CVE-2022-49313

CVE-2022-49313 : Linux kernel patch fixes a deadlock in usb host oxu_bus_suspend(). The issue arises when oxu_bus_suspend() holds oxu->lock while waiting for a timer to stop via del_timer_sync(), but the timer handler also needs the same lock, causing a potential deadlock. The patch removes de...

CVE-2022-49860

CVE-2022-49860 : The provided connected documents describe a Linux kernel vulnerability in the dmaengine: ti: k3-udma-glue subsystem, where a memory leak could occur if device_register() fails. The root cause is that, on failure, the code should call put_device() to release a reference, and the n...

CVE-2023-52566

The CVE concerns NILFS2 in Linux kernels: in nilfs_gccache_submit_read_data(), releasing the buffer head (bh) before unlocking/putting its page can trigger a use-after-free if bh->b_page is dereferenced. The fix moves the release after unlocking and putting the page. This patch targets GC-rela...

CVE-2023-52618

CVE-2023-52618 affects the Linux kernel’s block/rnbd-srv path. The issue stems from copying dev_search_path and a second string into full_path, each sized PATH_MAX, which could truncate. The root cause was a potential truncation in snprintf(full_path, PATH_MAX, "%s/%s", dev_search_path, dev_name)...

CVE-2023-52657

The CVE-2023-52657 entry centers on a Linux kernel revert in the AMD DRM subsystem (drm/amd/pm: resolve reboot exception for si oland), specifically reverting commit e490d60a2f76bff636c68ce4fe34c1b6c34bbd86. Public references describe that this change causes hangs on SI when DC is enabled and int...

CVE-2023-52884

CVE-2023-52884 is a Linux kernel issue where the input core locking for the cyapa driver’s suspend/resume paths was missing, allowing a warning to be emitted during suspend on Samsung Exynos5250 Snow Chromebook. The fix adds input->mutex locking in suspend/resume to prevent races with other in...

CVE-2023-52994

Summary (CVE-2023-52994): In the Linux kernel, suspending a system under Xen PV could dereference NULL due to a missed code path in acpi_get_wakeup_address, caused by the commit that skipped realmode init for Xen PV guests. The fix adds an optional ACPI callback to skip setting the wakeup address...

CVE-2023-53103

CVE-2023-53103 affects the Linux kernel bonding subsystem. A bug in the enslave/error path could clear the bond’s IFF_SLAVE/IFF_MASTER flags when an enslave of a non-ethernet device fails, causing inconsistent bond state. The fix uses bond_ether_setup to restore the bond’s flags correctly, ensuri...

CVE-2023-53105

CVE-2023-53105 affects the Linux kernel mlx5 driver, specifically a NULL pointer dereference in encap lock cleanup when unloading a module with a peer offloaded TC flow. The underlying issue occurs when the peer uplink rep profile is changed to a NIC profile and the encap lock is destroyed during...

CVE-2024-26858

CVE-2024-26858 : The issue is in the Linux kernel, specifically the mlx5e/PTP code. A memory-barrier-based fix was applied to ensure that PTP WQ xmit submission tracking occurs after populating the metadata_map. Merely reordering mlx5e_ptp_metadata_map_put and mlx5e_ptpsq_track_metadata in mlx5e_...

CVE-2024-26888

CVE-2024-26888 : Linux kernel vulnerability in Bluetooth msft path reported as fixed by a memory leak fix. The issue involved a leaking buffer allocated to send MSFT_OP_LE_MONITOR_ADVERTISEMENT. Public docs confirm the fix; CVSS indicates LOCAL attack vector with low to moderate impact (Base 5.5,...

CVE-2024-35901

CVE-2024-35901 relates to the Linux kernel mana driver: mana_get_rxbuf_cfg() aligns the RX DMA datasize to a multiple of 64, enabling a packet around MTU+14 (e.g., 1536) to be received and trigger skb_over_panic. The impact is a kernel panic/BUG in net/core/skbuff.c when skb_panic is hit during s...

