13804 matches found
CVE-2021-47165
CVE-2021-47165 relates to the Linux kernel drm/meson shutdown crash when the main component is not probed (e.g., dw-hdmi not loaded or probe deferred). The issue causes a NULL dereference during shutdown, shown in meson_drv_shutdown and related shutdown paths. The fix described across sources is ...
CVE-2021-47293
CVE-2021-47293 affects the Linux kernel net/sched skbmod path. The issue: tcf_skbmod_act() assumed Ethernet at L2, causing silent packet corruption for non‑Ethernet protocols (e.g., CAN vcan devices). Affected scenario shown by examples using vcan0 and skbmod swap mac; fix implemented to skip skb...
CVE-2021-47407
The CVE-2021-47407 issue is in the Linux kernel's KVM x86 code related to SRCU initialization during page track setup. The root cause is a missing validation of init_srcu_struct()’s return value, which can fail (e.g., due to OOM) and lead to a NULL pointer dereference found by a modified syzkalle...
CVE-2021-47465
CVE-2021-47465 is a Linux kernel vulnerability affecting the PPC Book3S HV emergency stack handling. The issue occurred in idle_kvm_start_guest(), where the previous approach stored CR/LR and stack frames on the emergency stack without ensuring a valid frame boundary, causing writes outside the e...
CVE-2021-47490
CVE-2021-47490 affects the Linux kernel DRM memory management (drm/ttm). The issue is a memleak during ttm_transfered_destroy, and the fix includes cleanup of fences for ghost objects. The available connected advisories/policy notes confirm the vulnerability is fixed by kernel patches; no exploit...
CVE-2021-47496
The CVE relates to the Linux kernel net/tls implementation: tls_err_abort() sign handling was flipped, causing sk->sk_err to be used with a positive value and leading to memory corruption in downstream code (e.g., tls_sw_do_sendpage and splice_from_pipe_feed). The root cause is inconsistent ne...
CVE-2022-3110
CVE-2022-3110 affects the Linux kernel (through 5.16-rc6) and is tied to the r8188eu wireless driver. The vulnerability is in _rtw_init_xmit_priv (drivers/staging/r8188eu/core/rtw_xmit.c), where the return value of rtw_alloc_hwxmits() is not checked, which may lead to a NULL pointer dereference. ...
CVE-2022-3910
CVE-2022-3910 is a Local Use-After-Free in the Linux kernel’s io_uring path. The root cause is an improper update of the reference count when io_msg_ring is invoked with a fixed file, causing a use-after-free and local privilege escalation. The issue arises because fixed files are permanently reg...
CVE-2022-48958
The CVE-2022-48958 issue is in the Linux kernel ethernet aeroflex driver (greth_init_rings). The root cause is a skb leak when dma_mapping_error() occurs, where the newly allocated skb was not freed. A fix adds dev_kfree_skb() to ensure proper cleanup. The vulnerability is addressed by kernel pat...
CVE-2022-49138
CVE-2022-49138 in the Linux kernel Bluetooth hci_event path caused memory corruption when multiple conn complete events arrive for the same handle. The vulnerability arises because the device could be registered multiple times for a single connection. The fixes add handling to ignore redundant ev...
CVE-2022-49241
CVE-2022-49241 affects the Linux kernel ASoC: atmel subsystem, specifically the sam9x5_wm8731_driver_probe. The root cause is a device_node pointer returned by of_parse_phandle() with refcount incremented, but of_node_put() is not invoked in the error path, causing a refcount leak. The fix adds p...
CVE-2022-49281
CVE-2022-49281 affects Linux kernel CIFS multiuser handling: each user has a separate tcon and handle for a cached directory, but on unmount the kernel must release the pinned dentry for every tcon rather than only the master tcon. If not, unmount can emit warnings of in-use dentries. The issue i...
CVE-2022-49447
CVE-2022-49447 concerns the Linux kernel on ARM/HiSilicon where of_find_compatible_node increments the device_node refcount but no corresponding of_node_put was invoked, causing a refcount leak. The fix removes the leak by adding of_node_put after of_find_compatible_node. Affected software is the...
