CVE-2024-46840

CVE-2024-46840 relates to the Linux kernel bug in btrfs where handling for refs == 0 in snapshot delete could yield an incorrect answer because of missing locks. The fix converts BUG_ON(refs == 0) sites in reada, walk_down_proc, and walk_up_proc to proper error handling, returning -EUCLEAN (later...

CVE-2024-47666

CVE-2024-47666 is a Linux kernel vulnerability in the SCSI pm80xx driver. The bug arises when pm8001_phy_control() stores enable_completion on a stack address, sends resets, waits 300 ms, then returns; if a late PHY control response arrives after the 300 ms, a dangling enable_completion pointer i...

CVE-2024-49905

CVE-2024-49905 refers to a fix in the Linux kernel’s AMD GPU driver code, specifically for the DRM/AMD display path. The vulnerability arose from using the variable afb in amdgpu_dm_plane_handle_cursor_update without a null check; the commit added a null check to prevent potential null pointer de...

CVE-2024-49907

CVE-2024-49907 : Linux kernel DRM/AMD display vulnerability where a NULL dereference can occur by dereferencing dc->clk_mgr in the idle-power path if it is NULL. The fix adds a NULL check before calling dc->hwss.apply_idle_power_optimizations (which may call dcn35_apply_idle_power_optimizat...

CVE-2024-50003

CVE-2024-50003 affects the Linux kernel component drm/amd/display. The issue causes a system hang on resume when a Thunderbolt (TBT) monitor is connected, because the HPD during resume triggers drm_client_modeset_probe() while connector->dev->master is NULL, potentially corrupting pipe topo...

CVE-2024-53089

CVE-2024-53089 concerns the Linux kernel on LoongArch with KVM. The issue arises from hrtimers that may be canceled/called in contexts that violate PREEMPT_RT rules, after timers are unmarked to expire in soft expiry but then canceled from a preempt-notifier with preemption disabled. The fix make...

CVE-2009-1072

CVE-2009-1072 affects the Linux kernel prior to 2.6.28.9. nfsd in the kernel does not drop the CAP_MKNOD capability before handling a user request in a thread, enabling local users on an exported filesystem using root_squash to create device nodes. MiracleLinux 3 lists this as fixed in kernel-2.6...

CVE-2010-3880

CVE-2010-3880 affects the Linux kernel (net/ipv4/inet_diag.c) prior to 2.6.37-rc2. The issue is improper auditing of INET_DIAG bytecode, enabling a local user to trigger a kernel infinite loop and cause a denial of service via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message conta...

CVE-2021-47082

CVE-2021-47082 affects the Linux kernel tun/tun.c: a double-free in tun_free_netdev is caused by deferring dev->tstats and tun->security allocations to a new ndo_init routine (tun_net_init) that runs via register_netdevice(). If register_netdevice() fails, the destructor previously would no...

CVE-2021-47247

CVE-2021-47247 is a Linux kernel use-after-free in the mlx5e_encap_take path during neigh update, caused by improper handling when encap entries are concurrently inserted/deleted after rtnetlink lock changes. The issue is documented in upstream kernel notes and is listed in Debian’s DLA-4178-1 ad...

CVE-2022-3104

The CVE-2022-3104 entry concerns the Linux kernel (up to 5.16-rc6) where lkdtm_ARRAY_BOUNDS in drivers/misc/lkdtm/bugs.c does not check the return value of kmalloc(), enabling a NULL pointer dereference. Affected software is the Linux kernel, with root cause in unchecked kmalloc return leading to...

CVE-2022-49152

CVE-2022-49152 affects the Linux kernel XArray feature, specifically the xas_create_range() path. When an existing entry with order >= XA_CHUNK_SHIFT is present, xas_create_range() can misinterpret it as a node and dereference xa_node->parent, potentially causing a crash (general protection...

CVE-2022-49280

CVE-2022-49280 concerns the Linux kernel NFSD: nfssvc_decode_writeargs() underflow, mitigated by changing a length/args field to unsigned to prevent underflow. Public advisories (EulerOS, Unity Linux, Astra Linux, etc.) document this CVE within kernel updates, indicating the vulnerability affects...

