16 matches found
CVE-2024-27032
CVE-2024-27032 affects the Linux kernel f2fs subsystem. During recovery, if FAULT_BLOCK is enabled, f2fs_reserve_new_block() may return -ENOSPC, potentially causing a kernel panic. Additionally, with fault-injection rate 1 and only FAULT_BLOCK enabled, a deadloop in block reservation may occur. T...
CVE-2024-39503
CVE-2024-39503 : Linux kernel netfilter ipset race in the list:set type (namespace cleanup vs. gc) has a confirmed fix. The issue was a race that could cause use-after-free by GC data being accessed after the set is destroyed. The patch changes destruction order: when destroying all sets, first r...
CVE-2023-52607
CVE-2023-52607 is a Linux kernel vulnerability affecting the powerpc architecture, where a null-pointer dereference could occur in pgtable_cache_add due to a potentially NULL kasprintf() return when memory allocation fails. The issue arises because kasprintf() can return NULL and the code did not...
CVE-2024-41055
CVE-2024-41055 : Linux kernel vulnerability in the mm subsystem where a NULL pointer dereference could occur in pfn_section_valid() due to a race with section_deactivate() and an insufficient READ_ONCE() around ms->usage. The fix adds a value check on ms->usage before dereferencing and reli...
CVE-2024-36972
CVE-2024-36972 : In the Linux kernel, a race between __unix_gc() and queue_oob() can occur for unix sockets if MSG_OOB is queued while unix_sk(sk)->oob_skb is being garbage-collected. The code previously touched oob_skb without holding the sk_receive_queue lock, allowing a concurrent update to...
CVE-2025-23138
CVE-2025-23138: In the Linux kernel, watch_queue: fix pipe accounting mismatch. watch_queue_set_size() updated charged pipe buffers for user->pipe_bufs but did not update pipe->nr_accounted due to pipe_resize_ring() guard, risking underflow when a pipe is freed and causing failures in too_m...
CVE-2024-42102
CVE-2024-42102 concerns a Linux kernel vulnerability in the dirty throttling path used by the mm/wb subsystem. The issue centers on assuming that dirty limits in page units fit in 32 bits and a patch series titled “mm: Avoid possible overflows in dirty throttling” was applied. The entry notes tha...
CVE-2025-23151
CVE-2025-23151 concerns a race in the Linux kernel’s bus: mhi: host path. A client driver quiesces via mhi_unprepare_from_transfer() while data may still be processed, potentially causing a call to mhi_queue_buf() that triggers mhi_gen_tre(). If mhi_gen_tre() runs after the channel teardown, an i...
CVE-2024-27400
CVE-2024-27400 affects the Linux kernel: drm/amdgpu, specifically amdgpu_ttm_move(). The issue is with move/ notification ordering—notifications must be sent before the actual move so DMA-buf and VM move notifications have the correct order; after a move, the old location becomes unavailable. The...
CVE-2024-42273
CVE-2024-42273 is a Linux kernel vulnerability affecting f2fs where CURSEG_ALL_DATA_ATGC is incorrectly assigned to COMPR_ADDR when the page is GC’d with gcing flag, causing a kernel BUG at fs/f2fs/segment.c:3589 during writeback. The scenario involves creating a small file on a compressed f2fs f...
CVE-2024-26750
CVE-2024-26750 affects the Linux kernel. The vulnerability was in af_unix garbage collection: a self-referencing oob_skb/FD scenario could cause __unix_gc() to hang due to a loop that fails to purge inflight sockets. The fix drops the oob_skb reference before purging the queue, allowing __skb_que...
CVE-2024-26792
CVE-2024-26792 : Linux kernel bug in btrfs snapshot creation can cause a double free of an anonymous device number. Root cause: during snapshot creation, anon_dev is allocated, later freed in nested calls, and if the transaction path fails, the same anon_dev may be freed again even if it has been...
CVE-2024-35813
CVE-2024-35813 affects the Linux kernel mmc/core component. Root cause: a negative index is used when accessing idatas[i-1] without ensuring i > 0, leading to an out-of-bounds access. The fixed commit adds a proper check to prevent the negative index. The vulnerability’s practical impact is de...
CVE-2026-23003
CVE-2026-23003 : In the Linux kernel’s IPv6 tunnel receive path (ip6_tunnel, __ip6_tnl_rcv), VLAN encapsulations were not handled correctly due to a failed VLAN-aware pull in the decapsulation path. The fix substitutes skb_vlan_inet_prepare() for pskb_inet_may_pull() to properly accommodate VLAN-...
CVE-2026-43024
CVE-2026-43024 affects Linux kernel nf_tables/netfilter: nf_queue. The issue is that immediate NF_QUEUE verdicts were emitted and could be misused; upstream patch rejects immediate NF_QUEUE verdicts to fix it. Downstream advisories indicate fixes implemented in kernel updates (e.g., upstream kern...
CVE-2026-53291
CVE-2026-53291 affects the Linux kernel ALSA hda/conexant driver. The root cause is the ignored return value from snd_hda_jack_detect_enable_callback() in cx_probe(); if the call fails, an error pointer is returned and not checked, potentially leading to a crash when jack events are handled. The ...