CVE-2021-47473

CVE-2021-47473 affects the Linux kernel SCSI qla2xxx path. The issue is a memory leak in the error path of qla2x00_process_els() caused by an incorrect comparison of bsg_job->request->msgcode, which could leak fcport structures or free unallocated memory. The patch fixes the logic by ensuri...

CVE-2021-47511

The CVE-2021-47511 issue affects the Linux kernel ALSA: pcm: oss path, where period size calculation could produce negative values treated as positive due to size_t. The OSS layer could pass an oversized period/buffer to lower layers. The authenticated fix changes handling to ssize_t with proper ...

CVE-2021-47594

The CVE-2021-47594 entry is a legitimate Linux kernel vulnerability. It describes that the PM could close MPTCP listener subflows when deleting an endpoint, potentially affecting listener sockets bound to the endpoint IP and risking a NULL pointer dereference reported by syzbot. The connected doc...

CVE-2022-48841

Vulnerability CVE-2022-48841 affects the Linux kernel ice driver: NULL pointer dereference in ice_update_vsi_tx_ring_stats() during Tx ring stats update. If the ring pointer is NULL, a later access to propagate Tx stats to VSI stats could crash. The fix changes logic to move to the next ring when...

CVE-2022-48961

CVE-2022-48961 is a Linux kernel vulnerability affecting the MDIO subsystem. The issue is an unbalanced fwnode reference count in mdio_device_release(), caused by a missing fwnode_handle_put() in normal paths after fwnode_handle_get() during of_mdiobus_register_device() binding. The leak manifest...

CVE-2022-48987

CVE-2022-48987 affects the Linux kernel in media: v4l2-dv-timings.c. The issue was a misapplied blanking sanity check: when userspace supplies only a total blanking value, the total could be assigned to front porch, backporch, or sync fields, causing an overflow check to fail. The fix adds maximu...

CVE-2022-49002

The CVE-2022-49002 issue is in the Linux kernel’s IOMMU VT-d path. The for_each_pci_dev() loop relies on pci_get_device(), which increments the PCI device refcount, but an error path lacked a corresponding pci_dev_put(), leading to a potential reference-count leak. The fix adds pci_dev_put() in t...

CVE-2022-49103

CVE-2022-49103 is a Linux kernel issue where NFSv4.2 _nfs42_proc_copy_notify() leaks refcounts on two error paths after get_nfs_open_context() is called. The root cause is that refcount balancing is omitted on error returns, leading to leaks of the object ctx. The connected security documents con...

CVE-2022-49182

CVE-2022-49182 affects the Linux kernel net/hns3 VLAN handling. The vulnerability occurs when adding port base VLAN: removing the VF VLAN from HW and updating the VF VLAN list can lead to a use-after-free if the periodic task frees the same node. The patch adds a vlan list lock to protect the VLA...

CVE-2022-49219

CVE-2022-49219 concerns a memory-leak in the Linux kernel VFIO PCI driver during D3hot↔D0 transitions. If vfio_pci_core_device::needs_pm_restore is set, the current PCI state is saved in pm_save on D0→D3hot and would be restored on D3hot→D0. The code uses pci_store_saved_state() to save state and...

CVE-2022-49307

CVE-2022-49307 : In the Linux kernel, the tty synclink_gt driver can trigger a null-pointer dereference in slgt_clean() when alloc_hdlcdev() fails and the module is removed. Affected component: the synclink_gt (tty) HDLC driver path in the kernel. The root cause is a null dereference of info->...

CVE-2022-49385

CVE-2022-49385 concerns a Linux kernel UAF in the driver_base path. When driver_attach(drv) fails, the code frees driver_private but had already been added to the bus, allowing a use-after-free condition. The documented fix is to ensure the object is removed from the bus on failure, preventing th...

