CVE-2022-48759

CVE-2022-48759 describes a race in the Linux kernel between releasing rpmsg_ctrldev and its associated cdev, potentially freeing rpmsg_ctrldev before the cdev is fully released. The issue affects rpmsg_ctrldev which includes a struct cdev; freeing the rpmsg_ctrldev via rpmsg_ctrldev_release_devic...

CVE-2022-49366

CVE-2022-49366 affects ksmbd in the Linux kernel. The vulnerability arises in smb_check_perm_dacl() when id and uid have the same value, causing a path to exit the loop without decrementing the reference count of the posix_acls object (increased by get_acl()), which may lead to memory leaks. The ...

CVE-2016-9755

CVE-2016-9755 affects the Linux kernel netfilter IPv6 reassembly logic prior to 4.9. It allows local users to cause a denial of service via a crafted application that uses socket, connect, and writev calls, due to an integer overflow / out-of-bounds write in the IPv6 reassembly path. The root cau...

CVE-2016-9777

KVM in the Linux kernel (before 4.8.12) is vulnerable when I/O APIC is enabled. A guest user can craft an interrupt request to bypass VCPU index restrictions, potentially gaining host privileges or causing a host denial of service via out-of-bounds access and host crash. Affected components: arch...

CVE-2017-0576

CVE-2017-0576 is an elevation-of-privilege vulnerability in the Qualcomm Crypto Engine Driver that could allow a local malicious app to execute arbitrary code in the kernel context. Affected product scope is Android; kernels 3.10 and 3.18 are listed as vulnerable. The underlying issue is in the Q...

CVE-2017-8069

CVE-2017-8069 affects the Linux kernel 4.9.x (prior to 4.9.11). The issue lies in drivers/net/usb/rtl8150.c interacting incorrectly with CONFIG_VMAP_STACK, which may allow a local user to trigger a denial of service (system crash or memory corruption) or other impact by abusing a DMA scatterlist ...

CVE-2020-25221

CVE-2020-25221 affects Linux kernel 5.7.x and 5.8.x before 5.8.7. The vulnerability arises in get_gate_page() implemented in mm/gup.c, due to incorrect reference counting of the backing struct page for the vsyscall page, causing a refcount underflow. It can be triggered by any 64-bit process that...

CVE-2020-27784

CVE-2020-27784 is a use-after-free in the Linux kernel’s printer_ioctl path. The issue arises from accessing a deallocated printer_dev instance after it has been freed by gprinter_free(), enabling a local attacker to trigger a fault in the kernel. The vulnerability is tracked with CVSSv3.1 vector...

CVE-2021-47192

CVE-2021-47192 is a Linux kernel vulnerability in the scsi/core sysfs path that caused a hang/deadlock when a device state is changed via sysfs after iSCSI recovery. The root cause described in connected advisories is that rescan was invoked with state_mutex still held, leading to scsi_host_in_re...

CVE-2021-47197

CVE-2021-47197 : In Linux kernel mlx5_core, a double-destroy path could crash via mlx5_debug_cq_remove() if mlx5_core_destroy_cq() is retried after failure. The fix nullifies cq->dbg after removal and ensures CQ destruction proceeds only if the FW command DESTROY_CQ returns 0. A patch addressi...

CVE-2021-47214

CVE-2021-47214 affects Linux kernel hugetlb/userfaultfd handling. The fix corrects reservation restoration on userfaultfd error in hugetlb_mcopy_atomic_pte() by treating the is_continue path like pagecache insertion and altering the new_pagecache_page flag (renamed to page_in_pagecache) so restor...

CVE-2021-47246

CVE-2021-47246 affects the Linux kernel, specifically the mlx5e (Mellanox) networking path. The issue arises when adding a hairpin flow: a firmware-side send queue is created for the peer net device and reserves host memory pages for its ring buffer. If the peer device is removed/unbound before t...

