CVE-2024-46750

CVE-2024-46750 (Linux kernel) : The vulnerability arises from missing bridge locking in PCI subsystem, specifically the bridge itself not being locked when resetting the bus. The fix adds the bridge lock path by acquiring pci_dev_lock() for the upstream bridge’s bridge self (in pci_reset_function...

CVE-2024-53100

CVE-2024-53100: Linux kernel nvme-tcp fix for a race between queue_lock usage in nvme_tcp_get_address() and destruction in nvme_tcp_free_queue(). The commit 76d54bf20cdc adds a mutex_lock for queue->queue_lock, but this can race with mutex_destroy(), triggering a WARN during error recovery. A ...

CVE-2025-21699

CVE-2025-21699 affects the Linux kernel gfs2 subsystem. The issue arises when truncating an inode’s address space while flipping the GFS2_DIF_JDATA flag, because pages in the address space may use buffer_heads or iomap_folio_state structures and must not be mixed. The result is a condition that c...

CVE-2025-21782

CVE-2025-21782 — Linux kernel: orangefs: fix a slab-out-of-bounds in orangefs_debug_write. A syzbot report described slab-out-of-bounds Read in orangefs_debug_write; patch was tested and applied to fix the issue. The vulnerability is tied to the OrangeFS write path and is addressed by kernel fixe...

CVE-2014-3610

CVE-2014-3610 is a Linux kernel KVM WRMSR emulation flaw present up to and including 3.17.2. The issue arises when guest writes a non-canonical value to a model-specific register, causing the host to crash (DoS). It is tied to wrmsr_interception (arch/x86/kvm/svm.c) and handle_wrmsr (arch/x86/kvm...

CVE-2015-7515

CVE-2015-7515 affects the Linux kernel (pre-4.4) due to improper validation in the aiptek_probe path of drivers/input/tablet/aiptek.c. A physically proximate user can cause a NULL pointer dereference and system crash via a crafted USB device that lacks endpoints, leading to denial of service. The...

CVE-2022-49116

CVE-2022-49116 – Linux kernel Bluetooth memset fix : The vulnerability concerns the Bluetooth stack (l2cap_ecred_connect) where structs could leak memory if not initialized. The fix is to use memset to initialize structs to prevent memory leaks. Affected component: Linux kernel Bluetooth subsyste...

CVE-2023-52625

The CVE-2023-52625 entry concerns the Linux kernel’s drm/amd/display path (DMCUB enter/exit idle). The root cause is a SW/state mismatch when exiting idle before issuing commands to DMCUB, where the exit/notify idle operation can itself issue a command. The provided fix strategy is to track a sof...

CVE-2024-56603

CVE-2024-56603 affects the Linux kernel in the net/af_can path. On error in can_create(), the code frees the allocated sk object, but sock_init_data() had already attached it to the sock, leaving a dangling sk pointer and introducing a potential use‑after‑free. The connected advisories confirm a ...

CVE-2018-10087

CVE-2018-10087 is present in the MiracleLinux kernel package listed in AXSA:2024-8953:34. The advisory shows a local DoS risk due to the kernel_wait4 function in kernel/exit.c triggering undefined behavior when using -INT_MIN on an unspecified architecture/compiler. The connected Nessus entry ide...

CVE-2020-36313

CVE-2020-36313 affects the Linux kernel before 5.7. The KVM subsystem allows out‑of‑range access to memslots after a deletion (CID-0774a964ef56), impacting arch/s390/kvm/kvm-s390.c, include/linux/kvm_host.h, and virt/kvm/kvm_main.c. Root cause is a memslot handling bug in KVM/s390; exploitation d...

CVE-2021-38200

Public technical details for CVE-2021-38200 are not present in the connected documents. The initial description notes the affected Linux kernel path and conditions, but no exploits, affected versions beyond general, or remediation details are provided here; monitor for updates.

