CVE-2022-49708

CVE-2022-49708 affects the Linux kernel ext4 file system (mballoc allocator). The issue is triggered by a BUG_ON path in ext4_mb_use_inode_pa during disk space accounting, leading to a kernel crash when fsync/writeback paths exercise preallocation and inode pa blocks. Reproduction steps involve c...

CVE-2023-0122

CVE-2023-0122 : A NULL pointer dereference in the Linux kernel NVMe subsystem (nvmet_setup_auth()) allows a Pre-Auth Denial of Service to be launched remotely over the network. Affected versions are v6.0-rc1 through v6.0-rc3; the issue is fixed in v6.0-rc4. Root cause and impact are described in ...

CVE-2023-38427

The connected documents confirm CVE-2023-38427 affects the Linux kernel (ksmbd) via an integer underflow and an out-of-bounds read in fs/smb/server/smb2pdu.c (deassemble_neg_contexts) and that a fix was released in Linux kernel 6.3.8. Practical impact is high due to potential data exposure and co...

CVE-2023-38431

The CVE-2023-38431 issue affects the Linux kernel ksmbd (fs/smb/server/connection.c) prior to 6.3.8, where NetBIOS header length is not validated against SMB header sizes, via pdu_size in ksmbd_conn_handler_loop, causing an out-of-bounds read. Remediation: upgrade to kernel 6.3.8 or later (per Ch...

CVE-2023-52885

CVE-2023-52885 affects the Linux kernel SUNRPC component, causing a use-after-free in svc_tcp_listen_data_ready() when a newsock may hold a freed listener sv_sk; the race can occur after the listener socket is freed and before svc_tcp_accept() of the child sock. The fix is to no-op in svc_tcp_lis...

CVE-2023-52902

CVE-2023-52902 concerns the Linux kernel memory-leak in maple tree preallocation during do_mmap() error paths. The preallocated maple tree nodes could leak on error_just_free, addressed by moving the free of maple tree nodes to a shared cleanup location for all error paths. Connected documents (N...

CVE-2023-53020

CVE-2023-53020 affects the Linux kernel: l2tp_tunnel_register() contains race conditions that modify the tunnel socket after publishing, call setup_udp_tunnel_sock() on an existing socket without locking, and change sock lock class on the fly. A patch fixes these by initializing the socket before...

CVE-2024-26873

The CVE-2024-26873 issue affects the Linux kernel SCSI HISI SAS driver. In scenarios where a PHY is disabled and a 2‑bit ECC error occurs concurrently, a deadlock is triggered between the offline handling and the automatic dump flow. This can lead to hung tasks and deadlocks in the sas_revalidate...

CVE-2024-27417

CVE-2024-27417 affects the Linux kernel IPv6 path inet6_rtm_getaddr, where if userspace provides a correct IFA_TARGET_NETNSID but omits IFA_ADDRESS and IFA_LOCAL, the function could return -EINVAL while leaking an elevated net namespace reference. The issue is described as a potential 4net leak...

CVE-2024-35787

CVE-2024-35787 affects the Linux kernel md-bitmap/ clustered-md path. The fix resolves incorrect usage for sb_index after Commit d7038f951828, which removed page->index from the bitmap file logic but left flawed cluster-node slot offset handling. The vulnerability could cause crashes in cluste...

CVE-2024-36908

CVE-2024-36908 is a Linux kernel issue in the blk-iocost subsystem. The warning in iocg_pay_debt can be triggered during blkcg or disk removal when iocg_waitq_timer_fn() runs, producing a meaningless warning. The patch adds a guard to skip the warn if the iocg was already offlined, since the iocg...

CVE-2024-36913

Technical details about CVE-2024-36913 are not publicly provided in the supplied documents. Monitor for updates from vendors (Linux kernel, Debian, Amazon Linux, MSRC) for affected versions, impact, and fixes.

CVE-2024-44932

CVE-2024-44932 affects the Linux kernel idpf subsystem. The MiracleLinux advisory documents a fix for use-after-free (UAF) conditions that occurred when destroying idpf queues and their associated interrupt vectors; the patch sequence reordered allocation/freeing so queues and vectors are allocat...

