CVE-2016-2061

Integer signedness error in the MSM V4L2 video driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (array overflow and memory corruption) via a crafte...

CVE-2017-8067

drivers/char/virtio_console.c in the Linux kernel 4.9.x and 4.10.x before 4.10.12 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more th...

CVE-2018-19406

kvm_pv_send_ipi in arch/x86/kvm/lapic.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where the apic map is uninitialized.

CVE-2021-47088

In the Linux kernel, the following vulnerability has been resolved: mm/damon/dbgfs: protect targets destructions with kdamond_lock DAMON debugfs interface iterates current monitoring targets in'dbgfs_target_ids_read()' while holding the corresponding'kdamond_lock'. However, it also destructs the mo...

CVE-2021-47121

In the Linux kernel, the following vulnerability has been resolved: net: caif: fix memory leak in cfusbl_device_notify In case of caif_enroll_dev() fail, allocatedlink_support won't be assigned to the correspondingstructure. So simply free allocated pointer in caseof error.

CVE-2021-47133

In the Linux kernel, the following vulnerability has been resolved: HID: amd_sfh: Fix memory leak in amd_sfh_work Kmemleak tool detected a memory leak in the amd_sfh driver. ====================unreferenced object 0xffff88810228ada0 (size 32):comm "insmod", pid 3968, jiffies 4295056001 (age 775.792...

CVE-2021-47151

In the Linux kernel, the following vulnerability has been resolved: interconnect: qcom: bcm-voter: add a missing of_node_put() Add a missing of_node_put() in of_bcm_voter_get() to avoid thereference leak.

CVE-2021-47190

In the Linux kernel, the following vulnerability has been resolved: perf bpf: Avoid memory leak from perf_env__insert_btf() perf_env__insert_btf() doesn't insert if a duplicate BTF id isencountered and this causes a memory leak. Modify the function to returna success/error value and then free the m...

CVE-2021-47195

In the Linux kernel, the following vulnerability has been resolved: spi: fix use-after-free of the add_lock mutex Commit 6098475d4cb4 ("spi: Fix deadlock when adding SPI controllers onSPI buses") introduced a per-controller mutex. But mutex_unlock() ofsaid lock is called after the controller is alr...

CVE-2021-47243

In the Linux kernel, the following vulnerability has been resolved: sch_cake: Fix out of bounds when parsing TCP options and header The TCP option parser in cake qdisc (cake_get_tcpopt andcake_tcph_may_drop) could read one byte out of bounds. When the lengthis 1, the execution flow gets into the lo...

CVE-2021-47266

In the Linux kernel, the following vulnerability has been resolved: RDMA/ipoib: Fix warning caused by destroying non-initial netns After the commit 5ce2dced8e95 ("RDMA/ipoib: Set rtnl_link_ops for ipoibinterfaces"), if the IPoIB device is moved to non-initial netns,destroying that netns lets the de...

CVE-2021-47290

In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix NULL dereference on XCOPY completion CPU affinity control added with commit 39ae3edda325 ("scsi: target: core:Make completion affinity configurable") makes target_complete_cmd() queuework on a CPU based on se_tpg-...

CVE-2021-47306

In the Linux kernel, the following vulnerability has been resolved: net: fddi: fix UAF in fza_probe fp is netdev private data and it cannot beused after free_netdev() call. Using fp after free_netdev()can cause UAF bug. Fix it by moving free_netdev() after error message. TURBOchannel adapter")

CVE-2021-47318

In the Linux kernel, the following vulnerability has been resolved: arch_topology: Avoid use-after-free for scale_freq_data Currently topology_scale_freq_tick() (which gets called fromscheduler_tick()) may end up using a pointer to "structscale_freq_data", which was previously cleared bytopology_cl...

CVE-2021-47363

In the Linux kernel, the following vulnerability has been resolved: nexthop: Fix division by zero while replacing a resilient group The resilient nexthop group torture tests in fib_nexthop.sh exposed apossible division by zero while replacing a resilient group [1]. Thedivision by zero occurs when t...

CVE-2021-47512

In the Linux kernel, the following vulnerability has been resolved: net/sched: fq_pie: prevent dismantle issue For some reason, fq_pie_destroy() did not copyworking code from pie_destroy() and other qdiscs,thus causing elusive bug. Before calling del_timer_sync(&q->adapt_timer),we need to ensure...

CVE-2021-47601

In the Linux kernel, the following vulnerability has been resolved: tee: amdtee: fix an IS_ERR() vs NULL bug The __get_free_pages() function does not return error pointers it returnsNULL so fix this condition to avoid a NULL dereference.

