CVE-2022-48974

CVE-2022-48974 – Linux kernel netfilter conntrack fix : The vulnerability occurs in nf_conntrack_hash_check_insert() when nf_ct_ext_valid_pre/post() paths call NF_CT_STAT_INC() in a preemptible context, enabling a use-after-free-like trace. The fix patches nf_conntrack to use NF_CT_STAT_INC_ATOMI...

CVE-2022-49223

The CVE-2022-49223 issue affects the Linux kernel, in the cxl/port path within cxl_core. The root cause is a use-after-free risk in cxl_decoder_release() when it dereferences its parent cxl_port to return an ID to port->decoder_ida, highlighting that the device core only guarantees parent life...

CVE-2022-49626

In CVE-2022-49626, the Linux kernel sfc (Solarflare) driver had a use-after-free: vf->pci_dev could be freed during pci_disable_sriov and later read in efx_ef10_sriov_free_vf_vswitching. The root cause is reading a freed vf->pci_dev in the SR-IOV disable path. A patch fixes this by setting ...

CVE-2022-49691

CVE-2022-49691 describes a Linux kernel vulnerability in ERSPAN handling where code incorrectly assumes skb_transport_header is always set, affecting ip6erspan_tunnel_xmit() and erspan_fb_xmit(). The issue can impact packet transmission in ERSPAN-related paths when the transport header is not pre...

CVE-2022-49908

CVE-2022-49908 affects the Linux kernel Bluetooth path, where a memory leak could occur in L2CAP/vhci_write: when an ACL fragment lacks the L2CAP length, the HCI core may copy the skb to conn->rx_skb and finish processing without freeing it. The provided patches fix this by releasing the relat...

CVE-2023-32247

CVE-2023-32247 affects the Linux kernel ksmbd SMB server. The flaw is in SMB2_SESSION_SETUP handling and stems from lack of resource-control, enabling a remote attacker to trigger a denial-of-service (A: HIGH, CVSS 3.1: 7.5). The issue is exploitable over network with no privileges required and n...

CVE-2023-52609

CVE-2023-52609 : Linux kernel binder race between mmput() and do_exit() causes delayed cleanup when Task A pins a remote mm and Task B exits. The race can defer death notifications until a binder event wakes Task A. The patch uses mmput_async() to schedule cleanup work in the mm->async_put_wor...

CVE-2023-5972

CVE-2023-5972 concerns a null pointer dereference in the netfilter nft_inner.c path of the Linux kernel. A local attacker could crash the system or escalate privileges via improper handling of nft_inner_num/nft_inner_expr_name attributes in inner tunnel netlink attributes, as described in the CVE...

CVE-2024-26635

CVE-2024-26635 affects the Linux kernel LLС path. The issue arises from legacy support for ETH_P_TR_802_2 in 802.2 LLC handling, where llc_conn_handler/llc_pdu_decode paths initialized saddr/daddr.mac only for ETH_P_802_2, causing reads of garbage in other protocols (e.g., ETH_P_TR_802_2). The bu...

CVE-2024-26697

Summary (CVE-2024-26697) : In the Linux kernel, the nilfs2 filesystem had a data corruption risk during dsync block recovery when block sizes are smaller than the page size. The root cause was an incorrect on-page offset calculation in nilfs_recovery_copy_block() within nilfs_recovery_dsync_block...

CVE-2024-35943

The CVE-2024-35943 entry pertains to the Linux kernel, specifically a vulnerability in TI-related pmdomain handling where omap_prm_domain_init lacked a null-pointer check after a dynamic allocation. The issue arises because devm_kasprintf() can return NULL on allocation failure, and without verif...

CVE-2024-39469

CVE-2024-39469 affects the Linux kernel nilfs2: the bug was in nilfs_empty_dir()’s error handling. If a directory folio/page read fails or nilfs_check_folio() fails, the old code could misjudge the directory as empty and even loop after a failed read, causing filesystem corruption or a long I/O l...

