13804 matches found
CVE-2023-3777
CVE-2023-3777 is a use-after-free in Linux kernel nf_tables (netfilter). When nf_tables_delrule() flushes table rules, it may release objects if the chain is bound, enabling local privilege escalation. Mitigation: upgrade past commit 6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8 (Linux kernel versions...
CVE-2023-52661
The CVE-2023-52661 vulnerability concerns the Linux kernel DRM/TeGra module: rgb code path in tegra_dc_rgb_probe() lacked a clk_put() in error handling when clk_get_sys(..., pll_d2_out0) failed. The advisory items describe adding the missing clk_put and introducing a put_pll_d_out0 label to unwin...
CVE-2023-52663
The CVE-2023-52663 entry concerns a memory‑leak in the Linux kernel: ASoC: SOF: amd: amd_sof_acp_probe() allocated fw_code/bin and fw_data/bin with kasprintf() but never freed via kfree(), causing a leak. The fix switches to devm_kasprintf() and adds a pointer validity check to ensure allocation ...
CVE-2024-26786
CVE-2024-26786 : Linux kernel iommufd flaw where iopt_access_list_id could be overwritten in iopt_add_access(), causing a mismatch between the access pointer and its list during iommufd_access_change_ioas() path. Syzkaller reported a WARN_ON related to this, and the fix adds a new_id and updates ...
CVE-2024-35845
CVE-2024-35845 : In the Linux kernel, the wifi iwlwifi dbg-tlv path (iwl_fw_ini_debug_info_tlv) could be used to trigger a denial-of-service through an improperly terminated string. The root cause is a missing NUL termination, which could be exploited remotely (network) and yields a CRITICAL impa...
CVE-2024-35969
CVE-2024-35969 : Linux kernel vulnerability describing a race between ipv6_get_ifaddr and ipv6_del_addr when iterating inet6_addr_lst under RCU. The issue can allow a freed or invalid memory to be returned due to a window where the reference count reaches zero if ipv6_del_addr and ipv6_get_ifaddr...
CVE-2024-35976
CVE-2024-35976 : In the Linux kernel, a proposed input validation bug in XDP_SOCKET options (XDP_{UMEM|COMPLETION}_FILL_RING) allowed a read of 4 bytes via an invalid @optlen path in xsk_setsockopt, tracked by syzbot with KASAN slab-out-of-bounds. The issue arises during setsockopt handling and i...
CVE-2024-35979
The connected MiracleLinux AXSA advisory documents CVE-2024-35979 and describes the Linux kernel raid1 use-after-free in raid1_write_request() where r1_bio->bios[] temporarily pointed to the original bio and could be freed if a blocked rdev was encountered, freeing the underlying bios. The mit...
CVE-2024-39479
CVE-2024-39479 affects the Linux kernel (drm/i915) and is caused by device-managed resources in hwmon and hwmon drvdata not reliably released in a defined order on device unbind, creating a potential use-after-free if hwmon is accessed after drvdata is freed. The public details confirm two releas...
CVE-2024-39480
CVE-2024-39480 is a Linux kernel vulnerability where kdb tab-complete could cause a buffer overflow by using strncpy() with the source buffer size instead of the destination. The fix replaces these strncpy() calls with boundary-checked memmove()/memcpy() operations to prevent overflow during symb...
CVE-2024-40974
CVE-2024-40974 (Linux kernel, powerpc/pseries) is a local concern where plpar_hcall() and plpar_hcall9() expect valid, explicitly-sized result buffers; historically, only in-code comments signaled minimum sizes, risking stack corruption when a caller used undersized buffers. The affected code now...
CVE-2024-43828
CVE-2024-43828 : Linux kernel ext4 contains a fix for an infinite loop during fast_commit replay. The root cause was an uninitialized extent_status struct in ext4_ext_determine_insert_hole() calling ext4_es_find_extent_range() which returned early, leaving a garbage es and enabling an integer ove...
