CVE-2023-52905

The CVE-2023-52905 entry affects the Linux kernel, specifically the octeontx2-pf VF driver. Root cause: resources such as mcam entries for Ntuple and hash tables for the tc feature were not freed during driver unbind, causing resource leakage. Impact: potential resource exhaustion on affected sys...

CVE-2023-52927

CVE-2023-52927 affects the Linux kernel netfilter feature: nf_conntrack_in() calling nf_ct_find_expectation() currently removes the exp from the hash table, which could occur before the created connection is confirmed. The patch introduces a mechanism to keep the exp when the tmpl’s status has IP...

CVE-2024-26864

In CVE-2024-26864, the Linux kernel TCP path is affected by incorrect refcnt handling in __inet_hash_connect, tied to an issue reported by syzbot in sk_nulls_del_node_init_rcu. The referenced commit content explains that a prior fix intended to unhash sockets from ehash after tb2 allocation failu...

CVE-2024-26932

Mode C: CVE-2024-26932 affects the Linux kernel USB Type-C tcpm path. The issue is a double-free of the same capabilitiy when unregistering PD capabilities in tcpm_port_unregister_pd(), where the first free occurs via pd_capabilities_release() and the second is explicit in tcpm_port_unregister_pd...

CVE-2024-35857

CVE-2024-35857 is a Linux kernel vulnerability involving NULL dereferences in icmp_build_probe. Root cause: a double call to __in_dev_get_rcu() without NULL check and an unchecked dev->ip6_ptr dereference. Affected: Linux kernel (examples seen in Astra Linux advisories for kernel 5.10, 6.1, an...

CVE-2024-36007

CVE-2024-36007 involves a Linux kernel flaw in the Mellanox mlxsw spectrum ACL TCAM rehash machinery. The issue stemmed from markers (chunk/entry) used to resume a delayed rehash when credits run out. On error, only the chunk marker was reset, leaving entry markers relative to the chunk, which co...

CVE-2024-38575

In CVE-2024-38575, the Linux kernel wifi: brcmfmac: pcie: handle randbuf allocation failure fixes a NULL pointer dereference that could occur when get_random_bytes() is used after kzalloc() returns NULL in brcmf_pcie_download_fw_nvram(). The patch adds a kernel-stack based buffer approach to gene...

CVE-2024-43820

CVE-2024-43820: Linux kernel DM-RAID flaw in raid_resume could WARN_ON_ONCE when resuming after a table load because MD_RECOVERY_RUNNING may be set without the sync_thread being registered. The fix changes the check to verify sync_thread is non-NULL (instead of only MD_RECOVERY_RUNNING). Affected...

CVE-2024-46806

CVE-2024-46806 affects the Linux kernel DRM/AMDGPU path: the code path that handles partition mode may perform a division or modulo by zero, leading to a potential crash or denial of service. The available connected documents confirm the issue is fixed in the kernel by addressing a warning divisi...

CVE-2024-47747

CVE-2024-47747 — Linux kernel ether3 driver UAF due to race between timer and device removal . The issue occurs in ether3_probe where a timer is initialized for ether3_ledoff and bound to prev(dev)->timer. If the module or device is removed concurrently, ether3_remove cleans up and may access ...

CVE-2024-49902

CVE-2024-49902 relates to a Linux kernel vulnerability in JFS where a leaf index (dmt_leafidx) could cause an out-of-bounds in dbSplit when the number of leaves per dmap tree is exceeded. The fix adds a check for dmt_leafidx in dbFindLeaf and expands the sanity checks to apply to control pages as...

CVE-2024-49951

CVE-2024-49951 is a Linux kernel Bluetooth MGMT issue: when mgmt_index_removed is invoked while there are pending commands in cmd_sync, the code attempts to dequeue user_data from cmd_sync and can crash, as shown by the trace path in mgmt_pending_remove and hci_cmd_sync_work. The vulnerability is...

