CVE-2022-49667

The CVE-2022-49667 issue is a Linux kernel net bonding use-after-free bug triggered by 802.3ad slave unbind. The flaw occurs when bond_3ad_unbind_slave clears an aggregator while there are still ports referencing freed memory, due to ad_clear_agg being invoked even when the port count in a group ...

CVE-2022-49670

CVE-2022-49670 is a Linux kernel issue disclosed via multiple advisories (Unity Linux UTSA-2025-990008, UTSA-2025-986722, etc.). The vulnerability is in the RDMA DIM path: a divide-by-zero occurs in rdma_dim_stats_compare() when prev->cpe_ratio == 0. The problem is resolved by a kernel patch (...

CVE-2022-49694

The CVE-2022-49694 vulnerability affects the Linux kernel in the block I/O subsystem, where the elevator is disabled in del_gendisk. The root cause is a use-after-free risk on q->tag_set because the elevator disabling and scheduler tag freeing were performed in disk_release/blk_cleanup_queue t...

CVE-2022-49906

The CVE-2022-49906 issue affects the Linux kernel ibmvnic driver: a path in the reset handling could leak 32 bytes by not freeing the rwi structure when the last rwi in the list is processed. A fix releases the rwi memory on reset success (kernel patch 4f408e1fa6e1 and related commits). Connected...

CVE-2022-49977

Summary of CVE-2022-49977 – Linux kernel ftrace NULL pointer dereference Root cause: When ftrace is dead and ftrace_startup_enable fails to modify the ftrace state, the registration may leave an op in ftrace_ops_list. If the op is dynamically allocated, is_ftrace_trampoline can access a NULL op i...

CVE-2022-50033

CVE-2022-50033: In the Linux kernel USB host OHCI PPC OF driver, of_find_compatible_node() may return a node with an incremented refcount and of_node_put() must be used when not needed. The issue is a refcount leak in ohci_hcd_ppc_of_probe(). Affected: Linux kernel (ohci-ppc-of path). Impact is a...

CVE-2022-50039

The CVE-2022-50039 entry concerns the Linux kernel’s stmmac Intel dwmac driver. The vulnerability arises from a missing clk_disable_unprepare() call in intel_eth_pci_remove(), introduced by earlier clock-handling changes and related removals in commits such as 09f012e64e4b and ac322f86b56c, which...

CVE-2022-50051

CVE-2022-50051 affects the Linux kernel’s ASoC: SOF subsystem, specifically a debug path where a buffer overflow could occur due to using snprintf(). The vulnerability arises because snprintf() returns the would‑be‑filled size when the string exceeds the destination buffer, which can lead to an o...

CVE-2022-50069

CVE-2022-50069 concerns the Linux kernel BPF subsystem. The root cause is that bpf_sys_bpf() may copy instruction data from a kernel address (via bpfptr_t) without validating it, since copy_from_bpfptr() can dereference in-kernel pointers. This can lead to a use-after-free/invalid dereference in ...

CVE-2022-50091

CVE-2022-50091 concerns the Linux kernel where the boot-time parameter csdlock_debug was parsed via early_param, enabling static_branch in a manner that could dereference NULL under specific sparse memory configurations (arm64 with CONFIG_SPARSEMEM and SPARSEMEM_VMEMMAP settings, and powerpc due ...

CVE-2022-50115

CVE-2022-50115 : In the Linux kernel, the ASoC: SOF: ipc3-topology vulnerability caused potential memory corruption due to a double free of ipc_control_data in error/rollback paths when load_bytes-related validation fails. The issue arose because scontrol->ipc_control_data could be freed but n...

CVE-2023-52523

CVE-2023-52523 is a Linux kernel vulnerability where a BPF sockmap/sk_msg redirect can cause a crash if the egress target is a non-TCP socket. The root cause is a hard-coded assumption that the egress socket is TCP; after enabling redirects to non-TCP sockets, a non-TCP target leads to an invalid...

CVE-2023-52527

CVE-2023-52527 involves the Linux kernel IPv4/IPv6 path: the handling of transhdrlen in __ip{,6}_append_data() could inflate the length when a packet is only partially filled (e.g., after MSG_MORE), risking duplicate transport header accounting. The issue can arise when splicing into an L2TP sock...

CVE-2023-52708

CVE-2023-52708 affects the Linux kernel MMC SPI code. The issue stems from error handling in mmc_spi_probe(): if mmc_add_host() fails, the code previously could call mmc_remove_host() and dereference a null device, causing a crash. The fix routes control to the fail_glue_init path on mmc_add_host...

CVE-2023-52754

CVE-2023-52754 is a Linux kernel vulnerability in the imon USB driver. The driver could memory-corrupt by naively assuming the first interface is bound to imon when probing the second interface; a malformed descriptor could bind the first interface to another driver. A patch adds a sanity check a...

CVE-2023-52799

In Linux kernel, CVE-2023-52799 relates to an array-index-out-of-bounds in the JFS path during dmtree_t searches for free blocks (tp->dm_stree). The fix adds a parameter to dbFindLeaf to determine the dmtree type, enabling an out-of-bounds check and preventing access beyond array bounds. Affec...

