CVE-2025-37856

CVE-2025-37856: Linux kernel fix for btrfs block_group::bg_list list_del() race conditions. The description and openSUSE advisory indicate this vulnerability could lead to refcount mismanagement on bg_list entries when racing with mark_bg_unused()/bg_to_reclaim in non-writable/transaction-error p...

CVE-2010-3079

CVE-2010-3079 affects the Linux kernel up to version 2.6.35.4, specifically in kernel/trace/ftrace.c when debugfs is enabled. The issue arises from interaction between mutex possession and llseek, causing a NULL pointer dereference and outage of all ftrace-related files, leading to a local DoS. A...

CVE-2010-4347

CVE-2010-4347 affects the Linux kernel’s ACPI subsystem. The vulnerability arises in the debugfs interface (custom_method file) which, due to world-writable 0222 permissions, lets a local user place a custom ACPI method in interpreter tables via acpi_debugfs_init in drivers/acpi/debugfs.c. This c...

CVE-2012-2123

CVE-2012-2123 affects the Linux kernel up to version 3.3.3, where cap_bprm_set_creds in security/commoncap.c mishandles file-system capabilities (fcaps) for implementing a privileged executable. This can let local users bypass personality restrictions via a crafted application, demonstrated by an...

CVE-2013-1860

CVE-2013-1860 is a heap-based buffer overflow in the Linux kernel’s wdm_in_callback (drivers/usb/class/cdc-wdm.c) present in versions prior to 3.8.4. The vulnerability allows physically proximate attackers to crash the system or potentially execute arbitrary code through a crafted cdc-wdm USB dev...

CVE-2013-1943

CVE-2013-1943 affects the KVM subsystem of the Linux kernel prior to 3.0. It arises because memory slots in a guest’s physical address space may be allocated without validating kernel addresses, enabling local users to gain privileges or read kernel memory. Affected components: arch/x86/kvm/pagin...

CVE-2014-0155

The CVE-2014-0155 entry concerns the Linux kernel up to 3.14.1, where the ioapic_deliver function in virt/kvm/ioapic.c does not properly validate the return value of kvm_irq_delivery_to_apic. This can allow a guest OS user to trigger a host OS denial of service (host crash) via a crafted entry in...

CVE-2021-47407

The CVE-2021-47407 issue is in the Linux kernel's KVM x86 code related to SRCU initialization during page track setup. The root cause is a missing validation of init_srcu_struct()’s return value, which can fail (e.g., due to OOM) and lead to a NULL pointer dereference found by a modified syzkalle...

CVE-2021-47490

CVE-2021-47490 affects the Linux kernel DRM memory management (drm/ttm). The issue is a memleak during ttm_transfered_destroy, and the fix includes cleanup of fences for ghost objects. The available connected advisories/policy notes confirm the vulnerability is fixed by kernel patches; no exploit...

CVE-2022-3110

CVE-2022-3110 affects the Linux kernel (through 5.16-rc6) and is tied to the r8188eu wireless driver. The vulnerability is in _rtw_init_xmit_priv (drivers/staging/r8188eu/core/rtw_xmit.c), where the return value of rtw_alloc_hwxmits() is not checked, which may lead to a NULL pointer dereference. ...

CVE-2022-49138

CVE-2022-49138 in the Linux kernel Bluetooth hci_event path caused memory corruption when multiple conn complete events arrive for the same handle. The vulnerability arises because the device could be registered multiple times for a single connection. The fixes add handling to ignore redundant ev...

CVE-2022-49281

CVE-2022-49281 affects Linux kernel CIFS multiuser handling: each user has a separate tcon and handle for a cached directory, but on unmount the kernel must release the pinned dentry for every tcon rather than only the master tcon. If not, unmount can emit warnings of in-use dentries. The issue i...

CVE-2022-49447

CVE-2022-49447 concerns the Linux kernel on ARM/HiSilicon where of_find_compatible_node increments the device_node refcount but no corresponding of_node_put was invoked, causing a refcount leak. The fix removes the leak by adding of_node_put after of_find_compatible_node. Affected software is the...

