CVE-2022-50032

CVE-2022-50032 concerns the Linux kernel USB Renesas driver fix for a refcount leak. The issue arises in usbhs_rza1_hardware_init() where of_find_node_by_name() returns a node pointer with an elevated refcount; the correct handling is to call of_node_put() when the node is no longer needed. The c...

CVE-2022-50116

The CVE refers to a Linux kernel flaw in tty n_gsm where deadlocks and link starvation could occur in the outgoing data path under ldisc congestion. The fix adds an additional control-channel data queue and processes it before the user-channel queue in gsm_data_kick(), moving this work to a dedic...

CVE-2022-50120

The CVE-2022-50120 issue in the Linux kernel’s remoteproc driver (imx_rproc) is documented in multiple sources. It concerns a refcount leak in imx_rproc_addr_init caused by of_parse_phandle() returning a node pointer with an incremented refcount; the fix is to call of_node_put() on it when it is ...

CVE-2022-50125

CVE-2022-50125 is a Linux kernel issue affecting ASoC: cros_ec_codec through a refcount leak in cros_ec_codec_platform_probe. The root cause is that of_parse_phandle() returns a node pointer with its refcount incremented, and the fix adds of_node_put() when the node is no longer needed to avoid t...

CVE-2022-50132

CVE-2022-50132 (Linux kernel) affects the usb: cdns3 gadget code. The root cause is an invalid dereference when ep is NULL due to the placement of the priv_ep assignment. The vulnerability is resolved by changing the assignment location in cdns3_gadget_ep_dequeue() and cdns3_gadget_ep_enable(), p...

CVE-2022-50152

CVE-2022-50152 is resolved in the Linux kernel via a fix for usb: ohci-nxp: refcount leak in ohci_hcd_nxp_probe. The issue arises because of_parse_phandle() returns a node pointer with an incremented refcount and lacks a corresponding of_node_put() when the node is no longer needed. The patch add...

CVE-2023-1295

CVE-2023-1295 describes a time-of-check to time-of-use issue in the Linux kernel io_uring IORING_OP_CLOSE path, affecting kernels 5.6–5.11 (inclusive). The flaw, a local privilege escalation, is introduced by the commit b5dba59e0cf7e2cc4d3b3b1ac5fe81ddf21959eb and patched in 9eac1904d3364254d622b...

CVE-2023-23005

The CVE-2023-23005 issue affects the Linux kernel prior to 6.2. It occurs in mm/memory-tiers.c where alloc_memory_type is misinterpreted (treating an error pointer as NULL in the error case), potentially enabling an availability impact. The root cause is the incorrect handling of the alloc_memory...

CVE-2023-52512

CVE-2023-52512 affects the Linux kernel pinctrl/nuvoton/wpcm450 driver. The root cause is an out-of-bounds write to pctrl->gpio_bank because the GPIO index validity check runs after the write, potentially causing a crash. Red Hat’s advisory notes a crash risk; other sources confirm the issue i...

CVE-2023-52660

CVE-2023-52660 concerns the Linux kernel media rkisp1 driver. The vulnerability arises from IRQ handling configured with IRQF_SHARED, which allows an interrupt to fire when the ISP is powered down, causing the SoC to hang as the driver accesses ISP registers. The provided details state the bug is...

CVE-2023-52677

CVE-2023-52677 is a Linux kernel vulnerability affecting riscv where the patch must check whether the code to patch lies in the exit section. If not, execution may fall through to vmalloc_to_page() and panic because the address is not in the vmalloc region. The connected advisories confirm the is...

CVE-2023-52681

Summary (CVE-2023-52681) : In the Linux kernel, efivarfs allocated a s_fs_info on filesystem context creation but did not Free it when the superblock is unmounted, leading to a potential resource lifecycle issue. The vulnerability is resolved by ensuring proper cleanup of the s_fs_info structure ...

