14330 matches found
CVE-2009-3725
CVE-2009-3725 affects the Linux kernel prior to 2.6.31.5 and relates to the connector layer not requiring CAP_SYS_ADMIN for certain interactions with uvesafb, pohmelfs, dst, or dm, enabling local users to bypass access restrictions and escalate privileges. Public references corroborate a local-pr...
CVE-2011-0463
CVE-2011-0463 affects the OCFS2 code path in the Linux kernel. The issue is in the function ocfs2_prepare_page_for_write where holes crossing page boundaries are not handled correctly, enabling a local user to read potentially sensitive data from uninitialized disk locations. The description indi...
CVE-2011-4913
CVE-2011-4913 affects the Linux kernel before 2.6.39. The rose_parse_ccitt function in net/rose/rose_subr.c does not validate FAC_CCITT_DEST_NSAP and FAC_CCITT_SRC_NSAP fields, allowing remote attackers to cause a denial of service (integer underflow, heap memory corruption, panic) with a small l...
CVE-2012-5532
The CVE-2012-5532 issue exists in the Linux kernel hypervkvpd hv_kvp_daemon: the main function in tools/hv/hv_kvp_daemon.c allows a local user to trigger a denial of service (daemon exit) via a crafted Netlink message. It is noted as a consequence of an incorrect fix for CVE-2012-2669, and a patc...
CVE-2013-4254
The CVE-2013-4254 issue affects the Linux kernel on ARM where the validate_event function in arch/arm/kernel/perf_event.c before 3.10.8 can be triggered by adding a hardware event to an event group led by a software event, allowing local privilege escalation or causing a NULL pointer dereference ...
CVE-2013-4514
CVE-2013-4514 affects the Linux kernel up to version 3.11, specifically in drivers/staging/wlags49_h2/wl_priv.c. The vulnerability is caused by multiple buffer overflows in wl_priv.c related to handling a long station-name string, with exploitation requiring CAP_NET_ADMIN. The affected functions ...
CVE-2014-5045
CVE-2014-5045 – Linux kernel mountpoint_last bug (pre-3.15.8) Affected: Linux kernel versions prior to 3.15.8.Root cause: The mountpoint_last function in fs/namei.c does not properly maintain a reference count when unmount is used in conjunction with a symlink.Impact: Local users could cause deni...
CVE-2015-0572
The CVE-2015-0572 entry concerns the ADSPRPC driver for the Linux kernel (drivers/char/adsprpc.c and drivers/char/adsprpc_compat.c) used in Qualcomm QuIC MSM Android contributions and other devices. The issue is a race condition that can be exploited via the COMPAT_FASTRPC_IOCTL_INVOKE_FD ioctl, ...
CVE-2017-18200
CVE-2017-18200 affects the f2fs implementation in the Linux kernel prior to 4.14. The root cause is mishandled reference counts associated with f2fs_wait_discard_bios calls, which can enable a local user to cause a denial of service, demonstrated by fstrim. Public exploit details are not provided...
CVE-2019-3837
CVE-2019-3837 affects the 2.6.32 kernel as shipped in RHEL6. The net_dma code in tcp_recvmsg() is thread-unsafe, so an unprivileged multi-threaded userspace application calling recvmsg() for the same socket in parallel on ioatdma-enabled hardware with net_dma enabled can leak memory, crash the ho...
CVE-2021-4218
CVE-2021-4218 concerns a flaw in the Linux kernel related to reading the SVC RDMA counters. The vulnerability occurs when a local attacker with access triggers reading the counter via a sysctl, which panics the system and can cause a denial of service during reboot. The issue is described as spec...
CVE-2021-47096
CVE-2021-47096 affects the Linux kernel ALSA rawmidi/sequencer component. The issue is a bug in the open() path where the user_pversion field for the user-space file structure was left uninitialized due to kmalloc usage for the file private structure; the ALSA sequencer code later clears the file...