CVE-2024-46677

CVE-2024-46677 affects the Linux kernel gtp path. Root cause: when sockfd_lookup() fails, gtp_encap_enable_socket() returns a NULL pointer, but its callers only check for error pointers, so the NULL pointer could be dereferenced. Fix : return an error pointer carrying the sockfd_lookup() error co...

CVE-2024-46731

CVE-2024-46731 : Linux kernel vulnerability in drm/amdgpu/pm where an out-of-bounds read can occur for mc_data[] when i == 0 due to indexing as i-1. The issue has been resolved by a kernel patch. Connected sources confirm the vulnerability and patch context (Out-of-bounds read warning fix in drm/...

CVE-2024-46822

CVE-2024-46822 αφορά Linux kernel, prädominantemente为 ARM64 架构，涉及 acpi_map_gic_cpu_interface() 中对 MPIDR 检查失败时导致 cpu_madt_gicc[cpu] 为 NULL 的情况，从而可能造成空指针解引用。修复为对 get_cpu_for_acpi_id() 的调用路径进行强化，确保获取到有效 CPU 条目后再进行索引，避免空指针 dereference。相关公开资料（如 Astra Linux、CIRCL/CVE 记录）确认了该漏洞存在于内核实现并已通过 Harden get_cpu...

CVE-2024-47700

CVE-2024-47700: In the Linux kernel, ext4 stripe size compatibility check failed to run on remount, leaving cases where sbi->s_stripe could become 0 and cause faults (e.g., divide-by-zero). The fix adds the stripe-size compatibility check to the remount path in __ext4_fill_super, ensuring stripe

CVE-2024-47740

The CVE-2024-47740 issue affects the Linux kernel F2FS atomic-write ioctls. Previously, F2FS_IOC_START_ATOMIC_REPLACE/COMMIT_ATOMIC_WRITE could bypass LSM deny checks because inode_owner_or_capable() could return true when the caller’s FSUID matched the inode UID. The fix requires FMODE_WRITE for...

CVE-2024-47749

CVE-2024-47749 affects the Linux kernel RDMA cxgb4 path. lookup_atid() can return NULL for invalid/non-existent ATIDs, risking NULL pointer dereference in act_establish() and act_open_rpl(). The fix adds a NULL check to prevent dereferencing a NULL ATID. Public details confirm the vulnerability t...

CVE-2024-49858

CVE-2024-49858: Linux kernel TPM event log handling (efistub/tpm) used EFI_LOADER_DATA, leaving the region unreserved in the EFI 64-bit memory map (via E820) and passed to the kernel via kexec, risking memory corruption. The fix substitutes EFI_ACPI_RECLAIM_MEMORY, which EFI/ACPI treats as reserv...

CVE-2024-49966

CVE-2024-49966 in the Linux kernel (OCFS2) fixes a bug where an active delayed work could remain when freeing oinfo after an error in global quota read, triggering a warning. The patch cancels the dqi_sync_work before freeing oinfo and changes the read_file_info error path to return a status inst...

CVE-2024-50007

CVE-2024-50007 affects the Linux kernel ALSA asihpi/ASIHPI driver. The issue is an out-of-bounds access in a static array populated from firmware data; the index depends on firmware and was not validated. The patch adds a sanity check to ensure the index fits in the array size, preventing potenti...

CVE-2024-53210

CVE-2024-53210 affects the Linux kernel (s390/iucv) where passing MSG_PEEK to skb_recv_datagram() increments skb->users refcount and iucv_sock_recvmsg() does not decrement it, causing a skb memory leak during skb_queue_purge() and a WARN_ON during socket destruction. The fix is to decrement sk...

CVE-2024-56573

Technical details for CVE-2024-56573 are not provided in the connected documents. The description mentions a Linux kernel fix in efi/libstub, but no vendor/product/version specifics are disclosed here. Monitor official advisories for updates.

