CVE-2024-56778

CVE-2024-56778 affects the Linux kernel DRM STI driver. The root cause is that sti_hqvdp_atomic_check could dereference an error pointer because the return value of drm_atomic_get_crtc_state() was not checked, risking invalid pointer use and potential instability. The vulnerability is limited to ...

CVE-2024-57896

CVE-2024-57896 corresponds to a Linux kernel use-after-free in the btrfs unmount path. During close_ctree(), the cleaner kthread is stopped and its task_struct freed, but a delalloc_worker may still wake the cleaner from inode.c:submit_compressed_extents(), causing use-after-free of the task_stru...

CVE-2025-21690

CVE-2025-21690 affects the Linux kernel storvsc SCSI driver where a persistent hypervisor error can cause an unbounded flood of I/O warning logs, leading to kernel log bloat and VM DoS. The issue is addressed by kernel updates across several distributions (e.g., Debian LTS DLA-4076-1:00E2C upgrad...

CVE-2025-21744

CVE-2025-21744 affects the Linux kernel brcmfmac wifi driver. On device removal or module unload, a sequence including brcmf_detach, brcmf_remove_interface, brcmf_del_if, and brcmf_proto_detach can lead to a NULL return from brcmf_get_ip() and a subsequent NULL pointer dereference inside brcmf_tx...

CVE-2025-21759

CVE-2025-21759: In the Linux kernel, ipv6 mcast path igmp6_send() could be invoked without RTNL/RCU held, risking use-after-free of the net pointer. The fix extends RCU protection to safely fetch the net pointer and avoid UAF, and replaces sock_alloc_send_skb usage with alloc_skb under RCU protec...

CVE-2016-4581

CVE-2016-4581 affects the Linux kernel: a flaw in mounting propagation where slave mounts can leave the propagation tree in an inconsistent state. Local users could trigger a denial of service via crafted mount calls, causing a NULL pointer dereference and kernel oops. The issue is fixed in kerne...

CVE-2016-5244

CVE-2016-5244 affects the Linux kernel and involves the function rds_inc_info_copy in net/rds/recv.c not initializing a structure member. This can enable a remote attacker to read sensitive information from kernel stack memory by processing an RDS message, with impact described as kernel informat...

CVE-2017-16645

CVE-2017-16645 affects the Linux kernel’s ims_pcu_get_cdc_union_desc in drivers/input/misc/ims-pcu.c. According to the provided sources, the vulnerability exists in kernels up to 4.13.11 and can be triggered by a crafted USB device, allowing a local user with LOW privileges and physical access to...

CVE-2017-16647

CVE-2017-16647 affects the Linux kernel driver: drivers/net/usb/asix_devices.c, up to version 4.13.11. The issue arises from a NULL pointer dereference when a crafted USB device is connected, enabling local attackers to trigger a denial of service (system crash) and potentially other impact. The ...

CVE-2017-7487

The CVE-2017-7487 issue is in the Linux kernel net/ipx/af_ipx.c ipxitf_ioctl: reference count mishandling causes a use-after-free via a failed SIOCGIFADDR on an IPX interface, enabling local denial of service. Evidence in connected Nessus advisories confirms the vulnerability and that it affects ...

CVE-2017-7495

CVE-2017-7495 affects the Linux kernel’s ext4 inode handling (inode.c) in data=ordered mode, where a mishandled needs-flushing-before-commit list leaks sensitive data from other users’ files under opportunistic conditions. The cited sources specify this is a local vulnerability: an attacker with ...

CVE-2020-29534

CVE-2020-29534 affects the Linux kernel prior to 5.9.3. The io_uring subsystem takes a non-refcounted reference to the submitting process’ files_struct, which can lead to incorrect optimization of unshare_fd() during execve(), as CID-0f2122045b94 describes. This is a local vulnerability with pote...

