CVE-2024-53068

CVE-2024-53068 affects the Linux kernel’s ARM SCMI subsystem. The issue is a slab-use-after-free in scmi_bus_notifier caused by prematurely freeing scmi_dev->name in __scmi_device_destroy(); the release of scmi_dev->name is moved to scmi_device_release() to prevent use-after-free, per the p...

CVE-2024-53075

The CVE-2024-53075 entry concerns the Linux kernel riscv path used while populating cache leaves. Root cause: when ACPI is enabled, the code path early-returns and omits of_node_put for the CPU device node, creating a potential bad reference count. The fix moves the CPU node initialization to aft...

CVE-2024-53151

CVE-2024-53151: In the Linux kernel, the svcrdma path (xprtrdma) has an integer overflow in xdr_check_write_chunk() where an untrusted 32-bit segcount can be multiplied by rpcrdma_segment_maxsz and sizeof(*p), risking a buffer overflow. The description cites a commit that adds a parsed chunk list...

CVE-2024-56749

Technical details for CVE-2024-56749 are not publicly provided in the connected documents. No affected product/version specifics or remediation steps are present here. Monitor for updates from vendors/security advisories.

CVE-2025-21766

CVE-2025-21766 – Linux kernel: ipv4 PMTU update path uses RCU protection. __ip_rt_update_pmtu() must read the net structure under RCU to prevent reading a structure that can disappear. The connected documents confirm the root cause and indicate this has been resolved by introducing RCU protection...

CVE-2025-21975

Technical details for CVE-2025-21975 are not publicly provided in the supplied Connected documents. The entry description exists, but there are no explicit affected products/versions, impact, or fixes in the connected items. Monitor for vendor advisories.

CVE-2025-22090

CVE-2025-22090 affects the Linux kernel x86 PAT handling in fork() paths (copy_page_range). When track_pfn_copy() fails, the code previously could stumble over a dst VMA with no reservation or copied pages, causing untrack_pfn() to read PAT info from an unmapped page table. The documented fix: se...

CVE-2025-22113

CVE-2025-22113 — Linux kernel ext4 journal update race (mode C) Affects: Linux kernel with ext4 file system; involved components include ext4, JBD2 journaling, and the update path for superblock writes during shutdown/mount transitions. Summary: The issue arises when an error path can cause an in...

CVE-2025-37750

CVE-2025-37750: Linux kernel SMB client UAF in decryption with multichannel resolved. After commits f7025d861694 and b0abcd65ec54, multiple cifsd threads could access the AEAD crypto context simultaneously, causing a use-after-free during decryption. The issue triggered KASAN reports (gf128mul_4k...

CVE-2025-37819

CVE-2025-37819 affects the Linux kernel and relates to a use-after-free in irqchip/gic-v2m: gicv2m_get_fwnode() registered as pci_msi_get_fwnode_cb(). With ACPI, this callback can be invoked during PCI host bridge probing but is marked __init and freed prematurely, risking a crash (as per the vul...

CVE-2025-37840

CVE-2025-37840 concerns the Linux kernel MTD NAND code, specifically brcmnand, where a PM-resume path could trigger a WARN due to an uninitialized nand_operation that checks the chip select. The connected advisories confirm this as a fix: during platform suspend/resume, the code now calls a highe...

CVE-2010-3015

CVE-2010-3015 exists in the Linux kernel before 2.6.34: an integer overflow in ext4_ext_get_blocks() within fs/ext4/extents.c allows local users to trigger a denial of service (BUG and system crash) by performing a write to the last block of a large file, followed by a sync. Affected component: L...

CVE-2010-4081

CVE-2010-4081 affects the Linux kernel (sound/pci/rme9652/hdspm.c: snd_hdspm_hwdep_ioctl). The root cause is failure to initialize a structure, enabling local users to read potentially sensitive kernel stack memory via SNDRV_HDSPM_IOCTL_GET_CONFIG_INFO. Affected: kernel versions prior to 2.6.36-r...

