CVE-2022-49344

The CVE-2022-49344 issue is a Linux kernel data race in af_unix between unix_dgram_poll() and unix_dgram_peer_wake_me(): the receive-queue fullness check was done without holding the peer’s lock. The fix uses unix_recvq_full_lockless() instead of unix_recvq_full(), addressing a KCSAN-reported rac...

CVE-2022-49466

CVE-2022-49466 affects the Linux kernel regulator: scmi subsystem. The root cause is a refcount leak in scmi_regulator_probe due to of_find_node_by_name() returning a node pointer with an incremented refcount; the patch adds a call to of_node_put() to release the node when done. This fix prevents...

CVE-2022-49588

CVE-2022-49588 corresponds to a data-race in the Linux kernel’s TCP sysctl_migrate_req reader. The vulnerability arises from concurrent reading of sysctl_tcp_migrate_req, which could be changed during access. The fix adds READ_ONCE() to the readers to prevent races. Affected component is the kern...

CVE-2022-49625

CVE-2022-49625: In the Linux kernel, the sfc driver could trigger a kernel panic when creating VFs due to a faulty buffer release path in vunmap in IRQ context. The issue stems from an IRQ/BH context restriction during DMA buffer release, with a patch that re-enables BH to safely release the buff...

CVE-2022-49687

CVE-2022-49687 documents a Linux kernel vulnerability in virtio_net where suspend/resume can trigger a driver bug warning due to xdp_rxq_info not being unregistered/registered during freeze/restore. The root cause is that virtnet_freeze() frees the receive_queue (including xdp_rxq_info) without c...

CVE-2023-32254

CVE-2023-32254 affects the Linux kernel ksmbd SMB server, due to missing locking when processing SMB2_TREE_DISCONNECT commands. The flaw can allow code execution in kernel context. Multiple connected sources (Ubuntu USNs 6173/6283, Astra Linux bulletin, CBL-Mariner entries) confirm ksmbd involvem...

CVE-2023-52589

The CVE 2023-52589 entry concerns the Linux kernel media rkisp1 driver. The issue is a race in IRQ disable logic within rkisp1_isp_stop() and rkisp1_csi_disable(): interrupts are masked and the code assumes the IRQ handler isn’t running, but the handler can still be active when the stop sequence ...

CVE-2023-52740

The CVE-2023-52740 issue affects the Linux kernel on powerpc64s where a race occurs during interrupt exit with security mitigations (RFI/STF). The root cause is that the interrupt_exit_not_reentrant condition can be flipped concurrently with the interrupt exit tests that set MSR[EE|RI], and then ...

CVE-2023-52926

CVE-2023-52926 is a Linux kernel vulnerability where IORING_OP_READ does not fully consume the provided buffer list when read returns a negative value (except -EAGAIN/-EIOCBQUEUED). This can cause a use-after-free when the completion io_rw_done runs in a different context. The issue is documented...

CVE-2024-26791

CVE-2024-26791 — Linux kernel: btrfs dev-replace: properly validate device names. A syzbot report indicated device name buffers passed to device replace could read beyond end (getname_kernel) due to insufficient termination checks. The fix adds a helper that validates both source and target devic...

CVE-2024-38586

CVE-2024-38586 : Linux kernel r8169/RTL8125b transmit path issue leading to possible ring-buffer corruption when transmitting small fragmented packets. Root cause: rtl8169_start_xmit() failed to detect changes to nr_frags after padding in rtl8169_tso_csum_v2(), causing invalid entries in the tran...

CVE-2024-39484

CVE-2024-39484 - Linux kernel mmc: davinci driver: the remove callback was discarded when built-in and __exit was used, causing resource leaks on unbind/reset. The fix compiles the remove callback unconditionally so it is always executed during driver removal. Connected sources confirm the issue ...

CVE-2024-39498

CVE-2024-39498 (Linux kernel) resolves a NULL pointer dereference in the DRM MST path during payload handling. The issue stemmed from an overwrite in a refactored payload allocation/removal flow, which regressed when two commits touched in drm_dp_add_payload_part2 used/modified the state input. T...

