CVE-2012-2100

The CVE-2012-2100 issue affects the Linux kernel before 3.2.2, on x86 (and unspecified other) platforms, via the ext4_fill_flex_info function in fs/ext4/super.c. It allows user-assisted remote attackers to trigger inconsistent filesystem-groups data and potentially cause a denial of service throu...

CVE-2012-2383

CVE-2012-2383 affects the Linux kernel DRM/i915 component: an integer overflow in i915_gem_execbuffer2() within drivers/gpu/drm/i915/i915_gem_execbuffer.c. On 32-bit platforms and prior to kernel 3.3.5, this allows a local user to trigger an out-of-bounds write via a crafted ioctl, leading to a p...

CVE-2012-6544

CVE-2012-6544 affects the Linux kernel Bluetooth stack prior to 3.6. The issue arises from improper initialization of certain structures in the L2CAP/HCI paths, enabling a local attacker to read sensitive data from kernel stack memory via a crafted application. MiracleLinux AXSA-2014-258 (kernel-...

CVE-2013-2895

CVE-2013-2895 affects the Linux kernel HID Logitech DJ driver (drivers/hid/hid-logitech-dj.c) up to version 3.11 when CONFIG_HID_LOGITECH_DJ is enabled. The vulnerability allows physically proximate attackers to cause a denial of service via a NULL pointer dereference and OOPS, or to read sensiti...

CVE-2013-4270

CVE-2013-4270 affects the Linux kernel: the net_ctl_permissions function in net/sysctl_net.c may misdetermine uid/gid, allowing a local user to bypass /proc/sys/net restrictions. Affected: kernels before 3.11.5 (reported in EulerOS advisories and Nessus/OpenVAS listings). Impact is local privileg...

CVE-2014-1444

Technical details beyond the Initial Description are not publicly provided in the connected documents. Monitor for updates from upstream advisories to confirm affected products, versions, and fixes.

CVE-2014-2673

CVE-2014-2673 : Linux kernel TM implementation on PowerPC has a flaw in arch_dup_task_struct interacting with clone/fork. In kernels before 3.13.7, this can allow a local user to trigger a denial of service (Program Check and system crash) by executing instructions while the processor is in Trans...

CVE-2015-9004

CVE-2015-9004 affects the Linux kernel up to version 3.18 (pre-3.19). The flaw is in kernel/events/core.c where improper handling of counter grouping enables local privilege escalation via crafted apps, involving perf_pmu_register and perf_event_open. The impact is local Privilege Escalation with...

CVE-2019-18680

Mode C: Affected software is Linux kernel 4.4.x (before 4.4.195). The vulnerability is a NULL pointer dereference in rds_tcp_kill_sock() inside net/rds/tcp.c, which leads to denial of service. Mitigation/workaround: apply the patch from Linux stable 4.4.195 (ChangeLog-4.4.195) or update to a fixe...

CVE-2021-47134

CVE-2021-47134 affects the Linux kernel boot path: if no valid FDT is found, setup_arch() calls efi_init()->efi_get_fdt_params() and initial_boot_params becomes NULL, causing a panic. The patch fixes this by stopping further FDT processing when no valid FDT is found (observed on riscv). Remedi...

CVE-2021-47188

CVE-2021-47188 affects the Linux kernel SCSI UFS core abort handling. A warning is produced (WARN_ON(lrbp->cmd)) in ufshcd_queuecommand during abort processing, as shown in the test trace. The fix removes the spurious cmd reference by clearing lrbp->cmd in the abort handler. The associated ...

CVE-2021-47217

The CVE-2021-47217 issue is in the Linux kernel's x86/hyperv code: a NULL dereference in set_hv_tscchange_cb() if Hyper-V setup fails. The vulnerability occurs when hv_vp_index is dereferenced without validating its array, causing a kernel NULL pointer dereference and potentially disabling Hyper-...

CVE-2021-47275

CVE-2021-47275 concerns the Linux kernel w.r.t. the bcache cache-miss path. In cached_dev_cache_miss(), the calculation of the read size for missing cache data can overflow the 16-bit size field embedded in the bkey (via the sectors value), causing oversized inserts into the internal B+ tree. Thi...

