2330 matches found
CVE-2024-49902
CVE-2024-49902 relates to a Linux kernel vulnerability in JFS where a leaf index (dmt_leafidx) could cause an out-of-bounds in dbSplit when the number of leaves per dmap tree is exceeded. The fix adds a check for dmt_leafidx in dbFindLeaf and expands the sanity checks to apply to control pages as...
CVE-2024-50095
CVE-2024-50095 affects the Linux kernel RDMA mad path. The root cause was heavy locking contention in the timeout handler for timed-out WRs in mad_agent_priv, as the current timeout handler acquired and released the lock for every timed-out work request, which could cause softlockups (notably whe...
CVE-2024-53090
CVE-2024-53090 is a Linux kernel vulnerability affecting the AFS filesystem; the issue is a lock recursion in afs_wake_up_async_call() when invoked from AF_RXRPC while holding notify_lock and attempting to pass an afs_call reference to a workqueue. The race could trigger a spinlock recursion (oob...
CVE-2024-56598
Technical details about CVE-2024-56598 (Linux kernel jfs: array-index-out-of-bounds in dtReadFirst) are not provided in the connected documents. Please monitor for updates.
CVE-2011-0711
CVE-2011-0711 affects the Linux kernel through the xfs_fs_geometry function in fs/xfs/xfs_fsops.c. The vulnerability arises because a structure member is not initialized, enabling local attackers to read potentially sensitive data from kernel stack memory via the FSGEOMETRY_V1 ioctl. The affected...
CVE-2013-4587
CVE-2013-4587 describes an array index error in kvm_vm_ioctl_create_vcpu() within virt/kvm/kvm_main.c of the Linux kernel (through 3.12.5). This vulnerability enables local privilege escalation via a large id value. The connected Nessus/OpenVAS advisories reference Unity Linux/SUSE/OpenVAS entrie...
CVE-2017-16532
CVE-2017-16532: A vulnerability in the Linux kernel ≤ 4.13.11 affects the get_endpoints function in drivers/usb/misc/usbtest.c, enabling local users to trigger a denial of service via a crafted USB device, through a NULL pointer dereference and potential system crash. The issue is triggered by a ...
CVE-2019-19241
CVE-2019-19241 affects the Linux kernel prior to 5.4.2 where the io_uring path can cause requests to appear with UID 0 and full capabilities due to IORING_OP_SENDMSG handling by kernel worker threads in contexts from unprivileged users. Affected code paths include fs/io-wq.c, fs/io_uring.c, and n...
CVE-2021-47408
CVE-2021-47408 affects the Linux kernel netfilter conntrack code. The issue arises when the conntrack hash table resizes or during cleanup, causing nf_ct_iterate_cleanup to restart after a resize and delaying net_namespace teardown. The available connected documents state that adding a mutex to s...
CVE-2021-47468
CVE-2021-47468 is a Linux kernel vulnerability affecting isdn/mISDN where a sleeping function could be called from an atomic context because card->isac.release() is invoked while still holding a lock. The description states the fix is to call this function after releasing the lock. Logs illust...
CVE-2022-48738
CVE-2022-48738 corresponds to a Linux kernel vulnerability in ASoC: ops where snd_soc_put_volsw() could accept values outside the advertised valid range. The issue arises from missing validation of user-space-reported ranges, allowing out-of-range values to be processed. The connected Astra Linux...
CVE-2022-49130
In CVE-2022-49130, the Linux kernel ath11k subsystem was fixed by replacing mhi_async_power_up() with mhi_sync_power_up() in the MHI path. The crash occurred when amss.bin was missing and ath11k_pci was removed, since the async variant did not check errors. The sync variant adds error checking an...
CVE-2023-52753
CVE-2023-52753 affects the Linux kernel’s DRM/AMD display timing generator. The root cause is a NULL pointer dereference when accessing the timing generator’s funcs if it is NULL. This can lead to a kernel crash (availability impact). The fix adds a NULL check before dereferencing the timing gene...
