2330 matches found
CVE-2024-35935
CVE-2024-35935 – Linux kernel (btrfs: send: handle path ref underflow in header iterate_inode_ref()) Connected documents confirm a concrete fix in the Linux kernel: when building a path buffer for iterate_inode_ref(), a BUG_ON-based path underflow handling was replaced with proper error handling ...
CVE-2024-35936
CVE-2024-35936. In the Linux kernel, the btrfs relocation code (btrfs_relocate_sys_chunks) contains an unhandled corruption case in its chunk-tree lookup loop. The issue arises from two theoretically impossible conditions: (1) an inexact search yields a key with offset -1 for a chunk-tree item, a...
CVE-2024-40980
CVE-2024-40980 affects the Linux kernel where drop_monitor uses a spin_lock in trace_drop_common() executed with preemption disabled, problematic on RT kernels due to sleeping locks in atomic context. The vulnerability can lead to a crash (sleeping function called from invalid context) and potent...
CVE-2024-41072
CVE-2024-41072 affects the Linux kernel wifi subsystem (cfg80211 wext). The fix adds an extra validation in cfg80211_wext_siwscan() to ensure the number of channels passed via ioct(SIOCSIWSCAN, ...) does not exceed IW_MAX_FREQUENCIES; requests that exceed this limit are rejected with -EINVAL. Thi...
CVE-2024-46714
CVE-2024-46714 in the Linux kernel is addressed by a fix in the DRM/AMD display path: the code now skips the wbscl_set_scaler_filter when the filter is null, preventing a potential NULL return from wbscl_get_filter_coeffs_16p from causing a null dereference. A null check was added to ensure filte...
CVE-2024-46716
CVE-2024-46716: Linux kernel vulnerability in dmaengine altera-msgdma where descriptors were not freed correctly due to an incorrect list handling. The fix, described in the connected Astra Linux bulletin and kernel notes, removes the list_del in msgdma_chan_desc_cleanup (which should be responsi...
CVE-2024-46804
CVE-2024-46804 affects the Linux kernel’s DRM/AMD display path, specifically HDCP DDC access. The vulnerability stems from an array index overrun due to not validating the index, which could lead to overrun/W earlier reports. The fix adds proper checks: validate the message id (msg_id) and ensure...
CVE-2024-47665
CVE-2024-47665 concerns the Linux kernel’s i3c: mipi-i3c-hci driver. The bug manifested during IBI DMA setup when the code checked if dma_get_cache_alignment * defined value > 256, and incorrectly BUG_ON()'ed during driver initialization. The vulnerability could cause a local fault due to a fa...
CVE-2024-49893
CVE-2024-49893 affects the Linux kernel DRM display path (drm/amd/display). The issue arises when dc_state_get_stream_status can return NULL, so stream_status must be checked before use. The patch fixes a NULL_RETURNS issue reported by Coverity by adding a NULL check before accessing stream_statu...
CVE-2011-1044
CVE-2011-1044 affects the Linux kernel (pre-2.6.37) and is caused by ib_uverbs_poll_cq in drivers/infiniband/core/uverbs_cmd.c not initializing a certain response buffer. This allows local attackers to read potentially sensitive data from kernel memory via vectors that fill the buffer only partia...
CVE-2011-2918
CVE-2011-2918 affects the Linux kernel perf subsystem (Performance Events). The issue arises in the handling of event overflows for PERF_COUNT_SW_CPU_CLOCK, enabling a local attacker to cause a denial of service (system hang) via a crafted application. Public references in connected advisories co...
CVE-2012-1097
CVE-2012-1097 affects the Linux kernel before 3.2.10, where the regset (register set) path mishandles absence of .get/.set methods. This can allow a local attacker to trigger a NULL pointer dereference via PTRACE_GETREGSET or PTRACE_SETREGSET, possibly causing denial of service or other impact. R...
CVE-2014-4655
CVE-2014-4655 affects the Linux kernel ALSA control path: snd_ctl_elem_add in sound/core/control.c does not correctly maintain user_ctl_count, enabling a local DoS via a large number of SNDRV_CTL_IOCTL_ELEM_REPLACE calls to /dev/snd/controlCX. Affected: Linux kernel prior to 3.15.2 (ALSA control ...
