2330 matches found
CVE-2024-50086
Summary of findings (CVE-2024-50086): In the Linux kernel, the ksmbd component had a race between SMB2 session log off and SMB2 session setup that could lead to a user-after-free. The patch introduces a session_lock when SMB2_SESSION_EXPIRED is set and makes the session’s reference count apply to...
CVE-2024-53114
CVE-2024-53114 affects Linux kernel components related to x86 virtualization (VMLOAD/VMSAVE) on Zen4 client hardware. The vulnerability has been addressed in Root’s rootio-linux package for Ubuntu 22.04 (Root-OS-UBUNTU-2204-CVE-2024-53114) with multiple fixed versions available, and similarly pat...
CVE-2024-56596
CVE-2024-56596 relates to the Linux kernel, in the JFS filesystem implementation. The issue is an array-index-out-of-bounds in jfs_readdir, caused by potential invalid values in the directory index table (stbl). The fix adds a validation check to detect invalid stbl values and return an error cod...
CVE-2010-4243
CVE-2010-4243 affects the Linux kernel up to version 2.6.37. The issue is in fs/exec.c where the OOM Killer does not assess stack memory usage of the arrays representing (1) arguments and (2) environment during an exec, enabling a local user to cause memory exhaustion (denial of service) via a cr...
CVE-2019-15922
CVE-2019-15922 relates to the Linux kernel before 5.0.9, where a NULL pointer dereference can occur for a pf data structure if alloc_disk fails in drivers/block/paride/pf.c. This is a local, kernel‑space issue that can lead to a crash. The affected component is the paride pf driver path; the root...
CVE-2021-47352
CVE-2021-47352 affects the Linux kernel’s virtio-net code. The issue arises from missing validation of the length reported by a device, which could lead to data corruption or loss. Affected context is confirmed by MiracleLinux/Nessus advisories that reference “virtio-net: Add validation for used ...
CVE-2022-49707
CVE-2022-49707 concerns a Linux kernel ext4 resize bug where a NULL pointer dereference could occur when resizing a corrupted ext4 image with resize_inode previously cleared. The root cause is that during ext4_resize_fs() transitioning to meta_bg mode, es->s_reserved_gdt_blocks was not reduced...
CVE-2023-22995
CVE-2023-22995 affects the Linux kernel’s DesignWare USB3 for Qualcomm SoCs driver (dwc3_qcom_acpi_register_core). The connected ENISA/OSV advisory notes an error-path handling defect where platform_device_put and kfree calls are omitted, leaving cleanup incomplete during device registration. Thi...
CVE-2024-35870
CVE-2024-35870: Linux kernel SMB client flaw (UAF in smb2_reconnect_server) traced to smb2_reconnect_server() accessing a session being torn down by __cifs_put_smb_ses(). Root cause is a race with ses_status being changed concurrently. The fix unconditionally sets ses_status to SES_EXITING and pr...
CVE-2024-38635
CVE-2024-38635 pertains to the Linux kernel soundwire cadence driver. The root cause was an incorrect PDI offset that added an offset to the PDI array, risking out-of-bounds access. A follow-up patch completely removes this useless offset. The Fixes tag was not provided because no known platforms...
CVE-2024-41062
CVE-2024-41062 affects the Linux kernel Bluetooth L2CAP code. A race exists between closing a socket and the HCI receive work: if hci_rx_work processes pending data after sock_close releases the sock, the work may access an invalid sock. Root cause: lack of synchronization between sock release an...
CVE-2024-53084
CVE-2024-53084 affects the Linux kernel’s DRM/Imagination driver path for PVR, where a resource cleanup reference loop between PVR VM Context and VM Mappings could leak VM resources. The official fix breaks the loop by freeing outstanding VM mappings before destroying the PVR Context associated w...
