CVE-2022-49296

CVE-2022-49296: Linux kernel Ceph deadlock when holding Fwb to get inline_data. The vulnerability arises during cephfs/cephmds inline data handling (inline_version logic) causing a deadlock involving Fwb/Fsr caps during the getattr sequence, potentially locking the system. Connected docs indicate...

CVE-2022-49389

CVE-2022-49389 concerns a refcount leak in the Linux kernel USB/IP path. The issue arises because usb_get_dev() is called in stub_device_alloc(), and if stub_probe() fails afterward, the reference must be released with usb_put_dev(). The fix moves usb_put_dev() to the sdev_free error path, ensuri...

CVE-2022-49531

The CVE-2022-49531 entry concerns the Linux kernel loop driver. A vulnerability in the loop: implement ->free_disk could allow freeing a lo_device before the gendisk is freed, risking a deadlock if the device is still in use. The issue is described as resolved, with upstream fixes relaxing the...

CVE-2022-49839

CVE-2022-49839 : In the Linux kernel, the scsi_transport_sas path sas_phy_add() could crash if transport_add_device() failed, since error handling did not account for a NULL device during transport_remove_device() invoked from sas_remove_host(). The issue is mitigated by the upstream fix to check...

CVE-2022-49924

CVE-2022-49924 : In the Linux kernel NFC fdp path, fdp_nci_send() calls fdp_nci_i2c_write() which may not free the skb, causing a memory leak when the I2C write completes. The public impact is a potential memory leak affecting kernel availability (CVSS base 5.5, HIGH for availability) with no imp...

CVE-2023-52532

CVE-2023-52532 concerns a Linux kernel TX CQE error handling issue in net: mana. The advisory states that for an unknown TX CQE error type (likely from newer hardware), the kernel must still free the SKB and update the queue tail to avoid accounting errors; TX errors can be triggered by injecting...

CVE-2024-26673

CVE-2024-26673 affects the Linux kernel netfilter nft_ct, where custom expectations could mishandle layer 3/4 protocol numbers. The issue arises from insufficient validation, allowing unexpected protocol families beyond NFPROTO_IPV4/IPv6/INET and permitting layer-4 protocols without ports, since ...

CVE-2024-27405

CVE-2024-27405 describes a Linux kernel issue in usb: gadget: ncm where the unwrap logic can drop all datagrams when a second NTB is faulty due to a leftover byte after a proper NTB. The trigger observed during tethering over NCM with Windows 11 host. Root cause: if there are leftover bytes, unwr...

CVE-2024-27419

CVE-2024-27419 – Linux kernel data race in sysctl_net_busy_read The connected Astra Linux advisory and the initial description confirm a Linux kernel vulnerability: netrom: Fix data-races around sysctl_net_busy_read. The issue involved reading a sysctl value that could be modified concurrently, n...

CVE-2024-38556

CVE-2024-38556 affects the Linux kernel net/mlx5 code. The vulnerability arises from how the command queue semaphore timeout handling can allow an entry to be processed before an index is allocated, risking an out-of-bounds access at idx = -22 if the completion path proceeds without proper synchr...

CVE-2024-38567

Mode C: The CVE-2024-38567 issue affects the Linux kernel wifi driver carl9170 (USB endpoints). Root cause: an endpoint type can be improperly treated during URB submission, triggering a warning when an endpoint’s type changes between bulk/interrupt and other endpoints aren’t reassessed. The fix ...

CVE-2024-42069

CVE-2024-42069 is a Linux kernel vulnerability: the net: mana double-free in an error path was fixed. When auxiliary_device_add() fails and calls auxiliary_device_uninit(), the adev_release callback could free makedev twice via kfree(madev). The fix prevents this by setting madev to NULL in the e...

CVE-2024-42134

CVE-2024-42134 : In the Linux kernel, virtio-pci may dereference vp_dev->is_avq when determining admin virtqueues in vp_del_vqs, since vp_dev->is_avq can be empty on some installations (virtio_pci_legacy). The bug could crash guests; the fix is to validate vp_dev->is_avq before use. Conn...

