14330 matches found
CVE-2022-49683
The CVE-2022-49683 entry concerns the Linux kernel, specifically the IIO ADC driver for adi-axi-adc. The root cause is a refcount leak where of_parse_phandle() returns a node pointer with an incremented refcount, and the patch adds a missing of_node_put() when the node is no longer needed. The ch...
CVE-2022-49686
CVE-2022-49686 affects the Linux kernel USB gadget UVC path (configfs-gadget: uvc) where uvcg_video_pump can double-add a request to the free list, leading to a kernel BUG and panic when an endpoint is disabled and the request is re-queued. The issue is demonstrated by kernel BUG at lib/list_debu...
CVE-2022-49718
CVE-2022-49718 concerns a Linux kernel issue in the irqchip/apple-aic path. The root cause is a refcount leak in aic_of_ic_init: of_get_child_by_name() returns a node pointer with an incremented refcount, and the patch adds a missing of_node_put() to release it when no longer needed. The connecte...
CVE-2022-49771
CVE-2022-49771 affects the Linux kernel’s dm-thin/ioctl path. The vulnerability arises when __list_versions uses dm_target_iterate twice under race conditions between the first size estimation and the second information retrieval, allowing module loading to occur between the two calls. The second...
CVE-2022-49772
CVE-2022-49772 affects the Linux kernel’s ALSA USB audio driver (snd_usbmidi_output_open). The vulnerability arises from a NULL port check that used snd_BUG_ON(); although the check is valid for unexpected NULL ports, this scenario can occur when a device reports an invalid endpoint during descri...
CVE-2022-49822
The CVE refers to a Linux kernel CIFS issue: when tlink setup fails, connections may not be released, causing a refcount leak in the CIFS module and leaking fscache info, which can lead to errors on subsequent mounts (e.g., CIFS: Cache volume key already in use). The vulnerability is tied to the ...
CVE-2022-49888
CVE-2022-49888 affects the ARM64 Linux kernel entry path. The Cortex-A76 erratum workaround (cortex_a76_erratum_1463225_debug_handler) was not inlined due to a patch, allowing a kprobe to probe the function and potentially trigger recursive exceptions and a stack overflow when a probed function e...
CVE-2022-50000
CVE-2022-50000 affects the Linux kernel netfilter flowtable cleanup. The issue arises when a flow table entry has pending hardware stats/add work; in that case HW delete work is skipped, causing a race between software/ hardware cleanup and potentially a use-after-free during flowtable teardown. ...
CVE-2022-50045
CVE-2022-50045 is a Linux kernel issue affecting the powerpc/pci path. The vulnerability arose from a locking interaction in get_phb_number(), which could cause a DEBUG_ATOMIC_SLEEP warning when sleep-prone OF routines are called while a hose_spinlock is held. The resolution involves modifying ge...
CVE-2022-50086
The CVE CVE-2022-50086 concerns a Linux kernel issue where concurrent writes to io cost qos (rq_qos) could cause the same rq_qos type to be added twice to a disk, leading to list walk corruption and potential crashes. Connected advisories (EulerOS/Nessus entries) reference the same description an...
CVE-2022-50127
CVE-2022-50127 affects the Linux kernel RDMA/rxe path. The vulnerability occurs in rxe_create_qp() where rxe_qp_from_init() initializes qp before spinlocks are set up (before rxe_qp_init_req()). If an error happens prior to the proper initialization, an unwind path calls rxe_cleanup()/rxe_qp_do_c...
CVE-2023-52570
CVE-2023-52570 affects the Linux kernel vfio/mdev path. The vulnerability is a NULL pointer dereference that can occur in mdev_unregister_parent() during module removal of the mdpy.mdpy (mdpy.ko), traced to probing/initialization flow (kobject_add_internal/kobject_init_and_add) and mdev_type_add(...
