Lucene search
K
LinuxLinux Kernel

14372 matches found

CVE
CVE
•added 2025/05/01 2:9 p.m.•88 views

CVE-2022-49809

CVE-2022-49809 affects the Linux kernel in the x25 subsystem (net/x25). The vulnerability arises in x25_lapb_receive_frame() where skb_copy() is used to obtain a private copy of skb; if the new skb is not freed in the undersized/fragmented skb error handling path, a memory leak occurs. The provid...

5.5CVSS6.4AI score0.00166EPSS
CVE
CVE
•added 2025/02/26 2:13 a.m.•87 views

CVE-2022-49507

CVE-2022-49507 affects the Linux kernel regulator driver for the da9121 (regulator/da9121-regulator.c). The issue arises when da9121_assign_chip_model() accesses regmap without it being initialized due to an invalid chip->subvariant_id (set to -EINVAL by a malformed device tree). This leads to...

5.5CVSS5.2AI score0.00245EPSS
CVE
CVE
•added 2025/02/26 2:23 a.m.•87 views

CVE-2022-49591

CVE-2022-49591 relates to the Linux kernel, specifically the DSA Microchip ksz_common path. The root cause is a refcount leak in ksz_switch_register(): the reference returned by of_get_child_by_name() is not released. The fix is to call of_node_put() on that reference (which has increased the ref...

5.5CVSS5.4AI score0.00243EPSS
CVE
CVE
•added 2025/02/26 2:23 a.m.•87 views

CVE-2022-49656

The CVE-2022-49656 entry concerns the Linux kernel ARM meson driver, where of_find_compatible_node() returns a node pointer with an incremented refcount. The flaw leads to a refcount leak, fixed by adding of_node_put() after use. Multiple connected advisories reiterate this mitigation (kernel pat...

5.5CVSS5.3AI score0.0025EPSS
CVE
CVE
•added 2025/03/27 4:43 p.m.•87 views

CVE-2022-49755

CVE-2022-49755 affects the Linux kernel’s USB gadget path (usb: gadget: f_fs) and specifically the ffs_ep0_queue_wait flow. The vulnerability arises from a race between ffs_ep0_write/ffs_ep0_read and functionfs_unbind, where ep0req can be freed and there is no NULL check in ffs_ep0_queue_wait, ri...

7.8CVSS6.6AI score0.0022EPSS
CVE
CVE
•added 2025/05/01 2:9 p.m.•87 views

CVE-2022-49821

CVE-2022-49821 concerns the Linux kernel mISDN subsystem. The vulnerability is described as a memory leak in mISDN_dsp_element_register(), mitigated by a patch that makes the device name allocation dynamic and uses put_device() to release references so the name can be freed in kobject_cleanup(). ...

5.5CVSS6.4AI score0.00166EPSS
CVE
CVE
•added 2025/05/01 2:9 p.m.•87 views

CVE-2022-49823

In CVE-2022-49823, the Linux kernel’s ata_tdev_add() in libata-transport is vulnerable because it does not verify the return value of transport_add_device(). If transport_add_device() fails, the subsequent removal path calls transport_remove_device() and device_del() on a device that may not have...

5.5CVSS6.4AI score0.00183EPSS
CVE
CVE
•added 2025/05/01 2:10 p.m.•87 views

CVE-2022-49880

CVE-2022-49880 : Linux kernel ext4 inline-data migration may trigger a reliable warning in ext4_da_release_space when a writeback path releases space with to_free=1 but i_reserved_data_blocks==0. The issue is resolved by forbidding inodes with inline data from migration (ext4 inline data handling...

5.5CVSS6.4AI score0.00186EPSS
CVE
CVE
•added 2025/05/01 2:10 p.m.•87 views

CVE-2022-49913

CVE-2022-49913 concerns a memory leak in the Linux kernel’s btrfs backref walking code. During find_parent_nodes() on data extents, if an error occurs while resolving indirect backrefs (resolve_indirect_refs()) or while iterating direct refs in the rbtree, inode lists attached to direct refs not ...

5.5CVSS6.6AI score0.00172EPSS
CVE
CVE
•added 2025/06/18 11:0 a.m.•87 views

CVE-2022-49973

The CVE-2022-49973 entry concerns a Linux kernel vulnerability in sk_msg_recvmsg triggered by an incorrect last scatter-gather (sg) check. The root cause is a change to the last sg validation (to sg_is_last()) in sk_msg_recvmsg(), but the end of the scatterlist was not marked in sockmap redirecti...