CVE-2024-44965
CVE-2024-44965 is a Linux kernel vulnerability where pti_clone_pgtable() made alignment assumptions (PMD alignment) on the start address, which is valid on x86_64 but not on i386, causing the end condition to malfunction and potentially a short clone of user mappings. The issue could lead to trap...
CVE-2024-46795
CVE-2024-46795 affects the Linux kernel when using ksmbd over a reused connection with binding sessions. A null pointer dereference can occur in the SMB 3.1 encryption key path: a reused binding session may leave Preauth_HashValue NULL, which is used as input to crypto_shash_update() during key g...
CVE-2024-46828
CVE-2024-46828 affects the Linux kernel schedulers, specifically the cake qdisc’s host-fairness logic. A hash-collision interaction could trigger an unintended decrement of per-host bulk-flow counters when a flow’s state changes, and when host fairness is enabled this could wrap a per-host counte...
CVE-2024-47659
CVE-2024-47659 - Linux kernel Smack labeling flaw (tcp/ipv4) Unity/Ten able advisories summarize a kernel issue in Smack where the label of incoming tcp/ipv4 connections is mirrored from the initiator, causing return packets to be labeled with the initiator’s CIPSO label. This results in two conc...
CVE-2024-47719
CVE-2024-47719 (Linux kernel) concerns iommufd:ALIGN() overflow during iova allocation, which can corrupt the selected area range. The fix caps the automatic alignment to the huge page size to prevent fragmentation/space waste and Overflow, per the advisory. Affected component: iommufd/io_pagetab...
CVE-2024-50013
CVE-2024-50013 in the Linux kernel fixes a memory leak in the exfat driver. If the first directory entry in the root is not a bitmap directory entry, the buffer head ('bh') may not be released and reassigned, causing a memory leak in exfat_load_bitmap(). The patch fixes the leak by ensuring prope...
CVE-2024-50153
CVE-2024-50153 — Linux kernel null pointer dereference in target_alloc_device() The Astra Linux advisory (and linked sources) confirm a vulnerability in the Linux kernel's SCSI target core (target_alloc_device) where memory allocation for device queues could fail before dev.transport is initializ...
CVE-2024-50197
CVE-2024-50197 : In the Linux kernel, the pinctrl: intel: platform path fixes a memory leak in the device_for_each_child_node() error path. The bug occurred because there was an early return in intel_platform_pinctrl_prepare_community() where fwnode_handle_put() was not called to drop a reference...
CVE-2024-50215
CVE-2024-50215 : The issue is in the Linux kernel nvmet-auth path. The controller key cb ctrl->dh_key could be reused after being freed in nvmet_destroy_auth() due to not nulling the pointer after kfree_sensitive. The fix, as cited in the connected Astra Linux/IBM/NVD entries, is to assign dh_...
CVE-2024-50216
This CVE (CVE-2024-50216) is described in a MiracleLinux advisory as a Linux kernel XFS issue: the last-resort AG selection in xfs_filestream_pick_ag could leak an uninitialized pag when the code path falls back to an online AG. Root cause: the loop used pag as an iterator while later code expect...
CVE-2024-53101
CVE-2024-53101 concerns the Linux kernel: a fix for an uninitialized value in from_kuid/from_kgid was applied. The issue arose when ocfs2_setattr() referenced attr->ia_mode, ia_uid, and ia_gid in a trace point even if ATTR_MODE/ATTR_UID/ATTR_GID weren’t set. The patch initializes all fields of...
CVE-2024-53171
CVE-2024-53171 affects the Linux kernel ubifs authentication path. The published details describe a use-after-free in ubifs_tnc_end_commit arising when a node’s znode->parent changes due to a tree split, while the node’s znode->cparent may still point to freed memory after deletions. The is...
CVE-2024-53681
CVE-2024-53681 : In the Linux kernel nvmet subsystem, the code path nvmet_root_discovery_nqn_store mishandled the subsysnqn string as a fixed-size buffer even though it is allocated to the string size. The root cause is buffer overrun risk when the subsysnqn is longer than the old buffer. The fix...
