CVE-2022-49176

CVE-2022-49176: Linux kernel fix for a use-after-free in bfq_dispatch_request (bfq) causing potential memory corruption in SCSI-mq paths. The issue is addressed by kernel patches referenced in the linked advisories (Unity Linux UTSA updates and Astra/Linux advisories). Exploitation status is not ...

CVE-2022-49189

CVE-2022-49189 : In the Linux kernel (clk-rcg2, Qualcomm display pixel clock), final D calculation for the M/N ratio could fall outside the accepted range, causing underflow. The fix updates the D-value calculation to respect the valid range for given M and N, preventing underflow. Affected compo...

CVE-2022-49201

The CVE-2022-49201 entry concerns a race in ibmvnic where ibmvnic_xmit() can access a tx_scrq after it has been freed in reset, potentially crashing the kernel. The connected Astra Linux/SUSE OSV records reiterate the Linux kernel fix and describe the root cause as a race between reset/open and t...

CVE-2022-49206

CVE-2022-49206 affects the Linux kernel RDMA/mlx5 path. The issue is a memory leak in the error flow of the subscribe event routine where a second xa_insert() failure leaves obj_event unreleased. The fix adds proper memory cleanup in the error unwinding path to prevent the leak. The documented im...

CVE-2022-49258

The CVE-2022-49258 issue is in the Linux kernel crypto/ccree: a use-after-free in cc_cipher_exit() where ctx_p->user.key is freed by kfree_sensitive() but still used on the following line. The fix prevents UAF by moving kfree_sensitive(ctx_p->user.key) after dev_dbg(), effectively ensuring ...

CVE-2022-49282

CVE-2022-49282 is a Linux kernel issue affecting f2fs quota handling. The vulnerability stems from an incorrect loop condition in f2fs_quota_sync() where cnt should be passed to sb_has_quota_active() to correctly determine active quotas. When type is -1, the compiler may discard the check, potent...

CVE-2022-49284

The CVE-2022-49284 entry affects the Linux kernel coresight subsystem (syscfg: cscfg_create_device). The issue is a memory leak on registration failure caused by improper error handling in device_register() after device_initialize(); the recommended fix is to use put_device() to relinquish the re...

CVE-2022-49285

CVE-2022-49285 affects the Linux kernel iio: accel: mma8452 driver. The root cause was using the wrong device pointer to locate the corresponding iio data; the old logic could end up dereferencing NULL after the iio_device_alloc change. The fix corrects the data retrieval by using the API path: s...

CVE-2022-49293

The CVE-2022-49293 entry concerns the Linux kernel where the nf_tables code path in nft_do_chain had a bug in register initialization. The issue could allow a stack leak into userspace, with local attack vector and no user interaction required. The vulnerability is classified as LOCAL, with LOW a...

CVE-2022-49353

The CVE-2022-49353 entry affects the Linux kernel’s powerpc/papr_scm PMU code. A NULL pointer and kernel panic could be triggered when a zero-sized stat_buffer is passed to drc_pmem_query_stats() for NVDIMM performance IDs because papr_scm_pmu_check_events() did not verify p->stat_buffer_len b...

CVE-2022-49460

CVE-2022-49460 is a Linux kernel vulnerability affecting the devfreq subsystem (rk3399_dmc: disable edev on remove) that can cause an unbalanced enable-count when unbinding the DFI device. The issue is fixed in the kernel by disabling edev on remove, preventing the erroneous enable/disable tracki...

CVE-2022-49474

CVE-2022-49474 (Linux kernel) affects the Bluetooth SCO path. The issue arises when connecting the same SCO socket twice (sco_sock_connect), which can create two sco_conn objects but only one is bound to the socket. If the socket closes before the SCO connection is established, the timer for the ...

CVE-2022-49495

CVE-2022-49495 : In the Linux kernel, the drm/msm/hdmi driver fails to check the return value of platform_get_resource_byname(), which can lead to a null-pointer dereference if NULL is returned. The issue has been fixed by applying a patch that adds the necessary NULL check (Patchwork: 482992). S...

CVE-2022-49502

CVE-2022-49502 relates to the Linux kernel, specifically the media driver component for the rga (graphics) device. The issue was a memory leak in rga_probe where the rga->m2m_dev could remain allocated if rga_probe failed, and the resolution requires freeing m2m_dev on probe failure. The vulne...

CVE-2022-49640

The CVE-2022-49640 issue affects the Linux kernel’s sysctl path, specifically proc_douintvec_minmax(). A concurrent access to a sysctl variable led to potential data races; the fix patches the function to use READ_ONCE() and WRITE_ONCE() internally, addressing the data-race on the sysctl side. Th...

CVE-2022-49652

CVE-2022-49652 affects the Linux kernel in the dmaengine: ti driver, specifically ti_dra7_xbar_route_allocate. The root cause is a refcount leak caused by not calling of_node_put() on a phandle-derived node when it is no longer needed; of_parse_phandle() returns a node pointer with an incremented...

CVE-2022-49703

Conforms to Mode C. The CVE-2022-49703 issue affects the Linux kernel ibmvfc driver: the back pointer from a SCSI queue to the vhost adapter was not set during subcrq allocation, which could allow a stale backpointer to be dereferenced during IRQ handling. This could cause a kernel NULL pointer d...

