14031 matches found
CVE-2022-49216
In CVE-2022-49216, the Linux kernel drift/tegra code suffered a reference leak in tegra_dsi_ganged_probe caused by a reference from of_find_device_by_node() not being released. The fix adds a put_device() to release the reference when it is no longer needed. Affected component: drm/tegra within L...
CVE-2022-49311
CVE-2022-49311 concerns a deadlock in the Linux kernel driver rtl8192bs (rtw_joinbss_event_prehandle) where a timer deletion under a spin_lock_bh caused a timer handler to wait on the same lock. The issue manifested as two threads blocking each other, risking an infinite hang. The documented fix ...
CVE-2022-49501
CVE-2022-49501 concerns the Linux kernel USB Ethernet (usbnet) path. The root cause is a use-after-free risk during disconnect caused by non-mirroring binding/unbinding order: usbnet_probe() binds then register_netdev(), whereas disconnect() previously unregisters before unbind(), leading to PHY ...
CVE-2022-49729
CVE-2022-49729 affects the Linux kernel’s nfcmrvl NFC driver. The issue is a memory leak in nfcmrvl_play_deferred caused by submitting deferred URBs directly via usb_submit_urb and then unanchoring them, which could prevent proper unref and leak memory. The fix, as described in connected advisori...
CVE-2022-49882
CVE-2022-49882 concerns the Linux kernel KVM gfn_to_pfn_cache handling. The issue arises when the cache is inactive but refreshed without verifying the active flag, potentially leaving a valid but inactive cache and enabling use-after-free scenarios (e.g., dereferencing NULL kernel pointers or mi...
CVE-2022-49990
CVE-2022-49990 affects the Linux kernel (s390) where guarded storage and runtime instrumentation control blocks stored in thread_struct are copied during fork via arch_dup_task_struct() and then cleared in copy_thread(). If fork() fails after the initial task dup and before copy_thread(), free_ta...
CVE-2022-50151
CVE-2022-50151 concerns a Linux kernel issue in usb: cdns3 where a kmalloc call uses GFP_DMA32 flags when allocating a page for a DMA pool, triggering a warning like “Unexpected gfp: GFP_DMA32” and a corrective log. The root cause is the mixing of GFP_DMA32 with dma_pool_alloc/dma_alloc_coherent ...
CVE-2023-1032
The CVE-2023-1032 issue is a Linux kernel IO_URING IORING_OP_SOCKET double-free in __sys_socket_file() within net/socket.c. It was introduced by commit da214a475f8bd1d3e9e7a19ddfeb4d1617551bab and fixed by commit 649c15c7691e9b13cbe9bf6c65c365350e056067. The connected document set provides concre...
CVE-2023-52500
CVE-2023-52500 concerns the Linux kernel’s SCSI pm80xx driver. The issue was an information leakage risk where tags allocated for the OPC_INB_SET_CONTROLLER_CONFIG command were not freed when the response was processed, potentially exposing tag-related data. The connected advisories (e.g., Tencen...
CVE-2024-26632
CVE-2024-26632 involves a Linux kernel issue in iterating over an empty bio. The root cause was that bio_first_folio() could call page_folio() on a NULL pointer when a bio contained no data, leading to an oops. The fix relocates the end-of-bio test from bio_next_folio() to bio_first_folio(), and ...
CVE-2024-26869
CVE-2024-26869 affects the Linux kernel F2FS filesystem. The issue is a race during GC when truncating meta inode pages, where invalidate_mapping_pages() may fail to drop a page due to unclear status (locked, dirty, writeback), risking data corruption. The documented fix is to use truncate_inode_...
CVE-2024-35970
The CVE-2024-35970 issue affects the Linux kernel AF_UNIX socket path. The root cause is improper handling of OOB data: when an OOB skb is dequeued, unix_sock(sk)->oob_skb is not cleared, causing incorrect uAPI state and potential deadlocks. Repro shows a socketpair exchange where MSG_OOB is u...
CVE-2024-35977
CVE-2024-35977 : In the Linux kernel, a race in cros_ec_uart caused a NULL pointer dereference in serdev handling when devm_serdev_device_open() was called before serdev->ops were set. The crash path involves the code path that dereferences serdev->ops->receive_buf if serdev is present b...