5.5CVSS6.4AI score0.002EPSS
CVE
CVE
•added 2025/06/18 11:0 a.m.•87 views

CVE-2022-49991

CVE-2022-49991 is a Linux kernel vulnerability involving mm/hugetlb where, in MCOPY_ATOMIC_CONTINUE with a non-shared VMA, pages from the page cache could be installed into ptes and trigger a corrupted page->mapping due to an erroneous call to hugepage_add_new_anon_rmap. The connected document...

5.5CVSS6.5AI score0.00205EPSS
CVE
CVE
•added 2025/06/18 11:2 a.m.•87 views

CVE-2022-50076

CVE-2022-50076 concerns the Linux kernel CIFS implementation: a memory leak in the deferred close path has been fixed. The description from multiple sources (NVD entry and connected advisories) shows the issue manifests as a kmemleak report during SMB2/xfstests (xfstests on smb21 report kmemleak)...

5.5CVSS6.5AI score0.00157EPSS
CVE
CVE
•added 2025/06/18 11:2 a.m.•87 views

CVE-2022-50116

The CVE refers to a Linux kernel flaw in tty n_gsm where deadlocks and link starvation could occur in the outgoing data path under ldisc congestion. The fix adds an additional control-channel data queue and processes it before the user-channel queue in gsm_data_kick(), moving this work to a dedic...

5.5CVSS6.4AI score0.00122EPSS
CVE
CVE
•added 2025/06/18 11:2 a.m.•87 views

CVE-2022-50124

The CVE-2022-50124 entry concerns the Linux kernel ASoC driver mt6797-mt6351 (mt6797_mt6351_dev_probe). Technical detail: of_parse_phandle() returns a node pointer with a refcount increment; the correct remediation is to call of_node_put() when the node is no longer needed to avoid a refcount lea...

5.5CVSS6.4AI score0.0016EPSS
CVE
CVE
•added 2025/06/18 11:3 a.m.•87 views

CVE-2022-50196

In the Linux kernel, the vulnerability CVE-2022-50196 affects the soc: qcom: ocmem path. It stems from a refcount leak in of_parse_phandle() where the returned node pointer’s refcount isn’t released; a missing of_node_put() caused the leak. The fix adds a proper of_node_put() on the node when it ...

5.5CVSS6.4AI score0.00202EPSS
CVE
CVE
•added 2025/06/18 11:3 a.m.•87 views

CVE-2022-50215

CVE-2022-50215 : Linux kernel fix for SCSI (sg) behavior when a device is removed during active usage. The issue was that sg previously returned -ENODEV for waiting on active commands after removal, which could cause memory corruption for READs or data corruption on WRITE due to buffers still in ...

5.5CVSS6.9AI score0.00199EPSS
CVE
CVE
•added 2025/06/18 11:3 a.m.•87 views

CVE-2022-50220

CVE-2022-50220 is a Linux kernel vulnerability in the usbnet subsystem where a use-after-free can occur on disconnect due to linkwatch handling after unregister_netdev. The issue stems from usbnet_deferred_kevent() being awaited in a path that may access freed netdev state, potentially enabling m...

7.8CVSS6.5AI score0.00202EPSS
CVE
CVE
•added 2024/05/17 2:24 p.m.•87 views

CVE-2023-52681

Summary (CVE-2023-52681) : In the Linux kernel, efivarfs allocated a s_fs_info on filesystem context creation but did not Free it when the superblock is unmounted, leading to a potential resource lifecycle issue. The vulnerability is resolved by ensuring proper cleanup of the s_fs_info structure ...

5.5CVSS6.8AI score0.00232EPSS
CVE
CVE
•added 2024/05/17 2:24 p.m.•87 views

CVE-2023-52687

CVE-2023-52687 affects the Linux kernel crypto safexcel path. The issue arises when dma_map_sg() can return 0 on error, risking improper handling of DMA mappings. The published patch adds error checks for dma_map_sg() and ensures previously mapped buffers are unmapped via dma_unmap_sg() to preven...

5.5CVSS6.7AI score0.00232EPSS
CVE
CVE
•added 2024/05/21 3:22 p.m.•87 views

CVE-2023-52705

CVE-2023-52705 is a kernel vulnerability affecting the nilfs2 filesystem code in Linux. The issue is an underflow/incorrect boundary calculation in NILFS_SB2_OFFSET_BYTES that computes the position of the second superblock, which can underflow when the device size is smaller than 4096 bytes. This...

