13804 matches found
CVE-2024-27435
Mode C | CVE-2024-27435: Linux kernel nvme over RDMA reconnection fix for ABBA deadlock due to reserved tag allocation. The Astra/IBM-related sources describe admin_q reconnect failing when rings share tagsets with fabric_q and a keep-alive command held a reserved tag, causing a reconnection dead...
CVE-2024-35821
CVE-2024-35821 relates to the Linux kernel ubifs filesystem. The issue arose because page cache reads are lockless, and the page uptodate flag could be set before the page contained the new data, exposing old data to concurrent readers. The fix moves the SetPageUptodate call into ubifs_write_end(...
CVE-2024-35955
CVE-2024-35955 : Linux kernel vulnerability in kprobe registration that could cause a use-after-free if module unload changes MODULE_STATE from LIVE/GOING to UNFORMED between address checks. The fix switches to using only __module_text_address() and performs try_module_get(module) while MODULE_ST...
CVE-2024-35999
Technical details (affected kernel version, specific patch, exploitability) are not provided in the supplied documents; the CVE entry is referenced in advisories, but no concrete technical details are included here.
CVE-2024-36894
CVE-2024-36894 (Linux kernel) : A race in usb: gadget: f_fs between AIO cancellation and AIO completion for FFS UDC USB requests could lead to use-after-free of io_data->req. The issue occurs when an aio_cancel() from the FFS app overlaps with the UDC soft-disconnect path (notably in DWC3-base...
CVE-2024-39463
CVE-2024-39463 is a Linux kernel vulnerability in 9p: add missing locking around taking dentry fid list. The issue is a use-after-free on a dentry’s d_fsdata fid list when one thread looks up a fid through a dentry while another thread unlinks it. The UAF can occur in functions such as p9_fid_get...
CVE-2024-39475
The CVE-2024-39475 issue affects the Linux kernel framebuffer driver (fbdev) for savagefb: a patch prevents divide-by-zero by validating pixclock in savagefb_check_var, and savagefb_probe now handles the error return. The vulnerability arises when pixclock is 0, potentially causing a divide-by-ze...
CVE-2024-40932
CVE-2024-40932 affects the Linux kernel DRM Exynos VIDI driver. The issue is a memory leak in .get_modes() where a duplicated EDID is never freed, leading to potential memory exhaustion. The provided connected advisories confirm the root cause and the fix: a memory leak in drm/exynos/vidi: get_mo...
CVE-2024-41006
CVE-2024-41006 : Linux kernel vulnerability where a memory leak in nr_heartbeat_expiry() could occur due to the sock_hold() logic. The fix removes sock_hold() for non-listening sockets and retains it only for listening sockets, addressing a syzkaller-reported leak in nr_create(). The linked advis...
CVE-2024-43835
CVE-2024-43835 affects the Linux kernel virtio_net component, where a warning napi_skb_cache_put was triggered after a commit changed nested-BH locking for napi_alloc_cache. The issue stems from virtio assuming NAPI context in cases like netpoll, leading to warnings in net/core/skbuff.c during fr...
CVE-2024-44961
Technical specifics for CVE-2024-44961 are not publicly provided in the connected documents. No affected product version, root cause, or fix details are confirmed here. Monitor for updates from vendors and security advisories.
CVE-2024-44962
The CVE affects the Linux kernel Bluetooth btnxpuart driver. Root cause: when unloading btnxpuart, a timer is not reliably shut down, so if the timer is modified during unload it may fire and invoke the timer callback after the driver is gone, causing a kernel panic. The fix is to replace del_tim...
CVE-2024-46692
CVE-2024-46692 affects the Linux kernel firmware: qcom scm path. The root cause is that get_wq_ctx() was configured as a standard SMC call; when two SMCs sleep and one wakes, an interrupted get_wq_ctx() could sleep again while another SMC awaits a waitq context, creating a deadlock. The documente...
