CVE-2022-49748

CVE-2022-49748 relates to the Linux kernel: perf/x86/amd shift of a 32-bit int constant 1 is computed in 32‑bit arithmetic and then passed as a 64‑bit argument, which can overflow when i ≥ 32. The fix uses the BIT_ULL macro for the shift to avoid overflow. Several connected advisories (Astra Linu...

CVE-2023-52680

CVE-2023-52680 concerns the Linux kernel ALSA scarlett2 driver. The vulnerability arises because the ctl_get() functions that call scarlett2_update () did not check the return value, potentially causing unhandled errors to propagate to the caller. The description states this was fixed by adding p...

CVE-2023-52772

CVE-2023-52772 is a Linux kernel use-after-free in unix_stream_read_actor() affecting af_unix sockets. The issue arises when releasing the unix socket lock and u->oob_skb can be changed by another thread, requiring temporarily increased skb refcount. The vulnerability was fixed upstream in the...

CVE-2023-52835

CVE-2023-52835 affects the Linux kernel perf subsystem. The root issue is that a large AUX area (e.g., 4 GB) can cause rb_alloc_aux and related allocations to hit bounds and mmap failure, triggering a WARN and an ENOMEM during perf-record. The fix is to bail out early if the requested AUX area is...

CVE-2023-53034

CVE-2023-53034 is addressed in the Linux kernel ntb_hw_switchtec driver with a fix for a shift-out-of-bounds condition in switchtec_ntb_mw_set_trans. The root cause was that ntb_mw_clear_trans() could pass 0 to both addr and size, causing xlate_pos to become negative and triggering a UBSAN shift-...

CVE-2024-26775

CVE-2024-26775 concerns the Linux kernel’s aoe subsystem. The documented issue is a potential deadlock in set_capacity() caused by a locking order: one path holds bdev->bd_size_lock while another holds d->lock, risking a deadlock when an interrupt occurs and the code path re-enters set_capa...

CVE-2024-38601

CVE-2024-38601 : Linux kernel ring-buffer race between readers and resize checks in ring_buffer, causing transient doubly-linked-list inconsistency (page->prev/next) during concurrent resizing and read operations. Root cause described as a swap of reader pages via cmpxchg in rb_get_reader_page...

CVE-2024-40953

CVE-2024-40953: In the Linux kernel KVM path, a data race on last_boosted_vcpu in kvm_vcpu_on_spin() was fixed. The underlying issue allowed non-atomic loads/stores of kvm->last_boosted_vcpu, potentially causing an out-of-bounds vCPU access with very large vCPU counts (e.g., 257). The patch in...

CVE-2024-41016

CVE-2024-41016 affects the Linux kernel OCFS2 filesystem. The vulnerability arises from a missing bounds check before memcmp in ocfs2_xattr_find_entry(), which could allow an out-of-bounds read when processing crafted xattr data in non-indexed xattrs saved with extra space. The issue is tied to O...

CVE-2024-42141

Technical details for CVE-2024-42141 are not provided in the supplied documents; public exploitability, affected products, and fixes are not specified here. Monitor for updates.

CVE-2024-46805

CVE-2024-46805 is a Linux kernel vulnerability in the drm/amdgpu path where a NULL pointer dereference of hive can occur when validating amdgpu_hive_info. The issue (root cause: amdgpu_hive_info *hive may be NULL) can lead to an out-of-bounds or memory access problem in the driver, with the advis...

CVE-2024-47143

CVE-2024-47143 relates to the Linux kernel and describes a potential deadlock in the dma-debug flow caused by holding radix_lock while dma_hash_entry locks are held. The fix, as documented in the connected sources, is to perform dma_entry_free() after put_hash_bucket() inside check_unmap() to pre...

CVE-2024-47698

CVE-2024-47698 (Linux kernel) affects DVB frontends rtl2830/rtl2832 in the media/dvb-frontends subsystem. The issue is an out-of-bounds write in the pid_filter logic for rtl2832, caused by not enforcing the maximum index on bit manipulations (dev->filters is 32-bit; indices must be 0–31). The ...

