CVE-2021-47190

Concrete details from the connected docs show CVE-2021-47190 affects the Linux kernel’s perf/bpf path. The issue is a memory leak in perf_env__insert_btf() when a duplicate BTF id is encountered; code was changed to have perf_env__insert_btf() return a success/error value and to free memory if in...

CVE-2021-47196

CVE-2021-47196 concerns a use-after-free in the Linux kernel mlx5_ib path during QP creation. The issue arises when RDMA/core code presets both receive and send completion queue pointers before forwarding to the driver, then overwrites ibqp properties and continues into the driver path. If mlx5_q...

CVE-2021-47204

CVE-2021-47204 affects the Linux kernel’s net: dpaa2-eth driver. The flaw is a use-after-free in dpaa2_eth_remove where access to a freed netdev occurs. The fix moves the debug log to occur before free_netdev(), preventing use-after-free. Public descriptions in connected advisories (AstraLinux, U...

CVE-2021-47224

The CVE-2021-47224 entry concerns the Linux kernel ll_temac driver: a use-after-free in DMA occurs when freeing an skb that is still fragmented, because the skb pointer was piggy-backed on the first TX descriptor instead of the TX BD of the skb. The fix, as documented, ensures the skb is freed on...

CVE-2021-47239

CVE-2021-47239 : In Linux kernel net/usb, theSmsc75xx driver has a use-after-free in smsc75xx_bind caused by not cleaning up a scheduled work in smsc75xx_reset→smsc75xx_set_multicast. The patch 46a8b29c6306 adds cancel_work_sync and NULLs the dangling pointer (dev->data[0]) to prevent use-afte...

CVE-2021-47255

In CVE-2021-47255, the Linux kernel vulnerability affects KVM LAPIC: a read access path in kvm_lapic_reg_read could touch bytes 4–15 of an APIC register, risking leakage of kernel stack contents. The issue was resolved by restoring a guard removed in a prior commit and aligning with the SDM requi...

CVE-2021-47305

In CVE-2021-47305, the Linux kernel’s dma-buf/sync_file implementation leaks fences on error paths due to missing dma_fence_put() calls when merging fences and in krealloc_array failure. The fix ensures i and the fences array are zero-initialized and that all fences are dma_fence_put() and the fe...

CVE-2021-47306

CVE-2021-47306 pertains to the Linux kernel FDDI driver: in net: fddi: fza_probe, the private data fp of a netdev is used after a free_netdev() call, causing a use-after-free (UAF). The fix reorders cleanup by moving free_netdev() after the error handling message to prevent UAF. Multiple connecte...

CVE-2021-47503

In CVE-2021-47503, the Linux kernel SCSI pm80xx driver has a fix: do not call scsi_remove_host() inside pm8001_alloc() because scsi_add_host() has not yet been called, which previously could crash with a NULL pointer dereference during device_del. The issue occurs in the pm8001_pci_probe flow lea...

CVE-2021-47512

CVE-2021-47512 is a Linux kernel vulnerability in the net/sched fq_pie implementation. The root cause is that fq_pie_destroy() did not copy the timer handling logic from pie_destroy() and other qdiscs, potentially allowing a timer to rearm after del_timer_sync(&q->adapt_timer). The issue has b...

CVE-2021-47536

CVE-2021-47536 – Linux kernel (net/smc) . A bug in smc_lgr_cleanup_early wrongly deletes the list head instead of the link group from the link group list, causing memory corruption and a list corruption panic. Affected: Linux kernel with SMC subsystem (as described in the provided advisories). Im...

CVE-2021-47604

CVE-2021-47604 concerns a Linux kernel vulnerability in vduse where get_config() failed to bound-check the offset, causing a potential out-of-bounds read when offset > dev->config_size due to unsigned subtraction. The issue is resolved in the Linux kernel (as per the description), with advi...

CVE-2022-48663

CVE-2022-48663 affects the Linux kernel, specifically the GPIO mockup debugfs handling. The vulnerability arises when unbinding a driver: debugfs entries are removed globally before platform devices are unregistered, which can lead to a NULL pointer dereference on module exit. The disclosed fix u...

