8 matches found
CVE-2023-35001
CVE-2023-35001 is a Linux kernel nftables vulnerability where the nft_byteorder expression mishandles vm register contents when CAP_NET_ADMIN exists in any user or network namespace, causing an out-of-bounds read/write in the nf_tables nft_byteorder path. Public references in the provided documen...
CVE-2024-38598
CVE-2024-38598 — Linux kernel (md/raid10) softlockup during resync Technical details from the provided documents indicate that the issue arises in the md bitmap synchronization path for raid10 during lvextend/lvchange --syncaction, leading to a soft lockup (CPU 3) due to a logic error in md_bitma...
CVE-2024-26766
CVE-2024-26766 affects the Linux kernel’s IB/hfi1 path. The root cause is an off-by-one error in the sdma.h tx descriptor handling that, when a send consists of six descriptors and requires a seventh-dword padding, prevents proper expansion of the sdma_txreq descriptor array. This overflow can co...
CVE-2024-50040
CVE-2024-50040 concerns the igb driver in the Linux kernel. The issue stemmed from igb_io_error_detected() treating transient non-fatal PCIe errors as non-fatal, which could lead igb_io_resume() to assume the device was still up and attempt a bring-up, causing a kernel panic during recovery from ...
CVE-2024-48881
CVE-2024-48881 concerns the Linux kernel’s bcache implementation. The issue was a NULL pointer dereference risk in cache_set_flush() caused by a changed check: the code could access c->root when previous registration failed before c->root was allocated. The patch reverts the IS_ERR check to...
CVE-2023-52838
CVE-2023-52838 – Linux kernel fbdev: imsttfb resource leak (probe) . The issue arises when init_imstt() fails and the code does not call iounmap(par->cmap_regs), leading to a resource leak in probe. The vulnerability is addressed by rewriting the error handling to ensure iounmap(par->cmap_r...
CVE-2025-39860
CVE-2025-39860 – Linux kernel Bluetooth UAF in l2cap_sock_cleanup_listen() . The vulnerability arises from a race between bt_accept_dequeue() and l2cap_sock_cleanup_listen() where a socket could be freed while another path still holds a reference. The root cause is a race in the l2cap_sock_cleanu...
CVE-2026-45954
CVE-2026-45954 concerns the Linux kernel fbdev driver (au1200fb). The issue arises when au1200fb_drv_probe fails at platform_get_irq: it returns an error without freeing allocated memory, causing a memory leak. A patch adds proper cleanup via a goto label to release resources. Red Hat notes the f...