Lucene search
K
LinuxLinux Kernel

14330 matches found

CVE
CVE
added 2024/07/16 12:25 p.m.82 views

CVE-2022-48849

CVE-2022-48849 affects the Linux kernel (drm/amdgpu) where tiling flag checks were bypassed in the virtual display path. The issue arises in framebuffer initialization when VKMS virtual display is enabled and VKMS does not support FB modifiers, potentially allowing a local attacker to bypass expe...

5.5CVSS6.9AI score0.00216EPSS
CVE
CVE
added 2024/07/16 12:25 p.m.82 views

CVE-2022-48856

CVE-2022-48856 concerns the Linux kernel needing a fix for a refcount leak in the gfar_get_ts_info path used by gianfar/ethtool. The description states that of_find_compatible_node() returns a node pointer with an incremented refcount and that the code must call of_node_put() when done to release...

5.5CVSS6.8AI score0.00211EPSS
CVE
CVE
added 2024/07/16 12:25 p.m.82 views

CVE-2022-48859

CVE-2022-48859 concerns the Linux kernel fix for a refcount leak in the marvell prestera path. The issue arises from a missing of_node_put() return value from of_find_compatible_node(), which increments a node’s refcount; without a corresponding of_node_put(), the reference could leak. The OSV en...

5.5CVSS6.8AI score0.0021EPSS
CVE
CVE
added 2024/08/22 3:31 a.m.82 views

CVE-2022-48928

The CVE-2022-48928 issue affects the Linux kernel driver iio: adc, specifically the men_z188_adc component. A resource leak occurs in an error path when iio_device_register() fails, leaving a previously mapped region (ioremap()) unbalanced. The root cause is an unbalanced iounmap() not being call...

5.5CVSS6.9AI score0.0021EPSS
CVE
CVE
added 2024/08/22 3:31 a.m.82 views

CVE-2022-48933

CVE-2022-48933 affects the Linux kernel nf_tables stateful object update path. The issue arises when updating stateful objects from the control plane: a temporary object is created, but its destruction path leaks resources because the update flow does not increment the module refcount. The fix is...

5.5CVSS7AI score0.0021EPSS
CVE
CVE
added 2025/02/26 1:54 a.m.82 views

CVE-2022-49088

CVE-2022-49088 affects the Linux kernel: a refcount leak in dpaa2_ptp_probe where the of_find_compatible_node() result is returned with an incremented refcount. The fix is to call of_node_put() to release the reference and avoid the leak. References point to kernel patches that implement this cor...

5.5CVSS5.3AI score0.00232EPSS
CVE
CVE
added 2025/02/26 1:54 a.m.82 views

CVE-2022-49108

CVE-2022-49108 concerns the Linux kernel Mediatek clock driver, where memory leaks occur on probe due to not freeing memory in error handling paths. The vulnerability is resolved by handling error branches to free allocated memory, addressing a resource leak (Coverity ID 1491825). Connected sourc...

5.5CVSS5.4AI score0.0025EPSS
CVE
CVE
added 2025/02/26 1:55 a.m.82 views

CVE-2022-49172

Summary: CVE-2022-49172 pertains to the Linux kernel parisc line. The root cause was non-access data TLB faults from flush_user_dcache_range_asm and flush_user_icache_range_asm when pages are not present, leading to cache lines not being invalidated and potential memory corruption. Impact details...

7.1CVSS5.3AI score0.00252EPSS
CVE
CVE
added 2025/02/26 2:11 a.m.82 views

CVE-2022-49386

CVE-2022-49386 concerns the Linux kernel net: ethernet: ti: am65-cpsw-nuss driver. The bug leaks refcounts because of_get_child_by_name() returns a node pointer with an incremented refcount and the code fails to call of_node_put() when the node is no longer needed; am65_cpsw_init_cpts() and am65_...

5.5CVSS5.3AI score0.00245EPSS
CVE
CVE
added 2025/02/26 2:13 a.m.82 views

CVE-2022-49450

CVE-2022-49450 relates to the Linux kernel AF_RXRPC listen() backlog handling. The underlying issue is that the backlog can be configured up to 32, but the preallocation ring has 32 slots and one slot is always dead due to the ring using CIRC_CNT(). This caused an oops on socket close when listen...

