CVE-2023-53070

CVE-2023-53070 affects the Linux kernel: when PPTT is absent, multiple CPUs could call acpi_get_pptt() in atomic context, risking a sleep waiting on a mutex and a kernel crash trace. The fix updates acpi_get_pptt() to return NULL if PPTT is not available, avoiding sleeps in atomic context and pre...

CVE-2023-53078

CVE-2023-53078 is a Linux kernel memleak in the SCSI ALUA path (scsi_dh_alua: alua_activate). The issue occurs if alua_rtpg_queue() fails during alua_activate(), leaving the allocated qdata unreleased and causing a memory leak. The public docs indicate the fix is to free qdata in the error path. ...

CVE-2023-53114

CVE-2023-53114 - In the Linux kernel, the i40e Intel XL710 Ethernet driver had a crash during reboot when the firmware is in recovery mode. The root cause was that during recovery mode, the probe skipped pci_set_drvdata(), which later caused a NULL dereference in i40e_shutdown() during shutdown/r...

CVE-2023-53145

In the Linux kernel, the Bluetooth driver subsystem btsdio is affected by a use-after-free race in btsdio_remove. In btsdio_probe, data->work is bound to btsdio_work and started via btsdio_send_frame. If btsdio_remove executes while the work is unfinished, hdev could be freed but still used by...

CVE-2024-26657

CVE-2024-26657 relates to a NULL pointer dereference in the Linux kernel’s DRM scheduler code (drm_sched_entity_init). The issue could be triggered by AMDGPU user-space IOCTL flow: user calls AMDGPU_CTX_ALLOC_CTX via amdgpu_ctx_ioctl, then AMDGPU_WAIT_CS without submitting a job, which could lead...

CVE-2024-27402

CVE-2024-27402 affects the Linux kernel’s phonet/pep path. The description states a race in skb_queue_empty() is mishandled: receive queues are protected by their spin-locks, not the socket lock, which can cause skb_peek() to return NULL or a pointer to a socket buffer that has already been deque...

CVE-2024-36934

CVE-2024-36934 concerns a Linux kernel vulnerability where a kernel buffer allocated for a userspace copy of nbytes could lack a terminating NUL, causing an out-of-bounds read when sscanf is used on the buffer. The root cause is failing to ensure the copied buffer is NUL-terminated. The fix repla...

CVE-2024-37078

CVE-2024-37078 - Linux kernel nilfs2 writeback fix Affected component: the Linux kernel filesystem nilfs2.Root cause: during log writer writebacks for segment summaries or super root blocks, the code did not wait for ongoing folio/page writebacks on the backing device’s page cache, creating an in...

CVE-2024-38578

The CVE-2024-38578 issue is a Linux kernel vulnerability in ecryptfs: the buffer for the TAG 66 packet was 3 bytes too small, causing a potential write past the end (KASAN slab-out-of-bounds). The fix increases the allocation size to ensure the entire packet fits, addressing the bug described in ...

CVE-2024-40937

CVE-2024-40937 refers to a Linux kernel vulnerability in the gve driver where napi->skb was not cleared before freeing the skb with dev_kfree_skb_any(), potentially leaving a dangling napi pointer returned by napi_get_frags. The fix clears napi->skb before the skb is freed. Connected docume...

CVE-2024-41031

CVE-2024-41031 (Linux kernel) affects ARM64 builds where HPAGE_PMD_ORDER is 13 for 64KB base pages. The vulnerability arises in mm/filemap when the PMD-sized page cache cannot be supported by xarray, triggering kernel warnings and a broken path during page cache handling. The impact is described ...

CVE-2024-42105

CVE-2024-42105 – nilfs2 inode range/UAF fixes in Linux kernel : The referenced security issue is mitigated by a patch series for nilfs2 that fixes a use-after-free and several inode-number range problems. Specifically, nilfs->ns_first_ino (the first non-reserved inode) was read from the superb...

