CVE-2022-49399

CVE-2022-49399 affects the Linux kernel tty driver for the goldfish port. In goldfish_tty_probe(), the port created by tty_port_init() can leak resources if error paths don’t destroy it; in goldfish_tty_remove(), the port must also be destroyed. The fix is to call tty_port_destroy() to release th...

CVE-2022-49488

In CVE-2022-49488, the Linux kernel subsystem drm/msm/mdp5 is affected. The root cause is that mdp5_get_global_state could return the error -EDEADLK while acquiring the modeset lock, but mdp5_mixer_release did not propagate this error, risking a NULL dereference. The mitigation is a patch to have...

CVE-2022-49551

The CVE-2022-49551 issue in the Linux kernel relates to usb: isp1760, where a loop over HC_FIELD_MAX reads regmap fields causing a global out-of-bounds access. The dynamically sized arrays isp1760_hc_reg_fields[], isp1763_hc_reg_fields[], isp1763_hc_volatile_ranges[], and isp1763_dc_volatile_rang...

CVE-2022-49591

CVE-2022-49591 relates to the Linux kernel, specifically the DSA Microchip ksz_common path. The root cause is a refcount leak in ksz_switch_register(): the reference returned by of_get_child_by_name() is not released. The fix is to call of_node_put() on that reference (which has increased the ref...

CVE-2022-49754

CVE-2022-49754: Linux kernel Bluetooth mgmt_mesh_add() contains a buffer overflow risk in mgmt_util.c. Smatch indicates mesh_tx->param is 48 bytes while the destination can reach 50 bytes; caller rejects only when len > 50, creating a potential overflow window. Multiple connected sources co...

CVE-2022-49789

The CVE-2022-49789 entry documents a Linux kernel issue in the SCSI zfcp path: double free of an FSF request due to caching the FSF request ID in a signed 32-bit int, causing truncation and sign-extension when converting to 64-bit, leading to mismatches in the internal hash table and a stale poin...

CVE-2022-49832

Technical details about CVE-2022-49832 (pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map) are not publicly provided in the supplied connected documents. Monitor for updates.

CVE-2022-49892

CVE-2022-49892 — Linux kernel (ftrace): A use-after-free was fixed in dynamic ftrace_ops handling. KASAN reported use-after-free when two dynamic ftrace_ops with identical content were registered, and on unregistering the second op, FTRACE_UPDATE_CALLS and FTRACE_UPDATE_TRACE_FUNC could be skippe...

CVE-2022-49910

CVE-2022-49910 (Linux kernel) : A race between two Bluetooth L2CAP flows can cause a use-after-free in l2cap_rx_state_recv (kernel 5.19.8). Specifically, an SKB queued by l2cap_reassemble_sdu may be freed by bt_sock_recvmsg/sock path, while code still accesses l2cap_ctrl in the SKB CB after l2cap...

CVE-2022-49938

CVE-2022-49938 is a Linux kernel vulnerability in the CIFS SMB2_negotiation path. The issue is a small mempool leak in SMB2_negotiate() where, on certain dialect-mismatch failures, the code could exit without freeing the response buffer from mempool due to an incorrect -EIO handling. The fix tigh...

CVE-2022-49958

Summary: CVE-2022-49958 affects the Linux kernel net/sched subsystem. When an ethernet device with multiple queues fails to attach a qdisc to queue 0 due to memory exhaustion, the code may leave the original qdisc attached on other queues and fall back to noqueue, causing a reference leak if the ...

CVE-2022-50085

The CVE-2022-50085 issue is present in the Linux kernel’s dm-raid path and affects the raid_resume flow. A KASAN warning is triggered when lvmetad tests exercise mddev->raid_disks vs rs->raid_disks, causing an out-of-bounds access in the raid resume loop. The connected OpenVAS/Nessus entrie...

CVE-2022-50088

CVE-2022-50088 affects the Linux kernel’s damon_reclaim_init() path. The function allocates a ctx via damon_new_ctx(); if damon_select_ops() fails, the ctx is not released, causing a memory leak. The documented fix releases the ctx with damon_destroy_ctx() when damon_select_ops() fails. Connected...