CVE-2021-47378

CVE-2021-47378 affects the Linux kernel nvme-rdma code: destroying cm_id before destroying the qp can cause a use-after-free in RDMA error flow. The fix documented in multiple sources is to always destroy cm_id before destroying the qp, with qp subsequently destroyed in nvme_rdma_alloc_queue() af...

CVE-2022-3621

CVE-2022-3621 : A vulnerability in the Linux kernel component nilfs2 affects the function nilfs_bmap_lookup_at_level in fs/nilfs2/inode.c. The issue enables a NULL pointer dereference, with the document noting that the flaw can be exploited remotely. The vulnerability is caused by manipulation of...

CVE-2022-48939

CVE-2022-48939 refers to a Linux kernel issue where the BPF subsystem’s batch operations could cause soft lockups due to missing schedule points. The fix adds scheduling points in batch paths to prevent long hangs (e.g., kworker/1:1:27 blocked and hung RCUs). The root cause is that batch processi...

CVE-2022-49356

CVE-2022-49356 concerns a Linux kernel SUNRPC vulnerability where RDMA segment overflows could occur if svc_rdma_build_writes() walks past a Write chunk’s segment array. The fixed commit prevents walking off the end of the array and was validated with KASAN. The description notes the pre-fix test...

CVE-2022-49434

The CVE-2022-49434 issue is in the Linux kernel where pci_dev_lock() historically acquired the config space access lock before the device lock, risking AB/BA deadlocks with sriov_numvfs_store() that already takes the device lock first. The fix is to reverse the order in pci_dev_lock() so it acqui...

CVE-2022-49465

CVE-2022-49465 (Linux kernel) : A use-after-free could occur in blk-throttle due to BIO_THROTTLED being set on throttled BIOs after __blk_throtl_bio(), leading to use-after-free during I/O completion. The fix moves BIO_THROTTLED assignment into queue_lock, preventing premature release of the bio....

CVE-2022-49583

CVE-2022-49583 affects the Linux kernel iavf driver. The vulnerability was caused by improper handling of dummy receive descriptors, leading to a memory leak where the previous receive buffer page wasn’t freed when a dummy descriptor was written by hardware. The fix updates iavf_get_rx_buffer to ...

CVE-2023-4010

CVE-2023-4010 reports a denial-of-service in the Linux kernel USB Host Controller Driver (framework) specifically in usb_giveback_urb. The description indicates a logic error in the goto-condition can cause the function to loop indefinitely when presented with a malformed descriptor, leading to D...

CVE-2023-52762

CVE-2023-52762 — Linux kernel virtio-blk overflow in max DMA size Root cause: In virtio-blk, an implicit conversion from size_t to u32 occurs when assigning (u32)max_size = (size_t)virtio_max_dma_size(vdev); If virtio_max_dma_size(vdev) returns a value larger than U32_MAX, the cast to u32 yields ...

CVE-2023-52806

CVE-2023-52806 concerns the Linux kernel ALSA hda subsystem. The description in the initial document notes a possible NULL pointer dereference when an AudioDSP stream is assigned, specifically when a COUPLED stream is inadvertently accepted despite drivers using HOST or LINK types. The connected ...

CVE-2023-52867

CVE-2023-52867 affects the Linux kernel drm/radeon driver: a buffer overflow in the AFMT status buffer (afmt_status, size 6) can occur because afmt_idx is checked after access. The issue is resolved in kernel updates referenced by multiple advisories (e.g., Amazon Linux 2 ALAS-2025-2834 and Unity...

CVE-2023-53033

The CVE-2023-53033 entry concerns the Linux kernel Netfilter nft_payload code, where arithmetic incorrectly added the VLAN header size when handling VLAN bits (notably for double-tagged packets). The issue is fixed by using subtraction to adjust the length, addressing CVE-2023-0179, with impact d...

CVE-2024-26851

CVE-2024-26851 concerns the Linux kernel netfilter nf_conntrack_h323 path. The issue arises when decoding H.323 ras messages: an abnormal skb->data can cause the extension bitmap length to exceed 32, leading to a length-based shift that may become negative and trigger UBSAN reports. The workar...

