14430 matches found
CVE-2022-50033
CVE-2022-50033: In the Linux kernel USB host OHCI PPC OF driver, of_find_compatible_node() may return a node with an incremented refcount and of_node_put() must be used when not needed. The issue is a refcount leak in ohci_hcd_ppc_of_probe(). Affected: Linux kernel (ohci-ppc-of path). Impact is a...
CVE-2022-50039
The CVE-2022-50039 entry concerns the Linux kernel’s stmmac Intel dwmac driver. The vulnerability arises from a missing clk_disable_unprepare() call in intel_eth_pci_remove(), introduced by earlier clock-handling changes and related removals in commits such as 09f012e64e4b and ac322f86b56c, which...
CVE-2022-50054
The CVE-2022-50054 entry concerns a Linux kernel vulnerability in the iavf driver: a NULL pointer dereference in iavf_get_link_ksettings when vf_res has been freed in iavf_init_get_resources. The issue arises after a regression that could allow netdev to call ethtool_ops while vf_res is gone, lea...
CVE-2022-50091
CVE-2022-50091 concerns the Linux kernel where the boot-time parameter csdlock_debug was parsed via early_param, enabling static_branch in a manner that could dereference NULL under specific sparse memory configurations (arm64 with CONFIG_SPARSEMEM and SPARSEMEM_VMEMMAP settings, and powerpc due ...
CVE-2022-50115
CVE-2022-50115 : In the Linux kernel, the ASoC: SOF: ipc3-topology vulnerability caused potential memory corruption due to a double free of ipc_control_data in error/rollback paths when load_bytes-related validation fails. The issue arose because scontrol->ipc_control_data could be freed but n...
CVE-2022-50146
CVE-2022-50146 concerns the Linux kernel PCI-DWC stack. If dw_pcie_ep_init() initializes EPC memory and allocates MSI memory but fails to perform a subsequent action, the MSI region leak is not cleaned up, creating a memory leak. The fix, described in the commit log referenced by multiple advisor...
CVE-2023-20844
CVE-2023-20844 affects the imgsys_cmdq component in MediaTek devices. The issue is an out-of-bounds read caused by missing valid range checking, potentially enabling local information disclosure with system-execution privileges required. Exploitation requires user interaction. The vulnerability i...
CVE-2023-52527
CVE-2023-52527 involves the Linux kernel IPv4/IPv6 path: the handling of transhdrlen in __ip{,6}_append_data() could inflate the length when a packet is only partially filled (e.g., after MSG_MORE), risking duplicate transport header accounting. The issue can arise when splicing into an L2TP sock...
CVE-2023-52678
CVE-2023-52678 involves the Linux kernel with a fix in the AMD expose path for KFD topology. The vulnerability was due to using list_first_entry on a list that could be empty; the corrected code now checks that the list is non-empty before access and returns -ENODATA when empty. This change mitig...
CVE-2023-52708
CVE-2023-52708 affects the Linux kernel MMC SPI code. The issue stems from error handling in mmc_spi_probe(): if mmc_add_host() fails, the code previously could call mmc_remove_host() and dereference a null device, causing a crash. The fix routes control to the fail_glue_init path on mmc_add_host...
CVE-2023-52742
The CVE-2023-52742 entry concerns the Linux kernel USB plusb driver. The vulnerability arises from treating a zero-length control-OUT transfer as a read instead of a write, triggering a WARNING in urb.c when usb_submit_urb is executed. The provided connected details specify the root cause as inco...
CVE-2023-52829
The CVE affects Linux kernel wifi driver ath12k (ext_hal_reg_caps path). A reg_cap.phy_id value extracted from a WMI event could be unexpected after errors, enabling an out-of-bounds write to soc->hal_reg_cap. The public description states the issue is corrected by validating reg_cap.phy_id be...
