CVE-2022-49120

CVE-2022-49120 pertains to the Linux kernel SCSI pm8001 path. The vulnerability is a task leak in pm8001_send_abort_all() where allocated SAS tasks may not be freed if pm8001_tag_alloc() or pm8001_mpi_build_cmd() fail. The fix ensures proper freeing of the SAS task in those failure paths. Public ...

CVE-2022-49125

CVE-2022-49125 affects the Linux kernel DRM sprd driver. The issue is a potential NULL dereference of the ‘drm’ pointer in sprd_drm_shutdown, with a warning log that could dereference it. The fix removes the dereference risk by adjusting the shutdown path and changes the warning handling from unc...

CVE-2022-49126

CVE-2022-49126 concerns the Linux kernel component scsi/mpi3mr. The issue is described as memory leaks in the operational reply queue’s memory segments that are not freed when unloading the driver. The entry states a fix for these leaks has been implemented. No exploitation details are provided i...

CVE-2022-49189

CVE-2022-49189 : In the Linux kernel (clk-rcg2, Qualcomm display pixel clock), final D calculation for the M/N ratio could fall outside the accepted range, causing underflow. The fix updates the D-value calculation to respect the valid range for given M and N, preventing underflow. Affected compo...

CVE-2022-49242

CVE-2022-49242 relates to the Linux kernel ASoC: mxs driver. The issue is a refcount leak in error paths within mxs_sgtl5000_probe caused by only calling of_node_put() in the regular path; if codec_np is NULL, saif_np[0] and saif_np[1] may remain non-NULL and leak. The root cause is improper rele...

CVE-2022-49271

CVE-2022-49271 affects the Linux kernel CIFS/SMB2 code. When smb2_ioctl_query_info() is called with flags=PASSTHRU_FSCTL and output_buffer_length=0, the kernel could copy a bad pointer (buffer) and end up dereferencing NULL, potentially leading to a NULL pointer dereference. The fix also ensures ...

CVE-2022-49352

CVE-2022-49352 relates to the Linux kernel ext4: fix warning in ext4_handle_inode_extension, where a write path can trigger inode size accounting inconsistencies under memory pressure. The issue describes an observed sequence where inode.i_size is 4096, but EXT4_I(inode)->i_disksize is set to ...

CVE-2022-49397

CVE-2022-49397 affects the Linux kernel, in the phy: qcom-qmp driver. The vulnerability is a leak of a struct clk (pipe clock reference) on probe errors, including late probe error/deferral paths. The advisory states the fix releases the held pipe clock reference on such errors, i.e., a proper cl...

CVE-2022-49484

CVE-2022-49484 is a Linux kernel issue related to the mt76/mt7915 MAC RX vector handling. The provided documents state a fix for a possible NULL pointer dereference in mt7915_mac_fill_rx_vector that could occur when the chip does not support dbdc and the hardware reports band_idx = 1. The fix is ...

CVE-2022-49517

CVE-2022-49517 corresponds to a Linux kernel ASoC issue in Mediatek platforms: mt2701_wm8960_machine_probe incorrectly increments a phandle refcount without balancing it, leading to a refcount leak. The fix is to call of_node_put() to drop the reference. Connected advisories (Astra Linux and Ness...

CVE-2022-49521

In CVE-2022-49521, the Linux kernel vulnerability affects the lpfc SCSI path: if lpfc_complete_unsol_iocb() cannot match the rctl of a received frame, the frame is dropped and resources are leaked. The fix returns resources when discarding an unhandled frame type and updates lpfc_fc_frame_check()...

CVE-2022-49525

CVE-2022-49525 relates to the Linux kernel: the media: cx25821 driver issue triggers a warning when removing the module (remove_proc_entry leaking cx25821 IRQ). The connected advisories confirm the root cause is not a_privately exploitable bug in userland but a resource management ordering proble...

