13804 matches found
CVE-2024-36934
CVE-2024-36934 concerns a Linux kernel vulnerability where a kernel buffer allocated for a userspace copy of nbytes could lack a terminating NUL, causing an out-of-bounds read when sscanf is used on the buffer. The root cause is failing to ensure the copied buffer is NUL-terminated. The fix repla...
CVE-2024-37078
CVE-2024-37078 - Linux kernel nilfs2 writeback fix Affected component: the Linux kernel filesystem nilfs2.Root cause: during log writer writebacks for segment summaries or super root blocks, the code did not wait for ongoing folio/page writebacks on the backing device’s page cache, creating an in...
CVE-2024-38578
The CVE-2024-38578 issue is a Linux kernel vulnerability in ecryptfs: the buffer for the TAG 66 packet was 3 bytes too small, causing a potential write past the end (KASAN slab-out-of-bounds). The fix increases the allocation size to ensure the entire packet fits, addressing the bug described in ...
CVE-2024-40937
CVE-2024-40937 refers to a Linux kernel vulnerability in the gve driver where napi->skb was not cleared before freeing the skb with dev_kfree_skb_any(), potentially leaving a dangling napi pointer returned by napi_get_frags. The fix clears napi->skb before the skb is freed. Connected docume...
CVE-2024-41031
CVE-2024-41031 (Linux kernel) affects ARM64 builds where HPAGE_PMD_ORDER is 13 for 64KB base pages. The vulnerability arises in mm/filemap when the PMD-sized page cache cannot be supported by xarray, triggering kernel warnings and a broken path during page cache handling. The impact is described ...
CVE-2024-42105
CVE-2024-42105 – nilfs2 inode range/UAF fixes in Linux kernel : The referenced security issue is mitigated by a patch series for nilfs2 that fixes a use-after-free and several inode-number range problems. Specifically, nilfs->ns_first_ino (the first non-reserved inode) was read from the superb...
CVE-2024-42110
CVE-2024-42110 affects Linux kernel ntb_netdev when using idxd as the data mover for ntb_transport. The interrupt completion handler uses a threaded interrupt and calls __netif_rx(), which is only valid in interrupt context, causing instability. The recommended fix is to call netif_rx() (or netif...
CVE-2024-45003
CVE-2024-45003 concerns a Linux kernel vulnerability where inode eviction can deadlock during inode LRU traversal. The issue arises in the inode reclaim path (prune_icache_sb) when reclaiming inodes marks i_freeing and other processes attempt to iget under the same LRU context, risking deadlocks ...
CVE-2024-45008
CVE-2024-45008 affects the Linux kernel input subsystem. The vulnerability arises when input_mt_init_slots() allocates slots based on user-supplied num_slots via UI_DEV_CREATE, risking oversized allocations. A patch caps the maximum slots at 1024, mitigating memory exhaustion. Connected advisorie...
CVE-2024-46678
CVE-2024-46678 affects the Linux kernel bonding subsystem. The root cause was ipsec_lock being a spin lock used to protect ipsec_list, but bond’s xfrm operations may sleep, triggering scheduling-while-atomic. The patch changes bond->ipsec_lock from a spin lock to a mutex, ensuring xdo_dev_stat...
CVE-2024-46691
CVE-2024-46691 affects the Linux kernel USB Type-C UCSI path. The unregister path (ucsi_unregister) moved to be called from atomic context due to a PMIC_GLINK/IRq-callback spinlock change, making sleepable code paths (unregister) unsafe. This creates a potential flaw where unregistration can occu...
CVE-2024-46896
The CVE-2024-46896 vulnerability is in the Linux kernel DRM/AMDGPU path. It stems from a memset in drm_sched_job_init() that overwrites the initialized base.sched field in amdgpu_job_alloc, causing a CS validation path to be rejected with a bogus ring and potentially a crash. The fix passes NULL ...
