24 matches found
CVE-2024-53681
CVE-2024-53681 : In the Linux kernel nvmet subsystem, the code path nvmet_root_discovery_nqn_store mishandled the subsysnqn string as a fixed-size buffer even though it is allocated to the string size. The root cause is buffer overrun risk when the subsysnqn is longer than the old buffer. The fix...
CVE-2024-36484
CVE-2024-36484 is a Linux kernel vulnerability where the socket acceptance check was relaxed at accept time (net/ipv4/af_inet.c). The issue can arise when a process shuts down a listener before it enters accept, causing the child to reach accept() in FIN_WAIT1 status after the commit “tcp: defer ...
CVE-2024-42083
CVE-2024-42083 affects the Linux kernel, addressing a bug in ionic_run_xdp() where multi-buffer jumbo frames were not fully unmapped for XDP_TX/XDP_REDIRECT. SG pages could be reused, causing a kernel panic (general protection fault). A patch/fix was applied in the kernel (e.g., 6.10.x targets an...
CVE-2025-38268
CVE-2025-38268: In the Linux kernel, a deadlock window existed in the USB Type‑C/TCPM Alt Mode interaction due to an unprotected state check in tcpm_queue_vdm_unlocked, which could allow the Alt Mode driver to grab the TCPM lock while state changes occurred. The fix moves tcpm_queue_vdm_unlocked ...
CVE-2025-38441
CVE-2025-38441 affects the Linux kernel netfilter flowtable nf_flow_pppoe_proto() where the Ethernet header was not accounted for in PPPoE offload logic, leading to potential use of uninitialized data (KMSAN). The vulnerability is locally exploitable; CVSS 3.1/AV:L/AC:L/PR:L/UI:N/S:U/I:N/A:H with...
CVE-2024-38595
CVE-2024-38595 affects the Linux kernel mlx5 subsystem: a patch changing register devlink flow did not update the peer devlink set logic, triggering a call trace when peer devlink set is done after devl_register. The fix aligns peer devlink set logic with the register flow to prevent the trace. I...
CVE-2025-38489
CVE-2025-38489: In the Linux kernel (s390/BPF), the on-disk description notes that bpf_arch_text_poke() with new_addr == NULL caused intermittent panics; the fix re‑instates the previously removed correction from commit c730fce7c70c, restoring the intended behavior and adding a clarifying comment...
CVE-2024-42071
CVE-2024-42071 is a Linux kernel issue related to the ionic driver where napi_consume_skb() is invoked outside a safe NAPI context. The root cause described in the sources is that a non-NAPI/softirq path should call napi_consume_skb with budget=0, as indicated by the code notes and stack traces (...
CVE-2024-42111
CVE-2024-42111 affects the Linux kernel BTRFS qgroup handling. The root cause was a patch (b5357cb268c4) that skipped the qgroup inherit checks when qgroup is disabled, allowing a malformed btrfs_qgroup_inherit structure to pass. This could lead to a slab-out-of-bounds read (KASAN) during transac...
CVE-2024-42100
Technical details for CVE-2024-42100 are not provided in the connected documents. The materials reference the CVE but do not specify affected products, versions, root cause, impact, or fixes beyond the initial description; monitor for updates.
CVE-2024-40986
CVE-2024-40986 affects the Linux kernel DMA engine for Xilinx XDMA. The issue arises from data synchronization in xdma_channel_isr() where the code does not properly sequence operations before using xdma->stop_request, requiring the vchan lock prior to stop_request usage. The vulnerability is ...
CVE-2024-42075
CVE-2024-42075 concerns the Linux kernel’s bpf arena logic, which failed to account for mremap, risking use-after-free in arena_vm_close. The vulnerability is addressed by adding a reference count for multiple mmap events to protect the arena during remapping. The connected documents indicate the...
CVE-2026-46031
The CVE-2026-46031 entry describes a Linux kernel issue in the ks8851 network driver where a race/deadlock can occur between TX softirq handling and RX processing when BHs are enabled around IRQ handling. The root cause is a potential deadlock: ks8851_irq() holds a spinlock while ks8851_start_xmi...
CVE-2026-22979
CVE-2026-22979 is a Linux kernel vulnerability affecting memory accounting for GRO-fragmented SKBs. The issue arose because skb_segment_list() continued to add each fragment’s truesize to delta_truesize while subtracting it from the parent SKB, even though fragments are no longer charged to the s...
CVE-2026-31562
Summary: CVE-2026-31562 affects the Linux kernel DRM/mediatek DSI driver. A local attacker could trigger a NULL pointer dereference due to an uninitialized drvdata being read during mipi_dsi_host_register, causing a crash in mediatek-drm probe and blocking subsequent DRM operations. The fixed beh...
CVE-2025-71100
CVE-2025-71100 affects the Linux kernel wifi rtl8192cu (rtlwifi). The issue arises when tid values from ieee80211_get_tid() may exceed the bounds of sta_entry->tids[] (MAX_TID_COUNT), triggering an out-of-bounds access and UBSAN warning. The patched code adds a bounds check to ensure TID
CVE-2026-23013
CVE-2026-23013 pertains to the Linux kernel: in the octeon_ep_vf IRQ handling, the rollback path frees IRQs with a mismatched dev_id, using the literal 'oct' instead of the original ioq_vector. This can leave irqaction registrations alive, causing a use-after-free or crash when the interrupt fire...
CVE-2026-23254
CVE-2026-23254 (Linux kernel): The issue affects UDP GRO in the net/ gro path, where the complete stage incorrectly uses the inner network offset when the encapsulation flag is not reliably zeroed by hardware offloads. The root cause is an assumption that all RX-inserted packets have encapsulatio...
CVE-2026-23427
Summary: CVE-2026-23427 affects ksmbd in the Linux kernel and has been fixed to address a use-after-free in durable v2 replay of active SMB file handles. The root cause is that parse_durable_handle_context() unconditionally assigns dh_info->fp->conn to the current connection when handling D...
CVE-2026-23354
CVE-2026-23354 concerns the Linux kernel x86/fred speculative safety. The fix removes the index variable and repositions array_index_nospec() so it’s calculated immediately before the array access, addressing the incorrect placement that allowed the result to be spilled to the stack across irqent...
CVE-2026-31647
CVE-2026-31647 concerns the Linux kernel idpf driver. The vulnerability stems from improper nesting of PREEMPT_RT raw/BH spinlocks during asynchronous VC handling, which could yield an invalid wait context. A fix switches from the completion’s raw spinlock to a local lock in the idpf_vc_xn struct...
CVE-2026-23373
CVE-2026-23373 affects the Linux kernel wifi: rsi driver. The issue arises in rsi_mac80211_config where it should default to a zero value but instead uses -EOPNOTSUPP, triggering a WARN_ON in ieee80211_hw_conf_init and diverging from other drivers’ behavior. Multiple sources describe the vulnerab...
CVE-2026-23417
CVE-2026-23417 affects the Linux kernel BPF component where PROBE_MEM32 immediate stores (BPF_ST|BPF_PROBE_MEM32) were not blinded by the JIT constant-blinding path. The root cause is that convert_ctx_accesses() rewrites BPF_ST|BPF_MEM to BPF_ST|BPF_PROBE_MEM32 during verification, but the blindi...
CVE-2026-31561
CVE-2026-31561 affects the Linux kernel: the fix removes the X86_CR4_FRED bit from the CR4 pinning mask to avoid a boot-time window where exceptions cannot be handled. The vulnerability is detailed as a problem where FRED was temporarily disabled during AP boot, which could let an attacker modify...