CVE-2022-48727

The CVE-2022-48727 entry concerns a Linux kernel KVM arm64 issue: when non-IRQ exceptions occur, ESR_EL2 is updated and used to detect if an HVC occurred, potentially mis-updating ELR_EL2 if an SError was synchronised and later re-executing guest instructions. The fix ensures ARM_EXCEPTION_CODE()...

CVE-2022-48767

CVE-2022-48767 affects the Linux kernel and relates to a leak of the ceph_string reference after an async create attempt. The description in the initial document states that the reference acquired by try_prep_async_create is leaked and must be put back, and connected sources (Astra Linux bulletin...

CVE-2022-48776

CVE-2022-48776 is a Linux kernel memory-leak fix in the MTD parsers for Qualcomm SMEM: the cleanup function did not free pparts, causing a leak. The vulnerability affects mtd/parsers/qcomsmempart.c (pparts) and is resolved by adding a missing free in the cleanup path. Affected context and patches...

CVE-2022-48780

CVE-2022-48780 (Linux kernel) : The vulnerability in net/smc arises from overwriting clcsock callback function pointers during multiple fallbacks, which can create a loop: clcsk->sk_error_report → smc_fback_error_report → smc_fback_forward_wakeup → clcsock_callback overwritten → smc->clcsk_...

CVE-2022-48785

CVE-2022-48785 affects the Linux kernel IPv6 multicast code path. Root cause: after removing external locks, __ipv6_get_lladdr() (RCU-unsafe) could be invoked without the prior RCUs protection, leading to a general protection fault on certain kworker paths. The fix restores RCu-safety by using th...

CVE-2022-48837

The CVE-2022-48837 vulnerability affects the Linux kernel USB gadget RNDIS code: rndis_set_response() may overflow ifBufOffset is very large, because BufOffset + 8 can wrap. The documented impact is a potential overflow with high severity (CVE-2019-like pattern) and is described as impacting conf...

CVE-2022-48844

The CVE-2022-48844 entry refers to a Linux kernel Bluetooth issue in the hci_core subsystem: sent_cmd memory is leaked when freeing hci_dev, causing a memory leak. This is a local, low-privilege exposure with high availability impact as per the CVSS data. Connected advisories confirm a fixed fix ...

CVE-2022-48864

CVE-2022-48864 relates to the Linux kernel code path for vdpa/mlx5 handling of the VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET command. The description indicates that when a control virtual queue receives a VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET request, there was no validation of the requested queue pair count and...

CVE-2022-49069

The CVE-2022-49069 issue affects the Linux kernel’s DRM AMD Display path, where a general protection fault was observed when WebGL Aquarium ran for extended periods. The provided technical details show the root cause as a calculation/validation path in dcn30_internal_validate_bw, leading to fault...

CVE-2022-49278

CVE-2022-49278: Linux kernel remoteproc vulnerability in rproc_coredump_write() where a count underflow was possible. The fix adds a count check for zero, mirroring the validation in rproc_recovery_write(), to prevent underflow. This is resolved in the kernel codebase; patch references are in the...

CVE-2022-49457

CVE-2022-49457 is a Linux kernel issue in ARM versatile: missing of_node_put in dcscb_init. The of_find_compatible_node call increments the device_node refcount, but the code path did not release it, causing a refcount leak. Connected advisories from Astra/TencentUnity/Linux OSS bulletins confirm...

CVE-2022-49800

CVE-2022-49800 is a Linux kernel issue addressed by multiple advisories. The root cause was a memory-leak in the tracing tests (test_gen_synth_cmd and test_empty_synth_event) where allocated buffers were freed only on failure paths; the fix adds kfree(buf) to ensure no leak. The Nessus/OpenVAS en...

CVE-2022-49829

CVE-2022-49829 pertains to the Linux kernel DRM scheduler exhibit: fix of fence ref counting to prevent leaking dependency fences when processes are killed. The issue involved grabbing a reference to the last scheduled fence and leaks occur due to improper fence ref counts. Connected advisories (...

CVE-2022-49845

CVE-2022-49845 – Linux kernel CAN/j1939 header initialization fix . The issue related to can: j1939_send_one() involved uninitialized CAN header fields in CAN frames created for j1939 messages, exposing a read access to canxl_frame::len due to uninitialized reserved and later-filled fields in str...

