CVE-2024-26643

CVE-2024-26643 is a Linux kernel vulnerability in netfilter nf_tables where the asynchronous rhashtable garbage-collection can race with the release of anonymous sets that have timeouts, leading to a potential collection of elements during commit path teardown. The root cause is a race between se...

CVE-2023-52486

CVE-2023-52486 affects the Linux kernel DRM subsystem. The root cause is a logic error in drm_mode_page_flip_ioctl() where, after a deadlock is encountered, the framebuffer reference is unref’d and the operation retried without resetting the fb pointer to NULL. If another error occurs before the ...

CVE-2024-26938

CVE-2024-26938 is a Linux kernel vulnerability in the drm/i915/bios path. The issue occurs when int​el_bios_encoder_supports_dp_dual_mode() encounters a NULL devdata for a DP encoder (e.g., if there is no VBT or the VBT does not declare the encoder). The kernel previously could oops or mis-handle...

CVE-2024-26811

CVE-2024-26811 affects the Linux kernel ksmbd component. Root cause: ksmbd.mountd can return an invalid IPC response if malicious ksmbd-tools are installed, allowing memory overrun/slab-out-of-bounds due to missing validation of IPC payload size. The patch adds validation for three IPC responses ...

CVE-2023-52485

CVE-2023-52485 affects the Linux kernel; the issue stems from wake DMCUB before issuing DMUB commands in the AMD display path, which could deadlock if the DMCUB is not powered. The description indicates a fix to rework command submission to exit idle power optimizations and reenable them after su...

CVE-2024-35944

CVE-2024-35944: In the Linux kernel VMCI path, a run-time warning triggered by memcpy was observed when a field-spanning write occurred in vmci_datagram.c. The code copies a vmci_datagram dg into a local dg_info->msg with memcpy(&dg_info->msg, dg, dg_size), while dg_size = VMCI_DG_HEADERSIZ...

CVE-2024-26656

CVE-2024-26656 affects the Linux kernel AMDGPU DRM driver. A use-after-free in amdgpu_hmm_unregister called during amdgpu_gem_object_free after an amdgpu_gem_userptr_ioctl with invalid address/size can cause access to a bad address; kernel crash may occur. The issue has a published fix, and patch...

CVE-2023-52498

CVE-2023-52498 : Linux kernel sleep deadlock in system-wide PM code in low-memory conditions. root cause: system-wide resume core code could deadlock because async_schedule_dev() sometimes runs the argument synchronously and may contend for a mutex; this could cause ordering issues in resume call...

CVE-2024-26817

CVE-2024-26817 affects the Linux kernel amdkfd component. The vulnerability arises from using kzalloc with a multiplication that can overflow; the fix replaces kzalloc with calloc to avoid integer overflow. Descriptions in connected Nessus advisories (Unity Linux UTSA advisories) reiterate the sa...

CVE-2023-52587

CVE-2023-52587 (Linux kernel) affects IB/ipoib multicast locking. The issue arose when priv->lock was released while iterating priv->multicast_list in ipoib_mcast_join_task(), creating a window for ipoib_mcast_dev_flush() to remove items mid-iteration. If a mcast item is removed after the l...

CVE-2022-48828

CVE-2022-48828: Linux kernel NFSD ia_size underflow fix. ia_size is loff_t (signed 64-bit) while NFSv3/v4 file sizes are unsigned 64-bit, allowing a client to send values > S64_MAX. decode_fattr4() can dump a full u64 into ia_size, causing underflow when the value exceeds S64_MAX. The patch co...

CVE-2024-26957

CVE-2024-26957 relates to the Linux kernel’s s390/zcrypt subsystem, where reference counting on zcrypt card objects was fixed to prevent a use-after-free of the zcrypt_card during hot-plug/probe/remove cycles. The issue could allow freeing a zcrypt card object while it is still in use, as demonst...

