13804 matches found
CVE-2022-48951
The CVE-2022-48951 vulnerability is in the Linux kernel ASoC path: snd_soc_put_volsw_sx() does bounds checks only for the first channel, allowing potential out-of-bounds writes to the second channel in stereo controls. This is fixed upstream by adding proper checks (e.g., kernel commits cf611d......
CVE-2022-49015
The CVE-2022-49015 entry concerns a Linux kernel use-after-free in the net: hsr path. The issue arises when a socket buffer (skb) delivered to netif_rx() may be freed, and subsequent dereferencing of skb could trigger a UAF. Affects the Linux kernel’s hsr subsystem (net: hsr) and is tied to skb l...
CVE-2022-49326
CVE-2022-49326 affects RTL818x wireless in Linux kernel (rtl8180/rtl8185/rtl8187se family). The issue arises from using not initialized tx queues, where reading ring->entries when zero can crash the kernel. The fix patches the driver to ignore priority for cards with a single TX queue and to p...
CVE-2022-49373
CVE-2022-49373 affects the Linux kernel watchdog ts4800_wdt refcount handling. According to connected docs, the issue arises because of_parse_phandle() returns a node pointer with its refcount incremented and missing of_node_put() on error paths, leading to a refcount leak in ts4800_wdt_probe. Th...
CVE-2022-49377
CVE-2022-49377 is a Linux kernel vulnerability in the block multi-queue (blk-mq) path. The root cause was a use-after-free involving ->tagset during blk_mq_run_hw_queues, when there were no queued requests and the tagset could be freed after blk_cleanup_queue. The fix disables touching tagset ...
CVE-2022-49669
CVE-2022-49669 concerns the Linux kernel’s MPTCP implementation. A race occurs when the listener socket closes and frees unaccepted subflows, potentially allowing a UaF as the MPTCP socket worker runs between delete operations and accesses msk->first. The fix entails traversing the listener so...
CVE-2022-49890
CVE-2022-49890 covers a Linux kernel memleak in cap_inode_getsecurity() when using vfs_getxattr_alloc() to allocate tmpbuf. If tmpbuf allocation succeeds but handler->get() fails, memory leak could occur in the sequence (krealloc of xattr_value, then assignment back to *xattr_value). The mitig...
CVE-2022-49985
The CVE-2022-49985 entry concerns the Linux kernel, where the BPF component allowed a range check descriptor to misrepresent a tight range because tnum_range(0, map->max_entries-1) may yield a superset of the intended values. The root cause is that the tnum-based range representation can erron...
CVE-2022-50020
CVE-2022-50020 affects the Linux kernel ext4 filesystem: the patch prevents online resizing to an unaligned/partial cluster boundary. The issue could cause the last resize iteration to grow the filesystem by a negative amount, tripping a BUG_ON and leaving the in-memory superblock corrupted. Conn...
CVE-2023-3357
CVE-2023-3357 describes a NULL pointer dereference in the Linux kernel AMD Sensor Fusion Hub driver. This vulnerability can be exploited by a local user to crash the system (local impact). Connected sources indicate a patched kernel is available; e.g., SUSE advisories note kernel updates for affe...
CVE-2023-38428
CVE-2023-38428 affects the Linux kernel (ksmbd) where fs/ksmbd/smb2pdu.c does not properly validate the UserName value because it ignores the address of the security buffer, causing an out-of-bounds read. The public description confirms the issue exists in kernels before 6.3.4. The connected docs...
CVE-2023-38429
The CVE-2023-38429 issue is reported in the Linux kernel (pre-6.3.4) within ksmbd: fs/ksmbd/connection.c contains an off-by-one error in memory allocation (ksmbd_smb2_check_message), which can cause out-of-bounds access. Connected advisories (Astra Linux, Nessus plugin references) corroborate the...
