114 matches found
CVE-2024-26870
CVE-2024-26870 describes a Linux kernel vulnerability in NFSv4.2 where listxattr could trigger a kernel BUG in mm/usercopy.c when size handling is incorrect. The connected Astra Linux entry mirrors the issue and provides a concrete fix: modify nfs4_listxattr() so that if size > 0 and the funct...
CVE-2021-47055
CVE-2021-47055 — Linux kernel mtd ioctl protection bug Connected sources confirm a concrete Linux kernel vulnerability in the mtd subsystem: certain ioctls (MEMLOCK, MEMUNLOCK, OTPLOCK) modify protection bits and historically required write permission, with MEMLOCK potentially being write-once on...
CVE-2022-48817
CVE-2022-48817 is a Linux kernel issue affecting the ar9331 MDIO switch under the DSA subsystem. The root cause is that mdiobus registration was done under devres and could be freed by devm_mdiobus_free() via device core shutdown, leading to a panic if the bus was still registered. The advisory e...
CVE-2021-46987
CVE-2021-46987: Linux kernel/btrfs deadlock when cloning inline extents with qgroups. Root cause: while cloning, a transaction flush can occur with destination iotree range locked and delalloc flush needing the same range, potentially deadlocking. This occurs specifically when qgroups reserve met...
CVE-2021-46983
CVE-2021-46983 corresponds to a Linux kernel issue in nvmet-rdma where a NULL pointer dereference could occur when SEND completes with error. The root cause is that nvmet_rdma_error_comp attempted to access the cq_context to obtain the queue, but the cq_context is no longer valid after switching ...
CVE-2021-47060
CVE-2021-47060 affects the Linux kernel KVM MMIO coalesced zones. When kvm_io_bus_unregister_dev() fails to allocate memory for a new bus instance, unregister_dev() destroys all devices on the bus except the target, but does not notify the caller, which can lead to a deleted list entry being dere...
CVE-2024-27047
CVE-2024-27047 affects the Linux kernel: net: phy: fix phy_get_internal_delay accessing an empty array. The issue occurs when a driver calls phy_get_internal_delay without defining delay_values and rx-/tx-internal-delay-ps is 0 in device-tree, risking a NULL pointer dereference and kernel oops. A...
CVE-2024-27045
Summary: CVE-2024-27045 affects the Linux kernel DRM AMD display path (amdgpu_dm). The vulnerability is a potential buffer overflow in dp_dsc_clock_en_read() caused by unsafe snprintf usage. The patch tightens the snprintf output limit from 30 to 10 bytes, mitigating overflow. The issue is tied t...
CVE-2024-27393
CVE-2024-27393 involves the Linux kernel: xen-netfront missing skb_mark_for_recycle call due to history of page_pool_release_page usage. The root cause is that skb_mark_for_recycle() was introduced after fixes tag and a missing call to page_pool_release_page() in older revisions (v5.9–v5.14). Fro...
CVE-2020-25704
CVE-2020-25704 describes a memory leak in the Linux kernel perf subsystem when using PERF_EVENT_IOC_SET_FILTER, enabling a local user to exhaust resources and cause a denial of service. The vulnerability is reiterated across multiple advisories (e.g., ALAS2KERNEL, ALAS-2020-1566, Debian/AlmaLinux...
CVE-2023-31248
CVE-2023-31248 is a Linux kernel nf_tables (nftables) use-after-free vulnerability. The issue occurs in nf_tables when using nft_chain_lookup_byid, where a chain’s active state wasn’t properly checked, enabling a local attacker with CAP_NET_ADMIN in any user or network namespace to escalate privi...
CVE-2024-42230
In CVE-2024-42230, the Linux kernel on pseries PowerPC is affected by a scv instruction crash when kexec is used. The root cause is that kexec on pseries disables AIL (reloc_on_exc), required for scv instruction support, before all CPUs have been shut down, allowing scv instructions to execute af...