CVE-2022-49453
Summary (CVE-2022-49453) : In the Linux kernel, the TI SoC power-domain driver (soc: ti: ti_sci_pm_domains) might dereference a NULL pointer if devm_kcalloc returns NULL. The recommended fix is to check the allocation result and return -ENOMEM, mirroring the handling in earlier code paths. The is...
CVE-2022-49455
CVE-2022-49455 (Linux kernel) fixes a double-free bug in ocxl_file_register_afu: info_release() could be invoked during device_unregister() when info->dev’s refcount was 0, making an extra ocxl_afu_put()/kfree() unnecessary. The patch adds free_minor() and returns to the err_unregister path to...
CVE-2022-49508
CVE-2022-49508 affects the Linux kernel HID elan driver. The issue was a potential double free in elan_input_configured because input may be freed explicitly via input_free_device() even though the device is managed by devm_input_allocate_device(). The devm framework guarantees automatic cleanup ...
CVE-2022-49566
The CVE-2022-49566 issue affects the Linux kernel crypto/qat RSA path. When an RSA key in PKCS #1 V2.1 form 2 is used, private key components persist after the TFM is released due to memory not being freed. The fix replaces explicit buffer frees in qat_rsa_exit_tfm() with a call to qat_rsa_clear_...
CVE-2022-49751
CVE-2022-49751 corresponds to a Linux kernel issue where, during removal of the ds2482 driver, a warning is produced: do not call blocking ops when !TASK_RUNNING; state=1 in w1_process(). The fix involves altering w1_process() so that when the loop breaks, the task state is set to TASK_RUNNING to...
CVE-2022-49842
CVE-2022-49842: In the Linux kernel’s ASoC core, a use-after-free in snd_soc_exit() was fixed. The root cause was a missing error check in snd_soc_init() where snd_soc_util_init() could fail and return value was ignored, causing soc_dummy_dev to be unregistered twice. The fix requires handling er...
CVE-2023-52640
CVE-2023-52640 (Linux kernel ntfs3): The issue is a local, out-of-bounds in ntfs_listxattr where the length of the name must not exceed the allocated EA space. Affected code path is in the ntfs3 filesystem. The connected Astra Linux advisory confirms the same vulnerability and indicates a resolve...
CVE-2023-52789
CVE-2023-52789 : In the Linux kernel, the vulnerability affects the tty/vcc path (vcc_probe). The root cause is failure to check the return value of kstrdup(), risking a NULL pointer dereference. The fix adds a check for kstrdup() and returns an error if it fails. This resolves the issue by preve...
CVE-2023-52801
CVE-2023-52801 concerns the Linux kernel iommufd code. In iopt_area_split(), if the original iopt_area had filled a domain and is linked to domains_itree, pages_nodes must be reintegrated; otherwise domains_itree becomes corrupted and leads to use-after-free. The vulnerability is resolved by ensu...
CVE-2023-53086
The CVE-2023-53086 entry concerns the Linux kernel wifi driver mt76 in Connac where WED status was checked for non-MMIO devices. The fixed patch removes the WED check for non-MMIO (e.g., USB/SDIO), addressing a crash observed during wireless authentication/association flow. Public descriptions co...
CVE-2024-26742
The CVE-2024-26742 issue lies in the Linux kernel’s scsi: smartpqi driver, where enablement of the default PCI_IRQ_AFFINITY flag caused incorrect registration with the block layer (blk_mq_pci_map_queues was used instead of blk_mq_map_queues). This could produce a stack trace and potentially undef...
CVE-2024-35929
The CVE-2024-35929 issue affects the Linux kernel in the rcu_nocb path, specifically when CONFIG_RCU_NOCB_CPU_DEFAULT_ALL=y and CONFIG_RCU_LAZY=y. It can trigger WARN_ON_ONCE in rcu_nocb_bypass_lock() and rcu_nocb_wait_contended(), potentially exposing a local-privilege or local-execution impact ...