5.5CVSS6.7AI score0.00252EPSS
CVE
CVE
•added 2024/05/21 3:23 p.m.•87 views

CVE-2023-52739

CVE-2023-52739 affects the Linux kernel; the issue is a race in the memory allocator where the PageHead check in __free_pages can be observed after the page reference is dropped, causing freeing of tail pages and potential page corruption or crashes. Root cause identified from the commit e320d301...

5.5CVSS6.8AI score0.0025EPSS
CVE
CVE
•added 2024/05/21 3:31 p.m.•87 views

CVE-2023-52787

CVE-2023-52787: Linux kernel vulnerability in blk-mq handling of bio integrity. The issue could cause a kernel panic when queue usage counters aren’t properly held during bio_integrity_prep and bio merge. Fixes in updated kernels require calling bio_integrity_prep() with a reliably grabbed queue ...

5.5CVSS6.6AI score0.00236EPSS
CVE
CVE
•added 2024/05/21 3:31 p.m.•87 views

CVE-2023-52826

CVE-2023-52826 : In the Linux kernel, a null pointer dereference in the DRM panel path was addressed. Specifically, in drm/panel/panel-tpo-tpg110, tpg110_get_modes() previously assigned the return value of drm_mode_duplicate() to mode and did not check for failure, risking an NP dereference on NU...

5.5CVSS6.7AI score0.00241EPSS
CVE
CVE
•added 2025/03/27 4:43 p.m.•87 views

CVE-2023-53019

CVE-2023-53019 concerns the Linux kernel: the net/mdio subsystem allowed an out-of-bounds access in mdiobus_get_phy() when an invalid addr is passed (e.g., -1 in stmmac_init_phy). The advisory notes that addr must be validated before use to prevent access to mdio_map. Impact is described as high,...

7.8CVSS6.5AI score0.00185EPSS
CVE
CVE
•added 2025/05/02 3:55 p.m.•87 views

CVE-2023-53053

CVE-2023-53053 affects the Linux kernel: erspan handling relied on skb_mac_header() in ndo_start_xmit(), with drivers incorrectly assuming skb_mac_header(skb) == skb->data. The issue is fixed by using skb_network_offset() and skb_transport_offset() in erspan_fb_xmit() and ip6erspan_tunnel_xmit...

7.8CVSS6.5AI score0.00194EPSS
CVE
CVE
•added 2025/05/02 3:55 p.m.•87 views

CVE-2023-53109

CVE-2023-53109 : Linux kernel vulnerability in net: tunnels where IP tunnels may update dev->needed_headroom in the xmit path, causing a data race (KCSAN) in ip_tunnel_xmit and related paths. The patch annotates lockless accesses to dev->needed_headroom for three tunnels’ xmit paths and als...

5.5CVSS6.6AI score0.00166EPSS
CVE
CVE
•added 2024/04/04 8:20 a.m.•87 views

CVE-2024-26799

The CVE-2024-26799 vulnerability affects the Linux kernel ASoC: qcom driver, where __lpass_get_dmactl_handle could leave dmactl uninitialized when the driver dai_id is invalid. This could allow a garbage value to bypass a null check. It has been fixed by initializing dmactl to NULL (aligned with ...

6.2CVSS6.1AI score0.00234EPSS
CVE
CVE
•added 2024/06/03 7:50 a.m.•87 views

CVE-2024-36962

CVE-2024-36962 affects the Linux kernel KS8851 driver (net: ks8851). The vulnerability arises when RX packets are queued inside an IRQ handler that is protected by a mutex, which could lead to hanging due to a potential lock conflict with net_rx_action(). The fix replaces BH manipulation (local_b...

6.2CVSS7.6AI score0.00211EPSS
CVE
CVE
•added 2024/06/19 1:35 p.m.•87 views

CVE-2024-38572

CVE-2024-38572 concerns the Linux kernel wifi driver ath12k. The issue is a missing terminator entry in ath12k_qmi_msg_handlers, which can trigger a global out-of-bounds read in qmi_invoke_handler via KASAN. A fix adds a dummy terminator entry to allow qmi_invoke_handler to traverse to the termin...

7.1CVSS6.5AI score0.00233EPSS
CVE
CVE
•added 2024/06/19 1:45 p.m.•87 views

CVE-2024-38595

CVE-2024-38595 affects the Linux kernel mlx5 subsystem: a patch changing register devlink flow did not update the peer devlink set logic, triggering a call trace when peer devlink set is done after devl_register. The fix aligns peer devlink set logic with the register flow to prevent the trace. I...

