CVE-2013-2889

CVE-2013-2889 affects the Linux kernel HID subsystem, specifically the HID driver file hid-zpff.c. When the CONFIG_HID_ZEROPLUS option is enabled, a crafted device can let physically proximate attackers cause a denial of service via a heap-based out-of-bounds write (heap corruption). The connecte...

CVE-2013-4579

CVE-2013-4579 affects the Linux kernel up to version 3.12, specifically the ath9k_htc_set_bssid_mask function in drivers/net/wireless/ath/ath9k/htc_drv_main.c. The vulnerability uses a BSSID masking approach to determine the set of MAC addresses the Wi‑Fi device listens to, enabling remote attack...

CVE-2014-3601

CVE-2014-3601 is a Linux kernel/KVM issue affecting the kvm_iommu_map_pages function in virt/kvm/iommu.c up to kernel 3.16.1. The vulnerability arises from miscalculating the number of pages during a mapping failure, allowing a guest OS user to trigger either host memory corruption (denial of ser...

CVE-2014-8709

The CVE affects the Linux kernel: ieee80211_fragment in net/mac80211/tx.c, vulnerable in versions before 3.13.5 due to an improperly maintained tail pointer which can allow remote attackers to read packets and obtain cleartext information. A fix is available in Linux kernel 3.13.5 and later (see ...

CVE-2016-7915

CVE-2016-7915 affects the Linux kernel, where the hid_input_field function in drivers/hid/hid-core.c (pre-4.6) can be triggered by a physically proximate USB device (e.g., Logitech DJ receiver) to perform an out-of-bounds read, leaking kernel memory or causing a denial of service. The issue arise...

CVE-2017-18221

CVE-2017-18221 affects the Linux kernel: the __munlock_pagevec function in mm/mlock.c before 4.11.4 can be exploited locally via crafted mlockall/munlockall usage to cause NR_MLOCK accounting corruption and a denial of service. Affected versions are kernel prior to 4.11.4; the issue is mitigated ...

CVE-2018-14616

CVE-2018-14616 involves a NULL pointer dereference in the Linux kernel before 4.17.10. The flaw occurs in fscrypt_do_page_crypto() (fs/crypto/crypto.c) when handling a file inside a corrupted f2fs image. Affects the Linux kernel up to 4.17.10; the issue can cause a kernel crash (availability impa...

CVE-2021-47082

CVE-2021-47082 affects the Linux kernel tun/tun.c: a double-free in tun_free_netdev is caused by deferring dev->tstats and tun->security allocations to a new ndo_init routine (tun_net_init) that runs via register_netdevice(). If register_netdevice() fails, the destructor previously would no...

CVE-2022-3104

The CVE-2022-3104 entry concerns the Linux kernel (up to 5.16-rc6) where lkdtm_ARRAY_BOUNDS in drivers/misc/lkdtm/bugs.c does not check the return value of kmalloc(), enabling a NULL pointer dereference. Affected software is the Linux kernel, with root cause in unchecked kmalloc return leading to...

CVE-2022-48905

CVE-2022-48905 relates to a memory leak in the Linux kernel's ibmvnic driver during flushing of the reset-work-item. The issue is resolved by fixing the tiny memory leak in the reset work queue, as noted in the public description and repeated across connected advisories (Astra Linux and Nessus/Un...

CVE-2022-49152

CVE-2022-49152 affects the Linux kernel XArray feature, specifically the xas_create_range() path. When an existing entry with order >= XA_CHUNK_SHIFT is present, xas_create_range() can misinterpret it as a node and dereference xa_node->parent, potentially causing a crash (general protection...

CVE-2022-49413

CVE-2022-49413 affects the Linux kernel bfq driver (bfq_merge_bio). The vulnerability arises when a process migrates to a different cgroup or writeback starts bios for another cgroup, leaving stale cgroup data in bfq’s bic and potentially merging requests across distinct or dead bfq queues, riski...

