13804 matches found
CVE-2022-49728
CVE-2022-49728 affects the Linux kernel’s IPv6 path. The issue is a signed integer overflow in __ip6_append_data, triggered by computing [length] that could exceed int range (UBSAN report: 2147479552 + 8567 cannot be represented in type int). The fix implemented across patches changes the [length...
CVE-2023-26605
CVE-2023-26605 affects Linux kernel 6.0.8: a use-after-free in inode_cgwb_move_to_attached (fs/fs-writeback.c) related to __list_del_entry_valid. Documentation indicates CVSS v3.1 base score 7.8 ( HIGH ) with local attack vector, low complexity, and no user interaction. The vulnerability is a loc...
CVE-2023-52731
CVE-2023-52731 relates to the Linux kernel fbdev with deferred I/O. After a fbdev device is opened and closed, dirty pages can remain in the pageref list and may later be processed, risking memory/page corruption and an Oops. The fix adds cancellation of the delayed work and cleans up the pageref...
CVE-2023-52781
CVE-2023-52781 concerns the Linux kernel USB config BOS descriptor handling. In usb_get_bos_descriptor(), an iteration issue occurs when skipping USB_DT_DEVICE_CAPABILITY, causing the same descriptor to be read repeatedly. The fix introduces a goto to advance the pointer and bytes read so the fun...
CVE-2023-52877
CVE-2023-52877 is a Linux kernel vulnerability in usb typec tcpm where a NULL pointer dereference could occur if port->partner is an ERR_PTR. The patch adds a NULL check in tcpm_pd_data_request to avoid dereferencing a NULL pointer when registering a partner. Connected advisories (MiracleLinux...
CVE-2023-52915
The CVE-2023-52915 issue affects the Linux kernel driver media: dvb-usb-v2 (af9035) where af9035_i2c_master_xfer processes user-controlled msg entries; if msg[i].buf is null and msg[i].len is zero, previous checks on msg[i].buf could pass, allowing data to reach af9035_i2c_master_xfer and potenti...
CVE-2023-52935
CVE-2023-52935 refers to a Linux kernel vulnerability in mm/khugepaged related to an ->anon_vma race when removing page tables. The issue could allow concurrent access to page tables during rmap traversal if an anon_vma is shared; the fix adds a re-check after acquiring the mmap lock so there ...
CVE-2023-53002
CVE-2023-53002 concerns the Linux kernel DRM/I915 memory leak when mmap_offset is reused. The root cause is that drm_vma_node_allow() and drm_vma_node_revoke() were not called in balanced pairs: allow is invoked once per-file per mmap_offset, while revoke was only called per-file per mmap_offset,...
CVE-2023-53015
CVE-2023-53015 affects the Linux kernel HID betop: betopff_init() verifies only the total sum of report field counts (>=4) while hid_betopff_play() requires exactly 4 fields, enabling a NULL pointer dereference when an output report has one field with four counts. Multiple connected advisories...
CVE-2023-53140
The CVE-2023-53140 issue affects the Linux kernel SCSI core: the /proc/scsi/${proc_name} directory is now removed earlier to fix a race between module unload/reload. This resolves a memory-leak/ordering problem introduced in 2009 and suppresses a proc_dir_entry warning for scsi_debug. Connected a...
CVE-2024-26693
CVE-2024-26693 (Linux kernel wifi/iwlwifi - mvm) : A DoS crash occurs when the AP runs out of stations in firmware. The root cause is that iwl_mvm_is_dup() cannot find the per-queue dup_data, which was not allocated. This happened because MAC80211 expected a station to exist (sta_info::uploaded s...
CVE-2024-26868
CVE-2024-26868 : Linux kernel nfs_layout_flexfiles path panicked when nfs4_ff_layout_prepare_ds() failed to initialize mirror_ds, leading to a NULL/missing mirror_ds dereference in ff_layout_cancel_io(). The core issue was dereferencing mirror_ds without IS_ERR_OR_NULL checks, risking a kernel pa...