CVE-2024-35794

The CVE-2024-35794 entry concerns the Linux kernel issue where dm-raid could have the sync_thread not frozen during suspend. Root cause: a sequence of commits around md_stop_writes and MD_RECOVERY_FROZEN, where the flag does not by itself freeze the running sync_thread and stop_sync_thread() must...

CVE-2024-35865

CVE-2024-35865 (Linux kernel) : The smb client was fixed to prevent a use-after-free in smb2_is_valid_oplock_break() by skipping sessions that are tearing down (status SES_EXITING). This mitigates a potential UAF during Oplock break validation. The description notes the vulnerability is resolved ...

CVE-2024-35913

CVE-2024-35913 affects the Linux kernel’s wireless stack (iwlwifi, iwlmvm). The issue arises in SESSION_PROTECTION_NOTIF handling: when determining whether to read mac_id or link_id in struct iwl_mvm_session_prot_notif, the code does not consistently pick the correct field based on the version, l...

CVE-2024-35959

CVE-2024-35959 is an Linux kernel issue fixed in the mlx5e path. The fix addresses a cleanup flow: when mlx5e_priv_init() fails, mlx5e_priv_init’s cleanup calls mlx5e_selq_cleanup, which previously could lead to a misordered lock usage. The cleanup calls mlx5e_selq_apply() that assumes priv->s...

CVE-2024-36025

CVE-2024-36025 is validated by connected MiracleLinux security advisory AXSA:2024-8783:27. Affected: Linux kernel scsi qla2xxx driver. Root cause: memory corruption from an off-by-one in qla_edif_app_getstats() where app_reply->elem[] (allocated for app_req.num_ports) could be overrun due to a...

CVE-2024-39298

CVE-2024-39298 affects the Linux kernel memory failure path (mm/memory-failure) and is tied to a race in handling dissolved but not removed pages from buddy pages (hugetlb). The provided trace shows a bug path where a buddy page is dissolved/unpoisoned, leading to a VM_BUG_ON_PAGE(!PageBuddy(page...

CVE-2024-40913

Technical details for CVE-2024-40913 are not provided in the supplied documents. Monitor for updates from vendors/advisories.

CVE-2024-40931

CVE-2024-40931 (Linux kernel) : Affected component is the kernel’s mptcp code. The issue arose when a Subflow key snd_una remained uninitialized on connect due to a sequencing bug (snd_nxt and write_seq initialization order). The root cause is triggered by syzkaller’s retransmit path after fallba...

CVE-2024-41040

Technical details about CVE-2024-41040 are not provided in the supplied documents. No concrete information on affected products, versions, vulnerability scope, or remediation is available here. Monitor official advisories and vendor updates for confirmed impact and fixes.

CVE-2024-42114

CVE-2024-42114 : Linux kernel vulnerability in wifi cfg80211 code where NL80211_ATTR_TXQ_QUANTUM values were not properly validated, enabling a local attacker to trigger soft lockups/DoS by setting TXQ_QUANTUM to 2^31. The issue is tied to lack of proper range checks in nl80211.c and parallels a ...

CVE-2024-42276

CVE-2024-42276 : The connected Astra Linux security bulletin confirms a Linux kernel vulnerability in the nvme-pci path was resolved by adding a missing condition check for the existence of mapped data. Specifically, nvme_map_data() is invoked when a request has physical segments, and nvme_unmap_...

CVE-2024-43888

CVE-2024-43888 pertains to the Linux kernel memory-control path. The advisory fixes a use-after-free in mm/list_lru for memory cgroups: mem_cgroup_from_slab_obj() must be called under RCU protection (rcu_read_lock) or with appropriate locks; without it, a memcg could be freed while still used. Th...

