13804 matches found
CVE-2021-47351
CVE-2021-47351 relates to UBIFS in the Linux kernel, where race conditions between xattr_set/get and listxattr could cause assertion failures, memory corruption, or stale xattr values. The fix adds a new rw-lock in ubifs_inode to serialize write operations on xattrs while allowing concurrent read...
CVE-2021-47361
CVE-2021-47361 – Linux kernel mcb_alloc_bus() use-after-free fix. The vulnerability arises from two bugs in mcb_alloc_bus(): (1) calling put_device(carrier) after ida_simple_get() failure without a prior get_device(), risking use-after-free; (2) not balancing device lifecycles after device_initia...
CVE-2021-47390
CVE-2021-47390 concerns the Linux kernel KVM path on x86, where KASAN reports a stack-out-of-bounds access in kvm_make_vcpus_request_mask() when handling IOAPIC indirect requests. The root cause is that the vcpu_bitmap is allocated as a single stack long instead of a size equal to KVM_MAX_VCPUS, ...
CVE-2021-47396
CVE-2021-47396 is a Linux kernel issue affecting mac80211-hwsim beacon timing. The root cause is improper late hrtimer handling: when a timer fires late, the code re-arms for the next deadline, which can already be in the past, causing repeated misalignment and potential stalls. The fix, as descr...
CVE-2021-47427
CVE-2021-47427 affects the Linux kernel SCSI/ISCSI code where iscsi_task could be freed after abort handling due to a goto to cleanup. Root cause: abort path introduced iscsi_get_conn()/iscsi_put_conn() but then cleanup could still perform a put on the iscsi_task. The fix reverts the goto and mov...
CVE-2021-47430
CVE-2021-47430 concerns a Linux kernel issue related to SMAP handling on x86. The vulnerability arises in x86/entry where the OS may warn when AC is active in user mode, even if SMAP is disabled or partially disabled, leading to a conditional warning that could fire on machines that support SMAP ...
CVE-2021-47439
The CVE-2021-47439 issue concerns the Linux kernel’s net: dsa: microchip ksz driver. Root cause: during rmmod, ksz_switch_remove unregisters a switch while a non-zero mib_interval can cause ksz_mac_link_down to reschedule mib_read_work, leading to a null pointer access to dp->slave after unreg...
CVE-2021-47440
CVE-2021-47440 refers to a Linux kernel issue in the encx24j600 driver where devm_regmap_init_encx24j600 could return an error (e.g., out of memory) and later dereference a null register cache pointer. The resolved description in the CVE notes that this could cause a null pointer dereference duri...
CVE-2021-47481
CVE-2021-47481 concerns the Linux kernel RDMA mlx5 path. The connected sources confirm a concrete flaw where the ODP xarray was not initialized when creating an ODP MR, allowing an out-of-bounds/invalid access that triggers a crash (page fault) due to reg_create() setting a desc_size. The fix des...
CVE-2021-47539
CVE-2021-47539 affects the Linux kernel RxRPC code. The issue is a use-after-free-like leak where a rxrpc_peer may be leaked during rxrpc_look_up_bundle() when handling a bundle candidate. The provided data states the root cause is a leak of the rxrpc_peer and the remediation is to call rxrpc_put...
CVE-2021-47588
CVE-2021-47588 relates to the Linux kernel SIT (IPv6 over SIT) vulnerability. The issue arises from sit_init_net calling ipip6_dev_free(), which is the sit dev->priv_destructor already freed by register_netdevice() if something goes wrong, risking a double-free path. The available connected ad...
CVE-2022-48646
CVE-2022-48646 affects the Linux kernel; it fixes a NULL pointer dereference in sfc/siena within efx_hard_start_xmit. The patch prevents a potential NULL dereference in the network path, addressing a local-execution vulnerability. The CVSS v3.1 base score is 6.2 (MEDIUM) with LOCAL exploitability...
