CVE-2023-52859

CVE-2023-52859 affects the Linux kernel perf: hisi uncore PMU registration. A use-after-free can occur when the PMU register path fails and the uncore PMU offline callback is invoked, potentially migrating the PMU context. The fix replaces cpuhp_state_remove_instance() with cpuhp_state_remove_ins...

CVE-2023-53021

CVE-2023-53021 affects the Linux kernel net/sched sch_taprio component. An invalid TCA_RATE attribute can trigger a use-after-free in a taprio qdisc during qdisc_create/taprio_destroy, with an hrtimer firing and __netif_schedule() leading to net_tx_action() using a destroyed qdisc. The issue is f...

CVE-2024-0582

The CVE-2024-0582 issue affects the Linux kernel io_uring subsystem, specifically the IORING_REGISTER_PBUF_RING path where a user registers, mmaps, and frees a buffer ring. The vulnerability is a memory leak that can be exploited by a local user to crash the system or potentially escalate privile...

CVE-2024-26884

CVE-2024-26884 is a Linux kernel vulnerability in the BPF hashtab overflow check on 32-bit architectures. The hashtab code uses roundup_pow_of_two() to determine hash bucket count and performs an overflow check by testing the result against 0. On 32-bit arches, the roundup operation itself can ov...

CVE-2024-27023

In CVE-2024-27023, the Linux kernel md subsystem (md) had a flaw where active_io was not released when flush_pending fell to zero, causing mddev_suspend() to wait forever. The fix releases active_io in submit_flushes() as soon as flush_pending transitions to zero, preventing the hang. The descrip...

CVE-2024-36002

Linux kernel CVE-2024-36002 details a crash in dpll_pin_on_pin_register/dpll_pin_on_pin_unregister when a pin is registered with multiple parent pins on the same dpll device. A crash trace occurs during ice driver removal (ICE/ice_dpll_deinit_pins). The fix adds a cookie-like parent pointer when ...

CVE-2024-36489

CVE-2024-36489: Linux kernel TLS NULL pointer dereference risk due to a missing memory barrier in tls_init() (NULL ctx->sk_proto observed in tls_setsockopt/getsockopt). The fix relies on rcu_assign_pointer() (which implies a release barrier) and moves the assignment of ctx->sk_proto until a...

CVE-2024-42073

The CVE-2024-42073 issue is in the Linux kernel mlxsw spectrum_buffers path. The Shared Buffer Status Register (SBSR) payloads used by two operations were built with absolute port numbers rather than numbers relative to the first port of the port_page, causing memory corruption on Spectrum-4 syst...

CVE-2024-42080

CVE-2024-42080 affects Linux kernels with the RDMA restrack entry handling. The issue arises when ib_create_cq() sets rdma_restrack_entry kern_name to KBUILD_MODNAME; if the module exits without deleting this entry, rdma_restrack_clean() may perform an invalid address access when printing the own...

CVE-2024-46711

CVE-2024-46711 affects the Linux kernel MPTCP path-management code. The issue is described as a fix for the ID 0 endpoint usage after multiple subflow re-creations, where local_addr_used/add_addr_accepted counters for initial subflows could be incorrectly decremented for unrelated addresses, prev...

CVE-2024-46745

CVE-2024-46745 affects the Linux kernel uinput interface. The root cause is an unbounded request for slots via syzkaller, causing memory allocation failure in input_mt_init_slots. The fix limits the allowed number of slots to 100 (extendable if devices require more). Consequences described in the...

CVE-2024-47753

CVE-2024-47753 affects the Linux kernel media/mediatek/vcodec VP8 stateless decoder. The issue stems from a smatch static checker warning in vdec_vp8_req_if.c that can cause a kernel crash when fb is NULL. A fix was applied to resolve the smatch warning and prevent the NULL framebuffer crash; ref...

CVE-2024-49896

CVE-2024-49896 is a Linux kernel vulnerability affecting the amdgpu/display path. The issue arises when amdgpu_dm passes a null stream to dc_is_stream_unchanged, leading to a potential NULL dereference. The description in the sources notes the root cause as missing null-check before dereferencing...