CVE-2024-26791
CVE-2024-26791 — Linux kernel: btrfs dev-replace: properly validate device names. A syzbot report indicated device name buffers passed to device replace could read beyond end (getname_kernel) due to insufficient termination checks. The fix adds a helper that validates both source and target devic...
CVE-2024-36897
CVE-2024-36897 — Linux kernel (drm/amd/display, DCN35) Root cause: a new UMA carveout BIOS (version 2.3) wasn’t handled by the DAL BIOS parsing, causing a NULL dereference when code attempted to access Ctx->dc_bios->integrated_info if that pointer was NULL. Affected component: drm/amd/displ...
CVE-2024-42232
CVE-2024-42232 (Linux kernel, libceph) is a race between delayed_work handling in ceph_monc_stop() and mon_fault()/finish_hunting() that could lead to use-after-free when reusing monc and its associated fields. The fix, as described in connected advisories, is: (1) during session close in ceph_mo...
CVE-2024-49903
CVE-2024-49903 is a Linux kernel vulnerability involving a slab-use-after-free in the JFS mapping code (dbFreeBits/dbFreeDmap) caused by a race between two paths (dbUnmount and jfs_ioc_trim) that access bmap. The race can lead to uaf when trimming or unmounting JFS and subsequently freeing object...
CVE-2024-49923
The CVE-2024-49923 issue is in the Linux kernel’s DRM/AMD display path. Specifically, dcn20_validate_apply_pipe_split_flags could dereference a null pointer; the patch passes a non-null pointer to fix a null-dereference. Impact is limited to availability (HIGH) with local, low-complexity exploita...
CVE-2024-50245
CVE-2024-50245 affects the Linux kernel fs/ntfs3 subsystem and is resolved by a patch that fixes a possible deadlock in mi_read caused by a mutex lock contention with the ni_lock_dir path. The flaw is within the ntfs3 code path and can result in a stall if the lock ordering interacts with another...
CVE-2024-58085
CVE-2024-58085 relates to the Linux kernel Tomoyo security module, specifically a warning emission in tomoyo_write_control(). The description notes a syzbot report about a “too large allocation” warning when a long single line is written without a newline. The fix changes memory allocation behavi...
CVE-2011-1020
CVE-2011-1020 affects the Linux kernel (2.6.37 and earlier) where the proc filesystem does not restrict access to /proc after a process execs a setuid program. This can let local attackers obtain sensitive information or cause a denial of service by performing open, lseek, read, or write operatio...
CVE-2011-1745
The CVE-2011-1745 entry affects the Linux kernel: an integer overflow in the agp_generic_insert_memory function (drivers/char/agp/generic.c) in kernels before 2.6.38.5. This allows local users to gain privileges or cause a denial of service via a crafted AGPIOC_BIND agp_ioctl call. Affected platf...
CVE-2012-2136
CVE-2012-2136 affects the Linux kernel prior to 3.4.5. The sock_alloc_send_pskb function does not properly validate a length value, enabling a local user to trigger a heap-based overflow that can crash the system or potentially gain privileges via access to a TUN/TAP device. Affected software is ...
CVE-2017-18222
CVE-2017-18222 affects the Linux kernel before 4.12, where the Hisilicon Network Subsystem (HNS) ETH_SS_PRIV_FLAGS handling during sset_count retrieval can cause local denial of service via buffer overflow/memory corruption and potentially other impacts due to incompatibility with ethtool_get_str...
CVE-2021-47191
CVE-2021-47191 affects the Linux kernel’s SCSI debug path (scsi_debug) and fixes an out-of-bounds read in resp_readcap16 caused by treating alloc_len as a signed int, which could lead to an OOB in sg_copy_buffer when handling large allocation lengths. The root cause is the incorrect type for allo...