CVE-2022-49705

CVE-2022-49705 - Linux kernel 9p fid refcount leak . A fix was implemented for the 9p fid refcount leak in v9fs_vfs_atomic_open_dotl, ensuring the directory fid is released if the open() sequence fails partway. This prevents fid leaks observed with xfstests generic 531. The description in the ini...

CVE-2022-49711

The CVE-2022-49711 issue affects the Linux kernel in the bus: fsl-mc-bus path. Root cause: in fsl_mc_bus_remove(), mc->root_mc_bus_dev->mc_io is passed to fsl_destroy_mc_io() after mc->root_mc_bus_dev has already been freed in fsl_mc_device_remove(), causing a KASAN use-after-free. Mitig...

CVE-2022-49921

CVE-2022-49921 has concrete details in connected sources: the Linux kernel vulnerability is a use-after-free in net_sched (red_enqueue) where skb must not be reused after qdisc_enqueue() is called. The tied OpenVAS/NASL entries corroborate the fix as part of the kernel scheduling code, linking to...

CVE-2022-50029

CVE-2022-50029 affects the Linux kernel “clk: qcom: ipq8074: dont disable gcc_sleep_clk_src” issue where the USB sleep clock is disabled while the clock framework tries to disable the sleep clock source, causing a failure. The connected advisories (Unity Linux / Astra Linux / SUSE entries) descri...

CVE-2022-50117

CVE-2022-50117 (Linux kernel) : The issue concerns VFIO with migration ops. The mlx5 driver registered migration ops (set_state/get_state) without respecting migration caps, potentially allowing user-space calls to ops not supported by the driver, e.g., leaving migration_state_mutex uninitialized...

CVE-2022-50190

The CVE-2022-50190 entry concerns a Linux kernel issue in the SPI subsystem: a change related to devm_spi_register_controller is reverted, and if devm_add_action() fails in devm_add_action_or_reset(), devm_spi_unregister() decreases ctlr->dev refcount to 0, potentially causing a use-after-free...

CVE-2023-20849

The CVE-2023-20849 vulnerability is in the imgsys_cmdq component and is caused by missing valid range checking, leading to a use-after-free that can enable local privilege escalation with SYSTEM privileges. Exploitation requires user interaction. Affected context references MediaTek-related discl...

CVE-2023-2898

CVE-2023-2898 is a Linux kernel vulnerability: a null-pointer dereference in f2fs_write_end_io (fs/f2fs/data.c) can be triggered by a local, privileged user to cause a denial of service. Public documentation confirms this flaw and ties it to the f2fs filesystem on the Linux kernel, with advisorie...

CVE-2023-4394

CVE-2023-4394 is a local-use-after-free in the Linux kernel’s btrfs subsystem, specifically in btrfs_get_dev_args_from_path (fs/btrfs/volumes.c). The flaw allows a local attacker with special privileges to crash the system or leak internal kernel information. The vulnerability is documented acros...

CVE-2023-52516

CVE-2023-52516 affects the Linux kernel’s dma-debug path. The root cause is that __dma_entry_alloc_check_leak() could be invoked while holding free_entries_lock and then call printk/serial console while port->lock is held, creating a reverse locking dependency chain: console_owner -> port_l...

CVE-2023-52816

CVE-2023-52816 relates to a Linux kernel flaw in drm/amdkfd where a UBSAN shift out-of-bounds occurs when shifting exponent 255, which is too large for a 64-bit unsigned long during a page-fault/get_user path. Impact is high (local exploitability per CVSS), and the issue is fixed by kernel patche...

CVE-2023-52921

The CVE-2023-52921 entry affects the Linux kernel’s DRM/amdgpu path, where a use-after-free (UAF) can occur in amdgpu_cs_pass1. The root cause is that the gang_size check is outside the chunk parsing loop, so i must be reset before freeing the chunk data. This vulnerability has been addressed by ...

CVE-2023-53038

CVE-2023-53038 concerns the Linux kernel: in scsi lpfc, the function lpfc_sli4_cgn_params_read() may encounter a kzalloc() failure, after which lpfc_read_object() dereferences pdata without a NULL check. The published fix changes the error code path from -ENODEV to -ENOMEM to reflect allocation f...

CVE-2024-27433

CVE-2024-27433 affects the Linux kernel clock driver: mediatek mt7622-apmixedsys. The root cause was an error path where clk_data, allocated via mtk_devm_alloc_clk_data(), could be double-freed if mtk_free_clk_data() remained in the remove path. The fix removes this redundant deallocation in the ...

CVE-2024-35971

The CVE-2024-35971 entry concerns the Linux kernel ks8851 driver hang due to incorrect softirq handling. In ks8851_irq(), a spinlock is acquired before calling netif_rx(), which can trigger net_rx_action and reach the driver’s .start_xmit callback. If ks8851_start_xmit_par subsequently re-enters ...