CVE-2023-52671
CVE-2023-52671 : Linux kernel vulnerability in drm/amd/display related to ODM4:1 transition. The issue could hang or underflow when disabling an OPTC and reclaiming its OPPs for a different OPTC, due to OPPs not being properly disconnected from the disabled OPTC. The published description states ...
CVE-2023-52701
The CVE-2023-52701 entry concerns Linux kernel net handling: copying skb marks and skb_cb data led to a memory exposure via usercopy checks, observed as a kernel crash on arm64 when CONFIG_HARDENED_USERCOPY=y. Root cause: copying data from skb->cb[] and skb->mark can bypass size checks; pat...
CVE-2023-52746
CVE-2023-52746 concerns a Spectre v1 gadget in the Linux kernel’s xfrm_xlate32_attr() path. The vulnerability arises from using the user-provided nla_type as an array index when type > XFRMA_MAX, potentially leaking kernel memory. The patch set introduces array_index_nospec() use to prevent sp...
CVE-2023-52767
CVE-2023-52767 : In the Linux kernel, a NULL dereference could occur in the TLS path when tls_sw_splice_eof() runs as part of sendfile() with an empty plaintext/ciphertext sk_msg. The issue caused tls_push_record() to take the split path and tls_merge_open_record(), which assumed at least one pop...
CVE-2023-52782
The CVE-2023-52782 entry pertains to the Linux kernel net/mlx5e driver: it fixes a race in tracking xmit metadata for PTP WQ where the skb may not be present in the mapping when the metadata index is tracked, risking a null pointer dereference. The fix ensures skb is in metadata mapping before tr...
CVE-2023-52786
CVE-2023-52786 affects the Linux kernel ext4 subsystem. The issue is a race in the inline data check during direct IO (dio) writes: ext4_iomap_begin() can observe inline data concurrently with MAY_INLINE_DATA state clearing across a lock cycle, potentially allowing a dio write to proceed in an un...
CVE-2023-52852
CVE-2023-52852 concerns a Linux kernel vulnerability in f2fs compression code where a use-after-free can occur for the dic pointer during readahead/multi-page decompress flow. The root cause, as described in the connected docs, is that after f2fs_decompress_cluster() is invoked and a cached page ...
CVE-2023-52874
CVE-2023-52874 (Linux kernel, x86/tdx): the vulnerability stems from an omission in the TDX_HYPERCALL path where RSI was not cleared when returning from TDCALL, risking speculation of VMM-provided values after the guest legally shares registers with the untrusted VMM. The issue originates from a ...
CVE-2023-53011
The CVE-2023-53011 issue concerns the Linux kernel’s stmmac driver (DWMAC5) where, by default, all safety features were enabled. If a hardware platform did not provide a safety_feat_cfg entry, enabling the automotive safety package could trigger a NULL pointer dereference during network device op...
CVE-2023-53041
CVE-2023-53041 has concrete details in the Connected documents. The issue is in the Linux kernel’s qla2xxx SCSI driver: during controller add/remove, abort path completes commands with a lock still held, causing a lock-warning in dma_free_attrs. The observed call trace centers on qla2x00_async_sn...
CVE-2023-53139
The CVE-2023-53139 issue is in the Linux kernel’s NFC FDP code: it adds a null check for devm_kmalloc_array in fdp_nci_i2c_read_device_properties. If devm_kmalloc_array fails and fw_vsc_cfg is NULL, an out-of-bounds write can occur in device_property_read_u8_array. The vulnerability is addressed ...
CVE-2024-26728
CVE-2024-26728 is a Linux kernel issue affecting the DRM/AMD display path, where a null-pointer dereference could occur during EDID reading. The fix switches to using an I2C adapter when there is no aux_mode in dc_link to prevent the dereference in scenarios involving DCN2.1 and HDMI connectors (...
CVE-2024-26755
CVE-2024-26755 affects the Linux kernel's MD (multiple devices) subsystem. When a reshape is interrupted, a race can occur between an IO operation crossing the reshape position and a potential suspend of the array triggered by md_start_sync() finding a spare to add/remove from conf. This can dead...
