2330 matches found
CVE-2022-1419
CVE-2022-1419 affects the Linux kernel DRM/vgem path: ioctl DRM_IOCTL_MODE_DESTROY_DUMB can concurrently reduce the refcount of drm_vgem_gem_object created by vgem_gem_dumb_create, while that create path may access the freed object. The public description for this CVE notes that on 32-bit systems...
CVE-2024-41064
CVE-2024-41064 is a Linux kernel vulnerability affecting the powerpc/eeh path. Root cause: during eeh_pe_report_edev(), edev->pdev can change if a PCI device is removed, risking a crash. The documented fix is to hold the PCI rescan/remove lock while taking a copy of edev->pdev->bus to pr...
CVE-2024-42225
CVE-2024-42225 : Linux kernel WiFi mt76 vulnerability due to reusing uninitialized data in the MT76 path; root cause is use of uninitialized skb data. A remote attacker could execute arbitrary code. A fix replaces skb_put with skb_put_zero in wifi: mt76, and patches are available in the cited ker...
CVE-2024-49960
CVE-2024-49960 concerns ext4 on the Linux kernel. The issue is a timer use-after-free during failed mounts: the s_err_report timer can remain active while sbi is freed, because ext4_handle_error re-arms the timer before kfree(sbi). The root cause is not canceling the s_err_report timer after ext4...
CVE-2019-19525
CVE-2019-19525 affects the Linux kernel prior to 5.3.6, where a use-after-free can be triggered by a malicious USB device via drivers/net/ieee802154/atusb.c (CID-7fd25e6fc035). The vulnerability has an availability impact and a MEDIUM base score (CVSS v3.1: 4.6) with LOCAL/PHYSICAL factors descri...
CVE-2022-3521
CVE-2022-3521 is a race-condition vulnerability in the Linux Kernel KCM subsystem (function kcm_tx_work in net/kcm/kcmsock.c). The issue can allow a local attacker to trigger a crash via race conditions in the KCM path. Technical details in connected sources confirm the affected component and roo...
CVE-2024-26773
Summary (CVE-2024-26773): The Linux kernel ext4 allocator could allocate blocks from a group whose block bitmap was corrupted, due to a concurrency window where ac_b_ex was used in ext4_mb_try_best_found(). The issue was tied to validating whether a group bitmap is corrupted before block allocati...
CVE-2024-40965
CVE-2024-40965 (Linux kernel: i2c/lpi2c): The provided documents confirm a fix for a deadlock scenario in i2c-lpi2c where repeated clk_get_rate() calls during transfers could lock the clk mutex and cause deadlock when a tlv320aic32x4 codec is added. The resolution caches the clock rate and uses a...
CVE-2024-56623
CVE-2024-56623 : In the Linux kernel, the qla2xxx SCSI driver contains a use-after-free during unload, causing a system crash with a stack trace in SLUB. The root cause is a double-thread termination signal: an UNLOADING flag may race with kthread_stop, leading to use-after-free on cleanup. The f...
CVE-2022-49294
CVE-2022-49294 affects the Linux kernel (drm/amd/display) and is caused by an unchecked modulo division that can read 0, leading to a divide-by-zero panic. The available connected documents confirm the root cause and indicate a fix in the kernel to check for modulo == 0 before dividing. The explo...
CVE-2023-1476
CVE-2023-1476 refers to a Linux kernel vulnerability affecting the mm/mremap path. A use-after-free occurs due to a race between rmap walk and mremap, enabling a local user to crash the system and potentially escalate privileges by exploiting a stale TLB during a PUD move. Connected documents ide...
CVE-2024-26843
CVE-2024-26843: In the Linux kernel, the EFI runtime subsystem had a fix for a potential overflow in the soft-reserved region size. Specifically, md_size could be narrowed when there are >= 4 GiB worth of pages in a soft-reserved region. The vulnerability is reported as a local vulnerability w...
