CVE-2022-2991

CVE-2022-2991 (Linux kernel LightNVM) Affected software: Linux kernel, LightNVM subsystem. Vulnerability: heap-based buffer overflow caused by insufficient validation of the length of user-supplied data before copying to a fixed-size heap buffer. Impact: local privilege escalation and arbitrary c...

CVE-2024-58017

CVE-2024-58017 affects the Linux kernel printk LOG_BUF_LEN_MAX. The issue arises when performing the 1 <

CVE-2014-1737

CVE-2014-1737 affects the Linux kernel (through 3.14.3) and its floppy driver (drivers/block/floppy.c). The flaw is in raw_cmd_copyin not handling error conditions during processing of an FDRAWCMD ioctl, enabling local users with write access to /dev/fd to trigger kfree and potentially gain privi...

CVE-2017-15116

CVE-2017-15116 affects the Linux kernel rngapi_reset() in crypto/rng.c, vulnerable before version 4.2. The issue allows a local attacker to trigger a NULL pointer dereference, causing a denial of service. Connected Nessus advisories (Unity Linux and EulerOS entries) reiterate the same description...

CVE-2017-16533

CVE-2017-16533 affects the Linux kernel’s usbhid_parse() in drivers/hid/usbhid/hid-core.c up to and including version 4.13.7; a crafted USB device can cause an out-of-bounds read, leading to local denial of service or a crash. Affected component: HID USB host controller driver (usbhid). Root caus...

CVE-2017-18270

CVE-2017-18270 refers to a local-kernel vulnerability in Linux kernels prior to 4.13.5 where a local user could create keyrings for other users via keyctl, enabling setting unwanted defaults or causing a denial of service. The issue is fixed in Linux kernel 4.13.5 (as indicated by the ChangeLog r...

CVE-2019-16714

Summary: CVE-2019-16714 affects the Linux kernel prior to 5.2.14. The vulnerability is in rds6_inc_info_copy (net/rds/recv.c), where tos and flags are not initialized, allowing a remote attacker to read sensitive data from kernel stack memory. This is an information disclosure vulnerability with ...

CVE-2021-47257

The CVE-2021-47257 issue affects the Linux kernel net: ieee802154 code, where a logic error could cause a NULL pointer dereference when the user sets the addr-type mode incorrectly. The patch fixes this NULL-dereference path in parse_dev_addr. The vulnerability is described as a local issue with ...

CVE-2022-49122

CVE-2022-49122 is a Linux kernel vulnerability affecting the dm ioctl path where user-supplied data could act as an index and enable Spectre v1 gadget behavior. The fix, described in connected advisories, prevents leakage of kernel memory to userspace by applying array_index_nospec to index handl...

CVE-2022-49536

The CVE-2022-49536 entry concerns the Linux kernel SCSI LPFC deadlock in I/O completion and abort handling under heavy stress (500+ vports). Affected component is the lpfc driver within the SCSI subsystem. The root cause is a deadlock between the lpfc_cmd->buf_lock and phba->hbalock during ...

CVE-2023-23004

CVE-2023-23004 affects Linux kernel before 5.19. In drivers/gpu/drm/arm/malidp_planes.c, get_sg_table return value is misinterpreted: code expects NULL in error case, but it is an error pointer. This could lead to a kernel crash/undefined behavior as described in the vendor advisories (e.g., Chan...

CVE-2023-52880

CVE-2023-52880 affects the Linux kernel tty subsystem, specifically the N_GSM0710 ldisc. The issue allowed attaching the N_GSM0710 line discipline without privileges, but creating a GSM network would require CAP_NET_ADMIN. The advisory indicates that CAP_NET_ADMIN is now required in the initial n...

CVE-2024-26778

CVE-2024-26778 concerns a flaw in the Linux kernel fbdev sav age driver (savage) where an unchecked pixclock input to ioctl() can cause a divide-by-zero. The advisory notes that pixclock is partly validated in savagefb_decode_var() but not sufficiently in savagefb_probe(); the fix introduces a ch...