5.5CVSS6.4AI score0.00211EPSS
CVE
CVE
•added 2024/06/19 1:56 p.m.•87 views

CVE-2024-38617

Technical details about CVE-2024-38617 are not provided in the supplied documents. Monitor for updates from vendor advisories and kernel project commits for affected components and fixed versions.

5.5CVSS6.7AI score0.00209EPSS
CVE
CVE
•added 2024/06/21 10:18 a.m.•87 views

CVE-2024-38623

CVE-2024-38623 : The issue in the Linux kernel relates to the ntfs3 code using a fixed-size array, leading to a memcpy overflow in ntfs_set_label about uni->name (20 vs 256). The fix is to switch to a variable-length array (fs/ntfs3) to prevent the overflow. Connected Astra Linux advisories co...

9.8CVSS9.2AI score0.00788EPSS
CVE
CVE
•added 2024/06/25 2:25 p.m.•87 views

CVE-2024-39462

CVE-2024-39462 : Linux kernel vulnerability in bcm clk DV P. Root cause: after commit that annotated clk_hw_onecell_data with __counted_by, hws[] was accessed before ->num was initialized, triggering UBSAN array-index-out-of-bounds (drivers/clk/bcm/clk-bcm2711-dvp.c:59). Impact : potential out...

9.8CVSS9AI score0.00762EPSS
CVE
CVE
•added 2024/09/18 7:12 a.m.•87 views

CVE-2024-46741

The CVE-2024-46741 issue is in the Linux kernel’s misc/fastrpc subsystem. The root cause is a double free of the fastrpc buffer in the error path of fastrpc_req_mmap(): the buffer is freed in fastrpc_req_munmap_impl() on a successful unmap, but there is an unconditional call to fastrpc_buf_free()...

7.8CVSS7.6AI score0.00246EPSS
CVE
CVE
•added 2024/12/27 1:49 p.m.•87 views

CVE-2024-53182

The CVE-2024-53182 issue affects the Linux kernel BFQ Scheduler. A revert of the patch that merged bfq_release_process_ref() into bfq_put_cooperator() caused bic_set_bfqq to operate on a freed bic data structure, yielding a slab-use-after-free detected by KASAN in bic_set_bfqq+0x200/0x230. Impact...

7.8CVSS7AI score0.00219EPSS
CVE
CVE
•added 2025/03/27 2:57 p.m.•87 views

CVE-2024-58091

CVE-2024-58091 – Linux kernel drm_fbdev-dma shadow buffering : The vulnerability arises in DMA areas not always backed by struct page, breaking deferred I/O handling for framebuffer memory. The fix introduces a shadow buffer for drivers requiring deferred I/O and uses it as framebuffer memory, pr...

5.5CVSS7AI score0.00187EPSS
CVE
CVE
•added 2025/01/19 10:17 a.m.•87 views

CVE-2025-21641

CVE-2025-21641 concerns the Linux kernel, where the mptcp: sysctl: blackhole timeout vulnerability could occur from using current->nsproxy. The issue arises from reading net namespace data via the current task, which could be NULL for certain states (e.g., task exiting), risking a null pointer...

5.5CVSS7AI score0.00172EPSS
CVE
CVE
•added 2025/02/27 2:12 a.m.•87 views

CVE-2025-21746

The CVE-2025-21746 issue affects the Linux kernel Input: synaptics path for enabling a pass-through port. Root cause: when enabling a pass-through port, an interrupt may arrive before the psmouse driver binds, and the synaptics sub-driver may access a psmouse instance not yet attached, potentiall...

4.7CVSS6.6AI score0.0014EPSS
CVE
CVE
•added 2025/03/27 2:57 p.m.•87 views

CVE-2025-21880

Linux kernel CVE-2025-21880 affects the DRM XE userptr flow (drm/xe/userptr), specifically xe_vm_userptr_pin and EFAULT handling from hmm_range_fault(). The issue arose when EFAULT was treated as non-fatal, which could leave the userptr VMA on the rebind list during preempt_rebind_work_func(), le...

5.5CVSS7AI score0.00187EPSS
CVE
CVE
•added 2025/04/16 2:12 p.m.•87 views

CVE-2025-22114

CVE-2025-22114 affects the Linux kernel’s BTRFS subsystem. The root cause is a change in btrfs_validate_super() where a call to validate_sys_chunk_array() clobbers a previously set return value, negating earlier validity checks and potentially allowing mounting of invalid filesystems. The issue h...

