14031 matches found
CVE-2021-47445
CVE-2021-47445 : In the Linux kernel, the drm/msm driver has a fixed null dereference involving the pointer edp. The initialization path dereferenced edp before checking for null, causing a potential NULL pointer dereference. The update fixes the issue by dereferencing edp only after it has been ...
CVE-2021-47520
Summary (CVE-2021-47520): A Linux kernel issue in can: pch_can: pch_can_rx_normal leads to a use-after-free when dereferencing skb after netif_receive_skb(skb); the can_frame cf aliases skb memory and is dereferenced immediately after. The documented fix is a reordering of lines to prevent derefe...
CVE-2021-47541
CVE-2021-47541 targets the Linux kernel mlx4_en driver. In mlx4_en_try_alloc_resources(), mlx4_en_copy_priv() may free tmp->tx_cq on the error path, and later mlx4_en_alloc_resources() dereferences &tmp->tx_cq[t][i], risking a use-after-free. The fix adds a guard/check around mlx4_en_copy_p...
CVE-2021-47547
CVE-2021-47547 is a Linux kernel vulnerability in the tulip de4x5 driver. The fix prevents an out-of-bounds access of the array lp->phy[8] when the loop ends with k==8, which could occur if all ids in lp->phy[8] are non-zero. The connected Astra Linux bulletin mirrors this kernel issue and ...
CVE-2021-47555
The CVE-2021-47555 issue affects the Linux kernel VLAN real_dev handling. Injecting an error before dev_hold(real_dev) in register_vlan_dev() caused the real_dev refcount to underflow when the dummy netdevice was removed, triggering a refcount warning and an endless unregister_netdevice loop. The...
CVE-2021-47602
CVE-2021-47602 affects the Linux kernel mac80211 QoS admission-control path. The root cause was an uninitialized-value path triggered by non-QoS nullfunc packets, which could access the QoS header. The fix restricts all actions to QoS data packets, preventing misuse from non-QoS traffic. Remediat...
CVE-2021-47632
CVE-2021-47632 affects the Linux kernel on PowerPC where a spin_lock in change_page_attr() for set_memory caused spinlock recursion. The fix removes the read/modify/write sequence and the spin_lock(), and uses atomic handling of page-flag sets (_PAGE_KERNEL_RO/ROX/RW/RWX) by comparing flag sets t...
CVE-2022-3526
CVE-2022-3526 is a Linux kernel issue affecting the macvlan_handle_frame path in drivers/net/macvlan.c (skb). The connected OSV advisory (SUSE-SU-2022:4617-1) confirms a memory-leak vulnerability associated with CVE-2022-3526 and lists it among the fixed issues in kernel updates for SUSE Linux En...
CVE-2022-48656
CVE-2022-48656 relates to a refcount leak in Linux kernel dmaengine: ti: k3-udma-private (of_xudma_dev_get). The issue stems from a missing of_node_put() in the error/fail path, causing a reference leak. The fix moves of_node_put() before the check to ensure proper reference handling. Impact is m...
CVE-2022-48792
CVE-2022-48792 - Linux kernel (scsi: pm8001): A use-after-free can occur when a sas_task is aborted by the upper layer before I/O completion is handled in mpi_ssp_completion() or mpi_sata_completion(). The two steps (inform upper layer with complete() and release resources in pm8001_ccb_task_free...
CVE-2022-48858
CVE-2022-48858 - Linux kernel mlx5 race (net/mlx5): The vulnerability results from a race on command flush, causing a refcount use-after-free when a command is freed while another process may still access it. The root cause is improper synchronization around command entry refcount, leading to a p...
CVE-2022-48968
CVE-2022-48968: In the Linux kernel, octeontx2-pf had a memory leak in otx2_init_tc() where tc_entries_bitmap allocated by otx2_tc_alloc_ent_bitmap() was not freed on rhashtable_init() failure. This is a local-access vulnerability with a potential denial of service impact due to memory exhaustion...