CVE-2024-42110

CVE-2024-42110 affects Linux kernel ntb_netdev when using idxd as the data mover for ntb_transport. The interrupt completion handler uses a threaded interrupt and calls __netif_rx(), which is only valid in interrupt context, causing instability. The recommended fix is to call netif_rx() (or netif...

CVE-2024-45003

CVE-2024-45003 concerns a Linux kernel vulnerability where inode eviction can deadlock during inode LRU traversal. The issue arises in the inode reclaim path (prune_icache_sb) when reclaiming inodes marks i_freeing and other processes attempt to iget under the same LRU context, risking deadlocks ...

CVE-2024-45008

CVE-2024-45008 affects the Linux kernel input subsystem. The vulnerability arises when input_mt_init_slots() allocates slots based on user-supplied num_slots via UI_DEV_CREATE, risking oversized allocations. A patch caps the maximum slots at 1024, mitigating memory exhaustion. Connected advisorie...

CVE-2024-46678

CVE-2024-46678 affects the Linux kernel bonding subsystem. The root cause was ipsec_lock being a spin lock used to protect ipsec_list, but bond’s xfrm operations may sleep, triggering scheduling-while-atomic. The patch changes bond->ipsec_lock from a spin lock to a mutex, ensuring xdo_dev_stat...

CVE-2024-46691

CVE-2024-46691 affects the Linux kernel USB Type-C UCSI path. The unregister path (ucsi_unregister) moved to be called from atomic context due to a PMIC_GLINK/IRq-callback spinlock change, making sleepable code paths (unregister) unsafe. This creates a potential flaw where unregistration can occu...

CVE-2024-46896

The CVE-2024-46896 vulnerability is in the Linux kernel DRM/AMDGPU path. It stems from a memset in drm_sched_job_init() that overwrites the initialized base.sched field in amdgpu_job_alloc, causing a CS validation path to be rejected with a bogus ring and potentially a crash. The fix passes NULL ...

CVE-2024-47711

Technical details about CVE-2024-47711 (affected products, impact, and fixes) are not provided in the supplied documents. Monitor official advisories and vendor patches for updates.

CVE-2024-48875

In the Linux kernel, CVE-2024-48875 is described as a fix for a btrfs issue: don’t take the dev_replace rwsem if the task already holds it. The root cause is a possible deadlock when btrfs_dev_replace flow takes the same rwsem twice during operations like btrfs_map_block, as demonstrated by a loc...

CVE-2024-49857

CVE-2024-49857 (Linux kernel) involves the wifi iwlwifi mvm path where the cipher pointer is not initialized before it is dereferenced during secured NDP ranging. The underlying bug is a NULL pointer dereference caused by dereferencing an uninitialized cipher pointer. The fixed description states...

CVE-2024-49874

CVE-2024-49874 affects the Linux kernel’s i3c master subsystem (svc_i3c_master). The issue is a use-after-free race between the worker threads bound to master->hj_work and master->ibi_work during cleanup. If the module is removed, master->base can be freed while a worker may still access...

CVE-2024-50065

Technical details for CVE-2024-50065 are not provided in the connected documents. Monitor for updates.

CVE-2024-50210

The CVE-2024-50210 issue is in the Linux kernel posix-clock routine pc_clock_settime(). If get_clock_desc() succeeds, the code locks the clock’s fd and holds the rwsem; the error path failed to release the lock and fput the fd, causing unbalanced locking and a potential resource leak. The root ca...

CVE-2024-50274

CVE-2024-50274 affects the Linux kernel IDPF driver. The issue occurred when the device control plane is removed or the platform reboots; on driver reset, resources are freed and the code path could access a released vport pointer while monitoring tools query link settings. The fix moves link_spe...