CVE-2023-52702

CVE-2023-52702 corresponds to a Linux kernel issue in net: openvswitch where ovs_meter_cmd_set() can leak memory because old_meter is not freed after detachment if the new meter attach succeeds or fails. The publicly provided connected Astra Linux bulletin mirrors this vulnerability and confirms ...

CVE-2023-52705

CVE-2023-52705 is a kernel vulnerability affecting the nilfs2 filesystem code in Linux. The issue is an underflow/incorrect boundary calculation in NILFS_SB2_OFFSET_BYTES that computes the position of the second superblock, which can underflow when the device size is smaller than 4096 bytes. This...

CVE-2023-52750

The CVE-2023-52750 entry concerns the Linux kernel on arm64 where CPU_BIG_ENDIAN must be restricted to using a trusted assembler (GNU as or LLVM IAS 15.x or newer). Before LLVM 15, LLVM’s integrated assembler could byte-swap NOPs for big-endian targets, causing a sequence of bytes that matched th...

CVE-2023-52782

The CVE-2023-52782 entry pertains to the Linux kernel net/mlx5e driver: it fixes a race in tracking xmit metadata for PTP WQ where the skb may not be present in the mapping when the metadata index is tracked, risking a null pointer dereference. The fix ensures skb is in metadata mapping before tr...

CVE-2023-52794

CVE-2023-52794 is a Linux kernel vulnerability in the intel_powerclamp implementation under thermal: intel: powerclamp, where a mismatch between param_get_int and the max_idle definition can trigger a global out-of-bounds read (KASAN report). The bug stems from reading a 32-bit int where a smalle...

CVE-2023-52872

CVE-2023-52872 affects the Linux kernel in the tty/n_gsm subsystem. A race condition during status line changes on dead connections in gsm_cleanup_mux() could lead to a kernel panic after the cleanup sequence closes DLCIs, stops timers, and clears queues, while the outgoing data queue continues t...

CVE-2023-52928

CVE-2023-52928 concerns the Linux kernel’s BPF verifier. According to connected sources, the issue arises from the verifier’s handling of invalid kfunc calls in backtrack_insn, where such an instruction could be captured by fixup_kfunc_call() and, if not eliminated by DCE, trigger a warning in ba...

CVE-2023-52992

CVE-2023-52992 affects the Linux kernel; the vulnerability exists in BPF’s send_signal_common path where a task with pid=1 can trigger a kernel panic (kernel: “Attempted to kill init!”). A fix was applied to skip pid=1 in bpf_send_signal_common(), preventing this panic. Impact is local, with pote...

CVE-2023-53081

CVE-2023-53081 affects the Linux kernel’s ocfs2 function. When a buffered write fails to copy data into the page cache, ocfs2_write_end_nolock() zeroes the page and dirties it, which can leave a dirty page beyond EOF. If writeback occurs before i_size is expanded, the page can reach an inconsiste...

CVE-2023-53139

The CVE-2023-53139 issue is in the Linux kernel’s NFC FDP code: it adds a null check for devm_kmalloc_array in fdp_nci_i2c_read_device_properties. If devm_kmalloc_array fails and fw_vsc_cfg is NULL, an out-of-bounds write can occur in device_property_read_u8_array. The vulnerability is addressed ...

CVE-2024-26730

The CVE-2024-26730 entry concerns the Linux kernel hwmon/nct6775 driver. The vulnerability arises from a mismatch between the number of temperature configuration registers and the total temperature registers, which can trigger out-of-bounds access (KASAN) in nct6775_probe/nct6775_core. The issue ...

CVE-2024-33847

CVE-2024-33847 relates to the Linux kernel’s f2fs compression feature. The root cause is a truncation bug on released compressed inodes that can corrupt a f2fs image if a partial truncation changes the valid block count without updating i_blocks/total_valid_block_count. The patch fixes by allowin...

CVE-2024-38617

Technical details about CVE-2024-38617 are not provided in the supplied documents. Monitor for updates from vendor advisories and kernel project commits for affected components and fixed versions.