CVE-2024-35981

CVE-2024-35981 affects Linux kernel virtio_net RSS handling. Root cause: RSS command setup in virtionet may be sent even when the device does not support RSS, causing a zero-length buffer to be passed to QEMU and triggering a kernel loop due to virtqueue/broken device handling. Impact: potential ...

CVE-2024-36937

Summary of CVE-2024-36937 : The Linux kernel vulnerability affects XDP redirect handling when broadcasting to a map via BPF_F_BROADCAST. The issue arose because xdp_do_redirect() could see a NULL destination pointer if the destination map was destroyed before the XDP program ran, causing a crash....

CVE-2024-36947

In CVE-2024-36947, the Linux kernel had a dentry leak in qibfs due to simple_recursive_removal() dropping pinning references for positives in a subtree. When the argument is retained by pinning from dcache lookup, it must be balanced with an explicit dput(); otherwise, a leak can occur. The conne...

CVE-2024-36949

CVE-2024-36949 affects the Linux kernel component responsible for AMD GPU kernel fusion driver (amd/amdkfd). The issue arises when multiple devices are reset in parallel: the first device calls kfd_suspend_all_processes() to evict all processes across devices, which can take time, while other dev...

CVE-2024-36975

CVE-2024-36975 is a Linux kernel issue: when asn1_encode_sequence() fails, using WARN is inappropriate. The function is located in lib/asn1_encode.c and is not an internal helper, which makes the stack trace less useful. On certain paths, this can crash the kernel if panic_on_warn is set. The rec...

CVE-2024-38550

CVE-2024-38550 : In the Linux kernel, the ASoC kirkwood code fix prevents a potential NULL dereference in kirkwood_dma_hw_params by guarding the mv_mbus_dram_info() return value when CONFIG_PLAT_ORION is not defined. The vulnerability arises because mv_mbus_dram_info() can return NULL, and derefe...

CVE-2024-38568

The CVE-2024-38568 entry concerns the Linux kernel: drivers/perf: hisi: hns3. It fixes an out-of-bounds write in the event_group array when more events than HNS3_PMU_MAX_HW_EVENTS are added to a perf event group. Root cause: lack of array index bounds checking when writing to event_group[]. Impac...

CVE-2024-38590

CVE-2024-38590 affects the Linux kernel RDMA/hns path where excessive CQE error printing could panic the kernel. The fix changes ibdev_err() to ibdev_err_ratelimited() and lowers the CQE dump printing level to debug, per the provided commits (Git kernel stable history). Connected Nessus entries r...

CVE-2024-38616

CVE-2024-38616 affects the Linux kernel wifi: carl9170 stack. The issue is a fortified-memset warning triggered in carl9170_tx_release (inlined via kref_put and carl9170_tx_put_skb) in randconfig builds. The root cause is a Fortify warning in fortify_memset_chk due to memory bounds handling; patc...

CVE-2024-39504

The CVE-2024-39504 entry corresponds to a Linux kernel netfilter issue in nft_inner, where mandatory netlink attributes for payload/meta expressions were not validated when embedded from the inner expression. This could lead to a NULL pointer dereference from userspace. A MiracleLinux AXSA adviso...

CVE-2024-39510

CVE-2024-39510 affects the Linux kernel’s cachefiles subsystem, specifically the cachefiles_ondemand_daemon_read path. The issue is a slab-use-after-free in cachefiles_ondemand_daemon_read() that can lead to use-after-free of an object during on-demand daemon restoration, as demonstrated by a KAS...

CVE-2024-40979

CVE-2024-40979 describes a Linux kernel issue in the ath12k QMI memory handling during resume. When the module loads, firmware requests large memory segments; if DMA remap is not supported, initial allocations fail and a second attempt uses small segments that succeed. On resume, the driver again...

CVE-2024-43852

CVE-2024-43852 refers to a Linux kernel hwmon LTC2991 off-by-one bug in which LTC2991_T_INT_CH_NR is 4 and st->temp_en[] has 4 elements. The vulnerability occurs when channel equals LTC2991_T_INT_CH_NR, reading beyond the end of the array. The fix, described in the description, is to reorder t...

CVE-2024-46734

The CVE-2024-46734 entry concerns a race in the Linux kernel’s Btrfs when two threads share the same O_DIRECT file descriptor: one thread performs direct IO writes while the other calls fsync. According to the description, btrfs_direct_write() may set a stack-allocated private structure with fsyn...

CVE-2024-47717

Technical details for CVE-2024-47717 are not publicly provided in the supplied documents; monitor for updates.

CVE-2024-49942

Technical details about CVE-2024-49942 are not provided in the connected documents. The entry is listed with kernel-related fix/impact, but there are no vendor/product/version/exploit specifics available here.

CVE-2024-50213

CVE-2024-50213 pertains to the Linux kernel’s DRM HDMI test path. The issue is a memory leak where a mode object allocated by drm_mode_duplicate() during drm_display_mode_from_cea_vic() is not freed. This leak was observed when loading drm_hdmi_state_helper_test via modprobe and then removing it,...

CVE-2024-53073

Technical details (affected product/component, root cause, impact, fixes) for CVE-2024-53073 are not provided in the connected documents. References merely list the CVE across advisories without elaboration; monitor for updates and official patch information.