CVE-2022-48670
CVE-2022-48670 is a Linux kernel use-after-free in peci CPU handling. When auxiliary_device_add() errors, auxiliary_device_uninit() is called, decrementing the device refcount and triggering .release; adev_release() then re-calls auxiliary_device_uninit(), causing use-after-free. Affected: Linux ...
CVE-2022-48690
Insight : CVE-2022-48690 refers to a Linux kernel fix in the ice driver for a DMA mappings leak when reallocating RX buffers while changing ring parameters. The leak occurred because kfree on rx_buf freed DMA mappings that were still active, leading to leaked DMA mappings during buffer substituti...
CVE-2022-48732
The CVE-2022-48732 issue affects the Linux kernel’s DRM Nouveau component, caused by an off-by-one error in BIOS boundary parsing of embedded init scripts. This bounds-checking flaw can reject access to the last byte, causing driver initialization to fail on Apple eMac systems with GeForce 2 MX G...
CVE-2022-48740
CVE-2022-48740 refers to a Linux kernel vulnerability where on error paths from cond_read_list() and duplicate_policydb_cond_list(), cond_list_destroy() could be called twice, causing a NULL pointer dereference. The fix zeroes cond_list_len in cond_list_destroy() and sets cond_list to NULL after ...
CVE-2022-48759
CVE-2022-48759 describes a race in the Linux kernel between releasing rpmsg_ctrldev and its associated cdev, potentially freeing rpmsg_ctrldev before the cdev is fully released. The issue affects rpmsg_ctrldev which includes a struct cdev; freeing the rpmsg_ctrldev via rpmsg_ctrldev_release_devic...
CVE-2022-48860
CVE-2022-48860 affects the Linux kernel ethernet xemaclite_of_probe. The issue is a refcount leak from of_parse_phandle() that is addressed by calling of_node_put() in the probe/remove path. Impact is locally accessible with high availability risk stated; no exploitation details provided in the c...
CVE-2022-48901
CVE-2022-48901 affects the Linux kernel’s btrfs implementation, addressing a race where relocation could start during a pending snapshot drop. The bug manifested when a recovering relocation on mount could clash with a concurrent snapshot deletion under balance, potentially leading to a state wit...
CVE-2022-48916
CVE-2022-48916 affects the Linux kernel IOMMU VT-d path when enabling Volume Management Device (VMD) in scalable mode. The issue manifests as a kernel panic during boot (Eagle Stream/Sapphire Rapids), traced to a double list_add in the VMD/IOMMU enable path. The connected documents reference upst...
CVE-2022-48935
CVE-2022-48935 is a Linux kernel flaw in netfilter nf_tables where flowtable hooks were not unregistered on net namespace exit, causing a use-after-free (KASAN) in nf_hook_entries_grow. The issue arises when nf_tables_flowtable_destroy() does not unregister hooks promptly, leading to UAF in flowt...
CVE-2022-49083
CVE-2022-49083 concerns a kernel-level regression in the iommu/omap path that can trigger a NULL pointer dereference during device probe. The issue arises when a commit altered probe behavior (3f6634d997db) so that omap iommu probe returns 0 instead of ERR_PTR(-ENODEV), making probe_iommu_group-&...
CVE-2022-49221
The CVE-2022-49221 issue affects the Linux kernel DRM MSM DP driver. A NULL pointer dereference could occur because struct dp_panel::connector was never assigned (connector stored in msm_dp::connector). The problem manifested during DP CTS test 4.2.2.6 when reading EDID, causing a NULL dereferenc...
CVE-2022-49239
CVE-2022-49239 : The Linux kernel ASoC codecs wcd934x path is fixed by addressing a missing of_node_put() after of_parse_phandle() returned a device_node with an incremented refcount. The bug resembles a leaked reference fix in a related commit. The connected advisories (Astra Linux, SUSE, Nessus...
CVE-2022-49266
CVE-2022-49266 (Linux kernel) : The vulnerability arises in the block layer where the patch that prevents calling rq_qos_done_bio() for untracked bios caused blk-iocost to mis-handle merged bios, leaving them “in-flight.” The fix adds a new flag BIO_QOS_MERGED to mark merged bios and ensures rq_q...
