2330 matches found
CVE-2024-35930
CVE-2024-35930 concerns the Linux kernel SCSI lpfc driver. It fixes a memory leak in lpfc_rcv_padisc() where a failed return from lpfc_sli4_resume_rpi() could leave an elsiocb unreleased and its resources leaked. The remediation is to check the return value of lpfc_sli4_resume_rpi() and, on failu...
CVE-2024-35995
CVE-2024-35995 describes a Linux kernel issue where the ACPI CPPC code misread system memory by relying on bit_width, risking incorrect memory access. The fix switches to using access_width for size calculation and reads/writes using an offset and width, with a fallback to bit_width if access_wid...
CVE-2023-4134
The CVE-2023-4134 issue affects the Linux kernel cyttsp4_core driver. A use-after-free occurs in the device cleanup routine due to a possible rearming of the watchdog_timer from the workqueue, enabling a local attacker to crash the system and cause a denial of service. The provided documents cons...
CVE-2023-52597
CVE-2023-52597 affects the Linux kernel KVM for s390. The vulnerability arises in kvm_arch_vcpu_ioctl_set_fpu(), which can set the FLOATING-POINT CONTROL (FPC) register of a guest and, due to a test of validity, may corrupt the host process’s fpc if an interrupt occurs during the test. The patch ...
CVE-2024-42078
The CVE-2024-42078 issue affects the Linux kernel’s NFS server (nfsd) where nfsd_info.mutex could be dereferenced after a new network namespace is created, potentially causing an oops. The fix, as described in the connected advisories, is to initialize nfsd_info.mutex earlier, before it can be de...
CVE-2019-20806
CVE-2019-20806 affects the Linux kernel up to version 5.1 (i.e., before 5.2). The issue is a NULL pointer dereference in tw5864_handle_frame() (drivers/media/pci/tw5864/tw5864-video.c) that can lead to denial of service. The connected Nessus advisories reiterate the same root cause and state affe...
CVE-2024-39471
CVE-2024-39471 is addressed in the Unity Linux advisory UTSA-2025-990372. The issue arises from the Linux kernel AMDGPU driver: when sdma_v4_0_irq_id_to_seq returns -EINVAL, an out-of-bounds read may occur. The patch adds an explicit error path to stop processing and return -EINVAL to prevent the...
CVE-2024-42265
CVE-2024-42265 pertains to the Linux kernel and was resolved by protecting the fetch of ->fd[fd] in do_dup2() from mispredictions. The issue arose when a mispredicted path could cause tofree = fdt->fd[fd] to be speculatively executed, which is incorrect for bounds reasons. The documented fi...
CVE-2024-53194
CVE-2024-53194 is a Linux kernel use-after-free vulnerability in PCI hot‑remove handling. A pci_slot may reference the underlying pci_bus after the bus has been destroyed if pciehp is unbound in the wrong order, causing a use-after-free when slot->bus is accessed. The root cause is missing a r...
CVE-2024-56602
CVE-2024-56602 is confirmed by connected advisories as a Linux kernel issue in net: ieee802154: do not leave a dangling sk pointer in ieee802154_create(), where sock_init_data() attaches a sk to sock and on error the sk remains dangling, allowing use-after-free. The Astra Linux bulletin lists aff...
CVE-2024-35946
CVE-2024-35946 affects the Linux kernel’s wifi rt89 (rtw89) driver, where a null pointer dereference could occur during abort/cancel of a scan because the code might reference a vif that wasn’t scanning. The public description and connected advisories confirm the issue and cite resolving it by en...
CVE-2015-5364
The CVE-2015-5364 issue affects the Linux kernel prior to 4.0.6, where udp_recvmsg/udpv6_recvmsg fail to handle processor yielding correctly, enabling remote attackers to trigger a denial of service (system hang) via UDP packet flood with incorrect checksums. Related CVE-2015-5366 also concerns U...
