14031 matches found
CVE-2021-47410
CVE-2021-47410 concerns the Linux kernel where the AMDGPU/KFD stack emitted a warning trace due to the function svm_migrate_fini releasing device resources via devm_memunmap_pages and devm_release_mem_region after a patch that split amdgpu_device_fini into early/late phases. The root cause is the...
CVE-2022-49648
CVE-2022-49648 – Linux kernel tracing/histograms memory leak fix . The provided documents confirm a memory-leak regression in the tracing/histograms area that occurred after a double-free fix, and that the issue was resolved by reverting the commit described as fixing double free. The description...
CVE-2021-47518
CVE-2021-47518 summary (Linux kernel) : A NULL pointer dereference in the NFC (nfc) subsystem was fixed. The netlink callback nfc_genl_dump_ses_done() did not verify that its received argument is non-NULL, risking dereference if allocation failed earlier in dumpit() (nfc_genl_dump_ses()). A patch...
CVE-2021-47600
The CVE-2021-47600 entry concerns a Linux kernel vulnerability in the dm btree code where a use-after-free occurs during rebalance_children. The root cause is described as a use-after-free in the btree remove path, with the fix specified as moving dm_tm_unlock() after dm_tm_dec(). The vulnerabili...
CVE-2021-47614
CVE-2021-47614 affects the Linux kernel RDMA/irdma subsystem. The issue is a use-after-free in add_pble_prm where the ‘chunk’ was freed while it remained on the PBLE info list if irdma_hmc_sd_one failed. The fix defers adding the PBLE entry until after successful SD setting in irdma_hmc_sd_one, p...
CVE-2021-47622
CVE-2021-47622 affects the Linux kernel SCSI/UFS path. The issue is a deadlock in the error handling flow when all tags are allocated: the SCSI error path triggers ufshcd_eh_host_reset_handler(), which queues work that calls ufshcd_err_handler(), leading to a lockup in the workqueue (ufs_eh_wq_0)...
CVE-2021-47634
CVE-2021-47634 affects the Linux kernel ubi subsystem where a race condition can occur between ctrl_cdev_ioctl and ubi_cdev_ioctl, leading to a use-after-free reported by KASAN. The issue arises because device creation is made available before it’s safely accessible via sysfs, allowing concurrent...
CVE-2021-47648
CVE-2021-47648 is a Linux kernel issue where a memory leak could occur in the gpu: host1x path, specifically in host1x_remove(). The fix adds a missing host1x_channel_list_free() call in the remove path (consistent with error path handling in probe). Connected advisories confirm this memory-leak ...
CVE-2021-47652
The CVE-2021-47652 issue affects the Linux kernel driver path video: fbdev: smscufx (ufx_usb_probe). The root cause was a null pointer dereference when fb_alloc_cmap() fails in the probe path because modelist was not initialized yet; the error handling path called fb_destroy_modelist() leading to...
CVE-2022-48790
CVE-2022-48790 concerns a use-after-free in the Linux kernel nvme controller reset path during load, caused by a race in AER submission where drivers may not check ctrl readiness before processing an AEN. The issue can occur when teardown of admin queue and AEN handling overlap, leading to a free...
CVE-2022-48791
The CVE-2022-48791 issue in the Linux kernel relates to scsi: pm8001 use-after-free for aborted TMF sas_task. The problem occurs when a TMF sas_task is aborted due to a timeout and the task is freed in pm8001_exec_internal_tmf_task() while IO completion occurs later. The IO completion may still t...
CVE-2022-48863
The CVE-2022-48863 entry describes a Linux kernel vulnerability in mISDN: dsp_pipeline_build() leaks memory due to dup pointer handling. Specifically, dsp_pipeline_build() allocates dup with kstrdup(cfg) and then updates dup via strsep(&dup, "|"), leaving dup as NULL when kfree(dup) is called. Th...
