CVE-2024-35890

CVE-2024-35890 : In the Linux kernel, a GRO (generic receive offload) fraglist ownership transfer bug can lead to use-after-free/dos conditions when packets are GROed with fraglist. The issue arises because skb_gro_receive_list removes the socket reference but the skb_segment_list may reuse skbs ...

CVE-2023-52777

CVE-2023-52777 affects the Linux kernel ath11k wifi driver. The gtk offload status event handler called ath11k_mac_get_arvif_by_vdev_id() was not in an RCU read-side critical section, risking use-after-free on active pdevs protected by RCU. The fix marks this code path as an RCU read-side critica...

CVE-2024-26825

CVE-2024-26825 refers to a Linux kernel vulnerability where the rx_data_reassembly skb could leak if the NCI device was deallocated before fragmentation processing completed. The root cause is that rx_data_reassembly skb is bound to the NCI device and, if the device is freed early, the skb could ...

CVE-2024-27053

CVE-2024-27053 affects the Linux kernel WiFi Wilc1000 driver in the connect path. The root cause is incorrect RCU usage in wilc1000/hif.c during target BSS parameter parsing in the cfg80211 connect flow, which can dereference an RCU pointer outside an RCU critical section. A fix moves the RCU-der...

CVE-2024-27404

CVE-2024-27404 (Linux kernel) : A data race on remote_id in mptcp was fixed. The issue was resolved by adding appropriate ONCE annotations to the remote_id path to prevent races. Patches were applied in stable Linux kernels (see linked git.kernel.org patches). The CVSS v3.1 vector indicates a Loc...

CVE-2024-36967

CVE-2024-36967 - Normal details available The Astra Linux bulletin and IBM/Kern sources confirm a Linux kernel vulnerability CVE-2024-36967 related to a memory leak in KEYS trusted: tpm2_key_encode() where the 'scratch' buffer was not freed. The bug is resolved by freeing scratch on both success ...

CVE-2024-40923

Public details about CVE-2024-40923 in the provided documents are limited to the initial description; no additional technical specifics (affected products/versions/fix) are provided.

CVE-2024-41057

CVE-2024-41057: Linux kernel fix for slab-use-after-free in cachefiles_withdraw_cookie() during FSCACHE withdrawal. The issue could occur when a cache volume is freed while cookie lookups are in flight, leading to UAF on cachefilesVolume. The recommended fix/process order is to call fscache_withd...

CVE-2024-41080

CVE-2024-41080 concerns the Linux kernel and describes a deadlock risk in io_uring when locking order is not respected in io_register_iowq_max_workers. The root cause is that io_put_sq_data() can be called while uring_lock is held, risking deadlock with sqd->lock. The documented fix releases u...

CVE-2024-42258

The CVE-2024-42258 entry relates to a Linux kernel issue where 32-bit x86 builds using the CONFIG_X86_32 path mishandled huge page alignment. The fix was to stop forcing a specific alignment on 32-bit systems by relying on !CONFIG_64BIT, which should cover all 32-bit machines. The connected docum...

CVE-2024-42316

CVE-2024-42316 : Linux kernel fix for div-by-zero in vmpressure_calc_level() within mm/mglru evictions. The issue arose in the second pass of evict_folios(), where deducting scan_control->nr_scanned could underflow nr_scanned if folio_trylock() failed, causing the divisor scale = scanned + rec...

CVE-2024-43854

The CVE-2024-43854 entry relates to the Linux kernel vulnerability where the integrity buffer used for media writes was not zero-initialized. Root cause: metadata allocated by bio_integrity_prep used plain kmalloc, risking writing random kernel memory into media; PI metadata exposure is limited, ...

CVE-2024-44984

CVE-2024-44984 (Linux kernel) is resolved by removing the dma_unmap_page_attrs() call from the bnxt_en driver XDP_REDIRECT path to stop double DMA unmapping. The bug previously triggered a warning in iommu_dma_unmap_page (CPU warning trace shown in the kernel log) due to DMA mapping handling not ...