CVE-2024-42263

CVE-2024-42263 (Linux kernel) : The drm/v3d component had a memory-leak in the timestamp extension when userspace memory fetch failed in the main loop, leaking drm_syncobjs up to that point due to missing drm_syncobj_put. A fix exports and uses a common cleanup helper to correctly release resourc...

CVE-2024-42280

The CVE-2024-42280 entry affects the Linux kernel mISDN hfcmulti_tx() use-after-freeBug: a use-after-free could occur if a pointer is dereferenced after dev_kfree_skb(*sp) frees the skb. The issue is fixed in upstream kernel patches (e.g., commits listed in the CVE entry). Impact in the descripti...

CVE-2024-46707

CVE-2024-46707 affects the Linux kernel KVM for arm64. When a guest is configured without vGICv3 and the host cannot emulate GICv2, writes to ICC_SGI EL1 are trapped to EL2, leading to an attempted SGI emulation that dereferences a NULL interrupt pointer. The public details confirm the root cause...

CVE-2024-46733

The CVE-2024-46733 issue is in the Linux kernel, specifically the btrfs qgroup reserve leaks in cow_file_range during buffered writes. The root cause is that in the dirty page path the qgroup reserve remains owned until an ordered_extent is created; if an error occurs before allocation of the ord...

CVE-2024-46812

CVE-2024-46812 concerns the Linux kernel DRM/AMD display code. The vulnerability arises from memory access issues addressed by skipping inactive planes in ModeSupportAndSystemConfiguration, as reported by Coverity. The fix is implemented in the kernel to prevent illegal accesses by not processing...

CVE-2024-46840

CVE-2024-46840 relates to the Linux kernel bug in btrfs where handling for refs == 0 in snapshot delete could yield an incorrect answer because of missing locks. The fix converts BUG_ON(refs == 0) sites in reada, walk_down_proc, and walk_up_proc to proper error handling, returning -EUCLEAN (later...

CVE-2024-46856

Summary of CVE-2024-46856 : In the Linux kernel, the net: phy: dp83822: Fix NULL pointer dereference on DP83825 devices vulnerability was addressed by ensuring all PHY models have a valid private data pointer. The issue arose because probe() was only used for DP83822 and DP83826 PHY, leaving the ...

CVE-2024-47728

CVE-2024-47728 concerns the Linux kernel where a vulnerability in the BPF subsystem could leak memory due to ARG_PTR_TO_{LONG,INT} arguments on error paths. The resolved description indicates the fix zeros the former ARG_PTR_TO_{LONG,INT} inputs for non-tracing helpers when an error occurs, preve...

CVE-2024-49905

CVE-2024-49905 refers to a fix in the Linux kernel’s AMD GPU driver code, specifically for the DRM/AMD display path. The vulnerability arose from using the variable afb in amdgpu_dm_plane_handle_cursor_update without a null check; the commit added a null check to prevent potential null pointer de...

CVE-2024-49907

CVE-2024-49907 : Linux kernel DRM/AMD display vulnerability where a NULL dereference can occur by dereferencing dc->clk_mgr in the idle-power path if it is NULL. The fix adds a NULL check before calling dc->hwss.apply_idle_power_optimizations (which may call dcn35_apply_idle_power_optimizat...

CVE-2024-49931

The CVE-2024-49931 issue in Linux kernel WiFi driver ath12k (SoC stats) is a concrete fix: ath12k_dp_rx_process() previously indexed hal_reo_error with the REO destination SRNG ring ID, which is incorrect and caused an out-of-bounds access. The fix uses the normal ring ID directly to prevent out-...

CVE-2024-49986

CVE-2024-49986 refers to a Linux kernel issue affecting the x86/x86-android-tablets platform. The vulnerability arises during platform_device_register() error handling: x86_android_tablet_remove() frees the pdevs[] array, so the code must not use pdevs[] after its deletion. The fix, as described ...