CVE-2024-26893
CVE-2024-26893 affects the Linux kernel ARM SCMI SMC transport cleanup path. The vulnerability is caused by a double-free in the chan_free cleanup of a shared transport_info member, which can dereference a NULL pointer on the second cleanup attempt, leading to a kernel crash (OOPs). The issue occ...
CVE-2024-35895
The CVE-2024-35895 vulnerability affects the Linux kernel, specifically the BPF sockmap/sockhash path. A deadlock could occur when map_delete_elem is invoked from a context where interrupts are disabled; the fix adds a hardirq-safety check to bail out if map_delete_elem runs in a non-hardirq-unsa...
CVE-2024-38583
CVE-2024-38583 affects the Linux kernel nilfs2 log writer. A use-after-free of the sc_timer used to wake a sleeping log writer thread was observed, since the timer was not shut down until the nilfs_sc_info structure’s lifetime ended. The fix limits timer usage to when the log writer thread is ali...
CVE-2024-41084
CVE-2024-41084 – Linux kernel (CXL region lookup) : The issue stems from cxl_dpa_to_region() incorrectly assuming a mapped DPA endpoint is a fully assembled region. If not, it can dereference a null region pointer when looking up the region name, potentially causing an oops. The race between BIOS...
CVE-2024-42081
CVE-2024-42081 affects the Linux kernel component drm/ xe/ xe_devcoredump. The root cause was assigning xe_devcoredump_snapshot* and xe_device* unconditionally; the fix adds a NULL check and only assigns these pointers when coredump is not NULL. CVSS: Low-Privilege Local access with Medium overal...
CVE-2024-42243
CVE-2024-42243 relates to the Linux kernel mm/filemap MAX_PAGECACHE_ORDER handling. The issue arises because xarray cannot support arbitrary page cache sizes, triggering WARN_ON in xas_split_alloc on ARM64 when base page size is 64KB (huge pages can be 512MB). The fix implemented patches to LIMIT...
CVE-2024-43901
CVE-2024-43901 — Linux kernel DRM/AMD display NULL pointer dereference in DTN log (DCN401) Affected software: Linux kernel with AMD display driver (DCN401). Root cause: reading the DTN log attempts to access the gamut_remap callback when the DCN401 ASIC does not implement it, leading to a NULL po...
CVE-2024-44940
CVE-2024-44940 pertains to the Linux kernel. The issue is a WARN_ON_ONCE in gue_gro_receive when the encapsulated protocol has no GRO handler; the packet is contrived (Syzbot-triggered) and not actionable. The fix removes this warning, as it is expected and not a vulnerability vector, by dropping...
CVE-2024-46816
CVE-2024-46816 affects the Linux kernel DRM/AMD display path (amdgpu_dm). The vulnerability arises when initializing display links: the code assumes dc->links has up to max_links elements, but a link count can reach AMDGPU_DM_MAX_DISPLAY_INDEX (31), risking an out-of-bounds condition during in...
CVE-2024-47743
CVE-2024-47743 affects the Linux kernel in the KEYS subsystem. In find_asymmetric_key(), if id_{0,1,2} are all NULL, a WARN is emitted but a null dereference on id_2 occurs, leading to an oops. The vulnerable code is fixed by adding the missing id_2 NULL check and by moving WARN_ON() to the final...
CVE-2024-47809
CVE-2024-47809 (Linux kernel) fixes a possible NULL pointer dereference in the DLM code path when a lock block (lkb) is created but the lkb_resource is not yet assigned (until attach_lkb via validate_lock_args). The issue could occur when request_lock() calls, potentially exposing a crash; anothe...
CVE-2024-49892
CVE-2024-49892 (Linux kernel) : Affects the DRM/AMD display path. The bug was caused by get_bytes_per_element() potentially returning 0, leading to multiple DIVIDE_BY_ZERO errors. The patch initializes the default to 1, ensuring bytes_per_element_y and bytes_per_element_c are never denominators o...
