CVE-2021-47610

CVE-2021-47610: In the Linux kernel, a NULL pointer dereference in the DRM MSM GEM submit path (msm_ioctl_gem_submit) could trigger a kernel panic (Oops) and crash the system. The vulnerability arises from dereferencing a NULL in msm_ioctl_gem_submit, leading to a trace via kref_put and drm ioctl...

CVE-2022-48648

Technical details (affected software, versions, root cause, impact, and fixes) for CVE-2022-48648 are not provided in the supplied documents. Monitor vendor advisories and CVE entries for updates.

CVE-2022-48668

CVE-2022-48668 relates to the Linux kernel SMB3 implementation. The issue was that collapse range did not discard the affected cached region, risking temporary data corruption of the file during operations (as observed in xfstest generic/031). The fix stabilizes collapse range behavior and also i...

CVE-2022-48691

CVE-2022-48691 is a Linux kernel vulnerability affecting nf_tables offload hook handling. The issue arises from clean up of the hook list when offload flag checks fail, enabling a memory leak of an unreferenced object and preventing nft_chain_release_hook() from freeing hooks. The connected Nessu...

CVE-2022-48752

CVE-2022-48752 affects the Linux kernel on PowerPC power_pmu_disable handling. The fix (commit 2c9ac51b850d) calls clear_pmi_irq_pending only if PMI is pending to avoid clearing PMI when an overflown PMC is detected, addressing a PMI/PMC race in power_pmu_disable triggered under CONFIG_PPC_IRQ_SO...

CVE-2022-48763

CVE-2022-48763 relates to the Linux kernel KVM/x86 nested virtualization when SMM state is toggled. The issue occurs if userspace forces a vCPU out of SMM during post-VMXON and injects an SMI, causing vmx_enter_smm() to overwrite vmx->nested.smm.vmxon and leave vmxon and smm.vmxon false while ...

CVE-2022-48802

CVE-2022-48802 affects the Linux kernel component involved in /proc task memory reporting. The vulnerability arises from reading the page mapcount during smaps accounting when a THP (huge page) may be split concurrently with MADV_FREE, creating a race that could trigger a kernel BUG in PageDouble...

CVE-2022-48810

In CVE-2022-48810, the Linux kernel fixes a RTNL lock handling issue in IPv4/IPv6 multicast code: ipmr and ip6mr_free_table() could be called on the failure path without proper RTNL protection. The patch ensures RTNL is held before freeing mroute tables, preventing an assertion failure observed i...

CVE-2022-48818

The CVE-2022-48818 entry refers to a Linux kernel issue in the MDIO/MV88E6xxx DSA path where devres usage around mdiobus led to a kernel OOPS during shutdown. The root cause is interaction between devm_mdiobus_free() and devres_release_all() if the MDIO bus is unregistered late due to a shutdown‑...

CVE-2022-48920

CVE-2022-48920: In the Linux kernel, the btrfs flushoncommit path could trigger a warning in __writeback_inodes_sb_nr() during transaction commits. The fix avoids deadlock risks by replacing writeback_inodes_sb() with try_to_writeback_inodes_sb(), which reads sb->s_umount and only calls writeb...

CVE-2022-48923

CVE-2022-48923 (Linux kernel) affects btrfs: the bug arises in the LZO decompression path (btrfs/lzo.c) where a compressed length may be corrupted to exceed allocated memory, causing a out-of-bounds write in copy_compressed_segment and potentially a general protection fault. Affected code path is...

CVE-2022-49082

CVE-2022-49082 in the Linux kernel: a use-after-free in mpt3sas during _scsih_expander_node_remove() was caused by freeing the port field via mpt3sas_transport_port_remove(), leading to a use-after-free when ioc_info() runs (e.g., during rmmod). The fix adds a local variable port_id to capture th...

CVE-2022-49166

Summary (grounded on provided documents): In the Linux kernel, a vulnerability related to NTFS mounting was addressed. Specifically, ntfs_read_inode_mount can call ntfs_malloc_nofs with a zero allocation size, triggering a BUG in the internal allocator (__ntfs_malloc). The fix implemented is a sa...

