CVE-2016-4568

CVE-2016-4568 affects the Linux kernel’s videobuf2-v4l2 implementation (drivers/media/v4l2-core/videobuf2-v4l2.c). The flaw allows a local attacker to trigger a kernel memory write (and potential other impact) via a crafted number of planes in a VIDIOC_DQBUF ioctl, leading to a denial of service ...

CVE-2012-4542

CVE-2012-4542 describes a Linux kernel local access issue in block/scsi_ioctl.c (up to kernel 3.8) where SCSI command authorization does not properly account for the SCSI device class, allowing a local attacker to bypass access restrictions via SG_IO ioctl with overlapping opcodes. Public referen...

CVE-2014-0205

CVE-2014-0205 affects the Linux kernel futex_wait in kernel/futex.c, where a reference-count during requeue isn’t properly maintained before 2.6.37. This enables local users to cause denial of service (use-after-free and system crash) and, in a crafted scenario, potentially gain privileges by tri...

CVE-2014-8884

CVE-2014-8884 describes a stack-based buffer overflow in the Linux kernel before 3.17.4, specifically in the ttusbdecfe_dvbs_diseqc_send_master_cmd function (drivers/media/usb/ttusb-dec/ttusbdecfe.c). A large ioctl message length can allow local users to cause a system crash (DoS) or potentially ...

CVE-2015-8551

CVE-2015-8551 affects the Xen PCI backend driver (pciback) when Xen runs on x86 with a Linux 3.1.x–4.3.x driver domain. The issue arises from missing sanity checks in XEN_PCI_OP_* operations, allowing a local guest administrator with access to a passed-through MSI/MSI-X PCI device to trigger BUG ...

CVE-2017-14991

Consolidated details from connected advisories show CVE-2017-14991 affects the Linux kernel sg_ioctl path (drivers/scsi/sg.c) with vulnerable code in sg_get_request_table handling for /dev/sg0. The flaw exists in kernels before 4.13.4, allowing local attackers to read uninitialized kernel heap me...

CVE-2019-19069

CVE-2019-19069 affects the Linux kernel fastrpc DMA path. A memory leak in the function fastrpc_dma_buf_attach() (drivers/misc/fastrpc.c) can be triggered by dma_get_sgtable() failures, allowing a potential denial of service through memory consumption. The vulnerability is in kernels before 5.3.9...

CVE-2020-35513

CVE-2020-35513 describes a flaw in the Linux kernel NFS implementation where an incorrect umask during file/directory modification can be triggered when NFSv4.2 and a non-NFSv4.2 process access the NFS concurrently. The result is resource starvation leading to denial of service. The initial and c...

CVE-2021-4032

CVE-2021-4032 affects the Linux kernel KVM: arch/x86/kvm/lapic.c kvm_free_lapic. A failure during memory allocation when constructing a VCPU can mishandle memory errors, causing a kernel crash and enabling local-privilege attackers to trigger a denial of service. The issue exists in kernel versio...

CVE-2021-47572

CVE-2021-47572 affects the Linux kernel net: nexthop when adding an IPv6 nexthop while IPv6 is disabled (CONFIG_IPV6 not set). Root cause: nh_create_ipv6() dereferences ipv6_stub->fib6_nh_release in its error path, leading to a NULL pointer dereference. The fix returns the dummy stub’s -EAFNOS...

CVE-2022-0433

CVE-2022-0433 is a local denial-of-service vulnerability in the Linux kernel’s BPF subsystem. The issue is a NULL pointer dereference in the map_get_next_key function of the BPF bloom filter, allowing a local user to crash the system. Affected software: Linux kernel versions prior to 5.17-rc1. Ro...

CVE-2022-48772

CVE-2022-48772 affects the Linux kernel media lgdt3306a driver. Root cause: missing null-pointer check for platform_data in the probe path, causing a null-deref (observed via KASAN kmemdup in lgdt3306a_probe). Impact: potential kernel crash via local access; observed read of a null pointer. Remed...

