2330 matches found
CVE-2017-18204
CVE-2017-18204 affects the Linux kernel via ocfs2_setattr in fs/ocfs2/file.c, exploitable by local users to cause a denial-of-service (deadlock) when using DIO. The vulnerability exists in kernel versions before 4.14.2; Ubuntu advisories (USN 3617-3 and related) and Unity Linux advisories referen...
CVE-2022-49111
CVE-2022-49111 is a Linux kernel vulnerability in the Bluetooth stack where a use-after-free occurs in hci_send_acl, triggered by HCI_EV_DISCONN_PHY_LINK_COMPLETE and improper handling of AMP_LINK cleanup. The trace (KASAN) shows a use-after-free in hci_send_acl leading to memory corruption, and ...
CVE-2023-52819
CVE-2023-52819 is resolved in the Linux kernel. The vulnerability was in drm/amd where UBSAN reported an array-index-out-of-bounds for Polaris/Tonga in pptable structs using flexible array sizes; the fix switches to using flexible arrays to avoid out-of-bounds access. Impact is local (CVSS: AV:L,...
CVE-2024-26659
The CVE-2024-26659 issue concerns the Linux kernel xHCI isochronous transfer handling. Affected component: xHCI driver handling isoc Transaction/ Babble errors in multi-TRB TDs. Root cause: the driver may release a TD after an early error, freeing or overwriting remaining TRBs, which obscures the...
CVE-2024-26700
CV E-2024-26700 is a Linux kernel issue: drm/amd/display had a fix to prevent MST null-pointer dereference on RV platforms. The crash trace shows a NULL pointer dereference in drm_dp_atomic_find_time_slots during DP MST time-slot calculation, leading to a kernel oops. Affected code path involves ...
CVE-2024-40977
CVE-2024-40977 is described in connected MiracleLinux advisory as a Linux kernel fix for the wifi: mt76: mt7921s: fix potential hung tasks during chip recovery. The root cause is a deadlock during chip recovery where kernel worker reset_work waits for stat_worker which itself waits for the same l...
CVE-2024-40978
CVE-2024-40978 affects the Linux kernel, specifically a qedi/scsi path vulnerability. The root cause is qedi_dbg_do_not_recover_cmd_read() calling sprintf() on a __user pointer, which can crash the kernel. The fix uses a small local stack buffer for sprintf() and then copies with simple_read_from...
CVE-2024-41005
CVE-2024-41005 involves a race in the Linux kernel netpoll code. The issue stems from netpoll_owner_active reading napi->poll_owner non-atomically to determine lock ownership, allowing a data race between net_rx_action and netpoll_send_skb. The fix replaces the non-atomic check with an atomic ...
CVE-2025-21969
CVE-2025-21969 is a Linux kernel vulnerability in the Bluetooth stack (L2CAP). The issue is a slab-use-after-free in l2cap_send_cmd when the hci sync path releases l2cap_conn but a worker still references it. The root cause is a race between the hci receive data work queue and the l2cap_conn life...
CVE-2025-21993
CVE-2025-21993 is a Linux kernel issue in iscsi_ibft: UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() when performing iSCSI boot over IPv6. The bug arises because the IPv6 prefix length (64) makes a shift exponent negative while reading /sys/firmware/ibft/ethernetX/subnet-mask, which is...
CVE-2014-3122
CVE-2014-3122 affects the Linux kernel local memory-management path. The advisory centers on the try_to_unmap_cluster function in mm/rmap.c, where the code path did not consistently lock pages, enabling a local user to trigger a memory-usage pattern that can force removal of page-table mappings a...
CVE-2018-10901
CVE-2018-10901 affects the Linux kernel’s KVM virtualization subsystem. The VMX path fails to restore the guest GDT.LIMIT to the host value, setting it to 64KB instead. This can allow a host userspace process to corrupt GDT entries (notably per-cpu variables), enabling local privilege escalation....