CVE-2022-49414

CVE-2022-49414 affects the Linux kernel/ext4: a race between ext4_write and ext4_convert_inline_data can trigger a BUG_ON in ext4_jbd2, potentially leading to filesystem corruption (example trace in Unity/OpenVAS advisories). The public documents identify the issue and describe the underlying cau...

CVE-2022-49855

CVE-2022-49855 affects the Linux kernel wwan driver (net: wwan: iosm). The root cause is that ipc_pcie_read_bios_cfg() uses acpi_evaluate_dsm() to obtain BIOS power-state config but fails to free the returned acpi_object, causing a memory leak. The issue has been resolved by freeing the acpi_obje...

CVE-2023-0030

CVE-2023-0030 describes a use-after-free in the Linux kernel nouveau driver related to triggering a memory overflow that causes nvkm_vma_tail to fail. Affected component: nouveau driver in the Linux kernel; root cause is use-after-free leading to crash and potential local privilege escalation. Pr...

CVE-2023-52562

CVE-2023-52562 affects the Linux kernel, specifically the slab allocator path in mm/slab_common. The root cause is a slab_caches list corruption that can occur when a module creates a slab cache but does not release all allocated objects before destroying the cache at rmmod time, causing kmem_cac...

CVE-2023-52590

CVE-2023-52590 affects the Linux kernel OCFS2 rename path. The issue arises when renaming a directory where the parent does not change; the VFS could lock-touch the renamed directory, risking filesystem corruption. The fix ensures ocfs2 rename code avoids touching a renamed directory if its paren...

CVE-2023-52596

CVE-2023-52596: Linux kernel sysctl out-of-bounds access when registering empty sysctl directories. Root cause: a check tests the first element of ctl_table for a permanently empty directory, leading to out-of-bounds. Mitigation in the patched code: register_sysctl_mount_point now passes a ctl_ta...

CVE-2023-52627

CVE-2023-52627 affects the Linux kernel IIO ADC driver for AD7091R-5 devices. The issue was a missing set of event configuration callbacks, causing null pointer dereferences when users attempted to configure or read IIO events and their thresholds. The fix adds event configuration callbacks to re...

CVE-2023-52633

CVE-2023-52633 affects the Linux kernel time-travel feature. In basic time-travel mode, timer_read() may process a timer interrupt after computing the forward time but before finishing the update, causing the interrupt to set a time that is incompatible with the forward, which can make time go ba...

CVE-2023-52939

Summary of CVE-2023-52939 (Linux kernel): The vulnerability is in the memory control group (memcg) path of the Linux kernel, specifically in mm: memcg: fix NULL pointer in mem_cgroup_track_foreign_dirty_slowpath(). The root cause arises after the hwpoison patch that forcibly uncharges a LRU hwpoi...

CVE-2023-53044

The CVE-2023-53044 entry concerns a Linux kernel vulnerability in the dm-stats path. A NULL pointer dereference can occur in dm_stats_cleanup() if alloc_percpu() fails during dm_stats_init(), with the failure not being properly propagated from alloc_precpu() or dm_stats_init() to dm_stats_cleanup...

CVE-2023-53101

CVE-2023-53101 affects the Linux kernel ext4 bootloader inode handling. The issue arises when EXT4_IOC_SWAP_BOOT initializes an inode with a non-zero i_size, causing i_disksize to remain non-zero and creating an i_size vs i_disksize inconsistency that can trigger a kernel warning (as shown in the...

CVE-2024-26684

CVE-2024-26684 relates to the Linux kernel net/stmmac/xgmac path. The root cause is unhandled Data Path Parity Errors (DPP) for DMA channels, which can trigger a storm of interrupts. The fix, per the connected sources, is to check and clear the DMA_DPP_Interrupt_Status register for each channel. ...

CVE-2024-26887

The CVE-2024-26887 issue affects the Linux kernel Bluetooth stack, specifically btusb (and related btmtk coredump handling). The vulnerability is a memory leak that occurs when cloning skb conditioned on CONFIG_DEV_COREDUMP, with potential skb leakage in the coredump path. The issue has been fixe...