CVE-2024-47711
Technical details about CVE-2024-47711 (affected products, impact, and fixes) are not provided in the supplied documents. Monitor official advisories and vendor patches for updates.
CVE-2024-48875
In the Linux kernel, CVE-2024-48875 is described as a fix for a btrfs issue: don’t take the dev_replace rwsem if the task already holds it. The root cause is a possible deadlock when btrfs_dev_replace flow takes the same rwsem twice during operations like btrfs_map_block, as demonstrated by a loc...
CVE-2024-49857
CVE-2024-49857 (Linux kernel) involves the wifi iwlwifi mvm path where the cipher pointer is not initialized before it is dereferenced during secured NDP ranging. The underlying bug is a NULL pointer dereference caused by dereferencing an uninitialized cipher pointer. The fixed description states...
CVE-2024-49961
CVE-2024-49961 is a Linux kernel issue affecting GPIO handling via an I2C port expander (ar0521). The fix updates ar0521_power_on/power_off to use the cansleep variant of gpiod_set_value(), correcting a mismatch where GPIO resets using I2C expander were not cansleep-enabled. The CVE context in th...
CVE-2024-50065
Technical details for CVE-2024-50065 are not provided in the connected documents. Monitor for updates.
CVE-2024-50098
The CVE-2024-50098 issue affects the Linux kernel SCSI UFS core. The root cause was a deadlock during reboot at boot start: SDEV_QUIESCE was set for all logical units, causing an audio-driver thread to wait on blk_mq_submit_bio(), which held a mutex. The fix changes behavior by marking all LUs of...
CVE-2024-50274
CVE-2024-50274 affects the Linux kernel IDPF driver. The issue occurred when the device control plane is removed or the platform reboots; on driver reset, resources are freed and the code path could access a released vport pointer while monitoring tools query link settings. The fix moves link_spe...
CVE-2024-53116
CVE-2024-53116 concerns the Linux kernel panic/warning scenario in the Panthor DRM/GPU VM path. The description documents a bug in partial GPU mapping of buffer objects (BOs) where Panthor failed to correctly handle mappings that span multiple scatterlists and where the mapping offset did not sta...
CVE-2024-53188
Technical details beyond the initial description are not provided in the connected documents. No vendor/product/version data here; monitor for updates for concrete impact, affected products, and fixes.
CVE-2024-56588
CVE-2024-56588 (Linux kernel) affects the hisi_sas driver. The issue arises when dump files are created on the fly during debugfs dump, which leads to a NULL pointer dereference and kernel hang if the driver is unbound while dumping. The root cause is allocating memory and creating debugfs entrie...
CVE-2024-56620
In CVE-2024-56620, the Linux kernel fix targets the SCSI: ufs: qcom path. The bug occurs when platform MSI resources are freed even if ESI is not enabled, leading to a NULL pointer dereference (Unable to handle kernel NULL pointer dereference at 0x8) during device removal. The impact is a local f...
CVE-2024-56622
Summary: CVE-2024-56622 is a Linux kernel vulnerability in the SCSI UFS core sysfs path that can trigger a division by zero when monitoring is disabled. The issue is tracked across multiple vendors/distros with fixed releases: Debian LTS advisory DLA-4076-1 notes a fix in linux-6.1-6.1.6.1.128-1~...
CVE-2024-56665
CVE-2024-56665 refers to a Linux kernel issue in the bpf/perf subsystem. The crash arises when a tracepoint perf event uses a BPF program with attr.inherit=1, and the event is inherited by a child after fork, causing the child to share the parent’s tp_event->prog_array. On teardown, the first ...
CVE-2024-56772
The CVE-2024-56772 entry describes a use-after-free in Linux kernel kunit: in kunit_debugfs_create_suite(), if alloc_string_stream() fails during kunit_suite_for_each_test_case(), suite->log has already been assigned and the error path frees the stream but does not NULL the pointer. This leads...
