CVE-2022-49110

CVE-2022-49110 relates to the Linux kernel netfilter conntrack autotuning change. The vulnerability stems from the gc logic that evicts entries; after the commit 4608fdfc07e1, conntrack gc runs every 2 minutes and, on large hash tables, evictions shift from the packet path to the gc worker, poten...

CVE-2022-47942

CVE-2022-47942 affects ksmbd in Linux kernels 5.15–5.19 before 5.19.2. The issue is a heap-based buffer overflow in set_ntacl_dacl triggered by use of SMB2_QUERY_INFO_HE after a malformed SMB2_SET_INFO_HE, potentially exposing memory corruption paths. Public references confirm the vulnerability a...

CVE-2022-48665

CVE-2022-48665 affects the Linux kernel exfat driver/file-system handling where an int-based sector index can overflow on large-capacity partitions (e.g., >2TB with 512-byte sectors). The issue is resolved in the Linux kernel (exfat: fix overflow for large capacity partition). Connected source...

CVE-2022-48694

CVE-2022-48694 concerns the Linux kernel RDMA/irdma component. The root cause was that SW-generated completions for outstanding WRs posted on a Send Queue (SQ) could be targeted to the wrong Completion Queue (CQ) after a QP enters an error state, causing ib_drain_sq to hang without a completion. ...

CVE-2022-48708

The CVE-2022-48708 issue affects the Linux kernel’s pinctrl/pinmux subsystem. A NULL dereference could occur because pinmux_generic_get_function() could return NULL and the code dereferenced the function pointer without a NULL check, in pcs_set_mux(). The vulnerability was addressed by adding a N...

CVE-2022-48739

CVE-2022-48739 affects the Linux kernel ASoC hdmi-codec subsystem. The vulnerability arises from out-of-bounds memory accesses during memcpy(), caused by an incorrect size for the iec_status array. The fix aligns the size of iec_status with the status array of struct snd_aes_iec958, eliminating t...

CVE-2022-48744

In CVE-2022-48744, the Linux kernel net/mlx5e driver was made resilient to field-bound checking by avoiding a field-overflowing memcpy() across neighboring fields. The root cause involved copying MLX5E_XDP_MIN_INLINE bytes into a 2-byte inline_hdr.start, causing writes to adjacent data (vlan_tci,...

CVE-2022-48805

CVE-2022-48805 affects the Linux kernel USB driver net: usb: ax88179_178a, specifically the rx_fixup path (ax88179_rx_fixup()). The issue is multiple out-of-bounds accesses in RX fixup that can be triggered by a malicious or defective USB device. Reported problems include: (1) an out-of-bounds me...

CVE-2022-48887

CVE-2022-48887 relates to the Linux kernel DRM vmwgfx driver. The issue was caused by buggy RCU-based user-resource lookups that could crash the driver when command buffers were submitted from two threads. The fix replaces those RCU paths with a regular spin lock to resolve the race conditions in...

CVE-2022-48959

CVE-2022-48959 affects the Linux kernel net: dsa: sja1105 code path. The root cause is a memory leak when dsa_devlink_region_create fails in sja1105_setup_devlink_regions(), where priv->regions is not released. The vulnerability resolution is a fix in the kernel that releases the leaked memory...

CVE-2022-49019

Converging sources confirm CVE-2022-49019 affects the Linux kernel nixge Ethernet driver. The issue is a NULL dereference in nixge_hw_dma_bd_release() when priv->rx_bd_v is invalid due to a prior allocation failure in nixge_hw_dma_bd_init(). A fix exists that moves the for() loop dereferencing...

CVE-2022-49098

Technical details about CVE-2022-49098 (affected product/versions, root cause, impact, fix) are not provided in the connected documents. The Initial description contains patch context but no public exploit specifics; monitor for updates.

CVE-2022-49100

The CVE-2022-49100 entry concerns the Linux kernel virtio_console subsystem. The vulnerability is resolved by removing anonymous init and exit functions (module_init/module_exit) and assigning unique driver-specific names, to avoid ambiguity in System.map and initcall_debug logs, per the descript...