CVE-2024-49998

CVE-2024-49998 affects the Linux kernel net: dsa shutdown sequence, specifically lan9303. Two shutdown-time races are described: (1) a driver data pointer (dev_get_drvdata) may be accessed after shutdown, risking an NPD if the remove path runs; (2) concurrent zeroization of conduit->dsa_ptr ca...

CVE-2024-50003

CVE-2024-50003 affects the Linux kernel component drm/amd/display. The issue causes a system hang on resume when a Thunderbolt (TBT) monitor is connected, because the HPD during resume triggers drm_client_modeset_probe() while connector->dev->master is NULL, potentially corrupting pipe topo...

CVE-2024-50079

CVE-2024-50079 affects the Linux kernel io_uring/sqpoll path. When sqpoll exits and cancels pending work items, it may call task_work from within io_uring_cancel_generic() while the task is not TASK_RUNNING, risking a scheduler splat as the ring mutex is grabbed in an interruptible state. The roo...

CVE-2024-50145

CVE-2024-50145 concerns the Linux kernel (octeon_ep driver) and fixes a NULL pointer dereference caused by skb allocation failures during RX processing. The change adds handling for skb allocation failures in __octep_oq_process_rx(), which may be invoked during NAPI polling. When build_skb() retu...

CVE-2024-50160

In CVE-2024-50160, the Linux kernel ALSA hda/cs8409 driver could dereference NULL if snd_hda_gen_add_kctl failed to allocate memory, leading to a NULL pointer dereference. The fix adds a pre-dereference check in the dolphin_fixups hda_fixup path (which is not supposed to return errors) and ignore...

CVE-2024-50198

CVE-2024-50198 affects the Linux kernel IIO driver for the veml6030 (iio: light). The dev pointer passed to in_illuminance_period_available_show incorrectly referenced the embedded IIO device instead of the associated I2C client, causing a NULL indio_dev and a segmentation fault when reading the ...

CVE-2024-50250

The CVE-2024-50250 issue affects the Linux kernel fsdax code: dax_unshare_iter copies data from srcmap to iomap and previously did not align copy_pos/copy_len to a page boundary, allowing misalignment when iter->pos and length are not page-aligned. The bug can cause data corruption (when iter-...

CVE-2024-53089

CVE-2024-53089 concerns the Linux kernel on LoongArch with KVM. The issue arises from hrtimers that may be canceled/called in contexts that violate PREEMPT_RT rules, after timers are unmarked to expire in soft expiry but then canceled from a preempt-notifier with preemption disabled. The fix make...

CVE-2024-53106

CVE-2024-53106 concerns the Linux kernel ima subsystem: a buffer overrun in ima_eventdigest_init_common triggered by HASH_ALGO__LAST indexing hash_digest_size[]. Root cause is inadequate handling of HASH_ALGO__LAST; a conditional prevents the overread. A fix is included in kernel updates (commit ...

CVE-2024-53218

The CVE-2024-53218 issue affects the Linux kernel F2FS shutdown path, where concurrent shutdown paths can race and cause use-after-free of the f2fs_gc_thread (gc_th), potentially leading to a crash. The root cause is a race in f2fs_stop_gc_thread() allowing gc_th to be freed while another path st...

CVE-2024-57841

CVE-2024-57841 concerns a Linux kernel memory leak in tcp_conn_request() where dst memory allocated in af_ops->route_req is not freed if inet_csk_reqsk_queue_hash_add() fails, as shown by the kmemleak stack. The vulnerability is in the path that leads to tcp_conn_request() and may leak memory ...

CVE-2024-57857

In CVE-2024-57857, the Linux kernel RDMA/siw subsystem removed a direct per-device net_device link and relies on ib_devices net_device management instead. The change addresses a slab-use-after-free (KASAN) issue observed during siw_query_port() caused by a badly managed local net_device link. Rem...