CVE-2024-38594
CVE-2024-38594 concerns the Linux kernel net: stmmac subsystem where the EST lock was moved from the EST structure into struct stmmac_priv to avoid reinitializing the mutex when reinitializing the EST. The underlying issue was that reinitializing the EST could reset the embedded mutex lock, trigg...
CVE-2024-40999
CVE-2024-40999 affects the Linux kernel ENA driver. The vulnerability stems from insufficient validation of completion descriptors in multi-buffer packets: the "first" flag must only appear on the first descriptor. An invalid descriptor can trigger a reset, and a new RX data corruption reset reas...
CVE-2024-42065
CVE-2024-42065 relates to the Linux kernel DRM/XE path. A NULL pointer dereference vulnerability in xe_ttm_stolen_mgr_init was fixed by adding an explicit NULL check to ensure the mgr is not NULL before use. The patch updates the function to validate the mgr reference and prevents dereferencing a...
CVE-2024-42135
CVE-2024-42135 concerns the Linux kernel vhost_task handling of SIGKILL. The connected sources confirm a concrete fix: when a SIGKILL is issued, the kernel now (1) marks the worker as killed to prevent new virtqueue usage and new flush operations, (2) fixes the virtqueue-to-worker mapping to stop...
CVE-2024-44956
CVE-2024-44956 — Linux kernel (drm/xe/preempt_fence): The vulnerability relates to enlarging the fence critical section to cover the entire preempt_fence_work_func callback. This change aims to improve lockdep understanding when signaling fences, potentially avoiding races with vm->lock. The i...
CVE-2024-44966
CVE-2024-44966 is a Linux kernel vulnerability involving the binfmt_flat helper. A RISC-V specific FLAT format variant reserved no space for the obsolete shared library pointer array, but initialization code was not disabled, causing corruption of sizeof(long) bytes before the DATA segment (end o...
CVE-2024-46672
The CVE-2024-46672 issue affects the Linux kernel component related to wifi/brcmfmac and cfg80211_pmksa handling. Exploitation involves SSID-based PMKSA deletion; vulnerable code dereferences NULL bssid/pmkid pointers when processing PMKSA updates and PMKID_V3 operations that include SSID updates...
CVE-2024-46697
CVE-2024-46697 is a Linux kernel issue in nfsd where nfsd4_fattr_args.context could contain uninitialized data if control flow used a goto out before the security label check. The fix initializes context early to prevent freeing junk on the stack when nfsd4_encode_fattr4 takes that path. Connecte...
CVE-2024-46706
The connected documents provide concrete details for CVE-2024-46706 in the Linux kernel: the issue lies in the fsl_lpuart driver where, during uart_add_one_port, a child serial_ctrl is probed with PM runtime enabled, causing a runtime suspend race that can hang early console output when boot argu...
CVE-2024-46796
CVE-2024-46796 (Linux kernel CIFS SMB2 client) : The vulnerability is due to a double put of @cfile in smb2_set_path_size() when smb2_compound_op() returns -EINVAL, causing a use-after-free in a Kasan trace during CIFS detach. The fix calls cifs_get_writable_path() before retrying, preventing the...
CVE-2024-46824
Summary (CVE-2024-46824) The connected MiracleLinux/MiracleLinux AXSA advisory AXSA:2024-9508:43 for MiracleLinux 9 ( kernel 5.14.0-503.14.1.el9_5 ) explicitly lists CVE-2024-46824 among the vulnerabilities. The advisory notes that the issue affects iommufd: drivers must supply the cache_invalida...
CVE-2024-50071
CVE-2024-50071 details (Linux kernel): The pinctrl nuvoton driver for MA35 pinsctrl contains a double-free bug in ma35_pinctrl_dt_node_to_map_func(). The issue arises because a buffer ('new_map') allocated with devm_kcalloc() is freed twice: once by the device framework on removal and again by pi...