CVE-2022-49453

Summary (CVE-2022-49453) : In the Linux kernel, the TI SoC power-domain driver (soc: ti: ti_sci_pm_domains) might dereference a NULL pointer if devm_kcalloc returns NULL. The recommended fix is to check the allocation result and return -ENOMEM, mirroring the handling in earlier code paths. The is...

CVE-2023-52640

CVE-2023-52640 (Linux kernel ntfs3): The issue is a local, out-of-bounds in ntfs_listxattr where the length of the name must not exceed the allocated EA space. Affected code path is in the ntfs3 filesystem. The connected Astra Linux advisory confirms the same vulnerability and indicates a resolve...

CVE-2023-52789

CVE-2023-52789 : In the Linux kernel, the vulnerability affects the tty/vcc path (vcc_probe). The root cause is failure to check the return value of kstrdup(), risking a NULL pointer dereference. The fix adds a check for kstrdup() and returns an error if it fails. This resolves the issue by preve...

CVE-2024-35929

The CVE-2024-35929 issue affects the Linux kernel in the rcu_nocb path, specifically when CONFIG_RCU_NOCB_CPU_DEFAULT_ALL=y and CONFIG_RCU_LAZY=y. It can trigger WARN_ON_ONCE in rcu_nocb_bypass_lock() and rcu_nocb_wait_contended(), potentially exposing a local-privilege or local-execution impact ...

CVE-2024-36969

The CVE-2024-36969 issue affects the Linux kernel drm/amd/display component, specifically a division-by-zero in setup_dsc_config when slice_height is 0, which could crash the amdgpu driver and reboot the system. The patch introduces a guard to avoid dividing by zero (dc_dsc.c:1053; dc_dsc_compute...

CVE-2025-37880

CVE-2025-37880 affects the Linux kernel where sched_yield may not yield in time-travel mode due to a poorly implemented userspace spinlock in ASAN. The fix adds accounting of time to the process on every sched_yield to ensure proper scheduling. Impact can be extreme slowdown or deadlock depending...

CVE-2025-37983

CVE-2025-37983 is a Linux kernel issue where an inode allocation path could leak a dentry due to an OOM related leak in qibfs. The description confirms the vulnerability was resolved by a fix merged in the kernel ("qibfs: fix another leak"). Public connected sources (Azure Linux, Astra Linux, and...

CVE-2025-37991

CVE-2025-37991 describes a PA-RISC (parisc) Linux kernel issue where a SIGFPE exception can crash an application if a second SIGFPE is delivered in the signal handler. The root cause is traced to glibc using a double-word floating-point store to atomically update function descriptors, causing a t...

CVE-2010-4248

The CVE-2010-4248 issue affects the Linux kernel prior to 2.6.37-rc2. It is a race condition in the __exit_signal function (kernel/exit.c) that can be triggered by multithreaded exec paths, with related dynamics involving a thread group leader in kernel/posix-cpu-timers.c and the reassignment of ...

CVE-2010-4263

The CVE-2010-4263 issue involves the Intel igb driver (drivers/net/igb/igb_main.c) in the Linux kernel and its handling of VLAN-tagged frames when SR-IOV and promiscuous mode are enabled but no VLANs are registered. In kernels before 2.6.34, processing such frames could trigger a NULL pointer der...

CVE-2010-4342

Vulnerability (CVE-2010-4342) in the Linux kernel affects the AUN path when Econet is enabled. The flaw is in the aun_incoming function (net/econet/af_econet.c) and allows remote attackers to trigger a NULL pointer dereference and kernel OOPS, causing a denial of service via UDP-based Acorn Unive...

CVE-2011-2497

CVE-2011-2497 is a Linux kernel Bluetooth L2CAP underflow/overflow issue. The vulnerability arises from an integer underflow in l2cap_config_req in net/bluetooth/l2cap_core.c, enabling remote attackers to trigger a heap memory corruption or buffer overflow via a small command-size value in an L2C...

