CVE-2024-46815

CVE-2024-46815 affects the Linux kernel's DRM/AMD display code. The issue arises when accessing reader_wm_sets[] without validating num_valid_sets, which could yield a negative index and an OVERRUN. The description and connected advisories consistently state the fix was to check num_valid_sets be...

CVE-2024-49915

CVE-2024-49915 concerns the Linux kernel DRM AMD display driver. A null pointer dereference could occur in drm/amd/display during dcn32_init_hw if dc->clk_mgr is null. The fix adds an explicit NULL check before invoking clk_mgr functions, preventing dereferencing a null pointer. Public referen...

CVE-2024-49988

The CVE-2024-49988 issue affects the Linux kernel component ksmbd, specifically the ksmbd_conn structure. The related description states that oplock break requests use opinfo->conn, and that freeing of ->conn could be used on multichannel, so the patch adds a reference count to ksmbd_conn t...

CVE-2025-37805

CVE-2025-37805 (Linux kernel) : The issue arises in sound/virtio (virtio_snd) during probe/remove sequences, where uninitialized sub-structures could trigger cancel_work_sync on an uninitialized work_struct, leading to a warning trace in kernel/workqueue.c. The fix (as discussed in the connected ...

CVE-2025-37839

CVE-2025-37839 (Linux kernel) fixes a journal-related logic flaw in jbd2. The root cause was the incorrect use of sb->s_sequence to determine journal emptiness; it should rely on sb->s_start, which is set earlier. Since 0 is a valid transaction ID, the previous check could spuriously trigge...

CVE-2025-37884

CVE-2025-37884: In the Linux kernel, a deadlock between rcu_tasks_trace and event_mutex was fixed. The issue manifested in _free_event() calling perf_trace_event_unreg() under mutex_lock(&event_mutex) while perf_kprobe_destroy() could synchronize_rcu_tasks_trace(), and in bpf_prog_test_run_syscal...

CVE-2010-4072

CVE-2010-4072 affects the Linux kernel: the copy_shmid_to_user function in ipc/shm.c (pre-2.6.37-rc1) does not initialize a certain structure, enabling local users to leak potentially sensitive information from kernel stack memory via the shmctl interface and the old shm interface. Affected produ...

CVE-2010-4083

CVE-2010-4083 affects the Linux kernel (pre-2.6.36). The vulnerable code path is copy_semid_to_user() in ipc/sem.c, where a structure is not initialized, enabling local attackers to leak kernel stack memory via semctl commands (IPC_INFO, SEM_INFO, IPC_STAT, SEM_STAT). The issue is mitigated by up...

CVE-2012-6638

CVE-2012-6638 (Linux kernel) affects the tcp_rcv_state_process in net/ipv4/tcp_input.c and can cause a DoS due to a flood of SYN+FIN packets. The vulnerability exists in kernels before 3.2.24 and is fixed in the 3.2.24 update (per ChangeLog-3.2.24). Exploitation is described as remote and results...

CVE-2014-4652

CVE-2014-4652 affects the Linux kernel ALSA sound subsystem. A race condition in the tlv handler (snd_ctl_elem_user_tlv) within sound/core/control.c before version 3.15.2 allows local users to read kernel memory via /dev/snd/controlCX. Impact is partial confidentiality of kernel memory. The vulne...

CVE-2017-2634

CVE-2017-2634 affects the Linux kernel DCCP implementation prior to 2.6.22.17, where the IPv4-only inet_sk_rebuild_header() function was used for both IPv4 and IPv6 DCCP connections. This can result in memory corruptions and allows a remote attacker to crash the system. Connected advisories confi...

CVE-2022-48702

CVE-2022-48702 : In the Linux kernel, ALSA emu10k1’s snd_emu10k1_pcm_channel_alloc() can perform out-of-bounds access when the voice allocator wraps around near the end of the array (first_voice + requested_voice_count > 64). The UBSAN report shows index 65 accessed in snd_emu10k1_voice[64]. T...

