CVE-2011-3191

CVE-2011-3191 affects the Linux kernel CIFS implementation (fs/cifs/cifssmb.c: CIFSFindNext). It is caused by an integer signedness error, existing in kernels before 3.1, which can allow a remote CIFS server to trigger memory corruption or other impact via a large length value in a directory read...

CVE-2013-4299

CVE-2013-4299 – Linux kernel (up to 3.11.6) Root cause: Interpretation conflict in drivers/md/dm-snap-persistent.c within the Linux kernel up to version 3.11.6. Impact: Remote authenticated users can obtain sensitive information or modify data by issuing a crafted mapping to a snapshot block devi...

CVE-2014-0131

CVE-2014-0131 affects the Linux kernel up to version 3.13.6. The vulnerability is a use-after-free in the skb_segment function within net/core/skbuff.c caused by the absence of a certain orphaning operation. Exploitation details are not provided in the supplied documents. The impact is that an at...

CVE-2014-3180

CVE-2014-3180 affects the Linux kernel prior to 3.17, specifically the compatibility code path in kernel/compat.c. The vulnerability is an out-of-bounds read where restart_syscall uses uninitialized data when restarting compat_sys_nanosleep. Note: the description states the code path is unreachab...

CVE-2014-3647

CVE-2014-3647 affects the Linux kernel KVM emulation path: arch/x86/kvm/emulate.c. The root cause is improper handling of RIP changes during instruction emulation, enabling a local guest OS user to crash the guest (DoS) with a crafted application in kernels up to 3.17.2. The provided connected do...

CVE-2015-8845

CVE-2015-8845 affects the Linux kernel on powerpc platforms prior to 4.4.1. The vulnerability arises because the tm_reclaim_thread function in arch/powerpc/kernel/process.c may proceed with a TM reclaim call without verifying that TM suspend mode exists, enabling local users to trigger a denial o...

CVE-2016-3138

CVE-2016-3138 : The Linux kernel’s acm_probe in drivers/usb/class/cdc-acm.c is vulnerable before 4.5.1. A USB device with no both a control and a data endpoint descriptor can trigger a NULL pointer dereference, enabling a physically proximate attacker to crash the system. Impact is denial of serv...

CVE-2016-4580

CVE-2016-4580 affects the Linux kernel up to version 4.5.4 (pre-4.5.5). The vulnerability arises in x25_negotiate_facilities() inside net/x25/x25_facilities.c where a data structure is not properly initialized, enabling an attacker to read sensitive data from kernel stack memory via an X.25 Call ...

CVE-2017-16643

CVE-2017-16643 affects the Linux kernel, specifically the parse_hid_report_descriptor function in drivers/input/tablet/gtco.c, with exploitation possible via a crafted USB device. It allows a local user to trigger an out-of-bounds read and system crash (DoS) and potentially other impacts. The iss...

CVE-2017-7374

CVE-2017-7374 is a use-after-free in the Linux kernel fs/crypto/ subsystem prior to 4.10.7, where revoking keyring keys used for ext4, f2fs, or ubifs encryption can free cryptographic transform objects prematurely. This enables local attackers to cause a denial of service via a NULL pointer deref...

CVE-2018-13100

CVE-2018-13100 concerns the Linux kernel, specifically fs/f2fs/super.c up to version 4.17.3, where improper validation of secs_per_zone in a corrupted f2fs image can trigger a divide-by-zero error. The connected advisories confirm the issue and reproduce conditions but do not provide a patch vers...

CVE-2019-10142

CVE-2019-10142 references a flaw in the Linux kernel's freescale hypervisor manager implementation. A parameter passed to an ioctl was not properly validated and was used in size calculations for page size, making the kernel vulnerable on 5.0.x kernels before 5.0.17. Exploitation could crash the ...

CVE-2022-3115

Mode C: CVE-2022-3115 affects the Linux kernel up to 5.16-rc6. The malidp_crtc_reset path in drivers/gpu/drm/arm/malidp_crtc.c does not check kzalloc() return, causing a NULL pointer dereference. Impact is local, potentially enabling kernel denial of service. Public details confirm the exact vuln...

