13804 matches found
CVE-2025-22066
CVE-2025-22066 concerns the Linux kernel SoC ASoC driver imx-card. The issue arises when devm_kasprintf() returns NULL due to memory allocation failure, and imx_card_probe() does not check for this, leading to a NULL pointer dereference. The vulnerability was resolved by adding a NULL check after...
CVE-2025-37741
CVE-2025-37741 affects the Linux kernel’s JFS filesystem. The issue stems from reading a fixed-disk inode (AIT) in raw mode during diReadSpecial(), where corrupted metapage data could cause the nlink value to be set to 0 on an iag inode during copy_from_dinode(), triggering a deadlock when diFree...
CVE-2025-37794
In CVE-2025-37794, the Linux kernel Wi‑Fi stack (mac80211) could purge the vif TX queue too late during ieee80211_do_stop(), allowing SKBs from the vif’s txq to be dequeued and processed after SDATA_STATE_RUNNING is cleared. This could occur due to a concurrent schedule_and_wake_txq path that deq...
CVE-2025-37799
CVE-2025-37799 : Linux kernel vmxnet3 driver XDP handling is fixed for malformed packet sizing in vmxnet3_process_xdp. The issue caused MTU-related connectivity problems when using XDP load balancing with IPIP encapsulation, where some packets (e.g., HTTP GET) could be oversized and, in rare case...
CVE-2025-37881
In CVE-2025-37881, the Linux kernel USB gadget aspeed driver (ast_vhub_init_dev) fixes a NULL pointer dereference by adding a NULL check for d->name (returned by devm_kasprintf). The issue could occur if devm_kasprintf() returns NULL, potentially leading to a crash. The patch, which references...
CVE-2025-37943
CVE-2025-37943 affects the Linux kernel wireless driver ath12k (DP_RX_DECAP_TYPE_NATIVE_WIFI). The issue is an invalid data access when hardware delivers packets with a length exceeding the maximum native Wi‑Fi header, potentially causing memory corruption in ath12k_dp_rx_h_undecap_nwifi. The adv...
CVE-2025-38152
CVE-2025-38152 affects the Linux kernel remoteproc subsystem. The root cause is the rproc_shutdown path not clearing rproc->table_sz, which allows a memcpy of loaded_table from rproc->cached_table to use a NULL rproc->cached_table after stopping, causing a kernel crash. The issue is repo...
CVE-2008-2136
The CVE-2008-2136 entry affects the Linux kernel SIT driver: a memory leak in ipip6_rcv (net/ipv6/sit.c) can be triggered by network traffic to a SIT tunnel, due to improper skb handling (pskb_may_pull and kfree_skb) and skb reference count management. Vulnerable on Linux kernel 2.4 up to 2.4.36....
CVE-2010-3850
CVE-2010-3850: In the Linux kernel, the ec_dev_ioctl function in net/econet/af_econet.c did not require CAP_NET_ADMIN, allowing local users to bypass access restrictions and configure econet addresses via an SIOCSIFADDR ioctl. Documented impact is local privilege/unauthorized configuration; fix a...
CVE-2011-1160
Technical details for CVE-2011-1160 are not publicly available in the supplied connected documents. The initial description identifies a kernel memory info leak in tpm_open (Linux kernel
CVE-2013-4345
CVE-2013-4345 is an off-by-one vulnerability in the Linux kernel’s crypto/ansi_cprng.c get_prng_bytes function, exploitable through requests for small data blocks up to kernel versions before 3.11.4. The issue allows context-dependent attackers to defeat cryptographic protections by mismanaging t...
CVE-2013-4387
CVE-2013-4387 affects the Linux kernel up to 3.11.4 in the IPv6 path. Specifically, net/ipv6/ip6_output.c does not correctly determine the need for UDP Fragmentation Offload (UFO) processing after queueing a large packet, enabling remote attackers to trigger memory corruption and a system crash v...
