CVE-2024-36964

CVE-2024-36964 affects the Linux kernel fs/9p implementation. It allows garbage in the 9P2000 perm bits to pass through, enabling the setting of the suid bit due to improper translation of RWX permissions; the unix extended bits are handled only on .u. The issue is local and relates to a permissi...

CVE-2024-41070

The CVE-2024-41070 issue is a use-after-free in KVM on PPC Book3S HV. The code path kvm_spapr_tce_attach_iommu_group() reads stt from tablefd, then fdputs the fd and uses stt after the fd is released, allowing a race that frees stt via release_spapr_tce_table() (RCU) and can lead to UAF even with...

CVE-2024-42122

CVE-2024-42122 concerns the Linux kernel’s drm/amd/display where a NULL pointer could be produced by kzalloc and used without checking. The fix adds a NULL pointer check before using the allocated memory. Affected subsystem: AMD display kernel code; root cause: missing validation of kzalloc retur...

CVE-2024-46742

CVE-2024-46742 is a Linux kernel vulnerability affecting the SMB server path where a potential null pointer dereference in smb2_open() could occur when lease_ctx_info is NULL (SMB2_OPLOCK_LEVEL_LEASE). The fix adds a NULL check for lease_ctx_info and also removes redundant parentheses in parse_du...

CVE-2025-37741

CVE-2025-37741 affects the Linux kernel’s JFS filesystem. The issue stems from reading a fixed-disk inode (AIT) in raw mode during diReadSpecial(), where corrupted metapage data could cause the nlink value to be set to 0 on an iag inode during copy_from_dinode(), triggering a deadlock when diFree...

CVE-2010-3850

CVE-2010-3850: In the Linux kernel, the ec_dev_ioctl function in net/econet/af_econet.c did not require CAP_NET_ADMIN, allowing local users to bypass access restrictions and configure econet addresses via an SIOCSIFADDR ioctl. Documented impact is local privilege/unauthorized configuration; fix a...

CVE-2014-4656

CVE-2014-4656 affects the Linux kernel ALSA sound control (sound/core/control.c). The vulnerability arises from multiple integer overflows in ALSA control handling, exploitable by local users via /dev/snd/controlCX to cause a denial of service. The issue is tied to (1) index values in snd_ctl_add...

CVE-2017-16527

CVE-2017-16527 affects the Linux kernel component sound/usb/mixer.c, vulnerable before version 4.13.8. A crafted USB device can trigger a snd_usb_mixer_interrupt use-after-free, causing denial of service or system crash. Exploitation vectors are local to physical USB device interaction. The conne...

CVE-2021-47284

CVE-2021-47284 (Linux kernel) relates to isdn: mISDN: netjet crash in nj_probe. The issue occurs when nj_setup may fail with -EIO, leaving card->irq initialized and >0; a subsequent nj_release frees an IRQ that wasn’t requested. The fix deletes the prior assignment to card->irq and keeps...

CVE-2021-47582

CVE-2021-47582 affects the Linux kernel USB core (USBDEVFS_CONTROL/USBDEVFS_BULK) where usb_start_wait_urb() can wait uninterruptibly for a very large timeout. The fix changes do_proc_control() and do_proc_bulk() to use a killable wait and GFP_KERNEL instead of GFP_NOIO. Connected advisories (Mir...

CVE-2021-47606

CVE-2021-47606 affects the Linux kernel net: netlink af_netlink fix. The vulnerability arises from an empty skb usage, where skb->len=0 and skb->data_len=0 could trigger a division error in netem_enqueue during randomized corruption: skb->data[prandom_u32() % skb_headlen(skb)] ^= 1<

CVE-2022-3543

CVE-2022-3543 affects the Linux kernel BPF component: the memory leak occurs in the unix_sock_destructor/unix_release_sock paths in net/unix/af_unix.c. The issue is localized to the BPF code handling UNIX sockets, and the vulnerability can lead to memory consumption/leaf exhaustion. A patch is av...