CVE-2025-21672

CVE-2025-21672 concerns the Linux kernel, specifically the afs module, where a fix guards against a lock being left held when returning to userspace. The root cause is described as a scenario where if argc is less than 0 and a function returns directly, an inode mutex lock is not released. The pa...

CVE-2022-34494

CVE-2022-34494 : This vulnerability is a double free in rpmsg_virtio_add_ctrl_dev (drivers/rpmsg/virtio_rpmsg_bus.c) of the Linux kernel, before version 5.18.4. Affected: Linux kernel releases prior to 5.18.4. Root cause: double free in the RPMSG virtio control device handling. Impact: described ...

CVE-2022-49615

CVE-2022-49615 affects the Linux kernel ASoC rt711-sdca subsystem. A IO error during initial codec settings could dereference a NULL rt711->component before the probe completes, risking kernel panic. The fix changes the code path to use slave->dev instead of component->dev for the early ...

CVE-2023-33288

CVE-2023-33288 affects the Linux kernel up to version 6.2.8, with a fix in 6.2.9. Root cause: a use-after-free in bq24190_remove (drivers/power/supply/bq24190_charger.c) that can race and lead to a local attacker crashing the system. Affected component: bq24190_charger.c within the power supply d...

CVE-2023-40791

The CVE-2023-40791 issue is in the Linux kernel’s extract_user_to_sg (lib/scatterlist.c), where pages may not be properly unpinned in a specific scenario, evidenced by a WARNING for try_grab_page. The connected Nessus entry corroborates affected code and versions: Linux kernel before 6.4.12. This...

CVE-2024-49969

CVE-2024-49969 affects the Linux kernel DRM AMD/DCN30 color management path. The vulnerability arises in the function cm3_helper_translate_curve_to_hw_format when an index 'i' can exceed TRANSFER_FUNC_POINTS, risking an index/out-of-bounds condition and triggering a buffer overflow in output_tf-&...

CVE-2024-56593

CVE-2024-56593 – Linux kernel (brcmfmac wifi driver) Root cause: NULL pointer dereference in brcmf_sdiod_sglist_rw() when a high sd_sgentry_align value (e.g., 512) and a large number of queued SKBs cause the pre-allocated sgtable to run out of entries. The calculation uses nents = max(rxglom_size...

CVE-2010-3881

The CVE-2010-3881 issue affects the Linux kernel arch/x86/kvm/x86.c, where several structure members are not initialized in versions prior to 2.6.36.2. This can allow local users to read potentially sensitive data from kernel stack memory via /dev/kvm. The documented fix is in kernel 2.6.36.2 (an...

CVE-2021-47219

CVE-2021-47219 involves the Linux kernel SCSI subsystem, specifically the scsi_debug path, where an out-of-bounds read occurs in resp_report_tgtpgs() due to an incorrect handling of lengths. The issue can manifest as a negative alen when userspace supplies a large length, enabling a slab/read bou...

CVE-2021-47624

CVE-2021-47624 : In the Linux kernel, a reference-count leak in the rpc_sysfs_xprt_state_change error path can occur when the 3rd argument buf doesn’t match “offline”, “online”, or “remove.” The leak affects rpc_xprt and rpc_xprt_switch objects heightened by prior calls to rpc_sysfs_xprt_kobj_get...

CVE-2022-49072

CVE-2022-49072 affects the Linux kernel GPIO subsystem: gpiochip irq members can be read before initialization, causing race conditions and a potential NULL pointer dereference via I2C (gpiochip_to_irq). The issue has been resolved in the kernel by restricting access to irq-related fields until a...

CVE-2024-42252

CVE-2024-42252 is described as a Linux kernel vulnerability resolved by replacing BUG_ON() with WARN_ON() in the closure handling path. The issue arises if a BUG_ON() can be hit in the wild, which would not be appropriate and could lead to a kernel oops. The fix is to use WARN_ON() instead of BUG...

CVE-2024-46731

CVE-2024-46731 : Linux kernel vulnerability in drm/amdgpu/pm where an out-of-bounds read can occur for mc_data[] when i == 0 due to indexing as i-1. The issue has been resolved by a kernel patch. Connected sources confirm the vulnerability and patch context (Out-of-bounds read warning fix in drm/...

