CVE-2022-49472

CVE-2022-49472 affects the Linux kernel PHY Micrel driver: if a .probe is present and .driver_data is missing, a NULL pointer dereference can occur. The fix adds NULL checks for priv->type to allow probing without .driver_data. Connected advisories (Astra/Unity Linux) reference Linux kernel ve...

CVE-2022-49481

The CVE-2022-49481 entry details a Linux kernel regulator issue: pfuze100 refcount leak in pfuze_parse_regulators_dt caused by of_node_get() returning a node with an incremented refcount. The fix adds a drop of the reference via of_node_put() when the node is no longer needed. There is no public ...

CVE-2022-49489

CVE-2022-49489 details (NORMAL mode) Affects the Linux kernel component: drm/msm/disp/dpu1. The issue arises from set vbif hw config to NULL to avoid use-after-free during PM runtime resume in the DPU, leading to an Unable to handle kernel paging request crash (illustrated by the call trace inclu...

CVE-2022-49514

Concrete details available: CVE-2022-49514 concerns the Linux kernel ASoC Mediatek driver, specifically a fix in the mt8173_max98090_dev_probe error path. The root issue was a refcount leak in the error path, and the remediation is to call of_node_put(platform_node) to avoid the leak. Connected a...

CVE-2022-49526

CVE-2022-49526 - Linux kernel md/bitmap issue : In clustered MD (md-cluster) setups, the code path md_bitmap_read_sb can permit a faulty bitmap to pass sanity checks, allowing the chunksize to be assigned even when the bitmap data is invalid. This leads to a division error (DIV_ROUND_UP_SECTOR_T)...

CVE-2022-49527

In CVE-2022-49527, the Linux kernel media/venus/hfi path was fixed to avoid a null-dereference during deinitialization. If venus_probe fails at pm_runtime_put_sync, the error path previously called hfi_destroy (which sets core->ops to NULL) and then attempted hfi_core_deinit, which would deref...

CVE-2022-49544

CVE-2022-49544 affects the Linux kernel IPW2X00 stack. The issue is a potential NULL dereference in libipw_xmit() when crypt and crypt->ops could be null. The fix adds null checks before dereferencing these fields. The vulnerability is local with likely crash/denial impact; exploitation status...

CVE-2022-49569

CVE-2022-49569 affects the bcm2835 SPI driver in the Linux kernel. When an IRQ-based transfer times out, bcm2835_spi_handle_err() could dereference ctlr->dma_tx/ctlr->dma_rx if DMA pointers are not set, due to the removal of the dma_pending flag. A fix was implemented to check that ctlr-&gt...

CVE-2022-49657

Mode C: CVE-2022-49657 affects the Linux kernel USB networking driver (usbnet). The issue is a memory leak in error paths, specifically usbnet_write_cmd_async() where the buffer(s) to be freed were mixed up, and later a fix for an uninitialized buffer pointer was added. Public references in Nessu...

CVE-2022-49661

Affected component: Linux kernel, gs_usb driver (USB CAN adapter). Issue: memory leak in gs_usb_open/close where RX URBs allocated with usb_alloc_coherent() were not freed by usb_kill_anchored_urbs() and DMA memory leaked. Root cause: improper freeing pattern; the fix explicitly frees RX URBs and...

CVE-2022-49713

In CVE-2022-49713, the Linux kernel vulnerability affects the USB-DWC2 HCD initialization path. The issue is a memory leak in dwc2_hcd_init where usb_create_hcd allocates memory for hcd but may fail to free it if platform_get_resource() fails; the fix moves the error path from error1 to error2 an...

CVE-2022-49725

Mode C: The CVE-2022-49725 issue affects the Linux kernel i40e driver (VF/PF path) where a race between PF reset and ethtool -t diag_test could let i40e_vsi_close sequence overlap and crash. The fix adds a guard to diag_test to skip offline tests while PF is resetting and logs a failure path (net...