CVE-2022-49288
CVE-2022-49288 concerns the Linux kernel ALSA PCM subsystem. The issue arises from races in concurrent prealloc changes via proc files, with no protection against simultaneous PCM buffer preallocation changes, potentially leading to use-after-free or other instability. The provided fix applies th...
CVE-2023-52589
The CVE 2023-52589 entry concerns the Linux kernel media rkisp1 driver. The issue is a race in IRQ disable logic within rkisp1_isp_stop() and rkisp1_csi_disable(): interrupts are masked and the code assumes the IRQ handler isn’t running, but the handler can still be active when the stop sequence ...
CVE-2023-52835
CVE-2023-52835 affects the Linux kernel perf subsystem. The root issue is that a large AUX area (e.g., 4 GB) can cause rb_alloc_aux and related allocations to hit bounds and mmap failure, triggering a WARN and an ENOMEM during perf-record. The fix is to bail out early if the requested AUX area is...
CVE-2024-26775
CVE-2024-26775 concerns the Linux kernel’s aoe subsystem. The documented issue is a potential deadlock in set_capacity() caused by a locking order: one path holds bdev->bd_size_lock while another holds d->lock, risking a deadlock when an interrupt occurs and the code path re-enters set_capa...
CVE-2024-46805
CVE-2024-46805 is a Linux kernel vulnerability in the drm/amdgpu path where a NULL pointer dereference of hive can occur when validating amdgpu_hive_info. The issue (root cause: amdgpu_hive_info *hive may be NULL) can lead to an out-of-bounds or memory access problem in the driver, with the advis...
CVE-2024-47143
CVE-2024-47143 relates to the Linux kernel and describes a potential deadlock in the dma-debug flow caused by holding radix_lock while dma_hash_entry locks are held. The fix, as documented in the connected sources, is to perform dma_entry_free() after put_hash_bucket() inside check_unmap() to pre...
CVE-2024-50246
CVE-2024-50246 is a Linux kernel vulnerability affecting the ntfs3 file-system code path. The issue stems from a missing or insufficient check related to the alloc_size for rough attribute handling in fs/ntfs3, which could allow a local attacker to exploit the flaw. The CVE is described with a CV...
CVE-2024-57924
CVE-2024-57924 affects the Linux kernel and is described in multiple sources as a fix to “fs: relax assertions on failure to encode file handles.” The issue concerns exportfs_encode_fh and related paths used by filesystem code to encode file handles, with legacy users such as nfsd and name_to_han...
CVE-2014-4653
Summary (CVE-2014-4653) : The ALSA control implementation in the Linux kernel has a race/lock handling issue in sound/core/control.c. It does not ensure possession of a read/write lock, enabling a local attacker to trigger a denial of service (use-after-free) and to potentially read kernel memory...
CVE-2015-0239
CVE-2015-0239 affects the Linux kernel KVM emulation path (arch/x86/kvm/emulate.c). If a guest OS does not initialize SYSENTER MSRs, em_sysenter can trigger using a 16‑bit code segment to emulate SYSENTER, allowing a guest OS user to gain guest privileges or cause a guest crash. The vulnerability...
CVE-2017-18255
CVE-2017-18255 affects the Linux kernel: the perf_cpu_time_max_percent_handler in kernel/events/core.c (pre-4.11) can be triggered by a large value, causing a denial of service via integer overflow (and potential unspecified impact). It requires local access. A fix is available in kernel 4.11 and...
CVE-2022-49291
The CVE-2022-49291 entry describes a Linux kernel flaw in ALSA: pcm where concurrent hw_params and hw_free ioctls could trigger a use-after-free. The fix introduces a dedicated mutex (runtime->buffer_mutex) and applies it to both hw_params and hw_free code paths, with small reordering (mmap_co...
CVE-2024-39484
CVE-2024-39484 - Linux kernel mmc: davinci driver: the remove callback was discarded when built-in and __exit was used, causing resource leaks on unbind/reset. The fix compiles the remove callback unconditionally so it is always executed during driver removal. Connected sources confirm the issue ...