CVE-2022-50135

Summary (CVE-2022-50135): In the Linux kernel, the RDMA/rxe path contains a bug where, during error handling in rxe_qp_from_init, the qp’s rcq and scq are set to NULL, but later in rxe_qp_do_cleanup they are dereferenced (qp->scq->num_wq and qp->rcq->num_wq). This results in a null-pt...

CVE-2022-50148

Consolidated details indicate CVE-2022-50148 is a Linux kernel issue affecting kernfs: __kernfs_remove may dereference NULL if lockdep is enabled, due to a dereference before checking kn (as noted in fs/kernfs/dir.c:1353). The vulnerability is mitigated by upstream fixes in kernel commits (e.g., ...

CVE-2022-50168

CVE-2022-50168 (Linux kernel) : A race/cleanup bug in BPF JIT on x86 allowed freeing of a not-finalized bpf_prog_pack, triggered when multiple subprogs are processed. The root cause was that jit_subprogs() could free subprograms before bpf_jit_binary_pack_finalize() had run for them, risking free...

CVE-2022-50181

CVE-2022-50181 affects the Linux kernel’s virtio-gpu driver. The vulnerability arises from a missing NULL check in virtio_gpu_cmd_get_capset(), where a NULL-ified cache_ent could be dereferenced (ptr = cache_ent->caps_cache). This results in a NULL pointer dereference. The issue has been resol...

CVE-2023-52682

CVE-2023-52682 is a Linux kernel vulnerability affecting the f2fs file system. The issue occurs when an inode is compressed but not encrypted, where the code misses calling f2fs_wait_on_block_writeback() to wait for GCed page writeback in the IPU write path, allowing out-of-order GC and IO to cau...

CVE-2023-52739

CVE-2023-52739 affects the Linux kernel; the issue is a race in the memory allocator where the PageHead check in __free_pages can be observed after the page reference is dropped, causing freeing of tail pages and potential page corruption or crashes. Root cause identified from the commit e320d301...

CVE-2023-52768

CVE-2023-52768 affects the Linux kernel, specifically the wifi wilc1000 path. The issue arises from a mismatch in allocation size for vmm_table (missing a sizeof(u32) factor), enabling a KASAN slab-out-of-bounds write in wilc_wlan_handle_txq when writing to vmm_table. The connected Astra Linux bu...

CVE-2023-52787

CVE-2023-52787: Linux kernel vulnerability in blk-mq handling of bio integrity. The issue could cause a kernel panic when queue usage counters aren’t properly held during bio_integrity_prep and bio merge. Fixes in updated kernels require calling bio_integrity_prep() with a reliably grabbed queue ...

CVE-2023-52826

CVE-2023-52826 : In the Linux kernel, a null pointer dereference in the DRM panel path was addressed. Specifically, in drm/panel/panel-tpo-tpg110, tpg110_get_modes() previously assigned the return value of drm_mode_duplicate() to mode and did not check for failure, risking an NP dereference on NU...

CVE-2023-52850

CVE-2023-52850 affects Linux kernel media: hantro: the i.MX8MM/N/P VPU reset is done by genpd, and the .reset op may be undefined. The fix removes the .reset op from i.MX8M hantro G2 implementation and adds a check for definition before calling .reset to avoid NULL pointer dereference. In public ...

CVE-2023-52866

CVE-2023-52866 affects Linux kernel HID uclogic code. A user-memory-access path occurs when hid_test_uclogic_params_cleanup_event_hooks() invokes uclogic_params_ugee_v2_init_event_hooks() with a NULL first argument, causing hid_get_drvdata() to access hdev->dev with hdev=NULL. The fix introduc...

CVE-2023-52894

CVE-2023-52894 affects the Linux kernel USB gadget f_ncm path, where a NULL cdev->gadget dereferences max_speed in ncm_bitrate() during SPEED_NOTIFY handling. The issue was observed on an aarch64 GKI 5.10.149-android13 crash (NULL pointer dereference at 0x5c) and is linked to ncm_do_notify() S...