CVE-2022-48918

CVE-2022-48918 — Linux kernel iwlwifi/mvm debugfs_dir null-pointer issue . When debugfs=off is passed, the iwiwifi mvm module used an unchecked debugfs_dir pointer, causing a kernel NULL pointer dereference (BUG) as shown in the provided trace (iwl_mvm_dbgfs_register). The issue is resolved by ad...

CVE-2022-49046

CVE-2022-49046 affects the Linux kernel i2c subsystem, specifically the dev: how the device name is set. The root cause is a missing check of the return value from dev_set_name(); if dev_set_name() fails, dev_name() may be null, leading to a potential null pointer dereference. The connected advis...

CVE-2022-49280

CVE-2022-49280 concerns the Linux kernel NFSD: nfssvc_decode_writeargs() underflow, mitigated by changing a length/args field to unsigned to prevent underflow. Public advisories (EulerOS, Unity Linux, Astra Linux, etc.) document this CVE within kernel updates, indicating the vulnerability affects...

CVE-2022-49546

Technical details (affected product/version, root cause, impact, fix specifics) are not publicly provided in the connected documents. Monitor for updates.

CVE-2023-1583

CVE-2023-1583 : A NULL pointer dereference in io_uring/filetable.c (io_file_bitmap_get) can be triggered after unregistration of fixed files when IORING_FILE_INDEX_ALLOC is used. The root cause is that context data (file_alloc_start/end and alloc_hint) is not cleared, allowing an unprivileged loc...

CVE-2023-53117

CVE-2023-53117 refers to a vulnerability in the Linux kernel related to the fs subsystem, specifically an out-of-bounds array speculation issue when closing a file descriptor. The connected advisories (EulerOS, Unity Linux) explicitly identify CVE-2023-53117 and describe the affected area as the ...

CVE-2024-26694

CVE-2024-26694 affects the Linux kernel wifi iwlwifi driver. The vulnerability arises from improper handling of TLV PC register data: the data storage in drv->fw area is freed without clearing the pointer, risking a double-free if a subsequent free occurs (e.g., when a file load fails after pa...

CVE-2024-26726

CVE-2024-26726 : In the Linux kernel, a Btrfs bug could panic when writing the free-space inode because the extent map was dropped on a write error and then looked up again, yielding EXTENT_MAP_HOLE on a second pass. The fix removes dropping the extent_map range for the failed free-space cache wr...

CVE-2024-26783

CVE-2024-26783 is a Linux kernel issue where, under NUMA balancing, wakeup_kswapd() could be invoked with an invalid zone index (-1) causing a page fault oops. The fix adds an index check before wakeup_kswapd() in mm/vmscan.c (resolved in the Linux kernel commit cited in the vulnerability descrip...

CVE-2024-27416

CVE-2024-27416 is a Linux kernel vulnerability: Bluetooth hci_event handling of HCI on_IO_CAPA_REQUEST when Read Remote Extended Features is pending could lead to an incorrect assumption that the remote supports SSP. The issue is addressed in kernel code by fixing the HCI_EV_IO_CAPA_REQUEST handl...

CVE-2024-35828

CVE-2024-35828 concerns the Linux kernel libertas WiFi code (lbs_allocate_cmd_buffer). In the for loop, if cmdarray[i].cmdbuf allocation fails, both cmdarray and cmdarray[i].cmdbuf must be freed, otherwise memory leaks occur in lbs_allocate_cmd_buffer(). The connected documents confirm a fix was ...

CVE-2024-38659

The CVE-2024-38659 issue affects the Linux kernel enic driver: enic_set_vf_port assumes fixed lengths for nl attributes (IFLA_PORT_PROFILE, IFLA_PORT_INSTANCE_UUID, IFLA_PORT_HOST_UUID) and validates them via nla_policy. The policy uses IFLA_PORT_PROFILE as NLA_STRING, IFLA_PORT_INSTANCE_UUID as ...

