14403 matches found
CVE-2022-50139
CVE-2022-50139 affects the Linux kernel’s usb: aspeed-vhub component. The root cause is a refcount leak in ast_vhub_init_desc() caused by not releasing a reference from of_get_child_by_name(). The fix is to call of_node_put() on that reference. This remediation prevents the refcount from being in...
CVE-2022-48648
Technical details (affected software, versions, root cause, impact, and fixes) for CVE-2022-48648 are not provided in the supplied documents. Monitor vendor advisories and CVE entries for updates.
CVE-2022-48692
CVE-2022-48692 concerns a Linux kernel issue where RDMA/srp code could dereference a NULL scmnd pointer. The vulnerability arises from not guarding scmnd->result when scmnd is NULL, leading to a kernel NULL pointer dereference that was repro'd by blktests srp/007. The connected Astra Linux bul...
CVE-2022-48721
CVE-2022-48721 affects the Linux kernel net/smc: when SMC is used and a fallback to TCP occurs, some waitqueue entries previously inserted into smc_socket->wq may remain. After fallback, data flows over TCP and only clcsock->wq is woken, so applications (e.g., epoll) may miss wakeups for th...
CVE-2022-48809
In CVE-2022-48809, the Linux kernel fixes a memory leak in net handling when uncloning an skb destination and its metadata. The root cause is that the uncloned dst+metadata is initialized with refcount 1 and briefly increased to 2 before attachment, leaving a path where the refcount cannot drop t...
CVE-2022-48823
CVE-2022-48823 affects the Linux kernel SCSI qedf driver. The issue is a refcount bug triggered when a LOGO is received during a TMF, which can cause an I/O to hang in the qedf driver. The provided connected advisories confirm the root cause (refcount during TMF/LOGO) and note that a fix was impl...
CVE-2022-48935
CVE-2022-48935 is a Linux kernel flaw in netfilter nf_tables where flowtable hooks were not unregistered on net namespace exit, causing a use-after-free (KASAN) in nf_hook_entries_grow. The issue arises when nf_tables_flowtable_destroy() does not unregister hooks promptly, leading to UAF in flowt...
CVE-2022-49144
CVE-2022-49144 pertains to the Linux kernel io_uring subsystem. The issue stems from a memory-leak when registering files: if there are no files to process in __io_sqe_files_scm(), the code frees resources but forgets to restore the uid, leading to a leak. The connected documents confirm this exa...
CVE-2022-49162
The CVE-2022-49162 issue affects the Linux kernel’s fbdev sm712fb driver. When the sm712fb driver writes three bytes to the framebuffer, it could crash with a page fault due to an endianness fixup path that was open-coded. The fix is to remove the open-coded endianness fixup code (kernel patching...
CVE-2022-49191
Concrete details found: CVE-2022-49191 affects the Linux kernel mxser code path, where xmit_buf leaks in activate() when LSR == 0xff and ->shutdown() is not called on failure, leaving the buffer unfreed. The fix adds a proper free path to a designated label and ensures the code jumps there fro...
CVE-2022-49240
The CVE-2022-49240 issue is in the Linux kernel ASoC: mediatek mt8195 driver. The of_parse_phandle() call returns a device_node with refcount incremented, but of_node_put() is not invoked in the error path, causing a refcount leak; a fix ensures of_node_put() is called on the device_node in error...
CVE-2022-49246
CVE-2022-49246 affects the Linux kernel, specifically ASoC: atmel: snd_proto_probe. The issue is a refcount leak: of_parse_phandle() returns a device_node with refcount incremented, but of_node_put() was only called in the regular path, not in error paths. The fix ensures of_node_put() is called ...
CVE-2022-49270
CVE-2022-49270 : In the Linux kernel, a use-after-free can occur in dm_cleanup_zoned_dev() if it is not called before blk_cleanup_disk() proceeds through its cleanup path (blk_cleanup_disk->blk_cleanup_queue()->kobject_put()->blk_release_queue()->…->blk_free_queue_rcu()). This raci...
