13804 matches found
CVE-2024-50132
Technical details for CVE-2024-50132 are not publicly available in the provided documents. Monitor for updates.
CVE-2024-50220
CVE-2024-50220 affects the Linux kernel fork path where userfaultfd (UFFD) observers can observe a fork. The issue is that the kernel could expose an incomplete VM address space to userland (via VMAs/uffd) when an error occurs during fork. The fix defers khugepaged/KSMM and disables UFFD_EVENT_FO...
CVE-2024-50252
CVE-2024-50252 describes a memory leak in the Linux kernel mlxsw spectrum_ipip implementation when changing the remote IPv6 address of an ip6gre net device. The root cause is that the driver failed to add the new address to its hash table and did not remove the old one, leading to leaks and a war...
CVE-2024-53043
CVE-2024-53043 : Linux kernel vulnerability in mctp i2c handling NULL header address. The issue arises when daddr can be NULL if there is no neighbour table entry, in which case the tx packet should be dropped; saddr may be NULL if a different protocol transmits a packet. This could affect transm...
CVE-2024-53187
CVE-2024-53187 affects the Linux kernel io_uring subsystem (io_pin_pages in io_uring/memmap.c). The issue arises from overflow/garbage uaddr handling when deriving size, enabling local attackers to trigger a fault; CVSSv3.1 metrics shown include Local attack, Low complexity, Low privileges, with ...
CVE-2024-53189
The CVE refers to a Linux kernel wifi nl80211 bounds-check error in nl80211_parse_sched_scan where the cfg80211_scan_request’s channels array uses a __counted_by to n_channels; the patch initializes the memory size with n_channels and updates after filling the array to prevent UBSAN-triggered war...
CVE-2024-53206
CVE-2024-53206: In the Linux kernel, a use-after-free of nreq in reqsk_timer_handler() was fixed by replacing inet_csk_reqsk_queue_drop_and_put() with __inet_csk_reqsk_queue_drop() and reqsk_put(), and by passing orec to reqsk_put() instead of the original req. The issue could occur when a reqsk ...
CVE-2024-56535
CVE-2024-56535 affects the Linux kernel’s wifi driver for RTW89 in the coex path. The issue arises from not validating the return value of kmalloc in btc_fw_set_monreg(), which may be NULL and lead to a NULL pointer dereference. A fix adds a NULL return check in btc_fw_set_monreg() to prevent der...
CVE-2024-56544
CVE-2024-56544 details a kernel fix where the udmabuf folios array was changed from kmalloc to kvmalloc_array to support larger allocations. Under PAGE_SIZE=4096, MAX_PAGE_ORDER=10 (4MB memory limit for kmalloc), an udmabuf larger than 4MB could fail with a warning and NULL return. The patch enab...
CVE-2024-56545
Technical details for CVE-2024-56545 are not provided in the supplied Connected documents. Public references describe a Linux kernel HID Hyper-V devres issue, but no additional exploit vectors or affected versions are included here; monitor for updates.
CVE-2024-56626
CVE-2024-56626 is a Linux kernel issue in the ksmbd_vfs_stream_write path. An offset supplied by the client can be negative when the ksmbd.conf setting 'vfs objects = streams_xattr' is used, enabling an out-of-bounds write to the allocated buffer. The vulnerability description notes the condition...
CVE-2024-56632
CVE-2024-56632 : Linux kernel — nvme-tcp: memory leak when creating a new control path fails. The fix ensures the tagset occupied by admin_q is freed if ctrl creation fails. From the provided metrics, the CVSSv3.1 base score is 5.5 (Medium) with HIGH availability impact; local attacker with LOW p...
CVE-2024-56660
CVE-2024-56660 : In the Linux kernel, the DR (Direct Routing) path for mlx5 may return either -EBUSY or -ENOMEM from dr_domain_add_vport_cap(), but the code can propagate an error pointer when -ENOMEM is returned. This can lead to a dereference of an error pointer inside dr_ste_v0_build_src_gvmi_...
