CVE-2025-22083

The CVE-2025-22083 issue affects Linux kernel vhost-scsi handling: multiple vhost_scsi_set_endpoint calls without an intervening vhost_scsi_clear_endpoint can trigger three bugs in the vs_tpg lifecycle. 1) Use-after-free when no tpgs are found after a second call, due to freed vs->vs_tpg backi...

CVE-2025-22088

The CVE-2025-22088 entry concerns the Linux kernel RDMA erdma subsystem. A use-after-free in erdma_accept_newconn is triggered after erdma_cep_put(new_cep) frees new_cep, leading to a potential UAF. Connected documents confirm the issue and the fix in the kernel code, but do not provide specific ...

CVE-2025-23148

The CVE-2025-23148 issue applies to the Linux kernel: the Samsung Exynos chipid driver (exynos_chipid_probe) now checks soc_dev_attr->revision for NULL to prevent NULL-pointer dereference. This fixes a potential local dereference vulnerability. The fix mirrors a prior NULL-pointer dereference ...

CVE-2025-37871

CVE-2025-37871 concerns the Linux kernel, where a deadlock warning could occur in NFS delegation handling when a dl_recall queue fails. The root cause described is interaction between nfsd, nfs4_put_stid, and the delegation’s sc_count, which could deadlock during disassociation of an nfs4_delegat...

CVE-2025-40114

Technical details for CVE-2025-40114 are not publicly provided in the connected documents. The advisories reference the CVE but do not expose specifics here. Monitor official vendor/security bulletins for updates.

CVE-2009-1072

CVE-2009-1072 affects the Linux kernel prior to 2.6.28.9. nfsd in the kernel does not drop the CAP_MKNOD capability before handling a user request in a thread, enabling local users on an exported filesystem using root_squash to create device nodes. MiracleLinux 3 lists this as fixed in kernel-2.6...

CVE-2009-3228

The CVE-2009-3228 issue concerns the Linux kernel tc subsystem (net/sched/sch_api.c: tc_fill_tclass). In Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.31-rc9, certain structure members (tcm__pad1, tcm__pad2) are not initialized, which could allow local users to read sensitive data from ...

CVE-2010-0415

The CVE-2010-0415 issue affects the Linux kernel before 2.6.33-rc7. The do_pages_move function in mm/migrate.c does not validate node values, allowing local users to read arbitrary kernel memory locations and cause an OOPS, with possible other impacts by specifying a node outside the kernel’s nod...

CVE-2011-1171

CVE-2011-1171 affects the Linux kernel prior to 2.6.39, specifically the IPv4 netfilter ip_tables.c path. The issue is that string data in certain structure members may not end with the expected null terminator, enabling a local attacker with CAP_NET_ADMIN to craft a request and read the argument...

CVE-2011-4077

CVE-2011-4077 is a Linux kernel XFS-related vulnerability described in the provided documents as a buffer overflow in the xfs_readlink function (fs/xfs/xfs_vnodeops.c) when CONFIG_XFS_DEBUG is disabled. The issue affects Linux kernel 2.6 with XFS, allowing a local attacker to cause memory corrupt...

CVE-2011-4110

CVE-2011-4110 is a vulnerability in the Linux kernel 2.6 that affects the user_update function in security/keys/user_defined.c. The issue allows local users to trigger a denial of service via a NULL pointer dereference and kernel oops when updating a negative key into a fully instantiated key. Ex...

CVE-2013-1774

CVE-2013-1774 affects the Linux kernel (drivers/usb/serial/io_ti.c) prior to 3.7.4. The chase_port function allows local users to trigger a NULL pointer dereference and system crash by performing a read or write on a disconnected Edgeport USB serial converter, resulting in a denial of service. Th...

CVE-2013-4247

CVE-2013-4247: Off-by-one error in the Linux kernel fs/cifs/connect.c build_unc_path_to_root function (vulnerable before 3.9.6) can be triggered by a DFS share mount to cause memory corruption and system crash (Denial of Service). Multiple connected advisories (Unity Linux NES/USN entries and Ora...