CVE-2022-49274
CVE-2022-49274 concerns an ocfs2 quota crash when mounting with quotas enabled in the Linux kernel. The connected Astra Linux entry reproduces the issue and provides the same symptom set and stack trace context. The root cause is that during dqi_gqlock initialization, the related dqi_type and dqi...
CVE-2022-49424
CVE-2022-49424 is a Linux kernel issue in the Mediatek IOMMU driver. The root cause is a NULL pointer dereference when printing dev_name due to larbdev being NULL during probe (mtk_iommu_probe_device). The crash can occur in device_link_add() and is triggered by an incorrect DTS input. The public...
CVE-2022-49427
The CVE pertains to the Linux kernel’s MTK IOMMU driver. After a patch (mtk_iommu_remove) removing clk_disable and relying on a runtime clock-control callback, the clock is now managed by runtime, eliminating the previous disable path. This addresses a warning trace seen when unbinding the MTK IO...
CVE-2022-49435
CVE-2022-49435 concerns the Linux kernel, in the mfd: davinci_voicecodec path. It fixes a potential null-pointer dereference in the davinci_vc_probe() flow if platform_get_resource() returns NULL. The workaround changes the code to use the resource only after devm_ioremap_resource() performs a NU...
CVE-2022-49475
The connected advisories confirm CVE-2022-49475 affects the Linux kernel in the spi-fsl-qspi driver, where a missing check of the resource returned by platform_get_resource_byname() can lead to a NULL pointer dereference. The root cause is not validating the resource handle before use, causing a ...
CVE-2022-49480
Technical details for CVE-2022-49480 are not publicly available in the provided documents; no affected products, root cause, impact, or remediation details are given here. Monitor for updates.
CVE-2022-49488
In CVE-2022-49488, the Linux kernel subsystem drm/msm/mdp5 is affected. The root cause is that mdp5_get_global_state could return the error -EDEADLK while acquiring the modeset lock, but mdp5_mixer_release did not propagate this error, risking a NULL dereference. The mitigation is a patch to have...
CVE-2022-49533
CVE-2022-49533 affects Linux kernel ath11k: the scan_req_params buffer could overflow when copying SSIDs for active probe requests due to a mismatch (16 SSIDs reported vs 10 slots in scan_req_params). The fix aligns the firmware-supported capacity (16 SSIDs, 4 BSSIDs per SSID) with driver limits ...
CVE-2022-49551
The CVE-2022-49551 issue in the Linux kernel relates to usb: isp1760, where a loop over HC_FIELD_MAX reads regmap fields causing a global out-of-bounds access. The dynamically sized arrays isp1760_hc_reg_fields[], isp1763_hc_reg_fields[], isp1763_hc_volatile_ranges[], and isp1763_dc_volatile_rang...
CVE-2022-49741
In the Linux kernel, CVE-2022-49741 affects the fbdev smscufx driver by faulty error handling in ufx_usb_probe, which the advisory and connected Nessus/NASL records describe as causing a memory leak (unreferenced object in ufx_usb_probe). The issue is tied to the ufx_usb_probe error path, includi...
CVE-2022-49768
In CVE-2022-49768 for the Linux kernel, the 9p/trans_fd/p9_conn_cancel path had a double-lock issue detected by syzbot. The fix is to drop the client lock earlier, after requests have been moved off to the local list, avoiding the double-lock scenario. This resolves the issue and is described as ...
CVE-2022-49794
CVE-2022-49794 affects the Linux kernel IIO ADC driver (iio: adc: at91_adc). The issue is a potential memory leak in at91_adc_allocate_trigger where, if iio_trigger_register() returns an error, the driver should free the trigger reference via iio_trigger_free() and then release memory with iio_tr...
CVE-2022-49809
CVE-2022-49809 affects the Linux kernel in the x25 subsystem (net/x25). The vulnerability arises in x25_lapb_receive_frame() where skb_copy() is used to obtain a private copy of skb; if the new skb is not freed in the undersized/fragmented skb error handling path, a memory leak occurs. The provid...
