CVE-2024-26886

CVE-2024-26886 (Linux kernel): The vulnerability affects Bluetooth af_bluetooth in the Linux kernel, where attempting to lock a socket during .recvmsg could deadlock. The fix switches from using sock_sock to using the bt path with sk_receive_queue.lock in bt_sock_ioctl, preventing a use-after-fre...

CVE-2024-27064

CVE-2024-27064 : Linux kernel nf_tables memory leak when nft_netdev_register_hooks() fails. The fix moves nft_stats_alloc() to after successful registration, preventing leaks of nft_stats if registration aborts. Connected Astra Linux advisory mirrors this description for kernel 5.x series, confir...

CVE-2024-27025

CVE-2024-27025 concerns the Linux kernel: a NULL return from nla_nest_start() could lead to NULL pointer dereference if not checked. The patch inserts a NULL check and sets errno consistent with other call sites, preventing a potential crash. Public references show the issue resolved in the kerne...

CVE-2024-27029

CVE-2024-27029 affects the Linux kernel’s DRM AMDGPU path: mmhub client id out-of-bounds access, caused by improper handling of cid 0x140. Reports across multiple advisories (SUSE live patch for SLE 15 SP6, OpenVAS/UUbuntu advisories) confirm this as a kernel vulnerability with high impact (local...

CVE-2024-42089

CVE-2024-42089 affects the Linux kernel’s ASoC: fsl-asoc-card driver. The root cause is that priv->pdev was assigned after it was used in fsl_asoc_card_audmux_init(), risking a NULL dereference because priv is zero-initialised. The fix moves the priv->pdev assignment to the start of the pro...

CVE-2021-46958

CVE-2021-46958 is a Linux kernel issue affecting the Btrfs subsystem. The vulnerability stems from a race between transaction aborts during commit, an ongoing fsync, and the transaction kthread, which can cause a use-after-free of the log_root_tree. Reported symptoms in the description include fo...

CVE-2022-2602

CVE-2022-2602 is a Linux kernel vulnerability in io_uring related to a use-after-free in the Unix garbage collection path. Multiple connected sources confirm a local, kernel-side issue (io_uring UAF) that can be exploited to crash the kernel and, in PoC scenarios, enable privilege escalation by r...

CVE-2021-47549

CVE-2021-47549 affects the Linux kernel via the sata_fsl driver. The documented issue is a use-after-free (UAF) in sata_fsl_port_stop triggered during rmmod sata_fsl.ko on PPC64 GNU/Linux, where after port_stop is invoked, an ioread32 on hcr_base leads to a kernel OOPS and potential memory access...

CVE-2021-46973

CVE-2021-46973 is a Linux kernel use-after-free in the MHI path for qrtr (net: qrtr: Avoid potential use after free in MHI send). The issue occurs because the MHI ul_callback could run immediately after queuing an skb, potentially decrementing the associated skb’s refcount and freeing it, which m...

CVE-2023-52923

CVE-2023-52923 — Linux kernel netfilter nf_tables GC transaction API fix . The issue concerns the nf_tables set backend in the Linux kernel, where the GC transaction API replaces the old GC and busy-mark approach. The patch changes: sets the _DEAD bit to hide removed elements instead of removing ...

CVE-2024-53144

CVE-2024-53144 corresponds to a Linux kernel Bluetooth issue: “Bluetooth: hci_event: Align BR/EDR JUST_WORKS pairing with LE” which aligns BR/EDR JUST_WORKS with LE and interacts with policy that now requires user confirmation. Connected items show concrete detail for CVE-2024-8805 (BlueZ HID ove...

CVE-2025-21659

CVE-2025-21659 relates to the Linux kernel where the netdev subsystem previously allowed NAPI instances to be accessed across different network namespaces. The underlying issue was that NAPI IDs were not fully namespace-aware before the netlink API, allowing potential cross-namespace exposure of ...

