14430 matches found
CVE-2021-47335
CVE-2021-47335 (Linux kernel, f2fs) : A race on the global fsync_entry_slab across multi filesystem instances caused a use-after-free in the slab cache during f2fs recovery. The root cause is concurrent access to the slab pointer when multiple f2fs mounts exist, leading to a use-after-free during...
CVE-2014-7843
The CVE-2014-7843 entry affects the Linux kernel on ARM64 and is caused by the __clear_user function in arch/arm64/lib/clear_user.S. It allows local attackers to trigger a denial of service (system crash) by reading one byte beyond a /dev/zero page boundary in kernels prior to 3.17.4. Public refe...
CVE-2016-10723
CVE-2016-10723 affects the Linux kernel up to version 4.17.2. The issue is in the page allocator: it does not yield CPU resources to the owner of the oom_lock mutex, allowing a local unprivileged user to trap the system in a busy loop by wasting CPU time during oom-killer invocation. The root cau...
CVE-2017-18261
CVE-2017-18261 : The issue is in the Linux kernel, specifically the arch_timer_reg_read_stable macro in arch/arm64/include/asm/arch_timer.h, with versions before 4.13. It allows a local user to trigger a denial of service (infinite recursion) by writing to a file under /sys/kernel/debug in certai...
CVE-2018-14615
CVE-2018-14615 concerns a buffer overflow in the Linux kernel up to version 4.17.10, triggered in truncate_inline_inode() within fs/f2fs/inline.c when unmounting an f2fs image because a length value may be negative. The connected Nessus entries repeat the same description and tie the issue to the...
CVE-2021-47116
CVE-2021-47116 concerns the Linux kernel ext4 memory leak. According to the primary description, the vulnerability is triggered when memory leaks on the error path of ext4_mb_init_backend, occurring if a filesystem is corrupted with an illegally large s_log_groups_per_flex. The issue is resolved ...
CVE-2021-47134
CVE-2021-47134 affects the Linux kernel boot path: if no valid FDT is found, setup_arch() calls efi_init()->efi_get_fdt_params() and initial_boot_params becomes NULL, causing a panic. The patch fixes this by stopping further FDT processing when no valid FDT is found (observed on riscv). Remedi...
CVE-2021-47183
CVE-2021-47183 affects the Linux kernel’s SCSI lpfc driver where a link-down transition with outstanding ABTS/ELS requests could trigger a NULL pointer dereference and, in some cases, driver unload hangs. The fix adds a flag to Abort handling to prevent link-traffic during failure conditions, avo...
CVE-2021-47188
CVE-2021-47188 affects the Linux kernel SCSI UFS core abort handling. A warning is produced (WARN_ON(lrbp->cmd)) in ufshcd_queuecommand during abort processing, as shown in the test trace. The fix removes the spurious cmd reference by clearing lrbp->cmd in the abort handler. The associated ...
CVE-2021-47249
CVE-2021-47249 concerns a memory-leak in the Linux kernel’s net: rds path, fixed by correcting refcount handling in rds_recvmsg. The issue occurred when an error happened in rds_cmsg_recv(): after a successful rds_next_incoming(rs, &inc) the code would increment inc’s refcount, but on failure to ...
CVE-2021-47382
The CVE-2021-47382 entry concerns the Linux kernel component s390/qeth. Root cause: a deadlock risk in qeth_do_reset() where discipline_mutex could be held on an error path, preserving the original deadlock potential when a qeth channel path is offline. The vulnerability arises from a race betwee...
CVE-2021-47436
CVE-2021-47436 – Linux kernel USB Musb DSPS probe error path fix . The connected Astra/Unity advisories confirm a root cause in the Musb DSPS driver where dsps_setup_optional_vbus_irq() and dsps_create_musb_pdev() were inverted in the error path, leaving a platform device registered but not unreg...
CVE-2021-47474
CVE-2021-47474 affects the Linux kernel driver family for comedi vmk80xx. The vulnerability arises from the driver using endpoint-sized buffers while assuming tx and rx buffers are equal size; a malicious device could overflow the slab-allocated receive buffer during bulk transfers. The issue is ...
