CVE-2009-2848

CVE-2009-2848 is confirmed in connected material as applicable to MiracleLinux kernel package 2.6.18-128.10AXS3, aligning with the Linux kernel vulnerability where execve does not properly clear current->clear_child_tid during thread creation/exit. This misbehavior can enable local users to ca...

CVE-2010-3296

CVE-2010-3296 affects the Linux kernel driver cxgb3 (cxgb_extension_ioctl in drivers/net/cxgb3/cxgb3_main.c). The advisory states that the code path in kernels up to 2.6.36-rc5 does not properly initialize a structure member, allowing a local user to potentially read sensitive data from kernel st...

CVE-2010-3875

CVE-2010-3875 affects the Linux kernel, specifically the ax25_getname function in net/ax25/af_ax25.c. The root cause is that a structure is not initialized, enabling local users to read a copy of kernel stack memory and potentially obtain sensitive information. The issue is tied to kernels prior ...

CVE-2010-4075

The CVE-2010-4075 entry affects the Linux kernel module code: uart_get_count (drivers/serial/serial_core.c) in versions prior to 2.6.37-rc1. The vulnerability arises from not properly initializing a certain structure member, enabling local users to read potentially sensitive information from kern...

CVE-2011-1013

CVE-2011-1013 is an integer signedness error in the drm_modeset_ctl ioctl handling that affects the Linux kernel prior to 2.6.38 and OpenBSD prior to 4.9, allowing local users to trigger out-of-bounds writes and potentially crash the system or cause other impact via a crafted vb_num in an ioctl. ...

CVE-2011-2699

CVE-2011-2699 affects the Linux kernel IPv6 implementation. The vulnerability is that, before version 3.1, Fragment Identification values were not generated separately for each destination, enabling remote attackers to cause a denial of service by sending crafted packets. Connected advisories ref...

CVE-2013-4348

CVE-2013-4348 affects the Linux kernel (up to 3.12) via skb_flow_dissect in net/core/flow_dissector.c. A crafted small IHL value in IPIP-encapsulated packets can trigger an infinite loop, enabling remote denial of service. The connected Nessus advisories reproduce the same description for Unity L...

CVE-2014-3688

CVE-2014-3688 affects the Linux kernel SCTP implementation prior to 3.17.4. The vulnerability allows a remote attacker to cause a denial of service via memory consumption by triggering a large number of chunks in an association’s output queue (ASCONF probes), related to net/sctp/inqueue.c and net...

CVE-2015-5707

CVE-2015-5707 affects the Linux kernel sg.c sg_start_req function (drivers/scsi/sg.c) where an integer overflow can occur in write requests with a large iov_count, allowing a local attacker to cause a denial of service or potentially other impact on kernel memory. Affected are kernel versions 2.6...

CVE-2016-7917

CVE-2016-7917 affects the Linux kernel’s netfilter: the nfnetlink_rcv_batch() function in net/netfilter/nfnetlink.c does not validate the batch length against the message, enabling a local user with CAP_NET_ADMIN to read kernel memory or trigger a denial of service (infinite loop or out-of-bounds...

CVE-2016-8405

CVE-2016-8405 is an information disclosure vulnerability affecting Android kernels (Kernel-3.10 and Kernel-3.18) via multiple subsystems (ION, Binder, USB, networking). It allows a local malicious process to access data outside its permissions after exploiting a privileged process; CVSS data in t...

CVE-2016-9178

CVE-2016-9178 affects the Linux kernel prior to 4.7.5. The macro __get_user_asm_ex in arch/x86/include/asm/uaccess.h does not initialize a certain integer variable, allowing local users to obtain sensitive information from kernel stack memory by triggering a failure of a get_user_ex call. Impact ...

CVE-2019-20422

The CVE-2019-20422 issue affects the Linux kernel prior to 5.3.4, where fib6_rule_lookup in net/ipv6/ip6_fib.c mishandles the RT6_LOOKUP_F_DST_NOREF flag in a reference-count decision, potentially causing a crash identified by syzkaller (CID-7b09c2d052db). The vulnerability arises from incorrect ...