CVE-2024-46705
CVE-2024-46705 : Linux kernel vulnerability affecting the DRM XE component where reset of MMIO mappings is performed by setting mappings to NULL after device removal to prevent rogue access to unmapped MMIO. The description notes the risk of remapping unmapped MMIO and potential carnage; the fix ...
CVE-2024-46721
CVE-2024-46721 covers a NULL-pointer dereference in the Linux kernel’s AppArmor path when creating profiles. The issue arises in aafs_create.constprop.0 within aa_replace_profiles, where profile->parent->dents[AAFS_PROF_DIR] could be NULL if the parent was created by __create_missing_ancest...
CVE-2024-46813
CVE-2024-46813 affects the Linux kernel drm/amd/display code. The fix guards against out-of-bounds access by validating link_index before dereferencing dc->links[], where dc->links[] has a max size of MAX_LINKS; the issue could cause 3 overrun conditions and a resource leak, resolved by the...
CVE-2024-46815
CVE-2024-46815 affects the Linux kernel's DRM/AMD display code. The issue arises when accessing reader_wm_sets[] without validating num_valid_sets, which could yield a negative index and an OVERRUN. The description and connected advisories consistently state the fix was to check num_valid_sets be...
CVE-2024-47675
The connected Nessus advisories confirm CVE-2024-47675 affects the Linux kernel and describes the root cause as a use-after-free in bpf_uprobe_multi_link_attach(). If bpf_link_prime() fails, the error_free path frees the array of bpf_uprobe objects without unregistering them, leaking bpf_uprobe-&...
CVE-2024-47691
CVE-2024-47691 affects the Linux kernel’s F2FS subsystem, tied to a race condition in f2fs_stop_gc_thread() that can cause a use-after-free in sbi->gc_th. The issue can occur during remount/shutdown scenarios where gc_th is freed, and a guard is needed via sb->s_umount semaphore. The descri...
CVE-2024-49915
CVE-2024-49915 concerns the Linux kernel DRM AMD display driver. A null pointer dereference could occur in drm/amd/display during dcn32_init_hw if dc->clk_mgr is null. The fix adds an explicit NULL check before invoking clk_mgr functions, preventing dereferencing a null pointer. Public referen...
CVE-2024-49978
In CVE-2024-49978, the Linux kernel fix addresses UDP GSO fraglist segmentation after fragmentation remains in frag_list. The issue involved valid SKB_GSO_FRAGLIST skbs with specific geometry and invariants; datapath hooks like NAT/BPF can break these invariants. Under certain conditions, UDP cou...
CVE-2024-50031
CVE-2024-50031 affects the Linux kernel DRM V3D component (Raspberry Pi) where closing the kmscube fd does not stop the active perfmon, leaving v3d->active_perfmon as a stale pointer. This can lead to a kernel panic (Oops) when a new kmscube runs and attempts to stop the perfmon. The root caus...
CVE-2024-50221
CVE-2024-50221 affects the Linux kernel AMDGPU/Vangogh driver. The vulnerability arises from a memory out-of-bounds write in the GPU metrics table initialization (vangogh_get_gpu_metrics/smu_cmn_init_soft_gpu_metrics), where the metrics table allocation was too small to cover a subsequent memset....
CVE-2024-50300
CVE-2024-50300 affects the Linux kernel regulator rtq2208 driver, where an uninitialized use of regulator_config could trigger a kernel error. The issue has been fixed in the kernel (regulator: rtq2208: Fix uninitialized use of regulator_config). Connected sources point to patch commits in stable...
CVE-2024-53045
Technical details for CVE-2024-53045 are not provided in the supplied documents. No specifics on affected products, root cause, impact, or fixes are included here. Monitor official advisories for updates.
CVE-2024-53046
CVE-2024-53046 affects Linux kernel ARM64 in the imx8ulp device tree to correct the flexspi compatible string. The issue arises because imx8ulp flexspi supports 16 LUTs whereas imx8mm supports 32 LUTs, causing a startup warning if the string is incorrect. The fix updates arm64/dts: imx8ulp to ens...
