13804 matches found
CVE-2018-14614
CVE-2018-14614 concerns a Linux kernel issue up to version 4.17.10 where mounting an f2fs image triggers an out-of-bounds access in __remove_dirty_segment() within fs/f2fs/segment.c. Publicly documented details identify the affected component as the kernel’s f2fs filesystem driver, with a local a...
CVE-2019-16229
CVE-2019-16229 affects the Linux kernel (example: kernel version 5.2.14) where a NULL pointer dereference can occur because kfd_interrupt.c in amdkfd does not check the return value of alloc_workqueue. The Unity Nessus advisory reiterates this description and notes the security community disputes...
CVE-2019-19044
CVE-2019-19044 affects the Linux kernel prior to 5.3.11, via two memory leaks in v3d_submit_cl_ioctl() in drivers/gpu/drm/v3d/v3d_gem.c. The leaks can cause memory exhaustion and denial of service when kcalloc() or v3d_job_init() fail. The issue is addressed by upgrading to kernel 5.3.11 or apply...
CVE-2021-4148
CVE-2021-4148 : Linux kernel vulnerability in the function block_invalidatepage (fs/buffer.c) where a missing sanity check can allow a local user with privileges to cause a denial of service. The connected advisories corroborate a local DoS impact but do not provide vendor-specific patch details ...
CVE-2021-47400
CVE-2021-47400 affects the Linux kernel driver for the HNS3 NIC. The issue occurs when hns3_nic_net_open() is called repeatedly during concurrent device reset and tc setup, because there was no guard against repeated opens, allowing napi_enable to be invoked twice and triggering a kernel BUG. The...
CVE-2022-0264
CVE-2022-0264 : The Linux kernel eBPF verifier has a vulnerability in how it handles internal data structures, allowing leakage of internal kernel memory to userspace when eBPF code is inserted into the kernel. A local attacker with insertion privileges could exploit this to access kernel memory ...
CVE-2022-48765
The CVE-2022-48765 entry corresponds to a Linux kernel issue in KVM LAPIC handling during SET_LAPIC. The accompanying (unpatched) Nessus/OpenVAS notes describe a scenario where rebooting a guest with tsc-deadline mode not exposed can trigger a preemption timer cancellation via apic_update_lvtt(),...
CVE-2022-49063
The CVE (CVE-2022-49063) affects the Linux kernel in the ice driver’s ARFS feature, where use-after-free can occur when freeing @rx_cpu_rmap. The issue arises because free_irq_cpu_rmap() is invoked after (devm_)free_irq(), causing the code to operate on IRQ descriptors that may already be freed, ...
CVE-2022-49199
CVE-2022-49199 affects the Linux kernel RDMA/nldev path. The vulnerability comes from underflow in nldev_stat_set_counter_dynamic_doit() where an “index” is checked for an upper bound but not for negatives. The fix changes the index type to unsigned to prevent underflows. Affected component: RDMA...
CVE-2022-49220
CVE-2022-49220 affects the Linux kernel in the dax subsystem. The issue occurs when inodes are not flushed before destroying dax_cache, triggered by loading and unloading the nd_pmem modules. The root cause is in dax_fs_exit() not flushing inodes prior to cache destruction, which can lead to obje...
CVE-2022-49227
CVE-2022-49227 : In the Linux kernel igc driver, the ethtool RX-ring reconfiguration path copies an igc_ring structure but fails to reset the xdp_rxq_info member before igc_setup_rx_resources is called. This causes xdp_rxq_info_reg() to be invoked on an already registered xdp_rxq_info, leading to...
CVE-2022-49253
CVE-2022-49253 affects the Linux kernel in the media: usb: go7007: s2250-board path, where a leak is fixed by calling i2c_unregister_device(audio) on the error path during probe. Connected sources (SUSE Astra Linux advisories) confirm the fix is in this area. The CVE description in the initial do...