CVE-2022-49606

CVE-2022-49606 affects the Linux kernel RDMA/irdma path. The issue is a sleep (mutex) operation taken to process RoCEv2 QPs on netdev events, which can trigger a BUG: sleeping function called from invalid context in mutex_lock and lead to a kernel crash. The fix removes RoCEv2 handling in irdma_c...

CVE-2022-49697

CVE-2022-49697 concerns a leak in the Linux kernel caused by a BPF lookup path that could leak a request_sock. The issue occurs when a BPF program performs a socket lookup that takes a refcnt on the socket and, after locating the child request_socket, returns the parent LISTEN socket via sk_to_fu...

CVE-2023-0469

CVE-2023-0469 is a use-after-free in io_uring/filetable.c (io_install_fixed_file) within the Linux kernel’s io_uring subcomponent during call cleanup, potentially enabling a local DoS. Affected: Linux kernel with vulnerable io_uring code. Exploitation details are not provided in the supplied docu...

CVE-2023-1193

CVE-2023-1193 : A use-after-free in setup_async_work within the Linux kernel’s KSMBD in-kernel Samba/CIFS stack can crash systems via access to freed work. Affected component: Linux kernel (Samba server/CIFS). Root cause: use-after-free in setup_async_work. Impact: potential denial of service thr...

CVE-2023-23006

CVE-2023-23006 affects the Linux kernel prior to 5.15.13. The vulnerability lies in drivers/net/ethernet/mellanox/mlx5/core/steering/dr_domain.c, which misinterprets the return value of mlx5_get_uars_page in error cases (expects NULL but receives an error pointer). This can lead to a faulty NULL-...

CVE-2023-3159

CVE-2023-3159 is a Linux kernel use-after-free in driver/firewire outbound_phy_packet_callback. A local privileged attacker can trigger a UAF when queue_event() fails, as described in the CVE entry and corroborated by connected Astra Linux advisories. Mitigation/remediation is via the vendor/kern...

CVE-2023-37454

CVE-2023-37454 affects the Linux kernel up to 6.4.2. It stems from a use-after-free in udf_put_super and udf_close_lvid triggered by a crafted UDF filesystem image in fs/udf/super.c. The external reference notes a different SUSE perspective. The provided connected documents do not specify a vendo...

CVE-2023-52699

In CVE-2023-52699, the Linux kernel SysV locking flaw caused sleep in atomic context because sb_bread() was invoked with pointers_lock held. The root cause spans historical locking changes: replacing BKL with a sysvfs-private rwlock (Linux 2.5.12) introduced a write_lock → read_lock deadlock; the...

CVE-2023-52735

The CVE-2023-52735 entry concerns a Linux kernel vulnerability in bpf/sockmap where sock_map_{close,destroy,unhash} could call themselves, risking a recursive loop and potential stack overflow. The design should prevent sock_map proto callbacks from calling themselves; the fix breaks recursive ca...

CVE-2023-52933

CVE-2023-52933 affects the Linux kernel Squashfs xattr_ids handling. Two overflow flaws were exposed by a corrupted filesystem: on 64‑bit systems, sign extension of xattr_ids when multiplied by sizeof(struct squashfs_xattr_id) can overflow and yield an incorrect len; on 32‑bit systems, the unsign...

CVE-2023-52997

CVE-2023-52997 is a Linux kernel vulnerability affecting ipv4: ip_metrics_convert() where an attacker could exploit speculative execution to leak kernel memory content. The issue arises from using a value as an array index (type) without sufficient protection, allowing a spectre v1 gadget. The de...

CVE-2024-24860

CVE-2024-24860 : A race condition in the Linux kernel Bluetooth device driver, in the functions {min,max}_key_size_set(), can cause a NULL pointer dereference and potentially kernel panic or denial of service. Affected component: Linux kernel Bluetooth subsystem. Exploitation status and remediati...

CVE-2024-25740

CVE-2024-25740 describes a memory leak in the Linux kernel UBI driver (drivers/mtd/ubi/attach.c) up to version 6.7.4 for UBI_IOCATT, where kobj->name is not released. The issue affects the kernel code path used to attach UBI devices and is documented with an impact of high on availability. Con...

