CVE-2024-35962

CVE-2024-35962 (Linux kernel netfilter nf_tables) involves incomplete validation of user input in netfilter: complete validation of user input. Root cause: do_replace() handlers use copy_from_sockptr() followed by unsafe copy_from_sockptr_offset() without validating optlen early enough; the patch...

CVE-2024-36929

CVE-2024-36929: Linux kernel vulnerability in net/core skb handling (fraglist GSO skbs). Root cause: skb_copy/ skb_copy_expand could linearize fraglist GSO skbs, creating invalid SKBs and potential crash on a future skb_gso_segment. Fix: skb_copy and skb_copy_expand now return NULL when a fraglis...

CVE-2024-36956

CVE-2024-36956 affects the Linux kernel’s thermal subsystem (thermal/debugfs). The root cause is that thermal_debug_tz_remove() does not free all allocated memory for thermal zone diagnostics when a zone is removed, making some memory unreachable. The vulnerability is addressed by modifying therm...

CVE-2024-36977

CVE-2024-36977: Linux kernel vulnerability in USB DWC3 EndXfer handling resolved by adding a 1 ms delay to ENDXFER completion in __dwc3_stop_active_transfer() for controller revisions including >= 3.10a. Affected component: DWC3 USB gadget/drivers in the Linux kernel; root cause was waiting un...

CVE-2024-36979

CVE-2024-36979 is a Linux kernel vulnerability in the bridge mst path (net/bridge/br_mst.c/br_private.h) where a vlan could be freed while walking a list, causing a use-after-free via RCU. The issue arose from suspicious RCU usage and a path involving br_forward_delay_timer and br_mst_set_state. ...

CVE-2024-39500

Summary: CVE-2024-39500 describes a Linux kernel race in sock_map between sock_map_close and sk_psock_put that could trigger a WARN_ON_ONCE when a psock is being closed while another thread creates and closes a socket in the map. The fix reworks the psock lifecycle: sk_psock_get returns NULL only...

CVE-2024-40930

The CVE-2024-40930 issue in the Linux kernel affects wifi cfg80211 by failing to validate the HE operation element length before parsing. The fix is to validate the length prior to parsing, which mitigates potential misuse. The advisory indicates the vulnerability has been resolved in the Linux k...

CVE-2024-40983

CVE-2024-40983 affects the Linux kernel TIPC path. The issue arises when crypto requests are asynchronous and the skb’s destination entry may be accessed after leaving the RCU region; the fix is to force a destination reference count before entering XFRM input/output handlers. In TIPc, skb_dst_fo...

CVE-2024-43873

CVE-2024-43873 describes a Linux kernel issue in vhost/vsock where seqpacket_allow could be read uninitialized due to not being initialized at socket creation, and could remain uncleared when VIRTIO_VSOCK_F_SEQPACKET is cleared. The fix initializes seqpacket_allow after allocation and uncondition...

CVE-2024-43910

CVE-2024-43910 targets the Linux kernel. The vulnerability arises from a missing check in the BPF verifier when handling global function arguments, specifically for ARG_PTR_TO_DYNPTR | MEM_RDONLY, and lax type matching in process_dynptr_func(). The result could be out-of-bounds memory accesses wi...

CVE-2024-45026

CVE-2024-45026 : In the Linux kernel (s390 DASD), data corruption could occur on Extent Space Efficient (ESE) or thin-provisioned volumes during error scenarios. The root cause was an imprecise length check in dasd_ese_needs_format that could mis-handle certain transport errors, potentially corru...

CVE-2024-49952

CVE-2024-49952 relates to a Linux kernel vulnerability in nf_tables/netfilter where nf_dup_ipv4() and nf_dup_ipv6() could write to a per-cpu nf_skb_duplicated variable unsafely. Syzkaller traced improper use of __this_cpu_write() in preemptible code, and the fix requires disabling soft interrupts...