CVE-2022-49263
The CVE-2022-49263 case concerns a Linux kernel flaw in the brcmfmac: pcie path. The vulnerability is described as a memory-leak in the error path of brcmf_pcie_setup where firmware release occurs after brcmf_chip_get_raminfo fails; the CLM blob is released in the device remove path. Connected ad...
CVE-2022-49563
CVE-2022-49563 affects the Linux kernel crypto qat RSA path. The issue arises when copying the source scatterlist into a linear buffer: requests with a source buffer larger than the key are rejected to prevent a possible integer underflow. The CVE is listed as fixed in kernel updates, with relate...
CVE-2022-49605
Summary: CVE-2022-49605 concerns the igc Linux kernel driver. The issue arose because the IGC_REMOVED macro was not implemented, unlike the similar E1000/IGB patterns, allowing a PCIe detach scenario to trigger NULL dereferences after an 0xffffffff MMIO read. The connected documents describe the ...
CVE-2022-49927
CVE-2022-49927: Linux kernel NFSv4 kmemleak when allocating a slot failed. If a slot allocation fails, previously allocated slots must be cleaned up; otherwise, the allocated slots leak (example: unreferenced object 0xffff8881115aa100, size 64). The fix ensures cleanup of all allocated slots on f...
CVE-2023-34256
CVE-2023-34256 describes an out-of-bounds read in crc16 in lib/crc16.c when invoked from fs/ext4/super.c due to incomplete offset checks in ext4_group_desc_csum, affecting the Linux kernel up to but not including 6.3.3. The issue can enable local denial of service or information leaks via a craft...
CVE-2023-6039
CVE-2023-6039 : A use-after-free vulnerability in the Linux kernel’s LAN78XX USB Ethernet driver (lan78xx_disconnect in drivers/net/usb/lan78xx.c) can crash the system when a LAN78XX USB device is detached. The issue is local in scope and affects the network sub-system (net/usb/lan78xx). The CVE ...
CVE-2024-26695
CVE-2024-26695 affects the Linux kernel crypto: ccp and fixes a null pointer dereference in __sev_platform_shutdown_locked when the SEV platform device is shutdown with a null psp_master (e.g., DEBUG_TEST_DRIVER_REMOVE). The issue was observed via KASAN, showing a null-deref in __sev_platform_shu...
CVE-2024-26793
CVE-2024-26793 affects the Linux kernel gtp subsystem. The issue is a use-after-free and null pointer dereference in gtp_newlink() caused by incorrect registration order of gtp_link_ops relative to gtp_net_ops pernet structures. Syzkaller observed a general protection fault in gtp_genl_dump_pdp w...
CVE-2024-26970
CVE-2024-26970 affects the Linux kernel clock driver for Qualcomm IPQ6018 (clk: qcom: gcc-ipq6018). Root cause: frequency table arrays lacked a terminating empty element, risking out-of-bounds access when traversed by qcom_find_freq() or qcom_find_freq_floor(). Mitigation: patch adds an empty ter...
CVE-2024-27024
CVE-2024-27024 concerns the Linux kernel vulnerability in net/rds where a WARNING in rds_conn_connect_if_down could cause get_mr() to fail and trigger a connection after get_mr(). This is a local-attack surface (LOCAL) with high impact on confidentiality, integrity, and availability (CVE score in...
CVE-2024-35819
CVE-2024-35819 affects the Linux kernel subsystem soc: fsl: qbman, where smp_call_function is used and can run callbacks in hard IRQ context; to prevent potential sleeping-task issues on PREEMPT_RT, the advisory specifies using a raw spinlock for cgr_lock. The root cause is that smp_call_function...
CVE-2024-35848
The CVE-2024-35848 issue affects the Linux kernel’s eeprom: at24 path. The root cause is a race in memory handling where, if the eeprom is not accessible, an nvmem device is registered, reads fail, and the device can be torn down; a later access by another driver may reference invalid memory. The...
CVE-2024-35997
CVE-2024-35997 : In the Linux kernel, the HID i2c-hid driver had I2C_HID_READ_PENDING removed to prevent a lock-up. The flag was used to serialize I2C operations, but I2C core locking is already in place; if the flag is set in i2c_hid_xfer() and an interrupt occurs, i2c_hid_irq could spin in a lo...
