CVE-2013-0343

CVE-2013-0343 affects the Linux kernel’s IPv6 handling, specifically ipv6_create_tempaddr in net/ipv6/addrconf.c, up to version 3.8. It can allow a remote attacker to cause a denial of service (excessive retries and RA address-generation outage) and potentially obtain sensitive information via IC...

CVE-2015-0570

CVE-2015-0570 is a stack-based buffer overflow in the SET_WPS_IE IOCTL in wlan_hdd_hostapd.c of the Linux kernel WLAN driver (3.x/4.x), as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and similar products. Exploitation requires a crafted application with a long ...

CVE-2015-1420

CVE-2015-1420 is a Linux kernel race condition in fs/fhandle.c (handle_to_path) up to version 3.19.1. An attacker could bypass size restrictions by manipulating handle_bytes during handle_to_path execution to trigger reads from additional memory locations, enabling local read access to memory. Th...

CVE-2015-2042

CVE-2015-2042 affects the Linux kernel (pre-3.19). The vulnerability lies in net/rds/sysctl.c where an incorrect data type in a sysctl table can allow local users to read potentially sensitive kernel memory via a sysctl entry, with unspecified other impact. Affected products include kernel builds...

CVE-2015-8569

The CVE-2015-8569 issue affects the Linux kernel’s PPTP path: pptp_bind() and pptp_connect() in drivers/net/ppp/pptp.c do not verify the length of the sockaddr, enabling a local attacker to copy kernel memory to user space and bypass KASLR via a crafted application. The vulnerability is present i...

CVE-2015-8575

CVE-2015-8575: In Linux kernel

CVE-2017-15951

The CVE-2017-15951 issue affects the Linux kernel KEYS subsystem prior to 4.13.10. A race condition occurs because updates and negative-state key lookups are not properly synchronized, enabling a local user to trigger a denial of service and possibly other unspecified impacts via crafted system c...

CVE-2017-2634

CVE-2017-2634 affects the Linux kernel DCCP implementation prior to 2.6.22.17, where the IPv4-only inet_sk_rebuild_header() function was used for both IPv4 and IPv6 DCCP connections. This can result in memory corruptions and allows a remote attacker to crash the system. Connected advisories confi...

CVE-2021-47061

CVE-2021-47061 : Concrete details in connected advisories show a Linux kernel/KVM issue where destroying an I/O bus device must occur after unregister, and after SRCU-synchronization. The root cause is a use-after-free risk if devices are destroyed before the bus is nullified, because readers exp...

CVE-2021-47287

CVE-2021-47287 affects the Linux kernel. The issue is a memory leak in the auxiliary bus code when driver_register() fails. Specifically, if driver_register() returns an error, memory allocated for auxdrv->driver.name must be freed before returning from __auxiliary_driver_register(). The fix r...

CVE-2022-1678

CVE-2022-1678 affects Linux kernel 4.18–4.19, with memory/netns leaks due to improper sock reference handling in TCP pacing. Public Nessus/Unity advisories confirm the issue and reference kernel commits addressing the vulnerability; exploitation is described as remote via TCP pacing. Mitigation/r...

CVE-2022-48702

CVE-2022-48702 : In the Linux kernel, ALSA emu10k1’s snd_emu10k1_pcm_channel_alloc() can perform out-of-bounds access when the voice allocator wraps around near the end of the array (first_voice + requested_voice_count > 64). The UBSAN report shows index 65 accessed in snd_emu10k1_voice[64]. T...

CVE-2022-48921

Summary of CVE-2022-48921 : In the Linux kernel, a race between sched_post_fork() and setpriority(PRIO_PGRP) for a thread group can trigger a NULL pointer dereference in reweight_entity() (part of CFS). The scenario: a main process spawns multiple new threads that then call setpriority, while sch...

CVE-2022-49204

Summary: CVE-2022-49204 is a Linux kernel vulnerability in the bpf/sockmap path related to uncharged data handling when a tcp_bpf_sendmsg_redir sequence occurs. The root cause is that msg->sg.size can be charged twice across the __SK_REDIRECT path, leading to uncharged memory being left in sk_...

CVE-2022-49559

CVE-2022-49559 (Linux kernel, KVM/x86) is resolved. The issue involved dropping WARNs that incorrectly assumed KVM cannot let a triple fault (KVM_REQ_TRIPLE_FAULT) escape from L2 to L1. The vulnerability could be triggered when userspace injects a machine check while L2 is active with CR4.MCE=0, ...

CVE-2022-49788

Summary: CVE-2022-49788 in the Linux kernel affects the vmware vmci host datagram path. The issue is an information leak caused by padding in the vmci_event_qp struct allocated by qp_notify_peer(); uninitialized data could be exposed to userspace via copy_to_user. The vulnerability is tied to vmc...

CVE-2022-49903

CVE-2022-49903 affects the Linux kernel IPv6 routing: during ip6_route_net_init_late(), if the files ipv6_route or rt6_stats fail to be created, initialization may complete and later removing the proc entries could trigger a WARNING about the missing rt6_stats. The issue is a local-privilege-cont...

