13804 matches found
CVE-2022-48829
CVE-2022-48829 affects the Linux kernel NFSD (NFSv3) and concerns how SETATTR/CREATE handle large file sizes. The issue stems from ia_size being a loff_t and the risk of client sizes exceeding s64_max; silently capping caused mismatches. The fix removes the min_t() check in decode_sattr3(), preve...
CVE-2022-48842
CVE-2022-48842 describes a race in the Linux kernel ice driver during interface enslave (bonding). The vulnerability occurs when an auxiliary device is re-created: ice_plug_aux_dev() is invoked from ice_service_task() context, potentially creating an aux device while another thread holds RTNL loc...
CVE-2022-48949
The CVE-2022-48949 issue affects the Linux kernel igb driver handling VF resets. When a MAC address is not assigned to a VF, the mailbox message portion sent to the VF is not initialized, and the memory backing the message is taken from the stack, potentially leaking information to the VM. The vu...
CVE-2022-49021
CVE-2022-49021 affects the Linux kernel’s PCI/phy probing path. A null-pointer dereference can occur during device removal if phy_attach_direct() fails after initializing dev->driver but before binding a driver (device_bind_driver not called). This leaves the knode_driver entry uninitialized, ...
CVE-2022-49155
Summary (CVE-2022-49155): The Linux kernel’s scsi/qla2xxx path (qla2xxx_create_qpair) was patched to suppress a kernel complaint arising from using smp_processor_id() in preemptible code (as seen in systemd-udevd). The connected advisories confirm the issue is addressed in the kernel and referenc...
CVE-2022-49276
CVE-2022-49276 affects the Linux kernel’s JFFS2 file-system code. A memory leak can occur in jffs2_scan_medium when an error in jffs2_scan_eraseblock() adds memory to jffs2_summary, leading to unreferenced allocations reported by kmemleak. The advisory notes that on exit the memory should be rele...
CVE-2022-49302
CVE-2022-49302 affects the Linux kernel USB host isp116x driver. The vulnerability arises when code fails to check the return value of platform_get_resource(), which can lead to a null pointer dereference if the call returns NULL. The connected documents confirm the issue and state that the fix i...
CVE-2022-49441
CVE-2022-49441 relates to a Linux kernel deadlock in tty handling. The root cause is a potential deadlock when kmalloc() path could trigger a printk() while holding tty_port->lock, enabling a cycle with console ownership locks. The described failing scenario involves multiple CPUs acquiring po...
CVE-2023-1194
CVE-2023-1194 detail (Linux kernel KSMBD parse_lease_state) Affected component: Linux kernel with KSMBD in-kernel Samba/CIFS. Root cause: missing validation of NameOffset in parse_lease_state() allows a malformed CREATE payload to reach the create_context object, enabling out-of-bounds memory acc...
CVE-2023-20842
CVE-2023-20842 affects MediaTek devices via the core component described as /imgs y s_cmdq/ . The vulnerability is an out-of-bounds write caused by missing valid range checking in imgsys_cmdq, which can enable local privilege escalation with System execution privileges after user interaction. No ...
CVE-2023-38430
The CVE-2023-38430 issue affects the ksmbd SMB server in the Linux kernel and is caused by insufficient validation of the SMB request protocol ID, leading to an out-of-bounds read in kernels before 6.3.9. The vulnerability is documented across multiple feeds (Ubuntu USNs and Nessus/OpenVAS adviso...
CVE-2023-52504
CVE-2023-52504 affects the Linux kernel (x86/alternatives) where KASAN can misbehave when apply_alternatives() patches CPU LA57-related features on 5-level paging systems. The issue arises because KASAN_SHADOW_START is derived from __VIRTUAL_MASK_SHIFT, which depends on cpu_feature_enabled(), lea...
CVE-2023-52507
CVE-2023-52507 affects the Linux kernel NFC stack (nfc: nci) where the protocol is validated via a bitmask; the issue arises from an assertion that the requested protocol is below the maximum, preventing a potential shift-out-of-bounds and clarifying errors between undefined vs. unsupported proto...
CVE-2023-52508
Technical details about CVE-2023-52508 are not publicly available in the provided Connected documents. Monitor for updates.
CVE-2023-52515
CVE-2023-52515 is a Linux kernel vulnerability in the RDMA/srp path. The issue occurs when SRP abort handling after scmd_eh_abort_handler() may call one of: scsi_queue_insert(), scsi_finish_command(), or scsi_eh_scmd_add(); if scsi_done() is invoked in srp_abort(), it can trigger a use-after-free...
CVE-2023-52564
CVE-2023-52564 is a Linux kernel issue related to the GSM tty driver. The advisory states that reverting the patch “tty: n_gsm: fix UAF in gsm_cleanup_mux” did not solve the original problem. The root cause described is that gsm_cleanup_mux() could call gsm_dlci_release() (via dlci_put()/tty_port...