CVE-2022-49885

CVE-2022-49885 is a Linux kernel vulnerability in ACPI APEI where ghes_estatus_pool_init() can overflow due to signed integer math during len calculation (len += (num_ghes * GHES_ESOURCE_PREALLOC_MAX_SIZE)). The root cause is using int for num_ghes, which can overflow and cause subsequent vmalloc...

CVE-2023-52481

CVE-2023-52481 affects ARM64 Linux kernels with Cortex‑A520 erratum 2966298. A speculatively executed unprivileged load could leak data from a privileged load via a cache side channel when returning to EL0, limited to loads in the same translation regime (same ASID/VMID). Mitigation implemented a...

CVE-2024-38661

CVE-2024-38661 is a Linux kernel vulnerability affecting the s390/ap subsystem. The issue stems from using signed int for internal bitmap-related variables in ap_parse_bitmap_str, allowing overflow during updates to /sys/bus/ap/apmask and related fields, which could trigger a kernel panic (panic_...

CVE-2024-42236

CVE-2024-42236 affects the Linux kernel in the usb gadget configfs string handling. The vulnerability arises from not validating userspace-provided strings that can be empty, enabling an out-of-bounds (OOB) read at str[0-1] and a subsequent OOB write to str[0-1] = '\0'. The issue is fixed by addi...

CVE-2024-42288

CVE-2024-42288 relates to Linux kernel SCSI driver scsi: qla2xxx, where the Init Control Block (ICB) was dereferenced incorrectly, risking memory corruption. The vulnerability affects the qla2xxx path and has a local attack vector with low privileges; the impact is memory corruption (partial impa...

CVE-2024-42311

The CVE-2024-42311 issue is a Linux kernel vulnerability in the HFS filesystem where hfs_inode_info fields (.tz_secondswest, .cached_start, .cached_blocks) were not initialized after hfs_alloc_inode(). The connected advisories confirm a fix was applied in the kernel (patches referenced in multipl...

CVE-2024-43913

CVE-2024-43913 is a Linux kernel vulnerability affecting the nvme Apple driver. The root cause was improper device reference counting in the Apple nvme driver, leading to a memory leak on a tagset failure. The fix requires drivers to call nvme_uninit_ctrl after a successful nvme_init_ctrl and to ...

CVE-2024-46762

CVE-2024-46762 affects the Linux kernel xen privcmd path. A race between privcmd_irqfd_assign() and privcmd_irqfd_deassign() can leave a previously freed kirqfd in use, allowing access to a freed kirqfd and causing a kernel oops. The issue is mitigated by applying SRCU locking to irqfds, mirrorin...

CVE-2024-46775

CVE-2024-46775 affects the Linux kernel DRM AMD display path (drm/amd/display). Root cause: function return values were not checked before their results were used by subsequent calls. The patch resolves 4 CHECKED_RETURN issues reported by Coverity and fixes the vulnerability by validating return ...

CVE-2024-49911

CVE-2024-49911 : In the Linux kernel, the drm/amd/display path (dcn20_set_output_transfer_func) added a null check for the set_output_gamma function pointer to prevent a potential NULL pointer dereference. The fix ensures set_output_gamma is non-NULL before invocation (previously checked only for...

CVE-2024-49918

CVE-2024-49918 relates to a Linux kernel issue in the AMD display path (drm/amd/display) where dcn32_acquire_idle_pipe_for_head_pipe_in_layer could dereference a null head_pipe. The fix adds a null check and returns NULL if head_pipe is null, preventing a potential NPE. Connected sources corrobor...

CVE-2025-22008

CVE-2025-22008 is a Linux kernel vulnerability in the regulator subsystem. The issue arises when asynchronous driver probing allows a dummy regulator to be accessed before it has been probed, potentially enabling local access to disrupt system operation. The fix is to ensure the dummy regulator i...

CVE-2025-22038

CVE-2025-22038 concerns the Linux kernel, specifically the ksmbd path. The issue arises when accessing psid->sub_auth[psid->num_subauth - 1] without ensuring num_subauth is non-zero, which can cause an out-of-bounds read. The provided description states the patch adds a validation step to r...