CVE-2021-47150
CVE-2021-47150 is a Linux kernel issue in the network driver fec/enet: the fix addresses a potential memory leak in fec_enet_init(). When cbd_base allocation fails, memory allocated for the queues must be freed; otherwise a leak occurs. If allocation for the queues fails, the function now returns...
CVE-2021-47192
CVE-2021-47192 is a Linux kernel vulnerability in the scsi/core sysfs path that caused a hang/deadlock when a device state is changed via sysfs after iSCSI recovery. The root cause described in connected advisories is that rescan was invoked with state_mutex still held, leading to scsi_host_in_re...
CVE-2021-47206
CVE-2021-47206 is a Linux kernel vulnerability in the usb: host: ohci-tmio path. The root cause is a missing check of the return value from platform_get_resource(), which can lead to a NULL pointer dereference and a potential crash (availability impact). The vulnerability is resolved in the kerne...
CVE-2021-47226
CVE-2021-47226 describes a Linux kernel issue where an XRSTOR on a user-buffered FPU state could fail with a page fault yet modify the destination task’s FPU state. The root cause is that during __fpu__restore_sig(), XRSTOR could run with preserved registers for a different task (fpu_fpregs_owner...
CVE-2021-47262
CVE-2021-47262 concerns the Linux kernel KVM subsystem. The issue arises in the x86 KVM tracepoint handling for nested VM-Enter failures, where string literals used by the “nested VM-Enter failed” tracepoint could outlive memory they reference if the tracepoint is emitted from modules (e.g., kvm-...
CVE-2021-47369
CVE-2021-47369 — Linux kernel (s390/qeth): The issue is a NULL dereference in qeth_clear_working_pool_list() triggered when qeth_set_online() rolls back after an error in qeth_hardsetup_card(), before card->qdio.in_q has been allocated by qeth_alloc_qdio_queues() via qeth_mpc_initialize(). Thi...
CVE-2021-47471
CVE-2021-47471 affects the Linux kernel, specifically the DRM mxsfb driver. The vulnerability occurs when unloading the driver if mxsfb->crtc.funcs is NULL, causing a NULL pointer dereference by calling mxsfb_irq_disable() via drm_irq_uninstall(). The patch changes the sequence to use mxsfb-&g...
CVE-2021-47523
CVE-2021-47523 affects the Linux kernel’s IB/hfi1 path. The issue is a leak of rcvhdrtail_dummy_kvaddr which is allocated in hfi1_init() and can be overwritten on a reinit path, leading to a memory leak. The fix moves the allocation to hfi1_alloc_devdata() and deallocation to hfi1_free_devdata(),...
CVE-2021-47564
CVE-2021-47564 relates to a Linux kernel issue in the marvell prestera driver where an error-path double free could crash the driver. The vulnerability stems from fixable error-path handling in prestera_bridge_port_join(), leading to a crash on the prestera device (trace includes prestera_bridge_...
CVE-2022-48647
CVE-2022-48647 is a Linux kernel issue in the sfc driver where legacy interrupt TX channel handling used a fixed tx_channel_offset of 1, which is incorrect when efx_sepparate_tx_channels is false. The queues reside in a single channel (index 0) with RX, so the offset should be 0; using 1 can caus...
CVE-2022-48671
CVE-2022-48671 affects the Linux kernel in the cgroup subsystem: a missing cpus_read_lock() in cgroup_attach_task_all() allowed a deadlock with threadgroup_rwsem, mitigated by adding cpus_read_lock() (aligned with cgroup_procs_write_start()). The issue was observed by syzbot at cpuset_attach() an...
CVE-2022-48723
CVE-2022-48723 : In the Linux kernel, the uniphier SPI driver’s probe code leaks refcounts for the dma_rx and dma_tx objects on several error paths when dma_get_slave_caps() or devm_spi_register_master() fail. The leak occurs because the reference count is not decremented in those error paths. Th...
CVE-2022-48783
CVE-2022-48783 affects the Linux kernel net: dsa lantiq_gswip driver. The issue is a use-after-free in gswip_remove() where of_node_put(priv->ds->slave_mii_bus->dev.of_node) must be done before mdiobus_free(priv->ds->slave_mii_bus). Connected documentation provides the exact remedi...