CVE-2022-49156

The CVE-2022-49156 entry corresponds to a Linux kernel vulnerability in scsi: qla2xxx where a call into midlayer (fc_remote_port_delete) could sleep in interrupt context, causing a crash via scheduling while atomic. The fix schedules the call in non-interrupt context to avoid sleeping while atomi...

CVE-2024-44954

CVE-2024-44954 concerns a race in the Linux kernel ALSA subsystem: concurrent access to the line6 midibuf from URB completion callbacks and rawmidi API can trigger a KMSAN warning. The root cause is a data race on midibuf usage; Linux kernel patch added a spinlock to protect the midibuf call path...

CVE-2024-46753

CVE-2024-46753 affects the Linux kernel via the btrfs subsystem. Description: in walk_up_proc() the code previously BUG_ON(ret) after btrfs_dec_ref(); the error is now returned, indicating proper error propagation. The vulnerability is resolved in the Linux kernel as described in multiple advisor...

CVE-2024-47673

CVE-2024-47673 affects the Linux kernel wifi iwlwifi mvm; root cause is that TCM is not paused when the firmware is stopped, causing a host command to be sent to a non-live firmware. This can trigger a WARNING and potential local impact. Connected docs indicate patched kernels/versions: e.g., Mar...

CVE-2024-49920

The CVE-2024-49920 entry concerns the Linux kernel DRM/AMD display subsystem. The vulnerability arises from a null-pointer risk in the AMD display path, where pointers such as stream_enc and dc->bw_vbios are used multiple times after a check that is only performed earlier in the function. The ...

CVE-2024-50244

CVE-2024-50244 affects the Linux kernel ntfs3 driver. Root cause: an additional check added in ni_clear() to validate NTFS_FLAGS_LOG_REPLAYING, preventing access to an uninitialized bitmap during the NTFS replay process. Impact: as described, availability is affected; other confidentiality/integr...

CVE-2025-37800

CVE-2025-37800 targets the Linux kernel driver core. A potential NULL pointer dereference in dev_uevent() could occur if userspace reads a uevent attribute while another thread unbinds the device, changing dev->driver from a valid pointer to NULL. The fix uses READ_ONCE() when fetching the dri...

CVE-2011-2022

The CVE-2011-2022 issue affects the Linux kernel (drivers/char/agp/generic.c) prior to 2.6.38.5. The vulnerability is due to failure to validate a start parameter in the agp_generic_remove_memory function, enabling local users to gain privileges or cause a denial of service (system crash) via a c...

CVE-2017-16530

CVE-2017-16530 affects the Linux kernel uas driver (drivers/usb/storage/uas.c; uas-detect.h). The issue allows a local user to trigger a denial of service or potentially other impact via a crafted USB device, caused by an out-of-bounds read. Affected condition is the uas driver in the kernel prio...

CVE-2019-18806

CVE-2019-18806 : A memory leak in the Linux kernel's ql_alloc_large_buffers() (drivers/net/ethernet/qlogic/qla3xxx.c) before 5.3.5 can be triggered by pci_dma_mapping_error() failures, allowing a local attacker to exhaust memory and cause a denial of service. The issue is rooted in qla3xxx leak b...

CVE-2021-34981

CVE-2021-34981 concerns the Linux kernel’s Bluetooth CMTP module. The issue stems from failing to validate the existence of an object before performing free operations, enabling a local attacker to escalate privileges by executing code in the kernel context (double free). The vulnerability is lin...

CVE-2021-47353

CVE-2021-47353 in the Linux kernel fixes a NULL pointer dereference in the udf_symlink function. The issue arises when udf_tgetblk returns a NULL sb_getblk value and the code uses epos.bh without checking, leading to a possible crash. The fix adds a NULL check for epos.bh before use, mitigating p...

CVE-2022-49343

CVE-2022-49343 : In the Linux kernel, ext4 can encounter cycles in the h-tree stored in a directory. A maliciously corrupted filesystem could cause the kernel to access unallocated memory during a node split. The fix is to verify that traversed block numbers are unique.

