CVE-2022-50015

CVE-2022-50015 : In the Linux kernel ASoC: SOF Intel hda-ipc, there is a vulnerability where a firmware could send a reply before the FW_READY message. Since reply_data is allocated after FW_READY, this can cause a NULL pointer dereference. The issue was reported for IPC4 and the same condition e...

CVE-2022-50146

CVE-2022-50146 concerns the Linux kernel PCI-DWC stack. If dw_pcie_ep_init() initializes EPC memory and allocates MSI memory but fails to perform a subsequent action, the MSI region leak is not cleaned up, creating a memory leak. The fix, described in the commit log referenced by multiple advisor...

CVE-2023-20844

CVE-2023-20844 affects the imgsys_cmdq component in MediaTek devices. The issue is an out-of-bounds read caused by missing valid range checking, potentially enabling local information disclosure with system-execution privileges required. Exploitation requires user interaction. The vulnerability i...

CVE-2023-3022

The CVE-2023-3022 entry corresponds to a Linux kernel IPv6 module flaw where arg.result is inconsistently used in fib6_rule_lookup, being sometimes rt6_info and other times fib6_info. This mismatch is not accounted for where rt6_info is expected unconditionally, potentially causing a kernel panic...

CVE-2023-52577

CVE-2023-52577 pertains to the Linux kernel DCCP handling. The issue stems from an incorrect assumption about the DCCP header field dh->dccph_x (the 9th byte, offset 8) and related ICMP message sizing, which could affect processing of DCCP packets and ICMP responses. The description notes that...

CVE-2023-52678

CVE-2023-52678 involves the Linux kernel with a fix in the AMD expose path for KFD topology. The vulnerability was due to using list_first_entry on a list that could be empty; the corrected code now checks that the list is non-empty before access and returns -ENODATA when empty. This change mitig...

CVE-2023-52737

CVE-2023-52737: In the Linux kernel, when using Btrfs, fiemap could deadlock with an in-flight fsync due to not taking the inode lock (i_mutex) before fiemap operations. The root cause is that fiemap_fill_next_extent() could fault while accessing user space buffers, which creates a lock-order cyc...

CVE-2023-52755

CVE-2023-52755 affects the Linux kernel ksmbd path where a slab-out-of-bounds write could occur in smb_inherit_dacl() due to offsets exceeding the allocated size. The issue is fixed by adding checks to validate three offsets against the allocation size. Connected advisories (Astra Linux) repeat t...

CVE-2023-52808

Summary: CVE-2023-52808 affects the Linux kernel driver path for the Hisilicon SAS host bus adapter (hisi_sas). The root cause is that after a failed init path, debugfs_remove_recursive() is called but debugfs_dir is not set to NULL, causing a NULL pointer dereference during device removal. Impac...

CVE-2023-52836

CVE-2023-52836 concerns Linux kernel workqueue handling in the ww_mutex test. The connected advisories confirm the issue was a lifetime problem where the workqueue’s work_struct node lived inside the stress struct; the work_struct could be freed before the worker finished, causing premature flush...

CVE-2023-52844

CVE-2023-52844: Linux kernel vulnerability in media: vidtv psi where kstrdup() return value wasn't checked. The fix adds a check for kstrdup() and returns an error to avoid NULL pointer dereference. Affected kernel versions (Linux kernel series) have been updated with this patch; references point...

CVE-2023-52860

CVE-2023-52860 relates to the Linux kernel; the root issue occurs in the perf driver when tearing down a hisi_hns3 PMU, where CPU hotplug callbacks could run after the PMU is unregistered, leading to a NULL pointer dereference. The fix uses cpuhp_state_remove_instance_nocalls() instead of cpuhp_s...

CVE-2023-52861

In CVE-2023-52861, the Linux kernel DRM bridge it66121 had a NULL pointer dereference when no monitor is connected and the sound card is opened from userspace. The fix returns an empty EDID buffer (zeros) to the sound framework when no connector is attached, preventing the dereference and its pot...