CVE-2022-49920

Affected product: Linux kernel (netfilter nf_tables). Vulnerability arises from a race in the netlink notifier during object release after the RCU grace period, where the netlink notifier handler might win a race to remove objects still referenced by the transaction context. Root cause: commit re...

CVE-2022-49936

Summary (CVE-2022-49936) In the Linux kernel, the USB core vulnerable path is “Prevent nested device-reset calls.” The accompanying analysis shows a recursive locking violation in usb-storage when a nested reset occurs during device removal, caused by a reset being invoked while another is in pro...

CVE-2022-49966

The CVE-2022-49966 issue is in the Linux kernel DRM AMD PM subsystem, where the fini_microcode interface for the Sienna Cichlid platform was missing. The root cause is the missing ->fini_microcode hook, which could contribute to memory leaks. The vulnerability is described as locally exploitab...

CVE-2023-22996

CVE-2023-22996 affects the Linux kernel prior to 5.17.2. In drivers/soc/qcom/qcom_aoss.c, an of_find_device_by_node reference is not released after use (e.g., via put_device), which can lead to a lingering reference. The practical impact and exploitability are not described in the provided docume...

CVE-2023-31081

CVE-2023-31081 affects Linux kernel 6.2 in drivers/media/test-drivers/vidtv/vidtv_bridge.c, where a NULL pointer dereference occurs in vidtv_mux_stop_thread. The issue arises because, in vidtv_stop_streaming, after dvb->mux is set to NULL, vidtv_mux_stop_thread is invoked with the NULL pointer...

CVE-2023-52519

CVE-2023-52519 — Linux kernel (intel-ish-hid) : On Elkhart Lake (EHL) based systems, an Out-of-Band wake service can enable PME wake. The ISH driver must re-enable the ACPI GPE bit on resume to preserve wake capability, but BIOS clears the bit without decrementing the OS GPE reference count, caus...

CVE-2023-52865

CVE-2023-52865 affects the Linux kernel clk-mt6797 clock-data path. The vulnerability arises from not validating the return value of mtk_alloc_clk_data(), which could lead to a NULL pointer dereference. The fix adds a check for the return value to prevent NULL dereference and stabilize clock data...

CVE-2023-53048

CVE-2023-53048 (Linux kernel) : A fix addresses a warning that could be triggered when both source and sink devices send a Discover Identity message in PD3, which could cause a warning in tcpm_queue_vdm and related code paths. The issue is resolved by the kernel patch set that corrects handling o...

CVE-2024-27021

In CVE-2024-27021, the Linux kernel r8169 LED handling caused a RTNL-related deadlock on module removal due to binding devm_led_classdev_register() to the netdev. The fix removes device-managed LED functions and ensures led_classdev_unregister() is safe even if registration failed. This mitigates...

CVE-2024-35803

CVE-2024-35803 affects the Linux kernel, specifically the x86 efistub in mixed-mode boot handling. The root cause is that EFI boot service calls were made using the decompressor’s 16k boot stack during 32‑bit firmware entry paths, while EFI boot services require a larger (128k) stack. This mismat...

CVE-2024-35833

CVE-2024-35833 affects the Linux kernel's dmaengine: fsl-qdma. The issue is a memory leak in the queue command DMA caused by dma_alloc_coherent() being undone in neither the remove path nor the error path of fsl_qdma_probe(). The advisory across connected sources states the fix is to switch to th...

CVE-2024-35837

CVE-2024-35837 is tied to a Linux kernel issue in the mvpp2 driver where BM pool registers could persist values after a kexec boot, potentially triggering a kernel panic. The published fix requires clearing the BM pool before initialization. Connected documents (e.g., OESA-2024-2182) confirm the ...

CVE-2024-35850

CVE-2024-35850 affects the Linux kernel Bluetooth qca driver. Qualcomm ROME controllers registered from the Bluetooth line discipline can have a NULL HCI UART serdev pointer, leading to a NULL-pointer dereference when setup() is invoked for a non-serdev controller. The fix adds a missing sanity c...