CVE-2024-46821

CVE-2024-46821 (Linux kernel, drm/amd/pm) affects the Linux kernel’s AMD power management code where a negative clk_index/clk_idex was used as an index into pptable->DpmDescriptor, leading to a negative array index read. The issue is resolved by a fix that prevents using negative values as an ...

CVE-2024-46822

CVE-2024-46822 αφορά Linux kernel, prädominantemente为 ARM64 架构，涉及 acpi_map_gic_cpu_interface() 中对 MPIDR 检查失败时导致 cpu_madt_gicc[cpu] 为 NULL 的情况，从而可能造成空指针解引用。修复为对 get_cpu_for_acpi_id() 的调用路径进行强化，确保获取到有效 CPU 条目后再进行索引，避免空指针 dereference。相关公开资料（如 Astra Linux、CIRCL/CVE 记录）确认了该漏洞存在于内核实现并已通过 Harden get_cpu...

CVE-2024-49858

CVE-2024-49858: Linux kernel TPM event log handling (efistub/tpm) used EFI_LOADER_DATA, leaving the region unreserved in the EFI 64-bit memory map (via E820) and passed to the kernel via kexec, risking memory corruption. The fix substitutes EFI_ACPI_RECLAIM_MEMORY, which EFI/ACPI treats as reserv...

CVE-2024-50007

CVE-2024-50007 affects the Linux kernel ALSA asihpi/ASIHPI driver. The issue is an out-of-bounds access in a static array populated from firmware data; the index depends on firmware and was not validated. The patch adds a sanity check to ensure the index fits in the array size, preventing potenti...

CVE-2024-50247

CVE-2024-50247 affects the Linux kernel ntfs3 path where an incorrectly formatted chunk may decompress to more than LZNT_CHUNK_SIZE bytes, causing an index out of bounds in s_max_off. The Connected documents confirm this CVE is included in multiple advisories (e.g., ALAS2023LIVEPATCH advisories) ...

CVE-2010-3876

CVE-2010-3876 affects the Linux kernel: the code path net/packet/af_packet.c in kernel versions before 2.6.37-rc2 does not properly initialize certain structure members, allowing local users with CAP_NET_RAW to read copies of the applicable structures from kernel stack memory. Publicly document d...

CVE-2010-4073

CVE-2010-4073 affects the Linux kernel IPC compatibility code: before 2.6.37-rc1, several compat syscall handlers (ipc/compat.c and ipc/compat_mq.c) fail to initialize certain structures, enabling local attackers to read potentially sensitive kernel stack memory via vectors in compat_sys_semctl, ...

CVE-2011-0521

The CVE-2011-0521 issue affects the Linux kernel’s dvb_ca_ioctl in drivers/media/dvb/ttpci/av7110_ca.c, where the sign of a certain integer field is not checked in versions before 2.6.38-rc2. This allows local users to cause a denial of service via memory corruption and potentially other unspecif...

CVE-2011-1180

The CVE-2011-1180 issue affects the Linux kernel’s IrDA code, specifically the iriap_getvaluebyclass_indication function in net/irda/iriap.c. It describes multiple stack-based buffer overflows caused by unvalidated length fields for names and attributes, allowing remote attackers to trigger memor...

CVE-2022-49175

CVE-2022-49175 (Linux kernel) : The vulnerability arises in core PM code where device_pm_check_callbacks() may run under a spinlock and currently uses spin_lock_irq()/spin_unlock_irq(), which can fail to preserve CPU flags. The fix replaces these with irqsave/irqrestore to preserve flags and avoi...

CVE-2022-49538

CVE-2022-49538 affects the Linux kernel’s ALSA jack path in ASoC. The issue arises when input_dev is unregistered while snd_jack_report is called, potentially causing a NULL pointer dereference. The documented fix is to serialize access to input_dev using a mutex. The connected sources confirm th...

CVE-2022-49739

CVE-2022-49739 affects the Linux kernel GFS2 code: when reading inodes from disk, the inode size of stuffed (inline) inodes is now validated to be within the allowed range in gfs2_dinode_in(). This fixes on-disk corruption that could result from previous truncation logic in stuffed_readpage() and...

