13804 matches found
CVE-2022-48895
CVE-2022-48895 affects the Linux kernel iommu/arm-smmu component, specifically an issue where shutdown unregistration could trigger a NULL pointer dereference in the IOMMU path during reboot sequences. The issue was observed in stack traces leading to Oops in interrupt and kernel panic scenarios,...
CVE-2022-48950
CVE-2022-48950 affects the Linux kernel: perf_pending_task() UaF could run after the event is freed. The root cause involves two situations: (1) task_work already queued before destroying the event; (2) destroying the event queues task_work. The documented fix is to extend the perf_event lifetime...
CVE-2022-49088
CVE-2022-49088 affects the Linux kernel: a refcount leak in dpaa2_ptp_probe where the of_find_compatible_node() result is returned with an incremented refcount. The fix is to call of_node_put() to release the reference and avoid the leak. References point to kernel patches that implement this cor...
CVE-2022-49194
CVE-2022-49194: In the Linux kernel BCMGENET path, GCC12 relaxes register reads/writes breaking ordering guarantees between device memory accesses and driver queues. The description notes that relaxed reads/writes can be moved by the compiler, causing potential transmit/receive ordering issues an...
CVE-2022-49225
CVE-2022-49225 affects the Linux kernel component mt7921s (mt76) where a memory leak could occur in mt7921_load_patch if fw data isn’t released. The fix releases fw data at the end of the routine to prevent leak; the vulnerability manifests locally with an availability impact. Affected context re...
CVE-2022-49234
CVE-2022-49234 is a Linux kernel vulnerability in the VLAN filtering path for DSA cross-chip setups. The issue: when a switch (sw1) p4 leaves a bridge, dsa_port_vlan_filtering would also be invoked for sw2p1 and sw3p1, potentially referencing a non-existent port and causing array out-of-bounds ac...
CVE-2022-49262
CVE-2022-49262 (Linux kernel) : In the Linux kernel crypto/otx2 driver, the CONFIG_DM_CRYPT check was removed. This resolves a NULL pointer dereference in the driver release path when CONFIG_DM_CRYPT is enabled, and was verified to cause a NULL dereference in the call chain during crypto_unregist...
CVE-2022-49274
CVE-2022-49274 concerns an ocfs2 quota crash when mounting with quotas enabled in the Linux kernel. The connected Astra Linux entry reproduces the issue and provides the same symptom set and stack trace context. The root cause is that during dqi_gqlock initialization, the related dqi_type and dqi...
CVE-2022-49388
CVE-2022-49388 affects the Linux kernel ubi_create_volume() in the UBI subsystem. The issue is an use-after-free involving the 'eba_tbl' in the error handling path: ubi_eba_replace_table(vol, eba_tbl) assigns vol->eba_tbl = tbl, then on error the code path leads to ubi_eba_destroy_table(eba_tb...
CVE-2022-49463
CVE-2022-49463 refers to a Linux kernel issue where thermal/drivers/imx_sc_thermal_probe could leak a device tree node reference. The root cause is that of_find_node_by_name() returns a node pointer with refcount incremented and was not paired with a corresponding of_node_put() when done, causing...
CVE-2022-49485
CVE-2022-49485 describes a Linux kernel issue in drm/v3d: a null pointer dereference of pointer perfmon where WARN_ON happens after the pointer has been dereferenced. The fix is to dereference perfmon only after it has been null-checked. Affected component: Linux kernel (drm/v3d path). Impact, pe...
CVE-2022-49676
CVE-2022-49676 refers to a Linux kernel issue for the Samsung Exynos5422 DMC memory controller where a refcount leak in of_get_dram_timings could occur due to missing of_node_put() in error paths. The bug stems from of_parse_phandle() returning a node pointer with an incremented refcount that was...