CVE-2024-50114
CVE-2024-50114 affects Linux kernel KVM on arm64. The flaw originates in the vCPU teardown path when a failed vCPU creation leads to an MMIO redistributor being unregistered, triggering a use-after-free in kvm_put_kvm during VM teardown. The root cause is improper teardown ordering that could all...
CVE-2024-50284
CVE-2024-50284 is a Linux kernel issue affecting ksmbd where missing xa_store error checking could fail the XArray storage, potentially enabling privilege/escalation in affected kernel code paths. The root cause is improper handling of xa_store() returning xa_err(-EINVAL) or xa_err(-ENOMEM). Publ...
CVE-2024-58018
The CVE-2024-58018 issue affects the Linux kernel’s GSP command queue path within the Nouveau nvkm/GSP code. The root cause is in r535_gsp_cmdq_push/r535_gsp_msgq_wait logic: when handling large RPCs, the code treats the available pages as (write pointer, buf_size) and exits the wait prematurely,...
CVE-2025-21783
CVE-2025-21783 affects the Linux kernel gpiolib: gpiochip_get_ngpios() uses chip_() macros that assume gpiodev is initialised. When called via bgpio_init(), these macros can crash with a NULL pointer dereference. The fix replaces chip_ () with the corresponding dev_() macros to prevent the crash....
CVE-2025-21915
In the Linux kernel, a potential use-after-free (UAF) race was fixed in cdx: driver_override_show() within drivers/cdx/cdx.c. The show() function is part of a DEVICE_ATTR_RW that also uses driver_override_store() to update the value. Because show() and store() can run concurrently in sysfs, drive...
CVE-2025-22023
CVE-2025-22023 concerns the Linux kernel USB xHCI driver. The issue arises from not skipping missed isochronous TDs when handling Stopped/Stopped-Length-Invalid events, causing the ring to potentially stall and the affected TDs to be cancelled incorrectly. A patch (commit d56b0b2ab142) introduced...
CVE-2025-22047
CVE-2025-22047 affects the Linux kernel in the x86 AMD microcode path. The issue arises when verify_sha256_digest() fails and __apply_microcode_amd() does not propagate the failure properly, effectively returning a value that could be interpreted as success due to an incorrect -1 promotion. The f...
CVE-2025-37923
CVE-2025-37923 affects the Linux kernel tracing path. The bug is a slab-out-of-bounds write in trace_seq_to_buffer() that can copy more data than PAGE_SIZE when used by tracing_splice_read_pipe, leading to a local, high-severity impact. The root cause is an out-of-bounds copy in trace_seq_to_buff...
CVE-2025-37931
CVE-2025-37931 affects the Linux kernel with a Btrfs bitmap addressing flaw that can cause metadata/write-out corruption in certain configurations. The root cause: when writing a dirty subpage EB, the bitmap is indexed by sectors instead of nodes, so for 64k pagesize, 16k nodesize, and 4k sectors...
CVE-2025-37936
CVE-2025-37936 : In the Linux kernel, a KVM/PEBS issue causes guests to have PEBS enabled when the guest does not request it. Root cause: when generating MSR_IA32_PEBS_ENABLE for VM-Entry, the value was only masked against host settings, failing to distinguish guest-owned vs host-owned events, so...
CVE-2025-37979
CVE-2025-37979 affects the Linux kernel ASoC: qcom sc7280 LPASS driver. A commit introduces case values in the sc7280 lpass driver (e.g., RX_CODEC_DMA_RX_0 in sc7280_snd_hw_params) that can trigger out-of-bounds accesses in driver data arrays. The issue is mitigated by redefining LPASS_MAX_PORTS ...
CVE-2025-37984
The CVE-2025-37984 entry documents a Linux kernel fix for an integer overflow in DIV_ROUND_UP() within ECDSA paths. The root cause is that DIV_ROUND_UP() could overflow when a crypto ->key_size() callback returns an unusually large value. The proposed mitigation introduces a generic DIV_ROUND_...
CVE-2025-37987
The CVE-2025-37987 entry refers to a Linux kernel vulnerability in pds_core: adminq overflow/stuck condition. The issue arises because the FW-backed adminq queue can become blocked when multiple adminq commands are posted, as completions occur in a different context. The advisory states the fix r...