CVE-2024-53103
CVE-2024-53103 refers to a Linux kernel vulnerability in hv_sock where, on release of an hvs, vsk->trans could be left uninitialized, creating a dangling pointer. The issue is resolved by explicitly initializing vsk->trans to NULL to prevent use-after-free scenarios. Connected advisories (A...
CVE-2024-53146
Technical details about CVE-2024-53146 are not provided in the connected documents. The initial description lacks concrete product/version/remediation details. Monitor for updates.
CVE-2010-4258
The CVE-2010-4258 issue affects the Linux kernel versions prior to 2.6.36.2. The do_exit function in kernel/exit.c mishandles a KERNEL_DS get_fs value, bypassing access_ok checks and enabling local privilege escalation by overwriting arbitrary kernel memory. Exploitation vectors include use of th...
CVE-2016-4565
CVE-2016-4565 affects the Linux kernel InfiniBand (IB) stack prior to 4.5.3, where certain IB interfaces improperly rely on write() semantics via a uAPI interface. This could allow a local unprivileged user to cause a denial of service (kernel memory write) and potentially other impact/escalation...
CVE-2024-26846
CVE-2024-26846 affects the Linux kernel’s nvme-fc unloading path. A race between nvme_delete_ctrl and ida_destroy could double-free IDs, causing module unload hangs. The fix adds synchronization to ensure nvme_delete_ctrl code runs before leaving nvme_fc_exit_module and flushes the nvme_delete_wq...
CVE-2015-8543
CVE-2015-8543 affects the Linux kernel networking stack (up to version 4.3.3 as used in Android and others). The issue: the networking implementation does not validate protocol identifiers for certain protocol families, enabling local users to cause a NULL pointer dereference and system crash, wi...
CVE-2023-52598
CVE-2023-52598 concerns the Linux kernel (s390/ptrace) where an incorrect handling of the fpc register during ptrace can corrupt fp/vx state of the tracing process. The root cause is that when a traced process’s fpc value is validated, it is temporarily loaded into the fpc register, and the trace...
CVE-2024-42301
CVE-2024-42301 affects the Linux kernel’s dev/parport component, where an array out-of-bounds risk was introduced. The vulnerability was addressed by replacing unsafe data copying (sprintf) with snprintf to prevent buffer overflow. The initial report includes a kernel stack and Do_Hardware_Base_A...
CVE-2022-48703
CVE-2022-48703 affects the Linux kernel’s thermal/int340x_thermal code path. A GDDV package can return a zero-length buffer, causing kmemdup() to yield ZERO_SIZE_PTR and data_vault_read() to dereference NULL. The patch fixes this by introducing checks that treat ZERO_SIZE_PTR and NULL as invalid,...
CVE-2023-2007
CVE-2023-2007 affects the DPT I2O Controller driver in the Linux kernel. The issue arises from missing locking during object operations, enabling a local attacker to escalate privileges and execute arbitrary code in kernel context. Public references in Unity Linux (UTSA-2026-004778) and multiple ...
CVE-2023-28327
CVE-2023-28327 : A NULL pointer dereference in the Linux kernel’s UNIX protocol (net/unix/diag.c, function unix_diag_get_exact) occurs when the newly allocated skb is created without an associated sk, leaving a NULL sk pointer. This can allow a local attacker to crash the kernel or cause a denial...
CVE-2024-26906
CVE-2024-26906 : In the Linux kernel, x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault(). A bpf program reading the vsyscall page with bpf_probe_read_kernel() can trigger copy_from_kernel_nofault(), which calls __get_user_asm() and may fault because the vsyscall page is not readab...
CVE-2024-36288
CVE-2024-36288 affects the Linux kernel SUNRPC code. The issue is a loop termination condition in gss_free_in_token_pages, where the in_token->pages[] array is not NULL terminated, causing a KASAN memory access warning. Impact is described as memory access issues with potentially exploitable b...
CVE-2024-41014
The CVE CVE-2024-41014 affects the Linux kernel (xfs) and is caused by insufficient bounds checking in xlog_recover_process_data, specifically verifying the space for fixed members of xlog_op_header. A crafted XFS image can trigger an out-of-bounds read by altering the xlog_op_header and xlog_rec...