CVE-2024-49954

CVE-2024-49954: Linux kernel vulnerability fixed by replacing WARN_ON with pr_warn in static_call_module_notify() to avoid unnecessary fatal behavior on __static_call_add_module() memory allocation failures. The WARN_ON() could panic when panic_on_warn is set, whereas the memory allocation failur...

CVE-2024-49969

CVE-2024-49969 affects the Linux kernel DRM AMD/DCN30 color management path. The vulnerability arises in the function cm3_helper_translate_curve_to_hw_format when an index 'i' can exceed TRANSFER_FUNC_POINTS, risking an index/out-of-bounds condition and triggering a buffer overflow in output_tf-&...

CVE-2024-50102

CVE-2024-50102 : The connected advisories indicate a Linux kernel x86 issue where using the high address bit to classify user vs. kernel space enabled a speculative-execution leak for non-canonical addresses. The root cause involves non-canonical address handling and an evolving AC/bit behavior a...

CVE-2024-50168

CVE-2024-50168 affects the Linux kernel component net/sun3_82586. A memory leak could occur in sun3_82586_send_packet() when skb->len is too long, as the function previously returned NETDEV_TX_OK without freeing the socket buffer (skb). The fix adds dev_kfree_skb() to free the skb in that code...

CVE-2024-50230

CVE-2024-50230 affects the Linux kernel in the nilfs2 subsystem. The issue was caused by not clearing the historical “checked” flag on pages/folios when nilfs2 discarded them, which could cause the directory-entry sanity check to be skipped when reloading a directory page/folio after filesystem c...

CVE-2024-50233

CVE-2024-50233 concerns the Linux kernel: in staging: iio: frequency: ad9832, ad9832_write_frequency() may divide by clk_get_rate() which can be 0, leading to a division by zero in ad9832_calc_freqreg(). The fout value comes from user-controlled text and the zero-rate edge case is not protected b...

CVE-2024-50290

CVE-2024-50290 is a Linux kernel vulnerability affecting the media: cx24116 driver. The issue arises when reading SNR registers: if the read fails, a negative value could be returned, causing an underflow. The fix prevents that underflow by ensuring reading SNR registers does not produce a negati...

CVE-2024-53180

Technical details and affected products/versions for CVE-2024-53180 are not present in the connected documents. The initial description summarizes a Linux kernel change but lacks explicit exploit, affected driver/version, or patch details. Monitor vendor advisories for updates.

CVE-2024-56578

Technical details about CVE-2024-56578 are not provided in the connected documents. The initial description summarizes the vulnerability; monitor vendor advisories for full details and remediation.

CVE-2024-56581

CVE-2024-56581 affects the Linux kernel’s Btrfs code. The issue is a use-after-free in btrfs_ref_tree_mod() after inserting a new ref entry into a block entry’s rb-tree when an unexpected action (BTRFS_DROP_DELAYED_REF) is encountered. The error path freed the ref entry without removing it from t...

CVE-2024-56593

CVE-2024-56593 – Linux kernel (brcmfmac wifi driver) Root cause: NULL pointer dereference in brcmf_sdiod_sglist_rw() when a high sd_sgentry_align value (e.g., 512) and a large number of queued SKBs cause the pre-allocated sgtable to run out of entries. The calculation uses nents = max(rxglom_size...

CVE-2024-56643

CVE-2024-56643: In the Linux kernel, a memory leak in dccp_feat_change_recv can occur when dccp_feat_push_confirm() fails after a new SP feature value is accepted (entry == NULL branch). The memory allocated for the SP feature value via dccp_feat_clone_sp_val() may not be freed, potentially leadi...

CVE-2024-56659

CVE-2024-56659 – Linux kernel (net/lapb) Description in scope indicates a fix for LAPB header length: the patch increases LAPB_HEADER_LEN and notes uncertainty whether net/lapb is ready for 8021q. The primary observed failure is a kernel crash related to sk_buff handling (skb_under_panic) in net/...