CVE-2024-46748

The CVE-2024-46748 entry concerns the Linux kernel cachefiles subsystem. It fixes a write-size issue by setting the maximum subrequest size for cache writes to MAX_RW_COUNT, preventing overruns on backing filesystems. Connected docs confirm the fix applies to Linux kernel versions using this code...

CVE-2024-57942

CVE-2024-57942 (Linux kernel) affects netfs by addressing how ceph copy to cache is handled on write-begin. The vulnerability arises in netfs_unlock_read_folio() where folios marked for cache copy are not consistently queued, and netfs_pgpriv2_write_to_the_cache() expects to traverse folio_queue ...

CVE-2024-57943

CVE-2024-57943 affects the Linux kernel exFAT path where a newly allocated buffer head could write uninitialized data from the page cache. The root cause is that buffers marked as new were not zeroed before write_end(), risking data leakage or corruption. The remediation is a kernel commit that c...

CVE-2024-57953

CVE-2024-57953 affects the Linux kernel RTC driver (rtc: tps6594). On 32-bit systems a 64-bit tmp variable overflows when calculating tmp = offset * TICKS_PER_HOUR, because offset is a long and TICKS_PER_HOUR is very large (32768*3600). The description states the overflow occurs in tps6594_rtc_se...

CVE-2025-21974

CVE-2025-21974 affects the Linux kernel with the bnxt ethernet driver. The vulnerability stems from bnxt_queue_mem_alloc() dereferencing an rx buffer descriptor when a queue restarts while the interface is down, which can trigger a kernel panic. The issue is resolved in the Linux kernel via fixes...

CVE-2025-37898

CVE-2025-37898 affects the Linux kernel’s powerpc64/ftrace module loading path. The issue arises from get_stubs_size assuming at least one patchable function entry; modules exporting data but no code could yield a zero sh_size. During module_memory_alloc(), the size is page-aligned and becomes ze...

CVE-2025-37910

Technical details for CVE-2025-37910 are not publicly available in the provided documents. Monitor for updates.

CVE-2025-38020

In the Linux kernel issue CVE-2025-38020, MACsec offload is not supported in switchdev mode for uplink representors. The vulnerability stems from NETIF_F_HW_MACSEC remaining set when switching to the uplink representor profile, allowing a null pointer dereference when offloads are added. The fix ...

CVE-2025-38027

The CVE-2025-38027 entry describes a Linux kernel vulnerability in the regulator max20086 code path. The root cause is that max20086_parse_regulators_dt() uses an on-stack array of struct of_regulator_match for matches and then relies on devm_of_regulator_put_matches(), which allocates a devm_of_...

CVE-2025-38031

CVE-2025-38031 is a Linux kernel issue in the padata subsystem where a parallel_data refcount is incremented unconditionally by a patch, allowing a refcount leak if queue_work() returns that the work is already queued. The described fix is to check queue_work()’s return value and decrement the re...

CVE-2025-38043

CVE-2025-38043 affects the Linux kernel firmware/arm_ffa path: a fix sets the dma_mask for FFA devices to prevent DMA allocation using a raw device pointer, which previously triggered a kernel warning “dma_alloc_attrs” in mapping.c. The vulnerability’s impact, per the description, is to avoid mis...

CVE-2025-38080

The CVE-2025-38080 issue affects the Linux kernel DRM/AMD display path. Root cause: hwss_build_fast_sequence can generate more than 50 steps, overflowing the block_sequence buffer for multi-pipe (e.g., 6-pipe) ASICs and corrupting block_sequence_steps, leading to a crash. Fix: increase the block_...

CVE-2025-38118

CVE-2025-38118 affects the Linux kernel Bluetooth MGMT subsystem. The flaw is a use-after-free in mgmt_remove_adv_monitor_complete (MGMT_OP_REMOVE_ADV_MONITOR path) caused by using mgmt_pending_add, leading to KASAN crashes. The issue is resolved by reworking MGMT_OP_REMOVE_ADV_MONITOR to avoid m...

