CVE-2025-21899

CVE-2025-21899 affects the Linux kernel tracing subsystem. The issue arises in the hist_trigger handling where enabling a trigger wrongly interacts with the named_triggers list, leading to a crash when the list is traversed during unregister/cleanup. The root cause is described in the initial rep...

CVE-2024-38604

Technical details about CVE-2024-38604 are not publicly provided in the Connected Documents. The Initial Description mentions refinements to the Linux kernel blkdev_iomap_begin EOF check, but there are no vendor/product/version specifics or remediation details in the supplied material.

CVE-2024-42133

CVE-2024-42133 : Linux kernel Bluetooth stack fix. The vulnerability arises from not filtering excessively large handle values in BIG, risking ida handles being released incorrectly during hci_conn_cleanup. The fix adds filtering in hci_le_big_sync_established_evt to ignore handles outside valid ...

CVE-2024-43865

Technical details for CVE-2024-43865 are not provided in the supplied documents. No information on affected product versions, impact, or remediation is present. Monitor for updates from official advisories.

CVE-2024-44971

CVE-2024-44971 relates to the Linux kernel bcm_sf2 (net: dsa) driver. The issue was a memory leak in bcm_sf2_mdio_register(): after of_phy_find_device() returns devices, phy_device_remove() is called in a loop but the refcount on the PHY device was not decremented, as get_device() incremented it ...

CVE-2024-46854

CVE-2024-46854 – Linux kernel net: dpaa padding has been fixed. When sending small packets (

CVE-2024-49867

CVE-2024-49867 relates to the Linux kernel bug in btrfs during unmount. The issue occurred because the code could wake and stop the cleaner kthread and then free its resources before waiting for pending fixup workers, leading to a potential use-after-free when a fixup worker wakes a freed cleaner...

CVE-2024-49996

CVE-2024-49996 affects the Linux kernel CIFS code: buffer overflow when parsing NFS reparse points. Root cause: ReparseDataLength is the sum of InodeType size and DataBuffer size; to compute DataBuffer size, InodeType size must be subtracted. The function cifs_strndup_from_utf16() currently acces...

CVE-2024-50059

CVE-2024-50059 affects the Linux kernel’s ntb subsystem for Switchtec NTB: a race between switchtec_ntb_add/init_sndev binding and switchtec_ntb_remove freeing sndev can lead to a use-after-free of sndev from its scheduled check_link_status_work. The provided description and patches indicate the ...

CVE-2024-50063

CVE-2024-50063 concerns the Linux kernel BPF tail calls where a program attached to one kernel hook tail-calling another with a different prototype could bypass ctx-parameter verification and return-value constraints. The issue arises when progs attached to func1 and func2 have different paramete...

CVE-2024-50125

The CVE-2024-50125 entry describes a Linux kernel Bluetooth SCO use-after-free issue: sco_sock_timeout may reference a conn that was unlinked/freed while waiting for sco_conn_lock. The patch fixes UAF by verifying that conn->sk is still valid (part of sco_sk_list) before use. Impact is High if...

CVE-2024-50131

CVE-2024-50131 affects the Linux kernel tracing subsystem, where length validation for events didn’t account for the NULL terminator. strlen() reports length excluding the trailing null, so if the string length equals the maximum buffer, there is no room for the NULL terminator, allowing potentia...

CVE-2024-50147

CVE-2024-50147 affects the Linux kernel mlx5 subsystem. The issue stems from improper initialization of the command bitmask for MANAGE_PAGES and from mlx5_cmd_trigger_completions() attempting to trigger a completion for MANAGE_PAGES, which could cause a null-deref if a health error occurs before ...

CVE-2024-53145

CVE-2024-53145 – Linux kernel integer overflow in physmem setup : The vulnerability occurs when the real map size is greater than LONG_MAX, which can be triggered on UML/i386, leading to an overflow during physical memory (physmem) setup. The connected Astra Linux security bulletin mirrors the Li...

CVE-2024-53236

CVE-2024-53236 (Linux kernel) : The vulnerability occurs in the XDP/AF_XDP path where, if a newly allocated skb for an xsk descriptor is created but its TX metadata options are later deemed invalid, the skb is not freed. This can leak skbs until the send buffer is full, preventing further packet ...

CVE-2024-56569

Technical details about CVE-2024-56569 are not publicly provided in the supplied documents. No vendor/product/version specifics, exploit info, or remediation details are present beyond the initial description. Monitor for updates.

CVE-2024-56640

CVE-2024-56640 affects the Linux kernel (net/smc) and describes a use-after-free caused by mismanaged refcount of LGRs/links. The issue manifests as refcount_t: addition on 0 or underflow during concurrent operations, leading to premature resource release and unsafe access. The root cause is repe...

CVE-2024-56716

CVE-2024-56716 affects the Linux kernel via netdevsim: nsim_dev_health_break_write() accepts a zero or excessively large count, which can crash the kernel. Connected advisories indicate this CVE is addressed in kernel updates for various distributions (e.g., Debian LTS, Mariner/Mageia/Amazon Linu...