CVE-2022-48855
CVE-2022-48855: The connected advisories confirm a Linux kernel SCTP kernel-infoleak fix. The issue arose because r->idiag_expires was not initialized when inet_sctp_diag_fill() invoked inet_diag_msg_common_fill(), enabling a potential 4-byte kernel infoleak via SCTP sockets. The fix requires ...
CVE-2022-49001
CVE-2022-49001 describes a race condition in the Linux kernel riscv path where, during vmap stack overflow handling, multiple harts can contend on the same shadow stack. The root cause is a race between switching to the shadow stack and calling get_overflow_stack() when more than one hart uses th...
CVE-2022-49050
CVE-2022-49050 maps to a Linux kernel issue in memory: renesas-rpc-if where a flash platform-device leak could occur in the error path if registration fails during probe. The fixed code ensures the flash platform device is freed on probe error. The vulnerability is local in scope with a medium ba...
CVE-2022-49225
CVE-2022-49225 affects the Linux kernel component mt7921s (mt76) where a memory leak could occur in mt7921_load_patch if fw data isn’t released. The fix releases fw data at the end of the routine to prevent leak; the vulnerability manifests locally with an availability impact. Affected context re...
CVE-2022-49252
Technical details for CVE-2022-49252 are not present in the provided documents. The connected Astra/SUSE/EUVD entries reference kernel issues but do not disclose specifics for this CVE. Monitor for updates in the supplied feeds.
CVE-2022-49262
CVE-2022-49262 (Linux kernel) : In the Linux kernel crypto/otx2 driver, the CONFIG_DM_CRYPT check was removed. This resolves a NULL pointer dereference in the driver release path when CONFIG_DM_CRYPT is enabled, and was verified to cause a NULL dereference in the call chain during crypto_unregist...
CVE-2022-49324
CVE-2022-49324 affects the Linux kernel via a refcount leak in the mips CPC default physical base. The root cause is a missing of_node_put() to release a refcount incremented by of_find_compatible_node(), leading to a leak. The primary fix is to add the missing of_node_put() to release the refcou...
CVE-2022-49384
CVE-2022-49384 is a Linux kernel vulnerability in the md (memory descriptor) subsystem where io_acct_set bioset could be freed twice. The fix relocates allocation/free of io_acct_set to the personality path and removes freeing in md_free and md_stop. Connected advisories (Astra Linux SUSE securit...
CVE-2022-49400
CVE-2022-49400 concerns a Linux kernel RAID subsystem issue where in reshape the code path freed the mddev and set mddev->private to NULL, causing NULL dereference when a new raid tried to reuse mddev. The fix is to remove the code path that sets mddev->private to NULL in raid0_free, preven...
CVE-2022-49457
CVE-2022-49457 is a Linux kernel issue in ARM versatile: missing of_node_put in dcscb_init. The of_find_compatible_node call increments the device_node refcount, but the code path did not release it, causing a refcount leak. Connected advisories from Astra/TencentUnity/Linux OSS bulletins confirm...
CVE-2022-49477
CVE-2022-49477 affects the Linux kernel’s ASoC Samsung code for aries_audio_probe. The vulnerability arises from a refcount leak: of_parse_phandle() returns a node pointer with an incremented refcount, and of_node_put() must be called on it when done. If extcon_find_edev_by_node() fails, of_node_...
CVE-2022-49485
CVE-2022-49485 describes a Linux kernel issue in drm/v3d: a null pointer dereference of pointer perfmon where WARN_ON happens after the pointer has been dereferenced. The fix is to dereference perfmon only after it has been null-checked. Affected component: Linux kernel (drm/v3d path). Impact, pe...
CVE-2022-49509
CVE-2022-49509 : In the Linux kernel, the vulnerability arises when removing the max9286 I2C driver, causing a kernel oops due to the I2C client data potentially pointing to a freed v4l2_subdev instead of max9286_priv. The fix updates max9286_remove/max9286_probe/max9286_init so that the driver n...
