CVE-2022-49590

Summary : CVE-2022-49590 targets the Linux kernel IGMP subsystem, specifically a data race in reading sysctl_igmp_llm_reports that can occur when the value is changed concurrently. The documented fix adds READ_ONCE() to readers of net.ipv4.sysctl_igmp_llm_reports to prevent races. The vulnerabili...

CVE-2022-49642

CVE-2022-49642 concerns the Linux kernel: the Synopsys DWC Ethernet driver (net: stmmac: dwc-qos) on Tegra194 can crash the system when the split header feature is enabled, due to an unexpected buffer length that can overflow the total buffer length calculation. NVIDIA feedback indicates split he...

CVE-2022-49675

Summary (CVE-2022-49675): In the Linux kernel, the function tick_nohz_full_setup() is exported while annotated with init , which risks a use-after-free of the init text and kernel panic. The issue was detected after a section-mismatch warning from modpost and fixed by the commit 28438794aba4 (“mo...

CVE-2023-32250

CVE-2023-32250 : A race condition in the Linux kernel ksmbd SMB server’s handling of SMB2_SESSION_SETUP commands due to missing locking can allow an attacker to execute code in kernel context. The vulnerability is tied to the in-kernel ksmbd implementation and is reflected in multiple advisories ...

CVE-2023-32820

CVE-2023-32820 affects MediaTek wlan firmware. The issue arises from improper input handling that can trigger a firmware assertion, potentially enabling remote denial of service without extra privileges or user interaction. Public details consistently reference a patch ID ALPS07932637 (and ALPS07...

CVE-2023-4015

CVE-2023-4015 describes a use-after-free in the Linux kernel nf_tables component of netfilter, enabling local privilege escalation. The issue arises when building a nftables rule: deactivating immediate expressions in nft_immediate_deactivate() can unbind a chain and deactivate objects that are l...

CVE-2023-52796

CVE-2023-52796 affects the Linux kernel ipvlan subsystem. The issue is a stack-based overflow risk related to ipvlan_route_v6_outbound and the outbound path, exploited via crafted IPv6/ipv4 traffic, as reported by syzbot. The fix moves the flowi6 route-lookup struct into a non-inline helper and r...

CVE-2023-52837

In CVE-2023-52837, the Linux kernel fixed a use-after-free in nbd_open triggered when a disk is opened after nbd_put() because disk->private_data could still reference freed memory. The fix adds a dedicated ->free_disk hook that frees the private data as part of disk cleanup (blk_cleanup_di...

CVE-2024-26945

CVE-2024-26945 affects the Linux kernel crypto: iaa code. The root cause is when nr_cpus = 1 when nr_iaa > 0 or when nr_iaa == 0. If exploitation details or versioned fixes are needed, refer to the kernel patch references in the CVE record.

CVE-2024-35795

CVE-2024-35795 : In the Linux kernel, a deadlock was fixed in the AMDGPU driver when reading the MQD via debugfs. The issue arose from a circular locking dependency between mmap_lock and the reservation_ww_class_* locks during a read path implemented in amdgpu_debugfs_mqd_read. The reverse-lock c...

CVE-2024-35897

CVE-2024-35897 – Normalized details: In the Linux kernel, a nf_tables (netfilter) issue was resolved: when performing a table flag update with a pending basechain deletion, hook unregistration is deferred to the commit phase. This sequence can delete a basechain while its hook remains registered ...

CVE-2024-35954

The CVE-2024-35954 issue concerns the Linux kernel SCSI sg teardown race: sg_remove_sfp_usercontext() may call sg_device_destroy() after scsi_device_put() has released the last reference to the parent scsi_device, causing the parent queue pointer to be NULL and a crash. A connected Astra Linux ad...

CVE-2024-35983

CVE-2024-35983 : The Vuln resides in the Linux kernel, caused by incorrect bits_per() rounding for power-of-two CONFIG_NR_CPUS, leading to crashes on certain machines/configs. Public advisories (Unity UTSA-2025-992928) confirm the vulnerability has been resolved in kernel updates. Affected compon...