CVE-2021-47276

The CVE-2021-47276 issue affects the Linux kernel’s ftrace on arm64, where -EINVAL could trigger ftrace_bug() to read the instruction pointer value from an invalid address, causing a kernel panic. The root cause was reading the ip address directly from memory when reporting the error. The remedy ...

CVE-2021-47283

CVE-2021-47283 concerns the Linux kernel where the SFC driver could leak IRQ resources when using legacy IRQs. The issue arises because the flag irqs_hooked was not set during initialization in legacy IRQ mode, causing non-freed interrupt descriptors on module removal. The vulnerability affects t...

CVE-2021-47309

CVE-2021-47309 affects the Linux kernel's net/tunnel code: skb_tunnel_info() may return a pointer to lwtstate->data without validating its type, risking out-of-bounds reads such as during VXLAN routing. Connected advisories (SUSE-SU-2024:2561-1 and related OSV/Nessus entries) confirm the fix i...

CVE-2021-47319

CVE-2021-47319 concerns a memory leak in the Linux kernel’s virtio-blk driver during suspend/resume. The root cause is that the vblk->vqs were not freed before calling init_vqs() in virtblk_restore(), and a fix was applied to free the vqs prior to reinitialization. Connected advisories confirm...

CVE-2021-47361

CVE-2021-47361 – Linux kernel mcb_alloc_bus() use-after-free fix. The vulnerability arises from two bugs in mcb_alloc_bus(): (1) calling put_device(carrier) after ida_simple_get() failure without a prior get_device(), risking use-after-free; (2) not balancing device lifecycles after device_initia...

CVE-2021-47387

CVE-2021-47387 is a Linux kernel vulnerability in the cpufreq: schedutil governor related to freeing sugov_tunables. The original sugov_tunables_free() was split: sugov_clear_global_tunables() clears the global_tunables, and a new sugov_tunables_free() is used as kobj_type::release to safely free...

CVE-2021-47398

The CVE-2021-47398 entry concerns a Linux kernel RDMA/hfi1 pointer leak. The vulnerability stemmed from printing secured pointers using unsigned long long with %llx, which could reveal addresses. The fix changes the formatting to print pointers with %p or %px, eliminating the cast to a large inte...

CVE-2021-47525

CVE-2021-47525 affects the Linux kernel, specifically the serial liteuart driver. The issue is a use-after-free and memory leak that occurs on unbind, where the port may remain registered after driver data is released, leading to potential use after free and serial-core memory leaks. The publishe...

CVE-2021-47540

CVE-2021-47540 is a Linux kernel vulnerability in the mt7915/mt76 driver stack that causes a NULL pointer dereference when adding an IBSS interface via the mt7915_get_phy_mode path. The issue can trigger a kernel oops (as shown in the crash trace) in the MT7622-based platforms when the driver pro...

CVE-2021-47562

Summary (CVE-2021-47562) : In Linux kernel ice driver, a mismatch in XDP/Rx/Tx queue sizing caused by vsi->txq_map being sized to the doubled vsi->alloc_txq could trigger a kernel NULL pointer dereference when ethtool -L configures XDP rings and Rx/Tx counts differ. The root cause is the tx...

CVE-2021-47585

CVE-2021-47585 concerns a memory leak in the Linux kernel's btrfs __add_inode_ref path. The issue arises from allocating victim_name with kmalloc at two points (lines 1104 and 1169) and returning from the function without freeing the previously allocated memory when backref_in_log() returns an er...

CVE-2022-48657

CVE-2022-48657 is a Linux kernel vulnerability affecting the arm64 topology code. The root cause is an overflow risk in amu_fie_setup due to cpufreq_get_hw_max_freq() returning the max frequency in kHz as an unsigned int, while freq_inv_set_max_ratio() expects that value in Hz as a 64-bit type. M...

CVE-2022-48675

CVE-2022-48675 is a Linux kernel issue in IB/core involving a nested deadlock between exiting mmap (exit_mmap/__mmu_notifier_release) and a mutex held during ib_umem_odp_map_dma_and_lock. The root cause is a potential deadlock when mmput() is called while umem_mutex is held, triggering a lock in ...