CVE-2023-53019

CVE-2023-53019 concerns the Linux kernel: the net/mdio subsystem allowed an out-of-bounds access in mdiobus_get_phy() when an invalid addr is passed (e.g., -1 in stmmac_init_phy). The advisory notes that addr must be validated before use to prevent access to mdio_map. Impact is described as high,...

CVE-2023-53062

Summary (CVE-2023-53062) : Affects the Linux kernel in the usb SMSC95xx driver. The vulnerability arises when the packet length retrieved from a descriptor may exceed the actual skb length, allowing a cloned skb to leak kernel memory contents as it traverses the network stack. The issue is docume...

CVE-2023-53093

CVE-2023-53093 affects the Linux kernel tracing subsystem, where histogram values are not allowed to use certain modifiers. The root cause is that histogram code was not prepared to handle modifiers for histograms, leading to a NULL pointer dereference and kernel oops when printing histograms via...

CVE-2023-53106

CVE-2023-53106 is a Linux kernel use-after-free in the NFC st-nci driver (ndlc_remove) caused by a race between scheduled work (llt_ndlc_sm_work) and driver removal. The race may allow use-after-free of ndlc->ndev during ndlc_rcv_queue/nci_recv_frame, affecting both st_nci_i2c_remove and st_nc...

CVE-2024-1312

CVE-2024-1312 is a Linux kernel vulnerability: a use-after-free in the Memory Management subsystem caused by a race in mas_prev_slot can allow a local user to crash the system. The issue affects the kernel code path handling virtual memory areas, with exploitation described as a local privilege c...

CVE-2024-26658

Consolidated details from multiple connected sources confirm CVE-2024-26658 affects the bcachefs Linux kernel module and describes a deadlock risk during snapshot creation. The root cause is the unconditional acquisition of s_umount during subvolume snapshot operations, which can deadlock with ex...

CVE-2024-26683

Summary (CVE-2024-26683): In the Linux kernel’s wireless stack, a change intended to avoid connecting to an AP during a CSA channel switch inadvertently caused connection failures with some APs that permanently advertise an extended channel switch announcement (e.g., Asus RT-AC53 with firmware 3....

CVE-2024-26723

CVE-2024-26723 affects the lan966x portion of the Linux kernel. A crash occurs when adding an interface under a bond (lag) because some ports can be NULL pointers (not probed); the code iterates over ports and dereferences NULL. The fix is to check for NULL pointers before accessing port data. Th...

CVE-2024-26806

CVE-2024-26806 : In the Linux kernel, the cadence-qspi driver’s runtime PM hooks were calling spi_controller_suspend()/resume(), which was not expected and could cause a deadlock when the bus lock is held. The fix removes these calls from cadence-qspi, since cadence-qspi is not queued, and notes ...

CVE-2024-26841

Exposed CVE-2024-26841 affecting LoongArch Linux kernels: when disabling nonboot CPUs, cpu_sibling_map is not updated, risking negative jump-label counts on SMT systems. A fix defines and calls clear_cpu_sibling_map() to refresh the mapping, mitigating a potential kernel instability (jump_label w...

CVE-2024-26913

Mode C: The CVE-2024-26913 issue concerns the Linux kernel DRM/AMD display driver (dcn35 8k30) where odm calculation was missing for pipe-split policy, causing Underflow/Corruption. The fix adds the missing odm calculation. Public references in connected docs point to kernel commits addressing th...

CVE-2024-34777

CVE-2024-34777 affects the Linux kernel DMA mapping benchmark path. The issue occurs in the map_benchmark_ioctl() flow when validating node ids; node_possible() can receive an argument outside the valid [0, MAX_NUMNODES-1] range, enabling a KASAN wild-memory-access read in map_benchmark_ioctl (ke...