CVE-2024-57916

CVE-2024-57916 affects the Linux kernel component dealing with GPIO IRQ handling (misc: microchip: pci1xxxx). The root cause is improper IRQ handling that could trigger a kernel panic; the fix replaces generic_handle_irq with handle_nested_irq to resolve the issue. Public references indicate upst...

CVE-2025-21816

CVE-2025-21816 affects the Linux kernel hrtimers subsystem. The issue arises when hrtimers queued on an offline CPU can wake up and arm the deadline timer after CPU hotplug stage CPUHP_AP_HRTIMERS_DYING, potentially impacting bandwidth timer handling (notably RCU-related wakeups). The documented ...

CVE-2025-21820

CVE-2025-21820 affects the Linux kernel tty/xilinx_uartps driver. A deadlock could occur due to a circular lock dependency between uart_port_lock and console_lock when handling sysrq. The fix splits sysrq handling into two parts: using a prepare step under the port lock and deferring actual handl...

CVE-2025-21838

CVE-2025-21838: In the Linux kernel, the usb: gadget: core: flush gadget workqueue after device removal fix prevents leaking workqueue items when device_del() schedules new work (e.g., via dwc3). The root cause is device_del() potentially scheduling work in gadget->work, with the subsequent sc...

CVE-2025-22087

Technical details about CVE-2025-22087 are not provided in the connected documents. The description outlines kernel stack/array bounds handling but no public advisories, affected products/versions, or mitigations are given here. Monitor for updates.

CVE-2025-37770

CVE-2025-37770 affects the Linux kernel (drm/amd/pm): if a user sets a speed value greater than UINT_MAX/8, a division by zero is possible. The issue is exploitable locally with low privileges and no user interaction required. The vulnerability was identified by the Linux Verification Center (SVA...

CVE-2025-37849

CVE-2025-37849 affects the Linux kernel KVM arm64; the issue occurs when kvm_arch_vcpu_create() fails to share the vCPU page with the hypervisor, leaving vGIC vCPU data initialised. This can leak memory on vCPU destruction and may cause use-after-free in redistributor handling. The fix adds prope...

CVE-2025-37860

CVE-2025-37860 : Linux kernel sfc/ef100 design-param NULL dereferences fixed by reordering initialization. The vulnerable path allowed ef100_probe_main() and ef100_check_design_params() to run before efx->net_dev was created, enabling NULL dereferences when calling netif_set_tso_max_size() or ...

CVE-2025-37985

CVE-2025-37985 affects the Linux kernel USB wdm subsystem, specifically a race between wdm_open and wdm_wwan_port_stop. The issue arises if WDM_WWAN_IN_USE is not cleared last, allowing opening a chardev whose URBs may still be poisoned. Impact is local, with potential to exploit the race to caus...

CVE-2010-1173

CVE-2010-1173 affects Linux kernel SCTP: sctp_process_unk_param in net/sctp/sm_make_chunk.c (kernel 2.6.33.3 and earlier) enables remote attackers to crash the system via SCTPChunkInit with many invalid parameters (high error data). Connected advisories (e.g., MiracleLinux AXSA-2010-377:12 and re...

CVE-2010-2248

CVE-2010-2248 affects the Linux kernel CIFS/SMB implementation. The issue is triggered by a remote SMB response containing an invalid CountHigh value, leading to a denial of service (kernel panic) via the CIFSSMBWrite and CIFSSMBWrite2 paths (OS/2 server responses). Affected: Linux kernel prior t...

CVE-2010-3880

CVE-2010-3880 affects the Linux kernel (net/ipv4/inet_diag.c) prior to 2.6.37-rc2. The issue is improper auditing of INET_DIAG bytecode, enabling a local user to trigger a kernel infinite loop and cause a denial of service via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message conta...

CVE-2012-4542

CVE-2012-4542 describes a Linux kernel local access issue in block/scsi_ioctl.c (up to kernel 3.8) where SCSI command authorization does not properly account for the SCSI device class, allowing a local attacker to bypass access restrictions via SG_IO ioctl with overlapping opcodes. Public referen...