CVE-2021-47579

Mode C: CVE-2021-47579 affects the Linux kernel overlayfs component (ovl) with a WARN_ON path in ovl_workdir_create() when mkdir returns a dentry without an inode (not instantiated). The fix, described in the connected advisories, calls ovl_mkdir_real() directly from ovl_workdir_create() and reje...

CVE-2024-41079

Mode C: The CVE-2024-41079 issue affects the Linux kernel nvmet subsystem. The vulnerability arises because the first two double words (cqe.result) may remain uninitialized when not used, allowing potential leakage of stack data for RDMA paths (behavior was 0 for TCP/FC but not for RDMA). The fix...

CVE-2024-46826

The CVE-2024-46826 issue is a concrete Linux kernel vulnerability where the ELF loader uses kernel.randomize_va_space twice, allowing potential inconsistency of the randomization value across an exec. The root cause is a double read of the sysctl value, which can change over time, potentially cau...

CVE-2024-47659

CVE-2024-47659 - Linux kernel Smack labeling flaw (tcp/ipv4) Unity/Ten able advisories summarize a kernel issue in Smack where the label of incoming tcp/ipv4 connections is mirrored from the initiator, causing return packets to be labeled with the initiator’s CIPSO label. This results in two conc...

CVE-2024-56591

The MiracleLinux advisory confirms CVE-2024-56591 in the Linux kernel Bluetooth stack: the hci_conn code now uses disable_delayed_work_sync instead of cancel_delayed_work_sync to prevent new submissions while the work object is being freed. This fixes a race in work cancellation that could affect...

CVE-2024-57922

The CVE-2024-57922 entry relates to the Linux kernel drm/amd/display code, where wrappers for dcn_bw_ceil2() and dcn_bw_floor2() gained a check for non-zero granularity to prevent asserts/divide-by-zero. The fix is reflected in multiple advisories: Debian LTS DLA-4076-1 and DSA-5860-1 note update...

CVE-2019-15923

The CVE-2019-15923 entry describes a NULL pointer dereference in the Linux kernel before 5.0.9, specifically for a cd data structure when alloc_disk fails in drivers/block/paride/pf.c. The available references point to upstream commit f0d1762554014ce0ae347b9f0d088f2c157c8c72 and ChangeLog-5.0.9. ...

CVE-2021-47289

CVE-2021-47289 in the Linux kernel fixes a NULL pointer dereference in ACPI: utils when calling acpi_dev_put() on a possibly NULL pointer. The patch makes acpi_dev_put() silently accept NULL (avoiding downcalls with a NULL offset). The public advisory notes the change as part of resolving the ACP...

CVE-2021-47321

CVE-2021-47321 : Linux kernel watchdog use-after-free due to del_timer() not waiting for the timer handler. The issue occurs in the driver remove path, where a timer may still be running after removal, risking a use-after-free. The fixed path uses del_timer_sync() to wait for the timer handler to...

CVE-2024-26945

CVE-2024-26945 affects the Linux kernel crypto: iaa code. The root cause is when nr_cpus = 1 when nr_iaa > 0 or when nr_iaa == 0. If exploitation details or versioned fixes are needed, refer to the kernel patch references in the CVE record.

CVE-2024-46761

CVE-2024-46761 affects the Linux kernel’s PCI hotplug driver for PowerPC (pci/hotplug/pnv_php.c). The issue caused a kernel crash during hot-unplug/disable of a PCIe switch/bridge from the PHB, due to a NULL dereference when the MSI data structure had already been released and set to NULL, yet un...

CVE-2024-49939

CVE-2024-49939 relates to the Linux kernel WiFi driver rtw89. When a SER L2 event occurs during WoWLAN resume, ieee80211_reconfig() can trigger an add-interface flow that may run twice if rtw89_wow_resume() returns a failure, causing a double list add and a kernel panic. The description states th...

CVE-2024-50171

CVE-2024-50171 affects the Linux kernel BCM SYSPORT driver: bcm_sysport_xmit() can leak memory because skb is not freed when dma_map_single() fails, with a fix that frees the skb via dev_kfree_skb() and returns NETDEV_TX_OK. Public records indicate the issue is resolved in patched kernel releases...