CVE-2024-50023

CVE-2024-50023 packages: Linux kernel net: phy: Remove LED entry from LEDs list on unregister. The issue arises when devm_ usage fixes left the LED entry in the LEDs list after PHY teardown, which can cause a kernel panic when the PHY kmod is removed and later re-added. The fix is implemented in ...

CVE-2024-53047

Connected document MiracleLinux AXSA advisory explicitly notes CVE-2024-53047: in the Linux kernel mptcp: init incorrectly uses RCU when creating a socket, leading to a suspicious RCU usage warning. Root cause: rcu_read_lock() was omitted during mptcp_sched_find() execution; fix implemented by ad...

CVE-2024-53178

CVE-2024-53178 affects the Linux kernel SMB client (cifs) where a race between open_cached_dir and SMB2 reconnect can leave a cfid with a refcount and no valid lease, leaking the cfid during reconnection and triggering kmemleak reports; unmount also exposes dentry-in-use issues. The root cause is...

CVE-2024-53179

CVE-2024-53179 — Linux kernel SMB client UAF : A race between cifs_mount path and SMB2.1 with sign mounts can free the signing key (ses->auth_key.response) leading to a use-after-free. Root cause: use-after-free in signature key handling during session setup via the SMB signing path. A fix was...

CVE-2024-56662

CVE-2024-56662: Linux kernel ACPI NFIT vmalloc-out-of-bounds Read in acpi_nfit_ctl. Root cause: cmd_to_func accesses call_pkg->nd_reserved2 without ensuring the buffer is sized as a struct nd_cmd_pkg, causing out-of-bounds access. The fix adds checks in acpi_nfit_ctl to require buf != NULL and...

CVE-2024-56722

In CVE-2024-56722, the Linux kernel RDMA/hns component fixes a cpu-stall risk during reset by removing unnecessary prints and converting remaining print statements to a rate-limited version when destroying resources (qp, cq, mr). The issue arises if resource destruction logs flood with numerous m...

CVE-2024-57949

Summary: CVE-2024-57949 affects the Linux kernel’s irqchip/gic-v3-its path. The vulnerability arises when its_irq_set_vcpu_affinity() is called inside a nested interrupt-disabled region; the prior sequence used raw_spin_lock_irqsave() to disable interrupts, then left a guard that could re-enable ...

CVE-2024-58007

CVE-2024-58007 affects the Linux kernel in the soc: qcom: socinfo path, specifically on MSM8916 devices where the sysfs serial_number is constant. The root cause is an out-of-bounds read of the serial_num field in the socinfo structure due to checking the start offset instead of the end when vali...

CVE-2024-58087

CVE-2024-58087 relates to the Linux kernel ksmbd subsystem. The root cause is a racy issue during session lookup and expire. The fix, as documented in connected sources, increments the session reference count while holding the relevant lock to prevent race conditions with session expiry. The vuln...

CVE-2024-58099

The CVE-2024-58099 issue affects Linux kernel vmxnet3 when a native XDP program adds an encapsulation header (e.g., IPIP) and uses the same interface for transmission. The root cause is a fixed DMA offset in vmxnet3_xdp_xmit_frame(): tbi->dma_addr = page_pool_get_dma_addr(page) + VMXNET3_XDP_H...

CVE-2025-23150

CVE-2025-23150 : In the Linux kernel, an off-by-one error in ext4’s do_split caused a use-after-free in ext4_insert_dentry from an out-of-bounds access during directory entry splitting. The issue can lead to a use-after-free in ext4_insert_dentry and related ext4/namei.c code paths when handling ...

CVE-2025-37992

CVE-2025-37992 affects the Linux kernel net_sched subsystem. Affected: qdiscs (codel, fq, fq_codel, fq_pie, hhf, pie). Root cause: during qdisc ->change(), trimming only the main queue could leave packets on the gso_skb list, risking NULL pointer dereference when sch->limit is compared to s...