CVE-2024-38545
CVE-2024-38545 : In the Linux kernel, RDMA/hns CQ destruction can race with asynchronous events, leading to a use-after-free if the CQ refcount is released concurrently. The issue is fixed by protecting the CQ refcount with a lock (xa_lock). Astra Linux’s security bulletin confirms the same vulne...
CVE-2024-40914
The CVE-2024-40914 entry concerns a Linux kernel memory management issue in mm/huge_memory. The root cause is that HWPoison could be set for huge_zero_folio without increasing the folio refcount, causing unpoison_memory() to decrement the folio’s refcount as if it were hwpoisoned, triggering VM_B...
CVE-2024-41017
Public technical details (affected products/versions, root cause, impact or patch) for CVE-2024-41017 are not provided in the connected documents. Monitor vendor advisories and CVE feeds for updates.
CVE-2024-41048
CVE-2024-41048 affects the Linux kernel. The bug arises in sk_msg_recvmsg() where a zero‑length skb (skb->len == 0) is enqueued; on Loongarch, this leads to a NULL page being passed to copy_page_to_iter(), then to page_address(), causing a kernel panic. The root cause is the zero‑length skb th...
CVE-2024-46679
CVE-2024-46679 (Linux kernel) : A race between sysfs reading of ethtool link settings and device removal can read state when the device is not present, causing a crash. The fix moves a device-presence check into ethtool (and related callers) to ensure link settings are only shown when the device ...
CVE-2024-46715
CVE-2024-46715: Linux kernel vulnerability in iio_info callback access where certain callbacks could be accessed without checks, leading to a NULL pointer dereference and potential kernel oops if a driver does not implement callbacks. The issue was fixed by adding missing validation for iio_info ...
CVE-2024-49897
CVE-2024-49897 concerns the Linux kernel DRM/AMD display path. The issue arises in drm/amd/display where dcn32_enable_phantom_stream can return NULL, leading to a NULL dereference if the returned value is used without checks. The fix adds a check for phantom_stream before use, addressing a NULL_R...
CVE-2024-50076
CVE-2024-50076 affects the Linux kernel. The issue lies in the vt subsystem where font.data may not initialize all memory spaces in con_font_get(), enabling a potential information leak. Root cause: memory from font data may be left uninitialized depending on the vc->vc_sw->con_font_get pat...
CVE-2024-50088
CVE-2024-50088 affects the Linux kernel’s Btrfs filesystem code. The issue is in add_inode_ref(), where a name struct is not initialized when declared; if read_one_inode() returns NULL for either parent or inode, name.name is freed during cleanup without being initialized. This uninitialized free...
CVE-2024-50140
CVE-2024-50140 involves a Linux kernel vulnerability in sched/core where page allocation is disabled during task_tick_mm_cid(). With KASAN and PREEMPT_RT enabled, a call to task_work_add() within task_tick_mm_cid() can sleep in an invalid context, triggering a BUG in stack/depot and related alloc...
CVE-2024-50164
The CVE-2024-50164 entry covers a Linux kernel BPF verifier regression where MEM_UNINIT was overloaded to mean both “buffer need not be initialized” and “buffer will be written to.” This allowed a BPF program to write to read-only maps (e.g., .rodata) when the buffer size was not a fixed constant...
CVE-2024-50193
CVE-2024-50193 affects the Linux kernel on x86. The vulnerability is in x86/entry_32 where CPU buffers were cleared after exc_nmi but before restoring registers. The fix moves CLEAR_CPU_BUFFERS to after RESTORE_ALL_NMI, addressing RDFS mitigation requirements. Public metrics show CVSS v3.1 base s...
CVE-2024-50224
This CVE affects the Linux kernel SPI driver spi-fsl-dspi, where a crash could occur when GPIO chip select is not used. The root cause is a NULL pointer dereference caused by not validating the return value of spi_get_csgpiod() before passing it to gpiod_direction_output(). The provided details d...
