CVE-2024-42094

CVE-2024-42094 affects the Linux kernel where CONFIG_CPUMASK_OFFSTACK=y caused explicit cpumask var allocation on the stack in net/iucv to risk stack overflow. The fix is to use the *cpumask_var API(s) to allocate cpumask variables in a config-neutral way, leaving allocation strategy to CONFIG_CP...

CVE-2024-49991

The CVE-2024-49991 issue affects the Linux kernel DRM/AMD stack: amdkfd_free_gtt_mem cleared the wrong pointer, causing a use-after-free when amdgpu_bo_unref resets the pointer. The patch passes the correct pointer reference to amdgpu_bo_unref to ensure the original pointer is NULL’d correctly. T...

CVE-2024-56759

CVE-2024-56759 concerns the Linux kernel: when Btrfs COWs a tree block with tracing enabled (trace_btrfs_cow_block) and preemption is on, a use-after-free can occur on the COWed extent buffer. The root cause is that tracepoint handling could observe a buffer after it is freed via RCUs, if preempt...

CVE-2021-4135

CVE-2021-4135 affects the Linux kernel, specifically the netdevsim (Simulated networking device) driver’s eBPF path. The issue is a memory leak in the nsim_map_alloc_elem path that can be triggered by user-controlled use of BPF for the device, enabling a local attacker to access kernel data. Publ...

CVE-2023-52501

The connected MiracleLinux advisory confirms CVE-2023-52501 affects the Linux kernel ring-buffer code. The issue occurs when iterating a live ring buffer: if the last event sits at the end of a page with only 4 bytes left, the event length check can misread the length (first 4 bytes, or the lengt...

CVE-2024-35805

CVE-2024-35805 affects the Linux kernel in the dm snapshot code path. The issue was a lockup when exiting a snapshot with many exceptions, resolved by adding a cond_resched in the loop that frees the exceptions in dm_exception_table_exit. The root cause is a lockup during exit of large dm-snapsho...

CVE-2024-38618

CVE-2024-38618 affects the Linux kernel: ALSA timer start tick time had no lower bound, enabling very small values (e.g., 1 tick at 1ns) that could trigger an unexpected RCU stall by repeatedly queuing expire updates. The connected docs describe the fix as a patch adding a sanity check for the ti...

CVE-2024-41060

CVE-2024-41060 (Linux kernel, DRM/Radeon) has a concrete patch: the code now checks bo_va->bo for NULL before dereferencing, preventing a NULL dereference when radeon_vm_clear_freed can clear bo_va->bo. The vulnerability arises from dereferencing bo_va->bo after a potential clear, enabli...

CVE-2024-42077

CVE-2024-42077 - OCFS2 DIO credit handling in Linux kernel : The vulnerability arises when ocfs2_dio_end_io_write() underestimates required transaction credits during large or multi-extents I/O, risking exhaustion of transaction credits and triggering a kernel panic via OCFS2 abort logic. The roo...

CVE-2014-9322

CVE-2014-9322 affects the Linux kernel pre-3.17.5 where arch/x86/kernel/entry_64.S mishandles faults on the Stack Segment (SS) during IRET, allowing a local user to escalate privileges by accessing a GS Base address from the wrong space. Public PoC/exploitation (BadIRET) exists, illustrating loca...

CVE-2015-3331

CVE-2015-3331 affects the Linux kernel up to 3.19.2, where __driver_rfc4106_decrypt in arch/x86/crypto/aesni-intel_glue.c mishandles memory locations for encrypted data, enabling a context-dependent attacker to trigger a buffer overflow via a crypto API call (e.g., with a libkcapi test program us...

CVE-2016-10741

CVE-2016-10741 – Linux kernel local DoS (xfs_aops race) Affected: Linux kernel before 4.9.3. Issue: a race between direct I/O and memory-mapped I/O (hole handling) in fs/xfs/xfs_aops.c is incorrectly handled with BUG_ON, leading to a system crash under local access. Impact: denial of service via ...