CVE-2024-56572
CVE-2024-56572 : In the Linux kernel, the media: platform: allegro-dvt path fixes a memory-leak in allocate_buffers_internal(). The buffer allocated in the loop may leak if not released on the exception path; the fix ensures the buffer is freed when allegro_alloc_buffer fails. This addresses a lo...
CVE-2024-56677
CVE-2024-56677 (Linux kernel, powerpc fadump) : The issue arises during early init when CMA_MIN_ALIGNMENT_BYTES can be PAGE_SIZE because pageblock_order is not yet initialized. This bypasses the CMA memory alignment check in cma_init_reserved_mem(), allowing a potential misalignment that can trig...
CVE-2024-56718
CVE-2024-56718 affects the Linux kernel’s net/smc path where a link-down work item could run after the LGR object was freed, potentially crashing the kernel due to list corruption in the workqueue path. The description in multiple sources confirms the root cause: scheduling link-down work before ...
CVE-2024-56755
CVE-2024-56755 : In the Linux kernel, the FSCACHE_VOLUME_CREATING path in netfs/fscache has a missing memory barrier between the bit-clearing operation and the wake-up, allowing a wake-up to occur before the clearing is detected and potentially causing an indefinite wait. The triggering sequence ...
CVE-2024-57939
CVE-2024-57939 affects the Linux kernel on riscv where die() can be invoked in an exception handler and uses spinlock_t, which may sleep with PREEMPT_RT enabled. This causes a kernel warning (BUG: sleeping function called from invalid context) and potential instability. The fix switches to raw_sp...
CVE-2025-21637
The provided Connected documents confirm CVE-2025-21637 concerns the Linux kernel SCTP sysctl handling of udp_port, where the code path uses current->nsproxy, risking incorrect netns context and potential null dereference. The issue is described as due to accessing net/ns data via the current ...
CVE-2025-21708
The CVE-2025-21708 issue affects the Linux kernel rtl8150 USB driver. It stems from wrong USB endpoint handling during URB submission. Mitigation in the current patch is to enable basic endpoint checking (bulk/interrupt endpoints) to reduce the risk, with cosmetic changes planned later. Exploit d...
CVE-2025-21735
CVE-2025-21735 affects the Linux kernel NFC (nci) component, specifically nci_hci_create_pipe(). The pipe value is a net-sourced u8; if it exceeds 127, it can cause memory corruption in the caller, nci_hci_connect_gate(), per the advisory. The description confirms the issue has been resolved in t...
CVE-2025-21763
Summary of CVE-2025-21763 : In the Linux kernel, __neigh_notify() can be invoked without RTNL or RCU protection, creating a potential use-after-free (UAF) scenario in neighbour handling. The mitigation is to apply RCU protection to neighbour notifications to prevent UAF. Connected advisories corr...
CVE-2025-21925
CVE-2025-21925 : In the Linux kernel, a vulnerability was fixed where skb_get() could be used before dev_queue_xmit() when a shared skb is processed (e.g., with IFF_TX_SKB_SHARING). The documented exploit path involves syzbot crashing a host via the llc_sap_action_send_test_c path, with the e1000...
CVE-2025-39755
CVE-2025-39755 affects the Linux kernel (staging: gpib) where the pcmcia_driver struct used the old .name initialization in the drv field, causing a NULL pointer dereference in strcmp during pcmcia_register_driver. The fix is to initialize the pcmcia_driver struct name field. Impact is a local at...
CVE-2010-3301
Summary: CVE-2010-3301 affects the Linux kernel IA32 system call emulation on x86_64 where the 32‑bit entry path to ptrace does not zero‑extend %eax, enabling local privilege escalation via an out‑of‑bounds access to the syscall table. Impact: local users can gain privileges. Affected versions: k...
CVE-2013-0871
CVE-2013-0871 refers to a race condition in the Linux kernel’s ptrace implementation (PTRACE_SETREGS) that could allow a local user to gain privileges. The issue is in kernels prior to 3.7.5, with the ChangeLog for 3.7.5 documenting the fix. Affected component: Linux kernel (pre-3.7.5); root caus...