CVE-2024-35917

CVE-2024-35917 (Linux kernel, s390/bpf) details from connected Azure Linux Nessus entry show the issue arises from GCC reordering memcpy() after assignments in bpf_jit_plt(), causing NULL pointers to be written instead of the intended return/target addresses. Root cause is GCC alias-analysis misc...

CVE-2024-35921

CVE-2024-35921 affects the Linux kernel media/mediatek vcodec HEVC decoding path. The stateless HEVC decoder stored the instance pointer in the context even on initialization failure, leading to a use-after-free when the pointer was freed during deinit. The documented workaround is to store the i...

CVE-2024-35961

Summary: CVE-2024-35961 affects the Linux kernel mlx5 driver (net/mlx5). A non-fatal firmware error during device probe could cause a WARN_ON because devlink_register() was invoked late; the fix is to call devl_register() first under the devlink lock to avoid the warning. The issue is documented ...

CVE-2024-36909

CVE-2024-36909 affects the Linux kernel hv (Hyper-V) vmbus ring buffers. The vulnerability arises when set_memory_decrypted() fails in CoCo VMs, causing memory to be shared instead of properly encrypted. The VMBus ring buffer code could free decrypted/shared pages if set_memory_decrypted() fails....

CVE-2024-37354

CVE-2024-37354 affects the Linux kernel with a btrfs crash when racing between fsync and size-extending writes into preallocated extents. Concrete details from connected docs show a BUG triggered in btrfs_set_item_key_safe() during a log/commit sequence (duplicate keys for prealloc extents), lead...

CVE-2024-39293

The CVE-2024-39293 entry concerns the Linux kernel and a regression/issue tied to the XDP/XSK path. The linked patch "xsk: Support redirect to any socket bound to the same umem" was reverted because removing the queue_index check allowed multiple napi instances to access the Rx ring concurrently,...

CVE-2024-40996

CVE-2024-40996 affects the Linux kernel. Problem: bpf: Avoid splat in pskb_pull_reason where a debug WARN may trigger for SYZKALLER-style nets; not interesting for valid traffic and can be suppressed. Root cause involves a debug hint in pskb_may_pull when CONFIG_DEBUG_NET=y; with CONFIG_DEBUG_NET...

CVE-2024-42109

In the Linux kernel, CVE-2024-42109 concerns netfilter nf_tables where the notifier performed a conditional flush of pending work. The issue allowed a slab use-after-free via concurrent references during table removal, exposed in nf-next after commit e169285f8c56 (netfilter: nf_tables: do not sto...

CVE-2024-44959

The CVE-2024-44959 entry concerns the Linux kernel tracefs component. It describes a root cause in the in-kernel memory reclaim path where structure layout randomization of struct inode can cause overlapping or misused RCU fields during freeing, potentially triggering list corruption (list_del) a...

CVE-2024-46808

CVE-2024-46808 affects the Linux kernel component drm/amd/display, where a missing NULL pointer check in dpcd_extend_address_range can lead to an assertion if kcalloc returns NULL. The connected Nessus entry confirms the vulnerability exists in Linux distros without a vendor patch and cites the s...

CVE-2024-50149

CVE-2024-50149 : In the Linux kernel, the drm/xe path had a repair for freeing a job during TDR, which could cause a use-after-free because TDR may run the run_job thread. The fix prevents freeing the job in TDR and instead queues it (or lets the scheduler free it). A patch was cherry-picked into...

CVE-2024-53682

CVE-2024-53682 (Linux kernel) fixes a crash when CPU DVFS is used by patching the regulator AX P717 ramp_delay handling in axp20x, updating AXP_DESC_RANGES and AXP_DESC macros to set ramp_delay to 0, and adjusting ramp/step calculations for DCDC4. The issue stems from AXP717 ramp delay behavior (...