CVE-2022-48904
CVE-2022-48904 (Linux kernel, IOMMU/AMD) : Fix for an I/O page table memory leak in the IOMMU when launching VMs with PCIe pass-through. Root cause: memory is freed after updating the I/O page table mode, causing leakage. Resolution: free the page-table memory before updating the mode. CVSSv3.1 b...
CVE-2022-48954
CVE-2022-48954 refers to a use-after-free in s390/qeth HSci path, where KASAN observed dereference of a freed br2dev_event_work object in qeth_l2_br2dev_worker. Multiple vendor advisories (SUSE SUSE-SU-2024:4131-1, SUSE-SU-2024:4364-1 and OSV entries) summarize the issue and list the affected com...
CVE-2022-48995
Mode C: Concrete details found. Affected component: Linux kernel module raydium_ts_i2c (raydium_i2c_ts) using sunray/raydium_i2c_send().Root cause: memory leak during i2c bank switching; tx_buf is not freed after BANK_SWITCH on i2c BUS operations, creating kmemleak objects in test with a bpf mock...
CVE-2022-48999
CVE-2022-48999 concerns a Linux kernel issue in IPv4 multipath route deletion. The root cause is a slab-out-of-bounds read in fib_nh_match when deleting a route where fib_info references a nexthop while separate nexthop objects conflict with the legacy multipath spec. The workaround/fix implement...
CVE-2022-49007
CVE-2022-49007 affects the Linux kernel/NILFS2. A NULL pointer dereference in nilfs_palloc_commit_free_entry() could occur during DAT metadata handling when a lower-level DAT block’s entry is clobbered during commit, leading to a crash. The fix adds NULL checks in nilfs_dat_commit_free() for req-...
CVE-2022-49016
CVE-2022-49016 is a Linux kernel issue in the net:mdiobus subsystem. The vulnerability arises from an unbalanced reference count: non-ACPI paths call fwnode_handle_put() in phy_device_release(), while ACPI paths call fwnode_handle_get() before phy_device_register() to balance gets/puts; this prev...
CVE-2022-49137
CVE-2022-49137 concerns a refcount leak in the Linux kernel’s amdgpu_cs_fence_to_handle_ioctl() path. When info->in.what hits the default case, the function returns -EINVAL without decrementing the previously bumped dma_fence refcount, causing leaks. The issue arises from a missing refcount de...
CVE-2022-49212
Vulnerability (CVE-2022-49212) in the Linux kernel affects the MTD/Rawnand Atmel NAND driver. A refcounting bug on a refcounted object nc->dmac can miss a balance in several error paths after dma_request_channel(), potentially leaking a reference. The issue is fixed by decrementing the refcoun...
CVE-2022-49312
CVE-2022-49312 (Linux kernel) : The vulnerability concerns a potential memory leak in the rtl8712 staging path. In r871xu_drv_init(), if r8712_init_drv_sw() fails, memory allocated by r8712_alloc_io_queue() in r8712_usb_dvobj_init() is not released because there is no action in r8712_usb_dvobj_de...
CVE-2022-49327
The CVE-2022-49327 issue affects the Linux kernel and is described in multiple advisories (e.g., Unity Linux and SUSE/SUSE-SU family) as a fix for bcached journal no-space deadlock. The vulnerability arises when journal replay during cache set registration can stall if journal buckets are exhaust...
CVE-2022-49410
CVE-2022-49410: Linux kernel tracing double free in create_var_ref fixed by making init_var_ref() store NULL when freeing fields; affected components include the variable ref_field initialization path (create_hist_field -> init_var_ref -> destroy_hist_field). Remediation is to apply the ker...
CVE-2022-49445
CVE-2022-49445 is described in the initial document as a Linux kernel vulnerability where pinctrl: renesas: core could dereference a NULL pointer in sh_pfc_map_resources() if platform_get_resource() returns NULL. The fix moves using the resource after devm_ioremap_resource() (which checks NULL) a...
CVE-2022-49468
Summary (CVE-2022-49468) : In the Linux kernel, a memory leak was fixed in thermal/core due to __thermal_cooling_device_register() allocating memory for sysfs trailing paths. The unreferenced object trace and backtrace show allocation in thermal_cooling_device_setup_sysfs() that is not freed unle...