CVE-2024-57806
CVE-2024-57806 relates to a Linux kernel btrfs quota (SIMPLE_QUOTA) atomicity bug. The fix ensures the BTRFS_FEATURE_INCOMPAT_SIMPLE_QUOTA flag is set immediately after enabling SIMPLE_MODE, so both the quota status flag and the incompat flag are flushed in the same transaction. Without this, a s...
CVE-2024-57982
CVE-2024-57982 — Linux kernel xfrm state lookup : A race between lookup and hash table resizing could observe an hmask value too large for the new hashtable, enabling an out-of-bounds read in xfrm_state_lookup_byaddr() during lookup. The fix prefetches net->xfrm.state_hmask and associated poin...
CVE-2024-57999
CVE-2024-57999 affects the PowerPC/pseries IOMMU in the Linux kernel where MMIO ranges for Dynamic DMA Window are not correctly marked, allowing DMA buffers to be mapped in 64‑bit DDW ranges and potentially causing OOPS during boot. Root causes identified include: 1) using int for an address (uns...
CVE-2024-58079
CVE-2024-58079 : In the Linux kernel, a bug in media: uvcvideo could crash on unbind if a GPIO unit is in use. The root cause was using the wrong device for device-managed cleanup (usb device instead of the interface device), which could leave IRQs enabled and lead to an access to freed memory on...
CVE-2025-21995
The CVE-2025-21995 entry documents a Linux kernel vulnerability in drm/sched related to a fence reference count leak. The root cause is a leak of the last_scheduled fence when an entity is killed and adding a cleanup callback fails; the fix decrements the prev fence reference count when dma_fence...
CVE-2025-22036
CVE-2025-22036: In the Linux kernel exfat code, get_block can corrupt a stack when a buffer_head is allocated on the stack during racing reads (e.g., do_mpage_readpage). The fix ensures -EAGAIN is returned if a folio has no buffers when bh_read is invoked, so the caller can fallback to block_read...
CVE-2025-22044
CVE-2025-22044 relates to a Linux kernel vulnerability in the ACPI NFIT handling (acpi_nfit_ctl). The issue arises from a narrowing conversion of a user-supplied 64‑bit value (call_pkg->nd_family) to int after a zero-check, which could allow an invalid argument to pass when the lower 32 bits a...
CVE-2025-22081
CVE-2025-22081 is addressed in the Linux kernel: the NTFS3 code fixed integer overflow issues on 32-bit systems caused by an off + sizeof(struct NTFS_DE) addition. The fix replaces that addition with size_add(), mitigating a local-privilege style risk on 32-bit builds. Connected advisories (Azure...
CVE-2025-22124
CVE-2025-22124 affects the Linux kernel md/md-bitmap logic used by clustermd. The root cause was an incorrect bitmap_limit calculation for per-node write-intent bitmaps, which could result in 0-size writes to the 4k SB area for a node and cause hangs during mdadm/clustermd tests. The remediation ...
CVE-2025-23151
CVE-2025-23151 concerns a race in the Linux kernel’s bus: mhi: host path. A client driver quiesces via mhi_unprepare_from_transfer() while data may still be processed, potentially causing a call to mhi_queue_buf() that triggers mhi_gen_tre(). If mhi_gen_tre() runs after the channel teardown, an i...
CVE-2025-37754
CVE-2025-37754 affects the Linux kernel i915 HuC path: HuC delayed loading fence was registered in the object tracker during probe but is not unregistered on early-probe errors. Because memory is allocated under devres and later released, the fence can be allocated and reused on subsequent probes...
CVE-2025-37780
CVE-2025-37780 — Linux kernel isofs slab-out-of-bounds . The vulnerability occurs in isofs_fh_to_parent when a too-small fid is used: 12 bytes allocated for file_handle->f_handle while accessing parent_block requires at least 16 bytes, causing a potentially dangerous read. The issue was observ...