CVE-2022-49200

CVE-2022-49200 (Linux kernel): A bug in Bluetooth btmtksdio handling caused a kernel oops when btmtksdio_interrupt ran before sdio_set_drvdata was initialized. The issue happened because hdev->power_on could be queued and execute prior to sdio_set_drvdata being filled during btmtksdio_probe, a...

CVE-2022-49208

CVE-2022-49208 : Linux kernel RDMA/irdma vulnerability where an integer underflow may occur in irdma_sc_ceq_init() when subtracting info->dev->hmc_fpm_misc.max_ceqs. This value may come from firmware (irdma_sc_parse_fpm_query_buf()) and could be zero, enabling a potential underflow. The iss...

CVE-2022-49217

CVE-2022-49217 (Linux kernel) : In the PM8001 SCSI path, the n_elem field of the CCB used in abort/read paths can be left uninitialized (n_elem not set to 0). This can cause the task completion path to observe a non‑zero n_elem, triggering invalid dma_unmap_sg() calls in pm8001_ccb_task_free() an...

CVE-2022-49421

CVE-2022-49421 affects the Linux kernel’s video fbdev clcdfb code. The vulnerability arises from a refcount leak in clcdfb_of_vram_setup caused by of_parse_phandle() returning a node pointer with an incremented refcount that is not released. The provided description states that of_node_put() is r...

CVE-2022-49424

CVE-2022-49424 is a Linux kernel issue in the Mediatek IOMMU driver. The root cause is a NULL pointer dereference when printing dev_name due to larbdev being NULL during probe (mtk_iommu_probe_device). The crash can occur in device_link_add() and is triggered by an incorrect DTS input. The public...

CVE-2022-49427

The CVE pertains to the Linux kernel’s MTK IOMMU driver. After a patch (mtk_iommu_remove) removing clk_disable and relying on a runtime clock-control callback, the clock is now managed by runtime, eliminating the previous disable path. This addresses a warning trace seen when unbinding the MTK IO...

CVE-2022-49459

Mode C: CVE-2022-49459 affects the Linux kernel (notably kernel 5.10/5.15 in Astra Linux) with a NULL-dereference risk in sr_thermal_probe due to platform_get_resource() possibly returning NULL. The vulnerability stems from insufficient NULL checks, and a fix adds a proper NULL check to prevent d...

CVE-2022-49507

CVE-2022-49507 affects the Linux kernel regulator driver for the da9121 (regulator/da9121-regulator.c). The issue arises when da9121_assign_chip_model() accesses regmap without it being initialized due to an invalid chip->subvariant_id (set to -EINVAL by a malformed device tree). This leads to...

CVE-2022-49533

CVE-2022-49533 affects Linux kernel ath11k: the scan_req_params buffer could overflow when copying SSIDs for active probe requests due to a mismatch (16 SSIDs reported vs 10 slots in scan_req_params). The fix aligns the firmware-supported capacity (16 SSIDs, 4 BSSIDs per SSID) with driver limits ...

CVE-2022-49755

CVE-2022-49755 affects the Linux kernel’s USB gadget path (usb: gadget: f_fs) and specifically the ffs_ep0_queue_wait flow. The vulnerability arises from a race between ffs_ep0_write/ffs_ep0_read and functionfs_unbind, where ep0req can be freed and there is no NULL check in ffs_ep0_queue_wait, ri...

CVE-2022-49821

CVE-2022-49821 concerns the Linux kernel mISDN subsystem. The vulnerability is described as a memory leak in mISDN_dsp_element_register(), mitigated by a patch that makes the device name allocation dynamic and uses put_device() to release references so the name can be freed in kobject_cleanup(). ...

CVE-2022-49823

In CVE-2022-49823, the Linux kernel’s ata_tdev_add() in libata-transport is vulnerable because it does not verify the return value of transport_add_device(). If transport_add_device() fails, the subsequent removal path calls transport_remove_device() and device_del() on a device that may not have...