CVE-2014-2678
CVE-2014-2678 affects the Linux kernel (net/rds/iw.c). The rds_iw_laddr_check function can be triggered by a bind() on an RDS socket on systems lacking RDS transports, enabling local attackers to cause a NULL pointer dereference and a system crash (DoS). This is described as affecting kernels up ...
CVE-2014-4656
CVE-2014-4656 affects the Linux kernel ALSA sound control (sound/core/control.c). The vulnerability arises from multiple integer overflows in ALSA control handling, exploitable by local users via /dev/snd/controlCX to cause a denial of service. The issue is tied to (1) index values in snd_ctl_add...
CVE-2015-7990
Technical details beyond the initial description are not provided in the connected documents. No public details about CVE-2015-7990 are included here; monitor for updates.
CVE-2017-13693
CVE-2017-13693 affects Linux kernels up to 4.12.9. The acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils.c does not flush the operand cache, enabling a crafted ACPI table to trigger a kernel memory disclosure and bypass KASLR. This is a local, user‑space–driven information leak/pr...
CVE-2017-15537
The CVE-2017-15537 issue affects the x86 FPU state handling in the Linux kernel prior to 4.13.5. If a CPU supports xsave but not xsaves, ptrace() or rt_sigreturn() mishandles reserved xstate header bits, enabling local users to read other processes’ FPU registers. A fix is provided in Linux kerne...
CVE-2017-16527
CVE-2017-16527 affects the Linux kernel component sound/usb/mixer.c, vulnerable before version 4.13.8. A crafted USB device can trigger a snd_usb_mixer_interrupt use-after-free, causing denial of service or system crash. Exploitation vectors are local to physical USB device interaction. The conne...
CVE-2021-46283
CVE-2021-46283 affects the Linux kernel’s nf_tables_newset in nf_tables_api.c, where missing initialization of nft_set_elem_expr_alloc can trigger a NULL pointer dereference/GPF when a local user creates a netfilter table expression in their namespace, leading to a denial of service. The vulnerab...
CVE-2021-47236
CVE-2021-47236 : Linux kernel vulnerability in net:cdc_eem skb leak during USBNet transmission has been resolved. Root cause: in eem_tx_fixup(), original skb was not freed when skb_copy_expand() failed, allowing a leak if the clone status was not free’d. The fix frees the original skb in eem_tx_f...
CVE-2021-47311
CVE-2021-47311 is a Linux kernel memory use-after-free (UAF) vulnerability in net: qcom/emac, caused by private data (adpt) being used after free_netdev() is called. The fix moves free_netdev() to the end of emac_remove to ensure adpt is not accessed after the netdev is freed. Public advisories (...
CVE-2021-47356
CVE-2021-47356 : The issue is in the Linux kernel mISDN driver where its remove path could use-after-free a timer because del_timer() doesn’t wait for the handler to finish. The advisory notes the fix is to call del_timer_sync() to ensure the timer handler has finished and cannot reschedule. Affe...
CVE-2021-47606
CVE-2021-47606 affects the Linux kernel net: netlink af_netlink fix. The vulnerability arises from an empty skb usage, where skb->len=0 and skb->data_len=0 could trigger a division error in netem_enqueue during randomized corruption: skb->data[prandom_u32() % skb_headlen(skb)] ^= 1<
CVE-2022-48735
CVE-2022-48735 concerns a use‑after‑free in the Linux kernel ALSA hda LED class devices created by HD‑audio codec drivers. The issue arises because LED class devices are registered via devm_led_classdev_register() and tied to the codec device, but the devres release can execute before the devm ch...
CVE-2022-48743
CVE-2022-48743 (Linux kernel): The issue is in the amd-xgbe NIC path (net/amd-xgbe) where skb data length underflow could trigger BUG_ON() in skbuff.h, potentially causing kernel panics. The documented fix drops the packet when such underflows occur to handle hardware descriptor inconsistencies. ...