CVE-2023-52511
CVE-2023-52511 (Linux kernel, spi sun6i) : The issue stems from RX SPI transfers with DMA enabled where data could be corrupted during DMA to memory when transfers span more than a single byte. The fix reduces the width of each DMA read to the RX FIFO to a single byte, mitigating data loss. Publi...
CVE-2023-52641
CVE-2023-52641 : Linux kernel vulnerability in the ntfs3 file system driver. A NULL pointer dereference could occur at the end of attr_allocate_frame(); a patch adds NULL pointer checks and directs exit via the out: label to avoid dereference of debugging helpers. The issue is resolved by this fi...
CVE-2023-52810
CVE-2023-52810 refers to a Linux kernel issue in fs/jfs where l2nbperpage could become negative, causing a shift-out-of-bounds UBSAN failure in jfs_dmap.c. Reports indicate UBSAN: shift-out-of-bounds with shift exponent -16777216 and that the fix adds a validity check for negative db_l2nbperpage ...
CVE-2023-53060
CVE-2023-53060 concerns the igb driver in the Linux kernel. The description shows a data-race concern was introduced by a patch that added a lock via rtnl_lock to avoid a race between igb_remove/igb_ndo_get_vf_config and igb_disable_sriov paths, but this lock created a deadlock scenario during de...
CVE-2023-53065
CVE-2023-53065 is a Linux kernel vulnerability in perf/core where perf_output_begin was invoked with an incorrect parameter in perf_event_bpf_output. Syzkaller reported a KASAN stack-out-of-bounds issue, traced through __perf_event_header__init_id, causing memory overwrites. The root cause is the...
CVE-2023-53095
The CVE-2023-53095 issue is in the Linux kernel DRM TTM path, where a NULL pointer dereference could occur during swap decisions. The root cause is a mismatch in locking between res->bo (LRU lock) and bo->resource (object lock), with bo->resource clearing also guarded by the LRU lock. Th...
CVE-2023-53112
CVE-2023-53112 affects the Linux kernel DRM/I915 SSEU path. The root cause is an out-of-bounds access in intel_sseu_info_init/gen11_compute_sseu_info where gen11_sseu_info_init() could set 8 sub-slices while eu_mask->hsw is limited to 6, leading to index-out-of-bounds in a UBSAN report. The fi...
CVE-2023-53120
CVE-2023-53120 relates to the Linux kernel SCSI mpi3mr driver: a DMA memory leak in the config page, addressed by fixes that ensure pending DMA allocations are freed when the device is released. The root cause involves DMA memory not being properly released, with patches referenced in stable kern...
CVE-2024-26829
CVE-2024-26829 : Linux kernel vulnerability in media: ir_toy where a memleak could occur if the command path and irtoy_tx allocation are used and the command fails; the leak is mitigated by freeing the allocated buffer (buf) when irtoy_command fails. Connected advisories confirm the issue and des...
CVE-2024-26916
In the Linux kernel, CVE-2024-26916 is tied to the drm/amd gfxoff handling during suspend. Reverting earlier gfxoff flush logic allowed GFXOFF control to be exercised again on suspend, which can trigger SDMA traffic and lead to system deadlocks when suspending from GNOME. The fix is the revert of...
CVE-2024-39489
CVE-2024-39489 affects the Linux kernel's ipv6 sr seg6_hmac_init_algo. The issue was a memory leak where seg6_hmac_init_algo would return without cleaning up previously allocated memory if an allocation failed, leaking memory and crypto tfms. The fix adds proper cleanup by updating seg6_hmac_exit...
CVE-2024-40934
CVE-2024-40934: In the Linux kernel, a memory leak was fixed in HID logitech-dj handling (logi_dj_recv_switch_to_dj_mode and logi_dj_recv_send_report error path). Impact is local and can cause leakage on vulnerable runs; fixes are documented in kernel stability updates referenced in the sources. ...