CVE-2024-56656
CVE-2024-56656 affects the bnxt_en driver in the Linux kernel and is caused by an aggregation ID mask that was not updated for P7 (5760X) chips. The completion structures’ aggregation ID field was redefined from 16 bits to 12 bits on P7, freeing 4 bits for metadata (e.g., VLAN ID). As a result, t...
CVE-2024-56766
The CVE-2024-56766 issue affects the Linux kernel’s MTD/NAND path (mtd: rawnand) with a double-free in atmel_pmecc_create_user(). The root cause is allocating the user object with kzalloc() and then freeing it with kfree() after converting the allocation to devm_kzalloc(), leading to a use-after-...
CVE-2024-58098
The CVE-2024-58098 issue affects the Linux kernel BPF verifier, specifically the logic tracking changes_pkt_data for global sub-programs. When verifiers process calls to helpers, pointers may be invalidated inconsistently between callers and global sub-programs, making certain programs unsafe (e....
CVE-2025-21795
CVE-2025-21795: Linux kernel NFSD hang in nfsd4_shutdown_callback. When nfs4_client is in courtesy state, NFSD still sends the shutdown callback, causing cl_cb_inflight to remain non-zero and the operation to hang for about 15 minutes until the TCP layer reports the connection drop. The fix modif...
CVE-2025-21881
CVE-2025-21881 describes a Linux kernel vulnerability in the uprobes code path, specifically in uprobe_write_opcode() where a zero page (zeropage) is rejected but not properly accounted. The issue arises when a zero pfn is written to a PTE without increasing the RSS counter, causing the zero foli...
CVE-2025-21912
CVE-2025-21912 describes a Linux kernel issue in the Renesas GPIO driver (gpio_rcar) where register access was not properly protected, leading to spurious “Invalid wait context” messages when spinlock debugging is enabled. The patch switches protection to a raw_spinlock to serialize register acce...
CVE-2025-22013
The CVE-2025-22013 entry concerns Linux kernel KVM on arm64, where host FPSIMD/SVE/SME state could be lazily saved and flushed, risking stale host state in memory and related issues (e.g., SVE discard due to TIF_SVE/CPACR_ELx.ZEN config, ptrace modifications, and non‑protected VM scenarios). The ...
CVE-2025-22073
CVE-2025-22073 concerns the Linux kernel spufs subsystem. The issue is a leak in spufs_new_file() on failure during spufs_fill_dir(), where the caller proceeds to spufs_rmdir() to clean up, but the resulting dentry remains negative and must be explicitly dropped. The vulnerability is resolved in ...
CVE-2025-22105
CVE-2025-22105 affects the Linux kernel bonding driver. When an XDP program is attached to a bonded interface, changing the bond mode may trigger a warning inside bond_xdp_set. The fix adds a check for the presence of an XDP program when setting bond mode, since some modes (e.g., balance-rr with ...
CVE-2025-23158
The CVE-2025-23158 vulnerability affects the Linux kernel media: venus: hfi queue handling, where a firmware-modified large qsize can cause an OOB write when a new_wr_idx is not validated. The issue originates in reading/writing the shared queue (qhdr->q_size) and can lead to an out-of-bounds ...
CVE-2025-37767
The CVE-2025-37767 entry describes a Linux kernel vulnerability in the drm/amd/pm path where division by zero is possible if the user sets a speed value greater than UINT_MAX/8. The flaw is triggered locally and carries a CVSSv3.1 base score of 5.5 (Medium) with impactLimited to availability and ...
CVE-2025-37812
CVE-2025-37812 concerns the Linux kernel cdns3 driver: a deadlock in NCM gadget usage can occur under PREEMPT_RT when heavy network traffic triggers the threaded interrupt handler to be preempted by softirq. The root cause is protection by the same spinlock shared by the threaded IRQ and softirq....
