1098 matches found
CVE-2024-26923
CVE-2024-26923 is a Linux kernel vulnerability in AF_UNIX garbage collection. The race occurs when a GC pass enqueues an embryo that has a peer carrying SCM_RIGHTS, causing the inflight set to differ between passes. This can leave a dangling pointer in the gc_inflight_list and may lead to memory ...
CVE-2023-52489
CVE-2023-52489 is tied to a Linux kernel race in mm/sparsemem memory sections (memory_section->usage) when PFNs span ZONE_NORMAL, ZONE_DEVICE, ZONE_NORMAL and memory compaction runs. The race occurs between pfn_valid()/pfn_section_valid() and section_deactivate, where ms->usage can be NULL ...
CVE-2024-26897
CVE-2024-26897 — Linux kernel (ath9k/ath9k_htc): A race in the ath9k_wmi_event_tasklet can occur due to init-order data-structure initialization exposed to USB before driver init completes. This may cause NULL-pointer dereferences under certain WMI commands. A partial fix existed (aborting WMI_TX...
CVE-2024-27009
The vulnerability CVE-2024-27009 (Linux kernel, s390) is covered by connected security bulletins. A race in ccw_device_set_online() could leave a device in an inconsistent state if a path verification arrives after final state wait but before result state evaluation, causing subsequent online att...
CVE-2024-27080
CVE-2024-27080 resolves a race in the Linux kernel's btrfs fiemap handling. The change stops locking the entire fiemap target range to avoid a deadlock with memory-mapped buffers, but creates a race where delalloc ranges in holes can be missed. As a result, fiemap consumers may not see delalloc d...
CVE-2024-26607
The CVE-2024-26607 issue affects the Linux kernel sii902x bridge driver on TI platforms. Root cause: a probing race where drm_bridge_add() is invoked before the driver fully initializes the i2c EDID path, leading to a NULL pointer dereference in sii902x_bridge_get_edid during EDID reads. Impact: ...
CVE-2024-39508
CVE-2024-39508 affects the Linux kernel’s io_uring io-wq path. The advisory details data-race issues on io_worker->flags exposed under concurrency (io_worker_handle_work and io_wq_activate_free_worker) and shows that the fix refactors flag manipulation to atomic operations using set_bit() and ...
CVE-2023-52433
CVE-2023-52433 refers to a Linux kernel issue in netfilter nft_set_rbtree where new elements within a single transaction may expire before the transaction ends. To avoid a commit path walking over an already released object, the code skips sync garbage collection (GC) for those elements during th...
CVE-2024-26861
CVE-2024-26861 affects the Linux kernel wireguard receive path, where a data race around keypair->receiving_counter.counter was identified (READ_ONCE/WRITE_ONCE annotations used to mark the race as intentional). The race occurs between wg_packet_decrypt_worker and wg_packet_rx_poll, potentiall...
CVE-2023-52492
CVE-2023-52492 refers to a Linux kernel vulnerability in the DMA engine where __dma_async_device_channel_unregister() could dereference a NULL chan->local if __dma_async_device_channel_register() failed and channels were unregistered. The fixed behavior adds a guard at the beginning of __dma_a...
CVE-2024-26859
CVE-2024-26859: In the Linux kernel, a race in the bnX2x driver during EEH error handling could cause a read of freed memory when bnx2x_io_slot_reset() and bnx2x_nic_unload() race. The fix ensures page pool allocations are verified before freeing SGEs to prevent NULL-pointer dereferences and cras...
CVE-2024-26862
CVE-2024-26862 — Linux kernel data race (kernel 5.x/6.x) Root cause: missing READ_ONCE()/WRITE_ONCE() annotations for ignore_outgoing reads in packet code; read/write races observed between dev_queue_xmit_nit() and packet_setsockopt(). Syzkaller/KCSAN reported a data-race affecting packet_setsock...