CVE-2022-49120

CVE-2022-49120 pertains to the Linux kernel SCSI pm8001 path. The vulnerability is a task leak in pm8001_send_abort_all() where allocated SAS tasks may not be freed if pm8001_tag_alloc() or pm8001_mpi_build_cmd() fail. The fix ensures proper freeing of the SAS task in those failure paths. Public ...

CVE-2022-49125

CVE-2022-49125 affects the Linux kernel DRM sprd driver. The issue is a potential NULL dereference of the ‘drm’ pointer in sprd_drm_shutdown, with a warning log that could dereference it. The fix removes the dereference risk by adjusting the shutdown path and changes the warning handling from unc...

CVE-2022-49126

CVE-2022-49126 concerns the Linux kernel component scsi/mpi3mr. The issue is described as memory leaks in the operational reply queue’s memory segments that are not freed when unloading the driver. The entry states a fix for these leaks has been implemented. No exploitation details are provided i...

CVE-2022-49242

CVE-2022-49242 relates to the Linux kernel ASoC: mxs driver. The issue is a refcount leak in error paths within mxs_sgtl5000_probe caused by only calling of_node_put() in the regular path; if codec_np is NULL, saif_np[0] and saif_np[1] may remain non-NULL and leak. The root cause is improper rele...

CVE-2022-49271

CVE-2022-49271 affects the Linux kernel CIFS/SMB2 code. When smb2_ioctl_query_info() is called with flags=PASSTHRU_FSCTL and output_buffer_length=0, the kernel could copy a bad pointer (buffer) and end up dereferencing NULL, potentially leading to a NULL pointer dereference. The fix also ensures ...

CVE-2022-49352

CVE-2022-49352 relates to the Linux kernel ext4: fix warning in ext4_handle_inode_extension, where a write path can trigger inode size accounting inconsistencies under memory pressure. The issue describes an observed sequence where inode.i_size is 4096, but EXT4_I(inode)->i_disksize is set to ...

CVE-2022-49397

CVE-2022-49397 affects the Linux kernel, in the phy: qcom-qmp driver. The vulnerability is a leak of a struct clk (pipe clock reference) on probe errors, including late probe error/deferral paths. The advisory states the fix releases the held pipe clock reference on such errors, i.e., a proper cl...

CVE-2022-49484

CVE-2022-49484 is a Linux kernel issue related to the mt76/mt7915 MAC RX vector handling. The provided documents state a fix for a possible NULL pointer dereference in mt7915_mac_fill_rx_vector that could occur when the chip does not support dbdc and the hardware reports band_idx = 1. The fix is ...

CVE-2022-49517

CVE-2022-49517 corresponds to a Linux kernel ASoC issue in Mediatek platforms: mt2701_wm8960_machine_probe incorrectly increments a phandle refcount without balancing it, leading to a refcount leak. The fix is to call of_node_put() to drop the reference. Connected advisories (Astra Linux and Ness...

CVE-2022-49521

In CVE-2022-49521, the Linux kernel vulnerability affects the lpfc SCSI path: if lpfc_complete_unsol_iocb() cannot match the rctl of a received frame, the frame is dropped and resources are leaked. The fix returns resources when discarding an unhandled frame type and updates lpfc_fc_frame_check()...

CVE-2022-49525

CVE-2022-49525 relates to the Linux kernel: the media: cx25821 driver issue triggers a warning when removing the module (remove_proc_entry leaking cx25821 IRQ). The connected advisories confirm the root cause is not a_privately exploitable bug in userland but a resource management ordering proble...

CVE-2022-49529

CVE-2022-49529 affects the Linux kernel’s DRM/AMDGPU PM code. Root cause: during context release with software SMU disabled, pp_funcs may be uninitialized, causing a NULL pointer dereference and kernel panic (as shown by the amdgpu_dpm_force_performance_level trace). The vulnerability is resolved...