CVE-2024-38553

CVE-2024-38553 affects the Linux kernel net/fec driver by removing the .ndo_poll_controller implementation to avoid deadlocks. The root cause is that netpoll runs in an atomic context and disable_irq() (which may sleep) is invoked via the .ndo_poll_controller interface in sungem; fec_poll_control...

CVE-2024-38605

CVE-2024-38605 : In the Linux kernel, the ALSA core code fixed a NULL module pointer handling during snd_card initialization. The patch moves the assignment of card->module outside the MODULE check to ensure the driver’s module reference is correctly tracked when the core is built-in but the c...

CVE-2024-39282

CVE-2024-39282 : Linux kernel vulnerability in net: wwan: t7xx where the FSM command timeout handling can lead to a fault when an asynchronous worker finishes after the main thread releases its completion object. The issue manifests as a page fault (CR2 fffffffffffffff8) in complete_all during FS...

CVE-2024-39491

CVE-2024-39491: In the Linux kernel ALSA: hda cs35l56 driver, the cs_dsp instance was created in probe() but could be used after a remove/rebind cycle, as cs_dsp_remove() was only called on the unbind path and not on error paths. The fix initializes cs_dsp in probe() so failure can be detected ea...

CVE-2024-42305

CVE-2024-42305 affects the Linux kernel ext4, where a dir-indexing edge case could trigger out-of-bounds access during directory entry splitting when the first two entries are not dot/dotdot. The description and connected material explain that make_indexed_dir() assumed the first two dirents are ...

CVE-2024-42321

CVE-2024-42321 affects the Linux kernel, specifically the net: flow_dissector path. The issue arises from a splat triggered by __skb_flow_dissect in flow_dissector.c, linked to __skb_get_hash() usage by nftables tracing. Upstream fixes introduce DEBUG_NET_WARN_ON_ONCE and align with the patch d1d...

CVE-2024-43846

CVE-2024-43846 (Linux kernel, lib/objagg): The issue is due to nesting of objects during aggregation based on hints, where a parent object could be nested under another, bypassing a required check. The vulnerability leads to a general protection fault when nesting occurs in the hints-based aggreg...

CVE-2024-44958

CVE-2024-44958 – Linux kernel SMT scheduling fix : The issue was a balance error in sched_smt_present where, if cpuset_cpu_inactive() fails during cpu offline, sched_smt_present is decremented before sched_cpu_deactivate(), causing an unbalanced dec/inc pair. The patch increments sched_smt_presen...

CVE-2024-45016

CVE-2024-45016 concerns the Linux kernel netem subsystem. A bug in netem_enqueue() caused by a prior commit can trigger a use-after-free when a packet is duplicated. The faulty behavior makes NET_XMIT_SUCCESS be returned when the duplicate is enqueued, potentially causing the parent qdisc’s qlen ...

CVE-2024-46787

CVE-2024-46787 : In the Linux kernel, fixes were applied to “userfaultfd: fix checks for huge PMDs” to address races around pmd_trans_huge() checks in mfill_atomic(). The description notes three variants: (1) a racy pmd_trans_huge() check could trigger a BUG_ON() and, on older kernels (= 6.5) shm...

CVE-2024-47687

The CVE-2024-47687 issue affects the Linux kernel mlx5/vdpa path. It fixes an invalid MR resource destroy where error paths could release uninitialized MR resources. The patch adds a missing check in mlx5_vdpa_destroy_mr_resources() to block destroying non-initialized MR resources, addressing a N...

CVE-2024-50027

CVE-2024-50027 is a Linux kernel Use-After-Free vulnerability in the thermal subsystem (thermal: core) where the tzp object could be accessed after freeing it in thermal_zone_device_unregister(). Miracle/OS advisory notes the fix moves the Free tzp copy to after the removal completes, preventing ...