CVE-2022-49366
CVE-2022-49366 affects ksmbd in the Linux kernel. The vulnerability arises in smb_check_perm_dacl() when id and uid have the same value, causing a path to exit the loop without decrementing the reference count of the posix_acls object (increased by get_acl()), which may lead to memory leaks. The ...
CVE-2022-49436
CVE-2022-49436 affects the Linux kernel (powerpc/papr_scm) due to leaking nvdimm_events_map elements and mismatched stat_id handling (NULL termination vs 8-byte identifiers). The fix allocates space for stat_id entries in papr_scm_priv.nvdimm_events_map to prevent leaks and reconcile string sizin...
CVE-2022-49494
The CVE-2022-49494 entry concerns the Linux kernel mtd: rawnand cadence driver vulnerability. The issue is a possible NULL pointer dereference in cadence_nand_dt_probe() when platform_get_resource() could return NULL, causing access to res to dereference. The fix reorders usage so res is only use...
CVE-2022-49512
CVE-2022-49512 affects the Linux kernel’s mtd: rawnand: denali driver. The issue arises because the driver did not use managed device resources, leading to kernel faults (example: timeout waiting for IRQ, page fault on supervisor write) when a NAND device is probed. The vulnerability is resolved ...
CVE-2022-49613
CVE-2022-49613 affects the Linux kernel serial driver 8250 console handover. When a console is enabled, univ8250_console_setup() runs before .dev is bound to the uart_port, so pm_runtime_get_sync() is skipped. Later, during handover, serial8250_console_exit() may call pm_runtime_put_sync() with a...
CVE-2022-49645
CVE-2022-49645 affects the Linux kernel (drm/panfrost). The issue occurs when the madvise IOCTL is called twice on a BO: the memory shrinker list is corrupted because the BO is already on the list and is re-added without removing it first, leading to a kernel crash. The connected documents confir...
CVE-2022-49799
Summary of CVE-2022-49799 (Linux kernel): The vulnerability resides in the tracing subsys, specifically register_synth_event(), where if set_synth_event_print_fmt() fails, the code may call trace_remove_event_call() and unregister_trace_event() twice, causing the trace_event_call to invoke __unre...
CVE-2022-49802
CVE-2022-49802 affects the Linux kernel ftrace: a NULL pointer dereference can occur in ftrace_add_mod() when ftrace_mod was not initialized as a list head. The issue arises because kzalloc() can leave list pointers NULL and code may call list_del() on an uninitialized entry, triggering an Oops a...
CVE-2022-49850
CVE-2022-49850 affects the Linux kernel nilfs2 subsystem. A semaphore deadlock can occur when nilfs_get_block() detects metadata corruption during data-block allocation and a concurrent superblock writeback happens. The root cause involves a lock order: rwsem A (NILFS_MDT dat_inode mi_sem) read l...
CVE-2022-49879
CVE-2022-49879 affects the Linux kernel ext4 code. A corrupted directory entry where rec_len is invalid (not a multiple of 4) can cause a kernel BUG() in ext4_rec_len_to_disk() called from make_indexed_dir(). The fix adds a validation step via ext4_check_dir_entry(), returning -EFSCORRUPTED for i...
CVE-2022-49880
CVE-2022-49880 : Linux kernel ext4 inline-data migration may trigger a reliable warning in ext4_da_release_space when a writeback path releases space with to_free=1 but i_reserved_data_blocks==0. The issue is resolved by forbidding inodes with inline data from migration (ext4 inline data handling...
CVE-2022-49887
The CVE-2022-49887 entry relates to the Linux kernel: the media/ Meson vdec code could leak a refcount due to a failed vdec_probe or during vdec_remove, and requires v4l2_device_unregister to decrement the refcount obtained from v4l2_device_register. The vulnerability affects kernel components ha...
CVE-2022-49965
Summary: CVE-2022-49965 pertains to the Linux kernel component drm/amd/pm, where missing fini interfaces for some SMU13 ASICs could allow a memory leak. The issue is described as resolved in the Linux kernel, with references to upstream code changes and multiple advisories. What’s affected: Linux...
