2330 matches found
CVE-2019-19076
CVE-2019-19076 concerns a memory leak in the Linux kernel function nfp_abm_u32_knode_replace() in drivers/net/ethernet/netronome/nfp/abm/cls.c, before version 5.3.6. The issue can allow a remote attacker to cause a denial of service via memory consumption. The upstream commit 78beef629fd9 was rev...
CVE-2021-4090
CVE-2021-4090 : A Linux kernel NFSD out-of-bounds write in nfsd4_decode_bitmap4 (fs/nfsd/nfs4xdr.c) can be triggered by a missing sanity check, allowing a local privileged user to access out-of-bounds memory and threaten system integrity and confidentiality. Multiple connected sources confirm the...
CVE-2022-48992
CVE-2022-48992 pertains to the Linux kernel: the ASoC subsystem (soc-pcm) BE reparenting path had a NULL pointer dereference risk exposed during fuzzing. The root cause is a missing NULL check in the dpcm_be_reparent API, which could lead to kernel NULL pointer dereference. The fix adds an explic...
CVE-2022-49323
CVE-2022-49323 affects the Linux kernel IOMMU ARM-SMMU code. The issue is a possible null pointer dereference in arm_smmu_device_probe() when resource retrieval returns NULL, which could occur when using the resource pointer before it is validated. The fix rearranges resource handling by deferrin...
CVE-2024-35822
The connected documents confirm CVE-2024-35822 affects the Linux kernel USB gadget mass storage path (usb_udc) where a thread may disable an endpoint while the main thread queues a request. Root cause: a warning in usb_ep_queue() was triggered instead of a functional failure. Fix: replacing WARN_...
CVE-2024-42131
CVE-2024-26929 is rejected/not used; this CVE entry is not an active vulnerability.
CVE-2024-50006
CVE-2024-50006 (Linux kernel): Affects ext4 with an i_data_sem unlock order issue during ext4_ind_migrate() causing a potential deadlock in jbd2_log_wait_commit when EXT4_IOC_MIGRATE is used with O_SYNC. The deadlock occurs if EXT4_IOC_MIGRATE races with write(2) and CONFIG_PROVE_LOCKING is enabl...
CVE-2024-57843
CVE-2024-57843 : In the Linux kernel, a vulnerability in virtio-net can cause overflow in virtnet_rq_alloc when a fragment spans a page and the total buffer size plus virtnet_rq_dma exceeds one page. This can lead to reliable VM crashes or SCP failures. Root cause: virtnet_rq_dma reserves 16 byte...
CVE-2021-38202
CVE-2021-38202 affects the Linux kernel before 5.13.4, where fs/nfsd/trace.h can allow remote attackers to trigger a denial-of-service via an out-of-bounds read in strlen when the trace event framework is used for nfsd. The vulnerability is triggered by NFS traffic sent over the network. A fix wa...
CVE-2022-49316
CVE-2022-49316 affects the Linux kernel’s NFSv4 layout management. The issue arises when performing layoutget as part of an open() compound: locks for the layoutget are held across multiple RPC calls, which can trigger recalls and deadlock. The connected advisories (EulerOS/Unity/Nessus OSS) conf...
CVE-2022-49492
The CVE-2022-49492 issue affects the Linux kernel nvme-pci path. In nvme_alloc_admin_tags, admin_q can be set to an error (e.g., -ENOMEM) and, after returning, the flow may quiesce a non-existent admin queue, leading to a bad NULL pointer dereference. The vulnerability is a local issue with HIGH ...
CVE-2023-52599
Summary (CVE-2023-52599) : The Linux kernel JFS path diNewExt had an out-of-bounds UBSAN failure (index -878706688 for struct iagctl[128]) traced to fs/jfs/jfs_imap.c:2360. The issue arises when agno is too large, leading to overflow in agno handling. The fix described in the sources is to valida...
CVE-2024-26903
CVE-2024-26903 (Linux kernel) : Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security. Root cause: after RFCOMM/L2CAP disconnect, the code could dereference a released l2cap_conn, leading to a null pointer access when calling hci_conn_security. Impact per CVSS: Medium (5.5) with high ava...
