807 matches found
CVE-2022-50784
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mei: fix potential NULL-ptr deref after clone If cloning the SKB fails, don't try to use it, but rather return as if we should pass it. Coverity CID: 1503456...
CVE-2022-50829
In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: hifusb: Fix use-after-free in ath9khifusbregincb It is possible that skb is freed in ath9khtcrxmsg, then usbsubmiturb fails and we try to free skb again. It causes use-after-free bug. Moreover, if allocskb fails,...
CVE-2022-50829 wifi: ath9k: hif_usb: Fix use-after-free in ath9k_hif_usb_reg_in_cb()
In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: hifusb: Fix use-after-free in ath9khifusbregincb It is possible that skb is freed in ath9khtcrxmsg, then usbsubmiturb fails and we try to free skb again. It causes use-after-free bug. Moreover, if allocskb fails,...
PT-2025-54132
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's iwlwifi component, specifically within the dvm module, related to a memory copy operation. A received TKIP key can be up to 32 bytes, potentially...
PT-2025-54117
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.14.0+ 131...
wifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187_rx_cb()
...
EUVD-2023-60274
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921: fix skb leak by txs missing in AMSDU txs may be dropped if the frame is aggregated in AMSDU. When the problem shows up, some SKBs would be hold in driver to cause network stopped temporarily. Even if the probl...
CVE-2023-54131
In the Linux kernel, the following vulnerability has been resolved: wifi: rt2x00: Fix memory leak when handling surveys When removing a rt2x00 device, its associated channel surveys are not freed, causing a memory leak observable with kmemleak: unreferenced object 0xffff9620f0881a00 size 512: com...
CVE-2023-54053
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: pcie: fix possible NULL pointer dereference It is possible that iwlpciprobe will fail and free the trans, then afterwards iwlpciremove will be called and crash by trying to access trans which is already freed, fix...
CVE-2022-50740
CVE-2022-50740 is referenced in multiple advisories as a Linux kernel vulnerability affecting the wifi/ath9k driver (hif_usb) where a memory leak of urbs occurs in ath9k_hif_usb_dealloc_tx_urbs(). The root cause is that usb_get_urb() is followed by usb_free_urb()/usb_put_urb() not being called in...
CVE-2022-50740 wifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs()
In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: hifusb: fix memory leak of urbs in ath9khifusbdealloctxurbs Syzkaller reports a long-known leak of urbs in ath9khifusbdealloctxurbs. The cause of the leak is that usbgeturb is called but usbfreeurb or usbputurb is no...
CVE-2022-50709
CVE-2022-50709 concerns the Linux kernel’s wifi/ath9k path where ath9k_hif_usb_rx_stream() can allocate skb with uninitialized memory because pkt_len is not validated before use in ath9k_htc_rx_msg(). The patch described resolves the issue by validating pkt_len prior to access in ath9k_htc_rx_msg...
CVE-2025-68362 wifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187_rx_cb()
In the Linux kernel, the following vulnerability has been resolved: wifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187rxcb The rtl8187rxcb calculates the rx descriptor header address by subtracting its size from the skb tail pointer. However, it does not validate if the received...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from failure to release associated channel survey data when removing the rt2x00 device, which could lead to a...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an invalid address access in brcmfmac, which could cause the kernel to crash...
PT-2025-49497
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists in the ath12k qmi driver event work function within the ath12k driver. The issue occurs when the ATH12K FLAG UNREGISTERING bit is set, preventing the proper freeing ...
kernel: wifi: mt76: fix linked list corruption
A flaw was found in the linux kernal wifi subsystem mt76txqschedulependingwcid and mt76txqschedulepending functions of the mt76 driver. Under certain conditions, scheduled wcid entries are left on a temporary on‑stack list, which may lead to linked‑list corruption and memory corruption, allowing ...
CLSA-2025-1763734783 kernel: Fix of 64 CVEs
media: bttv: fix use after free error due to btv-timeout timer CVE-2023-52847 - firmware: armscpi: Ensure scpiinfo is not assigned if the probe fails CVE-2022-50087 - wifi: mwifiex: Fix OOB and integer underflow when rx packets CVE-2023-53226 - vsock: Fix transport TOCTOU CVE-2025-38461 - ALSA:...
CVE-2025-30255
Out-of-bounds write for some IntelR PROSet/Wireless WiFi Software for Windows before version 23.160 within Ring 2: Device Drivers may allow a denial of service. Unprivileged software adversary with an unauthenticated user combined with a low complexity attack may enable denial of service. This...
kernel: wifi: mwifiex: Fix OOB and integer underflow when rx packets
A flaw out of bounds read in the Linux kernel Marvell mwifiex driver was found in the way user sends malicious Wi-Fi packets. A remote user with Wi-Fi connection could use this flaw to crash the system...