CVE-2024-40947
CVE-2024-40947 affects the Linux kernel IMA subsystem. The root cause was sleeping in an RCU read-side critical section caused by kmalloc(GFP_KERNEL) inside ima_lsm_copy_rule (via ima_filter_rule_match) leading to potential use-after-free and NULL pointer dereference during file operations. The i...
CVE-2024-40970
The CVE-2024-40970 entry concerns a Linux kernel vulnerability in the dw-axi-dmac component that can cause a kernel panic due to an overrun of the hw_desc array when a descriptor chain expands (example: nr_buffers=3 with 3 segments per descriptor, totaling 9). The proposed fix, as described in mu...
CVE-2024-41068
CVE-2024-41068 – Linux kernel (s390 sclp_init cleanup) Affected: Linux kernel on s390. Root cause: sclp_init() could fail and leave sclp_state_change_event entries in sclp_reg_list, causing a list_add double add warning if multiple init attempts occur. Impact: local privilege or denial conditions...
CVE-2024-41074
Technical details for CVE-2024-41074 are not publicly available in the provided documents. Monitor for updates from vendors and security advisories.
CVE-2024-42063
CVE-2024-42063: In the Linux kernel, a KMSAN-flagged uninitialized memory issue was identified in BPF devmap when calling map_lookup_elem/map_delete_elem in interpreter mode. Reproducer shows uninitialized value paths through __dev_map_lookup_elem and bpf_map_lookup_elem during BPF program execut...
CVE-2024-42097
CVE-2024-42097 corresponds to a Linux kernel issue in ALSA emux patch handling where load_data() validation and skipping of the main info block was not aligned with load_guspatch(), and load_guspatch() lacked a check that the patch length matches the data. The connected Nessus entries confirm the...
CVE-2024-42119
The CVE-2024-42119 entry concerns a Linux kernel issue in drm/amd/display where the code pathSkip finding free audio for unknown engine_id (ENGINE_ID_UNKNOWN = -1) could be mishandled as an array index. The root cause is that ENGINE_ID_UNKNOWN is -1 and uninitialized, leading to unnecessary free ...
CVE-2024-42120
CVE-2024-42120 pertains to the Linux kernel, specifically a vulnerability in the DRM AMD display code. The issue is an OVERRUN caused by accessing the pipe_ctx array without validating an index against its MAX_PIPES size, which could lead to out-of-bounds access in the vblank handling path. The d...
CVE-2024-42299
CVE-2024-42299 : In the Linux kernel, the ntfs3 log handling could panic when a mounted NTFS filesystem is moved between systems with different PAGE_SIZE because log->page_size changes in log_replay() but log->page_{mask,bits} do not. The issue caused a negative calculation in read_log_page...
CVE-2024-42319
CVE-2024-42319 (Linux kernel) : The issue affects the mailbox/CMDQ path (mtk-cmdq) where devm_mbox_controller_register() was invoked before devm_pm_runtime_enable(). On unbind, a WARN_ON can trigger due to pm_runtime_get_sync()
CVE-2024-46842
The CVE-2024-46842 entry concerns the Linux kernel SCSI lpfc mailbox timeout handling. The MBX_TIMEOUT return wasn’t checked in lpfc_get_sfp_info, causing mailbox memory to be freed regardless of status; if firmware provides SFP data later, the reply memory could reference freed memory in the com...
CVE-2024-46847
CVE-2024-46847 — Linux kernel local vulnerability in vmalloc/vmap_block initialization. The issue occurred when a new vmap_block was created by new_vmap_block() and the partially initialised vb was added to the local vmap_block_queue xarray before vb->cpu was set, enabling a potential out-of-b...
CVE-2024-50176
CVE-2024-50176 is tied to the Linux kernel remoteproc k3-r5, where an error path during power-up could violate initialization rules and cause a core mismatch (first core usable, second not), leading to crashes on shutdown. The connected Nessus entry indicates this vulnerable state has not been pa...