CVE-2019-14763

CVE-2019-14763 affects the Linux kernel prior to 4.16.4, where a double-locking error in drivers/usb/dwc3/gadget.c may deadlock with f_hid. Exploitation context from connected Nessus advisories links CVE-2019-14763 to kernel fixes (4.16.4) and security advisories (e.g., USN/EulerOS entries). The ...

CVE-2022-49541

The CVE-2022-49541 issue is a Linux kernel CIFS vulnerability: a potential double free during a failed mount. It is classed as HIGH severity (LOCAL access, LOW attack complexity) with impact to confidentiality, integrity, and availability as per the CVSS metrics. Connected advisories (SUSE/RHEL-r...

CVE-2023-51043

CVE-2023-51043 affects the Linux kernel prior to 6.4.5. The issue is a use-after-free in drivers/gpu/drm/drm_atomic.c caused by a race between a nonblocking atomic commit and a driver unload. The vulnerability results in a potentially exploitable crash if a race occurs during unload while a nonbl...

CVE-2024-40967

CVE-2024-40967 affects the Linux kernel serial: imx subsystem. The root cause is a potential deadlock while waiting for USR2_TXDC in transmitter empty handling. The patch introduces a timeout of at most 1 second; if the timeout occurs, the driver ignores the transmitter state and continues optimi...

CVE-2024-42237

CVE-2024-42237 - Linux kernel cs_dsp payload length validation Affects: Linux kernel firmware cs_dsp loading paths (cs_dsp_load and cs_dsp_coeff_load).Cause: The block payload length could be used before validating the length, potentially enabling out-of-bounds processing.Fix: Move and perform th...

CVE-2018-6555

CVE-2018-6555 is a Linux kernel local use-after-free via the irda_setsockopt path in irda/af_irda.c (and later in staging/irda), potentially causing memory corruption, denial of service, or a system crash. Affected trees reference IRDA socket usage as the attack vector. The vulnerability is addre...

CVE-2019-18885

CVE-2019-18885 affects the Linux kernel (fs/btrfs/volumes.c) with a NULL pointer dereference in btrfs_verify_dev_extents when processing a crafted btrfs image. Root cause: fs_devices->devices is mishandled in find_device, enabling NULL dereferences in btrfs_verify_dev_extents. Impact per publi...

CVE-2022-48701

The CVE-2022-48701 issue is in the Linux kernel ALSA usb-audio driver: an out-of-bounds read can occur in __snd_usb_parse_audio_interface() when parsing a USB device (USB ID 0x04fa:0x4201) that has fewer than 4 interfaces. The fix is to validate the interface count before parsing. Public referenc...

CVE-2021-47386

The CVE-2021-47386 issue affects the Linux kernel hwmon driver w83791d. The vulnerability stems from a NULL pointer dereference that can occur when a specific readval bit pattern is encountered, potentially leading to a kernel NULL dereference if conditions (val & 0x08), !(val & 0x80), and ((val ...

CVE-2022-49114

The CVE-2022-49114 issue in the Linux kernel concerns a use-after-free in the SCSI/libfc path, specifically fc_exch_abts_resp(). The bug arises because fc_exch_release(ep) reduces the ep’s refcount to zero while ep is still used, leading to use-after-free. The fix is to Return after the fc_exch_r...

CVE-2022-49319

CVE-2022-49319 affects the Linux kernel, specifically iommu/arm-smmu-v3. The vulnerability is a NULL pointer dereference that occurs when platform_get_resource() returns NULL, due to a missing return-value check. Affected component/area: ARM SMMU platform resource handling in the IOMMU path. Impa...

CVE-2023-52757

CVE-2023-52757 : Linux kernel SMB client deadlock fix. The issue arose when releasing mids under server->mid_lock could lead to a deadlock with cifs_tcp_ses_lock and smb2_find_smb_tcon if mids were released without proper references. The patch removes an unnecessary spinlock in release_mid() c...