CVE-2022-49542

Summary: CVE-2022-49542 affects the Linux kernel SCSI lpfc path. The vulnerability arises in logging code: during an attempt to log a TRACE message, the code could take a hard lockup path due to an unsafe lock acquisition sequence. Root cause (as described): the cfg_log_verbose check was performe...

CVE-2022-49609

CVE-2022-49609 affects the Linux kernel component power/reset for the arm-versatile family. Root cause: of_find_matching_node_and_match() returns a node pointer with refcount incremented and was not balanced with of_node_put() when no longer needed, causing a refcount leak in versatile_reboot_pro...

CVE-2022-49635

CVE-2022-49635 affects the Linux kernel. The issue is in drm/i915/selftests, where a subtraction overflow can occur when hole_end is small, and addr + 2 * min_alignment can overflow in mock tests. A patch was applied (cherry picked from commit ab3edc679c552a466e4bf0b11af3666008bd65a2) to fix both...

CVE-2022-49685

CVE-2022-49685 affects the Linux kernel in the iio: trigger: sysfs path, where a use-after-free occurs in irq_work_run_list when removing a trigger. The advisory states the fix is to ensure that irq_work has completed before the trigger is freed, mitigating a use-after-free in the kernel’s IIO sy...

CVE-2022-49871

CVE-2022-49871 concerns the Linux kernel net: tun subsystem memory leaks arising from napi_get_frags when GRO processing is not completed. The provided data shows that in certain paths (tun_get_user -> napi_gro_frags -> napi_frags_finish -> GRO_NORMAL) the napi->rx_list may remain pop...

CVE-2022-50022

CVE-2022-50022 is a Linux kernel vulnerability in the md driver (RAID5) that can cause a use-after-free. The issue arises because raid5_release_stripe(sh) drops a reference to sh, but sh is later dereferenced (sh->batch_head) in the same function. The patch fixes this by moving raid5_release_s...

CVE-2022-50068

CVE-2022-50068 affects the Linux kernel DRM TTM path (drm/ttm). The issue is a null pointer dereference in ttm_bo_validate during and after bo initialization, triggered by inspecting a NULL bo->resource in mem_type handling, potentially causing a kernel crash (general protection fault) and a l...

CVE-2023-52646

CVE-2023-52646 concerns the Linux kernel. A null-deref can occur when mremap is invoked on an old aio mapping after a fork because mm->ioctx_table is NULL. The issue was introduced by the patch that made it possible to remap the aio ring and has been fixed by the accompanying commit (e4a0d3e72...

CVE-2023-52989

CVE-2023-52989 relates to the Linux kernel FireWire subsystem. The issue was a use-after-free in the IEC 61883-1 FCP payload path when multiple user-space listeners read the payload, potentially releasing data too early. The fix duplicates the payload object in kernel space for each listener; the...

CVE-2023-53096

CVE-2023-53096 is a Linux kernel issue where the node interconnect link array is allocated when adding links to a node but not deallocated when nodes are destroyed, causing a memory leak. The vulnerability is resolved in the kernel code by fixing the leak during node destruction. Affected compone...

CVE-2023-53116

CVE-2023-53116 concerns the Linux kernel nvmet subsystem. An nvme target ->queue_response() implementation could free the request argument, creating a potential use-after-free when percpu_ref_put() is invoked in nvmet_req_complete(). The mitigation described in the advisory is to save the sq p...

CVE-2024-26731

CVE-2024-26731 affects the Linux kernel’s BPF sockmap path. The issue is a NULL pointer dereference in sk_psock_verdict_data_ready() that can occur when sk_psock_verdict_data_ready() and sk_psock_stop_verdict() run concurrently, leaving psock->saved_data_ready NULL. The fix calls the appropria...

CVE-2024-35883

CVE-2024-35883 affects the Linux kernel's PCI SPI driver for mchp-pci1xxx. The issue is a potential null pointer dereference in pci1xxx_spi_probe caused by a failed devm_kzalloc, leading to dereferencing a null when spi_int/iter is accessed. Mitigation in the cited fix is to check spi_bus->spi...

