CVE-2025-21782

CVE-2025-21782 — Linux kernel: orangefs: fix a slab-out-of-bounds in orangefs_debug_write. A syzbot report described slab-out-of-bounds Read in orangefs_debug_write; patch was tested and applied to fix the issue. The vulnerability is tied to the OrangeFS write path and is addressed by kernel fixe...

CVE-2025-21806

CVE-2025-21806 : Linux kernel vulnerability in net.core.dev_weight where setting dev_weight to 0 can cause NAPI backlog processing to misbehave and napi to be re-polled repeatedly, potentially triggering a stall until softirq timeout. Reproducing issue: sysctl -w net.core.dev_weight=0 followed by...

CVE-2025-21848

The CVE-2025-21848 issue affects the Linux kernel where nfp_bpf_cmsg_alloc() fails to check the return value of nfp_app_ctrl_msg_alloc(), leading to a NULL pointer dereference. The connected sources confirm this root cause and indicate a patch was added to perform the necessary check to prevent t...

CVE-2025-21898

CVE-2025-21898 (Linux kernel) : The vulnerability centers on ftrace calculation in function_stat_show(), where division-by-zero could occur during stddev computation. The fix introduces a check on the denominator expression x * (x - 1) * 1000, ensuring it does not produce zero before performing t...

CVE-2009-3547

CVE-2009-3547 refers to multiple race conditions in fs/pipe.c of the Linux kernel before 2.6.32-rc6. The flaws can allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by opening an anonymous pipe via a /proc/*/fd/ pathname. A fix is availa...

CVE-2014-7822

CVE-2014-7822 concerns the Linux kernel splice_write path, where the splice() system call does not validate the maximum size of a single file. This enables a local unprivileged user to trigger a denial of service (system crash) and potentially other effects, notably when using an ext4 filesystem....

CVE-2015-2830

CVE-2015-2830 affects the Linux kernel (arch/x86/kernel/entry_64.S) prior to 3.19.2. The TS_COMPAT flag can reach a user-mode task, potentially allowing local attackers to bypass seccomp or audit protections via crafted applications using fork or close. A fix is available in 3.19.2 and later; att...

CVE-2017-8797

CVE-2017-8797 affects the Linux kernel NFSv4 server. A remote attacker can send NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operands in UDP; an uninitialized layout type is used as an array index, causing an OOPS and potentially a system DoS via knfsd soft-lockup. Affected: Linux kernel versions prior ...

CVE-2018-14613

CVE-2018-14613 affects the Linux kernel up to 4.17.10. It involves an invalid pointer dereference in io_ctl_map_page() when mounting/operating a crafted btrfs image, caused by a lack of block group item validation in fs/btrfs/tree-checker.c (check_leaf_item). The issue yields a local, likely kern...

CVE-2021-47592

CVE-2021-47592 affects the Linux kernel stmmac driver and its VLAN priority RX steering path. The issue manifested as a NULL pointer dereference when deleting a tc flower filter for VLAN priority after a previous mis-implemented tc_del_vlan_flow() used flow_cls_offload_flow_rule() (invalid for tc...

CVE-2022-48619

CVE-2022-48619 : A local Linux kernel vulnerability in drivers/input/input.c (input_set_capability) can panic the kernel when an event code falls outside the bitmap. Affected: Linux kernel versions before 5.17.10. Root cause: mishandling in input_set_capability for out-of-bitmap event codes. Impa...

CVE-2022-48929

CVE-2022-48929 : In the Linux kernel, a crash was fixed in the BPF path. The issue arose when kfunc support expanded reg2btf_ids to map verifier register types to BTF IDs, but a relocation of __BPF_REG_TYPE_MAX and subsequent type-flag composition could cause direct reg->type indexing to fall ...

CVE-2022-49116

CVE-2022-49116 – Linux kernel Bluetooth memset fix : The vulnerability concerns the Bluetooth stack (l2cap_ecred_connect) where structs could leak memory if not initialized. The fix is to use memset to initialize structs to prevent memory leaks. Affected component: Linux kernel Bluetooth subsyste...