CVE-2023-52764

CVE-2023-52764 affects the Linux kernel media driver gspca cpia1 (drivers/media/usb/gspca/cpia1.c) with a shift-out-of-bounds in set_flicker triggered when sd->params.exposure.gain grows beyond int bit-width. The issue stems from attempting a left-shift that exceeds the size of an int, causing...

CVE-2024-26764

CVE-2024-26764 : Linux kernel vulnerability in fs/aio where kiocb_set_cancel_fn() was not restricted to I/O submitted via libaio. If called for io_uring I/O, a kernel warning is produced (kiocb_set_cancel_fn+0x9c/0xa8). The fix: set the IOCB_AIO_RW flag for read/write I/O submitted by libaio to p...

CVE-2024-36897

CVE-2024-36897 — Linux kernel (drm/amd/display, DCN35) Root cause: a new UMA carveout BIOS (version 2.3) wasn’t handled by the DAL BIOS parsing, causing a NULL dereference when code attempted to access Ctx->dc_bios->integrated_info if that pointer was NULL. Affected component: drm/amd/displ...

CVE-2024-41059

CVE-2024-41059 (Linux kernel) : A KMSAN-uninitialized value occurred in hfsplus when copying names during extended attributes operations (copy_name in fs/hfsplus/xattr.c). The issue traces to uninitialized memory used during sized_strscpy, leading to a potential information leak or instability wi...

CVE-2024-46835

CVE-2024-46835 affects the Linux kernel DRM/AMDGPU component. The root cause is a NULL dereference risk in adev->gfx.imu.funcs triggered by a smatch static checker warning, fixed in the kernel code as part of “drm/amdgpu: Fix smatch static checker warning” mitigation. Impact per the provided m...

CVE-2024-49902

CVE-2024-49902 relates to a Linux kernel vulnerability in JFS where a leaf index (dmt_leafidx) could cause an out-of-bounds in dbSplit when the number of leaves per dmap tree is exceeded. The fix adds a check for dmt_leafidx in dbFindLeaf and expands the sanity checks to apply to control pages as...

CVE-2024-49925

CVE-2024-49925 : Linux kernel fbdev (efifb) issue where registration/cleanup of sysfs groups could race or leave the sysctl attributes usable after freeing the info struct. The fix uses driver core sysfs group registration/cleanup to simplify error handling and cleanup, and explicitly avoids a us...

CVE-2024-50061

CVE-2024-50061 affects the Linux kernel’s i3c: master cdns_i3c_master driver. The root cause is a use-after-free race: cdns_i3c_master_hj_work scheduled in cdns_i3c_master_probe can run after cdns_i3c_master_remove frees master->base via i3c_master_unregister. The documented fix is to cancel t...

CVE-2024-50095

CVE-2024-50095 affects the Linux kernel RDMA mad path. The root cause was heavy locking contention in the timeout handler for timed-out WRs in mad_agent_priv, as the current timeout handler acquired and released the lock for every timed-out work request, which could cause softlockups (notably whe...

CVE-2024-50245

CVE-2024-50245 affects the Linux kernel fs/ntfs3 subsystem and is resolved by a patch that fixes a possible deadlock in mi_read caused by a mutex lock contention with the ni_lock_dir path. The flaw is within the ntfs3 code path and can result in a stall if the lock ordering interacts with another...

CVE-2024-53090

CVE-2024-53090 is a Linux kernel vulnerability affecting the AFS filesystem; the issue is a lock recursion in afs_wake_up_async_call() when invoked from AF_RXRPC while holding notify_lock and attempting to pass an afs_call reference to a workqueue. The race could trigger a spinlock recursion (oob...

CVE-2026-43500

Summary: CVE-2026-43500 affects the Linux kernel RXRPC path for DATA/RESPONSE packets. The issue occurs when skb fragments are externally owned (e.g., via splice() or frag lists) and the code path decrypts in place, binding frag pages into the AEAD/skcipher SGL. The fix extends the gate to unshar...