CVE-2024-39483

CVE-2024-39483 affects Linux kernel KVM: SVM where a warning is raised for vNMI + NMI window when NMIs are masked, such as during an STI shadow or GIF=0, potentially causing a spurious WARN. The vulnerability centers on KVM’s NMI window handling: KVM injects one NMI and pends the other; with vNMI...

CVE-2024-42247

CVE-2024-42247 affects the Linux kernel (WireGuard) on the parisc platform. The issue is an unaligned 64-bit memory access in wg_allowedips_insert_v6 when loading a 128-bit IPv6 address, leading to kernel warnings. The documented fix uses get_unaligned_be64() to avoid unaligned accesses. Patch no...

CVE-2024-45828

CVE-2024-45828 affects the Linux kernel i3c-mipi-i3c-hci driver. The issue is a NULL pointer deref caused by a race where the ring stop path may trigger a RING_OP_STAT interrupt after io_data is NULLed during cleanup. The fix masks the ring interrupts before the ring stop request to prevent this ...

CVE-2024-46820

CVE-2024-46820 is a Linux kernel vulnerability in the AMDGPU VCN suspend path. The fix removes calls that disable IRQs and stops tracking IRQ state in vcn 5 suspend, because the code did not properly enable/disable VCN IRQs and did not manage IRQ state. The patch eliminates the WARN_ON(!amdgpu_ir...

CVE-2024-47670

This CVE (CVE-2024-47670) affects the Linux kernel OCFS2 subsystem. The vulnerability arises from insufficient bounds checking in ocfs2_xattr_find_entry(), allowing potential out-of-bounds memory access while scanning for a match in OCFS2 extended attributes. The advisory states that a paranoia c...

CVE-2024-49879

CVE-2024-49879 affects the Linux kernel DRM/omapdrm subsystem. The root cause is a missing check for the return value of alloc_ordered_workqueue, which may return NULL and lead to a NULL pointer dereference. The available connected documentation confirms this concrete technical detail. The fix ad...

CVE-2024-49971

CVE-2024-49971 affects the Linux kernel DRM/AMD display code. The root cause is an out-of-bounds access when dml2_core_shared_mode_support and dml_core_mode_support read the third element of the two-element dummy_boolean array (hw_debug5 = &s->dummy_boolean[2]), causing an OVERRUN. The fix inc...

CVE-2024-50040

CVE-2024-50040 concerns the igb driver in the Linux kernel. The issue stemmed from igb_io_error_detected() treating transient non-fatal PCIe errors as non-fatal, which could lead igb_io_resume() to assume the device was still up and attempt a bring-up, causing a kernel panic during recovery from ...

CVE-2024-50179

In CVE-2024-50179, the Linux kernel vulnerability stems from the direct-io read path attempting to mark pages dirty without holding Firmware (Fw) caps, which could lead to an incorrect Fw reference during page dirtying. The fix, as described in the initial document, is a patch that ceph applies: ...

CVE-2024-50208

CVE-2024-50208 (Linux kernel) : RDMA/bnxt_re had a bug in setting up Level-2 PBL pages where the code assumed multiple PDE pages; when num_pages > 256K, it could cause memory corruption due to an invalid PDE access. The vulnerability is fixed in the Linux kernel by correcting PDE handling for ...

CVE-2024-53226

The CVE-2024-53226 issue affects the Linux kernel RDMA/hepnas driver path: ib_map_mr_sg() could accept NULL sg_offset, and hns_roce_map_mr_sg() dereferenced a NULL pointer. The Astra Linux bulletin mirrors this, stating a NULL pointer dereference in RDMA/hns: Fix NULL pointer derefernce in hns_ro...

CVE-2024-56649

CVE-2024-56649 affects the Linux kernel ENETC MQPRIO offload implementation for VF (and some PFs) where enetc_setup_tc_mqprio() calls enetc_change_preemptible_tcs() but VF lacks the necessary registers. This can cause a NULL hw->port dereference and a crash when configuring preemptible traffic...