CVE-2022-3606

CVE-2022-3606 affects the Linux kernel libbpf component (function find_prog_by_sec_insn in tools/lib/bpf/libbpf.c). The issue is a NULL pointer dereference; advisories recommend applying a patch. Connected sources confirm this CVE is tracked in VDB-211749 and is fixed in downstream packages (e.g....

CVE-2022-49129

The CVE-2022-49129 issue affects the Linux kernel’s mt76 mt7921 driver. When the NIC startup fails, the reset_work item could already be scheduled, risking a use-after-free crash during cleanup. The patch ensures the work item is canceled if startup fails, preventing the crash and stabilizing beh...

CVE-2022-49197

CVE-2022-49197 affects the Linux kernel’s netlink af_netlink path. When netlink messages are received, netlink_recvmsg() fills sender info including a 32-bit nl_groups bitfield that indicates multicast group membership. The issue is a shift-out-of-bounds in computing the group mask for high-numbe...

CVE-2022-49549

The CVE-2022-49549 entry concerns a Linux kernel memory-leak in the x86 MCE/AMD path: when threshold_create_bank() fails inside mce_threshold_create_device(), the previously allocated threshold banks array (bp) could be leaked because threshold_remove_device() only frees it if the bank creation s...

CVE-2022-49612

CVE-2022-49612 discusses a Linux kernel vulnerability in the power: supply: core interpolation logic. The issue lies in boundary handling within power_supply_temp2resist_simple and power_supply_ocv2cap_simple, introduced by a4585ba2050f460f749bbaf2b67bd56c41e30283 (power: supply: core: Use librar...

CVE-2022-49699

CVE-2022-49699 : In the Linux kernel, a race in filemap_get_read_batch() between reads and invalidation can replace a folio with a higher-order folio, causing a NULL pointer dereference while holding the RCU read lock. The patch handles the race by returning early; the next call will locate the n...

CVE-2022-49848

In the Linux kernel, the vulnerability affects the phy: qcom-qmp-combo driver . The root cause was treating the PCS_USB registers as potentially separate from PCS registers, but using the wrong base when no PCS_USB offset is provided. This caused a potential dereference of a NULL pointer during r...

CVE-2023-35827

CVE-2023-35827 : A use-after-free in the Linux kernel up to version 6.3.8 is reported, specifically in ravb_remove() inside drivers/net/ethernet/renesas/ravb_main.c. The issue arises from a use-after-free in the Renesas AVB/RAVB driver, as described in Astra Linux and Nessus feeds. The vulnerabil...

CVE-2023-52502

The CVE-2023-52502 issue affects the Linux kernel’s NFC subsystem, specifically a race in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() that can lead to use-after-free (UAF). The root cause is a reference on a socket produced during a lookup while holding a lock, which should be taken before rel...

CVE-2023-52593

CVE-2023-52593 concerns a potential NULL pointer dereference in the Linux kernel’s wifi driver wfx. The issue arises because ieee80211_beacon_get() can return NULL, and wfx_set_mfp_ap() did not validate this before inspecting skb data. The fix converts wfx_set_mfp_ap() to return an error code whe...

CVE-2023-52700

The CVE-2023-52700 issue affects the Linux kernel TIPC subsystem. Root cause: a missing/incorrect copy direction for the iov_iter when copying to/from an iterator could trigger a kernel stack trace during sending a SYN message. The referenced commit a41dad905e5a fixed the problem by initializing ...

CVE-2023-53056

CVE-2023-53056 affects the Linux kernel and concerns the SCSI qla2xxx driver where IOCB counts were out of order. This could block commands, leading to a system hang with a NULL pointer dereference trace. The issue is resolved by synchronizing the IOCB count to the correct order. The provided sou...