CVE-2024-42232

CVE-2024-42232 (Linux kernel, libceph) is a race between delayed_work handling in ceph_monc_stop() and mon_fault()/finish_hunting() that could lead to use-after-free when reusing monc and its associated fields. The fix, as described in connected advisories, is: (1) during session close in ceph_mo...

CVE-2024-50060

CVE-2024-50060 is documented in the IBM bulletin as a Linux kernel vulnerability fix for the io_uring subsystem. The issue involved the need to reschedule during overflow flush in io_uring handling. The described root cause notes that overflow entries can accumulate and flushing could take a long...

CVE-2024-50083

CVE-2024-50083 concerns a Linux kernel flaw where MPTCP DSS corruption could occur during large PMTU transmissions. The issue, triggered by Syzkaller under a subflow, is tied to __mptcp_move_skbs_from_subflow in net/mptcp/protocol.c and relates to mptcp_data_ready/move_skbs_to_msk paths leading t...

CVE-2024-50107

CVE-2024-50107 affects the Linux kernel platform/x86/intel/pmc subsystem. The issue was triggered by a change in ioremap address checks that emitted a WARN when iounmap was called for invalid addresses on ThinkPad ThinkPad P1 Gen 7 (Meteor Lake-P). The fix updates pmc_core_iounmap to call iounmap...

CVE-2024-50166

CVE-2024-50166 affects the Linux kernel. The issue is a refcount handling bug in fman-related devices (fsl/fman) where multiple references taken in mac_probe() by of_find_device_by_node(), fman_bind(), and fman_port_bind() were not fully released on error paths or removal, causing reference leaks...

CVE-2024-50258

CVE-2024-50258 affects the Linux kernel net stack. A small gso_max_size/gso_ipv4_max_size can cause an underflow in sk_dst_gso_max_size(), making sk->sk_gso_max_size exceed device limits and trigger a BUG_ON crash during tcp_write_xmit/tso processing. The root cause is in computing tso_segs (D...

CVE-2024-50267

CVE-2024-50267 — Linux kernel (USB: serial: io_edgeport) A use-after-free in a debug printk after usb_free_urb(urb) was fixed by storing the urb->dev pointer at the start of the function to avoid referencing a freed urb. The vulnerability affects the Linux kernel’s USB serial edgeport driver a...

CVE-2024-53112

CVE-2024-53112 affects the Linux kernel via the OCFS2 group add path. The issue occurs when ioctl(OCFS2_IOC_GROUP_ADD, …) fails for an inode; the corresponding buffer head remains cached and a subsequent ioctl triggers a BUG in ocfs2_set_new_buffer_uptodate() while caching the same buffer head. T...

CVE-2024-53177

CVE-2024-53177 relates to the Linux kernel SMB/CIFS implementation. The issue is a use-after-free in smb2_cached_lease_break/open_cached_dir race: when open_cached_dir() errors parsing a lease, a race with a lease-break can free a cfid while pending work remains. The fix drops references instead ...

CVE-2024-56679

Technical details for CVE-2024-56679 are not publicly available in the provided documents. Please monitor for updates from upstream advisories and vendor advisories to obtain affected products, root cause, and remediation.

CVE-2024-56712

CVE-2024-56712 : In the Linux kernel udmabuf code, a memory leak could occur on the last export_udmabuf() error path when dma_buf_fd() fails and a dma_buf has already been created. The root cause was in export_udmabuf()’s error handling, where the dma_buf could be torn down without freeing the co...

CVE-2024-57924

CVE-2024-57924 affects the Linux kernel and is described in multiple sources as a fix to “fs: relax assertions on failure to encode file handles.” The issue concerns exportfs_encode_fh and related paths used by filesystem code to encode file handles, with legacy users such as nfsd and name_to_han...