CVE-2014-1738

CVE-2014-1738 is a Linux kernel vulnerability in the floppy driver (raw_cmd_copyout) where processing FDRAWCMD IOCTL calls could allow local attackers with write access to /dev/fd to read kernel heap memory. The flaw is described as an improper restriction of pointers during FDRAWCMD processing, ...

CVE-2014-3611

CVE-2014-3611 corresponds to a race condition in the Linux kernel’s KVM PIT emulation: the __kvm_migrate_pit_timer function in arch/x86/kvm/i8254.c, with affected versions up to and including 3.17.2. The vulnerability allows a guest OS user to trigger a host OS crash via incorrect PIT emulation. ...

CVE-2014-4699

CVE-2014-4699 affects the Linux kernel prior to 3.15.4 on Intel CPUs: a non-canonical saved RIP value in system calls that do not use IRET can be exploited via ptrace and fork to escalate privileges or trigger a denial of service (double fault). Multiple connected advisories (e.g., MiracleLinux A...

CVE-2015-4167

The CVE-2015-4167 issue affects the Linux kernel UDF code: udf_read_inode in fs/udf/inode.c fails to validate certain length values, enabling local attackers with crafted UDF filesystems to trigger DoS (incorrect data representation or integer overflow, OOPS). Impact is local access with potentia...

CVE-2016-2550

The CVE-2016-2550 issue affects the Linux kernel prior to 4.5. It arises from incorrect tracking of descriptor ownership and from sending each descriptor over a UNIX domain socket before closing it, enabling a local attacker to bypass file-des descriptor limits and cause memory‑exhaustion denial ...

CVE-2016-3699

CVE-2016-3699 affects the Linux kernel as used in Red Hat Enterprise Linux 7.2 and Red Hat MRG 2 when booted with UEFI Secure Boot. The issue allows local attackers to bypass Secure Boot restrictions and execute untrusted code by appending ACPI tables to the initrd. The connected documents corrob...

CVE-2017-6348

CVE-2017-6348 affects the Linux kernel: the hashbin_delete function in net/irda/irqueue.c improperly handles lock dropping, enabling a local user to trigger a denial of service through crafted IrDA device operations. The issue exists in kernels before 4.9.13 and is fixed by upgrading to 4.9.13 or...

CVE-2021-34981

CVE-2021-34981 concerns the Linux kernel’s Bluetooth CMTP module. The issue stems from failing to validate the existence of an object before performing free operations, enabling a local attacker to escalate privileges by executing code in the kernel context (double free). The vulnerability is lin...

CVE-2021-47284

CVE-2021-47284 (Linux kernel) relates to isdn: mISDN: netjet crash in nj_probe. The issue occurs when nj_setup may fail with -EIO, leaving card->irq initialized and >0; a subsequent nj_release frees an IRQ that wasn’t requested. The fix deletes the prior assignment to card->irq and keeps...

CVE-2021-47304

CVE-2021-47304 : Linux kernel fix for tcp_init_transfer() resetting icsk_ca_initialized, which could cause double-initializations of congestion-control modules (e.g., CDG) and memory leaks. Root cause: after tcp_init_transfer(), icsk_ca_initialized could be reset to 0 without a prior cc->relea...

CVE-2022-1043

CVE-2022-1043 concerns a flaw in the Linux kernel io_uring implementation that lets a local attacker corrupt memory, crash the system, or escalate privileges. The connected Nessus advisories (Unity Linux UTSA-2026-004760/003973) reproduce via kernel io_uring flaw; no specific patched version is l...

CVE-2022-34495

CVE-2022-34495: In the Linux kernel, rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c before 5.18.4 is reported to contain a double free. Affected product/version examples include upstream Linux kernels updated to 5.18.4 or later. The connected sources (e.g., Astra Linux security bulletin and vend...

