CVE-2024-46786

CVE-2024-46786 concerns the Linux kernel fscache subsystem. The connected documents confirm a concrete root cause: the fscache_cookie_lru_timer is initialized when the fscache module is loaded but is not deleted on module unload, which can lead to the timer being left on the per-CPU timer list an...

CVE-2024-46866

CVE-2024-46866 is a Linux kernel DRM-XE issue: bo_meminfo() can inspect bo state (tt/ttm) without holding the bo lock, allowing state changes that may cause NPD or UAF. The fix grabs the bo lock during bo_meminfo() and adds a ref for object_idr; v2 also introduces xe_bo_assert_held(). Concrete de...

CVE-2024-47689

CVE-2024-47689 affects the Linux kernel (F2FS). The vulnerability stems from f2fs_handle_critical_error() setting SB_RDONLY instead of using the filesystem’s unmount/remount protection, causing a race with freeze/thaw. Root cause: f2fs sets SB_RDONLY in an internal path; remediation proposed/impl...

CVE-2024-47726

CVE-2024-47726 relates to the Linux kernel F2FS: a fix ensures all in-flight direct I/O (DIO) writes complete before removing blocks. The root cause was a race where a DIO could overwrite data in a block that would be reused by another inode if block removal occurred too early. Affected component...

CVE-2024-47738

CVE-2024-47738 affects the Linux kernel’s wifi subsystem (mac80211). The vulnerability lies in handling rate masks for offchannel TX, where an incorrect rate mask could trigger a -EINVAL/unsupported rate warning. The advisory notes that the root cause was traced to a chain of commits, with the pr...

CVE-2024-47757

CVE-2024-47757 affects Linux kernel nilfs2. The issue is a potential out-of-bounds memory access in nilfs_btree_check_delete() when the root node has no entries, leading to memory access outside the block buffer while retrieving the maximum key. The root cause is degeneration-to-direct-mmapping c...

CVE-2024-49924

CVE-2024-49924 affects the Linux kernel fbdev pxafb path. The vulnerability is a use-after-free caused by scheduling work (pxafb_task) in pxafb_init_fbinfo/pxafb_probe and freeing fbi->fb during pxafb_remove/unregister_framebuffer without canceling that work. The follow sequence shows the UAF ...

CVE-2024-50272

CVE-2024-50272 is a Linux kernel issue where filemap_read() could enter an infinite loop if a caller provides an iocb->ki_pos near the filesystem limit and an iterator count overflows that limit. The vulnerability was addressed by fixing bounds checking in filemap_read() (kernel code path: fil...

CVE-2024-53044

The CVE refers to Linux kernel net/sched: sch_api: fix xa_insert() error path in tcf_block_get_ext(). The issue caused by xa_insert() failure when the same block index is used for ingress and egress, leading to an incorrect teardown and an unbound offload path (FLOW_BLOCK_BIND) not being followed...

CVE-2024-53058

The CVE affects the Linux kernel driver net: stmmac when handling TSO with non-paged SKB data. The root cause is an unbalanced DMA map/unmap sequence: tx_skbuff_dma[].buf is set inconsistently, causing a valid buffer to be unmapped prematurely if a DMA descriptor is freed before all descriptors f...

CVE-2024-53114

CVE-2024-53114 affects Linux kernel components related to x86 virtualization (VMLOAD/VMSAVE) on Zen4 client hardware. The vulnerability has been addressed in Root’s rootio-linux package for Ubuntu 22.04 (Root-OS-UBUNTU-2204-CVE-2024-53114) with multiple fixed versions available, and similarly pat...

CVE-2024-56567

CVE-2024-56567 concerns the Linux kernel: in ad7780_write_raw(), a division by zero can occur if val2 is zero, since DIV_ROUND_CLOSEST() uses val2 without guaranteeing non-zero. The root cause is that while val can be zero, val2 is not specified to be non-zero, allowing a zero division path. A pa...