CVE-2024-49923

The CVE-2024-49923 issue is in the Linux kernel’s DRM/AMD display path. Specifically, dcn20_validate_apply_pipe_split_flags could dereference a null pointer; the patch passes a non-null pointer to fix a null-dereference. Impact is limited to availability (HIGH) with local, low-complexity exploita...

CVE-2024-49957

CVE-2024-49957 is a Linux kernel vulnerability tied to ocfs2/journal handling. When mounting, if journal_reset() fails due to a too-short journal, jbd2_journal_load() may leave journal->j_sb_buffer NULL, triggering a NULL pointer dereference through ocfs2_journal_shutdown() -> jbd2_journal_...

CVE-2024-50072

CVE-2024-50072 affects the Linux kernel on x86 where VERW is used. The issue can trigger a general protection fault (#GP) in 32-bit vm86 contexts when VERW mitigations (e.g., MDS/RFDS) are enabled and the code segment selector is not properly referenced. The root cause is using VERW with an arbit...

CVE-2024-50246

CVE-2024-50246 is a Linux kernel vulnerability affecting the ntfs3 file-system code path. The issue stems from a missing or insufficient check related to the alloc_size for rough attribute handling in fs/ntfs3, which could allow a local attacker to exploit the flaw. The CVE is described with a CV...

CVE-2024-53170

CVE-2024-53170 is a Linux kernel block subsystem UAF issue: the flush-rq mapping may not be cleared during scsi probe due to blk_queue_init_done()/del_gendisk interaction, allowing a use‑after‑free in blk_mq_find_and_get_req during tag handling. Connected advisories/documentation confirm this vul...

CVE-2024-56577

Technical details about CVE-2024-56577 are not publicly provided in the supplied documents. Please monitor for updates from the vendor and security advisories.

CVE-2024-56607

CVE-2024-56607 concerns the Linux kernel wireless stack, specifically the ath12k driver’s bitrate masking path. The issue stems from a sleep in a function path that can be invoked from atomic/context-sensitive code when a user or cfg80211 path sets legacy bitrates, yielding a sleeping wake-up sta...

CVE-2024-56638

CVE-2024-56638 affects the Linux kernel’s netfilter nft_inner handling of percpu inner-header offsets under softirq. The vulnerability stems from a race where softirq can interrupt a process-context walk over a percpu area that contains inner header offsets, potentially leading to inconsistent pe...

CVE-2024-57977

CVE-2024-57977 is a Linux kernel vulnerability in memcg where the OOM task traversal could cause a soft lockup when thousands of processes reside in the OOM cgroup. The issue arises from scanning OOM tasks for each memory pressure event, delaying the watchdog handling. The documented fix adds a r...

CVE-2024-58085

CVE-2024-58085 relates to the Linux kernel Tomoyo security module, specifically a warning emission in tomoyo_write_control(). The description notes a syzbot report about a “too large allocation” warning when a long single line is written without a newline. The fix changes memory allocation behavi...

CVE-2025-21649

CVE-2025-21649 (Linux kernel) : Affected component: net: hns3 on HIP08 devices. Root cause: NULL pointer dereference when attempting to set TX hardware timestamp information if HIP08 devices do not register PTP devices (ptp is NULL). This can cause a kernel crash during 1588 timestamping flow in ...

CVE-2025-21823

CVE-2025-21823 relates to the Batman-adv (batman-adv) Linux kernel module. The root cause was the ELP metric worker per interface, which could sleep while iterating over neighbors under an RCU list, creating a race that could lead to invalid memory access if the worker was canceled or if interfac...

CVE-2025-22009

CVE-2025-22009 is a Linux kernel vulnerability affecting the regulator: dummy driver where probing can become unsynchronized across threads, leading to a NULL pointer dereference during boot via kobject_get(). The issue arises when anatop_regulator_probe() and dummy_regulator_probe() race with kw...

