Lucene search
K

4333 matches found

CVE
CVE
added 2025/01/20 10:48 a.m.3279 views

CVE-2023-52923

CVE-2023-52923 — Linux kernel netfilter nf_tables GC transaction API fix . The issue concerns the nf_tables set backend in the Linux kernel, where the GC transaction API replaces the old GC and busy-mark approach. The patch changes: sets the _DEAD bit to hide removed elements instead of removing ...

5.5CVSS6.5AI score0.00243EPSS
CVE
CVE
added 2025/01/21 12:18 p.m.3005 views

CVE-2025-21659

CVE-2025-21659 relates to the Linux kernel where the netdev subsystem previously allowed NAPI instances to be accessed across different network namespaces. The underlying issue was that NAPI IDs were not fully namespace-aware before the netlink API, allowing potential cross-namespace exposure of ...

5.5CVSS6.5AI score0.00173EPSS
CVE
CVE
added 2025/01/21 12:18 p.m.2557 views

CVE-2025-21664

CVE-2025-21664 affects the Linux kernel’s device-mapper thin provisioning path (dm-thin). The issue arises from get_first_thin using a sequence of RCU-safe list operations (list_empty_rcu() followed by list_first()) that perform separate READ_ONCE()s of the list head, which can yield inconsistent...

5.5CVSS6.4AI score0.00216EPSS
CVE
CVE
added 2025/01/31 11:25 a.m.2554 views

CVE-2025-21678

CVE-2025-21678 affects the Linux kernel gtp driver. The root cause was in gtp_newlink(), which linked a created UDP tunnel device to the wrong netns (dev_net instead of src_net). This caused the gtp device to remain in the wrong namespace even after the source namespace was deleted, leading to a ...

5.5CVSS6.9AI score0.0021EPSS
CVE
CVE
added 2025/01/19 10:18 a.m.2546 views

CVE-2025-21653

CVE-2025-21653 affects the Linux kernel net_sched flow classifier (net/sched/cls_flow.c). The vulnerability was due to missing validation of TCA_FLOW_RSHIFT, which could trigger undefined behavior (UB) and a shift-out-of-bounds on large 32-bit shifts, as shown by UBSAN. Connected advisories (Astr...

5.5CVSS6.9AI score0.0021EPSS
CVE
CVE
added 2025/01/31 11:25 a.m.2531 views

CVE-2025-21668

CVE-2025-21668 (Linux kernel) : A missing loop break in the imx8mp_blk_ctrl_remove path (imx8mp_blk_ctrl) allows the for loop to run out of bounds, potentially affecting system shutdown/reboot flows. The vulnerability is tied to the imx8mp domain handling in dev_pm_domain_detach during platform s...

5.5CVSS7.2AI score0.00199EPSS
CVE
CVE
added 2025/01/20 1:48 p.m.2525 views

CVE-2025-21655

CVE-2025-21655 affects the Linux kernel io_uring/eventfd path. The root cause is that io_eventfd_do_signal() frees an io_ev_fd immediately when the refcount drops to zero, instead of deferring to a subsequent RCU grace period. The fix defers freeing by calling io_eventfd_put() (replacing the inli...

4.7CVSS6.6AI score0.00219EPSS
CVE
CVE
added 2025/02/18 2:37 p.m.2509 views

CVE-2025-21702

The CVE CVE-2025-21702 concerns a bug in Linux kernel pfifo_tail_enqueue where, when sch->limit == 0, a path can cause qlen to be increased to one even if a preceding drop would have kept it at zero. This leads to a mismatch where a parent qlen no longer equals the sum of its children’s qlen, ...

7.8CVSS7.3AI score0.00256EPSS
CVE
CVE
added 2025/01/21 12:18 p.m.2501 views

CVE-2025-21660

Technical details for CVE-2025-21660 are not provided in the supplied documents. No affected products, root cause, or remediation are disclosed here; monitor for updates from official advisories.

5.5CVSS6.6AI score0.00197EPSS
CVE
CVE
added 2025/01/19 10:18 a.m.2494 views

CVE-2025-21648

CVE-2025-21648 affects the Linux kernel netfilter conntrack code. The vulnerability arises from the hashtable resize path where the maximum size could exceed practical limits, risking a WARN_ON_ONCE in __kvmalloc_node_noprof() when __GFP_NOWARN is unset. The fix clamps the conntrack hashtable siz...