CVE-2024-44992

CVE-2024-44992 affects the Linux kernel CIFS/SMB client. A NULL dereference could occur in add_credits() when rdata->credits.value != 0 and rdata->server == NULL, due to missing server pointer checks. The fix (commit 519be989717c) adds a guard for rdata->server to prevent dereferencing s...

CVE-2024-46826

The CVE-2024-46826 issue is a concrete Linux kernel vulnerability where the ELF loader uses kernel.randomize_va_space twice, allowing potential inconsistency of the randomization value across an exec. The root cause is a double read of the sysctl value, which can change over time, potentially cau...

CVE-2024-46860

CVE-2024-46860 refers to a Linux kernel vulnerability in the wifi subsystem: mt76 mt7921 code path may dereference a NULL mvif->phy when mt7921_ipv6_addr_change is invoked as a notifier while disabling wifi. The description states the fix prevents access to a NULL mvif->phy, addressing a NU...

CVE-2024-47705

The CVE CVE-2024-47705 (block: fix potential invalid pointer dereference in blk_add_partition) is resolved in the Linux kernel. The issue occurred when blk_add_partition() changed error handling from a single IS_ERR(part) test to handle -ENXIO separately, which unintentionally allowed a path wher...

CVE-2024-47754

CVE-2024-47754 affects the Linux kernel media/mediatek vcodec H264 multi stateless decoder. The issue arises from a smatch static checker warning in vdec_h264_req_multi_if.c, which can trigger a kernel crash when fb is NULL. The connected documents confirm fixes in the kernel (repairs to the smat...

CVE-2024-49939

CVE-2024-49939 relates to the Linux kernel WiFi driver rtw89. When a SER L2 event occurs during WoWLAN resume, ieee80211_reconfig() can trigger an add-interface flow that may run twice if rtw89_wow_resume() returns a failure, causing a double list add and a kernel panic. The description states th...

CVE-2024-49944

CVE-2024-49944: In the Linux kernel SCTP path, sctp_listen_start() did not reset sk_state when sctp_autobind() failed, so after a failed autobind, a subsequent sctp_inet_listen() could observe sctp_sk(sk)->reuse with sk_state LISTENING and dereference bind_hash (NULL), causing a NULL dereferen...

CVE-2024-50051

CVE-2024-50051 (Linux kernel) affects the mpc52xx SPI driver. The issue arises when a module is removed while a scheduled work item (ms->work) is still alive, because ms is freed via spi_unregister_controller but the work item may still be executed, enabling a use-after-free scenario. The fix ...

CVE-2024-50070

Technical details for CVE-2024-50070 are not provided in the connected documents. Monitor for updates from the kernel advisories and OSV/USN entries to obtain affected products, affected versions, impact, and fixes.

CVE-2024-53079

CVE-2024-53079 affects the Linux kernel THP path (mm/thp): a fix for deferred split unqueue naming and locking aims to address races that could corrupt the THP deferred split queues and related memcg interactions. Under heavy load, long-standing races could lead to list_del corruptions, bad_page ...

CVE-2024-53085

CVE-2024-53085 (Linux kernel) describes a race in TPM handling during suspend/read paths. The fix locks the TPM chip before checking chip flags in both tpm_pm_suspend() and tpm_hwrng_read(), and relocates TPM_CHIP_FLAG_SUSPENDED checking inside tpm_get_random() so the lock is considered when the ...

CVE-2024-56568

CVE-2024-56568 affects the Linux kernel IOMMU/arm-smmu stack. A race between the smmu driver’s probe and a client driver’s probe can cause a NULL pointer dereference when of_dma_configure() runs after iommu_device_register() but before the smmu driver is fully bound. The race occurs during defere...

