CVE-2015-5327

CVE-2015-5327 affects the Linux kernel (4.3-rc1 and later); the flaw is an out-of-bounds memory read in x509_decode_time within x509_cert_parser.c. Impact is partially confidentiality (per CVSS2) and high confidentiality (per CVSS3); the issue is fixed by kernel patches (as noted in referenced ad...

CVE-2016-10150

CVE-2016-10150 is a use-after-free in kvm_ioctl_create_device (virt/kvm/kvm_main.c) of the Linux kernel before 4.8.13, allowing a local host user to crash the host or possibly gain privileges via crafted ioctl calls on /dev/kvm. The fix is provided in kernel version 4.8.13 and later; remediation ...

CVE-2016-3135

CVE-2016-3135 is an integer overflow in xt_alloc_table_info (net/netfilter/x_tables.c) of the Linux kernel up to 4.5.2 on 32-bit platforms, enabling local privilege escalation or heap corruption leading to DoS via IPT_SO_SET_REPLACE. Connected documents corroborate the 32-bit overflow in xt_alloc...

CVE-2017-14954

CVE-2017-14954 affects the Linux kernel: the waitid implementation in waitid.c? actually kernel/exit.c in the Linux kernel up to 4.13.4 accesses rusage data structures in unintended cases, enabling local users to obtain sensitive information and bypass the KASLR protection via a crafted system ca...

CVE-2018-1095

CVE-2018-1095 concerns the Linux kernel up to 4.15.15, where ext4_xattr_check_entries in fs/ext4/xattr.c fails to validate xattr sizes, causing misinterpretation of a size as an error code. This can enable a crafted ext4 image to trigger a get_acl NULL pointer dereference and crash the system, i....

CVE-2018-14615

CVE-2018-14615 concerns a buffer overflow in the Linux kernel up to version 4.17.10, triggered in truncate_inline_inode() within fs/f2fs/inline.c when unmounting an f2fs image because a length value may be negative. The connected Nessus entries repeat the same description and tie the issue to the...

CVE-2018-7754

CVE-2018-7754 affects the Linux kernel via aoedisk_debugfs_show in drivers/block/aoe/aoeblk.c. The function can be triggered by reading a debugfs file, allowing local users to obtain sensitive address information (ffree: lines). The issue is described as exploitable locally with kernel up to 4.16...

CVE-2021-47111

CVE-2021-47111 affects the Linux kernel xen-netback where the RX task thread could be freed before kthread_stop during backend teardown, causing a use-after-free. The fix reintroduces taking a reference to the RX task thread and adds an explanation why it’s needed (XSA-374 / CVE-2021-28691). Affe...

CVE-2021-47231

CVE-2021-47231 describes a memory leak in the Linux kernel SocketCAN driver (mcba_usb). The issue arises in mcba_usb_start() where 20 usb_coherent buffers are allocated but not freed; callbacks resubmit the URB and disconnect handling doesn’t free or mark URB_FREE_BUFFER for coherent buffers. Thi...

CVE-2021-47258

CVE-2021-47258 affects the Linux kernel scsi subsystem. The vulnerability arises from incorrect error handling in scsi_host_alloc, leading to a leaked device name if the device is not freed after initialization or when its name is set via dev_set_name. The published fixes replace kfree() with put...

CVE-2021-47314

CVE-2021-47314 refers to a Linux kernel issue in the fsl_ifc memory handling: on probe failure the driver could leak private memory. The connected Astra/OpenVAS/Nessus advisories reproduce that the fix was to switch to resource-managed allocation to free memory when probe errors occur, mitigating...

CVE-2021-47339

In CVE-2021-47339, the Linux kernel fix targets media: v4l2-core, addressing uninitialized kernel stack data that could be used as input for driver ioctl handlers due to mistakes in compat ioctl implementation. The resolution requires explicitly clearing the entire ioctl input buffer before conve...

