14409 matches found
CVE-2022-48652
In CVE-2022-48652, the Linux kernel ICE driver fixes a crash when TC/channels are updated beyond allocated queues. The issue occurred when less queues were configured than TCs and later more TCs were added (e.g., via LLDP), leaving dirty num_txq/rxq and tc_cfg in the VSI and risking invalid point...
CVE-2022-48910
The CVE-2022-48910 case concerns the Linux kernel IPv6 addrconf path: when NETDEV_DOWN is triggered for reasons other than actual interface down, repeated calls can leak one ifmcaddr6 per multicast group by leaking idev->mc_tomb. The fix is to ensure ipv6_mc_down() runs at most once per state ...
CVE-2022-49667
The CVE-2022-49667 issue is a Linux kernel net bonding use-after-free bug triggered by 802.3ad slave unbind. The flaw occurs when bond_3ad_unbind_slave clears an aggregator while there are still ports referencing freed memory, due to ad_clear_agg being invoked even when the port count in a group ...
CVE-2022-50085
The CVE-2022-50085 issue is present in the Linux kernel’s dm-raid path and affects the raid_resume flow. A KASAN warning is triggered when lvmetad tests exercise mddev->raid_disks vs rs->raid_disks, causing an out-of-bounds access in the raid resume loop. The connected OpenVAS/Nessus entrie...
CVE-2013-7268
The CVE-2013-7268 vulnerability affects the Linux kernel up to version 3.12.3, where ipx_recvmsg in net/ipx/af_ipx.c writes a length value without confirming the associated data structure is initialized. This can allow local attackers to read kernel memory via recvfrom/recvmmsg/recvmsg. The issue...
CVE-2014-2673
CVE-2014-2673 : Linux kernel TM implementation on PowerPC has a flaw in arch_dup_task_struct interacting with clone/fork. In kernels before 3.13.7, this can allow a local user to trigger a denial of service (Program Check and system crash) by executing instructions while the processor is in Trans...
CVE-2016-10150
CVE-2016-10150 is a use-after-free in kvm_ioctl_create_device (virt/kvm/kvm_main.c) of the Linux kernel before 4.8.13, allowing a local host user to crash the host or possibly gain privileges via crafted ioctl calls on /dev/kvm. The fix is provided in kernel version 4.8.13 and later; remediation ...
CVE-2016-5340
CVE-2016-5340 is tied to a vulnerability in the KGSL Linux Graphics Module exposed by a QuIC Android patch for Linux kernel 3.x. The issue arises from the function is_ashmem_file in drivers/staging/android/ashmem.c, where pointer validation is mishandled. This design flaw can allow an attacker to...
CVE-2021-47122
CVE-2021-47122 refers to a Linux kernel issue in the CAIF stack where, on caif_enroll_dev() failure, the allocated link_support was not assigned to the target structure, leading to a memory leak in caif_device_notify. The fix adds a safe deallocation path to free the allocated pointer when an err...
CVE-2021-47123
CVE-2021-47123 concerns a Linux kernel use-after-free risk caused by an io_uring timeout path: a double free can occur if a linked timeout is not removed from the master request link list, potentially leading to use-after-free scenarios. The description states the fix is to always remove linked t...
CVE-2021-47205
CVE-2021-47205 affects the Linux kernel clk: sunxi-ng component (CCU clocks/resets). The root cause is that during unbinding of a CCU driver, the device MMIO region is unmapped while clocks/resets and their providers remain registered, which can lead to page faults when clock operations access MM...
CVE-2021-47252
CVE-2021-47252 affects the Linux kernel batman-adv subsystem. The soft/batadv interface for a queued OGM could be modified between queuing and transmission, with WARN_ON used for kernel bugs rather than warnings. The vulnerability’s description and fixes are documented in connected advisories; th...
