13804 matches found
CVE-2022-48840
CVE-2022-48840: Linux kernel iavf hang on reboot/shutdown due to a new wait-loop in iavf_remove() that could loop indefinitely when adapter is already removed during shutdown. The fix adds a state check at the start of iavf_remove() and skips rest of the function if the adapter is in __IAVF_REMOV...
CVE-2022-48971
CVE-2022-48971 describes a Linux kernel Bluetooth initialization issue: if bt_init fails after registering an LED via bt_leds_init(), bt_leds_cleanup() may not run, potentially allowing a freed bluetooth-power text to be accessed by later led_trigger_register() calls. The result can be a kernel p...
CVE-2022-48973
CVE-2022-48973 is a Linux kernel vulnerability in the gpio/amd8111 path related to a reference-count leak for PCI devices. The issue arises because for_each_pci_dev() is implemented via pci_get_device(), which increments the reference count for the returned pci_dev but may not decrement the input...
CVE-2022-48977
The CVE-2022-48977 vulnerability affects the Linux kernel CAN subsystem. It fixes a NULL pointer dereference in can_rcv_filter, triggered by missing initialization of ml_priv in the receive path for CAN frames. The issue arises because dev->type may be ARPHRD_CAN in CAN-capable devices, but so...
CVE-2022-48980
CVE-2022-48980: In the Linux kernel, a bound-check bug in sja1105_init_l2_policing() can cause an out-of-bounds write to the L2 policing table when handling multicast policers on SJA1105. The code computes the multicast policer index as 99 + SRCPORT and compares it to max_entry_count, but for por...
CVE-2022-48983
CVE-2022-48983 is a Linux kernel vulnerability where a NULL pointer dereference in io_tctx_exit_cb() could occur during io_uring/cancellation interplay, leading to a kernel panic. The issue arose when task_work added by io_ring_exit_work() could race with cancellation of exec work, causing curren...
CVE-2022-48985
CVE-2022-48985 (Linux kernel) : A race on per-CQ variable napi_work_done in net: mana can allow a concurrent thread to race with napi_complete_done(), potentially clearing NAPIF_STATE_SCHED and corrupting cq->work_done, leading to memory corruption and panic. The fix saves the per-CQ work_done...
CVE-2022-49247
CVE-2022-49247 – Linux kernel media stk1160 issue : The vulnerability concerns the stk1160 driver in the Linux kernel’s videobuf2 path. When start_streaming fails, the driver previously returned all queued buffers with VB2_BUF_STATE_ERROR, but it should have returned them with VB2_BUF_STATE_QUEUE...
CVE-2022-49354
CVE-2022-49354 is a Linux kernel issue where a refcount leak in octeon_pata_OCTEON code was fixed. The vulnerability stems from refcount handling in pata_octeon_cf during octeon_cf_probe and in the usage of of_find_device_by_node() which took a reference but was not released with put_device(). Th...
CVE-2022-49443
CVE-2022-49443 relates to a data race in Linux kernel epoll during epoll_wait, caused by lockless access to ep->rdllist via ep_events_available and list handling. The issue manifests as a KCSAN-detected race between ep_start_scan/ep_send_events and do_epoll_wait, potentially affecting availabi...
CVE-2022-49478
CVE-2022-49478 affects the Linux kernel via the media: pvrusb2 driver, specifically a faulty check in pvr2_i2c_core_init that permits an array index of -1 to be used. The issue arises when hdw->unit_number is initialized to -1 and may remain unchanged if the init-table walk fails, leading to o...
CVE-2022-50093
CVE-2022-50093 affects the Linux kernel IOMMU VT-d code. The issue arises from using arch_test_bit() with a possibly invalid first argument when NUMA is disabled, causing a potential wild memory access after node_online() returns NUMA_NO_NODE. The fix adds an explicit check for node != NUMA_NO_NO...
CVE-2023-3439
Ava ilable details from connected docs confirm CVE-2023-3439 affects the Linux kernel MCTP implementation. Specifically, mctp_unregister() reclaims a device resource on netcard detach, and a running routine may not notice this, leading to a use-after-free of the mdev->addrs object and a denial...