CVE-2011-2525
CVE-2011-2525 affects the Linux kernel prior to 2.6.35, where the qdisc_notify function in net/sched/sch_api.c does not prevent tc_fill_qdisc calls referencing builtin Qdisc structures. This can lead to a NULL pointer dereference and OOPS, enabling local users to cause a denial of service and pot...
CVE-2014-8160
CVE-2014-8160 : In the Linux kernel, net/netfilter/nf_conntrack_proto_generic.c before 3.18 generates incorrect conntrack entries when handling certain iptables rule sets for SCTP, DCCP, GRE, and UDP-Lite. This can allow remote attackers to bypass intended access restrictions by sending packets w...
CVE-2019-25045
CVE-2019-25045 is a Linux kernel use-after-free in the XFRM subsystem (xfrm_state_fini panic) reported for kernels before 5.0.19. Publicly documented references from EulerOS and Unity Linux advisories confirm the issue and link the fix to kernel 5.0.19 (and related upstream commit). The impact is...
CVE-2022-49097
CVE-2022-49097 relates to the Linux kernel NFS writeback path. In low-memory conditions, the NFS writeback code could enter infinite loops in mempool_alloc, risking a writeback stall. The issue is resolved in the kernel by allowing the writeback path to fail gracefully instead of deadlocking. The...
CVE-2022-49534
CVE-2022-49534 in the Linux kernel concerns a memory leak in the lpfc driver when NPIV ports send PLOGI_RJT. The description states a leak could originate from allocations in lpfc_ignore_els_cmpl() and lpfc_els_rsp_reject(), tied to login_mbox context and service parameter buffers. The remedy is ...
CVE-2024-42104
CVE-2024-42104 affects the Linux kernel’s nilfs2 filesystem. A missing check for inode numbers on directory entries allows internal inodes (metadata files) to be exposed in the namespace, potentially causing a use-after-free of metadata file inodes and kernel bugs in lru_add_fn() when mounting/un...
CVE-2024-46675
CVE-2024-46675 affects the Linux kernel’s USB subsystem (usb: dwc3: core). The vulnerability could allow the USB core to access an invalid event buffer address during runtime suspend, potentially causing SMMU faults and memory issues on Exynos platforms. It stems from a sequence where the event b...
CVE-2024-50180
Technical details about CVE-2024-50180 are not publicly provided in the connected documents. Please monitor official updates and vendor advisories for the affected Linux kernel components and remediation guidance.
CVE-2022-49264
CVE-2022-49264 is a Linux kernel issue where execve(2) argv handling could lead to an elevation of privilege. The fix injects a single empty string into argv when argc == 0 and updates argc accordingly, preventing argv from being empty or NULL. The description indicates this is a local privilege-...
CVE-2024-36924
CVE-2024-36924 – Linux kernel (scsi: lpfc) has a deadlock risk when lpfc_worker_wake_up() is invoked while the hbalock is held. The fix is to release hbalock before calling lpfc_worker_wake_up(), preventing deadlocks in the lpfc SCSI loop. Public advisories from Unity Linux (UTSA-2026-005051) and...
CVE-2024-45025
CVE-2024-45025 affects the Linux kernel and relates to bitmap handling in the close_range path of file descriptor tables. The issue arises in copy_fd_bitmaps(), which copies words into full_fds_bits[] and may leave garbage in the last word if bits beyond the cutoff aren’t clear. The root cause is...
CVE-2024-47726
CVE-2024-47726 relates to the Linux kernel F2FS: a fix ensures all in-flight direct I/O (DIO) writes complete before removing blocks. The root cause was a race where a DIO could overwrite data in a block that would be reused by another inode if block removal occurred too early. Affected component...
CVE-2024-49989
CVE-2024-49989: In the Linux kernel, the drm/amd/display path fixes a double-free when unloading the amdgpu module. The issue arises during cleanup of display encoders for flexible/inflexible endpoints, potentially freeing the same object twice during amdgpu driver unload. Connected advisories (A...
