CVE-2021-47591

CVE-2021-47591 affects the Linux kernel. The vulnerability arises from the TCP_ULP setsockopt mechanism, which is no longer supported for MPTCP as it is already used internally to connect subflow sockets to the MPTCP layer. In syzbot testing, a crash (KASAN null dereference) was observed on mptcp...

CVE-2022-48660

CVE-2022-48660 is a Linux kernel vulnerability affecting gpiolib: cdev on certain platforms (ex: nxp-ls1028). The issue occurred when the IRQ for lineevent_state was set before the IRQ was successfully registered, leading to a warning trace from free_irq() during gpio tests and a resource release...

CVE-2022-48716

CVE-2022-48716 affects the Linux kernel under the ASoC codecs path for wcd938x SDW. The root cause is an incorrect use of portid versus port id in mixer controls, where the channel id was used to index port-related structures. This can lead to out-of-bounds access to the port_map array and potent...

CVE-2022-48769

In CVE-2022-48769, the Linux kernel vulnerability concerns Apple x86 EFI runtime services. The issue stems from a call to QueryVariableInfo() (added with EFI 2.00) used at runtime, which could crash firmware on certain Apple machines when managing NVRAM variables. The mitigation described is to a...

CVE-2022-48806

The CVE-2022-48806 issue is confirmed in the Linux kernel under ee1004 EEPROM reads. The root cause was that ee1004_eeprom_read() could read more than the i2c block data limit because i2c_smbus_read_i2c_block_data_or_emulated() uses an unsigned 8-bit length; if the requested read spanned a 256-by...

CVE-2022-48811

CVE-2022-48811 concerns the ibmvnic driver in the Linux kernel. Affected: ibmvnic_open/reset paths in the IBM Power virtualization NIC stack. Root cause: in __ibmvnic_open(), if an error occurs (e.g., when setting link state), release_resources() frees napi structures that are still needed, causi...

CVE-2022-48812

CVE-2022-48812 concerns the Linux kernel: the net: dsa: lantiq_gswip code should not use devres for mdiobus allocation/registration. The root cause is that mdiobus_free() can panic when invoked via devm_mdiobus_free() because devres_release_all() may free a bus that is still registered, especiall...

CVE-2022-48849

CVE-2022-48849 affects the Linux kernel (drm/amdgpu) where tiling flag checks were bypassed in the virtual display path. The issue arises in framebuffer initialization when VKMS virtual display is enabled and VKMS does not support FB modifiers, potentially allowing a local attacker to bypass expe...

CVE-2022-48856

CVE-2022-48856 concerns the Linux kernel needing a fix for a refcount leak in the gfar_get_ts_info path used by gianfar/ethtool. The description states that of_find_compatible_node() returns a node pointer with an incremented refcount and that the code must call of_node_put() when done to release...

CVE-2022-48861

CVE-2022-48861 is a Linux kernel use-after-free vulnerability in the vdpa/vp_vdpa path. When the vp_vdpa driver is unbound, vp_vdpa is freed in vdpa_unregister_device, after which vp_vdpa->mdev.pci_dev is dereferenced in vp_modern_remove, causing a use-after-free. The provided call traces show...

CVE-2022-48907

CVE-2022-48907 is a Linux kernel memory-leak bug in the auxdisplay LCD2S path. The issue was that the lcd2s_data struct was allocated but never freed in ->remove(), allowing memory to leak. The fix switches allocation to devm_kzalloc(), ensuring automatic freeing with device lifecycle. Affecte...

CVE-2022-48931

CVE-2022-48931: Linux kernel configfs race when calling configfs_register_subsystem()/configfs_unregister_subsystem() can lead to kernel panic due to concurrent list modifications during link_group()/unlink_group(). The root cause is a race in configfs item management when parent configfs_subsyst...

CVE-2022-49094

CVE-2022-49094 details a Linux kernel TLS slab-out-of-bounds condition in decrypt_internal caused by an IV size mismatch for AES128-CCM when TLS offload uses a 12-byte tls_ctx->rx.iv while crypto_aead_ivsize() reports 16 bytes. The issue manifests during memcpy() from a 12-byte space, leading ...