CVE-2021-20219
CVE-2021-20219: Linux kernel DoS in n_tty_receive_char_special (drivers/tty/n_tty.c). Local attacker with unprivileged user can delay the loop (ldata->read_head changes) due to a missing sanity check, impacting availability. The initial doc does not specify affected kernel versions, patches, o...
CVE-2021-47203
The CVE-2021-47203 entry describes a Linux kernel vulnerability in the lpfc SCSI driver (lpfc_drain_txq) where, on a failed attempt to pass requests to the adapter, a local failure message (fail_msg) is set and jobs may be added to the completions list, risking list corruption. The fixed behavior...
CVE-2022-3112
CVE-2022-3112 affects the Linux kernel up to 5.16-rc6. The issue is in amvdec_set_canvases (drivers/staging/media/meson/vdec/vdec_helpers.c) where kzalloc() return value is not checked, leading to a NULL pointer dereference. Connected sources confirm the same defect across various advisories (e.g...
CVE-2022-49305
CVE-2022-49305 affects the Linux kernel driver path drivers/staging/rtl8192u where a deadlock in ieee80211_beacons_stop() could occur. The root cause is a lock-order interaction: del_timer_sync() waited while holding ieee->beacon_lock in ieee80211_beacons_stop(), but the timer handler also nee...
CVE-2022-49309
CVE-2022-49309 (Linux kernel) describes a deadlock in drivers: staging: rtl8723bs, specifically in rtw_surveydone_event_callback(). The issue occurs when a thread holds pmlmepriv->lock inside the callback and calls del_timer_sync() to stop a timer that is also needed by the timer handler, caus...
CVE-2022-49325
CVE-2022-49325 affects the Linux kernel’s TCP path, specifically the snd_cwnd field. The advisory notes historical bugs where tp->snd_cwnd could be zero or otherwise illegal, and that syzbot WARN_ON_ONCE(!tp->prior_cwnd) could trigger. The fix introduces accessors to read/set tp->snd_cwn...
CVE-2023-4458
CVE-2023-4458 affects the Linux kernel ksmbd module, specifically in the parsing of extended attributes. The flaw stems from insufficient validation of user-supplied data, allowing an out-of-bounds read (read past the end of an allocated buffer) and enabling information disclosure on affected sys...
CVE-2023-51781
CVE-2023-51781 affects the Linux kernel up to version before 6.6.8, with a use-after-free in atalk_ioctl (net/appletalk/ddp.c) caused by a race in atalk_recvmsg. The issue is locally exploitable and has a high impact on confidentiality/integity/availability per CVSS. A patch is available in kerne...
CVE-2024-35949
CVE-2024-35949 affects the Linux kernel's btrfs subsystem. The root cause was that WRITTEN was not ensured on all metadata blocks, allowing potential corruption if extended leaf checks were skipped for blocks without WRITTEN. The fix adds checks to ensure WRITTEN is set and guarantees that __btrf...
CVE-2024-43912
CVE-2024-43912 in the Linux kernel affects the wifi nl80211 code:AP channel width setting is now disallowed when using non-standard widths (e.g., S1G or narrow channels). The issue arises from allowing non-standard AP channel widths while normal 20/40/… MHz progression is expected, and the patch ...
CVE-2024-46719
CVE-2024-46719 (Linux kernel) addresses a NULL pointer dereference in the USB Type-C UCSI code. The root cause is that ucsi_register_altmode considers NULL a valid alt pointer and, when CONFIG_TYPEC_DP_ALTMODE is disabled, ucsi_register_displayport can return NULL, leading to a NULL pointer deref...
CVE-2024-49926
CVE-2024-49926 affects the Linux kernel’s rcu-tasks path (rcu_tasks_need_gpcb). The root cause is an access to a non-existent percpu rtpcp variable when CONFIG_FORCE_NR_CPUS=y, causing nr_cpu_ids to resolve to NR_CPUS instead of the number of possible CPUs, which can lead to a kernel page fault a...
