14392 matches found
CVE-2022-48901
CVE-2022-48901 affects the Linux kernel’s btrfs implementation, addressing a race where relocation could start during a pending snapshot drop. The bug manifested when a recovering relocation on mount could clash with a concurrent snapshot deletion under balance, potentially leading to a state wit...
CVE-2022-48902
CVE-2022-48902 is a Linux kernel issue in the btrfs extent_io path where a warned-on condition could occur when a page with PageError is encountered during extent buffer ops. The vulnerability arises from using assert_eb_page_uptodate() on non-uptodate pages, potentially exposing instability warn...
CVE-2022-48909
The CVE-2022-48909 entry relates to the Linux kernel net/smc subsystem. A connection leak could occur during a sequence where, after initiating a close, a tcp_abort() may discard pending CLC CONFIRM messages in the TCP send buffer, preventing delivery of the connection token and blocking passive ...
CVE-2022-49083
CVE-2022-49083 concerns a kernel-level regression in the iommu/omap path that can trigger a NULL pointer dereference during device probe. The issue arises when a commit altered probe behavior (3f6634d997db) so that omap iommu probe returns 0 instead of ERR_PTR(-ENODEV), making probe_iommu_group-&...
CVE-2022-49091
In CVE-2022-49091, the Linux kernel DRM IMX code fixes a memory leak in imx_pd_connector_get_modes by avoiding leaking the display mode variable if of_get_drm_display_mode fails. This resolves a resource leak (Coverity ID 1443943) and was implemented in kernel updates referenced by the linked com...
CVE-2022-49194
CVE-2022-49194: In the Linux kernel BCMGENET path, GCC12 relaxes register reads/writes breaking ordering guarantees between device memory accesses and driver queues. The description notes that relaxed reads/writes can be moved by the compiler, causing potential transmit/receive ordering issues an...
CVE-2022-49221
The CVE-2022-49221 issue affects the Linux kernel DRM MSM DP driver. A NULL pointer dereference could occur because struct dp_panel::connector was never assigned (connector stored in msm_dp::connector). The problem manifested during DP CTS test 4.2.2.6 when reading EDID, causing a NULL dereferenc...
CVE-2022-49222
In CVE-2022-49222, the Linux kernel drm/bridge anx7625 EDID reader was vulnerable because edid_pos was stored in a u8, allowing overflow when EDID blocks exceed 256 bytes. The documented fix changes edid_pos to an int to safely read longer EDID blocks. The CVE is categorized with LOCAL attack vec...
CVE-2022-49234
CVE-2022-49234 is a Linux kernel vulnerability in the VLAN filtering path for DSA cross-chip setups. The issue: when a switch (sw1) p4 leaves a bridge, dsa_port_vlan_filtering would also be invoked for sw2p1 and sw3p1, potentially referencing a non-existent port and causing array out-of-bounds ac...
CVE-2022-49317
CVE-2022-49317 relates to the Linux kernel’s f2fs code, where an infinite loop could occur while flushing node pages, triggered by certain xfstests/generic/475 scenarios that could yield sustained EIO. The provided documents indicate a resolved issue in f2fs: avoid infinite loop to flush node pag...
CVE-2022-49512
CVE-2022-49512 affects the Linux kernel’s mtd: rawnand: denali driver. The issue arises because the driver did not use managed device resources, leading to kernel faults (example: timeout waiting for IRQ, page fault on supervisor write) when a NAND device is probed. The vulnerability is resolved ...
CVE-2022-49724
CVE-2022-49724 affects the Linux kernel’s goldfish TTY driver. The bug arises from passing an incorrect dev_id to free_irq() during driver removal, which can lead to a splat and attempts to free an already-free IRQ (IRQ 65). A fix was implemented to pass the correct dev_id in the remove path (gol...
CVE-2022-49775
CVE-2022-49775 (Linux kernel) affects the tcp_cdg congestion control. The advisory notes that when MPTCP calls tcp_disconnect() on an already-disconnected flow under CDG, it may trigger a double-free in the SLAB allocator. The vulnerability arises from the ability to call tcp_cdg_release() multip...
CVE-2022-49793
CVE-2022-49793 is tied to Linux kernel code fixing a memory leak in iio_sysfs_trig_init within iio: trigger: sysfs. The issue arises from dev_set_name() allocating memory for the trigger name and not freeing it if device_add() fails; the fix ensures the allocated memory is released by freeing the...
CVE-2022-49824
In the Linux kernel, CVE-2022-49824 affects the ata_tlink_add() path in libata-transport. The root cause is that transport_add_device()'s return value is not checked, which can lead to a NULL pointer dereference during module removal when transport_remove_device() is called for a device that wasn...
CVE-2022-49850
CVE-2022-49850 affects the Linux kernel nilfs2 subsystem. A semaphore deadlock can occur when nilfs_get_block() detects metadata corruption during data-block allocation and a concurrent superblock writeback happens. The root cause involves a lock order: rwsem A (NILFS_MDT dat_inode mi_sem) read l...
