14403 matches found
CVE-2022-49769
CVE-2022-49769 corresponds to a Linux kernel fix for the gfs2 filesystem: after reading a superblock, the sb_bsize_shift field is now validated to match the expected value, preventing shift/out-of-bounds and related mount errors. The available details describe the root cause (unchecked sb_bsize_s...
CVE-2024-26723
CVE-2024-26723 affects the lan966x portion of the Linux kernel. A crash occurs when adding an interface under a bond (lag) because some ports can be NULL pointers (not probed); the code iterates over ports and dereferences NULL. The fix is to check for NULL pointers before accessing port data. Th...
CVE-2022-49435
CVE-2022-49435 concerns the Linux kernel, in the mfd: davinci_voicecodec path. It fixes a potential null-pointer dereference in the davinci_vc_probe() flow if platform_get_resource() returns NULL. The workaround changes the code to use the resource only after devm_ioremap_resource() performs a NU...
CVE-2022-49475
The connected advisories confirm CVE-2022-49475 affects the Linux kernel in the spi-fsl-qspi driver, where a missing check of the resource returned by platform_get_resource_byname() can lead to a NULL pointer dereference. The root cause is not validating the resource handle before use, causing a ...
CVE-2022-49480
Technical details for CVE-2022-49480 are not publicly available in the provided documents; no affected products, root cause, impact, or remediation details are given here. Monitor for updates.
CVE-2022-49488
In CVE-2022-49488, the Linux kernel subsystem drm/msm/mdp5 is affected. The root cause is that mdp5_get_global_state could return the error -EDEADLK while acquiring the modeset lock, but mdp5_mixer_release did not propagate this error, risking a NULL dereference. The mitigation is a patch to have...
CVE-2022-49533
CVE-2022-49533 affects Linux kernel ath11k: the scan_req_params buffer could overflow when copying SSIDs for active probe requests due to a mismatch (16 SSIDs reported vs 10 slots in scan_req_params). The fix aligns the firmware-supported capacity (16 SSIDs, 4 BSSIDs per SSID) with driver limits ...
CVE-2022-49551
The CVE-2022-49551 issue in the Linux kernel relates to usb: isp1760, where a loop over HC_FIELD_MAX reads regmap fields causing a global out-of-bounds access. The dynamically sized arrays isp1760_hc_reg_fields[], isp1763_hc_reg_fields[], isp1763_hc_volatile_ranges[], and isp1763_dc_volatile_rang...
CVE-2022-49613
CVE-2022-49613 affects the Linux kernel serial driver 8250 console handover. When a console is enabled, univ8250_console_setup() runs before .dev is bound to the uart_port, so pm_runtime_get_sync() is skipped. Later, during handover, serial8250_console_exit() may call pm_runtime_put_sync() with a...
CVE-2022-49741
In the Linux kernel, CVE-2022-49741 affects the fbdev smscufx driver by faulty error handling in ufx_usb_probe, which the advisory and connected Nessus/NASL records describe as causing a memory leak (unreferenced object in ufx_usb_probe). The issue is tied to the ufx_usb_probe error path, includi...
CVE-2022-49768
In CVE-2022-49768 for the Linux kernel, the 9p/trans_fd/p9_conn_cancel path had a double-lock issue detected by syzbot. The fix is to drop the client lock earlier, after requests have been moved off to the local list, avoiding the double-lock scenario. This resolves the issue and is described as ...
CVE-2022-49794
CVE-2022-49794 affects the Linux kernel IIO ADC driver (iio: adc: at91_adc). The issue is a potential memory leak in at91_adc_allocate_trigger where, if iio_trigger_register() returns an error, the driver should free the trigger reference via iio_trigger_free() and then release memory with iio_tr...
CVE-2022-49809
CVE-2022-49809 affects the Linux kernel in the x25 subsystem (net/x25). The vulnerability arises in x25_lapb_receive_frame() where skb_copy() is used to obtain a private copy of skb; if the new skb is not freed in the undersized/fragmented skb error handling path, a memory leak occurs. The provid...