5.5CVSS7AI score0.00209EPSS
CVE
CVE
added 2025/01/11 12:39 p.m.2459 views

CVE-2024-57800

CVE-2024-57800 affects the Linux kernel in ALSA memalloc handling. When DMA API debugging is enabled, it may warn about a device driver failing to check a DMA address map, e.g. device address 0x00000000ffff0000, due to explicit address checks instead of using dma_mapping_error(). The documented f...

5.5CVSS7AI score0.00203EPSS
CVE
CVE
added 2025/01/15 1:5 p.m.2449 views

CVE-2024-57888

Technical details for CVE-2024-57888 are not publicly available in the provided documents. Monitor vendor advisories and kernel commit references for remediation context and updates.

5.5CVSS6.5AI score0.00202EPSS
CVE
CVE
added 2025/01/19 10:18 a.m.2447 views

CVE-2025-21647

The CVE-2025-21647 vulnerability affects the Linux kernel’s sched: sch_cake path, where an underflow in per-host bulk flow counters could cause out-of-bounds memory access. A fix adds bounds-checking around all accesses to per-host bulk flow counters via helper functions, moving flow mode checks ...

7.1CVSS7.3AI score0.00278EPSS
CVE
CVE
added 2025/02/22 9:43 a.m.2442 views

CVE-2025-21704

CVE-2025-21704 affects the Linux kernel USB CDC-ACM (cdc_acm) path. The root cause is improper handling of fragmented control transfers: if the first fragment is smaller than struct usb_cdc_notification, computing expected_size can underflow as fragments arrive, leading to memory corruption when ...

7.8CVSS7AI score0.00328EPSS
CVE
CVE
added 2025/01/11 12:35 p.m.2440 views

CVE-2024-56788

CVE-2024-56788 concerns the Linux kernel’s net: ethernet oa_tc6 implementation. The vulnerability is a race between two skb pointers used for TX: ongoing_tx_skb (being processed) and waiting_tx_skb (queued). The SPI thread moves data from ongoing_tx_skb to the next TX, then may assign NULL to ong...

4.7CVSS7AI score0.00126EPSS
CVE
CVE
added 2025/01/15 1:5 p.m.2420 views

CVE-2024-57893

CVE-2024-57893 : Linux kernel ALSA: seq: oss — race in SysEx message processing can cause out-of-bounds access. Connected docs confirm the issue and state a mutex-based serialization fix was introduced to protect SysEx packets in the OSS sequencer, effectively addressing the race between 6-byte S...

6.3CVSS6.7AI score0.00158EPSS
CVE
CVE
added 2025/01/21 12:18 p.m.2417 views

CVE-2025-21662

CVE-2025-21662: In the Linux kernel, net/mlx5: Fix variable not being completed when function returns. The issue could cause a hang of the issuing task if cmd_alloc_index() fails and cmd_work_handler() does not complete ent->slotted before returning. Affected component is mlx5_core/mlx5e, with...

5.5CVSS6.8AI score0.00199EPSS
CVE
CVE
added 2025/02/13 3:5 p.m.2411 views

CVE-2025-21701

CVE-2025-21701 : In the Linux kernel, a race existed between device unregistration and ethnl operations (ethnl_set_channels, ethtool checks) that could occur when a network device is being unregistered while its channels are modified. The issue arose because unregister_netdevice_many_notify could...

7.4CVSS7AI score0.00165EPSS
CVE
CVE
added 2025/01/11 12:35 p.m.2406 views

CVE-2024-53690

CVE-2024-53690 (Linux kernel) describes a nilfs2 inode handling flaw where a deleted inode could be mis-reused, leading to inode duplication and i_nlink underflow during rmdir. The fix involves guarding against deleted inodes by verifying i_nlink in nilfs_iget() and reclaiming the inode when its ...

5.5CVSS6.6AI score0.00254EPSS
CVE
CVE
added 2025/01/11 12:35 p.m.2374 views

CVE-2024-53685

CVE-2024-53685 concerns the Linux kernel Ceph path construction: when the full path built by ceph_mdsc_build_path() exceeds PATH_MAX, the function enters an endless retry loop, effectively DoS-ing the system. The description notes the fix is to remove the retry and fail with ENAMETOOLONG instead,...

