CVE-2012-6701

CVE-2012-6701 : An integer overflow in fs/aio.c of the Linux kernel before 3.4.1 allows local users to trigger a denial of service (and possibly other impact) via a large AIO iovec. Public sources describe exploitation locally and indicate a fix was applied in 3.4.1 (Linux kernel changelog refere...

CVE-2017-11473

CVE-2017-11473 describes a buffer overflow in the Linux kernel, specifically in arch/x86/kernel/acpi/boot.c::mp_override_legacy_irq(), up to version 3.2. An attacker with local access can escalate privileges by presenting a crafted ACPI table. Exploitation is local and does not require user inter...

CVE-2019-15223

CVE-2019-15223 affects the Linux kernel up to version 5.1.7 where a NULL pointer dereference can be triggered by a malicious USB device in the sound/usb/line6/driver.c driver. This is a local physical attack vector through USB, potentially causing a kernel crash by dereferencing a NULL pointer. T...

CVE-2022-49465

CVE-2022-49465 (Linux kernel) : A use-after-free could occur in blk-throttle due to BIO_THROTTLED being set on throttled BIOs after __blk_throtl_bio(), leading to use-after-free during I/O completion. The fix moves BIO_THROTTLED assignment into queue_lock, preventing premature release of the bio....

CVE-2024-26689

CVE-2024-26689 affects the Linux kernel via the Ceph subsystem: in fs/ceph/caps.c, encode_cap_msg() previously could perform a use-after-free due to a race between refcount increment and free in arg->xattr_buf handling. The race around ceph_buffer_get/ceph_buffer_put(ci->i_xattrs.blob) allo...

CVE-2024-46759

CVE-2024-46759 : Linux kernel hwmon: adc128d818 underflow when writing limit attributes. The issue stemmed from DIV_ROUND_CLOSEST() after kstrtol() allowing large negative values (e.g., -9223372036854775808) to underflow. The patch reorders clamp_val() and DIV_ROUND_CLOSEST() to fix the underflow...

CVE-2024-49875

CVE-2024-49875: Linux kernel fix where EBADMSG during nfsd buffered readdir and ext4 checksum path could trigger a non-standard nfserrno warning; fix maps EBADMSG to nfserr_io to avoid the warning. Affects nfsd and ext4_readdir on Linux 5.x; remediation patch added in stable releases (kernel comm...

CVE-2024-53052

Mode C: CVE-2024-53052 affects the Linux kernel io_uring rw path. The issue was a missing IOCB_NOWAIT handling for O_DIRECT start_write, causing a deadlock with the filesystem freezer when a write blocks on kiocb_start_write() while the mount is being frozen. The fix makes the io_uring side honor...

CVE-2024-56595

CVE-2024-56595 concerns the Linux kernel JFS (Journaling File System) code path in dbAdjTree. The issue is an array-index-out-of-bounds that can occur when lp is 0 at the start of a for loop, which may become negative on the next assignment if not bailed out. The available connected documents con...

CVE-2023-52634

Summary (CVE-2023-52634) : In the Linux kernel, the DRM/AMD display driver had a logic issue in the disable_otg_wa path that could cause a system hang during HDMI mode switches due to simultaneous FIFO/HPO state changes. The root cause was that enabling/disabling FIFO could affect multiple regist...

CVE-2024-43882

CVE-2024-43882 is a Linux kernel race Condition (ToCToU) in exec path: permission checks for a file are done at do_filp_open(), but the metadata (mode/UID/GID) used later in execve() can be changed before execution, enabling potential root privilege escalation. The issue is exploitable in scenari...

CVE-2024-49928

The CVE CVE-2024-49928 affects the Linux kernel wifi: rtW89 driver, where reading TX power FW elements could read past the valid memory due to the loop expression causing an extra copy. The issue is mitigated by moving the entry copy into the loop body, preventing out-of-bounds access. The fix is...