CVE-2022-49825
CVE-2022-49825 — Linux kernel (libata-transport) In ata_tport_add(), the return value of transport_add_device() is not checked, which can lead to a NULL pointer dereference during module removal when transport_remove_device() is called for a device that was not added. The vulnerability is resolve...
CVE-2022-49879
CVE-2022-49879 affects the Linux kernel ext4 code. A corrupted directory entry where rec_len is invalid (not a multiple of 4) can cause a kernel BUG() in ext4_rec_len_to_disk() called from make_indexed_dir(). The fix adds a validation step via ext4_check_dir_entry(), returning -EFSCORRUPTED for i...
CVE-2022-49881
CVE-2022-49881 – Linux kernel wifi cfg80211 memory leak in query_regdb_file() Root cause: in query_regdb_file(), the alpha2 data is duplicated with kmemdup() and freed in regdb_fw_cb(), but request_firmware_nowait() may fail and skip regdb_fw_cb(), leaking memory. The connected advisories confirm...
CVE-2022-49916
CVE-2022-49916 covers a NULL pointer dereference in the Linux kernel’s Rose protocol path (rose_send_frame). The issue surfaces when rose_loopback_neigh's neigh->dev is NULL, causing access to neigh->dev->dev_addr and triggering a NULL dereference in rose_send_frame (rose_link.c: rose_se...
CVE-2022-49979
Summary: CVE-2022-49979 affects the Linux kernel related to a refcount bug in sk_psock_get when transitioning from TCP to SMC during a connect fallback. The root cause is a mismatch in how smc and psock reuse the sk_user_data field, causing a refcount warning during shutdown. Technical details fr...
CVE-2022-50079
CVE-2022-50079 affects the Linux kernel’s DRM AMD display driver (DCN303). The issue is a boundary check error in drm/amd/display where eng_id for DCN303 must not exceed 1, since there are only two stream-encoder instances. The root cause is an incorrect boundary condition that could allow an out...
CVE-2022-50088
CVE-2022-50088 affects the Linux kernel’s damon_reclaim_init() path. The function allocates a ctx via damon_new_ctx(); if damon_select_ops() fails, the ctx is not released, causing a memory leak. The documented fix releases the ctx with damon_destroy_ctx() when damon_select_ops() fails. Connected...
CVE-2022-50139
CVE-2022-50139 affects the Linux kernel’s usb: aspeed-vhub component. The root cause is a refcount leak in ast_vhub_init_desc() caused by not releasing a reference from of_get_child_by_name(). The fix is to call of_node_put() on that reference. This remediation prevents the refcount from being in...
CVE-2023-52682
CVE-2023-52682 is a Linux kernel vulnerability affecting the f2fs file system. The issue occurs when an inode is compressed but not encrypted, where the code misses calling f2fs_wait_on_block_writeback() to wait for GCed page writeback in the IPU write path, allowing out-of-order GC and IO to cau...
CVE-2023-52838
CVE-2023-52838 – Linux kernel fbdev: imsttfb resource leak (probe) . The issue arises when init_imstt() fails and the code does not call iounmap(par->cmap_regs), leading to a resource leak in probe. The vulnerability is addressed by rewriting the error handling to ensure iounmap(par->cmap_r...
CVE-2023-52912
CVE-2023-52912 relates to the Linux kernel’s DRM amdgpu subsystem. The issue arises during unloading of amdgpu where a bug in drm_buddy_free_block can trigger a kernel BUG and invalid opcode, as shown in the stack trace and kernel log snippet. The impact is a potentially local disruption of a sys...
CVE-2023-52928
CVE-2023-52928 concerns the Linux kernel’s BPF verifier. According to connected sources, the issue arises from the verifier’s handling of invalid kfunc calls in backtrack_insn, where such an instruction could be captured by fixup_kfunc_call() and, if not eliminated by DCE, trigger a warning in ba...