CVE-2022-49825
CVE-2022-49825 — Linux kernel (libata-transport) In ata_tport_add(), the return value of transport_add_device() is not checked, which can lead to a NULL pointer dereference during module removal when transport_remove_device() is called for a device that was not added. The vulnerability is resolve...
CVE-2022-49879
CVE-2022-49879 affects the Linux kernel ext4 code. A corrupted directory entry where rec_len is invalid (not a multiple of 4) can cause a kernel BUG() in ext4_rec_len_to_disk() called from make_indexed_dir(). The fix adds a validation step via ext4_check_dir_entry(), returning -EFSCORRUPTED for i...
CVE-2022-49881
CVE-2022-49881 – Linux kernel wifi cfg80211 memory leak in query_regdb_file() Root cause: in query_regdb_file(), the alpha2 data is duplicated with kmemdup() and freed in regdb_fw_cb(), but request_firmware_nowait() may fail and skip regdb_fw_cb(), leaking memory. The connected advisories confirm...
CVE-2022-49916
CVE-2022-49916 covers a NULL pointer dereference in the Linux kernel’s Rose protocol path (rose_send_frame). The issue surfaces when rose_loopback_neigh's neigh->dev is NULL, causing access to neigh->dev->dev_addr and triggering a NULL dereference in rose_send_frame (rose_link.c: rose_se...
CVE-2022-49979
Summary: CVE-2022-49979 affects the Linux kernel related to a refcount bug in sk_psock_get when transitioning from TCP to SMC during a connect fallback. The root cause is a mismatch in how smc and psock reuse the sk_user_data field, causing a refcount warning during shutdown. Technical details fr...
CVE-2022-50076
CVE-2022-50076 concerns the Linux kernel CIFS implementation: a memory leak in the deferred close path has been fixed. The description from multiple sources (NVD entry and connected advisories) shows the issue manifests as a kmemleak report during SMB2/xfstests (xfstests on smb21 report kmemleak)...
CVE-2022-50079
CVE-2022-50079 affects the Linux kernel’s DRM AMD display driver (DCN303). The issue is a boundary check error in drm/amd/display where eng_id for DCN303 must not exceed 1, since there are only two stream-encoder instances. The root cause is an incorrect boundary condition that could allow an out...
CVE-2022-50088
CVE-2022-50088 affects the Linux kernel’s damon_reclaim_init() path. The function allocates a ctx via damon_new_ctx(); if damon_select_ops() fails, the ctx is not released, causing a memory leak. The documented fix releases the ctx with damon_destroy_ctx() when damon_select_ops() fails. Connected...
CVE-2022-50196
In the Linux kernel, the vulnerability CVE-2022-50196 affects the soc: qcom: ocmem path. It stems from a refcount leak in of_parse_phandle() where the returned node pointer’s refcount isn’t released; a missing of_node_put() caused the leak. The fix adds a proper of_node_put() on the node when it ...
CVE-2023-52682
CVE-2023-52682 is a Linux kernel vulnerability affecting the f2fs file system. The issue occurs when an inode is compressed but not encrypted, where the code misses calling f2fs_wait_on_block_writeback() to wait for GCed page writeback in the IPU write path, allowing out-of-order GC and IO to cau...
CVE-2023-52705
CVE-2023-52705 is a kernel vulnerability affecting the nilfs2 filesystem code in Linux. The issue is an underflow/incorrect boundary calculation in NILFS_SB2_OFFSET_BYTES that computes the position of the second superblock, which can underflow when the device size is smaller than 4096 bytes. This...
CVE-2023-52826
CVE-2023-52826 : In the Linux kernel, a null pointer dereference in the DRM panel path was addressed. Specifically, in drm/panel/panel-tpo-tpg110, tpg110_get_modes() previously assigned the return value of drm_mode_duplicate() to mode and did not check for failure, risking an NP dereference on NU...