CVE-2024-50061

CVE-2024-50061 affects the Linux kernel’s i3c: master cdns_i3c_master driver. The root cause is a use-after-free race: cdns_i3c_master_hj_work scheduled in cdns_i3c_master_probe can run after cdns_i3c_master_remove frees master->base via i3c_master_unregister. The documented fix is to cancel t...

CVE-2024-50167

CVE-2024-50167 involves the Linux kernel be2net memory path where be_xmit() can leak the skb when be_xmit_enqueue() fails, returning NETDEV_TX_OK without freeing resources. The fix adds dev_kfree_skb_any() to free the skb in that code path. Connected advisories confirm the issue is addressed in n...

CVE-2024-53090

CVE-2024-53090 is a Linux kernel vulnerability affecting the AFS filesystem; the issue is a lock recursion in afs_wake_up_async_call() when invoked from AF_RXRPC while holding notify_lock and attempting to pass an afs_call reference to a workqueue. The race could trigger a spinlock recursion (oob...

CVE-2024-53215

CVE-2024-53215 concerns the Linux kernel RcRPC/RDMA path (svcrdma) where percpu_counter destruction was mishandled during svc_rdma_proc_init()/svc_rdma_proc_cleanup(). If register_sysctl() returns NULL, percpu counters initialized in svc_rdma_proc_init() may not be destroyed, and on hotplug CPU e...

CVE-2024-55639

CVE-2024-55639 : In the Linux kernel, the net: renesas: rswitch driver incorrectly uses a saved device-tree node after it has been put (via of_node_put()) in multiple locations. The node is stored in rswitch_device and used by several code paths, so calling of_node_put() after first use leads to ...

CVE-2024-56598

Technical details about CVE-2024-56598 (Linux kernel jfs: array-index-out-of-bounds in dtReadFirst) are not provided in the connected documents. Please monitor for updates.

CVE-2024-56648

Overview: CVE-2024-56648 is a Linux kernel vulnerability in the HSR net path that is resolved by extending bounds checking in fill_frame_info(). Affected component: Linux kernel, net/hsr/hsr_forward.c (function fill_frame_info). Root cause: fill_frame_info() depended on skb->mac_len without ha...

CVE-2024-56651

CVE-2024-56651 affects the Linux kernel hi311x CAN driver (hi3110_can_ist). The issue is a potential use-after-free: error count data added to the CAN frame after netif_rx() could reference a skb that is freed or reused. Root cause: reporting of rxerr/txerr persisted during non-bus-off operation,...

CVE-2024-56694

CVE-2024-56694 is a Linux kernel vulnerability where a recursive lock in the stream_verdict/VERDICT path can deadlock when a verdict returns SK_PASS, placing the skb back on its own receive queue and triggering a deadlock in the sk_callback_lock path. The root cause is in the bpf: fix recursive l...

CVE-2024-56765

CVE-2024-56765 relates to the Linux kernel (powerpc/pseries/vas) where a close() callback was added to vas_vm_ops to fix a use-after-free/memory access during migration. The vulnerability stemmed from the VAS window’s VMA address being saved when a paste address is mapped and not being updated up...

CVE-2024-57925

CVE-2024-57925 affects the Linux kernel’s ksmbd component. A NULL pointer returned by ksmbd_alloc_work_struct() in smb2_send_interim_resp() could allow an illegal memory write to in_work->response_buf during kzalloc() on the in_work structure. The connected documents confirm a fix that adds a ...

CVE-2025-21671

CVE-2025-21671 : In the Linux kernel’s zram subsystem, a path exists where, if zram_meta_alloc fails, the code frees the allocated zram->table without setting it to NULL. This can cause zram_meta_free to access the (now freed) table, i.e., a potential use-after-free on zram table if a device i...

CVE-2025-21749

CVE-2025-21749: In the Linux kernel, the Rose network layer is affected. The issue arises in rose_bind() where the socket must be locked to prevent a soft lockup triggered by a repro that binds from multiple threads, as reported by syzbot (rose_loopback_timer()). Affected component: roseBind path...