CVE-2024-56683
Technical details for CVE-2024-56683 are not publicly available in the provided documents. No connected document confirms affected products, root cause, impact, or remediation. Monitor for updates from kernel/changelogs and trusted advisories.
CVE-2025-21745
CVE-2025-21745 affects the Linux kernel blk-cgroup subsystem. The root cause was a leak of the subsystem refcount in blkcg_fill_root_iostats() caused by iterating devices with class_dev_iter_(init|next)() without class_dev_iter_exit(). The fix ends the iteration with class_dev_iter_exit(), preven...
CVE-2025-21966
Summary (CVE-2025-21966): Linux kernel vulnerability in the dm-flakey feature, where memory corruption could occur due to an incorrect parameter passed to bio_init in the optional corrupt_bio_byte path. The issue has been fixed in the kernel, with related fixes cited in public kernel patches (e.g...
CVE-2025-22021
Summary (CVE-2025-22021): In the Linux kernel, the IPv6 SNAT path for socket lookups was missing a conntrack-based orig-tuple restoration, causing xt_socket to fail matching on SNATed IPv6 packets. Kubernetes uses IPv6 SNAT for pod-to-world traffic; in such environments, Cilium with Envoy relies ...
CVE-2025-22086
The CVE-2025-22086 entry affects the Linux kernel RDMA mlx5 flow: when cur_qp is non-NULL, the code compared QP numbers in the CQE against mlx5_ib_qp (FW QP) instead of mlx5_core_qp (FW QP number), risking mis-association of CQEs and potentially leading to a NULL pointer dereference. The issue is...
CVE-2025-22095
CVE-2025-22095 pertains to the Linux kernel PCI subsystem (brcmstb) and fixes an error path in regulator_bulk_get() handling. If regulator_bulk_get() returns an error and no regulators are created, the kernel previously did not set the regulator count to zero, which could cause a kernel panic whe...
CVE-2025-23157
CVE-2025-23157 affects the Linux kernel’s media/venus/hfi_parser. Root cause: init_codecs can be invoked multiple times by manipulated video firmware payload, causing codecs_count to exceed MAX_CODEC_NUM and trigger an out-of-bounds access. The fix resets the counter to start from the beginning t...
CVE-2025-37858
The CVE-2025-37858 issue affects the Linux kernel’s JFS filesystem. Root cause: AG size calculation in dbExtendFS() uses a 1 < 31 on 32-bit systems, this causes undefined behavior and invalid AG sizes (sbi->bmap->db_agsize). Impact: potential filesystem corruption during extend operation...
CVE-2025-37995
CVSS note: CVE-2025-37995 is a Linux kernel issue with a local exploit vector and a MEDIUM impact rating. The vulnerability arises in module handling of kobjects: in lookup_or_create_module_kobject(), an internal kobject is created using module_ktype, and a call to kobject_put() on the error path...
CVE-2009-1389
CVE-2009-1389 is a vulnerability in the Linux kernel RTL8169 NIC driver (drivers/net/r8169.c). A crafted long Ethernet frame can cause a buffer overflow, leading to kernel memory corruption and a crash (remote DoS) on affected systems. The issue affects kernels before 2.6.30; exploitation require...
CVE-2010-3067
CVE-2010-3067 affects the Linux kernel: an integer overflow in do_io_submit (fs/aio.c) in versions before 2.6.36-rc4-next-20100915 allows local users to cause a denial of service or possibly other impact via crafted io_submit usage. The vulnerability is rooted in improper handling within the io_s...
CVE-2010-5321
CVE-2010-5321 affects the Linux kernel videobuf subsystem (videobuf-core.c and related via videobuf-vmalloc.c) with a memory-leak vulnerability that can be exploited by local users via /dev/video mmap calls to trigger memory allocations and cause a denial of service. Public sources in the connect...