CVE-2023-52642
CVE-2023-52642 concerns a Linux kernel issue in the media: rc subsystem where attaching/detaching BPF programs could require write permission, with an auxiliary CAP_NET_ADMIN requirement. The main impact described across multiple advisories is a locally exploitable condition in kernel space that ...
CVE-2023-52976
CVE-2023-52976 – Linux kernel : The vulnerability occurs in efi_mem_reserve_persistent when dereferencing the result of memremap while iterating a linked list, if memremap returns NULL. The patch adds a NULL check and falls back to allocating a new page when memremap fails, mitigating potential N...
CVE-2023-53036
CVE-2023-53036 relates to the Linux kernel's DRM/amdgpu stack. On GPUs with RAS enabled, there is a call trace warning and potential hang during device shutdown due to a vulnerability in the amdgpu_vram_mgr_fini path that can propagate through amdgpu_ttm_fini, amdgpu_bo_fini, and related release ...
CVE-2023-53059
CVE-2023-53059 :Vulnerability in the Linux kernel related to the Cros EC chardev path (platform/chrome) where an ioctl handling could leak kernel page data if a larger insize is provided in struct cros_ec_command when issuing EC host commands. The issue enables an information disclosure (confiden...
CVE-2023-53126
The CVE-2023-53126 entry concerns the Linux kernel mpi3mr SCSI driver: a memory leak in sas_hba.phy within mpi3mr_remove() is fixed, specifically freeing mrioc->sas_hba.phy at .remove. The vulnerability affects the kernel's SCSI MPI3MR path and was addressed by the fix; no exploit details are ...
CVE-2024-26856
CVE-2024-26856 relates to the Linux kernel net driver for Sparx5. A use-after-free occurs when a MAC table entry is removed but still used; the code freed the mac_entry before its vid was used to delete the HW entry. The fix delays freeing until after deleting the hardware entry by first using th...
CVE-2024-36008
CVE-2024-36008 affects the Linux kernel; connected sources confirm a vulnerability in IPv4 path involving NULL idev handling in ip_route_use_hint() and a NULL-deref in fib_validate_source(). The issue arises in older trees and was addressed by ensuring __in_dev_get_rcu() results are checked for N...
CVE-2024-36019
CVE-2024-36019 has concrete Linux kernel details in the connected document set: the issue is in the Linux kernel regmap maple driver, where cache corruption occurred due to indexing regcache_maple_entry[] by the register address instead of the required offset when preserving the upper end of a ca...
CVE-2024-38582
CVE-2024-38582 affects the Linux kernel nilfs2, causing a potential hang/deadlock during unmount. The issue arises when nilfs_segctor_sync() tries to synchronize with the log writer thread after nilfs_segctor_destroy() has already terminated that thread, leading to a deadlock path through several...
CVE-2024-38634
CVE-2024-38634 affects Linux kernel serial/max3100: a race occurs when uart_handle_cts_change() runs from a workqueue without holding port->lock, risking a kernel warning and potential crash. The fix enforces taking port lock before calling uart_handle_cts_change(), preventing the splat observ...
CVE-2024-40935
CVE-2024-40935 affects the Linux kernel cachefiles subsystem. In ondemand mode, when the cache is marked as CACHEFILES_DEAD, cachefiles_daemon_write() returns -EIO, preventing the daemon from passing the copen to the kernel and causing a hung_task for the waiting process. The fix requires flushin...
CVE-2024-40968
CVE-2024-40968 affects the Linux kernel on MIPS/Octeon systems. The issue was that after a PCIe link surprise down, the standard PCIe config interface could be abused to cause a kernel panic (“Data bus error”) when accessing peripheral PCIe devices. The fix adds a PCIe link status check and, when...
CVE-2024-42267
CVE-2024-42267 : Linux kernel riscv MM path fix. The vulnerability is in the page fault handling where VM_FAULT_SIGSEGV was not handled, now added to mm_fault_error() so the process is killed correctly and the kernel BUG is avoided. This is a kernel-level issue in the riscv memory management subs...
CVE-2024-42282
The CVE refers to the Linux kernel Mediatek driver: a NULL pointer dereference in dummy_net_device handling was addressed by moving the free_netdev() call from mtk_free_dev() to mtk_remove(), ensuring free_netdev() only runs after a successful mtk_probe() and full allocation of eth->dummy_dev....
CVE-2024-42286
CVE-2024-42286 concerns the Linux kernel scsi: qla2xxx where nvme_local_port validation was corrected. The issue could lead to a NULL pointer dereference during NVMe remote port registration in qla2xxx paths, potentially causing a kernel crash. Connected advisories (Astra Linux, Debian LTS, and A...
CVE-2024-44983
CVE-2024-44983 affects the Linux kernel (netfilter: flowtable: validate vlan header). The root cause is insufficient room/bounds checking to access the VLAN header protocol field, risking an improper flowtable lookup. The fix validates the VLAN header before using it in the flowtable lookup, with...