CVE-2023-52871

CVE-2023-52871 relates to a Linux kernel flaw in soc: qcom: llcc where a second device could lead to data corruption because a failed probe might overwrite the global drv_data pointer. The fix is to validate drv_data before overwriting it. Public notices (NVD entry and Nessus advisories) reiterat...

CVE-2023-52899

CVE-2023-52899 – kernel vulnerability (Linux kernel) has concrete details in connected advisories: a missing protection in the AXI channel error handling path (axi_chan_handle_err) for the vd signal can lead to a NULL pointer dereference and kernel panic. The issue is described as “Add exception ...

CVE-2023-52940

CVE-2023-52940 affects the Linux kernel; it concerns the multi-gen LRU code during cgroup migration. The issue arises in lru_gen_migrate_mm(), which assumes lru_gen_add_mm() runs before it, but in a specific cross-CPU sequence (clone, cgroup_fork, cgroup_procs_write, cgroup_post_fork, task_lock, ...

CVE-2023-53091

CVE-2023-53091 is an ext4 kernel issue fixed in EulerOS kernel advisories. When mounting a crafted ext4 image, s_journal_inum may change after journal replay, which could bypass checks in ext4_get_journal and trigger a null pointer dereference. The patch resolves this by ignoring the inum change ...

CVE-2023-53131

CVE-2023-53131 refers to a Linux kernel issue in SUNRPC: a server shutdown leak caused by a race where kthread_stop() may prevent threadfn from running, leaving svc_rqst cleanup incomplete. The connected Nessus/OpenVAS entries for Unity Linux and EulerOS acknowledge the same description block and...

CVE-2024-26652

CVE-2024-26652: Linux kernel net/pds_core fixes a possible double free in the error path when auxiliary_device_add() fails and later calls auxiliary_device_uninit(); the callback pdsc_auxbus_dev_release calls kfree(padev) and the patch removes the redundant kfree and moves error handling back to ...

CVE-2024-26709

CVE-2024-26709 (Linux kernel, PowerPC). A refcount leak in spapr_tce_platform_iommu_attach_dev() occurs because iommu_group_put() is not called when the domain is already set, leading to a leak and a BUG_ON() during DLPAR remove on POWER10/pSeries platforms. The connected patch adds the missing i...

CVE-2024-26768

CVE-2024-26768 affects the Linux kernel LoongArch path: the patch changes the ACPI core PIC array from [NR_CPUS] to [MAX_CORE_PIC] to match the MADT max physical CPUs. With NR_CPUS defaulting to 64, platforms with more than 64 CPUs could overflow acpi_core_pic when parsing MADT, risking a boot cr...

CVE-2024-35986

CVE-2024-35986 affects Linux kernel code for TI/TUSB1210 charger-detect. Unregistering a power_supply while a reference remains can trigger a WARN in power_supply_unregister and leave a dangling pointer, causing a crash on tusb1210_get_online() next use. The fix limits the power_supply reference ...

CVE-2024-35993

CVE-2024-35993: Linux kernel vulnerability in mm: folio_test_hugetlb can be fooled by concurrent folio splitting, potentially returning a folio that never belonged to hugetlbfs. The fix converts folio_test_hugetlb to a PageType and relies on page_mapcount() ignoring the PageType field for hugetlb...

CVE-2024-35994

CVE-2024-35994 (Linux kernel, qcom uefisecapp): The vulnerability stems from memory handling in QSEECOM app calls where APP_SEND buffers for request and response were treated as separate regions. The root cause was two consecutive kzalloc() allocations that could yield adjacent memory, causing un...

CVE-2024-40917

CVE-2024-40917 affects the Linux kernel memory management (memblock) related to NUMA/node handling. The issue stems from memblock_validate_numa_coverage() allowing a NUMA_NO_NODE condition and memblock_alloc_range_nid() warning about MAX_NUMNODES, leading to a NULL dereference in memmap_init() wh...