CVE-2023-52583

The CVE-2023-52583 entry describes a Linux kernel issue in the ceph component where dget() usage could lead to a deadlock due to incorrect lock ordering between dentry and its parent. The dead code path was never used because the parent directory is always supplied by callers, so the fix removes ...

CVE-2024-26982

CVE-2024-26982 affects the Linux kernel Squashfs code. The vulnerability arises from an OOB read path in fill_meta_index() triggered by an inode number value of zero, which is treated as unused. After a faulty read aborts, an empty metadata index is invalidated with inode=0, and a subsequent read...

CVE-2024-26931

CVE-2024-26931 affects the Linux kernel driver for SCSI over Fibre Channel (scsi: qla2xxx). The issue arises when memory pressure prevents a command flush during cable pull recovery, causing the upper SCSI layer to modify scsi_cmnd improperly. When memory is freed and a subsequent cable pull trig...

CVE-2023-52476

CVE-2023-52476 refers to a Linux kernel vulnerability in the perf/x86/lbr path where a panic can occur if a vsyscall is made while LBR sampling is active. The issue arises when a vsyscall interrupt (NMI) leads to a decode path that dereferences next_byte pointing to the vsyscall address (e.g., ge...

CVE-2024-42096

CVE-2024-42096 is a Linux kernel vulnerability in the x86 profiling code (profile_pc) used for timer-based profiling. The issue stemmed from the function’s assumptions about stack layout when accounting time spent in spinlocks, which could misattribute time and trigger KASAN warnings. The advisor...

CVE-2023-52600

CVE-2023-52600 affects the Linux kernel JFS component. Root cause: a use-after-free in jfs_evict_inode where, if diMount(ipimap) fails, the released ipimap may be accessed in diFreeSpecial() as rcu_core() asynchronously frees it via jfs_free_node(). The fix ensures sbi->ipimap is not initializ...

CVE-2023-52603

CVE-2023-52603 : In Linux kernel, a UBSAN array-index-out-of-bounds was reported in JFS’s dtSplitRoot (dtree) when the value of fsi drops below -1, causing an out-of-bounds access previously guarded by a check that only handled -1. A patch was added to handle values less than 0, addressing the ro...

CVE-2023-52604

CVE-2023-52604 is a Linux kernel vulnerability affecting the JFS subsystem, specifically UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dmap.c (dbAdjTree). Public writeups note an out-of-bounds access (index 196694 in an s8[1365] buffer) encountered during Syzkaller fuzzing, leading to a kernel p...

CVE-2021-47002

CVE-2021-47002 references a SUNRPC NULL pointer dereference in the Linux kernel. Issue arises when alloc_pages_node() returns null and svc_rqst_free() dereferences a null rq_scratch_page during put_page(); the patch adds a null check in the failure path (svc_rqst_alloc()) to prevent dereferencing...

CVE-2024-26878

In CVE-2024-26878, the Linux kernel quota NULL pointer dereference is addressed: a race between dquot_free_inode (or related) and quota_off can dereference an inode quota pointer after it is nulled. The fix uses a temporary pointer to prevent the use-after-free: if inode quota pointers are access...

CVE-2023-52601

The CVE-2023-52601 entry refers to a Linux kernel flaw in the XFS-like JFS file system: a missing bound check in dbAdjTree when accessing dmt_stree can cause an array-index-out-of-bounds. The fix introduces a bool is_ctl to determine size, as described in the cited kernel commits. Affected/affect...

CVE-2023-52585

The CVE-2023-52585 vulnerability affects the Linux kernel AMDGPU driver (drm/amdgpu). A NULL dereference could occur in amdgpu_ras_query_error_status_helper() when handling error info and an invalid block id; the fix returns -EINVAL for invalid block ids and prevents the NULL dereference. Affecte...

CVE-2023-52620

CVE-2023-52620 (Linux kernel) affects the nf_tables component of the Linux kernel, where the vulnerability arises from allowing a timeout parameter on anonymous sets and disallowing such parameters from userspace. The CVSS vector provided in the initial document indicates a Local, Low-severity im...