CVE-2023-3867
In CVE-2023-3867, the Linux kernel ksmbd SMB2 session setup function smb2_sess_setup could perform an out-of-bounds read when a compound SMB2 request contains a second payload, enabling an OOB read while processing the first payload. The issue is tied to not handling the case where smb2 session s...
CVE-2023-52525
CVE-2023-52525 affects the Linux kernel mwifiex wireless driver. The root cause is an out-of-bounds/overshoot check in mwifiex_process_rx_packet; the patch tightens the condition so the code path that accesses RFC1042 headers is skipped when the buffer is too small, allowing packets to be process...
CVE-2023-52818
CVE-2023-52818 affects the Linux kernel: drm/amd/ SMU7 UBSAN array-index-out-of-bounds due to pptable structs with flexible array sizes. The fix changes pptable structs to use flexible arrays. Impact is high with local, low-privilege exploitation potential as per the description. Remediation: app...
CVE-2023-52854
CVE-2023-52854 affects the Linux kernel's padata subsystem. In high-load arm64 scenarios, a race in refcount handling can cause a Use-After-Free when pd is freed during padata_serial_worker execution, leading to a potential crash or memory corruption. The documented root cause is improper refcoun...
CVE-2023-52882
In CVE-2023-52882, the Linux kernel vulnerability affects clk: sunxi-ng: h6 where CPUX reparenting during PLL CPUX rate change can cause instability, system crashes, or undefined behavior when CPUX clock changes while running. The issue was resolved by preventing instability when reparenting to a...
CVE-2023-52904
CVE-2023-52904 refers to a Linux kernel ALSA usb-audio vulnerability where snd_usb_pcm_has_fixed_rate() can dereference a NULL subs function argument. The root cause is using the subs argument before a NULL check, leading to an eventual NULL pointer dereference. Exploitation context is local (per...
CVE-2023-53047
CVE-2023-53047 describes a race condition in the Linux kernel module amdtee_open_session that could lead to use-after-free if a concurrent amdtee_close_session releases sess while a session is being populated. The advisories indicate the fix is to set sess->sess_mask as the last step in amdtee...
CVE-2023-53085
The CVE-2023-53085 issue affects the Linux kernel, specifically the drm/edid path. The root cause is a data leak: on EDID fetch errors that leave the transfer buffer unchanged, slab data can be leaked to logs. The fix clears the transfer buffer before fetching the EDID to prevent leaking informat...
CVE-2023-6560
CVE-2023-6560 corresponds to an out-of-bounds memory access in the Linux kernel io_uring subsystem (SQ/CQ rings) that can allow a local user to crash the system. Affected component is the io_uring handling code, specifically the __io_uaddr_map() path. The vulnerability is local in scope with the ...
CVE-2024-26630
CVE-2024-26630 (Linux kernel) : The issue in cachestat stemmed from reading folio data from the page cache XRAY without holding a reference, allowing a folio to be released and reused during the operation. The fix switches to the xarray machinery for folio offsets and dirty/writeback state, preve...
CVE-2024-26836
In CVE-2024-26836, the Linux kernel flaw lies in platform/x86 think-lmi where the password opcode ordering must occur before changing the attribute value for Lenovo workstations with Admin password enabled. The fix adjusts this order to address the issue (tested on some ThinkPads). The vulnerabil...
CVE-2024-26871
CVE-2024-26871 is a Linux kernel vulnerability affecting F2FS where a NULL pointer dereference can occur in f2fs_submit_page_write() due to io->bio being NULL in a race condition. The fix relocates zone-end calculation to run for each fio before skip handling, preventing dereference when multi...
CVE-2024-36009
CVE-2024-36009: Linux kernel ax25 netdev refcount issue in ax25_bind() caused by mismatch of dev_tracker ownership between ax25_dev and ax25_cb. The mitigation updates the ax25_dev->dev_tracker to the dev_tracker of ax25_cb to ensure proper lifecycle management during detach, preventing a refe...
