13804 matches found
CVE-2025-22115
CVE-2025-22115 : In the Linux kernel’s Btrfs subsystem, a race in block group refcount during two‑phase block group creation could lead to a broken refcount state and use‑after‑free conditions during transaction cleanup. The issue arises when a block group is added to space_info and later still i...
CVE-2025-22120
CVE-2025-22120 affects the Linux kernel ext4: in ext4_setattr(), a jump to the right label out_mmap_sem may occur. If ext4_inode_attach_jinode() fails, filemap_invalidate_unlock() may not be called to unlock mapping->invalidate_lock, leading to a hung task (as shown by the given EXT4-fs error ...
CVE-2025-37739
CVE-2025-37739 involves a Linux kernel issue in the f2fs filesystem where out-of-bounds access could occur during truncate_inode_blocks(). UBSAN reported an array-index-out-of-bounds in f2fs/node.h when get_nid() accessed i_nid with a negative index due to dn.ofs_in_node being zero while the load...
CVE-2025-37747
CVE-2025-37747 (Linux kernel) – perf hang on freeing sigtrap event Affects: Linux kernel perf subsystem, specifically perf_event_overflow and related task_work handling. When a deferred signal is not sent before a file is closed, freeing a sigtrap event can hang due to the interaction between per...
CVE-2025-37786
CVE-2025-37786 affects the Linux kernel's DSA (distributed switch architecture) routing-table handling. When a tree probe completes with complete = true and a later step fails, dst->rtable entries may remain referencing freed ports, causing a use-after-free. The advisory explains that on probe...
CVE-2025-37805
CVE-2025-37805 (Linux kernel) : The issue arises in sound/virtio (virtio_snd) during probe/remove sequences, where uninitialized sub-structures could trigger cancel_work_sync on an uninitialized work_struct, leading to a warning trace in kernel/workqueue.c. The fix (as discussed in the connected ...
CVE-2025-37830
In the Linux kernel, CVE-2025-37830 fixes a NULL pointer dereference in the CPU frequency (cpufreq) subsystem related to the scmi path. The root cause is that cpufreq_cpu_get_raw() may return NULL when the target CPU is not present in policy->cpus, and scmi_cpufreq_get_rate() did not check for...
CVE-2025-37844
CVE-2025-37844 refers to a Linux kernel issue in the CIFS subsystem. The vulnerability arises from a NULL pointer dereference in a dbg call path: cifs_server_dbg() could be invoked with a NULL server. The fix moves the dbg call under a conditional so the server is ensured non-NULL before access. ...
CVE-2025-37889
CVE-2025-37889 : In the Linux kernel’s ASoC code, platform_max was inconsistently interpreted as a control value versus a register value. The patching effort reverts a previous +min shift and updates all code paths to consistently treat platform_max as a control value (customer-facing representat...
CVE-2025-37994
CVE-2025-37994 affects the Linux kernel driver path usb: typec: ucsi: displayport. The root cause is a NULL pointer access in ucsi_displayport_work handling. A patch was applied to ensure the UCSI driver waits for all pending tasks in the ucsi_displayport_work queue to finish before partner remov...
CVE-2025-38004
The CVE-2025-38004 entry affects the Linux kernel CAN BCM subsystem. A race allowed by updates to the currframe/count in bcm_can_tx() could enable user-space-triggered modifications from hrtimer context, leading to a KASAN slab-out-of-bounds read. The patch fixes by moving the count variable into...
CVE-2025-38104
Technical details about CVE-2025-38104 (affected products, versions, exploit information, or fixes) are not provided in the supplied documents; monitor for updates.
CVE-2026-46242
Summary (CVE-2026-46242) : The Linux kernel contains a fix for a UAF in eventpoll related to ep_remove. The bug arose when ep_remove_file() cleared file->f_ep under file->f_lock but continued using @file inside the critical section, allowing a concurrent path to reach freed memory via f_op-...
