cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-21680,https://securityvulnerability.io/vulnerability/CVE-2025-21680,Out-of-Bounds Access Vulnerability in Linux Kernel's Packet Generator Component,"An out-of-bounds access vulnerability exists in the Linux kernel's pktgen module, which can occur when a user provides an excessive number of imix entries. The flaw arises due to insufficient boundary checks, potentially resulting in access to invalid memory locations within the pkt_dev->imix_entries array. This vulnerability was identified in the Linux Kernel version 6.10.0-rc1 and can compromise system stability and security if exploited. Proper validation is required to prevent improper array access during operations related to packet generation.",Linux,Linux,7.8,HIGH,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-31T11:25:40.831Z,0
CVE-2025-21671,https://securityvulnerability.io/vulnerability/CVE-2025-21671,Use After Free Vulnerability in Linux Kernel's Zram Component,"The vulnerability involves a potential use after free issue in the Zram component of the Linux kernel. If the initialization of zram_meta_alloc fails early, the allocated memory for zram->table is freed but not set to NULL. This can result in a scenario where zram_meta_free could try to access the table, leading to undefined behavior or security risks if a user resets a failed and uninitialized device.",Linux,Linux,7.8,HIGH,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-31T11:25:34.546Z,0
CVE-2024-24423,https://securityvulnerability.io/vulnerability/CVE-2024-24423,Buffer Overflow Vulnerability in Linux Foundation Magma Software,"A buffer overflow has been identified in the Linux Foundation’s Magma software, specifically in the decode_esm_message_container function found in the EsmMessageContainer.cpp file. This vulnerability can be exploited by attackers, allowing them to send crafted NAS packets to the system, resulting in a Denial of Service (DoS). The issue affects versions up to 1.8.0 and has been resolved in version 1.9 as identified in commit 08472ba98b8321f802e95f5622fa90fec2dea486. Users are encouraged to upgrade to the latest version to mitigate potential risks.",Linux Foundation,Magma,7.5,HIGH,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-01-21T23:15:00.000Z,0
CVE-2024-24422,https://securityvulnerability.io/vulnerability/CVE-2024-24422,Stack Overflow Vulnerability in Magma by The Linux Foundation,"The Linux Foundation Magma product, versions prior to 1.9, has a vulnerability that enables attackers to trigger a stack overflow in the decode_protocol_configuration_options function, specifically located in /3gpp/3gpp_24.008_sm_ies.c. This issue can be exploited through a specially crafted NAS packet, leading to a Denial of Service (DoS), impacting service availability.",The Linux Foundation,Magma,7.5,HIGH,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-01-21T23:15:00.000Z,0
CVE-2024-24419,https://securityvulnerability.io/vulnerability/CVE-2024-24419,Buffer Overflow Vulnerability in Linux Foundation Magma Version <= 1.8.0,"A critical buffer overflow vulnerability has been identified in the Linux Foundation Magma up to version 1.8.0. This issue resides in the decode_traffic_flow_template_packet_filter function, specifically located in the /3gpp/3gpp_24.008_sm_ies.c file. If exploited, this vulnerability could allow attackers to launch a Denial of Service (DoS) attack by sending specially crafted NAS packets, leading to system instability and disruption of service.",Linux Foundation,Magma,7.5,HIGH,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-01-21T23:15:00.000Z,0
CVE-2024-24418,https://securityvulnerability.io/vulnerability/CVE-2024-24418,Buffer Overflow Vulnerability in Linux Foundation Magma Software,"A buffer overflow has been identified in the Linux Foundation's Magma software, specifically in the decode_pdn_address function. This vulnerability, present in versions up to 1.8.0, can be exploited by attackers who send specially crafted NAS packets, resulting in a Denial of Service (DoS). The issue has been addressed in version 1.9, ensuring users can safeguard their systems against potential disruptions by upgrading promptly.",Linux Foundation,Magma,7.5,HIGH,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-01-21T23:15:00.000Z,0
CVE-2024-24417,https://securityvulnerability.io/vulnerability/CVE-2024-24417,Buffer Overflow Vulnerability in Linux Foundation Magma Software,"The Linux Foundation's Magma software version 1.8.0 and earlier contains a security flaw in the decode_protocol_configuration_options function. This vulnerability can be exploited by attackers through carefully crafted NAS packets, which can lead to a Denial of Service condition. The issue has been patched in version 1.9, addressing the risk of interruptions to service and safeguarding the integrity of network operations.",Linux Foundation,Magma,7.5,HIGH,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-01-21T23:15:00.000Z,0