CVE-2022-48979
Summary: CVE-2022-48979: in the Linux kernel, the DRM/AMD display DCN32 DML path had an array index out-of-bounds. Root cause: the LinkCapacitySupport array was indexed by the number of voltage states rather than the total number of voltage states (the max DPPs), causing an out-of-bounds access. ...
CVE-2022-49017
CVE-2022-49017 (Linux kernel) : A use-after-free in Tipc processing was mitigated by re-fetching the skb control block from the newly allocated skb after tipc_msg_validate(), preventing dereferencing a freed skb. The issue manifested as a KASAN use-after-free in tipc_crypto_rcv_complete and relat...
CVE-2022-49020
In CVE-2022-49020, the Linux kernel’s net/9p code has a socket leak: p9_fd_create_tcp() and p9_fd_create_unix() call p9_socket_open(), and if p9_trans_fd creation fails they return an error without releasing the socket. The root cause is failure to sock_release() the socket, which this patch fixe...
CVE-2022-49023
CVE-2022-49023 affects the Linux kernel wifi cfg80211 code; it is a buffer-overflow in vendor element handling where code assumed 5 octets without length validation. The fix involves checking the element length before processing. The vulnerability is described in Unity Linux UTSA advisories (kern...
CVE-2022-49032
CVE-2022-49032 is a Linux kernel vulnerability in the IIO health afe4404 driver where an oob read occurs in afe4404_read_raw/afe4404_write_raw due to inadequate bounds checks on channel arrays (afe4404_channel_leds and afe4404_channel_offdacs). The bug lets an out-of-bounds read of size 4 be trig...
CVE-2022-49185
The CVE-2022-49185 entry concerns a Linux kernel pinctrl nomadik issue where of_node_put() was missing in nmk_pinctrl_probe, risking a refcount leak. The fix adds a call to of_node_put() to balance the refcount returned by of_parse_phandle(), as described across connected advisories (Astra Linux,...
CVE-2022-49248
CVE-2022-49248 relates to the Linux kernel ALSA: firewire-lib, where the deferrable AV/C transaction flag could be left uninitialized for non-control/notify AV/C transactions. UBSAN reported an invalid-load in fcp.c when handling AV/C responses, with the status flag being read as a boolean. The i...
CVE-2022-49335
CVE-2022-49335 concerns the Linux kernel DRM/AMDGPU path. The issue arises when a compute submit command (cs) is sent with 0 chunks, which is illegal and leads to a kernel oops later, specifically a NULL pointer dereference in amdgpu_cs_ioctl. Affected evidence shows a crafted 0-chunk submission ...
CVE-2022-49346
CVE-2022-49346 is a Linux kernel vulnerability in the net: dsa: lantiq_gswip path. The issue is a refcount leak in gswip_gphy_fw_list caused by every iteration of for_each_available_child_of_node() decrementing the previously referenced node, and a missing explicit of_node_put() when breaking ear...
CVE-2022-49367
Summary (CVE-2022-49367) In the Linux kernel, the mv88e6xxx DSA MDIO registration path contains a refcount leak. The function of_get_child_by_name() returns a node pointer with an incremented refcount, but of_node_put() is not called when finished, leaking references. mv88e6xxx_mdio_register() fo...
CVE-2022-49411
The CVE-2022-49411 entry describes a Linux kernel BFQ IO scheduler issue where bios queued to a bfq_group tied to an offline cgroup could be inserted into the service tree and be freed when the last bio completes, causing a use-after-free. The documented fix is to always operate on an online bfq_...
CVE-2022-49712
CVE-2022-49712 : In the Linux kernel, the usb: gadget: lpc32xx_udc probe had a refcount leak due to an extra reference from of_parse_phandle(); the fix adds of_node_put() to release the node when not needed. This mitigates a refcount leak in the probe path. Connected advisories (SUSE/Nessus/OpenV...
CVE-2022-49720
The CVE-2022-49720 entry is valid and supported by multiple connected advisories. The vulnerability resides in the Linux kernel block layer, specifically in blk_mq_alloc_request_hctx, where offline-queue handling could trigger a UBSAN array-index-out-of-bounds condition (index 512 out of 512 elem...