CVE-2022-48728

CVE-2022-48728 corresponds to a Linux kernel flaw in IB/hfi1: Fix AIP early init panic. The issue is a NULL pointer dereference triggered by an early failure in hfi1_ipoib_setup_rn(), causing a NULL dereference in hfi1_ipoib_txreq_deinit() during netdev destruction. The root cause is a NULL deref...

CVE-2022-48734

CVE-2022-48734 affects the Linux kernel in the btrfs subsystem. The issue is a deadlock caused by quota disable interactions with the qgroup rescan worker and other transactions (e.g., block group relocation) when quota is disabled. The described sequence involves Task A starting a transaction an...

CVE-2022-48748

CVE-2022-48748 affects the Linux kernel networking path for bridges with VLANs. The issue is a memory leak in the bridge VLAN path (net: bridge: vlan: fix memory leak in __allowed_ingress). When per-vlan state is used and vlan snooping/stats are disabled, untagged or priority-tagged ingress frame...

CVE-2022-48808

CVE-2022-48808 concerns a Linux kernel issue in DSA (dpaa2-eth) handling. On systems with LX2160A and Marvell DSA switches, rebooting while the DSA master is up could panic due to the master’s deregistration triggering NETDEV_GOING_DOWN and attempting to close slave interfaces after they were alr...

CVE-2022-48822

CVE-2022-48822 — Linux kernel usb f_fs use-after-free (epfile) Technical summary: A race between ffs_func_eps_disable (which uses a local copy of epfiles) and ffs_epfile_release can lead to use-after-free of the epfile read buffer. While ffs_epfile_release frees the buffer and destroys ffs->ep...

CVE-2022-48902

CVE-2022-48902 is a Linux kernel issue in the btrfs extent_io path where a warned-on condition could occur when a page with PageError is encountered during extent buffer ops. The vulnerability arises from using assert_eb_page_uptodate() on non-uptodate pages, potentially exposing instability warn...

CVE-2022-49054

The CVE-2022-49054 entry concerns the Linux kernel, specifically the Hyper-V vmbus driver. A fix was applied to deactivate sysctl_record_panic_msg by default in isolated guests because hv_panic_page may reveal guest-sensitive information when dumped to Hyper-V. The change also updates comments in...

CVE-2022-49062

The CVE-2022-49062 issue affects the Linux kernel component cachefiles, specifically a KASAN slab-out-of-bounds in cachefiles_set_volume_xattr. The bug arose when the code did not use the actual length of volume coherency data while setting the xattr, leading to an out-of-bounds write (noted in K...

CVE-2022-49071

CVE-2022-49071 affects the Linux kernel where drm/panel: ili9341 handling of an optional regulator could dereference a NULL or error pointer if the regulator lookup fails. The patch ensures that a failed optional regulator lookup resets the pointer to NULL, and notes that related functions like m...

CVE-2022-49091

In CVE-2022-49091, the Linux kernel DRM IMX code fixes a memory leak in imx_pd_connector_get_modes by avoiding leaking the display mode variable if of_get_drm_display_mode fails. This resolves a resource leak (Coverity ID 1443943) and was implemented in kernel updates referenced by the linked com...

CVE-2022-49249

Summary (CVE-2022-49249) In the Linux kernel, the ASoC codecs WC938X path was fixed to prevent array out-of-bounds when an enum is treated as an int. The root cause was using integers to index an enum, which could access memory beyond the array on platforms like aarch64 (where long is 8 bytes whi...

CVE-2022-49261

CVE-2022-49261 affects the Linux kernel’s drm/i915/gem subsystem, where a missing boundary check in vm_access allows an out-of-bounds read/write via an unvalidated len before memcpy, potentially triggering a kernel page fault. The issue is illustrated by an access path that hits memcopy_erms and ...