CVE-2025-21961

CVE-2025-21961 concerns the bnxt Ethernet driver in the Linux kernel, where mb-xdp-pass with XDP_PASS could miscalculate skb truesize during skb conversion, because bnxt_xdp_build_skb() passes an incorrect truesize to xdp_update_skb_shared_info() and napi_build_skb() wipes skb_shared_info. The is...

CVE-2025-22011

CVE-2025-22011 describes a Linux kernel issue on ARM/bcm2711 in Raspberry Pi CM4 during s2idle when the xHCI power-domain resume triggers a VPU firmware crash. The root cause is the mixed usage of raspberrypi-power and bcm2835-power power domains; the fix is to avoid the VPU power-domain driver, ...

CVE-2025-22035

CVE-2025-22035 affects the Linux kernel tracing subsystem. The issue is a use-after-free in print_graph_function_flags during tracer switching, caused by iter->private being left pointing to freed data when switching from function_graph to another tracer. The root cause is that two code paths ...

CVE-2025-22126

CVE-2025-22126 affects the Linux kernel md subsystem: a use-after-free can occur when iterating the mddev list during reboot/exit due to racing with deletions. The fix switches to list_for_each_entry and introduces a mddev_put_locked helper to prevent freeing the active mddev under the lock. Affe...

CVE-2025-37752

CVE-2025-37752 is a Linux kernel vulnerability affecting the scheduler, specifically net_sched: sch_sfq. The root cause is that limit validation could be bypassed if the limit was indirectly updated as other parameters changed. The fix moves the limit validation to the end of the configuration up...

CVE-2009-4538

CVE-2009-4538 affects the Linux kernel e1000e driver (netdev.c) up to and including version 2.6.32.3. The issue is an improper check of the Ethernet frame size when frames exceed the MTU, allowing a remote attacker to influence the system via crafted packets. The impact is described as unspecifie...

CVE-2011-1180

The CVE-2011-1180 issue affects the Linux kernel’s IrDA code, specifically the iriap_getvaluebyclass_indication function in net/irda/iriap.c. It describes multiple stack-based buffer overflows caused by unvalidated length fields for names and attributes, allowing remote attackers to trigger memor...

CVE-2013-4587

CVE-2013-4587 describes an array index error in kvm_vm_ioctl_create_vcpu() within virt/kvm/kvm_main.c of the Linux kernel (through 3.12.5). This vulnerability enables local privilege escalation via a large id value. The connected Nessus/OpenVAS advisories reference Unity Linux/SUSE/OpenVAS entrie...

CVE-2015-5283

CVE-2015-5283 affects the Linux kernel prior to 4.2.3. The sctp_init function in net/sctp/protocol.c uses an incorrect sequence of protocol-initialization steps, allowing a local attacker to cause a denial of service (panic or memory corruption) by creating SCTP sockets before all steps complete....

CVE-2016-10277

CVE-2016-10277 : An elevation-of-privilege in the Motorola bootloader allows a local app to run arbitrary code in the bootloader context by exploiting kernel command-line injection, leading to potential full device compromise. Affected: Android with Kernel-3.10 and Kernel-3.18. Exploitation evide...

CVE-2016-2544

CVE-2016-2544 corresponds to a race in the Linux kernel’s sound/core/seq/seq_queue.c queue_delete path (pre-4.4.1). A local attacker can trigger a use-after-free via an ioctl timing flaw, leading to a denial of service and possible system crash. Public references note fixes in kernel 4.4.1 and re...

CVE-2016-3689

CVE-2016-3689 affects the Linux kernel: the ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c is exploitable via a USB device with no master/slave interfaces, allowing a physically proximate attacker to trigger a denial of service (system crash). A patch is available in kernel 4.5.1...

CVE-2017-16532

CVE-2017-16532: A vulnerability in the Linux kernel ≤ 4.13.11 affects the get_endpoints function in drivers/usb/misc/usbtest.c, enabling local users to trigger a denial of service via a crafted USB device, through a NULL pointer dereference and potential system crash. The issue is triggered by a ...