CVE-2022-49108

CVE-2022-49108 concerns the Linux kernel Mediatek clock driver, where memory leaks occur on probe due to not freeing memory in error handling paths. The vulnerability is resolved by handling error branches to free allocated memory, addressing a resource leak (Coverity ID 1491825). Connected sourc...

CVE-2022-49172

Summary: CVE-2022-49172 pertains to the Linux kernel parisc line. The root cause was non-access data TLB faults from flush_user_dcache_range_asm and flush_user_icache_range_asm when pages are not present, leading to cache lines not being invalidated and potential memory corruption. Impact details...

CVE-2022-49237

CVE-2022-49237 is resolved in the Linux kernel’s ath11k driver. The vulnerability stems from a missing of_node_put() after obtaining a device tree node via of_find_node_by_type() or of_parse_phandle(), where the node’s refcount is incremented but not decremented, causing a refcount leak. The impa...

CVE-2022-49244

CVE-2022-49244 concerns the Linux kernel ASoC path for the mediatek mt8192-mt6359 driver. The issue arises from improper reference counting of the device_node returned by of_parse_phandle(): the code increments the refcount, but only calls of_node_put() on the success path, creating a refcount le...

CVE-2022-49252

Technical details for CVE-2022-49252 are not present in the provided documents. The connected Astra/SUSE/EUVD entries reference kernel issues but do not disclose specifics for this CVE. Monitor for updates in the supplied feeds.

CVE-2022-49254

CVE-2022-49254 concerns the Linux kernel media TI-VPE driver. In cal_ctx_v4l2_init_formats(), the code assigns the result of devm_kzalloc() to ctx->active_fmt and then dereferences it unconditionally, which could cause a NULL pointer dereference if allocation fails. The vulnerability is mitiga...

CVE-2022-49499

CVE-2022-49499 relates to the Linux kernel, in the drm/msm path. The issue is a null pointer dereference that occurs when the code accesses the per- process address space (aspace) without verifying it is set, which can be null on systems without an IOMMU (e.g., msm8974). The fix adds a check for ...

CVE-2022-49597

In CVE-2022-49597, the Linux kernel tcp code suffers a data-race around sysctl_tcp_base_mss when reading sysctl_tcp_base_mss concurrently. The fix adds READ_ONCE() to the readers to prevent races. Connected advisories (Astra Unity/ EulerOS OSS) echo the same description and reference kernel commi...

CVE-2022-49686

CVE-2022-49686 affects the Linux kernel USB gadget UVC path (configfs-gadget: uvc) where uvcg_video_pump can double-add a request to the free list, leading to a kernel BUG and panic when an endpoint is disabled and the request is re-queued. The issue is demonstrated by kernel BUG at lib/list_debu...

CVE-2022-49742

The CVE-2022-49742 issue affects the Linux kernel’s f2fs code. It describes a lock initialization order problem where spin_lock(&sbi->error_lock) is taken before spin_lock_init() is called, flagging a lockdep warning in f2fs_handle_error(). The recommended remediation is to initialize locks (a...

CVE-2022-49752

CVE-2022-49752 concerns a node refcount leak in the Linux kernel function fwnode_graph_get_next_endpoint . The root cause is that the parent returned by _fwnode_graph_get_port_parent() is refcounted when a previous node is non-NULL and not released. The documented fix introduces a new variable to...

CVE-2022-49761

CVE-2022-49761 - Linux kernel (btrfs) details Affected: Linux kernel with btrfs subsystem; function run_one_delayed_ref() path in the delayed refs workflow. Root cause/what changed: The patch changes error reporting from btrfs_debug() to btrfs_err(), adds extra context (logical bytenr, num_bytes,...