CVE-2025-38129
CVE-2025-38129 details a Linux kernel use-after-free in page_pool_recycle_in_ring, linked to page_pool's per-CPU recycle mechanism. The root cause is that a page may be freed while the page pool’s ring is still being recycled, resulting in a potential use-after-free when the producer_lock is not ...
CVE-2006-0039
CVE-2006-0039 is a race condition in the Linux kernel 2.6.16 netfilter do_add_counters that can allow a local user with CAP_NET_ADMIN to trigger a buffer over-read in IPT_ENTRY_ITERATE, enabling read of kernel memory. Public advisories (Ubuntu USN-311-1, Red Hat RHSA-2006:0689, Debian DSA-1097/11...
CVE-2006-2935
CVE-2006-2935 affects the Linux kernel starting with 2.2.16 and later, where the dvd_read_bca function in the DVD handling code (drivers/cdrom/cdrom.c) assigns the wrong value to a length variable, enabling a local user to trigger a buffer overflow via a crafted USB Storage device and execute arb...
CVE-2008-5134
CVE-2008-5134 involves a buffer overflow in the libertas wireless driver (lbs_process_bss in drivers/net/wireless/libertas/scan.c) in the Linux kernel up to versions before 2.6.27.5. The vulnerability can be triggered by an invalid beacon or probe response from a remote wireless network, with an ...
CVE-2010-2537
CVE-2010-2537 affects the Linux kernel’s btrfs_ioctl_clone path: the btrfs_ioctl_clone function in fs/btrfs/ioctl.c before 2.6.35 allows a local attacker to overwrite an append‑only file when using BTRFS_IOC_CLONE or BTRFS_IOC_CLONE_RANGE with a donor file. Impact is local privilege/unauthorized ...
CVE-2010-3297
CVE-2010-3297 affects the Linux kernel net/eql driver; the eql_g_master_cfg function in drivers/net/eql.c did not initialize a structure member, enabling local users to read kernel stack memory via an EQL_GETMASTRCFG ioctl. Affects kernels before 2.6.36-rc5; corrected in subsequent patches (net/e...
CVE-2010-5332
CVE-2010-5332 affects the Linux kernel before 2.6.37, where an out-of-bounds array access can occur in drivers/net/mlx4/port.c. During searches for a free entry in mlx4_register_vlan() or mlx4_register_mac(), if no free entry exists, the loop may terminate without updating the local variable free...
CVE-2011-1016
CVE-2011-1016 concerns the Linux kernel Radeon GPU drivers and their DRM subsystem. The affected component is the Radeon GPU driver (radeon/kms) in kernels before 2.6.38-rc5, where data related to the AA resolve registers was not properly validated. This could allow a local user to write to arbit...
CVE-2011-1598
CVE-2011-1598 affects the Linux kernel’s CAN subsystem: the bcm_release function in net/can/bcm.c does not validate a socket data structure, enabling a local user to trigger a NULL pointer dereference and cause a denial of service. The affected version range is kernel 2.6.39-rc6 and earlier. Reso...
CVE-2012-1583
CVE-2012-1583 : Affected software is the Linux kernel (net/ipv6/xfrm6_tunnel.c) with the xfrm6_tunnel module enabled. The issue is a double free in xfrm6_tunnel_rcv, allowing remote attackers to cause a denial of service (panic) via crafted IPv6 packets on kernels before 2.6.22. This vulnerabilit...
CVE-2012-2390
CVE-2012-2390 concerns a memory leak in mm/hugetlb.c of the Linux kernel up to version 3.4.2. The issue allows local users to trigger memory exhaustion or a system crash via invalid MAP_HUGETLB mmap operations. The connected Nessus advisories (UNITY_LINUX_UTSA and MIRACLE_LINUX AXSA entries) reit...
CVE-2012-3552
The CVE-2012-3552 issue is a race condition in the Linux kernel IP implementation that exists in versions before 3.0. According to the connected documents, remote attackers could trigger a denial of service (slab corruption and system crash) by sending packets to an application that sets socket o...