13692 matches found
CVE-2024-26966
CVE-2024-26966 pertains to the Linux kernel clk: qcom: mmcc-apq8084 issue. The vulnerability arose because frequency table arrays were not terminated with an empty element, risking out-of-bounds access when traversed by qcom_find_freq() or qcom_find_freq_floor(). The fix adds a terminating empty ...
CVE-2024-27038
The CVE-2024-27038 issue is a NULL dereference in clk_core_get() during hw dereferencing of clk->core. A NULL hw is produced when __clk_get_hw() returns NULL, and clk_core_get() dereferences hw->core. The fix, described in the kernel patch and reflected in Astra Linux/IBM advisories, change...
CVE-2024-27074
The CVE-2024-27074 entry concerns a Linux kernel memory leak in the media go7007 path. Specifically, in go7007_load_encoder the bounce object (go->boot_fw) is allocated but not deallocated, and is freed later via kfree(go) after the call chain saa7134_go7007_init -> go7007_boot_encoder ->...
CVE-2024-26961
CVE-2024-26961 affects the Linux kernel, related to mac802154_llsec_key_del freeing key resources outside the required RCU grace period. The issue can lead to a use-after-free when llsec_lookup_key() traverses the key list in parallel with a deletion. The provided connected documents describe the...
CVE-2024-27078
CVE-2024-27078 affects the Linux kernel component media: v4l2-tpg . The issue is a resource leak in the tpg_alloc error paths where allocated resources were not always deallocated, leading to memleaks because tpg_free was only called when tpg_alloc returned 0. The patch ensures deallocation occur...
CVE-2024-26974
CVE-2024-26974 affects the Linux kernel crypto/qat driver. A race during PCI AER error recovery could cause a use-after-free of the reset_data container used for completion notification after a device restart, triggering a KFENCE use-after-free notice. The fix alters memory lifetime: the containe...
CVE-2024-27076
CVE-2024-27076 affects the Linux kernel in the media: imx: csc/scaler path. The root cause is a memory leak in v4l2_ctrl_handler: memory allocated in v4l2_ctrl_handler_init was not freed on release. The patch fixes this by freeing the allocated memory on release, mitigating a local-vector memory ...
CVE-2024-27044
The CVE CVE-2024-27044 affects the Linux kernel DRM/AMD display path. A NULL pointer dereference vulnerability occurs in dcn10_set_output_transfer_func() where the stream pointer is used before a NULL check, as reported in the patch note for drivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn10/dcn...
CVE-2024-26989
CVE-2024-26989: Linux kernel vulnerability on arm64 hibernate (swsusp_save) caused by saving MEMBLOCK_NOMAP pages due to kernel_page_present logic mishandling when can_set_direct_map() is false. Connected docs confirm the root cause: changes to pfn_valid() logic; fix: drop the !can_set_direct_map...
CVE-2023-52650
CVE-2023-52650 affects the Linux kernel's drm/tegra subsystem (dsi). The vulnerability arises from a missing check for the return value of of_find_device_by_node(), risking a NULL pointer dereference. The issue has a formal fix in the kernel: add the check and return an error when of_find_device_...
CVE-2024-27077
CVE-2024-27077 affects the Linux kernel via a memleak in media: v4l2-mem2mem, specifically in v4l2_m2m_register_entity where entity->name is allocated but not freed on subsequent error paths. The patch adds deallocation of entity->name in error-handling paths to prevent the leak. Public adv...
CVE-2023-52620
CVE-2023-52620 (Linux kernel) affects the nf_tables component of the Linux kernel, where the vulnerability arises from allowing a timeout parameter on anonymous sets and disallowing such parameters from userspace. The CVSS vector provided in the initial document indicates a Local, Low-severity im...
CVE-2024-27046
CVE-2024-27046 is a Linux kernel vulnerability affecting the nfp: flower path. The issue occurs when kmalloc_array() in nfp_fl_lag_do_work() returns NULL under memory pressure, which can lead to a NULL pointer dereference when accessing acti_netdevs. The accompanying patch adds a check for alloca...