CVE-2024-50062
CVE-2024-50062 concerns the Linux kernel vulnerability in RDMA/rtrs-srv for path establishment, where a null pointer dereference could occur if RTRS connections aren’t fully established before info exchange. The issue is resolved in the Linux kernel; Debian and other advisories note that an updat...
CVE-2024-57798
CVE-2024-57798 affects the Linux kernel drm_dp_mst handling of MST up requests. If another thread removes MST topology during processing, mst_primary could be freed and set to NULL, risking a NULL pointer dereference in drm_dp_mst_handle_up_req(). The fix is to hold a reference to mst_primary whi...
CVE-2021-29649
The CVE-2021-29649 issue affects the Linux kernel prior to 5.11.11. It is a memory leak in the user mode driver (UMD) caused by incomplete cleanup in kernel/usermode_driver.c and kernel/bpf/preload/bpf_preload_kern.c. The vulnerability is local and does not imply remote code execution by itself; ...
CVE-2022-48655
CVE-2022-48655 in the Linux kernel: vulnerability in the SCMI firmware path (arm_scmi) where reset domains descriptors could be accessed by index, risking out-of-bounds due to SCMI driver misbehavior. The root cause is lack of an internal consistency check before domain descriptor accesses. The f...
CVE-2023-23039
CVE-2023-23039 : In the Linux kernel (up to 6.2.0-rc2), the race condition in drivers/tty/vcc.c between vcc_open() and vcc_remove() can cause a use-after-free when a physically proximate attacker removes a VCC device while open() is invoked. This yields a potential impact on integrity and availab...
CVE-2024-26774
CVE-2024-26774 — Linux kernel ext4 fix for zero-division risk . The vulnerability arises in ext4_mb_update_avg_fragment_size() when the block bitmap is corrupted, potentially causing a divide-by-zero if bb_fragments is 0 and the code uses bb_free. The fix changes the check to determine bb_fragmen...
CVE-2024-35950
CVE-2024-35950 concerns a Linux kernel DRM issue where the modes[] array (points to connectors’ mode list entries) was not protected by the same mutex as mode_config, risking use-after-free if elements reference freed memory. The fix extends protection to modes[] via dev->mode_config.mutex, ad...
CVE-2024-47745
The CVE-2024-47745 entry describes a Linux kernel vulnerability where remap_file_pages bypassed W^X enforcement when using personality(READ_IMPLIES_EXEC) followed by a RW remap, due to the remap_file_pages path calling do_mmap() before the LSM security check. A fix adds a security_mmap_file LSM h...
CVE-2019-19531
CVE-2019-19531 affects the Linux kernel prior to 5.2.9. The issue is a use-after-free triggered by a malicious USB device in the drivers/usb/misc/yurex.c component (CID-fc05481b2fca). Exploitation would occur locally (physical access) via crafted USB input, with the kernel potentially resolving t...
CVE-2022-3107
CVE-2022-3107 affects the Linux kernel (up to 5.16-rc6) and is triggered in the netvsc driver (drivers/net/hyperv/netvsc_drv.c) where netvsc_get_ethtool_stats does not properly check the return value of kvmalloc_array(), leading to a NULL pointer dereference. The connected TencentOS/TSSA advisory...
CVE-2024-46743
CVE-2024-46743 affects the Linux kernel’s interrupt/IRQ handling in the of_irq_parse_raw path. When a device address is smaller than the interrupt parent node (involving #address-cells), KASAN detects a slab-out-of-bounds read while populating the initial match table during interrupt map walk. Th...
CVE-2024-56608
CVE-2024-56608 affects the Linux kernel in the AMD display driver (drm/amd/display) where dcn21_link_encoder_create could perform an out-of-bounds access on the link_enc_hpd_regs array. The connected TencentOS NASL notes the issue is present in kernels prior to 5.15.182.1-1 and that a patch updat...
CVE-2023-52607
CVE-2023-52607 is a Linux kernel vulnerability affecting the powerpc architecture, where a null-pointer dereference could occur in pgtable_cache_add due to a potentially NULL kasprintf() return when memory allocation fails. The issue arises because kasprintf() can return NULL and the code did not...