CVE-2024-56641

The CVE-2024-56641 issue affects the Linux kernel net/smc code. The vulnerability arises when smc_close_cancel_work is triggered (e.g., on RDMA driver unload and LGR termination), causing conn->close_work to be flushed before it has been initialized, which leads to a WARN_ON(!work->func) du...

CVE-2024-56720

Technical details for CVE-2024-56720 are not publicly available in the provided documents. Monitor for updates from vendors and security trackers.

CVE-2024-57802

CVE-2024-57802 concerns the Linux kernel netrom path. The issue arises when sending raw messages through ieee802154, where nr_route_frame may read uninitialized data due to not validating the skb buffer length. The root cause is a missing skb->len check before accessing skb->data in nr_rout...

CVE-2024-57996

CVE-2024-57996 (Linux kernel) affects net_sched: sch_sfq where a 1-packet limit exposes a faulty queue-length handling in SFQ, leading to an array bounds UBSAN crash when de-queuing after a limit-triggered drop. The issue is triggered when a TBF/SFQ scenario leaves qlen at 1, then a second packet...

CVE-2025-21635

CVE-2025-21635 — Linux kernel (RDS): The vulnerability arises from using current->nsproxy in rds_tcp_rcvbuf/rds_tcp_sndbuf sysctl handling, which can cause a NULL pointer dereference when the current task is exiting and the netns proxy is NULL. The fix switches to obtaining the per-netns conte...

CVE-2025-21916

CVE-2025-21916 is part of Unity Linux/Fedora kernel advisories describing a fix for a flaw in USB ATM CXACRU endpoint checking. The root cause was insufficient verification of USB endpoint addresses in cxacru_bind(), leading to incorrect URB handling (e.g., bogus urb xfers). The mitigation is to ...

CVE-2014-3144

CVE-2014-3144 affects the Linux kernel up to 3.14.3. The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST implementations in the sk_run_filter function (net/core/filter.c) do not properly verify a length value, enabling a local attacker to trigger a denial of service via crafted BPF instruction...

CVE-2016-8630

Consolidated from CVE-2016-8630 detail: The Linux kernel, prior to 4.8.7, when KVM is enabled, is vulnerable to a local Denial of Service where a crafted ModR/M byte used with an undefined x86 instruction can crash the host OS. Affected component is arch/x86/kvm/emulate.c. Impact is host stabilit...

CVE-2016-9756

CVE-2016-9756 affects Linux kernel’s x86 KVM emulation (arch/x86/kvm/emulate.c). The root cause is improper initialization of Code Segment (CS) in certain error paths, enabling a local attacker to read sensitive kernel stack memory via a crafted user-space program. A fix was released in Linux ker...

CVE-2022-47521

CVE-2022-47521 affects Linux kernel prior to 6.0.11 with the WILC1000 driver. Missing validation of IEEE80211_P2P_ATTR_CHANNEL_LIST in drivers/net/wireless/microchip/wilc1000/cfg80211.c can trigger a heap-based buffer overflow when parsing the operating channel list from Wi-Fi management frames. ...

CVE-2022-48883

CVE-2022-48883 (Linux kernel) affects net/mlx5e IPoIB: Block PKEY interfaces and occurs when a user configures more rx queues for an interface than the parent supports. The child interface reuses the parent’s receive channels, so the rx-queue count must be large enough to avoid out-of-bounds acce...

CVE-2022-48934

CVE-2022-48934 affects the Linux kernel code for nfp: flower. The issue is a leak in nfp_tunnel_add_shared_mac() related to ida_simple_get() returning an id in 0..NFP_MAX_MAC_INDEX (0xff) and the error path requiring the invalid ida_idx not to be within that range. The fix is to set the invalid v...

CVE-2022-49235

CVE-2022-49235 corresponds to a Linux kernel issue where ath9k_htc uninitialized fields caused two KMSAN bugs. The reports state that in htc_connect_service() svc_meta_len and pad were not initialized (suggesting setting svc_meta_len to 0 when no service data is present) and in htc_issue_send() t...