CVE-2022-49283

Technical details for CVE-2022-49283 are not provided in the connected documents. Public details here are limited to the fix note; no affected products/versions/exploit info is given. Monitor for updates.

CVE-2022-49587

The CVE-2022-49587 entry concerns a data-race in the Linux kernel related to reading sysctl_tcp_notsent_lowat, which could be modified concurrently. The fix is to add READ_ONCE() to the reader, addressing a sysctl data-race in the tcp stack. The vulnerability is rated with CVSS v3.1 metrics indic...

CVE-2023-1872

CVE-2023-1872 is a use-after-free in the Linux kernel io_uring subsystem caused by the io_file_get_fixed path not validating ctx->uring_lock, enabling a race with fixed files unregistration. This can lead to local privilege escalation and possible denial of service. Affected component is the k...

CVE-2023-52612

CVE-2023-52612 is a Linux kernel vulnerability in crypto: scomp where the req->dst buffer could overflow when copying from scomp_scratch->dst. The description specifies that the dst buffer size must be checked before copying to prevent overflow. Connected documents (Astra Linux security bul...

CVE-2023-52625

The CVE-2023-52625 entry concerns the Linux kernel’s drm/amd/display path (DMCUB enter/exit idle). The root cause is a SW/state mismatch when exiting idle before issuing commands to DMCUB, where the exit/notify idle operation can itself issue a command. The provided fix strategy is to track a sof...

CVE-2024-26662

The CVE CVE-2024-26662 affects the Linux kernel DRM/AMD display path. A null pointer dereference could occur in dcn21_set_backlight_level() when panel_cntl is NULL, potentially crashing the GPU/display path. The fix introduces a null-check for panel_cntl before dereferencing and updates dcn21_hws...

CVE-2024-27414

CVE-2024-27414 affects the Linux kernel. The issue was in rtnetlink: the error handling logic when writing back IFLA_BRIDGE_FLAGS could use a broken pointer due to the loop modification that checked IFLA_BRIDGE_MODE length and removed a break. This caused the code path to select the last NLA, pot...

CVE-2024-35887

CVE-2024-35887 affects the Linux kernel ax25 subsystem. When an ax25 device detaches, ax25_dev_device_down() calls ax25_ds_del_timer() to cleanup the slave_timer; if the timer handler is running, del_timer() may run concurrently with ax25_dev_put() freeing the device, causing a use-after-free. Th...

CVE-2024-35899

Technical details for CVE-2024-35899 are not publicly available in the provided documents. Monitor for updates from official advisories; no product/vendor/impact specifics can be inferred from the supplied material.

CVE-2024-35908

CVE-2024-35908 (Linux kernel) : The issue arises in TLS handling within tls_sw_recvmsg where a psock reference is taken before tls_rx_reader_lock; if the lock fails, the reference isn’t released, causing a leak. The fix postpones taking the psock reference until after successful locking, ensuring...

CVE-2024-36028

CVE-2024-36028: Linux kernel mm/hugetlb vulnerability fixed. The issue caused DEBUG_LOCKS_WARN_ON(1) during dissolve_free_hugetlb_folio(), leading to a kernel warning and panic. Connected sources attribute the root cause to a field packing problem where folio.deferred is unioned with folio._huget...

CVE-2024-36477

CVE-2024-36477 refers to a Linux kernel vulnerability where the TPM SPI transfer did not account for the 4-byte header prepended to the SPI data frame, potentially causing out-of-bounds accesses. The root cause was the use of MAX_SPI_FRAMESIZE to compute the maximum transfer length and buffer siz...

CVE-2024-36889

CVE-2024-36889 concerns the Linux kernel’s MPTCP code. The issue arises when a client falls back to TCP during connect, and snd_nxt is not initialized yet; an incoming ACK could copy that uninitialized value into snd_una. If the MPTCP worker then re-injects data, it may trigger a cleanup using a ...