CVE-2024-49919
CVE-2024-49919 describes a null pointer dereference in the Linux kernel DRM AMD display path. Specifically, in dcn201_acquire_free_pipe_for_layer, the code could assume head_pipe was non-null and perform an assertion when it was null. The fix adds an explicit null check for head_pipe and, if it i...
CVE-2024-50041
CVE-2024-50041 relates to the Linux kernel i40e driver where a macvlan leak could occur due to concurrent access to vsi->mac_filter_hash. The provided description states the root cause as improper synchronization when multiple threads modify the mac_filter_hash, leading to potential memory lea...
CVE-2024-50116
CVE-2024-50116 relates to a Linux kernel nilfs2 bug where the buffer delay flag was not cleared when discarding a page/folio or buffer head, leading to a BUG_ON in submit_bh_wbc() after reading a corrupted filesystem image and degraded read-only. The issue is caused by not clearing the buffer del...
CVE-2024-50184
CVE-2024-50184 describes a Linux kernel vulnerability in virtio_pmem where a pmem device in a bad status could cause the host to wait indefinitely for an ack in virtio_pmem_flush(), leading to a system hang. The issue is resolved by adding a status check at the start of virtio_pmem_flush() to ret...
CVE-2024-50196
CVE-2024-50196 affects the Linux kernel pinctrl/ocelot subsystem. The issue causes a system hang when a GPIO interrupt is configured in level mode while the parent interrupt is configured in edge mode, because chained_irq_enter() may not be called if the GPIO interrupt is cleared before the paren...
CVE-2024-50248
CVE-2024-50248 affects the Linux kernel ntfs3 driver. Connected advisories confirm a fix that adds bounds checking in ntfs3: mi_enum_attr() to ensure attributes do not read beyond valid memory. This addresses potential memory-safety issues arising from unchecked attribute enumeration. The Debian/...
CVE-2024-50265
CVE-2024-50265 concerns the Linux kernel OCFS2 XATTR handling. The issue arises in ocfs2_xa_remove() where, after a fault-injected -ENOMEM path, a faulty rc path causes the code to call ocfs2_xa_remove_entry(loc) twice: first from ocfs2_xa_cleanup_value_truncate() and then again when returning to...
CVE-2024-50296
CVE-2024-50296 affects the Linux kernel net/hns3 driver (and related SR-IOV cleanup path). Root cause: race in driver removal where concurrent VF disable and resource release call pci_disable_sriov() twice, leading to a NULL pointer dereference during device removal. Impact: kernel crash when the...
CVE-2024-53064
CVE-2024-53064 is a Linux kernel issue in the idpf/vc_core mailbox path. During a reboot-retry sequence, the mailbox workqueue may still run after resources are freed, leading to a NULL pointer dereference when the released control queue is accessed. The fix unrolls the workqueue cancellation and...
CVE-2024-53108
The CVE-2024-53108 issue affects the Linux kernel’s DRM/AMD display stack, specifically the AMD kernel driver path (drm/amd/display) and the function amdgpu_dm_update_freesync_caps. The root cause is an out-of-bounds read caused by ID extraction for the replay check in the AMD EDID being performe...
CVE-2024-56369
CVE-2024-56369 affects the Linux kernel DRM code: drm/modes/drm_mode_vrefresh() attempted to avoid divide-by-zero by checking htotal/vtotal, but can still trigger div-by-zero (vtotalhtotal ...). This can lead to a crash/denial of service (availability impact). The issue is fixed in the upstream k...
CVE-2024-57907
CVE-2024-57907 concerns the Linux kernel IIO ADC driver for Rockchip (rockchip_saradc). The vulnerability arises because the local data structure used to push data to userspace from a triggered buffer was not fully initialized; values for inactive channels were left undefined since only active ch...
CVE-2025-21909
CVE-2025-21909 concerns the Linux kernel wifi/nl80211 subsystem. Description: when a monitor interface is set with MONITOR_FLAG_COOK_FRAMES together with other MONITOR flags, a sub-interface can be created without the IEEE80211_SDATA_IN_DRIVER bit, since cooked state takes precedence over other s...