CVE-2024-40902
CVE-2024-40902: Linux kernel vulnerability in jfs xattr handling where printing an oversized xattr in hex could read past the buffer, risking kernel memory. A fix restricts the debug hex dump size in kernel logs. Public-coverage in Astra Linux and CIRCL references confirms the same vulnerability ...
CVE-2024-49904
The CVE-2024-49904 issue affects the Linux kernel DRM/AMDGPU subsystem. The vulnerability arises from a missing list empty check in list_for_each_entry_safe, which can lead to a NULL pointer dereference in corner cases. The advisory notes that the fix is to add a list empty check to avoid the nul...
CVE-2024-53177
CVE-2024-53177 relates to the Linux kernel SMB/CIFS implementation. The issue is a use-after-free in smb2_cached_lease_break/open_cached_dir race: when open_cached_dir() errors parsing a lease, a race with a lease-break can free a cfid while pending work remains. The fix drops references instead ...
CVE-2024-58090
CVE-2024-58090 affects the Linux kernel: sched/core commit fixes a long-standing issue where rescheduling could be triggered with interrupts disabled during kexec-based reboot paths. The root cause involved a wakeup in a syscore_suspend()/resume path that set NEED_RESCHED, leading to cond_resched...
CVE-2025-21992
CVE-2025-21992 concerns the HID subsystem in the Linux kernel, where a non-functional HID sensor on the HP 5MP Camera (USB 0408:5473) could cause system hangs when accessed via iio_info. The issue was mitigated by adding the affected device to the HID ignore list so its sensor interface is not ex...
CVE-2010-2798
The CVE-2010-2798 entry concerns the Linux kernel prior to 2.6.35, where gfs2_dirent_find_space uses an incorrect size value in calculations related to sentinel directory entries. This can allow local attackers to trigger a denial of service via a NULL pointer dereference and kernel panic, with a...
CVE-2010-3858
CVE-2010-3858 is a Linux kernel vulnerability described in MiracleLinux advisories as affecting fs/exec.c with CONFIG_STACK_GROWSDOWN. On 64-bit platforms, for 32-bit applications, the setup_arg_pages function does not properly constrain stack usage of arguments and environment, enabling local us...
CVE-2010-4655
CVE-2010-4655 affects the Linux kernel’s net/core/ethtool.c, where uninitialized data structures in ethtool ioctl handling could allow a local user with CAP_NET_ADMIN to leak information from kernel heap memory. The initial description specifies the vulnerability exists in kernel builds before 2....
CVE-2011-1746
The CVE affects the Linux kernel prior to 2.6.38.5, specifically the AGP subsystem in drivers/char/agp/generic.c. It is caused by multiple integer overflows in the functions agp_allocate_memory and agp_create_user_memory, allowing local users to trigger buffer overflows and potentially crash the ...
CVE-2021-47412
CVE-2021-47412 (Linux kernel) : The vulnerability arises when a bio is not tracked and the rq_qos_ops->done_bio call is inappropriately invoked, risking a kernel panic. The fix stops calling done_bio for bios that aren’t tracked (and for bio-based drivers where rq_qos_done_bio() isn’t needed)....
CVE-2022-49750
CVE-2022-49750 affects the Linux kernel CPPC support in cpufreq. The root cause is that the _CPC object fields are unsigned 32-bit values, which could overflow. The fix is to add u64 casts to these values to prevent overflow when used. Documented impact indicates potential availability impact (A)...
CVE-2024-26697
Summary (CVE-2024-26697) : In the Linux kernel, the nilfs2 filesystem had a data corruption risk during dsync block recovery when block sizes are smaller than the page size. The root cause was an incorrect on-page offset calculation in nilfs_recovery_copy_block() within nilfs_recovery_dsync_block...