13804 matches found
CVE-2024-41059
CVE-2024-41059 (Linux kernel) : A KMSAN-uninitialized value occurred in hfsplus when copying names during extended attributes operations (copy_name in fs/hfsplus/xattr.c). The issue traces to uninitialized memory used during sized_strscpy, leading to a potential information leak or instability wi...
CVE-2024-41085
CVE-2024-41085 concerns the Linux kernel CXL memory region probing. The bug was a NULL pointer dereference when auto-assembling a pmem region during endpoint port probing because cxl_nvd (NVDIMM) was not yet registered. The fix changes the probe sequence so the cxl_nvd is available before or duri...
CVE-2024-42252
CVE-2024-42252 is described as a Linux kernel vulnerability resolved by replacing BUG_ON() with WARN_ON() in the closure handling path. The issue arises if a BUG_ON() can be hit in the wild, which would not be appropriate and could lead to a kernel oops. The fix is to use WARN_ON() instead of BUG...
CVE-2024-43863
The CVE CVE-2024-43863 affects the Linux kernel’s DRM vmwgfx driver, fixing a deadlock in dma-buf fence polling. The issue arose when the fence ops release path removed the fence from the pending list, requiring a lock to fix a poll→fence wait→fence unref deadlock. vmwgfx overwrote the wait callb...
CVE-2024-45022
Technical details beyond the Initial Description are not provided in the connected documents. Monitor for updates from official advisories to confirm affected products, scope, and fixes for CVE-2024-45022.
CVE-2024-46821
CVE-2024-46821 (Linux kernel, drm/amd/pm) affects the Linux kernel’s AMD power management code where a negative clk_index/clk_idex was used as an index into pptable->DpmDescriptor, leading to a negative array index read. The issue is resolved by a fix that prevents using negative values as an ...
CVE-2024-46835
CVE-2024-46835 affects the Linux kernel DRM/AMDGPU component. The root cause is a NULL dereference risk in adev->gfx.imu.funcs triggered by a smatch static checker warning, fixed in the kernel code as part of “drm/amdgpu: Fix smatch static checker warning” mitigation. Impact per the provided m...
CVE-2024-46852
CVE-2024-46852 — Linux kernel CMA heap off-by-one fix : The issue occurred when a mapping larger than the buffer size could be created via mremap, allowing an overflow bypass in dma_buf_mmap_internal. The CMA heap fault handler incorrectly bound the fault offset by 1 when validating the end of th...
CVE-2024-47730
The CVE-2024-47730 entry concerns the Linux kernel vulnerability crypto: hisilicon/qm - inject error before stopping queue. The issue arises when the accelerator core reports memory errors; the driver injects a qm error to close the master ooo before stopping the queue, preventing access to memor...
CVE-2024-49885
CVE-2024-49885: Linux kernel mm/slub kmalloc redzone issue resolved. Root cause: orig_size handling treated wasted space as redzone and, with init_on_free=1, clears full object->size including metadata, causing check_object() to misclassify the object as redzone. Fix: clear the used area using...
CVE-2024-49925
CVE-2024-49925 : Linux kernel fbdev (efifb) issue where registration/cleanup of sysfs groups could race or leave the sysctl attributes usable after freeing the info struct. The fix uses driver core sysfs group registration/cleanup to simplify error handling and cleanup, and explicitly avoids a us...
CVE-2024-49958
CVE-2024-49958 affects OCFS2 in the Linux kernel, where during reflink-based operations inline xattrs space was reserved without confirming root metadata capacity. The function ocfs2_reflink_xattr_inline() reduced l_count from 243 to 227 while root metadata block already had extents up to 230, ca...
CVE-2024-49982
CVE-2024-49982 concerns the AoE (ATA over Ethernet) driver in the Linux kernel. The vulnerability stems from improper refcount handling of the net_device during packet transmission, leading to potential use-after-free scenarios. The fix, described in the cited CVE notes, consolidates a safer patt...
