17 matches found
CVE-2025-38441
CVE-2025-38441 affects the Linux kernel netfilter flowtable nf_flow_pppoe_proto() where the Ethernet header was not accounted for in PPPoE offload logic, leading to potential use of uninitialized data (KMSAN). The vulnerability is locally exploitable; CVSS 3.1/AV:L/AC:L/PR:L/UI:N/S:U/I:N/A:H with...
CVE-2025-38158
CVE-2025-38158 affects the Linux kernel (hisi_acc_vfio_pci) and fixes an XQE/AEQE DMA address error observed after migration. The root cause is an incorrect address construction when reading hardware registers, causing wrong DMA addresses for EQE/AEQE and guest kernel‑mode encryption services to ...
CVE-2025-37934
In the Linux kernel, the following vulnerability has been resolved: ASoC: simple-card-utils: Fix pointer check in graphutilparselinkdirection Actually check if the passed pointers are valid, before writing to them. This also fixes a USBAN warning: UBSAN: invalid-load in...
CVE-2022-49929 RDMA/rxe: Fix mr leak in RESPST_ERR_RNR
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix mr leak in RESPSTERRRNR rxerecheckmr will increase mr's refcnt, so we should call rxeputmr to drop mr's refcnt in RESPSTERRRNR to avoid below warning: WARNING: CPU: 0 PID: 4156 at...
CVE-2025-22092 PCI: Fix NULL dereference in SR-IOV VF creation error path
In the Linux kernel, the following vulnerability has been resolved: PCI: Fix NULL dereference in SR-IOV VF creation error path Clean up when virtfn setup fails to prevent NULL pointer dereference during device removal. The kernel oops below occurred due to incorrect error handling flow when...
CVE-2025-22082
CVE-2025-22082 affects the Linux kernel IIO subsystem: iio_backend_debugfs_write_reg() could pass an uninitialized stack buffer to sscanf() due to missing NULL termination. The root cause is a stack buffer not guaranteed to be 0-initialized, leading to potential uncontrolled reads. The vulnerabil...
CVE-2023-52985
In the Linux kernel, the following vulnerability has been resolved: arm64: dts: imx8mm-verdin: Do not power down eth-phy Currently if suspending using either freeze or memory state, the fec driver tries to power down the phy which leads to crash of the kernel and non-responsible kernel with the...
CVE-2024-58034 memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code()
In the Linux kernel, the following vulnerability has been resolved: memory: tegra20-emc: fix an OF node reference bug in tegraemcfindnodebyramcode As offindnodebyname release the reference of the argument device node, tegraemcfindnodebyramcode releases some device nodes while still in use,...
CVE-2025-21718
In the Linux kernel, the following vulnerability has been resolved: net: rose: fix timer races against user threads Rose timers only acquire the socket spinlock, without checking if the socket is owned by one user thread. Add a check and rearm the timers if needed. BUG: KASAN: slab-use-after-free...
CVE-2024-57985 firmware: qcom: scm: Cleanup global '__scm' on probe failures
In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: scm: Cleanup global 'scm' on probe failures If SCM driver fails the probe, it should not leave global 'scm' variable assigned, because external users of this driver will assume the probe finished successfully. For...
CVE-2022-49375
The CVE-2022-49375 entry concerns the Linux kernel rtc: mt6397 driver. The described vulnerability is a potential null-pointer dereference when platform_get_resource() returns NULL, caused by not checking the return value. The connected documentation states the fix is to check the return value of...
CVE-2022-49227
CVE-2022-49227 : In the Linux kernel igc driver, the ethtool RX-ring reconfiguration path copies an igc_ring structure but fails to reset the xdp_rxq_info member before igc_setup_rx_resources is called. This causes xdp_rxq_info_reg() to be invoked on an already registered xdp_rxq_info, leading to...
CVE-2022-49180
In the Linux kernel, the following vulnerability has been resolved: LSM: general protection fault in legacyparseparam The usual LSM hook "bail on fail" scheme doesn't work for cases where a security module may return an error code indicating that it does not recognize an input. In this particular...
CVE-2025-21680
The CVE-2025-21680 issue affects the Linux kernel’s pktgen code, specifically get_imix_entries, where an insufficient boundary check on the imix_entries array allows out-of-bounds access when a large number of imix entries are passed. This leads to UBSAN reported array-index-out-of-bounds in net/...
CVE-2024-56625
CVE-2024-56625 refers to a Linux kernel issue where the can: dev: can_set_termination() implementation used gpiod_set_value() to drive a GPIO behind a sleep-capable expander, which can sleep. The root cause is the use of gpiod_set_value() in the GPIO termination patch, triggering a warning when t...
CVE-2024-53146 NFSD: Prevent a potential integer overflow
In the Linux kernel, the following vulnerability has been resolved: NFSD: Prevent a potential integer overflow If the tag length is = U32MAX - 3 then the "length + 4" addition can result in an integer overflow. Address this by splitting the decoding into several steps so that decodecbcompound4res...
CVE-2024-26828 cifs: fix underflow in parse_server_interfaces()
In the Linux kernel, the following vulnerability has been resolved: cifs: fix underflow in parseserverinterfaces In this loop, we step through the buffer and after each item we check if the sizeleft is greater than the minimum size we need. However, the problem is that "bytesleft" is type ssizet...