7 matches found
CVE-2024-27018
CVE-2024-27018 affects the Linux kernel br_netfilter component. The issue arises when a bridge device is in promiscuous mode, causing certain bridge-tapped packets to bypass conntrack input handling; a patch resets the conntrack state for these packets. The crash/reply trace and warnings (br_nf_l...
CVE-2024-50072
CVE-2024-50072 affects the Linux kernel on x86 where VERW is used. The issue can trigger a general protection fault (#GP) in 32-bit vm86 contexts when VERW mitigations (e.g., MDS/RFDS) are enabled and the code segment selector is not properly referenced. The root cause is using VERW with an arbit...
CVE-2024-57945
CVE-2024-57945 (Linux kernel, riscv): In the sparse vmemmap model, an out-of-bounds virtual address could be computed for struct page if the first page in the phys_ram_base section does not have the expected PFN, causing VA to fall below VMEMMAP_START (and PCI_IO_END) during page initialization. ...
CVE-2024-35800
CVE-2024-35800 affects the Linux kernel EFI/kdump path. The root cause is calling get_next_variable() without validating the pointer, which in kdump can be NULL and cause a panic during kexec-ed kernel boot. The fix introduces a validity check before calling get_next_variable(), and the issue was...
CVE-2024-42277
CVE-2024-42277 affects the Linux kernel through a NULL dereference in the SPRD IOMMU path. Specifically, in sprd_iommu_cleanup(), before invoking sprd_iommu_hw_en(), dom->sdev may be NULL, leading to a NULL dereference. The connected Astra Linux bulletin confirms the same vulnerability in Linu...
CVE-2024-26789
CVE-2024-26789 concerns the Linux kernel crypto path for ARM64 AES-CTR. The bit-sliced NEON implementation could perform out-of-bounds reads when processing short inputs or tail blocks that do not align to 128-byte blocks, because it would jump into the plain NEON helper which handles memory in 1...
CVE-2025-39894
CVE-2025-39894 affects the Linux kernel netfilter bridge path (br_netfilter) specifically br_nf_local_in(). The issue arises when a broadcast packet to a tap device added to a bridge triggers br_nf_local_in() to confirm a conntrack; if another conntrack with the same hash is added, a warning may ...