CVE-2024-43879

Summary (CVE-2024-43879) In the Linux kernel, the wifi/bt stack vulnerability related to 2x996 RU allocation was fixed. NL80211_RATE_INFO_HE_RU_ALLOC_2x996 was not handled in cfg80211_calculate_bitrate_he(), causing a warning: “invalid HE MCS: bw:6, ru:6”. The fix mirrors the handling of 160 MHz ...

CVE-2024-44981

In CVE-2024-44981, the Linux kernel vulnerability is in the workqueue path: shift_and_mask() constructs a mask with a signed immediate and is invoked with a shift of 31, leading UBSAN to report an integer subtraction overflow and triggering a kernel panic. The documented fix uses an unsigned cons...

CVE-2024-46675

CVE-2024-46675 affects the Linux kernel’s USB subsystem (usb: dwc3: core). The vulnerability could allow the USB core to access an invalid event buffer address during runtime suspend, potentially causing SMMU faults and memory issues on Exynos platforms. It stems from a sequence where the event b...

CVE-2024-47707

Mode C: CVE-2024-47707 is a Linux kernel vulnerability affecting IPv6 route handling. The connected Astra Linux bulletin confirms a concrete root cause: a NULL check for rt->rt6i_idev was removed, risking a null pointer dereference in rt6_uncached_list_flush_dev() when processing IPv6 route st...

CVE-2024-49886

CVE-2024-49886 : In the Linux kernel, the SST/ISST path (platform/x86) could trigger a KASAN slab-out-of-bounds when attaching an SST PCI device to a VM, due to a read from an address beyond a 512-byte kmalloc allocation in _isst_if_get_pci_dev. The issue manifested as a KASAN slab-out-of-bounds ...

CVE-2024-49989

CVE-2024-49989: In the Linux kernel, the drm/amd/display path fixes a double-free when unloading the amdgpu module. The issue arises during cleanup of display encoders for flexible/inflexible endpoints, potentially freeing the same object twice during amdgpu driver unload. Connected advisories (A...

CVE-2024-50068

Technical details about CVE-2024-50068 are not publicly provided in the supplied documents. The references list the vulnerability but do not describe affected versions, root cause, or fixes. Monitor official advisories for updates.

CVE-2024-50126

CVE-2024-50126 concerns the Linux kernel’s net/sched path, specifically the taprio_dump() function. The connected advisories confirm a concrete root cause: a use-after-free could occur due to missing an RCU read-side critical section around taprio_dump(). The remediation implemented is to wrap th...

CVE-2024-56693

The connected material describes CVE-2024-56693, a Linux kernel issue in the brd (RAM block device) and brd_init path that can lead to a use-after-free (UAF) when modprobe brd triggers error paths. Root cause: loop_init() in the kernel’s loop device code adds disks only after successful blkdev re...

CVE-2024-56723

CVE-2024-56723 affects the Linux kernel driver for mfd/intel_soc_pmic_bxtwc. The vulnerability stems from not respecting IRQ domains when creating each MFD device, which can lead to incorrect IRQ handling and a WARN() on IRQ 0 (vIRQ) via platform_get_irq(). The Astra Linux security bulletin mirro...

CVE-2024-56746

CVE-2024-56746 concerns a Linux kernel memory-leak in the fbdev sh7760fb driver. When information such as info->screen_base is not ready, sh7760fb_free_mem() previously did not reliably release memory, leading to a leak. The fix switches to using dma_free_coherent() to free memory in sh7760fb_...

CVE-2024-57792

CVE-2024-57792 is a Linux kernel vulnerability in the power: supply: gpio-charger path. The issue arises when the lowest charge current limit is forced to be > 0 and a requested limit falls below this, causing an index calculation that can access memory beyond the allocated memory. It has been...

CVE-2024-57887

CVE-2024-57887 : In the Linux kernel DRM path for adv7511/adv7533, a use-after-free occurs when a host_node pointer freed in adv7533_parse_dt() is later used by adv7533_attach_dsi(). The issue arises because of deallocating the node too early and reusing the same reference. The fix, as described ...