CVE-2024-36012
CVE-2024-36012 affects the Linux kernel Bluetooth stack (msft): slab-use-after-free in msft_do_close() when msft_data is freed in msft_unregister via hci_release_dev(). The fix ties msft_data lifetime to hdev and frees it in hci_release_dev(), preventing use-after-free in msft->filter_lock. Af...
CVE-2021-47006
CVE-2021-47006 relates to the ARM hw_breakpoint path in the Linux kernel. The issue arises from perf_event_alloc() setting a default event->overflow_handler and replacing the overflow_handler check with is_default_overflow_handler(), but one condition remains missing: bp->overflow_handler m...
CVE-2024-27051
CVE-2024-27051 centers on the Linux kernel’s cpufreq/brcmstb-avs-cpufreq code. The underlying issue is that cpufreq_cpu_get could return NULL, risking a NULL dereference. The fix adds a check and returns 0 on error, as described in the advisory lines: “cpufreq_cpu_get may return NULL. To avoid NU...
CVE-2024-26969
In CVE-2024-26969, the Linux kernel clk: qcom: gcc-ipq8074 fix terminates frequency table arrays by adding an empty element at the end. Missing termination could cause out-of-bounds access when traversed by qcom_find_freq() or qcom_find_freq_floor(). The issue is fixed in the kernel code and only...
CVE-2024-36011
CVE-2024-36011 affects the Linux kernel where the Bluetooth HCI code could dereference a NULL pointer in hci_le_big_sync_established_evt(). The vulnerability is local (per CVSS vector: AV:L, AC:L, PR:L, UI:N) with a MEDIUM base score of 5.5 and an ADMIN/availability impact of HIGH. The connected ...
CVE-2024-27030
CVE-2024-27030 – Verified in connected advisories: the issue is fixed in the Linux kernel by introducing separate interrupt handlers for octeontx2-af, addressing a race condition where PF→AF and VF→AF interrupt vectors used the same handler, causing two CPUs to handle the same event and corrupt d...
CVE-2024-26958
CVE-2024-26958 is a Linux kernel vulnerability in the NFS direct write path that could cause use-after-free (refcount underflow) when completing nfs_direct_request twice in a row. A patch fixes the double-completion scenario; the CVSS 3.1 base score is 7.8 (High) with Local attack and High impact...
CVE-2024-27047
CVE-2024-27047 affects the Linux kernel: net: phy: fix phy_get_internal_delay accessing an empty array. The issue occurs when a driver calls phy_get_internal_delay without defining delay_values and rx-/tx-internal-delay-ps is 0 in device-tree, risking a NULL pointer dereference and kernel oops. A...
CVE-2021-47044
CVE-2021-47044 describes a Linux kernel issue in sched/fair/load_balance where sd->nr_balance_failed could grow unbounded if a task could not run on env->dst_cpu. The root cause was a potentially unbounded shift operation used to decide when to trigger an active balance, leading to extremel...
CVE-2024-26967
In CVE-2024-26967, the issue is in the Linux kernel clock framework for Qualcomm camcc-sc8280xp (clk: qcom: camcc-sc8280xp). The vulnerability arises because frequency table arrays are not terminated with an empty element, which can lead to out-of-bounds access when traversed by functions such as...
CVE-2024-27002
CVE-2024-27002 affects the Linux kernel mediatek clock controllers. Root cause: a mutual dependency between mt8183-mfgcfg and genpd during probing could deadlock with a runtime PM path. The fix: perform a runtime PM get on controllers during probe to ensure clk_register() does not acquire the gen...
CVE-2024-27011
CVE-2024-27011 is a Linux kernel memleak fix in netfilter nf_tables. Root cause: a combination of delete element and delete set from the abort path could restore twice the refcount of a mapping when the transaction object is not used for element removal. The fix adds a check for inactive elements...