CVE-2024-26874
CVE-2024-26874 is a Linux kernel vulnerability in the drm/mediatek driver where a race allows a NULL pointer dereference in mtk_drm_crtc_finish_page_flip if mtk_crtc->event is NULL. The root cause is that pending_needs_vblank is derived from mtk_crtc->event and a race occurs between atomic_...
CVE-2021-47031
CVE-2021-47031: Linux kernel mt76 mt7921 memory-leak in mt7921_coredump_work fixed. Affected component/file: kernel code path handling mt7921 coredump; root cause was a memory leak in mt7921_coredump_work. Remediation: upstream patch fixes the leak (see stable kernel references). CVSSv3.1; Base s...
CVE-2024-26878
In CVE-2024-26878, the Linux kernel quota NULL pointer dereference is addressed: a race between dquot_free_inode (or related) and quota_off can dereference an inode quota pointer after it is nulled. The fix uses a temporary pointer to prevent the use-after-free: if inode quota pointers are access...
CVE-2024-26810
Technical details about CVE-2024-26810 are not provided in the supplied documents. The Astra bulletin repeats the vulnerability description without specifying affected products/versions or remediation. Monitor for official advisories to obtain precise impact and fixes.
CVE-2021-47034
CVE-2021-47034 affects the Linux kernel on powerpc/64s with radix paging. Root cause: radix__set_pte_at() omits a ptesync when updating a PTE, risking out-of-order updates for kernel memory and spurious faults during patching. The fix adds a ptesync path in flush_cache_vmap() (to be invoked when ...
CVE-2021-46958
CVE-2021-46958 is a Linux kernel issue affecting the Btrfs subsystem. The vulnerability stems from a race between transaction aborts during commit, an ongoing fsync, and the transaction kthread, which can cause a use-after-free of the log_root_tree. Reported symptoms in the description include fo...
CVE-2025-21655
CVE-2025-21655 affects the Linux kernel io_uring/eventfd path. The root cause is that io_eventfd_do_signal() frees an io_ev_fd immediately when the refcount drops to zero, instead of deferring to a subsequent RCU grace period. The fix defers freeing by calling io_eventfd_put() (replacing the inli...
CVE-2024-27040
CVE-2024-27040 concerns a NULL pointer dereference in the Linux kernel DRM AMD display code. Specifically, edp_set_replay_allow_active() may dereference replay when replay is NULL after the conditional that checks replay in the first if. The vulnerability occurs if link->replay_settings.replay...
CVE-2024-53160
CVE-2024-53160 : The MiracleLinux advisory confirms a Linux kernel data-race in rcu/kvfree between __mod_timer/kvfree_call_rcu and kfree_rcu_monitor. The fix acquires krcp->lock in kfree_rcu_monitor to ensure both functions do not race when updating krcp->monitor_work.timer.expires, address...
CVE-2024-56788
CVE-2024-56788 concerns the Linux kernel’s net: ethernet oa_tc6 implementation. The vulnerability is a race between two skb pointers used for TX: ongoing_tx_skb (being processed) and waiting_tx_skb (queued). The SPI thread moves data from ongoing_tx_skb to the next TX, then may assign NULL to ong...
CVE-2024-56576
CVE-2024-56576 affects the Linux kernel (media: i2c: tc358743). The issue causes a crash when an error occurs in probe() while using polling, because the polling timer is not removed and may fire after its arguments have been freed. The result is a kernel crash (use-after-free scenario in timer h...
CVE-2024-56637
CVE-2024-56637 affects the Linux kernel: netfilter ipset race where unloading ip_set while a set-type backend is being requested can crash the kernel. The issue is triggered by a race after nfnl_unlock(), e.g., when an mdelay() is inserted. A patch fixes by holding the module reference while requ...
CVE-2024-53169
The CVE-2024-53169 issue is in the Linux kernel nvme-fabrics shutdown path. A race can occur when the nvme keep-alive async request sneaks in during controller shutdown, potentially racing with admin queue destruction and the hw/hctx queue dispatcher. If the in-flight keep-alive touches the admin...