CVE-2014-2706
CVE-2014-2706 describes a race condition in the Linux kernel’s mac80211 subsystem (sta_info.c and tx.c) that, when handling network traffic in conjunction with the WLAN_STA_PS_STA (power-save) state, can cause a remote denial of service (system crash). The issue affects kernel versions prior to 3...
CVE-2014-7145
CVE-2014-7145 affects the Linux kernel SMB2_tcon() in fs/cifs/smb2pdu.c, where remote CIFS servers can trigger a NULL pointer dereference by deleting the IPC$ share during DFS referrals, potentially causing a denial of service. The issue is fixed in kernel 3.16.3 (per ChangeLog-3.16.3). Connected...
CVE-2015-1333
CVE-2015-1333 is a memory-leak vulnerability in the Linux kernel prior to 4.1.4. The issue is in the __key_link_end function within security/keys/keyring.c, where adding a key to a keyring via add_key can allow a local attacker to exhaust memory and cause a denial of service. Public advisories an...
CVE-2015-6252
CVE-2015-6252 refers to a vulnerability in the Linux kernel where the vhost_dev_ioctl path in drivers/vhost/vhost.c allows local users to trigger a denial of service (memory consumption) by issuing a VHOST_SET_LOG_FD ioctl that can cause permanent file-descriptor allocation. The description speci...
CVE-2016-3136
CVE-2016-3136 affects the Linux kernel up to version 4.5.0, where the mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c can be triggered by a crafted USB device without two interrupt-in endpoint descriptors. This allows physically proximate attackers to cause a denial of service (NU...
CVE-2017-16531
CVE-2017-16531 affects the Linux kernel before 4.13.6, where the driver/usb/core/config.c path allows a local user to trigger an out-of-bounds read via a crafted USB device, related to the USB_DT_INTERFACE_ASSOCIATION descriptor. Exploitation could cause a denial of service (kernel crash) and pot...
CVE-2019-15504
CVE-2019-15504 affects the Linux kernel driver at drivers/net/wireless/rsi/rsi_91x_usb.c, with a Double Free vulnerability in versions up to 5.2.9. The issue arises from crafted USB device traffic, which could be delivered locally or remotely via usbip/usbredir, leading to potential memory corrup...
CVE-2021-47646
CVE-2021-47646 (Linux kernel) involves a crash triggered by interactions around block, bfq: honor already-setup queue merges. The vulnerability arose when the commit 2d52c58b9c9b was merged and later reverted by ebc69e897e17; that revert did not introduce the bug, but actually exposed a UAF cause...
CVE-2022-49090
The CVE-2022-49090 entry concerns Linux kernel arch/arm64: Fix topology initialization for core scheduling. The issue arises when store_cpu_topology() does not call update_siblings_masks() before notify_cpu_starting(), causing core scheduling data structures to reflect an incorrect topology. If s...
CVE-2022-49297
CVE-2022-49297 is a Linux kernel vulnerability related to the NBD (network block device) disconnect flow that could cause IO hangs when a device is disconnected. The issue occurs in the NBD path during disconnect and socket clearing, with inflight requests potentially not completing due to how NB...
CVE-2022-49398
CVE-2022-49398 relates to the Linux kernel’s USB DWC3 gadget path. The vulnerability arises when traversing the cancelled_list during dwc3_gadget_ep_cleanup_cancelled_requests() while a pull-up disable sequence runs in parallel, causing a window where removing an item (n) and then the next item (...
CVE-2022-49433
The CVE-2022-49433 entry is confirmed with concrete details in connected advisories: in the Linux kernel RDMA/hfi1 driver, a path may call hfi1_free_devdata() with sdma_map_lock uninitialized if probe of hfi1 fails before sdma_map_lock is set up. This could lead to locking operations being perfor...