CVE-2024-27010
CVE-2024-27010 is about a Linux kernel net/sched deadlock in mirred on classful egress qdiscs, fixed by introducing an owner field in the qdisc (preventing recursive locking). The connected Broadcom/Miracle/KOSS advisories include a note (AXSA:2025-9528/NASL) that Brocade Fabric OS before 10.0.0 ...
CVE-2024-27003
CVE-2024-27003 affects the Linux kernel clock framework. The issue arises when printing clk_state via debugfs without proper runtime PM synchronization, risking deadlock if a thread resuming a device also resumes in another thread. The fix removes the now-superfluous clk_pm_runtime_get/put calls ...
CVE-2024-27392
The CVE-2024-27392 entry concerns the Linux kernel nvme subsystem. A double-free occurred in ns_update_nuse() where kfree() ran after nvme_identify_ns() failed, freeing nvme_id_ns twice and triggering KASAN. The root cause is freeing the struct after identify_ns failure; the fix is to skip kfree(...
CVE-2024-27045
Summary: CVE-2024-27045 affects the Linux kernel DRM AMD display path (amdgpu_dm). The vulnerability is a potential buffer overflow in dp_dsc_clock_en_read() caused by unsafe snprintf usage. The patch tightens the snprintf output limit from 30 to 10 bytes, mitigating overflow. The issue is tied t...
CVE-2024-26964
Mode C: CVE-2024-26964 is present in MiracleLinux advisories (AXSA-2024-8481:17) and is described as a Linux kernel USB (xhci) issue: kzalloc() null path could lead to crash in xhci_map_urb_for_dma. The MiracleLinux advisories for AXSA-2024-8481 list affected products and advise upgrading to Mira...
CVE-2024-26983
CVE-2024-26983 is a Linux kernel issue about freeing xbc memory in bootconfig. The root cause was memblock_free() being used during xbc_exit() when memory may have already been handed to the buddy allocator, causing use-after-free (UAF) on certain architectures (e.g., CONFIG_ARCH_KEEP_MEMBLOCK di...
CVE-2021-47034
CVE-2021-47034 affects the Linux kernel on powerpc/64s with radix paging. Root cause: radix__set_pte_at() omits a ptesync when updating a PTE, risking out-of-order updates for kernel memory and spurious faults during patching. The fix adds a ptesync path in flush_cache_vmap() (to be invoked when ...
CVE-2024-27070
Summary (CVE-2024-27070): The Linux kernel f2fs subsystem is affected by a use-after-free in f2fs_filemap_fault. The root cause is that vmf->vma may be not alive after filemap_fault(), causing an invalid access to vmf->vma->vm_flags in trace_f2fs_filemap_fault. The fix is to keep vm_flag...
CVE-2024-26627
CVE-2024-26627 concerns the Linux kernel SCSI subsystem. The issue arises from calling and checking scsi_host_busy() with host locks during scsi_eh_wakeup(), which can serialize recovery when N hardware queues and queue depth M are large, leading to heavy overhead and, in worst cases, a hard lock...
CVE-2024-35933
CVE-2024-35933 affects the Linux kernel Bluetooth btintel path. The root cause is a NULL pointer dereference in btintel_read_version when hci_cmd_sync_complete() is triggered and skb is NULL, leading to hdev->req_skb being NULL. The issue can enable local exploitation scenarios as described in...
CVE-2024-26962
CVE-2024-26962 — Linux kernel (dm-raid/raid456 deadlock during reshape) Root cause: when a RAID-456 reshape is in progress, IO across the reshape position may wait for reshape progress. In the dm-raid path, certain states (read-only array, MD_RECOVERY_WAIT, MD_RECOVERY_FROZEN) caused reshape to f...
CVE-2024-53125
CVE-2024-53125 involves the Linux kernel BPF verifier. The issue occurs in sync_linked_regs() where subreg_def marks and range propagation can be incorrect, leading to an incorrect rewrite of BPF instructions when BPF_F_TEST_RND_HI32 is set. Publicly documented impact indicates potential misbehav...
CVE-2024-26996
Summary: CVE-2024-26996 relates to a use-after-free in the Linux kernel USB gadget NCM implementation. When the NCM function is active and the usb0 interface is brought down, an error in usb_ep_enable() may cause in_ep/out_ep to remain disabled. During ncm_disable(), gether_disconnect() is not ca...
