CVE-2022-49285

CVE-2022-49285 affects the Linux kernel iio: accel: mma8452 driver. The root cause was using the wrong device pointer to locate the corresponding iio data; the old logic could end up dereferencing NULL after the iio_device_alloc change. The fix corrects the data retrieval by using the API path: s...

CVE-2012-6544

CVE-2012-6544 affects the Linux kernel Bluetooth stack prior to 3.6. The issue arises from improper initialization of certain structures in the L2CAP/HCI paths, enabling a local attacker to read sensitive data from kernel stack memory via a crafted application. MiracleLinux AXSA-2014-258 (kernel-...

CVE-2013-4270

CVE-2013-4270 affects the Linux kernel: the net_ctl_permissions function in net/sysctl_net.c may misdetermine uid/gid, allowing a local user to bypass /proc/sys/net restrictions. Affected: kernels before 3.11.5 (reported in EulerOS advisories and Nessus/OpenVAS listings). Impact is local privileg...

CVE-2013-7269

The CVE-2013-7269 vulnerability affects the Linux kernel (affected area: net/netrom/af_netrom.c) before 3.12.4. The issue arises when nr_recvmsg updates a length value without ensuring the associated data structure is initialized, enabling local attackers to read kernel memory via recvfrom, recvm...

CVE-2014-3535

CVE-2014-3535 affects the Linux kernel prior to 2.6.36, specifically the include/linux/netdevice.h logging macros. The root cause is incorrect use of macros for netdev_printk, enabling a remote attacker to trigger a NULL pointer dereference and system crash by sending invalid packets to a VxLAN i...

CVE-2014-3631

The CVE-2014-3631 issue affects the Linux kernel before 3.16.3, specifically the assoc_array_gc path in lib/assoc_array.c. A bug in the garbage collection allows a local attacker to trigger a NULL pointer dereference, leading to a denial of service (system crash). Affected component: kernel garba...

CVE-2014-7843

The CVE-2014-7843 entry affects the Linux kernel on ARM64 and is caused by the __clear_user function in arch/arm64/lib/clear_user.S. It allows local attackers to trigger a denial of service (system crash) by reading one byte beyond a /dev/zero page boundary in kernels prior to 3.17.4. Public refe...

CVE-2015-9004

CVE-2015-9004 affects the Linux kernel up to version 3.18 (pre-3.19). The flaw is in kernel/events/core.c where improper handling of counter grouping enables local privilege escalation via crafted apps, involving perf_pmu_register and perf_event_open. The impact is local Privilege Escalation with...

CVE-2016-4558

CVE-2016-4558 : The Linux kernel BPF subsystem before 4.5.5 mishandles reference counts, enabling a local attacker to trigger a denial-of-service via use-after-free, with possible other impact on systems with large memory (32 GB+ and 1 TB mentioned in the advisory). The Nessus/NVD documents confi...

CVE-2017-9985

CVE-2017-9985 is a local double-fetch vulnerability in the Linux kernel (snd_msndmidi_input_read in sound/isa/msnd/msnd_midi.c) affecting up to version 4.11.7. Exploitation can cause denial of service (over-boundary access) with potential unspecified impact. Public references in Nessus/OpenVAS/U-...

CVE-2018-14615

CVE-2018-14615 concerns a buffer overflow in the Linux kernel up to version 4.17.10, triggered in truncate_inline_inode() within fs/f2fs/inline.c when unmounting an f2fs image because a length value may be negative. The connected Nessus entries repeat the same description and tie the issue to the...

CVE-2018-17977

CVE-2018-17977 affects Linux kernel 4.14.67, where interaction between XFRM Netlink messages, IPPROTO_AH, and IPPROTO_IP can be exploited locally (with root) to trigger memory exhaustion and system hang; demonstrated on CentOS 7. The provided documents do not specify a fix or patch version.