CVE-2024-26776

CVE-2024-26776 pertains to the Linux kernel SPI driver for Hisilicon SFC v3xx. The issue arises when the interrupt handler receives an empty interrupt, leading to a NULL pointer dereference. The fix is to return IRQ_NONE when no interrupt is detected, thereby preventing the NULL dereference. Impa...

CVE-2024-38381

CVE-2024-38381 affects the Linux kernel vulnerability in the NFC NFC-NCI path. The issue is an uninitialized-value access in nci_rx_work, which parses a received packet from ndev->rx_q without validating header size, payload size, and total packet size before processing. An invalid packet coul...

CVE-2024-41015

CVE-2024-41015: Linux kernel ocfs2 vulnerability fixed by adding bounds checking in ocfs2_check_dir_entry() to validate ocfs2_dir_entry members and prevent memory overrun. The patch ensures sanity checks keep directory entry fields within valid memory bounds, addressing potential out-of-bounds/NU...

CVE-2024-42160

Summary (CVE-2024-42160): In the Linux kernel, the f2fs subsystem had a validation gap in fault attribute handling. Specifically, fault attrs were not validated in parse_options(), and the patch adds a check in f2fs_build_fault_attr() and switches to using f2fs_build_fault_attr() in __sbi_store()...

CVE-2024-42161

Technical details about CVE-2024-42161 are not publicly provided in the connected documents. The description mentions a Linux kernel BPF_CORE_READ_BITFIELD uninitialized value fix and a patch to initialize val, but there are no explicit affected products/versions or remediation steps beyond the p...

CVE-2024-42272

The connected IBM Security Bulletin confirms CVE-2024-42272 as a Linux kernel issue fixed in sched: act_ct. The root cause was the padding in zones_ht_key after a patch widened the rhashtable key from 2 to 16 bytes; rhashtable_lookup() could read uninitialized padding bytes. The fix ensures paddi...

CVE-2024-42297

CVE-2024-42297 concerns a Linux kernel f2fs issue where inodes are marked dirty during operations on a readonly filesystem, triggering a kernel panic during unmount. Root cause chain: do_sys_open -> f2fs_lookup -> __f2fs_find_entry -> f2fs_i_depth_write -> f2fs_mark_inode_dirty_sync -...

CVE-2024-43861

CVE-2024-43861 affects the Linux kernel (net/usb/qmi_wwan) where a memory leak could occur for non-IP packets due to an unused skb not being freed. The description in Connected documents confirms the fix: freeing the unused skb when non-IP packets arrive. The CIRCL/CVE sighting shows related advi...

CVE-2024-45021

CVE-2024-45021 affects the Linux kernel memcg_write_event_control path. The issue is described as a user-triggerable oops caused by an out-of-bounds/invalid mapping beyond a terminating NUL. A patch addressing this oops is noted in connected advisories, but exploitation status or practical exploi...

CVE-2024-46681

The CVE-2024-46681 entry affects the Linux kernel pktgen path: within pktgen_pg_net_init, the for_each_online_cpu loop was executed without holding a cpus_read_lock, risking a race that could trigger WARN_ON(smp_processor_id() != cpu) and flood logs. The fix introduces cpus_read_lock()/cpus_read_...

CVE-2024-46702

CVE-2024-46702 (Linux kernel) relates to Thunderbolt: when a router is removed, the code previously blocked cleanup of XDomain paths due to tb_disconnect_xdomain_paths() racing with tb_stop() during host router NVM upgrade. The fix marks the XDomain as unplugged during removal, allowing tb_stop()...

CVE-2024-46784

The CVE-2024-46784 issue affects the Linux kernel net: mana subsystem (mana_create_txq/rxq) where napi_disable() is called during cleanup before napi is enabled and hrtimer is initialized, leading to a kernel panic. The Astra Linux bulletin and related advisories confirm a resolved patch in the L...

CVE-2024-46817

CVE-2024-46817 is tied to the Linux kernel vulnerability in the DRM/AMD display driver. The issue arises when amdgpu_dm initialization proceeds with more than 6 streams, triggering an OVERRUN warning reported by Coverity. The root cause is that initialize logic should abort early; the fix returns...