CVE-2021-47368

CVE-2021-47368 concerns a Linux kernel vulnerability in enetc where irq_set_affinity_hit() stores a cpumask_t reference in an irq descriptor, referencing memory on the stack. This leads to illegal accesses when the affinity_hint is read via procfs, potentially causing paging oops. The issue is mi...

CVE-2021-47388

In the Linux kernel, CVE-2021-47388 affects mac80211 within CCMP/GCMP RX, where PN checking for fragmentation could use a stale hdr reference after a potential reallocation, leading to a use-after-free. The fix reloads the PN/hdr after the reallocating code path to ensure the PN is checked agains...

CVE-2021-47395

CVE-2021-47395 : Linux kernel/mac80211 vulnerability where the rate limiting for injected VHT MCS/NSS in ieee80211_parse_tx_radiotap was tightened to fix a syzkaller warning. Affected component: mac80211 (ieee80211_parse_tx_radiotap, ieee80211_rate_set_vht). Reported impact in the public docs is ...

CVE-2021-47409

CVE-2021-47409 concerns a Linux kernel vulnerability in the USB: dwc2 subsystem where a NULL return from platform_get_resource() could lead to a NULL pointer dereference. The issue is triggered when the return value is not checked, as described in the CVE entry and echoed in connected advisories ...

CVE-2021-47486

CVE-2021-47486 affects the Linux kernel’s RISC-V BPF JIT: when NR_JIT_ITERATIONS is reached and jit_data->header is NULL, bpf_jit_binary_free() dereferences a NULL and can crash. The fix is a NULL-argument check before calling bpf_jit_binary_free(), per the provided description. Public details...

CVE-2021-47493

CVE-2021-47493 is a Linux kernel issue affecting ocfs2 where a race between searching chunks and releasing journal_head from a buffer_head can lead to a page fault or panic. The root cause is a race between ocfs2_test_bg_bit_allocatable() and jbd2_journal_put_journal_head(), with bg_bh->b_priv...

CVE-2021-47542

CVE-2021-47542 affects the Linux kernel’s qlcnic logic for certain 83xx devices. In function qlcnic_83xx_add_rings() , the indirect call through ahw->hw_ops->alloc_mbx_args() can return NULL on allocation failure, and the code could dereference this NULL pointer. The patch adds a guard to v...

CVE-2021-47552

CVE-2021-47552 – Linux kernel : The vulnerability stems from blk-mq dispatch cancellation logic. Previously, blk_mq_quiesce_queue() was not invoked in blk_cleanup_queue(), delaying cancellation to disk_release(), which allowed a race where a scsi_device could be freed before blk_release_queue() r...

CVE-2021-47558

The CVE-2021-47558 issue affects Linux kernel’s net:stmmac driver. The bug occurred because Tx queues were not disabled when stopping an interface to apply new configuration, potentially causing a kernel panic during: (1) reconfiguring queue numbers (ethtool -L), (2) resizing ring buffers (ethtoo...

CVE-2021-47565

The CVE-2021-47565 issue is in the Linux kernel, specifically the scsi: mpt3sas path. The root cause is a race/NULL-check problem when iterating over a host (shost) sdev list: a drive may be removed and its sas_target object freed while its sdev remains, allowing code to access sas_target->sas...

CVE-2021-47587

CVE-2021-47587 concerns Linux kernel net: systemport descriptor lifecycle. The vulnerability arises from a shared descriptor list across multiple TX queues where the existing per-queue locking fails to serialize writes to WRITE_PORT_{HI,LO}, allowing concurrent producers to corrupt descriptors. C...

CVE-2021-47619

CVE-2021-47619 concerns the i40e Linux kernel XDP path. A PF queue pile fragmentation caused by placing a flow director VSI immediately after the main VSI could prevent the main VSI from resizing its queue allocation when XDP is enabled on systems with many CPUs and an X722 NIC, leading to a NULL...