CVE-2024-56596

CVE-2024-56596 relates to the Linux kernel, in the JFS filesystem implementation. The issue is an array-index-out-of-bounds in jfs_readdir, caused by potential invalid values in the directory index table (stbl). The fix adds a validation check to detect invalid stbl values and return an error cod...

CVE-2024-56774

CVE-2024-56774: Linux kernel vulnerability in btrfs_search_slot() where a NULL extent-tree root could cause a null-pointer dereference during scrub when the root is NULL. The issue is fixed by adding a sanity check for the btrfs root before usage. Affected component: btrfs within the Linux kernel...

CVE-2025-21811

CVE-2025-21811 affects the Linux kernel NILFS2 component. The vulnerability stems from nilfs_lookup_dirty_data_buffers() iterating buffers attached to dirty data folios/pages and accessing buffers without proper locking, creating a use-after-free risk when buffers lose dirty state due to asynchro...

CVE-2025-21927

CVE-2025-21927 : In the Linux kernel, nvme-tcp recv path may memory-corrupt when a packet with an invalid header length is received (e.g., 255) while header digests are enabled. The root cause was missing validation of the header length in nvme_tcp_recv_pdu(), and the patch rejects packets with a...

CVE-2025-21963

CVE-2025-21963 (Linux kernel, CIFS) : The issue is a local integer overflow in the acdirmax mount option handling. User-supplied acdirmax (u32) is meant to have an upper bound, but the value is converted from seconds to jiffies before validation, enabling an integer overflow. The CVE entry notes ...

CVE-2015-7513

The CVE-2015-7513 vulnerability affects arch/x86/kvm/x86.c in the Linux kernel prior to 4.4, where PIT counter values are not reset during guest state restoration. This can allow guest OS users to trigger a denial-of-service (divide-by-zero) and host crash via a zero PIT value, related to kvm_vm_...

CVE-2016-2187

No new technical details are provided in the Connected documents for CVE-2016-2187. The only available information is in the Initial document, describing a Linux kernel denial-of-service via gtco_probe in gtco.c caused by a crafted USB endpoint in a device descriptor.

CVE-2018-7480

The CVE-2018-7480 issue affects the Linux kernel, where blkcg_init_queue in block/blk-cgroup.c (pre-4.11) can be triggered by a creation failure to cause a double-free and potential unspecified impact. Public sources in the connected documents consistently describe a local-denial-of-service risk ...

CVE-2019-25044

The CVE-2019-25044 issue affects the Linux kernel before 5.2, specifically the block subsystem. A use-after-free in the blk_mq_free_rqs/blk_cleanup_queue path can lead to arbitrary code execution in kernel context and local privilege escalation. Affected component: block subsystem of the Linux ke...

CVE-2021-47222

The CVE-2021-47222 issue is a Linux kernel vulnerability in the bridge vlan tunneling path where egress code used dst_clone() and set the result directly, risking invalid refcnt (entry can have 0 refcnt or be deleted) and triggering dst_hold()/dst_release underflow (as seen in dst_release: refcnt...

CVE-2021-47556

CVE-2021-47556 concerns a NULL-deref in ethtool_set_coalesce() on the legacy ioctl path when a device driver implements only one of get_coalesce() or set_coalesce() and the availability check is buggy. The issue could crash with a NULL pointer when changing coalescing settings if both callbacks a...

CVE-2021-47580

Summary of CVE-2021-47580 / CVE-2024-38575 context: In the Linux kernel, the issue arises from using min_t with type int , which sign-extends large values and can trigger a stack-out-of-bounds during copies in the SCSI path (notably sg_copy_buffer and related code). The vulnerability is demonstra...

CVE-2022-0382

CVE-2022-0382 is a Linux kernel issue in the TIPC protocol subsystem caused by uninitialized memory when a user sends a TIPC datagram to one or more destinations. It enables a local attacker to read kernel memory (limited to about 7 bytes; read is not controllable). Affected are Linux kernel vers...