CVE-2021-47185
CVE-2021-47185 is addressed by a Linux kernel fix for a soft lockup in tty_buffer/flush_to_ldisc. In ARM64 when running the ltp pty04 test, a write race between a sender and the flush_to_ldisc workqueue on different cores could cause a long loop and a softlockup in flush_to_ldisc. The patch adds ...
CVE-2022-49429
CVE-2022-49429 affects the Linux kernel’s RDMA/hfi1 subsystem. When the hfi1 module is loaded with SDMA disabled (HFI1_CAP_SDMA off), a call to hfi1_write_iter() can dereference a NULL pointer, causing a kernel panic through the I/O path (sdma_select_user_engine → hfi1_user_sdma_process_request →...
CVE-2023-3355
CVE-2023-3355 affects the Linux kernel’s MSM GPU driver, specifically the code path in drivers/gpu/drm/msm/msm_gem_submit.c (submit_lookup_cmds). The vulnerability arises from a NULL pointer dereference due to an missing validation of kmalloc() return value, enabling a local user to crash the sys...
CVE-2024-35843
CVE-2024-35843 concerns the Linux kernel IOMMU VT-d I/O page fault path. The vulnerability stemmed from how the faulting device was located: the code previously used pci_get_domain_bus_and_slot() to find the PCI device, which could permit a use-after-free scenario if the device was released by th...
CVE-2024-40966
CVE-2024-40966 affects the Linux kernel tty subsystem. The fix adds an option to have a tty reject a new line discipline (ldisc) and limits virtual terminals to N_TTY, preventing con_write() from sleeping while holding a spinlock (which previously could trigger a BUG: sleeping function called fro...
CVE-2024-47141
CVE-2024-47141 affects the Linux kernel pinctrl/pinmux path. When two processes (A and B) concurrently call pinctrl_select_state() for the same pin, the code may dereference desc->mux_owner as NULL due to a race between updates to desc->mux_usecount and desc->mux_owner. The advisory stat...
CVE-2024-49927
The CVE-2024-49927 entry concerns the Linux kernel x86 IO-APIC code. The connected Astra Linux security bulletin details the vulnerability as: a failure to allocate an irq_pin_list could cause a kernel panic with the message “IO-APIC: failed to add irq-pin,” due to a panicky legacy IO/APIC path d...
CVE-2024-49938
Linux kernel CVE-2024-49938 affects the ath9k_htc wifi driver. The issue arises from skb_trim() being used on an uninitialised skb length in error paths, leading to an invalid urb reset before resubmission. The patch switches to __skb_set_length(skb, 0) (which already calls skb_reset_tail_pointer...
CVE-2024-49968
CVE-2024-49968 (from Miracle Linux AXSA advisory) concerns Linux kernel ext4. The vulnerability occurs when mounting an ext4 filesystem that does not have the casefold feature while the default hash version is DX_HASH_SIPHASH; in this scenario the mount operation exits, effectively preventing mou...
CVE-2024-49987
The CVE-2024-49987 issue affects the Linux kernel bpftool component. When netfilter has no entry to display, qsort is called with a NULL pointer and size 0, triggering undefined behavior as UBSan reports. The root cause is a NULL pointer passed to qsort; the advisory notes that the C standard gui...
CVE-2024-53128
The CVE-2024-53128 issue is in the Linux kernel’s sched/task_stack path: when CONFIG_KASAN_SW_TAGS and CONFIG_KASAN_STACK are enabled, object_is_on_stack() may yield incorrect results because tagged pointers in the object could differ from the untagged stack pointer. The result can trigger warnin...
CVE-2025-37738
CVE-2025-37738 details from Connected docs show a Linux kernel ext4 vulnerability: ext4_xattr_inode_dec_ref_all may read past the end while processing xattrs, leading to a slab-use-after-free as reported by KASAN. The fix makes ext4_xattr handling ignore xattrs entries beyond the end, preventing ...
CVE-2016-7911
CVE-2016-7911: Race condition in get_task_ioprio in block/ioprio.c of the Linux kernel allows local privilege escalation or use-after-free leading to DoS. A crafted ioprio_get system call can trigger the issue. This vulnerability was addressed by kernel patching in the 4.6.6 release; updating to ...