CVE-2024-38600
CVE-2024-38600 affects the Linux kernel ALSA subsystems. In snd_card_disconnect(), the patch fixes a deadlock that occurs when a callback deletes a kctl during disconnection for a suspended device. The root cause is the sequence: set card->shutdown, call callbacks, then sync power_ref_sleep wa...
CVE-2024-41063
In CVE-2024-41063, the Linux kernel Bluetooth stack (hci_core) fixes a deadlock when unregistering a device. The root cause involves hci_unregister_dev() racing with hci_error_reset() and hdev->req_workqueue/destroy_workqueue(), where pending work items may still be running during destroy. The...
CVE-2024-43900
CVE-2024-43900 affects the Linux kernel’s media: xc2028 path. A worker thread can dereference a freed dvb_frontend object after tuner_probe() allocates a tuner and module removal frees the dvb_frontend, leading to a use-after-free in load_firmware_cb() triggered by request_firmware_work_func. The...
CVE-2024-49930
In CVE-2024-49930, the Linux kernel vulnerability concerns the ath11k Wi-Fi driver. The hal_reo_error array in ath11k_soc_dp_stats is sized to DP_REO_DST_RING_MAX, but ath11k_dp_process_rx() indexed this array using the SRNG REO destination ring ID, which is not a normal ring ID and led to out-of...
CVE-2014-9584
CVE-2014-9584 affects the Linux kernel where the function parse_rock_ridge_inode_internal in fs/isofs/rock.c does not validate a length value in the ER System Use Field, enabling local users to obtain sensitive kernel memory via a crafted iso9660 image. This vulnerability exists in kernels before...
CVE-2016-3841
CVE-2016-3841 affects the Linux kernel IPv6 stack before 4.3.3. A crafted sendmsg can mishandle options data, allowing local users to gain privileges or cause a denial of service via a use-after-free leading to a system crash. Public documents (e.g., MiracleLinux AXSA-2016-1135:09 and Unity Linux...
CVE-2017-7187
The CVE-2017-7187 issue affects the Linux kernel sg_ioctl in drivers/scsi/sg.c, where a large SG_NEXT_CMD_LEN ioctl can trigger a stack-based buffer overflow, leading to a DoS or potentially other impact via out-of-bounds writes in sg_write. Descriptions across connected sources (CNVD-2017-03858)...
CVE-2021-47383
CVE-2021-47383 : In the Linux kernel, the tty imageblit out-of-bounds access is caused when an ioctl FBIOPUT_VSCREENINFO with only xres, yres, and bits_per_pixel is sent and the struct matches the previous ioctl. This leaves fb_var_screeninfo incomplete, causing updatescrollmode() to compute a wr...
CVE-2021-47384
CVE-2021-47384 affects Linux kernel hwmon drivers (notably w83793, and related subcomponents) with a NULL pointer dereference risk when reading a temp value, caused by an unnecessary field and an obsolete lm75[] array. The fix removes the unused lm75[] and adjusts driver subclient detection (devm...
CVE-2022-1198
CVE-2022-1198 is a Linux kernel use-after-free in drivers/net/hamradio/6pack.c (AX.25/6pack driver). A local attacker could crash the kernel or potentially escalate privileges by simulating an AX.25 device from user space. Public connected sources confirm the flaw and that patches exist in update...
CVE-2022-2380
CVE-2022-2380 concerns the Silicon Motion SM712 framebuffer driver in the Linux kernel. The issue is an out-of-bounds memory access in drivers/video/fbdev/sm712fb.c:smtcfb_read(), which could allow a locally authenticated attacker to crash the kernel. The description and linked advisories consist...
CVE-2022-27950
CVE-2022-27950 : A memory leak exists in Linux kernel drivers/hid/hid-elo.c for a hid_parse error condition, affecting kernels before 5.16.11. Exploitation details are not provided in the documents. A fix is in kernel 5.16.11 (and later). Recommendation: upgrade to a version containing the patch ...