CVE-2024-26958

CVE-2024-26958 is a Linux kernel vulnerability in the NFS direct write path that could cause use-after-free (refcount underflow) when completing nfs_direct_request twice in a row. A patch fixes the double-completion scenario; the CVSS 3.1 base score is 7.8 (High) with Local attack and High impact...

CVE-2024-35933

CVE-2024-35933 affects the Linux kernel Bluetooth btintel path. The root cause is a NULL pointer dereference in btintel_read_version when hci_cmd_sync_complete() is triggered and skb is NULL, leading to hdev->req_skb being NULL. The issue can enable local exploitation scenarios as described in...

CVE-2024-26962

CVE-2024-26962 — Linux kernel (dm-raid/raid456 deadlock during reshape) Root cause: when a RAID-456 reshape is in progress, IO across the reshape position may wait for reshape progress. In the dm-raid path, certain states (read-only array, MD_RECOVERY_WAIT, MD_RECOVERY_FROZEN) caused reshape to f...

CVE-2024-26996

Summary: CVE-2024-26996 relates to a use-after-free in the Linux kernel USB gadget NCM implementation. When the NCM function is active and the usb0 interface is brought down, an error in usb_ep_enable() may cause in_ep/out_ep to remain disabled. During ncm_disable(), gether_disconnect() is not ca...

CVE-2017-8890

CVE-2017-8890 is a Linux kernel vulnerability affecting the IPv4 networking stack. The issue is a double free in inet_csk_clone_lock() in net/ipv4/inet_connection_sock.c, which can be triggered via the accept() system call and leads to a denial of service (kernel memory corruption/crash). The Cen...

CVE-2024-53241

CVE-2024-53241 affects the Linux kernel when running with Xen PV guests. The root cause is an unsafe PV iret hypercall path via the Xen hypercall page. The fix replaces the hypercall-page jump with an inlined sequence in xen-asm.S to stop using the hypercall page, preparing for its removal due to...

CVE-2024-56570

CVE-2024-56570 – Linux kernel ovl (overlayfs) : The vulnerability arises in the ovl module where directory inodes that lack the lookup function could be processed, potentially triggering errors in overlayfs when passed to the lowerstack. The fix adds a check in ovl_dentry_weird() to filter/skip i...

CVE-2024-53164

CVE-2024-53164 affects the Linux kernel net_sched subsystem. The root cause was an incorrect ordering of qlen updates (sch->q.qlen) around qdisc_tree_reduce_backlog(), which could fail to notify parent qdiscs when a child becomes empty. The fix ensures the qlen adjustment happens before the ca...

CVE-2024-53183

CVE-2024-53183 concerns a Linux kernel vulnerability: in uml/net handling, the code previously used drvdata during device release, but drvdata may not exist at release time. The fix is to retrieve the uml_net instance with container_of() instead of drvdata, preventing a crash when removing a netw...

CVE-2024-57893

CVE-2024-57893 : Linux kernel ALSA: seq: oss — race in SysEx message processing can cause out-of-bounds access. Connected docs confirm the issue and state a mutex-based serialization fix was introduced to protect SysEx packets in the OSS sequencer, effectively addressing the race between 6-byte S...

CVE-2024-56616

CVE-2024-56616 (Linux kernel) affects drm_dp_mst sideband handling. The MST sideband message body length check was fixed to require at least 1 byte (accounting for the message CRC). Without this, a header with a valid header CRC but body length 0 could trigger memory corruption in drm_dp_sideband...

CVE-2024-57948

Summary (CVE-2024-57948) : In the Linux kernel, the mac802154 subsystem had a vulnerability where, during removal of an IEEE 802.15.4 network interface, a list-del operation could run on a stale sdata entry if local interfaces had not been validated first. This could allow a corrupted list path t...