CVE-2022-49542

Summary: CVE-2022-49542 affects the Linux kernel SCSI lpfc path. The vulnerability arises in logging code: during an attempt to log a TRACE message, the code could take a hard lockup path due to an unsafe lock acquisition sequence. Root cause (as described): the cfg_log_verbose check was performe...

CVE-2022-49609

CVE-2022-49609 affects the Linux kernel component power/reset for the arm-versatile family. Root cause: of_find_matching_node_and_match() returns a node pointer with refcount incremented and was not balanced with of_node_put() when no longer needed, causing a refcount leak in versatile_reboot_pro...

CVE-2022-49635

CVE-2022-49635 affects the Linux kernel. The issue is in drm/i915/selftests, where a subtraction overflow can occur when hole_end is small, and addr + 2 * min_alignment can overflow in mock tests. A patch was applied (cherry picked from commit ab3edc679c552a466e4bf0b11af3666008bd65a2) to fix both...

CVE-2022-49871

CVE-2022-49871 concerns the Linux kernel net: tun subsystem memory leaks arising from napi_get_frags when GRO processing is not completed. The provided data shows that in certain paths (tun_get_user -> napi_gro_frags -> napi_frags_finish -> GRO_NORMAL) the napi->rx_list may remain pop...

CVE-2022-50022

CVE-2022-50022 is a Linux kernel vulnerability in the md driver (RAID5) that can cause a use-after-free. The issue arises because raid5_release_stripe(sh) drops a reference to sh, but sh is later dereferenced (sh->batch_head) in the same function. The patch fixes this by moving raid5_release_s...

CVE-2023-52646

CVE-2023-52646 concerns the Linux kernel. A null-deref can occur when mremap is invoked on an old aio mapping after a fork because mm->ioctx_table is NULL. The issue was introduced by the patch that made it possible to remap the aio ring and has been fixed by the accompanying commit (e4a0d3e72...

CVE-2023-52851

The CVE-2023-52851 entry concerns the Linux kernel, specifically the mlx5/IB stack. Affected component: mlx5 mkey cache initialization and related UMR/IB registration cleanup paths in mlx5_ib_stage_post_ib_reg_umr_init, mlx5r_umr_resource_cleanup, and __mlx5_ib_add. Root cause: in mlx5_mkey_cache...

CVE-2023-52989

CVE-2023-52989 relates to the Linux kernel FireWire subsystem. The issue was a use-after-free in the IEC 61883-1 FCP payload path when multiple user-space listeners read the payload, potentially releasing data too early. The fix duplicates the payload object in kernel space for each listener; the...

CVE-2023-53096

CVE-2023-53096 is a Linux kernel issue where the node interconnect link array is allocated when adding links to a node but not deallocated when nodes are destroyed, causing a memory leak. The vulnerability is resolved in the kernel code by fixing the leak during node destruction. Affected compone...

CVE-2023-53116

CVE-2023-53116 concerns the Linux kernel nvmet subsystem. An nvme target ->queue_response() implementation could free the request argument, creating a potential use-after-free when percpu_ref_put() is invoked in nvmet_req_complete(). The mitigation described in the advisory is to save the sq p...

CVE-2024-26731

CVE-2024-26731 affects the Linux kernel’s BPF sockmap path. The issue is a NULL pointer dereference in sk_psock_verdict_data_ready() that can occur when sk_psock_verdict_data_ready() and sk_psock_stop_verdict() run concurrently, leaving psock->saved_data_ready NULL. The fix calls the appropria...

CVE-2024-35996

Technical details for CVE-2024-35996 are not provided in the supplied documents. The description summarizes kernel-mitigation changes, but there are no explicit affected products, versions, impacts, or fixes. Monitor vendor advisories for updates.