CVE-2021-47253
CVE-2021-47253 affects the Linux kernel’s DRM/AMD display path, where DMUB hw_init could leak memory on suspend/resume due to kzalloc allocation without guard. The fix ensures the DC wrapper memory is only allocated if it was not previously allocated, avoiding reallocation on suspend/resume. Docu...
CVE-2021-47314
CVE-2021-47314 refers to a Linux kernel issue in the fsl_ifc memory handling: on probe failure the driver could leak private memory. The connected Astra/OpenVAS/Nessus advisories reproduce that the fix was to switch to resource-managed allocation to free memory when probe errors occur, mitigating...
CVE-2021-47355
CVE-2021-47355 relates to the Linux kernel ATM nicstar driver. The issue is a use-after-free in nicstar_cleanup() caused by removing a timer with del_timer() instead of del_timer_sync(), which may allow the timer handler to still run after the device removal. The fix ensures the timer finishes an...
CVE-2021-47409
CVE-2021-47409 concerns a Linux kernel vulnerability in the USB: dwc2 subsystem where a NULL return from platform_get_resource() could lead to a NULL pointer dereference. The issue is triggered when the return value is not checked, as described in the CVE entry and echoed in connected advisories ...
CVE-2021-47423
CVE-2021-47423 is about the Linux kernel component drm/nouveau/debugfs. The root cause is a memory leak where, when using single_open() for opening, single_release() is not invoked, causing the 'op' allocated in single_open() to leak. The connected documents indicate this fix has been applied in ...
CVE-2021-47477
CVE-2021-47477 is documented in connected advisories as a Linux kernel issue affecting comedi: dt9812. The root cause is DMA buffers being allocated on the stack for USB transfers; the fix allocates proper transfer buffers in the command helpers and returns an error on short transfers instead of ...
CVE-2021-47499
CVE-2021-47499 – Linux kernel, iio: accel: kxcjk-1013 : The issue was a memory leak in the probe path for iio_triggered_buffer_setup, caused when ACPI type is ACPI_SMO8500 and data->dready_trig was not set, preventing freeing of allocated memory. The root cause is the probe-path logic leaving ...
CVE-2021-47504
CVE-2021-47504 affects the Linux kernel io_uring cancel path. If a canceled work item also requires task_work processing, the item could sleep uninterruptibly in io_uring_cancel_generic() and never complete, blocking forward progress. The fix is within io_uring handling to ensure task_work runs d...
CVE-2021-47537
CVE-2021-47537 affects the Linux kernel in the octeontx2-af component, where in rvu_mbox_init() the mbox_regions pointer could be leaked on the switch-default path. The bug was a memory leak due to not freeing or returning the regions, and it is fixed by replacing a plain return err with a goto f...
CVE-2021-47542
CVE-2021-47542 affects the Linux kernel’s qlcnic logic for certain 83xx devices. In function qlcnic_83xx_add_rings() , the indirect call through ahw->hw_ops->alloc_mbx_args() can return NULL on allocation failure, and the code could dereference this NULL pointer. The patch adds a guard to v...
CVE-2021-47651
Summary : CVE-2021-47651 involves the Linux kernel driver path soc: qcom: rpmpd, where data->domains could be NULL if an allocation fails. The vulnerability stems from not validating a possible NULL return from devm_kcalloc, risking a NULL pointer dereference later. The public description indi...
CVE-2022-48658
CVE-2022-48658 affects the Linux kernel:mm/slub: flush_cpu_slab()/__free_slab() invocations were moved out of IRQ context into a global workqueue. When flush_all_cpu_locked() runs from task context, a WQ_MEM_RECLAIM-enabled workqueue may flush the global workqueue, causing a dependency issue duri...
CVE-2022-48761
CVE-2022-48761 affects the Linux kernel USB xhci-plat code. The issue occurs on platforms like i.MX8QM during suspend with remote wake enabled, where xhci_suspend disables the hub wake and then accesses registers after the device clock is gated by run-time suspend. The underlying root cause was t...