CVE-2023-52842

CVE-2023-52842 affects the Linux kernel virtio_vsock path. The issue arises from uninitialized buf_alloc and fwd_cnt fields in struct virtio_vsock_hdr when a new skb is allocated in virtio_transport_init_hdr(), leading to a KMSAN-uninitialized-value report. The connected Astra/SUSE advisories con...

CVE-2023-52853

Technical details about CVE-2023-52853 (affected product, exact root cause, impact, and fixed versions) are not provided in the connected documents. The supplied materials only contain vendor advisories; monitor for official updates for concrete details.

CVE-2023-52856

CVE-2023-52856 relates to the Linux kernel drm/bridge lt8912b path. The lt8912b driver’s lt8912_bridge_detach() called drm_connector_unregister() and drm_connector_cleanup(), but these are only for connectors registered via drm_connector_register(); the driver’s destroy hook is drm_connector_clea...

CVE-2023-52862

CVE-2023-52862 is a Linux kernel vulnerability in the DRM/AMD display path (Display Core) where a null pointer dereference could occur when printing the error message if the DC fails to initialize. The fix prevents dereferencing a DC version field that may be undefined when DC initialization has ...

CVE-2023-52873

The CVE-2023-52873 issue affects the Linux kernel clock driver for Mediatek (clk-mt6779). Root cause: missing validation of the return value from mtk_alloc_clk_data(), which could lead to a NULL pointer dereference. Impact is local with possible kernel gains if exploited. The connected sources in...

CVE-2023-52898

CVE-2023-52898 is a Linux kernel vulnerability in the xHCI USB host controller code. The issue is a potential null pointer dereference when the host dies, caused by a race between xhci_free_dev() freeing virt devices and xhci_kill_endpoint_urbs() iterating endpoints. The fix synchronizes access b...

CVE-2023-53045

CVE-2023-53045 is mitigated in the Linux kernel via a fix to the USB gadget driver (usb: gadget: u_audio). In the unbind callback for f_uac1/f_uac2, a call to snd_card_free() could block waiting for resources to be released if userspace kept the file descriptor open, potentially causing a deadloc...

CVE-2024-26721

In CVE-2024-26721, the Linux kernel’s drm/i915 dsc: PPS register address macro was wrong after PPS 11. The patch fixes the address calculation by adding an offset of 12 for PPS >= 12, correcting PPS 12–16 addresses that previously caused incorrect DSC PPS parameter reads/writes and potential D...

CVE-2024-26753

CVE-2024-26753 is a Linux kernel vulnerability in crypto: virtio/akcipher where a stack overflow occurs when copying from a stack-allocated virtio_crypto_akcipher_session_para into the union in virtio_crypto_op_ctrl_req. The issue is caused by sizeof(struct virtio_crypto_akcipher_session_para) be...

CVE-2024-26914

CVE-2024-26914 concerns the Linux kernel DRM/AMD display path. The root cause is an incorrect mpc_combine array size:MAX_SURFACES was used instead of MAX_PLANES, causing an overflow when more than 3 planes are present. The patch uses MAX_PLANES as the array size, addressing the issue. The vulnera...

CVE-2024-35247

Summary of CVE-2024-35247 (Linux kernel): The fpga region handling was fixed by adding a module owner pointer to the fpga_region struct and using it to take the module’s refcount. The region registration APIs were updated to accept an additional owner module parameter and renamed to avoid conflic...

CVE-2024-35987

CVE-2024-35987 : Linux kernel vulnerability in riscv NOMMU builds. A patch fixes loading 64-bit NOMMU kernels past the start of RAM by restoring the previous NOMMU mm initialization behavior, after a change that allowed RAM below the kernel load address to be used for the linear mapping. The root...

CVE-2024-36963

CVE-2024-36963 affects the Linux kernel tracefs feature. The issue arises from how permissions are generated for tracefs files: they default to the root inode’s permissions unless the user changes them, and a remount with permissions should update all files, but currently leaves unchanged files t...

CVE-2024-38613

CVE-2024-38613 affects the Linux kernel on the m68k architecture, where a race in kernel thread creation can cause a spinlock recursion warning. Root cause: during context switch to a newly created thread, the status register may enable interrupts too early, since interrupts are not reliably disa...

CVE-2024-40944

CVE-2024-40944 affects the Linux kernel (x86/kexec). The vulnerability is a bug in call depth tracking where calling cc_platform_has() may fault if depth tracking is active because GS_BASE is reset to 0 by load_segments(). The mitigation described in the documentation is to invoke cc_platform_has...

CVE-2024-45012

The CVE-2024-45012 issue is in the Linux kernel related to the nouveau driver when SG_DEBUG is enabled with an active iommu. The crash trace shows a kernel BUG triggered in sg_init_one, indicating a failure in DMA handling within the nouveau firmware/driver path. The published fixes in connected ...

CVE-2024-46703

The CVE-2024-46703 issue is in the Linux kernel and stems from reverting the change “serial: 8250_omap: Set the console genpd always on if no console suspend,” which Kevin reported can crash during suspend on platforms that don’t use PM domains. The fix is to revert that commit, resolving the cra...