CVE-2024-47666

CVE-2024-47666 is a Linux kernel vulnerability in the SCSI pm80xx driver. The bug arises when pm8001_phy_control() stores enable_completion on a stack address, sends resets, waits 300 ms, then returns; if a late PHY control response arrives after the 300 ms, a dangling enable_completion pointer i...

CVE-2024-49861

CVE-2024-49861 affects the Linux kernel: bpf: Fix helper writes to read-only maps. The issue allowed a BPF program to write into a read‑only map (e.g., frozen .rodata) via helpers using ARG_PTR_TO_{LONG,INT}, because meta->raw_mode wasn’t set and check_map_access_type() treated the map as read...

CVE-2024-49906

CVE-2024-49906 has concrete remediation on Root OS (rootio-linux) for Ubuntu 22.04 and Debian 11/12. The OSV entries indicate Root has patched CVE-2024-49906 in the rootio-linux package across multiple distributions with multiple fixed versions available. Ubuntu Security Notices and Debian/Ubuntu...

CVE-2024-49917

CVE-2024-49917 concerns the Linux kernel’s drm/amd/display path. The vulnerability is due to a potential NULL pointer dereference in dcn30_init_hw when either dc->clk_mgr or dc->clk_mgr->funcs is NULL. The fixed commits add explicit NULL checks to prevent accessing clk_mgr/clk_mgr->fu...

CVE-2024-50103

CVE-2024-50103 concerns a Linux kernel vulnerability in ASoC: qcom where asoc_qcom_lpass_cpu_platform_probe() could dereference a NULL pointer from a devm_kzalloc() call. The fixed code adds a NULL check after allocation to prevent NULL Pointer Dereference. Affected component is the kernel’s ASoC...

CVE-2024-50223

CVE-2024-50223: In Linux kernel sched/numa, a potential null pointer dereference in task_numa_work() could occur when a stress scenario unmapped a child address space, causing vma_next() to return NULL. The backtrace shows dereferencing a NULL vma in vma_migratable, leading to a crash. Root cause...

CVE-2024-57926

CVE-2024-57926 is a Linux kernel vulnerability affecting the Mediatek DRM path. The issue arises in the shutdown path where private->all_drm_private[i]->drm may be accessed after a failed mtk_drm_bind, causing a use-after-free detected by KASAN in drm_atomic_helper_shutdown. The root cause ...

CVE-2025-21685

CVE-2025-21685 : In Linux kernel, a race in platform/x86 lenovo-yoga-tab2-pro-1380-fastcharger was fixed. The yt2_1380_fc_serdev_probe() path called devm_serdev_device_open() before initializing serdev client ops, risking a NULL pointer dereference in the serdev controller’s receive_buf handler w...

CVE-2025-21688

CVE-2025-21688 : In the Linux kernel, a race between the DRM v3d scheduler and the IRQ execution thread occurs when signaling a fence after a job completes. The patch that assigns the job pointer to NULL after completion can race with run_job() assigning a new job, risking a NULL pointer derefere...

CVE-2025-21780

CVE-2025-21780 affects the Linux kernel DRM/AMDGPU, where a local attacker could overflow a PPTABLE buffer in smu_sys_set_pp_table() by cycling pptables via sysfs. The issue arises when a small pptable is followed by a larger one, enabling a buffer overflow as described in the advisory. This vuln...

CVE-2025-21967

The CVE-2025-21967 issue affects the Linux kernel ksmbd subsystem, where a use-after-free could happen in ksmbd_free_work_struct because interim_entry of ksmbd_work could be deleted after an oplock is freed. The vulnerability details and remediation are confirmed by connected advisories (Azure Li...

CVE-2025-22050

The CVE-2025-22050 entry concerns the Linux kernel USB networking path. A race between usb_submit_urb and __usbnet_queue_skb occurs due to a missing usbnet_going_away check in usb_submit_urb, while __usbnet_queue_skb performs this validation. This can let a URB proceed while the corresponding SKB...