CVE-2022-48846
CVE-2022-48846 affects the Linux kernel block layer. The root cause was a memory leak in rq QoS structures added by blkcg_init_queue() when a request queue could lack a disk (e.g., unpresent SCSI LUNs or NVMe admin queue) after a patch moved rq_qos_exit() into del_gendisk(). The fix restores prop...
CVE-2022-48850
CVE-2022-48850 concerns the Linux kernel vulnerability in net-sysfs, where speed_show could panic when a netdevice is in the process of being shut down or already removed. The root cause described is a missing check for the netdevice’s presence, which could lead to a NULL pointer dereference in d...
CVE-2022-48865
CVE-2022-48865 affects the Linux kernel TIPc bearer path; root cause is a race where monitoring data is not yet allocated when a bearer is enabled, leading to a NULL pointer dereference (mon->dom_gen) during tipc_mon_prep(). The issue was fixed by allocating the monitoring data before enabling...
CVE-2022-48950
CVE-2022-48950 affects the Linux kernel: perf_pending_task() UaF could run after the event is freed. The root cause involves two situations: (1) task_work already queued before destroying the event; (2) destroying the event queues task_work. The documented fix is to extend the perf_event lifetime...
CVE-2022-49073
Summary (CVE-2022-49073): In the Linux kernel, the sata_dwc_460ex/PCIe SATA controller driver had an OOB write crash due to incorrect use of libata tag values. The patch increases ATA_TAG_INTERNAL to 32 and fixes SATA_DWC_QCMD_MAX to account for that, setting it to ATA_MAX_QUEUE + 1 to avoid out-...
CVE-2022-49092
CVE-2022-49092 concerns a Linux kernel net/ipv4 routing issue where deleting a route that points to a nexthop ID (without nhid) triggers a warning in fib_nh_match when a nexthop object is present. The root cause is a match operation on a fib_info with a nexthop object; the fix is to skip such mat...
CVE-2022-49095
CVE-2022-49095 : In the Linux kernel, the zorro7xx SCSI driver had a resource leak in zorro7xx_remove_one() where an allocated resource was not freed in the remove path. Some error paths required undoing an ioremap(). A missing iounmap() call was added in the remove function to fix the leak. Vers...
CVE-2022-49157
CVE-2022-49157 affects the Linux kernel scsi/qla2xxx driver. After a recoverable PCI error is detected and recovered, the qla2xxx driver may perform premature hardware access if the error condition persists or resume signaling is not yet received. The description and logs show a PCI disconnect an...
CVE-2022-49243
CVE-2022-49243 is a Linux kernel vulnerability affecting ASoC: atmel via the at91sam9g20ek_audio_probe path. The issue is a refcount mismatch: of_parse_phandle() returns a node pointer with a refcount that is incremented in the probe function, but a missing of_node_put() caused a leak. A fix was ...
CVE-2022-49359
CVE-2022-49359 : In Linux kernel’s DRM Panfrost handling, a use-after-free occurs when a panfrost_priv is freed but a job structure continues to reference it to obtain the MMU context. The fix drops the panfrost_priv reference from the job and adds a direct reference to the MMU structure that is ...
CVE-2022-49431
CVE-2022-49431 concerns the Linux kernel powerpc iommu: a missing of_node_put in iommu_init_early_dart leads to a refcount leak for the device_node returned by of_find_compatible_node. The issue is local in scope (AV:L, AC:L, PR:L, UI:N) with a high impact on availability and a moderate base scor...
CVE-2022-49570
CVE-2022-49570 affecting the Linux kernel gpio-xilinx driver. The issue is an integer overflow/overflow-prone data type that prevents configuring more than 32 pins; the fix casts to unsigned long to handle larger pin counts. Public references point to kernel stable tree patches (e.g., git.kernel....
CVE-2022-49694
The CVE-2022-49694 vulnerability affects the Linux kernel in the block I/O subsystem, where the elevator is disabled in del_gendisk. The root cause is a use-after-free risk on q->tag_set because the elevator disabling and scheduler tag freeing were performed in disk_release/blk_cleanup_queue t...