CVE-2022-49362

CVE-2022-49362 affects the Linux kernel’s NFSD. The vulnerability arises because nfsd_file_put_noref() can free the object @nf, and the code may dereference @nf immediately after return, causing a use-after-free. A fix was applied to prevent dereferencing the freed nf in nfsd_file_put_noref(), ef...

CVE-2022-49538

CVE-2022-49538 affects the Linux kernel’s ALSA jack path in ASoC. The issue arises when input_dev is unregistered while snd_jack_report is called, potentially causing a NULL pointer dereference. The documented fix is to serialize access to input_dev using a mutex. The connected sources confirm th...

CVE-2022-49539

CVE-2022-49539 concerns the Linux kernel driver rtw89 where CAM leaks (address CAM and bssid CAM) can occur during SER L2 reset and ieee80211_restart_hw(). The fix releases CAM regardless of security state during L2 reset and, if AP mode, releases address CAM of all stations before restart. Conne...

CVE-2022-49565

CVE-2022-49565 concerns the Linux kernel, specifically perf/x86/intel/lbr, where unchecked MSR writes (WRMSR to 0x689) can occur due to an absent TSX quirk application when accessing LBR data. The issue manifests on systems with LBR_FORMAT_EIP_FLAGS2 and, if TSX is disabled, requires a quirk to a...

CVE-2022-49596

The CVE-2022-49596 entry targets the Linux kernel vulnerability in the sysctl_tcp_min_snd_mss reader. The publicly provided details state a data race occurs when reading sysctl_tcp_min_snd_mss, as it can be changed concurrently. The fix introduced is to add READ_ONCE() to the readers of this sysc...

CVE-2022-49615

CVE-2022-49615 affects the Linux kernel ASoC rt711-sdca subsystem. A IO error during initial codec settings could dereference a NULL rt711->component before the probe completes, risking kernel panic. The fix changes the code path to use slave->dev instead of component->dev for the early ...

CVE-2022-49716

CVE-2022-49716 affects the Linux kernel’s irqchip/gic-v3 mechanism. The vulnerability stems from incorrect refcount handling in gic_populate_ppi_partitions: of_get_child_by_name() returns a node pointer with an incremented refcount, and if not properly released, a refcount leak occurs when kcallo...

CVE-2022-49928

CVE-2022-49928 affects the Linux kernel SUNRPC subsystem. A null-ptr-deref can occur when xps sysfs allocation fails, leading to a kernel oops (KASAN null-pointer dereference in sysfs_do_create_link_sd during RPC sysfs client setup). The issue manifests as a read of 8 bytes at a NULL-like address...

CVE-2023-52529

CVE-2023-52529 refers to a Linux kernel vulnerability affecting the Sony HID path, where a memory leak could occur in sony_probe() if an error happens after usb_alloc_urb(). The fix ensures usb_free_urb() is called on error paths after a successful usb_alloc_urb(), addressing the leak. Connected ...

CVE-2023-52764

CVE-2023-52764 affects the Linux kernel media driver gspca cpia1 (drivers/media/usb/gspca/cpia1.c) with a shift-out-of-bounds in set_flicker triggered when sd->params.exposure.gain grows beyond int bit-width. The issue stems from attempting a left-shift that exceeds the size of an int, causing...

CVE-2024-26885

CVE-2024-26885 – Linux kernel DEVMAP_HASH overflow on 32-bit arches : The issue arises in devmap hash bucket calculation for max_entries, where the code computes the next power of two for the bucket count and stores it in a 32-bit variable. On 32-bit architectures, the rounding up can overflow mi...

CVE-2024-40922

CVE-2024-40922 affects the Linux kernel io_uring rsrc path: a mutex lock could be held while a task is not TASK_RUNNING due to not restoring state after io_run_task_work_sig(), risking unintended blocking/deadlock in io_rsrc_ref_quiesce() and related calls (io_sqe_buffers_unregister, io_uring/reg...

CVE-2024-41059

CVE-2024-41059 (Linux kernel) : A KMSAN-uninitialized value occurred in hfsplus when copying names during extended attributes operations (copy_name in fs/hfsplus/xattr.c). The issue traces to uninitialized memory used during sized_strscpy, leading to a potential information leak or instability wi...