CVE-2024-42149

CVE-2024-42149 affects the Linux kernel and pertains to the block device thaw/mount handling. The issue occurs when a block device is frozen before a filesystem has claimed it, leading to a window where a concurrent mount may observe an elevated bd_fsfreeze_count and abort mounting, while a later...

CVE-2024-45030

The CVE affects the Linux kernel igb NIC driver: when MAX_SKB_FRAG grows large (e.g., 45), payloads can be corrupted on TX because the driver does not correctly account for shared info size while choosing the ring layout and may fit two packets in a single 4K page. Root cause: underestimation of ...

CVE-2024-46701

CVE-2024-46701 affects the Linux kernel, where libfs offset-dir reads could loop infinitely during concurrent readdir/rename operations after switching tmpfs dir operations to simple_offset_dir_operations. The issue arose because each rename could insert a new dentry into dest dir’s maple tree wi...

CVE-2024-49956

CVE-2024-49956 pertains to the Linux kernel GFS2 subsystem. The issue is a double destroy_workqueue call: when gfs2_fill_super() fails, gfs2_gl_hash_clear() calls destroy_workqueue(), and the code path may call destroy_workqueue() again on the same workqueue. The root cause is that the workqueue ...

CVE-2024-49984

CVE-2024-49984 : In the Linux kernel DRM/V3D, there was an out-of-bounds access bug in the performance query extensions. The issue arises from copying IDs when validating the number of perfmon userspace inputs for the copy and reset extensions; the kernel did not adequately bound-check the destin...

CVE-2024-50122

CVE-2024-50122 is a Linux kernel vulnerability in the PCI subsystem (power control code) where a race between the power-control device rescanning and host controller probe can leave two incomplete devices and trigger a crash when removing the device via sysfs. The root cause is not fully detailed...

CVE-2024-50123

CVE-2024-50123 affects the Linux kernel sockmap/BPF code. The root cause is a missing BPF_LINK_TYPE invocation for the sockmap link, which caused an out-of-bounds read in bpf_link_show_fdinfo() for the sockmap link fd. The patch fixes the issue by adding the missing BPF_LINK_TYPE invocation and u...

CVE-2024-50254

CVE-2024-50254 : In the Linux kernel, the bpf_iter_bits_destroy() path incorrectly used kit->nr_bits bit = kit->nr_bits on completion, uses !nr_bits || bits >= nr_bits to determine completion, and keeps nr_bits > 64 to indicate dynamic allocation. It also changes kit->nr_bits from ...

CVE-2024-51729

Technical details for CVE-2024-51729 are not provided in the connected documents. The supplied items reference a kernel fix at a high level but do not enumerate affected products/versions beyond generic kernel context; monitor for updates.

CVE-2024-56559

CVE-2024-56559 : Linux kernel vulnerability in vmalloc/KASAN shadow VA handling where the TLB flush of multiple uses was not consolidated, causing a soft lockup on a 256-core machine during drain_vmap_area_work and Kasan vmap allocations. The issue is resolved by combining all TLB flush operation...

CVE-2025-21990

This CVE affects the Linux kernel DRM/AMDGPU path. The vulnerability arises when determining GFX12 page table entry (PTE) flags for BOs (backing stores). Specifically, PRT BOs may have no backing store, making bo->tbo.resource NULL. If this NULL is dereferenced, it can lead to a crash or other...

CVE-2025-22052

The CVE-2025-22052 issue affects the Linux kernel (staging gpib driver, ni_usb). It causes a NULL dereference Oops after a USB dongle disconnect because bus_interface is set to NULL; previously NULL checks existed only in select paths. The fix adds a NULL check for bus_interface across all interf...