CVE-2024-56574

CVE-2024-56574 affects the Linux kernel ts2020 I2C driver (ts2020_probe). A NULL pointer dereference occurs when registering an i2c device via sysfs without platform data, because probe uses platform data that may be missing. The root cause is missing platform data during dynamic sysfs registrati...

CVE-2024-56627

The CVE-2024-56627 issue affects the Linux kernel ksmbd component, specifically ksmbd_vfs_stream_read. A client-supplied negative offset could trigger an out-of-bounds read from the stream_buf when the ksmbd.conf setting vfs objects = streams_xattr is used. The vulnerability originates in the ker...

CVE-2024-56629

Technical details about CVE-2024-56629 are not provided in the supplied documents. The connected sources do not specify affected products, root cause, or fixes. Monitor for updates and vendor advisories.

CVE-2025-21650

Technical details about CVE-2025-21650 are not provided in the connected documents. The initial description is detailed, but there is no supplementary data in the connected sources to confirm affected products/versions, impact, or fixes. Monitor for updates.

CVE-2025-21721

CVE-2025-21721 is a Linux kernel vulnerability in the NILFS2 filesystem. The patch series fixes nilfs_prepare_chunk() error handling paths that were previously omitted when rewriting directory entries in nilfs_set_link(), nilfs_delete_entry(), and in the caller nilfs_rename(). The issue allowed e...

CVE-2025-21891

The CVE-2025-21891 entry concerns a Linux kernel ipvlan vulnerability where outbound IPv4/IPv6 headers could be read from skb->head if the network header was not in the skb’s linear part. The fix adds pskb_network_may_pull() calls for both IPv4 and IPv6 handlers (ipvlan_core.c: ipvlan_route_v6...

CVE-2025-22121

CVE-2025-22121 – Linux kernel ext4 xattr check bypass (out-of-bounds read) What’s affected: Linux kernel ext4 filesystem code, specifically ext4_xattr_inode_dec_ref_all() and related xattr handling paths that can read beyond allocated buffers when inodes contain xattrs. What’s the issue: A read o...

CVE-2025-23136

CVE-2025-23136 (Linux kernel, thermal/int340x): The issue arises when an ACPI companion fwnode is missing and the kernel may dereference a NULL adev in int3402_thermal_probe() (and similarly in int3400_thermal_probe()). The fix adds a NULL check for adev and returns -ENODEV when it is not set, pr...

CVE-2025-37758

CVE-2025-37758 affects the Linux kernel’s ata_pxa driver. The root cause was a potential NULL pointer dereference in pxa_ata_probe() when devm_ioremap() returns NULL. The fix adds a NULL check after devm_ioremap() to prevent dereferencing NULL.

CVE-2010-4158

The CVE-2010-4158 issue affects the Linux kernel (pre-2.6.36.2) where sk_run_filter in net/core/filter.c may execute BPF_S_LD_MEM or BPF_S_LDX_MEM before a memory location is initialized. This can allow local users to read potentially sensitive kernel stack memory via a crafted socket filter. The...

CVE-2013-4470

CVE-2013-4470 affects the Linux kernel prior to 3.12 when UDP Fragmentation Offload (UFO) is enabled. The issue arises from improper initialization of certain data structures in ip_ufo_append_data (IPv4) and ip6_ufo_append_data (IPv6), allowing local users to trigger memory corruption and a syste...

CVE-2014-0077

CVE-2014-0077 concerns the Linux kernel component drivers/vhost/net.c . When mergeable buffers are disabled, the code path does not properly validate packet lengths, enabling a guest OS user to trigger a memory corruption that could cause a host crash or, per wording, potentially gain privileges ...

CVE-2014-3687

The provided materials confirm CVE-2014-3687 affects the Linux kernel SCTP implementation (net/sctp/associola.c) up to version 3.17.2. The vulnerability allows remote attackers to cause a denial of service (panic) by sending duplicate ASCONF chunks, triggering an incorrect uncork within the side-...