CVE-2024-53107
CVE-2024-53107 refers to a Linux kernel vulnerability in fs/proc/task_mmu that could allow an integer overflow during pagemap_scan_get_args() due to the arg->vec_len value being used in a multiplication by sizeof(struct page_region). The fix changes the calculation to use size_mul() and adds s...
CVE-2024-53109
CVE-2024-53109 affects Linux kernel nommu builds. The issue occurred when deleting a vma entry from a maple tree: do_munmap required passing NULL to vma_iter_prealloc(), but an incorrect argument was provided, causing crashes when accessing a vma iterator (e.g., acct_collect() reading vma sizes)....
CVE-2024-56580
Technical details are not provided in the supplied documents. Monitor official advisories for CVE-2024-56580.
CVE-2024-57950
The CVE-2024-57950 entry concerns the Linux kernel drm/amd/display path, where a defect caused denominators used in calculations to potentially be uninitialized or set to zero, risking division by zero. The resolved description states the fix: initialize denominator defaults to 1 to avoid DIVIDE_...
CVE-2025-21696
CVE-2025-21696 (Linux kernel) : Affects memory management with userfaultfd (UFFD). When mremap() moves a region previously registered with UFFD_WP but without UFFD_FEATURE_EVENT_REMAP, the code could fail to clear uffd-wp on PTE/PMD, causing a mismatch between vma flags (UFFD_WP cleared) and PTE/...
CVE-2025-21712
CVE-2025-21712 affects the Linux kernel md-bitmap subsystem. The root cause was a use-after-destroy condition where bitmap_get_stats() could run even if the underlying mddev/bitmap storage was destroyed or not fully initialized, risking a general protection fault. The patch defends bitmap_get_sta...
CVE-2025-21810
The CVE-2025-21810 issue affects the Linux kernel driver core class_dev_iter APIs (class_dev_iter_init/next/exit). Root cause: class_dev_iter_init can leave the iter output uninitialized when class_to_subsys() errors, enabling wild pointer dereferences in class_dev_iter_next and during iteration/...
CVE-2025-21892
CVE-2025-21892 affects the Linux kernel's RDMA mlx5 driver, specifically the UMR QP recovery path. A race during recovery could cause the firmware to skip flushing some CQEs with errors and discard them when transitioning to RESET, potentially losing CQEs and leaving tasks blocked. The referenced...
CVE-2025-21953
CVE-2025-21953 describes a Linux kernel issue in the mana subsystem (MANA VM) triggered during hibernation. If mana_gd_resume() fails while creating HWC, mana_port_debugfs is not reinitialized and may point to an older, cleaned-up dentry. Later in the hibernate path, during power_down(), mana_gd_...
CVE-2025-22003
CVE-2025-22003 (Linux kernel, can: ucan): A one-byte out-of-bounds read was introduced in the can: ucan path due to a mismatch when using strscpy() with a length of len+1. The issue arises because strscpy() reads len+1 bytes from the source to detect truncation, even when the source is not NULL-t...
CVE-2025-22019
In CVE-2025-22019, the Linux kernel fix pertains to bcachefs: bch2_ioctl_subvolume_destroy() fixes; bch2_evict_subvolume_inodes() previously got stuck due to improper dcache pruning. Also, missing permissions checks were addressed. The description confirms Linux kernel involvement and bcachefs-le...
CVE-2025-22102
The CVE-2025-22102 vulnerability concerns the Linux kernel Bluetooth btnxpuart driver. During firmware release, a hardware defect can cause only one bootloader signature to be sent; the driver waits for consecutive signatures, leading to a timeout and a release_firmware call that can trigger a ke...
CVE-2025-22116
CVE-2025-22116 affects the Linux kernel idpf driver’s netdev handling. The patch adds an error check when creating vports, logs the vport number and error code, and ensures on removal that VPORT_REG_NETDEV is checked before unregister/free. It also introduces local variables (idx, vport_config, n...