CVE-2025-37836
CVE-2025-37836: Linux kernel vulnerability fixed in PCI: Fix reference leak in pci_register_host_bridge. Root cause: if device_register() fails, the code did not drop the reference, risking memory leak. The patch ensures put_device() is called to drop the reference when device_register() fails, p...
CVE-2010-2495
CVE-2010-2495 affects the Linux kernel’s L2TP implementation (pppol2tp.c). The vulnerability arises from improper validation of certain interface-related values in pppol2tp_xmit, enabling a NULL pointer dereference and an OOPs that can cause a denial of service via routing-change vectors. The iss...
CVE-2010-2524
CVE-2010-2524 affects the Linux kernel CIFS DNS upcall: when CONFIG_CIFS_DFS_UPCALL is enabled, DNS resolution relies on a user keyring via the dns_resolver upcall in the cifs.upcall userspace helper. This allows local privileged or nearby users to spoof DNS query results and mount arbitrary CIFS...
CVE-2010-2942
CVE-2010-2942 affects the Linux kernel prior to 2.6.36-rc2. The issue arises in the actions implementation of network queueing: several tcf_*_dump routines (tcf_gact_dump, tcf_mirred_dump, tcf_nat_dump, tcf_simp_dump, tcf_skbedit_dump) do not properly initialize certain structure members during d...
CVE-2010-3078
The CVE-2010-3078 issue affects the Linux kernel (xfs_ioc_fsgetxattr) where a structure member is not initialized, enabling local attackers to read potentially sensitive data from kernel stack memory via an ioctl. This vulnerability is documented in MiracleLinux AXSA-2010-500:18 and is fixed in 2...
CVE-2010-3848
CVE-2010-3848 is a Linux kernel vulnerability: a stack-based buffer overflow in econet_sendmsg (net/econet/af_econet.c) when Econet is configured, caused by handling a large number of iovec structures. This allows local privilege escalation. The flaw affects Linux kernels before 2.6.36.2 and is a...
CVE-2010-4157
CVE-2010-4157 involves an integer overflow in the Linux kernel’s GDTH SCSI driver (gdth_ioctl_alloc/ioc_general) on 64-bit platforms. A 32/64-bit mismatch when handling a large argument in an ioctl can cause memory corruption, enabling a local user to trigger a denial of service (and potentially ...
CVE-2013-6382
CVE-2013-6382 refers to multiple buffer underflows in the Linux kernel’s XFS implementation up to version 3.12.1, allowing local, CAP_SYS_ADMIN–bearing users to trigger memory corruption or potential other impacts via the XFS_IOC_ATTRLIST_BY_HANDLE or XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctls with cra...
CVE-2014-1446
CVE-2014-1446 affects the Linux kernel up to version 3.12.7, where the yam_ioctl handler in drivers/net/hamradio/yam.c fails to initialize a structure member. This can allow a local attacker with CAP_NET_ADMIN to leak kernel memory via an SIOCYAMGCFG ioctl, enabling information disclosure. The ex...
CVE-2014-8369
The CVE-2014-8369 flaw affects the Linux kernel and is caused by a miscalculation in kvm_iommu_map_pages (virt/kvm/iommu.c) when handling a mapping failure. The vulnerability exists in kernels up to 3.17.2 and arises from an incorrect fix for CVE-2014-3601. This allows guest OS users with privile...
CVE-2014-9731
The CVE-2014-9731 entry concerns the Linux kernel’s UDF filesystem (CONFIG_UDF_FS) for versions before 3.18.2. The vulnerability arises because the UDF symlink path length validation may not accommodate space for storing a symlink target’s name plus a trailing NUL, enabling a local attacker to ob...
CVE-2017-16528
CVE-2017-16528 affects the Linux kernel: sound/core/seq_device.c prior to version 4.13.4. A crafted USB device can trigger a use-after-free in snd_rawmidi_dev_seq_free , causing local DoS and potential system crash. Impact is described as high for confidentiality, integrity, and availability in t...