CVE-2022-49971
Affected software/component: Linux kernel (drm/amd/pm subsystem). Root cause: memory leak where gpu_metrics_table is allocated in smu_v13_0_4_init_smc_tables() but not freed in smu_v13_0_4_fini_smc_tables(). Impact: potential memory leak; CVSS indicates availability impact HIGH with local/low pri...
CVE-2022-49979
Summary: CVE-2022-49979 affects the Linux kernel related to a refcount bug in sk_psock_get when transitioning from TCP to SMC during a connect fallback. The root cause is a mismatch in how smc and psock reuse the sk_user_data field, causing a refcount warning during shutdown. Technical details fr...
CVE-2022-50041
CVE-2022-50041 (Linux kernel, ice driver) : The issue arises from a WARN_ON() checking for a null VSI in ice_reset_vf during VF reset, which can trigger a call trace under stress (VF attach/detach with spoofcheck/trust changes). The connected advisories and Nessus/NVL references confirm the fix: ...
CVE-2022-50087
The CVE-2022-50087 issue affects the Linux kernel firmware for arm_scpi. The vulnerability arises when scpi_info is left non-null if a probe fails, exposing memory freed by a failed devm_kzalloc() and leading to a use-after-free. The description in the advisories specifies that scpi_info must not...
CVE-2022-50133
CVE-2022-50133 concerns the Linux kernel where a NULL dereference could occur in usb: xhci_plat_remove due to xhci->shared_hcd being NULL after a specific commit. The vulnerability manifests as an Oops during reboot when the USB xHCI host controller is removed, potentially causing a system cra...
CVE-2022-50157
CVE-2022-50157 affects the Linux kernel PCI subsystem (PCI: microchip: Fix refcount leak in mc_pcie_init_irq_domains). The issue arises because of_get_next_child() returns a node pointer with the refcount incremented, and mc_pcie_init_irq_domains() fails to call of_node_put() in some error paths,...
CVE-2022-50172
CVE-2022-50172 concerns the Linux kernel mt76mt76x02u driver: a memory leak could occur in __mt76x02u_mcu_send_msg if mt76u_bulk_msg fails, with the fix freeing the skb to prevent leak. The issue is classified as LOCAL access with low privileges and could impact availability (per CVSS baseline: A...
CVE-2022-50196
In the Linux kernel, the vulnerability CVE-2022-50196 affects the soc: qcom: ocmem path. It stems from a refcount leak in of_parse_phandle() where the returned node pointer’s refcount isn’t released; a missing of_node_put() caused the leak. The fix adds a proper of_node_put() on the node when it ...
CVE-2023-52559
CVE-2023-52559 concerns the Linux kernel iommu/vt-d suspension path. The issue arises because iommu_suspend() is called with IRQs disabled and memory could be allocated with GFP_KERNEL during the suspend callback, potentially re-enabling IRQs and causing intermittent suspend/hibernate problems. O...
CVE-2023-52912
CVE-2023-52912 relates to the Linux kernel’s DRM amdgpu subsystem. The issue arises during unloading of amdgpu where a bug in drm_buddy_free_block can trigger a kernel BUG and invalid opcode, as shown in the stack trace and kernel log snippet. The impact is a potentially local disruption of a sys...
CVE-2023-52992
CVE-2023-52992 affects the Linux kernel; the vulnerability exists in BPF’s send_signal_common path where a task with pid=1 can trigger a kernel panic (kernel: “Attempted to kill init!”). A fix was applied to skip pid=1 in bpf_send_signal_common(), preventing this panic. Impact is local, with pote...
CVE-2023-53053
CVE-2023-53053 affects the Linux kernel: erspan handling relied on skb_mac_header() in ndo_start_xmit(), with drivers incorrectly assuming skb_mac_header(skb) == skb->data. The issue is fixed by using skb_network_offset() and skb_transport_offset() in erspan_fb_xmit() and ip6erspan_tunnel_xmit...