CVE-2024-56724

CVE-2024-56724 affects the Linux kernel MFD driver for Intel/PMIC (intel_soc_pmic_bxtwc). The connected docs confirm a concrete root cause: the driver previously treated TMU devices under a single IRQ domain, causing mismatched IRQ domains across MFD devices. The fix is to rework the driver to us...

CVE-2024-58009

CVE-2024-58009 : In the Linux kernel, a NULL sock pointer could reach l2cap_sock_alloc() when invoked from l2cap_sock_new_connection_cb(), with error paths not handling NULL. The vulnerability was resolved by ensuring NULL checks (and related path awareness) in the Bluetooth L2CAP layer, effectiv...

CVE-2024-58051

CVE-2024-58051 is a Linux kernel vulnerability affecting the IPMI/IPMB driver where devm_kasprintf() can return NULL on failure and its return value was not checked, leading to a NULL pointer dereference. The issue is categorized as Memory Safety with a high availability impact in the CVSS contex...

CVE-2024-58052

CVE-2024-58052 — Linux kernel (drm/amdgpu) NULL pointer dereference . The bug occurs in atomctrl_get_smc_sclk_range_table: if smu_atom_get_data_table() fails, it returns NULL and is dereferenced later. The description notes the code path is invoked on Polaris chips, and the vbios data table shoul...

CVE-2025-21672

CVE-2025-21672 concerns the Linux kernel, specifically the afs module, where a fix guards against a lock being left held when returning to userspace. The root cause is described as a scenario where if argc is less than 0 and a function returns directly, an inode mutex lock is not released. The pa...

CVE-2025-21831

CVE-2025-21831 covers a Linux kernel PCI issue: on some TUXEDO Sirius Gen1 systems, a BIOS-specific wakeup failure caused suspend-time root-port D3hot entry. Root cause is a policy change from commit 9d26d3a8f1b0 that allowed all PCIe ports to enter D3, which could hang on resume for the affected...

CVE-2025-21844

CVE-2025-21844 affects the Linux kernel SMB client path. The vulnerability could allow a NULL pointer dereference in the receive_encrypted_standard() path due to missing checks, which could crash the kernel. The fix adds checks for the next_buffer in receive_encrypted_standard() and validates the...

CVE-2025-21904

CVE-2025-21904 affects the Linux kernel’s caif_virtio path. The vulnerability stems from a wrong pointer check in cfv_probe: del_vqs() frees virtqueues, and the code previously dereferenced cfv->vdev before confirming NULL. The correct check is cfv->vq_tx for NULL prior to del_vqs(). Upstre...

CVE-2025-21935

In CVE-2025-21935, the Linux kernel rapidio subsystem fixes a missing check in rio_scan_alloc_net(): the return value of rio_add_net() must be checked, and if it fails, put_device() should be called to free memory and drop the reference from rio_add_net(). This prevents potential memory leaks and...

CVE-2025-37823

CVE-2025-37823: In Linux kernel net_sched hfsc, there is a potential use-after-free (UAF) in hfsc_dequeue() that has been fixed. The patch adds safety guards around hfsc_dequeue() to prevent UAF, addressing a vulnerability in the hfsc class handling. The description notes no reliable reproducer p...

CVE-2010-3881

The CVE-2010-3881 issue affects the Linux kernel arch/x86/kvm/x86.c, where several structure members are not initialized in versions prior to 2.6.36.2. This can allow local users to read potentially sensitive data from kernel stack memory via /dev/kvm. The documented fix is in kernel 2.6.36.2 (an...

CVE-2013-7445

CVE-2013-7445 : In the Linux kernel DRM subsystem, the Graphics Execution Manager (GEM) object handling (through GEM requests) is mishandled, allowing a context-aware attacker to cause a denial of service via memory exhaustion. The exploitation described uses JavaScript creating many CANVAS eleme...