CVE-2014-1737

CVE-2014-1737 affects the Linux kernel (through 3.14.3) and its floppy driver (drivers/block/floppy.c). The flaw is in raw_cmd_copyin not handling error conditions during processing of an FDRAWCMD ioctl, enabling local users with write access to /dev/fd to trigger kfree and potentially gain privi...

CVE-2014-1874

The CVE-2014-1874 entry is about the Linux kernel vulnerability in security/selinux/ss/services.c: the security_context_to_sid_core function before 3.13.4 allows local users with CAP_MAC_ADMIN to set a zero-length security context, causing a denial of service (system crash). Affected product: Lin...

CVE-2015-8374

CVE-2015-8374 affects the Linux kernel prior to 4.3.3. The vulnerability is due to the filesystem driver fs/btrfs/inode.c mishandling compressed inline extents, allowing local users to obtain sensitive pre-truncation data from a file via a clone operation. Affected: Linux kernel up to 4.3.2 (4.3....

CVE-2016-2188

CVE-2016-2188 entry is rejected and not used.

CVE-2016-2782

CVE-2016-2782 : In the Linux kernel, the treo_attach function in drivers/usb/serial/visor.c (pre-4.5) can be exploited by a physically proximate attacker who inserts a USB device missing a bulk-in or interrupt-in endpoint, causing a NULL pointer dereference and kernel crash (DoS) or possibly othe...

CVE-2019-16714

Summary: CVE-2019-16714 affects the Linux kernel prior to 5.2.14. The vulnerability is in rds6_inc_info_copy (net/rds/recv.c), where tos and flags are not initialized, allowing a remote attacker to read sensitive data from kernel stack memory. This is an information disclosure vulnerability with ...

CVE-2019-17052

CVE-2019-17052 affects Linux kernel 3.16–5.3.2 where several AF_NET_RAW-bound protocols (AX.25) do not enforce CAP_NET_RAW in socket creation, allowing unprivileged users to create raw sockets. Related entries mention additional interfaces (IEEE802.154, Appletalk, ISDN, NFC) with the same CAP_NET...

CVE-2022-2991

CVE-2022-2991 (Linux kernel LightNVM) Affected software: Linux kernel, LightNVM subsystem. Vulnerability: heap-based buffer overflow caused by insufficient validation of the length of user-supplied data before copying to a fixed-size heap buffer. Impact: local privilege escalation and arbitrary c...

CVE-2022-3202

CVE-2022-3202 involves a NULL pointer dereference in diFree() within fs/jfs/inode.c of the Linux kernel’s Journaled File System (JFS). The underlying cause is a NULL pointer dereference, which could allow a local attacker to crash the system or leak kernel internal information. The CVE is associa...

CVE-2022-44032

CVE-2022-44032 affects the Linux kernel up to 6.0.6. The race between cmm_open() and cm4000_detach() in drivers/char/pcmcia/cm4000_cs.c can cause a use-after-free when a PCMCIA device is physically removed while open, enabling a physically proximate attacker to trigger memory corruption. The CVSS...

CVE-2022-48696

CVE-2022-48696: In the Linux kernel, the regmap SPI path (regmap_spi) could exceed SPI message size because max_raw_read/max_raw_write were calculated without reserving the register address/padding. The root cause is that the transmitted register address and padding are not accounted for in the l...

CVE-2022-49122

CVE-2022-49122 is a Linux kernel vulnerability affecting the dm ioctl path where user-supplied data could act as an index and enable Spectre v1 gadget behavior. The fix, described in connected advisories, prevents leakage of kernel memory to userspace by applying array_index_nospec to index handl...

CVE-2022-49136

CVE-2022-49136 (Linux kernel) fixes a Bluetooth HCI QUEUE issue: hci_cmd_sync_queue must return an error if HCI_UNREGISTER is set to avoid use-after-free when hci_unregister_dev frees the HCI device. The connected advisories (MiracleLinux, AlmaLinux, Oracle Linux RHSA/ELSA, etc.) reference the fi...