CVE-2024-58005

CVE-2024-58005 in the Linux kernel has concrete details in the connected documents: the root cause is a memory allocation path in the TPM eventlog ACPI handling that could allocate an oversized 16 MiB buffer due to how the order parameter is mapped. The patched fix changes the allocation strategy...

CVE-2024-58014

The CVE-2024-58014 entry concerns a Linux kernel vulnerability in the wifi brcmsmac driver. In wlc_phy_iqcal_gainparams_nphy(), a gain range check was missing, risking out-of-bounds access to tbl_iqcal_gainparams_nphy. The issue has a fixed variant where the code now WARN()s on out-of-range value...

CVE-2024-58058

CVE-2024-58058 affects the Linux kernel ubifs component. The root cause is a null pointer dereference when c->zroot.znode becomes NULL (after slab cache clearing), causing a crash during tnc tree dumping. The vulnerability is described as resolved, with references in multiple advisories indica...

CVE-2025-21796

CVE-2025-21796 concerns the Linux kernel NFS server (nfsd). Affected path: acl_access/acl_default handling when acl_default release fails, leaving acl_access with a dangling pointer to a released posix_acl. This can trigger a use-after-free and a kernel panic if warnings are treated as fatal. The...

CVE-2025-21839

CVE-2025-21839 : Linux kernel KVM/x86 vulnerability where DR6 value for a guest could be stale when a VM-Exit occurs, due to loading guest DR6 inside the core vcpu_run() loop for DR6 while DR0–DR3 are handled outside. The fix moves the conditional loading of the hardware DR6 with the guest’s DR6 ...

CVE-2025-37796

CVE-2025-37796 affects the Linux kernel wifi driver for at76c50x. The root cause is a use-after-free in at76_disconnect: after freeing the priv object (via ieee80211_free_hw) the code accesses the freed object’s udev field to manage the USB device, which can also cause a memory leak. The issue is...

CVE-2025-37798

CVE-2025-37798 affects the Linux kernel networking code. The fix removes the qlen check in fq_codel_dequeue() and codel_qdisc_dequeue() after making sch->qlen_notify() callbacks idempotent. The description indicates the vulnerability related to backlog/queue length handling in qdisc code (code...

CVE-2014-7975

CVE-2014-7975 : The Linux kernel up to 3.17 allows a local user to trigger DoS by remounting root read-only without CAP_SYS_ADMIN. This occurs in do_remount_sb invoked via unshare/mount flows, clearing MNT_LOCKED and issuing MNT_FORCE unmount. Connected Nessus advisories for Unity Linux reference...

CVE-2016-3070

CVE-2016-3070 affects the Linux kernel: the trace_writeback_dirty_page implementation (in include/trace/events/writeback.h) improperly interacts with mm/migrate.c, allowing a local attacker to trigger a NULL pointer dereference and system crash by triggering a certain page move. The publicly docu...

CVE-2017-0561

CVE-2017-0561 is a Broadcom Wi‑Fi firmware flaw in Android that affects Broadcom Wi‑Fi devices and enables remote code execution in the Wi‑Fi SoC via the TDLS implementation. Debian LTS advisory and Mageia/Chrome advisories summarize the issue as a Broadcom TDLS flaw that could let an attacker on...

CVE-2017-15116

CVE-2017-15116 affects the Linux kernel rngapi_reset() in crypto/rng.c, vulnerable before version 4.2. The issue allows a local attacker to trigger a NULL pointer dereference, causing a denial of service. Connected Nessus advisories (Unity Linux and EulerOS entries) reiterate the same description...

CVE-2017-16533

CVE-2017-16533 affects the Linux kernel’s usbhid_parse() in drivers/hid/usbhid/hid-core.c up to and including version 4.13.7; a crafted USB device can cause an out-of-bounds read, leading to local denial of service or a crash. Affected component: HID USB host controller driver (usbhid). Root caus...

CVE-2017-6347

The CVE-2017-6347 entry describes a vulnerability in the Linux kernel (net/ipv4/ip_sockglue.c: ip_cmsg_recv_checksum) when built before version 4.10.1. The flaw arises from incorrect assumptions about skb data layout, allowing a local attacker to trigger a denial of service via a buffer over-read...

CVE-2019-11683

CVE-2019-11683 affects the Linux kernel 5.x prior to 5.0.13, caused by mishandling of padded UDP packets in udp_gro_receive_segment (net/ipv4/udp_offload.c). This can enable a remote attacker to cause a denial of service (slab-out-of-bounds memory corruption) and potentially other impact via UDP ...

CVE-2020-10742

CVE-2020-10742 : The Linux kernel vulnerability is an index buffer overflow during Direct IO writes that can cause the NFS client to crash and, in some cases, a kernel panic after a kmalloc memory allocation has a reach-out beyond the allocated buffer. The described impact includes data confident...

CVE-2021-47257

The CVE-2021-47257 issue affects the Linux kernel net: ieee802154 code, where a logic error could cause a NULL pointer dereference when the user sets the addr-type mode incorrectly. The patch fixes this NULL-dereference path in parse_dev_addr. The vulnerability is described as a local issue with ...