CVE-2024-56534

CVE-2024-56534 affects the Linux kernel isofs implementation. The flaw is a memory leak in iocharset handling during mount parsing; opt->iocharset may not be freed in some paths (e.g., when isofs_fill_super is bypassed, such as in get_tree_bdev_flags scenarios). The description notes that free...

CVE-2024-56561

Technical details about CVE-2024-56561 are not provided in the connected documents. The initial description contains the kernel fix details but no public-facing specifics (affected products, versions, impact, or remediation) beyond that. Monitor for updates.

CVE-2024-57998

The CVE-2024-57998 issue affects the Linux kernel OPP (Operating Performance Points) subsystem. The vulnerability arises from a lack of proper index validation when reading the opp->rates[] table in _read_freq(), which could lead to a buffered read overflow. The patch adds an index parameter t...

CVE-2025-21661

CVE-2025-21661 relates to the Linux kernel GPIO virtuser subsystem. The issue occurred when a virtuser device is created via configfs and the probe failed due to an incorrect lookup table, causing the table not to be removed and blocking subsequent probes until the device is released. The fix int...

CVE-2025-22034

The CVE-2025-22034 entry concerns the Linux kernel mm/gup path where FOLL_SPLIT_PMD can occur with hugetlb VMAs. The patch series mm: fixes for device-exclusive entries (hmm), v2, resolves this by rejecting FOLL_SPLIT_PMD for hugetlb VMAs during device-exclusive handling. This is aimed at correct...

CVE-2025-22074

CVE-2025-22074 : In the Linux kernel, ksmbd had a r_count increment/decrement mismatch that could cause r_count to become negative, leading to ksmbd thread termination issues. The issue is fixed by a patch fixing the r_count dec/increment pairing when oplock breaks occur. Affected component is ks...

CVE-2025-37897

CVE-2025-37897 affects the Linux kernel wifi driver (plfxlc) where plfxlc_mac_release() asserts mac->lock, which is incorrect because mac->lock cannot be held when probe fails or the device is disconnected. The issue can trigger a kernel warning (warning trace shown in the advisory) and is ...

CVE-2025-37900

CVE-2025-37900: In the Linux kernel, two issues in iommu_copy_struct_from_user() were fixed in the current header; review noted NULL pointer handling in iommu_copy_struct_to_user() and a related typo. Connected advisories/entries confirm this CVE is included among kernel fixes across distribution...

CVE-2025-37909

CVE-2025-37909 affects the Linux kernel net: lan743x subsystem. When GSO is enabled and fragments count is zero, skb is mapped to an EXT descriptor, preventing it from being freed and causing a memory leak. The fix maps the skb to the LS descriptor unconditionally, eliminating the memleak. This i...

CVE-2025-37993

CVE-2025-37993 refers to a Linux kernel issue where the m_can_classdev.tx_handling_spinlock was not initialized during device probe, causing a spinlock bad magic crash (notably when cansend is used). The problem is resolved by initializing the spin lock in m_can_class_allocate_dev. Affected conte...

CVE-2025-38011

Summary: CVE-2025-38011 affects the Linux kernel DRM/amdgpu path (csa unmapping). The root cause is a use of an interruptible lock while unmapping the CSA and freeing GPU VM, which could lead to a memory leak and a warning backtrace when a signal is accepted after process exit and a VM lock wait ...

CVE-1999-0656

The CVE-1999-0656 issue affects the ugidd RPC interface and allows remote enumeration of valid usernames by querying arbitrary UIDs mapped to local user/group names. Connected documents indicate affected kernel packages in Linux distributions (e.g., CBL Mariner and Red Hat-sourced advisories) wit...

CVE-2004-1017

Technical details (affected product/version, root cause, impact, remediation) are not publicly provided in the supplied documents. The CVE entry lacks concrete information here; monitor for updates.