CVE-2022-49775
CVE-2022-49775 (Linux kernel) affects the tcp_cdg congestion control. The advisory notes that when MPTCP calls tcp_disconnect() on an already-disconnected flow under CDG, it may trigger a double-free in the SLAB allocator. The vulnerability arises from the ability to call tcp_cdg_release() multip...
CVE-2022-49776
CVE-2022-49776 affects the Linux kernel macvlan code; it fixes a low-level issue by enforcing a minimal MTU of 68 at link creation to prevent crashes in the IPv6 stack. The advisory notes that macvlan0 should reject mtu values below the device minimum (e.g., 67 rejected, 68 accepted), with the fi...
CVE-2022-49813
In CVE-2022-49813, the vulnerability is in the Linux kernel ena driver. The root cause is in ena_init() where the workqueue created by create_singlethread_workqueue() is not destroyed if pci_register_driver() fails, causing a resource leak. The fix adds a call to destroy_workqueue() on pci_regist...
CVE-2022-49822
The CVE refers to a Linux kernel CIFS issue: when tlink setup fails, connections may not be released, causing a refcount leak in the CIFS module and leaking fscache info, which can lead to errors on subsequent mounts (e.g., CIFS: Cache volume key already in use). The vulnerability is tied to the ...
CVE-2022-49835
CVE-2022-49835 relates to the Linux kernel ALSA: hda subsystem where memory leaks could occur in add_widget_node due to how kobject_add allocates kobject->name and may not free the kobject on error. The root cause is failure to recycle resources when kobject_add fails, leading to a potential m...
CVE-2022-49889
In CVE-2022-49889, the Linux kernel ring-buffer wake path could dereference a NULL or invalid buffer when waking waiters during ring-buffer shutdown on systems where listed CPUs > online CPUs. The fix adds a NULL check for the buffer and validates the allocation against online CPUs; it also no...
CVE-2022-49934
The CVE-2022-49934 vulnerability affects the Linux kernel’s wifi stack (mac80211) where UAF can occur in ieee80211_scan_rx() after the null check due to race with __ieee80211_scan_completed() and cfg80211_scan_done() freeing scan_req. The issue is mitigated by a fix in the kernel that prevents ac...
CVE-2022-50003
CVE-2022-50003 describes a Linux kernel issue in the ice driver where XSK (AF_XDP) pool assignment can occur for a non-balanced queue id, enabling an out-of-bounds access to the Rx ring when attaching an XSK socket in tx-only mode to a queue id without a corresponding Rx queue. The fix rewrites t...
CVE-2022-50021
CVE-2022-50021 documents a Linux kernel ext4 bug where a validated block range for freeing blocks could be altered after validation on bigalloc filesystems, potentially triggering a kernel BUG in ext4_free_blocks() / ext4_mb_clear_bb(). The issue arises because the range may be adjusted after val...
CVE-2022-50124
The CVE-2022-50124 entry concerns the Linux kernel ASoC driver mt6797-mt6351 (mt6797_mt6351_dev_probe). Technical detail: of_parse_phandle() returns a node pointer with a refcount increment; the correct remediation is to call of_node_put() when the node is no longer needed to avoid a refcount lea...
CVE-2022-50131
CVE-2022-50131 : In the Linux kernel HID MCP2221 driver, the function mcp_smbus_write() could overflow a destination buffer because the length (0–255) was derived from user data without a proper bound check on the write buffer. The Smatch warnings show &mcp->txbuf[5] and buf being too small fo...
CVE-2022-50139
CVE-2022-50139 affects the Linux kernel’s usb: aspeed-vhub component. The root cause is a refcount leak in ast_vhub_init_desc() caused by not releasing a reference from of_get_child_by_name(). The fix is to call of_node_put() on that reference. This remediation prevents the refcount from being in...
CVE-2023-52671
CVE-2023-52671 : Linux kernel vulnerability in drm/amd/display related to ODM4:1 transition. The issue could hang or underflow when disabling an OPTC and reclaiming its OPPs for a different OPTC, due to OPPs not being properly disconnected from the disabled OPTC. The published description states ...