CVE-2022-49535

CVE-2022-49535 affects the Linux kernel SCSI lpfc path. The flaw can cause a use-after-free via premature node release when FLOGI/PLOGI handling fails or when non-zero ELS PLOGI status is processed if a dev-loss-evt work is pending. The described root cause is a premature decrementing of the ndlp...

CVE-2023-52932

The CVE-2023-52932 issue concerns the Linux kernel mm/swapfile get_swap_pages(), where a plist_for_each_entry_safe() loop could loop tens of thousands of times under memory pressure, risking soft lockup. The fix adds cond_resched() into get_swap_pages() when space isn’t found, addressing softlock...

CVE-2023-53117

CVE-2023-53117 refers to a vulnerability in the Linux kernel related to the fs subsystem, specifically an out-of-bounds array speculation issue when closing a file descriptor. The connected advisories (EulerOS, Unity Linux) explicitly identify CVE-2023-53117 and describe the affected area as the ...

CVE-2024-41015

CVE-2024-41015: Linux kernel ocfs2 vulnerability fixed by adding bounds checking in ocfs2_check_dir_entry() to validate ocfs2_dir_entry members and prevent memory overrun. The patch ensures sanity checks keep directory entry fields within valid memory bounds, addressing potential out-of-bounds/NU...

CVE-2024-42074

CVE-2024-42074 pertains to the Linux kernel’s ASoC AMD ACP driver. When the acp platform device creation is skipped, chip->chip_pdev can be NULL, leading to a potential NULL pointer dereference in snd_acp_resume. The connected Nessus/NASL entries confirm the root cause and describe the fix: ad...

CVE-2024-42161

Technical details about CVE-2024-42161 are not publicly provided in the connected documents. The description mentions a Linux kernel BPF_CORE_READ_BITFIELD uninitialized value fix and a patch to initialize val, but there are no explicit affected products/versions or remediation steps beyond the p...

CVE-2024-42297

CVE-2024-42297 concerns a Linux kernel f2fs issue where inodes are marked dirty during operations on a readonly filesystem, triggering a kernel panic during unmount. Root cause chain: do_sys_open -> f2fs_lookup -> __f2fs_find_entry -> f2fs_i_depth_write -> f2fs_mark_inode_dirty_sync -...

CVE-2024-43855

CVE-2024-43855 is a Linux kernel vulnerability in the md (RAID) subsystem where a deadlock could occur while an mddev is suspended and a flush bio is in progress. The connected docs describe the root cause as non-atomic increment/decrement of the active_io counter during the md flush sequence, en...

CVE-2024-44957

CVE-2024-44957 is a Linux kernel issue affecting the Xen privcmd path, where irqfds handling could deadlock if mutexes were used under spin_lock_irqsave. The root cause is switching the synchronization primitive for irqfd wakeups from a mutex to a spinlock, due to EPOLLHUP being delivered to irqf...

CVE-2024-46705

CVE-2024-46705 : Linux kernel vulnerability affecting the DRM XE component where reset of MMIO mappings is performed by setting mappings to NULL after device removal to prevent rogue access to unmapped MMIO. The description notes the risk of remapping unmapped MMIO and potential carnage; the fix ...

CVE-2024-47667

Mode C: The CVE-2024-47667 issue affects the Linux kernel PCI keystone workaround for Errata i2037 on AM65x SR1.0. The workaround limits inbound PCIe TLP read request size and payload to 128 bytes to prevent payload corruption and possible hang when a TLP spans more than two internal AXI 128-byte...

CVE-2025-21780

CVE-2025-21780 affects the Linux kernel DRM/AMDGPU, where a local attacker could overflow a PPTABLE buffer in smu_sys_set_pp_table() by cycling pptables via sysfs. The issue arises when a small pptable is followed by a larger one, enabling a buffer overflow as described in the advisory. This vuln...