CVE-2024-35996

Technical details for CVE-2024-35996 are not provided in the supplied documents. The description summarizes kernel-mitigation changes, but there are no explicit affected products, versions, impacts, or fixes. Monitor vendor advisories for updates.

CVE-2024-36023

CVE-2024-36023 is a Linux kernel vulnerability involving a null pointer dereference. The alteration was reported by Julia Lawall and has been resolved in the kernel code base, as reflected by the linked advisories and the CVSS vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) with a base score of 5.5 ...

CVE-2024-36024

Summary: CVE-2024-36024 affects the drm/amd/display path in the Linux kernel. It describes a race condition during the DMCUB handshake that can cause a hardware hang by touching INBOX1 RPTR. The documented mitigation is to disable idle reallow as part of command/gpint execution to create a necess...

CVE-2024-36887

CVE-2024-36887 affects the Linux kernel: the e1000e PHY mdic access code originally used usleep_range inside atomic contexts, causing potential kernel panics. A partial revert of a prior workaround reintroduced this by switching usleep_range calls to udelay. The fix is to revert to using usleep_r...

CVE-2024-36890

CVE-2024-36890 : In the Linux kernel, the slab allocator was fixed so that __free(kfree) now detects error pointers; previously, freeing an error pointer could crash the kernel (e.g., wm831x_gpio_dbg_show). The issue stems from not checking error pointers in the automatic cleanup path. The descri...

CVE-2024-38607

CVE-2024-38607 corresponds to a Linux kernel issue: the via-macii ADB driver called request_irq() after disabling hard interrupts, which was unnecessary because the VIA shift register interrupt was masked during VIA1 initialization. The vulnerability is tied to the macintosh/via-macii driver and ...

CVE-2024-39478

The CVE-2024-39478 vulnerability affects the Linux kernel crypto: starfive code path, where RSA text data uses a variable-length buffer allocated on the software stack. Calling kfree on that buffer can cause undefined behavior in subsequent operations, due to freeing a stack-allocated buffer. The...

CVE-2024-40938

CVE-2024-40938 affects the Linux kernel Landlock component, addressing a d_parent walk issue when linking a root mount point. The root cause was a WARN_ON_ONCE triggered by using the source directory’s d_parent even if the source is mounted, because the VFS check runs after security_path_link(). ...

CVE-2024-41045

CVE-2024-41045: Linux kernel vulnerability fixed in bpf_timer_cancel_and_free. The issue arises when canceling/ freeing timers embedded in BPF maps via bpf_map_update_elem, where timer cancellation uses hrtimer_cancel and could deadlock or cause use-after-free under RCUs. The patch suggests using...

CVE-2024-42260

CVE-2024-42260 - Linux kernel drm/v3d validation issue : The vulnerability occurred in the DRM/V3D path where userspace could pass unknown or invalid drm_syncobj handles in the performance extension. The description states that if an invalid handle appears anywhere in the handle array, the rest o...

CVE-2024-44953

The CVE-2024-44953 entry documents a Linux kernel SCSI/UFS deadlock in RTC update handling triggered by runtime suspend waiting for RTC work flush, where the RTC work calls ufshcd_rpm_get_sync() to wait for runtime resume. The deadlock trace is provided, and the issue is stated to be resolved by ...

CVE-2024-44993

In CVE-2024-44993, the Linux kernel DRM v3d driver exposes an out-of-bounds read in v3d_csd_job_run() when UBSAN is enabled on Raspberry Pi 5. The UAPI supplies seven configuration registers, but the code reads an eighth element of a __u32 array, triggering a local read violation in v3d_csd_job_r...