CVE-2024-35902

The CVE-2024-35902 issue affects the Linux kernel’s RDS path. In net/rds, a null cp can be dereferenced in __rds_rdma_map when cp->cp_conn is accessed, potentially causing a crash. Analysis notes that cp is a parameter that may be NULL at several call sites (e.g., rds_get_mr, rds_get_mr_for_de...

CVE-2024-38602

The CVE-2024-38602 issue is in the Linux kernel ax25 subsystem, where a reference-count leak on the ax25_dev object was reported. The root causes are: (1) ax25_addr_ax25dev() could increase ax25_dev’s refcount multiple times, risking a memory leak, and (2) ax25_dev_device_down() could drop the re...

CVE-2024-39481

The CVE-2024-39481 issue affects the Linux kernel's media: mc component, specifically the media_pipeline_start graph walk. The root cause is that the graph walk followed all links, including non-pad links, which could crash the system when encountering links like MEDIA_LNK_FL_ANCILLARY_LINK. The ...

CVE-2024-40975

CVE-2024-40975 affects the Linux kernel in platform/x86/x86-android-tablets code. The issue arises when a device is unregistered while consumers still hold references, with the regulator subsystem given as a concrete example. If a regulator is unregistered prematurely, a WARN() can be triggered (...

CVE-2024-41047

CVE-2024-41047 affects the Linux kernel i40e driver handling of XDP programs during driver removal. The root cause was a PF state flag (__I40E_IN_REMOVE) intended to block XDP program changes, which proved insufficient when .ndo_bpf() was invoked outside rmmod context, risking a kernel warning wh...

CVE-2024-42285

The CVE-2024-42285 entry affects the Linux kernel’s RDMA/iwcm code and describes a use-after-free when destroying CM IDs. The issue originates from how iw_conn_req_handler() associates a new rdma_id_private (conn_id) with an existing iw_cm_id (cm_id): conn_id->cm_id.iw = cm_id; cm_id->conte...

CVE-2024-42313

CVE-2024-42313 affects the Linux kernel’s media: venus path, specifically a use-after-free in vdec_close() when the firmware queues a buffer-release work via HFI callbacks during decoding. The issue can occur if the decoder device is closed from userspace during normal decoding, potentially leadi...

CVE-2024-43831

The CVE-2024-43831 vulnerability affects the Linux kernel media/mediatek/vcodec path, specifically the vpu_dec_init function where an invalid decoder VSI could be mishandled. The fix, as documented, ensures the decoder VSI is valid for future use, reducing the risk of exploitation. The issue is c...

CVE-2024-44949

CVE-2024-44949 affects the Linux kernel on PA-RISC (parisc) systems. The issue stems from ARCH_DMA_MINALIGN being set to 16, enabling two unrelated 16‑byte allocations to share a cache line and risking DMA/cached writes corrupting the data. The fix updates the alignment: ARCH_DMA_MINALIGN becomes...

CVE-2024-45015

CVE-2024-45015 affects the Linux kernel component drm/msm/dpu. The vulnerability arises when crtc connectors_changed is set without a corresponding atomic_mode_set(), leading to an atomic_enable() followed by atomic_disable() without re-assigning the connector, causing NULL pointer dereference in...

CVE-2024-46730

CVE-2024-46730 is a Linux kernel vulnerability in drm/amd/display where tg_inst could be -1 (negative) if timing_generator_count equals 0. The patch fixes two related overrun issues by ensuring the array index tg_inst is never used when invalid, preventing potential out-of-bounds operations. The ...

CVE-2024-46755

CVE-2024-46755 affects the Linux kernel mwifiex wifi driver. The vulnerability occurs when mwifiex_get_priv_by_id() returns a priv pointer for a given bss_num/bss_type without verifying the priv is in use, leading to NULL pointer dereferences down the call stack when an AP is started (e.g., via w...

CVE-2024-47720

CVE-2024-47720 in the Linux kernel relates to the AMD display path (drm/amd/display) where dcn30_set_output_transfer_func dereferenced set_output_gamma without a null check. The patch adds a nullity check for set_output_gamma before calling it and logs an error if it is NULL, preventing a potenti...