CVE-2021-47617

In the Linux kernel, the following vulnerability has been resolved: PCI: pciehp: Fix infinite loop in IRQ handler upon power fault The Power Fault Detected bit in the Slot Status register differs fromall other hotplug events in that it is sticky: It can only be clearedafter turning off slot power. ...

CVE-2022-2785

There exists an arbitrary memory read within the Linux Kernel BPF - Constants provided to fill pointers in structs passed in to bpf_sys_bpf are not verified and can point anywhere, including memory not owned by BPF. An attacker with CAP_BPF can arbitrarily read memory from anywhere on the system. W...

CVE-2022-48725

In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix refcounting leak in siw_create_qp() The atomic_inc() needs to be paired with an atomic_dec() on the errorpath.

CVE-2022-48731

In the Linux kernel, the following vulnerability has been resolved: mm/kmemleak: avoid scanning potential huge holes When using devm_request_free_mem_region() and devm_memremap_pages() toadd ZONE_DEVICE memory, if requested free mem region's end pfn werehuge(e.g., 0x400000000), the node_end_pfn() w...

CVE-2022-48784

In the Linux kernel, the following vulnerability has been resolved: cfg80211: fix race in netlink owner interface destruction My previous fix here to fix the deadlock left a race wherethe exact same deadlock (see the original commit referencedbelow) can still happen if cfg80211_destroy_ifaces() alr...

CVE-2022-48892

In the Linux kernel, the following vulnerability has been resolved: sched/core: Fix use-after-free bug in dup_user_cpus_ptr() Since commit 07ec77a1d4e8 ("sched: Allow task CPU affinity to berestricted on asymmetric systems"), the setting and clearing ofuser_cpus_ptr are done under pi_lock for arm64...

CVE-2022-48896

In the Linux kernel, the following vulnerability has been resolved: ixgbe: fix pci device refcount leak As the comment of pci_get_domain_bus_and_slot() says, itreturns a PCI device with refcount incremented, when finishusing it, the caller must decrement the reference count bycalling pci_dev_put()....

CVE-2022-48908

In the Linux kernel, the following vulnerability has been resolved: net: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe() During driver initialization, the pointer of card info, i.e. thevariable 'ci' is required. However, the definition of'com20020pci_id_table' reveals that this field is...

CVE-2022-48914

In the Linux kernel, the following vulnerability has been resolved: xen/netfront: destroy queues before real_num_tx_queues is zeroed xennet_destroy_queues() relies on info->netdev->real_num_tx_queues todelete queues. Since d7dac083414eb5bb99a6d2ed53dc2c1b405224e5("net-sysfs: update the queue ...

CVE-2022-49127

In the Linux kernel, the following vulnerability has been resolved: ref_tracker: implement use-after-free detection Whenever ref_tracker_dir_init() is called, mark the struct ref_tracker_diras dead. Test the dead status from ref_tracker_alloc() and ref_tracker_free() This should detect buggy dev_pu...

CVE-2022-49210

In the Linux kernel, the following vulnerability has been resolved: MIPS: pgalloc: fix memory leak caused by pgd_free() pgd page is freed by generic implementation pgd_free() since commitf9cb654cb550 ("asm-generic: pgalloc: provide generic pgd_free()"),however, there are scenarios that the system u...

CVE-2022-49479

In the Linux kernel, the following vulnerability has been resolved: mt76: fix tx status related use-after-free race on station removal There is a small race window where ongoing tx activity can lead to a skbgetting added to the status tracking idr after that idr has already beencleaned up, which wi...

CVE-2022-49845

In the Linux kernel, the following vulnerability has been resolved: can: j1939: j1939_send_one(): fix missing CAN header initialization The read access to struct canxl_frame::len inside of a j1939 createdskbuff revealed a missing initialization of reserved and later filledelements in struct can_fra...

CVE-2022-49863

In the Linux kernel, the following vulnerability has been resolved: can: af_can: fix NULL pointer dereference in can_rx_register() It causes NULL pointer dereference when testing as following:(a) use syscall(__NR_socket, 0x10ul, 3ul, 0) to create netlink socket.(b) use syscall(__NR_sendmsg, ...) to...

CVE-2022-49891

In the Linux kernel, the following vulnerability has been resolved: tracing: kprobe: Fix memory leak in test_gen_kprobe/kretprobe_cmd() test_gen_kprobe_cmd() only free buf in fail path, hence buf will leakwhen there is no failure. Move kfree(buf) from fail path to common pathto prevent the memleak....

CVE-2023-52896

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race between quota rescan and disable leading to NULL pointer deref If we have one task trying to start the quota rescan worker while anotherone is trying to disable quotas, we can end up hitting a race that resultsin th...