CVE-2024-50120

CVE-2024-50120 affects the Linux kernel SMB client. The vulnerability stems from missing checks for kstrdup failures when duplicating passwords in smb3_reconfigure(), leading to ses->password or ses->password2 allocation failures. The documented remediation is to return -ENOMEM if ses->p...

CVE-2024-50194

The CVE-2024-50194 issue affects the Linux kernel arm64 uprobes on big-endian kernels, where in-memory instruction encoding (little-endian) was not converted to the kernel nativ e endianness before analysis and simulation. Consequences could include rejecting probeable instructions, unsafe out-of...

CVE-2024-53061

CVE-2024-53061 affects the Linux kernel media: s5p-jpeg path, where the current logic allowed a word to be less than 2, risking buffer overflows. The fix adds extra checks to prevent small-word underflow and buffer overflows, as reported by the patch notes. Additionally, an unused assignment (wor...

CVE-2024-56775

CVE-2024-56775 concerns the Linux kernel DRM/AMD display stack. The issue is in the plane state backup/restore flow where the plane refcount is not preserved, risking memory leaks if the refcount should decrease or double frees/invalid memory accesses if it should increase during state transition...

CVE-2024-57911

In CVE-2024-57911, a Linux kernel vulnerability in iio: dummy caused potential information leakage via a triggered buffer. The data buffer allocated with kmalloc() was not initialized for inactive channels, risking uninitialized data being pushed to userspace. The root cause is that iio_for_each_...

CVE-2024-58072

CVE-2024-58072 corresponds to a Linux kernel issue in the rtlwifi subsystem. The fix removes an unused private-data hook (check_buddy_priv) and related data structures that were added to a global private data list. The description states the list and lock were unused and could lead to access of f...

CVE-2025-21727

CVE-2025-21727 : Linux kernel issue in padata_reorder causing a use-after-free in padata_find_next under certain race conditions. The provided connected documents confirm a KASAN UAF scenario when a parallel padata_reorder/serial flow frees Pd too early and later calls padata_find_next. The remed...

CVE-2025-21779

The CVE-2025-21779 entry concerns Linux kernel KVM on x86 where Hyper-V SEND_IPI/SEND_IPI_EX hypercalls are advertised only when the local APIC is emulated/virtualized by KVM. The fix rejects these hypercalls if the local APIC is emulated in userspace, preventing a NULL-pointer dereference when H...

CVE-2025-21821

CVE-2025-21821 affects the Linux kernel; specifically the fbdev/omap framebuffer code. The issue arises when using touchscreen with framebuffer, causing a crash (scheduling while atomic) in the driver path related to LCD DMA. The provided advisory notes the root cause is tied to IRQ handling for ...

CVE-2015-5366

The referenced sources confirm two Linux kernel UDP-handling flaws fixed in version 4.0.6: CVE-2015-5364 and CVE-2015-5366. Affected component: UDP and UDPv6 receive paths (udp_recvmsg and udpv6_recvmsg) in the Linux kernel prior to 4.0.6. Root cause: improper handling of UDP checksums, allowing ...

CVE-2015-6937

The CVE-2015-6937 issue is in the Linux kernel (net/rds/connection.c: __rds_conn_create) and allows a local user to trigger a NULL pointer dereference and DoS by using an unbound socket. CVE-2015-7990 is a related race condition in net/rds/sendmsg.c (rds_sendmsg) that can cause DoS; both rely on ...

CVE-2017-16526

CVE-2017-16526 affects the Linux kernel driver code drivers/uwb/uwbd.c up to version 4.13.5; a crafted USB device could trigger a general protection fault and system crash via local access, potentially causing denial of service or other impact. The connected Unity Linux advisories (UTSA-2026-0016...

CVE-2017-8925

Technical details beyond the description are not provided in the supplied documents. The provided materials confirm CVE-2017-8925 affects the Linux kernel omninet_open and describes a local denial of service due to reference-count mishandling; no further specifics are available here. Monitor for ...