CVE-2022-49347

CVE-2022-49347 concerns a Linux kernel issue in ext4 where a bug_on can trigger during ext4_writepages in delay allocation mode when inline data has been converted to an extent. The root cause described across the provided documents is a race: inline data may be destroyed before ext4_writepages r...

CVE-2022-49673

CVE-2022-49673 concerns the Linux kernel where a KASAN warning in raid5_add_disk was mitigated by validating that rdev->saved_raid_disk is within expected limits during LVM tests (dm raid). The fix is described as adjusting the raid5_add_disks path to ensure bound checks, with the associated c...

CVE-2022-49864

Summary: CVE-2022-49864 is a Linux kernel vulnerability within the DRM/AMDKFD driver. The root cause is a NULL pointer dereference in svm_migrate_to_ram() in kfd_migrate.c (p dereferenced as NULL). The issue manifests as a potential kernel crash or denial of service via a local attack vector. The...

CVE-2024-46777

CVE-2024-46777 relates to the Linux kernel udf filesystem: the vulnerability arises when mounting a filesystem where the partition length would overflow 32-bit block numbers or where indexing into the block bitmap could be unsafe. The description in the initial CVE specifies that the fix is to av...

CVE-2024-49888

CVE-2024-49888 – Linux kernel (BPF) sdiv/smod overflow fix . The issue affects the BPF subsystem where division by -1 can overflow for 64-bit operands (LLONG_MIN/-1) on x86_64, potentially triggering a kernel crash; on arm64, results differ (LLONG_MIN/-1 yields LLONG_MIN). The provided patch logi...

CVE-2024-50010

CVE-2024-50010 affects the Linux kernel’s exec path checks. The issue is a race in the path_noexec (and i_mode) checks that led to spurious WARN_ON warnings when noexec is toggled, rather than a real permission failure. The fix removes the redundant path_noexec WARN and updates commentary; no exp...

CVE-2010-4081

CVE-2010-4081 affects the Linux kernel (sound/pci/rme9652/hdspm.c: snd_hdspm_hwdep_ioctl). The root cause is failure to initialize a structure, enabling local users to read potentially sensitive kernel stack memory via SNDRV_HDSPM_IOCTL_GET_CONFIG_INFO. Affected: kernel versions prior to 2.6.36-r...

CVE-2017-16531

CVE-2017-16531 affects the Linux kernel before 4.13.6, where the driver/usb/core/config.c path allows a local user to trigger an out-of-bounds read via a crafted USB device, related to the USB_DT_INTERFACE_ASSOCIATION descriptor. Exploitation could cause a denial of service (kernel crash) and pot...

CVE-2022-34495

CVE-2022-34495: In the Linux kernel, rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c before 5.18.4 is reported to contain a double free. Affected product/version examples include upstream Linux kernels updated to 5.18.4 or later. The connected sources (e.g., Astra Linux security bulletin and vend...

CVE-2022-49158

CVE-2022-49158 affects the Linux kernel SCSI driver qla2xxx. The issue is a warning generated when adisc is flushed, where an error code type did not match the expected type. The fix adds translation between error code types to avoid the warning (no documented exploit). The connected advisories c...

CVE-2022-49412

CVE-2022-49412 describes a Linux kernel vulnerability in bfq where merging two bfqq queues could occur with different parent cgroups, potentially leading to a use-after-free if the parent changes between decision to merge and bfq_setup_merge() call. The root cause is reparenting of bfqqs (e.g., d...

CVE-2023-52617

CVE-2023-52617 : Linux kernel PCI: switchtec device crash on surprise hot-remove fixed. The issue occurred when a PCI device was hot-removed while stdev->cdev was open; stdev_release() ran after switchtec_pci_remove(), risking a fatal page fault in DMA mode and a stale dev pointer during dma_f...

CVE-2024-42289

The CVE-2024-42289 issue in the Linux kernel affects the SCSI qla2xxx driver during vport delete. It caused a crash due to stale outstanding I/O entries not completing, leading to a NULL pointer dereference in dma_direct_unmap_sg during vport deletion. The fix explicitly sends an async logout for...