CVE-2024-35992

CVE-2024-35992 : Linux kernel vulnerability in marvell a3700-comphy driver exposes an out-of-bounds read of gbe_phy_init_fix[fix_idx].addr; after fix_idx reaches ARRAY_SIZE(gbe_phy_init_fix), an iteration may read beyond, unless gbe_phy_init[addr] is used when all elements of gbe_phy_init_fix are...

CVE-2024-36973

CVE-2024-36973 is a Linux kernel vulnerability in the misc: microchip: pci1xxxx path. The issue is a double free in the error handling of gp_aux_bus_probe, where memory freed by ida_free() and kfree(aux_device_wrapper) could be freed again if auxiliary_device_add() fails and calls auxiliary_devic...

CVE-2024-40909

CVE-2024-40909 is a Linux kernel vulnerability resolved in the bpf subsystem. After commit 1a80dbcb2dba, a race could cause a use-after-free when bpf_link is freed by link->ops->dealloc_deferred but the code still tests and uses link->ops->dealloc afterward. The fix ensures only one o...

CVE-2024-41004

CVE-2024-41004 affects the Linux kernel tracing tests for build event generation in kprobes/synth tests. The vulnerability arises when those test modules are built-in instead of modular, causing events to remain locked in the kernel and breaking kprobe self-tests, which in turn causes ftracetest ...

CVE-2024-41027

CVE-2024-41027 affects the Linux kernel userfaultfd API. The issue arises when a feature not enabled in kernel config is requested: instead of returning an error, the kernel silently lists all features, potentially triggering a warning (as seen in zap_pte_range mortgage path). The fix is to have ...

CVE-2024-42273

CVE-2024-42273 is a Linux kernel vulnerability affecting f2fs where CURSEG_ALL_DATA_ATGC is incorrectly assigned to COMPR_ADDR when the page is GC’d with gcing flag, causing a kernel BUG at fs/f2fs/segment.c:3589 during writeback. The scenario involves creating a small file on a compressed f2fs f...

CVE-2024-42281

CVE-2024-42281 is a Linux kernel vulnerability fixed by the upstream commit: bpf: Fix a segment issue when downgrading gso_size. The fix linearizes the skb when downgrading gso_size to prevent a BUG_ON() later during skb segmentation as described in citations [1,2]. The provided documents confirm...

CVE-2024-42306

CVE-2024-42306 – Linux kernel UDF vulnerability : The issue arises when a corrupted filesystem block bitmap can be inconsistently used for allocations due to bitmap buffer loading state, risking allocation failures or mixed results. The fix adds a BH_verified flag to track bitmap validity, ensuri...

CVE-2024-42309

CVE-2024-42309 affects the Linux kernel (drm/gma500, psb_intel_lvds_get_modes). Root cause: drm_mode_duplicate() may fail and return NULL, risking a NULL pointer dereference. Fix: added a check to avoid NP Dereference. Impact: NULL pointer dereference could lead to a kernel crash; exploitation de...

CVE-2024-43868

CVE-2024-43868 is a Linux kernel flaw in the riscv purgatory alignment path. When alignment handling is delegated to the kernel, purgatory must keep all addresses word-aligned because the kexec trap handler is used. If alignment isn’t enforced, hitting the exception could crash the system; in oth...

CVE-2024-46798

CVE-2024-46798 (Linux kernel, ASoC: dapm) : A use-after-free in snd_soc_pcm_runtime is triggered during system suspend when snd_pcm_suspend_all() accesses a freed object. The issue was detected with KASAN configurations and occurs because snd_pcm_sync_stop() handles substream.runtime defensively,...

CVE-2024-46810

CVE-2024-46810 affects the Linux kernel UI path for displays: the drm/bridge tc358767 code may signal HPD events via IRQ before the connector is fully initialized, risking a NULL pointer dereference. The connected documents confirm a fix was applied by ensuring the connector is fully initialized ...