CVE-2024-36969
The CVE-2024-36969 issue affects the Linux kernel drm/amd/display component, specifically a division-by-zero in setup_dsc_config when slice_height is 0, which could crash the amdgpu driver and reboot the system. The patch introduces a guard to avoid dividing by zero (dc_dsc.c:1053; dc_dsc_compute...
CVE-2024-38606
CVE-2024-38606 in the Linux kernel relates to the crypto/qat path where adf_send_admin_tl_start() loads a slice_cnt array from FW and tl_print_dev_data() reports statistics via debugfs. If the FW returns an unexpected slice count, the code could read beyond the allocated buffer, potentially trigg...
CVE-2024-42103
CVE-2024-42103 applies to the Linux kernel BTRFS subsystem. The issue arises in the reclaim path for block groups: during btrfs_reclaim_bgs_work, a block group removed from the reclaim list can be added in parallel to the unused list, which may then be moved to the reclaim list again and corrupt ...
CVE-2024-42121
CVE-2024-42121 is a Linux kernel vulnerability affecting the DRM/AMD display path. The issue arises from how msg_id is used as an array index and can be negative (not equal to MOD_HDCP_MESSAGE_ID_INVALID, -1). The root cause is missing validation of msg_id before read/write operations, leading to...
CVE-2024-42127
CVE-2024-42127 affects the Linux kernel driver for Lima (drm/lima) which uses a shared IRQ. The root cause is that during driver removal, clocks are disabled early while interrupts remain registered due to devm-based management, allowing interrupt handlers to run and access device registers with ...
CVE-2024-42138
CVE-2024-42138 affects the Linux kernel mlxsw mlxsw_linecard_types_init() and mlxsw_linecards_init() in mlxsw core_linecards. When an invalid INI file triggers deallocation, mlxsw_linecard_types_init() frees memory but does not set the pointer to NULL; if an error occurs after the init() call, ml...
CVE-2024-42277
CVE-2024-42277 affects the Linux kernel through a NULL dereference in the SPRD IOMMU path. Specifically, in sprd_iommu_cleanup(), before invoking sprd_iommu_hw_en(), dom->sdev may be NULL, leading to a NULL dereference. The connected Astra Linux bulletin confirms the same vulnerability in Linu...
CVE-2024-43825
The CVE-2024-43825 entry concerns a Linux kernel IIO subsystem issue: in iio_gts_build_avail_time_table, the sorting logic can misbehave when a time_us value is zero, potentially causing an out-of-bounds write (example sequence 3, 0, 1) and, if no zero times exist, elements may be copied unsorted...
CVE-2024-43832
CVE-2024-43832 affects the Linux kernel (s390/uv) and is resolved by ensuring folio_wait_writeback() is called with a folio reference. The issue arises after PTL drop when a folio could be freed concurrently; a temporary reference is now grabbed to prevent use-after-free. Impact is Local, with CV...
CVE-2024-43847
CVE-2024-43847 affects the Linux kernel wireless driver ath12k (reported under the Linux kernel vulnerability about fragmented packets). The issue arises when the monitor ring and the reo reinject ring share the same ring mask index; an interrupt on the reo reinject ring can cause the monitor rin...
CVE-2024-43850
CVE-2024-43850 affects the Linux kernel’s Qualcomm icc-bwmon: a refcount imbalance can occur during bwmon_remove, triggering a kernel warning and potentially delaying OPP releases. The OSV and vendor advisories corroborate the issue and describe the fix as a code correction in the bwmon removal p...
CVE-2024-44991
CVE-2024-44991 affects the Linux kernel TCP stack: concurrent calls to tcp_sk_exit_batch() can race with inet_twsk_purge() across dying netns, risking timewait sockets of the exiting netns. The root cause: after the net/core/net_namespace change (commit that batches inet_twsk_purge), tcp_twsk_pur...