CVE-2009-2406
CVE-2009-2406 refers to a stack-based buffer overflow in the parse_tag_11_packet function in fs/ecryptfs/keystore.c of the Linux kernel before 2.6.30.4. The issue arises from not ensuring that the key signature length in a Tag 11 packet is compatible with the key signature buffer size, enabling l...
CVE-2010-3477
The CVE-2010-3477 issue affects the Linux kernel’s net/sched/act_police.c (tcf_act_police_dump) in versions before 2.6.36-rc4. The root cause is incomplete initialization of certain structure members during dump operations, allowing local users to read potentially sensitive kernel memory. The vul...
CVE-2011-1090
CVE-2011-1090 affects the Linux kernel’s NFSv4 ACL handling: the function __nfs4_proc_set_acl in fs/nfs/nfs4proc.c allocates memory with kmalloc but does not always free it, enabling a local attacker to trigger a denial of service (panic) by crafting an ACL set operation. The vulnerability is doc...
CVE-2011-2496
CVE-2011-2496 affects the Linux kernel prior to 2.6.39. An integer overflow in vma_to_resize (mm/mremap.c) lets local users trigger a BUG_ON and system crash via a crafted mremap call that expands a memory mapping. Mitigation: upgrade to kernel 2.6.39 or later where the issue is fixed. The connec...
CVE-2013-2237
CVE-2013-2237 affects the Linux kernel prior to 3.9. The vulnerability arises because key_notify_policy_flush in net/key/af_key.c does not initialize a certain structure member, enabling local attackers to read kernel heap memory via a broadcast message on the IPSec key_socket notify_policy inter...
CVE-2013-2892
The CVE-2013-2892 issue affects the Linux kernel HID subsystem specifically the HID driver at drivers/hid/hid-pl.c. When CONFIG_HID_PANTHERLORD is enabled, a physically proximate crafted HID device can cause a heap-based out-of-bounds write, leading to a denial of service. The provided documents ...
CVE-2014-4652
CVE-2014-4652 affects the Linux kernel ALSA sound subsystem. A race condition in the tlv handler (snd_ctl_elem_user_tlv) within sound/core/control.c before version 3.15.2 allows local users to read kernel memory via /dev/snd/controlCX. Impact is partial confidentiality of kernel memory. The vulne...
CVE-2016-5412
CVE-2016-5412 affects the Linux kernel on PowerPC with CONFIG_KVM_BOOK3S_64_HV enabled. A guest OS user can trigger a host denial of service (infinite loop) by issuing a H_CEDE hypercall while a transaction is suspended. The description in the supplied documents confirms the affected file and con...
CVE-2017-16648
CVE-2017-16648 affects the Linux kernel, specifically the dvb_frontend_free function in drivers/media/dvb-core/dvb_frontend.c, up to kernel 4.13.11. The issue is a use-after-free in the DVB frontend management path that can be triggered by a crafted USB device, enabling local users to cause a den...
CVE-2020-36784
CVE-2020-36784 affects the Linux kernel i2c Cadence driver. The vulnerability arises because pm_runtime_get_sync incorrectly increments the PM usage counter even when the operation fails in cdns_i2c_master_xfer and cdns_reg_slave, causing a reference leak. The fix is to replace the finalization w...
CVE-2021-47074
In CVE-2021-47074, the Linux kernel nvme-loop module had a memory leak in nvme_loop_create_ctrl(): if nvme_init_ctrl() fails, the created loop ctrl must be freed before exiting. The fix ensures proper cleanup of the loop ctrl on error to avoid leaking memory. The vulnerability’s described impact ...
CVE-2021-47247
CVE-2021-47247 is a Linux kernel use-after-free in the mlx5e_encap_take path during neigh update, caused by improper handling when encap entries are concurrently inserted/deleted after rtnetlink lock changes. The issue is documented in upstream kernel notes and is listed in Debian’s DLA-4178-1 ad...