CVE-2022-49722
CVE-2022-49722 concerns memory corruption in the Linux kernel’s ice VF (virtual function) driver. The issue occurs when a VF’s RX/TX queues are not correctly disabled after a reset, allowing DMA resources to remain unmapped while queues are active, which can lead the device to map packets to memo...
CVE-2022-49930
CVE-2022-49930 affects the Linux kernel in the RDMA/hns path (free_mr_init) where a race can cause a NULL pointer dereference when a lock is grabbed concurrently without proper initialization. The vulnerability leads to an in-kernel NULL dereference (call trace beginning at __mutex_lock.constprop...
CVE-2022-50035
CVE-2022-50035 affects the Linux kernel DRM AMDGPU path. The issue is a use-after-free in amdgpu_bo_list mutex handling caused by double-unlocking of bo_list_mutex when amdgpu_cs_vm_handling returns non-zero, which can lead to a refcount underflow (as shown in the trace). The vulnerability is dem...
CVE-2022-50200
The CVE-2022-50200 issue affects the Linux kernel and stems from missing boundary checks in the selinux put_entry() path. The vulnerability could allow memory out-of-bounds access (local attack) with high impact to confidentiality or availability as described in the advisory (vector: LOCAL, compl...
CVE-2022-50213
CVE-2022-50213 is a Linux kernel nf_tables/use-after-free vulnerability. When looking up NFT sets by ID within a batch, a set from a different table could be returned, and after the table was freed, a dangling reference could be exploited. The issue is in the cross-table handling of SET_ID and is...
CVE-2023-52503
CVE-2023-52503: Linux kernel vulnerability in amdtee_close_session allows a local race causing use-after-free in amdtee_open_session due to non-atomic session destruction. The fix makes the decrement of sess->refcount and removal of sess from the session list an atomic/critical section in dest...
CVE-2023-52732
The CVE-2023-52732 issue affects the Linux kernel’s handling of Ceph clients (ceph) where a corrupted snap trace on kclient triggers a protection path. The documented mitigation patches block all further IO/MDS requests and evict the kclient to prevent potential data corruption on the MDS side. C...
CVE-2023-52999
CVE-2023-52999 : In the Linux kernel, the UaF in netns ops registration error path is resolved by skipping the dereference of the gen pointer when net_assign_generic() fails, preventing a slab-out-of-bounds write. The change fixes ops_init/error path behavior after failure, addressing an out-of-b...
CVE-2023-53008
CVE-2023-53008 (Linux kernel): CIFS session setup fix to prevent memory leaks by freeing cifs_ses::auth_key.response before allocating it. This addresses potential memory leaks during reconnect or mounting. The advisory states the fix in the CIFS session setup path; no exploit specifics are provi...
CVE-2023-53072
CVE-2023-53072 (Linux kernel, MPTCP) : A use-after-free UaF at token lookup during MPTCP passive socket initialization was fixed by changing cleanup order to destroy unaccepted MPTCP sockets via a workqueue, ensuring the MPC subflow cleanup ends with the msk released. The fix reuses the MPTCP_WOR...
CVE-2023-53094
Summary of CVE-2023-53094 (Linux kernel) : A race in the fsl_lpuart RX DMA shutdown can lead to a NULL pointer dereference when a DMA completion occurs during shutdown. The issue arises in the path: lpuart32_shutdown -> lpuart_dma_shutdown -> del_timer_sync -> lpuart_dma_rx_complete ->...
CVE-2023-53098
CVE-2023-53098 summary (Linux kernel) : The vulnerability resides in the Media driver gpio-ir-recv under media: rc, where an added remove function plus runtime-pm cleanup is required. If runtime PM is enabled, systems must perform runtime PM cleanup to remove a cpu-latency QoS request; otherwise,...