CVE-2021-47475
CVE-2021-47475 is a Linux kernel vulnerability in the comedi vmk80xx USB driver. The issue arises from transfer-buffer size checks: buffers were endpoint-sized and lacked validation, enabling overflows when a malicious device with larger max-packet sizes or unexpected accesses could write past th...
CVE-2021-47482
CVE-2021-47482 concerns a Linux kernel issue in the batman-adv code path. The root cause was incorrect error handling in batadv_mesh_init(), which could trigger a free when some batadv_init() failed and risk operating on uninitialized fields. Syzbot observed an ODEBUG warning in batadv_nc_mesh_fr...
CVE-2021-47486
CVE-2021-47486 affects the Linux kernel’s RISC-V BPF JIT: when NR_JIT_ITERATIONS is reached and jit_data->header is NULL, bpf_jit_binary_free() dereferences a NULL and can crash. The fix is a NULL-argument check before calling bpf_jit_binary_free(), per the provided description. Public details...
CVE-2021-47583
CVE-2021-47583 affects the Linux kernel’s media/mxl111sf driver. Syzbot reported an uninitialized mutex in mxl111sf_ctrl_msg() due to the previous mutex_init(&state->msg_lock) being called too late. The order of dvb_usbv2_init() calls meant mxl111sf_ctrl_msg() could run from frontend_attach be...
CVE-2021-47597
CVE-2021-47597 affects the Linux kernel inet_diag path handling UDP sockets. The root cause is that UDP paths did not initialize r->idiag_expires in inet_sk_diag_fill(), enabling kernel-infoleak reports observed by KMSAN. The provided connected advisories describe a chain of in-kernel data flo...
CVE-2021-47620
CVE-2021-47620 — Linux kernel Bluetooth vulnerability : The issue occurs in the Bluetooth adv data handling where an out-of-bounds read could occur after advancing the ptr in a loop. The patch prevents the check from being performed after ptr advances by moving the bounds check to the beginning o...
CVE-2021-47637
CVE-2021-47637: In the Linux kernel ubifs deadlock during concurrent rename whiteout and inode writeback. Root cause is a deadlock between the ui_mutex held during ubifs_write_inode/lock and the whiteout budget path, causing hung tasks in writeback and rename code (rename_whiteout → ubifs_rename ...
CVE-2021-47642
CVE-2021-47642: in the Linux kernel’s video fbdev/nvidiafb path, a fixed-size buffer overrun could occur by copying a channel name with strcpy into chan->adapter.name. The defect arises from copying into a 48-char buffer without length checks; fix is to use strscpy() to prevent overflows. The ...
CVE-2022-20107
CVE-2022-20107 affects the subtitle service and is caused by an integer overflow that can crash the application, enabling local denial of service with SYSTEM privileges. The vulnerability is exploitable locally (attack vector: LOCAL, attack complexity: LOW) and does not require user interaction. ...
CVE-2022-47942
CVE-2022-47942 affects ksmbd in Linux kernels 5.15–5.19 before 5.19.2. The issue is a heap-based buffer overflow in set_ntacl_dacl triggered by use of SMB2_QUERY_INFO_HE after a malformed SMB2_SET_INFO_HE, potentially exposing memory corruption paths. Public references confirm the vulnerability a...
CVE-2022-48665
CVE-2022-48665 affects the Linux kernel exfat driver/file-system handling where an int-based sector index can overflow on large-capacity partitions (e.g., >2TB with 512-byte sectors). The issue is resolved in the Linux kernel (exfat: fix overflow for large capacity partition). Connected source...
CVE-2022-48694
CVE-2022-48694 concerns the Linux kernel RDMA/irdma component. The root cause was that SW-generated completions for outstanding WRs posted on a Send Queue (SQ) could be targeted to the wrong Completion Queue (CQ) after a QP enters an error state, causing ib_drain_sq to hang without a completion. ...