CVE-2015-8785

CVE-2015-8785: The fuse_fill_write_pages function in fs/fuse/file.c of the Linux kernel (versions before 4.4) is exploitable locally to cause a denial of service via a writev call that triggers a zero-length first iov. This is a local, non-privileged issue with an attacker able to induce an infin...

CVE-2022-1204

CVE-2022-1204 is a use-after-free flaw in the Linux kernel’s Amateur Radio AX.25 protocol handling that can allow a local attacker to crash the system. Connected advisories confirm this is a kernel-level issue, with public reports across multiple distributions (Debian, Mageia, Mariner, etc.). Aff...

CVE-2024-26949

CVE-2024-26949 affects the Linux kernel AMDGPU power management path. The vulnerability is a NULL pointer dereference in drm/amdgpu/pm when obtaining the power limit, caused by powerplay_table initialization being skipped in SR-IOV scenarios. A fix ensures default lower/upper OD values are set if...

CVE-2024-35865

CVE-2024-35865 (Linux kernel) : The smb client was fixed to prevent a use-after-free in smb2_is_valid_oplock_break() by skipping sessions that are tearing down (status SES_EXITING). This mitigates a potential UAF during Oplock break validation. The description notes the vulnerability is resolved ...

CVE-2024-36922

CVE-2024-36922 is grounded in the Linux kernel wifi stack: the iwlwifi driver could read txq->read_ptr without holding the lock, risking reading the same value twice and later reclaiming the same entry twice, triggering a WARN_ONCE. The vulnerability is resolved by reading txq->read_ptr und...

CVE-2024-39292

The CVE describes a race in the Linux kernel where registering a winch IRQ could occur before the winch is added to winch_handlers, risking a panic during winch_cleanup if the IRQ is scheduled for a freed winch. The confirmed fix, as detailed in connected advisories, is to add the winch to winch_...

CVE-2024-41095

CVE-2024-41095 concerns the Linux kernel's DRM Nouveau driver. The root cause is a NULL pointer dereference in nv17_tv_get_ld_modes() when drm_mode_duplicate() fails and its return value is assigned to mode without checking for NULL. The patch adds a guard to prevent the NULL pointer dereference ...

CVE-2024-43914

CVE-2024-43914 : In the Linux kernel md/raid5 code, the issue arises when --revert-reshape is used during a reshape; updating the raid from 5 to 4 disks while a reshape position is still set caused a mismatch where the old reshape position influenced writepos checks, triggering a panic. The fix c...

CVE-2024-44960

The CVE-2024-44960 entry concerns a Linux kernel issue in usb gadget core where a descriptor may be unset, causing a null pointer panic. The resolution involves ensuring the descriptor is set before inspecting maxpacket, addressing cases where an endpoint for the current speed is not properly con...

CVE-2024-53094

The CVE-2024-53094 entry concerns the Linux kernel, specifically the RDMA/siw path. The connected document UNPATCHED_CVE_2024_53094.NASL provides concrete technical details: when running ISER over SIW, an initiator observes a warning from skb_splice_from_iter() about a slab page being used in sen...

CVE-2024-53099

CVE-2024-53099 refers to a Linux kernel vulnerability in BPF: it checks the validity of link->type in bpf_link_show_fdinfo(), preventing out-of-bounds access when a new link type is added but not invoked via BPF_LINK_TYPE(). Affected: Linux kernel releases prior to the patched version; multipl...

CVE-2024-57809

Technical details about CVE-2024-57809 are not provided in the supplied documents. No affected products/versions or remediation steps are present. Monitor for vendor advisories for confirmation of impact and fixes.

CVE-2022-49328

CVE-2022-49328 is a vulnerability in the Linux kernel mt76 driver where a use-after-free can occur in mt76_txq_schedule due to an unprotected wcid pointer (non-RCU). The issue is addressed by guarding the mtxq->wcid with an rcu_lock between mt76_txq_schedule and sta_info_alloc/free, per the re...

CVE-2023-52632

CVE-2023-52632 describes a Linux kernel lockdep warning in drm/amdkfd where a potential circular locking dependency can occur between srcu and a work-queue based lock. The provided details show a chain: srcu -> info->lock#2 -> (work_completion) svms->deferred_list_work, with the risk ...