CVE-2024-36026
CVE-2024-36026 affects the Linux kernel DRM/AMD PM path (drm/amd/pm). The issue causes random hangs during S4 stress tests when using SMU v13.0.4/11, as GC/RLC/PMFW can enter an invalid state and trigger hard hangs. A workaround implemented in the patch adds a GFX reset just before sending the MP...
CVE-2024-40971
CVE-2024-40971 concerns the Linux kernel f2fs inline encryption flag handling. The description notes that during f2fs_remount the SB_INLINECRYPT flag is cleared and later re-set, creating a window where newly created/opened files may not use inlinecrypt. The worst-case impact is potential data co...
CVE-2024-42115
CVE-2024-42115 involves the Linux kernel jffs2 subsystem. The issue stems from a memory-detection pattern in jffs_inode_info where fields (except sem) could remain uninitialized, causing a NULL/dangling target being freed in jffs2_free_inode during iget_locked/destroy_inode races under high press...
CVE-2024-43843
CVE-2024-43843 affects the Linux kernel in the riscv/bpf trampoline path. The issue stems from an inconsistency in the dry-run vs real patch phase after commit 26ef208c209a, where the size of the trampoline image used to allocate memory can lead to an out-of-bounds condition in RV64 when computin...
CVE-2024-46752
CVE-2024-46752 - Mode C (detailed, verified): The vulnerability is in the Linux kernel’s btrfs code path; specifically, update_ref_for_cow() previously used BUG_ON() and now returns an error, logs an error, and aborts the transaction when an extent buffer in the relocation tree lacks the full bac...
CVE-2024-47716
CVE-2024-47716 affects the Linux kernel on ARM where vfp: Use asm volatile in fmrx/fmxr macros fixes floating-point instructions from userspace that could crash arm kernels. The issue is demonstrated by a minimal userspace reproducer on a Raspberry Pi Zero W and is triggered when the kernel is bu...
CVE-2024-49932
CVE-2024-49932 affects the Linux kernel’s btrfs relocation path. The issue arises when relocating data extents on RAID stripe trees: readahead on the relocation inode may receive ENOENT from a RAID-based lookup, but the code does not handle the error, leading to invalid reads and a kernel bug in ...
CVE-2024-53071
CVE-2024-53071 affects the Linux kernel's drm/panthor driver. The panthor_device_mmap_io() path mishandles two IO-mapped regions: (1) it bails when VM_WRITE is set for DRM_PANTHOR_USER_FLUSH_ID_MMIO_OFFSET but does not clear VM_MAYWRITE, potentially allowing userspace to writable mappings later v...
CVE-2024-58088
In CVE-2024-58088, the Linux kernel’s BPF cgroup storage path could deadlock when freeing storage. The issue stemmed from passing NULL to bpf_local_storage_map_free() in cgrp storage, creating a locking window. Affected components include tasks attaching fentry/fexit programs and non-cgroup-attac...
CVE-2025-21754
The CVE-2025-21754 affects Linux kernel btrfs behavior. When a direct IO write triggers a transaction abort, ordered extents are marked with BTRFS_ORDERED_IOERR, and if an ordered extent still has bytes remaining, btrfs_split_ordered_extent() asserts on flags. The documented root cause is an asse...
CVE-2025-21794
The CVE-2025-21794 issue affects the Linux kernel HID driver for thrustmaster devices (HID: hid-thrustmaster). It is a stack-out-of-bounds read in the core usb_check_int_endpoints() path caused by passing an ep_addr array to a loop that advances past the end of the array when a null terminator is...
CVE-2025-21889
CVE-2025-21889 (Linux kernel) : The vulnerability resides in the perf subsystem where perf_iterate_ctx() traverses an RCU list without acquiring the RCU read lock, triggering lockdep warnings (and potential misuse) when perf probe runs with unshare(1) under CONFIG_PROVE_RCU_LIST=y. The issue has ...