CVE-2023-52992
CVE-2023-52992 affects the Linux kernel; the vulnerability exists in BPF’s send_signal_common path where a task with pid=1 can trigger a kernel panic (kernel: “Attempted to kill init!”). A fix was applied to skip pid=1 in bpf_send_signal_common(), preventing this panic. Impact is local, with pote...
CVE-2023-53081
CVE-2023-53081 affects the Linux kernel’s ocfs2 function. When a buffered write fails to copy data into the page cache, ocfs2_write_end_nolock() zeroes the page and dirties it, which can leave a dirty page beyond EOF. If writeback occurs before i_size is expanded, the page can reach an inconsiste...
CVE-2023-53106
CVE-2023-53106 is a Linux kernel use-after-free in the NFC st-nci driver (ndlc_remove) caused by a race between scheduled work (llt_ndlc_sm_work) and driver removal. The race may allow use-after-free of ndlc->ndev during ndlc_rcv_queue/nci_recv_frame, affecting both st_nci_i2c_remove and st_nc...
CVE-2023-53109
CVE-2023-53109 : Linux kernel vulnerability in net: tunnels where IP tunnels may update dev->needed_headroom in the xmit path, causing a data race (KCSAN) in ip_tunnel_xmit and related paths. The patch annotates lockless accesses to dev->needed_headroom for three tunnels’ xmit paths and als...
CVE-2023-53118
CVE-2023-53118 affects the Linux kernel SCSI subsystem: a regression in host procfs directory removal in the core SCSI layer. The vulnerable code path centers on scsi_proc_hostdir_rm(), which decreases a reference counter and must be invoked only once per host removal. The issue is resolved by th...
CVE-2023-53123
The CVE-2023-53123 issue affects Linux kernel on s390 where per-function PCI hot-plugging left stale MMIO resources in the PCI and zpci_bus structures, enabling a use-after-free when a VFs are removed and re-added. The fix removes the individually hot-unplugged PCI function’s resources from the P...
CVE-2024-26823
CVE-2024-26823 affects the Linux kernel ITS quirk probing for ACPI-based systems. The issue arose when quirks for ACPI platforms were dropped during ITS probing, causing GICv4 functionality loss or boot failure on some systems (e.g., HIP07) unless booted with DT. The fix moves enabling of quirks ...
CVE-2024-26910
CVE-2024-26910 – Linux kernel netfilter ipset swap operation is fixed by patch 28628fa9, which resolves a race between swap/destroy and kernel side add/del/test. The issue arose because a synchronize_rcu() added to the swap path slowed it down; the patch moves the synchronization to destroy and u...
CVE-2024-34777
CVE-2024-34777 affects the Linux kernel DMA mapping benchmark path. The issue occurs in the map_benchmark_ioctl() flow when validating node ids; node_possible() can receive an argument outside the valid [0, MAX_NUMNODES-1] range, enabling a KASAN wild-memory-access read in map_benchmark_ioctl (ke...
CVE-2024-35832
CVE-2024-35832 : In the Linux kernel, a memory-management bug in bcachefs caused a local denial of service when unmounting, due to incorrect freeing of snapshots. Specifically, bch_fs::snapshots is allocated with kvzalloc but freed with kvfree, whereas it should be freed with kvfree to avoid a pa...
CVE-2024-35882
CVE-2024-35882 affects the Linux kernel SUNRPC over TCP. A bad commit (e18e157bb5c8) caused a memory leak: sock_sendmsg() doesn’t release all pages in bio_vec, leaving the record-marker fragment unreleased and enabling server-side memory exhaustion in some NFS setups. A narrow fix was implemented...
CVE-2024-36931
The CVE-2024-36931 issue affects the Linux kernel on s390 architecture, specifically in s390/cio where a copied user buffer (lbuf-sized) is not guaranteed to be NUL-terminated before a scanf, enabling an out-of-bounds read. The root cause is missing termination inside the copied buffer, which is ...