CVE-2021-47559
CVE-2021-47559 concerns a NULL pointer dereference in the Linux kernel’s net/smc path, specifically in smc_vlan_by_tcpsk(). The issue could lead to a NULL dereference when iterating lower devices and calling is_vlan_dev, potentially impacting availability. The advisory notes that the manual lower...
CVE-2022-48424
CVE-2022-48424 affects the Linux kernel prior to 6.1.3, where NTFS-3 file system code (fs/ntfs3/inode.c) fails to validate the attribute name offset, leading to an unhandled page fault. Affected component: NTFS-3 support in the kernel; root cause: incomplete validation of attribute name offset in...
CVE-2022-48638
CVE-2022-48638 pertains to the Linux kernel cgroup subsystem. The issue stems from cgroup_get_from_id() not validating that the looked-up kn is a directory, which must be a kernfs directory. If the id supplied by userspace points to a non-directory, it can trigger a kernel panic. The connected As...
CVE-2022-48664
CVE-2022-48664 concerns the Linux kernel, specifically the btrfs filesystem. The issue caused hangs during unmount when a space reclaim worker is stopped, usually observed as a long-blocked umount task in tests (e.g., generic/562). The described sequence shows the cleaner kthread starting a trans...
CVE-2022-48674
CVE-2022-48674 - erofs use-after-free on UP platforms : Linux kernel patch fixes a race in erofs where erofs_workgroup_unfreeze() doesn’t reset orig_val, allowing a pcluster to be reused after free. This leads to a use-after-free in paths such as z_erofs_do_read_page/z_erofs_readahead under stres...
CVE-2022-49300
CVE-2022-49300 affects the Linux kernel nbd subsystem. A race occurs when the nbd module is removed: nbd_genl_connect() may call nbd_alloc_config() concurrently, and although try_module_get() can fail, nbd_alloc_config() previously did not handle that. This can cause leakage of nbd_config and rel...
CVE-2022-49370
The CVE-2022-49370 issue affects the Linux kernel component handling firmware dmi-sysfs, where a memory leak occurs due to improper cleanup in dmi_sysfs_register_handle when kobject_init_and_add() returns an error. The documented fix is to call kobject_put() to release memory in that failure path...
CVE-2022-49721
CVE-2022-49721 affects the Linux kernel (arm64) ftrace. The root cause is inconsistent handling of PLT entries when calling ftrace trampolines: ftrace_modify_call() can produce out-of-range branches, causing warnings and no code change, or replace the old branch with a BRK, risking a kernel panic...
CVE-2022-49885
CVE-2022-49885 is a Linux kernel vulnerability in ACPI APEI where ghes_estatus_pool_init() can overflow due to signed integer math during len calculation (len += (num_ghes * GHES_ESOURCE_PREALLOC_MAX_SIZE)). The root cause is using int for num_ghes, which can overflow and cause subsequent vmalloc...
CVE-2023-3220
CVE-2023-3220 affects the Linux kernel (through 6.1-rc8) in the MSM DPU path: dpu_crtc_atomic_check in drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c does not validate kzalloc() return, causing a NULL pointer dereference. Impact is local attacker could crash the system; no remote code execution indicat...
CVE-2023-38432
CVE-2023-38432 affects the Linux kernel prior to 6.3.10. The KSMBD SMB2 server (fs/smb/server/smb2misc.c) does not validate the relationship between the SMB command payload size and RFC1002 length, causing an out-of-bounds read. Impact: potential information disclosure or crash as stated by affec...
CVE-2023-50431
CVE-2023-50431 concerns the Linux kernel driver path sec_attest_info in drivers/accel/habanalabs/common/habanalabs_ioctl.c, where info->pad0 is not initialized, allowing an information leak to user space. The vulnerability affects the Linux kernel up to versions around 6.6.5 (per the provided ...
CVE-2023-51782
The CVE-2023-51782 issue affects the Linux kernel (net/rose/af_rose.c) and is a use-after-free in rose_ioctl caused by a race in rose_accept. Affected versions are before 6.6.8. The vulnerability can lead to local privilege escalation or kernel crash. Mitigation: upgrade to Linux kernel 6.6.8 or ...