CVE-2024-50056
CVE-2024-50056 pertains to the Linux kernel USB gadget UVC driver. The description documents a fix for an ERR_PTR dereference in uvc_v4l2.c, specifically preventing potential dereferencing of ERR_PTR() in find_format_by_pix() and uvc_v4l2_enum_format(). A related related issue is also addressed i...
CVE-2024-50110
CVE-2024-50110 is a Linux kernel vulnerability fixed by ensuring xfrm algorithm dumping does not leak kernel-infoleak data to userspace. The issue could expose uninitialized or padding-filled data from kernel structures via netlink/dumping paths; padding in dumped algorithm data could reveal sens...
CVE-2024-50247
CVE-2024-50247 affects the Linux kernel ntfs3 path where an incorrectly formatted chunk may decompress to more than LZNT_CHUNK_SIZE bytes, causing an index out of bounds in s_max_off. The Connected documents confirm this CVE is included in multiple advisories (e.g., ALAS2023LIVEPATCH advisories) ...
CVE-2024-50273
CVE-2024-50273 is a Linux kernel vulnerability in btrfs delayed refs. The issue arises when inserting a delayed ref and updating its action to BTRFS_DROP_DELAYED_REF: the ref is removed from its ref head’s list with list_del(), but its add_list member is not reinitialized. If drop_delayed_ref() r...
CVE-2024-50287
CVE-2024-50287: Linux kernel vulnerability fixed in media: v4l2-tpg where division by zero could occur during buffer rescale when scaled_width is zero. The patch adds WARN_ON_ONCE() and returns early to avoid precalculation.
CVE-2024-56565
Technical details about CVE-2024-56565 are not provided in the supplied documents. Monitor for updates.
CVE-2024-57882
CVE-2024-57882 affects the Linux kernel MPTCP path; root cause is buggy TCP option length handling, where ADD_ADDR must be mutually exclusive with DSS. Exploitation details not fully disclosed in provided docs, but SYZ reports indicate corruption risk (shinfo nr_frags). Patches exist in stable/li...
CVE-2024-58017
CVE-2024-58017 affects the Linux kernel printk LOG_BUF_LEN_MAX. The issue arises when performing the 1 <
CVE-2025-21670
CVE-2025-21670 affects the Linux kernel’s vsock/bpf path. The issue occurs when vsock_transport is not assigned (NULL) during vsock_bpf_recvmsg for connected sockets (stream/seqpacket), leading to a NULL pointer dereference in vsock_connectible_has_data and an in-kernel oops trace. The vulnerabil...
CVE-2025-21680
The CVE-2025-21680 issue affects the Linux kernel’s pktgen code, specifically get_imix_entries, where an insufficient boundary check on the imix_entries array allows out-of-bounds access when a large number of imix entries are passed. This leads to UBSAN reported array-index-out-of-bounds in net/...
CVE-2025-22007
CVE-2025-22007 affects the Linux kernel Bluetooth code (chan_alloc_skb_cb()), where returning NULL on error can cause a NULL dereference. Connected advisories show distro-specific fixes: Mariner kernel upgrades to >=6.6.85.1-2; Mariner also lists fixes for older 5.15.x series to 5.15.180.1-1. ...
CVE-2025-22104
The CVE-2025-22104 issue concerns the ibmvnic driver in the Linux kernel. The root cause was printing hex dumps by casting the buffer to an 8-byte long and using string formatters, which could trigger a read buffer overflow if the buffer size isn’t a multiple of 8. The fix introduces a new ibmvni...
CVE-2025-23145
CVE-2025-23145 affects the Linux kernel (MPTCP) and describes a NULL-pointer dereference in the mptcp_can_accept_new_subflow path. The root cause is that subflow_req->msk ownership could be transferred to a subflow on the first path, creating a window where a second SYN-ACK could be processed ...
