13804 matches found
CVE-2021-47228
CVE-2021-47228 affects the Linux kernel x86/ioremap code. The issue arises when EFI boot services memory is preserved with efi_mem_reserve() and marked EFI_MEMORY_RUNTIME; under SEV, such memory must be mapped encrypted, otherwise the kernel may crash during boot. The public docs indicate a fix t...
CVE-2021-47297
CVE-2021-47297 (Linux kernel) affects the net/caif/caif_socket.c path, specifically caif_seqpkt_sendmsg. The root cause is a KMSAN-uninit value in caif_seqpkt_sendmsg when nr_segs in iovec_from_user is zero, leading to uninit stack memory in msg->msg_iter.iov. The provided sources state that t...
CVE-2021-47365
The CVE-2021-47365 issue affects Linux kernel afs: a loop in afs_extend_writeback() could leak pages when expanding a writeback, due to removing the cleanup loop after switching from find_get_pages_contig() to xarray scanning. The fix adds an early-break handling that places the page on a referen...
CVE-2021-47394
CVE-2021-47394 is a Linux kernel vulnerability in the netfilter nf_tables path: unlinking a table before deleting it could allow a use-after-free. SYZKABAN reports a UAF in memcmp/nlattr/nft_table_lookup paths, with read-accesses occurring on lockless GETs after synchronize_rcu. The documented ro...
CVE-2021-47397
CVE-2021-47397 : In the Linux kernel, a null-pointer dereference could occur in SCTP processing (sctp_rcv_ootb) if skb_header_pointer is NULL and not checked before use. The issue stems from missing NULL checks in net/sctp/input.c:705, with call traces through sctp6_rcv and IPv6 delivery paths. M...
CVE-2021-47419
CVE-2021-47419 affects the Linux kernel (net/sched sch_taprio) where a timer is set before a packet is received. The vulnerability stems from not reliably canceling the timer if ops->reset() hasn’t been invoked, because taprio_destroy() must cancel the active timer from the qdisc_destroy path....
CVE-2021-47431
The CVE affects the Linux kernel DRM AMDGPU: gart.bo pin_count leak due to gmc_v{9,10}_0_gart_disable() not being paired with gart_enable in SR-IOV. A fix has been applied in the kernel; impact is pin_count leak on driver unload. Dereferenced details are taken from connected advisories (Unity Lin...
CVE-2021-47442
The CVE-2021-47442 issue affects the Linux kernel NFC digital path. The vulnerability arises because skb is allocated in digital_in_send_sdd_req() but is not freed when digital_in_send_cmd() fails, leading to a memory leak. The fix is to free skb if digital_in_send_cmd() returns a failure. Report...
CVE-2021-47462
CVE-2021-47462 affects the Linux kernel mempolicy/memory policy handling. The root cause was an invalid combination check for MPOL_MODE_FLAGS: MPOL_F_NUMA_BALANCING may only pair with MPOL_BIND, but the check existed only in do_set_mempolicy(). The patch moves this validation into sanitize_mpol_f...
CVE-2021-47477
CVE-2021-47477 is documented in connected advisories as a Linux kernel issue affecting comedi: dt9812. The root cause is DMA buffers being allocated on the stack for USB transfers; the fix allocates proper transfer buffers in the command helpers and returns an error on short transfers instead of ...
CVE-2021-47499
CVE-2021-47499 – Linux kernel, iio: accel: kxcjk-1013 : The issue was a memory leak in the probe path for iio_triggered_buffer_setup, caused when ACPI type is ACPI_SMO8500 and data->dready_trig was not set, preventing freeing of allocated memory. The root cause is the probe-path logic leaving ...
CVE-2021-47509
CVE-2021-47509 affects the Linux kernel ALSA: pcm: oss, where the period size could be exhaustively allocated due to an overly large 31-bit limit. The fix sets a practical period-size limit of 16 MB to prevent memory exhaustion from temporary OSS buffers. This remediation is reflected in multiple...