CVE-2019-18680

Mode C: Affected software is Linux kernel 4.4.x (before 4.4.195). The vulnerability is a NULL pointer dereference in rds_tcp_kill_sock() inside net/rds/tcp.c, which leads to denial of service. Mitigation/workaround: apply the patch from Linux stable 4.4.195 (ChangeLog-4.4.195) or update to a fixe...

CVE-2021-47095

CVE-2021-47095 affects the Linux kernel’s ipmi_ssif (ssif) driver. The root cause was dereferencing ssif_info->client in an error path before it was guaranteed to be set, leading to a NULL pointer dereference and a kernel crash. The fix initializes ssif_info->client before any error path ca...

CVE-2021-47149

The CVE-2021-47149 entry concerns a Linux kernel vulnerability in the Fujitsu net driver where fmvj18x_get_hwinfo() dereferences NULL if ioremap fails. The fix adds a check on the ioremap return value and returns -1 to the caller on failure, preventing a NULL pointer dereference. Public details i...

CVE-2021-47169

CVE-2021-47169 : In the Linux kernel, the serial rp2 driver could NULL-dereference if a firmware load via request_firmware_nowait occurred before ports were initialized. The fix was to use a synchronous firmware load (request_firmware) during rp2_probe to ensure interrupts are not handled before ...

CVE-2021-47250

CVE-2021-47250: memory leak in Linux kernel netlbl_cipsov4_add_std. The memory for doi_def->map.std allocated in netlbl_cipsov4_add_std is not freed anywhere; it should be freed in cipso_v4_doi_free, which frees the cipso DOI resource. This vulnerability detail is consistently described in con...

CVE-2021-47259

CVE-2021-47259 is a Linux kernel use-after-free in NFS: nfs4_init_client. Public docs confirm KASAN-detected UAF when mounting two exports via two NICs on the same server; affected kernels include around 5.7–5.10 with the root cause linked to refcounting changes. The connected Astra/Unity/EulerOS...

CVE-2021-47269

CVE-2021-47269 is a Linux kernel issue in the DesignWare USB3 (dwc3) ep0 handling. The root cause is missing validation of the ep index from dwc3_wIndex_to_dep(), which can lead to referring to a non-existing endpoint and a NULL pointer dereference in certain configurations (e.g., composite devic...

CVE-2021-47288

CVE-2021-47288 affects the Linux kernel media: ngene component. Affected code path is ngene_command_config_free_buf(), which previously copied 6 bytes into a one-byte config field of the wrong structure (FW_CONFIGURE_BUFFERS) via a single memcpy(). The fix relocates the 6 additional members into ...

CVE-2021-47307

CVE-2021-47307 affects the Linux kernel CIFS code; a NULL pointer dereference in cifs_compose_mount_options() could occur when the optional ref parameter contains a NULL node_name. The issue has been resolved in the kernel, with fixes committed in stable updates (references point to kernel commit...

CVE-2021-47425

CVE-2021-47425: Linux kernel vulnerability in i2c via ACPI resource leak. acpi_i2c_find_adapter_by_handle() calls bus_find_device() which takes a reference on the adapter that is never released, causing a reference-count leak and potentially rendering the adapter unremovable. Connected advisories...

CVE-2021-47475

CVE-2021-47475 is a Linux kernel vulnerability in the comedi vmk80xx USB driver. The issue arises from transfer-buffer size checks: buffers were endpoint-sized and lacked validation, enabling overflows when a malicious device with larger max-packet sizes or unexpected accesses could write past th...

CVE-2021-47478

CVE-2021-47478 : In the Linux kernel, the isofs driver could read beyond the end of the buffer when processing corrupted isofs images in isofs_read_inode(). The fix adds a sanity check on the directory entry length before use, preventing out-of-bounds reads. Remediation is to apply the kernel pat...

CVE-2021-47482

CVE-2021-47482 concerns a Linux kernel issue in the batman-adv code path. The root cause was incorrect error handling in batadv_mesh_init(), which could trigger a free when some batadv_init() failed and risk operating on uninitialized fields. Syzbot observed an ODEBUG warning in batadv_nc_mesh_fr...