CVE-2021-46988

The CVE-2021-46988 entry concerns a Linux kernel issue in userfaultfd where a page allocated during shmem_mfill_atomic_pte() may not be released if a copy_from_user() fails and accounting subsequently fails, triggering a BUG_ON in the caller. The connected Astra/Linux bulletin and Nessus/OpenVAS ...

CVE-2021-47107

CVE-2021-47107 : In the Linux kernel NFSD, an underflow in buffer sizing for READDIR when a client issues a too-small count can cause writing beyond the allocated buffer via xdr_reserve_space(), enabling a buffer overflow. The root cause was a susceptibility in the READDIR path introduced by newe...

CVE-2021-47178

CVE-2021-47178 : Linux kernel vulnerability where smp_processor_id() was used in preemptible SCSI host work paths (target_core/tcm_loop), triggering a BUG: using smp_processor_id() in preemptible code on TCMU devices configured with DEBUG_PREEMPT. The symptom occurred during blktests (block/005) ...

CVE-2021-47566

CVE-2021-47566 involves a Linux kernel vulnerability in proc/vmcore where user-space buffers were cleared improperly (memset) instead of using clear_user(), enabling a supervisor write fault on a vmcore copy scenario. The fix = use clear_user() when handling user buffers; SMAP handling is noted i...

CVE-2022-3577

CVE-2022-3577 is an out-of-bounds memory write flaw in the Linux kernel HID driver for Kid-friendly Wired Controller (bigben) in bigben_probe (drivers/hid/hid-bigbenff.c). A malicious or defunct bigben device could trigger an out-of-bounds write, potentially crashing the system or allowing local ...

CVE-2022-48733

The CVE-2022-48733 issue affects the Linux kernel (btrfs) where a use-after-free can occur in create_snapshot() if btrfs_commit_transaction() fails and the pending snapshot is freed, leaving it in the transaction list. The root cause is improper lifecycle handling of the pending snapshot during t...

CVE-2022-49348

In Linux kernels affected by CVE-2022-49348, the EXT4_FC_REPLAY bit in sbi->s_mount_state was causing a risk: a corrupted on-disk superblock could set EXT4_FC_REPLAY in s_mount_state, bypassing sanity checks and triggering a BUG() in ext4_es_cache_extent(). The available connected documents co...

CVE-2022-49537

CVE-2022-49537 is related to the Linux kernel SCSI lpfc path with CMF enabled. The issue arises from this_cpu_ptr() using smp_processor_id() in a preemptible context, leading to an invalid call trace (systemd-udevd 31711) and potential preemption-related bugs. The documented fix is to replace thi...

CVE-2022-49584

CVE-2022-49584 is a Linux kernel issue in the ixgbe driver where disabling SR-IOV (setting sriov_numvfs to zero) can race with the PF driver, potentially causing a kernel panic. The root cause is a lack of locking during the disable path, allowing VF mailbox communication to proceed concurrently....

CVE-2023-32258

CVE-2023-32258 affects the Linux kernel ksmbd SMB server. The flaw occurs in processing SMB2_LOGOFF and SMB2_CLOSE due to missing locking when operating on an object, allowing code execution in kernel context. Connected documents confirm this is a ksmbd in-kernel vulnerability with high impact (C...

CVE-2023-5197

CVE-2023-5197 is a use-after-free vulnerability in the Linux kernel’s netfilter nf_tables component. Public documents confirm it can be triggered by the addition/removal of rules within the same transaction, leading to potential local privilege escalation. Affected context includes Linux kernel d...

CVE-2024-26644

CVE-2024-26644 : Linux kernel Btrfs snapshot logic fails when the source is a deleted subvolume. The code copies the source root item (including refs) to the new root item; since refs is 0 for a deleted subvolume, btrfs_get_new_fs_root() returns -ENOENT and the snapshot creation aborts. The docum...

