13804 matches found
CVE-2009-3621
The CVE-2009-3621 issue affects the Linux kernel up to version 2.6.31.4 and earlier, specifically in net/unix/af_unix.c. The vulnerability allows a local attacker to cause a denial of service (system hang) by: (1) creating an abstract-namespace AF_UNIX listening socket, (2) performing a shutdown ...
CVE-2022-49295
CVE-2022-49295 documents a race in the Linux kernel nbd subsystem: during module removal, netlink command handling can race with cleanup unless genl_unregister_family() is called first in nbd_cleanup(). The described oops is a NULL pointer dereference (addr 0x98) in down_write(), with a trace thr...
CVE-2022-49378
CVE-2022-49378 concerns a Linux kernel driver issue in the sfc/efx10 path where TX queue initialization can fail when modparam efx_separate_tx_channels=1 causes some channels to have only RX or only TX queues. The root cause is an incorrect determination of whether a channel has TX queues, which ...
CVE-2022-49412
CVE-2022-49412 describes a Linux kernel vulnerability in bfq where merging two bfqq queues could occur with different parent cgroups, potentially leading to a use-after-free if the parent changes between decision to merge and bfq_setup_merge() call. The root cause is reparenting of bfqqs (e.g., d...
CVE-2022-49426
CVE-2022-49426 : Linux kernel iommu/arm-smmu-v3-sva had a use-after-free when freeing the MM context because arm64_mm_context_put() ran without a held reference. The root cause is not holding a reference to the MM during unpinning, allowing it to be freed prematurely. The fix is to call mmgrab()/...
CVE-2022-49504
The CVE-2022-49504 issue affects the Linux kernel SCSI lpfc path, where after an external loopback test the system oopsed in llpfc_set_rrq_active() due to a mismanaged ABTS completion and ref counting. The root cause was a mixup in completing the new FLOGI/ABTS flow, causing the original ABTS to ...
CVE-2023-31082
CVE-2023-31082 : In Linux kernel 6.2, the issue arises from a sleeping function invoked from an invalid context in gsmld_write (drivers/tty/n_gsm.c), which can block the kernel. The vulnerability is explicitly tied to the affected component and context, with the impact described as potentially ca...
CVE-2023-52993
CVE-2023-52993 affects the Linux kernel’s x86/i8259 legacy interrupt handling. The root cause is that IRQ_LEVEL was not set for legacy PIC interrupts, allowing a spurious APIC interrupt on IRQ0 to trigger a software resend of the legacy timer interrupt, which in the softirq/tasklet context can yi...
CVE-2024-26741
CVE-2024-26741 concerns the Linux kernel DCCP/TCP path: when a connect() on an unbound socket occurs, the kernel searches for an ephemeral port, may reuse a bucket in ehash, and marks inet_num. If a concurrent allocation then fails for the corresponding bhash2 bucket, the code must revert by chec...
CVE-2024-26839
CVE-2024-26839 affects the Linux kernel: a memleak in IB/hfi1’s init_credit_return when dma_alloc_coherent fails to allocate dd->cr_base[i].va; proper cleanup should deallocate dd->cr_base and any previously allocated dd->cr_base[i] to avoid leaks. The issue is resolved by the kernel fix...
CVE-2024-35907
Mode C: The CVE-2024-35907 issue affects the mlxbf_gige driver in the Linux kernel (BlueField-3 SmartNIC). The root cause is a NULL pointer dereference in mlxbf_gige_open() when kdump is enabled, traced to a pending RX interrupt that fires before request_irq(RX IRQ) is called, causing an interrup...
CVE-2024-41098
CVE-2024-41098 is a Linux kernel vulnerability in the libata-core path. The issue arises when ata_port_alloc() fails during ata_host_alloc(); ata_host_release() then frees ata_port struct members unconditionally, which can cause a NULL pointer dereference (BUG: page fault). The provided trace sho...