CVE-2021-47538

CVE-2021-47538 affects the Linux kernel’s rxrpc component. The root cause is a leak of an rxrpc_local reference in rxrpc_lookup_peer(), where a peer candidate’s local object is not released properly. The fix requires calling rxrpc_put_local() for the peer candidate before kfree(), as the peer hol...

CVE-2021-47583

CVE-2021-47583 affects the Linux kernel’s media/mxl111sf driver. Syzbot reported an uninitialized mutex in mxl111sf_ctrl_msg() due to the previous mutex_init(&state->msg_lock) being called too late. The order of dvb_usbv2_init() calls meant mxl111sf_ctrl_msg() could run from frontend_attach be...

CVE-2021-47597

CVE-2021-47597 affects the Linux kernel inet_diag path handling UDP sockets. The root cause is that UDP paths did not initialize r->idiag_expires in inet_sk_diag_fill(), enabling kernel-infoleak reports observed by KMSAN. The provided connected advisories describe a chain of in-kernel data flo...

CVE-2021-47636

CVE-2021-47636 relates to the Linux kernel ubifs_wbuf_write_nolock() reading beyond buf bounds, causing a slab-out-of-bounds read in KASAN/ubifs paths. The vulnerability arises when len is not 8-byte aligned and the function writes via ubifs_leb_write(), potentially reading past the end of the bu...

CVE-2021-47642

CVE-2021-47642: in the Linux kernel’s video fbdev/nvidiafb path, a fixed-size buffer overrun could occur by copying a channel name with strcpy into chan->adapter.name. The defect arises from copying into a 48-char buffer without length checks; fix is to use strscpy() to prevent overflows. The ...

CVE-2021-47650

CVE-2021-47650: In the Linux kernel, ASoC: soc-compress had a potential null pointer when codec_dai could be NULL if card->dai_link->num_codecs was 0, traced through snd_soc_register_card() -> snd_soc_bind_card() -> soc_init_pcm_runtime() -> snd_soc_dai_compress_new() -> snd_soc...

CVE-2022-3533

CVE-2022-3533 affects the Linux kernel’s BPF component, specifically the parse_usdt_arg function in tools/lib/bpf/usdt.c, where manipulation of the reg_name argument leads to a memory leak. The vulnerability is described across multiple sources (NVD, vendor advisories) and a patch is recommended ...

CVE-2022-3977

CVE-2022-3977 is a use-after-free in the Linux kernel MCTP implementation. It occurs when a user performs a DROPTAG ioctl while a socket close happens, potentially crashing the system or allowing local privilege escalation. The issue is documented across multiple sources (NVD entry and OSV/GNU-fa...

CVE-2022-48665

CVE-2022-48665 affects the Linux kernel exfat driver/file-system handling where an int-based sector index can overflow on large-capacity partitions (e.g., >2TB with 512-byte sectors). The issue is resolved in the Linux kernel (exfat: fix overflow for large capacity partition). Connected source...

CVE-2022-48694

CVE-2022-48694 concerns the Linux kernel RDMA/irdma component. The root cause was that SW-generated completions for outstanding WRs posted on a Send Queue (SQ) could be targeted to the wrong Completion Queue (CQ) after a QP enters an error state, causing ib_drain_sq to hang without a completion. ...

CVE-2022-48708

The CVE-2022-48708 issue affects the Linux kernel’s pinctrl/pinmux subsystem. A NULL dereference could occur because pinmux_generic_get_function() could return NULL and the code dereferenced the function pointer without a NULL check, in pcs_set_mux(). The vulnerability was addressed by adding a N...

CVE-2022-48744

In CVE-2022-48744, the Linux kernel net/mlx5e driver was made resilient to field-bound checking by avoiding a field-overflowing memcpy() across neighboring fields. The root cause involved copying MLX5E_XDP_MIN_INLINE bytes into a 2-byte inline_hdr.start, causing writes to adjacent data (vlan_tci,...