CVE-2024-49855

CVE-2024-49855 affects the Linux kernel nbd subsystem, where a race between timeout handling and normal completion could lead to use-after-free. The issue arises when a timed-out request is requeued by nbd_requeue_cmd() and normal completion tries to finish it, risking use-after-free. The documen...

CVE-2024-50004

CVE-2024-50004 affects the Linux kernel DRM/AMD display component, specifically the DML2 policy with EnhancedPrefetchScheduleAccelerationFinal for DCN35. The vulnerability stems from a mismatch in the DCN35 DML2 policy that caused bandwidth validation to fail, leading to an unexpected DPP pipe, g...

CVE-2024-50020

CVE-2024-50020 (Linux kernel) affects the ice driver’s refcount handling in ice_sriov_set_msix_vec_count(). The issue: vf pointer reference counts were leaked if ice_get_vf_by_id() succeeds but ice_get_vf_vsi() fails, or if vf->first_vector_idx

CVE-2024-50112

In CVE-2024-50112, the Linux kernel fixes a weakness in Linear Address Masking (LAM) on x86 by disabling LAM in most cases. The vulnerability stems from transient execution risk related to LAM unless Linear Address Space Separation (LASS) is active. Until LASS support lands, LAM should only be al...

CVE-2024-50172

CVE-2024-50172 : Linux kernel RDMA bnxt_re memory leak fix. In bnxt_re_setup_chip_ctx(), if bnxt_qplib_map_db_bar() fails, the driver previously did not free the allocated rdev->chip_ctx memory. The described fix ensures proper cleanup in that failure path, preventing a memory leak. Connected ...

CVE-2024-53200

Technical details about CVE-2024-53200 are not publicly provided in the supplied documents. Monitor vendor advisories for updates, affected products, impact, and fixes.

CVE-2024-54455

Technical details about CVE-2024-54455 are not provided in the connected documents. Public information in the supplied sources does not specify affected products/versions or root cause beyond the general protection fault in ivpu_bo_list(). Monitor for official advisories.

CVE-2024-56702

The CVE-2024-56702 issue is a Linux kernel fix for BPF raw tracepoints. It explains that raw_tp arguments were previously treated as non-NULL, risking NULL dereferences when NULL values occur. The fix marks raw_tp arguments as PTR_MAYBE_NULL and adjusts dereferences, arithmetic, and allowed passe...

CVE-2024-57933

CVE-2024-57933 (Linux kernel, GVE/XDP/XSK) : The issue arises from races around XSK/XDP queue existence. The patch adds guards to XSK operations and XDP xmit/NDO paths based on queue existence and interface state, preventing crashes when interfaces go down or queues disappear during operation. It...

CVE-2024-58034

CVE-2024-58034 in the Linux kernel fixes an OF node reference bug in memory: tegra20-emc. The issue arises when tegra_emc_find_node_by_ram_code() releases some device nodes while still in use, potentially causing use-after-free (UAF). The description states that the emc-tables node is a child wit...

CVE-2024-58057

CVE-2024-58057 is described in connected advisories as a Linux kernel issue where the idpf driver converts workqueues to unbound (WQ_UNBOUND). The root cause is that unbound workqueues allow worker threads to run on any CPU within the same node when no CPU is specified, which can cause large comp...

CVE-2025-21941

Technical details for CVE-2025-21941 are not publicly provided in the supplied documents. Available materials mention a null-pointer guard in drm/amd/display but do not specify affected products, versions, exploitability, or mitigations. Monitor for updates.

CVE-2025-21978

CVE-2025-21978 – Linux kernel (drm/hyperv): address space leak in Hyper-V DRM device mapping . The vulnerability occurs when a Hyper-V DRM device is probed: the driver allocates MMIO space for VRAM and maps it as cacheable, but on device removal or probing error path the MMIO space is released wi...