CVE-2023-52906

In the Linux kernel, the following vulnerability has been resolved: net/sched: act_mpls: Fix warning during failed attribute validation The 'TCA_MPLS_LABEL' attribute is of 'NLA_U32' type, but has avalidation type of 'NLA_VALIDATE_FUNCTION'. This is an invalidcombination according to the comment ab...

CVE-2023-52930

In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix potential bit_17 double-free A userspace with multiple threads racing I915_GEM_SET_TILING to set thetiling to I915_TILING_NONE could trigger a double free of the bit_17bitmask. (Or conversely leak memory on the transi...

CVE-2023-52979

In the Linux kernel, the following vulnerability has been resolved: squashfs: harden sanity check in squashfs_read_xattr_id_table While mounting a corrupted filesystem, a signed integer '*xattr_ids' canbecome less than zero. This leads to the incorrect computation of 'len'and 'indexes' values which...

CVE-2024-23196

A race condition was found in the Linux kernel's sound/hda device driver in snd_hdac_regmap_sync() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.

CVE-2024-26732

In the Linux kernel, the following vulnerability has been resolved: net: implement lockless setsockopt(SO_PEEK_OFF) syzbot reported a lockdep violation [1] involving af_unixsupport of SO_PEEK_OFF. Since SO_PEEK_OFF is inherently not thread safe (it uses a per-socketsk_peek_off field), there is real...

CVE-2024-42150

In the Linux kernel, the following vulnerability has been resolved: net: txgbe: remove separate irq request for MSI and INTx When using MSI or INTx interrupts, request_irq() for pdev->irq willconflict with request_threaded_irq() for txgbe->misc.irq, to causesystem crash. So remove txgbe_reque...

CVE-2024-46741

In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix double free of 'buf' in error path smatch warning:drivers/misc/fastrpc.c:1926 fastrpc_req_mmap() error: double free of 'buf' In fastrpc_req_mmap() error path, the fastrpc buffer is freed infastrpc_req_munmap_impl...

CVE-2024-56682

In the Linux kernel, the following vulnerability has been resolved: irqchip/riscv-aplic: Prevent crash when MSI domain is missing If the APLIC driver is probed before the IMSIC driver, the parent MSIdomain will be missing, which causes a NULL pointer dereference inmsi_create_device_irq_domain(). Av...

CVE-2024-57953

In the Linux kernel, the following vulnerability has been resolved: rtc: tps6594: Fix integer overflow on 32bit systems The problem is this multiply in tps6594_rtc_set_offset() tmp = offset * TICKS_PER_HOUR; The "tmp" variable is an s64 but "offset" is a long in the(-277774)-277774 range. On 32bit ...

CVE-2025-21774

In the Linux kernel, the following vulnerability has been resolved: can: rockchip: rkcanfd_handle_rx_fifo_overflow_int(): bail out if skb cannot be allocated Fix NULL pointer check in rkcanfd_handle_rx_fifo_overflow_int() tobail out if skb cannot be allocated.

CVE-2025-21990

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: NULL-check BO's backing store when determining GFX12 PTE flags PRT BOs may not have any backing store, so bo->tbo.resource will beNULL. Check for that before dereferencing. (cherry picked from commit 3e3fcd29b505cebe...

CVE-2002-0060

IRC connection tracking helper module in the netfilter subsystem for Linux 2.4.18-pre9 and earlier does not properly set the mask for conntrack expectations for incoming DCC connections, which could allow remote attackers to bypass intended firewall restrictions.

CVE-2005-3358

Linux kernel before 2.6.15 allows local users to cause a denial of service (panic) via a set_mempolicy call with a 0 bitmask, which causes a panic when a page fault occurs.

CVE-2009-1914

The pci_register_iommu_region function in arch/sparc/kernel/pci_common.c in the Linux kernel before 2.6.29 on the sparc64 platform allows local users to cause a denial of service (system crash) by reading the /proc/iomem file, related to uninitialized pointers and the request_resource function.

CVE-2011-1747

The agp subsystem in the Linux kernel 2.6.38.5 and earlier does not properly restrict memory allocation by the (1) AGPIOC_RESERVE and (2) AGPIOC_ALLOCATE ioctls, which allows local users to cause a denial of service (memory consumption) by making many calls to these ioctls.

CVE-2012-2669

The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distributed in the Linux kernel before 3.4.5, does not validate the origin of Netlink messages, which allows local users to spoof Netlink communication via a crafted connector message.

CVE-2013-4588

Multiple stack-based buffer overflows in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 2.6.33, when CONFIG_IP_VS is used, allow local users to gain privileges by leveraging the CAP_NET_ADMIN capability for (1) a getsockopt system call, related to the do_ip_vs_get_ctl function, or (2) a ...