CVE-2024-26980

CVE-2024-26980 is confirmed with concrete technical details in connected Astra Linux bulletin: Linux kernel ksmbd slab-out-of-bounds in smb2_allocate_rsp_buf when SMB2_TRANSFORM_PROTO_NUM is used; an SMB2 request smaller than sizeof(struct smb2_query_info_req) could trigger a slab read before buf...

CVE-2024-26994

CVE-2024-26994 (Linux kernel) is a concrete vulnerability: the Speakup console driver may crash when a very long word (>256 chars) is presented, due to a buffer length issue. The fix prevents using a word buffer beyond its limit, stopping word processing before overflow. Connected Astra Linux ...

CVE-2024-27073

CVE-2024-27073 concerns the Linux kernel media/ttpci budget code. The connected sources describe two memory leaks in budget_av_attach that occur when saa7146_register_device or saa7146_vv_init fail, and that budget_av_attach should free resources similarly to the error-handling in ttpci_budget_in...

CVE-2024-27054

The CVE-2024-27054 issue resides in the Linux kernel s390/dasd path where the module refcount could be decremented twice due to manual handling of refcounts after device association. The vulnerability results in an artificial decrease of the module’s refcount on each error path, rather than keepi...

CVE-2024-26880

CVE-2024-26880 (Linux kernel) summary The issue concerns the DM stack’s suspend/resume flow: dm_internal_resume previously called origin_postsuspend/DM targets’ resume in a way that could corrupt the hash_list due to paired suspend/resume calls being mismatched. The fix changes __dm_internal_resu...

CVE-2024-26950

CVE-2024-26950 concerns the Linux kernel's WireGuard netlink handling. The connected documents confirm a concrete issue in the kernel’s WireGuard netlink path where a NULL peer->device could be dereferenced. The fix changes the device retrieval to ctx->wg (i.e., obtain the device from the c...

CVE-2024-26889

CVE-2024-26889 refers to a Linux kernel security fix for a Bluetooth (hci_core) buffer overflow. The root cause was a fixed-size name field in struct hci_dev_info (name[8]); a larger hdev->name could cause strcpy to overrun its destination. The fix switches to strscpy to safely copy the device...

CVE-2024-26940

CVE-2024-26940 refers to a Linux kernel issue in drm/vmwgfx where /sys/kernel/debug/dri/0/mob_ttm could be created even if the corresponding ttm_resource_manager was not allocated, risking a crash when reading the file. The fix adds checks to only create mob_ttm, system_mob_ttm, and gmr_ttm debug...

CVE-2024-53240

The CVE-2024-53240 entry refers to a Xen netfront crash in the Linux kernel. The issue occurs when removing a netfront device directly after a suspend/resume cycle, where queues may not be reinitialized and a crash can happen when stopping them. The fix is to check that the queues exist before st...

CVE-2024-53148

CVE-2024-53148 affects the Linux kernel (comedi: Flush partial mappings in error case). If remap_pfn_range() partially succeeded before a failure, user mappings can remain in place until the mmap error path is taken; the fix explicitly flushes all mappings in the VMA on error. A commit titled mm:...

CVE-2024-26894

CVE-2024-26894 affects the Linux kernel: ACPI: processor_idle memory leak after CPU idle device unregister. Root cause: memory allocated for acpi_processor_power_exit is not freed. Remediation: free the CPU idle device after unregistering it (kernel patch cited in multiple advisories).

CVE-2024-26956

CVE-2024-26956 covers a kernel vulnerability in nilfs2 within the Linux kernel. The issue has two flaws: (1) nilfs_get_block() may misinterpret a DAT-corrupted data block as existing, due to DAT translation returning -ENOENT; and (2) after this inconsistency, the caller may request a read on an u...

CVE-2024-27393

CVE-2024-27393 involves the Linux kernel: xen-netfront missing skb_mark_for_recycle call due to history of page_pool_release_page usage. The root cause is that skb_mark_for_recycle() was introduced after fixes tag and a missing call to page_pool_release_page() in older revisions (v5.9–v5.14). Fro...