CVE-2024-44996
The CVE-2024-44996 issue affects the Linux kernel vsock path when a vsock socket is added to a BPF sockmap. The bug arises when prot->recvmsg is replaced by vsock_bpf_recvmsg(), creating a recursive call chain: vsock_bpf_recvmsg() -> __vsock_recvmsg() -> vsock_connectible_recvmsg() ->...
CVE-2024-46689
CVE-2024-46689 affects the Linux kernel function soc: qcom: cmd-db. The root cause is mapping the shared cmd-db memory region as WB instead of WC, which can trigger an XPU write-protection false positive that leads to a secure interrupt and an endless loop in Trust Zone. Qualcomm Hypervisor curre...
CVE-2024-46811
CVE-2024-46811 affects the Linux kernel in the DRM/AMD display component. A potential out-of-bounds condition arises when accessing bw_params->clk_table.entries (8 entries) if soc.num_states can reach 40; the issue is fixed by asserting when soc.num_states exceeds 8 during fpu_update_bw_boundi...
CVE-2024-47688
CVE-2024-47688 (Linux kernel) involves a potential null-pointer dereference in driver core during module_add_driver() probing for of-fpga-region. If kasprintf() fails, the exit path’s second sysfs_remove_link() could dereference a NULL driver_name because kernfs_name_hash() calls strlen() on NULL...
CVE-2024-49916
CVE-2024-49916 affects the Linux kernel’s drm/amd/display code (dcn401_init_hw). The root cause is a potential null pointer dereference when dc->clk_mgr or dc->clk_mgr->funcs is null. The fix adds explicit null checks before dereferencing clk_mgr/clk_mgr->funcs, preventing dereference...
CVE-2024-50178
Technical details (affected component, root cause, versions, or exploit status) are not provided in the connected documents; the initial description summarizes the fix but lacks vendor/product specifics in the supplied material. Monitor for authoritative advisories for updates.
CVE-2024-50206
CVE-2024-50206 affects the Linux kernel MTK Ethernet (mtk_eth_soc) driver. The vulnerability is caused by a loop that allocates up to MTK_FQ_DMA_LENGTH buffers and may touch more descriptors than allocated, leading to memory corruption of unrelated memory. The fixed code adjusts the loop iteratio...
CVE-2024-50222
Technical details beyond the summary, including affected products/versions, root cause, and fixes, are not provided in the connected documents; monitor for updates.
CVE-2024-50238
CVE-2024-50238 affects the Linux kernel Qualcomm qmp-usb/qmp-usbc drivers. The issue was a NULL-pointer dereference during runtime suspend caused by removing the initialisation of platform driver data in probe, after a commit cleaned up probe initialisation. The bug reproduced when the driver was...
CVE-2024-50239
The CVE-2024-50239 issue is tied to the Linux kernel driver for Qualcomm QMP USB (legacy) where data initialization was removed from probe, causing a NULL pointer on runtime suspend in the qcom-qmp-usb/ qmp-usb-legacy path. The fix restores the driver data initialization at probe to prevent the N...
CVE-2024-54458
The CVE-2024-54458 issue is in the Linux kernel, involving the SCSI/ufs subsystem (bsg path). The root cause is not fully described beyond the fix: after removing the bsg_queue, it should be set to NULL to avoid potential use-after-free (UAF). The advisory states this vulnerability has been resol...
CVE-2024-56628
CVE-2024-56628 affects the Linux kernel on LoongArch where an architecture-specific huge_pte_clear() implementation caused invalid huge_pte entries to be mishandled during PMD/PGD range freeing. The description notes a bug path leading to a bad page state in uffd-unit-tests and a subsequent kerne...
CVE-2024-56764
Technical details about CVE-2024-56764 are not provided in the supplied documents. Monitor for publicly available details and updates.
CVE-2024-58011
The CVE-2024-58011 entry concerns the Linux kernel, specifically the platform/x86 int3472 driver. The root cause is a missing check for adev against NULL when a device may not have an ACPI companion fwnode, which could allow adev to be NULL and lead to a NULL pointer dereference in skl_int3472_ge...
CVE-2024-58096
The CVE-2024-58096 entry concerns the Linux kernel wifi/ath11k monitoring path. The vulnerability arises when srng data is accessed via ath11k_hal_srng_* without acquiring srng->lock in monitor mode, potentially triggering warnings (RIP: ath11k_hal_srng_dst_peek) during (full) monitor operatio...
CVE-2025-21741
CVE-2025-21741 affects the Linux kernel usbnet/ipheth path. The bug is an out-of-bounds read in DPE handling within usbnet, where the number of processed DPEs could exceed the fixed-size NDP16 header. The advisory fix limits processing to the number that fits in the NDP16 header to prevent OoB re...
CVE-2025-21768
Technical details for CVE-2025-21768 are not publicly provided in the supplied documents. Monitor for updates from the linked advisories and security feeds.
CVE-2025-21970
Technical details for CVE-2025-21970 are not publicly provided in the supplied documents. No affected products, root cause, impact, or remediation specifics are present here. Monitor vendor advisories for updates and further public details.