CVE-2022-49011

CVE-2022-49011 involves a leak in the Linux kernel hwmon/coretemp code: the PCI device refcount was not decremented after use in nv1a_ram_new(), causing a refcount leak. The root cause is the PCI API’s behavior of returning a device with an incremented refcount, requiring the caller to call pci_d...

CVE-2022-49180

The CVE-2022-49180 issue affects the Linux kernel’s LSM path, specifically a general protection fault in legacy_parse_param. The vulnerability arises when a security module (Smack) processes a recognized mount option and a following BPF hook returns -ENOPARAM, confusing the caller, while the SELi...

CVE-2022-49372

CVE-2022-49372 affects the Linux kernel where tcp_rtx_synack() can be invoked from process context during a Fast Open TCP backlog/backlog processing sequence when CONFIG_DEBUG_PREEMPT is enabled. The issue arises as a SYN retransmit is processed in process context, cooking a SYN-ACK in that conte...

CVE-2022-49471

CVE-2022-49471 affects the Linux kernel rtw89 driver (rtw89_core/rtw89_pci). The root cause is a bounds check failure in CFO parsing where an incorrect mac_id can cause an out‑of‑bounds access, triggering UBSAN warning: “array-index-out-of-bounds” in rtw89/phy.c:2517:23 (index 188 vs. 64). This c...

CVE-2022-49646

CVE-2022-49646 affects the Linux kernel’s wifi/mac80211 code. When using iTXQ, the queue-selection logic assumed a single broadcast vif queue (BE). Allowing non-BE queue markings breaks that assumption and can break txq->ac == skb_queue_mapping, impacting queue handling in the driver and poten...

CVE-2022-49707

CVE-2022-49707 concerns a Linux kernel ext4 resize bug where a NULL pointer dereference could occur when resizing a corrupted ext4 image with resize_inode previously cleared. The root cause is that during ext4_resize_fs() transitioning to meta_bg mode, es->s_reserved_gdt_blocks was not reduced...

CVE-2022-49726

CVE-2022-49726 concerns the Linux kernel clocksource for Hyper-V. The issue arises from exporting an __init-annotated hv_init_clocksource() symbol, while the __init code may be freed after initialization, making the symbol potentially invalid for modules. The vulnerability can lead to a kernel pa...

CVE-2023-46838

CVE-2023-46838 affects Xen’s virtualization networking path where multi‑part transmitted requests can include zero‑length parts. If all parts of an SKB are zero length, the Linux networking code may dereference NULL, potentially enabling local or guest‑to‑host disruption. Public advisories ( Xen/...

CVE-2023-52667

CVE-2023-52667 affects the Linux kernel net/mlx5e code path. The vulnerability is a potential double-free in fs_any_create_groups when kcalloc() succeeds but kvzalloc() fails, because ft->g could be freed twice up the call chain. The fix implemented is to set ft->g to NULL in fs_any_create_...

CVE-2023-52674

CVE-2023-52674: Linux kernel ALSA scarlett2 clocking path vulnerability fixed by Add clamp() in scarlett2_mixer_ctl_put(); the input value is limited to 0..SCARLETT2_MIXER_MAX_VALUE to prevent out-of-bounds access to scarlett2_mixer_values[]. The connected IBM Guardium advisory lists the CVE with...

CVE-2023-52847

CVE-2023-52847 (Linux kernel - media/bttv): A race between the bttv_irq_timeout timer and removal can lead to use-after-free when the timer fires after btv has been freed. The root cause is that remove() didn’t delete the timer, potentially invoking a freed btv in the timer handler. The fix is to...

CVE-2023-52864

CVE-2023-52864 affects the Linux kernel (platform/x86) WMI implementation. The root cause is a memory corruption risk when wmi_char_open() runs if the associated driver is missing, due to the miscdevice pointer being stored in filp->private_data after the patch in drivers/misc: pass miscdevice...