CVE-2024-57986

CVE-2024-57986 – Linux kernel HID core issue : The vulnerability stems from HID core handling of Resolution Multipliers. The code assumes each Resolution Multiplier control resides in a Logical Collection; if none is found, multiplier_collection could be non-NULL, risking misapplied multipliers o...

CVE-2025-21992

CVE-2025-21992 concerns the HID subsystem in the Linux kernel, where a non-functional HID sensor on the HP 5MP Camera (USB 0408:5473) could cause system hangs when accessed via iio_info. The issue was mitigated by adding the affected device to the HID ignore list so its sensor interface is not ex...

CVE-2025-22002

CVE-2025-22002 concerns the Linux kernel netfs code path: if a filesystem does not implement invalidate_cache, a write-to-cache failure can trigger a NULL pointer dereference in netfs_write_collection_worker, leading to a kernel crash. The provided documents confirm the root cause as a missing NU...

CVE-2025-22018

CVE-2025-22018 affects the Linux kernel ATM MPOA path. A NULL pointer dereference can occur in MPOA_cache_impos_rcvd() when both entry and holding_time are NULL, leading to a crash (KASAN/GPF observed in logs). The issue has been fixed in upstream kernels and is addressed in vendor updates (examp...

CVE-2025-22079

The CVE-2025-22079 issue affects the Linux kernel OCFS2 path handling. A 16-bit l_tree_depth could exceed OCFS2_MAX_PATH_DEPTH, risking out-of-bounds access (noted when reading from a corrupted mounted disk). A fix was implemented to validate l_tree_depth and guard against invalid values, prevent...

CVE-2025-22097

CVE-2025-22097 affects the Linux kernel vkms (drm/vkms). The vulnerability is a use-after-free and potential double-free of the default_config pointer when driver init fails, because vkms_exit() may access an uninitialized/freed default_config. The fix: initialize default_config only if the drive...

CVE-2025-23138

CVE-2025-23138: In the Linux kernel, watch_queue: fix pipe accounting mismatch. watch_queue_set_size() updated charged pipe buffers for user->pipe_bufs but did not update pipe->nr_accounted due to pipe_resize_ring() guard, risking underflow when a pipe is freed and causing failures in too_m...

CVE-2025-37756

CVE-2025-37756 affects the Linux kernel TLS stack. The issue arises when a TLS socket is disconnected, which can trigger unexpected corner cases if disconnect is allowed. The vulnerability is mitigated by explicitly disallowing disconnects in the net/tls path, as described in the vulnerability de...

CVE-2004-0495

Summary: CVE-2004-0495 refers to multiple vulnerabilities in Linux kernel 2.4 and 2.6, identified by the Sparse source-checking tool, that can allow local privilege escalation or access to kernel memory. Affected software: Linux kernel for 2.4 and 2.6 series. Root cause/impact: local attacker cou...

CVE-2011-1746

The CVE affects the Linux kernel prior to 2.6.38.5, specifically the AGP subsystem in drivers/char/agp/generic.c. It is caused by multiple integer overflows in the functions agp_allocate_memory and agp_create_user_memory, allowing local users to trigger buffer overflows and potentially crash the ...

CVE-2013-7263

The CVE-2013-7263 issue affects the Linux kernel before 3.12.4, where certain length values are updated before kernel data structures are initialized, enabling local attackers to read sensitive information from kernel stack memory via recvfrom, recvmmsg, or recvmsg. Connected Nessus entries (Unit...

CVE-2015-0275

CVE-2015-0275 affects the Linux kernel ext4 subsystem: the ext4_zero_range function in fs/ext4/extents.c allows local users to trigger a denial of service via a crafted fallocate zero-range request. The linked MiracleLinux/Unity Linux Nessus entries reproduce this: the vulnerability is described ...

CVE-2016-1237

CVE-2016-1237 affects the Linux kernel’s nfsd: a missing permissions check when setting POSIX ACLs allows a local user to bypass file-permission restrictions by manipulating ACLs (nfs2acl.c, nfs3acl.c, nfs4acl.c). The vulnerability is described as present in kernels up to 4.6.3 and is addressed i...