CVE-2023-26544
CVE-2023-26544 affects the Linux kernel 6.0.8 where a use-after-free occurs in fs/ntfs3/run.c:run_unpack due to a mismatch between NTFS sector size and media sector size. The issue is a use-after-free in NTFS handling; upstream fix is available (commit referenced). Remediation is to upgrade to a ...
CVE-2023-2860
CVE-2023-2860 is an out-of-bounds read vulnerability in the Linux kernel’s SR-IPv6 implementation, specifically in the processing of seg6 attributes. It stems from improper validation of user-supplied data, allowing a privileged local user to read beyond the end of an allocated buffer and disclos...
CVE-2023-51042
CVE-2023-51042 affects the Linux kernel up to 6.4.12 where amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c may dereference a freed fence (use-after-free). The issue is fixed in ChangeLog-6.4.12; Astra Linux bulletin also notes the same vulnerability. Impact details and remedia...
CVE-2023-53028
CVE-2023-53028 : Linux kernel vulnerability in wifi/mac80211 processing where reverting the memory-leak fix for ieee80211_if_add() (and the related path ieee80211_if_free called from free_netdev) can trigger a null-ptr-deref/GPF as shown by syzbot. Affected component is the wireless stack (mac802...
CVE-2023-6679
CVE-2023-6679 is a NULL pointer dereference in the Linux kernel DPLL netlink code (dpll_pin_parent_pin_set in drivers/dpll/dpll_netlink.c). The vulnerability allows local attackers to trigger a denial of service. Connected advisories (Red Hat, Oracle, MiracleLinux) indicate kernel updates/fixes a...
CVE-2024-26722
Technical details about CVE-2024-26722 (affected products, exact root cause, versions, impact, remediation) are not provided in the connected documents. Monitor for updated advisories for explicit fixes and affected platforms.
CVE-2024-26754
CVE-2024-26754 : In the Linux kernel, a use-after-free and null pointer dereference in gtp_genl_dump_pdp() was fixed. The root cause is that the gtp_net_ops pernet operations structure for the gtp subsystem must be registered before the generic netlink family is registered. Affected code path inv...
CVE-2024-26763
CVE-2024-26763 is a Linux kernel vulnerability in dm-crypt related to authenticated encryption. The issue arises when data is modified during encryption, which could produce an invalid tag. The fix copies the data into a clone bio and encrypts there, avoiding in-place modification and potential d...
CVE-2024-35811
In Astra Linux advisories, the brcm80211 component of the Linux kernel (brcmfmac) is affected by a use-after-free in brcmf_cfg80211_detach when a USB disconnect occurs (hotplug). The vulnerability stems from the cfg80211 detach path where a timer and its worker may still run after cfg is freed (c...
CVE-2024-35849
CVE-2024-35849 affects the Linux kernel btrfs_ioctl_logical_to_ino path. The issue is an information leak: a struct btrfs_data_container allocated with kvmalloc() is copied back to user space without zero-filling, exposing uninitialized memory (Bytes 40-65535) to user-space. The root cause is lac...
CVE-2024-38630
The CVE-2024-38630 issue affects Linux kernel watchdog code (watchdog: cpu5wdt.c) where del_timer() may fail to stop a running timer during module removal, allowing a use-after-free when a released port region is accessed by cpu5wdt_trigger(). The vulnerability is mitigated by switching the timer...
CVE-2024-40957
CVE-2024-40957: Linux kernel seg6 fix parameter passing when calling NF_HOOK() in End.DX4/End.DX6. input_action_end_dx4/6 pass NULL indev to NF_HOOK() in PREROUTING, risking kernel NULL pointer dereference (rpfilter_mt). Patch in affected kernel versions; remediation requires updating to a versio...
CVE-2024-42102
CVE-2024-42102 concerns a Linux kernel vulnerability in the dirty throttling path used by the mm/wb subsystem. The issue centers on assuming that dirty limits in page units fit in 32 bits and a patch series titled “mm: Avoid possible overflows in dirty throttling” was applied. The entry notes tha...