5.5CVSS6.4AI score0.00148EPSS
CVE
CVE
•added 2025/05/09 6:43 a.m.•87 views

CVE-2025-37866

CVE-2025-37866: Linux kernel vulnerability in mlxbf-bootctl where sysfs_emit() is used with a non-page-aligned buffer in secure_boot_fuse_state_show(), triggering a warning on BlueField SOCs. The driver should use sysfs_emit_at() to support non-zero offsets; the issue is mitigated by the patch th...

5.5CVSS6.5AI score0.00194EPSS
CVE
CVE
•added 2025/05/20 4:1 p.m.•87 views

CVE-2025-37950

CVE-2025-37950 concerns the Linux kernel, specifically the ocfs2 subsystem. The issue arises when the folio array allocation fails (ENOMEM) during an update that converts w_pages to w_folios, and the free-path code expects valid folio pointers or NULLs. If -ENOMEM is encountered, a panic can occu...

5.5CVSS7.2AI score0.0013EPSS
CVE
CVE
•added 2025/06/18 9:28 a.m.•87 views

CVE-2025-38010

CVE-2025-38010 – Linux kernel patch replaces a single reference counter for UTMI pad power with a per-pad bitmask (utmi_pad_enabled) to track all four USB2 UTMI PHY pads. The root cause was an unbalanced reference count when suspending with connected USB devices, due to power-downs not validating...

5.5CVSS6.5AI score0.00159EPSS
CVE
CVE
•added 2025/06/18 9:28 a.m.•87 views

CVE-2025-38020

In the Linux kernel issue CVE-2025-38020, MACsec offload is not supported in switchdev mode for uplink representors. The vulnerability stems from NETIF_F_HW_MACSEC remaining set when switching to the uplink representor profile, allowing a null pointer dereference when offloads are added. The fix ...

5.5CVSS6.3AI score0.00161EPSS
CVE
CVE
•added 2025/06/18 9:28 a.m.•87 views

CVE-2025-38027

The CVE-2025-38027 entry describes a Linux kernel vulnerability in the regulator max20086 code path. The root cause is that max20086_parse_regulators_dt() uses an on-stack array of struct of_regulator_match for matches and then relies on devm_of_regulator_put_matches(), which allocates a devm_of_...

7.1CVSS6.3AI score0.00167EPSS
CVE
CVE
•added 2025/06/18 9:33 a.m.•87 views

CVE-2025-38080

The CVE-2025-38080 issue affects the Linux kernel DRM/AMD display path. Root cause: hwss_build_fast_sequence can generate more than 50 steps, overflowing the block_sequence buffer for multi-pipe (e.g., 6-pipe) ASICs and corrupting block_sequence_steps, leading to a crash. Fix: increase the block_...

5.5CVSS6.7AI score0.00147EPSS
CVE
CVE
•added 2025/07/03 8:35 a.m.•87 views

CVE-2025-38100

CVE-2025-38100 affects the Linux kernel (x86/iopl). The issue arises when a task with TIF_IO_BITMAP set lacks an installed bitmap, causing tss_update_io_bitmap() to dereference NULL. Two problems are fixed: (1) io_bitmap_exit() no longer calls task_update_io_bitmap() for non-current tasks (cleanu...

5.5CVSS7.2AI score0.00172EPSS
CVE
CVE
•added 2025/07/03 8:35 a.m.•87 views

CVE-2025-38147

Technical details about CVE-2025-38147 (affected software, impact, exploitability, and fix specifics) are not publicly provided in the supplied documents. Please monitor for updates from vendors and security bulletins.

5.5CVSS6.9AI score0.0017EPSS
CVE
CVE
•added 2025/07/03 8:35 a.m.•87 views

CVE-2025-38149

CVE-2025-38149 — Linux kernel net: phy: clear phydev->devlink when the link is deleted . The issue causes a crash when disabling and re-enabling a network port because phydev->devlink is not cleared after phy_detach() calls device_link_del(), leaving a stale value that is dereferenced on re...

5.5CVSS7.3AI score0.00145EPSS
CVE
CVE
•added 2025/07/04 1:37 p.m.•87 views

CVE-2025-38206

CVE-2025-38206 concerns the Linux kernel exfat subsystem, where a double free could occur in the delayed_free pathway during exfat_kill_sb() via exfat_free_upcase_table(). The vulnerability arises when freeing vol_utbl twice due to an error return path in exfat_create_upcase_table() leading to a ...

7.8CVSS6.6AI score0.00156EPSS
Total number of security vulnerabilities14372