CVE-2024-56727

Technical details for CVE-2024-56727 are not provided in the connected documents. No affected product/version or remediation is disclosed here. Monitor for updates.

CVE-2024-26668

CVE-2024-26668 – technical insight The Linux kernel netfilter nft_limit: reject configurations that cause integer overflow (CVE-2024-26668) fixes an overflow when the internal token counter wraps on extremely large requests (notably at very high throughput, e.g., ~17 GB/s). The vulnerability aris...

CVE-2024-35827

CVE-2024-35827 stems from a Linux kernel issue in io_uring/net where an overflow check in io_recvmsg_mshot_prep() mis-handles a size_t controllen cast to int, enabling an overflow/underflow mismatch. The root cause is described as casting controllen (size_t) to int fixes the overflow check in che...

CVE-2024-35892

CVE-2024-35892 stems from a Linux kernel net/sched issue where qdisc_tree_reduce_backlog() was called with the qdisc lock held while RTNL was not held, triggering a lockdep splat due to unsafe RCU usage. The fix switches from qdisc_lookup() to qdisc_lookup_rcu() to safely dereference qdisc data u...

CVE-2024-36881

CVE-2024-36881: Linux kernel mm/userfaultfd vulnerability where wr-protected page table entries (uffd_wp) were not cleared on close(), only on UFFDIO_UNREGISTER. The fix unregisters wr-protect bits during close() as well, eliminating potential leftovers in pgtable entries and preventing WARN repo...

CVE-2024-38540

CVE-2024-38540 concerns the Linux kernel bnxt_re driver. The vulnerability is due to undefined behavior triggered when bnxt_qplib_alloc_init_hwq is called with hwq_attr->aux_depth != 0 and hwq_attr->aux_stride == 0, which causes roundup_pow_of_two(hwq_attr->aux_stride) to run with a 0 va...

CVE-2024-39486

Summary (CVE-2024-39486): Linux kernel vulnerability in drm_file: Fix pid refcounting race. The race occurs in drm_file_update_pid() when filp->pid is updated under filelist_mutex, allowing a possible use-after-free of a pid structure under PREEMPT_RCU. Affected component: drm_file in the Linu...

CVE-2024-40948

Technical details for CVE-2024-40948 (e.g., affected products/versions, root cause, impact, fix) are not provided in the Connected documents. Monitor for updates and refer to the initial description for the vulnerability summary.

CVE-2024-40961

CVE-2024-40961 affects the Linux kernel IPv6 route handling. The issue is a NULL dereference in fib6_nh_init() when in6_dev_get(dev) returns NULL, which can trigger a general protection fault during IP6 GW validation and route lookup (ip6_validate_gw, ip6_route_check_nh). Affected code path: fib6...

CVE-2024-41032

CVE-2024-41032: Linux kernel vulnerability in vmalloc hash indexing. Systems where cpu_possible_mask has gaps (e.g., SPARC) could cause addr_to_vb_xa() to hash to a non-existent CPU, accessing an uninitialized per-CPU area and triggering an oops. The per-CPU vmap_block_queue also treated cpu_poss...

CVE-2024-41062

CVE-2024-41062 affects the Linux kernel Bluetooth L2CAP code. A race exists between closing a socket and the HCI receive work: if hci_rx_work processes pending data after sock_close releases the sock, the work may access an invalid sock. Root cause: lack of synchronization between sock release an...

CVE-2024-43834

CVE-2024-43834 (Linux kernel) : The issue is a race/invalid wait-context in page_pool destruction when a driver uses XDP with a page pool. Specifically, page_pool_destroy() decreases the pool’s refcount and calls mem_allocator_disconnect(), which may acquire mutex_lock(). If the driver has regist...

CVE-2024-44964

CVE-2024-44964 affects the Linux kernel idpf driver. The issue arises during a soft reset when the second tagged commit rewrote vport/q_vector pointers and failed to restore backpointers, causing use-after-free (UAF) and memory leaks. The consequence is memory bloat, possible crashes, and “limbo”...