CVE-2024-43899
CVE-2024-43899 affects the Linux kernel’s DRM AMD display path. The vulnerability is a NULL pointer dereference in dcn20_resource.c that can cause a hang when MPV runs on a DCN401 dGPU, specifically during fullscreen playback after enabling fullscreen (double click). Affected component/function c...
CVE-2014-9940
CVE-2014-9940 affects the Linux kernel regulator_ena_gpio_free function in drivers/regulator/core.c, with exploitation possible through local access to gain privileges or cause a denial of service via a use-after-free. Affected condition is kernel versions before 3.19. Impact per sources is high ...
CVE-2023-22998
CVE-2023-22998 affects the Linux kernel prior to 6.0.3. The vulnerability stems from drivers/gpu/drm/virtio/virtgpu_object.c misinterpreting the drm_gem_shmem_get_sg_table return value (treating an error pointer as NULL). This can allow a remote authenticated attacker on the local network to caus...
CVE-2023-3358
CVE-2023-3358 describes a NULL pointer dereference in the Linux kernel ISH (Integrated Sensor Hub) driver. The impact stated is that a local user could crash the system. The connected Nessus/NASL entries corroborate the same issue across multiple advisories and lists, but the provided documents d...
CVE-2024-26686
CVE-2024-26686 refers to a Linux kernel issue where lock_task_sighand could trigger a hard lockup if NR_CPUS threads execute do_task_stat concurrently while a process has NR_THREADS. The fix changes do_task_stat() to gather thread/child statistics using sig->stats_lock outside the sighand lock...
CVE-2024-53174
CVE-2024-53174 concerns a Linux kernel SUNRPC use-after-free in the cache path: c_show could dereference a freed cache entry due to RC ul protection when reading via cache_show. The fix uses cache_get_rcu to ensure the cache entry (cp) remains active while accessed, preventing a refcount UAF. Aff...
CVE-2023-35824
CVE-2023-35824 is a Linux kernel use-after-free in the dm1105_remove path (drivers/media/pci/dm1105/dm1105.c), fixed by Linux kernel 6.3.2 (ChangeLog-6.3.2). The Astra Linux bulletin and related sources confirm the same issue affecting kernel before 6.3.2 and cite the same function/file, indicati...
CVE-2024-42082
CVE-2024-42082 is a Linux kernel vulnerability where a syzkaller-triggered WARN was introduced in __xdp_reg_mem_model() when __mem_id_init_hash_table() failed. The issue arose only from memory allocation failure; a static const rhashtable_params prevented rhashtable_init() misconfiguration. The w...
CVE-2024-50143
CVE-2024-50143 affects the Linux kernel; the udf subsystem introduced an uninitialized-value use in udf_get_fileshortad, mitigated by a fix that also checks for overflow when computing alen in udf_current_aext to address a KMSAN bug. The patch prevents triggering issues after application, and pub...
CVE-2018-25020
Summary of CVE-2018-25020 (Linux kernel BPF): The vulnerability is in the BPF subsystem where a long jump over an instruction sequence can cause an overflow. It specifically affects the kernel's BPF implementations in files kernel/bpf/core.c and net/core/filter.c, for Linux kernels prior to 4.17....
CVE-2021-3923
CVE-2021-3923 describes a local information-leak in the Linux kernel RDMA over InfiniBand path. A privileged local attacker can leak kernel stack data when issuing commands to /dev/infiniband/rdma_cm, with the impact noting potential to defeat kernel protections. Remediation/fixes are not detaile...
CVE-2024-35864
In CVE-2024-35864, the Linux kernel SMB client (smb2) had a potential use-after-free in smb2_is_valid_lease_break(); fixes skip sessions that are tearing down (status SES_EXITING) to avoid UAF. The issue is local and could be triggered by SMB lease-break handling; the CVSS vector indicates high i...