CVE-2024-53116

CVE-2024-53116 concerns the Linux kernel panic/warning scenario in the Panthor DRM/GPU VM path. The description documents a bug in partial GPU mapping of buffer objects (BOs) where Panthor failed to correctly handle mappings that span multiple scatterlists and where the mapping offset did not sta...

CVE-2024-53188

Technical details beyond the initial description are not provided in the connected documents. No vendor/product/version data here; monitor for updates for concrete impact, affected products, and fixes.

CVE-2024-56588

CVE-2024-56588 (Linux kernel) affects the hisi_sas driver. The issue arises when dump files are created on the fly during debugfs dump, which leads to a NULL pointer dereference and kernel hang if the driver is unbound while dumping. The root cause is allocating memory and creating debugfs entrie...

CVE-2024-56620

In CVE-2024-56620, the Linux kernel fix targets the SCSI: ufs: qcom path. The bug occurs when platform MSI resources are freed even if ESI is not enabled, leading to a NULL pointer dereference (Unable to handle kernel NULL pointer dereference at 0x8) during device removal. The impact is a local f...

CVE-2024-56622

Summary: CVE-2024-56622 is a Linux kernel vulnerability in the SCSI UFS core sysfs path that can trigger a division by zero when monitoring is disabled. The issue is tracked across multiple vendors/distros with fixed releases: Debian LTS advisory DLA-4076-1 notes a fix in linux-6.1-6.1.6.1.128-1~...

CVE-2024-56665

CVE-2024-56665 refers to a Linux kernel issue in the bpf/perf subsystem. The crash arises when a tracepoint perf event uses a BPF program with attr.inherit=1, and the event is inherited by a child after fork, causing the child to share the parent’s tp_event->prog_array. On teardown, the first ...

CVE-2024-56772

The CVE-2024-56772 entry describes a use-after-free in Linux kernel kunit: in kunit_debugfs_create_suite(), if alloc_string_stream() fails during kunit_suite_for_each_test_case(), suite->log has already been assigned and the error path frees the stream but does not NULL the pointer. This leads...

CVE-2024-57806

CVE-2024-57806 relates to a Linux kernel btrfs quota (SIMPLE_QUOTA) atomicity bug. The fix ensures the BTRFS_FEATURE_INCOMPAT_SIMPLE_QUOTA flag is set immediately after enabling SIMPLE_MODE, so both the quota status flag and the incompat flag are flushed in the same transaction. Without this, a s...

CVE-2024-57982

CVE-2024-57982 — Linux kernel xfrm state lookup : A race between lookup and hash table resizing could observe an hmask value too large for the new hashtable, enabling an out-of-bounds read in xfrm_state_lookup_byaddr() during lookup. The fix prefetches net->xfrm.state_hmask and associated poin...

CVE-2024-58079

CVE-2024-58079 : In the Linux kernel, a bug in media: uvcvideo could crash on unbind if a GPIO unit is in use. The root cause was using the wrong device for device-managed cleanup (usb device instead of the interface device), which could leave IRQs enabled and lead to an access to freed memory on...

CVE-2025-21995

The CVE-2025-21995 entry documents a Linux kernel vulnerability in drm/sched related to a fence reference count leak. The root cause is a leak of the last_scheduled fence when an entity is killed and adding a cleanup callback fails; the fix decrements the prev fence reference count when dma_fence...

CVE-2025-22036

CVE-2025-22036: In the Linux kernel exfat code, get_block can corrupt a stack when a buffer_head is allocated on the stack during racing reads (e.g., do_mpage_readpage). The fix ensures -EAGAIN is returned if a folio has no buffers when bh_read is invoked, so the caller can fallback to block_read...

CVE-2025-22044

CVE-2025-22044 relates to a Linux kernel vulnerability in the ACPI NFIT handling (acpi_nfit_ctl). The issue arises from a narrowing conversion of a user-supplied 64‑bit value (call_pkg->nd_family) to int after a zero-check, which could allow an invalid argument to pass when the lower 32 bits a...