CVE-2022-49476
CVE-2022-49476 concerns the Linux kernel issue where mt76/mt7921 kept calling mt7921_irq_handler during devm_free_irq, risking a NULL pointer dereference in mt7921_pci_remove. The provided logs show a kernel crash (NULL pointer dereference) during device removal. The associated fix postpones free...
CVE-2022-49482
In the Linux kernel, CVE-2022-49482 concerns the ASoC: mxs-saif driver. The root cause is a refcount leak where of_parse_phandle() returns a node pointer with an incremented refcount that is not released unless a corresponding of_node_put() is invoked when done. The documented fix is to call of_n...
CVE-2022-49486
CVE-2022-49486 relates to the Linux kernel ASoC driver for i.MX SGTL5000. The vulnerability is a refcount leak in imx_sgtl5000_probe caused by improper handling of a reference taken by of_find_i2c_device_by_node(); in error paths the driver should call put_device() to drop the reference. A resolv...
CVE-2022-49503
CVE-2022-49503 is a Linux kernel issue in ath9k_htc where rxstatus->rs_keyix can escape bounds when it is passed to test_bit(), risking out-of-bounds access in the bitmap. The condition is triggered in drivers/net/wireless/ath/ath9k/common.c:46 within ath9k_cmn_rx_accept(). The vulnerability s...
CVE-2022-49523
CVE-2022-49523 affects the Linux kernel component ath11k, specifically the spectral scan path during spectral_deinit. The issue arises when ath11k modules are removed (rmmod) with spectral scan enabled, which can trigger a crash (kernel NULL pointer dereference) as shown by the provided call trac...
CVE-2022-49568
CVE-2022-49568 affects the Linux kernel KVM code path, where a NULL dereference can occur during cleanup if destroy() is assumed non-NULL but is not (notably for some Book3s KVM devices that use release() instead). The root cause is an assumption in kvm_ioctl_create_device() that destroy() is alw...
CVE-2022-49607
CVE-2022-49607 concerns a data race in the Linux kernel between perf_event_set_output() and perf_mmap_close() in the perf/core subsystem. The root cause is a race where perf_mmap_close() holds e2->mmap_mutex while perf_event_set_output() holds e1->mmap_mutex, allowing no serialization and p...
CVE-2022-49622
CVE-2022-49622 (Linux kernel) describes a use-after-free risk in nf_tables when verdict is NF_STOLEN in netfilter, where skb freeing may have occurred. The fix prevents illegal skb access by: (1) caching skb->nf_trace in the trace state and refreshing it when verdict != STOLEN; (2) skipping sk...
CVE-2022-49674
The CVE-2022-49674 issue is a Linux kernel vulnerability in dm-raid where an array (rs->devs) could be accessed beyond its end when the raid_disks-derived count differed from metadata-driven counts during RAID layout changes. The root cause is using rs->raid_disks for iteration instead of t...
CVE-2022-49693
CVE-2022-49693 : In the Linux kernel, there is a refcount leak in the drm/msm/mdp4 path during mdp4_modeset_init_intf caused by not releasing the remote device node pointer obtained from of_graph_get_remote_node(). The pointer’s refcount is incremented but not decremented with of_node_put() when ...
CVE-2022-49940
CVE-2022-49940 concerns the Linux kernel tty/n_gsm subsystem. The vulnerability arises when gsmld_receive_buf() may call gsm->receive() even if gsm->receive is not initialized, leading to a NULL pointer dereference. The fix adds a sanity check to avoid invoking gsm->receive() if the func...
CVE-2022-49983
The issue CVE-2022-49983 affects the Linux kernel udmabuf driver. If the udmabuf DMA mask is not set explicitly, userspace DMA-BUF access via the CPU can trigger a warning in dma_map_sg_attrs (kernel/dma/mapping.c) during dma-buf CPU access flows (as shown in the stack trace). The vulnerability i...