CVE-2022-48804
CVE-2022-48804 is resolved in the Linux kernel’s vt_ioctl/vt_setactivate path. The vulnerability stems from an array_index_nospec handling that could allow a transient integer underflow when an out-of-bounds value is decremented after zero, specifically affecting vsa.console handling. The descrip...
CVE-2022-48943
CVE-2022-48943: In the Linux kernel KVM x86/mmu code, a bug in asynchronous page-fault (APF) handling could cause a guest to hang by confusing a valid token with a zero value, potentially delaying or losing READY events. The fix ensures the APF token is non-zero, preventing misinterpretation of t...
CVE-2023-52760
CVE-2023-52760 (Linux kernel, gfs2): The vulnerability is caused by a slab-use-after-free in gfs2_qd_dealloc, where in gfs2_put_super() the quota cleanup must occur via gfs2_quota_cleanup() regardless of withdrawal status. If cleanup is delayed (rcu callback) and gfs2_sbd is freed before all gfs2...
CVE-2023-52831
CVE-2023-52831 (Linux kernel) : The issue resides in cpu/hotplug logic when CPUs are isolated with isolcpus=. Offline-ing the last non-isolated (housekeeping) CPU can cause a WARN_ON in build_sched_domains and a subsequent panic due to an empty CPU mask in partition_sched_domains_locked(), leadin...
CVE-2024-41065
The CVE-2024-41065 issue is in the Linux kernel’s powerpc/pseries code related to usercopy hardening. When CONFIG_HARDENED_USERCOPY is enabled, reading the dispatch log from /sys/kernel/debug/powerpc/dtl/cpu-* could trigger a kernel BUG in usercopy (mm/usercopy.c). The root cause involves copying...
CVE-2024-56604
Summary (CVE-2024-56604): In the Linux kernel, Bluetooth RFCOMM can leave a dangling sk pointer in rfcomm_sock_alloc() when rfcomm_dlc_alloc() fails, leading to a use-after-free. The root cause is bt_sock_alloc() attaching the sk to the sock object and the code path not clearing the pointer on fa...
CVE-2024-57946
CVE-2024-57946 affects Linux kernel virtio-blk: during system suspend, the PM callbacks previously kept the block queue frozen, risking deadlocks if code path invoked bio_queue_enter() while suspended. The fix replaces queue quiesce with a freeze-and-thaw approach in virtio-blk PM callbacks and d...
CVE-2025-37838
CVE-2025-37838 affects the Linux kernel HSI ssi_protocol: a use-after-free can occur due to a race between ssi_protocol_probe() binding ssi->work to ssip_xmit_work() and ssi_protocol_remove() freeing ssi via kfree(ssi) while the work is still potentially in use. The connected Azure Linux 3.0 a...
CVE-2015-2925
The vulnerability CVE-2015-2925 affects the Linux kernel prior to 4.2.4, specifically the prepend_path function in fs/dcache.c. It allows a local attacker to bypass container protections by renaming a directory inside a bind mount, enabling a double-chroot-style escape. The impact is enabling pri...
CVE-2017-18204
CVE-2017-18204 affects the Linux kernel via ocfs2_setattr in fs/ocfs2/file.c, exploitable by local users to cause a denial-of-service (deadlock) when using DIO. The vulnerability exists in kernel versions before 4.14.2; Ubuntu advisories (USN 3617-3 and related) and Unity Linux advisories referen...
CVE-2021-3411
CVE-2021-3411 describes a memory access violation in the Linux kernel prior to 5.10, caused by a padding int3 check during linking. The flaw can affect data confidentiality, integrity, and system availability. A Nessus Unity Linux advisory references this vulnerability (UTSA-2026-004638) and reit...
CVE-2022-2905
CVE-2022-2905 is an out-of-bounds memory read in the Linux kernel’s BPF subsystem, exploitable by a local user via bpf_tail_call with a map key larger than max_entries. The Debian LTS advisory DLA-3173-1 (linux-5.10) lists CVE-2022-2905 among others and notes that an update to linux-5.10-149-2~de...