CVE-2013-6378

CVE-2013-6378 affects the Linux kernel up to 3.12.1 and is tied to lbs_debugfs_write in drivers/net/wireless/libertas/debugfs.c. The vulnerability lets a local attacker with root privileges cause a denial of service (OOPS) via a zero-length write call. Multiple connected advisories reference this...

CVE-2013-7339

The CVE-2013-7339 issue affects the Linux kernel up to version 3.12.7 (fixed in 3.12.8) where the rds_ib_laddr_check function in net/rds/ib.c allows a local attacker to trigger a NULL pointer dereference via a bind(2) call on an RDS socket on systems without RDS transports. This can cause a denia...

CVE-2013-7421

CVE-2013-7421 : Linux kernel Crypto API flaw allows a local user to load arbitrary kernel modules via a bind() on an AF_ALG socket with a salg_name, in kernels before 3.18.5. This is the same class as CVE-2014-9644 and is addressed by the 3.18.5 fix (ChangeLog-3.18.5). Connected IBM and vendor ad...

CVE-2014-3184

The CVE-2014-3184 entry concerns the Linux kernel HID subsystem prior to 3.16.2, where report_fixup can be abused by a crafted device with a small HID report descriptor to trigger an out-of-bounds write and denial of service when the device is physically proximate. Affected components include HID...

CVE-2014-9090

CVE-2014-9090 affects the Linux kernel up to 3.17.4, where do_double_fault in arch/x86/kernel/traps.c mishandles SS fault conditions, allowing local users to cause a denial of service (panic) via modify_ldt (demonstrated by sigreturn_32 in linux-clock-tests). The issue was addressed by a patch li...

CVE-2015-3290

The connected Astra Linux bulletin describes CVE-2015-3290 in the Linux kernel context and confirms the vulnerability fix: limiting the Haswell performance counter period to mitigate NMI-related privilege escalation. It documents that the issue stemmed from a too-small initial frequency-estimatio...

CVE-2016-4557

CVE-2016-4557 affects the Linux kernel up to 4.5.4, where the replace_map_fd_with_map_ptr function in kernel/bpf/verifier.c mishandles an fd data structure, enabling local privilege escalation or a denial of service (use-after-free) via crafted BPF instructions referencing an incorrect file descr...

CVE-2016-5344

CVE-2016-5344 affects the MDSS driver in the Linux kernel 3.x, used in Qualcomm QuIC Android MSM contributions. The root cause is multiple integer overflows triggered by large size values in mdss_compat_utils.c, mdss_fb.c, and mdss_rotator.c, potentially causing denial of service and possibly oth...

CVE-2017-15102

CVE-2017-15102 originates from the Linux kernel prior to 4.8.1, where the tower_probe function in drivers/usb/misc/legousbtower.c can be exploited locally by a near-physically proximate attacker via a crafted USB device. The issue is triggered by a write-what-where condition that arises after a r...

CVE-2017-16650

CVE-2017-16650 affects the Linux kernel’s qmi_wwan_bind in drivers/net/usb/qmi_wwan.c (through kernel 4.13.11). A crafted USB device can be used by a local attacker to trigger a divide-by-zero, causing a denial of service (system crash) and potentially other impact. The vulnerability is locally e...

CVE-2018-1000200

CVE-2018-1000200 (Linux kernel) is detailed in connected Nessus/OpenVAS entries as affecting Linux kernel versions 4.14, 4.15, and 4.16. The vulnerability is a NULL pointer dereference that can trigger an out-of-memory (OOM) kill of large memory-locked (mlocked) processes. The root cause involves...

CVE-2019-10125

CVE-2019-10125 affects the Linux kernel (up to v5.0.4) where aio_poll() in fs/aio.c may release a file by aio_poll_wake() after vfs_poll() returns, causing a use-after-free. Connected advisories (Unity Linux UTSA entries) reproduce the vulnerable description and map the issue to kernel code path ...