CVE-2024-26978

The CVE-2024-26978 entry relates to a Linux kernel issue: creating a max14830 I2C device from userspace could trigger a NULL pointer dereference in max310x during I2C instantiation. The fix adds a validity check for the devtype and aborts the probe with a clear error message. Connected advisories...

CVE-2024-27056

CVE-2024-27056 affects the Linux kernel wifi: iwlwifi mvm. The issue arises on resume: the TX queue for the offloading TID may not have been allocated if no packets were sent on TID 0, causing a crash when the code tries to sync the write pointer. The fix is to ensure the offloading TID queue exi...

CVE-2024-35939

CVE-2024-35939 affects the Linux kernel: dma-direct: Leak pages on dma_set_decrypted() failure. In TDx, set_memory_encrypted()/set_memory_decrypted() failures can cause memory to be shared; DMA could leak decrypted/shared pages instead of freeing them, potentially leading to functional or securit...

CVE-2024-36952

CVE-2024-36952 is a Linux kernel issue affecting the SCSI lpfc NPIV transport cleanup. The root cause is a race: when a vport is unregistered before the Remove All DA_ID CT and LOGO ELS are sent, the final DA_ID and LOGO can be skipped, because fc_remove_host() frees the ndlp rport object too ear...

CVE-2024-40988

CVE-2024-40988 affects the Linux kernel DRM/Radeon driver. The issue is a UBSAN warning caused by a missing bounds check in kv_dpm.c (sumo_vid_mapping_entry). The patch adds the necessary bounds check, resolving the UBSAN warning. The description indicates the change is a bounds validation fix ra...

CVE-2024-41093

CVE-2024-41093 – Linux kernel drm/amdgpu null framebuffer object fix : The vulnerability arises in the kernel’s DRM/amdgpu path where code could dereference a null framebuffer object when accessing state->fb->obj[0]. The patch changes the access to obtain the framebuffer object via drm_gem_...

CVE-2024-50008

Technical details about CVE-2024-50008 are not publicly provided in the connected documents. The initial description mentions a Linux kernel fix related to mwifiex, but no concrete affected products/versions/root cause or remediation are given here. Monitor for updates.

CVE-2024-50057

CVE-2024-50057 affects the Linux kernel USB Type-C tipd path. The vulnerability stems from freeing IRQs in polling mode when no IRQ was requested; the fix calls devm_free_irq() only if client->irq is set, preventing the warning observed during tps6598x removal. Public details in the connected ...

CVE-2018-18386

The CVE-2018-18386 issue affects the Linux kernel up to version 4.14.10, in drivers/tty/n_tty.c, where an EXTPROC vs ICANON confusion in TIOCINQ allows local attackers with access to pseudo terminals to hang or block further use of any PTY. The root cause is a terminal/TTY handling inconsistency,...

CVE-2020-28097

CVE-2020-28097 affects the Linux kernel’s vgacon subsystem; versions before 5.8.10 mishandle software scrollback, causing a vgacon_scrolldelta out-of-bounds read . This is a local issue that can read kernel memory via the vgacon pathway. The public references note the fix in kernel release 5.8.10...

CVE-2023-52751

CVE-2023-52751 : In the Linux kernel CIFS (smb2_query_info_compound), a race between open_cached_dir() and cached_dir_lease_break() can trigger a use-after-free in the cache entry for a newly created directory handle. The issue arises as the code drops the last reference to the new cfid while a l...

CVE-2024-26779

CVE-2024-26779 : In the Linux kernel, the wifi/mac80211 code had a race condition enabling fast-xmit before the station (STA) is uploaded to the driver. This could cause the driver to process a not-yet-uploaded STA via drv_tx calls, leading to potential crashes due to uninitialized drv_priv data....

CVE-2024-41066

CVE-2024-41066: In the Linux kernel, ibmvnic transmit path could leak an skb if free_map and tx_buff arrays became out of sync. The patch adds a conditional to verify that the skb address is NULL before proceeding; if not, it warns the user and frees the old pointer to prevent memory leaks and TC...