CVE-2024-53176
CVE-2024-53176 in the Linux kernel SMB/CIFS unmount path could race with cached directory operations, leaving dentries in use and triggering kernel BUGs. The fix drops dentries via queued work (cfid_put_wq) and ensures close_all_cached_dirs() flushes that work, with final cleanup performed by ser...
CVE-2024-27058
CVE-2024-27058 affects the Linux kernel: a race in tmpfs involving dquot rb_tree handling. The root cause is that fetching the rb_tree root node was not protected by dqio_sem, allowing a concurrent tree rebalance to mislead the search and trigger a warning in shmem_release_dquot. This is addresse...
CVE-2025-21651
Technical details about CVE-2025-21651 are not present in the provided connected documents; the materials only reference the Linux kernel hns3 issue and a fix. Monitor for updates from official sources.
CVE-2024-26583
CVE-2024-26583 affects the Linux kernel TLS path. The issue is a race between async crypto notify completion and socket close, where the submitting thread could exit before the crypto handler finishes, risking touching data after it has been freed. The fix routes around this by reducing complex l...
CVE-2024-26585
CVE-2024-26585 — Linux kernel TLS race : The vulnerability arises from a race between scheduling crypto work and socket close in TLS handling. The submitter thread (recvmsg/sendmsg) may exit as soon as the async crypto handler calls complete; the fix reorders scheduling the work before complete()...
CVE-1999-0524
CVE-1999-0524 is an ICMP information-disclosure vulnerability where ICMP replies reveal (1) netmask and (2) timestamp to arbitrary hosts. Connected reports link it to multiple products (e.g., Nutanix AHV advisories NXSA‑AHV series and ABB M2M Gateway plugin) and describe the issue as an informati...
CVE-2021-46925
CVE-2021-46925 affects the Linux kernel in the net/smc path. The issue is a race between smc_cdc_tx_handler() and smc_release() that can lead to a kernel panic or use-after-free when smc_cdc_tx_handler() accesses an smc_sock that has already been freed. The provided description documents a crash ...
CVE-2020-10732
CVE-2020-10732 describes a Linux Kernel flaw in the Userspace core dumps implementation. According to connected IBM bulletin entries, the issue: allows a local authenticated attacker to obtain sensitive information or cause a program crash by exploiting the core-dump handling path. The vulnerabil...
CVE-2023-39194
CVE-2023-39194 – The Apollo/CVE entry documents a flaw in the Linux kernel XFRM subsystem: during processing of state filters, an out-of-bounds read past the end of an allocated buffer can be triggered by a local attacker with CAP_NET_ADMIN privileges, potentially leading to information disclosur...
CVE-2019-12614
CVE-2019-12614 affects Linux kernels up to 5.1.6 in the PowerPC pseries dlpar.c: a NULL pointer dereference triggered by unchecked kstrdup of prop->name can allow a local attacker to crash the system via a crafted request. The issue is confirmed in the initial description and corroborated by c...
CVE-2021-33624
CVE-2021-33624 affects the Linux kernel prior to 5.12.13, where the eBPF verifier in kernel/bpf/verifier.c could mispredict branches (e.g., due to type confusion), allowing an unprivileged BPF program to read arbitrary kernel memory locations via a side-channel attack. Several connected advisorie...
CVE-2020-26558
CVE-2020-26558: Bluetooth Core 2.1–5.2 Passkey entry/mitm reflection vulnerability. Nearby attacker could identify the Passkey during pairing by reflecting public key and authentication evidence, enabling completion of authenticated pairing with the correct Passkey. Astra Linux bulletin repeats t...
CVE-2021-27363
CVE-2021-27363 affects the Linux kernel iSCSI subsystem. A flaw leaks the iSCSI transport’s kernel address via the sysfs handle (/sys/class/iscsi_transport/$TRANSPORT_NAME/handle), enabling a local attacker to leak the iscsi_transport pointer and potentially end arbitrary iSCSI connections. Conne...