CVE-2025-38119

CVE-2025-38119 corresponds to a Linux kernel vulnerability in the SCSI/UFS stack that fixes a hang in the error handler. The issue stems from ufshcd_err_handling_prepare() calling ufshcd_rpm_get_sync() in a context where UFSHCD_EH_IN_PROGRESS may be set, causing the resume flow to queue commands ...

CVE-2025-38123

CVE-2025-38123 affects the Linux kernel in Azure Linux 3.0 environments, where the t7xx NAPI RX polling path could use an invalid netdev after dellink-triggered disconnects, causing a NULL pointer dereference and kernel panic during skb processing. The issue arises when the driver processes napi_...

CVE-2025-38135

CVE-2025-38135 – Linux kernel (serial/mlb_usio_probe) NULL pointer dereference fix : The vulnerability arises when devm_ioremap() returns NULL on error and mlb_usio_probe() fails to check it, potentially leading to a NULL pointer dereference. The fix adds a NULL check after devm_ioremap() to prev...

CVE-2025-38149

CVE-2025-38149 — Linux kernel net: phy: clear phydev->devlink when the link is deleted . The issue causes a crash when disabling and re-enabling a network port because phydev->devlink is not cleared after phy_detach() calls device_link_del(), leaving a stale value that is dereferenced on re...

CVE-2025-38191

The CVE-2025-38191 issue is in the Linux kernel ksmbd component, where a null pointer dereference could occur during Kerberos session setup if the client uses PreviousSessionId before session authentication completes. Root cause: sess->user is not set during initial kerberos setup, allowing a ...

CVE-2025-38192

The CVE-2025-38192 issue is in the Linux kernel. A NAT46/ingress BPF path could flip packet SKB protocols without clearing dst, leading to a NULL pointer dereference in ip6_rcv_core when an IPv4 multicast path loops back and IP6 processing runs with a stale IPv4 dst. The fix, described in the adv...

CVE-2025-38218

CVE-2025-38218 affects the Linux kernel’s F2FS file system. The vulnerability stems from a faulty sanity check on sit_bitmap_size that can lead to an out-of-bounds access in sit_bitmap when resizing an image, causing a kernel panic during mount. The root cause described is sit_i->bitmap_size b...

CVE-2025-38250

In CVE-2025-38250, the Linux kernel Bluetooth vhci_flush() path is affected by a use-after-free when a thread closes a vhci fd while another thread uses the device. The issue stems from a missing synchronization after unlinking hdev from hci_dev_list in hci_unregister_dev(), allowing another thre...

CVE-2025-38289

The CVE-2025-38289 entry concerns the Linux kernel SCSI lpfc driver. It describes a potential use-after-free of an ndlp object in dev_loss_tmo_callbk during driver unload or fatal error handling, leading to a Denial of Service if triggered. The fix reorders code to avoid use-after-free when the i...

CVE-2025-38304

CVE-2025-38304 : In the Linux kernel, a NULL pointer dereference in Bluetooth eir_get_service_data (len parameter can be NULL) is fixed. The vulnerability affects the Bluetooth EIR handling path and is rated with LOCAL attack vector and HIGH availability impact, implying potential kernel crash or...

CVE-2025-38332

CVE-2025-38332 (Linux kernel) affects the lpfc SCSI path where BIOSVersion handling could panic due to a misused strlcat/FORTIFY check. The root cause is improper assumptions about buffer sizes, leading to a likely false positive overflow check, and the fix replaces the problematic sequence with ...

CVE-2025-38384

CVE-2025-38384 affects the Linux kernel’s MTD spinand/ECC engine path. The root cause is a memory leak where ECC engine configuration memory allocated during ECC init is not released during spinand cleanup. The leak trace shows kmemleak reporting an unreferenced object during spinand probe/init p...