CVE-2024-53101

CVE-2024-53101 concerns the Linux kernel: a fix for an uninitialized value in from_kuid/from_kgid was applied. The issue arose when ocfs2_setattr() referenced attr->ia_mode, ia_uid, and ia_gid in a trace point even if ATTR_MODE/ATTR_UID/ATTR_GID weren’t set. The patch initializes all fields of...

CVE-2024-56587

CVE-2024-56587: In the Linux kernel, a NULL pointer dereference can occur in the LEDs class when brightness_show() accesses led->cdev attributes without proper synchronization. The issue arises during inter-process interaction when a HID device creates a led and a subsequent access from anothe...

CVE-2025-21821

CVE-2025-21821 affects the Linux kernel; specifically the fbdev/omap framebuffer code. The issue arises when using touchscreen with framebuffer, causing a crash (scheduling while atomic) in the driver path related to LCD DMA. The provided advisory notes the root cause is tied to IRQ handling for ...

CVE-2014-3690

CVE-2014-3690 affects arch/x86/kvm/vmx.c in the Linux kernel’s KVM subsystem on Intel, where the CR4 control register value may not be preserved across VM entries. The vendor-provided details in connected Nessus advisories describe a local attacker with access to /dev/kvm who can kill arbitrary p...

CVE-2017-16526

CVE-2017-16526 affects the Linux kernel driver code drivers/uwb/uwbd.c up to version 4.13.5; a crafted USB device could trigger a general protection fault and system crash via local access, potentially causing denial of service or other impact. The connected Unity Linux advisories (UTSA-2026-0016...

CVE-2021-47385

CVE-2021-47385 is a Linux kernel hwmon issue affecting the w83792d driver (and related subclients) where a NULL pointer dereference could occur if a value read from the device matches certain bit patterns. The root cause is dereferencing a NULL after reading val; the advisory notes that the patch...

CVE-2022-49471

CVE-2022-49471 affects the Linux kernel rtw89 driver (rtw89_core/rtw89_pci). The root cause is a bounds check failure in CFO parsing where an incorrect mac_id can cause an out‑of‑bounds access, triggering UBSAN warning: “array-index-out-of-bounds” in rtw89/phy.c:2517:23 (index 188 vs. 64). This c...

CVE-2022-49651

CVE-2022-49651 affects the Linux kernel. The advisory states that cleanup_srcu_struct() now checks for a grace period that is started but not yet started, addressing a potential use-after-free (UAF). It is resolved by a commit tightening GP checks in cleanup_srcu_struct(), with references to kern...

CVE-2024-40974

CVE-2024-40974 (Linux kernel, powerpc/pseries) is a local concern where plpar_hcall() and plpar_hcall9() expect valid, explicitly-sized result buffers; historically, only in-code comments signaled minimum sizes, risking stack corruption when a caller used undersized buffers. The affected code now...

CVE-2024-46747

CVE-2024-46747 : In the Linux kernel, the Cougar 500k Gaming Keyboard driver was vulnerable to a slab-out-of-bounds Read in cougar_report_fixup due to a missing verification of the report descriptor size before access. The root cause is in report_fixup not validating the descriptor length prior t...

CVE-2024-56775

CVE-2024-56775 concerns the Linux kernel DRM/AMD display stack. The issue is in the plane state backup/restore flow where the plane refcount is not preserved, risking memory leaks if the refcount should decrease or double frees/invalid memory accesses if it should increase during state transition...

CVE-2010-3301

Summary: CVE-2010-3301 affects the Linux kernel IA32 system call emulation on x86_64 where the 32‑bit entry path to ptrace does not zero‑extend %eax, enabling local privilege escalation via an out‑of‑bounds access to the syscall table. Impact: local users can gain privileges. Affected versions: k...

