CVE-2022-48720

The CVE-2022-48720 issue in the Linux kernel affects the macsec netdev offload path. The root cause is that NETDEV_UNREGISTER handling in the macsec netdev notify path released only software resources, leaving macsec HW offload resources under the underlay driver uncleaned, causing a resource lea...

CVE-2021-47096

CVE-2021-47096 affects the Linux kernel ALSA rawmidi/sequencer component. The issue is a bug in the open() path where the user_pversion field for the user-space file structure was left uninitialized due to kmalloc usage for the file private structure; the ALSA sequencer code later clears the file...

CVE-2021-47106

CVE-2021-47106 concerns a Linux kernel nf_tables use-after-free in nft_set_catchall_destroy, caused by accessing catchall after kfree_rcu(). The fix requires using a safe iterator (list_for_each_entry_safe) to walk the set elements. Syzbot reported KASAN use-after-free in nft_set_catchall_destroy...

CVE-2021-47109

CVE-2021-47109: In the Linux kernel, IFF_POINTOPOINT interfaces use NUD_NOARP entries for IPv6. An attacker can force GC of NUD_NOARP entries by overflowing the neighbour table, leading to valid connections being dropped. The issue is tied to a change around neighbor garbage collection (commit 58...

CVE-2021-47139

CVE-2021-47139 affects the Linux kernel hns3 driver. A race occurs because the netdevice is registered before client initialization completes, creating a window where changes to channels or rx CPU map can trigger hns3_set_rx_cpu_rmap() twice, leading to a crash (BUG at lib/cpu_rmap.c). The fix, a...

CVE-2021-47148

CVE-2021-47148 affects the Linux kernel octeontx2-pf driver. The issue is a buffer overflow in otx2_set_rxfh_context() that can occur when calling ethtool_set_rxfh() with a user-controlled *rss_context; the code has been updated with bounds checking to prevent memory corruption. The description a...

CVE-2021-47152

CVE-2021-47152 concerns a Linux kernel vulnerability in the MPTCP data path that can cause data stream corruption. The root cause is that mptcp_frag_can_collapse_to() could reuse memory fragments when non-MPTCP protocols allocate page fragments, leading to corruption of mptcp_data_frag. The fix, ...

CVE-2021-47216

CVE-2021-47216 affects the Linux kernel SCSI AdvanSys driver. The root cause is a kernel pointer leak caused by printing pointers cast to unsigned long with %lx instead of using %p/%px. A patch fixes the issue by changing pointer printing format from %lx to %p, effectively printing the hashed poi...

CVE-2021-47262

CVE-2021-47262 concerns the Linux kernel KVM subsystem. The issue arises in the x86 KVM tracepoint handling for nested VM-Enter failures, where string literals used by the “nested VM-Enter failed” tracepoint could outlive memory they reference if the tracepoint is emitted from modules (e.g., kvm-...

CVE-2021-47343

CVE-2021-47343 is a Linux kernel issue in the device-mapper (dm) btree removal path. The bug could cause an uninitialized value to be assigned to new_root when removal fails, leading to out-of-bounds access in dm-thin metadata (details_root/details_info) and potential general protection faults. T...

CVE-2021-47417

CVE-2021-47417 refers to a Linux kernel memory-leak issue in libbpf’s strset management. The vulnerability arises from freeing only internal parts previously, not the strset structure itself, allowing a memory leak. The CVE description and connected advisories confirm this root cause and indicate...

CVE-2021-47420

CVE-2021-47420 affects the Linux kernel in the DRM/AMDKFD path. The issue is a memory leak: memory allocated for ttm->sg by kmalloc in kfd_mem_dmamap_userptr is not freed in kfd_mem_dmaunmap_userptr. The vulnerability has been resolved by freeing the leaked memory. Connected advisories (Astra ...

CVE-2021-47471

CVE-2021-47471 affects the Linux kernel, specifically the DRM mxsfb driver. The vulnerability occurs when unloading the driver if mxsfb->crtc.funcs is NULL, causing a NULL pointer dereference by calling mxsfb_irq_disable() via drm_irq_uninstall(). The patch changes the sequence to use mxsfb-&g...