CVE-2022-48708
The CVE-2022-48708 issue affects the Linux kernel’s pinctrl/pinmux subsystem. A NULL dereference could occur because pinmux_generic_get_function() could return NULL and the code dereferenced the function pointer without a NULL check, in pcs_set_mux(). The vulnerability was addressed by adding a N...
CVE-2022-48710
CVE-2022-48710 concerns the Linux kernel Radeon driver. Inradeon_fp_native_mode() , the code assigns the return ofdrm_mode_duplicate() to a mode pointer and may dereference a NULL on failure. The issue is resolved by adding a NULL-pointer check to avoid NP: when drm_mode_duplicate() fails, and th...
CVE-2022-48805
CVE-2022-48805 affects the Linux kernel USB driver net: usb: ax88179_178a, specifically the rx_fixup path (ax88179_rx_fixup()). The issue is multiple out-of-bounds accesses in RX fixup that can be triggered by a malicious or defective USB device. Reported problems include: (1) an out-of-bounds me...
CVE-2022-48824
CVE-2022-48824 : In the Linux kernel, the scsi myrs driver can crash during error handling. If privdata->hw_init() fails non‑zero, myrs_detect() leaves cs->disable_intr as NULL and myrs_cleanup() dereferences a NULL pointer, causing a kernel crash with a NULL pointer dereference. The issue ...
CVE-2022-48852
The CVE (CVE-2022-48852) affects the Linux kernel DRM/VC4 HDMI driver. The issue arises because the HDMI codec device is registered on bind but not unregistered on unbind, causing a device leak. Root cause: unbind path does not unregister the HDMI codec device, leaving orphaned device state. The ...
CVE-2022-48957
Summary: CVE-2022-48957 is a Linux kernel issue in the dpaa2-switch component where a memory leak can occur because cmd_buff is not freed on error in dpaa2_switch_acl_entry_add() and dpaa2_switch_acl_entry_remove(). The connected documents confirm the root cause and that a fix was applied, e.g., ...
CVE-2022-48959
CVE-2022-48959 affects the Linux kernel net: dsa: sja1105 code path. The root cause is a memory leak when dsa_devlink_region_create fails in sja1105_setup_devlink_regions(), where priv->regions is not released. The vulnerability resolution is a fix in the kernel that releases the leaked memory...
CVE-2022-49019
Converging sources confirm CVE-2022-49019 affects the Linux kernel nixge Ethernet driver. The issue is a NULL dereference in nixge_hw_dma_bd_release() when priv->rx_bd_v is invalid due to a prior allocation failure in nixge_hw_dma_bd_init(). A fix exists that moves the for() loop dereferencing...
CVE-2022-49024
CVE-2022-49024 affects the Linux kernel CAN subsystem (m_can PCI). The patch fixes a memleak by calling m_can_class_free_dev() in the remove path and error handling of the probe path, freeing resources allocated by m_can_class_allocate_dev() . Connected advisories (MiracleLinux/RLSA/RHEL/ALSA OSS...
CVE-2022-49112
CVE-2022-49112 is a Linux kernel issue described in the provided docs as a fix for a monitor-mode crash involving the mt76/mt7921s stack. The problem arises when a CTS packet in monitor mode could cause improper skb handling due to only the first RXD buffer being linear; pulling RXD-size+6 bytes ...
CVE-2022-49126
CVE-2022-49126 concerns the Linux kernel component scsi/mpi3mr. The issue is described as memory leaks in the operational reply queue’s memory segments that are not freed when unloading the driver. The entry states a fix for these leaks has been implemented. No exploitation details are provided i...
CVE-2022-49128
The CVE concerns the Linux kernel DRM bridge PM runtime: calling pm_runtime_get_sync() could increment the runtime PM counter even on error, risking a refcount leak. The provided fix replaces this API with pm_runtime_resume_and_get() (which does not change the runtime PM counter on error) and add...
CVE-2022-49224
CVE-2022-49224 affects the Linux kernel in the power: supply: ab8500 module, where a memory leak can occur because kobject_init_and_add() may fail and memory is not released. The fix is to call kobject_put() on error to properly clean up, as documented in the vulnerability description. The issue ...