CVE-2022-49922

The CVE-2022-49922 issue in the Linux kernel concerns nfcmrvl: nfcmrvl_i2c_nci_send() not always freeing the skb. When nfcmrvl_nci_send() calls i2c_master_send() and it fails, skb is leaked. The fix ensures skb is freed unconditionally, regardless of i2c_master_send()’s return value. This vulnera...

CVE-2023-52481

CVE-2023-52481 affects ARM64 Linux kernels with Cortex‑A520 erratum 2966298. A speculatively executed unprivileged load could leak data from a privileged load via a cache side channel when returning to EL0, limited to loads in the same translation regime (same ASID/VMID). Mitigation implemented a...

CVE-2024-26881

The CVE-2024-26881 issue is a Linux kernel vulnerability affecting net: hns3 on HIP08 devices. The root cause is a NULL pointer dereference when an 1588/IEEE-1588 message is received because HIP08 devices do not register ptp devices, leaving hdev->ptp NULL, and the code may access hdev->ptp...

CVE-2024-35800

CVE-2024-35800 affects the Linux kernel EFI/kdump path. The root cause is calling get_next_variable() without validating the pointer, which in kdump can be NULL and cause a panic during kexec-ed kernel boot. The fix introduces a validity check before calling get_next_variable(), and the issue was...

CVE-2024-36915

CVE-2024-36915 concerns the Linux kernel’s NFC LLCP path where nfc_llcp_setsockopt() could unsafe-copy from user-supplied sockptr data, triggering a slab-out-of-bounds read. Symptom traces show reads of 4 bytes at a user task, linked to copy_from_sockptr() and inline copy_from_sockptr_offset; the...

CVE-2024-38576

CVE-2024-38576 affects the Linux kernel where rcuc: rcu: print_cpu_stall_info() could overflow a buffer when jiffies differences are large. The root cause involved printing an unsigned difference with %ld and a potential buffer overflow, which is fixed by replacing sprintf() with snprintf() and a...

CVE-2024-38661

CVE-2024-38661 is a Linux kernel vulnerability affecting the s390/ap subsystem. The issue stems from using signed int for internal bitmap-related variables in ap_parse_bitmap_str, allowing overflow during updates to /sys/bus/ap/apmask and related fields, which could trigger a kernel panic (panic_...

CVE-2024-40916

The CVE-2024-40916 issue concerns the Linux kernel DRM/Exynos HDMI driver. When EDID reading fails and the driver reports no modes, the DRM core previously exposed a 1024x786 mode which some Exynos HDMI variants cannot drive. The fix changes this fallback to a safe 640x480 mode to avoid rendering...

CVE-2024-40942

CVE-2024-40942 corresponds to a Linux kernel vulnerability involving the wifi/mac80211 mesh code. The issue was a leak of mesh_preq_queue objects that are stored in a per-mesh interface list to track path resolution. When an mpath is deleted or a mesh interface is removed, entries in this preq_qu...

CVE-2024-42236

CVE-2024-42236 affects the Linux kernel in the usb gadget configfs string handling. The vulnerability arises from not validating userspace-provided strings that can be empty, enabling an out-of-bounds (OOB) read at str[0-1] and a subsequent OOB write to str[0-1] = '\0'. The issue is fixed by addi...

CVE-2024-42288

CVE-2024-42288 relates to Linux kernel SCSI driver scsi: qla2xxx, where the Init Control Block (ICB) was dereferenced incorrectly, risking memory corruption. The vulnerability affects the qla2xxx path and has a local attack vector with low privileges; the impact is memory corruption (partial impa...

CVE-2024-42311

The CVE-2024-42311 issue is a Linux kernel vulnerability in the HFS filesystem where hfs_inode_info fields (.tz_secondswest, .cached_start, .cached_blocks) were not initialized after hfs_alloc_inode(). The connected advisories confirm a fix was applied in the kernel (patches referenced in multipl...

CVE-2024-43913

CVE-2024-43913 is a Linux kernel vulnerability affecting the nvme Apple driver. The root cause was improper device reference counting in the Apple nvme driver, leading to a memory leak on a tagset failure. The fix requires drivers to call nvme_uninit_ctrl after a successful nvme_init_ctrl and to ...

CVE-2024-44950

CVE-2024-44950 affects the Linux kernel serial driver for sc16is7xx. When enabling the special register set, Receiver time-out and RHR interrupts could cause the IRQ handler to read the FIFO via RHR at address 0x00, which is actually DLL, leading to erroneous FIFO reads. Root cause: invalid FIFO ...

CVE-2024-44974

CVE-2024-44974 affects the Linux kernel, describing a Use-After-Free risk in MPTCP path management when selecting end-points. The description specifies that select_local_address() and select_signal_address() return a reference to an endpoint read outside an RCU-protected window, risking UaF after...

CVE-2024-46746

The CVE-2024-46746 issue affects the Linux kernel HID AMD SFH driver (amd_sfh). The root cause is freeing driver_data after hid_destroy_device() returns, since driver_data is referenced by callbacks; this can lead to a slab-use-after-free in functions such as amd_sfh_get_report, as evidenced by t...