CVE-2014-3690
CVE-2014-3690 affects arch/x86/kvm/vmx.c in the Linux kernel’s KVM subsystem on Intel, where the CR4 control register value may not be preserved across VM entries. The vendor-provided details in connected Nessus advisories describe a local attacker with access to /dev/kvm who can kill arbitrary p...
CVE-2014-7842
The CVE-2014-7842 issue affects the Linux kernel’s arch/x86/kvm/x86.c; a race condition prior to 3.17.4 can allow a guest OS user to trigger an MMIO/PIO‑driven emulation error report, causing a guest crash (denial of service). Public notes in Nessus advisories reference CVE-2010-5313 as related. ...
CVE-2015-7613
CVE-2015-7613 is a Linux kernel race condition in the IPC object implementation (up to version 4.2.3) that can allow a local unprivileged user to escalate privileges by triggering ipc_addid, which uses uid/gid values from uninitialized data (topics include msg.c, shm.c, util.c). Connected sources...
CVE-2015-7799
The CVE-2015-7799 issue affects the Linux kernel, specifically slhc_init in drivers/net/slip/slhc.c, up to version 4.2.3. The vulnerability arises because the function does not validate certain slot numbers, allowing a local user to trigger a denial of service via a crafted PPPIOCSMAXCID ioctl ca...
CVE-2017-16649
CVE-2017-16649 affects the Linux kernel up to version 4.13.11. The vulnerable code is usbnet_generic_cdc_bind in drivers/net/usb/cdc_ether.c. Exploitation requires local access and a crafted USB device, which can trigger a divide-by-zero error and system crash, with possible other impact. The con...
CVE-2021-29657
CVE-2021-29657 affects the Linux kernel KVM SVM nested virtualization (AMD). A TOCTOU race in arch/x86/kvm/svm/nested.c/nested_svm_vmrun allows a guest to bypass interception checks and corrupt the saved L1 host context, potentially enabling a guest-to-host influence over host MSR state via neste...
CVE-2021-47289
CVE-2021-47289 in the Linux kernel fixes a NULL pointer dereference in ACPI: utils when calling acpi_dev_put() on a possibly NULL pointer. The patch makes acpi_dev_put() silently accept NULL (avoiding downcalls with a NULL offset). The public advisory notes the change as part of resolving the ACP...
CVE-2021-47321
CVE-2021-47321 : Linux kernel watchdog use-after-free due to del_timer() not waiting for the timer handler. The issue occurs in the driver remove path, where a timer may still be running after removal, risking a use-after-free. The fixed path uses del_timer_sync() to wait for the timer handler to...
CVE-2022-3106
The connected Astra Linux advisory and the CVE entry confirm CVE-2022-3106 affects the Linux kernel up to 5.16-rc6, where ef100_update_stats (drivers/net/ethernet/sfc/ef100_nic.c) does not check the return value of kmalloc(). The lack of a kmalloc() return check is the root cause; without it, all...
CVE-2022-49290
CVE-2022-49290 affects the Linux kernel mac80211 mesh code. A double-free could occur in ieee80211_join_mesh() when rejoining a mesh, after a prior fix in ieee80211_leave_mesh() leaked memory. The root cause was a freed old_ie during copy_mesh_setup() in join, which could lead to memory corruptio...
CVE-2022-49322
The CVE-2022-49322 issue affects the Linux kernel in PREEMPT_RT builds when bootparams include trace_event=initcall:initcall_start tp_printk=1. In this scenario, output_printk() triggers a sleepable rt-spinlock usage via rt_spin_lock, causing a sleeping function to be called from an invalid conte...
CVE-2022-49442
CVE-2022-49442 pertains to the Linux kernel: the compaction sysfs file created by compaction_register_node in drivers/base/node.c was not removed in unregister_node, allowing a leaked sysfs file. The issue is fixed by applying compaction_unregister_node. According to the provided documents, the v...