5.5CVSS5.2AI score0.00283EPSS
CVE
CVE
added 2025/02/26 2:13 a.m.82 views

CVE-2022-49547

CVE-2022-49547 relates to a Linux kernel issue in btrfs where deadlocks can occur when reserving data space for direct IO writes under low free space. The deadlock involves concurrent writes to overlapping file ranges ([0,128K) and [128K,256K)) contending for the inode lock and for ordered extent...

5.5CVSS5.4AI score0.0016EPSS
CVE
CVE
added 2025/02/26 2:23 a.m.82 views

CVE-2022-49571

CVE-2022-49571 : In the Linux kernel, a data-race around reading sysctl_tcp_max_reordering could occur as the value is updated concurrently while being read. The fix adds READ_ONCE() to the readers of sysctl_tcp_max_reordering. Affected/affected-by notices appear in multiple advisories (EulerOS, ...

4.7CVSS5.4AI score0.00181EPSS
CVE
CVE
added 2025/02/26 2:23 a.m.82 views

CVE-2022-49597

In CVE-2022-49597, the Linux kernel tcp code suffers a data-race around sysctl_tcp_base_mss when reading sysctl_tcp_base_mss concurrently. The fix adds READ_ONCE() to the readers to prevent races. Connected advisories (Astra Unity/ EulerOS OSS) echo the same description and reference kernel commi...

4.7CVSS5.4AI score0.0018EPSS
CVE
CVE
added 2025/02/26 2:23 a.m.82 views

CVE-2022-49628

Linux kernel CVE-2022-49628 concerns the net: stmmac driver leaking resources during probe. Connected documents confirm the vulnerability and provide a fix: two error paths in probe are corrected to clean up before returning, addressing leaks in the probe sequence. The affected component is the L...

5.5CVSS5.4AI score0.00243EPSS
CVE
CVE
added 2025/02/26 2:23 a.m.82 views

CVE-2022-49650

The CVE-2022-49650 entry is a Linux kernel security fix for the dmaengine: qcom: bam_dma path. The root cause described is an unbalanced pm_runtime_get()/pm_runtime_put() when the BAM is controlled remotely, caused by a prior commit; the fix reverts that change and enables pm_runtime in all cases...

5.5CVSS6.6AI score0.00249EPSS
CVE
CVE
added 2025/02/26 2:24 a.m.82 views

CVE-2022-49676

CVE-2022-49676 refers to a Linux kernel issue for the Samsung Exynos5422 DMC memory controller where a refcount leak in of_get_dram_timings could occur due to missing of_node_put() in error paths. The bug stems from of_parse_phandle() returning a node pointer with an incremented refcount that was...

5.5CVSS5.4AI score0.00245EPSS
CVE
CVE
added 2025/02/26 2:24 a.m.82 views

CVE-2022-49682

CVE-2022-49682 is a Linux kernel issue: in xtensa, a refcount leak bug in time.c occurred where calibrate_ccount() could return a node with an incremented refcount. The fix requires using of_node_put() when the node is no longer used (to avoid a leak). Connected advisories (Astra Linux and Unity/...

5.5CVSS5.3AI score0.00243EPSS
CVE
CVE
added 2025/05/01 2:9 p.m.82 views

CVE-2022-49800

CVE-2022-49800 is a Linux kernel issue addressed by multiple advisories. The root cause was a memory-leak in the tracing tests (test_gen_synth_cmd and test_empty_synth_event) where allocated buffers were freed only on failure paths; the fix adds kfree(buf) to ensure no leak. The Nessus/OpenVAS en...

5.5CVSS6.5AI score0.00165EPSS
CVE
CVE
added 2025/05/01 2:9 p.m.82 views

CVE-2022-49810

The CVE-2022-49810 issue affects the Linux kernel netfs/xarray iteration under RCUp where missing xas_retry() checks could cause a NULL-pointer dereference in netfs_rreq_unlock and related code paths. Connected documents confirm the root cause in netfslib’s xarray iteration under RCU read lock an...

5.5CVSS6.5AI score0.0014EPSS
CVE
CVE
added 2025/05/01 2:9 p.m.82 views

CVE-2022-49818

CVE-2022-49818 affects the Linux kernel mISDN code. The vulnerability arises from misuse of put_device() in mISDN_register_device(), where a release/reference is performed before device_initialize(), potentially leading to use-after-free-like behavior. The attached advisories (Unity Linux UTSA en...