CVE-2021-47498

The CVE-2021-47498 issue affects the Linux kernel where Device Mapper requests could be requeued during DM suspend due to blk-mq unquiesce calls from outside events, causing a kernel panic under nr_requests updates. The fix changes behavior to avoid queuing during suspend and to requeue requests ...

CVE-2022-0998

CVE-2022-0998 details an integer overflow in the Linux kernel's virtio device driver, specifically in vhost_vdpa_config_validate, permitting a local user to crash the system or potentially escalate privileges. Connected advisories confirm this flaw in the kernel virtio path and reference related ...

CVE-2022-49298

CVE-2022-49298 : Linux kernel staging rtl8712 driver fix for uninitialized mac[6] in r871xu_drv_init() after tmpU1b from r8712_read8(padapter, EE_9346CR) == 0. KMSAN reported uninit-value in that function and call chain (usb_intf.c:541; usb_probe_interface; device probing). Concrete details are p...

CVE-2022-49332

CVE-2022-49332 relates to the Linux kernel SCSI lpfc path. The vulnerability is a NULL pointer dereference in starget_to_rport() where calls may return NULL and the code could dereference a NULL rport. The described root cause is lack of a NULL check before dereferencing the rport, with the cited...

CVE-2022-49535

CVE-2022-49535 affects the Linux kernel SCSI lpfc path. The flaw can cause a use-after-free via premature node release when FLOGI/PLOGI handling fails or when non-zero ELS PLOGI status is processed if a dev-loss-evt work is pending. The described root cause is a premature decrementing of the ndlp...

CVE-2022-49616

CVE-2022-49616 affects Linux kernel ASoC Realtek rt7*-sdw headset codecs. The rt700, rt711, and rt711-sdca drivers lacked a null check on the card pointer in jack_detect_handler, allowing potential NULL dereferences during driver bind/unbind tests. Patch/mitigation involves hardened jack_detect_h...

CVE-2022-49698

CVE-2022-49698 detailed context : In the Linux kernel, a bug in netfilter involves updating per-CPU rnd_state from user context in the local_out path, potentially allowing a local attacker to influence randomness. The recommended fix replaces uses of prandom with get_random_u32, and shifts random...

CVE-2023-2006

CVE-2023-2006 describes a race condition in the Linux kernel RxRPC processing of bundles caused by insufficient locking. The issue can allow a local attacker to escalate privileges and execute arbitrary code within the kernel context. The vulnerability is tied to the RxRPC path, and the root caus...

CVE-2023-32257

CVE-2023-32257 affects the Linux kernel ksmbd (the in-kernel SMB server). The vulnerability stems from lack of proper locking when processing SMB2_SESSION_SETUP and SMB2_LOGOFF, enabling an attacker to execute code in the kernel context. The initial description documents the root cause and impact...

CVE-2023-5158

CVE-2023-5158: A flaw in the Linux kernel’s virtio ring host path (vringh_kiov_advance in drivers/vhost/vringh.c) can allow a denial of service from guest to host via a zero-length descriptor. The connected Astra Linux bulletin restates the same description for Linux kernels 5.15/6.1, but no conc...

CVE-2023-52479

The CVE-2023-52479 issue is in the Linux kernel ksmbd SMB2 oplock handling, where a use-after-free occurs due to not dropping a reference to opinfo after smb20_oplock_break_ack. The provided documents state that the fix is to drop the reference after use of opinfo, resolving the use-after-free. T...

CVE-2023-52484

CVE-2023-52484 affects the Linux kernel in iommu/arm-smmu-v3 where arm_smmu_mm_invalidate_range (renamed to arm_smmu_mm_arch_invalidate_secondary_tlbs since 6.6-rc1) can trigger a soft lockup during SVA-case TLBI range notifs. The issue is linked to not checking MAX_TLBI_OPS and near MMU tlb flus...