CVE-2022-48836
CVE-2022-48836 affects the Linux kernel. Root cause: usb_submit_urb() could accept endpoints of incorrect type because only bNumEndpoints was checked, not endpoint type, enabling a bogus URB as shown in the failure log. Fix: replace the old desc.bNumEndpoints check with usb_find_common_endpoints(...
CVE-2022-49060
CVE-2022-49060 is a Linux kernel vulnerability affecting the net/smc path, where a NULL pointer dereference could occur in smc_pnet_find_ib due to calling dev_name() with dev.parent without a NULL check. The fix implements a NULL-pointer check before the call to dev_name(), mitigating potential c...
CVE-2022-49123
CVE-2022-49123 affects the ath11k driver in Linux kernels where frames flush of management frames could deadlock, leading to queue flush failures. The vulnerability has upstream fixes (kernel commits referenced in the CVE entry) and downstream patches appear in OS advisories for Root-OS (Ubuntu 2...
CVE-2023-39197
The CVE-2023-39197 entry concerns an out-of-bounds read in Linux kernel Netfilter Connection Tracking (conntrack) for DCCP. A remote attacker could disclose kernel memory contents via crafted DCCP traffic due to copying an unbounded portion of the conntrack header; the issue is categorized as a k...
CVE-2023-52591
CVE-2023-52591 affects the Linux kernel’s reiserfs rename path. The issue arises when renaming a directory where the parent directory does not change; the VFS previously could touch a renamed directory due to lack of proper locking, risking filesystem corruption. The fix adjusts the reiserfs rena...
CVE-2023-53024
The CVE-2023-53024 entry concerns the Linux kernel BPF subsystem. Root cause: speculative store bypass (SSB) can cause a stack slot initially containing a pointer to be overwritten by a scalar without a subsequent lfence, enabling a potential speculative-pointer‑as‑scalar leak. The mitigation add...
CVE-2024-20040
CVE-2024-20040 affects MediaTek WLAN firmware (MT6XXX/MT79XX) and stems from an out-of-bounds write caused by improper input validation. This could enable remote escalation of privilege with no additional execution privileges required and no user interaction. The CVSSv3.1 base score is 8.8 (HIGH)...
CVE-2024-35984
CVE-2024-35984 is resolved in the Linux kernel by adding a NULL pointer check in __i2c_transfer to prevent a NULL function pointer dereference in i2c: smbus when the designware controller is used in target-only mode. Baruch reported an OOPS in this scenario due to the assumption that a transfer f...
CVE-2024-36964
CVE-2024-36964 affects the Linux kernel fs/9p implementation. It allows garbage in the 9P2000 perm bits to pass through, enabling the setting of the suid bit due to improper translation of RWX permissions; the unix extended bits are handled only on .u. The issue is local and relates to a permissi...
CVE-2024-40910
CVE-2024-40910: Linux kernel ax25 refcount imbalance fixed. The inbound path did not call netdev_hold() before accepting connections, causing refcount underflow on release and potential kernel panic. The patch adds netdev_hold() / ax25_dev_hold() during ax25_accept() so the refcount logic matches...
CVE-2024-42259
CVE-2024-42259 : Linux kernel fix for drm/i915/gem virtual memory mapping boundaries. The issue arose from calculating the mapped area size as the lesser of requested vs actual size, not accounting for partial mapping offsets, leading to potential page fault access. The patch now derives the tota...
CVE-2024-46849
CVE-2024-46849 — Linux kernel (ASoC: meson axg-card)Use-after-Free in axg_card_add_link Root cause: during axg-card link handling, buffer card->dai_link is reallocated in meson_card_reallocate_links(); this leads to a use-after-free if pad is initialized before memory is reallocated. The fix m...