CVE-2020-27194
CVE-2020-27194 affects the Linux kernel prior to 5.8.15. The issue is in the eBPF verifier: scalar32_min_max_or() incorrectly copies a 64‑bit value into a 32‑bit variable, causing integer truncation and incorrect bounds tracking. This misalignment between verifier time checks and actual execution...
CVE-2021-38203
CVE-2021-38203 affects the btrfs component in the Linux kernel, with the issue present in versions before 5.13.4. The root cause is a race condition during allocations of new system chunks when space is scarce in space_info, which can lead to a denial-of-service (deadlock) for local attackers. Pu...
CVE-2021-47495
CVE-2021-47495 involves the Linux kernel usbnet vulnerability where a zero maxpacket caused an invalid division and a kernel oops. The description notes a sanity check for maxpacket and that a 0 value is nonsensical, leading to a failure to divide by it. The accompanying notes indicate a fix was ...
CVE-2023-3338
CVE-2023-3338: A null pointer dereference in the Linux kernel DECnet protocol could allow remote crash of the system. Connected advisories confirm this affects Linux kernel DECnet with mitigation via status updates and removal of the DECnet protocol in the kernel; Debian/IBM entries note remediat...
CVE-2024-35934
The CVE-2024-35934 issue affects the Linux kernel net/smc subsystem. Affected component: smc_pnet-related code in net/smc (pnet IDs list creation). Root cause: excessive RTNL (rtnl) lock pressure during net namespace/pnet initialization, caused by smc_pnet_create_pnetids_list() acquiring rtnl in ...
CVE-2024-44938
CVE-2024-44938 relates to the Linux kernel JFS code. The issue is a shift-out-of-bounds in dbDiscardAG when BLKSTOL2() returns 0 while seeking the next smaller log2 block, which can yield a negative shift exponent. The patch resolves this by exiting the loop when a negative shift is encountered. ...
CVE-2024-46722
CVE-2024-46722 is a Linux kernel vulnerability affecting the DRM AMDGPU driver where a read of mc_data[i-1] could go out of bounds. The connected Astra/DEBIAN/CBLMARINER advisories reference the same issue in the kernel and confirm a fix was applied in the AMDGPU/mc_data path to address the out-o...
CVE-2024-49889
CVE-2024-49889: Linux kernel ext4 uses-after-free in ext4_ext_show_leaf() and related ext4 extents handling. The issue arises when EXT_DEBUG is defined and a saved path pointer may be freed during extent handling, leading to use-after-free in ext4_ext_show_leaf() or during ext4_ext_handle unwritt...
CVE-2024-50234
CVE-2024-50234 : A Linux kernel vulnerability affecting Wi‑Fi stack in the iwl4965/iwlegacy path where on resume from hibernation a stale interrupt could be re-enabled, causing a race between resume startup and queued shutdown work and potentially a system hang. The fix, implemented in the kernel...
CVE-2017-16994
The CVE-2017-16994 vulnerability affects the Linux kernel’s walk_hugetlb_range function in mm/pagewalk.c, where holes in hugetlb ranges are mishandled. This allows a local attacker to obtain sensitive information from uninitialized kernel memory via a crafted mincore() call. Public sources attrib...
CVE-2022-21546
CVE-2022-21546 is a Linux kernel vulnerability affecting the SCSI target path. The issue arises in target_core_iblock/file when handling WRITE_SAME commands if the NDOB bit is set (NDOB indicates no data buffer) or when zero SG elements are sent. The kernel patch adds a common WRITE_SAME check fo...
CVE-2022-2318
CVE-2022-2318 is a use-after-free vulnerability in the Linux kernel's Rose (net/rose/rose_timer.c) timer handler that can cause denial of service (crash) with local privileges. Connected advisories confirm the vulnerability affects Linux kernel releases and note fixed versions: Debian security ad...
CVE-2022-48747
CVE-2022-48747 affects the Linux kernel in the block.bio_truncate() path. The vulnerability stems from a wrong page offset being used, causing bio_truncate() to clear data outside the last block of a block device and potentially return uninitialized data when both truncated/corrupted FS and users...