CVE-2019-19815

CVE-2019-19815 concerns the Linux kernel 5.0.21: mounting a crafted f2fs filesystem image can trigger a NULL pointer dereference in f2fs_recover_fsync_data (fs/f2fs/recovery.c), related to F2FS_P_SB in fs/f2fs/f2fs.h. The available connected documents reproduce this advisory text and confirm the ...

CVE-2021-47408

CVE-2021-47408 affects the Linux kernel netfilter conntrack code. The issue arises when the conntrack hash table resizes or during cleanup, causing nf_ct_iterate_cleanup to restart after a resize and delaying net_namespace teardown. The available connected documents state that adding a mutex to s...

CVE-2022-49130

In CVE-2022-49130, the Linux kernel ath11k subsystem was fixed by replacing mhi_async_power_up() with mhi_sync_power_up() in the MHI path. The crash occurred when amss.bin was missing and ath11k_pci was removed, since the async variant did not check errors. The sync variant adds error checking an...

CVE-2022-49153

CVE-2022-49153 affects the Linux kernel via the wireguard path: when sending to a peer, skb memory is not freed if IPv6 is disabled, causing a memory leak. The root cause is missing kfree_skb() in the send6() handling within wg_socket_send_buffer_to_peer/..send_buffer_to_peer() and related code p...

CVE-2022-49349

CVE-2022-49349 is a Linux kernel vulnerability in the ext4 filesystem where a use-after-free occurs in ext4_rename_dir_prepare. The issue arises during ext4 directory block reads when a directory entry with an invalid rec_len can lead to a stale parent reference being used, enabling a use-after-f...

CVE-2022-49578

CVE-2022-49578 concerns a data race in the Linux kernel related to sysctl_ip_prot_sock. The root cause is concurrent access to sysctl_ip_prot_sock, causing load/store tearing unless proper synchronization is used. The vulnerability affects the kernel’s IP/sysctl handling and is stated as resolved...

CVE-2022-49659

CVE-2022-49659 : In the Linux kernel, the m_can RX path for peripheral CAN frames (read_fifo/echo_tx_event) was fixed by extending the core timestamps from 16 to 32 bits before passing to RX-offload. The patch in commit 1be37d3b0414 shifts 16-bit timestamps to full 32-bit to prevent overflow issu...

CVE-2022-49739

CVE-2022-49739 affects the Linux kernel GFS2 code: when reading inodes from disk, the inode size of stuffed (inline) inodes is now validated to be within the allowed range in gfs2_dinode_in(). This fixes on-disk corruption that could result from previous truncation logic in stuffed_readpage() and...

CVE-2023-52753

CVE-2023-52753 affects the Linux kernel’s DRM/AMD display timing generator. The root cause is a NULL pointer dereference when accessing the timing generator’s funcs if it is NULL. This can lead to a kernel crash (availability impact). The fix adds a NULL check before dereferencing the timing gene...

CVE-2024-26623

CVE-2024-26623 affects the Linux kernel pds_core adminq. The race allows NULL dereference when adminq is concurrently accessed via pdsc_adminq_isr, pdsc_work_thread_pdsc_process_adminq, or pdsc_adminq_post during fw_down/fw_up cycles; a reference count was added to protect adminq usage and preven...

CVE-2024-26685

CVE-2024-26685 concerns a Linux kernel issue where end_buffer_async_write() could BUG_ON when handling the async_write flag in certain nilfs2 scenarios. The connected Astra Linux advisory confirms the vulnerability and states the fix is to remove the manipulation of the async_write flag for the r...

CVE-2024-26703

CVE-2024-26703 affects the Linux kernel tracing/timerlat: the hrtimer was previously initialized at first timerlat_fd read and destroyed on close, which could trigger a NULL pointer dereference if a user opens and closes timerlat_fd without reading. A fix was implemented to move hrtimer_init to t...