5.5CVSS6.6AI score0.00166EPSS
CVE
CVE
added 2025/05/01 2:10 p.m.82 views

CVE-2022-49917

CVE-2022-49917 affects the Linux kernel IPVS subsystem (ip_vs_app_net_cleanup and ip_vs_app_net_init). If ip_vs_app fails to be created during init, removal still proceeds, causing the ip_vs_app entry to be missing and a WARNING in fs/proc/generic.c: remove_proc_entry. The issue is demonstrated b...

7.8CVSS6.4AI score0.00182EPSS
CVE
CVE
added 2025/06/18 10:59 a.m.82 views

CVE-2022-49942

CVE-2022-49942 affects the Linux kernel wifi/mac80211 code. The issue occurs when CSA (channel switch announcement) is finalized in IBSS mode while the device is not connected to a channel; the BSS list is empty, cfg80211_get_bss() can return NULL, triggering a WARN_ON() in ieee80211_ibss_csa_bea...

5.5CVSS6.4AI score0.00216EPSS
CVE
CVE
added 2025/06/18 11:1 a.m.82 views

CVE-2022-50012

CVE-2022-50012 affects the Linux kernel on 64-bit PowerPC (powerpc/64). The root cause is that jump_label_init() is invoked in setup_feature_keys() too late, since static keys may be used by subroutines of parse_early_param(), which itself is a subroutine of early_init_devtree(). The result is th...

5.5CVSS6.5AI score0.00205EPSS
CVE
CVE
added 2025/06/18 11:1 a.m.82 views

CVE-2022-50027

CVE-2022-50027 is a Linux kernel issue affecting the SCSI lpfc path, where a missing free for the iocbq on failure to issue the CMF WQE can cause a memory leak. The root cause is that if lpfc_sli4_issue_wqe fails (ret_val non-zero), the iocbq request structure is not consistently freed, leading t...

5.5CVSS6.5AI score0.00157EPSS
CVE
CVE
added 2025/06/18 11:2 a.m.82 views

CVE-2022-50074

CVE-2022-50074 is a Linux kernel vulnerability related to apparmor memleak in aa_simple_write_to_buffer. The issue arises when copy_from_user fails: memory is freed by kvfree, but the management struct and data blob are allocated independently, so freeing only the data via kvfree leaks the memory...

5.5CVSS6.5AI score0.00159EPSS
CVE
CVE
added 2025/06/18 11:2 a.m.82 views

CVE-2022-50092

CVE-2022-50092 affects the Linux kernel dm-thin component. The issue is a use-after-free in dm_pool_register_metadata_threshold called during metadata-threshold registration for a thin-pool, leading to a potential use-after-free in dm_sm_register_threshold_callback. Reproduction involves manipula...

5.5CVSS6.4AI score0.00204EPSS
CVE
CVE
added 2025/06/18 11:2 a.m.82 views

CVE-2022-50102

CVE-2022-50102 affects the Linux kernel’s fbdev arkfb driver. A user-controlled ioctl can cause a divide-by-zero in ark_set_pixclock, e.g. with hdiv=1, pixclock=1, hmul=2, producing (1*1)/2 = 0 and leading to division by zero later in arkfb.c when computing 1000000000 / pixclock. The vulnerabilit...

5.5CVSS6.5AI score0.0016EPSS
CVE
CVE
added 2025/06/18 11:2 a.m.82 views

CVE-2022-50109

The CVE-2022-50109 issue is a Linux kernel vulnerability in the video: fbdev: amba-clcd driver. The root cause is refcount leaks from references returned by of_graph_get_next_endpoint() and of_graph_get_remote_port_parent() in clcdfb_of_init_display(). Mitigation described in the referenced discl...

5.5CVSS6.6AI score0.00208EPSS
CVE
CVE
added 2025/06/18 11:3 a.m.82 views

CVE-2022-50185

In CVE-2022-50185, the Linux kernel drm/radeon path ni_set_mc_special_registers() is vulnerable to a potential buffer overflow. The last case label could write mc_reg_address[j] and mc_data[j] when j equals SMC_NISLANDS_MC_REGISTER_ARRAY_SIZE due to missing bounds checks after the last j++. The f...

7.8CVSS7AI score0.00238EPSS
CVE
CVE
added 2024/04/02 7:1 a.m.82 views

CVE-2023-52636

The connected OSV entries confirm CVE-2023-52636 affects the Linux kernel’s libceph OSD client sparse-read path. Specifically, a misbehavior in read_partial_sparse_msg_data() during a short socket read could cause the sparse-read state machine to misinterpret the footer, potentially derailing op ...