CVE-2021-47638

CVE-2021-47638 affects the Linux kernel ubifs implementation. The issue is a double-free of whiteout_ui->data during the rename_whiteout path, caused by freeing whiteout_ui->data and then freeing ui->data in ubifs_free_inode via ubifs_rename/do_rename flow. KASAN reports double-free; the...

CVE-2022-1943

CVE-2022-1943 describes an out-of-bounds memory write in the Linux kernel UDF file system, triggered by user-initiated file operations that invoke udf_write_fi(). The flaw could allow a local attacker to crash the system (and, per connected advisories, is associated with Ubuntu and other mappings...

CVE-2022-47942

CVE-2022-47942 affects ksmbd in Linux kernels 5.15–5.19 before 5.19.2. The issue is a heap-based buffer overflow in set_ntacl_dacl triggered by use of SMB2_QUERY_INFO_HE after a malformed SMB2_SET_INFO_HE, potentially exposing memory corruption paths. Public references confirm the vulnerability a...

CVE-2022-48739

CVE-2022-48739 affects the Linux kernel ASoC hdmi-codec subsystem. The vulnerability arises from out-of-bounds memory accesses during memcpy(), caused by an incorrect size for the iec_status array. The fix aligns the size of iec_status with the status array of struct snd_aes_iec958, eliminating t...

CVE-2022-48805

CVE-2022-48805 affects the Linux kernel USB driver net: usb: ax88179_178a, specifically the rx_fixup path (ax88179_rx_fixup()). The issue is multiple out-of-bounds accesses in RX fixup that can be triggered by a malicious or defective USB device. Reported problems include: (1) an out-of-bounds me...

CVE-2022-48824

CVE-2022-48824 : In the Linux kernel, the scsi myrs driver can crash during error handling. If privdata->hw_init() fails non‑zero, myrs_detect() leaves cs->disable_intr as NULL and myrs_cleanup() dereferences a NULL pointer, causing a kernel crash with a NULL pointer dereference. The issue ...

CVE-2022-48826

Mode C: CVE-2022-48826 affects the Linux kernel drm/vc4, where a deadlock can occur during DSI device attach error when the host device lock is held. Specifically, in the device attach error path, un-registering the host can deadlock with a call trace involving device_del/unregister, mipi_dsi_hos...

CVE-2022-48959

CVE-2022-48959 affects the Linux kernel net: dsa: sja1105 code path. The root cause is a memory leak when dsa_devlink_region_create fails in sja1105_setup_devlink_regions(), where priv->regions is not released. The vulnerability resolution is a fix in the kernel that releases the leaked memory...

CVE-2022-49061

The CVE-2022-49061 issue affects the Linux kernel net: ethernet: stmmac altr_tse_pcs when using a fixed-link. The driver crashes with a null-pointer dereference because phy_device is not provided to tse_pcs_fix_mac_speed. The patch adds a check for phy_dev before calling tse_pcs_fix_mac_speed() a...

CVE-2022-49089

CVE-2022-49089 (Linux kernel) resolves a race condition in IB/rdmavt code by adding a lock around a call to rvt_error_qp, which the function’s documentation requires both r_lock and s_lock to be held. The issue occurred because a commit in Fixes left the rvt_error_qp call in rvt_ruc_loopback unco...

CVE-2022-49174

The CVE-2022-49174 entry concerns the Linux kernel ext4 code: when flex_bg with fast_commit is enabled, ext4_mb_mark_bb() may read the block bitmap buffer_head only for the starting block group, failing to refresh it when an inode extents crosses a block-group boundary. This can cause memory acce...

CVE-2022-49269

The CVE-2022-49269 issue affects the Linux kernel CAN subsystem: isotp_bind() incorrectly validates CAN IDs, allowing a state machine path that can be reached with non-standard IDs (ex: 0x6000001 and 0xC28001) that map to 11-bit IDs 0x001. The fix sanitizes SFF/EFF CAN ID values before address ch...