CVE-2023-52862
CVE-2023-52862 is a Linux kernel vulnerability in the DRM/AMD display path (Display Core) where a null pointer dereference could occur when printing the error message if the DC fails to initialize. The fix prevents dereferencing a DC version field that may be undefined when DC initialization has ...
CVE-2023-52883
CVE-2023-52883 : In the Linux kernel, a null pointer dereference could occur in the AMDGPU driver. The issue arises in drm/amdgpu_vm_bo_update where abo->tbo.resource may be NULL, enabling an attacker-controlled or unintended path to trigger a crash. The vulnerability is fixed by the kernel pa...
CVE-2023-52985
The CVE-2023-52985 entry relates to the Linux kernel, specifically arm64 systems with imx8mm-verdin support. The vulnerability concerns the fec driver attempting to power down the ethernet PHY during suspend (freeze or memory state), which can crash the kernel. The underlying cause is that the PH...
CVE-2023-53005
CVE-2023-53005 concerns a Linux kernel vulnerability in trace_events_hist where create_hist_field could be called recursively and return NULL, risking a NULL pointer dereference. The fixed advisory notes adding a check for the return value of create_hist_field (trace_events_hist.c:1954). Related ...
CVE-2023-53023
The CVE-2023-53023 entry describes a use-after-free in the Linux kernel NFC local_cleanup path. Specifically, kfree_skb() can be invoked twice during nfc daemon teardown (e.g., neard) after detaching an NFC device, because local_cleanup() frees local->rx_pending and decrements local->ref tw...
CVE-2024-26652
CVE-2024-26652: Linux kernel net/pds_core fixes a possible double free in the error path when auxiliary_device_add() fails and later calls auxiliary_device_uninit(); the callback pdsc_auxbus_dev_release calls kfree(padev) and the patch removes the redundant kfree and moves error handling back to ...
CVE-2024-26721
In CVE-2024-26721, the Linux kernel’s drm/i915 dsc: PPS register address macro was wrong after PPS 11. The patch fixes the address calculation by adding an offset of 12 for PPS >= 12, correcting PPS 12–16 addresses that previously caused incorrect DSC PPS parameter reads/writes and potential D...
CVE-2024-26914
CVE-2024-26914 concerns the Linux kernel DRM/AMD display path. The root cause is an incorrect mpc_combine array size:MAX_SURFACES was used instead of MAX_PLANES, causing an overflow when more than 3 planes are present. The patch uses MAX_PLANES as the array size, addressing the issue. The vulnera...
CVE-2024-35994
CVE-2024-35994 (Linux kernel, qcom uefisecapp): The vulnerability stems from memory handling in QSEECOM app calls where APP_SEND buffers for request and response were treated as separate regions. The root cause was two consecutive kzalloc() allocations that could yield adjacent memory, causing un...
CVE-2024-39296
CVE-2024-39296 affects the Linux kernel bonding subsystem. The issue is a race during module removal (rmmod bonding) caused by a removed NULL check in the bonding debugfs cleanup path, which can lead to an oops in bond_uninit()/bond_debug_unregister() via debugfs_remove or recursive removal. The ...
CVE-2024-40938
CVE-2024-40938 affects the Linux kernel Landlock component, addressing a d_parent walk issue when linking a root mount point. The root cause was a WARN_ON_ONCE triggered by using the source directory’s d_parent even if the source is mounted, because the VFS check runs after security_path_link(). ...
CVE-2024-40944
CVE-2024-40944 affects the Linux kernel (x86/kexec). The vulnerability is a bug in call depth tracking where calling cc_platform_has() may fault if depth tracking is active because GS_BASE is reset to 0 by load_segments(). The mitigation described in the documentation is to invoke cc_platform_has...
CVE-2024-42108
CVE-2024-42108 affects the Linux kernel rswitch path (net: rswitch) where use-after-free occurs in rswitch_poll() due to inlining of rswitch_tx_free(); skb and gq->skbs[..] reference the same pointer, freeing skb with dev_kfree_skb_any() before skb->len is used for interface statistics. The...