CVE-2024-50249
Mode C: Concrete details found. The CVE-2024-50249 issue in the Linux kernel arises from a lock-ordering problem in the CPPC/ACPI code: sugov_update_shared acquires a raw_spinlock while cpc_write holds a regular spinlock on cpc_ptr->rmw_lock, potentially causing a deadlock. The remediation is ...
CVE-2024-53065
CVE-2024-53065 concerns the Linux kernel slab allocator (kmem_buckets_create) where a duplicate kmem_cache creation can occur on arm64 when KASAN_HW_TAGS is enabled. The initial description explains that a previous patch reduced ARCH_KMALLOC_MINALIGN to 8, which, with KASAN_HW_TAGS, makes arch_sl...
CVE-2024-54683
CVE-2024-54683 – Linux kernel netfilter IDLETIMER ABBA deadlock : The vulnerability occurs when deleting the last idletimer rule may race with a read of its sysfs file, risking a circular locking dependency between idletimer teardown and kernel lock ownership. A reproduction shows concurrent dele...
CVE-2025-21878
CVE-2025-21878 relates to the Linux kernel i2c npcm driver. The vulnerability arises from not disabling the interrupt enable bit before calling devm_request_irq, leaving an i2c-related status bit that is read-only and triggers repeated interrupts. This behavior can cause a soft lockup and a reboo...
CVE-2025-22027
CVE-2025-22027 affects the Linux kernel, specifically the media: streamzap component. The issue is a race between device disconnection and urb callback that leads to a NULL pointer dereference of dev->raw in ir_raw_event_store_with_filter, even though NULL checks exist in the function. The roo...
CVE-2025-22062
CVE-2025-22062 affects the Linux kernel SCTP component. The issue arises from missing mutual exclusion in proc_sctp_do_udp_port, risking a crash if calls to sctp_udp_sock_stop() and sctp_udp_sock_start() are serialized improperly. The vulnerability is tied to the SCTP protocol, with proof of impa...
CVE-2025-22119
CVE-2025-22119 concerns the Linux kernel wireless stack. The issue occurs in cfg80211 where wiphy_work is not fully initialized before rfkill allocation, allowing cfg80211_dev_free to access uninitialized wiphy_work data via a race with the rfkill path. The root cause is an uninitialized wiphy_wo...
CVE-2025-23147
CVE-2025-23147 : Linux kernel i3c master/IBI handling vulnerability where an IBI can arrive before the target driver is probed, causing a NULL dereference in dev->ibi and a kernel panic. Affected component is the I3C master queue path (i3c_master_queue_ibi()); root cause is uninitialized dev-&...
CVE-2025-37792
The CVE-2025-37792 issue affects the Linux kernel Bluetooth btrtl driver (rtl load file path). root cause: btrtl_initialize() may treat a zero-length rtl_load_file() as non-error, causing an error pointer vs NULL and a subsequent NULL dereference. Severity is MEDIUM (CVSSv3.1 base 5.5), with loca...
CVE-2025-37851
CVE-2025-37851 affects the Linux kernel fbdev omapfb path. The vulnerability centers on the dispc_ovl_setup function not handling the plane value OMAP_DSS_WB from the enum parameter plane. While that value is initialized in dss_init_overlays and in current code cannot take this value, some code p...
CVE-2025-38575
In CVE-2025-38575, the Linux kernel ksmbd memory handling was corrected: memory allocated by aead_request_alloc() must be freed with aead_request_free() to ensure sensitive crypto data is zeroed before freeing. This resolves a local-attack surface (AV:L/AC:L/PR:L/UI:N/S:U) with a MEDIUM base scor...
CVE-2026-31671
The CVE-2026-31671 issue is in the Linux kernel xfrm_user component. A struct xfrm_user_report includes a __u8 proto field followed by a struct xfrm_selector, creating three padding bytes that were never zeroed before copying to userspace. The vulnerability is a information leak caused by these u...