CVE-2023-52687
CVE-2023-52687 affects the Linux kernel crypto safexcel path. The issue arises when dma_map_sg() can return 0 on error, risking improper handling of DMA mappings. The published patch adds error checks for dma_map_sg() and ensures previously mapped buffers are unmapped via dma_unmap_sg() to preven...
CVE-2023-52786
CVE-2023-52786 affects the Linux kernel ext4 subsystem. The issue is a race in the inline data check during direct IO (dio) writes: ext4_iomap_begin() can observe inline data concurrently with MAY_INLINE_DATA state clearing across a lock cycle, potentially allowing a dio write to proceed in an un...
CVE-2023-53011
The CVE-2023-53011 issue concerns the Linux kernel’s stmmac driver (DWMAC5) where, by default, all safety features were enabled. If a hardware platform did not provide a safety_feat_cfg entry, enabling the automotive safety package could trigger a NULL pointer dereference during network device op...
CVE-2024-26682
CVE-2024-26682 affects the Linux kernel's wifi/mac80211 CSA/ECSA handling. The patch fixes: (1) ignoring ECSA elements stuck in probe responses when cfg80211 previously detected them, preventing false connection refusals during CSA; and (2) permitting connections to APs switching to a channel alr...
CVE-2024-26728
CVE-2024-26728 is a Linux kernel issue affecting the DRM/AMD display path, where a null-pointer dereference could occur during EDID reading. The fix switches to using an I2C adapter when there is no aux_mode in dc_link to prevent the dereference in scenarios involving DCN2.1 and HDMI connectors (...
CVE-2024-33619
The CVE-2024-33619 entry concerns a Linux kernel EFI handling bug in libstub: priv.runtime_map could be freed in an error path when it was never allocated (priv.runtime_map is only allocated if efi_novamap is not set; otherwise it is uninitialized). The fix is to Free priv.runtime_map only when i...
CVE-2024-35798
CVE-2024-35798 is a Linux kernel vulnerability in btrfs where a race in read_extent_buffer_pages can cause uptodate status to be missed during concurrent reads of the same extent buffer. The issue can lead to concurrent modification and tree-checker errors (e.g., corrupted nodes) due to an unnece...
CVE-2024-35832
CVE-2024-35832 : In the Linux kernel, a memory-management bug in bcachefs caused a local denial of service when unmounting, due to incorrect freeing of snapshots. Specifically, bch_fs::snapshots is allocated with kvzalloc but freed with kvfree, whereas it should be freed with kvfree to avoid a pa...
CVE-2024-35846
CVE-2024-35846 affects the Linux kernel’s zswap shrinker under memcg-disabled (boot flag cgroup_disable=memory). A NULL memcg (sc->memcg == NULL) could cause a NULL dereference in memcg_page_state(), leading to a crash. The issue has been fixed in the kernel (as described in the connected docu...
CVE-2024-35953
The CVE-2024-35953 issue affects the Linux kernel’s accel/ivpu code: ivpu_device->context_xa could deadlock because the XA lock could be held in a thread and interrupted by IRQs that also lock it. The fix is to pass XA_FLAGS_LOCK_IRQ during initialization to prevent the second lock in IRQ cont...
CVE-2024-36001
Mode C (detailed). CVE-2024-36001 affects the Linux kernel netfs write path for buffered files under write-through caching. The root cause: in netfs_perform_write(), when a file is marked for writethrough or O_*SYNC/RWF_*SYNC, the code previously skipped the flush and wait if writing at/above EOF...
CVE-2024-36935
CVE-2024-36935 : In the Linux kernel, a memory copy from userspace into a kernel buffer for the ice path could miss a terminating NUL, enabling an OOB read when sscanf() is used. The fix uses memdup_user_nul instead of memdup_user to guarantee NUL termination. Affected component is the kernel’s i...