CVE-2024-36024

Summary: CVE-2024-36024 affects the drm/amd/display path in the Linux kernel. It describes a race condition during the DMCUB handshake that can cause a hardware hang by touching INBOX1 RPTR. The documented mitigation is to disable idle reallow as part of command/gpint execution to create a necess...

CVE-2024-36887

CVE-2024-36887 affects the Linux kernel: the e1000e PHY mdic access code originally used usleep_range inside atomic contexts, causing potential kernel panics. A partial revert of a prior workaround reintroduced this by switching usleep_range calls to udelay. The fix is to revert to using usleep_r...

CVE-2024-36890

CVE-2024-36890 : In the Linux kernel, the slab allocator was fixed so that __free(kfree) now detects error pointers; previously, freeing an error pointer could crash the kernel (e.g., wm831x_gpio_dbg_show). The issue stems from not checking error pointers in the automatic cleanup path. The descri...

CVE-2024-38607

CVE-2024-38607 corresponds to a Linux kernel issue: the via-macii ADB driver called request_irq() after disabling hard interrupts, which was unnecessary because the VIA shift register interrupt was masked during VIA1 initialization. The vulnerability is tied to the macintosh/via-macii driver and ...

CVE-2024-39478

The CVE-2024-39478 vulnerability affects the Linux kernel crypto: starfive code path, where RSA text data uses a variable-length buffer allocated on the software stack. Calling kfree on that buffer can cause undefined behavior in subsequent operations, due to freeing a stack-allocated buffer. The...

CVE-2024-40938

CVE-2024-40938 affects the Linux kernel Landlock component, addressing a d_parent walk issue when linking a root mount point. The root cause was a WARN_ON_ONCE triggered by using the source directory’s d_parent even if the source is mounted, because the VFS check runs after security_path_link(). ...

CVE-2024-40944

CVE-2024-40944 affects the Linux kernel (x86/kexec). The vulnerability is a bug in call depth tracking where calling cc_platform_has() may fault if depth tracking is active because GS_BASE is reset to 0 by load_segments(). The mitigation described in the documentation is to invoke cc_platform_has...

CVE-2024-41045

CVE-2024-41045: Linux kernel vulnerability fixed in bpf_timer_cancel_and_free. The issue arises when canceling/ freeing timers embedded in BPF maps via bpf_map_update_elem, where timer cancellation uses hrtimer_cancel and could deadlock or cause use-after-free under RCUs. The patch suggests using...

CVE-2024-42260

CVE-2024-42260 - Linux kernel drm/v3d validation issue : The vulnerability occurred in the DRM/V3D path where userspace could pass unknown or invalid drm_syncobj handles in the performance extension. The description states that if an invalid handle appears anywhere in the handle array, the rest o...

CVE-2024-42303

The CVE-2024-42303 issue affects the Linux kernel media imx-pxp driver. The root cause is an ERR_PTR dereference in pxp_probe() when devm_regmap_init_mmio() can fail, due to a missing check and bail‑out path. The patch adds a null/error check and exits gracefully, preventing a dereference and pot...

CVE-2024-43887

The CVE-2024-43887 entry relates to the Linux kernel (net/tcp) TCP-AO static key handling. The vulnerability arises because the lifetime of the TCP-AO static_key is tied to the last tcp_ao_info, and, if an RCU grace period is delayed, a CPU may observe a tcp_ao_info that is about to be deallocate...

CVE-2024-44953

The CVE-2024-44953 entry documents a Linux kernel SCSI/UFS deadlock in RTC update handling triggered by runtime suspend waiting for RTC work flush, where the RTC work calls ufshcd_rpm_get_sync() to wait for runtime resume. The deadlock trace is provided, and the issue is stated to be resolved by ...

CVE-2024-44993

In CVE-2024-44993, the Linux kernel DRM v3d driver exposes an out-of-bounds read in v3d_csd_job_run() when UBSAN is enabled on Raspberry Pi 5. The UAPI supplies seven configuration registers, but the code reads an eighth element of a __u32 array, triggering a local read violation in v3d_csd_job_r...