CVE-2024-42139

CVE-2024-42139 affects the Linux kernel component related to ice/extts handling for PTP; when the driver is removed while an application using ts2phc is running, a previously enabled extts event may remain active, potentially causing a kernel crash. On driver reload, a remaining extts event for t...

CVE-2021-46976

CVE-2021-46976 refers to a Linux kernel vulnerability in drm/i915: Fix crash in auto_retire. The issue arises from using the two lower bits of the retire function pointer to store flags, and because auto_retire may not be 4-byte aligned, this can cause a jump to an incorrect address and a crash. ...

CVE-2024-26991

CVE-2024-26991 relates to the Linux kernel KVM x86/mmu path. The vulnerability stems from overflow of the lpage_info array when checking attributes during KVM_SET_MEMORY_ATTRIBUTES, which can lead to a vmalloc-out-of-bounds read in hugepage attribute checks (observed as KASAN: vmalloc-out-of-boun...

CVE-2024-27041

CVE-2024-27041 affects the Linux kernel DRM AMD display path. The issue is a NULL-ptr dereference in amdgpu_dm_fini() if adev->dm.dc is NULL before dc_enable_dmub_notifications(). The fix consolidates NULL checks under a single conditional and ensures safe access prior to deinitialization, per...

CVE-2024-53241

CVE-2024-53241 affects the Linux kernel when running with Xen PV guests. The root cause is an unsafe PV iret hypercall path via the Xen hypercall page. The fix replaces the hypercall-page jump with an inlined sequence in xen-asm.S to stop using the hypercall page, preparing for its removal due to...

CVE-2025-21664

CVE-2025-21664 affects the Linux kernel’s device-mapper thin provisioning path (dm-thin). The issue arises from get_first_thin using a sequence of RCU-safe list operations (list_empty_rcu() followed by list_first()) that perform separate READ_ONCE()s of the list head, which can yield inconsistent...

CVE-2025-21678

CVE-2025-21678 affects the Linux kernel gtp driver. The root cause was in gtp_newlink(), which linked a created UDP tunnel device to the wrong netns (dev_net instead of src_net). This caused the gtp device to remain in the wrong namespace even after the source namespace was deleted, leading to a ...

CVE-2022-48669

CVE-2022-48669 : In the Linux kernel, the powerpc/pseries path had a memleak in papr_get_attr() where a krealloc() could fail and the original buffer would not be freed. The fix ensures the original buf is freed on allocation failure. Affected: Linux kernel (powerpc/pseries implementation); Root ...

CVE-2025-21653

CVE-2025-21653 affects the Linux kernel net_sched flow classifier (net/sched/cls_flow.c). The vulnerability was due to missing validation of TCA_FLOW_RSHIFT, which could trigger undefined behavior (UB) and a shift-out-of-bounds on large 32-bit shifts, as shown by UBSAN. Connected advisories (Astr...

CVE-2024-56570

CVE-2024-56570 – Linux kernel ovl (overlayfs) : The vulnerability arises in the ovl module where directory inodes that lack the lookup function could be processed, potentially triggering errors in overlayfs when passed to the lowerstack. The fix adds a check in ovl_dentry_weird() to filter/skip i...

CVE-2024-53158

CVE-2024-53158 relates to the Linux kernel: in soc: qcom: geni-se, an array underflow in geni_se_clk_tbl_get() occurred because a loop’s break condition using clk_round_rate() poorly handled the first iteration, causing reads before the start of these->clk_perf_tbl[]. The issue was fixed in th...

CVE-2025-21668

CVE-2025-21668 (Linux kernel) : A missing loop break in the imx8mp_blk_ctrl_remove path (imx8mp_blk_ctrl) allows the for loop to run out of bounds, potentially affecting system shutdown/reboot flows. The vulnerability is tied to the imx8mp domain handling in dev_pm_domain_detach during platform s...

CVE-2024-56531

CVE-2024-56531 : In the Linux kernel, ALSA: caiaq had a vulnerability where the USB disconnect callback could block USB ioctls due to using snd_card_free() (waiting for all fds to close). The fix replaces snd_card_free() with snd_card_free_when_closed(), enabling asynchronous resource release and...