CVE-2022-49369

CVE-2022-49369 concerns a memory leak in the Linux kernel’s amt_rcv() path: when an amt packet is received and no matching socket is found, the received skb is not freed, potentially leaking memory. The issue is described as resolved in the kernel; connected docs reference patches addressing the ...

CVE-2022-49400

CVE-2022-49400 concerns a Linux kernel RAID subsystem issue where in reshape the code path freed the mddev and set mddev->private to NULL, causing NULL dereference when a new raid tried to reuse mddev. The fix is to remove the code path that sets mddev->private to NULL in raid0_free, preven...

CVE-2022-49435

CVE-2022-49435 concerns the Linux kernel, in the mfd: davinci_voicecodec path. It fixes a potential null-pointer dereference in the davinci_vc_probe() flow if platform_get_resource() returns NULL. The workaround changes the code to use the resource only after devm_ioremap_resource() performs a NU...

CVE-2022-49487

CVE-2022-49487 affects the Linux kernel mtd/rawnand/syscalls for Intel NAND, where a null pointer dereference could occur if platform_get_resource() returns NULL. The fix moves using the resource after devm_ioremap_resource(), which checks for NULL to prevent dereference. Connected Astra Linux ad...

CVE-2022-49672

CVE-2022-49672 refers to a race condition in the Linux kernel’s network/tun path: when destroying a tunNAPI object, the NAPI in the tun_file struct can be destroyed before the netdev, requiring explicit deletion of the NAPI. Syzbot observed this race as the queue was detached, enabling a potentia...

CVE-2022-49683

The CVE-2022-49683 entry concerns the Linux kernel, specifically the IIO ADC driver for adi-axi-adc. The root cause is a refcount leak where of_parse_phandle() returns a node pointer with an incremented refcount, and the patch adds a missing of_node_put() when the node is no longer needed. The ch...

CVE-2022-49724

CVE-2022-49724 affects the Linux kernel’s goldfish TTY driver. The bug arises from passing an incorrect dev_id to free_irq() during driver removal, which can lead to a splat and attempts to free an already-free IRQ (IRQ 65). A fix was implemented to pass the correct dev_id in the remove path (gol...

CVE-2022-49768

In CVE-2022-49768 for the Linux kernel, the 9p/trans_fd/p9_conn_cancel path had a double-lock issue detected by syzbot. The fix is to drop the client lock earlier, after requests have been moved off to the local list, avoiding the double-lock scenario. This resolves the issue and is described as ...

CVE-2022-49769

CVE-2022-49769 corresponds to a Linux kernel fix for the gfs2 filesystem: after reading a superblock, the sb_bsize_shift field is now validated to match the expected value, preventing shift/out-of-bounds and related mount errors. The available details describe the root cause (unchecked sb_bsize_s...

CVE-2022-49777

CVE-2022-49777 affects the Linux kernel where a leaking of the i8042 platform device could occur on module removal. The fix prevents resetting the module-wide i8042_platform_device pointer in i8042_probe() or i8042_remove(), so the device can be properly destroyed by i8042_exit() during module un...

CVE-2022-49793

CVE-2022-49793 is tied to Linux kernel code fixing a memory leak in iio_sysfs_trig_init within iio: trigger: sysfs. The issue arises from dev_set_name() allocating memory for the trigger name and not freeing it if device_add() fails; the fix ensures the allocated memory is released by freeing the...

CVE-2022-49809

CVE-2022-49809 affects the Linux kernel in the x25 subsystem (net/x25). The vulnerability arises in x25_lapb_receive_frame() where skb_copy() is used to obtain a private copy of skb; if the new skb is not freed in the undersized/fragmented skb error handling path, a memory leak occurs. The provid...

CVE-2022-49824

In the Linux kernel, CVE-2022-49824 affects the ata_tlink_add() path in libata-transport. The root cause is that transport_add_device()'s return value is not checked, which can lead to a NULL pointer dereference during module removal when transport_remove_device() is called for a device that wasn...