rcu() can return NULL and requires a N...

CVE-2024-42125

CVE-2024-42125 affects the Linux kernel wifi rtwn89 fw: scan offload with 6 GHz channel when there is no 6 GHz sband. The fix adds NULL handling for the 6 GHz sband to avoid a crash when a BIOS policy blocks 6 GHz; effectively, it prevents a NULL pointer dereference crash. According to the connec...

CVE-2024-42152

CVE-2024-42152: Linux kernel nvmet race during qp establishment may leak memory when destroying a ctrl. Root cause: nvmet_sq_destroy captures sq->ctrl early, risking final ref drop if an admin connect cmd races with destruction. Fixes in the cited documents re-capture sq->ctrl after infligh...

CVE-2024-43884

CVE-2024-43884 : In the Linux kernel, the Bluetooth MGMT path could dereference NULL in hci_conn_params_add() when pairing a device, due to a missing NULL check. This could crash the host. The fixed patch adds error handling in pair_device() to validate the NULL value before dereferencing. Connec...

CVE-2024-43914

CVE-2024-43914 : In the Linux kernel md/raid5 code, the issue arises when --revert-reshape is used during a reshape; updating the raid from 5 to 4 disks while a reshape position is still set caused a mismatch where the old reshape position influenced writepos checks, triggering a panic. The fix c...

CVE-2024-47701

CVE-2024-47701 : Linux kernel ext4 fault where an inlined directory lookup could access out-of-bounds when system.data xattr changes beneath the filesystem, causing a KASAN UAF. The issue arises if e_value_offs is modified underneath due to block-device changes, leading to invalid reads during ex...

CVE-2024-49936

CVE-2024-49936 concerns a use-after-free in the Linux kernel net/xen-netback path (xenvif_flush_hash) during an RCU iteration. The bug happens when kfree_rcu is invoked inside the RCU read-critcal section, causing an access to head->next after the entry is freed, leading to UAF. The mitigation...

CVE-2024-50002

CVE-2024-50002 affects the Linux kernel’s static_call subsystem. The root cause is a union in struct static_call_key where key::mods and key::sites share a pointer and are distinguished by a bit, but static_call_del_module() assumed a valid static_call_mod pointer and dereferenced it when an allo...

CVE-2024-50048

CVE-2024-50048 (Linux kernel fbcon NULL pointer dereference) : A NULL pointer dereference in fbcon_putcs was triggered after using fbcon via FBIOPUT_CON2FBMAP and TIOCLINUX, due to an uninitialized ops->putcs path. Reproducer shows set_con2fb_map -> con2fb_init_display -> fbcon_set_disp ...

CVE-2024-50069

The CVE-2024-50069 entry concerns the Linux kernel pinctrl: apple subsystem. Root cause: devm_kasprintf() could return NULL on failure, but the return value was not checked. The fix adds a check of the returned pointer to prevent NULL dereference. Impact described as high availability risk in aff...

CVE-2024-50101

CVE-2024-50101 : Linux kernel vulnerability in iommu/vt-d where domain_context_clear() incorrectly called pci_for_each_dma_alias() for non-PCI devices. Root cause: misusing pci_for_each_dma_alias() on non-PCI devices, risking kernel hangs or other unexpected behavior. Fix: only call pci_for_each_...

CVE-2024-50130

Summary: CVE-2024-50130 affects the Linux kernel, specifically the netfilter/bpf path. The issue arises when a BPF link is attached to a net namespace without taking a proper reference to the net namespace, allowing a use-after-free scenario during netns teardown. The bug manifests as a KASAN sla...

CVE-2024-50182

CVE-2024-50182 : Linux kernel secretmem memfd_secret() is disabled if arch cannot set direct map. On arm64 with !can_set_direct_map(), set_direct_map_invalid_noflush() becomes a no-op that returns success, making memfd_secret() appear to work but not remove memory from the direct map. The patch m...

CVE-2024-55916

The CVE-2024-55916 entry refers to a Linux kernel race where the KVP/VSS daemon may run before the VMBus ringbuffer is fully initialized. Concrete detail: a NULL pointer dereference can occur in hv_pkt_iter_first when the daemon opens / dev/vmbus/hv_kvp and registers before vmbus_open() completes...

CVE-2024-56611

CVE-2024-56611 is a Linux kernel issue. The bug was in mm/mempolicy: migrate_to_node() assumed at least one VMA in a MM, leading to a NULL dereference if find_vma() returns NULL. The fix mitigates an oops/general protection fault (non-canonical address 0xdffffc0000000000) by properly handling NUL...

CVE-2024-56667

CVE-2024-56667 affects the Linux kernel DRM/i915 driver. The root cause is a NULL pointer dereference in drm_info() when the intel_context structure contains NULL, leading to a crash. The issue has been mitigated by a fix cherry-picked from commit 754302a5bc1bd8fd3b7d85c168b0a1af6d4bba4d. The vul...

CVE-2024-56777

CVE-2024-56777 affects the Linux kernel DRM STI path. The vulnerability arises because the return value of drm_atomic_get_crtc_state() is not checked before dereferencing the potential error pointer crtc_state in sti_gdp_atomic_check, which can lead to an invalid memory access if the call fails. ...

CVE-2024-56778

CVE-2024-56778 affects the Linux kernel DRM STI driver. The root cause is that sti_hqvdp_atomic_check could dereference an error pointer because the return value of drm_atomic_get_crtc_state() was not checked, risking invalid pointer use and potential instability. The vulnerability is limited to ...