CVE-2024-38547
The CVE-2024-38547 issue is a concrete Linux kernel vulnerability affecting media: atomisp, ssh_css path load_video_binaries. The root cause is a null-pointer dereference: allocation failure of mycs->yuv_scaler_binary in load_video_binaries followed by dereferencing mycs->yuv_scaler_binary ...
CVE-2024-41021
CVE-2024-41021: Linux kernel (s390) fixes VM_FAULT_HWPOISON handling in do_exception. The s390 arch has no HWPOISON/MEMORY_FAILURE/ARCH_HAS_COPY_MC, so HWPOISON was not expected here; fix makes HWPOISON behave like VM_FAULT_SIGBUS (as for MEMORY_FAILURE on x86) and adds printing of unexpected fau...
CVE-2024-42128
Technical details about CVE-2024-42128 are not publicly provided in the supplied documents. Monitor for official advisories or vendor patches for affected products.
CVE-2024-43827
In CVE-2024-43827, the Linux kernel DRM AMD display path (drm/amd/display) was fixed by adding a null check before accessing internal structs in enable_phantom_plane. Root cause: missing null pointer validation. Impact, as per CVSS: local, low complexity, low privileges required; confidentiality/...
CVE-2024-43881
CVE-2024-43881 : In the Linux kernel, the ath12k driver used by wifi in fragmented packets reinjects fragments as normal packets. The DMA direction must be DMA_TO_DEVICE when reinjecting fragments; using DMA_FROM_DEVICE can cause an invalid payload to be reinjected and delivered to the host, enab...
CVE-2024-45017
CVE-2024-45017 concerns the Linux kernel mlx5 IPsec RoCE functionality. A fix was implemented to prevent a call trace when creating IPsec over a slave device if the master does not support IPsec. The vulnerability path involves mlx5_ipsec_fs_roce_tx_destroy and related xfrm state destruction, lea...
CVE-2024-45027
The CVE-2024-45027 issue affects the Linux kernel XHCI driver: if xhci_mem_init() fails after max_interrupters is set but before interrupters are allocated, xhci_mem_cleanup() can unconditionally dereference xhci->interrupters. The documented fix gates the interrupt freeing loop with a NULL ch...
CVE-2024-46768
CVE-2024-46768 is rejected/not active. The connected Nessus entry explicitly states that this CVE ID was rejected/withdrawn by its CVE Numbering Authority, so it does not represent an active vulnerability in the published records.
CVE-2024-50212
The CVE-2024-50212 vulnerability in the Linux kernel concerns the lib/alloc_tag_module_unload path, where nf_nat module unload may trigger a warning because kfree_rcu operations are still pending when unload checks run. The issue arises from nf_nat’s module exit calling kfree_rcu on addresses tha...
CVE-2024-50293
Technical details about CVE-2024-50293 (net/smc dangling sk in __smc_create) are not publicly provided in the supplied documents. Monitor for updates from official advisories.
CVE-2024-56547
In CVE-2024-56547, the Linux kernel’s RCU no-coalescing (nocb) path has a missed barrier on deoffloading, which can trigger a WARN and, in certain racing scenarios, deadlock when rcu_barrier() is invoked on offline CPUs. The vulnerability arises during offline/offloading interactions where multip...
CVE-2024-56555
CVE-2024-56555 affects the Linux kernel binder subsystem. A race in binder_add_freeze_work() can occur when the process’ rbtree (proc->nodes) lock is intermittently dropped to acquire node locks, allowing binder_deferred_release() to move nodes to binder_dead_nodes. This can corrupt the rb_nex...
CVE-2025-21902
CVE-2025-21902 affects the Linux kernel (ACPI backends for UCSI). The vulnerability arises from the ucsi core handling of CCI polling and ACPI-opregion synchronization: backends may rely on an unnecessary/unsafe sync, which can be triggered while notifications are disabled and lead to a spurious ...