CVE-2024-44975
CVE-2024-44975 is addressed in vendor advisories tied to Linux kernel cgroup/cpuset: fix panic caused by partcmd_update. MiracleLinux AXSA:2025-10392:38 (kernel 5.14.0-570.12.1.el9_6) details the root cause as incorrect rebuilding of scheduling domains when partcmd_update triggers; CVE entry note...
CVE-2024-49868
CVE-2024-49868 : Linux kernel (btrfs) vulnerability causing a NULL pointer dereference in btrfs_update_reloc_root during balance/relocation cleanup. Root cause: a window where fs_info->reloc_ctl can be NULL between set_reloc_contrl() andunset_reloc_control(), leading to dereferencing NULL in c...
CVE-2024-49877
CVE-2024-49877 : In the Linux kernel, OCFS2 may dereference a NULL pointer during cleanup in ocfs2_set_buffer_uptodate() when bh is NULL and flags do not include OCFS2_BH_READAHEAD. This can trigger a NULL pointer dereference in the investigated code path. The CVE is characterized as a local, low...
CVE-2024-49921
CVE-2024-49921 concerns the Linux kernel DRM display driver (drm/amd/display) specifically around null-pointer usage; fixes were applied to ensure pointers such as dc->clk_mgr are checked before use, addressing 10 FORWARD_NULL issues reported by Coverity. The connected OSV entries confirm patc...
CVE-2024-50017
CVE-2024-50017 affects the Linux kernel’s identity-mapping code (x86/mm/ident_map). When ident_pud_init() creates identity maps using only GB pages, it can map large address ranges not requested (a 4K request could yield a full 1GB mapping), potentially including BIOS-reserved areas. This enables...
CVE-2024-50280
CVE-2024-50280 : In the Linux kernel, the dm cache feature was fixed to avoid warning in flush_work() when cache creation fails due to destroying an uninitialized delayed_work waker. Root cause: cancel_delayed_work_sync() remained in the error path of cache_create(), risking a WARN_ON in certain ...
CVE-2024-53119
CVE-2024-53119 affects the Linux kernel virtio/vsock code and fixes a memory-leak in the accept_queue during socket destruction. The root cause is that accept_queue entries enqueued after a flush could be left behind before SOCK_DONE is set, causing leaks when sockets are torn down. The fix intro...
CVE-2024-57874
Mode C — Normal (details available) CVE-2024-57874 affects the Linux kernel on arm64 where the function tagged_addr_ctrl_set() uses a temporary variable that is not initialized when performing a zero-length SETREGSET, potentially leaking memory from the kernel stack (up to 64 bits). The issue ari...
CVE-2024-58064
Technical details for CVE-2024-58064 are not provided in the given documents; no affected products, impact, or fix are specified here. Monitor for updates from vendor/advisory sources.
CVE-2025-21714
CVE-2025-21714 : Linux kernel RDMA/mlx5: fix implicit ODP use after free. The issue could lead to invalidating the MR twice, queuing MR destroy work twice, and a race where the second work runs after the first freed MR, causing a user-after-free and refcount underflow. The fix uses __xa_cmpxchg()...
CVE-2025-21804
CVE-2025-21804 affects the Linux kernel in the PCI subsystem for rcar-ep. The root cause is an incorrect variable used when calling devm_request_mem_region(), where a stack-allocated string temporarily stored a dynamic resource name and was passed as a macro argument, causing undefined behavior. ...
CVE-2025-21826
CVE-2025-21826 affects the Linux kernel nf_tables: a mismatch between field_len-derived key field lengths and the total set key length can be rejected, allowing mismatched values to slip through due to register-based arithmetic. The issue has been resolved in the Linux kernel; the provided source...
CVE-2025-21855
Summary (CVE-2025-21855, Linux kernel): The ibmvnic driver is affected by a use-after-free in ibmvnic_xmit caused by referencing skb memory after flushing the transmit buffer to VIOS. A race between skb length access and memory free (triggered by VIOS interrupts) can lead to a UAF condition, as e...