CVE-2021-47618
CVE-2021-47618 affects the Linux kernel on ARM (ARM32) where, when kasan and kprobe are enabled, the kprobe-emulated load (emulate_ldr) can panic due to a destroyed register binding relationship during instruction emulation. The issue is tied to the kprobe emulate instruction path distributed in ...
CVE-2021-47647
CVE-2021-47647 relates to the Linux kernel on Qualcomm IPQ8074 PCIe clock driver. The root cause is a missing clock parent setup in pcie0_rchng_clk_src: there were two declared parents but only one was actually provided via parent_hws, and the fix introduces the use of clk_parent_data to supply t...
CVE-2021-47651
Summary : CVE-2021-47651 involves the Linux kernel driver path soc: qcom: rpmpd, where data->domains could be NULL if an allocation fails. The vulnerability stems from not validating a possible NULL return from devm_kcalloc, risking a NULL pointer dereference later. The public description indi...
CVE-2022-48635
CVE-2022-48635 : In the Linux kernel, the dax_iomap_rw() path can enter an infinite loop when a tail read is issued with count=0 (as with tail reading via read()), causing a persistent WARNING from iomap_iter. The vulnerability is fixed by adding an explicit check for a 0 count in dax_iomap_rw(),...
CVE-2022-48653
CVE-2022-48653 relates to the Linux kernel ice driver. The vulnerability arises from a double unplug of aux devices in the IDC callback (triggered when aux drivers request a reset and again in ice_prepare_for_reset), causing a scheduling while atomic BUG. The effect is a kernel panic/BUG rather t...
CVE-2022-48673
CVE-2022-48673 affects the Linux kernel net/smc implementation. Root cause: after modifying a QP to Error, the code completes RX work with IB_WC_WR_FLUSH_ERR but destroys the QP and frees the link group without waiting for the tasklet to finish, risking access to freed memory in tasklet context. ...
CVE-2022-48692
CVE-2022-48692 concerns a Linux kernel issue where RDMA/srp code could dereference a NULL scmnd pointer. The vulnerability arises from not guarding scmnd->result when scmnd is NULL, leading to a kernel NULL pointer dereference that was repro'd by blktests srp/007. The connected Astra Linux bul...
CVE-2022-48766
CVE-2022-48766 relates to the Linux kernel, specifically the DRM/AMD display path. The vulnerability is resolved by wrapping dcn301_calculate_wm_and_dlg for FPU, mirroring the dcn30 logic. Without this fix, the kernel may emit a flood of WARNs and can experience kernel panics. The description not...
CVE-2022-48823
CVE-2022-48823 affects the Linux kernel SCSI qedf driver. The issue is a refcount bug triggered when a LOGO is received during a TMF, which can cause an I/O to hang in the qedf driver. The provided connected advisories confirm the root cause (refcount during TMF/LOGO) and note that a fix was impl...
CVE-2022-48838
CVE-2022-48838 affects the Linux kernel USB gadget subsystem. The issue is a use-after-free in dev_uevent triggered by a race between the gadget core and the driver core: dev_uevent reads dev->driver->name while gadget core can set udc->dev.driver to NULL, leading to a potential derefere...
CVE-2022-48846
CVE-2022-48846 affects the Linux kernel block layer. The root cause was a memory leak in rq QoS structures added by blkcg_init_queue() when a request queue could lack a disk (e.g., unpresent SCSI LUNs or NVMe admin queue) after a patch moved rq_qos_exit() into del_gendisk(). The fix restores prop...
CVE-2022-48850
CVE-2022-48850 concerns the Linux kernel vulnerability in net-sysfs, where speed_show could panic when a netdevice is in the process of being shut down or already removed. The root cause described is a missing check for the netdevice’s presence, which could lead to a NULL pointer dereference in d...
CVE-2022-48857
CVE-2022-48857 affects the Linux kernel NFC port100 driver (drivers/nfc/port100.c). The vulnerability is a use-after-free in port100_send_complete caused by freed devm memory on probe failure due to missing usb_kill_urb() calls on the error path. Impact is described as use-after-free; remediation...
