CVE-2025-22063

CVE-2025-22063 is a Linux kernel vulnerability in netlabel CALIPSO handling that can trigger a NULL pointer dereference when an IPv4 socket is used with an IPv6 connect. The issue arises from evaluating sk_fullsock(__sk) ? inet_sk(__sk)->pinet6 : NULL and accessing pinet6 for an IPv4 socket. A...

CVE-2025-37800

CVE-2025-37800 targets the Linux kernel driver core. A potential NULL pointer dereference in dev_uevent() could occur if userspace reads a uevent attribute while another thread unbinds the device, changing dev->driver from a valid pointer to NULL. The fix uses READ_ONCE() when fetching the dri...

CVE-2025-37865

CVE-2025-37865 affects Linux kernel net: dsa mv88e6xxx code. The bug arises when deleting VLANs on devices where MST is unsupported: mv88e6xxx_port_vlan_leave() calls mv88e6xxx_mst_put() which looks up an MST entry by sid. If the vtu/vlan population path fails to populate vlan.sid, a stale or zer...

CVE-2025-38240

The CVE-2025-38240 entry concerns a NULL pointer dereference in Linux kernel Mediatek DP/HPD path (mtk_dp_wait_hpd_asserted) when mtk_dp->drm_dev is not yet assigned, leading to NULL dereferences if drm prints are emitted in the call path. The issue is mitigated by changing error messages to u...

CVE-2009-4537

CVE-2009-4537 concerns the Linux kernel before 2.6.32.3, specifically the r8169 Ethernet driver (drivers/net/r8169.c). The vulnerability arises from not properly checking the size of frames that exceed the MTU, allowing remote attackers to cause a denial of service via crafted packets that exploi...

CVE-2011-2022

The CVE-2011-2022 issue affects the Linux kernel (drivers/char/agp/generic.c) prior to 2.6.38.5. The vulnerability is due to failure to validate a start parameter in the agp_generic_remove_memory function, enabling local users to gain privileges or cause a denial of service (system crash) via a c...

CVE-2017-16530

CVE-2017-16530 affects the Linux kernel uas driver (drivers/usb/storage/uas.c; uas-detect.h). The issue allows a local user to trigger a denial of service or potentially other impact via a crafted USB device, caused by an out-of-bounds read. Affected condition is the uas driver in the kernel prio...

CVE-2017-8924

CVE-2017-8924 affects Linux kernel

CVE-2017-9150

CVE-2017-9150 affects the Linux kernel prior to 4.11.1, where the function do_check in kernel/bpf/verifier.c fails to expose the allow_ptr_leaks setting to constrain the output of print_bpf_insn. This omission enables local attackers to leak sensitive address information through crafted bpf syste...

CVE-2019-18806

CVE-2019-18806 : A memory leak in the Linux kernel's ql_alloc_large_buffers() (drivers/net/ethernet/qlogic/qla3xxx.c) before 5.3.5 can be triggered by pci_dma_mapping_error() failures, allowing a local attacker to exhaust memory and cause a denial of service. The issue is rooted in qla3xxx leak b...

CVE-2021-3864

CVE-2021-3864 is a local privilege-escalation flaw in the Linux kernel involving how the dumpable flag is handled for descendants of certain SUID binaries. If a SUID binary sets real UID equal to effective UID and real GID equal to effective GID, the descendant’s dumpable value can become 1, so a...

CVE-2021-47063

CVE-2021-47063 concerns the Linux kernel DRM: bridge/panel code. The vulnerability arises because a devm-allocated drm_connector can outlive drm_mode_config_cleanup(), so the connector must be cleaned up when the bridge is detached to avoid use-after-free. The fix adds cleanup in panel_bridge_det...

CVE-2021-47582

CVE-2021-47582 affects the Linux kernel USB core (USBDEVFS_CONTROL/USBDEVFS_BULK) where usb_start_wait_urb() can wait uninterruptibly for a very large timeout. The fix changes do_proc_control() and do_proc_bulk() to use a killable wait and GFP_KERNEL instead of GFP_NOIO. Connected advisories (Mir...