CVE-2025-21914
CVE-2025-21914 affects the Linux kernel Slimbus path (slimbus) where, in delayed interrupt scenarios, slim_do_transfer() returns a timeout but fails to free the associated transaction ID (TID). This leads to invalid memory access inside qcom_slim_ngd_rx_msgq_cb(), potentially causing a kernel pan...
CVE-2025-21957
The CVE refers to a Linux kernel issue affecting the SCSI qla1280 driver. When the driver is compiled with DEBUG_QLA1280 and ql_debug_level > 2, a null dereference can cause an oops. The root cause is incorrect handling of debug printing, where sg_next(s) was used instead of sg_dma_len(s). The...
CVE-2025-21979
CVE-2025-21979 affects the Linux kernel wifi stack (cfg80211). A wiphy_work can be queued as soon as the wiphy is allocated (wiphy_new_nm). If wiphy_free runs before the rdev::wiphy_work executes, the wiphy memory is freed and later accessed, leading to a use-after-free. The fix is to cancel the ...
CVE-2025-23142
CVE-2025-23142 details are not provided in the supplied documents; monitor for updates.
CVE-2025-23146
The CVE-2025-23146 issue affects the Linux kernel mfd: ene-kb3930 driver, where a NULL pointer dereference could occur because off_gpios may be NULL. The kb3930_probe() lacked a NULL check, fixed in the resolved update (similar to backlight: hx8357 NULL pointer fix). Impact is local, with potenti...
CVE-2025-37749
CVE-2025-37749 concerns a Linux kernel vulnerability in the PPP stack. The issue stemmed from insufficient bounds checking on skb data in ppp_sync_txmung, risking out-of-bounds reads when processing short packets. The fixed description states that there must be enough data in the skb linear buffe...
CVE-2025-37841
CVE-2025-37841: In the Linux kernel, the vulnerability affects the pm: cpupower: bench path. If malloc returns NULL due to low memory, the config pointer can be NULL, leading to a NULL dereference. The issue has a tracked fix described as adding a NULL check to prevent dereferencing config when m...
CVE-2025-38637
The CVE CVE-2025-38637 affects the Linux kernel skbprio queue in net_sched when used as a child qdisc under Token Bucket Filter (TBF). The root cause is an overly strict assertion in skbprio enqueue/dequeue that can miscount lengths because TBF may peek at packets without dequeueing when tokens a...
CVE-2009-0028
CVE-2009-0028 is a local vulnerability in the Linux kernel up to version 2.6.28 where the clone system call with CLONE_PARENT can allow an unprivileged child to spawn a second child and exit, enabling it to send arbitrary signals to the parent process. The MiracleLinux AXSA-2009-42:04 advisory ex...
CVE-2009-3726
The CVE-2009-3726 issue affects the Linux kernel NFSv4 client (fs/nfs/nfs4proc.c) and is triggered when a remote NFS server returns a crafted response with incorrect file attributes. This can cause a NULL pointer dereference and kernel panic by attempting to use an open file that has no NFSv4 sta...
CVE-2011-1182
CVE-2011-1182 affects the Linux kernel’s signal handling: kernel/signal.c before 2.6.39 allows local users to spoof the UID and PID of a signal sender via sigqueueinfo. Affected in MiracleLinux 3 (kernel 2.6.18-274.1.AXS3) per AXSA-2011-313:06; the issue is described as a kill-signal spoofing vul...
CVE-2011-1576
CVE-2011-1576 affects the Linux kernel GRO offload path (napi_reuse_skb) used in Red Hat Enterprise Linux 5 (kernel 2.6.18) and Red Hat Enterprise Linux 6 (kernel 2.6.32) as deployed in RHEV Hypervisor. The advisory notes that remote attackers can trigger VLAN-packet processing to cause a denial ...
CVE-2011-1776
The CVE-2011-1776 issue affects the Linux kernel’s is_gpt_valid function (fs/partitions/efi.c). It does not validate the size of a GPT entry, allowing physically proximate attackers to trigger a heap-based buffer overflow and OOPS or potentially read kernel heap memory when a crafted GPT storage ...