CVE-2024-44989
CVE-2024-44989 is a Linux kernel vulnerability affecting bonding with xfrm offload, caused by setting real_dev to NULL (callbacks assume real_dev is always set). This can lead to a null-pointer dereference in offload/add SA paths (notably bond_ipsec_offload_ok/nsim_ipsec_offload_ok) when SA setup...
CVE-2024-44990
CVE-2024-44990 is a Linux kernel vulnerability fixed in the bonding subsystem: the function bond_ipsec_offload_ok dereferenced a pointer without validating an active slave, risking a NULL pointer dereference. The connected docs confirm the root cause (checking for an active slave before dereferen...
CVE-2023-4147
CVE-2023-4147 is a local-privilege-escalation use-after-free in the Linux kernel nf_tables/netfilter code. The flaw occurs when adding a rule with NFTA_RULE_CHAIN_ID, where nft_tables_delrule or related NFT rule handling can release objects in a way that leaves a dangling pointer, enabling local ...
CVE-2023-3610
The CVE-2023-3610 issue is a use-after-free in the Linux kernel nf_tables (netfilter) logic, specifically in the NFT_MSG_NEWRULE abort path, caused by flawed error handling of bound chains. This vulnerability can enable local privilege escalation for an attacker possessing CAP_NET_ADMIN, within a...
CVE-2022-33743
CVE-2022-33743 maps to a Xen netfront memory-handling issue in the Linux kernel where SKBs with retained references can be freed, caused by a label move while adding XDP support. This can lead to use-after-free in the network backend and a potential Denial of Service when interacting with the Xen...
CVE-2024-26665
CVE-2024-26665 (Linux kernel) fixes a out-of-bounds access when constructing IPv6 PMTU ICMP errors in tunnels, triggered if the ICMPv6 error is built from a non-linear skb. The root cause is a slab-out-of-bounds read/write in the path that sums skb data (read of size 4) during PMTU error handling...
CVE-2024-26707
The connected documents provide concrete details for CVE-2024-26707: in the Linux kernel net/hsr code, WARN_ONCE() in send_hsr_supervision_frame() is removed and replaced with netdev_warn_once(), and a similar change is suggested for send_prp_supervision_frame() to quiet syzkaller warnings. This ...
CVE-2024-47748
CVE-2024-47748: Linux kernel vhost_vdpa code fixes an irq bypass producer token life-cycle bug. The token formerly registered in vhost_vdpa_setup_vq_irq() could outlive the eventfd_ctx, risking use-after-free when the eventfd is released. The patch binds the token lifecycle to VHOST_SET_VRING_CAL...
CVE-2024-26661
Public technical details for CVE-2024-26661 are not provided in the connected documents; monitor for updates from vendors/advisories.
CVE-2024-27431
Technical details (affected products, impact, exploit info, and remediation specifics) are not publicly provided in the supplied documents. Monitor for official updates and vendor advisories for CVE-2024-27431.
CVE-2024-36889
CVE-2024-36889 concerns the Linux kernel’s MPTCP code. The issue arises when a client falls back to TCP during connect, and snd_nxt is not initialized yet; an incoming ACK could copy that uninitialized value into snd_una. If the MPTCP worker then re-injects data, it may trigger a cleanup using a ...
CVE-2023-4015
CVE-2023-4015 describes a use-after-free in the Linux kernel nf_tables component of netfilter, enabling local privilege escalation. The issue arises when building a nftables rule: deactivating immediate expressions in nft_immediate_deactivate() can unbind a chain and deactivate objects that are l...
CVE-2024-26662
The CVE CVE-2024-26662 affects the Linux kernel DRM/AMD display path. A null pointer dereference could occur in dcn21_set_backlight_level() when panel_cntl is NULL, potentially crashing the GPU/display path. The fix introduces a null-check for panel_cntl before dereferencing and updates dcn21_hws...