CVE-2024-42303
The CVE-2024-42303 issue affects the Linux kernel media imx-pxp driver. The root cause is an ERR_PTR dereference in pxp_probe() when devm_regmap_init_mmio() can fail, due to a missing check and bail‑out path. The patch adds a null/error check and exits gracefully, preventing a dereference and pot...
CVE-2024-43887
The CVE-2024-43887 entry relates to the Linux kernel (net/tcp) TCP-AO static key handling. The vulnerability arises because the lifetime of the TCP-AO static_key is tied to the last tcp_ao_info, and, if an RCU grace period is delayed, a CPU may observe a tcp_ao_info that is about to be deallocate...
CVE-2024-47676
CVE-2024-47676 affects the Linux kernel’s hugetlb fault pathway. Syzbot observed a use-after-free of the VMA in hugetlb_fault() caused by vmf_anon_prepare() releasing the per-VMA lock before hugetlb_vma_unlock_read() is called. The patched fix uses a modified vmf_anon_prepare() that does not rele...
CVE-2024-47680
CVE-2024-47680 affects the Linux kernel’s f2fs discard handling for conventional zones on zoned block devices. The root cause is that f2fs relied on a discard capability check performed by bdev_max_discard_sectors() and bdev_is_zoned(), which bypasses to discard even when a device doesn’t support...
CVE-2024-47708
CVE-2024-47708 : In the Linux kernel, the netkit driver missed assigning the required bpf_net_context during XDP-redirect handling, causing a NULL pointer dereference when NETKIT_REDIRECT invokes skb_do_redirect() and accesses per-CPU variables. The fix is to set the bpf_net_context before callin...
CVE-2024-49943
CVE-2024-49943 affects the Linux kernel DRM XE/guc_submit path. A missing locking around wedged_fini can let a non-wedged queue with zero refcount be dereferenced concurrently with an async queue destroy, enabling a Use-After-Free. The fix keeps the submission_state lock held during the wedge-sta...
CVE-2024-49979
CVE-2024-49979 concerns the Linux kernel TCP GSO fraglist handling. The issue arises when TK fraglist SKBs are composed of a head_skb (headers + first gso_size) and one or more frag_list SKBs (one segment each) where data can be modified by datapath hooks (e.g., NAT/BPF), breaking invariants. In ...
CVE-2024-49984
CVE-2024-49984 : In the Linux kernel DRM/V3D, there was an out-of-bounds access bug in the performance query extensions. The issue arises from copying IDs when validating the number of perfmon userspace inputs for the copy and reset extensions; the kernel did not adequately bound-check the destin...
CVE-2024-49990
CVE-2024-49990 is described in the initial document as a Linux kernel issue in drm/xe/hdcp where xe_gsc could be null when performing an HDCP capability check. The vulnerability was addressed by adding a GSC structure validity check to avoid a NULL pointer dereference. The Nessus plugin UNPATCHED...
CVE-2024-50092
The CVE affects the Linux kernel netconsole code path. A warning is erroneously emitted when this_chunk equals zero in net: netconsole, instead of only when this_chunk is negative; userdata handling remains valid across iterations. This could mislead operators but the underlying userdata path is ...
CVE-2024-50122
CVE-2024-50122 is a Linux kernel vulnerability in the PCI subsystem (power control code) where a race between the power-control device rescanning and host controller probe can leave two incomplete devices and trigger a crash when removing the device via sysfs. The root cause is not fully detailed...
CVE-2024-50144
The CVE-2024-50144 issue affects the Linux kernel DRM/XE path. Root cause: an unbalanced rpm put() can occur if fence_fini() is invoked twice on error while handling GuC CT for a tlb request, because the code path signals the fence and then returns an error, causing the caller to run fini() again...
CVE-2024-50254
CVE-2024-50254 : In the Linux kernel, the bpf_iter_bits_destroy() path incorrectly used kit->nr_bits bit = kit->nr_bits on completion, uses !nr_bits || bits >= nr_bits to determine completion, and keeps nr_bits > 64 to indicate dynamic allocation. It also changes kit->nr_bits from ...