CVE-2022-49271
CVE-2022-49271 affects the Linux kernel CIFS/SMB2 code. When smb2_ioctl_query_info() is called with flags=PASSTHRU_FSCTL and output_buffer_length=0, the kernel could copy a bad pointer (buffer) and end up dereferencing NULL, potentially leading to a NULL pointer dereference. The fix also ensures ...
CVE-2022-49315
CVE-2022-49315 concerns a deadlock in the Linux kernel, specifically in the staging driver rtl8192e (rtllib_beacons_stop). The issue arises when rtllib_beacons_stop() holds ieee->beacon_lock while calling del_timer_sync(), while the timer handler (rtllib_send_beacon_cb) needs the same lock, ca...
CVE-2022-49341
The CVE-2022-49341 entry concerns the Linux kernel vulnerability where bpf, arm64 paths could reveal kernel memory via copy_to_user() in bpf_prog_get_info_by_fd() due to incorrect handling of prog->jited_len. The issue arises when prog->jited_len is set (e.g., to 43) but prog->bpf_func i...
CVE-2022-49397
CVE-2022-49397 affects the Linux kernel, in the phy: qcom-qmp driver. The vulnerability is a leak of a struct clk (pipe clock reference) on probe errors, including late probe error/deferral paths. The advisory states the fix releases the held pipe clock reference on such errors, i.e., a proper cl...
CVE-2022-49521
In CVE-2022-49521, the Linux kernel vulnerability affects the lpfc SCSI path: if lpfc_complete_unsol_iocb() cannot match the rctl of a received frame, the frame is dropped and resources are leaked. The fix returns resources when discarding an unhandled frame type and updates lpfc_fc_frame_check()...
CVE-2022-49529
CVE-2022-49529 affects the Linux kernel’s DRM/AMDGPU PM code. Root cause: during context release with software SMU disabled, pp_funcs may be uninitialized, causing a NULL pointer dereference and kernel panic (as shown by the amdgpu_dpm_force_performance_level trace). The vulnerability is resolved...
CVE-2022-49619
CVE-2022-49619 affects the Linux kernel net/sfp path. The vulnerability stems from sfp_probe() allocating memory via sfp_alloc() and not freeing it when devm_add_action() fails, causing a memory leak. The connected Astra/Tencent/Tenable entries confirm the fix is to replace devm_add_action() with...
CVE-2022-49627
CVE-2022-49627 targets the Linux kernel’s Integrity Measurement Architecture (IMA). The advisory notes a memory leak possibility in ima_init_crypto() if SHA1 tfm allocation fails, where the ima_algo_array may not be freed. The documented fix adds the missing kfree() for ima_algo_array to prevent ...
CVE-2022-49635
CVE-2022-49635 affects the Linux kernel. The issue is in drm/i915/selftests, where a subtraction overflow can occur when hole_end is small, and addr + 2 * min_alignment can overflow in mock tests. A patch was applied (cherry picked from commit ab3edc679c552a466e4bf0b11af3666008bd65a2) to fix both...
CVE-2022-49649
CVE-2022-49649 affects the Linux kernel under xen_netback, where xenvif_rx_next_skb() can be called with an empty RX queue during repeated iterations in xenvif_rx_action(), risking a kernel NULL pointer dereference. The provided crash trace centers on xenvif_rx_skb() and the related netback loop....
CVE-2022-49668
The CVE-2022-49668 entry corresponds to a Linux kernel issue where refcount leaks occur in the devfreq helper path: of_get_child_by_name() returns a node with an incremented refcount, and of_node_put() was missing in error paths. The fix adds the missing of_node_put() calls to prevent a refcount ...
CVE-2022-49770
CVE-2022-49770 is a Linux kernel vulnerability affecting the ceph component where, if the decoding of snaps fails, the first_realm and realm may reference the same snaprealm memory. This can cause the same memory to be released twice, leading to use-after-free or related instability (BUG_ON). The...