CVE-2023-52638

CVE-2023-52638 : Linux kernel patch changes the j1939_socks_lock to an rwlock to prevent a deadlock among j1939_socks_lock, active_session_list_lock, and sk_session_queue_lock. Patched code reduces circular lock dependency when a thread already holds j1939_socks_lock and may acquire sk_session_qu...

CVE-2023-52766

CVE-2023-52766 : In the Linux kernel, the i3c mipi-i3c-hci component suffers an out-of-bounds access in hci_dma_irq_handler when looping over rings->headers[i] beyond the number of allocated headers. The fix prevents iterating over non-allocated ring headers in hci_dma_init(), stopping the out...

CVE-2023-52888

CVE-2023-52888 is a Linux kernel vulnerability affecting the MediaTek vcodec driver, where vcodec memory free operations may attempt to free a NULL VA without proper checks. The root cause is an unguarded path in mtk_vcodec_mem_free() that can trigger warnings and, in practice, exposes a potentia...

CVE-2023-52913

CVE-2023-52913 affects the Linux kernel’s drm/i915 component, where gem_context_register() exposes a GEM context to userspace and later code path allows a separate thread to trigger I915_GEM_CONTEXT_DESTROY. The root cause is using the ctx pointer after context destruction and not making the ctx ...

CVE-2023-52932

The CVE-2023-52932 issue concerns the Linux kernel mm/swapfile get_swap_pages(), where a plist_for_each_entry_safe() loop could loop tens of thousands of times under memory pressure, risking soft lockup. The fix adds cond_resched() into get_swap_pages() when space isn’t found, addressing softlock...

CVE-2023-53006

CVE-2023-53006 covers a Linux kernel CIFS issue where an oops could occur due to an uncleared server->smbd_conn in reconnection. The fix, implemented in smbd_destroy(), clears the server->smbd_conn pointer after freeing the smbd_connection to avoid confusion during reconnection.

CVE-2023-53014

The CVE-2023-53014 issue affects the Linux kernel’s DMA engine (tegra). It describes a memory leak that occurs when terminating an ongoing transfer: the vdesc must be terminated and placed in the desc_terminated list, with the descriptor freed later in desc_free_list(). The provided connected doc...

CVE-2023-53051

CVE-2023-53051 affects the Linux kernel dm-crypt write path. The vulnerability arises because the dmcrypt_write() loop could run for an unbounded amount of time, risking a soft lockup. The approved fix adds cond_resched() to dmcrypt_write() to yield CPU and prevent long uninterruptible runs. Expl...

CVE-2024-0775

CVE-2024-0775 describes a use-after-free in the Linux kernel’s ext4 remount path: __ext4_remount in fs/ext4/super.c. The flaw lets a local user cause an information leak by freeing old quota file names before a potential failure, resulting in a use-after-free. Relevant connected documents confirm...

CVE-2024-26800

The CVE-2024-26800 entry concerns a Linux kernel TLS use-after-free in backlog decryption. Root cause: when crypto_aead_decrypt returns -EBUSY (not EINPROGRESS), tls_do_decryption waits for async decryptions, but if any completes with a failure, the code releases pages that may still be held by a...

CVE-2024-27403

CVE-2024-27403 : Linux kernel vulnerability in netfilter nft_flow_offload where the route object could double-release a dst reference if an error happens during flow_offload_add(), causing a refcount underflow. The issue arises because dst is moved to the flow object and the route object no longe...

CVE-2024-27435

Mode C | CVE-2024-27435: Linux kernel nvme over RDMA reconnection fix for ABBA deadlock due to reserved tag allocation. The Astra/IBM-related sources describe admin_q reconnect failing when rings share tagsets with fabric_q and a keep-alive command held a reserved tag, causing a reconnection dead...

CVE-2024-35821

CVE-2024-35821 relates to the Linux kernel ubifs filesystem. The issue arose because page cache reads are lockless, and the page uptodate flag could be set before the page contained the new data, exposing old data to concurrent readers. The fix moves the SetPageUptodate call into ubifs_write_end(...