CVE-2024-58071

CVE-2024-58071 describes a Linux kernel bug in the team subsystem where adding a device that is already a lower of another device (e.g., veth0 lower than vlan1) could trigger recursive locking and potential deadlock. The provided evidence shows a stack trace and lockdep warning indicating two loc...

CVE-2025-21722

CVE-2025-21722 concerns the NILFS2 filesystem in the Linux kernel. When filesystem corruption triggers a read-only fallback, buffer state inconsistencies can occur: one path is when mark_buffer_dirty() marks data/metadata dirty but the buffer isn’t uptodate, and another path is nilfs_btree_propag...

CVE-2025-21835

The CVE-2025-21835 issue affects the Linux kernel USB gadget f_midi MIDI Streaming descriptors. The root cause is incorrect bNumEmbMIDIJack and bLength values in MIDIStreaming endpoint descriptors, which can emit broken descriptors when the port count for IN/OUT differs, leaking uninitialized sta...

CVE-2025-21871

Summary of CVE-2025-21871 (Linux kernel): The vulnerability arises in the OP-TEE subsystem where the supplicant wait loop can cause a hang if the supplicant is hung/crashed/killed during an OP-TEE RPC, especially with shutdown ordering issues between the supplicant and the OP-TEE client. The fix ...

CVE-2025-21948

CVE-2025-21948 is a Linux kernel issue affecting HID appleir. The report describes a NULL pointer dereference in input_event() triggered by malformed AppleIR reports, leading to a crash if a NULL input_dev is encountered. The fix adds a guard: check the HID_CLAIMED_INPUT flag and exit the event h...

CVE-2025-21968

Vulnerability (CVE-2025-21968) in the Linux kernel affects the drm/amd/display component, specifically the hdcp_work path. A slab-use-after-free occurs when HDCP is destroyed but the property_validate_dwork delayed work queue is still running. The documented fix cancels the delayed work when dest...

CVE-2016-0821

The CVE-2016-0821 issue relates to the LIST_POISON protection in the Linux kernel (include/linux/poison.h) prior to version 4.3. It affected Android 6.0.1 prior to 2016-03-01 and arises because poison values were used without properly accounting for mmap_min_addr, enabling bypass of poison-pointe...

CVE-2016-6198

CVE-2016-6198 affects the Linux kernel (pre-4.5.5) in its OverlayFS path. The bug occurs when a file under OverlayFS is renamed to a self-hardlink, causing post-rename operations to run and potentially crash the kernel. Local users can trigger a denial of service (system crash) via a rename sysca...

CVE-2017-16914

The vulnerability CVE-2017-16914 affects the Linux kernel’s USB/IP path: the stub_send_ret_submit() function in drivers/usb/usbip/stub_tx.c is vulnerable in kernel versions before 4.14.8, 4.9.71, 4.1.49, and 4.4.107. A specially crafted USB over IP packet can trigger a NULL pointer dereference, l...

CVE-2020-29372

The CVE-2020-29372 entry concerns a race condition in the Linux kernel do_madvise implementation (mm/madvise.c) before version 5.6.8, where coredump operations can race with IORING_OP_MADVISE (CID-bc0c4d1e176e). Public sources in connected documents confirm the affected code path and the specific...

CVE-2021-47429

CVE-2021-47429 – Linux kernel (powerpc/64s): The issue occurs when an unrecoverable MCE is handled in NMI context, where the true NMI handling path could lead to calling an async MCE handler and corrupt IRQ state. The fix introduces separate _async and NMI-specific machine_check_exception handler...

CVE-2021-47501

CVE-2021-47501 affects the Linux kernel i40e driver. A NULL pointer dereference in i40e_dbg_dump_desc could crash when dumping VFs VSI RX/TX descriptors via debugfs. The root cause is missing VSI-type validation during dump; the fix adds a check to ensure the VSI type is correct before dumping RX...