5.5CVSS6.5AI score0.00217EPSS
CVE
CVE
added 2025/01/19 10:18 a.m.2364 views

CVE-2025-21646

Technical details about CVE-2025-21646 are not provided in the supplied documents. Monitor vendor advisories for affected products, impact, and fixes.

5.5CVSS6.5AI score0.002EPSS
Web
CVE
CVE
added 2025/01/31 11:25 a.m.2356 views

CVE-2024-57948

Summary (CVE-2024-57948) : In the Linux kernel, the mac802154 subsystem had a vulnerability where, during removal of an IEEE 802.15.4 network interface, a list-del operation could run on a stale sdata entry if local interfaces had not been validated first. This could allow a corrupted list path t...

5.5CVSS6.9AI score0.0021EPSS
CVE
CVE
added 2025/01/11 12:35 p.m.2348 views

CVE-2024-55881

CVE-2024-55881 : In the Linux kernel, KVM for x86 had a fix to correctly detect 64‑bit hypercalls during complete_hypercall_exit() for guests with protected state (e.g., SEV-ES/SEV-SNP). The change replaces is_64_bit_mode() with is_64_bit_hypercall() to determine 64‑bit mode when the vCPU state n...

5.5CVSS6.5AI score0.00203EPSS
CVE
CVE
added 2025/01/11 12:25 p.m.2347 views

CVE-2024-41935

CVE-2024-41935 (Linux kernel, f2fs) : The issue concerns the f2fs extent tree shrink operation. The patch changes the shrink process to operate on read extent nodes in batches, reducing the time a core rwlock is held and preventing potential kernel hangs when the extent tree contains a large numb...

7.1CVSS6.2AI score0.00221EPSS
CVE
CVE
added 2025/01/21 12:1 p.m.2338 views

CVE-2024-57931

CVE-2024-57931 is a Linux kernel issue in the SELinux subsystem: when evaluating extended permissions, the patch changes behavior to ignore unknown permissions instead of triggering a BUG(), allowing future permissions to be added without breaking older kernels. The unit described in connected da...

5.5CVSS6.6AI score0.0021EPSS
CVE
CVE
added 2025/01/31 11:25 a.m.2333 views

CVE-2025-21679

CVE-2025-21679—Linux kernel (btrfs): The issue arises in get_canonical_dev_path() where d_path()’s possible error is not handled, causing an invalid memory access on the subsequent strscpy() call. The patch reintroduces proper error handling for d_path() to prevent the memory access, addressing t...

5.5CVSS7.1AI score0.0017EPSS
CVE
CVE
added 2025/02/05 9:7 a.m.2332 views

CVE-2023-52924

CVE-2023-52924 describes a Linux kernel vulnerability in nf_tables/netfilter where expired elements were wrongly skipped during a set walk, causing use-count inconsistencies and potential WARNs during chain removal. The issue arises in asymmetry between preparation/commit phases when a set elemen...

5.5CVSS7AI score0.002EPSS
CVE
CVE
added 2025/01/19 11:52 a.m.2332 views

CVE-2024-57904

CVE-2024-57904 affects the Linux kernel’s IIO subsystem for at91: the at91_ts_register path frees the wrong object during error handling. The code currently calls input_free_device() on st->ts_input, but the err path can run before iio_dev is assigned to st->ts_input. The fix is to call inp...

7.8CVSS6.3AI score0.0023EPSS
CVE
CVE
added 2025/01/19 11:52 a.m.2331 views

CVE-2024-57929

CVE-2024-57929 : In the Linux kernel, the vulnerability stems from dm-array: when dm_bm_read_lock() fails, a faulty dm_block pointer can be left behind, leading to a double release in dm_array_cursor_end() and a subsequent BUG_on in dm-bufio. The fix (as described in the CVE text) sets the cached...

7.1CVSS6.6AI score0.00246EPSS
CVE
CVE
added 2025/01/19 10:17 a.m.2321 views

CVE-2025-21632

CVE-2025-21632: In the Linux kernel, a patch fixes shadow stack handling for x86 XSAVE state accessed via ptrace. Previously, regset get/set paths could be invoked with shadow stacks disabled (ARCH_SHSTK_SHSTK==0), causing get_xsave_addr() to return NULL and trigger a WARN_ON in ssp_get. The fix ...