CVE-2021-47350

Affected software: Linux kernel on PowerPC. The issue stems from is_exec_fault() returning false for exec faults taken by the kernel, causing set_access_flags_filter() not to set PAGE_EXEC and leading to a perpetual minor exec fault. Root cause traced through a sequence of commits (notably d7df24...

CVE-2021-47357

CVE-2021-47357 : In the Linux kernel, the atm: iphase removal path calls del_timer(), which can leave a timer handler running after the driver remove completes, causing a possible use-after-free. The fix uses del_timer_sync() to wait for the timer handler to finish and prevent rescheduling. Conne...

CVE-2021-47376

CVE-2021-47376 is a Linux kernel issue where an oversize allocation in kmalloc path could trigger a warning during BPF verification. The provided description and connected advisories indicate the fix adds an oversize check before kvcalloc() via the commit that introduces the guard in mm/kvmalloc(...

CVE-2021-47381

The CVE-2021-47381 vulnerability is addressed in the Linux kernel under the ASoC: SOF component. The issue involved the DSP oops stack dump output contents, with the fix targeting the @buf argument passed to hex_dump_to_buffer() and the stack address used in the dump error output. The patch preve...

CVE-2021-47382

The CVE-2021-47382 entry concerns the Linux kernel component s390/qeth. Root cause: a deadlock risk in qeth_do_reset() where discipline_mutex could be held on an error path, preserving the original deadlock potential when a qeth channel path is offline. The vulnerability arises from a race betwee...

CVE-2021-47388

In the Linux kernel, CVE-2021-47388 affects mac80211 within CCMP/GCMP RX, where PN checking for fragmentation could use a stale hdr reference after a potential reallocation, leading to a use-after-free. The fix reloads the PN/hdr after the reallocating code path to ensure the PN is checked agains...

CVE-2021-47389

CVE-2021-47389 is a Linux kernel/KVM SVM issue related to SevReceiveStart and SEV context decommission. The root cause was a missing SEV decommission step when ASID binding fails after RECEIVE_START, which can leak firmware memory and eventually prevent allocating new SEV guest contexts, causing ...

CVE-2021-47399

Technical details about CVE-2021-47399 (ixgbe NULL pointer dereference) are not provided in the supplied documents. Monitor for updates from vendors; no concrete technical details are included here.

CVE-2021-47421

In CVE-2021-47421, the Linux kernel module path is drm/amdgpu with a fix implemented in amdgpu_pci_resume to handle pci_channel_io_frozen. The issue arises when a PCI error state pci_channel_io_normal is detected; the code calls pci_walk_bridge to resume PCI, leading to a write lock being release...

CVE-2021-47424

The CVE-2021-47424 issue affects the Linux kernel i40e driver. When VSI setup fails during PF switch in i40e_probe(), the code attempted to free misc IRQ vectors in i40e_clear_interrupt_scheme, potentially freeing an IRQ that had not been allocated yet, leading to a kernel Oops (example trace sho...

CVE-2021-47493

CVE-2021-47493 is a Linux kernel issue affecting ocfs2 where a race between searching chunks and releasing journal_head from a buffer_head can lead to a page fault or panic. The root cause is a race between ocfs2_test_bg_bit_allocatable() and jbd2_journal_put_journal_head(), with bg_bh->b_priv...

CVE-2021-47504

CVE-2021-47504 affects the Linux kernel io_uring cancel path. If a canceled work item also requires task_work processing, the item could sleep uninterruptibly in io_uring_cancel_generic() and never complete, blocking forward progress. The fix is within io_uring handling to ensure task_work runs d...

CVE-2021-47522

CVE-2021-47522 affects the Linux kernel HID bigbenff handling in uhid. When emulating the device, if no output reports exist, report_field may be NULL, risking a NULL pointer dereference. The issue has been resolved in the Linux kernel (as described in connected Astra Linux advisory blocks). Impa...