CVE-2024-46747

CVE-2024-46747 : In the Linux kernel, the Cougar 500k Gaming Keyboard driver was vulnerable to a slab-out-of-bounds Read in cougar_report_fixup due to a missing verification of the report descriptor size before access. The root cause is in report_fixup not validating the descriptor length prior t...

CVE-2024-46807

CVE-2024-46807 affects the Linux kernel’s DRM/amdgpu path. The root cause is missing validation of the tbo resource pointer, which could dereference a NULL pointer. The mitigation is a patch that validates the tbo resource pointer and skips when NULL, preventing a NULL-deref that could crash the ...

CVE-2024-50086

Summary of findings (CVE-2024-50086): In the Linux kernel, the ksmbd component had a race between SMB2 session log off and SMB2 session setup that could lead to a user-after-free. The patch introduces a session_lock when SMB2_SESSION_EXPIRED is set and makes the session’s reference count apply to...

CVE-2024-50152

CVE-2024-50152 corresponds to a Linux kernel SMB client double-free in smb2_set_ea(), addressed by fixes that reinitialize the local variable ea to NULL to prevent a second free after a failure path. The MiracleLinux AXSA-2025-10392 advisory explicitly notes a fix for this exact issue (CVE-2024-5...

CVE-2024-56609

Technical details for CVE-2024-56609 are not publicly available in the provided Connected documents. The initial description mentions a kernel purge TX queue fix for rt w88, but no explicit affected products, versions, or remediation is given here. Monitor for updates.

CVE-2024-56670

CVE-2024-56670 : Linux kernel vulnerability in the usb gadget u_serial driver where a NULL dereference could occur when port->port_usb is NULL during multi-threaded access. The description documents a race between gs_open/gs_start_io and disconnect paths (gserial_disconnect/composite_disconnec...

CVE-2024-56752

CVE-2024-56752 affects the Linux kernel DRM/Nouveau path (gf100) where a missing unlock in gf100_gr_chan_new() could occur when gf100_grctx_generate() fails. The fix explicitly unlocks gr->fecs.mutex before returning the error, addressing an inconsistent return on the mutex in gf100_gr_chan_ne...

CVE-2024-57973

CVE-2024-57973 is a Linux kernel vulnerability in rdma/cxgb4 where 32‑bit systems could overflow when calculating gl->tot_len for a CPL pass/RS S header due to arithmetic of gl->tot_len + sizeof(struct cpl_pass_accept_req) + sizeof(struct rss_header). The issue is triggered by user-controll...

CVE-2025-21728

CVE-2025-21728: Linux kernel vulnerability where BPF programs in non-preemptible contexts calling bpf_send_signal() can sleep, causing issues. The fix changes irqs_disabled() to !preemptible(). Affects kernels with BPF support; CVSSv3.1 base 5.5 (LOCAL, LOW privileges, NONE user interaction, HIGH...

CVE-2025-21910

CVE-2025-21910 affects the Linux kernel (wifi: cfg80211: regulatory) where invalid user regulatory hints could pass through via regulatory_hint_user() into user_alpha2[]. The root cause involves isalpha() handling non-Latin symbols and a subsequent toupper() mutation that bypassed a prior check. ...

CVE-2011-2525

CVE-2011-2525 affects the Linux kernel prior to 2.6.35, where the qdisc_notify function in net/sched/sch_api.c does not prevent tc_fill_qdisc calls referencing builtin Qdisc structures. This can lead to a NULL pointer dereference and OOPS, enabling local users to cause a denial of service and pot...

CVE-2015-2666

CVE-2015-2666 : The Linux kernel contains a stack-based buffer overflow in get_matching_model_microcode (arch/x86/kernel/cpu/microcode/intel_early.c) that can be exploited by a context-dependent local attacker with root privileges to write to the initrd. The description in connected advisories co...