CVE-2024-39277

In CVE-2024-39277, the Linux kernel vulnerability arises when dma-mapping benchmark bound to NUMA_NO_NODE triggers UBSAN array-index-out-of-bounds in arch/x86/topology.h. The root cause is calling cpumask_of_node() for NUMA_NO_NODE inside do_map_benchmark(), leading to an invalid cpumask[-1] acce...

CVE-2024-42074

CVE-2024-42074 pertains to the Linux kernel’s ASoC AMD ACP driver. When the acp platform device creation is skipped, chip->chip_pdev can be NULL, leading to a potential NULL pointer dereference in snd_acp_resume. The connected Nessus/NASL entries confirm the root cause and describe the fix: ad...

CVE-2024-42098

The CVE-2024-42098 entry concerns the Linux kernel crypto/ecdh logic, where private_key can remain partially overwritten when a caller-supplied or newly generated key is shorter than the previous one. The documented fix explicitly zeroizes the entire private_key array before writing new material,...

CVE-2024-43855

CVE-2024-43855 is a Linux kernel vulnerability in the md (RAID) subsystem where a deadlock could occur while an mddev is suspended and a flush bio is in progress. The connected docs describe the root cause as non-atomic increment/decrement of the active_io counter during the md flush sequence, en...

CVE-2024-44957

CVE-2024-44957 is a Linux kernel issue affecting the Xen privcmd path, where irqfds handling could deadlock if mutexes were used under spin_lock_irqsave. The root cause is switching the synchronization primitive for irqfd wakeups from a mutex to a spinlock, due to EPOLLHUP being delivered to irqf...

CVE-2024-46744

The CVE-2024-46744 issue in the Linux kernel affects Squashfs by failing to sanity-check the symbolic link size read from disk. This causes the size (i_size) to be corrupted, which is later used to derive a length value that overflows a signed int in squashfs_symlink_read_folio(), leading to a po...

CVE-2024-46818

CVE-2024-46818 affects the Linux kernel’s DRM/AMD display driver. The root cause is using GPIO_ID_UNKNOWN (-1) as an array index; a patch adds a pre-check before indexing the gpio_id, fixing 5 Coverity-reported overrun issues. The vulnerability is addressed in kernel updates that include the drm/...

CVE-2024-47667

Mode C: The CVE-2024-47667 issue affects the Linux kernel PCI keystone workaround for Errata i2037 on AM65x SR1.0. The workaround limits inbound PCIe TLP read request size and payload to 128 bytes to prevent payload corruption and possible hang when a TLP spans more than two internal AXI 128-byte...

CVE-2024-47727

CVE-2024-47727 is a Linux kernel issue (x86/tdx) where userspace could trick the kernel into performing MMIO via #VE by pointing a syscall at an MMIO address. The root cause was the in-kernel MMIO check in handle_mmio() not guaranteeing the target MMIO address was within the kernel before decodin...

CVE-2024-49945

CVE-2024-49945 affects the Linux kernel where the ncsi work is not properly synchronized with the freeing of the ncsi device. The issue arises when the ncsi work function can run after the associated structure is freed, leading to use-after-free bugs or kernel panics. The documented impact is a p...

CVE-2024-50185

CVE-2024-50185 corresponds to a Linux kernel vulnerability in mptcp where a bugged peer can send corrupted DSS options, triggering warnings in the data path. The fix standardizes error handling (via DEBUG_NET assertions and controlled fallbacks/reset depending on subflow type) and dumps related M...

CVE-2024-50187

Technical details for CVE-2024-50187 are not provided in the supplied documents. Monitor for updates from the vendor advisories and linked references.

CVE-2024-50303

CVE-2024-50303 affects the Linux kernel: walk_system_ram_res_rev discards resource flags when passing information to the callback, causing IORESOURCE_SYSRAM_DRIVER_MANAGED memory to be selected for kexec buffers if located above normal RAM. This can lead to undefined behavior after reboot or a cr...

