18 matches found
CVE-2024-36481
CVE-2024-36481 affects the Linux kernel tracing/btf parsing: btf_find_struct_member() may return NULL or an ERR_PTR, but parse_btf_field() only checked NULL before. The fix uses IS_ERR() and propagates the error up the stack. Affected component is the kernel’s tracing probes; impact is a local vu...
CVE-2024-36936
The CVE-2024-36936 issue affects the Linux kernel's memory-accept path under efi/unaccepted. The root cause was a soft lockup scenario caused by a spinlock held during memory acceptance, which could intermittently trigger a watchdog/softlockup on the CPU during large TD guest memory loads. The fi...
CVE-2024-35831
CVE-2024-35831 (Linux kernel io_uring issue) : The vulnerability arises in the error path of __io_uaddr_map where, after pinning pages, the error handler may not release the pinned pages if the function fails. This can occur under memory fragmentation and results in improper cleanup. The base CVS...
CVE-2024-42074
CVE-2024-42074 pertains to the Linux kernel’s ASoC AMD ACP driver. When the acp platform device creation is skipped, chip->chip_pdev can be NULL, leading to a potential NULL pointer dereference in snd_acp_resume. The connected Nessus/NASL entries confirm the root cause and describe the fix: ad...
CVE-2024-27416
CVE-2024-27416 is a Linux kernel vulnerability: Bluetooth hci_event handling of HCI on_IO_CAPA_REQUEST when Read Remote Extended Features is pending could lead to an incorrect assumption that the remote supports SSP. The issue is addressed in kernel code by fixing the HCI_EV_IO_CAPA_REQUEST handl...
CVE-2024-35825
Summary (CVE-2024-35825) : The issue in the Linux kernel USB gadget for CDC NCM NTB handling occurs when a zero wBlockLength is encountered. The code’s previous logic could repeatedly process the same NTB if block length is zero, risking a crash. The connected Astra Linux advisory confirms this v...
CVE-2023-52839
CVE-2023-52839 describes a Linux kernel vulnerability in perf where broadcasting to other CPUs when starting a counter was removed as part of a fix (commit 3fec323339a4). Root cause: unnecessary broadcast in perf code could lead to a warning and potential instability; fix eliminates the broadcast...
CVE-2025-38526
CVE-2025-38526 relates to the Linux kernel ice driver. The issue arises from missing NULL checks in eswitch lag checking: ice_lag_is_switchdev_running() may be invoked from outside the LAG event handler, causing lag->upper_netdev to be NULL and risking a NULL pointer dereference. A fix adds a ...
CVE-2026-31478
The CVE-2026-31478 issue affects ksmbd in the Linux kernel. The root cause is an incorrect calculation of the response buffer length in smb2_calc_max_out_buf_len(), where a hardcoded hdr2_len was used instead of the correct offset to the Buffer field. The security advisories describe that after a...
CVE-2026-23220
CVE-2026-23220 – Linux kernel ksmbd infinite loop fix : In ksmbd, when a signed SMB2 request fails verification, __process_request() triggers an error path that calls set_smb2_rsp_status() and resets next_smb2_rcv_hdr_off to zero. This loses the pointer to the next command in the chain, so is_cha...
CVE-2025-71101
CVE-2025-71101 stems from the Linux kernel HP-BIOSCFG driver’s ACPI package parsing: hp_populate_*_elements_from_package() reads multi-element fields (PREREQUISITES, ENUM_POSSIBLE_VALUES) using offsets like enum_obj[elem + reqs] or enum_obj[elem + pos_values], but the bounds check only validated ...
CVE-2025-71143
CVE-2025-71143 concerns a Linux kernel issue in clk: samsung: exynos-clkout where .num was initialized after .hws[] was accessed, triggering UBSAN_BOUNDS warnings. The fix moves the .num initialization before the first access of .hws[] (as noted in commit f316cdff8d67 and related annotations) to ...
CVE-2026-23386
CVE-2026-23386 concerns the Linux kernel gve driver in QPL mode, where gve_tx_clean_pending_packets() could misinterpret the dma_addr_t array as buffer IDs, causing out-of-bounds/unmap errors. The root cause was an improper buffer cleanup path in gve_tx_clean_pending_packets() that could referenc...
CVE-2026-45851
CVE-2026-45851 targets the Linux kernel EFI subsystem. The vulnerability arises in the reserve_unaccepted() memblock reservation: it aligns the table size but does not account for cases where the table’s start (efi.unaccepted) is not page-aligned. If the table begins mid-page and ends across the ...
CVE-2025-71072
CVE-2025-71072 : In the Linux kernel, a rename/recovery issue in shmem was fixed. The root cause affected how maple_tree insertions and simple_offset_rename() pathways handled memory pressure and failure paths, including simple_offset_rename_exchange(). The fix involves how shmem_rename2() pre-in...
CVE-2025-71119
CVE-2025-71119 affects the Linux kernel. The vulnerability arises in powerpc/kexec where, if SMT is disabled or in partial SMT state, loading a new kernel image for kexec and rebooting can trigger a warning (Waking offline cpu) because add_cpu() fails when cpu_bootable() rejects CPUs due to cpu_s...
CVE-2025-68817
The CVE-2025-68817 entry concerns a Linux kernel ksmbd issue: a use-after-free in ksmbd_tree_connect_put under concurrent disconnect paths. Under high concurrency, a tcon (tree-connection object) can be freed on disconnect while another path still holds a reference and may later call *_put() or w...
CVE-2026-31506
The CVE-2026-31506 issue concerns the Linux kernel bcmasp component where the Wake-on-LAN (WoL) IRQ handler could be double-freed. The problem stems from handling of the WoL irq; the patch indicates wol_irq does not need explicit freeing because it is allocated with devm_request_irq, and devres h...