CVE-2014-0049

CVE-2014-0049 affects the Linux kernel up to version 3.13.5 via a buffer overflow in the complete_emulated_mmio path of arch/x86/kvm/x86.c. The flaw allows a guest OS user to trigger an invalid memory copy that can lead to arbitrary code execution on the host. The published fix is in Linux kernel...

CVE-2014-1690

The vulnerability CVE-2014-1690 affects the Linux kernel’s net/netfilter/nf_nat_irc.c before 3.12.8. An IRC DCC session with incorrect NAT mangle data can allow a remote attacker to read kernel memory. Impact is information disclosure; exploitation context is remote over the network. The fixed ve...

CVE-2019-16921

In the Linux kernel before 4.17, hns_roce_alloc_ucontext in drivers/infiniband/hw/hns/hns_roce_main.c does not initialize the resp data structure, which may allow attackers to read sensitive information from kernel stack memory (CID-df7e40425813). This CVE affects the kernel code path associated ...

CVE-2021-47086

The CVE-2021-47086 entry concerns the Linux kernel Phonet/pep path. The connected Astra Linux bulletin repeats that the vulnerability arises in an ioctl that refines enabling an unbound pipe, where the socket may not be bound to a valid Phonet object. If the socket is not bound, two issues occur:...

CVE-2021-47434

CVE-2021-47434 concerns the Linux kernel xHCI host controller where command ring pointer corruption could occur while aborting a command. The issue arises because the 64-bit CRCR is written in two 32-bit writes; when the upper 32 bits are not updated (they may remain zero) due to the command ring...

CVE-2021-47547

CVE-2021-47547 is a Linux kernel vulnerability in the tulip de4x5 driver. The fix prevents an out-of-bounds access of the array lp->phy[8] when the loop ends with k==8, which could occur if all ids in lp->phy[8] are non-zero. The connected Astra Linux bulletin mirrors this kernel issue and ...

CVE-2021-47632

CVE-2021-47632 affects the Linux kernel on PowerPC where a spin_lock in change_page_attr() for set_memory caused spinlock recursion. The fix removes the read/modify/write sequence and the spin_lock(), and uses atomic handling of page-flag sets (_PAGE_KERNEL_RO/ROX/RW/RWX) by comparing flag sets t...

CVE-2022-48858

CVE-2022-48858 - Linux kernel mlx5 race (net/mlx5): The vulnerability results from a race on command flush, causing a refcount use-after-free when a command is freed while another process may still access it. The root cause is improper synchronization around command entry refcount, leading to a p...

CVE-2022-48979

Summary: CVE-2022-48979: in the Linux kernel, the DRM/AMD display DCN32 DML path had an array index out-of-bounds. Root cause: the LinkCapacitySupport array was indexed by the number of voltage states rather than the total number of voltage states (the max DPPs), causing an out-of-bounds access. ...

CVE-2022-49055

CVE-2022-49055 : In the Linux kernel, the drm/amdkfd code fixes a null-pointer dereference risk by validating the return value of kmalloc_array(). The vulnerable path could dereference event_waiters[i].wait if kmalloc_array() returns NULL. The fix adds a NULL check before using the allocated memo...

CVE-2023-53008

CVE-2023-53008 (Linux kernel): CIFS session setup fix to prevent memory leaks by freeing cifs_ses::auth_key.response before allocating it. This addresses potential memory leaks during reconnect or mounting. The advisory states the fix in the CIFS session setup path; no exploit specifics are provi...

CVE-2023-53098

CVE-2023-53098 summary (Linux kernel) : The vulnerability resides in the Media driver gpio-ir-recv under media: rc, where an added remove function plus runtime-pm cleanup is required. If runtime PM is enabled, systems must perform runtime PM cleanup to remove a cpu-latency QoS request; otherwise,...

CVE-2024-57875

Summary of CVE-2024-57875 (Linux kernel): A block-layer memory-reference issue was resolved by ensuring proper RC(U) protection when a disk’s conventional-zones bitmap is updated. The fix adds RCU-aware handling around disk->conv_zones_bitmap access: disk_zone_is_conv() now operates under the ...