CVE-2019-16089
Summary (CVE-2019-16089): The vulnerability resides in the Linux kernel (through version 5.2.13) where nbd_genl_status in drivers/block/nbd.c does not validate the return value of nla_nest_start_noflag, potentially enabling local privilege impact due to improper netlink attribute nesting checks. ...
CVE-2019-15666
CVE-2019-15666 affects the Linux kernel prior to 5.0.19, with an out-of-bounds array access in __xfrm_policy_unlink caused by improper directory validation in net/xfrm/xfrm_user.c. This can lead to denial of service. Nexus/connected advisories confirm the same impact and recommend upgrading the k...
CVE-2023-1859
CVE-2023-1859 is a use-after-free in Xen transport 9pfs (xen_9pfs_front_removet in net/9p/trans_xen.c) of the Linux kernel. Connected security bulletins confirm a race condition that could allow a local attacker to crash the system and potentially leak kernel information. Affected is the Xen 9pfs...
CVE-2019-15221
CVE-2019-15221 affects the Linux kernel up to version 5.1.17. A NULL pointer dereference can be triggered by a malicious USB device via the sound/usb/line6/pcm.c driver, leading to denial of service or system instability. Affected component is the kernel sound USB Line6 PCM driver; root cause is ...
CVE-2019-19068
CVE-2019-19068 affects the Linux kernel Realtek RTL8xxxU USB Wi‑Fi driver (rtl8xxxu_submit_int_urb in rtl8xxxu_core.c, up to 5.3.11). The root cause is a memory leak when usb_submit_urb() fails during interrupt-URB submission, which can lead to DoS via memory consumption. Connected document F5 ad...
CVE-2019-19063
Concretely affected software: Linux kernel realtek rtlwifi USB driver (rtl_usb_probe in drivers/net/wireless/realtek/rtlwifi/usb.c). Root cause: two memory leaks in rtl_usb_probe() leading to memory exhaustion. Impact: potential denial of service due to unbounded memory consumption (through 5.3.1...
CVE-2019-19523
CVE-2019-19523 affects the Linux kernel prior to 5.3.7, where a use-after-free can be caused by a malicious USB device via the drivers/usb/misc/adutux.c driver (CID-44efc269db79). Affected systems include distributions referenced in accompanying advisories (e.g., MiracleLinux 8, Unity Linux 20.x)...
CVE-2023-6176
The connected documents confirm CVE-2023-6176 is a Linux kernel issue in the cryptographic algorithm scatterwalk API. A null pointer dereference can be triggered when a local user constructs a malicious packet with specific socket configuration, potentially crashing the system or enabling privile...
CVE-2021-21781
CVE-2021-21781 is a local-information-disclosure vulnerability in the Linux kernel’s ARM SIGPAGE handling, where SIGPAGE may not be fully initialised and can leak kernel memory contents when read by a userland process. Affected: Linux kernel ARM SIGPAGE implementation (v5.4.66/v5.4.54) with fixes...
CVE-2020-29660
This CVE (CVE-2020-29660) affects the Linux kernel tty subsystem, specifically in drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c, where a locking inconsistency can enable a local attacker to perform a read-after-free against TIOCGSID. Consequences stated in multiple advisories include memory ...
CVE-2020-11494
The CVE-2020-11494 issue affects the Linux kernel slcan (serial line CAN) driver: in slcan.c, CAN headers for received packets may not be fully initialised when receiving data, enabling local attackers to read uninitialised can_frame data from kernel memory (information leak). Root cause is incom...
CVE-2019-15220
CVE-2019-15220 affects the Linux kernel prior to 5.2.1 and involves a use-after-free in the p54usb.c driver caused by a malicious USB device. The issue can lead to a denial of service via kernel memory corruption when a vulnerable USB device is connected to drivers/net/wireless/intersil/p54. The ...