CVE-2024-49972
CVE-2024-49972 affects the Linux kernel DRM-AMD display path. The issue arises when creating DML memory during DC state changes: if the DML memory allocation fails, previously allocated memory was not deallocated, leaving an uninitialized, non-NULL structure. The documented fix deallocates the me...
CVE-2024-50004
CVE-2024-50004 affects the Linux kernel DRM/AMD display component, specifically the DML2 policy with EnhancedPrefetchScheduleAccelerationFinal for DCN35. The vulnerability stems from a mismatch in the DCN35 DML2 policy that caused bandwidth validation to fail, leading to an unexpected DPP pipe, g...
CVE-2024-50285
CVE-2024-50285 affects ksmbd in the Linux kernel. The issue occurs when a client issues simultaneous SMB operations, which can exhaust memory via ksmbd_work_cache and cause an OOM. A patch adds a check against exceeding max credits, treating each SMB request as consuming at least one credit to pr...
CVE-2025-37801
The CVE-2025-37801 issue affects the Linux kernel’s SPI driver for i.MX (spi-imx). The root cause is that spi_imx_setupxfer() may return an error while leaving rx/tx function pointers NULL, leading to a NULL pointer dereference during a PIO transfer path. The documented impact is a kernel crash w...
CVE-2025-37879
CVE-2025-37879 affects the Linux kernel 9p/net subsystem (p9_client_write/p9_client_read_once). The root cause is signed negative counts being treated as valid due to signed arithmetic; the fix converts relevant counters to unsigned. This vulnerability can lead to improper handling of bogus negat...
CVE-2010-4251
CVE-2010-4251 affects the Linux kernel up to version 2.6.34. The vulnerability lies in the socket backlog handling in net/core/sock.c, which allows remote attackers to cause memory exhaustion DoS by sending大量 network traffic (e.g., UDP via netperf). The issue is addressed by the 2.6.34 changelog ...
CVE-2011-1082
CVE-2011-1082 affects the Linux kernel prior to 2.6.38. The flaw is in fs/eventpoll.c where epoll file descriptors may be placed inside other epoll data structures without proper validation of closed loops or deep chains. This can let a local user cause a denial of service (deadlock or stack memo...
CVE-2018-11508
CVE-2018-11508 affects the Linux kernel’s compat_get_timex implementation in kernel/compat.c, allowing a local attacker to disclose kernel memory via adjtimex, with affected versions up to but before 4.16.9. The issue’s public fixes are documented in ChangeLog-4.16.9 and Ubuntu security advisorie...
CVE-2022-48990
CVE-2022-48990 affects the Linux kernel (drm/amdgpu) where a use-after-free could occur during GPU recovery due to fw_fence not being initialized before amdgpu_job_free_cb frees a job. The publicly provided details state the fix is in drm/amdgpu: fix use-after-free during gpu recovery, addressing...
CVE-2023-52584
CVE-2023-52584 refers to a Linux kernel issue in the spmi: mediatek driver where a use‑after‑free occurs on device removal: the pmif driver clocks are freed after spmi_controller, but the clocks are accessed via devres, leading to UAF. The documented fix uses an unmanaged clk_bulk_get() and frees...
CVE-2023-52975
CVE-2023-52975 affects the Linux kernel SCSI/iscsi_tcp component. A use-after-free (UAF) can occur during iSCSI session logout if another task accesses the shost ipaddress attribute, triggering KASAN reports. The issue has concrete fixes in the Linux kernel (e.g., commits in the referenced reposi...
CVE-2023-53100
CVE-2023-53100 affects the Linux kernel ext4 inline data handling. The issue arises in ext4_update_inline_data when ext4_xattr_shift_entries changes i_inline_off, causing an incorrect inline offset and, during get_max_inline_xattr_value_size, an entry that leads to free calculations becoming nega...
CVE-2024-26647
CVE-2024-26647 affects the Linux kernel DRM/AMD display component. In link_set_dsc_pps_packet(), a dereference of struct display_stream_compressor *dsc could occur (dsc->ctx->logger) before a NULL pointer check, enabling a potential crash when the dsc pointer is NULL. The issue has been fix...