CVE-2022-48805

CVE-2022-48805 affects the Linux kernel USB driver net: usb: ax88179_178a, specifically the rx_fixup path (ax88179_rx_fixup()). The issue is multiple out-of-bounds accesses in RX fixup that can be triggered by a malicious or defective USB device. Reported problems include: (1) an out-of-bounds me...

CVE-2022-48887

CVE-2022-48887 relates to the Linux kernel DRM vmwgfx driver. The issue was caused by buggy RCU-based user-resource lookups that could crash the driver when command buffers were submitted from two threads. The fix replaces those RCU paths with a regular spin lock to resolve the race conditions in...

CVE-2022-48959

CVE-2022-48959 affects the Linux kernel net: dsa: sja1105 code path. The root cause is a memory leak when dsa_devlink_region_create fails in sja1105_setup_devlink_regions(), where priv->regions is not released. The vulnerability resolution is a fix in the kernel that releases the leaked memory...

CVE-2022-48972

CVE-2022-48972 affects the Linux kernel’s mac802154 code path. The issue arises in ieee802154_if_add() where a wpan_dev private data structure’s list is not initialized, potentially leading to a NULL pointer dereference during notifier handling (cfg802154_netdev_notifier_call) as devices are regi...

CVE-2022-49019

Converging sources confirm CVE-2022-49019 affects the Linux kernel nixge Ethernet driver. The issue is a NULL dereference in nixge_hw_dma_bd_release() when priv->rx_bd_v is invalid due to a prior allocation failure in nixge_hw_dma_bd_init(). A fix exists that moves the for() loop dereferencing...

CVE-2022-49098

Technical details about CVE-2022-49098 (affected product/versions, root cause, impact, fix) are not provided in the connected documents. The Initial description contains patch context but no public exploit specifics; monitor for updates.

CVE-2022-49110

CVE-2022-49110 relates to the Linux kernel netfilter conntrack autotuning change. The vulnerability stems from the gc logic that evicts entries; after the commit 4608fdfc07e1, conntrack gc runs every 2 minutes and, on large hash tables, evictions shift from the packet path to the gc worker, poten...

CVE-2022-49120

CVE-2022-49120 pertains to the Linux kernel SCSI pm8001 path. The vulnerability is a task leak in pm8001_send_abort_all() where allocated SAS tasks may not be freed if pm8001_tag_alloc() or pm8001_mpi_build_cmd() fail. The fix ensures proper freeing of the SAS task in those failure paths. Public ...

CVE-2022-49125

CVE-2022-49125 affects the Linux kernel DRM sprd driver. The issue is a potential NULL dereference of the ‘drm’ pointer in sprd_drm_shutdown, with a warning log that could dereference it. The fix removes the dereference risk by adjusting the shutdown path and changes the warning handling from unc...

CVE-2022-49126

CVE-2022-49126 concerns the Linux kernel component scsi/mpi3mr. The issue is described as memory leaks in the operational reply queue’s memory segments that are not freed when unloading the driver. The entry states a fix for these leaks has been implemented. No exploitation details are provided i...

CVE-2022-49189

CVE-2022-49189 : In the Linux kernel (clk-rcg2, Qualcomm display pixel clock), final D calculation for the M/N ratio could fall outside the accepted range, causing underflow. The fix updates the D-value calculation to respect the valid range for given M and N, preventing underflow. Affected compo...

CVE-2022-49242

CVE-2022-49242 relates to the Linux kernel ASoC: mxs driver. The issue is a refcount leak in error paths within mxs_sgtl5000_probe caused by only calling of_node_put() in the regular path; if codec_np is NULL, saif_np[0] and saif_np[1] may remain non-NULL and leak. The root cause is improper rele...

CVE-2022-49271

CVE-2022-49271 affects the Linux kernel CIFS/SMB2 code. When smb2_ioctl_query_info() is called with flags=PASSTHRU_FSCTL and output_buffer_length=0, the kernel could copy a bad pointer (buffer) and end up dereferencing NULL, potentially leading to a NULL pointer dereference. The fix also ensures ...