CVE-2010-4158
The CVE-2010-4158 issue affects the Linux kernel (pre-2.6.36.2) where sk_run_filter in net/core/filter.c may execute BPF_S_LD_MEM or BPF_S_LDX_MEM before a memory location is initialized. This can allow local users to read potentially sensitive kernel stack memory via a crafted socket filter. The...
CVE-2014-4608
CVE-2014-4608 refers to multiple integer overflows in the LZO decompressor (lzo1x_decompress_safe) in the Linux kernel before 3.15.2, which can cause memory corruption and denial of service via a crafted Literal Run. Some advisories note the Linux kernel is not affected (media hype), while securi...
CVE-2016-0821
The CVE-2016-0821 issue relates to the LIST_POISON protection in the Linux kernel (include/linux/poison.h) prior to version 4.3. It affected Android 6.0.1 prior to 2016-03-01 and arises because poison values were used without properly accounting for mmap_min_addr, enabling bypass of poison-pointe...
CVE-2016-2782
CVE-2016-2782 : In the Linux kernel, the treo_attach function in drivers/usb/serial/visor.c (pre-4.5) can be exploited by a physically proximate attacker who inserts a USB device missing a bulk-in or interrupt-in endpoint, causing a NULL pointer dereference and kernel crash (DoS) or possibly othe...
CVE-2020-29372
The CVE-2020-29372 entry concerns a race condition in the Linux kernel do_madvise implementation (mm/madvise.c) before version 5.6.8, where coredump operations can race with IORING_OP_MADVISE (CID-bc0c4d1e176e). Public sources in connected documents confirm the affected code path and the specific...
CVE-2022-49034
CVE-2022-49034 relates to a Linux kernel issue where, when CONFIG_CPUMASK_OFFSTACK and CONFIG_DEBUG_PER_CPU_MAPS are enabled, cpu_max_bits_warn() emits a runtime warning while reading /proc/cpuinfo due to iterating CPUs with NR_CPUS. The patch fixes the warning by iterating up to nr_cpu_ids (runt...
CVE-2022-49545
CVE-2022-49545 : In the Linux kernel, the ALSA usb-audio driver has a race when closing a USB MIDI output substream, where a pending work item may access the rawmidi runtime object being released. The fix is to cancel the pending work on close. The vulnerability is a local-attack (AV:L, AC:L, PR:...
CVE-2022-49746
The CVE-2022-49746 issue affects the Linux kernel DMA engine, specifically the imx-sdma path. A memory leak can occur in sdma_transfer_init when sdma_load_context() fails: the sdma_desc is freed, but the allocated desc->bd was not, leading to a leak (as illustrated by timeout/login messages). ...
CVE-2023-52588
CVE-2023-52588 represents a Linux kernel vulnerability in the F2FS file system. The issue involves a missing gcing flag on a page during block migration, intended to ensure that migrated data is persisted consistently during checkpoints. Without the gcing flag, data/page persistence could become ...
CVE-2024-42073
The CVE-2024-42073 issue is in the Linux kernel mlxsw spectrum_buffers path. The Shared Buffer Status Register (SBSR) payloads used by two operations were built with absolute port numbers rather than numbers relative to the first port of the port_page, causing memory corruption on Spectrum-4 syst...
CVE-2024-42080
CVE-2024-42080 affects Linux kernels with the RDMA restrack entry handling. The issue arises when ib_create_cq() sets rdma_restrack_entry kern_name to KBUILD_MODNAME; if the module exits without deleting this entry, rdma_restrack_clean() may perform an invalid address access when printing the own...
CVE-2024-53180
Technical details and affected products/versions for CVE-2024-53180 are not present in the connected documents. The initial description summarizes a Linux kernel change but lacks explicit exploit, affected driver/version, or patch details. Monitor vendor advisories for updates.
