CVE-2021-47338

The CVE-2021-47338 entry describes a Linux kernel fault in fbmem: fb_delete_videomode() could delete a video mode still in use, causing a use-after-free (UAF). Root cause is that fb_set_var calls fbcon_mode_deleted() result without confirming mode usage, enabling UAF in fb_mode_is_equal and subse...

CVE-2022-48827

CVE-2022-48827 (Linux kernel NFSD READ near OFFSET_MAX) : The vulnerability arises when the client-side NFS read request is aligned to a server rsize of 0x1000 due to a buffer alignment change. This can cause a loff_t overflow on the server when reading near the maximum file offset, leading the s...

CVE-2024-54193

Technical details about CVE-2024-54193 are not publicly provided in the connected documents. The initial description summarizes a kernel fix but does not specify affected subcomponents, root cause, impact, or patch specifics.

CVE-2024-56692

CVE-2024-56692 involves a Linux kernel bug in the f2fs filesystem where an on-disk nat entry blkaddr may be corrupted, triggering a kernel panic in f2fs_invalidate_blocks during truncate_node. The root cause is a lacking sanity check on nat blkaddr, which can be exploited indirectly by fuzzed ima...

CVE-2024-57936

CVE-2024-57936 affects the Linux kernel RDMA/bnxt_re code and fixes an SGEs handling bug in Work Requests. The issue arises because Gen P7 hardware can report up to 13 SGEs, while the WQE software structure currently supports only 6 SGEs. This mismatch allowed requests with as many as 13 SGEs to ...

CVE-2025-21643

The CVE-2025-21643 entry concerns the Linux kernel netfs path. Affected: kernel components handling asynchronous DIO via bio_vec[] passed to netfs_extract_user_iter(); trigger occurs when CIFS is combined with a loopback blockdev. Root cause: netfs_unbuffered_write_iter_locked() performed a check...

CVE-2025-21652

Summary (CVE-2025-21652) : In the Linux kernel, a use-after-free was reported in ipvlan_get_iflink() when handling ipvlan with linkwatch. The issue arises because ipvlan does not hold a refcount on the lower device, unlike vlan/macvlan, which can lead to UAF of ipvlan->phy_dev if the linkwatch...

CVE-2025-21767

CVE-2025-21767 is a Linux kernel issue where clocksource_verify_choose_cpus() is invoked with preemption disabled, causing a call to get_random_u32() that can indirectly acquire sleeping locks in PREEMPT_RT contexts. The root cause is using get_random_u32() while preemption is off, leading to an ...

CVE-2025-21830

Technical details for CVE-2025-21830 (landlock: Handle weird files) are not publicly provided in the connected documents. Monitor for updates from advisories and vendors before assessing impact or remediation.

CVE-2025-21854

The CVE-2025-21854 issue affects the Linux kernel sockmap/vsock path. It occurs when a connectible (unconnected) vsock may lose its prior transport, potentially causing a NULL dereference in the BPF recv path and a crash when a listening vsock is present in a sockmap. The root cause is that sockm...

CVE-2025-22111

CVE-2025-22111: In the Linux kernel, the fix removes the RTNL dance for SIOCBRADDIF and SIOCBRDELIF to avoid RTNL pressure race conditions between bridging and device removal. The description details a race where one thread detaches a device from a bridge while another removes the bridge, potenti...

CVE-2025-23141

CVE-2025-23141 affects the Linux kernel with KVM on x86. The vulnerability arises from acquiring SRCU in KVM_GET_MP_STATE to protect guest memory accesses during a window where APIC events (INIT/SIPI) and a pending triple_fault can trigger nested VM-exits, potentially allowing guest memory access...

CVE-2025-37740

The CVE-2025-37740 entry concerns the Linux kernel JFS code: a zero AG width in dmapctl can cause a divide error when computing the control page level in dbAllocAG. The vulnerability is fixed by adding a sanity check for agwidth in dbAllocAG (to avoid division by zero). Affected component: JFS in...