CVE-2025-22020

CVE-2025-22020 pertains to the Linux kernel memstick subsystem, fixing a slab-use-after-free in rtsx_usb_ms_drv_remove that could crash via rtsx_usb_ms_poll_card. Affected code path involves memstick host allocation during driver probe and removal, with a use-after-free arising from freeing drive...

CVE-2025-22055

CVE-2025-22055 is a Linux kernel issue in net: geneve_opt length overflow. A 5-bit length (max 128 bytes) for each option can be abused by sending a 128-byte option to fake a zero-length option, enabling heap out-of-bounds read during parsing. Connected sources describe the root cause and show a ...

CVE-2025-22089

The CVE-2025-22089 issue affects the Linux kernel RDMA core code. Root cause: an incorrect container_of cast in hw_stat_device_show caused memory corruption by exposing hw_counters outside the init net namespace. Impact: reading hw_counters in non-init namespaces could crash the kernel (NULL dere...

CVE-2025-37789

CVE-2025-37789 (net: openvswitch: fix nested key length validation in the set() action) is covered by connected advisories, which confirm a Linux kernel vulnerability in netlink key length handling for the set() action in Open vSwitch. The description notes that accessing nla_len(ovs_key) is unsa...

CVE-2025-37833

CVE-2025-37833 affects the Linux kernel NIC driver net/niu, where an MSIX ENTRY_DATA read-before-write on an msix entry can trigger a fatal trap. The fix ensures niu_try_msix() does not cause a trap on SPARC and adds a workaround flag PCI_DEV_FLAGS_MSIX_TOUCH_ENTRY_DATA_FIRST on the pci_dev to pr...

CVE-2025-40014

Technical details for CVE-2025-40014 are not publicly provided in the connected documents. The supplied materials do not specify affected products/versions or remediation. Monitor for updates.

CVE-2009-1439

The CVE-2009-1439 entry describes a buffer overflow in CIFS/Tree Connect handling (fs/cifs/connect.c) of the Linux kernel prior to 2.6.30, where a long nativeFileSystem field in an SMB mount response can cause a remote crash (DoS). The vulnerability affects the Linux kernel’s CIFS implementation ...

CVE-2014-4653

Summary (CVE-2014-4653) : The ALSA control implementation in the Linux kernel has a race/lock handling issue in sound/core/control.c. It does not ensure possession of a read/write lock, enabling a local attacker to trigger a denial of service (use-after-free) and to potentially read kernel memory...

CVE-2014-5471

CVE-2014-5471 affects the Linux kernel up to 3.16.1, specifically the parse_rock_ridge_inode_internal function in fs/isofs/rock.c. A crafted iso9660 image with a CL entry referencing a directory entry that has a CL entry can cause uncontrolled recursion, leading to a local denial of service, syst...

CVE-2015-0239

CVE-2015-0239 affects the Linux kernel KVM emulation path (arch/x86/kvm/emulate.c). If a guest OS does not initialize SYSENTER MSRs, em_sysenter can trigger using a 16‑bit code segment to emulate SYSENTER, allowing a guest OS user to gain guest privileges or cause a guest crash. The vulnerability...

CVE-2016-3951

CVE-2016-3951 concerns a double-free in Linux kernel drivers/net/usb/cdc_ncm.c, exploitable when a USB device with an invalid descriptor is inserted. Affected: Linux kernel pre-4.5; impact: denial of service (system crash) and potential unspecified effects. The linked Unity security advisories co...

CVE-2017-18193

The CVE-2017-18193 issue is in the Linux kernel’s F2FS extent_cache.c (before 4.13). It mishandles extent trees, enabling a local, multi-threaded application to trigger a denial of service. Connected advisories (Unity Linux and OpenVAS/Open Nessus entries) confirm the affected component and impac...