CVE-2024-26737

CVE-2024-26737 is a Linux kernel vulnerability resolved by a patch that fixes a race between bpf_timer_cancel_and_free and bpf_timer_cancel, which could cause a use-after-free (UAF) of timer structures. The fix frees timer->timer after an RCU grace period (RCU head added to struct bpf_hrtimer)...

CVE-2024-26845

CVE-2024-26845 (Linux kernel) involves the SCSI target core handling of TMF in tmr_list. The issue: an abort processed by iSCSI could be added to tmr_list but not handled by target core, causing a LUN_RESET path to wait for an abort that never completes. Public advisories show debug traces (e.g.,...

CVE-2024-35911

CVE-2024-35911 (Linux kernel, ice driver) : Addresses a memory-corruption panic in the ice NIC driver during suspend/rebuild. The issue occurred because, after reset, code referenced num_q_vectors before it was safely reinitialized by ice_vsi_cfg_def(), which could lead to a zero-length buffer al...

CVE-2024-35951

CVE-2024-35951 concerns a Linux kernel regression in the DRM Panfrost path. The issue arises in panfrost_mmu_map_fault_addr(): when page or sg allocation fails, the code improperly releases a previously acquired page reference, creating unbalanced get/put_pages() calls. The patch fixes the error ...

CVE-2024-36946

CVE-2024-36946 is a Linux kernel local denial of service issue related to phonet: rtm_phonet_notify() skb allocation. The root cause is that fill_route() stores three components in the skb (rtmsg, RTA_DST, RTA_OIF) and rtm_phonet_notify() should allocate space via NLMSG_ALIGN(sizeof(struct rtmsg)...

CVE-2024-38589

CVE-2024-38589 : In the Linux kernel netrom subsystem, a deadlock can occur in nr_rt_ioctl due to a circular locking dependency between nr_node_list_lock and nr_node_lock. Syzbot identified a possible deadlock when attempting to acquire nr_node_lock while already holding nr_node_list_lock, with t...

CVE-2024-42145

CVE-2024-42145 pertains to the Linux kernel’s IB/core subsystem, addressing an unbounded UMAD receive list in ib_umad. The fix implements a hard limit of 200k packets on the UMAD receive list; packets beyond the limit are dropped, on the assumption they will time out before user-space handling. P...

CVE-2024-43867

The CVE refers to a Linux kernel issue in the DRM Nouveau path: a refcount underflow in nouveau_bo_ref() when nouveau_bo has not been initialized (backing ttm_bo). The vulnerability arises in the unwind path of drm_gem_object_init(); instead of calling nouveau_bo_ref(), code now manually cleans u...

CVE-2024-46686

CVE-2024-46686 (Linux kernel) : The vulnerability lies in the SMBv2 read path where smb2_new_read_req() can dereference rdata=NULL when SMB2_read() is used with RDMA and the rdma_readwrite_threshold is reached. This affects the Linux kernel smb client code and is triggered from the SMB2_read() fl...

CVE-2024-46737

CVE-2024-46737 is a Linux kernel vulnerability tied to nvmet-tcp. The issue occurs when nvmet_tcp_alloc_cmds() fails to allocate commands, causing a NULL pointer dereference in nvmet_tcp_release_queue_work() and kernel crash. The provided fix sets queue->nr_cmds to zero if nvmet_tcp_alloc_cmd(...

CVE-2024-46772

CVE-2024-46772 affects the Linux kernel (drm/amd/display). The vulnerability arises from not guarding the denominator crb_pipes before use, risking a divide-by-zero. The patch fixes two divide-by-zero issues by ensuring the denominator is checked prior to its use, and is noted as resolved in down...

CVE-2024-46861

CVE-2024-46861 - Linux kernel USB net driver (usbnet/ipheth) : The issue arises when RX callbacks fail in usbnet ipheth; causes could be payload too short, incorrect payload framing (e.g., bad NCM framing), or memory pressure. These failures previously could cause the driver to seize up. The docu...