CVE-2016-2185

CVE-2016-2185 : In the Linux kernel, the ati_remote2_probe function (drivers/input/misc/ati_remote2.c) in versions before 4.5.1 is vulnerable. A physically proximate attacker can trigger a NULL pointer dereference via a crafted USB device descriptor, causing a denial of service (system crash). Th...

CVE-2016-3140

CVE-2016-3140 affects the Linux kernel, specifically the digi_port_init function in drivers/usb/serial/digi_acceleport.c. The vulnerability enables physically proximate attackers to trigger a NULL pointer dereference and crash the system by sending a crafted endpoints value in a USB device descri...

CVE-2017-16535

CVE-2017-16535 affects the Linux kernel up to version 4.13.9, where usb_get_bos_descriptor in drivers/usb/core/config.c improperly handles crafted USB devices, enabling a local attacker to trigger an out-of-bounds read that can cause denial of service or a system crash. The issue stems from readi...

CVE-2018-1091

The CVE-2018-1091 entry is supported by connected advisories describing Linux kernel vulnerability on POWERPC: In arch/powerpc/kernel/ptrace.c, the function flush_tmregs_to_thread before 4.13.5 can crash a guest kernel when a core dump occurs, due to a missing processor feature check and an erron...

CVE-2019-15922

CVE-2019-15922 relates to the Linux kernel before 5.0.9, where a NULL pointer dereference can occur for a pf data structure if alloc_disk fails in drivers/block/paride/pf.c. This is a local, kernel‑space issue that can lead to a crash. The affected component is the paride pf driver path; the root...

CVE-2020-36691

CVE-2020-36691 affects the Linux kernel up to and including versions prior to 5.8. The flaw is in lib/nlattr.c where a nested Netlink policy with a back reference can trigger unbounded recursion, causing a denial of service. A patch was merged in kernel 5.8 (per ChangeLog-5.8); users should upgra...

CVE-2021-47352

CVE-2021-47352 affects the Linux kernel’s virtio-net code. The issue arises from missing validation of the length reported by a device, which could lead to data corruption or loss. Affected context is confirmed by MiracleLinux/Nessus advisories that reference “virtio-net: Add validation for used ...

CVE-2022-48754

CVE-2022-48754 affects the Linux kernel phylib component. A use-after-free could occur because phy_device_reset() was called after put_device() in phy_detach(), whereas the fix reorders the call to phy_device_reset() to occur before put_device(), preventing use-after-free of phydev. That root cau...

CVE-2022-48942

In CVE-2022-48942, the Linux kernel hwmon subsystem can crash if a sensor’s registration with a thermal zone fails; specifically devm_thermal_zone_of_sensor_register() may return -ENODEV, potentially leading to a NULL pointer dereference in thermal_zone_device_update paths. The described call seq...

CVE-2022-49078

The CVE-2022-49078 issue is a Linux kernel LZ4 decompression vulnerability: in LZ4_decompress_safe_partial, read-out-of-bounds can occur during partial decoding, potentially enabling a use-after-free in extreme corrupted-data cases as reported by KASAN. Upstream fixes in lz4 address this, and ker...

CVE-2022-49321

The CVE-2022-49321 entry is supported by concrete details in connected documents. Affected software: the Linux kernel with the rpcrdma/xprtrdma components. The root cause is described as: when a RDMA server returns a fault format reply and bc_serv is NULL, calls are not treated as a bcall, leadin...

CVE-2022-49339

CVE-2022-49339 affects the Linux kernel’s IPv6 stack, specifically the internal call between seg6.c and seg6_hmac.c. The issue arises from exporting an __init-annotated symbol whose .init.text section can be freed after initialization, creating a potential kernel panic when a module references a ...

CVE-2022-49589

CVE-2022-49589 affects the Linux kernel igmp subsystem: a data race occurs while reading sysctl_igmp_qrv, since the value could be changed concurrently. The fix described in the description is to add READ_ONCE() to readers of net->ipv4.sysctl_igmp_qrv, with follow-up changes planned after net ...