CVE-2024-46695

CVE-2024-46695 affects the Linux kernel; the root cause is a permissions bypass in the SELinux/Smack ininode_setsecctx hook. The bug allowed a privileged user (root) on an NFS client to change security labels on files on an NFS export with root squash enabled, due to incomplete permission checks ...

CVE-2023-52635

The CVE-2023-52635 entry concerns a Linux kernel devfreq timer race. Description: frequent governor switches (e.g., simple_ondemand and performance) on a devfreq device may race with timer cancellation and expiration, risking timer_list corruption when cancel_delayed_work_sync() is followed by ex...

CVE-2024-26672

CVE-2024-26672 affects the Linux kernel AMDGPU driver: amdgpu_mca_smu_get_mca_entry() dereferences mca_funcs before a NULL check, leading to potential NULL-pointer dereference in UE/CE error handling paths. The issue is evidenced by code paths where mca_funcs is used to read max_ue_count/max_ce_c...

CVE-2024-35878

CVE-2024-35878 : The connected documentation provides concrete details—this Linux kernel vulnerability concerns a NULL pointer dereference in vsnprintf() triggered by improper handling of the str/len parameters in of_modalias(). The issue could oops when a NULL pointer is passed unless length is ...

CVE-2024-36950

CVE-2024-36950 is a Linux kernel vulnerability resolved in the FireWire OHCI driver. The issue occurred in the interrupt handler when a bus reset interrupt could be unmasked and cause a freeze if the bus reset was not yet serviced. The fix masks bus reset interrupts in the IRQ handler and unmasks...

CVE-2024-46724

CVE-2024-46724 is a Linux kernel vulnerability in drm/amdgpu where an out-of-bounds read of df_v1_7_channel_number could occur. The issue stems from not validating fb_channel_number range, leading to an array read error. A patch/mitigation has been applied in upstream kernel releases, and several...

CVE-2024-46819

CVE-2024-46819: In the Linux kernel, the drm/amdgpu path for nbio_v7_4 could dereference an obj when ras_manager.obj is null, causing a warning and potential data leakage through NBIO data. The issue has been resolved in the cited update. The description notes a fix to avoid printing NBIO error d...

CVE-2024-49994

CVE-2024-49994 : A Linux kernel vulnerability in the block layer (BLKSECDISCARD) is resolved. The flaw arises from an integer overflow in the discard path, causing a near-infinite loop inside blkdev_issue_secure_erase() when a crafted 64-bit range (e.g., r = {512, 18446744073709551104}) is passed...

CVE-2024-57807

CVE-2024-57807 is tied to the Linux kernel's SCSI megaraid_sas driver. The issue is a potential deadlock caused by a circular locking dependency between instance->reset_mutex and shost->scan_mutex, which could occur during lock ordering. The confirmed fix temporarily releases the reset_mute...

CVE-2025-21667

CVE-2025-21667 : Linux kernel vulnerability where on 32-bit builds iomap_write_delalloc_scan() used a 32-bit position due to folio_next_index() returning an unsigned long, truncating 64-bit offsets and potentially causing an infinite loop during writes to XFS. Connected documents confirm the root...

CVE-2018-10124

CVE-2018-10124 affects the Linux kernel before 4.13, where the kill_something_info() function in kernel/signal.c may allow a local attacker to cause a denial of service via an INT_MIN argument when using an unspecified architecture and compiler. The vulnerability is a local DoS condition (availab...

CVE-2019-19076

CVE-2019-19076 concerns a memory leak in the Linux kernel function nfp_abm_u32_knode_replace() in drivers/net/ethernet/netronome/nfp/abm/cls.c, before version 5.3.6. The issue can allow a remote attacker to cause a denial of service via memory consumption. The upstream commit 78beef629fd9 was rev...

CVE-2021-4090

CVE-2021-4090 : A Linux kernel NFSD out-of-bounds write in nfsd4_decode_bitmap4 (fs/nfsd/nfs4xdr.c) can be triggered by a missing sanity check, allowing a local privileged user to access out-of-bounds memory and threaten system integrity and confidentiality. Multiple connected sources confirm the...