CVE-2026-31439

The CVE-2026-31439 entry refers to a Linux kernel issue in dmaengine: xilinx: xdma, where devm_regmap_init_mmio could return an ERR_PTR and the error handling/ messaging were incorrect. The description and connected advisories confirm this is a kernel regression/fix in the regmap init path, with ...

CVE-2023-53017

The CVE-2023-53017 entry concerns a memory leak in the Linux kernel Bluetooth stack (hci_sync path). Root cause: in hci_update_adv_data(), if hci_cmd_sync_queue() fails, the allocated inst_ptr was not freed. Mitigation: switch to using ERR_PTR/PTR_ERR to pass the instance to the callback, so no a...

CVE-2024-56660

CVE-2024-56660 : In the Linux kernel, the DR (Direct Routing) path for mlx5 may return either -EBUSY or -ENOMEM from dr_domain_add_vport_cap(), but the code can propagate an error pointer when -ENOMEM is returned. This can lead to a dereference of an error pointer inside dr_ste_v0_build_src_gvmi_...

CVE-2024-56660 net/mlx5: DR, prevent potential error pointer dereference

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: DR, prevent potential error pointer dereference The drdomainaddvportcap function generally returns NULL on error but sometimes we want it to return ERRPTR-EBUSY so the caller can retry. The problem here is that "ret" ca...

CVE-2024-50056

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: Fix ERRPTR dereference in uvcv4l2.c Fix potential dereferencing of ERRPTR in findformatbypix and uvcv4l2enumformat. Fix the following smatch errors: drivers/usb/gadget/function/uvcv4l2.c:124 findformatbypix erro...

CVE-2024-50056 usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: Fix ERRPTR dereference in uvcv4l2.c Fix potential dereferencing of ERRPTR in findformatbypix and uvcv4l2enumformat. Fix the following smatch errors: drivers/usb/gadget/function/uvcv4l2.c:124 findformatbypix erro...

CVE-2024-50056 usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: Fix ERRPTR dereference in uvcv4l2.c Fix potential dereferencing of ERRPTR in findformatbypix and uvcv4l2enumformat. Fix the following smatch errors: drivers/usb/gadget/function/uvcv4l2.c:124 findformatbypix erro...

CVE-2024-50056

CVE-2024-50056 pertains to the Linux kernel USB gadget UVC driver. The description documents a fix for an ERR_PTR dereference in uvc_v4l2.c, specifically preventing potential dereferencing of ERR_PTR() in find_format_by_pix() and uvc_v4l2_enum_format(). A related related issue is also addressed i...

CVE-2024-42303 media: imx-pxp: Fix ERR_PTR dereference in pxp_probe()

In the Linux kernel, the following vulnerability has been resolved: media: imx-pxp: Fix ERRPTR dereference in pxpprobe devmregmapinitmmio can fail, add a check and bail out in case of error...

CVE-2024-42303 media: imx-pxp: Fix ERR_PTR dereference in pxp_probe()

In the Linux kernel, the following vulnerability has been resolved: media: imx-pxp: Fix ERRPTR dereference in pxpprobe devmregmapinitmmio can fail, add a check and bail out in case of error...

CVE-2024-40933

In the Linux kernel, the following vulnerability has been resolved: iio: temperature: mlx90635: Fix ERRPTR dereference in mlx90635probe When devmregmapiniti2c fails, regmapee could be error pointer, instead of checking for ISERRregmapee, regmap is checked which looks like a copy paste error...

CVE-2024-40933 iio: temperature: mlx90635: Fix ERR_PTR dereference in mlx90635_probe()

In the Linux kernel, the following vulnerability has been resolved: iio: temperature: mlx90635: Fix ERRPTR dereference in mlx90635probe When devmregmapiniti2c fails, regmapee could be error pointer, instead of checking for ISERRregmapee, regmap is checked which looks like a copy paste error...

CVE-2024-40933 iio: temperature: mlx90635: Fix ERR_PTR dereference in mlx90635_probe()

In the Linux kernel, the following vulnerability has been resolved: iio: temperature: mlx90635: Fix ERRPTR dereference in mlx90635probe When devmregmapiniti2c fails, regmapee could be error pointer, instead of checking for ISERRregmapee, regmap is checked which looks like a copy paste error...

CVE-2024-36968

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix div-by-zero in l2capleflowctlinit l2capleflowctlinit can cause both div-by-zero and an integer overflow since hdev-lemtu may not fall in the valid range. Move MTU from hcidev to hciconn to validate MTU and...

CVE-2024-36968

CVE-2024-36968 (Linux kernel) : A Bluetooth L2CAP issue in the kernel could cause div-by-zero and integer overflow due to hdev->le_mtu potentially being out of range. The fix moves MTU validation from hci_dev to hci_conn, halting connection setup when MTU is invalid, and adds validation in rea...

CVE-2024-35902

The CVE-2024-35902 issue affects the Linux kernel’s RDS path. In net/rds, a null cp can be dereferenced in __rds_rdma_map when cp->cp_conn is accessed, potentially causing a crash. Analysis notes that cp is a parameter that may be NULL at several call sites (e.g., rds_get_mr, rds_get_mr_for_de...

Null pointer dereference

The cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58, and IBM AFS 3.6 before Patch 19, on Linux allows remote attackers to cause a denial of service system crash via an RX response with a large error-code value that is interpreted as a pointer and dereferenced,...

CVE-2009-1250

The cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58, and IBM AFS 3.6 before Patch 19, on Linux allows remote attackers to cause a denial of service system crash via an RX response with a large error-code value that is interpreted as a pointer and dereferenced,...