CVE-2022-49205

CVE-2022-49205 fixes a double memory uncharge bug in the Linux kernel’s bpf/sockmap path (sk_msg) during teardown when psock is freed, which could cause an error path to propagate to user space. Affected component: kernel networking code (tcp_bpf_sendmsg -> tcp_bpf_send_verdict -> sk_msg_re...

CVE-2022-49264

CVE-2022-49264 is a Linux kernel issue where execve(2) argv handling could lead to an elevation of privilege. The fix injects a single empty string into argv when argc == 0 and updates argc accordingly, preventing argv from being empty or NULL. The description indicates this is a local privilege-...

CVE-2022-49536

The CVE-2022-49536 entry concerns the Linux kernel SCSI LPFC deadlock in I/O completion and abort handling under heavy stress (500+ vports). Affected component is the lpfc driver within the SCSI subsystem. The root cause is a deadlock between the lpfc_cmd->buf_lock and phba->hbalock during ...

CVE-2022-49548

CVE-2022-49548 concerns a Linux kernel BPF trampoline fix. The vulnerability arises from an overflow risk in bpf_trampoline_get_progs(): the cnt check for BPF_MAX_TRAMP_PROGS did not count BPF_TRAMP_MODIFY_RETURN programs, permitting more than the maximum number of trampoline programs to be attac...

CVE-2022-49573

The CVE-2022-49573 entry refers to a Linux kernel data race in the reader of sysctl_tcp_early_retrans. The vulnerability arises when reading sysctl_tcp_early_retrans, which could be modified concurrently. The fix was to add READ_ONCE() to the reader, mitigating the data race. Connected advisories...

CVE-2022-49580

The CVE-2022-49580 entry describes a data-race in the Linux kernel IPv4 path around reading sysctl_fib_multipath_use_neigh, which could be changed concurrently. The referenced fix adds READ_ONCE() to the reader to guard against concurrent modification. Affected software is the Linux kernel (IPv4 ...

CVE-2022-49602

The CVE-2022-49602 entry refers to a data race in the Linux kernel’s sysctl_fwmark_reflect reader. The race occurs while reading sysctl_fwmark_reflect, which could be changed concurrently; the fix is to apply READ_ONCE() to the reader to ensure a consistent read. Connected advisories (EulerOS/Ope...

CVE-2022-49630

CVE-2022-49630: In the Linux kernel, a data-race around reading sysctl_tcp_ecn_fallback allows concurrent modification while being read. The issue is mitigated by adding READ_ONCE() to the reader, per the CVE description. This affects the kernel’s TCP/sysctl path and results in a data race that c...

CVE-2023-23004

CVE-2023-23004 affects Linux kernel before 5.19. In drivers/gpu/drm/arm/malidp_planes.c, get_sg_table return value is misinterpreted: code expects NULL in error case, but it is an error pointer. This could lead to a kernel crash/undefined behavior as described in the vendor advisories (e.g., Chan...

CVE-2023-52624

CVE-2023-52624 concerns the Linux kernel’s drm/amd/display path where the DMCUB must be awake before issuing GPINT commands. The root cause is that GPINT mailbox access could occur while DMCUB is idle, risking a system hang. The documented fix adds a wake/execute/sleep wrapper via the function dc...

CVE-2024-36884

The CVE-2024-36884 issue affects the Linux kernel’s IOMMU arm-smmu path. The vulnerability arose from using the wrong type in nvidia_smmu_context_fault() via a function pointer indirection, causing miscalculation of an offset when iommu_domain is embedded at a non-zero offset, leading to a NULL d...

CVE-2024-38604

Technical details about CVE-2024-38604 are not publicly provided in the Connected Documents. The Initial Description mentions refinements to the Linux kernel blkdev_iomap_begin EOF check, but there are no vendor/product/version specifics or remediation details in the supplied material.