CVE-2023-52749

CVE-2023-52749: In the Linux kernel, a race condition can cause a null pointer dereference during resume if a synchronous SPI transfer is active when suspending. The issue arises when a transfer context resumes after cur_msg was reset to NULL during suspend. Public details state a fix: ensure syn...

CVE-2023-52920

The CVE-2023-52920 entry concerns the Linux kernel BPF precision-tracking update. Affected component: BPF verifier’s precision/backtracking path, specifically handling spill/fill of registers to the stack (notably non-r10 registers after copying r10). Root cause/impact: per-instruction history fl...

CVE-2024-41082

CVE-2024-41082 : The Linux kernel nvme-fabrics issue can exhaust admin_q tags when many nvme commands are issued, causing a reconnect/update failure and potential kernel hang after a reset/timeouts. The connected MiracleLinux/Nessus entry notes a mitigation by letting reg_read32()/reg_read64()/re...

CVE-2024-49929

CVE-2024-49929 affects the Linux kernel wifi: iwlwifi (MVM) code. The vulnerability stems from iwl_mvm_sta_from_mac80211 potentially dereferencing a NULL ieee80211_sta when sta is NULL, leading to a NULL pointer dereference in iwl_mvm_tx_skb_sta() and iwl_mvm_tx_mpdu(). The fix is to validate the...

CVE-2024-49936

CVE-2024-49936 concerns a use-after-free in the Linux kernel net/xen-netback path (xenvif_flush_hash) during an RCU iteration. The bug happens when kfree_rcu is invoked inside the RCU read-critcal section, causing an access to head->next after the entry is freed, leading to UAF. The mitigation...

CVE-2024-50009

The CVE-2024-50009 issue affects the Linux kernel’s cpufreq/amd-pstate path where cpufreq_cpu_get may return NULL, risking a NULL-dereference. The fix adds a proper return value check and aborts on error. Affects local/privilege-limited scenarios (per CVSS: LOCAL, LOW/LOW for user and privileges,...

CVE-2024-50048

CVE-2024-50048 (Linux kernel fbcon NULL pointer dereference) : A NULL pointer dereference in fbcon_putcs was triggered after using fbcon via FBIOPUT_CON2FBMAP and TIOCLINUX, due to an uninitialized ops->putcs path. Reproducer shows set_con2fb_map -> con2fb_init_display -> fbcon_set_disp ...

CVE-2024-50191

Mode C: The CVE-2024-50191 entry concerns ext4 in the Linux kernel. The issue was that when a filesystem was mounted with errors=remount-ro, the kernel incorrectly set SB_RDONLY after errors, potentially confusing the filesystem freeze logic. The fix removes the SB_RDONLY modification and relies ...

CVE-2024-57896

CVE-2024-57896 corresponds to a Linux kernel use-after-free in the btrfs unmount path. During close_ctree(), the cleaner kthread is stopped and its task_struct freed, but a delalloc_worker may still wake the cleaner from inode.c:submit_compressed_extents(), causing use-after-free of the task_stru...

CVE-2025-21744

CVE-2025-21744 affects the Linux kernel brcmfmac wifi driver. On device removal or module unload, a sequence including brcmf_detach, brcmf_remove_interface, brcmf_del_if, and brcmf_proto_detach can lead to a NULL return from brcmf_get_ip() and a subsequent NULL pointer dereference inside brcmf_tx...

CVE-2021-47378

CVE-2021-47378 affects the Linux kernel nvme-rdma code: destroying cm_id before destroying the qp can cause a use-after-free in RDMA error flow. The fix documented in multiple sources is to always destroy cm_id before destroying the qp, with qp subsequently destroyed in nvme_rdma_alloc_queue() af...

CVE-2022-49520

CVE-2022-49520 (Linux kernel, arm64 compat): The vulnerability occurs when a compat process executes an unknown syscall above __ARM_NR_COMPAT_END; the kernel incorrectly uses the syscall number as ESR_ELx for the fault, causing arm64_show_signal() to print bogus ESR messages. The fix is to stop u...