CVE-2024-40931
CVE-2024-40931 (Linux kernel) : Affected component is the kernel’s mptcp code. The issue arose when a Subflow key snd_una remained uninitialized on connect due to a sequencing bug (snd_nxt and write_seq initialization order). The root cause is triggered by syzkaller’s retransmit path after fallba...
CVE-2023-3777
CVE-2023-3777 is a use-after-free in Linux kernel nf_tables (netfilter). When nf_tables_delrule() flushes table rules, it may release objects if the chain is bound, enabling local privilege escalation. Mitigation: upgrade past commit 6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8 (Linux kernel versions...
CVE-2024-38605
CVE-2024-38605 : In the Linux kernel, the ALSA core code fixed a NULL module pointer handling during snd_card initialization. The patch moves the assignment of card->module outside the MODULE check to ensure the driver’s module reference is correctly tracked when the core is built-in but the c...
CVE-2024-50028
CVE-2024-50028 is confirmed in connected documents as a Linux kernel vulnerability related to the thermal subsystem. The flaw occurs in the thermal: core: Reference count handling in thermal_zone_get_by_id(), where the thermal zone object could be accessed after it may have been freed. The adviso...
CVE-2022-48915
CVE-2022-48915 affects the Linux kernel thermal subsystem. The issue was a NULL pointer dereference in TZ_GET_TRIP when a thermal zone defines no trip, caused by an unsafe call path to get_trip_hyst(). The fix prevents calling get_trip_hyst() if the thermal zone lacks a trip, as described in the ...
CVE-2024-26718
CVE-2024-26718 concerns the Linux kernel. The description and connected Astra Linux bulletin confirm a memory-corruption risk in dm-crypt and dm-verity tasklets due to the tasklet handling path (tasklet_action_common calling tasklet_trylock, running the callback, then tasklet_unlock). The propose...
CVE-2025-23150
CVE-2025-23150 : In the Linux kernel, an off-by-one error in ext4’s do_split caused a use-after-free in ext4_insert_dentry from an out-of-bounds access during directory entry splitting. The issue can lead to a use-after-free in ext4_insert_dentry and related ext4/namei.c code paths when handling ...
CVE-2022-49663
CVE-2022-49663 affects the Linux kernel in the tunneling path used by Genefe/IPv4 tunnels. The root cause is an assumption that skb->mac_header is set in skb_tunnel_check_pmtu(); debug added in a kernel commit triggered a warning in ndo_start_xmit() paths, since skb->data should point to th...
CVE-2025-23145
CVE-2025-23145 affects the Linux kernel (MPTCP) and describes a NULL-pointer dereference in the mptcp_can_accept_new_subflow path. The root cause is that subflow_req->msk ownership could be transferred to a subflow on the first path, creating a window where a second SYN-ACK could be processed ...
CVE-2022-49160
CVE-2022-49160 affects the Linux kernel driver scsi: qla2xxx. Root cause: during purex packet handling, a pre-allocated structure was freed incorrectly; the fix skips freeing that entry. Impact: system crashes during module load/unload tests (as shown by the stack traces: sbitmap_init_node, blk_m...
CVE-2024-57907
CVE-2024-57907 concerns the Linux kernel IIO ADC driver for Rockchip (rockchip_saradc). The vulnerability arises because the local data structure used to push data to userspace from a triggered buffer was not fully initialized; values for inactive channels were left undefined since only active ch...
CVE-2025-21766
CVE-2025-21766 – Linux kernel: ipv4 PMTU update path uses RCU protection. __ip_rt_update_pmtu() must read the net structure under RCU to prevent reading a structure that can disappear. The connected documents confirm the root cause and indicate this has been resolved by introducing RCU protection...
CVE-2022-48735
CVE-2022-48735 concerns a use‑after‑free in the Linux kernel ALSA hda LED class devices created by HD‑audio codec drivers. The issue arises because LED class devices are registered via devm_led_classdev_register() and tied to the codec device, but the devres release can execute before the devm ch...