CVE-2024-56675

CVE-2024-56675 affects the Linux kernel: UAF can occur when a non-sleepable BPF program is attached to an uprobe and freed via normal RCU, because Uprobes use bpf_prog_run_array_uprobe() under tasks-trace-RCU protection. The fix explicitly waits for a tasks-trace-RCU grace period after removing t...

CVE-2024-58001

Technical details about CVE-2024-58001 are not publicly provided in the supplied documents. Monitor for updates from official advisories; the sources reference related advisories but do not reveal vulnerability specifics, affected products, or fixes.

CVE-2025-21938

CVE-2025-21938 involves the Linux kernel mptcp subsystem. The race occurs when multiple parallel connection requests try to create an implicit MPTCP endpoint and none find the address in local_addr_list, causing concurrent mptcp_pm_nl_get_local_id/mptcp_pm_nl_append_new_local_addr calls to delete...

CVE-2025-21994

CVE-2025-21994 is a Linux kernel vulnerability in the ksmbd module where validation for the num_aces field of smb_acl was incorrect. The advisory notes that parse_dcal() should verify num_aces using the actual buffer size (smb_acl->size) rather than checking against a calculation that could al...

CVE-2025-37829

CVE-2025-37829 affects the Linux kernel: cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate(). The root cause is that cpufreq_cpu_get_raw() can return NULL when the target CPU is not present in policy->cpus mask, and scpi_cpufreq_get_rate() does not handle this, causing a NULL pointer ...

CVE-2025-37867

CVE-2025-37867 : Affects the Linux kernel RDMA/core subsystem. The issue stems from an oversized kvmalloc() warning during syzkaller-triggered activity; the fix silences the warning by adding __GFP_NOWARN to the kvmalloc path (function: __kvmalloc_node_noprof). Reported in connected advisories (A...

CVE-2025-37925

The CVE-2025-37925 entry concerns a Linux kernel vulnerability in the JFS filesystem. When finalizing an on-disk inode, clear_inode() could encounter an unknown type and trigger a kernel BUG; the root cause is an invalid handling path for on-disk inode types, where types 5–15 are reserved. The fi...

CVE-2025-37997

CVE-2025-37997 corresponds to a race in Linux kernel/ipset region locking for hash types. The issue arises from incorrect region lock handling in region macros (ahash_bucket_start/end/ahash_region), enabling a race between the garbage collector and adding elements when timeouts are used. Connecte...

CVE-2013-2164

The CVE-2013-2164 issue affects the Linux kernel (mmc_ioctl_cdrom_read_data in drivers/cdrom/cdrom.c) and allows local users to read kernel memory from a malfunctioning CD-ROM. Affected context: Linux kernel up to version 3.10; exploitation requires local access. Impact per sources: local informa...

CVE-2014-9683

CVE-2014-9683 describes an off-by-one error in the Linux kernel’s eCryptfs path: ecryptfs_decode_from_filename in fs/ecryptfs/crypto.c (pre-3.18.2). A crafted filename can cause a buffer overflow, leading to a denial of service and, potentially, local privilege escalation. The vulnerability is lo...

CVE-2016-2053

CVE-2016-2053: The Linux kernel’s asn1_ber_decoder in lib/asn1_decoder.c is vulnerable to denial-of-service (panic) via a crafted ASN.1 BER file that lacks a public key. The issue occurs in kernel builds prior to 4.3. Consequence is a local DoS without authenticated user interaction. Affected com...

CVE-2017-16529

CVE-2017-16529 affects the Linux kernel’s snd_usb_create_streams in sound/usb/card.c, allowing a local attacker to trigger an out-of-bounds read and system crash via a crafted USB device, with impact described as a denial of service and potentially other effects. The issue is present in kernels p...

CVE-2017-18075

CVE-2017-18075 affects the Linux kernel’s crypto/pcrypt.c, where freeing instances in the AF_ALG-based AEAD path (CONFIG_CRYPTO_USER_API_AEAD, CONFIG_CRYPTO_PCRYPT) can trigger a denial-of-service via kfree of an incorrect pointer, with possible unspecified impact by a crafted sequence of system ...