CVE-2021-47657

CVE-2021-47657: In the Linux kernel, the vulnerability affects drm/virtio by risking a NULL pointer use in virtio_gpu_array_put_free() if virtio_gpu_object_shmem_init() fails. The problem arises when objs is NULL and virtio_gpu_array_put_free() is invoked. The fix is to ensure objs is not NULL in...

CVE-2022-48976

The CVE-2022-48976 case concerns Linux kernel netfilter flowtable_offload. A preemptible path used __this_cpu_add in flow_offload_queue_work(), which could trigger a BUG when called from a workqueue without bh disabled. The fix replaces __this_cpu_add with NF_FLOW_TABLE_STAT_INC_ATOMIC() in flow_...

CVE-2022-48989

CVE-2022-48989 (fscache) : In the Linux kernel, a race between fscache_cookie usage and cookie_lru/discard caused a NULL pointer dereference when a cookie was withdrawn while another thread used it. Root cause: the cookie state machine could transition to LRU_DISCARD after another thread started ...

CVE-2022-49156

The CVE-2022-49156 entry corresponds to a Linux kernel vulnerability in scsi: qla2xxx where a call into midlayer (fc_remote_port_delete) could sleep in interrupt context, causing a crash via scheduling while atomic. The fix schedules the call in non-interrupt context to avoid sleeping while atomi...

CVE-2022-49343

CVE-2022-49343 : In the Linux kernel, ext4 can encounter cycles in the h-tree stored in a directory. A maliciously corrupted filesystem could cause the kernel to access unallocated memory during a node split. The fix is to verify that traversed block numbers are unique.

CVE-2022-49347

CVE-2022-49347 concerns a Linux kernel issue in ext4 where a bug_on can trigger during ext4_writepages in delay allocation mode when inline data has been converted to an extent. The root cause described across the provided documents is a race: inline data may be destroyed before ext4_writepages r...

CVE-2022-49394

The CVE-2022-49394 entry describes a Linux kernel vulnerability in blk-iolatency where inflight IO counters could become imbalanced and IOs hang when a cgroup with iolatency is offline or disabled. The root cause is that enabled counters could be manipulated in iolatency_set_limit() and iolatency...

CVE-2022-49515

The CVE-2022-49515 issue affects the Linux kernel ASoC driver for cs35l41. It is caused by an out-of-bounds access in otp_packed_element_t where CS35L41_NUM_OTP_ELEM is defined as 100 but only 99 entries exist in otp_map_1/2[CS35L41_NUM_OTP_ELEM], triggering UBSAN shift-out-of-bounds warnings in ...

CVE-2022-49671

CVE-2022-49671 affects the Linux kernel RDMA/CM component. The issue is a memory leak in ib_cm_insert_listen where cm_id_priv resources allocated by cm_alloc_id_priv() are not freed if cm_init_listen() fails; an error unwind was missing and has been added to fix the leak. Connected sources refere...

CVE-2022-49673

CVE-2022-49673 concerns the Linux kernel where a KASAN warning in raid5_add_disk was mitigated by validating that rdev->saved_raid_disk is within expected limits during LVM tests (dm raid). The fix is described as adjusting the raid5_add_disks path to ensure bound checks, with the associated c...

CVE-2022-49902

CVE-2022-49902 concerns a Linux kernel memory-leak in rq_wb on add_disk failure. kmemleak reported 3 memory-leak instances; the leak stems from memory allocated in wbt_enable_default() not being freed in device_add_disk()’s error path. Normally, del_gendisk()/rq_qos_exit() would free rq_wb memory...

CVE-2023-52669

CVE-2023-52669 : In the Linux kernel, the s390/aes CTR code can overread the last block when data length isn’t a full block. The fix uses the actual remaining length and copies it into a buffer before processing, eliminating the overread. This is a local-attack surface issue that could enable a d...