CVE-2025-21745
CVE-2025-21745 affects the Linux kernel blk-cgroup subsystem. The root cause was a leak of the subsystem refcount in blkcg_fill_root_iostats() caused by iterating devices with class_dev_iter_(init|next)() without class_dev_iter_exit(). The fix ends the iteration with class_dev_iter_exit(), preven...
CVE-2025-37788
CVE-2025-37788 affects the Linux kernel cxgb4 memory handling: in cxgb4_init_ethtool_filters(), a memory leak can occur if loc_array is allocated but bmap allocation fails, because the free path only frees from (i-1) iterations. The fix frees loc_array in the bmap error path, mitigating the leak....
CVE-2024-36244
CVE-2024-36244 (Linux kernel) affects the taprio scheduler under net/sched. The issue arises when the UAPI allows a cycle-time that can be shorter than the sum of entry intervals, allowing a subtle bypass of the fix in the blamed commit. The advisory adds a new restriction: the cycle time must be...
CVE-2024-56538
Technical details for CVE-2024-56538 (Linux kernel drm: zynqmp_kms unplug before removal) are not publicly provided in the connected documents. Monitor for updates; none of the OpenVAS/USN entries include exact exploit specifics, affected versions, or fixes beyond referencing the CVE.
CVE-2021-47061
CVE-2021-47061 : Concrete details in connected advisories show a Linux kernel/KVM issue where destroying an I/O bus device must occur after unregister, and after SRCU-synchronization. The root cause is a use-after-free risk if devices are destroyed before the bus is nullified, because readers exp...
CVE-2021-47050
CVE-2021-47050 affects the Linux kernel memory/ Renesas Renesas-rpc-if path. The issue is a NULL pointer dereference: platform_get_resource_byname() can return NULL, and the code would immediately dereference it in resource_size(). The vulnerability’s root cause is dereferencing an unchecked NULL...
CVE-2025-22044
CVE-2025-22044 relates to a Linux kernel vulnerability in the ACPI NFIT handling (acpi_nfit_ctl). The issue arises from a narrowing conversion of a user-supplied 64‑bit value (call_pkg->nd_family) to int after a zero-check, which could allow an invalid argument to pass when the lower 32 bits a...
CVE-2022-49827
Summary (CVE-2022-49827) : In the Linux kernel DRM stack, a possible null pointer dereference could occur during vblank cleanup when __drmm_add_action() fails and drm_vblank_init_release() runs for a vblank with a NULL worker, leading to kthread_destroy_worker() dereference. The fix adds a NULL c...
CVE-2023-53077
CVE-2023-53077 affects the Linux kernel’s DRM AMD display path. The vulnerability arises in CalculateVMAndRowBytes when PTEBufferSizeInRequests is zero, causing UBSAN to warn due to dml_log2 returning an unexpectedly negative value (shift exponent 4294966273). The documented fix is to skip the dm...
CVE-2024-47720
CVE-2024-47720 in the Linux kernel relates to the AMD display path (drm/amd/display) where dcn30_set_output_transfer_func dereferenced set_output_gamma without a null check. The patch adds a nullity check for set_output_gamma before calling it and logs an error if it is NULL, preventing a potenti...
CVE-2023-52846
The CVE-2023-52846 entry concerns a Linux kernel use-after-free in hsr's prp_create_tagged_frame, where prp_fill_rct() may fail and free the skb while the successful path returns the original skb. Impact is described as high for confidentiality, integrity, and availability with local access prere...
CVE-2025-37820
CVE-2025-37820 : In the Linux kernel, xen-netfront may dereference a NULL result from xdp_convert_buff_to_frame() if the function fails to convert an XDP buffer to a frame. The return value may be NULL due to memory constraints, internal errors, or invalid data, and failing to check it can cause ...