CVE-2024-24861

CVE-2024-24861 affects the Linux kernel xc4000 media driver (xc4000_get_frequency) with a race condition that can cause a return-value overflow, potentially leading to malfunction or denial of service. Data from multiple sources confirms the issue originates in the xc4000 driver and is tied to Li...

CVE-2024-26736

CVE-2024-26736 (Linux kernel afs): A local vulnerability in afs_update_volume_status() where volume->vid is limited to 20 characters, risking a buffer overflow. The fix increases idbuf size from 20 to 24 and uses snprintf to prevent overflow. Affected: Linux kernel (afs subsystem). Reported by...

CVE-2024-36893

CVE-2024-36893 – Linux kernel : A NULL pointer dereference in usb: typec: tcpm due to typec_register_partner() not guaranteeing partner registration. If port->partner is invalid (NULL or an error value) and is not checked before dereferencing, it can crash the kernel (e.g., kernel NULL pointer...

CVE-2024-39496

CVE-2024-39496 affects the Linux kernel, specifically the btrfs: zoned code path. The issue is a use-after-free caused by a race between loading a zone’s info during block group creation and an ongoing device replacement; if the device being loaded is the source of the replacement, the device can...

CVE-2024-41070

The CVE-2024-41070 issue is a use-after-free in KVM on PPC Book3S HV. The code path kvm_spapr_tce_attach_iommu_group() reads stt from tablefd, then fdputs the fd and uses stt after the fd is released, allowing a race that frees stt via release_spapr_tce_table() (RCU) and can lead to UAF even with...

CVE-2024-42122

CVE-2024-42122 concerns the Linux kernel’s drm/amd/display where a NULL pointer could be produced by kzalloc and used without checking. The fix adds a NULL pointer check before using the allocated memory. Affected subsystem: AMD display kernel code; root cause: missing validation of kzalloc retur...

CVE-2024-43893

CVE-2024-43893 (Linux kernel) fixes a divide-by-zero in uart_get_divisor triggered by TIOCSSERIAL with an invalid baud_base when uartclk becomes zero. The patch adds a zero-check for uartclk in uart_set_info() before subsequent serial_setup calls, preventing a divide-by-zero and potential oops on...

CVE-2024-44939

The CVE-2024-44939 entry describes a Linux kernel vulnerability in the JFS filesystem (dtInsertEntry in fs/jfs/jfs_dtree.c). The issue arises when a pointer h equals p; after UniStrncpy_to_le writes the name, p->header.flag is cleared, causing the test p->header.flag & BT-LEAF to flip from ...

CVE-2024-46685

CVE-2024-46685 is a Linux kernel vulnerability involving the pinctrl/pinmux subsystem. The issue was a potential NULL dereference: pinmux_generic_get_function() could return NULL and PCS_get_function() dereferenced the pointer without NULL-checks. The fix adds a NULL check for the function pointe...

CVE-2024-46751

CVE-2024-46751 affects the Linux kernel's BTRFS path btrfs_lookup_extent_info(), where a 0 reference count could trigger a BUG_ON(). The fix replaces BUG_ON() with returning -EUCLEAN, aborting the transaction, and logging an error. This is documented in Debian/Ubuntu advisories and included in pa...

CVE-2024-46765

CVE-2024-46765 (Linux kernel) vulnerability in the ice driver relates to race conditions between XDP setup and PF reset paths. The issue arose because ice_xdp() and ice_vsi_rebuild()/PF reset code accessed shared resources without proper synchronization, risking a NULL pointer dereference during ...

CVE-2024-47679

CVE-2024-47679 is a race in the VFS/inode lifecycle within the Linux kernel. The race occurs between inode eviction paths (evict_inodes and i_count handling) and btrfs/iget/find_inode flows, where an inode could be evicted while a thread is concurrently searching or using it, leading to inconsist...

CVE-2024-47709

Concretely, CVE-2024-47709 concerns the Linux kernel bcm driver path: after remove_proc_entry() bcm_notify() previously left bo->bcm_proc_read set, causing bcm_release() to trigger an extra remove_proc_entry(). The fix clears bo->bcm_proc_read after remove_proc_entry() in bcm_notify(), prev...