CVE-2024-26792
CVE-2024-26792 : Linux kernel bug in btrfs snapshot creation can cause a double free of an anonymous device number. Root cause: during snapshot creation, anon_dev is allocated, later freed in nested calls, and if the transaction path fails, the same anon_dev may be freed again even if it has been...
CVE-2024-26833
CVE-2024-26833 : In the Linux kernel, the drm/amd/display memory-leak issue was caused by not freeing memory for dmub_srv after its destruction. The backtrace implicates dmub_sw_init and related AMDGPU initialization paths, with an unfreed object after dmub_srv destruction. The advisory’s fix is ...
CVE-2024-26860
CVE-2024-26860: In the Linux kernel, the dm‑integrity path leaked memory for the checksums pointer if the data was rechecked after a checksum failure (due to the goto skip_io path). The fix frees the checksums memory before rechecking and uses the checksum_onstack buffer for storing the checksum ...
CVE-2024-26909
CVE-2024-26909 concerns the Linux kernel. A DRM bridge use-after-free in the qcom pmic_glink_altmode path could occur if the dp-hpd bridge is registered before resources are fully acquired, leading to a freed bridge being referenced during display init (possibly causing NULL dereference or attach...
CVE-2024-35871
CVE-2024-35871 concerns a kernel-level issue in riscv process handling that leaks the kernel global pointer (gp) via user-space observables. The vulnerability stems from how childregs (the user-context registers during syscall) can expose kernel gp in several ways (e.g., after execve, via ptrace,...
CVE-2024-36032
CVE-2024-36032 relates to the Linux kernel Bluetooth QCA driver: a fix for an info leak when fetching the fw build ID. The patch adds missing sanity checks and moves the 255-byte build-id buffer off the stack to prevent leaking stack data through debugfs if the build-info reply is malformed. Astr...
CVE-2024-36916
The CVE-2024-36916 issue is in Linux kernel’s blk-iocost code where iocg->delay can be shifted right by too large a value, triggering UBSAN shift-out-of-bounds: shift exponent 64 is too large for 64-bit u64. Exploitation details are not provided in the documents. The remediation described in t...
CVE-2024-36951
Mode C: CVE-2024-36951 affects the Linux kernel via the DRM/AMDKFD path. The root cause is a CP interrupt bug that can raise bad packet garbage exception codes; the fix performs a range check to ensure the debugger and runtime do not receive garbage codes. The update also guards exception code ty...
CVE-2024-38593
CVE-2024-38593 affects the Linux kernel’s net: micrel: lan8841 timestamp handling. Description: the issue occurred when a port was brought up and then down, because the code started using the ptp workqueue to fetch the second timestamp part. If NETWORK_PHY_TIMESTAMPING is disabled, the ptp_clock ...
CVE-2024-38610
The CVE-2024-38610 entry concerns a Linux kernel issue in the acrn_vm_ram_map() path of the ACRN driver. The root cause is flawed follow_pte() usage that can access PFNs incorrectly: (1) it did not verify PTE write permissions (now checked against ACRN_MEM_ACCESS_WRITE); (2) it did not reject ref...
CVE-2024-38628
CVE-2024-38628 affects the Linux kernel usb gadget: u_audio component. A race condition use-after-free occurs with controls during gadget unbind. The fix keeps control IDs (not pointers) and uses proper locking to avoid use-after-free when unbinding gadget. Connected MSRC entry confirms the issue...
CVE-2024-38663
CVE-2024-38663 (Linux kernel) affects the blk-cgroup iostat/stat reset path. After commit 3b8cc6298724, each iostat instance is added to the blkcg per-CPU list, so blkcg_reset_stats() can’t reset the stat instance by memset(), risking list corruption. The fix is to reset only the counter portion,...
CVE-2024-39493
The CVE CVE-2024-39493 concerns a Linux kernel crypto/qat issue (ADF_DEV_RESET_SYNC memory leak) resolved by changing the caller behavior to cancel_work_sync and then freeing the memory safely. This addresses a potential use-after-free scenario where the caller may not have waited for completion,...