CVE-2024-26849
CVE-2024-26849 is a Linux kernel vulnerability affecting netlink attribute policy for NFTA_TARGET_REV. The minlen entry for NLA_BE32 is zero, causing validation to read past a malformed attribute (risk of kernelread). Concrete details appear in connected advisories (e.g., kernel commits a2ab02815...
CVE-2024-26867
CVE-2024-26867 concerns the Linux kernel issue in comedi_8255: subdevice initialization. The root cause, described across multiple sources, is a refactoring in comdrivers/comedi_8255.c where the io field in subdev_8255_private could be left NULL after initialization, because __subdev_8255_init() ...
CVE-2024-33847
CVE-2024-33847 relates to the Linux kernel’s f2fs compression feature. The root cause is a truncation bug on released compressed inodes that can corrupt a f2fs image if a partial truncation changes the valid block count without updating i_blocks/total_valid_block_count. The patch fixes by allowin...
CVE-2024-35798
CVE-2024-35798 is a Linux kernel vulnerability in btrfs where a race in read_extent_buffer_pages can cause uptodate status to be missed during concurrent reads of the same extent buffer. The issue can lead to concurrent modification and tree-checker errors (e.g., corrupted nodes) due to an unnece...
CVE-2024-35874
In CVE-2024-35874, the Linux kernel vulnerability is a NULL pointer dereference in the aio wakeup path. The issue arises because list_del_init_careful() must be the last access to the wait queue entry, effectively unlocking access, and finish_wait() could see an empty list head, skip locking, and...
CVE-2024-35948
In the Linux kernel (bcachefs), a missing bounds check in superblock validation allowed journal entries to overrun the end of the clean section. The issue has been fixed with a bounds-check in the superblock validation path. No repair code for individual items is available; the entire superblock ...
CVE-2024-35953
The CVE-2024-35953 issue affects the Linux kernel’s accel/ivpu code: ivpu_device->context_xa could deadlock because the XA lock could be held in a thread and interrupted by IRQs that also lock it. The fix is to pass XA_FLAGS_LOCK_IRQ during initialization to prevent the second lock in IRQ cont...
CVE-2024-36281
CVE-2024-36281 affects the Linux kernel net/mlx5/IPsec rules. The vulnerability arises from rx_create and improper mlx5_modify_header_dealloc usage, which could lead to a NULL pointer dereference and an earlier rule-leak when two status rules are populated. The fix switches to mlx5_ipsec_rx_statu...
CVE-2024-36935
CVE-2024-36935 : In the Linux kernel, a memory copy from userspace into a kernel buffer for the ice path could miss a terminating NUL, enabling an OOB read when sscanf() is used. The fix uses memdup_user_nul instead of memdup_user to guarantee NUL termination. Affected component is the kernel’s i...
CVE-2024-38569
CVE-2024-38569 concerns the Linux kernel driver for HISI PCIe in the perf subsystem. Description: the perf tool allows creating event groups; if the number of events in an event_group exceeds HISI_PCIE_MAX_COUNTERS, the driver may write past the end of the event_group array, causing an out-of-bou...
CVE-2024-38614
CVE-2024-38614 affects the Linux kernel OpenRISC traps handling. The issue: trap handling could send signals to kernel-mode threads (not user processes), which should not occur; it may be treated as an error when it happens. The patch adds explicit checks to terminate/die when these exceptions ar...
CVE-2024-38622
CVE-2024-38622 concerns a Linux kernel issue in drm/msm/dpu where dpu_core_irq_callback_handler() checks a callback pointer for NULL but then unconditionally calls it. The vulnerability arises from calling a possibly NULL function pointer, which could lead to kernel behavior disruption. The fix a...