CVE-2023-52811
In CVE-2023-52811, the Linux kernel ibmvfc driver fix removes a BUG_ON when an event pool is empty and instead returns NULL from ibmvfc_get_event(). All call sites were updated to check for NULL and handle the failure or recovery path. This prevents a potential junk pointer path and kernel crash ...
CVE-2024-26646
CVE-2024-26646 : In the Linux kernel, a vulnerability in the HFI (host firmware interface) handling during suspend/hibernate could lead to memory corruption if the second memory buffer (restored kernel) reprograms the HFI location and the image kernel uses a stale buffer. The fix disables HFI whe...
CVE-2024-26691
CVE-2024-26691 affects Linux kernel KVM for arm64. The circular locking arises when pkvm_create_hyp_vm() acquires kvm->lock while kvm_vcpu_ioctl() holds vcpu->mutex. The fix is to protect the hyp VM handle with config_lock (instead of keeping the vcpu->mutex under kvm->lock), mitigati...
CVE-2024-26769
Technical details about CVE-2024-26769 are not publicly provided in the supplied documents. The connected entries mention CVE-2024-26769 among other CVEs but do not specify affected products, versions, impact, or fixes. Action: monitor for updates.
CVE-2024-36921
CVE-2024-36921 security issue in Linux kernel wifi: iwlwifi (MVM) guarded against invalid STA ID on removal to prevent out-of-bounds accesses in iwl_mvm_mld_rm_sta_id. The vulnerability could occur during error handling if a station ID is invalid, risking memory corruption. The Microsoft Security...
CVE-2024-47668
CVE-2024-47668 affects the Linux kernel, specifically the radix tree code path in lib/generic-radix-tree.c. The flaw arises from a rare race in __genradix_ptr_alloc() when the tree depth is increased: a preallocated node may be created before another thread increases depth, and that node could la...
CVE-2024-49859
The CVE-2024-49859 vulnerability concerns the f2fs filesystem in the Linux kernel. It affects f2fs ioctl interfaces (notably f2fs_ioc_set_pin_file(), f2fs_move_file_range(), and f2fs_defragment_range()) where atomic_write status was not properly checked, creating a potential race condition. The i...
CVE-2024-49933
CVE-2024-49933 is a Linux kernel issue related to blk_iocost where UBSAN detected shift-out-of-bounds in ioc_forgive_debts() (shift exponent 80 on a 64-bit type). The connected Astra Linux bulletin confirms the same vulnerability and describes the concrete out-of-bounds shifts in block/blk-iocost...
CVE-2024-49934
CVE-2024-49934: Linux kernel fault in fs/inode dump_mapping() when dumping mappings can access an invalid dentry.d_name.name during memory hot-remove, causing a crash. The advisory explains the root cause and notes a safer approach to retrieve the filename without relying on %pd, acknowledging th...
CVE-2024-49937
CVE-2024-49937 relates to the Linux kernel wifi stack (cfg80211) where starting CAC in non-AP modes could leave chandef.chan as NULL, triggering a CPU warning. Root cause: incorrect Chandef handling when CAC starts in certain modes. Impact: local attacker could potentially observe instability fro...
CVE-2024-50014
CVE-2024-50014 – Linux kernel ext4 replay path issue Affects: Linux kernel ext4 on systems using fast-commit enabled filesystems (replay path). Affected code path is ext4_fc_replay during journal replay; the replay path attempts to lock sbi->s_bdev_wb_lock before it has been initialized. Root ...
CVE-2024-53060
CVE-2024-53060 (Linux kernel) affects drm/amdgpu: fixes a NULL pointer dereference when ATIF is not supported. The kernel may dereference buffer.pointer (obj) if acpi_evaluate_object() returns AE_NOT_FOUND, so the fix adds a bailout when AE_NOT_FOUND occurs to prevent NULL dereference. The Note i...
CVE-2025-21772
CVE-2025-21772 involves the Linux kernel partition probing path (mac partition handling). The fix addresses processing of bogus partition tables by: (1) using put_dev_sector() for the bailout when a bad partoffset occurs, after a successful read_part_sector(); (2) rejecting partition tables that ...