CVE-2024-47695

CVE-2024-47695 affects the Linux kernel in the RDMA/rtrs-clt path. The issue arises in init_conns(): after creating connections, the cleanup phase can access out-of-bounds memory because cid is set to clt_path->s.con_num. The remediation described in the vulnerability entry is that a commit re...

CVE-2024-49899

CVE-2024-49899 affects the Linux kernel’s DRM AMD display code. The vulnerability arises from denominators that could be zero due to uninitialized defaults; the fix sets denominators’ default to 1 to prevent division by zero. This resolves 10 DIVIDE_BY_ZERO issues reported by Coverity. The linked...

CVE-2024-49922

The CVE-2024-49922 entry concerns the Linux kernel DRM AMD display driver. The issue arises from using pointers that may be NULL in a path where they had been validated earlier in the same function, triggering null-pointer handling after use. The vulnerability is mitigated by a fix that adds null...

CVE-2024-50042

Technical details for CVE-2024-50042 are not publicly available in the provided documents. The connected advisories list kernel issues but do not disclose the affected product/version, root cause, impact, or a concrete fix for this CVE. Monitor for updates.

CVE-2024-50159

CVE-2024-50159 relates to the Linux kernel firmware subsystem for ARM SCMI. The vulnerability arises from a double-free in the ARM SCMI debugfs setup path: when devm_add_action_or_reset() fails, scmi_debugfs_common_cleanup() can run twice, leading to freeing the same memory (dbg->name) twice. ...

CVE-2024-50225

CVE-2024-50225 focuses on the Linux kernel, specifically the Btrfs file system. The vulnerability arises in error propagation for split bios via btrfs_bbio_propagate_error(), which is intended to propagate an error from a split bio back to the original btrfs_bio and inform the upper layer. Under ...

CVE-2024-50242

CVE-2024-50242 affects the Linux kernel ntfs3 implementation. The issue is described as an “Additional check in ntfs_file_release” in the ntfs_file_release path, with CVSSv3.1: LOCAL, Low attack complexity, Low privileges required, UI: None, S:U, and metrics indicating high confidentiality, integ...

CVE-2024-50255

The CVE CVE-2024-50255 affects the Linux kernel Bluetooth stack. A null-ptr-deref in hci_read_supported_codecs can occur due to __hci_cmd_sync_sk() returning NULL for unknown opcodes and the hci_cmd_complete_evt() assuming status from skb->data[0] when an opcode is missing from hci_cc, trigger...

CVE-2024-50257

CVE-2024-50257 in the Linux kernel: netfilter/get_info() use-after-free (LOCAL, LOW) during concurrent ip6table_nat module unload. Root cause described as a missing refcount fix when locating a table during get_info, leading to a use-after-free of xt_table->me when module exits. Impact is High...

CVE-2024-53048

Technical details for CVE-2024-53048 are not provided in the connected documents. The initial description describes a Linux kernel ice driver crash with DPLL-enabled E810 LOM and a firmware-driven pin initialization approach under planning; no concrete vendor/version/fix details are present here....

CVE-2024-53087

Technical details about CVE-2024-53087 are not provided in the connected documents. The initial description includes a summary but no publishable technical specifics (affected versions, impact, or fixes) in the supplied sources. Monitor for updates.

CVE-2024-54193

Technical details about CVE-2024-54193 are not publicly provided in the connected documents. The initial description summarizes a kernel fix but does not specify affected subcomponents, root cause, impact, or patch specifics.

CVE-2024-56692

CVE-2024-56692 involves a Linux kernel bug in the f2fs filesystem where an on-disk nat entry blkaddr may be corrupted, triggering a kernel panic in f2fs_invalidate_blocks during truncate_node. The root cause is a lacking sanity check on nat blkaddr, which can be exploited indirectly by fuzzed ima...