15 matches found
CVE-2024-36011
CVE-2024-36011 affects the Linux kernel where the Bluetooth HCI code could dereference a NULL pointer in hci_le_big_sync_established_evt(). The vulnerability is local (per CVSS vector: AV:L, AC:L, PR:L, UI:N) with a MEDIUM base score of 5.5 and an ADMIN/availability impact of HIGH. The connected ...
CVE-2024-56780
Technical details about CVE-2024-56780 are not provided in the connected documents. The initial description outlines a quota writeback flush race in Linux kernel/ext4 but lacks vendor/version/product mapping or patch specifics in these sources. Monitor for updates.
CVE-2024-24855
CVE-2024-24855 describes a race condition in the Linux kernel’s SCSI lpfc_unregister_fcf_rescan() function that can cause a NULL pointer dereference, potentially leading to a kernel panic or denial of service. The vulnerability is tied to the kernel’s SCSI device driver (lpfc) and is referenced a...
CVE-2024-56654
CVE-2024-56654 — Linux kernel Bluetooth hci_event fix : Addresses unsafe use of rcu_read_lock/unlock inside list_for_each_entry_rcu, where entries dereferenced with rcu_dereference must be accessed only within an RCU read-side critical section. The patch resolves a safety issue by ensuring correc...
CVE-2025-21650
Technical details about CVE-2025-21650 are not provided in the connected documents. The initial description is detailed, but there is no supplementary data in the connected sources to confirm affected products/versions, impact, or fixes. Monitor for updates.
CVE-2024-0639
CVE-2024-0639 is a denial-of-service vulnerability in Linux kernel SCTP: a deadlock in sctp_auto_asconf_init (net/sctp/socket.c) can be triggered by guests with local privileges, potentially crashing the system. Some connected advisories (Unity Linux UTSA-2026-001762 and Red Hat/SUSE notes) indic...
CVE-2024-58020
CVE-2024-58020 affects the Linux kernel HID multitouch driver. The issue arises when devm_kasprintf() returns NULL and the result is used in mt_input_configured() without a NULL check, risking NULL pointer dereference. Acknowledged fixes add a NULL check in mt_input_configured(); impact is listed...
CVE-2024-26888
CVE-2024-26888 : Linux kernel vulnerability in Bluetooth msft path reported as fixed by a memory leak fix. The issue involved a leaking buffer allocated to send MSFT_OP_LE_MONITOR_ADVERTISEMENT. Public docs confirm the fix; CVSS indicates LOCAL attack vector with low to moderate impact (Base 5.5,...
CVE-2024-26917
CVE-2024-26917 affects the Linux kernel SCSI/FCoE path. The vulnerability stems from reverting a commit that changed spin lock usage for FCoE devices (from bh to irqsave), which caused interrupts to be lost for FCoE devices. The problem was introduced in the patch set around scsi: fcoe: Fix poten...
CVE-2025-38007
CVE-2025-38007 affects HID uclogic in the Linux kernel. Root cause: uclogic_input_configured() dereferences a NULL after devm_kasprintf() returns NULL due to allocation failure. Mitigation: a NULL check is added after devm_kasprintf() to prevent the dereference. Described fixes are documented in ...
CVE-2024-23196
CVE-2024-23196 : Astra Linux security bulletin reports a race condition in the Linux kernel sound/hda driver, in snd_hdac_regmap_sync(), which can trigger a NULL pointer dereference and may lead to a kernel panic or denial of service. This mirrors the initial description. The connected documents ...
CVE-2023-52848
Summary (CVE-2023-52848) : The issue, reported for the Linux kernel’s f2fs file system, centers on a bug during f2fs_put_super() where the meta_inode page cache is not dropped after an IO error in f2fs_wait_on_all_pages. This can lead to a reference-count leak and a kernel panic during unmount. T...
CVE-2026-46138
The CVE-2026-46138 issue affects the Linux kernel Bluetooth subsystem, specifically hci_le_create_big_complete_evt. A loop over BT_BOUND connections for a BIG handle may access ev->bis_handle[i++] without ensuring i
CVE-2025-71107
CVE-2025-71107: In Linux kernel F2FS, a race allows f2fs_put_super() to run before all node-page reads complete, causing an apparent filesystem reference-count leak during unmount (kernel.c fs/f2fs/super.c:1939). Mitigation: upstream patch adds f2fs_wait_on_all_pages() for F2FS_RD_NODE to ensure ...
CVE-2026-43019
The CVE-2026-43019 issue affects the Linux kernel Bluetooth HCI path, where hci_conn lookups and field access in set_cig_params_sync were not properly protected by the hdev lock, allowing a use-after-free when an hci_conn could be freed concurrently. The documented fix is to take the hdev lock to...