CVE-2024-40997
CVE-2024-40997 involves a Linux kernel vulnerability where a memory leak in the amd-pstate cpufreq path was fixed. The issue was that kzalloc() allocated cpudata during amd_pstate_epp_cpu_init() but could not be freed in the corresponding exit path, leading to a leak on CPU EPP exit. The primary ...
CVE-2017-18360
CVE-2017-18360 affects the Linux kernel: in drivers/usb/serial/io_ti.c, change_port_settings before version 4.11.3 allows a local attacker to trigger a division-by-zero in the serial device layer when attempting to set very high baud rates, causing a denial of service. Public references (NVD entr...
CVE-2023-51780
CVE-2023-51780: Linux kernel before 6.6.8 contains a use-after-free in do_vcc_ioctl (net/atm/ioctl.c) caused by a vcc_recvmsg race, enabling local exploitation. Affected: Linux kernel versions prior to 6.6.8. Root cause: race between vcc_recvmsg and do_vcc_ioctl leading to use-after-free. Impact:...
CVE-2023-52752
CVE-2023-52752 (Linux kernel) is backed by concrete fix details in connected docs: a use-after-free in the SMB/CIFS client code path (cifs_debug_data_proc_show) when reading /proc/fs/cifs/DebugData during mount/umount. The fix adds a check to skip SMB sessions that are tearing down (ses_status ==...
CVE-2024-26907
CVE-2024-26907 affects the Linux kernel in the RDMA mlx5 stack. The vulnerability arises from a fortify source warning caused by a field-spanning write to eseg->inline_hdr.start in wr.c (memcpy path) during mlx5_ib_post_send, potentially enabling a local issue if exploited. Affected components...
CVE-2024-39474
CVE-2024-39474 involves a Linux kernel vmalloc regression where __GFP_NOFAIL allocations may return NULL, due to a race with OOM-killer flow and GFP_KERNEL handling. The fix updates vm_area_alloc_pages() to not check fatal_signal_pending() when __GFP_NOFAIL is set, preventing a NULL vmalloc() ret...
CVE-2019-19047
CVE-2019-19047 is a memory-leak & potential DoS in the Linux kernel's mlx5_fw_fatal_reporter_dump() (drivers/net/ethernet/mellanox/mlx5/core/health.c) triggered by mlx5_crdump_collect() failures. Affected: Linux kernel versions before 5.3.11. Impact is memory consumption leading to DoS; exploitat...
CVE-2022-48695
CVE-2022-48695 is a Linux kernel vulnerability in the scsi: mpt3sas driver that results in a use-after-free (refcount_t underflow) observed during controller reset. The issue is fixed in the kernel by the referenced commits listed in the connected sources. The vulnerability is described as a loca...
CVE-2024-35925
The CVE-2024-35925 issue concerns the Linux kernel blk_rq_stat_sum() path. The root cause is a potential division by zero when computing stats, caused by the expression dst->nr_samples + src->nr_samples reaching zero due to overflow. Multiple connected advisories (Unity Linux security updat...
CVE-2024-43905
CVE-2024-43905 affects the Linux kernel component drm/amd/pm specifically the vega10_hwmgr . The root cause was a potential null pointer dereference arising from insufficient null-check handling. The published fix adds validation of return values and proper null-pointer handling to prevent derefe...
CVE-2024-50282
The connected Astra Linux entry clarifies CVE-2024-50282 in the Linux kernel: a missing size check in drm/amdgpu_debugfs_gprwave_read() can cause a buffer overflow when size > 4K. The fix (cherry-picked commit f5d873f5825b40d886d03bd2aede91d4cf002434) adds the size check to prevent overflow. N...
CVE-2024-56757
The CVE-2024-56757 entry concerns the Linux kernel Bluetooth driver for MediaTek USB BT dongles (btusb/mediatek). The issue is the missing interface release flow when the USB disconnects, which can cause a kernel panic when unregistering the HCI device. A patch to introduce the interface release ...