CVE-2022-49772

CVE-2022-49772 affects the Linux kernel’s ALSA USB audio driver (snd_usbmidi_output_open). The vulnerability arises from a NULL port check that used snd_BUG_ON(); although the check is valid for unexpected NULL ports, this scenario can occur when a device reports an invalid endpoint during descri...

CVE-2022-49810

The CVE-2022-49810 issue affects the Linux kernel netfs/xarray iteration under RCUp where missing xas_retry() checks could cause a NULL-pointer dereference in netfs_rreq_unlock and related code paths. Connected documents confirm the root cause in netfslib’s xarray iteration under RCU read lock an...

CVE-2022-49812

CVE-2022-49812 describes a Linux kernel vulnerability in the bridge driver’s VLAN offload path. When VLANs are offloaded via switchdev, the bridge marks them with BR_VLFLAG_ADDED_BY_SWITCHDEV. Changing the VLAN protocol triggers notifications to switchdev drivers and also to the 8021q driver, whi...

CVE-2022-49900

CVE-2022-49900 affects the Linux kernel i2c piix4 driver. In the single-adapter removal path, piix4_adapter_count is not set (default zero) during piix4_probe(), so piix4_remove() fails to remove the adapter, leaking resources (i2c client and device). This can allow leaked adapters to be accessed...

CVE-2022-49905

CVE-2022-49905: In the Linux kernel net/smc, smc_init() registers pernet subsystems without proper error handling, risking leaked pernet namespace. If register_pernet_subsys(&smc_net_stat_ops) or smc_nl_init() fails, &smc_net_stat_ops might not be reverted, leaving wild ops in the subsystem linke...

CVE-2022-49943

In CVE-2022-49943, the Linux kernel USB gadget udc_mutex scope was too large, allowing a lockdep alert/circular locking dependency when the gadget core invoked driver bind/unbind or started/stopped a UDC. The root cause is a widened udc_lock footprint that protected udc->driver among other thi...

CVE-2022-49948

CVE-2022-49948 affects the Linux kernel VT subsystem. When changing the console font via ioctl(KDFONTOP), the new font size may exceed the previous screen, potentially making a prior selection fall outside the new viewport and cause out-of-bounds accesses to graphics memory if the selection is re...

CVE-2022-50055

The CVE-2022-50055 entry pertains to the Linux kernel vulnerability in the iavf driver: Fix adminq error handling. The issue arises in iavf_alloc_asq_bufs/iavf_alloc_arq_bufs where DMA-coherent memory is allocated for the VF mailbox, and DMA regions for ASQ/ARQ were not freed if configuration err...

CVE-2022-50086

The CVE CVE-2022-50086 concerns a Linux kernel issue where concurrent writes to io cost qos (rq_qos) could cause the same rq_qos type to be added twice to a disk, leading to list walk corruption and potential crashes. Connected advisories (EulerOS/Nessus entries) reference the same description an...

CVE-2022-50092

CVE-2022-50092 affects the Linux kernel dm-thin component. The issue is a use-after-free in dm_pool_register_metadata_threshold called during metadata-threshold registration for a thin-pool, leading to a potential use-after-free in dm_sm_register_threshold_callback. Reproduction involves manipula...

CVE-2022-50102

CVE-2022-50102 affects the Linux kernel’s fbdev arkfb driver. A user-controlled ioctl can cause a divide-by-zero in ark_set_pixclock, e.g. with hdiv=1, pixclock=1, hmul=2, producing (1*1)/2 = 0 and leading to division by zero later in arkfb.c when computing 1000000000 / pixclock. The vulnerabilit...

CVE-2022-50109

The CVE-2022-50109 issue is a Linux kernel vulnerability in the video: fbdev: amba-clcd driver. The root cause is refcount leaks from references returned by of_graph_get_next_endpoint() and of_graph_get_remote_port_parent() in clcdfb_of_init_display(). Mitigation described in the referenced discl...

CVE-2022-50229

CVE-2022-50229 is a Linux kernel vulnerability in the ALSA bcd2000 driver. The issue is a use-after-free (UAF) bug that occurs on the error path during probing: when snd_card_register() fails, the driver frees midi_out_urb before it is killed, enabling a UAF condition. The observed log pattern me...