CVE-2022-49826

CVE-2022-49826 — Linux kernel (ata: libata-transport) The vulnerability arises in the error path of ata_tport_add() where put_device() followed by ata_tport_release() can cause an extra decrement of the refcount on ap->host, leading to a NULL pointer dereference during unbind/stop (as ports ar...

CVE-2022-49865

The CVE-2022-49865 entry corresponds to a Linux kernel fix for an infoleak in IPv6 addrlabel. Root cause: when copying a struct ifaddrlblmsg to the network, the __ifal_reserved field was left uninitialized, enabling a 1-byte information leak. The patch initializes the reserved field to prevent le...

CVE-2022-49881

CVE-2022-49881 – Linux kernel wifi cfg80211 memory leak in query_regdb_file() Root cause: in query_regdb_file(), the alpha2 data is duplicated with kmemdup() and freed in regdb_fw_cb(), but request_firmware_nowait() may fail and skip regdb_fw_cb(), leaking memory. The connected advisories confirm...

CVE-2022-49916

CVE-2022-49916 covers a NULL pointer dereference in the Linux kernel’s Rose protocol path (rose_send_frame). The issue surfaces when rose_loopback_neigh's neigh->dev is NULL, causing access to neigh->dev->dev_addr and triggering a NULL dereference in rose_send_frame (rose_link.c: rose_se...

CVE-2022-49973

The CVE-2022-49973 entry concerns a Linux kernel vulnerability in sk_msg_recvmsg triggered by an incorrect last scatter-gather (sg) check. The root cause is a change to the last sg validation (to sg_is_last()) in sk_msg_recvmsg(), but the end of the scatterlist was not marked in sockmap redirecti...

CVE-2022-49981

CVE-2022-49981 is a Linux kernel vulnerability where HID hidraw released reports memory was leaked due to missing cleanup; the fix frees buffered reports before deleting the list entry. Affected component: HID subsystem (hidraw) in the Linux kernel. Impact described as memory leak with availabili...

CVE-2022-49991

CVE-2022-49991 is a Linux kernel vulnerability involving mm/hugetlb where, in MCOPY_ATOMIC_CONTINUE with a non-shared VMA, pages from the page cache could be installed into ptes and trigger a corrupted page->mapping due to an erroneous call to hugepage_add_new_anon_rmap. The connected document...

CVE-2022-50073

CVE-2022-50073 affects the Linux kernel TAP path. Root cause: in dev_parse_header_protocol the code dereferences skb->dev which can be NULL when the tap driver calls virtio_net_hdr_to_skb, causing a NULL pointer dereference. The issue is triggered in tap_get_user/tap_sendmsg paths and can cras...

CVE-2022-50129

The CVE-2022-50129 entry concerns the Linux kernel RDMA/srpt use-after-free issue. The fix changes the lifetime of LIO port data by converting LIO port members inside struct srpt_port from regular members to pointers and by allocating/freeing the LIO port data structures from inside srpt_make_tpo...

CVE-2022-50194

The CVE-2022-50194 issue affects the Linux kernel, specifically the soc: qcom: aoss path, where for_each_available_child_of_node() leaks a refcount when breaking out of iteration. The root cause is a missing of_node_put() after iterating, leading to a refcount leak on the previously referenced no...

CVE-2022-50215

CVE-2022-50215 : Linux kernel fix for SCSI (sg) behavior when a device is removed during active usage. The issue was that sg previously returned -ENODEV for waiting on active commands after removal, which could cause memory corruption for READs or data corruption on WRITE due to buffers still in ...

CVE-2023-52655

The CVE-2023-52655 issue affects the Linux kernel usb aqc111 driver. Root cause: when a device sends a packet with a length between 0 and sizeof(u64), the length passed to skb_trim() wraps to a very large value due to an incorrect check against 0. The driver currently validates against 0 instead ...