CVE-2024-27049
CVE-2024-27049 is a Linux kernel issue affecting the wifi/mt76 driver for MT7925e. The root cause is a use-after-free in the shared IRQ handling (free_irq) when a device is deregistered. A patch set around the commit “[PATCH] Debug shared irqs” adds a test to ensure the shared IRQ handler won’t a...
CVE-2024-26968
CVE-2024-26968: In the Linux kernel, the clk: qcom: gcc-ipq9574 component fix terminates frequency table arrays with an empty element to prevent out-of-bounds access when traversing with qcom_find_freq() or qcom_find_freq_floor(). The patch adds the missing terminating entry; only compile-tested....
CVE-2024-27071
CVE-2024-27071 affects the Linux kernel backlight hx8357 driver. The root cause was a missing NULL check for ik pins in hx8357_probe(), which could lead to a NULL pointer dereference. The connected Astra Linux advisory confirms the issue is resolved in Linux kernel and cites the fix in hx8357_pro...
CVE-2024-26995
The CVE-2024-26995 issue affects the Linux kernel USB Type-C controller (tcpdm) code path, specifically pd_set handling in usb: typec: tcpm. The root cause is an off-by-one error where nr_snk_pdo and nr_src_pdo are incremented one time too many, causing loop index misalignment during Power Negoti...
CVE-2023-52649
CVE-2023-52649 refers to a Linux kernel issue where the DRM VKMS LUT reading could read beyond the LUT array when lut_index points to the last floor entry. The fix guards against the ceil LUT index reading past the end by using the floor LUT index value, preventing an out-of-bounds access. Public...
CVE-2024-26998
CVE-2024-26998 affects the Linux kernel serial subsystem, specifically the core path handling the circular buffer in the 8250 serial port code. The root cause is a mismatch between the buffer pointer state and head/tail positions during shutdown: the circular buffer is cleared (NULLified) under a...
CVE-2024-27031
CVE-2024-27031 (Linux kernel) : The NFS read path (nfs_netfs_issue_read) locked with xa_lock while submitting pages for writeback, but did not disable interrupts during iteration, creating a deadlock risk if an interrupt runs and touches the xa_lock. The fix replaces manual iteration with xa_for_...
CVE-2024-27033
The CVE-2024-27033 issue affects the Linux kernel’s f2fs filesystem code. The root cause described in the sources is a panic when verify_blkaddr() could be triggered due to a fault injected into f2fs_is_valid_blkaddr(), prompting removal of an unnecessary f2fs_bug_on() call. The advisory notes th...
CVE-2024-26975
CVE-2024-26975 affects the Linux kernel powercap/intel_rapl MMIO RAPL path. A NULL pointer dereference occurs when probing intel_rapl on platforms whose CPU ID is not in intel_rapl_common’s model list, because defaults_msr may be uninitialized after the cited commit. The fix adds a sanity check t...
CVE-2024-27068
CVE-2024-27068 – Linux kernel (Mediatek lvts_thermal): The vulnerability is a memory leak in an error path where, if devm_krealloc() fails, the efuse resource is leaked. The issue has been fixed by freeing the leaked efuse to prevent resource exhaustion. The CVE is described as a local-attack vec...
CVE-2024-27048
CVE-2024-27048 : Linux kernel wifi (brcm80211) vulnerability where kzalloc() may return NULL for pmk_op, risking a NULL dereference. The fix returns -ENOMEM from brcmf_pmksa_v3_op() when kzalloc() fails for pmk_op, mitigating local-exploit risk. Connected advisories ( MiracleLinux AXSA and IBM li...
CVE-2024-35855
CVE-2024-35855 : Linux kernel issue in mlxsw spectrum_acl_tcam caused a local use-after-free during activity update. The bug happens when the rule activity update traverses configured rules and reads ventry->entry, which can be concurrently changed by the rehash path. The fix closes the race b...