CVE-2022-49593

CVE-2022-49593 affects the Linux kernel’s TCP subsystem: a data race in reading sysctl_tcp_probe_interval can occur when it is updated concurrently. The documented fix adds READ_ONCE() to the reader to prevent concurrent modification. Connected advisories (EulerOS, OpenVAS, Unity/ASTRA, etc.) ref...

CVE-2022-49594

CVE-2022-49594 : In the Linux kernel, a data race around reading sysctl_tcp_mtu_probe_floor could occur because the value was updated concurrently while read. The fix was to add READ_ONCE() to the reader, mitigating a local-exploit class and preserving availability. The connected advisories/refs ...

CVE-2022-49598

CVE-2022-49598 affects the Linux kernel, addressing a data-race around sysctl_tcp_mtu_probing. The issue arises when reading sysctl_tcp_mtu_probing, which could be modified concurrently. The root cause is a missing synchronization in readers of sysctl_tcp_mtu_probing; the fix is to add READ_ONCE(...

CVE-2022-49688

The CVE-2022-49688 entry concerns the Linux kernel afs subsystem. A patch fix for afs_getattr prevents dereferencing vnode->volume when the dynamic root afs superblock has pseudo-inodes without a volume or server, which previously could trigger a NULL pointer dereference when stat’ing a direct...

CVE-2022-49723

The CVE-2022-49723 issue affects the Linux kernel’s i915 DRM reset path. The root cause is incorrect pointer offset handling in error_state_read when there is no i915_gpu_coredump but a non-zero buffer offset, which could lead to a kernel page fault under concurrent engine resets and error_state ...

CVE-2023-22995

CVE-2023-22995 affects the Linux kernel’s DesignWare USB3 for Qualcomm SoCs driver (dwc3_qcom_acpi_register_core). The connected ENISA/OSV advisory notes an error-path handling defect where platform_device_put and kfree calls are omitted, leaving cleanup incomplete during device registration. Thi...

CVE-2023-35829

Affected software: Linux kernel (before 6.3.2). Vulnerability: a use-after-free in rkvdec_remove() in drivers/staging/media/rkvdec/rkvdec.c. Impact: local attacker could exploit a UAF to crash or potentially escalate privileges (as per CVSS high). Root cause: use-after-free in rkvdec_remove. Affe...

CVE-2024-25741

The CVE-2024-25741 issue affects the Linux kernel component printer_write in drivers/usb/gadget/function/f_printer.c (up to kernel 6.7.4). It states that usb_ep_queue is not called properly, which may allow a local attacker to cause a denial of service or other unspecified impact. The connected O...

CVE-2024-26718

CVE-2024-26718 concerns the Linux kernel. The description and connected Astra Linux bulletin confirm a memory-corruption risk in dm-crypt and dm-verity tasklets due to the tasklet handling path (tasklet_action_common calling tasklet_trylock, running the callback, then tasklet_unlock). The propose...

CVE-2024-26785

CVE-2024-26785 (Linux kernel) fixed a protection fault in iommufd_test_syz_conv_iova due to iommufd_access_change_ioas() setting access->ioas to NULL, creating a race where the lock could be invalid concurrently. The fix aligns with existing sanity checks in iommufd_access_rw() and iommufd_acc...

CVE-2024-26831

CVE-2024-26831 : Linux kernel vulnerability affecting the handshake path in net/handshake, where the test handshake_req_destroy_test1 failed due to replacing sock_release(sock) with fput(filp). This change delayed final close/cleanup, risking that hp_destroy might not be invoked before the test c...

CVE-2024-35859

CVE-2024-35859 concerns the Linux kernel: a module reference leakage can occur in the bdev_open_by_dev error path. The vulnerability arises because a module reference is grabbed when bdev_may_open() is invoked and might not be released if that call fails. The issue was identified via code review ...