CVE-2023-52988

CVE-2023-52988 — Linux kernel ALSA: hda/via : The issue arises in the HDA VIA path where snd_hda_get_connections() may return a negative error code, allowing an array access with a negative index in add_secret_dac_path(). This can lead to out-of-bounds access of the conn array, with potential imp...

CVE-2023-53010

The CVE-2023-53010 vulnerability concerns the bnxt Ethernet driver in the Linux kernel. A buffer overread could occur from reading past the end of test names due to concatenation across an offset beyond the end of the first name, triggering the buffer overflow detection logic. The root cause was ...

CVE-2023-53026

CVE-2023-53026 : Linux kernel RDMA/core fix to prevent an integer overflow in the ib block iterator when registering a DMA MR. If an sglist entry and chosen page size align poorly, the 32-bit counter that tracks progress through the sg entry can overflow to or beyond 4 GB, risking an infinite loo...

CVE-2023-53066

CVE-2023-53066 affects the Linux kernel in the qed_sriov path. The vulnerability arises from potential NULL dereferences in qed_iov_get_vf_info, and the fix guards against NULL pointers by validating the helper’s returned info before use. This is a local issue with the impact characterized as hig...

CVE-2024-26752

CVE-2024-26752 affects the Linux kernel L2TP/IP6 path: a miscalculated ulen in l2tp_ip6_sendmsg (ulen = len + skb_queue_empty(...) ? transhdrlen : 0) due to operator precedence caused incorrect transport-header accounting, leading to corrupted packets on the wire. The fix adds parentheses to alig...

CVE-2024-36972

CVE-2024-36972 : In the Linux kernel, a race between __unix_gc() and queue_oob() can occur for unix sockets if MSG_OOB is queued while unix_sk(sk)->oob_skb is being garbage-collected. The code previously touched oob_skb without holding the sk_receive_queue lock, allowing a concurrent update to...

CVE-2024-38599

CVE-2024-38599 : In the Linux kernel, the jffs2 subsystem had a vulnerability where an xattr node could overflow an eraseblock if its size exceeded the remaining space, risking fatal filesystem corruption. The fix adds a check that the requested xattr node size is no larger than eraseblock size m...

CVE-2024-38611

CVE-2024-38611 affects the Linux kernel media i2c et8ek8 driver. When the driver is built-in and uses __exit for the remove callback, the remove function may be discarded, causing the device to be unbound without cleanup and leading to resource leaks. The issue occurs because CONFIG_VIDEO_ET8EK8=...

CVE-2024-38621

CVE-2024-38621 affects the Linux kernel media stk1160 driver, specifically the stk1160_copy_video() path. The root cause is an incorrect unsigned subtraction in the overflow check, where the length and bytesused semantics cause an overflow condition to be evaluated as false. The patch fixes the b...

CVE-2024-44954

CVE-2024-44954 concerns a race in the Linux kernel ALSA subsystem: concurrent access to the line6 midibuf from URB completion callbacks and rawmidi API can trigger a KMSAN warning. The root cause is a data race on midibuf usage; Linux kernel patch added a spinlock to protect the midibuf call path...

CVE-2024-46742

CVE-2024-46742 is a Linux kernel vulnerability affecting the SMB server path where a potential null pointer dereference in smb2_open() could occur when lease_ctx_info is NULL (SMB2_OPLOCK_LEVEL_LEASE). The fix adds a NULL check for lease_ctx_info and also removes redundant parentheses in parse_du...

CVE-2024-46777

CVE-2024-46777 relates to the Linux kernel udf filesystem: the vulnerability arises when mounting a filesystem where the partition length would overflow 32-bit block numbers or where indexing into the block bitmap could be unsafe. The description in the initial CVE specifies that the fix is to av...

CVE-2024-46867

In CVE-2024-46867, the Linux kernel component drm/xe/client exhibited a deadlock and an atomic sleep issue in show_meminfo when the bo (buffer object) being destroyed had the last reference. The root cause was the destruction path attempting to grab the same spinlock, risking a sleep in atomic co...