CVE-2010-4072

CVE-2010-4072 affects the Linux kernel: the copy_shmid_to_user function in ipc/shm.c (pre-2.6.37-rc1) does not initialize a certain structure, enabling local users to leak potentially sensitive information from kernel stack memory via the shmctl interface and the old shm interface. Affected produ...

CVE-2010-4668

CVE-2010-4668 affects the Linux kernel up to 2.6.37-rc7, where blk_rq_map_user_iov in block/blk-map.c allows a local user to trigger a panic/DoS via a zero-length I/O request to a SCSI device, due to an unaligned map. The vulnerability is tied to an incomplete fix for CVE-2010-4163. Affected vers...

CVE-2012-6638

CVE-2012-6638 (Linux kernel) affects the tcp_rcv_state_process in net/ipv4/tcp_input.c and can cause a DoS due to a flood of SYN+FIN packets. The vulnerability exists in kernels before 3.2.24 and is fixed in the 3.2.24 update (per ChangeLog-3.2.24). Exploitation is described as remote and results...

CVE-2021-47498

The CVE-2021-47498 issue affects the Linux kernel where Device Mapper requests could be requeued during DM suspend due to blk-mq unquiesce calls from outside events, causing a kernel panic under nr_requests updates. The fix changes behavior to avoid queuing during suspend and to requeue requests ...

CVE-2023-1193

CVE-2023-1193 : A use-after-free in setup_async_work within the Linux kernel’s KSMBD in-kernel Samba/CIFS stack can crash systems via access to freed work. Affected component: Linux kernel (Samba server/CIFS). Root cause: use-after-free in setup_async_work. Impact: potential denial of service thr...

CVE-2023-23006

CVE-2023-23006 affects the Linux kernel prior to 5.15.13. The vulnerability lies in drivers/net/ethernet/mellanox/mlx5/core/steering/dr_domain.c, which misinterprets the return value of mlx5_get_uars_page in error cases (expects NULL but receives an error pointer). This can lead to a faulty NULL-...

CVE-2023-52699

In CVE-2023-52699, the Linux kernel SysV locking flaw caused sleep in atomic context because sb_bread() was invoked with pointers_lock held. The root cause spans historical locking changes: replacing BKL with a sysvfs-private rwlock (Linux 2.5.12) introduced a write_lock → read_lock deadlock; the...

CVE-2024-26776

CVE-2024-26776 pertains to the Linux kernel SPI driver for Hisilicon SFC v3xx. The issue arises when the interrupt handler receives an empty interrupt, leading to a NULL pointer dereference. The fix is to return IRQ_NONE when no interrupt is detected, thereby preventing the NULL dereference. Impa...

CVE-2024-40932

CVE-2024-40932 affects the Linux kernel DRM Exynos VIDI driver. The issue is a memory leak in .get_modes() where a duplicated EDID is never freed, leading to potential memory exhaustion. The provided connected advisories confirm the root cause and the fix: a memory leak in drm/exynos/vidi: get_mo...

CVE-2024-46702

CVE-2024-46702 (Linux kernel) relates to Thunderbolt: when a router is removed, the code previously blocked cleanup of XDomain paths due to tb_disconnect_xdomain_paths() racing with tb_stop() during host router NVM upgrade. The fix marks the XDomain as unplugged during removal, allowing tb_stop()...

CVE-2024-46813

CVE-2024-46813 affects the Linux kernel drm/amd/display code. The fix guards against out-of-bounds access by validating link_index before dereferencing dc->links[], where dc->links[] has a max size of MAX_LINKS; the issue could cause 3 overrun conditions and a resource leak, resolved by the...

CVE-2024-46815

CVE-2024-46815 affects the Linux kernel's DRM/AMD display code. The issue arises when accessing reader_wm_sets[] without validating num_valid_sets, which could yield a negative index and an OVERRUN. The description and connected advisories consistently state the fix was to check num_valid_sets be...

CVE-2024-49906

CVE-2024-49906 has concrete remediation on Root OS (rootio-linux) for Ubuntu 22.04 and Debian 11/12. The OSV entries indicate Root has patched CVE-2024-49906 in the rootio-linux package across multiple distributions with multiple fixed versions available. Ubuntu Security Notices and Debian/Ubuntu...