CVE-2023-52832
CVE-2023-52832 affects the Linux kernel’s wireless stack (mac80211/nl80211). The issue arises when ieee80211_get_tx_power() can return INT_MIN (the internal sentinel for an “unset power level”), which can trigger a UBSAN signed‑integer overflow. The observed effect is a UBSAN warning in net/wirel...
CVE-2024-43906
CVE-2024-43906 affects the Linux kernel, specifically the drm/admgpu path. The issue arises when user space passes an invalid ta type, causing the pointer context to be empty and leading to a potential null pointer dereference. The provided connected materials indicate the vulnerability has been ...
CVE-2024-49962
CVE-2024-49962 : In the Linux kernel, ACPICA toolchain fix guards against NULL returns from ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package(). If ACPI_ALLOCATE_ZEROED() fails, elements may be NULL, leading to a NULL pointer dereference. The linked Astra/IBM bulletins reference the same root ...
CVE-2009-2698
CVE-2009-2698 affects the Linux kernel UDP implementation (net/ipv4/udp.c and net/ipv6/udp.c) prior to 2.6.19. Local users can gain privileges or cause a denial of service (NULL pointer dereference/system crash) via UDP socket use with MSG_MORE. Oracle Linux/MiracleLinux advisories reference this...
CVE-2021-20320
CVE-2021-20320 : A flaw in the Linux kernel, specifically in s390 eBPF JIT (bpf_jit_insn in arch/s390/net/bpf_jit_comp.c). The vulnerability could let a local attacker with restricted privileges bypass the verifier and cause a confidentiality impact. Connected advisories (Unity Linux UTSA-2026-00...
CVE-2023-34324
The CVE describes a deadlock in Linux kernel Xen event channel handling when a close operation is performed in parallel with a Xen console action/interrupt in an unprivileged Xen guest. The issue occurs during removal of a paravirtual device or similar event-channel close, with 32-bit Arm guests ...
CVE-2024-35937
CVE-2024-35937 affects the Linux kernel wifi stack: cfg80211 A-MSDU handling can read data out of bounds if a subframe header appears but is not fully present. The vulnerability root cause is insufficient validation of A-MSDU subframes; the fix tightens checks to ensure a subframe header can actu...
CVE-2024-40998
CVE-2024-40998 — Normal (details provided) Affects Linux kernel ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super(). The root cause is registering sysfs before s_msg_ratelimit_state.lock is initialized, allowing concurrent updates to rs->interval (non-zero) to trigge...
CVE-2024-42228
CVE-2024-42228 : Linux kernel vulnerability involving the AMDGPU driver. The issue arises from using an uninitialized value (*size) when calling amdgpu_vce_cs_reloc, which can lead to arbitrary code execution or denial of service via a crafted relocation path. The fix initializes the size prior t...
CVE-2024-50073
CVE-2024-50073: Linux kernel tty/n_gsm use-after-free in gsm_cleanup_mux (UAF on gsm_msg in gsm_mux tx lists). Unity Linux advisory confirms fix: protect gsm_msg by adding a gsm tx lock to prevent multi-threaded free via ioctl. Affects kernel 6.11.0+; patch details referenced in Unity/Nessus desc...
CVE-2025-21776
CVE-2025-21776 affects the Linux kernel USB hub driver where non‑compliant hubs with more than one config/interface can trigger a crash (usb_hub_to_struct_hub dereference). A fix exists: the driver now refuses hubs violating USB spec (more than one configuration or interface). Connected advisorie...
CVE-2020-10774
CVE-2020-10774: A local memory disclosure flaw in the Linux kernel sysctl subsystem allows reading uninitialized kernel memory when reading /proc/sys/kernel/rh_features, affecting kernel versions before 4.18.0-193.el8. Root cause is a memory disclosure in the sysctl path; impact is confidentialit...