CVE-2014-4608

CVE-2014-4608 refers to multiple integer overflows in the LZO decompressor (lzo1x_decompress_safe) in the Linux kernel before 3.15.2, which can cause memory corruption and denial of service via a crafted Literal Run. Some advisories note the Linux kernel is not affected (media hype), while securi...

CVE-2016-3955

The CVE-2016-3955 issue affects the Linux kernel’s usbip_recv_xbuff path (drivers/usb/usbip/usbip_common.c) prior to version 4.5.3. A crafted length in a USB/IP packet can trigger an out-of-bounds write, enabling remote denial of service (and potentially other impact) without authentication. The ...

CVE-2016-4805

CVE-2016-4805 describes a use-after-free in the Linux kernel’s drivers/net/ppp/ppp_generic.c before 4.5.2. The flaw allows local attackers to trigger memory corruption and potential DoS (system crash) by removing a network namespace, related to ppp_register_net_channel and ppp_unregister_channel....

CVE-2017-16912

The CVE-2017-16912 issue affects the Linux kernel’s USB/IP stack (get_pipe() in drivers/usb/usbip/stub_rx.c) and is exploitable via crafted USB over IP packets to trigger an out-of-bounds read, causing DoS. Affected versions are pre-4.14.8, pre-4.9.71, and pre-4.4.114; fixes were released in Chan...

CVE-2017-16913

The CVE-2017-16913 issue affects the Linux kernel USB/IP stack. Specifically, stub_recv_cmd_submit() in drivers/usb/usbip/stub_rx.c fails to validate CMD_SUBMIT packets, enabling a remote attacker to trigger a denial of service via arbitrary memory allocation. Affected kernel versions: before 4.1...

CVE-2019-19252

CVE-2019-19252 affects the Linux kernel (drivers/tty/vt/vc_screen.c) where vcs_write does not prevent write access to vcsu devices up to and including version 5.3.13. This yields a local access vulnerability with partial confidentiality/integity/availability impacts as described in the CVE and ec...

CVE-2020-11725

CVE-2020-11725 affects the Linux kernel (through 5.6.3) in snd_ctl_elem_add (sound/core/control.c). The root cause is a count=info->owner usage that can feed into a private_size*count multiplication, causing unspecified side effects. Kernel engineers dispute the finding, noting it may only mat...

CVE-2021-47457

CVE-2021-47457 affects the Linux kernel’s CAN ISOTP path: isotp_sendmsg() failed to check the return value of wait_event_interruptible(), allowing a TX buffer to be accessed by multiple processes and causing interference. The fixes add a result check in isotp_sendmsg() to prevent multiple TX-acce...

CVE-2022-1975

CVE-2022-1975 refers to a sleep-in-atomic bug in the Linux kernel NFC subsystem, specifically in /net/nfc/netlink.c, which allows a local attacker to crash the kernel by simulating an NFC device from user-space. The vulnerability is described in the initial CVE entry and echoed in connected Nessu...

CVE-2022-48969

CVE-2022-48969 applies to the Linux kernel Xen netfront driver. The issue arises during live migration: a NAPI polling path is created for a sr-ing, but the old NAPI is not deleted promptly when the source string is nulled and the new one is set on the target host. This creates a tiny window wher...

CVE-2022-49014

CVE-2022-49014 affects the Linux kernel net/tun subsystem. A use-after-free occurs in tun_detach() when sock_put() drops the last reference to struct net before net notifier code (notifier_call_chain/netdev_state_change) has finished accessing it. The patch fixes this by calling sock_put() from t...

CVE-2022-49070

CVE-2022-49070 affects the Linux kernel framebuffer (fbdev) unregister path. The issue arises when unregistering framebuffers without an underlying device, risking a NULL dereference. The patch changes the flow to perform a regular unregister instead of hot-unplugging a non-existent device, corre...