5.5CVSS6.5AI score0.00225EPSS
CVE
CVE
added 2024/05/21 3:30 p.m.82 views

CVE-2023-52765

CVE-2023-52765 relates to the Linux kernel mfd: qcom-spmi-pmic revid lookup. The issue caused potential NULL‑pointer dereferences, due to: (1) assuming a sibling base device bound to a driver simply because it is registered; (2) unsafely accessing driver data of a sibling device without locking, ...

6.2CVSS7.5AI score0.00251EPSS
CVE
CVE
added 2025/05/02 3:55 p.m.82 views

CVE-2023-53088

CVE-2023-53088 affects the Linux kernel’s mptcp subsystem, specifically a use-after-free (UaF) in the listener shutdown path caused by a refactor of passive socket initialization. The issue could manifest during shutdown of msk (multipath TCP) listener sockets, with a stack trace involving _raw_s...

7.8CVSS6.3AI score0.00168EPSS
CVE
CVE
added 2025/05/02 3:56 p.m.82 views

CVE-2023-53142

CVE-2023-53142 concerns the Linux kernel ice driver where ice_get_module_eeprom() reads EEPROM in 8-byte blocks, but the last block isn’t safeguarded, allowing a potential buffer issue. The root cause traces to the refactor in commit e9c9692c8a81 (ice: Reimplement module reads used by ethtool), a...

7.8CVSS6.6AI score0.00179EPSS
CVE
CVE
added 2024/04/03 5:0 p.m.82 views

CVE-2024-26765

CVE-2024-26765 concerns the Linux kernel on LoongArch. The issue arises when hotplugging nonboot CPUs: IRQs are disabled before calling init_fn(), intended to silence warnings and avoid interrupts, but this is tied to the rcu_cpu_starting warning path (CPU: 1, pid: 0). The result is a race where ...

5.5CVSS6.4AI score0.00236EPSS
CVE
CVE
added 2024/04/04 8:20 a.m.82 views

CVE-2024-26781

CVE-2024-26781: In the Linux kernel, a deadlock could occur in Multipath TCP (mptcp) subflow diagnostic code due to a circular locking dependency reported by Syzbot/Eric. The issue involves tcp_diag and related subflow diagnostic paths (tcp_diag_put_ulp, tcp_diag_get_aux, inet_diag_dump_icsk) and...

5.5CVSS6.3AI score0.00173EPSS
CVE
CVE
added 2024/06/21 10:18 a.m.82 views

CVE-2024-33619

The CVE-2024-33619 entry concerns a Linux kernel EFI handling bug in libstub: priv.runtime_map could be freed in an error path when it was never allocated (priv.runtime_map is only allocated if efi_novamap is not set; otherwise it is uninitialized). The fix is to Free priv.runtime_map only when i...

5.5CVSS6.7AI score0.00239EPSS
CVE
CVE
added 2024/05/17 2:47 p.m.82 views

CVE-2024-35858

The CVE-2024-35858 issue affects the Linux kernel (net: bcmasp) and is caused by leaking memory when bringing down the TX rings: flushed but not reclaimed packets are not freed from DMA mappings, leading to a memory leak and, in power-management scenarios, tx control block corruption. Connected s...

5.5CVSS6.9AI score0.00232EPSS
CVE
CVE
added 2024/06/19 1:35 p.m.82 views

CVE-2024-38574

CVE-2024-38574 affects the Linux kernel’s libbpf/bpf loading flow. The root cause is a NULL dereference: in bpf_object_load_prog(), obj->btf may be NULL when passed to btf_fd(), and the code path does not guard against NULL. This can cause segmentation faults (e.g., bpftool failing to load pro...

5.5CVSS6.5AI score0.00225EPSS
CVE
CVE
added 2024/06/19 1:37 p.m.82 views

CVE-2024-38585

CVE-2024-38585 — Linux kernel memory corruption in realloc . The issue arises in tools/nolibc/stdlib where realloc() could copy beyond the allocated region because memcpy() used heap->len instead of the input user_p_len. The vulnerability was resolved by passing user_p_len to memcpy() to preve...

7.1CVSS6.5AI score0.00233EPSS
CVE
CVE
added 2024/07/30 7:46 a.m.82 views

CVE-2024-42118

CVE-2024-42118 – Linux kernel / drm/amd display : The issue arises in resource_stream_to_stream_idx where an array index can be -1 if not found. The code currently asserts and then returns 0, preventing a negative index and thereby avoiding an OVERRUN and NEGATIVE_RETURNS. Connected sources ident...