CVE-2024-50108
CVE-2024-50108 affects the Linux kernel DRM-AMD display path. The issue arises from PSR-SU handling for Parade 08-01 TCON, where at boot and during fullscreen VA-API playback a ~1s black screen occurs and kernel warnings are logged when calling dmub_psr_enable(). The vulnerability is mitigated by...
CVE-2024-50203
CVE-2024-50203 affects the Linux kernel BPF trampoline path on arm64 when BPF_TRAMP_F_CALL_ORIG is enabled and tag-based KASAN is active. The issue arises because the stack address (bpf_tramp_image) is computed during size calculation using one address and then a heap address is used during code ...
CVE-2024-50269
CVE-2024-50269 is a Linux kernel vulnerability related to the Sunxi/MUSB USB PHY path. The issue occurs when the usb phy referenced as @glue->xceiv is accessed after it has been released, caused by the sequence of driver probe/unprobe and the release of the PHY via devm_usb_put_phy in sunxi_mu...
CVE-2024-53185
CVE-2024-53185 : In the Linux kernel, the SMB client could dereference a NULL pointer in crypto_aead_setkey() when negotiating encryption over SMB2/SMB3, due to @server->cipher_type not being set for SMB3.02. The fix adds a check to smb3_crypto_aead_allocate() and ensures cipher_type is set fo...
CVE-2024-53191
CVE-2024-53191 affects the Linux kernel, specifically the ath12k driver for WLAN (PCI/PCIE path). The issue arises when an initialization error during firmware handling leaves buffers dp->tx_ring[i].tx_status released, but they are freed again during device unbinding (ath12k_pci_remove), causi...
CVE-2024-56546
CVE-2024-56546 affects the Linux kernel in drivers/soc/xilinx, specifically xlnx_add_cb_for_suspend. The issue arises if kmalloc fails to allocate cb_data, because the error path does not free eve_data (missing kfree), potentially causing a memory leak and impacting availability. The patch adds t...
CVE-2024-56575
CVE-2024-56575 affects the Linux kernel component media: imx-jpeg. The issue is triggered when power suppliers are detached without proper synchronization with power management callbacks, risking kernel panic from a NULL-pointer dereference during dev_pm_domain_detach(). A fix ensures power suppl...
CVE-2024-56634
CVE-2024-56634 concerns a Linux kernel flaw in the GPIO grgpio driver: grgpio_probe can dereference a NULL after devm_kasprintf() returns NULL. The fix adds an explicit NULL check in grgpio_probe to prevent kernel NULL pointer dereference. Public advisories (e.g., Astra Linux and Debian/SEL advis...
CVE-2024-56773
CVE-2024-56773 : In the Linux kernel, a potential NULL pointer dereference could occur in kunit_device_driver_test() when kunit_kzalloc() returns NULL and is dereferenced without a NULL check. The patch adds a NULL check for test_state to mitigate this. The CVE details, including its impact and e...
CVE-2024-58010
The CVE-2024-58010 issue affects the Linux kernel binfmt_flat code on 32-bit systems, where an integer overflow could occur in the full_data computation (full_data = data_len + relocs * sizeof(unsigned long)). The provided description notes most sizes are capped at 256MB to avoid overflow, but th...
CVE-2025-21642
CVE-2025-21642 affects the Linux kernel’s MPTCP subsystem. The issue arises from using current->nsproxy/netns when accessing per-netns data via sysctl entries (net/mptcp/ctrl.c), which can diverge from the netns the table is associated with. The described consequence is a general protection fa...
CVE-2025-21861
CVE-2025-21861 : Technical details (affected product/component, root cause, impact, and fixes) are not provided in the supplied Connected documents; monitor for updates from vendors/security advisories.
CVE-2025-22056
The CVE-2025-22056 issue affects the Linux kernel nft_tunnel handling of NFTA_TUNNEL_KEY_OPTS_GENEVE attributes, where the parse/dump logic performed type conversions before pointer arithmetic, causing a slab-out-of-bounds write. The fix is to perform pointer addition using char* units and correc...