5.5CVSS6.9AI score0.00202EPSS
CVE
CVE
added 2025/01/11 2:30 p.m.2300 views

CVE-2024-57849

The CVE-2024-57849 issue is in the Linux kernel s390 CPUMF sampling path. When a CPU is hotplugged out while a performance event is still active on that CPU, the hotplug/removal sequence can cause SDBs (sampling data buffers) to be freed while still in use, creating a potential use-after-free con...

7.8CVSS6.3AI score0.00202EPSS
CVE
CVE
added 2025/01/11 2:8 p.m.2279 views

CVE-2024-57838

CVE-2024-57838 affects the Linux kernel on s390 where stack-depot filtering cannot de-duplicate stacks because the .irqentry.text section is empty. The root cause is that IO/EXT interrupt handlers were not correctly placed into the .irqentry.text region on s390, hindering stack trace filtering fo...

7.1CVSS6.7AI score0.0021EPSS
CVE
CVE
added 2025/01/11 2:49 p.m.2266 views

CVE-2024-57876

CVE-2024-57876 affects the Linux kernel DRM/DP MST code. The vulnerability arises when the MST topology is removed during reception of a Down/Up Sideband message, where drm_dp_mst_topology_mgr::up_req_recv and down_rep_recv states can be reset out of order by another thread via drm_dp_mst_topolog...

7CVSS6.7AI score0.00158EPSS
CVE
CVE
added 2025/02/10 3:58 p.m.2246 views

CVE-2025-21691

The CVE-2025-21691 entry concerns the Linux kernel cachestat syscall. The issue arose because the cachestat() addition did not include the writability/ownership permission check that mincore() had, allowing potential misuse when reading page cache stats. The connected advisories confirm a code-le...

5.5CVSS6.4AI score0.00199EPSS
CVE
CVE
added 2025/01/19 10:18 a.m.2244 views

CVE-2025-21651

Technical details about CVE-2025-21651 are not present in the provided connected documents; the materials only reference the Linux kernel hns3 issue and a fix. Monitor for updates from official sources.

4.7CVSS7AI score0.00129EPSS
CVE
CVE
added 2025/01/21 12:18 p.m.2239 views

CVE-2025-21663

CVE-2025-21663 : In the Linux kernel, the net: stmmac: dwmac-tegra driver incorrectly reads the IOMMU Stream ID (SID) from a hard-coded MGBE0 SID for all Tegra MGBEs. This prevents proper SID handling for non-MGBE0 controllers, leading to issues such as transmit timeouts and potential kernel pani...

5.5CVSS6.6AI score0.00199EPSS
CVE
CVE
added 2025/01/15 1:5 p.m.1888 views

CVE-2024-57883

Technical details about CVE-2024-57883 are not provided in the supplied documents. Monitor official kernel advisories and vendor security notices for affected products, scope, and fixes.

5.5CVSS6.3AI score0.00203EPSS
CVE
CVE
added 2025/01/15 1:5 p.m.1771 views

CVE-2024-57897

CVE-2024-57897 affects the Linux kernel’s DRM/AMDGPU/KFD path. The migration DMA map direction for the SVM DMA device map is set to BIDIRECTIONAL to match the DMA unmap setting, addressing a warning from the DMA core. The Tencent/Tenable entry includes a kernel log snippet showing a WARNING in ke...

5.5CVSS6.7AI score0.00244EPSS
CVE
CVE
added 2025/01/19 10:18 a.m.1650 views

CVE-2025-21645

CVE-2025-21645 affects the Linux kernel in platform/x86/amd/pmc where IRQ1 wakeup is disabled independent of whether i8042 enabled it. The underlying issue caused by dev_pm_ops mismatches between amd_pmc_suspend_handler() and i8042_pm_suspend() could lead to unbalanced IRQ wake disable and WARNs ...

5.5CVSS7AI score0.0024EPSS
CVE
CVE
added 2025/01/15 1:6 p.m.1610 views

CVE-2025-21629

CVE-2025-21629: Linux kernel vulnerability where NETIF_F_IPV6_CSUM offload for BIG TCP/IPv6 packets with extension headers was disabled by a commit; this caused skb_warn_bad_offload to fire for large TCP packets. The issue is resolved by reverting the change and re-enabling IPv6 CSUM offload for ...