CVE-2021-47635

CVE-2021-47635 is a Linux kernel/UBIFS issue where, after ubifs sets a page private, UBIFS did not increase the page refcount, causing page migration to erroneously move a in-use page. The description in the connected advisories explains that if a page is private, the kernel expects an extra refe...

CVE-2022-47942

CVE-2022-47942 affects ksmbd in Linux kernels 5.15–5.19 before 5.19.2. The issue is a heap-based buffer overflow in set_ntacl_dacl triggered by use of SMB2_QUERY_INFO_HE after a malformed SMB2_SET_INFO_HE, potentially exposing memory corruption paths. Public references confirm the vulnerability a...

CVE-2022-48650

CVE-2022-48650 : In the Linux kernel, memory leak in the SCSI qla2xxx path (__qlt_24xx_handle_abts()) occurs when tcm_qla2xxx_find_cmd_by_tag() doesn’t find a command and the command’s memory isn’t freed after an early return. The issue was fixed by commit 8f394da36a36, which also dropped TARGET_...

CVE-2022-48744

In CVE-2022-48744, the Linux kernel net/mlx5e driver was made resilient to field-bound checking by avoiding a field-overflowing memcpy() across neighboring fields. The root cause involved copying MLX5E_XDP_MIN_INLINE bytes into a 2-byte inline_hdr.start, causing writes to adjacent data (vlan_tci,...

CVE-2022-48775

CVE-2022-48775 concerns a memory leak in the Linux kernel under the hv: vmbus driver: the function kobject_init_and_add() can return an error without releasing the allocated object, leading to a leak. The documented fix is to call kobject_put() when an error occurs, preventing memory retention. T...

CVE-2022-48852

The CVE (CVE-2022-48852) affects the Linux kernel DRM/VC4 HDMI driver. The issue arises because the HDMI codec device is registered on bind but not unregistered on unbind, causing a device leak. Root cause: unbind path does not unregister the HDMI codec device, leaving orphaned device state. The ...

CVE-2022-49051

CVE-2022-49051 concerns the Linux kernel USB driver net: usb: aqc111, specifically the aqc111_rx_fixup() function. The advisory states multiple out-of-bounds accesses that a malicious or defective USB device can trigger, including OOB reads in the metadata array (desc_offset..desc_offset+2*pkt_co...

CVE-2022-49148

The CVE-2022-49148 entry concerns a Linux kernel vulnerability where, during dismantling of watch_queue, the page array was not freed, leaving a memory leak. The issue was addressed by a patch sequence that first frees the alloc bitmap when tearing down watch_queue (commit 7ea1a0124b6d) and then ...

CVE-2022-49157

CVE-2022-49157 affects the Linux kernel scsi/qla2xxx driver. After a recoverable PCI error is detected and recovered, the qla2xxx driver may perform premature hardware access if the error condition persists or resume signaling is not yet received. The description and logs show a PCI disconnect an...

CVE-2022-49171

CVE-2022-49171 is a Linux kernel issue in the mm/gup.c path affecting ext4. The race causes [un]pin_user_pages_remote to dirty pages without proper pre-notification to ext4, which can lead to data loss. While the root cause is classed as a bug in mm/gup.c, ext4 is particularly fragile: if another...

CVE-2022-49232

CVE-2022-49232 is a Linux kernel vulnerability in the DRM/AMD display path. In amdgpu_dm_connector_add_common_modes(), the code assigns the result of amdgpu_dm_create_common_mode() to mode and then passes it to drm_mode_probed_add(). If amdgpu_dm_create_common_mode() fails, mode may be NULL and d...

CVE-2022-49260

Technical details for CVE-2022-49260 are not publicly available in the provided documents. Monitor for updates from the OSV/SUSE advisories and related feeds.

CVE-2022-49303

CVE-2022-49303 concerns a Linux kernel deadlock in the rtl8192eu driver (drivers/staging/rtl8192eu) during rtw_joinbss_event_prehandle. The provided details describe a lock-order issue: thread 1 holds pmlmepriv->lock while waiting on del_timer_sync(), but the timer handler (thread 2) also need...