CVE-2015-7613

CVE-2015-7613 is a Linux kernel race condition in the IPC object implementation (up to version 4.2.3) that can allow a local unprivileged user to escalate privileges by triggering ipc_addid, which uses uid/gid values from uninitialized data (topics include msg.c, shm.c, util.c). Connected sources...

CVE-2020-36557

CVE-2020-36557: A race condition in the Linux kernel before 5.6.2 between VT_DISALLOCATE and closing/opening ttys can cause a use-after-free. Affected software: Linux kernel versions prior to 5.6.2. Impact per available data: potential use-after-free with availability impact; no explicit exploita...

CVE-2022-3106

The connected Astra Linux advisory and the CVE entry confirm CVE-2022-3106 affects the Linux kernel up to 5.16-rc6, where ef100_update_stats (drivers/net/ethernet/sfc/ef100_nic.c) does not check the return value of kmalloc(). The lack of a kmalloc() return check is the root cause; without it, all...

CVE-2022-49321

The CVE-2022-49321 entry is supported by concrete details in connected documents. Affected software: the Linux kernel with the rpcrdma/xprtrdma components. The root cause is described as: when a RDMA server returns a fault format reply and bc_serv is NULL, calls are not treated as a bcall, leadin...

CVE-2022-49322

The CVE-2022-49322 issue affects the Linux kernel in PREEMPT_RT builds when bootparams include trace_event=initcall:initcall_start tp_printk=1. In this scenario, output_printk() triggers a sleepable rt-spinlock usage via rt_spin_lock, causing a sleeping function to be called from an invalid conte...

CVE-2024-41080

CVE-2024-41080 concerns the Linux kernel and describes a deadlock risk in io_uring when locking order is not respected in io_register_iowq_max_workers. The root cause is that io_put_sq_data() can be called while uring_lock is held, risking deadlock with sqd->lock. The documented fix releases u...

CVE-2024-46774

CVE-2024-46774 affects the Linux kernel PowerPC RTAS path (sys_rtas). The issue arises in powerpc/rtas.c where nargs/nret come from a user buffer and are used as indices into a small stack array and as inputs to copy_to_user after bounds checks, allowing speculative execution (Spectre v1) gadget ...

CVE-2024-46807

CVE-2024-46807 affects the Linux kernel’s DRM/amdgpu path. The root cause is missing validation of the tbo resource pointer, which could dereference a NULL pointer. The mitigation is a patch that validates the tbo resource pointer and skips when NULL, preventing a NULL-deref that could crash the ...

CVE-2024-46860

CVE-2024-46860 refers to a Linux kernel vulnerability in the wifi subsystem: mt76 mt7921 code path may dereference a NULL mvif->phy when mt7921_ipv6_addr_change is invoked as a notifier while disabling wifi. The description states the fix prevents access to a NULL mvif->phy, addressing a NU...

CVE-2015-7513

The CVE-2015-7513 vulnerability affects arch/x86/kvm/x86.c in the Linux kernel prior to 4.4, where PIT counter values are not reset during guest state restoration. This can allow guest OS users to trigger a denial-of-service (divide-by-zero) and host crash via a zero PIT value, related to kvm_vm_...

CVE-2020-36691

CVE-2020-36691 affects the Linux kernel up to and including versions prior to 5.8. The flaw is in lib/nlattr.c where a nested Netlink policy with a back reference can trigger unbounded recursion, causing a denial of service. A patch was merged in kernel 5.8 (per ChangeLog-5.8); users should upgra...

CVE-2021-47580

Summary of CVE-2021-47580 / CVE-2024-38575 context: In the Linux kernel, the issue arises from using min_t with type int , which sign-extends large values and can trigger a stack-out-of-bounds during copies in the SCSI path (notably sg_copy_buffer and related code). The vulnerability is demonstra...

CVE-2022-49180

The CVE-2022-49180 issue affects the Linux kernel’s LSM path, specifically a general protection fault in legacy_parse_param. The vulnerability arises when a security module (Smack) processes a recognized mount option and a following BPF hook returns -ENOPARAM, confusing the caller, while the SELi...