CVE-2024-46762

CVE-2024-46762 affects the Linux kernel xen privcmd path. A race between privcmd_irqfd_assign() and privcmd_irqfd_deassign() can leave a previously freed kirqfd in use, allowing access to a freed kirqfd and causing a kernel oops. The issue is mitigated by applying SRCU locking to irqfds, mirrorin...

CVE-2024-46775

CVE-2024-46775 affects the Linux kernel DRM AMD display path (drm/amd/display). Root cause: function return values were not checked before their results were used by subsequent calls. The patch resolves 4 CHECKED_RETURN issues reported by Coverity and fixes the vulnerability by validating return ...

CVE-2024-46809

In the Linux kernel, the vulnerability CVE-2024-46809 affects the drm/amd/display pathway where BIOS images are loaded. The root cause involved missing null checks, which could lead to failures when BIOS images are loaded. A fix adds explicit null checks before BIOS image usage and resolves six N...

CVE-2024-49880

The CVE-2024-49880 entry concerns an off-by-one in ext4 resizing logic (alloc_flex_gd) leading to a kernel BUG in resize operations (resize2fs) when resizing a filesystem. The vulnerability is addressed by a patch that removes the problematic +1 (and adds a WARN_ON_ONCE) to ensure flex_gd->res...

CVE-2024-49911

CVE-2024-49911 : In the Linux kernel, the drm/amd/display path (dcn20_set_output_transfer_func) added a null check for the set_output_gamma function pointer to prevent a potential NULL pointer dereference. The fix ensures set_output_gamma is non-NULL before invocation (previously checked only for...

CVE-2024-49918

CVE-2024-49918 relates to a Linux kernel issue in the AMD display path (drm/amd/display) where dcn32_acquire_idle_pipe_for_head_pipe_in_layer could dereference a null head_pipe. The fix adds a null check and returns NULL if head_pipe is null, preventing a potential NPE. Connected sources corrobor...

CVE-2024-49988

The CVE-2024-49988 issue affects the Linux kernel component ksmbd, specifically the ksmbd_conn structure. The related description states that oplock break requests use opinfo->conn, and that freeing of ->conn could be used on multichannel, so the patch adds a reference count to ksmbd_conn t...

CVE-2024-50240

The CVE-2024-50240 issue concerns the Linux kernel PHY driver for Qualcomm QMP-USB. After commit 413db06c05e7, driver data initialisation was removed but still used in runtime PM callbacks, causing a NULL-pointer dereference on runtime suspend when runtime PM is enabled via sysfs. The fix restore...

CVE-2024-53201

Technical details about CVE-2024-53201 are not provided in the supplied documents. No affected products, root cause, impact, or remediation details are included here; monitor for official disclosures.

CVE-2024-53230

CVE-2024-53230 affects the Linux kernel cpufreq CPPC path. The issue is a potential NULL pointer dereference in cppc_get_cpu_cost() when cpufreq_cpu_get_raw() returns NULL for a CPU not present in policy->cpus mask. The fix is to add a NULL check before dereferencing cppc_get_cpu_cost(), mitig...

CVE-2024-54031

Summary (CVE-2024-54031): The Linux kernel netfilter nft_set_hash vulnerability is due to an unaligned atomic read of the genmask field in struct nft_set_ext. The misalignment can trigger a kernel fault (alignment fault) and an OOPS in nft_rhash_gc, potentially leading to a crash or denial of ser...

CVE-2024-57974

The CVE-2024-57974 entry describes a race in the Linux kernel UDP path: if a UDP socket changes its local address during a receive after connect(), a secondary hash/tuple hash update may not complete in time, causing lookups to fail and potentially returning ECONNREFUSED. The issue arises from th...

CVE-2024-58016

CVE-2024-58016 (Linux kernel) fixes a safesetid vulnerability where syzbot could cause a kmalloc warning by writing an oversized buffer to a sysfs entry; the vulnerability arises from insufficient validation of write buffer sizes in handle_policy_update() and policy writes. The fix is to validate...

CVE-2024-58076

CVE-2024-58076 affects the Linux kernel clock framework for Qualcomm SoCs (e.g., gcc-sm6350). The issue occurs when a clk_rcg2 has a parent but lacks a defined parent_map, which can trigger a NULL pointer dereference during clk_set_rate, as evidenced by the kernel trace in the description. The pr...

CVE-2025-22008

CVE-2025-22008 is a Linux kernel vulnerability in the regulator subsystem. The issue arises when asynchronous driver probing allows a dummy regulator to be accessed before it has been probed, potentially enabling local access to disrupt system operation. The fix is to ensure the dummy regulator i...

CVE-2025-22038

CVE-2025-22038 concerns the Linux kernel, specifically the ksmbd path. The issue arises when accessing psid->sub_auth[psid->num_subauth - 1] without ensuring num_subauth is non-zero, which can cause an out-of-bounds read. The provided description states the patch adds a validation step to r...

CVE-2025-22041

The CVE-2025-22041 issue affects the Linux kernel ksmbd subsystem. In multichannel mode, a use-after-free can occur in ksmbd_sessions_deregister() when a second channel creates a session via the first channel’s connection, causing a freed session in the global session table to be dereferenced via...