CVE-2024-24416,https://securityvulnerability.io/vulnerability/CVE-2024-24416,Buffer Overflow Vulnerability in Linux Foundation Magma,"A buffer overflow vulnerability has been identified in the decode_access_point_name_ie function of the Linux Foundation's Magma, specifically in versions up to 1.8.0. By sending specially crafted NAS packets, an attacker can trigger this flaw, potentially leading to a Denial of Service condition. The issue has been resolved in version 1.9 with commit 08472ba98b8321f802e95f5622fa90fec2dea486, reinforcing the importance of updating to the latest version to mitigate potential threats.",Linux Foundation,Magma,7.5,HIGH,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-01-21T23:15:00.000Z,0
CVE-2024-57926,https://securityvulnerability.io/vulnerability/CVE-2024-57926,Use-After-Free Vulnerability in Linux Kernel's Mediatek DRM Module,"A vulnerability exists in the MediaTek DRM module of the Linux kernel, which can lead to a use-after-free condition. This issue arises when the mtk_drm_bind function allocates resources but fails to properly nullify pointers upon error, leading to potential access to previously freed memory. As a result, this can manifest in system instability during shutdown processes, causing crashes and undesired behavior in kernel operations. Addressing this vulnerability requires immediate attention to ensure safe memory management and prevent exploitation.",Linux,Linux,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,false,false,false,,2025-01-19T11:52:43.915Z,0
CVE-2024-57911,https://securityvulnerability.io/vulnerability/CVE-2024-57911,Information Leak in Linux Kernel's Triggered Buffer Management,"A vulnerability exists in the Linux kernel's triggered buffer management that allows an information leak through uninitialized memory. The issue arises from the allocation of the 'data' array using kmalloc() without setting values for inactive channels. This oversight can result in exposing uninitialized data to user space, potentially compromising system security. The recommended fix is to utilize kzalloc for memory allocation, ensuring that the allocated memory is zeroed and does not expose sensitive information.",Linux,Linux,7.1,HIGH,0.0004199999966658652,false,,false,false,false,,false,false,false,,2025-01-19T11:52:33.806Z,0
CVE-2024-57910,https://securityvulnerability.io/vulnerability/CVE-2024-57910,Information Leak in Linux Kernel's VCNL4035 Light Sensor,"A vulnerability exists in the Linux kernel's handling of the VCNL4035 light sensor, where a local buffer used for data transfer to userspace is at risk of leaking uninitialized data. Specifically, if the buffer is not properly initialized before use, it may contain remnants of previous data, potentially exposing sensitive information. This issue arises from the failure to set an initial value for the buffer's data elements, resulting in at least 4 bytes of uninitialized data after reading an integer value. To mitigate this vulnerability, it is crucial to zero-initialize the buffer prior to its application in data transfer.",Linux,Linux,7.1,HIGH,0.0004199999966658652,false,,false,false,false,,false,false,false,,2025-01-19T11:52:33.140Z,0
CVE-2025-21652,https://securityvulnerability.io/vulnerability/CVE-2025-21652,Use-After-Free Vulnerability in Linux Kernel's Ipvlan Component,"A vulnerability exists in the Linux kernel's ipvlan component due to a use-after-free issue in the ipvlan_get_iflink() function. This arises when the lower device linked to the ipvlan interface is freed before its reference is properly managed. If the linkwatch triggering event occurs while the lower device is already freed, this may result in undefined behavior or crashes. The vulnerability has been addressed by ensuring that the lower device's reference count is maintained during initialization and destructed appropriately, preventing premature unregistration and enhancing overall stability in network device handling.",Linux,Linux,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,false,false,false,,2025-01-19T10:18:09.570Z,0
CVE-2025-21631,https://securityvulnerability.io/vulnerability/CVE-2025-21631,Linux Kernel Vulnerability in BFQ I/O Scheduler Component,"A vulnerability in the Linux kernel related to the BFQ I/O scheduler has been identified, which can lead to a use-after-free condition. The issue arises during the initialization of requests, where memory that was previously freed is accessed. Specifically, in the function bfq_init_rq, a slab-use-after-free can occur when a request object is not properly managed. An attacker exploiting this vulnerability could cause system instability, potentially leading to a denial-of-service or other unforeseen behaviors.",Linux,Linux,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,false,false,false,,2025-01-19T10:17:49.439Z,0