CVE-2024-36936

The CVE-2024-36936 issue affects the Linux kernel's memory-accept path under efi/unaccepted. The root cause was a soft lockup scenario caused by a spinlock held during memory acceptance, which could intermittently trigger a watchdog/softlockup on the CPU during large TD guest memory loads. The fi...

CVE-2024-38544

CVE-2024-38544 relates to a Linux kernel vulnerability in RDMA/rxe where a segfault could occur in rxe_comp_queue_pkt. The root cause was dereferencing a previously freed skb because the code accessed hw counters after enqueuing, and the completion task might run in another thread. The fix change...

CVE-2024-38573

In CVE-2024-38573, the Linux kernel CPUS frequency framework (cppc_cpufreq) fixes a possible NULL dereference. cppc_cpufreq_get_rate() and hisi_cppc_cpufreq_get_rate() could observe a NULL policy from cpufreq_cpu_get() under certain conditions. The fix adds a NULL return check to prevent derefere...

CVE-2024-40973

CVE-2024-40973 affects the Linux kernel media/mtk-vcodec SCP path. The root cause is a missing check of the return value from devm_kzalloc(), leading to a potential NULL pointer dereference. The issue is described across multiple sources (e.g., Astra Linux reports in linux-5.15/6.1; Debian adviso...

CVE-2024-41058

CVE-2024-41058 : Linux kernel vulnerability due to slab-use-after-free in fscache_withdraw_volume() (cachefiles/fscache path). The issue could cause kernel instability via UAF on a volume being withdrawn; patch fixes slab-use-after-free in fscache_withdraw_volume() and adds refcount protection. I...

CVE-2024-41082

CVE-2024-41082 : The Linux kernel nvme-fabrics issue can exhaust admin_q tags when many nvme commands are issued, causing a reconnect/update failure and potential kernel hang after a reset/timeouts. The connected MiracleLinux/Nessus entry notes a mitigation by letting reg_read32()/reg_read64()/re...

CVE-2024-42068

CVE-2024-42068 (Linux kernel) : Affected component is in the kernel’s BPF memory protection flow. set_memory_ro() can fail, leaving memory unprotected; the fix requires checking the return value of set_memory_ro() and treating failure as an error in bpf_prog_lock_ro(). This vulnerability could en...

CVE-2024-42101

CVE-2024-42101 : In the Linux kernel, the drm/nouveau driver fix for a NULL pointer dereference in nouveau_connector_get_modes. The bug occurred when drm_mode_duplicate() failed, its return value was assigned to mode without a NULL check, potentially dereferencing a NULL pointer. The patch adds a...

CVE-2024-42253

CVE-2024-42253 – Linux kernel GPIO (pca953x) race The vulnerability is in the pca953x GPIO driver: a race can occur between irq_bus_sync_unlock() and an irq, when a request races against irq_bus_sync_unlock() on i.MX8MP platforms. The fix requires that i2c_lock is held when setting the interrupt ...

CVE-2024-42315

CVE-2024-42315 – exFAT deadlock fix in Linux kernel . The issue occurs when exposing a file with entries exceeding ES_MAX_ENTRY_NUM, where the bh-array is allocated with GFP_KERNEL inside __exfat_get_dentry_set, potentially causing a deadlock on sbi->s_lock between processes. The fix changes t...

CVE-2024-46750

CVE-2024-46750 (Linux kernel) : The vulnerability arises from missing bridge locking in PCI subsystem, specifically the bridge itself not being locked when resetting the bus. The fix adds the bridge lock path by acquiring pci_dev_lock() for the upstream bridge’s bridge self (in pci_reset_function...

CVE-2024-49983

CVE-2024-49983 : Linux kernel ext4 fix for double-free in ext4_ext_replay_update_ex(). The patch drops the temporary ppath and uses path directly, preventing freeing of path via ppath and ensuring the original path is updated on success. It also makes ext4_find_extent() update the path and propag...