CVE-2022-49995
The connected sources confirm CVE-2022-49995 is a Linux kernel use-after-free in writeback code when removing a disk. Specifically, wb_inode_writeback_end() could schedule work to access a freed bdi_writeback; the fix switches wb->work_lock to an irqsafe lock and checks that bdi_writeback is a...
CVE-2022-50044
CVE-2022-50044 stems from a race in the Linux kernel’s net: qrtr MHI channel handling. After enabling, an MHI event/interrupt can occur either before dev_set_drvdata is completed (causing qrtr-ns to fail service enumeration) or after dev_set_drvdata but before qrtr_endpoint_register (potential ke...
CVE-2023-22996
CVE-2023-22996 affects the Linux kernel prior to 5.17.2. In drivers/soc/qcom/qcom_aoss.c, an of_find_device_by_node reference is not released after use (e.g., via put_device), which can lead to a lingering reference. The practical impact and exploitability are not described in the provided docume...
CVE-2023-52858
CVE-2023-52858 (Linux kernel) : A NULL pointer dereference in Mediatek clock handling was fixed by adding a check for the return value of mtk_alloc_clk_data() in clk-mt7629. The patch prevents NULL dereference when allocating clock data, addressing a local dereference vulnerability in the Mediate...
CVE-2024-26699
CVE-2024-26699 concerns the Linux kernel’s drm/amd/display code, specifically a fix for an array-index-out-of-bounds in dcn35_clkmgr. The root cause is a memory access violation when iterating through the dcn35 clocks array. The documented mitigation is to limit iteration to the array size. Concr...
CVE-2024-26705
The CVE-2024-26705 issue affects the Linux kernel parisc BTLB path during CPU bringup with hotplug for 32-bit CPUs. The crash occurred when querying BTLB information from firmware to set up static TLB entries, because the static btlb_info struct required write access but was marked __ro_after_ini...
CVE-2024-26832
CVE-2024-26832 affects the Linux kernel mm: zswap writeback path. The fix unlocks and releases the folio obtained from __read_swap_cache_async() before returning, preventing a potential folio from being stranded. Connected advisories confirm a patch in kernel releases (e.g., Linux kernel 6.1.82 i...
CVE-2024-26854
The CVE-2024-26854 entry concerns the Linux kernel ice driver: the pf->dplls.lock mutex was initialized too late and is now moved to the top of ice_dpll_init to fix a use-before-initialization issue. The change also notes that err_exit path destroys the mutex and that ice_dpll_deinit destroys ...
CVE-2024-27408
CVE-2024-27408 affects the Linux kernel’s dmaengine dw-edma (eDMA) in remote setup. The vulnerability arises from a race where the Linked List element/pointer and the eDMA register are not stored in the same memory; if the doorbell is toggled before the full write of the linked list, a race condi...
CVE-2024-35804
CVE-2024-35804 affects the Linux kernel KVM/x86 emulation: when CMPXCHG is attempted during a guest emulated atomic access, the target guest frame number (gfn) is marked dirty to prevent guest-memory corruption during live migration. A prior drop in dirty logging happened when the emulated CMPXCH...
CVE-2024-35860
CVE-2024-35860 affects the Linux kernel. The issue is a runtime dependency in bpf_link where, after the link’s refcnt hits zero, active BPF programs may still access link data. The patch adds two deallocation callbacks (synchronous and deferred) and makes bpf_link_free() schedule deallocation aft...
CVE-2024-36911
CVE-2024-36911 affects the Linux kernel hv_netvsc driver used in CoCo VMs. The vulnerability stems from the netvsc path freeing decrypted memory when set_memory_decrypted() fails, potentially causing decrypted/shared pages to be returned to the page allocator. The underlying issue is that the cal...
CVE-2024-36948
CVE-2024-36948 : In the Linux kernel, the drm/xe/xe_migrate code path cast to output precision before multiplying operands, addressing overflow when multiplying two 32-bit values before widening to 64-bit. Root cause: overflow in the result of multiplying two lower-precision (u32) operands prior ...