CVE-2021-47544

CVE-2021-47544 affects the Linux kernel TCP path, specifically the page frag allocation in sk_page_frag() during a page fault on an mmapped user buffer from CIFS. The nested memory access triggers page-frag modifications that corrupt the TCP stream, observed in HTTP transfers served by Apache ove...

CVE-2022-1651

CVE-2022-1651 affects the Linux kernel in the ACRN Device Model (acrn_dev_ioctl in drivers/virt/acrn/hsm.c). The vulnerability is a memory leak during ioctl handling that can be exploited locally by a privileged user to leak kernel information and cause a denial of service. Public documents ident...

CVE-2022-48760

The CVE-2022-48760 entry concerns a Linux kernel USB subsystem hang in usb_kill_urb() caused by memory-access ordering issues (SB pattern) between usb_kill_urb() and __usb_hcd_giveback_urb() on SMP systems. The vulnerability is fixed by adding memory barriers, specifically using the smp_mb__after...

CVE-2022-49034

CVE-2022-49034 relates to a Linux kernel issue where, when CONFIG_CPUMASK_OFFSTACK and CONFIG_DEBUG_PER_CPU_MAPS are enabled, cpu_max_bits_warn() emits a runtime warning while reading /proc/cpuinfo due to iterating CPUs with NR_CPUS. The patch fixes the warning by iterating up to nr_cpu_ids (runt...

CVE-2022-49087

The CVE-2022-49087 entry documents a race in Linux kernel networking code: rxrpc_exit_net() may exit while rxnet->peer_keepalive_timer is still armed, allowing a use-after-free via the rxrpc_peer_keepalive_timeout path. A fix was committed to address this race (in the kernel and mirrored in As...

CVE-2022-49379

In CVE-2022-49379, the Linux kernel suffers a regression in driver core wait_for_device_probe() interaction with deferred_probe_timeout, causing NFS rootfs mounting to time out when deferred_probe_timeout is non-zero. The root cause was that ip_auto_config() waited for current deferred probes, bu...

CVE-2022-49511

CVE-2022-49511: A race in the Linux kernel fbdev defio path allows pagelist corruption when one thread adds page->lru to the pagelist tail in fb_deferred_io_mkwrite() while another re-initializes the same list in fb_deferred_io_fault() without proper locking. The documented fix initializes all...

CVE-2022-49574

CVE-2022-49574 is a Linux kernel security issue involving a data race in reading the sysctl_tcp_recovery variable within the TCP stack. The root cause is concurrent modification of sysctl_tcp_recovery while it is being read, which could lead to inconsistent reads or memory corruption. The descrip...

CVE-2022-49655

CVE-2022-49655 pertains to the Linux kernel fscache invalidation/lookup race. When an NFS file is opened for writing and closed, invalidation requests could be dropped if the cookie was in LOOKING_UP or CREATING, risking cache inconsistency. The fix adds a flag in __fscache_invalidate() to mark t...

CVE-2022-49715

The CVE-2022-49715 issue affects the Linux kernel’s irqchip/gic-v3 code, specifically gic_populate_ppi_partitions. The root cause is a refcount leak caused by of_find_node_by_phandle() returning a node pointer with an elevated refcount that was not balanced with of_node_put(). The documented fix ...

CVE-2023-40791

The CVE-2023-40791 issue is in the Linux kernel’s extract_user_to_sg (lib/scatterlist.c), where pages may not be properly unpinned in a specific scenario, evidenced by a WARNING for try_grab_page. The connected Nessus entry corroborates affected code and versions: Linux kernel before 6.4.12. This...

CVE-2023-52524

CVE-2023-52524 (Linux kernel) affects the net:nfc:llcp subsystem. The issue arises from modifying the device list without holding the required lock, which could allow list corruption as observed by syzbot. The vulnerability is local and requires privileges, with a high impact on confidentiality, ...

CVE-2023-52880

CVE-2023-52880 affects the Linux kernel tty subsystem, specifically the N_GSM0710 ldisc. The issue allowed attaching the N_GSM0710 line discipline without privileges, but creating a GSM network would require CAP_NET_ADMIN. The advisory indicates that CAP_NET_ADMIN is now required in the initial n...

CVE-2024-0639

CVE-2024-0639 is a denial-of-service vulnerability in Linux kernel SCTP: a deadlock in sctp_auto_asconf_init (net/sctp/socket.c) can be triggered by guests with local privileges, potentially crashing the system. Some connected advisories (Unity Linux UTSA-2026-001762 and Red Hat/SUSE notes) indic...

CVE-2024-26636

CVE-2024-26636 : In the Linux kernel, the llc_ui_sendmsg() path could allocate an skb with insufficient headroom and then push an Ethernet header, triggering a bug path when the socket lock is reacquired. The fix reserves space with LL_RESERVED_SPACE(), re-checks all conditions after reacquiring ...

CVE-2024-26778

CVE-2024-26778 concerns a flaw in the Linux kernel fbdev sav age driver (savage) where an unchecked pixclock input to ioctl() can cause a divide-by-zero. The advisory notes that pixclock is partly validated in savagefb_decode_var() but not sufficiently in savagefb_probe(); the fix introduces a ch...