CVE-2024-46846
The CVE-2024-46846 issue is a Linux kernel vulnerability found in the Rockchip SPI driver (spi: rockchip) involving unbalanced runtime PM/system PM handling. The root cause was a commit that stopped respecting runtime PM and unconditionally disabled clocks during system sleep, potentially double-...
CVE-2024-49887
CVE-2024-49887 targets the f2fs file system in the Linux kernel. Root cause: when injecting a fault for “no free segment,” the kernel could panic in __allocate_new_segment / get_new_segment, triggering a serious system halt. The description notes the issue was resolved by a fix that prevents pani...
CVE-2024-53080
CVE-2024-53080 concerns the Linux kernel’s drm/panthor path, where a race occurs when retrieving a vm pointer from an internal XArray. The patch requires using the XArray’s internal locking to guard this operation, per the description. A follow-up note clarifies that the patch removed protection ...
CVE-2024-56750
CVE-2024-56750 : Linux kernel — erofs filesystem vulnerability. The issue occurs when mounting file-backed filesystems with an EROFS block size smaller than PAGE_SIZE, where EROFS previously called sb_set_blocksize() and could panic if bdev-backed mounts were not used. The fix directly adjusts s_...
CVE-2025-21710
CVE-2025-21710 is a Linux kernel tcp window handling vulnerability exposed under extreme memory squeeze. Under memory pressure a socket may advertise a zero-sized window temporarily, but the zero window is not stored in socket state. If the current window value stalls at a problematic point, the ...
CVE-2025-21906
Summary: CVE-2025-21906 in the Linux kernel relates to the wifi: iwlwifi: mvm ROC handling. The issue occurs when the firmware fails to start session protection; IWL_MVM_STATUS_ROC_P2P_RUNNING may never be set, causing a WARN_ON() on a remaining on-channel link. The fix adds setting IWL_MVM_STATU...
CVE-2025-21982
CVE-2025-21982 affects the Linux kernel’s pinctrl nuvoton npcm8xx GPIO firmware path. The issue stems from devm_kasprintf() potentially returning NULL on failure, with the NULL return not being checked in npcm8xx_gpio_fw(), leading to a kernel NULL pointer dereference. A fix adds a NULL-check in ...
CVE-2025-37880
CVE-2025-37880 affects the Linux kernel where sched_yield may not yield in time-travel mode due to a poorly implemented userspace spinlock in ASAN. The fix adds accounting of time to the process on every sched_yield to ensure proper scheduling. Impact can be extreme slowdown or deadlock depending...
CVE-2025-37926
CVE-2025-37926 concerns the Linux kernel’s ksmbd component. A_use-after-free can occur due to a race between ksmbd_session_rpc_open() and __session_rpc_close(), potentially allowing exploitation when an attacker could trigger a session race. The fix adds a lock (rpc_lock) to the session to protec...
CVE-2025-37969
In CVE-2025-37969, the Linux kernel vulnerable component is the IIO IMU driver st_lsm6dsx (read_tagged_fifo). The issue allows a potential lockup when pattern_len is zero and the device FIFO is not empty, risking an infinite loop and elevated availability impact. The vulnerability has been fixed ...
CVE-2025-37973
CVE-2025-37973 affects the Linux kernel Wi-Fi stack, specifically the cfg80211 defragmentation logic for multi-link elements. The issue is a miscalculation during multi-link element defragmentation that adds the MLE length to the total IEs length, which can cause an out-of-bounds access if the ML...
CVE-2025-37983
CVE-2025-37983 is a Linux kernel issue where an inode allocation path could leak a dentry due to an OOM related leak in qibfs. The description confirms the vulnerability was resolved by a fix merged in the kernel ("qibfs: fix another leak"). Public connected sources (Azure Linux, Astra Linux, and...
CVE-2025-37991
CVE-2025-37991 describes a PA-RISC (parisc) Linux kernel issue where a SIGFPE exception can crash an application if a second SIGFPE is delivered in the signal handler. The root cause is traced to glibc using a double-word floating-point store to atomically update function descriptors, causing a t...