CVE-2024-56597

CVE-2024-56597 is a confirmed Linux kernel vulnerability affecting the JFS filesystem logic. The issue is a shift-out-of-bounds in jfs/dbSplit, triggered when dmt_budmin is less than zero, leading to errors in later stages. The fix adds a pre-check in dbAllocCtl to return an error earlier, preven...

CVE-2024-56590

CVE-2024-56590 is a Linux kernel vulnerability in Bluetooth hci_core: the patch fixes not checking skb length on hci_acldata_packet, which could cause access to uninitialized/invalid memory past skb->data. This is a local attack vector with low privileges and no user interaction, with a HIGH i...

CVE-2024-53195

CVE-2024-53195 : In the Linux kernel (arm64 KVM), a flawed use of userspace_irqchip_in_use can trigger a WARN_ON in kvm_timer_update_irq() during VM/vCPU interactions when a PMU (KVM_ARM_VCPU_PMU_V3) is requested but not fully initialized. The described scenario: a VM is created, vCPU initialized...

CVE-2024-53181

CVE-2024-53181 refers to a Linux kernel vulnerability where vector_device_release could crash due to using drvdata after release. The fix removes drvdata access in release and uses container_of() to obtain the vector_device instance, preventing a crash and kernel panic from a segfault. The issue ...

CVE-2024-57849

The CVE-2024-57849 issue is in the Linux kernel s390 CPUMF sampling path. When a CPU is hotplugged out while a performance event is still active on that CPU, the hotplug/removal sequence can cause SDBs (sampling data buffers) to be freed while still in use, creating a potential use-after-free con...

CVE-2024-53184

CVE-2024-53184 affects the Linux kernel ubd subsystem, where release-time drvdata access could cause crashes during device removal. The fix replaces drvdata usage with container_of() to locate the ubd instance, preventing a NULL-deref crash when removing a ubd device. The advisories (Unity Linux ...

CVE-2024-57838

CVE-2024-57838 affects the Linux kernel on s390 where stack-depot filtering cannot de-duplicate stacks because the .irqentry.text section is empty. The root cause is that IO/EXT interrupt handlers were not correctly placed into the .irqentry.text region on s390, hindering stack trace filtering fo...

CVE-2024-57898

Technical details for CVE-2024-57898 are not provided in the supplied documents. Public information about affected products, impact, or fixes is unavailable here; monitor vendor advisories for updates.

CVE-2023-52602

CVE-2023-52602: In the Linux kernel, the JFS slab-out-of-bounds Read vulnerability occurs while searching the current page in the sorted entry table during dtSearch, leading to an out-of-bounds access. The issue was fixed by adding a bound check. The advisory notes that the return code was set to...

CVE-2023-52436

CVE-2023-52436 affects the Linux kernel in the f2fs file system. The issue arises when setting an extended attribute (xattr) because the xattr list was not guaranteed to be zeroed in unused space; the fix explicitly terminates the xattr list to avoid relying on zeroed unused space. The descriptio...

CVE-2024-57899

CVE-2024-57899 affects the Linux kernel’s wifi/mac80211 code. On 32‑bit systems, the code uses or_each_set_bit(bit, &bits, sizeof(changed) * BITS_PER_BYTE) where an 8‑byte u64 is accessed as a 4‑byte unsigned long, causing incorrect bit searches and potential flag corruption in MBSS changes. The ...

CVE-2024-26601

CVE-2024-26601 : Technical details are not publicly available in the provided connected documents. Initial description contains basic context but no affected products/versions, root cause, impact, or fix specifics. Monitor for updates from official advisories.

CVE-2023-52458

CVE-2023-52458 affects the Linux kernel block subsystem where partition length must be aligned to the disk’s logical block size. The issue arises before adding or resizing partitions when length isn’t checked for LBS alignment; if LBS > 512 bytes, the partition size may not be a multiple of LB...