CVE-2017-9605

CVE-2017-9605 affects the Linux kernel (up to and including 4.11.4) via the vmw_gb_surface_define_ioctl path (DRM_IOCTL_VMW_GB_SURFACE_CREATE) in vmwgfx_surface.c. The defect is that backup_handle is defined but not initialized, so when creating a GB surface with a previously allocated DMA buffer...

CVE-2019-19241

CVE-2019-19241 affects the Linux kernel prior to 5.4.2 where the io_uring path can cause requests to appear with UID 0 and full capabilities due to IORING_OP_SENDMSG handling by kernel worker threads in contexts from unprivileged users. Affected code paths include fs/io-wq.c, fs/io_uring.c, and n...

CVE-2019-8956

CVE-2019-8956 corresponds to a use-after-free in the Linux kernel SCTP path. Affects Linux kernel before 4.20.8 and 4.19.21, in sctp_sendmsg() when handling SCTP_SENDALL, risking memory corruption. Publicly available advisories indicate the fix is to update to kernel versions 4.20.8+ or 4.19.21+....

CVE-2021-47191

CVE-2021-47191 affects the Linux kernel’s SCSI debug path (scsi_debug) and fixes an out-of-bounds read in resp_readcap16 caused by treating alloc_len as a signed int, which could lead to an OOB in sg_copy_buffer when handling large allocation lengths. The root cause is the incorrect type for allo...

CVE-2021-47468

CVE-2021-47468 is a Linux kernel vulnerability affecting isdn/mISDN where a sleeping function could be called from an atomic context because card->isac.release() is invoked while still holding a lock. The description states the fix is to call this function after releasing the lock. Logs illust...

CVE-2022-47939

CVE-2022-47939 affects ksmbd in Linux kernel 5.15–5.19 (before 5.19.2). The issue is a use-after-free in fs/ksmbd/smb2pdu.c that can trigger an OOPS when handling SMB2_TREE_DISCONNECT. A fix was released with Linux kernel 5.19.2 (and later). Affected distributions referenced in Connected sources ...

CVE-2022-47943

Summary: CVE-2022-47943 affects the ksmbd component of the Linux kernel (versions 5.15–5.19 before 5.19.2). The flaw is an out-of-bounds read that can trigger an OOPS when handling SMB2_WRITE with a large length in the zero DataOffset case. Impact (as stated): potential kernel crash/denial of ser...

CVE-2022-48686

CVE-2022-48686 : In the Linux kernel, the nvme-tcp path fixed a use-after-free (UAF) when detecting digest errors. The patch also adds a safeguard to bail from the io_work loop when rd_enabled becomes true, avoiding reads from a TCP socket that is out-of-sync or corrupted. Concrete details across...

CVE-2022-48885

CVE-2022-48885 — Linux kernel ice_gnss_tty_write() leak fixed . The vulnerability affects the Linux kernel’s ice_gnss_tty_write() path. When write_buf allocation fails, the code returns early and leaks cmd_buf; a fix frees cmd_buf in this failure path. The documented remediation is to apply the k...

CVE-2022-49145

CVE-2022-49145 affects the Linux kernel's ACPI CPPC parsing of _CPC data. The root cause is an out-of-bounds access when the NumEntries field is less than 2, which could lead to improper access of the Revision element. A fix has been implemented in the kernel to avoid this access. The vulnerabili...

CVE-2022-49291

The CVE-2022-49291 entry describes a Linux kernel flaw in ALSA: pcm where concurrent hw_params and hw_free ioctls could trigger a use-after-free. The fix introduces a dedicated mutex (runtime->buffer_mutex) and applies it to both hw_params and hw_free code paths, with small reordering (mmap_co...

CVE-2022-49344

The CVE-2022-49344 issue is a Linux kernel data race in af_unix between unix_dgram_poll() and unix_dgram_peer_wake_me(): the receive-queue fullness check was done without holding the peer’s lock. The fix uses unix_recvq_full_lockless() instead of unix_recvq_full(), addressing a KCSAN-reported rac...