CVE-2024-56621

CVE-2024-56621 affects the Linux kernel SCSI/UFS subsystem. The root cause was that RTC work was cancelled only during __ufshcd_wl_suspend(), not when ufshcd is removed, allowing RTC work to run on removed internal ufshcd structures and potentially dereference NULL. The fix cancels RTC work durin...

CVE-2024-58053

The CVE-2024-58053 entry concerns the Linux kernel rxrpc. A fix was implemented for handling of a received connection abort: the abort must propagate from the connection level to the individual calls on that connection, and although the propagation flag is applied, the calls may not be woken to t...

CVE-2024-58100

CVE-2024-58100 concerns the Linux kernel BPF verifier and how it handles the changes_pkt_data property for extension/global programs. The available details describe a commit that: adds a changes_pkt_data flag to struct bpf_prog_aux, sets this flag for the main sub-program in check_cfg() and for o...

CVE-2025-21685

CVE-2025-21685 : In Linux kernel, a race in platform/x86 lenovo-yoga-tab2-pro-1380-fastcharger was fixed. The yt2_1380_fc_serdev_probe() path called devm_serdev_device_open() before initializing serdev client ops, risking a NULL pointer dereference in the serdev controller’s receive_buf handler w...

CVE-2025-21832

Summary: CVE-2025-21832 concerns a Linux kernel block layer issue where blkdev_read_iter() could incorrectly revert an iterator for certain I/O results. The underlying problem was gating position/count adjustments on a comparison that treated negative results as zero or positive, and not validati...

CVE-2025-21868

CVE-2025-21868 affects the Linux kernel networking path that manages small head cache and large MAX_SKB_FRAGS values. The issue arises when a specific revert and page-frag allocator behavior causes a splat in netif_napi_add_weight_locked during initialization, with the root cause tied to the smal...

CVE-2025-21893

CVE-2025-21893 concerns a use-after-free in the Linux kernel key handling. The issue arises when the key’s usage reaches 0 and the garbage collector may touch the key after it could have been freed. The fix changes the reclamation logic from inspecting the key’s refcount in the garbage collector ...

CVE-2025-22053

The CVE-2025-22053 issue affects the Linux kernel’s ibmveth driver, specifically the veth_pool_store path. The root cause is a race/ synchronization gap allowing two or more threads to enter veth_pool_store concurrently (via /sys/devices/vio/30000002/pool*/), which could lead to a hang. The provi...

CVE-2025-22080

The CVE-2025-22080 vulnerability affects the Linux kernel NTFS3 file system driver. It stems from an integer overflow in hdr_first_de() where de_off and used are taken from disk; on 32-bit systems, values exceeding UINT_MAX - 16 can bypass the check due to overflow. The issue has been resolved in...

CVE-2026-23401

CVE-2026-23401 (Linux kernel KVM x86/mmu issue) : The vulnerability arises when installing an emulated MMIO SPTE in KVM without first zapping an existing shadow-present SPTE, allowing guest memory writes outside the intended scope to trigger an MMIO SPTE installation. The root cause is a sequence...

CVE-2010-0727

CVE-2010-0727 affects the Linux kernel: the gfs2_lock (and on RHEL 5/6 gfs_lock) fails to properly remove POSIX locks on files that are setgid without group-execute permission. This allows a local attacker to trigger a denial of service or system crash by locking a file on a GFS or GFS2 filesyste...

CVE-2010-3859

CVE-2010-3859 stems from multiple signedness errors in the Linux kernel’s TIPC implementation, allowing local privilege escalation via a crafted sendmsg that triggers a heap-based buffer overflow in tipc_msg_build and related iovec handling (verify_iovec). Public sources confirm affected historic...

CVE-2010-4668

CVE-2010-4668 affects the Linux kernel up to 2.6.37-rc7, where blk_rq_map_user_iov in block/blk-map.c allows a local user to trigger a panic/DoS via a zero-length I/O request to a SCSI device, due to an unaligned map. The vulnerability is tied to an incomplete fix for CVE-2010-4163. Affected vers...