CVE-2024-41025
In the connected documents, CVE-2024-41025 is described as a Linux kernel issue fixed by addressing a memory leak in the fastrpc audio daemon attach path. Specifically, the Audio PD daemon copies a name via init IOCTL into kernel memory that is allocated but not freed, causing a leak. The vulnera...
CVE-2024-41061
CVE-2024-41061: In the Linux kernel’s DRM/AMD display code, an array-index-out-of-bounds can occur in dml2/FCLKChangeSupport when using out_lowest_state_idx as an index. The core fix is to always use index 0 in the condition to prevent out-of-bounds access. The vulnerability impact is rated HIGH ...
CVE-2024-42064
The CVE-2024-42064 entry is a Linux kernel vulnerability affecting the DRM AMD display driver. The issue occurs when a pipe index is not set correctly, causing a driver crash. The fix adds code to skip a pipe whose idx is not properly set, mitigating the crash. Connected sources (MSRC and Nessus ...
CVE-2024-42162
CVE-2024-42162 : In the Linux kernel gve driver, reading NIC statistics could access priv->stats_report->stats when the NIC reported stats for only a subset of queues. The fix adds accounting for stopped queues to prevent invalid access. This is a high‑severity (CVSS v3.1 base score 7.0) lo...
CVE-2024-44978
CVE-2024-44978 affects the Linux kernel DRM/XE subsystem. The issue is a use-after-free risk where the last xe_exec_queue_put could destroy the VM if job->vm becomes invalid. The fix prevents this by freeing the job before xe_exec_queue_put, cherry-picking commit 32a42c93b74c8ca6d0915ea3eba21b...
CVE-2024-44994
CVE-2024-44994 is a Linux kernel issue in iommu_report_device_fault() where the return path was accidentally removed for partial faults, risking a crash. The problem has a known fix: restoring the missing return in iommu_report_device_fault(), as noted in the kernel commits referenced by the CVE ...
CVE-2024-57918
Technical details for CVE-2024-57918 are not publicly provided in the connected documents; monitor for updates.
CVE-2024-57943
CVE-2024-57943 affects the Linux kernel exFAT path where a newly allocated buffer head could write uninitialized data from the page cache. The root cause is that buffers marked as new were not zeroed before write_end(), risking data leakage or corruption. The remediation is a kernel commit that c...
CVE-2025-21827
The CVE-2025-21827 entry is supported by connected sources describing a Linux kernel Bluetooth issue: Mediatek btusb lacked proper locking around usb_driver_claim_interface(), risking a NULL pointer dereference or an "Failed to claim iso interface" error when the code runs via the hci0 path durin...
CVE-2025-21987
CVE-2025-21987: In Linux kernel DRM/AMDGPU, the bug is in init return value in amdgpu_ttm_clear_buffer; an uninitialized value could be returned if amdgpu_res_cleared returns true for all regions. The issue has been fixed via a cherry-picked commit (commit 7c62aacc3b452f73a1284198c81551035fac6d71...
CVE-2025-22048
Summary of CVE-2025-22048 (Linux kernel LoongArch BPF issue) : The problem was triggered by sign-extending the BPF return value. After commit 73c359d1d356, a5 (BPF return value) was sign-extended to a0, and for native calls the a0 value was propagated back to a5. For bpf2bpf calls this propagatio...
CVE-2025-37762
CVE-2025-37762 affects the Linux kernel DRM virtio, where prepare_fb() error handling missed dmabuf unpinning, causing resource leaks on error paths. The vulnerability is fixed by correcting error handling in prepare_fb(), as noted in multiple sources (e.g., Astra Linux advisory citing the same d...
CVE-2025-37847
CVE-2025-37847: In the Linux kernel, a deadlock could occur in accel/ivpu during ivpu_ms_cleanup() when runtime resume acquires file_priv->ms_lock, leading to a cold boot path that calls ivpu_ms_cleanup_all(). The issue is resolved by preventing runtime resume after ms_lock is acquired, avoidi...