CVE-2024-35856

CVE-2024-35856 affects the Linux kernel Bluetooth btusb mediatek component. The root cause is a double-free of the skb buffer in the coredump path, where hci_devcd_append() frees the skb on error, potentially leading to a double-free if the caller also frees it. The issue is triggered locally and...

CVE-2024-35968

CVE-2024-35968 concerns the Linux kernel driver path in the pds_core module. The issue arises when fw_status == 0xff and the driver attempts a PCI reset via pci_reset_function() from the health thread, which can deadlock because pdsc_stop_health_thread() tries to stop/flush that thread. The publi...

CVE-2024-36888

CVE-2024-36888 : Linux kernel workqueue wake_cpu selection bug fixed by masking targeted CPU with cpu_online_mask via cpumask_any_and_distribute() to avoid arch_vcpu_is_preempted() on offline CPUs. Affected trace shows oops during multi-CPU bring-up when cpu_possible_mask=0-63 and cpu_online_mask...

CVE-2024-36892

The CVE-2024-36892 issue affects the Linux kernel SLUB allocator. The fix addresses a bug in single-object free: when init_on_free=1, the freepointer inside the freed object could be zeroed (or its handling was unsafe) and, under slub_debug=F and CONFIG_SLAB_FREELIST_HARDENED, do_slab_free() coul...

CVE-2024-38547

The CVE-2024-38547 issue is a concrete Linux kernel vulnerability affecting media: atomisp, ssh_css path load_video_binaries. The root cause is a null-pointer dereference: allocation failure of mycs->yuv_scaler_binary in load_video_binaries followed by dereferencing mycs->yuv_scaler_binary ...

CVE-2024-38571

CVE-2024-38571 affects the Linux kernel tsens (thermal/drivers/tsens). Root cause: compute_intercept_slope(priv, p1, NULL, ONE_PT_CALIB) is invoked from calibrate_8960() (tsens-8960.c), which can dereference a NULL pointer if DEBUG or DYNAMIC_DEBUG is set. The bug is fixed by adding a NULL pointe...

CVE-2024-38572

CVE-2024-38572 concerns the Linux kernel wifi driver ath12k. The issue is a missing terminator entry in ath12k_qmi_msg_handlers, which can trigger a global out-of-bounds read in qmi_invoke_handler via KASAN. A fix adds a dummy terminator entry to allow qmi_invoke_handler to traverse to the termin...

CVE-2024-38623

CVE-2024-38623 : The issue in the Linux kernel relates to the ntfs3 code using a fixed-size array, leading to a memcpy overflow in ntfs_set_label about uni->name (20 vs 256). The fix is to switch to a variable-length array (fs/ntfs3) to prevent the overflow. Connected Astra Linux advisories co...

CVE-2024-42128

Technical details about CVE-2024-42128 are not publicly provided in the supplied documents. Monitor for official advisories or vendor patches for affected products.

CVE-2024-43827

In CVE-2024-43827, the Linux kernel DRM AMD display path (drm/amd/display) was fixed by adding a null check before accessing internal structs in enable_phantom_plane. Root cause: missing null pointer validation. Impact, as per CVSS: local, low complexity, low privileges required; confidentiality/...

CVE-2024-44973

This CVE (CVE-2024-44973) concerns the Linux kernel SLUB allocator. The root cause is that freeing of kfence objects was moved out of do_slab_free but missed a spot in __kmem_cache_free_bulk, leading to a crash chain involving skbuff_head_cache and slab_err (mm/slub.c). The impact described is a ...

CVE-2024-45027

The CVE-2024-45027 issue affects the Linux kernel XHCI driver: if xhci_mem_init() fails after max_interrupters is set but before interrupters are allocated, xhci_mem_cleanup() can unconditionally dereference xhci->interrupters. The documented fix gates the interrupt freeing loop with a NULL ch...

CVE-2024-50212

The CVE-2024-50212 vulnerability in the Linux kernel concerns the lib/alloc_tag_module_unload path, where nf_nat module unload may trigger a warning because kfree_rcu operations are still pending when unload checks run. The issue arises from nf_nat’s module exit calling kfree_rcu on addresses tha...