CVE-2024-46864

CVE-2024-46864 is a Linux kernel vulnerability affecting x86/hyperv where a new cpuhp state handling caused the VP assist page not to be reset during kexec, leading to VP memory corruption and a possible panic. The root cause: cpuhp_setup_state() returns 0 for non-online/dyn states, and hv_machin...

CVE-2024-47696

CVE-2024-47696 concerns the Linux kernel, specifically the RDMA/iwcm path. The root cause is a use‑after‑free during flushing of the iwcm_wq when it was created without the WQ_MEM_RECLAIM flag, which can break forward‑progress and lead to deadlock if a flush discovers the workqueue in a reclaimin...

CVE-2024-47703

CVE-2024-47703 — Linux kernel (bpf, lsm): The vulnerability stems from a BPF LSM return value not being checked, which could cause a kernel panic when a BPF prog attached to file_alloc_security returns a positive value that is misinterpreted as a file pointer. The issue was addressed by adding a ...

CVE-2024-48873

CVE-2024-48873 affects the Linux kernel wifi rt89 driver. The root cause is not validating the return value of ieee80211_probereq_get(), which can be NULL and lead to a NULL pointer dereference when used. The published advisory notes that the function’s return value must be checked before use to ...

CVE-2024-49946

CVE-2024-49946 affects the Linux kernel PPP stack. The issue arises in ppp_channel_bridge_input() when packets are backlogged to a socket owned by a user process and the code path can call sk_backlog_rcv()/__release_sock()/release_sock() in process context. This creates an inconsistent lock state...

CVE-2024-50045

The CVE-2024-50045 entry concerns a Linux kernel vulnerability in br_netfilter that can panic (crash) when forwarding untagged frames via a VxLAN bridge port, due to an invalid skb_dst handling during fragmentation checks. The root cause is a metadata_dst tunnel destination being treated as valid...

CVE-2024-50189

CVE-2024-50189 is described in the initial document as a Linux kernel issue: HID: amd_sfh: Switch to device-managed dmam_alloc_coherent(), enabling simpler cleanup in probe() error paths and purportedly improving cleanup to mitigate memory errors, page faults, btrfs issues, and disk corruption. T...

CVE-2024-50261

Mode C CVE-2024-50261 (macsec use-after-free) affects the Linux kernel’s macsec offload path. The issue stems from metadata_dst being freed prematurely in macsec_free_netdev() while a packet is still using it. The fix replaces metadata_dst freeing with dst_release() so that metadata_dst is not fr...

CVE-2024-53070

CVE-2024-53070 affects the Linux kernel USB subsystem (dwc3). The issue occurs when a device is already runtime suspended and the system suspends, leading to a crash if device registers are accessed. The fix reorders suspend sequence by moving the dwc3_enable_susphy() call to the top of the suspe...

CVE-2024-53082

CVE-2024-53082: Linux kernel virtio_net vulnerability resolved by adding a hash_key_length check in virtnet_probe() to prevent possible out-of-bounds errors when setting/reading the hash key. This root cause and fix are echoed in connected documents (Astra Linux bulletin and IBM/Red Hat–style pag...

CVE-2024-53105

CVE-2024-53105 is a Linux kernel vulnerability in the memory allocator path. The issue was caused by not clearing the mlocked flag during page freeing, which could lead to a bad page state during free_pages_prepare. The fixed code moves the mlocked flag clearance into free_pages_prepare() within ...

CVE-2024-53129

CVE-2024-53129 affects the Linux kernel DRM Rockchip VOP as described. The root cause was a NULL-dereference in vop_plane_atomic_async_check() where 'state' could be dereferenced before a NULL check; patch fixes crtc_state validation (rockchip_drm_vop.c:1096). Connected advisories confirm the iss...

CVE-2024-56754

CVE-2024-56754: Linux kernel vulnerability in crypto: caam where the pointer passed to caam_qi_shutdown() was derived from a devm_add_action_or_reset() parameter of type struct caam_drv_private *, but cast to struct device *. The connected Astra Linux advisory confirms the fix: Pass the correct p...