CVE-2022-3543

CVE-2022-3543 affects the Linux kernel BPF component: the memory leak occurs in the unix_sock_destructor/unix_release_sock paths in net/unix/af_unix.c. The issue is localized to the BPF code handling UNIX sockets, and the vulnerability can lead to memory consumption/leaf exhaustion. A patch is av...

CVE-2022-48757

In the Linux kernel vulnerability CVE-2022-48757, information leakage occurs in /proc/net/ptype: within one net namespace, a packet socket created without binding to a device can expose the new packet_type to other namespaces by reading /proc/net/ptype. The fix adds a net pointer in packet_type t...

CVE-2022-49057

The CVE-2022-49057 issue occurs in the Linux kernel’s block/null_blk path where a timed-out poll request is removed from the poll list but not completed, causing a leak and preventing completion. The vulnerability is triggered when a poll request times out and is not finalized, leaving it in an i...

CVE-2022-49158

CVE-2022-49158 affects the Linux kernel SCSI driver qla2xxx. The issue is a warning generated when adisc is flushed, where an error code type did not match the expected type. The fix adds translation between error code types to avoid the warning (no documented exploit). The connected advisories c...

CVE-2022-49695

The CVE-2022-49695 entry affects the Linux kernel igb driver (igb_clean_tx_ring) and is a use-after-free bug triggered when the NIC is in XDP mode. The issue can occur when traffic is redirected to the igb NIC and the device is closed while traffic is flowing. It has been fixed in the kernel (see...

CVE-2022-49759

The CVE-2022-49759 entry concerns the Linux kernel vmw_vmci/VMCI path: the vmci_dispatch_dgs() tasklet calls vmci_read_data(), which uses wait_event() and can sleep in atomic context, risking deadlock. The fix replaces tasklets with threaded IRQs and removes tasklets usage entirely. Impact center...

CVE-2022-49864

Summary: CVE-2022-49864 is a Linux kernel vulnerability within the DRM/AMDKFD driver. The root cause is a NULL pointer dereference in svm_migrate_to_ram() in kfd_migrate.c (p dereferenced as NULL). The issue manifests as a potential kernel crash or denial of service via a local attack vector. The...

CVE-2023-52617

CVE-2023-52617 : Linux kernel PCI: switchtec device crash on surprise hot-remove fixed. The issue occurred when a PCI device was hot-removed while stdev->cdev was open; stdev_release() ran after switchtec_pci_remove(), risking a fatal page fault in DMA mode and a stale dev pointer during dma_f...

CVE-2024-26710

CVE-2024-26710 affects the Linux kernel on PowerPC with KASAN. The issue was that KASAN’s thread stack size increase was doubled, which could push a 32KB stack to 64KB and trigger build errors (arch/powerpc/kernel/switch.S). The resolved approach limits the stack size increase to cases where the ...

CVE-2024-27407

CVE-2024-27407 : In the Linux kernel, a vulnerability in the NTFS3 file system was fixed by adding an overflow check in mi_enum_attr() within fs/ntfs3. The issue was identified as a local, high-severity impact and is addressed by applying the patch described in the Ubuntu USN-7726-1 advisory, whi...

CVE-2024-36476

CVE-2024-36476 affects the Linux kernel (RDMA/rtrs path). The bug arises from declaring the ib_sge list inside the always_invalidate block, making it inaccessible later in the function and enabling a potential kernel NULL pointer dereference. The vulnerability is addressed by moving the ib_sge li...

CVE-2024-36484

CVE-2024-36484 is a Linux kernel vulnerability where the socket acceptance check was relaxed at accept time (net/ipv4/af_inet.c). The issue can arise when a process shuts down a listener before it enters accept, causing the child to reach accept() in FIN_WAIT1 status after the commit “tcp: defer ...