CVE-2024-26942
CVE-2024-26942 (Linux kernel) affects the qcom at803x PHY driver (at8031) in the Linux kernel. The root cause is a NULL dereference where the private data (priv) is referenced before it has been allocated during the driver’s rework/split, causing a kernel panic when probing at8031. The fix ensure...
CVE-2024-46730
CVE-2024-46730 is a Linux kernel vulnerability in drm/amd/display where tg_inst could be -1 (negative) if timing_generator_count equals 0. The patch fixes two related overrun issues by ensuring the array index tg_inst is never used when invalid, preventing potential out-of-bounds operations. The ...
CVE-2024-46755
CVE-2024-46755 affects the Linux kernel mwifiex wifi driver. The vulnerability occurs when mwifiex_get_priv_by_id() returns a priv pointer for a given bss_num/bss_type without verifying the priv is in use, leading to NULL pointer dereferences down the call stack when an AP is started (e.g., via w...
CVE-2024-46836
CVE-2024-46836 in the Linux kernel affects usb: gadget: aspeed_udc. The issue is a missing bound check for the endpoint index, which may allow an out-of-bounds access to the endpoint array if the host manipulates the index. Descriptions and Nessus references confirm this bound-check root cause an...
CVE-2024-49908
CVE-2024-49908: In the Linux kernel, the AMDGPU display driver (amdgpu_dm) had a missing null check for theafb in amdgpu_dm_update_cursor, risking a null pointer dereference. The fix adds a null check and moves the check to the point of use (line where afb is accessed). Affects drm/amd/display co...
CVE-2024-50111
CVE-2024-50111 affects LoongArch Linux kernel where unaligned access can trigger in irq-enabled context; do_ale() may call get_user(), causing sleep and BUG: sleeping function called from invalid context. The fix described in the unpatched Nessus entry is to enable IRQ handling for unaligned acce...
CVE-2010-0307
CVE-2010-0307 affects the Linux kernel (x86_64) prior to 2.6.32.8 where load_elf_binary in fs/binfmt_elf.c may call SET_PERSONALITY before confirming the ELF interpreter exists, enabling a local DoS via a 32-bit process launching a 64-bit one and triggering a segmentation fault (flush_old_exec re...
CVE-2010-2492
CVE-2010-2492 affects the Linux kernel’s eCryptfs component: a buffer overflow in the ecryptfs_uid_hash macro (fs/ecryptfs/messaging.c) could allow local privilege escalation or a denial of service. The MiracleLinux AXSA advisory lists this CVE among kernel issues and specifies the flaw occurs in...
CVE-2010-2959
The CVE-2010-2959 issue affects the Linux kernel CAN subsystem, specifically the can/bcm.c implementation, due to an integer overflow vulnerability. This flaw can allow local attackers to execute arbitrary code or cause a system crash (DoS) via crafted CAN traffic. Public advisories confirm vulne...
CVE-2010-3849
CVE-2010-3849 affects the Linux kernel’s econet_sendmsg path (net/econet/af_econet.c) prior to 2.6.36.2, when an Econet address is configured. A local user can trigger a denial of service by issuing a sendmsg with a NULL remote address, causing a NULL pointer dereference and OOPS. The correspondi...
CVE-2010-4346
The vulnerability CVE-2010-4346 affects the Linux kernel: install_special_mapping in mm/mmap.c before 2.6.37-rc6 does not call security_file_mmap as expected, allowing local users to bypass mmap_min_addr restrictions and potentially trigger NULL pointer dereference via a crafted assembly-language...
CVE-2011-2213
The CVE-2011-2213 issue concerns the Linux kernel vulnerability in inet_diag_bc_audit (net/ipv4/inet_diag.c) present before 2.6.39.3. Affected component audits INET_DIAG bytecode and, when processing crafted INET_DIAG_REQ_BYTECODE messages (e.g., an INET_DIAG_BC_JMP with a zero yes value), allows...