CVE-2025-21890
CVE-2025-21890 affects the Linux kernel (idpf driver). The root cause is in idpf_rx_rsc(): it uses skb_transport_offset(skb) before the transport header is set, causing incorrect checksums and triggering a CONFIG_DEBUG_NET warning. The issue has been fixed in the kernel with the referenced commit...
CVE-2025-21895
CVE-2025-21895 pertains to the Linux kernel perf subsystem. The issue arises in perf/core where the order of perf_event_pmu_context entries in parent/child contexts can become inconsistent due to the timing of PMU/event additions, triggering a warning about an unordered pmu_ctx_list in perf_event...
CVE-2025-21913
CVE-2025-21913 affects the Linux kernel, addressing a vulnerability in x86/amd_nb related to MSR handling for MMCFG. The root cause involved unsafe or unchecked RDMSR accesses (amd_get_mmconfig_range) and Xen guests lacking MSR_FAM10H_MMIO_CONF_BASE support, which could trigger warnings and poten...
CVE-2025-21985
CVE-2025-21985 : In the Linux kernel DRM/AMD display path, the fix addresses out-of-bounds accesses. Specifically, hpo_stream_to_link_encoder_mapping is sized MAX_HPO_DP2_ENCODERS(=4) but can reference up to 6 elements, so the location must be checked against MAX_HPO_DP2_ENCODERS. Also, disp_cfg_...
CVE-2025-21998
CVE-2025-21998 : In the Linux kernel, the efivars service could race with memory pool allocation after the TZ allocator change, risking a NULL pointer dereference on racing EFI variable access. The fix ensures all resources are initialized before registering efivars (firmware: qcom: uefisecapp). ...
CVE-2025-22030
CVE-2025-22030 involves a deadlock in the Linux kernel zswap path. The root cause: zswap_cpu_comp_dead() can call crypto_free_acomp() while holding the per-CPU acomp_ctx mutex, while crypto_free_acomp() may attempt to acquire scomp_lock via crypto_exit_scomp_ops_async(), and crypto_alloc_acomp_no...
CVE-2025-22117
CVE-2025-22117 refers to a Linux kernel issue in the ice driver code path ice_vc_fdir_parse_raw(), where an untrusted proto->raw.pkt_len value was used without bound checks. The vulnerability is resolved by validating pkt_len against the VIRTCHNL_MAX_SIZE_RAW_PACKET limit to prevent processing...
CVE-2025-22128
CVE-2025-22128 affects Linux kernel wifi driver ath12k (shared IRQ path). The issue arises when IRQ affinity hints are set after IRQ vector allocation (ath12k_pci_msi_alloc()) and one of the IRQ requests fails, leading to a free IRQ without clearing the affinity hint, which can trigger a warning ...
CVE-2025-23132
CVE-2025-23132 affects the Linux kernel, specifically the F2FS quota path. The root cause is a race between quota writeback and checkpoint/remount/freeze/quotactl paths, which can trigger a warning in dquot_writeback_dquots() when the s_umount lock is not consistently held. The provided connected...
CVE-2025-23137
CVE-2025-23137: A NULL pointer dereference in Linux kernel cpufreq/amd-pstate during amd_pstate_update has been fixed by adding a NULL check for policy before dereferencing. This resolves a local-privilege scenario with a MEDIUM base score (CVSS v3.1: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). The con...
CVE-2025-23160
CVE-2025-23160 affects the Linux kernel on Mediatek platforms with a system companion processor (SCP). The issue is a resource leak in the Media subsystem (vcodec) during firmware initialization when the mtk_scp structure is not properly freed, leading to a leak if firmware initialization allocat...
CVE-2025-39688
CVE-2025-39688: In the Linux kernel NFS server, the fix for nfsd addresses handling of delegated states. The change adds SC_STATUS_FREEABLE to nfs4_lookup_stateid()'s always-allowed status mask, ensuring revoked delegations can be located when searching by stateid. It also removes SC_STATUS_FREEA...