CVE-2022-49073
Summary (CVE-2022-49073): In the Linux kernel, the sata_dwc_460ex/PCIe SATA controller driver had an OOB write crash due to incorrect use of libata tag values. The patch increases ATA_TAG_INTERNAL to 32 and fixes SATA_DWC_QCMD_MAX to account for that, setting it to ATA_MAX_QUEUE + 1 to avoid out-...
CVE-2022-49095
CVE-2022-49095 : In the Linux kernel, the zorro7xx SCSI driver had a resource leak in zorro7xx_remove_one() where an allocated resource was not freed in the remove path. Some error paths required undoing an ioremap(). A missing iounmap() call was added in the remove function to fix the leak. Vers...
CVE-2022-49132
CVE-2022-49132 : Linux kernel vulnerability in ath11k PCI suspend handling where board file not found could crash the system. Connected documents confirm the issue arises because board file loading can occur after ath11k_pci_probe() returns and suspend handler remains active, causing a crash on s...
CVE-2022-49203
CVE-2022-49203 affects the Linux kernel DRM AMD display path. The issue occurs during GPU reset in the DC/DM bridge, where backing up and then clearing link encoder assignments can lead to a double free of a stream reference, potentially causing a NULL pointer dereference. The root cause is the t...
CVE-2022-49251
The CVE-2022-49251 entry refers to a Linux kernel vulnerability in ASoC: codecs: va-macro where accessing enums via integers could trigger array bounds access on aarch64 (where long is 8 bytes vs a 4-byte enum). The connected Astra/SUSE OSV entries reiterate the same vulnerability and indicate a ...
CVE-2022-49265
The CVE-2022-49265 issue affects the Linux kernel where removing a genpd with GENPD_FLAG_IRQ_SAFE could trigger a sleep-in-atomic bug because genpd_debug_remove() is called with a spinlock held. Affected context includes call paths like debugfs_lookup and genpd_remove, leading to a sleeping funct...
CVE-2022-49357
CVE-2022-49357 is a Linux kernel issue affecting Apple T2 Macs during early boot. The vulnerability arises when Linux reads UEFI Secure Boot variables (db and dbx) and imports certificates, triggering a page fault in Apple firmware that disables EFI runtime services. The consequence is EFI Runtim...
CVE-2022-49505
Mode C: The CVE-2022-49505 issue affects the Linux kernel NFC subsystem. The root cause is a UAF (use-after-free) of the rfkill object in the NFC device handling: during nfc_dev_up() and related operations, the rfkill state could be dereferenced if the device is removed via nfc_unregister_device(...
CVE-2022-49518
The CVE-2022-49518 entry maps to a Linux kernel issue in ASoC SOF ipc3-topology where sof_get_control_data() could perform out-of-bounds access if the payload is not bytes. The fix adjusts control counting and data storage: for non-bytes controls, store a pointer to the data and its size (instead...
CVE-2022-49522
CVE-2022-49522 concerns a Linux kernel MMC driver issue (mmc: jz4740) where DMA maps could exceed the DMA engine’s capabilities. The root cause is not a research-level flaw but an inadequate limit on the maximum segment size for DMA data transfers. The fix enforces DMA engine limits on the jz4740...
CVE-2022-49530
CVE-2022-49530 affects the Linux kernel DRM/AMD power management code. The vulnerability arises in si_parse_power_table() where allocations for adev->pm.dpm.ps and its elements can be followed by a second free in si_dpm_fini() if an allocation fails, causing a potential double-free of adev->...
CVE-2022-49570
CVE-2022-49570 affecting the Linux kernel gpio-xilinx driver. The issue is an integer overflow/overflow-prone data type that prevents configuring more than 32 pins; the fix casts to unsigned long to handle larger pin counts. Public references point to kernel stable tree patches (e.g., git.kernel....
CVE-2022-49678
The CVE-2022-49678 entry concerns the Linux kernel, specifically the BCM/BRCM STB PM integration (soc: bcm: brcmstb: pm: pm-arm). The root cause is a refcount leak: of_find_matching_node() returns a node pointer with an incremented refcount and was not released with of_node_put() when no longer n...