CVE-2025-37743

CVE-2025-37743 affects the Linux kernel wifi driver ath12k. The vulnerability is a memory leak in HAL_RX_MPDU_START TLV handling when enabling statistics, caused by kzalloc of mon_mpdu not being freed. The fix removes the kzalloc in HAL_RX_MPDU_START TLV handling and also removes standalone monit...

CVE-2025-37771

CVE-2025-37771 affects the Linux kernel (drm/amd/pm) with a division-by-zero flaw when the user sets a speed value greater than UINT_MAX/8. It is a local vulnerability; kernel fixes are referenced in upstream commits (e.g., 6413fed016208171592c88b5df002af8a1387e24 and related edits). The issue ha...

CVE-2025-37803

CVE-2025-37803 : Linux kernel vulnerability in udmabuf where a buffer size overflow can occur during udmabuf creation. The root cause is improper size calculation, mitigated by casting size_limit_mb to u64 when computing pglimit. Connected advisories corroborate a kernel fix; patches are deployed...

CVE-2025-37862

CVE-2025-37862 affects the Linux kernel HID PIDFF code. The vulnerability is a NULL pointer dereference in pidff_find_fields (and pidff_find_special_field) when searching for a report not implemented on the device, potentially triggering a crash. The issue could occur for both optional and requir...

CVE-2025-37890

CVE-2025-37890 affects the Linux kernel net_sched hfsc when a class has a netem child qdisc. The root cause is a use-after-free in class insertion into the vttree/eltree, which can occur in reentrant scenarios; the patch validates n_active to prevent double insertion. The fix is a kernel patch in...

CVE-2026-31672

CVE-2026-31672 concerns the Linux kernel rt2x00usb Wi‑Fi USB driver, where resources bound to USB interfaces could leak if the device is unbound without disconnection. The root cause is improper devres/USB anchor lifetime management, leading to potential memory leaks and resource exhaustion. The ...

CVE-2009-3080

CVE-2009-3080 affects the Linux kernel gdth driver (gdth_read_event in drivers/scsi/gdth.c). In kernels before 2.6.32-rc8, a negative event index in an IOCTL can allow local users to cause a denial of service or potentially gain privileges. MiracleLinux advisories cite this CVE as part of affecte...

CVE-2009-4020

CVE-2009-4020 describes a stack-based buffer overflow in the Linux kernel 2.6.32 hfs subsystem (fs/hfs/dir.c, hfs_readdir). A crafted Hierarchical File System (HFS) filesystem could allow an attacker to achieve an unspecified impact via the HFS filesystem. Several Nessus/GD advisories link this C...

CVE-2010-1188

CVE-2010-1188 details (mode C): A use-after-free in net/ipv4/tcp_input.c of the Linux kernel 2.6 prior to 2.6.20. When IPV6_RECVPKTINFO is set on a listening TCP socket, a SYN packet to a LISTEN socket can trigger the skb being freed improperly, allowing a remote attacker to cause a denial of ser...

CVE-2010-5313

CVE-2010-5313 is demonstrated in the Linux kernel’s arch/x86/kvm/x86.c, where a race condition allows L2 guest OS users to trigger an L2 emulation failure report and cause a denial of service on the L1 guest (as described in the CVE entry). The affected lineage is the Linux kernel before 2.6.38. ...

CVE-2011-1577

CVE-2011-1577 describes a heap-based buffer overflow in the is_gpt_valid function of fs/partitions/efi.c in Linux kernel 2.6.38 and earlier. This allows physically proximate attackers to cause a denial of service (OOPS) or potentially other impact via a crafted EFI GPT header size on removable me...

CVE-2012-3412

CVE-2012-3412 affects the sfc (Solarflare Solarstorm) driver in the Linux kernel, specifically versions before 3.2.30. The vulnerability allows remote attackers to trigger a denial of service by sending crafted TCP packets that induce a small MSS value, leading to DMA descriptor consumption and n...