CVE-2022-49608
CVE-2022-49608 pertains to the Linux kernel pinctrl: ralink subsystem. A allocation failure can make data->domains NULL, leading to a NULL pointer dereference. The described fix adds a null return check after devm_kcalloc and suggests returning -ENOMEM immediately instead of manually freeing d...
CVE-2022-49752
CVE-2022-49752 concerns a node refcount leak in the Linux kernel function fwnode_graph_get_next_endpoint . The root cause is that the parent returned by _fwnode_graph_get_port_parent() is refcounted when a previous node is non-NULL and not released. The documented fix introduces a new variable to...
CVE-2022-49761
CVE-2022-49761 - Linux kernel (btrfs) details Affected: Linux kernel with btrfs subsystem; function run_one_delayed_ref() path in the delayed refs workflow. Root cause/what changed: The patch changes error reporting from btrfs_debug() to btrfs_err(), adds extra context (logical bytenr, num_bytes,...
CVE-2022-49763
Summary (CVE-2022-49763) In the Linux kernel NTFS code, the use-after-free issue in ntfs_attr_find() stems from missing bounds checks on the attrs_offset field after loading the first MFT record. The vulnerability was exposed by KASAN reports (use-after-free read) during NTFS attribute handling, ...
CVE-2022-49861
The CVE-2022-49861 issue is in the Linux kernel DMAENGINE mv_xor_v2 driver, where a clk_prepare_enable() call in probe is not balanced by clk_disable_unprepare() in remove, causing a resource leak. A fix adds the missing clk_disable_unprepare() in mv_xor_v2_remove(). Connected advisories (Unity L...
CVE-2022-49889
In CVE-2022-49889, the Linux kernel ring-buffer wake path could dereference a NULL or invalid buffer when waking waiters during ring-buffer shutdown on systems where listed CPUs > online CPUs. The fix adds a NULL check for the buffer and validates the allocation against online CPUs; it also no...
CVE-2022-50010
CVE-2022-50010 affects the Linux kernel’s fbdev i740fb driver. If a user space ioctl supplies a pixclock value causing the argument to i740_calc_vclk() to be less than I740_RFREQ_FIX, a divide-by-zero can occur in p_best calculation (drivers/video/fbdev/i740fb.c:353). The vulnerability arises bec...
CVE-2022-50191
CVE-2022-50191 affects the Linux kernel regulator subsystem (of:), describing a refcount leak in the handling of of_get_regulation_constraints(). The remedy is a fixed lifecycle management: call of_node_put() on the reference returned by of_get_child_by_name() which had its refcount increased. Co...
CVE-2023-52505
CVE-2023-52505 affects the Linux kernel driver for lynx-28g PHYs. The issue arises when concurrent phy_set_mode_ext() calls target PCC-related protocol-converter registers (PCC8, PCCC, PCCD) across multiple lanes, risking hardware register corruption because lynx_28g_rmw() lacked locking. The fix...
CVE-2023-52512
CVE-2023-52512 affects the Linux kernel pinctrl/nuvoton/wpcm450 driver. The root cause is an out-of-bounds write to pctrl->gpio_bank because the GPIO index validity check runs after the write, potentially causing a crash. Red Hat’s advisory notes a crash risk; other sources confirm the issue i...
CVE-2023-52780
CVE-2023-52780 concerns the mvneta Ethernet driver in the Linux kernel. The issue arises from calls to page_pool_get_stats in mvneta without proper checks, potentially triggering a kernel NULL pointer dereference when the page pool is unavailable (e.g., port down, unallocated during errors) and c...
CVE-2023-52792
Summary (CVE-2023-52792) The Linux kernel cxl/region cleanup path incorrectly reused resources when cxl_region_setup_targets() failed, risking -EBUSY on decoder region and possible resource leakage. The fix short-circuits cleanup on initialization failure (return immediately) and adds a guard to ...