CVE-2024-56690

CVE-2024-56690 : Linux kernel crypto: pcrypt fix for -EBUSY/-EAGAIN. After commit 8f4f68e7, padata_do_parallel() may return -EAGAIN for pcrypt encrypt/decrypt when CPUs go online/offline, triggering a WARN/panic under panic_on_warn. The remediation is to call the crypto layer directly (no paralle...

CVE-2025-21655

CVE-2025-21655 affects the Linux kernel io_uring/eventfd path. The root cause is that io_eventfd_do_signal() frees an io_ev_fd immediately when the refcount drops to zero, instead of deferring to a subsequent RCU grace period. The fix defers freeing by calling io_eventfd_put() (replacing the inli...

CVE-2024-27040

CVE-2024-27040 concerns a NULL pointer dereference in the Linux kernel DRM AMD display code. Specifically, edp_set_replay_allow_active() may dereference replay when replay is NULL after the conditional that checks replay in the first if. The vulnerability occurs if link->replay_settings.replay...

CVE-2024-53160

CVE-2024-53160 : The MiracleLinux advisory confirms a Linux kernel data-race in rcu/kvfree between __mod_timer/kvfree_call_rcu and kfree_rcu_monitor. The fix acquires krcp->lock in kfree_rcu_monitor to ensure both functions do not race when updating krcp->monitor_work.timer.expires, address...

CVE-2025-21702

The CVE CVE-2025-21702 concerns a bug in Linux kernel pfifo_tail_enqueue where, when sch->limit == 0, a path can cause qlen to be increased to one even if a preceding drop would have kept it at zero. This leads to a mismatch where a parent qlen no longer equals the sum of its children’s qlen, ...

CVE-2025-21660

Technical details for CVE-2025-21660 are not provided in the supplied documents. No affected products, root cause, or remediation are disclosed here; monitor for updates from official advisories.

CVE-2025-21648

CVE-2025-21648 affects the Linux kernel netfilter conntrack code. The vulnerability arises from the hashtable resize path where the maximum size could exceed practical limits, risking a WARN_ON_ONCE in __kvmalloc_node_noprof() when __GFP_NOWARN is unset. The fix clamps the conntrack hashtable siz...

CVE-2024-26977

CVE-2024-26977 — Linux kernel MMIO leak due to broken guarding of iounmap(). The vulnerability arises because the ARCH_HAS_GENERIC_IOPORT_MAP guard was applied to iounmap() in pci_iounmap(), causing MMIO mappings to leak. The fix relocates the guard so iounmap() is called for MMIO mappings, preve...

CVE-2024-27005

CVE-2024-27005 : The vulnerability is a race in the Linux kernel interconnect subsystem where the req_list of icc_node could be modified while icc_set_bw() iterates it, due to locking not guaranteeing mutual exclusion between icc_bw_lock and icc_lock. The issue arises after splitting icc_lock and...

CVE-2024-56709

CVE-2024-56709 — Linux kernel io_uring race condition : The vulnerability arises when a task’s work is queued after the task has gone through io_uring termination, potentially finding the io_wq pointer already killed and null. The fix adds a guard so that io_queue_iowq() will fail in this scenari...

CVE-2023-52653

CVE-2023-52653 : Linux kernel SUNRPC fix for a memory leak in gss_import_v2_context. The ctx->mech_used.data allocated via kmemdup was not freed on error, nor by gss_import_v2_context or its caller. The patch adjusts the final call of gss_import_v2_context to gss_krb5_import_ctx_v2 to prevent ...

CVE-2024-56589

CVE-2024-56589 affects the Linux kernel’s scsi/hisi_sas path, where on no-forced preemption kernels an expander connected to 12 SAS SSDs could trigger a watchdog soft lockup due to interrupt handling on a single CPU. The provided details confirm the vulnerability’s root cause as a missing cond_re...