CVE-2023-52806

CVE-2023-52806 concerns the Linux kernel ALSA hda subsystem. The description in the initial document notes a possible NULL pointer dereference when an AudioDSP stream is assigned, specifically when a COUPLED stream is inadvertently accepted despite drivers using HOST or LINK types. The connected ...

CVE-2024-36477

CVE-2024-36477 refers to a Linux kernel vulnerability where the TPM SPI transfer did not account for the 4-byte header prepended to the SPI data frame, potentially causing out-of-bounds accesses. The root cause was the use of MAX_SPI_FRAMESIZE to compute the maximum transfer length and buffer siz...

CVE-2024-42068

CVE-2024-42068 (Linux kernel) : Affected component is in the kernel’s BPF memory protection flow. set_memory_ro() can fail, leaving memory unprotected; the fix requires checking the return value of set_memory_ro() and treating failure as an error in bpf_prog_lock_ro(). This vulnerability could en...

CVE-2024-42253

CVE-2024-42253 – Linux kernel GPIO (pca953x) race The vulnerability is in the pca953x GPIO driver: a race can occur between irq_bus_sync_unlock() and an irq, when a request races against irq_bus_sync_unlock() on i.MX8MP platforms. The fix requires that i2c_lock is held when setting the interrupt ...

CVE-2025-21690

CVE-2025-21690 affects the Linux kernel storvsc SCSI driver where a persistent hypervisor error can cause an unbounded flood of I/O warning logs, leading to kernel log bloat and VM DoS. The issue is addressed by kernel updates across several distributions (e.g., Debian LTS DLA-4076-1:00E2C upgrad...

CVE-2017-5669

The vulnerability CVE-2017-5669 affects the Linux kernel’s do_shmat() in ipc/shm.c up to and including 4.9.12, where the rounding operation on the mapped address is not restricted. This allows local (privileged) users to map page zero and bypass the mmap protection mechanism via crafted shmget/sh...

CVE-2017-7487

The CVE-2017-7487 issue is in the Linux kernel net/ipx/af_ipx.c ipxitf_ioctl: reference count mishandling causes a use-after-free via a failed SIOCGIFADDR on an IPX interface, enabling local denial of service. Evidence in connected Nessus advisories confirms the vulnerability and that it affects ...

CVE-2022-48619

CVE-2022-48619 : A local Linux kernel vulnerability in drivers/input/input.c (input_set_capability) can panic the kernel when an event code falls outside the bitmap. Affected: Linux kernel versions before 5.17.10. Root cause: mishandling in input_set_capability for out-of-bitmap event codes. Impa...

CVE-2022-49434

The CVE-2022-49434 issue is in the Linux kernel where pci_dev_lock() historically acquired the config space access lock before the device lock, risking AB/BA deadlocks with sriov_numvfs_store() that already takes the device lock first. The fix is to reverse the order in pci_dev_lock() so it acqui...

CVE-2023-30772

CVE-2023-30772 is a Linux kernel race condition leading to a use-after-free in drivers/power/supply/da9150-charger.c when a nearby attacker unplugs a device. The issue affects kernels prior to 6.2.9; security advisories from Astra Linux and Debian Mageia indicate this vulnerability, with fixes co...

CVE-2023-52762

CVE-2023-52762 — Linux kernel virtio-blk overflow in max DMA size Root cause: In virtio-blk, an implicit conversion from size_t to u32 occurs when assigning (u32)max_size = (size_t)virtio_max_dma_size(vdev); If virtio_max_dma_size(vdev) returns a value larger than U32_MAX, the cast to u32 yields ...

CVE-2024-40973

CVE-2024-40973 affects the Linux kernel media/mtk-vcodec SCP path. The root cause is a missing check of the return value from devm_kzalloc(), leading to a potential NULL pointer dereference. The issue is described across multiple sources (e.g., Astra Linux reports in linux-5.15/6.1; Debian adviso...