CVE-2024-46709

CVE-2024-46709 concerns the Linux kernel’s drm/vmwgfx code. The issue arises when handling external buffers during mapping, where code could access pages directly instead of using the dma_buf interface. The fixed behavior requires that external buffers created from dma_bufs be mapped via the dma_...

CVE-2024-47676

CVE-2024-47676 affects the Linux kernel’s hugetlb fault pathway. Syzbot observed a use-after-free of the VMA in hugetlb_fault() caused by vmf_anon_prepare() releasing the per-VMA lock before hugetlb_vma_unlock_read() is called. The patched fix uses a modified vmf_anon_prepare() that does not rele...

CVE-2024-47724

CVE-2024-47724 concerns the Linux kernel wifi driver ath11k beacon template handling. The issue arises when beacon TX status events trigger a sleep in an RCU read-side path, specifically via ath11k_wmi_cmd_send() called during BCN templating, which can sleep in atomic context. The root cause trac...

CVE-2024-49941

CVE-2024-49941 in the Linux kernel relates to gpiolib’s gpiod_get_label() where a NULL label could be dereferenced if srcu_dereference_check() returns NULL, leading to accessing label->str without verifying label. The patch adds a proper NULL check for label and removes the label->str != NU...

CVE-2024-49964

The CVE-2024-49964 issue affects the Linux kernel’s hugetlb path: memfd_pin_folios + unpin_folios could fail to restore free_huge_pages for pages not faulted in due to folio refcounts not reaching zero. The root cause was that folio_ref_unfreeze/folio_try_get/hugetlb_add_to_page_cache interaction...

CVE-2024-49990

CVE-2024-49990 is described in the initial document as a Linux kernel issue in drm/xe/hdcp where xe_gsc could be null when performing an HDCP capability check. The vulnerability was addressed by adding a GSC structure validity check to avoid a NULL pointer dereference. The Nessus plugin UNPATCHED...

CVE-2024-50094

Technical details for CVE-2024-50094 are not publicly disclosed in the provided connected documents. They reference the Linux kernel sfc/netpoll fix but do not specify affected versions, impact, or patch details. Monitor for updates.

CVE-2024-50113

Technical details about CVE-2024-50113 are not publicly available in the provided connected documents. The initial description mentions the Linux kernel firewire port index fix, but there are no public details on affected products/versions or specific exploit vectors in the supplied sources. Moni...

CVE-2024-50190

Summary (CVE-2024-50190) : The vulnerability is in the Linux kernel ice driver where a memory leak (memleak) occurs during ice_init_tx_topology(), leaking the FW blob for each PF. The root cause is that ice_cfg_tx_topo() did not need to copy the entire FW blob; the fix makes ice_cfg_tx_topo() @bu...

CVE-2024-50288

Technical details for CVE-2024-50288 are not available in the provided connected documents. The initial description mentions a buffer-overflow fix in the Linux kernel vivid driver, but there are no public details on affected versions, exploit status, or remediation beyond the patch.

CVE-2024-52319

CVE-2024-52319 — Linux kernel memory corruption/ information disclosure risk due to mm: use aligned address in clear_gigantic_page(). In current kernel, hugetlb_no_page() may call clear_gigantic_page() with a fault address that is not aligned to the huge page size, leading to potential memory cor...

CVE-2024-56639

CVE-2024-56639 affects the Linux kernel net/hsr RedBox path. The root cause was an under-allocated skb in hsr_init_skb() for RedBox, causing skb_over_panic when sending supervision frames that add two TLV components. The issue led to OOPs in skb_panic at net/core/skbuff.c:206 and a local exploit ...

CVE-2024-56696

CVE-2024-56696 affect: Linux kernel ALSA core. The issue arises when kunit_kzalloc() returns a NULL pointer and is dereferenced without a NULL check, which can lead to a NULL pointer dereference. root cause: missing NULL checks for kunit_kzalloc() calls in sound_kunit.c. impact: local, with poten...

CVE-2025-22051

CVE-2025-22051 affects the Linux kernel staging gpib driver. The issue arises when an Agilent USB dongle is disconnected, causing a NULL pointer Oops on subsequent driver calls because bus_interface is set to NULL on disconnect. The root cause is that usb_dev was being assigned from the bus_inter...

CVE-2025-22067

Technical details about CVE-2025-22067 (affected products, versions, root cause, impact, or fixes) are not provided in the connected documents. Monitor for updates from official advisories and vulnerability feeds.

CVE-2025-37776

CVE-2025-37776 : In the Linux kernel, ksmbd has a use-after-free in smb_break_all_levII_oplock() caused by a race when unlocking in the middle of the loop. A patch adds a read lock to protect the whole loop. This vulnerability has a local attack vector with high impact (C/H/I/A) per CVSS v3.1, an...

CVE-2025-37777

CVE-2025-37777: In the Linux kernel ksmbd path, a use-after-free could occur in __smb2_lease_break_noti() when the connection is disconnected, because ksmbd_conn_write may touch freed structures if conn->ksmbd_transport is already freed. The fix moves the tcp_transport free to ksmbd_conn_free,...