CVE-2022-49107

CVE-2022-49107 affects the Linux kernel in the ceph subsystem. The issue is a memory leak in ceph_readdir when note_last_dentry returns an error. The fix resets last_readdir at the same time and adds a comment explaining why last_readdir isn’t freed when dir_emit returns false. Public references ...

CVE-2022-49330

CVE-2022-49330 affects the Linux kernel TCP MTU probing path. The issue arises in tcp_mtu_probe() which gates MTU probing on tcp_snd_cwnd(tp) >= 11, but tcp_snd_cwnd(tp) can be reduced afterward before the probe completes, enabling a scenario that could lead to a zero-divide condition. The roo...

CVE-2022-49333

Consolidated from multiple sources: CVE-2022-49333 affects Linux kernels with Mellanox mlx5 E-Switch offloads on pair-only capable devices. Root cause: mlx5_get_next_phys_dev() could be invoked without holding the interface lock, after an assert introduced by the Lag/filter changes. This conditio...

CVE-2022-49404

The CVE-2022-49404 entry concerns the Linux kernel RDMA/hfi1 path. The root cause is an integer multiplication overflow during inter-packet delay calculations due to type-conversion order, allowing overflow and an incorrect result. The fix forces one operand to be u64 so the promotion occurs befo...

CVE-2022-49513

The CVE-2022-49513 issue is in the Linux kernel cpufreq governor: a dbs_data structure embeds a kobject, which requires a release() method. The fix introduces cpufreq_dbs_data_release() to free the dbs_data via kobject::release() instead of direct kfree(), addressing a call trace involving delaye...

CVE-2022-49577

CVE-2022-49577 describes a data-race in the Linux kernel surrounding the UDP sysctl field sysctl_udp_l3mdev_accept. While reading this reader, the value could be changed concurrently, which is addressed by adding a READ_ONCE() to the reader. The vulnerability is Linux kernel related and can be tr...

CVE-2022-49600

CVE-2022-49600 : In the Linux kernel, a data race around reading sysctl_ip_autobind_reuse allows concurrent modification during read. The fix adds READ_ONCE() to the reader. Impact is described as HIGH for availability with local access required; exploitation status is not detailed in the provide...

CVE-2022-49601

CVE-2022-49601 is a Linux kernel vulnerability where a data race occurs in the tcp/dccp path around reading the sysctl_fwmark_accept value. The root cause is concurrent modification of the reader while sysctl_tcp_fwmark_accept is being read, leading to potential inconsistency. The documented fix ...

CVE-2022-49732

The CVE-2022-49732 issue in the Linux kernel concerns psock handling and ULP protection. A change moved the inet_csk_has_ulp(sk) check from sk_psock_init() to tcp_bpf_update_proto(), enabling psocks for non-inet sockets. The destruction path of psock includes the ULP unwind, so sk_psock_init() mu...

CVE-2022-49746

The CVE-2022-49746 issue affects the Linux kernel DMA engine, specifically the imx-sdma path. A memory leak can occur in sdma_transfer_init when sdma_load_context() fails: the sdma_desc is freed, but the allocated desc->bd was not, leading to a leak (as illustrated by timeout/login messages). ...

CVE-2023-3269

CVE-2023-3269 affects the Linux kernel memory management subsystem. The issue stems from incorrect lock handling when accessing/updating VMAs, enabling use-after-free conditions. This can allow an attacker with local access to execute arbitrary kernel code, escalate containers, and gain root priv...

CVE-2023-45898

Summary (CVE-2023-45898): The vulnerability lies in the Linux kernel prior to 6.5.4, where an es1 use-after-free in the ext4 extents_status path (fs/ext4/extents_status.c) related to ext4_es_insert_extent can lead to a local privilege escalation or kernel integrity/availability impact as describe...

CVE-2023-52659

CVE-2023-52659 affects the Linux kernel 64-bit builds where the pfn_to_kaddr() macro may lose address bits when shifting a 40-bit GFN, causing guest crashes in SEV-SNP environments. The fix introduces an inline function to implicitly cast inputs to a 64-bit type before the shift, replacing the pr...