CVE-2023-3359

CVE-2023-3359 concerns the Linux kernel’s brcm_nvram_parse in drivers/nvmem/brcm_nvram.c, where the return value of kzalloc() is not checked, potentially causing a NULL pointer dereference. The issue is listed with a local attack vector and a high availability impact (CVSS v3.1: AV:L/AC:L/PR:L/UI...

CVE-2023-52613

CVE-2023-52613 affects the Linux kernel loongson2_thermal driver. The root cause is an incorrect PTR_ERR() check that can return -ENODEV when thermal-zones are undefined, causing tz->type to be NULL and a kernel OOPS. The fixes in the connected docs indicate that PTR_ERR() should yield -ENODEV...

CVE-2023-52636

The connected OSV entries confirm CVE-2023-52636 affects the Linux kernel’s libceph OSD client sparse-read path. Specifically, a misbehavior in read_partial_sparse_msg_data() during a short socket read could cause the sparse-read state machine to misinterpret the footer, potentially derailing op ...

CVE-2023-52748

CVE-2023-52748 is a Linux kernel vulnerability related to f2fs. The issue stems from a format-overflow during a call to sprintf in fs/f2fs/compress.c within f2fs_init_page_array_cache, triggered when formatting the string "f2fs_page_array_entry-%u:%u" with MAJOR(dev) and MINOR(dev). The computed ...

CVE-2023-52765

CVE-2023-52765 relates to the Linux kernel mfd: qcom-spmi-pmic revid lookup. The issue caused potential NULL‑pointer dereferences, due to: (1) assuming a sibling base device bound to a driver simply because it is registered; (2) unsafely accessing driver data of a sibling device without locking, ...

CVE-2023-52852

CVE-2023-52852 concerns a Linux kernel vulnerability in f2fs compression code where a use-after-free can occur for the dic pointer during readahead/multi-page decompress flow. The root cause, as described in the connected docs, is that after f2fs_decompress_cluster() is invoked and a cached page ...

CVE-2023-52900

CVE-2023-52900: Linux kernel nilfs2 vulnerability in nilfs_btree_insert() can cause a general protection fault when a corrupted disk image leads __nilfs_btree_get_block() to return -ENOENT. The patch changes this to -EINVAL, causing subsequent b-tree operations to report corruption and return -EI...

CVE-2023-52903

CVE-2023-52903 affects the Linux kernel’s io_uring IOPOLL path, where a lock overflow can occur in the CQ ring when handling overflow in IOPOLL (and more so with IOPOLL|SQPOLL). The issue is triggered during overflow filling in io_cqring_event_overflow and can propagate through io_req_cqe_overflo...

CVE-2024-26716

CVE-2024-26716 affects the Linux kernel USB subsystem, specifically the USB core’s update_port_device_state. The vulnerability arises when actconfig or maxchild is 0, causing usb_hub to be NULL and leading to a NULL pointer dereference when accessing port_dev. The provided description states the ...

CVE-2024-26755

CVE-2024-26755 affects the Linux kernel's MD (multiple devices) subsystem. When a reshape is interrupted, a race can occur between an IO operation crossing the reshape position and a potential suspend of the array triggered by md_start_sync() finding a spare to add/remove from conf. This can dead...

CVE-2024-35786

The CVE-2024-35786 issue affects the Linux kernel’s DRM Nouveau driver, specifically a stale locked mutex in nouveau_gem_ioctl_pushbuf that can cause a deadlock if VM_BIND is enabled and a legacy submission ioctl is attempted. The vulnerability is resolved by a kernel fix; the provided connected ...

CVE-2024-35985

CVE-2024-35985 concerns the Linux kernel vulnerability where the eevdf scheduler could yield an out-of-bounds vlag and a NULL-deref in certain edge cases. The connected Astra/Nessus documents reiterate that reweight_eevdf() could compute vlag beyond the intended bound, since the vlag is used with...