CVE-2015-8962

CVE-2015-8962: Double free in sg_common_write (drivers/scsi/sg.c) of the Linux kernel before 4.4. A local user can gain privileges or cause memory corruption/system crash by detaching a device during an SG_IO ioctl. Remediation: upgrade to Linux kernel 4.4+ or apply vendor patch; exploitation con...

CVE-2016-0823

The CVE-2016-0823 entry concerns the Linux kernel vulnerability in which pagemap_open (fs/proc/task_mmu.c) on kernels before 3.19.3, including Android 6.0.1 before 2016-03-01, can let a local user read pagemap data to obtain sensitive physical-address information. This is triggered by reading the...

CVE-2017-10663

CVE-2017-10663 affects the Linux kernel prior to 4.12.4, specifically the F2FS file system code (fs/f2fs/super.c). The vulnerability arises because sanity_check_ckpt does not validate blkoff and segno arrays, allowing an unprivileged, local user to trigger a system panic and potential privilege e...

CVE-2022-48893

CVE-2022-48893 affects the Linux kernel's drm/i915/gt engine discovery. If driver initialization is aborted mid-gt/engine discovery, some engines stay incompletely set up and leak allocated objects because engine->release may be NULL. The entry notes a fix: drop the destroy_pinned_context() he...

CVE-2022-49093

CVE-2022-49093 affects the Linux kernel’s skbuff coalescing with page_pool fragments. The issue is a use-after-free during RX coalescing when SKBs share a PAGE2 reference via skb_shinfo()->dataref, while a third RX descriptor still uses PAGE2. During a coalescing attempt (SKB3 into SKB1), __sk...

CVE-2022-49177

CVE-2022-49177 : In the Linux kernel, the cavium hwrng driver fix addresses a NULL pointer dereference in cavium RNG handling. The issue manifested as a NULL dereference of 'pdev' in cavium-rng-vf.c (line 182) when dereferenced, triggering a coccicheck warning. The upstream patch fixes the NULL-d...

CVE-2022-49306

CVE-2022-49306 affects the Linux kernel USB subsystem (usb: dwc3: host). The issue arises from stop setting the ACPI companion for the DWC3 host; the sysdev pointer is now used when assigning ACPI companions to xHCI ports and USB devices. Assigning the ACPI companion previously could replace the ...

CVE-2023-52670

CVE-2023-52670 is a Linux kernel issue affecting rpmsg: virtio where driver_override is freed only partially during rpmsg_remove, causing a memory leak for an unreferenced object (size 128, shown in the backtrace). The vulnerability was resolved in the Linux kernel by freeing driver_override duri...

CVE-2024-36244

CVE-2024-36244 (Linux kernel) affects the taprio scheduler under net/sched. The issue arises when the UAPI allows a cycle-time that can be shorter than the sum of entry intervals, allowing a subtle bypass of the fix in the blamed commit. The advisory adds a new restriction: the cycle time must be...

CVE-2024-36957

CVE-2024-36957 affects the Linux kernel driver octeontx2-af. The vulnerability is due to an off-by-one read from userspace when attempting to copy count + 1 bytes (memdup_user(buffer, count + 1)), while the userspace buffer only contains count bytes. The fix prevents this by using memdup_user_nul...

CVE-2024-38543

CVE-2024-38543 : In the Linux kernel, a vulnerability in lib/test_hmm.c arose from allocation failures for src_pfns/dst_pfns. If kcalloc() returns NULL, dereferencing these pointers could trigger a null pointer dereference, especially as the device could be evicted. Remediation implemented: add a...

CVE-2024-38633

CVE-2024-38633 affects the Linux kernel serial MAX3100 driver. The issue arises when the last MAX3100 device is removed, as the global state tracking the UART driver registration is not updated, leading to a NULL pointer dereference during driver re-insertion (insmod/rmmod/insmod cycle). The docu...