CVE-2021-47510

CVE-2021-47510 affects the Linux kernel's btrfs implementation. A write-hole during tree-log node freeing on zoned devices can trigger a transaction abort (-11) with -EAGAIN when the tree-log depth is ≥ 2, causing write failures during fsync/write paths. The issue is fixed by correctly re-dirtyin...

CVE-2021-47514

CVE-2021-47514 : In the Linux kernel, there is a vulnerability in the devlink netns refcount handling, specifically a leak in netns refcounts in devlink_nl_cmd_reload(). The root cause is that some error paths forgot to release a netns refcount during the devlink_reload() flow. The patch fixes th...

CVE-2021-47526

CVE-2021-47526 is a Linux kernel vulnerability in the serial: liteuart driver causing a NULL pointer dereference in _remove() when drvdata isn’t set in _probe(). The root cause is missing drvdata assignment which leads to platform_get_drvdata() returning NULL in _remove(). The issue affects the L...

CVE-2021-47535

CVE-2021-47535 concerns the Linux kernel DRM MSM A6XX driver. The issue arises in a6xx_get_gmu_registers() where three sets of GMU registers are read but the allocation for the array wasn’t updated, triggering a KASAN slab-out-of-bounds write (Write of size 8) in _a6xx_get_gmu_registers. Public n...

CVE-2021-47658

CVE-2021-47658 affects the Linux kernel DRM/AMD/PM component. The issue is a memory leak where gpu_metrics_table is allocated in renoir_init_smc_tables() but not freed in smu_v12_0_fini_smc_tables(), as described in the provided entries. Impact details are limited to a potential memory leak with ...

CVE-2022-48644

Summary (CVE-2022-48644): A Linux kernel net/sched taprio offload bug could crash the kernel when disabling offload if flags were left at TAPRIO_FLAGS_INVALID after an error path. The code evaluated FULL_OFFLOAD_IS_ENABLED(q->flags) on an invalid flag value (U32_MAX), causing a crash when tapr...

CVE-2022-48783

CVE-2022-48783 affects the Linux kernel net: dsa lantiq_gswip driver. The issue is a use-after-free in gswip_remove() where of_node_put(priv->ds->slave_mii_bus->dev.of_node) must be done before mdiobus_free(priv->ds->slave_mii_bus). Connected documentation provides the exact remedi...

CVE-2022-48865

CVE-2022-48865 affects the Linux kernel TIPc bearer path; root cause is a race where monitoring data is not yet allocated when a bearer is enabled, leading to a NULL pointer dereference (mon->dom_gen) during tipc_mon_prep(). The issue was fixed by allocating the monitoring data before enabling...

CVE-2022-49001

CVE-2022-49001 describes a race condition in the Linux kernel riscv path where, during vmap stack overflow handling, multiple harts can contend on the same shadow stack. The root cause is a race between switching to the shadow stack and calling get_overflow_stack() when more than one hart uses th...

CVE-2022-49170

CVE-2022-49170 concerns the F2FS implementation in the Linux kernel. The root cause was a missing sanity check on curseg->alloc_type, which could widen an array-bounds access of sbi->block_count[] (UBSAN: array-index-out-of-bounds) when mounting/operating a corrupted image. The issue manife...

CVE-2022-49222

In CVE-2022-49222, the Linux kernel drm/bridge anx7625 EDID reader was vulnerable because edid_pos was stored in a u8, allowing overflow when EDID blocks exceed 256 bytes. The documented fix changes edid_pos to an int to safely read longer EDID blocks. The CVE is categorized with LOCAL attack vec...

CVE-2022-49450

CVE-2022-49450 relates to the Linux kernel AF_RXRPC listen() backlog handling. The underlying issue is that the backlog can be configured up to 32, but the preallocation ring has 32 slots and one slot is always dead due to the ring using CIRC_CNT(). This caused an oops on socket close when listen...