CVE-2023-52838
CVE-2023-52838 – Linux kernel fbdev: imsttfb resource leak (probe) . The issue arises when init_imstt() fails and the code does not call iounmap(par->cmap_regs), leading to a resource leak in probe. The vulnerability is addressed by rewriting the error handling to ensure iounmap(par->cmap_r...
CVE-2023-52912
CVE-2023-52912 relates to the Linux kernel’s DRM amdgpu subsystem. The issue arises during unloading of amdgpu where a bug in drm_buddy_free_block can trigger a kernel BUG and invalid opcode, as shown in the stack trace and kernel log snippet. The impact is a potentially local disruption of a sys...
CVE-2023-52928
CVE-2023-52928 concerns the Linux kernel’s BPF verifier. According to connected sources, the issue arises from the verifier’s handling of invalid kfunc calls in backtrack_insn, where such an instruction could be captured by fixup_kfunc_call() and, if not eliminated by DCE, trigger a warning in ba...
CVE-2023-52992
CVE-2023-52992 affects the Linux kernel; the vulnerability exists in BPF’s send_signal_common path where a task with pid=1 can trigger a kernel panic (kernel: “Attempted to kill init!”). A fix was applied to skip pid=1 in bpf_send_signal_common(), preventing this panic. Impact is local, with pote...
CVE-2023-53081
CVE-2023-53081 affects the Linux kernel’s ocfs2 function. When a buffered write fails to copy data into the page cache, ocfs2_write_end_nolock() zeroes the page and dirties it, which can leave a dirty page beyond EOF. If writeback occurs before i_size is expanded, the page can reach an inconsiste...
CVE-2023-53106
CVE-2023-53106 is a Linux kernel use-after-free in the NFC st-nci driver (ndlc_remove) caused by a race between scheduled work (llt_ndlc_sm_work) and driver removal. The race may allow use-after-free of ndlc->ndev during ndlc_rcv_queue/nci_recv_frame, affecting both st_nci_i2c_remove and st_nc...
CVE-2023-53109
CVE-2023-53109 : Linux kernel vulnerability in net: tunnels where IP tunnels may update dev->needed_headroom in the xmit path, causing a data race (KCSAN) in ip_tunnel_xmit and related paths. The patch annotates lockless accesses to dev->needed_headroom for three tunnels’ xmit paths and als...
CVE-2023-53118
CVE-2023-53118 affects the Linux kernel SCSI subsystem: a regression in host procfs directory removal in the core SCSI layer. The vulnerable code path centers on scsi_proc_hostdir_rm(), which decreases a reference counter and must be invoked only once per host removal. The issue is resolved by th...
CVE-2023-53123
The CVE-2023-53123 issue affects Linux kernel on s390 where per-function PCI hot-plugging left stale MMIO resources in the PCI and zpci_bus structures, enabling a use-after-free when a VFs are removed and re-added. The fix removes the individually hot-unplugged PCI function’s resources from the P...
CVE-2024-26910
CVE-2024-26910 – Linux kernel netfilter ipset swap operation is fixed by patch 28628fa9, which resolves a race between swap/destroy and kernel side add/del/test. The issue arose because a synchronize_rcu() added to the swap path slowed it down; the patch moves the synchronization to destroy and u...
CVE-2024-34777
CVE-2024-34777 affects the Linux kernel DMA mapping benchmark path. The issue occurs in the map_benchmark_ioctl() flow when validating node ids; node_possible() can receive an argument outside the valid [0, MAX_NUMNODES-1] range, enabling a KASAN wild-memory-access read in map_benchmark_ioctl (ke...
CVE-2024-35832
CVE-2024-35832 : In the Linux kernel, a memory-management bug in bcachefs caused a local denial of service when unmounting, due to incorrect freeing of snapshots. Specifically, bch_fs::snapshots is allocated with kvzalloc but freed with kvfree, whereas it should be freed with kvfree to avoid a pa...