CVE-2010-3876
CVE-2010-3876 affects the Linux kernel: the code path net/packet/af_packet.c in kernel versions before 2.6.37-rc2 does not properly initialize certain structure members, allowing local users with CAP_NET_RAW to read copies of the applicable structures from kernel stack memory. Publicly document d...
CVE-2010-4073
CVE-2010-4073 affects the Linux kernel IPC compatibility code: before 2.6.37-rc1, several compat syscall handlers (ipc/compat.c and ipc/compat_mq.c) fail to initialize certain structures, enabling local attackers to read potentially sensitive kernel stack memory via vectors in compat_sys_semctl, ...
CVE-2011-0521
The CVE-2011-0521 issue affects the Linux kernel’s dvb_ca_ioctl in drivers/media/dvb/ttpci/av7110_ca.c, where the sign of a certain integer field is not checked in versions before 2.6.38-rc2. This allows local users to cause a denial of service via memory corruption and potentially other unspecif...
CVE-2014-5077
CVE-2014-5077 affects the Linux kernel’s SCTP code: the function sctp_assoc_update in net/sctp/associola.c (affected in kernel builds up to 3.15.8) can be triggered when SCTP authentication is enabled. An attacker can cause a denial of service via a NULL pointer dereference and kernel OOPS by ini...
CVE-2014-9715
CVE-2014-9715 affects the Linux kernel prior to 3.14.5, where nf_conntrack_extend.h in the netfilter subsystem uses an insufficiently large data type for certain extension data. This can allow a local attacker to trigger a NULL pointer dereference and OOPS (DoS) by outbound traffic that loads ext...
CVE-2019-17054
CVE-2019-17054 affects the Linux kernel (AF_APPLETALK) where atalk_create does not enforce CAP_NET_RAW through 5.3.2, allowing unprivileged users to create raw sockets. Exploitation status and exact fixes are not provided in the supplied documents; no mitigation details are described here.
CVE-2021-47219
CVE-2021-47219 involves the Linux kernel SCSI subsystem, specifically the scsi_debug path, where an out-of-bounds read occurs in resp_report_tgtpgs() due to an incorrect handling of lengths. The issue can manifest as a negative alen when userspace supplies a large length, enabling a slab/read bou...
CVE-2021-47310
CVE-2021-47310 is a Linux kernel vulnerability resolved in net: ti: fix UAF in tlan_remove_one. The issue arises when priv (netdev private data) is used after free_netdev() has been called, enabling a use-after-free (UAF) bug. The correction moves free_netdev() to the end of the function to ensur...
CVE-2021-47454
CVE-2021-47454 describes a Linux kernel vulnerability affecting powerpc SMP idle handling. The issue arises with PREEMPT_COUNT=y: when a CPU is offlined and onlined, the idle task’s preempt count could be decremented in CPU offline, triggering a scheduling panic. The root cause is that powerpc ar...
CVE-2021-47515
CVE-2021-47515 relates to a Linux kernel seg6/IPv6 SRH encapsulation issue where the IPv6 socket CB iif was cleared when an IPv4 packet is encapsulated in an IPv6+SRH header. The root cause is that the IP6CB(skb) is cleared (memset) during SRH ip4ip6 encapsulation, and since skb->cb memory is ...
CVE-2021-47609
CVE-2021-47609 : Linux kernel vulnerability in the SCPI genpd driver for arm SCPI firmware. The issue was a missing bound check on scpi_pd->name, which could overflow a 30-byte buffer when copying the device name, potentially leading to memory corruption. The fix allocates the string dynamical...
CVE-2021-47624
CVE-2021-47624 : In the Linux kernel, a reference-count leak in the rpc_sysfs_xprt_state_change error path can occur when the 3rd argument buf doesn’t match “offline”, “online”, or “remove.” The leak affects rpc_xprt and rpc_xprt_switch objects heightened by prior calls to rpc_sysfs_xprt_kobj_get...