CVE-2024-39473
CVE-2024-39473 affects the Linux kernel ASoC: SOF ipc4-topology. The issue occurs when a process module lacks the base config extension: the same input format is applied to all inputs and process->base_config_ext becomes NULL, allowing a NULL dereference under specific topology/sequences. This...
CVE-2024-44970
CVE-2024-44970 (Linux kernel) affects mlx5e SHAMPO where, after consuming all strides in a WQE, an unlink could be executed again, corrupting the WQ list. The root cause is an extra unlink for a 0-sized consumed stride after a WQE is fully consumed and unlinked. The connected documents confirm a ...
CVE-2024-57850
CVE-2024-57850 affects the Linux kernel feature jffs2, where the rtime decompression code could corrupt memory outside the decompression buffer if compressed data is malformed. The issue is resolved by adding bounds checks during the rtime decompression pass. Supported documents confirm the vulne...
CVE-2016-10044
CVE-2016-10044 is supported by connected advisories: the Linux kernel up to version 4.7.7 contains a vulnerability in the aio_mount path. Specifically, the aio_mount function in fs/aio.c did not properly restrict execute access, enabling local users to bypass SELinux W^X policy and gain privilege...
CVE-2023-32269
The CVE-2023-32269 issue is a use-after-free in the Linux kernel (before 6.1.11) in net/netrom/af_netrom.c where accept is allowed for a connected AF_NETROM socket. Exploitation requires netrom routing to be configured or CAP_NET_ADMIN. This vulnerability can lead to local privilege/escalation im...
CVE-2024-26767
CVE-2024-26767 targets the Linux kernel’s drm/amd/display path. The issue stemmed from integer type widening in a loop condition and a missing null check, risking infinite loops and dereferencing NULL. The entry is fixed in the kernel (drm/amd/display: fixed integer types and null check locations...
CVE-2024-27062
CVE-2024-27062 relates to the Linux kernel nouveau driver, where the client object tree lacked locking and races occurred when adding/removing client objects (notably VRAM BAR mappings). The fix locks the client object tree to prevent race conditions during add/remove operations, addressing a gen...
CVE-2024-36481
CVE-2024-36481 affects the Linux kernel tracing/btf parsing: btf_find_struct_member() may return NULL or an ERR_PTR, but parse_btf_field() only checked NULL before. The fix uses IS_ERR() and propagates the error up the stack. Affected component is the kernel’s tracing probes; impact is a local vu...
CVE-2024-41077
Concretely, CVE-2024-41077 affects the Linux kernel null_blk path. The issue arises from an insufficient validation of the block size: the size must be between 512 and PAGE_SIZE and must be a power of two. The faulty check allowed an invalid bs (e.g., 1536) to be accepted, which could cause a nul...
CVE-2024-42094
CVE-2024-42094 affects the Linux kernel where CONFIG_CPUMASK_OFFSTACK=y caused explicit cpumask var allocation on the stack in net/iucv to risk stack overflow. The fix is to use the *cpumask_var API(s) to allocate cpumask variables in a config-neutral way, leaving allocation strategy to CONFIG_CP...
CVE-2024-49991
The CVE-2024-49991 issue affects the Linux kernel DRM/AMD stack: amdkfd_free_gtt_mem cleared the wrong pointer, causing a use-after-free when amdgpu_bo_unref resets the pointer. The patch passes the correct pointer reference to amdgpu_bo_unref to ensure the original pointer is NULL’d correctly. T...
CVE-2024-50049
CVE-2024-50049 affects the Linux kernel DRM AMD display path. The vulnerability arises from dereferencing a se pointer that could be NULL after a prior null check in the same function, leading to a FORWARD_NULL condition. Exploitation would be LOCAL with LOW privileges and no user interaction, po...
CVE-2024-53093
In CVE-2024-53093, the Linux kernel vulnerability affects nvme-multipath: partition scanning could deadlock if the partition scan runs inside the controller's scan_work context. The fix defers the partition scan to a non-blocking context to prevent IO stalls when a path error occurs. Affected com...