CVE-2016-2186

The CVE-2016-2186 entry concerns the Linux kernel powermate_probe in drivers/input/misc/powermate.c, where kernels prior to 4.5.1 are vulnerable. A physically proximate attacker can trigger a denial of service (NULL pointer dereference and system crash) by sending a crafted endpoints value in a U...

CVE-2016-9083

CVE-2016-9083 affects the Linux kernel VFIO PCI driver. The vulnerability is a state machine confusion bug in vfio_pci.c that lets a local attacker bypass integer overflow checks and trigger memory corruption, potentially causing a denial of service. Root cause is related to VFIO_DEVICE_SET_IRQS ...

CVE-2017-15126

CVE-2017-15126 affects the Linux kernels fs/userfaultfd.c, where an improper fork handling during event processing can cause a fork event to be removed from an already freed list, i.e., a use-after-free condition. Affected are kernels before 4.13.6 (fixed in 4.13.6), with the issue having high im...

CVE-2017-18270

CVE-2017-18270 refers to a local-kernel vulnerability in Linux kernels prior to 4.13.5 where a local user could create keyrings for other users via keyctl, enabling setting unwanted defaults or causing a denial of service. The issue is fixed in Linux kernel 4.13.5 (as indicated by the ChangeLog r...

CVE-2021-47099

CVE-2021-47099 relates to a Linux kernel issue where, under GRO in a veth device, shared or cloned skbs could bypass the share check and enter the GRO path when no XDP program is attached. The root cause described in the CVE notes is that when GRO is enabled on a veth pair and the peer has TSO di...

CVE-2021-47221

CVE-2021-47221 (Linux kernel SLUB redzone issue) The provided sources describe a vulnerability in the SLUB allocator where redzones are checked against s->object_size rather than the in-use size. If a cache is created with an object size less than 24, the freelist pointer may be written beyond...

CVE-2021-47491

CVE-2021-47491 concerns the Linux kernel vulnerability in mm: khugepaged, where read-only THP for filesystems could collapse THP for readonly/executable mappings of non-regular files (e.g., block devices). The root cause is that THP collapse was allowed for such files due to an insufficient vm_fi...

CVE-2022-34494

CVE-2022-34494 : This vulnerability is a double free in rpmsg_virtio_add_ctrl_dev (drivers/rpmsg/virtio_rpmsg_bus.c) of the Linux kernel, before version 5.18.4. Affected: Linux kernel releases prior to 5.18.4. Root cause: double free in the RPMSG virtio control device handling. Impact: described ...

CVE-2022-41848

CVE-2022-41848 affects the Linux kernel, specifically the PCMCIA driver path drivers/char/pcmcia/synclink_cs.c. The vulnerability is a race condition that can cause a use-after-free when a physically proximate attacker removes a PCMCIA device while an ioctl is in progress, due to a race between m...

CVE-2022-49049

CVE-2022-49049 concerns the Linux kernel mm/secretmem path (memfd_secret) where growing a secret memfd via ftruncate could trigger a kernel panic when zeroing pages during truncation. The issue arises because memfd_secret pages are not mapped via the direct map, so page_address() results could be...

CVE-2022-49072

CVE-2022-49072 affects the Linux kernel GPIO subsystem: gpiochip irq members can be read before initialization, causing race conditions and a potential NULL pointer dereference via I2C (gpiochip_to_irq). The issue has been resolved in the kernel by restricting access to irq-related fields until a...

CVE-2022-49256

CVE-2022-49256 : In the Linux kernel, the watch_queue memory leak occurs because free_watch() forgets to free the watch object. The fix adds the missing kfree to actually free the watch and prevent the leak (kmemleak reports show an unreferenced object and backtraces through keyctl_watch_key and ...

CVE-2022-49585

CVE-2022-49585 relates to the Linux kernel. It fixes a data race in reading the sysctl_tcp_fastopen_blackhole_timeout, where the value could be changed concurrently. The patch adds READ_ONCE() to the readers to prevent concurrent modification. Affected component: kernel networking/tcp code around...