CVE-2025-37839
CVE-2025-37839 (Linux kernel) fixes a journal-related logic flaw in jbd2. The root cause was the incorrect use of sb->s_sequence to determine journal emptiness; it should rely on sb->s_start, which is set earlier. Since 0 is a valid transaction ID, the previous check could spuriously trigge...
CVE-2025-37859
The CVE-2025-37859 issue affects the Linux kernel page_pool subsystem. The root cause was a bug where page_pool_release_retry() could wake up the kworker repeatedly when inflight became negative, causing an infinite reschedule loop and flooding logs. The published fix mitigates this by not resche...
CVE-2025-37884
CVE-2025-37884: In the Linux kernel, a deadlock between rcu_tasks_trace and event_mutex was fixed. The issue manifested in _free_event() calling perf_trace_event_unreg() under mutex_lock(&event_mutex) while perf_kprobe_destroy() could synchronize_rcu_tasks_trace(), and in bpf_prog_test_run_syscal...
CVE-2025-39989
The CVE-2025-39989 issue affects the Linux kernel’s x86 memory error handling (MCE) path. Root cause: a patch series changes the copy-from-user recovery flow by introducing and switching extable fixup types, notably EX_TYPE_EFAULT_REG, instead of handling EX_TYPE_UACCESS for poison found in get_u...
CVE-2026-31670
Summary: CVE-2026-31670 affects the Linux kernel rfkill subsystem. The vulnerability allows a local attacker to create an unbounded number of rfkill events (without consuming them from the rfkill descriptor), potentially leading to memory exhaustion and DoS. The issue is fixed by bounding the num...
CVE-2009-4536
CVE-2009-4536 affects the Linux kernel ≤ 2.6.32.3 in the e1000 (drivers/net/e1000/e1000_main.c): it mishandles frames larger than MTU by treating trailing payload as a full frame, allowing remote bypass of packet filters with a crafted large packet. The issue is described as a consequence of an i...
CVE-2010-4072
CVE-2010-4072 affects the Linux kernel: the copy_shmid_to_user function in ipc/shm.c (pre-2.6.37-rc1) does not initialize a certain structure, enabling local users to leak potentially sensitive information from kernel stack memory via the shmctl interface and the old shm interface. Affected produ...
CVE-2010-4083
CVE-2010-4083 affects the Linux kernel (pre-2.6.36). The vulnerable code path is copy_semid_to_user() in ipc/sem.c, where a structure is not initialized, enabling local attackers to leak kernel stack memory via semctl commands (IPC_INFO, SEM_INFO, IPC_STAT, SEM_STAT). The issue is mitigated by up...
CVE-2011-1078
CVE-2011-1078 affects the Linux kernel prior to 2.6.39. The vulnerable code is sco_sock_getsockopt_old in net/bluetooth/sco.c, where a structure used with the SCO_CONNINFO option is not initialized, enabling a local attacker to read potentially sensitive data from kernel stack memory. Exploitatio...
CVE-2011-1079
The CVE-2011-1079 issue affects the Linux kernel up to version 2.6.38 (before 2.6.39) in the bnep_sock_ioctl path (net/bluetooth/bnep/sock.c). A local attacker could exploit inadequate termination of a device field (missing trailing NUL) via a BNEPCONNADD command to read kernel stack memory and p...
CVE-2011-1172
The CVE-2011-1172 issue affects the Linux kernel IPv6 stack (net/ipv6/netfilter/ip6_tables.c): root cause is failure to append a null terminator to certain string values, enabling local memory information disclosure via a crafted request (CAP_NET_ADMIN) and reading the modprobe argument. Impact i...
CVE-2012-6638
CVE-2012-6638 (Linux kernel) affects the tcp_rcv_state_process in net/ipv4/tcp_input.c and can cause a DoS due to a flood of SYN+FIN packets. The vulnerability exists in kernels before 3.2.24 and is fixed in the 3.2.24 update (per ChangeLog-3.2.24). Exploitation is described as remote and results...