CVE-2025-22041

The CVE-2025-22041 issue affects the Linux kernel ksmbd subsystem. In multichannel mode, a use-after-free can occur in ksmbd_sessions_deregister() when a second channel creates a session via the first channel’s connection, causing a freed session in the global session table to be dereferenced via...

CVE-2010-3477

The CVE-2010-3477 issue affects the Linux kernel’s net/sched/act_police.c (tcf_act_police_dump) in versions before 2.6.36-rc4. The root cause is incomplete initialization of certain structure members during dump operations, allowing local users to read potentially sensitive kernel memory. The vul...

CVE-2021-47247

CVE-2021-47247 is a Linux kernel use-after-free in the mlx5e_encap_take path during neigh update, caused by improper handling when encap entries are concurrently inserted/deleted after rtnetlink lock changes. The issue is documented in upstream kernel notes and is listed in Debian’s DLA-4178-1 ad...

CVE-2022-49300

CVE-2022-49300 affects the Linux kernel nbd subsystem. A race occurs when the nbd module is removed: nbd_genl_connect() may call nbd_alloc_config() concurrently, and although try_module_get() can fail, nbd_alloc_config() previously did not handle that. This can cause leakage of nbd_config and rel...

CVE-2023-3220

CVE-2023-3220 affects the Linux kernel (through 6.1-rc8) in the MSM DPU path: dpu_crtc_atomic_check in drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c does not validate kzalloc() return, causing a NULL pointer dereference. Impact is local attacker could crash the system; no remote code execution indicat...

CVE-2023-51782

The CVE-2023-51782 issue affects the Linux kernel (net/rose/af_rose.c) and is a use-after-free in rose_ioctl caused by a race in rose_accept. Affected versions are before 6.6.8. The vulnerability can lead to local privilege escalation or kernel crash. Mitigation: upgrade to Linux kernel 6.6.8 or ...

CVE-2023-52569

CVE-2023-52569 affects the Linux kernel's btrfs code path. The patch removes a BUG() on failure to insert a delayed dir index item and adds proper error handling, but it does not fix the underlying issue of using the same index number for different items, per the provided documentation. No exploi...

CVE-2023-52974

CVE-2023-52974: Linux kernel scsi: iscsi_tcp fix UAF during login when accessing the shost ipaddress. If iscsi_sw_tcp_session_create() fails and userspace reads the host ipaddress during session teardown, a use-after-free occurs. The fix delays freeing by setting tcp_sw_host->session only afte...

CVE-2023-53145

In the Linux kernel, the Bluetooth driver subsystem btsdio is affected by a use-after-free race in btsdio_remove. In btsdio_probe, data->work is bound to btsdio_work and started via btsdio_send_frame. If btsdio_remove executes while the work is unfinished, hdev could be freed but still used by...

CVE-2024-42105

CVE-2024-42105 – nilfs2 inode range/UAF fixes in Linux kernel : The referenced security issue is mitigated by a patch series for nilfs2 that fixes a use-after-free and several inode-number range problems. Specifically, nilfs->ns_first_ino (the first non-reserved inode) was read from the superb...

CVE-2024-45008

CVE-2024-45008 affects the Linux kernel input subsystem. The vulnerability arises when input_mt_init_slots() allocates slots based on user-supplied num_slots via UI_DEV_CREATE, risking oversized allocations. A patch caps the maximum slots at 1024, mitigating memory exhaustion. Connected advisorie...

CVE-2024-48875

In the Linux kernel, CVE-2024-48875 is described as a fix for a btrfs issue: don’t take the dev_replace rwsem if the task already holds it. The root cause is a possible deadlock when btrfs_dev_replace flow takes the same rwsem twice during operations like btrfs_map_block, as demonstrated by a loc...

CVE-2024-56588

CVE-2024-56588 (Linux kernel) affects the hisi_sas driver. The issue arises when dump files are created on the fly during debugfs dump, which leads to a NULL pointer dereference and kernel hang if the driver is unbound while dumping. The root cause is allocating memory and creating debugfs entrie...