CVE-2024-44942

CVE-2024-44942 concerns the Linux kernel’s f2fs inline data handling during garbage collection. According to the connected Astra Linux bulletin, the root cause is that an inline_data inode can be fuzzed, allowing a valid blkaddr in its direct node; when background GC migrates the block, a f2fs_bu...

CVE-2024-46814

CVE-2024-46814 affects the Linux kernel in the DRM AMD display path. The vulnerability arises from not validating HDCP-related message IDs (msg_id) before processing a transcation, allowing 4 overrun issues to be triggered by an invalid HDCP_MESSAGE_ID (-1) acting as an index. The root cause is a...

CVE-2024-47712

CVE-2024-47712: In the Linux kernel, a RCU usage issue in wifi/wilc1000 was fixed. In wilc_parse_join_bss_param, the code accessed the ies TSF field after the RCU read-side section, which is illegal. The TSF value is now stored in a local variable (ies_tsf) before releasing the RCU lock, and para...

CVE-2024-49913

CVE-2024-49913 affects the Linux kernel’s DRM AMD display path. The issue was a potential NULL pointer dereference in commit_planes_for_stream when top_pipe_to_program could be NULL, leading to dereferencing stream_res. The fix adds a null check before accessing top_pipe_to_program to prevent the...

CVE-2024-53187

CVE-2024-53187 affects the Linux kernel io_uring subsystem (io_pin_pages in io_uring/memmap.c). The issue arises from overflow/garbage uaddr handling when deriving size, enabling local attackers to trigger a fault; CVSSv3.1 metrics shown include Local attack, Low complexity, Low privileges, with ...

CVE-2025-37742

CVE-2025-37742 : In the Linux kernel, the jfs_imap diMount path allocates imap with kmalloc and fails to initialize it, causing uninit-value usage in hex_dump_to_buffer and a KMSAN report during mount/evict paths. Root cause: imap is not initialized after memory allocation. Remediation: replace k...

CVE-2025-37858

The CVE-2025-37858 issue affects the Linux kernel’s JFS filesystem. Root cause: AG size calculation in dbExtendFS() uses a 1 < 31 on 32-bit systems, this causes undefined behavior and invalid AG sizes (sbi->bmap->db_agsize). Impact: potential filesystem corruption during extend operation...

CVE-2010-3067

CVE-2010-3067 affects the Linux kernel: an integer overflow in do_io_submit (fs/aio.c) in versions before 2.6.36-rc4-next-20100915 allows local users to cause a denial of service or possibly other impact via crafted io_submit usage. The vulnerability is rooted in improper handling within the io_s...

CVE-2014-2706

CVE-2014-2706 describes a race condition in the Linux kernel’s mac80211 subsystem (sta_info.c and tx.c) that, when handling network traffic in conjunction with the WLAN_STA_PS_STA (power-save) state, can cause a remote denial of service (system crash). The issue affects kernel versions prior to 3...

CVE-2021-47646

CVE-2021-47646 (Linux kernel) involves a crash triggered by interactions around block, bfq: honor already-setup queue merges. The vulnerability arose when the commit 2d52c58b9c9b was merged and later reverted by ebc69e897e17; that revert did not introduce the bug, but actually exposed a UAF cause...

CVE-2022-0264

CVE-2022-0264 : The Linux kernel eBPF verifier has a vulnerability in how it handles internal data structures, allowing leakage of internal kernel memory to userspace when eBPF code is inserted into the kernel. A local attacker with insertion privileges could exploit this to access kernel memory ...

CVE-2022-48423

CVE-2022-48423 affects the Linux kernel (fs/ntfs3/record.c) prior to version 6.1.3, where resident attribute names are not validated, allowing an out-of-bounds write. Public references in the provided documents cite kernel fixes in 6.1.3 (ChangeLog-6.1.3, commit 54e45702b6…) and related advisorie...