CVE-2024-49850

The CVE affects the Linux kernel: a malformed BPF_CORE_TYPE_ID_LOCAL relocation referencing a non-existing BTF type can trigger a NULL pointer dereference in bpf_core_calc_relo_insn. The issue is fixed by adding an upper-call-stack check to reject malformed relocations passed from user space. Rep...

CVE-2024-49900

CVE-2024-49900 (Linux kernel) : Fixes an uninitialized access in jfs/xattr.c where ea_buf->new_ea was not initialized, causing an uninit-value path observed by KMSAN in lzo1x_1_do_compress. The patch initializes the buffer by applying memset at the start of ea_get(), preventing uninitialized w...

CVE-2024-49963

CVE-2024-49963: Linux kernel BCM2835 mailbox timeout during suspend fixed. Root cause: during noirq suspend, the BCM2835 mailbox IRQ is disabled, causing rpi_firmware_property_list() to timeout due to firmware transaction timeouts. Patch fixes the issue by setting the mailbox IRQ to IRQF_NO_SUSPE...

CVE-2024-49965

CVE-2024-49965 concerns the Linux kernel OCFS2 subsystem. The issue originated from ocfs2_read_blocks() where an unlock balance problem occurred due to an unlock released before exit. The referenced patch series “Misc fixes for ocfs2_read_blocks” (v5) fixes two patches: the first corrects the bad...

CVE-2024-50124

CVE-2024-50124: The Linux kernel Bluetooth ISO path fixed a use-after-free (UAF) on iso_sock_timeout. conn->sk could be unlinked/freed while iso_conn_lock is waiting, with the fix validating conn->sk by ensuring it is part of iso_sk_list before use. Impact is high for local access scenarios...

CVE-2024-50259

CVE-2024-50259 affects the Linux kernel via the netdevsim component. The issue is caused by missing a trailing NUL after copy_from_user() in nsim_nexthop_bucket_activity_write(), which could affect string handling in that function. A fix adds the trailing zero to ensure proper operation. The CVE ...

CVE-2024-50271

CVE-2024-50271 (Linux kernel) : The issue concerns the RLIMIT_SIGPENDING override logic. A fix restores the previous behavior by passing override_rlimit into inc_rlimit_get_ucounts() and skipping the max comparison when override_rlimit is set, making the rlimit enforcement unconditional again. Wi...

CVE-2024-56728

CVE-2024-56728: Linux kernel vulnerability in octeontx2-pf (otx2_ethtool.c) where otx2_mbox_get_rsp could return an error pointer that was not checked. The fix adds an explicit error pointer check after calling otx2_mbox_get_rsp(), preventing potential dereference of a NULL/err pointer. The vulne...

CVE-2024-56745

CVE-2024-56745 : Linux kernel vulnerability where reset_method_store() leaked allocated memory (via kstrndup) when parsing a string with strsep, because options could be freed after strsep nulled it. A fix preserves the original options string by iterating with a separate tmp_options, preventing ...

CVE-2024-57932

CVE-2024-57932: In the Linux kernel exFAT filesystem, there is a fixed bug that could cause an infinite loop in exfat_readdir() when a cluster chain is corrupted. The related advisory describes the root cause as a loop condition in directory reading and notes that a patch was applied to prevent t...

CVE-2025-21726

In CVE-2025-21726, the Linux kernel padata subsystem had a use-after-free (UAF) in the reorder_work path. The root cause was that the previous patch did not hold a reference to 'pd' long enough when queuing reorder_work. The fix is to take a reference to 'pd' before queuing reorder_work and to ke...

CVE-2025-21781

CVE-2025-21781 is a memory-safety crash in the Batman-adv networking module of the Linux kernel. The issue stems from improper reference counting for batman-adv objects during interface removal, which can lead to a crash when a soft interface goes away before ongoing work completes (notably durin...