CVE-2023-52695

CVE-2023-52695 concerns the Linux kernel, specifically the DRM/AMD display path. The connected Nessus entry states the vulnerability was resolved by the patch: drm/amd/display: Check writeback connectors in create_validate_stream_for_sink. The stated root cause is to verify the connector type to ...

CVE-2023-52841

CVE-2023-52841 concerns the Linux kernel component for media: vidtv: mux. The fix, described in the public description and echoed by Astra Linux security bulletin, adds a check for the return value of kstrdup() and returns an error if it fails to avoid a NULL pointer dereference. It also updates ...

CVE-2023-52849

CVE-2023-52849 is a Linux kernel vulnerability related to CXL memory shutdown order. The issue caused a NULL pointer dereference during teardown when removing cxl_mock_mem, tracing through cxl_region_decode_reset and related cleanup paths (cxl_region_detach, cxld_unregister, devres_release_all, d...

CVE-2023-53118

CVE-2023-53118 affects the Linux kernel SCSI subsystem: a regression in host procfs directory removal in the core SCSI layer. The vulnerable code path centers on scsi_proc_hostdir_rm(), which decreases a reference counter and must be invoked only once per host removal. The issue is resolved by th...

CVE-2023-53119

CVE-2023-53119 : In the Linux kernel, the pn533 NFC driver (pn533_out_arg) uses a temporary context for out_urb that is not fully initialized; the uninitialized field ‘phy’ may be dereferenced in error paths inside pn533_out_complete(), causing a general protection fault and a KASAN null-deref. T...

CVE-2024-22386

CVE-2024-22386 involves a race condition in the Linux kernel’s drm/exynos driver (exynos_drm_crtc_atomic_disable) that can cause a NULL dereference, potentially leading to kernel panics or denial of service. Connected Nessus/NASL entries for Unity Linux (UTSA-2026-004378 and related advisories) c...

CVE-2024-26637

CVE-2024-26637 affects the Linux kernel wifi stack (ath11k) where mac80211’s debugfs entry deletion could crash ath11k. The fix switches to letting mac80211 delete entries when appropriate and adds debugfs entries from the vif_add_debugfs handler, removing the crash trigger. Public references ind...

CVE-2024-26666

In CVE-2024-26666, the Linux kernel vulnerability affects the wifi/mac80211 TDLS fast-xmit path. The underlying issue is that the code looks up the link under RCU protection, but that protection isn’t guaranteed to be active for the operation, risking use-after-free-like scenarios. A fix was appl...

CVE-2024-35882

CVE-2024-35882 affects the Linux kernel SUNRPC over TCP. A bad commit (e18e157bb5c8) caused a memory leak: sock_sendmsg() doesn’t release all pages in bio_vec, leaving the record-marker fragment unreleased and enabling server-side memory exhaustion in some NFS setups. A narrow fix was implemented...

CVE-2024-36966

CVE-2024-36966 affects the Linux kernel EROFS file system. Root cause: in block device based mode, s_bdev could be uninitialised and misidentified as fscache mode when CONFIG_EROFS_FS_ONDEMAND is enabled, leading to ida_free on an unallocated id. The issue is resolved by ensuring erofs_sb_info is...

CVE-2024-38557

CVE-2024-38557 affects the Linux kernel mlx5/YAML path handling. The issue arises in net/mlx5 when a lag (Link Aggregation) disable/enable sequence reloads representors: the code reloads all representors for the bond’s slaves, and a failure during slave representor load can unload all representor...

CVE-2024-38595

CVE-2024-38595 affects the Linux kernel mlx5 subsystem: a patch changing register devlink flow did not update the peer devlink set logic, triggering a call trace when peer devlink set is done after devl_register. The fix aligns peer devlink set logic with the register flow to prevent the trace. I...

CVE-2024-41067

CVE-2024-41067 affects the Linux kernel with the btrfs filesystem scrub path. The bug occurs when forced RST mode causes bbio submissions to be empty because btrfs_map_block() can fail after bbio allocation, leading scrub_read_endio() to fail to locate a matching sector and trigger an out-of-rang...