CVE-2022-49887
The CVE-2022-49887 entry relates to the Linux kernel: the media/ Meson vdec code could leak a refcount due to a failed vdec_probe or during vdec_remove, and requires v4l2_device_unregister to decrement the refcount obtained from v4l2_device_register. The vulnerability affects kernel components ha...
CVE-2022-49905
CVE-2022-49905: In the Linux kernel net/smc, smc_init() registers pernet subsystems without proper error handling, risking leaked pernet namespace. If register_pernet_subsys(&smc_net_stat_ops) or smc_nl_init() fails, &smc_net_stat_ops might not be reverted, leaving wild ops in the subsystem linke...
CVE-2022-49948
CVE-2022-49948 affects the Linux kernel VT subsystem. When changing the console font via ioctl(KDFONTOP), the new font size may exceed the previous screen, potentially making a prior selection fall outside the new viewport and cause out-of-bounds accesses to graphics memory if the selection is re...
CVE-2022-50055
The CVE-2022-50055 entry pertains to the Linux kernel vulnerability in the iavf driver: Fix adminq error handling. The issue arises in iavf_alloc_asq_bufs/iavf_alloc_arq_bufs where DMA-coherent memory is allocated for the VF mailbox, and DMA regions for ASQ/ARQ were not freed if configuration err...
CVE-2022-50125
CVE-2022-50125 is a Linux kernel issue affecting ASoC: cros_ec_codec through a refcount leak in cros_ec_codec_platform_probe. The root cause is that of_parse_phandle() returns a node pointer with its refcount incremented, and the fix adds of_node_put() when the node is no longer needed to avoid t...
CVE-2023-39179
CVE-2023-39179 affects the Linux kernel ksmbd module and is triggered by SMB2 read requests. The vulnerability arises from insufficient validation of user-supplied data, allowing a read past the end of an allocated buffer. Impact is potential disclosure of sensitive information on affected system...
CVE-2023-52660
CVE-2023-52660 concerns the Linux kernel media rkisp1 driver. The vulnerability arises from IRQ handling configured with IRQF_SHARED, which allows an interrupt to fire when the ISP is powered down, causing the SoC to hang as the driver accesses ISP registers. The provided details state the bug is...
CVE-2023-52677
CVE-2023-52677 is a Linux kernel vulnerability affecting riscv where the patch must check whether the code to patch lies in the exit section. If not, execution may fall through to vmalloc_to_page() and panic because the address is not in the vmalloc region. The connected advisories confirm the is...
CVE-2023-52702
CVE-2023-52702 corresponds to a Linux kernel issue in net: openvswitch where ovs_meter_cmd_set() can leak memory because old_meter is not freed after detachment if the new meter attach succeeds or fails. The publicly provided connected Astra Linux bulletin mirrors this vulnerability and confirms ...
CVE-2023-52790
The CVE-2023-52790 issue affects the Linux kernel swiotlb when CONFIG_SWIOTLB_DYNAMIC is enabled. The root cause is an out-of-bounds allocation on the free list for IO TLB slots, where swiotlb_area_find_slots() could allocate slots beyond a transient IO TLB buffer. The fix limits the free list le...
CVE-2023-52828
CVE-2023-52828 (Linux kernel) : The vulnerability arises from BPF verifier handling after a bpf_throw call. Because bpf_throw is the first noreturn call in the verifier, dead code elimination causes subsequent instructions to be treated as unseen, which can affect stack unwinding when a program t...
CVE-2023-53111
CVE-2023-53111 affects the Linux kernel loop subsystem. The vulnerability arises from a use-after-free in loop_handle_cmd() after do_req_filebacked() completes, which may dereference cmd or rq depending on whether the request was completed when using asynchronous I/O. The issue can lead to a kern...
CVE-2023-53128
CVE-2023-53128 affects the Linux kernel via a memory-leak in the SCSI mpi3mr driver (throttle_groups). The issue is resolved by adding a missing kfree(), as documented in multiple sources (Linux kernel patch notes and related advisories). The provided materials do not specify affected kernel vers...
CVE-2024-26637
CVE-2024-26637 affects the Linux kernel wifi stack (ath11k) where mac80211’s debugfs entry deletion could crash ath11k. The fix switches to letting mac80211 delete entries when appropriate and adds debugfs entries from the vif_add_debugfs handler, removing the crash trigger. Public references ind...
CVE-2024-26806
CVE-2024-26806 : In the Linux kernel, the cadence-qspi driver’s runtime PM hooks were calling spi_controller_suspend()/resume(), which was not expected and could cause a deadlock when the bus lock is held. The fix removes these calls from cadence-qspi, since cadence-qspi is not queued, and notes ...
CVE-2024-35834
CVE-2024-35834 concerns the Linux kernel’s XDP socket path (xsk) where, if the Rx queue is full, a buffer could be recycled incorrectly due to a missing xsk_buff_free() call when __xsk_rcv_zc() fails to enqueue a descriptor to the XSK Rx queue. The description in the connected Astra SUSE page mir...
CVE-2024-35836
CVE-2024-35836 affects the Linux kernel's dpll/pin handling logic. When a kernel module is unbound but pin resources for the same PCI device persist in memory, rebinding can leave the prop pointer stale to deallocated module memory. Invoking a pin-dump in this state crashes the kernel. The fix st...