CVE-2023-52834
CVE-2023-52834 was resolved in the Linux kernel by addressing a DMA RX overflow in the alx/atl1c drivers. The fix replaces a custom allocator with a check on the allocated skb address and uses skb_reserve() to avoid the problematic 0x…fc0 address. The alx workaround was implemented first; the atl...
CVE-2024-41076
CVE-2024-41076: In the Linux kernel, NFSv4: Fix memory leak in nfs4_set_security_label. The vulnerability leaks nfs_fattr and nfs4_label each time a security xattr is set. The connected Astra/IBM bulletins reiterate this CVE as resolved; no other product/vendor/version details are provided in the...
CVE-2024-49935
CVE-2024-49935 involves the Linux kernel ACPI PAD path (exit_round_robin) where a crash can occur in cpumask_clear_cpu() due to clear_bit(nr) with nr = 0xffffffff and misaligned memory access. The fixed issue, as documented, is to validate tsk_in_cpu[tsk_index] != -1 before calling cpumask_clear_...
CVE-2024-56606
CVE-2024-56606 concerns the Linux kernel vulnerability in af_packet where, after sock_init_data() allocates a sk object and attaches it to a sock, packet_create() on error frees the sk but leaves a dangling sk pointer in the sock. This can enable a use-after-free if other code reuses that pointer...
CVE-2012-6701
CVE-2012-6701 : An integer overflow in fs/aio.c of the Linux kernel before 3.4.1 allows local users to trigger a denial of service (and possibly other impact) via a large AIO iovec. Public sources describe exploitation locally and indicate a fix was applied in 3.4.1 (Linux kernel changelog refere...
CVE-2014-9529
CVE-2014-9529: A race condition in Linux kernel key garbage collection (key_gc_unused_keys in security/keys/gc.c) up to 3.18.2 can enable local users to cause DoS or memory corruption during key garbage collection via keyctl. Connected advisory confirms kernel upstream fix and lists commit a3a878...
CVE-2019-15223
CVE-2019-15223 affects the Linux kernel up to version 5.1.7 where a NULL pointer dereference can be triggered by a malicious USB device in the sound/usb/line6/driver.c driver. This is a local physical attack vector through USB, potentially causing a kernel crash by dereferencing a NULL pointer. T...
CVE-2023-52833
CVE-2023-52833 affects the Linux kernel Bluetooth stack (btusb). The fix, described as adding a NULL check for date->evt_skb in btusb_mtk_hci_wmt_sync, addresses a crash caused by NULL pointer dereferences in Bluetooth shutdown/write paths. The provided crash trace shows a kernel NULL pointer ...
CVE-2024-26719
CVE-2024-26719 involves the Linux kernel nouveau subsystem. The vulnerability description confirms a deadlock between fctx lock and the irq lock. The fix described offloads the processing from the IRQ handler into a workqueue, breaking the deadlock by moving fence uevents work to a separate threa...
CVE-2024-41089
CVE-2024-41089 relates to the Linux kernel DRM/Nouveau code path: in nv17_tv_get_hd_modes(), the return of drm_mode_duplicate() (and drm_cvt_mode()) could be NULL on failure, leading to a NULL pointer dereference. The fix adds a NULL check to avoid dereferencing a NULL mode object. Impact is a lo...
CVE-2024-46723
CVE-2024-46723 is a Linux kernel vulnerability involving the DRM AMDGPU driver: a ucode out-of-bounds read warning that could occur when reading the ucode array. Connected advisories across vendors (Astla/Astra Linux, CIRCL, Debian LTS advisories, Amazon Linux ALAS entries, and Red Hat references...
CVE-2024-47660
CVE-2024-47660 : Linux kernel fsnotify race causing lock contention. When removing watches on a directory with many dentries, __fsnotify_update_child_dentry_flags() races with __fsnotify_parent() on children, risking softlockup reports. The fix, per the bulletin, is to set PARENT_WATCHED only whe...