CVE-2024-47658

CVE-2024-47658 affects the Linux kernel crypto: stm32/cryp. The issue occurs when finalize is called with BH disabled in interrupt mode, causing a spinlock recursion warning and a potential reliability impact. The documented root cause is BH must be disabled during finalize, with the vulnerabilit...

CVE-2024-47702

CVE-2024-47702 affects the Linux kernel BPF verifier. It exposes a sign-extension error when loading packet fields (__sk_buff->data/data_end/data_meta), where a 32‑bit sign extension can yield an invalid pointer if the value is treated as 64‑bit. The issue arises from how sign-extension intera...

CVE-2024-47746

CVE-2024-47746 affects the Linux kernel fuse subsystem. The issue arises when FUSE_I_CACHE_IO_MODE is set and an exclusive lock is not used, potentially causing fuse_file_cached_io_open to wait indefinitely. The root cause is locking mode for this flag; the fix is to switch to exclusive locking w...

CVE-2024-49976

CVE-2024-49976 concerns an ABBA deadlock in the Linux kernel related to timerlat/osnoise kthread handling. The issue arises because stop_kthread() (offline callback for trace/osnoise:online) could deadlock due to holding interface_lock while cpus_write_lock/cpus_read_lock paths are taken, enablin...

CVE-2024-49980

CVE-2024-49980 affects the Linux kernel VRF path. The issue stems from removing an RCU-bh critical section around dev_queue_xmit_nit, which violated an invariant and could cause an inconsistent lock state, potentially enabling a deadlock during packet reception when BH is disabled. The vulnerabil...

CVE-2024-50161

CVE-2024-50161 refers to a Linux kernel vulnerability in the BPF/C API: when repeating BTF fields for an array of nested structs, the code failed to validate the remaining info_cnt, causing a UBSAN array-index-out-of-bounds condition (index 11 out of range for btf_field_info[11]). Affected compon...

CVE-2024-50297

CVE-2024-50297 affects the Linux kernel Xilinx AXI Ethernet driver (net: xilinx: axienet). A race occurs when Tx packets are enqueued in the dynamic queue limits (dql) before the DMA engine starts; when the DMA starts, a dql dequeue can execute before the packet is queued, causing a kernel crash ...

CVE-2024-52559

CVE-2024-52559 affects the Linux kernel DRM MSM GEM submit path. The vulnerability arises from an integer overflow when user-supplied submit->cmd[i].size and submit->cmd[i].offset (u32) are processed, leading to wrapping. The fix switches to size_add() to prevent the overflow. Patch referen...

CVE-2024-53149

Technical details (affected product, root cause, impact, fix) are not publicly provided in the connected documents; monitor for updates.

CVE-2024-56657

CVE-2024-56657 relates to the Linux kernel ALSA: control path where WARN() was used for symlink creation errors. The fix downgrades these warnings to dev_err() and adds the function name to the prefix to reduce confusion (notably for fuzzers). This is a patch-level remediation described in Azure ...

CVE-2024-58094

Technical details (affected product, root cause, impact, and remediation) are not publicly available in the provided connected documents. Monitor for updates from vendors and security advisories for CVE-2024-58094.

CVE-2025-21729

The CVE-2025-21729 vulnerability affects the Linux kernel wifi driver rtw89 (rtwdev) with a race between cancel_hw_scan and hw_scan completion. Root cause: rtwdev->scanning was not mutex-protected, allowing cancel_hw_scan to observe/modify state while hw_scan completion could unset the flag an...

CVE-2025-21773

CVE-2025-21773 affects the Linux kernel driver can: etas_es58x. The root cause is a potential NULL pointer dereference when es58x_dev->udev->serial is NULL; the driver previously assumed serial could never be NULL. A patch adds a check for es58x_dev->udev->serial before dereferencing ...