CVE-2025-22054
CVE-2025-22054: Linux kernel vulnerability in arcnet handling (com20020pci_probe) where devm_kasprintf() can return NULL, leading to a NULL pointer dereference. The fix adds a NULL check after devm_kasprintf() and ensures no resources are leaked. Connected docs (Ubuntu Unity/Linux advisories) con...
CVE-2025-22060
CVE-2025-22060 concerns the Linux kernel mvpp2 parser TCAM/SRAM memory. The issue arises when concurrent accesses to the indirect TCAM/SRAM tables via an index register are not atomic, enabling TOCTOU-like corruption when mvpp2_set_rx_mode() runs on multiple CPUs. In the described scenario, this ...
CVE-2025-23144
The CVE-2025-23144 issue affects the Linux kernel backlight subsystem (led_bl/led_sysfs). Root cause: led_sysfs_enable() was not guaranteed to run with the led_access lock held, leading to a lockdep warning during led-backlight removal; the patch enforces holding the led_access lock when calling ...
CVE-2025-37768
The CVE-2025-37768 entry concerns the Linux kernel DRM-AMD PM component. Public docs confirm the vulnerability is in drm/amd/pm: a division by zero can occur when the user sets a speed value greater than UINT_MAX/8, allowing a local attacker to trigger a crash. The issue has been resolved in the ...
CVE-2025-37769
CVE-2025-37769 (Linux kernel): A division-by-zero condition exists in the DRM AMD SMU11 path (drm/amd/pm/smu11) when a user sets a speed value greater than UINT_MAX/8. The vulnerability is fixed in the kernel by a commit cherry-picked from da7dc714a8f8e1c9fc33c57cd63583779a3bef71, as reported by ...
CVE-2025-37788
CVE-2025-37788 affects the Linux kernel cxgb4 memory handling: in cxgb4_init_ethtool_filters(), a memory leak can occur if loc_array is allocated but bmap allocation fails, because the free path only frees from (i-1) iterations. The fix frees loc_array in the bmap error path, mitigating the leak....
CVE-2025-37875
CVE-25-37875 concerns the Linux kernel igc/PTM logic. The issue arose from writing to clear the PTM status 'valid' bit while a PTM cycle was in progress, causing unreliablePTM operation. The fix disables PTM trigger most of the time and limits triggering to very brief windows (roughly 10–100 μs) ...
CVE-2009-1192
CVE-2009-1192 affects the Linux kernel AGP subsystem (drivers/char/agp/generic.c) where two functions, agp_generic_alloc_page and agp_generic_alloc_pages, do not zero out pages that may later be exposed to a user-space process. This can allow local users to read pages and obtain sensitive informa...
CVE-2009-1895
The vulnerability CVE-2009-1895 affects the Linux kernel’s personality subsystem prior to 2.6.31-rc3, where PER_CLEAR_ON_SETID fails to clear ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO when executing a setuid/setgid program. This enables local users to exploit memory‑layout details to perform NULL poi...
CVE-2010-4163
The CVE-2010-4163 issue affects the Linux kernel, where blk_rq_map_user_iov in block/blk-map.c is vulnerable before version 2.6.36.2. A local attacker can trigger a denial of service (kernel panic) by submitting a zero-length I/O request via a device ioctl to a SCSI device. The description explic...
CVE-2011-1080
CVE-2011-1080 affects the Linux kernel prior to 2.6.39 via the do_replace path in net/bridge/netfilter/ebtables.c. The issue: a name field may not end with a null terminator, enabling a local user with CAP_NET_ADMIN to replace a bridge table and read potentially sensitive data from kernel stack m...
CVE-2011-1585
Technical details for CVE-2011-1585 are not publicly provided in the supplied connected documents. Monitor for updates from vendor advisories or security bulletins to obtain affected products, impact, and fixes.
CVE-2011-4131
CVE-2011-4131 affects the Linux kernel’s NFSv4 GETACL handling: the NFSv4 implementation does not correctly manage bitmap sizes when replying, allowing a remote NFS server to trigger a denial of service (OOPS) by sending an excessive number of bitmap words. The issue is fixed in or after the 3.2....