CVE-2022-49382

CVE-2022-49382 affects the Linux kernel: soc: rockchip: Fix refcount leak in rockchip_grf_init. The issue occurred because of_find_matching_node_and_match returns a node pointer with an incremented refcount, and the patch adds missing of_node_put() when done to avoid the leak. Connected Astra Lin...

CVE-2022-49397

CVE-2022-49397 affects the Linux kernel, in the phy: qcom-qmp driver. The vulnerability is a leak of a struct clk (pipe clock reference) on probe errors, including late probe error/deferral paths. The advisory states the fix releases the held pipe clock reference on such errors, i.e., a proper cl...

CVE-2022-49432

CVE-2022-49432 affects the Linux kernel on PowerPC/xics: a refcount leak in icp_opal_init() was fixed. The root cause is that of_find_compatible_node() returns a node pointer with refcount already incremented, and the fix is to call of_node_put() on it when done. The upstream description notes th...

CVE-2022-49440

CVE-2022-49440 affects the Linux kernel (PowerPC RTAS path). The root cause is MSR[RI] not being preserved when entering RTAS, while RTAS runs in real mode and may trigger a panic/ watchdog lockup if MSR[RI] is unset. The fix updates how MSR is computed before calling RTAS, ensuring a hardcoded v...

CVE-2022-49446

CVE-2022-49446 affects the Linux kernel’s NVDIMM path, describing deadlock risks in CXL/NVDIMM interactions. The advisory notes possible unsafe locking scenarios involving nd_region keys, nvdimm_bus->reconfig_mutex, system_transition_mutex, and cxl_root/acpi_scan_lock chains, triggered by hold...

CVE-2022-49448

CVE-2022-49448 affects the Linux kernel, specifically the bcm soc path, where code that uses devm_kzalloc() may receive a NULL return. If allocation fails and the NULL is not checked, subsequent use of pd->pmb and related code can trigger a null pointer dereference. The description in the Init...

CVE-2022-49667

The CVE-2022-49667 issue is a Linux kernel net bonding use-after-free bug triggered by 802.3ad slave unbind. The flaw occurs when bond_3ad_unbind_slave clears an aggregator while there are still ports referencing freed memory, due to ad_clear_agg being invoked even when the port count in a group ...

CVE-2022-49670

CVE-2022-49670 is a Linux kernel issue disclosed via multiple advisories (Unity Linux UTSA-2025-990008, UTSA-2025-986722, etc.). The vulnerability is in the RDMA DIM path: a divide-by-zero occurs in rdma_dim_stats_compare() when prev->cpe_ratio == 0. The problem is resolved by a kernel patch (...

CVE-2022-49694

The CVE-2022-49694 vulnerability affects the Linux kernel in the block I/O subsystem, where the elevator is disabled in del_gendisk. The root cause is a use-after-free risk on q->tag_set because the elevator disabling and scheduler tag freeing were performed in disk_release/blk_cleanup_queue t...

CVE-2022-49906

The CVE-2022-49906 issue affects the Linux kernel ibmvnic driver: a path in the reset handling could leak 32 bytes by not freeing the rwi structure when the last rwi in the list is processed. A fix releases the rwi memory on reset success (kernel patch 4f408e1fa6e1 and related commits). Connected...

CVE-2022-49977

Summary of CVE-2022-49977 – Linux kernel ftrace NULL pointer dereference Root cause: When ftrace is dead and ftrace_startup_enable fails to modify the ftrace state, the registration may leave an op in ftrace_ops_list. If the op is dynamically allocated, is_ftrace_trampoline can access a NULL op i...

CVE-2022-50033

CVE-2022-50033: In the Linux kernel USB host OHCI PPC OF driver, of_find_compatible_node() may return a node with an incremented refcount and of_node_put() must be used when not needed. The issue is a refcount leak in ohci_hcd_ppc_of_probe(). Affected: Linux kernel (ohci-ppc-of path). Impact is a...