CVE-2024-53225
The CVE-2024-53225 issue affects the Linux kernel IOMMU/tegra241-cmdqv path. A misconfiguration with PAGE_SIZE=4KB and CMA alignment could cause VM CMDQ alignment tests to fail, triggering a WARN_ON in arm-smmu-v3.c during queue initialization (arm_smmu_init_one_queue). The root cause is an align...
CVE-2025-21801
Technical details for CVE-2025-21801 are not provided in the connected documents. Publicly available information within these sources is insufficient to describe affected products/versions, root cause, or mitigations. Monitor for updates from the connected feeds.
CVE-2025-22084
CVE-2025-22084 : In the Linux kernel, a NULL pointer dereference can occur in the serdev path due to a race: w1_uart_probe() calls w1_uart_serdev_open() (which includes devm_serdev_device_open()) before configuring client ops with serdev_device_set_client_ops(), causing serdev->ops to be unini...
CVE-2025-22096
CVE-2025-22096 is a Linux kernel vulnerability resolved in the drm/msm/gem path. The root cause was in error handling: the SUBMIT_ERROR() macro made an error code negative, and an extra “-” turned it back to a positive EINVAL. The positive value was passed to ERR_PTR(), which is not an IS_ERR(), ...
CVE-2025-37774
CVE-2025-37774 relates to the Linux kernel slab allocator where slab->obj_exts was not zeroed on newly allocated slabs. The fix initializes slab->obj_exts during slab page allocation to prevent invalid dereferences of slab->obj_exts bits, which could lead to a local memory corruption/NUL...
CVE-2025-37907
CVE-2025-37907 is a Linux kernel issue affecting the ivpu accelerator path. The vulnerability stems from a lock-order inversion between ivpu_job_submit() and the file_priv/context_list_lock when aborting jobs, which could deadlock (two-thread scenario shown). The fixed condition: change the locki...
CVE-2025-38007
CVE-2025-38007 affects HID uclogic in the Linux kernel. Root cause: uclogic_input_configured() dereferences a NULL after devm_kasprintf() returns NULL due to allocation failure. Mitigation: a NULL check is added after devm_kasprintf() to prevent the dereference. Described fixes are documented in ...
CVE-2025-38087
The CVE-2025-38087 entry refers to a Linux kernel vulnerability in net/sched: taprio_dev_notifier, where a race with advance_sched could cause a use-after-free because taprio_dev_notifier() was not protected by an RCU read-side critical section. The issue is resolved by adding an rcu_read_lock() ...
CVE-2025-38220
CVE-2025-38220 affects the Linux kernel ext4 subsystem. The vulnerability occurs when processing an orphan-list symlink inode during truncation; partial block zeroing calls ext4_dirty_journalled_data() which invokes folio_mark_dirty() via mapping->a_ops->dirty_folio(), but symlink inodes la...
CVE-2025-38226
CVE-2025-38226 targets the Linux kernel, specifically the media/v4l2-tpg path used by vivid. The issue is a KASAN-detected vmalloc-out-of-bounds access in tpg_fill_plane_pattern and tpg_fill_plane_buffer (v4l2-tpg-core.c:2608 and 2705), causing a write of size 1440 to a kernel address during vivi...
CVE-2025-40364
CVE-2025-40364 : In the Linux kernel, the io_uring path titled “io_req_prep_async with provided buffers” has been resolved. The issue allowed io_req_prep_async() to import provided buffers and then commit the ring state by giving up on that path, with the buffers potentially being reimported late...
CVE-1999-0317
CVE-1999-0317 concerns a buffer overflow in the Linux su command that enables local users to gain root privileges. The core vulnerability is described as a buffer overflow affecting su, leading to full compromise of the local system. The provided connected documents reiterate the issue in differe...