CVE-2024-57801,https://securityvulnerability.io/vulnerability/CVE-2024-57801,Linux Kernel Vulnerability in MLX5 Driver Affecting Device Management,"A vulnerability exists in the Linux kernel related to the MLX5 driver where the system may encounter a use-after-free condition. This occurs when the driver unloads without ensuring that certain virtual port representations are properly managed, resulting in attempts to access freed memory. Specifically, the issue arises when unregistering the network device while the virtual port representation has already been unloaded, which can potentially lead to instability or exploitation in a networked environment. Proper checks must be implemented to ensure data integrity during device management operations.",Linux,Linux,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,false,false,false,,2025-01-15T13:10:24.619Z,0
CVE-2024-57900,https://securityvulnerability.io/vulnerability/CVE-2024-57900,Race Condition Vulnerability in Linux Kernel's ILA Implementation,"A race condition in the Linux kernel's Ingress Locator Adjustment (ILA) feature can potentially allow multiple threads to execute the command to add mappings simultaneously. This creates a scenario where calls to register network hooks can occur concurrently, leading to unforeseen behavior and potential system instability. The vulnerability was identified by syzbot, which demonstrated a concurrent processing issue during ILA_CMD_ADD operations. This bug can result in a use-after-free error in the kernel, specifically noted in the rhashtable implementation. A mutex has been added to ensure that only one thread can call the network hook registration function at a time, mitigating the risk associated with this race condition.",Linux,Linux,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,false,false,false,,2025-01-15T13:05:51.798Z,0
CVE-2024-57896,https://securityvulnerability.io/vulnerability/CVE-2024-57896,Use-After-Free Vulnerability in Linux Kernel Btrfs File System,"A vulnerability in the Btrfs file system of the Linux kernel can lead to a use-after-free condition. During the unmount process, the cleaner thread is stopped, freeing its associated task structure. However, a worker from the delalloc_workers queue may still execute operations that reference the now-freed cleaner thread, leading to potential memory corruption. This can result in crashes or unexpected behaviors in systems using affected versions of the Linux kernel. Ensuring timely updates and applying patches is critical to safeguarding systems against this vulnerability.",Linux,Linux,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,false,false,false,,2025-01-15T13:05:48.310Z,0
CVE-2024-57892,https://securityvulnerability.io/vulnerability/CVE-2024-57892,Slab Use-After-Free Vulnerability in Linux Kernel's OCFS2 Management,"A vulnerability exists in the Linux kernel related to the OCFS2 file system, where a slab-use-after-free can occur during the remounting process. This happens when the user invokes a syscall to quota_getnextquota after mounting OCFS2 and subsequently remounting it as read-only. The root cause is the dangling pointer dqi_priv, which is freed during remounting but not set to null. As a result, this pointer remains accessible, potentially leading to undefined behavior and system stability issues. A fix has been implemented by ensuring that dqi_priv is set to null upon freeing and adding checks for the DQUOT_SUSPENDED flag during a quota retrieval operation.",Linux,Linux,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,false,false,false,,2025-01-15T13:05:44.635Z,0
CVE-2024-57887,https://securityvulnerability.io/vulnerability/CVE-2024-57887,Use-After-Free Vulnerability in Linux Kernel Affects Adv7533 Display Interface,"A serious use-after-free vulnerability exists within the Linux kernel related to the Adv7533 display interface. The issue arises when the host_node pointer is assigned and subsequently freed during the processing of device tree information in the adv7533_parse_dt() function. Later, this pointer is incorrectly utilized in the adv7533_attach_dsi() function, which can lead to potential exploitation risks. To rectify this vulnerability, the code was amended to remove the premature release of the node in adv7533_parse_dt() and ensure appropriate handling of node references during the error paths in probe() and during removal operations.",Linux,Linux,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,false,false,false,,2025-01-15T13:05:39.933Z,0
CVE-2024-57798,https://securityvulnerability.io/vulnerability/CVE-2024-57798,Use-After-Free Vulnerability in Linux Kernel Affecting Multiple Drivers,"A vulnerability in the Linux kernel arises when handling MST (Multi-Stream Transport) requests, specifically within the drm_dp_mst_handle_up_req() function. This issue occurs due to improper management of pointers, where the mst_primary pointer may be freed in one thread while being accessed in another, leading to potential NULL dereference or use-after-free scenarios. The vulnerability has been mitigated by ensuring that a reference to mst_primary is held while it is being utilized, thereby preventing accidental dereferencing of freed memory. It is crucial for system administrators to update to patched versions of the kernel to safeguard against this type of vulnerability.",Linux,Linux,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,false,false,false,,2025-01-11T12:39:48.212Z,0