CVE-2024-47673

CVE-2024-47673 affects the Linux kernel wifi iwlwifi mvm; root cause is that TCM is not paused when the firmware is stopped, causing a host command to be sent to a non-live firmware. This can trigger a WARNING and potential local impact. Connected docs indicate patched kernels/versions: e.g., Mar...

CVE-2024-47756

CVE-2024-47756 (Linux kernel) resolves a NULL-dereference vulnerability in PCI Keystone quirk handling. The code used a logical AND (&&) where a logical OR (||) was intended in ks_pcie_quirk(), potentially triggering NULL dereferences during PCI Keystone quirk evaluation. The fix corrects the if-...

CVE-2024-48881

CVE-2024-48881 concerns the Linux kernel’s bcache implementation. The issue was a NULL pointer dereference risk in cache_set_flush() caused by a changed check: the code could access c->root when previous registration failed before c->root was allocated. The patch reverts the IS_ERR check to...

CVE-2024-49888

CVE-2024-49888 – Linux kernel (BPF) sdiv/smod overflow fix . The issue affects the BPF subsystem where division by -1 can overflow for 64-bit operands (LLONG_MIN/-1) on x86_64, potentially triggering a kernel crash; on arm64, results differ (LLONG_MIN/-1 yields LLONG_MIN). The provided patch logi...

CVE-2024-49920

The CVE-2024-49920 entry concerns the Linux kernel DRM/AMD display subsystem. The vulnerability arises from a null-pointer risk in the AMD display path, where pointers such as stream_enc and dc->bw_vbios are used multiple times after a check that is only performed earlier in the function. The ...

CVE-2024-49999

CVE-2024-49999 — Linux kernel (afs subsystem) : In afs_wait_for_operation(), the code may set the server-responded flag after an operation loop exits, even if the server pointer (op->server) is NULL. This could lead to an invalid flag update and affect operation termination/availability. The v...

CVE-2024-50010

CVE-2024-50010 affects the Linux kernel’s exec path checks. The issue is a race in the path_noexec (and i_mode) checks that led to spurious WARN_ON warnings when noexec is toggled, rather than a real permission failure. The fix removes the redundant path_noexec WARN and updates commentary; no exp...

CVE-2024-50209

CVE-2024-50209 is a Linux kernel vulnerability related to RDMA/bnxt_re. The issue arises from memory allocation: __alloc_pbl() can return an error, and the driver does not check the status on one instance, risking a memory-alloc failure being mishandled. The connected Tencent/Tenable/Nessus advis...

CVE-2024-50244

CVE-2024-50244 affects the Linux kernel ntfs3 driver. Root cause: an additional check added in ni_clear() to validate NTFS_FLAGS_LOG_REPLAYING, preventing access to an uninitialized bitmap during the NTFS replay process. Impact: as described, availability is affected; other confidentiality/integr...

CVE-2024-53068

CVE-2024-53068 affects the Linux kernel’s ARM SCMI subsystem. The issue is a slab-use-after-free in scmi_bus_notifier caused by prematurely freeing scmi_dev->name in __scmi_device_destroy(); the release of scmi_dev->name is moved to scmi_device_release() to prevent use-after-free, per the p...

CVE-2024-53075

The CVE-2024-53075 entry concerns the Linux kernel riscv path used while populating cache leaves. Root cause: when ACPI is enabled, the code path early-returns and omits of_node_put for the CPU device node, creating a potential bad reference count. The fix moves the CPU node initialization to aft...

CVE-2024-53151

CVE-2024-53151: In the Linux kernel, the svcrdma path (xprtrdma) has an integer overflow in xdr_check_write_chunk() where an untrusted 32-bit segcount can be multiplied by rpcrdma_segment_maxsz and sizeof(*p), risking a buffer overflow. The description cites a commit that adds a parsed chunk list...