CVE-2025-22084

CVE-2025-22084 : In the Linux kernel, a NULL pointer dereference can occur in the serdev path due to a race: w1_uart_probe() calls w1_uart_serdev_open() (which includes devm_serdev_device_open()) before configuring client ops with serdev_device_set_client_ops(), causing serdev->ops to be unini...

CVE-2025-37774

CVE-2025-37774 relates to the Linux kernel slab allocator where slab->obj_exts was not zeroed on newly allocated slabs. The fix initializes slab->obj_exts during slab page allocation to prevent invalid dereferences of slab->obj_exts bits, which could lead to a local memory corruption/NUL...

CVE-2025-37807

CVE-2025-37807 is a Linux kernel issue in the BPF percpu hashmap path where a percpu pointer is stored at an 8-byte aligned location only if the key_size rounds up to 8; otherwise a 4-byte aligned location is used, causing kmemleak to miss the pointer and report a leak. The root cause is an align...

CVE-2025-37822

CVE-2025-37822 resolves a Linux kernel issue in the RISC‑V uprobes path. The root cause was a missing fence.i after constructing the XOL (execute out-of-line) buffer used to single-step replaced instructions, which could lead to execution of stale/broken instructions. The vulnerability was observ...

CVE-2025-37855

The CVE-2025-37855 entry concerns the Linux kernel drm/amd/display component, where a null pointer dereference could occur when dc->res_pool is NULL. The fix implemented guards against this by checking the pointer before dereferencing it. The vulnerability is described as a local issue with a ...

CVE-2025-37869

CVE-2025-37869 : Linux kernel fix for drm/xe: Use local fence in error path of xe_migrate_clear. The error path previously waited on m->fence (potential UAF) and was only stable under the job mutex. The patch changes to wait on the local fence to prevent the use-after-free. (Cherry-picked from...

CVE-2025-37916

CVE-2025-37916 concerns the Linux kernel pds_core component. The issue is a use-after-free caused by a write-after-free of client_id in pdsc_auxbus_dev_del during stress testing, leading to a KFENCE reported bug chain. The fix removes the offending write-after-free by eliminating the client_id cl...

CVE-2025-38040

CVE-2025-38040 affects the Linux kernel’s serial/mctrl_gpio path. The advisory reports a fix for a denial of service/privilege implications by splitting the disabling of modem lines (disable_ms) into two APIs: sync and no_sync, addressing a sleeping function being called from an atomic context (d...

CVE-2025-38060

CVE-2025-38060 – Linux kernel (BPF verifier): The issue arises because copy_verifier_state() does not copy the .loop_entry field, allowing env->cur_state and env->stack to become inconsistent and potentially poison states. The fix requires copying loop_entry in copy_verifier_state() and ens...

CVE-2025-38087

The CVE-2025-38087 entry refers to a Linux kernel vulnerability in net/sched: taprio_dev_notifier, where a race with advance_sched could cause a use-after-free because taprio_dev_notifier() was not protected by an RCU read-side critical section. The issue is resolved by adding an rcu_read_lock() ...

CVE-2025-38211

CVE-2025-38211 concerns the Linux kernel’s RDMA/iwcm path. A use-after-free was introduced in the cm_id lifecycle when the cm_id_private work objects could still be in use by event-handler works during cm_id destruction, after resources were freed. The issue persisted despite prior fixes that flu...

CVE-2025-38342

CVE-2025-38342 affects the Linux kernel; it stems from an out-of-bounds check in software_node_get_reference_args(), which may cause OOB access when reading the @index-th element due to a length check that can’t be guaranteed. The fix replaces the check with ((index + 1) * sizeof(*ref) > prop-...

CVE-2025-38472

In CVE-2025-38472, the issue is in the Linux kernel nf_conntrack path (netfilter) where a race during removal of a conntrack entry can result in a crash when unlinking from the hash bucket list. The crash is linked to a partially initialised nf_conn struct and mis-handling of the conntrack entry’...