CVE-2024-36903

CVE-2024-36903 is a Linux kernel vulnerability related to potential uninitialized value access in IPv6 processing. The cited fix targets __ip6_make_skb() in the IPv6 path by mirroring the IPv4 correction: it now validates FLOWI_FLAG_KNOWN_NH on fl6->flowi6_flags instead of testing HDRINCL on t...

CVE-2024-36959

In CVE-2024-36959, the Linux kernel pinctrl subsystem fixed a refcount leak in pinctrl_dt_to_map() when propname allocation fails. The code now drops the recently taken reference by calling pinctrl_dt_free_maps() directly to avoid leak and potential exploitation via local access. Affected: Linux ...

CVE-2024-41081

CVE-2024-41081: Linux kernel vulnerability in ila_output() where race against softirq/RCU could corrupt net/dst_cache data if ila_output() is interrupted and re-entered under rcu_read_lock(). The root cause is attempting to block BH in ila_output() without disabling local BH, leading to potential...

CVE-2024-43098

CVE-2024-43098 is a Linux kernel issue in the i3c subsystem where a deadlock may occur due to double acquisition of i3cbus->lock during i3c_master_register() and related operations. The root cause is calling i3c_device_get_info() (and also i3c_device_info()) instead of using i3cdev->desc-&g...

CVE-2024-43858

CVE-2024-43858 : In the Linux kernel, the JFS filesystem has a fix for an array-index-out-of-bounds in diFree. The IBM bulletin lists this CVE among multiple kernel issues and does not provide a specific remediation version in the supplied documents. Technical detail: the issue is an array-index-...

CVE-2024-44942

CVE-2024-44942 concerns the Linux kernel’s f2fs inline data handling during garbage collection. According to the connected Astra Linux bulletin, the root cause is that an inline_data inode can be fuzzed, allowing a valid blkaddr in its direct node; when background GC migrates the block, a f2fs_bu...

CVE-2024-46753

CVE-2024-46753 affects the Linux kernel via the btrfs subsystem. Description: in walk_up_proc() the code previously BUG_ON(ret) after btrfs_dec_ref(); the error is now returned, indicating proper error propagation. The vulnerability is resolved in the Linux kernel as described in multiple advisor...

CVE-2024-46801

CVE-2024-46801 affects the Linux kernel, addressing a UAF risk in libfs get_stashed_dentry(). The vulnerability arises when get_stashed_dentry() dereferences a stashed dentry without proper RCUs protection. The fix replaces READ_ONCE() with rcu_dereference() to ensure RCU protection and clearer i...

CVE-2024-46865

CVE-2024-46865 affects the Linux kernel and stems from improper initialization of grc in relation to fou. The root cause is use of grc when fou may be NULL, leading to uninitialized access. The connected advisories (Astra Linux, Tencent/Tenable references) confirm the fix: grc must be initialized...

CVE-2024-47712

CVE-2024-47712: In the Linux kernel, a RCU usage issue in wifi/wilc1000 was fixed. In wilc_parse_join_bss_param, the code accessed the ies TSF field after the RCU read-side section, which is illegal. The TSF value is now stored in a local variable (ies_tsf) before releasing the RCU lock, and para...

CVE-2024-47735

CVE-2024-47735 concerns the Linux kernel: RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled and correct misuse of spin_lock_irq()/spin_unlock_irq() when spin_lock_irqsave()/spin_lock_irqrestore() was held. The description and connected docs show the issue originated from lock debugg...

CVE-2024-49955

CVE-2024-49955 : In the Linux kernel, ACPI battery handling fixes a crash when unregistering a battery hook. If a battery hook returns an error while adding a battery, the hook is auto-unregistered; the provider cannot detect this, and later calls to battery_hook_unregister() on an already-unregi...

CVE-2024-50109

In the Linux kernel, the md/raid10 subsystem is affected by a null pointer dereference in raid10_size(). The root cause is that in raid10_run(), when raid10_set_queue_limits() succeeds, the function’s return value is overwritten to zero; if subsequent steps fail, raid10_run() may return zero whil...