CVE-2022-3105
The CVE-2022-3105 entry concerns the Linux kernel (till 5.16-rc6) where uapi_finalize in drivers/infiniband/core/uverbs_uapi.c does not check kmalloc_array() results. The Connected Astra Linux bulletin repeats the same description. No explicit vendor/patch details or exploit information are provi...
CVE-2022-3629
CVE-2022-3629 affects the Linux kernel’s vsock_connect in net/vmw_vsock/af_vsock.c, causing a memory leak. The issue is described as a local problem with low overall severity (CVSS 3.1: low, availability impact), and exploitation is not trivial but feasible locally. The primary remediation guidan...
CVE-2022-48884
CVE-2022-48884 affects the Linux kernel in the mlx5 driver stack. The root cause is a NULL pointer dereference that can occur when command stats are freed and reallocated during a mlx5 devlink reload, causing a crash if a command is issued while reinitialization is incomplete. The concrete fix im...
CVE-2022-49022
CVE-2022-49022 affects the Linux kernel’s wifi/mac80211 stack. The issue is a potential out-of-bounds access in ieee80211_get_rate_duration during rate duration calculation, reported as UBSAN: array-index-out-of-bounds in net/mac80211/airtime.c. The index 15 is out of range for type 'u16 [12]'. A...
CVE-2022-49081
Summary (CVE-2022-49081) : Linux kernel vulnerability in highmem handling (__kmap_local_sched_in/out). When CONFIG_DEBUG_KMAP_LOCAL is enabled, checks on tsk->kmap_ctrl.pteval could misinterpret zeroed slots as unmapped, triggering runtime warnings. The root cause is comparing to pte_none for ...
CVE-2022-49175
CVE-2022-49175 (Linux kernel) : The vulnerability arises in core PM code where device_pm_check_callbacks() may run under a spinlock and currently uses spin_lock_irq()/spin_unlock_irq(), which can fail to preserve CPU flags. The fix replaces these with irqsave/irqrestore to preserve flags and avoi...
CVE-2022-49226
CVE-2022-49226 affects the Linux kernel's asix USB Ethernet driver. The root cause is that asix_read_cmd() can read fewer bytes than requested, potentially leaving callers with uninitialized data. The fix adds a sanity check to ensure the number of bytes read matches the request and propagates er...
CVE-2022-49329
CVE-2022-49329: In the Linux kernel (vdpa/vduse), a NULL pointer dereference can occur when reading the control device’s msg_timeout attribute via sysfs because the control device lacks drvdata. The fix, per the provided description, is to stop creating the unneeded attribute for the control devi...
CVE-2022-49629
The CVE-2022-49629 entry concerns a Linux kernel data race in nexthop_compat_mode where readers could observe concurrent changes. The vulnerability is triggered by reading nexthop_compat_mode while it is modified, and fixes require using READ_ONCE() in readers. Connected advisories (Astra Linux, ...
CVE-2022-49663
CVE-2022-49663 affects the Linux kernel in the tunneling path used by Genefe/IPv4 tunnels. The root cause is an assumption that skb->mac_header is set in skb_tunnel_check_pmtu(); debug added in a kernel commit triggered a warning in ndo_start_xmit() paths, since skb->data should point to th...
CVE-2022-49853
The CVE-2022-49853 entry documents a Linux kernel macvlan memory-leak in macvlan_common_newlink when macvlan mode is set to source. If register_netdevice() errors during macvlan_changelink_sources(), the resources created by macvlan_changelink_sources() are not cleaned up, leading to a memory lea...
CVE-2023-33288
CVE-2023-33288 affects the Linux kernel up to version 6.2.8, with a fix in 6.2.9. Root cause: a use-after-free in bq24190_remove (drivers/power/supply/bq24190_charger.c) that can race and lead to a local attacker crashing the system. Affected component: bq24190_charger.c within the power supply d...