CVE-2023-52569
CVE-2023-52569 affects the Linux kernel's btrfs code path. The patch removes a BUG() on failure to insert a delayed dir index item and adds proper error handling, but it does not fix the underlying issue of using the same index number for different items, per the provided documentation. No exploi...
CVE-2023-52629
CVE-2023-52629 – Linux kernel use-after-free fixed Root cause: in switch_drv_remove(), the worker (flush_work) could be rescheduled by switch_timer, causing a use-after-free when the code frees psw after timer or worker cleanup. Consequence: a potentially exploitable use-after-free condition with...
CVE-2023-52691
CVE-2023-52691 concerns the Linux kernel’s DRM AMD power management path. The issue is a double-free in the AMD GPU driver flow: when allocation of adev->pm.dpm.dyn_state.vddc_dependency_on_dispclk.entries fails, amdgpu_free_extended_power_table is called to free fields, and if control flow re...
CVE-2023-53052
CVE-2023-53052 is a Linux kernel vulnerability in the CIFS/DFS codebase, where a use-after-free (UAF) bug occurred when DFS root sessions were kept alive in cifs_umount() during the DFS cache refresher. The fix makes DFS root sessions have the same lifetime as DFS tcons to prevent IPCs from acces...
CVE-2023-53058
CVE-2023-53058 – Linux kernel (net/mlx5, E-Switch) . The vulnerability arises when handling errors in the E-Switch error path: the code dereferences the pointer named “vport,” which can lead to an oops. The issue is localized to the kernel, requiring local access with low privileges; no user inte...
CVE-2023-53070
CVE-2023-53070 affects the Linux kernel: when PPTT is absent, multiple CPUs could call acpi_get_pptt() in atomic context, risking a sleep waiting on a mutex and a kernel crash trace. The fix updates acpi_get_pptt() to return NULL if PPTT is not available, avoiding sleeps in atomic context and pre...
CVE-2023-53078
CVE-2023-53078 is a Linux kernel memleak in the SCSI ALUA path (scsi_dh_alua: alua_activate). The issue occurs if alua_rtpg_queue() fails during alua_activate(), leaving the allocated qdata unreleased and causing a memory leak. The public docs indicate the fix is to free qdata in the error path. ...
CVE-2023-53114
CVE-2023-53114 - In the Linux kernel, the i40e Intel XL710 Ethernet driver had a crash during reboot when the firmware is in recovery mode. The root cause was that during recovery mode, the probe skipped pci_set_drvdata(), which later caused a NULL dereference in i40e_shutdown() during shutdown/r...
CVE-2023-53145
In the Linux kernel, the Bluetooth driver subsystem btsdio is affected by a use-after-free race in btsdio_remove. In btsdio_probe, data->work is bound to btsdio_work and started via btsdio_send_frame. If btsdio_remove executes while the work is unfinished, hdev could be freed but still used by...
CVE-2024-26657
CVE-2024-26657 relates to a NULL pointer dereference in the Linux kernel’s DRM scheduler code (drm_sched_entity_init). The issue could be triggered by AMDGPU user-space IOCTL flow: user calls AMDGPU_CTX_ALLOC_CTX via amdgpu_ctx_ioctl, then AMDGPU_WAIT_CS without submitting a job, which could lead...
CVE-2024-27402
CVE-2024-27402 affects the Linux kernel’s phonet/pep path. The description states a race in skb_queue_empty() is mishandled: receive queues are protected by their spin-locks, not the socket lock, which can cause skb_peek() to return NULL or a pointer to a socket buffer that has already been deque...
CVE-2024-36934
CVE-2024-36934 concerns a Linux kernel vulnerability where a kernel buffer allocated for a userspace copy of nbytes could lack a terminating NUL, causing an out-of-bounds read when sscanf is used on the buffer. The root cause is failing to ensure the copied buffer is NUL-terminated. The fix repla...