CVE-2024-57834

CVE-2024-57834 : In the Linux kernel, a null-pointer dereference in the video media driver (vidtv) was fixed. If dvb->mux is not successfully initialized by vidtv_mux_init() during vidtv_start_streaming(), stopping the streaming via vidtv_mux_stop_thread() could dereference a null mux pointer....

CVE-2024-58013

CVE-2024-58013 : In the Linux kernel, a slab-use-after-free in Bluetooth MGMT code (mgmt_remove_adv_monitor_sync) can lead to a crash (KASAN slab-use-after-free) via a read after free in the hci/mgmt path. The issue is triggered during advanced monitor removal (remove_adv_monitor) flow and is exp...

CVE-2010-2495

CVE-2010-2495 affects the Linux kernel’s L2TP implementation (pppol2tp.c). The vulnerability arises from improper validation of certain interface-related values in pppol2tp_xmit, enabling a NULL pointer dereference and an OOPs that can cause a denial of service via routing-change vectors. The iss...

CVE-2010-2524

CVE-2010-2524 affects the Linux kernel CIFS DNS upcall: when CONFIG_CIFS_DFS_UPCALL is enabled, DNS resolution relies on a user keyring via the dns_resolver upcall in the cifs.upcall userspace helper. This allows local privileged or nearby users to spoof DNS query results and mount arbitrary CIFS...

CVE-2010-3848

CVE-2010-3848 is a Linux kernel vulnerability: a stack-based buffer overflow in econet_sendmsg (net/econet/af_econet.c) when Econet is configured, caused by handling a large number of iovec structures. This allows local privilege escalation. The flaw affects Linux kernels before 2.6.36.2 and is a...

CVE-2010-4157

CVE-2010-4157 involves an integer overflow in the Linux kernel’s GDTH SCSI driver (gdth_ioctl_alloc/ioc_general) on 64-bit platforms. A 32/64-bit mismatch when handling a large argument in an ioctl can cause memory corruption, enabling a local user to trigger a denial of service (and potentially ...

CVE-2011-2482

Mode C (Normal, details available) CVE-2011-2482 is referenced in connected documentation tied to MiracleLinux 3: kernel-2.6.18-274.2.AXS3. The vulnerability affects the Linux kernel as used by that distribution, and stems from a Red Hat patch to the sctp_sock_migrate function in net/sctp/socket....

CVE-2021-47435

CVE-2021-47435 affects the Linux kernel device-mapper (dm) path, causing a crash via a NULL pointer dereference during IO completion. The issue stems from dm_io_dec_pending() calling end_io_acct() before the in-flight pending count is decremented, and a race if a DM table swap happens concurrentl...

CVE-2023-52586

CVE-2023-52586 : In the Linux kernel DRM MSM DPU, a race between vblank enable/disable from different threads existed due to missing synchronization. The fix adds a mutex around control vblank IRQ handling (and removes vblank_ctl_lock usage), replacing an atomic refcount with a simple int counter...

CVE-2023-52741

CVE-2023-52741 affects the Linux kernel CIFS implementation: a use-after-free in rdata->read_into_pages() can occur when the network is unstable during read operations. The issue is caused by improper return-condition sequencing, enabling UAF in readpages_fill_pages (and related paths such as ...

CVE-2024-35875

CVE-2024-35875 affects the Linux kernel “x86/coco” subsystem. The vulnerability stems from seeding the RNG at boot using RDRAND on CoCo systems; if RDRAND is broken or unavailable, the RNG may be left unseeded, potentially compromising cryptographic operations. The fix ensures an attempt to seed ...

CVE-2024-35922

The CVE-2024-35922 issue is a Linux kernel vulnerability in fbmon/fb_videomode_from_videomode() where htotal * vtotal can overflow to zero, risking division by zero. The root cause is overflow during videomode computation; the fix mirrors fb_var_to_videomode() by preventing division by zero. Affe...