CVE-2022-49719
CVE-2022-49719 affects the Linux kernel realview GIC implementation. The root cause is a refcount leak in realview_gic_of_init caused by of_find_matching_node_and_match() returning a node pointer with an incremented refcount without a corresponding of_node_put() when it is no longer needed. The f...
CVE-2022-49773
CVE-2022-49773 affects the Linux kernel (drm/amd/display for DCN314). Root cause: optc2_configure_crc() wraps optc1_configure_crc() plus extra registers not applicable to dcN314, which can trigger a warning trace. Mitigation/Fix: use optc1_configure_crc() directly. References note patches in kern...
CVE-2022-49870
In CVE-2022-49870, the Linux kernel fixes undefined behavior in the CAP_TO_MASK bit-shift operation. The issue arises when shifting a signed 32-bit value by 31 bits, triggering UBSAN warnings (shift-out-of-bounds) reported in security/commoncap.c. The vulnerability stems from shifting a value tha...
CVE-2022-49874
CVE-2022-49874 concerns the Linux kernel HID subsystem, specifically a memory-leak in the Hyper-V mousevsc_probe path. The vulnerability arises when hid_add_device() returns an error and the allocated hid_dev is not freed, potentially leaking memory. The referenced fix ensures hid_destroy_device(...
CVE-2022-49984
CVE-2022-49984 is a Linux kernel vulnerability in the HID Steam driver: the code dereferences a HID report pointer without validating it, enabling a local attacker with a malicious HID device to trigger a NULL pointer dereference in steam_recv/steam_send_report. The issue has been fixed in the ke...
CVE-2022-49986
CVE-2022-49986 : In the Linux kernel, the storvsc driver’s storvsc_error_wq was incorrectly marked as WQ_MEM_RECLAIM, risking deadlock while flushing disk events. The supplied advisories state that removing WQ_MEM_RECLAIM from storvsc_error_wq fixes the issue, preventing forward-progress requirem...
CVE-2022-50054
The CVE-2022-50054 entry concerns a Linux kernel vulnerability in the iavf driver: a NULL pointer dereference in iavf_get_link_ksettings when vf_res has been freed in iavf_init_get_resources. The issue arises after a regression that could allow netdev to call ethtool_ops while vf_res is gone, lea...
CVE-2022-50154
CVE-2022-50154 (Linux kernel limit): The issue is a refcount leak in the Mediatek Gen3 PCI IRQ domain initialization. Specifically, of_get_child_by_name() returns a node pointer with a bumped refcount; the fix is to call of_node_put() when the node is no longer needed. Affected area: PCI subsyste...
CVE-2022-50206
The CVE-2022-50206 issue affects the Linux kernel (ARM64) where emulation_proc_handler() concurrently updates table->data for proc_dointvec_minmax, allowing a NULL pointer dereference Oops. The fix is to keep table->data as &insn->current_mode and to retrieve the insn pointer with contai...
CVE-2022-50228
CVE-2022-50228 is a Linux kernel vulnerability affecting KVM on x86 with SVM. The issue occurs when userspace can inject an interrupt with GIF=0, which can trigger a kernel BUG (fatal crash) in arch/x86/kvm/svm/svm.c. The provided descriptions explicitly show a kernel BUG at svm_inject_irq and an...
CVE-2023-20848
The CVE-2023-20848 entry concerns an out-of-bounds read in imgsys_cmdq caused by missing valid range checking, enabling local escalation of privileges with user interaction required. Documented impact is high for confidentiality/integrity/availability, and a patch ID (ALPS07340433) is noted as th...
CVE-2023-52499
The CVE-2023-52499 entry documents a Linux kernel issue on powerpc/47x where a flaw in ret_from_syscall causes 47x syscall return crashes during boot. The root cause, as described, is a faulty branch back after an icache flush, due to commit 6f76a01173cc that removed the 1 label and caused mis-br...