CVE-2022-49477

CVE-2022-49477 affects the Linux kernel’s ASoC Samsung code for aries_audio_probe. The vulnerability arises from a refcount leak: of_parse_phandle() returns a node pointer with an incremented refcount, and of_node_put() must be called on it when done. If extcon_find_edev_by_node() fails, of_node_...

CVE-2022-49483

CVE-2022-49483 affects the Linux kernel code path for DRM MSM Display (drm/msm/disp/dpu1). The issue is a NULL pointer dereference that can occur when uninitializing DRM, specifically if hw_intr is NULL and the driver clears interrupts during drm uninit or during probe/bind failure paths, leading...

CVE-2022-49506

The CVE-2022-49506 issue affects the Linux kernel DRM/Mediatek path, where a race between the vblank callback registration and disabling vblank could yield NULL callback data in the ovl IRQ path, risking kernel panic. The documented fix adds a vblank callback registration flow: register callback ...

CVE-2022-49608

CVE-2022-49608 pertains to the Linux kernel pinctrl: ralink subsystem. A allocation failure can make data->domains NULL, leading to a NULL pointer dereference. The described fix adds a null return check after devm_kcalloc and suggests returning -ENOMEM immediately instead of manually freeing d...

CVE-2022-49741

In the Linux kernel, CVE-2022-49741 affects the fbdev smscufx driver by faulty error handling in ufx_usb_probe, which the advisory and connected Nessus/NASL records describe as causing a memory leak (unreferenced object in ufx_usb_probe). The issue is tied to the ufx_usb_probe error path, includi...

CVE-2022-49771

CVE-2022-49771 affects the Linux kernel’s dm-thin/ioctl path. The vulnerability arises when __list_versions uses dm_target_iterate twice under race conditions between the first size estimation and the second information retrieval, allowing module loading to occur between the two calls. The second...

CVE-2022-49818

CVE-2022-49818 affects the Linux kernel mISDN code. The vulnerability arises from misuse of put_device() in mISDN_register_device(), where a release/reference is performed before device_initialize(), potentially leading to use-after-free-like behavior. The attached advisories (Unity Linux UTSA en...

CVE-2022-49888

CVE-2022-49888 affects the ARM64 Linux kernel entry path. The Cortex-A76 erratum workaround (cortex_a76_erratum_1463225_debug_handler) was not inlined due to a patch, allowing a kprobe to probe the function and potentially trigger recursive exceptions and a stack overflow when a probed function e...

CVE-2022-50076

CVE-2022-50076 concerns the Linux kernel CIFS implementation: a memory leak in the deferred close path has been fixed. The description from multiple sources (NVD entry and connected advisories) shows the issue manifests as a kmemleak report during SMB2/xfstests (xfstests on smb21 report kmemleak)...

CVE-2022-50079

CVE-2022-50079 affects the Linux kernel’s DRM AMD display driver (DCN303). The issue is a boundary check error in drm/amd/display where eng_id for DCN303 must not exceed 1, since there are only two stream-encoder instances. The root cause is an incorrect boundary condition that could allow an out...

CVE-2022-50111

CVE-2022-50111 concerns a Linux kernel issue in the ASoC mt6359 driver where a refcount leak occurs. The root cause is that in mt6359_parse_dt() and mt6359_accdet_parse_dt(), a reference returned by of_get_child_by_name() is not balanced with of_node_put(), leaving a leaked reference. The availab...

CVE-2022-50127

CVE-2022-50127 affects the Linux kernel RDMA/rxe path. The vulnerability occurs in rxe_create_qp() where rxe_qp_from_init() initializes qp before spinlocks are set up (before rxe_qp_init_req()). If an error happens prior to the proper initialization, an unwind path calls rxe_cleanup()/rxe_qp_do_c...

CVE-2022-50149

CVE-2022-50149 : Linux kernel driver core vulnerability in __driver_attach where async probing could deadlock with dev locks. Reproduced when async probes are allowed but memory/work limits force synchronous execution, causing ABBA-style deadlock with __driver_attach_async_helper holding device l...