CVE-2024-49915

CVE-2024-49915 concerns the Linux kernel DRM AMD display driver. A null pointer dereference could occur in drm/amd/display during dcn32_init_hw if dc->clk_mgr is null. The fix adds an explicit NULL check before invoking clk_mgr functions, preventing dereferencing a null pointer. Public referen...

CVE-2024-49917

CVE-2024-49917 concerns the Linux kernel’s drm/amd/display path. The vulnerability is due to a potential NULL pointer dereference in dcn30_init_hw when either dc->clk_mgr or dc->clk_mgr->funcs is NULL. The fixed commits add explicit NULL checks to prevent accessing clk_mgr/clk_mgr->fu...

CVE-2025-37839

CVE-2025-37839 (Linux kernel) fixes a journal-related logic flaw in jbd2. The root cause was the incorrect use of sb->s_sequence to determine journal emptiness; it should rely on sb->s_start, which is set earlier. Since 0 is a valid transaction ID, the previous check could spuriously trigge...

CVE-2010-3477

The CVE-2010-3477 issue affects the Linux kernel’s net/sched/act_police.c (tcf_act_police_dump) in versions before 2.6.36-rc4. The root cause is incomplete initialization of certain structure members during dump operations, allowing local users to read potentially sensitive kernel memory. The vul...

CVE-2013-7339

The CVE-2013-7339 issue affects the Linux kernel up to version 3.12.7 (fixed in 3.12.8) where the rds_ib_laddr_check function in net/rds/ib.c allows a local attacker to trigger a NULL pointer dereference via a bind(2) call on an RDS socket on systems without RDS transports. This can cause a denia...

CVE-2013-7421

CVE-2013-7421 : Linux kernel Crypto API flaw allows a local user to load arbitrary kernel modules via a bind() on an AF_ALG socket with a salg_name, in kernels before 3.18.5. This is the same class as CVE-2014-9644 and is addressed by the 3.18.5 fix (ChangeLog-3.18.5). Connected IBM and vendor ad...

CVE-2014-4652

CVE-2014-4652 affects the Linux kernel ALSA sound subsystem. A race condition in the tlv handler (snd_ctl_elem_user_tlv) within sound/core/control.c before version 3.15.2 allows local users to read kernel memory via /dev/snd/controlCX. Impact is partial confidentiality of kernel memory. The vulne...

CVE-2015-3290

The connected Astra Linux bulletin describes CVE-2015-3290 in the Linux kernel context and confirms the vulnerability fix: limiting the Haswell performance counter period to mitigate NMI-related privilege escalation. It documents that the issue stemmed from a too-small initial frequency-estimatio...

CVE-2017-15102

CVE-2017-15102 originates from the Linux kernel prior to 4.8.1, where the tower_probe function in drivers/usb/misc/legousbtower.c can be exploited locally by a near-physically proximate attacker via a crafted USB device. The issue is triggered by a write-what-where condition that arises after a r...

CVE-2017-2634

CVE-2017-2634 affects the Linux kernel DCCP implementation prior to 2.6.22.17, where the IPv4-only inet_sk_rebuild_header() function was used for both IPv4 and IPv6 DCCP connections. This can result in memory corruptions and allows a remote attacker to crash the system. Connected advisories confi...

CVE-2022-49298

CVE-2022-49298 : Linux kernel staging rtl8712 driver fix for uninitialized mac[6] in r871xu_drv_init() after tmpU1b from r8712_read8(padapter, EE_9346CR) == 0. KMSAN reported uninit-value in that function and call chain (usb_intf.c:541; usb_probe_interface; device probing). Concrete details are p...

CVE-2022-49885

CVE-2022-49885 is a Linux kernel vulnerability in ACPI APEI where ghes_estatus_pool_init() can overflow due to signed integer math during len calculation (len += (num_ghes * GHES_ESOURCE_PREALLOC_MAX_SIZE)). The root cause is using int for num_ghes, which can overflow and cause subsequent vmalloc...