CVE-2024-50051,https://securityvulnerability.io/vulnerability/CVE-2024-50051,Use-After-Free Vulnerability in Linux Kernel's MPC52xx SPI Module,"A use-after-free vulnerability exists in the Linux kernel's MPC52xx SPI module. When the module is removed, it can release resources inappropriately while a related work item is still active. Specifically, if the removal sequence occurs without canceling the active work, it can lead to a scenario where the freed resources are accessed, resulting in instability or potential security risks. The vulnerability has been addressed by ensuring that the work is properly canceled before the cleanup processes are executed in the module's removal function.",Linux,Linux,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,false,false,false,,2025-01-11T12:25:20.277Z,0
CVE-2024-56784,https://securityvulnerability.io/vulnerability/CVE-2024-56784,Memory Corruption in Linux Kernel Affecting AMD Display Drivers,"A vulnerability in the Linux kernel related to AMD display drivers was identified, where improper array index handling can lead to memory corruption. This issue arises due to out-of-bounds indices, which, if exploited, may allow attackers to manipulate memory contents. The resolution involves implementing array index checks to ensure indices remain within valid bounds, thus preventing potential corruption and enhancing overall system stability. This fix addresses a critical area in the graphics processing framework, underscoring the importance of rigorous code scrutiny in driver development.",Linux,Linux,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-08T18:15:00.000Z,0
CVE-2024-56775,https://securityvulnerability.io/vulnerability/CVE-2024-56775,Linux Kernel Vulnerability Affecting AMD Display Management,"A vulnerability in the Linux kernel concerning AMD display management was addressed, where the management of plane states lacked proper reference counting. This oversight could lead to memory leaks if the reference count was expected to decrease but was not handled correctly, or it could also lead to double frees and invalid memory accesses when the reference count was expected to increase. The solution involves ensuring that the current reference count is cached and reapplied during plane state restorations, thus enhancing the stability and security of the display management system.",Linux,Linux,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-08T18:15:00.000Z,0
CVE-2024-56772,https://securityvulnerability.io/vulnerability/CVE-2024-56772,Use After Free in Linux Kernel's Kunit Debugging System,"A vulnerability has been identified in the Linux kernel's Kunit debugging framework, specifically related to memory management. In the function kunit_debugfs_create_suite(), a flaw occurs when the allocation of a string stream fails during the execution of the kunit_suite_for_each_test_case() loop. If this allocation fails, the function does not properly nullify the stream pointer after freeing it. This oversight can lead to a Use After Free scenario, resulting in potential kernel panics or data corruption. The resolution involves modifying the error-handling path to ensure that the stream pointer is set to NULL post-free, mitigating the risk associated with accessing freed memory.",Linux,Linux,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-08T18:15:00.000Z,0
CVE-2024-56766,https://securityvulnerability.io/vulnerability/CVE-2024-56766,Double Free Vulnerability in Linux Kernel's Atmel PMECC Functionality,A vulnerability has been identified in the Linux kernel related to Atmel PMECC where the conversion of the user pointer allocation from kzalloc() to devm_kzalloc() leads to a potential double free scenario when kfree(user) is called. This flaw can contribute to system instability and may pose security risks if exploited. It is crucial for users and system administrators to update their kernel versions to mitigate this vulnerability.,Linux,Linux,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,false,false,false,,2025-01-06T17:15:00.000Z,0
CVE-2024-56765,https://securityvulnerability.io/vulnerability/CVE-2024-56765,Vulnerability in Linux Kernel Affecting IBM Power11 Systems,"This vulnerability in the Linux kernel arises from an improper handling of virtual memory areas (VMAs) in the VAS window struct. The issue occurs during migration, where the VMA address is not updated appropriately when munmap() is called. As a result, an invalid access to freed memory can take place, leading to potential system instability or crashes. The KASAN reports highlight that improper memory access can arise, representing a serious concern for users operating IBM Power11 systems relying on the Linux kernel.",Linux,Linux,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,false,false,false,,2025-01-06T17:15:00.000Z,0