CVE-2019-19064

CVE-2019-19064 describes a memory leak in Linux kernel’s fsl_lpspi_probe() (drivers/spi/spi-fsl-lpspi.c) that can cause a denial of service via memory consumption by triggering pm_runtime_get_sync() failures, affecting kernels up to 5.3.11. The vulnerability is referenced in multiple advisories (...

CVE-2020-36557

CVE-2020-36557: A race condition in the Linux kernel before 5.6.2 between VT_DISALLOCATE and closing/opening ttys can cause a use-after-free. Affected software: Linux kernel versions prior to 5.6.2. Impact per available data: potential use-after-free with availability impact; no explicit exploita...

CVE-2020-9391

CVE-2020-9391 affects the Linux kernel on AArch64 (versions 5.4 to 5.5.6). The top byte of the address passed to brk is ignored, potentially moving the program break downward instead of upward, which can cause heap corruption in glibc malloc. Public sources in the connected documents consistently...

CVE-2021-47073

CVE-2021-47073 concerns a Linux kernel issue in platform/x86 dell-smbios-wmi where unregistering the driver occurred unconditionally, causing a kernel oops at module removal. The fix ensures unregister happens only under the same condition as registration (Dell WMI support). Affects the Dell WMI ...

CVE-2021-47097

CVE-2021-47097 : In the Linux kernel, the elantech PS/2 driver has a stack-based out-of-bounds access in elantech_change_report_id(), caused by an array param[] that must be at least 3 bytes while elantech_read_reg_params() calls ps2_command() with 3 bytes. The stack was only 2 bytes, enabling a ...

CVE-2021-47098

CVE-2021-47098 affects Linux kernel hwmon lm90, where setting the hysteresis value could overflow/underflow when the temperature limit is MAX_LONG with a negative critical limit. The root cause was an integer overflow/underflow in hysteresis calculations after a prior fix; the resolution introduc...

CVE-2021-47505

CVE-2021-47505 in the Linux kernel: use-after-free when polling signalfd or binder fds with aio poll due to POLLFREE not being handled. The PATCH by Ramji Jiyani fixes aio_poll_wake() handling POLLFREE and avoids deadlock by ensuring waitqueue freeing is RCU-delayed, aligning with eventpoll behav...

CVE-2022-48975

CVE-2022-48975 concerns a memory leak in Linux kernel GPIO handling. The backtrace shows the leak occurs during gpiochip_setup_dev() when registering GPIO devices, with resources allocated in device_private_init() not released on error paths. The fix moves the release logic to use put_device() to...

CVE-2022-49345

The CVE-2022-49345 issue affects the Linux kernel’s net: xfrm subsystem, where __init-annotated xfrm4_protocol_init() is exported via EXPORT_SYMBOL, causing use-after-free risk when __init and EXPORT_SYMBOL co-exist. The root cause is the .init text is freed after init, so modules could access fr...

CVE-2022-49519

The CVE-2022-49519 issue concerns the Linux kernel wireless driver ath10k. A double invocation of ath10k_halt during a suspend sequence could occur when FW recovery triggered by ath10k_core_restart() interleaves with suspend, freezing the restart worker and causing ath10k_htt_rx_free() to be free...

CVE-2022-49638

CVE-2022-49638 affects the Linux kernel ICMP subsystem. It arises from data races when reading icmp sysctl variables, which can be changed concurrently. The fix adds READ_ONCE() around these reads. According to the descriptor, impact is Availability (HIGH) with no confidentiality or integrity imp...

CVE-2022-49651

CVE-2022-49651 affects the Linux kernel. The advisory states that cleanup_srcu_struct() now checks for a grace period that is started but not yet started, addressing a potential use-after-free (UAF). It is resolved by a commit tightening GP checks in cleanup_srcu_struct(), with references to kern...