CVE-2017-18255

CVE-2017-18255 affects the Linux kernel: the perf_cpu_time_max_percent_handler in kernel/events/core.c (pre-4.11) can be triggered by a large value, causing a denial of service via integer overflow (and potential unspecified impact). It requires local access. A fix is available in kernel 4.11 and...

CVE-2018-14610

CVE-2018-14610 concerns the Linux kernel up to 4.17.10. A crafted btrfs image mounting scenario can trigger an out-of-bounds access in write_extent_buffer() due to insufficient verification that each block group has a corresponding chunk at mount time (in fs/btrfs/extent-tree.c). This can lead to...

CVE-2018-16597

CVE-2018-16597 affects the Linux kernel prior to version 4.8. The issue is an incorrect access check in overlayfs mounts, which could allow a local attacker to modify or truncate files on the underlying filesystem. The connected Nessus/OpenVAS advisories reference kernel updates to fix this vulne...

CVE-2021-47527

Summary: CVE-2021-47527 affects the Linux kernel’s serial core. The root cause was a transmit-buffer not freed on final close after switching to tty_port_close, which could cause the buffer to remain uncleared (stalling ioctl drains) and could leak on driver unbind. The issue has been fixed in th...

CVE-2021-47649

The CVE-2021-47649 entry concerns a Linux kernel udmabuf issue where ubuf->pagecount could be zero if user-space passes list.size==0, leading kmalloc_array() to return ZERO_PTR and triggering a GPF in sg_alloc_append_table_from_pages(). The vulnerability arises from pagecount derived from user...

CVE-2022-49160

CVE-2022-49160 affects the Linux kernel driver scsi: qla2xxx. Root cause: during purex packet handling, a pre-allocated structure was freed incorrectly; the fix skips freeing that entry. Impact: system crashes during module load/unload tests (as shown by the stack traces: sbitmap_init_node, blk_m...

CVE-2022-49179

CVE-2022-49179 is a Linux kernel UAF in the block I/O BFQ scheduler (block, bfq: don’t move oom_bfqq). The issue manifests as a use-after-free in bfq_put_async_bfqq() during module removal (rmmod) and BFQ/blk-mq teardown, with 1024-byte slab allocations implicated. Unity Linux advisories UTSA-202...

CVE-2022-49215

CVE-2022-49215 corresponds to a Linux kernel issue: a race in xsk socket teardown that could cause a NULL pointer dereference. The patch fixes two problems: (1) removing the assignment of xs->dev to NULL before all users have stopped using the socket, since data-plane entry points (xsk_poll, x...

CVE-2022-49257

CVE-2022-49257 affects the Linux kernel and stems from a NULL dereference in watch_queue_set_size() during error cleanup. The code path could call __free_page() on buffers that were not allocated, causing a NULL pointer dereference (observed as a KASAN report in __free_pages). The issue is mitiga...

CVE-2022-49374

CVE-2022-49374 affects the Linux kernel TIPC bearer path. The root cause is improper validation of the TIPC_NLA_BEARER_NAME attribute length in the bearer enable flow (net/tipc/bearer.c), with fixes implemented in the kernel (referenced commits in the advisory). The connected docs describe the sy...

CVE-2022-49409

Summary: CVE-2022-49409 covers a Linux kernel ext4 bug that can trigger a BUG_ON in __es_tree_search due to a faulty check in ext4_valid_extent_entries when validating extents. The issue can occur during quota-related quota inode loading, propagating through ext4/extents.c to ext4_bread, quota_re...

CVE-2022-49430

The CVE-2022-49430 entry affects the Linux kernel in the gpio_keys controller. The issue arises from canceling a delayed work handle when the gpio_keys module unloads and an interrupt pin is used instead of GPIO; the module initializes delayed work only for GPIO-backed paths and not for interrupt...

CVE-2022-49567

The CVE-2022-49567 issue is a Linux kernel vulnerability in mm/mempolicy where uninitialized nodemask data can be accessed when policy mode is MPOL_LOCAL, leading to potential read of pol->w.cpuset_mems_allowed during mpol_rebind_policy. The root cause is that mpol_set_nodemask() does not init...