5.5CVSS6.4AI score0.00208EPSS
CVE
CVE
added 2025/01/15 1:5 p.m.1581 views

CVE-2024-57898

Technical details for CVE-2024-57898 are not provided in the supplied documents. Public information about affected products, impact, or fixes is unavailable here; monitor vendor advisories for updates.

3.3CVSS6.5AI score0.0018EPSS
CVE
CVE
added 2025/01/11 12:39 p.m.1564 views

CVE-2024-57804

CVE-2024-57804 concerns the Linux kernel’s scsi mpi3mr driver, where rapid disable/enable cycles of PHYs via the SAS sysfs interface could corrupt the persistent and current SAS IO unit/Expander config pages. The root cause is PHY state/page data confusion during successive config requests, leadi...

5.5CVSS6.9AI score0.00176EPSS
CVE
CVE
added 2025/01/11 12:35 p.m.1549 views

CVE-2024-49571

CVE-2024-49571 affects the Linux kernel’s net/smc path. The vulnerability arises when the server processes an incoming proposal message: the fields iparea_offset and ipv6_prefixes_cnt in the proposal are supplied by the remote client and cannot be fully trusted. If iparea_offset exceeds the maxim...

5.5CVSS6.4AI score0.00214EPSS
CVE
CVE
added 2025/01/19 11:52 a.m.1537 views

CVE-2024-57917

CVE-2024-57917 : In the Linux kernel, the cpumask may be modified during printing of cpumap, causing mismatched lengths in kvasprintf-based formatting. The fix caches the cpumask to a temporary variable before cpumap_print_{list, cpumask}_to_buf() to keep it unchanged during printing. Impact is p...

7.8CVSS6.7AI score0.00211EPSS
CVE
CVE
added 2025/01/21 12:18 p.m.1536 views

CVE-2025-21656

CVE-2025-21656 is a Linux kernel issue in topology printing (cpumap) where the vsnprintf-based formatting could mutate the cpumask during output, leading to inconsistent core visibility in the printed cpumap. The fix keeps the cpumask unchanged by caching it to a temporary variable before printin...

5.5CVSS6.7AI score0.00199EPSS
CVE
CVE
added 2025/01/15 1:5 p.m.1518 views

CVE-2024-57889

CVE-2024-57889 is resolved in the Linux kernel via a patch to the pinctrl-mcp23s08 driver. The issue occurred when using MCP23xxx IO expanders to receive IRQs, where regmap locking (mutex) around regmap_update_bits_base was invoked from a context that held a spinlock in __setup_irq(), leading to ...

5.5CVSS6.5AI score0.00162EPSS
CVE
CVE
added 2025/01/11 12:35 p.m.1515 views

CVE-2024-57791

CVE-2024-57791 affects the Linux kernel net/smc component. The vulnerability arises when draining clc data: the length field in smc_clc_msg_hdr, sourced from the network, may be trusted and if it exceeds buflen in smc_clc_wait_msg, a deadloop can occur. The connected documents describe the patch ...

7.5CVSS6.5AI score0.00737EPSS
CVE
CVE
added 2025/01/11 12:25 p.m.1450 views

CVE-2024-52332

CVE-2024-52332: Linux kernel igb driver fix for potential invalid memory access during module init. When pci_register_driver() can fail, the dca_notifier must be unregistered; otherwise, if igb fails to install, dca_notifier may be invoked and access memory that is no longer valid. The connected ...

7.1CVSS6.5AI score0.00231EPSS
CVE
CVE
added 2025/01/15 1:5 p.m.1440 views

CVE-2024-57899

CVE-2024-57899 affects the Linux kernel’s wifi/mac80211 code. On 32‑bit systems, the code uses or_each_set_bit(bit, &bits, sizeof(changed) * BITS_PER_BYTE) where an 8‑byte u64 is accessed as a 4‑byte unsigned long, causing incorrect bit searches and potential flag corruption in MBSS changes. The ...

7.8CVSS6.8AI score0.00218EPSS
CVE
CVE
added 2025/01/11 12:35 p.m.1432 views

CVE-2024-56372

CVE-2024-56372 affects the Linux kernel net/tun path. The vulnerability stems from tun_napi_alloc_frags() where code paths reuse the first iov component, producing a malformed skb and causing a kernel crash (OOPS) as shown by a syzbot trace in kernel/skbuff.c. The CVSS vector from NVD: Local acce...

5.5CVSS6.6AI score0.0024EPSS
Total number of security vulnerabilities4333