CVE-2024-35846
CVE-2024-35846 affects the Linux kernel’s zswap shrinker under memcg-disabled (boot flag cgroup_disable=memory). A NULL memcg (sc->memcg == NULL) could cause a NULL dereference in memcg_page_state(), leading to a crash. The issue has been fixed in the kernel (as described in the connected docu...
CVE-2024-36943
CVE-2024-36943 affects the Linux kernel’s pagemap/proc task_mmu path. The issue arises in the pattern used by make_uffd_wp_pte() where interleaving reads and writes could lose young/dirty bits during a pagemap scan, due to a race around ptep_modify_prot_start() and subsequent updates. The documen...
CVE-2024-36958
CVE-2024-36958 affects the Linux kernel NFSD component: nfsd4_encode_fattr4() can crash due to args.acl being used after lack of initialization, leading to an unconditional kfree() path. The documented impact is local access with potential availability degradation (CVSS: Local, Availability High)...
CVE-2024-44973
This CVE (CVE-2024-44973) concerns the Linux kernel SLUB allocator. The root cause is that freeing of kfence objects was moved out of do_slab_free but missed a spot in __kmem_cache_free_bulk, leading to a crash chain involving skbuff_head_cache and slab_err (mm/slub.c). The impact described is a ...
CVE-2024-46748
The CVE-2024-46748 entry concerns the Linux kernel cachefiles subsystem. It fixes a write-size issue by setting the maximum subrequest size for cache writes to MAX_RW_COUNT, preventing overruns on backing filesystems. Connected docs confirm the fix applies to Linux kernel versions using this code...
CVE-2024-50277
In CVE-2024-50277, the Linux kernel fixes a crash in the device-mapper path when blk_alloc_disk fails. Specifically, if blk_alloc_disk returns an error, md->disk is set to an error value and cleanup_mapped_device may still access it, leading to a crash at md->disk->private_data = NULL. T...
CVE-2024-57941
CVE-2024-57941 concerns the Linux kernel netfs cache handling. When the cache is temporarily disabled, netfs_advance_write() may bail out without subrequests, leaving folios with PG_private_2 and discarding the request. The root cause is the use of the deprecated PG_private_2 path by netfslib (e....
CVE-2025-21907
CVE-2025-21907 documents a Linux kernel memory-management issue: during folio migration, unmap_poisoned_folio() must set TTU_HWPOISON for anon folio (and align policy with hwpoison_user_mappings for pagecache). The patch series mm: memory_failure: unmap poisoned folio during migrate properly fixe...
CVE-2025-37802
CVE-2025-37802 affects the Linux kernel’s ksmbd path. The issue arises from wait_event_timeout() potentially leaving the current task in TASK_UNINTERRUPTIBLE and then acquiring a mutex in ksmbd_durable_scavenger_alive(), which can sleep while holding a lock. The fix removes the unnecessary mutex ...
CVE-2025-37814
CVE-2025-37814 : In the Linux kernel, the TIOCL_SELMOUSEREPORT ioctl now requires CAP_SYS_ADMIN for all usages. A prior patch loosened this for some modes, but it introduced inconsistent logic and a potential local risk: enabling mouse reports could allow injection-like input into terminal-report...
CVE-2025-37843
CVE-2025-37843 : In the Linux kernel, a race between parent and child PCI hotplug ports can deadlock during nested PCI hotplug removal. A fix was implemented to avoid extra checks when the hotplug port itself was hot-removed, preventing the deadlock (particularly when removing multiple Thunderbol...
CVE-2025-37863
CVE-2025-37863 affects the Linux kernel overlayfs (ovl). The issue arises when a data-only layer is pointed to by an upper layer, something not currently used but previously allowed only via the datadir+ feature, which could trigger an Oops. The documented fix disables datadir without a lowerdir,...
CVE-2025-37894
CVE-2025-37894 affects the Linux kernel networking code: when sk_state is TCP_TIME_WAIT, a pointer of type inet_timewait_sock could be returned by __inet_lookup_established() or __inet6_lookup_established(), and calling sock_put() on it may crash (sk_wmem_alloc access in sk_free). The issue is mi...
CVE-2025-37898
CVE-2025-37898 affects the Linux kernel’s powerpc64/ftrace module loading path. The issue arises from get_stubs_size assuming at least one patchable function entry; modules exporting data but no code could yield a zero sh_size. During module_memory_alloc(), the size is page-aligned and becomes ze...
CVE-2025-37910
Technical details for CVE-2025-37910 are not publicly available in the provided documents. Monitor for updates.
CVE-2025-37940
Technical details about CVE-2025-37940 are not provided in the supplied documents. Monitor for updates from vendors/advisories for affected products, versions, and fixes.
CVE-2025-38078
CVE-2025-38078 affects the Linux kernel ALSA PCM OSS path. A race in buffer-clearing during initialization/reconfiguration could access a potentially freed runtime->dma_area, risking a use-after-free. The mitigation moved the silence-buffer operation into the PCM core and synchronized it under...