EUVD-2022-55787

In the Linux kernel, the following vulnerability has been resolved: crypto: qat - fix DMA transfer direction When CONFIGDMAAPIDEBUG is selected, while running the crypto self test on the QAT crypto algorithms, the function adddmaentry reports a warning similar to the one below, saying that...

EUVD-2022-55772

In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: add bounds check on Transfer Tag ttag is used as an index to get cmd in nvmettcphandleh2cdatapdu, add a bounds check to avoid out-of-bounds access...

AZL-73102 CVE-2025-68746 affecting package kernel for versions less than 6.6.121.1-1

In the Linux kernel, the following vulnerability has been resolved: spi: tegra210-quad: Fix timeout handling When the CPU that the QSPI interrupt handler runs on typically CPU 0 is excessively busy, it can lead to rare cases of the IRQ thread not running before the transfer timeout is reached...

CVE-2023-54066

In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb-v2: gl861: Fix null-ptr-deref in gl861i2cmasterxfer In gl861i2cmasterxfer, msg is controlled by user. When msgi.buf is null and msgi.len is zero, former checks on msgi.buf would be passed. Malicious data finally...

CVE-2023-54159

In the Linux kernel, the following vulnerability has been resolved: usb: mtu3: fix kernel panic at qmu transfer done irq handler When handle qmu transfer irq, it will unlock @mtu-lock before give back request, if another thread handle disconnect event at the same time, and try to disable ep, it m...

CVE-2025-68746

In the Linux kernel, the following vulnerability has been resolved: spi: tegra210-quad: Fix timeout handling When the CPU that the QSPI interrupt handler runs on typically CPU 0 is excessively busy, it can lead to rare cases of the IRQ thread not running before the transfer timeout is reached...

UBUNTU-CVE-2023-54085

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix NULL pointer dereference on fastopen early fallback In case of early fallback to TCP, subflowsynrecvsock deletes the subflow context before returning the newly allocated sock to the caller. The fastopen path does not...

CVE-2022-50717

In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: add bounds check on Transfer Tag ttag is used as an index to get cmd in nvmettcphandleh2cdatapdu, add a bounds check to avoid out-of-bounds access...

CVE-2022-50717

In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: add bounds check on Transfer Tag ttag is used as an index to get cmd in nvmettcphandleh2cdatapdu, add a bounds check to avoid out-of-bounds access...

UBUNTU-CVE-2022-50717

In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: add bounds check on Transfer Tag ttag is used as an index to get cmd in nvmettcphandleh2cdatapdu, add a bounds check to avoid out-of-bounds access...

CVE-2023-54159 usb: mtu3: fix kernel panic at qmu transfer done irq handler

In the Linux kernel, the following vulnerability has been resolved: usb: mtu3: fix kernel panic at qmu transfer done irq handler When handle qmu transfer irq, it will unlock @mtu-lock before give back request, if another thread handle disconnect event at the same time, and try to disable ep, it m...

CVE-2023-54159

No public technical details about CVE-2023-54159 are provided in the connected documents. The materials mention the Linux kernel mtu3 issue but do not specify affected versions, exploit info, or fixes. Monitor for updates from vendors/security advisories.

CVE-2023-54159 usb: mtu3: fix kernel panic at qmu transfer done irq handler

In the Linux kernel, the following vulnerability has been resolved: usb: mtu3: fix kernel panic at qmu transfer done irq handler When handle qmu transfer irq, it will unlock @mtu-lock before give back request, if another thread handle disconnect event at the same time, and try to disable ep, it m...

CVE-2023-54152 can: j1939: prevent deadlock by moving j1939_sk_errqueue()

In the Linux kernel, the following vulnerability has been resolved: can: j1939: prevent deadlock by moving j1939skerrqueue This commit addresses a deadlock situation that can occur in certain scenarios, such as when running data TP/ETP transfer and subscribing to the error queue while receiving a...

CVE-2023-54093 media: anysee: fix null-ptr-deref in anysee_master_xfer

In the Linux kernel, the following vulnerability has been resolved: media: anysee: fix null-ptr-deref in anyseemasterxfer In anyseemasterxfer, msg is controlled by user. When msgi.buf is null and msgi.len is zero, former checks on msgi.buf would be passed. Malicious data finally reach...

CVE-2022-50774 crypto: qat - fix DMA transfer direction

In the Linux kernel, the following vulnerability has been resolved: crypto: qat - fix DMA transfer direction When CONFIGDMAAPIDEBUG is selected, while running the crypto self test on the QAT crypto algorithms, the function adddmaentry reports a warning similar to the one below, saying that...

CVE-2022-50774

In the Linux kernel, CVE-2022-50774 relates to the QAT crypto DMA mapping logic. When DMA API debug is enabled, add_dma_entry warned about overlapping mappings for in-place crypto self-tests, caused by using DMA_BIDIRECTIONAL for both input and output. The fix specifies correct DMA transfer direc...

EUVD-2025-205102

In the Linux kernel, the following vulnerability has been resolved: spi: ch341: fix out-of-bounds memory access in ch341transferone Discovered by Atuin - Automated Vulnerability Discovery Engine. The 'len' variable is calculated as 'min32, trans-len + 1', which includes the 1-byte command header...

CVE-2023-54066

CVE-2023-54066 (Linux kernel) affects the media: dvb-usb-v2 driver for the gl861 device. In gl861_i2c_master_xfer, the user-controlled msg can have buf == NULL while len == 0, allowing prior checks on msg[i].buf to pass and potentially reach gl861_i2c_master_xfer with a NULL dereference. The vend...

CVE-2023-54066 media: dvb-usb-v2: gl861: Fix null-ptr-deref in gl861_i2c_master_xfer

In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb-v2: gl861: Fix null-ptr-deref in gl861i2cmasterxfer In gl861i2cmasterxfer, msg is controlled by user. When msgi.buf is null and msgi.len is zero, former checks on msgi.buf would be passed. Malicious data finally...