CVE-2022-49875
CVE-2022-49875: In the Linux kernel, bpftool can cause a NULL pointer dereference when pinning BPFFS objects (PROG, MAP, LINK) without a FILE, leading to a local segmentation fault. The root cause is strlen being invoked on a NULL name during mount_bpffs_for_pin. The mitigation provided in the so...
CVE-2022-49915
The CVE-2022-49915 issue affects the Linux kernel mISDN path and is caused by a memory leak in mISDN_register_device due to how device names were allocated. After the commit 1fa5ae857bb1 (driver core: get rid of struct device's bus_id string array), the device name is allocated dynamically and fr...
CVE-2022-49964
CVE-2022-49964 affects the Linux kernel arm64 cacheinfo path. The root cause was assigning a signed error value (-ENOENT) returned by acpi_find_last_cache_level() to an unsigned fw_level, causing the number of cache leaves to become an enormous value and triggering a warning in __alloc_pages. The...
CVE-2022-50046
In CVE-2022-50046, the Linux kernel fixes a memory-leak and potential NULL-dereference in net/sunrpc rpc_sysfs_xprt_state_change(): on error paths, xprt may fail to decrement the reference count of xps and may use an invalid xps. The issue arises because the function does not always handle errors...
CVE-2022-50073
CVE-2022-50073 affects the Linux kernel TAP path. Root cause: in dev_parse_header_protocol the code dereferences skb->dev which can be NULL when the tap driver calls virtio_net_hdr_to_skb, causing a NULL pointer dereference. The issue is triggered in tap_get_user/tap_sendmsg paths and can cras...
CVE-2022-50177
CVE-2022-50177 concerns the Linux kernel where rcutorture ksoftirqd boosting timing/iteration could fail, causing RCU priority boosting to break under certain CPU configurations. The documented root causes are: (1) when the total CPUs exceed booted online CPUs, leading to boosting not applying to...
CVE-2022-50228
CVE-2022-50228 is a Linux kernel vulnerability affecting KVM on x86 with SVM. The issue occurs when userspace can inject an interrupt with GIF=0, which can trigger a kernel BUG (fatal crash) in arch/x86/kvm/svm/svm.c. The provided descriptions explicitly show a kernel BUG at svm_inject_irq and an...
CVE-2023-52506
CVE-2023-52506 affects the Linux kernel on LoongArch. Root cause: early memblock_reserve() during memblock_init sets node id to MAX_NUMNODES, causing NODE_DATA(nid) NULL dereferences in reserve_bootmem_region() and chain calls, triggering a kernel panic on boot when DEFERRED_STRUCT_PAGE_INIT is e...
CVE-2023-52573
In the Linux kernel, CVE-2023-52573 is a NULL-pointer dereference in the RDS path. Specifically, rds_rdma_cm_event_handler_cmn() now checks conn before dereferencing it as an rdma_set_service_type() argument. This fixes a possible NULL-pointer dereference. Connected advisories also reiterate the ...
CVE-2023-52673
CVE-2023-52673 — Linux kernel (drm/amd/display): A debugfs-related NULL pointer error was fixed in the AMD display code. The root cause was calling the get_subvp_en() callback without verifying its existence. The fix adds a check for the callback before invocation, preventing potential NULL deref...
CVE-2023-52808
Summary: CVE-2023-52808 affects the Linux kernel driver path for the Hisilicon SAS host bus adapter (hisi_sas). The root cause is that after a failed init path, debugfs_remove_recursive() is called but debugfs_dir is not set to NULL, causing a NULL pointer dereference during device removal. Impac...
CVE-2023-52899
CVE-2023-52899 – kernel vulnerability (Linux kernel) has concrete details in connected advisories: a missing protection in the AXI channel error handling path (axi_chan_handle_err) for the vd signal can lead to a NULL pointer dereference and kernel panic. The issue is described as “Add exception ...