CVE-2025-22026

CVE-2025-22026 (Linux kernel) affects nfsd in the kernel. The issue: nfsd_proc_stat_init() ignored the return value of svc_proc_register(), so if procfile creation fails the kernel may WARN later during removal. The fix updates nfsd_proc_stat_init() to return the same pointer type as svc_proc_reg...

CVE-2025-22033

CVE-2025-22033: Linux kernel arm64 fix for a NULL pointer dereference in alignment handling. The issue occurs when do_alignment_t32_to_handler() fixes only specific instructions and returns NULL for others (e.g., LDREX); callers would proceed with regular alignment fault handling (SIGBUS). Withou...

CVE-2025-22072

CVE-2025-22072 describes a Linux kernel flaw in the spufs subsystem related to gang directory lifetimes. The root cause involved improper handling of gang directories: on close, dentry pinning was broken and rmdir on close was removed, causing leaks when a gang context remained alive after the ga...

CVE-2025-23133

The CVE-2025-23133 issue is in Linux kernel ath11k: when a new channel list is received, it updates cfg80211 and queues reg_work, but may immediately execute reg_update_chan_list() before cfg80211 finishes handling the list, causing a potential slab-out-of-bounds write (KASAN) in ath11k_reg_updat...

CVE-2025-37811

CVE-2025-37811 is a Linux kernel vulnerability in the USB chipidea ci_hdrc_imx driver. The root cause is an unsafe dereference of data->usbmisc_data when usbmisc is NULL; the fix adds a guard before dereferencing the pointer. Reported under CVSSv3.1: AV Local, AC Low, PR Low, UI None, S U, C a...

CVE-2025-37932

The CVE-2025-37932 issue affects the Linux kernel’s HTB qdisc: htb_qlen_notify() was not idempotent and could deactivate an HTB class or trigger a warning if called when already deactivated. The fix ports the function to be idempotent, easing callers such as fq_codel_dequeue() and qdisc_tree_redu...

CVE-2009-2910

CVE-2009-2910 affects the Linux kernel’s ia32 entry path on x86_64. The issue is that arch/x86/ia32/ia32entry.S does not clear certain kernel registers before returning to user mode, which allows a local attacker to read register values from an earlier process after switching an ia32 process into...

CVE-2010-2492

CVE-2010-2492 affects the Linux kernel’s eCryptfs component: a buffer overflow in the ecryptfs_uid_hash macro (fs/ecryptfs/messaging.c) could allow local privilege escalation or a denial of service. The MiracleLinux AXSA advisory lists this CVE among kernel issues and specifies the flaw occurs in...

CVE-2010-3310

CVE-2010-3310 refers to multiple signedness errors in net/rose/af_rose.c of the Linux kernel, fixed before 2.6.36-rc5-next-20100923. The vulnerability allows local users to induce a denial of service (heap memory corruption) or possibly cause other unspecified impacts through a rose_getname call ...

CVE-2010-3437

The vulnerability CVE-2010-3437 affects the Linux kernel (before 2.6.36-rc6) in pkt_find_dev_from_minor within drivers/block/pktcdvd.c. A crafted index value passed via PKT_CTRL_CMD_STATUS ioctl can cause a signedness error, enabling local attackers to read kernel memory or trigger a crash (DoS)....

CVE-2010-4080

CVE-2010-4080 affects the Linux kernel: snd_hdsp_hwdep_ioctl in sound/pci/rme9652/hdsp.c does not initialize a structure, enabling local attackers to leak kernel stack information via SNDRV_HDSP_IOCTL_GET_CONFIG_INFO. Affected products/versions: Linux kernel before 2.6.36-rc6. Impact is an inform...

CVE-2011-1017

CVE-2011-1017 relates to a heap-based buffer overflow in the Linux kernel’s LDM code path. Affected component: fs/partitions/ldm.c (ldm_frag_add) in kernel 2.6.37.2 and earlier. Root cause cited in connected docs: bugs in evaluating LDM partitions could crash the kernel for certain corrupted LDM ...