CVE-2024-46708

CVE-2024-46708 corresponds to a Linux kernel issue in the pinctrl/qcom subsystem (x1e80100) where an erroneous 0x100000 offset caused boards to crash when pin state changes were applied. The vulnerability was resolved by removing that incorrect offset, enabling intended state changes to take effe...

CVE-2024-49872

The CVE-2024-49872 issue affects the Linux kernel in mm/gup where memfd_pin_folios can race when creating a hugetlb folio and another actor has already done so, leading to a -EEXIST and a panicking folio_put call if the same folio is used in the next loop iteration. The patch fixes the race by cl...

CVE-2024-50173

Technical details about CVE-2024-50173 are not publicly provided in the supplied documents. The advisories reference the issue but do not disclose exact affected products/versions, root cause, impact specifics, or fixes. Monitor for updates.

CVE-2025-21903

CVE-2025-21903 affects the Linux kernel’s MCTP over I3C header handling: daddr may be NULL when no neighbour table entry exists, in which case the TX packet should be dropped; saddr may also be NULL if transmitted by a different protocol. The issue is escalated as a local vector with a Medium bas...

CVE-2025-21911

CVE-2025-21911 concerns the Linux kernel DRM/imagination path where fence release could deadlock due to in-function fence release processing. The fix moves scheduler queue fence release processing to a workqueue, avoiding recursive locking (illustrated by a deadlock involving reservation_ww_class...

CVE-2025-21973

CVE-2025-21973 affects the bnxt Ethernet driver (bnxt_get_queue_stats_rx/tx) in the Linux kernel. If an interface is down, qstats-get may access cp_ring/tx_ring without null checks, causing a NULL pointer dereference and kernel panic. Reproducer steps are provided in the description. The issue ha...

CVE-2025-21977

CVE-2025-21977 : Linux kernel hyperv_fb vulnerability affecting Gen2 Hyper‑V VMs. When the kdump kernel loads, efifb may hang due to the Hyper‑V framebuffer being moved to a new MMIO address and the kdump screen_info using the original address. Root cause: framebuffer relocation is not reset for ...

CVE-2025-22024

CVE-2025-22024 : Linux kernel nfsd has a vulnerability in managing listener transports. When no threads are active, a root user using nfsdctl can remove a listener from the old list and then start more threads, which may lead to a refcount bug (use-after-free) in svc_recv/nfsd. The fix changes th...

CVE-2025-22031

CVE-2025-22031 affects the Linux kernel PCI/bwctrl subsystem. Root cause: when bus numbers are exhausted during PCI device enumeration, subordinate becomes NULL, and the bandwidth controller dereferences it during probe. This leads to a NULL pointer dereference and silent erroring of bandwidth co...

CVE-2025-22076

CVE-2025-22076 is a Linux kernel vulnerability in exfat handling. The root cause is missing shutdown checks in several I/O paths: read_iter, and later write_iter, splice_read, and mmap. This allowed a device deletion to leave dirty data readable, per the description. The fix adds shutdown checks ...

CVE-2025-37759

The CVE-2025-37759 issue affects the Linux kernel’s ublk driver. The root cause is that the change in the ublk_abort_queue path did not grab a request reference during recovery reissues, allowing a zc (zero-copy) request to be requeued and re-dispatched and potentially freed before io_uring could...

CVE-2025-37807

CVE-2025-37807 is a Linux kernel issue in the BPF percpu hashmap path where a percpu pointer is stored at an 8-byte aligned location only if the key_size rounds up to 8; otherwise a 4-byte aligned location is used, causing kmemleak to miss the pointer and report a leak. The root cause is an align...

CVE-2025-37828

CVE-2025-37828 affects the Linux kernel in the SCSI/UFS MCQ path. A race between MCQ completion and the abort handler can lead to dereferencing a NULL hwq pointer after __blk_mq_free_request() sets rq->mq_hctx to NULL. The fix adds a NULL check on the returned hwq in ufshcd_mcq_abort(); if hwq...