CVE-2025-22081

CVE-2025-22081 is addressed in the Linux kernel: the NTFS3 code fixed integer overflow issues on 32-bit systems caused by an off + sizeof(struct NTFS_DE) addition. The fix replaces that addition with size_add(), mitigating a local-privilege style risk on 32-bit builds. Connected advisories (Azure...

CVE-2025-22124

CVE-2025-22124 affects the Linux kernel md/md-bitmap logic used by clustermd. The root cause was an incorrect bitmap_limit calculation for per-node write-intent bitmaps, which could result in 0-size writes to the 4k SB area for a node and cause hangs during mdadm/clustermd tests. The remediation ...

CVE-2025-23151

CVE-2025-23151 concerns a race in the Linux kernel’s bus: mhi: host path. A client driver quiesces via mhi_unprepare_from_transfer() while data may still be processed, potentially causing a call to mhi_queue_buf() that triggers mhi_gen_tre(). If mhi_gen_tre() runs after the channel teardown, an i...

CVE-2025-37754

CVE-2025-37754 affects the Linux kernel i915 HuC path: HuC delayed loading fence was registered in the object tracker during probe but is not unregistered on early-probe errors. Because memory is allocated under devres and later released, the fence can be allocated and reused on subsequent probes...

CVE-2025-37780

CVE-2025-37780 — Linux kernel isofs slab-out-of-bounds . The vulnerability occurs in isofs_fh_to_parent when a too-small fid is used: 12 bytes allocated for file_handle->f_handle while accessing parent_block requires at least 16 bytes, causing a potentially dangerous read. The issue was observ...

CVE-2025-37836

CVE-2025-37836: Linux kernel vulnerability fixed in PCI: Fix reference leak in pci_register_host_bridge. Root cause: if device_register() fails, the code did not drop the reference, risking memory leak. The patch ensures put_device() is called to drop the reference when device_register() fails, p...

CVE-2010-2495

CVE-2010-2495 affects the Linux kernel’s L2TP implementation (pppol2tp.c). The vulnerability arises from improper validation of certain interface-related values in pppol2tp_xmit, enabling a NULL pointer dereference and an OOPs that can cause a denial of service via routing-change vectors. The iss...

CVE-2010-2524

CVE-2010-2524 affects the Linux kernel CIFS DNS upcall: when CONFIG_CIFS_DFS_UPCALL is enabled, DNS resolution relies on a user keyring via the dns_resolver upcall in the cifs.upcall userspace helper. This allows local privileged or nearby users to spoof DNS query results and mount arbitrary CIFS...

CVE-2010-2942

CVE-2010-2942 affects the Linux kernel prior to 2.6.36-rc2. The issue arises in the actions implementation of network queueing: several tcf_*_dump routines (tcf_gact_dump, tcf_mirred_dump, tcf_nat_dump, tcf_simp_dump, tcf_skbedit_dump) do not properly initialize certain structure members during d...

CVE-2010-3078

The CVE-2010-3078 issue affects the Linux kernel (xfs_ioc_fsgetxattr) where a structure member is not initialized, enabling local attackers to read potentially sensitive data from kernel stack memory via an ioctl. This vulnerability is documented in MiracleLinux AXSA-2010-500:18 and is fixed in 2...

CVE-2010-3848

CVE-2010-3848 is a Linux kernel vulnerability: a stack-based buffer overflow in econet_sendmsg (net/econet/af_econet.c) when Econet is configured, caused by handling a large number of iovec structures. This allows local privilege escalation. The flaw affects Linux kernels before 2.6.36.2 and is a...

CVE-2010-4157

CVE-2010-4157 involves an integer overflow in the Linux kernel’s GDTH SCSI driver (gdth_ioctl_alloc/ioc_general) on 64-bit platforms. A 32/64-bit mismatch when handling a large argument in an ioctl can cause memory corruption, enabling a local user to trigger a denial of service (and potentially ...