CVE-2011-4132
CVE-2011-4132 affects the Linux kernel’s Journaling Block Device (JBD) cleanup_journal_tail function. The vulnerability allows local users to trigger a denial of service (assertion error and kernel oops) when handling an ext3 or ext4 image containing an invalid log first block value. The descript...
CVE-2013-6367
CVE-2013-6367 affects the Linux kernel KVM implementation (arch/x86/kvm/lapic.c) up to version 3.12.5. The vulnerability lets guest-OS users cause a denial of service (divide-by-zero, host crash) by crafting modifications to the TMICT value. The MiracleLinux/Unity Linux Nessus entries explicitly ...
CVE-2014-3145
CVE-2014-3145 is disclosed in multiple Nessus advisories linked to the Linux kernel up to 3.14.3. The vulnerability resides in the BPF_S_ANC_NLATTR_NEST extension within sk_run_filter() in net/core/filter.c, where a reverse-order subtraction allows a local user to trigger an over-read leading to ...
CVE-2014-3646
CVE-2014-3646 affects the Linux kernel’s KVM implementation: arch/x86/kvm/vmx.c lacks an exit handler for the INVVPID instruction, enabling a local guest-user to crash the guest OS (DoS) via a crafted application. Public remote advisories in connected Nessus plugins confirm the issue exists in ke...
CVE-2014-9420
CVE-2014-9420 affects the Linux kernel iso9660 isofs rock.c: rock_continue does not bound the number of Rock Ridge continuation entries, allowing a local attacker crafting an ISO image to trigger an infinite loop and cause DoS (system hang/crash) on kernels up to 3.18.1. Public advisories from Ce...
CVE-2015-2041
CVE-2015-2041 affects Unity Linux kernels (20.1050e/20.1060e/20.1070e) where the Linux kernel before 3.19 contains an error in net/llc/sysctl_net_llc.c using an incorrect data type in a sysctl table. This local information-disclosure flaw allows an unprivileged local user to read potentially sens...
CVE-2017-6345
CVE-2017-6345 targets the LLC subsystem of the Linux kernel prior to 4.9.13, where a destructor is not guaranteed to exist in certain paths, enabling local users to trigger a denial-of-service (BUG_ON) or potentially other impact via crafted system calls. The vulnerability is fixed by the kernel ...
CVE-2017-8064
The CVE refers to Linux kernel 4.9.x and 4.10.x before 4.10.12 where the DVB-USB core (drivers/media/usb/dvb-usb-v2/dvb_usb_core.c) interacts incorrectly with CONFIG_VMAP_STACK. This can allow a local attacker to cause a denial of service (system crash or memory corruption) or other impact by abu...
CVE-2018-12928
CVE-2018-12928 concerns Linux kernel 4.15.0 where a NULL pointer dereference can occur in hfs_ext_read_extent within hfs.ko during mounting a crafted HFS filesystem. Connected advisories note the issue in kernel packages and reference a security update (ELSA) and Nessus entries indicating affecte...
CVE-2018-14611
CVE-2018-14611 affects the Linux kernel up to version 4.17.10. The vulnerability is a use-after-free in try_merge_free_space() when mounting a crafted Btrfs image, caused by missing chunk type flag checks in fs/btrfs/volumes.c via btrfs_check_chunk_valid . In the provided connected documents, Nes...
CVE-2018-14614
CVE-2018-14614 concerns a Linux kernel issue up to version 4.17.10 where mounting an f2fs image triggers an out-of-bounds access in __remove_dirty_segment() within fs/f2fs/segment.c. Publicly documented details identify the affected component as the kernel’s f2fs filesystem driver, with a local a...
CVE-2019-16229
CVE-2019-16229 affects the Linux kernel (example: kernel version 5.2.14) where a NULL pointer dereference can occur because kfd_interrupt.c in amdkfd does not check the return value of alloc_workqueue. The Unity Nessus advisory reiterates this description and notes the security community disputes...