CVE-2024-58012

CVE-2024-58012 affects the Linux kernel ASoC: SOF Intel hda-dai path. The vulnerability arises from topologies not creating the correct number of DAI widgets for aggregated amps, allowing a NULL pointer dereference when associating a CPU DAI with a widget. The fixed code adds a validity check to ...

CVE-2010-4079

CVE-2010-4079 affects the Linux kernel ivtvfb driver (ivtvfb_ioctl in drivers/media/video/ivtv/ivtvfb.c) prior to 2.6.36-rc8. The root cause is failure to initialize a structure member, enabling local users to leak information from kernel stack memory via the FBIOGET_VBLANK ioctl. Affected versio...

CVE-2014-2038

CVE-2014-2038 affects the Linux kernel via the nfs_can_extend_write flaw in fs/nfs/write.c (before 3.13.3). The vulnerability relies on a write delegation to extend a write operation without an up‑to‑date verification, enabling local attackers to obtain sensitive kernel memory data by writing to ...

CVE-2021-47181

The CVE-2021-47181 issue affects the Linux kernel code path for usb: musb: tusb6010. The root cause is a missing NULL check after platform_get_resource(), which can lead to a NULL pointer dereference if platform_get_resource() returns NULL. Public sources describe the vulnerability and impact as ...

CVE-2021-47210

The CVE-2021-47210 issue affects the Linux kernel USB Type-C subsystem (tipd) specifically in tps6598x_block_read. The fix removes a WARN_ON and ensures that calls with length exceeding the allowed maximum return an error instead of triggering a crash under panic-on-warn. This change mitigates lo...

CVE-2021-47550

CVE-2021-47550 corresponds to a memleak in the Linux kernel DRM/AMD amdgpu path. Specifically, amdgpu_get_xgmi_hive may leak if kobject_init_and_add fails and kobject_put is not called. The connected Nessus/OpenVAS advisories reproduce this description and reference kernel-level fixes in the amdg...

CVE-2022-48634

Summary of CVE-2022-48634 (Linux kernel) : Affects the gma500/GPU path in the Linux kernel. The fault was that gma_crtc_page_flip() held the event_lock spinlock while calling crtc_funcs->mode_set_base(), which takes ww_mutex, creating a sleeping context in an invalid path. The unlock should oc...

CVE-2022-48792

CVE-2022-48792 - Linux kernel (scsi: pm8001): A use-after-free can occur when a sas_task is aborted by the upper layer before I/O completion is handled in mpi_ssp_completion() or mpi_sata_completion(). The two steps (inform upper layer with complete() and release resources in pm8001_ccb_task_free...

CVE-2022-49102

CVE-2022-49102 affects the Linux kernel. The issue, resolved by a patch from habanalabs, fixes a memory leak in the MMU DR finalization path when the host-resident shadow is NULL, which can occur because the DR and HR are not dependent. The patch addresses a copy-paste error and prevents the leak...

CVE-2022-49311

CVE-2022-49311 concerns a deadlock in the Linux kernel driver rtl8192bs (rtw_joinbss_event_prehandle) where a timer deletion under a spin_lock_bh caused a timer handler to wait on the same lock. The issue manifested as two threads blocking each other, risking an infinite hang. The documented fix ...

CVE-2022-49335

CVE-2022-49335 concerns the Linux kernel DRM/AMDGPU path. The issue arises when a compute submit command (cs) is sent with 0 chunks, which is illegal and leads to a kernel oops later, specifically a NULL pointer dereference in amdgpu_cs_ioctl. Affected evidence shows a crafted 0-chunk submission ...

CVE-2023-52500

CVE-2023-52500 concerns the Linux kernel’s SCSI pm80xx driver. The issue was an information leakage risk where tags allocated for the OPC_INB_SET_CONTROLLER_CONFIG command were not freed when the response was processed, potentially exposing tag-related data. The connected advisories (e.g., Tencen...