CVE-2024-36962
CVE-2024-36962 affects the Linux kernel KS8851 driver (net: ks8851). The vulnerability arises when RX packets are queued inside an IRQ handler that is protected by a mutex, which could lead to hanging due to a potential lock conflict with net_rx_action(). The fix replaces BH manipulation (local_b...
CVE-2024-38390
CVE-2024-38390 affects the Linux kernel DRM/MSM a6xx path. The vulnerability arises when speedbin setting fails, causing a null pointer dereference during cleanup if msm_gpu_init() did not complete (gpu->pdev is only assigned in a6xx_gpu_init -> adreno_gpu_init -> msm_gpu_init). The cano...
CVE-2024-38614
CVE-2024-38614 affects the Linux kernel OpenRISC traps handling. The issue: trap handling could send signals to kernel-mode threads (not user processes), which should not occur; it may be treated as an error when it happens. The patch adds explicit checks to terminate/die when these exceptions ar...
CVE-2024-38625
CVE-2024-38625 affects the Linux kernel ntfs3 NTFS driver. The root cause is a NULL folio pointer in fs/ntfs3 checks when bmap is invoked; this can lead to a crash. The CVSSv3.1 vector indicates Local, Low attack complexity, Low privileges, no user interaction, with Availability impact HIGH (I=NO...
CVE-2024-41025
In the connected documents, CVE-2024-41025 is described as a Linux kernel issue fixed by addressing a memory leak in the fastrpc audio daemon attach path. Specifically, the Audio PD daemon copies a name via init IOCTL into kernel memory that is allocated but not freed, causing a leak. The vulnera...
CVE-2024-42064
The CVE-2024-42064 entry is a Linux kernel vulnerability affecting the DRM AMD display driver. The issue occurs when a pipe index is not set correctly, causing a driver crash. The fix adds code to skip a pipe whose idx is not properly set, mitigating the crash. Connected sources (MSRC and Nessus ...
CVE-2024-57918
Technical details for CVE-2024-57918 are not publicly provided in the connected documents; monitor for updates.
CVE-2025-21746
The CVE-2025-21746 issue affects the Linux kernel Input: synaptics path for enabling a pass-through port. Root cause: when enabling a pass-through port, an interrupt may arrive before the psmouse driver binds, and the synaptics sub-driver may access a psmouse instance not yet attached, potentiall...
CVE-2025-21817
The CVE-2025-21817 entry concerns the Linux kernel block subsystem: GFP_NOIO is now required around sysfs ->store() to prevent potential deadlock when sysfs->store callbacks allocate memory via GFP_KERNEL during direct reclaim. This vulnerability vector arises from GFP_KERNEL allocations ta...
CVE-2025-21827
The CVE-2025-21827 entry is supported by connected sources describing a Linux kernel Bluetooth issue: Mediatek btusb lacked proper locking around usb_driver_claim_interface(), risking a NULL pointer dereference or an "Failed to claim iso interface" error when the code runs via the hci0 path durin...
CVE-2025-21987
CVE-2025-21987: In Linux kernel DRM/AMDGPU, the bug is in init return value in amdgpu_ttm_clear_buffer; an uninitialized value could be returned if amdgpu_res_cleared returns true for all regions. The issue has been fixed via a cherry-picked commit (commit 7c62aacc3b452f73a1284198c81551035fac6d71...
CVE-2025-37760
Technical details about CVE-2025-37760 are not provided in the supplied connected documents. No affected product/version or fix is specified here. Monitor for updates.
CVE-2025-37814
CVE-2025-37814 : In the Linux kernel, the TIOCL_SELMOUSEREPORT ioctl now requires CAP_SYS_ADMIN for all usages. A prior patch loosened this for some modes, but it introduced inconsistent logic and a potential local risk: enabling mouse reports could allow injection-like input into terminal-report...