CVE-2016-9191

CVE-2016-9191 affects the Linux kernel (cgroup offline drain operations) up to version 4.8.11. A local attacker inside a container environment can cause a denial of service (system hang) by crafting an application. The provided documents confirm the vulnerability and affected mechanism but do not...

CVE-2017-16911

The CVE-2017-16911 issue affects the vhci_hcd driver in the Linux kernel prior to 4.14.8 and 4.4.114, allowing local attackers to disclose kernel memory addresses when a USB device is attached over IP. Exploitation details are contingent on the USB-over-IP setup; the vulnerability is limited to l...

CVE-2017-18222

CVE-2017-18222 affects the Linux kernel before 4.12, where the Hisilicon Network Subsystem (HNS) ETH_SS_PRIV_FLAGS handling during sset_count retrieval can cause local denial of service via buffer overflow/memory corruption and potentially other impacts due to incompatibility with ethtool_get_str...

CVE-2021-47412

CVE-2021-47412 (Linux kernel) : The vulnerability arises when a bio is not tracked and the rq_qos_ops->done_bio call is inappropriately invoked, risking a kernel panic. The fix stops calling done_bio for bios that aren’t tracked (and for bio-based drivers where rq_qos_done_bio() isn’t needed)....

CVE-2021-47466

The CVE-2021-47466 issue concerns the Linux kernel SLUB allocator: in kmem_cache_open(), an error-path could leak random_seq data from the slub cache. The fix releases all relevant resources via __kmem_cache_release(), mitigating potential memory leakage. Affected advisories (e.g., Unity Linux UT...

CVE-2022-33744

CVE-2022-33744 is an ARM Xen guest vulnerability where unprivileged guests can provoke a Denial of Service in Dom0 via paravirtual devices. The root cause is a race window in updating an rbtree that tracks guest mappings when mapping guest pages on ARM, potentially crashing Dom0 or blocking furth...

CVE-2022-49272

CVE-2022-49272 affects the Linux kernel in ALSA: pcm code. The root cause is a potential AB/BA deadlock between PCM runtime→buffer_mutex and mm→mmap_lock triggered by concurrent access via ALSA and OSS during read/write and mmap/path IOCTLs. The fix replaces the buffer_mutex protection in read/wr...

CVE-2022-49395

CVE-2022-49395 concerns the Linux kernel, where an out-of-bounds read occurs in LDT setup due to syscall_stub_data() treating data_count as bytes instead of longs. This yields a 128-byte read on the stack (local to swapper/1) and is triggered during LDT entry initialization. Public advisories fro...

CVE-2022-49750

CVE-2022-49750 affects the Linux kernel CPPC support in cpufreq. The root cause is that the _CPC object fields are unsigned 32-bit values, which could overflow. The fix is to add u64 casts to these values to prevent overflow when used. Documented impact indicates potential availability impact (A)...

CVE-2022-49872

The CVE-2022-49872 issue affects the Linux kernel’s net: gso path. A GRO packet can have its gso_size changed and the existing assumption that checking the first list_skb member is sufficient is violated when skbs on the frag_list have differing head_frag heads. This can trigger a BUG_ON in skb_s...

CVE-2023-52509

CVE-2023-52509 affects the Linux kernel ravb driver. The vulnerability arises when ravb_stop() does not cancel pending ravb_tx_timeout_work(), allowing ravb_tx_timeout_work() to access freed priv after ravb_remove() and unregister_netdev(), potentially using freed resources. The root cause is use...

CVE-2023-52675

Concretely tied to CVE-2023-52675 in the Linux kernel: the issue is twofold. (1) powerpc/imc-pmu: update_events_in_group() gained a null pointer check to prevent dereferencing NULL during event updates. (2) kasprintf() can return NULL if memory allocation fails, which could lead to a NULL pointer...