CVE-2024-38667

CVE-2024-38667 affects the Linux kernel on RISC‑V: secondary idle threads can have their top‑of‑stack overlap with pt_regs, risking corruption of pt_regs and potentially saving/restoring a non‑existent V context. The issue mirrors a fix for the primary hart and was not propagated to secondary har...

CVE-2024-40905

CVE-2024-40905 refers to a Linux kernel vulnerability where a race in ipv6 handling via __fib6_drop_pcpu_from() could allow a NULL read of *ppcpu_rt if another CPU clears the value in rt6_get_pcpu_route(). The issue was mitigated by adding a READ_ONCE() around the read and by surrounding derefere...

CVE-2024-41096

CVE-2024-41096 : In the Linux kernel, KFENCE reported a use-after-free in PCI MSI handling during msi_capability_init. The root cause is an error-path path that unmasks a descriptor after it may have been freed, propagating a failure from __msi_domain_alloc_locked() back to pci_alloc_irq_vectors ...

CVE-2024-42093

CVE-2024-42093 – Linux kernel vulnerability in net/dpaa2: cpumask allocation on stack. For CONFIG_CPUMASK_OFFSTACK=y, explicit allocation of cpumask on the stack can overflow the stack. The fix is to use the *cpumask_var API(s) to allocate cpumask variables in a config-neutral way, leaving alloca...

CVE-2024-42156

The CVE-2024-42156 issue concerns the Linux kernel s390/pkey code, where copies of clear-key structures are wiped on failure. The underlying flaw wipes sensitive data from the stack for all IOCTLs converting a clear-key into a protected- or secure-key, exposing confidentiality risk. Documents con...

CVE-2024-46841

Technical details about CVE-2024-46841 are not publicly available in the provided connected documents. Monitor for updates from official advisories and vendor pages.

CVE-2024-46848

CVE-2024-46848 affects the Linux kernel perf/x86/intel Haswell frequency-estimation path. The issue stems from a too-short initial period (1) triggering HW errata HSW11/HSW143; fixes enforce a minimum period (128 for INST_RETIRED.ALL and 32 for other counters) and adjust the frequency-estimation ...

CVE-2024-47661

The CVE-2024-47661 issue affects the Linux kernel’s drm/amd/display path, where dmub_rb_cmd's ramping_boundary was defined as uint8_t but assigned 0xFFFF. The fix changes ramping_boundary to a uint8_t value of 0xFF, addressing two integer-overflow problems reported by Coverity. Affected component...

CVE-2024-47690

CVE-2024-47690 concerns the Linux kernel F2FS: online repair in f2fs_lookup() can race with a readonly remount, potentially leaving a dirty inode and triggering a kernel panic during eviction. The advisory states the fix is to remove online repair in f2fs_lookup() and delegate integrity checks to...

CVE-2024-47704

CVE-2024-47704 affects the Linux kernel in the drm/amd/display path. The issue arises when dp_enable_link_phy/dp_disable_link_phy pass link_res without initializing hpo_dp_link_enc, leading to null dereference (two forward_null issues). The connected Nessus/NASL entries confirm the vulnerability ...

CVE-2024-49890

CVE-2024-49890 : Linux kernel fix for a NULL dereference in drm/amd/pm by ensuring fw_info is not NULL before use. The issue manifested as a null dereference warning reported by Coverity; the patch prevents dereferencing a NULL fw_info and thus mitigates the vulnerability as described in the entr...

CVE-2024-49895

Summary: CVE-2024-49895 affects the Linux kernel DRM/AMD display path for DCN30, where a degamma hardware-format translation could access transfer function points out of bounds. The root cause is an index variable “i” that could exceed TRANSFER_FUNC_POINTS, leading to a potential buffer overflow ...

CVE-2024-49901

CVE-2024-49901 concerns the Linux kernel DRM MSM Adreno path. The root cause was a NULL pointer dereference during cleanup when gpu->pdev may still be NULL during early initialization, including cases where speedbin data exists but opp/hw data in DT is missing. The vulnerability was resolved b...