CVE-2022-50185

In CVE-2022-50185, the Linux kernel drm/radeon path ni_set_mc_special_registers() is vulnerable to a potential buffer overflow. The last case label could write mc_reg_address[j] and mc_data[j] when j equals SMC_NISLANDS_MC_REGISTER_ARRAY_SIZE due to missing bounds checks after the last j++. The f...

CVE-2022-50220

CVE-2022-50220 is a Linux kernel vulnerability in the usbnet subsystem where a use-after-free can occur on disconnect due to linkwatch handling after unregister_netdev. The issue stems from usbnet_deferred_kevent() being awaited in a path that may access freed netdev state, potentially enabling m...

CVE-2023-52505

CVE-2023-52505 affects the Linux kernel driver for lynx-28g PHYs. The issue arises when concurrent phy_set_mode_ext() calls target PCC-related protocol-converter registers (PCC8, PCCC, PCCD) across multiple lanes, risking hardware register corruption because lynx_28g_rmw() lacked locking. The fix...

CVE-2023-52570

CVE-2023-52570 affects the Linux kernel vfio/mdev path. The vulnerability is a NULL pointer dereference that can occur in mdev_unregister_parent() during module removal of the mdpy.mdpy (mdpy.ko), traced to probing/initialization flow (kobject_add_internal/kobject_init_and_add) and mdev_type_add(...

CVE-2023-52761

CVE-2023-52761 : In the Linux kernel, the riscv VMAP_STACK overflow detection patch (commit 31da94c25aea) adds CONFIG_VMAP_STACK support and fixes a race where two CPUs could overflow the kernel stack and corrupt each other. The changes introduce a per-CPU overflow stack lookup (via an asm macro)...

CVE-2023-52767

CVE-2023-52767 : In the Linux kernel, a NULL dereference could occur in the TLS path when tls_sw_splice_eof() runs as part of sendfile() with an empty plaintext/ciphertext sk_msg. The issue caused tls_push_record() to take the split path and tls_merge_open_record(), which assumed at least one pop...

CVE-2023-52792

Summary (CVE-2023-52792) The Linux kernel cxl/region cleanup path incorrectly reused resources when cxl_region_setup_targets() failed, risking -EBUSY on decoder region and possible resource leakage. The fix short-circuits cleanup on initialization failure (return immediately) and adds a guard to ...

CVE-2023-52828

CVE-2023-52828 (Linux kernel) : The vulnerability arises from BPF verifier handling after a bpf_throw call. Because bpf_throw is the first noreturn call in the verifier, dead code elimination causes subsequent instructions to be treated as unseen, which can affect stack unwinding when a program t...

CVE-2023-53031

In CVE-2023-53031, the Linux kernel vulnerability affects the POWER9/PowerPC imc-pmu code where a mutex is used in sections where IRQs are disabled. The underlying issue is that mutex_lock may call __might_resched(), which can emit a warning when IRQs are disabled, potentially triggering sleep-re...

CVE-2023-53035

CVE-2023-53035 : Linux kernel nilfs2 information-leak in nilfs_ioctl_wrap_copy() fixed. The ioctl helper may copy uninitialized buffers to user space for NILFS_IOCTL_GET_SUINFO/GET_CPINFO when the user-space metadata size (v_size) exceeds the on-disk element size. The issue is demonstrated via KM...

CVE-2023-53041

CVE-2023-53041 has concrete details in the Connected documents. The issue is in the Linux kernel’s qla2xxx SCSI driver: during controller add/remove, abort path completes commands with a lock still held, causing a lock-warning in dma_free_attrs. The observed call trace centers on qla2x00_async_sn...

CVE-2023-53111

CVE-2023-53111 affects the Linux kernel loop subsystem. The vulnerability arises from a use-after-free in loop_handle_cmd() after do_req_filebacked() completes, which may dereference cmd or rq depending on whether the request was completed when using asynchronous I/O. The issue can lead to a kern...