CVE-2024-50128

The CVE-2024-50128 issue is a Linux kernel net/wwan vulnerability: a global out-of-bounds read caused by wwan_rtnl_link_ops assigning a bigger maxtype when parsing netlink attributes. The root cause, per nla_parse_nested_deprecated guidance, is using an undersized IFLA_WWAN_MAX size during parsin...

CVE-2024-53100

CVE-2024-53100: Linux kernel nvme-tcp fix for a race between queue_lock usage in nvme_tcp_get_address() and destruction in nvme_tcp_free_queue(). The commit 76d54bf20cdc adds a mutex_lock for queue->queue_lock, but this can race with mutex_destroy(), triggering a WARN during error recovery. A ...

CVE-2024-53117

CVE-2024-53117 (Linux kernel) : The vulnerability affects virtio/vsock in the Linux kernel. The root cause was a missing kfree_skb() in error handling for MSG_ZEROCOPY paths, which could cause memory leaks. The fix adds the missing kfree_skb() to prevent leaks when MSG_ZEROCOPY encounters errors....

CVE-2024-53155

CVE-2024-53155 relates to the Linux kernel OCFS2: a fix for an uninitialized value in ocfs2_file_read_iter() caused by a kiocb ‘private’ field possibly being uninitialized when passed from the block layer. The accompanying kernel log shows KMSAN reports and a stack trace ending in ocfs2_file_read...

CVE-2024-56603

CVE-2024-56603 affects the Linux kernel in the net/af_can path. On error in can_create(), the code frees the allocated sk object, but sock_init_data() had already attached it to the sock, leaving a dangling sk pointer and introducing a potential use‑after‑free. The connected advisories confirm a ...

CVE-2024-57892

CVE-2024-57892 relates to the Linux kernel OCFS2 quota handling. The issue is a slab-use-after-free when remounting an ocfs2 filesystem as read-only and a quota_getnextquota syscall is used. The root cause is a dangling dqi_priv pointer that is freed during remount but not cleared, combined with ...

CVE-2024-57947

The CVE-2024-57947 issue in the Linux kernel concerns netfilter nf_set_pipapo: the initial map fill must initialize the buffer to all-ones only up to the size of the first field. If the first element’s bsize is smaller than m->bsize_max, one-bits leak into later rounds, causing nf_set_pipapo t...

CVE-2025-21699

CVE-2025-21699 affects the Linux kernel gfs2 subsystem. The issue arises when truncating an inode’s address space while flipping the GFS2_DIF_JDATA flag, because pages in the address space may use buffer_heads or iomap_folio_state structures and must not be mixed. The result is a condition that c...

CVE-2025-21762

Summary (CVE‑2025‑21762) The Linux kernel fixed a vulnerability in arp_xmit() where arp_xmit() could be called without RTNL or RCU protection, creating a potential use‑after‑free (UAF) scenario. The remediation uses RCU protection to guard arp_xmit() and prevent UAF. The issue is documented in th...

CVE-2025-21802

CVE-2025-21802 is a Linux kernel issue affecting the networking driver path for hns3. The vulnerability arises during driver unload when the hclge path attempts to disable SR-IOV for each ae_dev in hnae3_ae_dev_list while the ae_dev list is being modified, which can cause an oops. The root cause ...

CVE-2025-21996

The CVE-2025-21996 entry concerns the Linux kernel, specifically drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse(). The root cause is that, when a user-space command stream via ioctl to radeon_vce_cs_parse() begins with an encode (case 0x03000001), the function may call radeon_vce...

CVE-2015-7515

CVE-2015-7515 affects the Linux kernel (pre-4.4) due to improper validation in the aiptek_probe path of drivers/input/tablet/aiptek.c. A physically proximate user can cause a NULL pointer dereference and system crash via a crafted USB device that lacks endpoints, leading to denial of service. The...