CVE-2022-49282

CVE-2022-49282 is a Linux kernel issue affecting f2fs quota handling. The vulnerability stems from an incorrect loop condition in f2fs_quota_sync() where cnt should be passed to sb_has_quota_active() to correctly determine active quotas. When type is -1, the compiler may discard the check, potent...

CVE-2022-49341

The CVE-2022-49341 entry concerns the Linux kernel vulnerability where bpf, arm64 paths could reveal kernel memory via copy_to_user() in bpf_prog_get_info_by_fd() due to incorrect handling of prog->jited_len. The issue arises when prog->jited_len is set (e.g., to 43) but prog->bpf_func i...

CVE-2022-49352

CVE-2022-49352 relates to the Linux kernel ext4: fix warning in ext4_handle_inode_extension, where a write path can trigger inode size accounting inconsistencies under memory pressure. The issue describes an observed sequence where inode.i_size is 4096, but EXT4_I(inode)->i_disksize is set to ...

CVE-2022-49402

CVE-2022-49402 concerns the Linux kernel ftrace hashing of direct_functions. The issue triggers a general protection fault when register_ftrace_direct fails, due to the entry not being removed from direct_functions. The available connected docs confirm the root cause and the fix: remove the entry...

CVE-2022-49438

CVE-2022-49438 : In the Linux kernel, the refcount leak occurs in the path handling for device tree lookups. Specifically, of_find_node_by_path() using of_find_node_opts_by_path() returns a node pointer with an incremented refcount, but the code did not call of_node_put() when done, causing a ref...

CVE-2022-49555

The CVE-2022-49555 issue affects the Linux kernel’s Bluetooth hci_qca path. The root cause is use of del_timer() before freeing a timer, risking timer-list corruption; the fix applies del_timer_sync() before freeing and adjusts wake_retrans_timer/work queue destruction by moving the workqueue des...

CVE-2022-49618

In CVE-2022-49618, the Linux kernel pinctrl: aspeed driver fixes a potential NULL pointer dereference in aspeed_pinmux_set_mux() where pdesc could be null but dereferenced pdesc->name. The patch adds a null check before dereferencing, preventing null pointer access. Connected Astra Linux advis...

CVE-2022-49619

CVE-2022-49619 affects the Linux kernel net/sfp path. The vulnerability stems from sfp_probe() allocating memory via sfp_alloc() and not freeing it when devm_add_action() fails, causing a memory leak. The connected Astra/Tencent/Tenable entries confirm the fix is to replace devm_add_action() with...

CVE-2022-49627

CVE-2022-49627 targets the Linux kernel’s Integrity Measurement Architecture (IMA). The advisory notes a memory leak possibility in ima_init_crypto() if SHA1 tfm allocation fails, where the ima_algo_array may not be freed. The documented fix adds the missing kfree() for ima_algo_array to prevent ...

CVE-2022-49770

CVE-2022-49770 is a Linux kernel vulnerability affecting the ceph component where, if the decoding of snaps fails, the first_realm and realm may reference the same snaprealm memory. This can cause the same memory to be released twice, leading to use-after-free or related instability (BUG_ON). The...

CVE-2022-49926

CVE-2022-49926: Linux kernel vulnerability in net: dsa: Fix possible memory leaks in dsa_loop_init() was addressed. The issue, reported by kmemleak, involved two leaks in dsa_loop_init(): (1) memory allocated for phy_device via phy_device_create() was not freed because fixed_phy_unregister() only...

CVE-2022-50095

The CVE-2022-50095 issue affects the Linux kernel posix-cpu-timers: when a non-leader thread execs, the timer’s task reference may point to the old PID, so exit_itimers cannot disarm armed timers. This could leave timers in the timerqueue_list and, during processing, cause a use-after-free. The r...

CVE-2022-50138

The CVE-2022-50138 entry describes a memory-leak in Linux kernel RDMA qedr: __qedr_alloc_mr() allocates mr->info.pbl_table; if rdma_alloc_tid() and rdma_register_tid() fail, the 'mr' is released but mr->info.pbl_table isn’t, causing a leak. The fix is to release mr->info.pbl_table with q...