7.8CVSS6.6AI score0.00235EPSS
CVE
CVE
added 2024/07/30 7:46 a.m.82 views

CVE-2024-42146

CVE-2024-42146: Linux kernel DRM/XE vulnerability fixed by adding outer runtime PM protection to xe_live_ktest@xe_dma_buf. The issue arose because kunit tests performing memory access did not use outer runtime_pm protections, leaving inner callers unprotected. Root cause: missing outer runtime PM...

5.5CVSS6.5AI score0.00196EPSS
CVE
CVE
added 2024/12/27 2:23 p.m.82 views

CVE-2024-56560

CVE-2024-56560: In the Linux kernel slab allocator, a too-strict alignment check in kmem_cache_create_args caused a kernel panic on m68k due to io_kiocb slab creation. The issue occurs because the minimum alignment of unsigned long can be 2 bytes on m68k, so assuming a fixed 4/8-byte alignment is...

5.5CVSS6.6AI score0.00182EPSS
CVE
CVE
added 2024/12/27 3:2 p.m.82 views

CVE-2024-56646

Technical details about CVE-2024-56646 are not provided in the supplied documents. Monitor official advisories for affected products, impact, and fixes.

5.5CVSS6.5AI score0.00209EPSS
CVE
CVE
added 2025/06/18 9:33 a.m.82 views

CVE-2025-38053

Summary: A Linux kernel vulnerability (CVE-2025-38053) affects the idpf_features_check path used to validate TX skb features. The root cause is a NULL vport pointer in the netdev private structure after reset, which can lead to a kernel NULL pointer dereference when comparing skb header length wi...

5.5CVSS6.1AI score0.00157EPSS
CVE
CVE
added 2025/06/18 9:33 a.m.82 views

CVE-2025-38067

CVE-2025-38067 : In the Linux kernel, the rseq registration path could segfault if the user-space rseq_cs field is non-zero. The field is supposed to be set to 0 before registration, but this wasn’t enforced, allowing a faulty rseq_cs value to cause a segfault when returning to user-space. The fi...

5.5CVSS6.1AI score0.00478EPSS
CVE
CVE
added 2025/07/03 8:35 a.m.82 views

CVE-2025-38143

CVE-2025-38143 (Linux kernel) is addressed in Azure Linux 3.0 by a patch that fixes a NULL-dereference in backlight pm8941 when devm_kasprintf() returns NULL. The issue occurs in wled_configure() due to a missing NULL check after allocation. The fix adds the necessary NULL check after devm_kaspri...

5.5CVSS7.1AI score0.00166EPSS
CVE
CVE
added 2025/07/03 8:35 a.m.82 views

CVE-2025-38151

Technical details about CVE-2025-38151 are not publicly provided in the supplied documents; no explicit information on affected kernel versions, root cause, impact, or patch is included. Monitor for updates.

5.5CVSS7AI score0.00147EPSS
CVE
CVE
added 2025/07/04 1:37 p.m.82 views

CVE-2025-38194

CVE-2025-38194 affects the Linux kernel’s JFFS2 file system. The issue arises when jffs2_sum_write_sumnode does not validate the return value of jffs2_prealloc_raw_node_refs, allowing an preallocation error to propagate into jffs2_link_node_ref and potentially cause a kernel BUG at fs/jffs2/nodel...

5.5CVSS6.1AI score0.00181EPSS
CVE
CVE
added 2025/07/04 1:37 p.m.82 views

CVE-2025-38216

CVE-2025-38216 (Linux kernel) affects iommu/vt-d context entry setup order for aliased PCI devices behind PCIe-to-PCI bridges. The issue arose after commit 2031c469f816 changed domain attach context entry setup from set-and-check to clear-and-reset, regressing PCI aliased devices and causing inpu...

7.8CVSS6.2AI score0.00142EPSS
CVE
CVE
added 2025/07/04 1:37 p.m.82 views

CVE-2025-38222

Summary : CVE-2025-38222 refers to a Linux kernel vulnerability in ext4 inline data handling. When inline_data is enabled, a length parameter (len) is incorrectly treated as an unsigned int, causing a truncation of pos+len in ext4_prepare_inline_data. This leads to an incorrect len being passed t...

5.5CVSS6.6AI score0.00151EPSS
Total number of security vulnerabilities14330