CVE-2022-44033

CVE-2022-44033 affects the Linux kernel up to version 6.0.6, where a race condition in drivers/char/pcmcia/cm4040_cs.c can cause a use-after-free if a physically proximate attacker removes a PCMCIA device while open. The issue is described as a race between cm4040_open() and reader_detach(). The ...

CVE-2022-48502

CVE-2022-48502 affects the Linux kernel ntfs3 subsystem. A vulnerability in fs/ntfs3/xattr.c (ntfs_set_ea) allows an out-of-bounds read during disk reads due to improper checks. This is described in multiple sources (Linux kernel advisories and vendor bulletins) as present in kernels before 6.2. ...

CVE-2022-48915

CVE-2022-48915 affects the Linux kernel thermal subsystem. The issue was a NULL pointer dereference in TZ_GET_TRIP when a thermal zone defines no trip, caused by an unsafe call path to get_trip_hyst(). The fix prevents calling get_trip_hyst() if the thermal zone lacks a trip, as described in the ...

CVE-2022-48991

The CVE-2022-48991 entry corresponds to a Linux kernel issue in mm/khugepaged where MMU notifiers must be invoked in shmem/file collapse paths. The vulnerability could allow page use-after-free on pages mirrored by secondary MMUs (e.g., KVM) if present PTEs are removed without proper notification...

CVE-2022-49534

CVE-2022-49534 in the Linux kernel concerns a memory leak in the lpfc driver when NPIV ports send PLOGI_RJT. The description states a leak could originate from allocations in lpfc_ignore_els_cmpl() and lpfc_els_rsp_reject(), tied to login_mbox context and service parameter buffers. The remedy is ...

CVE-2022-49545

CVE-2022-49545 : In the Linux kernel, the ALSA usb-audio driver has a race when closing a USB MIDI output substream, where a pending work item may access the rawmidi runtime object being released. The fix is to cancel the pending work on close. The vulnerability is a local-attack (AV:L, AC:L, PR:...

CVE-2022-49575

CVE-2022-49575: Linux kernel patch fixes a data race in the reader of sysctl_tcp_thin_linear_timeouts by adding READ_ONCE(). The vulnerability arises from concurrent reads/writes to that sysctl during access. Impact is listed as Availability impact (HIGH) with Local attack vector and HIGH complex...

CVE-2022-49586

Technical details about CVE-2022-49586 are not provided in the connected documents. The sources only reiterate that the Linux kernel fix involved reading of sysctl_tcp_fastopen and a READ_ONCE() addition. Monitor for vendor updates.

CVE-2022-49634

CVE-2022-49634 : In the Linux kernel, there are data-races in sysctl access to proc_dou8vec_minmax() due to concurrent readers/writers. The fix changes proc_dou8vec_minmax() to use internal READ_ONCE() and WRITE_ONCE() to mitigate races on the sysctl side. The patch notes indicate the function it...

CVE-2023-42752

CVE-2023-42752 - Linux kernel integer overflow in skb_shared_info allocation . The vulnerability arises when the kernel’s overflow allows skb_shared_info to be allocated in userspace. This is exploitable on systems without SMAP protection because skb_shared_info may contain references to function...

CVE-2023-52588

CVE-2023-52588 represents a Linux kernel vulnerability in the F2FS file system. The issue involves a missing gcing flag on a page during block migration, intended to ensure that migrated data is persisted consistently during checkpoints. Without the gcing flag, data/page persistence could become ...

CVE-2023-52639

CVE-2023-52639 affects the Linux kernel KVM s390: vsie shadow creation. The issue is a race where gmap->private can be observed as zero in kvm_s390_vsie_gmap_notifier due to adding gmap->private == kvm after creation. The root cause is a race during shadow creation in acquire_gmap_shadow(),...