CVE-2014-0077
CVE-2014-0077 concerns the Linux kernel component drivers/vhost/net.c . When mergeable buffers are disabled, the code path does not properly validate packet lengths, enabling a guest OS user to trigger a memory corruption that could cause a host crash or, per wording, potentially gain privileges ...
CVE-2014-1874
The CVE-2014-1874 entry is about the Linux kernel vulnerability in security/selinux/ss/services.c: the security_context_to_sid_core function before 3.13.4 allows local users with CAP_MAC_ADMIN to set a zero-length security context, causing a denial of service (system crash). Affected product: Lin...
CVE-2016-3955
The CVE-2016-3955 issue affects the Linux kernel’s usbip_recv_xbuff path (drivers/usb/usbip/usbip_common.c) prior to version 4.5.3. A crafted length in a USB/IP packet can trigger an out-of-bounds write, enabling remote denial of service (and potentially other impact) without authentication. The ...
CVE-2022-3202
CVE-2022-3202 involves a NULL pointer dereference in diFree() within fs/jfs/inode.c of the Linux kernel’s Journaled File System (JFS). The underlying cause is a NULL pointer dereference, which could allow a local attacker to crash the system or leak kernel internal information. The CVE is associa...
CVE-2022-48760
The CVE-2022-48760 entry concerns a Linux kernel USB subsystem hang in usb_kill_urb() caused by memory-access ordering issues (SB pattern) between usb_kill_urb() and __usb_hcd_giveback_urb() on SMP systems. The vulnerability is fixed by adding memory barriers, specifically using the smp_mb__after...
CVE-2022-49107
CVE-2022-49107 affects the Linux kernel in the ceph subsystem. The issue is a memory leak in ceph_readdir when note_last_dentry returns an error. The fix resets last_readdir at the same time and adds a comment explaining why last_readdir isn’t freed when dir_emit returns false. Public references ...
CVE-2022-49349
CVE-2022-49349 is a Linux kernel vulnerability in the ext4 filesystem where a use-after-free occurs in ext4_rename_dir_prepare. The issue arises during ext4 directory block reads when a directory entry with an invalid rec_len can lead to a stale parent reference being used, enabling a use-after-f...
CVE-2023-52624
CVE-2023-52624 concerns the Linux kernel’s drm/amd/display path where the DMCUB must be awake before issuing GPINT commands. The root cause is that GPINT mailbox access could occur while DMCUB is idle, risking a system hang. The documented fix adds a wake/execute/sleep wrapper via the function dc...
CVE-2024-46745
CVE-2024-46745 affects the Linux kernel uinput interface. The root cause is an unbounded request for slots via syzkaller, causing memory allocation failure in input_mt_init_slots. The fix limits the allowed number of slots to 100 (extendable if devices require more). Consequences described in the...
CVE-2024-49867
CVE-2024-49867 relates to the Linux kernel bug in btrfs during unmount. The issue occurred because the code could wake and stop the cleaner kthread and then free its resources before waiting for pending fixup workers, leading to a potential use-after-free when a fixup worker wakes a freed cleaner...
CVE-2024-49896
CVE-2024-49896 is a Linux kernel vulnerability affecting the amdgpu/display path. The issue arises when amdgpu_dm passes a null stream to dc_is_stream_unchanged, leading to a potential NULL dereference. The description in the sources notes the root cause as missing null-check before dereferencing...
CVE-2024-50059
CVE-2024-50059 affects the Linux kernel’s ntb subsystem for Switchtec NTB: a race between switchtec_ntb_add/init_sndev binding and switchtec_ntb_remove freeing sndev can lead to a use-after-free of sndev from its scheduled check_link_status_work. The provided description and patches indicate the ...
CVE-2024-53179
CVE-2024-53179 — Linux kernel SMB client UAF : A race between cifs_mount path and SMB2.1 with sign mounts can free the signing key (ses->auth_key.response) leading to a use-after-free. Root cause: use-after-free in signature key handling during session setup via the SMB signing path. A fix was...