CVE-2023-52889

CVE-2023-52889 affects the Linux kernel, via apparmor: Fix null pointer deref when receiving skb during sock creation. The issue occurs when ICMP packets with secmark are received while an ICMP raw socket is being created; SK_CTX(sk)->label may not be set yet, causing a NULL pointer dereferenc...

CVE-2024-24859

CVE-2024-24859: A race condition in Linux kernel Bluetooth code (net/bluetooth sniff_min_interval_set and sniff_max_interval_set) can trigger a bluetooth sniffing exception and potential DoS. The connected Nessus/Azure Unity Unity Linux entries confirm this CVE across multiple distributions, but ...

CVE-2024-35891

The CVE-2024-35891 issue affects the Linux kernel net:phy: micrel area, specifically lan8814_get_sig_rx() and lan8814_get_sig_tx(). The vulnerability stems from ptp_parse_header() returning NULL for abnormally formed or corrupted packets, leading to a potential null pointer dereference. The fix a...

CVE-2024-35964

CVE-2024-35964 : Linux kernel Bluetooth ISO component fixed an issue where setsockopt user input was not properly validated. The description states to check input length before copying data, indicating a potential input-validation/overflow risk. Connected advisories reference the CVE and confirm ...

CVE-2024-36924

CVE-2024-36924 – Linux kernel (scsi: lpfc) has a deadlock risk when lpfc_worker_wake_up() is invoked while the hbalock is held. The fix is to release hbalock before calling lpfc_worker_wake_up(), preventing deadlocks in the lpfc SCSI loop. Public advisories from Unity Linux (UTSA-2026-005051) and...

CVE-2024-38388

CVE-2024-38388 affects the Linux kernel ALSA component: hda/cs_dsp_ctl. The fix switches to using the control private_free callback to free the associated data block, ensuring memory is freed regardless of how the control is destroyed. Previously, hda_cs_dsp_control_remove() only freed the intern...

CVE-2024-38635

CVE-2024-38635 pertains to the Linux kernel soundwire cadence driver. The root cause was an incorrect PDI offset that added an offset to the PDI array, risking out-of-bounds access. A follow-up patch completely removes this useless offset. The Fixes tag was not provided because no known platforms...

CVE-2024-41073

CVE-2024-41073 (Linux kernel nvme): The vulnerability stems from a potential double free in the NVMe special payload handling when a discard request is retried and the retry could fail before a new payload is added. The issue is fixed by clearing the RQF_SPECIAL_LOAD on request cleanup to prevent...

CVE-2024-42292

The CVE-2024-42292 entry is active and has concrete technical details: in the Linux kernel, kobject_uevent had an OOB memory access due to incorrect size calculation in zap_modalias_env(); the fix corrects the size used by memmove. The vulnerability affects kernel code path handling MODALIAS with...

CVE-2024-45009

CVE-2024-45009 is a Linux kernel vulnerability in mptcp: pm where the add_addr_accepted counter could be decremented incorrectly during RM_ADDR/subflow removal, potentially leading to a UaF scenario if subflows are not fully established. The available connected advisories indicate concrete fixes ...

CVE-2024-45025

CVE-2024-45025 affects the Linux kernel and relates to bitmap handling in the close_range path of file descriptor tables. The issue arises in copy_fd_bitmaps(), which copies words into full_fds_bits[] and may leave garbage in the last word if bits beyond the cutoff aren’t clear. The root cause is...

CVE-2024-46774

CVE-2024-46774 affects the Linux kernel PowerPC RTAS path (sys_rtas). The issue arises in powerpc/rtas.c where nargs/nret come from a user buffer and are used as indices into a small stack array and as inputs to copy_to_user after bounds checks, allowing speculative execution (Spectre v1) gadget ...

CVE-2024-46786

CVE-2024-46786 concerns the Linux kernel fscache subsystem. The connected documents confirm a concrete root cause: the fscache_cookie_lru_timer is initialized when the fscache module is loaded but is not deleted on module unload, which can lead to the timer being left on the per-CPU timer list an...