CVE-2022-49863

CVE-2022-49863 affects the Linux kernel CAN stack (af_can) where can_rx_register() dereferences ml_priv when dev_rcv_lists is NULL, leading to a NULL pointer dereference during CAN socket binding. The issue occurs during a sequence that binds a vxcan/bond setup to a CAN socket via netlink/socket ...

CVE-2022-49869

CVE-2022-49869 (bnxt_en): In the Linux kernel bnxt_hwrm_set_coal() may crash during error recovery because rtnl_lock isn’t held for the entire sequence, allowing freed datastructures. The fix uses BNXT_STATE_OPEN rather than netif_running() to ensure the device is fully operational before reconfi...

CVE-2022-49891

CVE-2022-49891 concerns a Linux kernel memory-leak in tracing/kprobe handling. The root cause is that test_gen_kprobe_cmd() frees buf only on the fail path, causing a leak when no failure occurs; the patch moves kfree(buf) from the fail path to the common path, and applies the same fix to test_ge...

CVE-2022-49918

CVE-2022-49918 concerns the Linux kernel IPVS subsystem. The vulnerability arises from the initialization path in ip_vs_conn_net_init() where failure to create ip_vs_conn or ip_vs_conn_sync files still leaves initialization “successful by default.” As a result, during removal, the proc entries ma...

CVE-2022-49937

CVE-2022-49937 affects the Linux kernel mceusb driver in the media subsystem. Automatic fuzzing reported a WARN due to an unusual read on endpoint 0 caused by using legacy usb_control_msg_() routines and not setting USB_DIR_IN in bRequestType. The fix converts the driver to usb_control_msg_recv()...

CVE-2022-49942

CVE-2022-49942 affects the Linux kernel wifi/mac80211 code. The issue occurs when CSA (channel switch announcement) is finalized in IBSS mode while the device is not connected to a channel; the BSS list is empty, cfg80211_get_bss() can return NULL, triggering a WARN_ON() in ieee80211_ibss_csa_bea...

CVE-2022-50037

CVE-2022-50037 concerns the Linux kernel: the drm/i915/ttm path could leak CCS state between users. The issue is resolved by applying the patch that prevents leaking CCS state (cherry-picked from commit 353819d85f87be46aeb9c1dd929d445a006fc6ec). Affected product is the Linux kernel (ttm subsystem...

CVE-2022-50137

CVE-2022-50137 (Linux kernel) affects RDMA/irdma by a window for use-after-free during CQ destruction. An interrupt could cause CQE processing after CQ resources are freed by irdma_cq_free_rsrc(). The fix moves irdma_cq_free_rsrc() to run after irdma_sc_cleanup_ceqes() (which executes under cq_lo...

CVE-2022-50179

CVE-2022-50179 concerns a use-after-free in the Linux kernel’s ath9k driver, specifically in ath9k_hif_usb_rx_cb. The issue stems from incorrect initialization of htc_handle->drv_priv, which can be freed and leaked during a probable call trace that starts at ath9k_htc_probe_device and leads to...

CVE-2023-20838

CVE-2023-20838 concerns the imgsys component. Multiple connected sources confirm a race-condition–driven out-of-bounds read that can leak local information and, in some scenarios, enable system-level execution with user interaction required for exploitation. Affected references consistently descr...

CVE-2023-52746

CVE-2023-52746 concerns a Spectre v1 gadget in the Linux kernel’s xfrm_xlate32_attr() path. The vulnerability arises from using the user-provided nla_type as an array index when type > XFRMA_MAX, potentially leaking kernel memory. The patch set introduces array_index_nospec() use to prevent sp...

CVE-2023-52776

The CVE-2023-52776 issue affects the Linux kernel’s wifi/ath12k path. The DFS-radar and temperature event handling code calling ath12k_mac_get_ar_by_pdev_id() was not marked as an RCU read-side critical section, risking use-after-free in active pdev contexts. The fix marks the implicated code as ...

CVE-2023-52893

Summary: CVE-2023-52893 is a Linux kernel vulnerability where a call path using get_variable with a NULL attr triggers a null-deref/panic in the gsmi subsystem. Root cause: The patch accompanying the EFI varstore change (efi: pstore: Omit efivars caching EFI varstore access layer) added a new get...

CVE-2023-52907

The CVE-2023-52907 issue affects the Linux kernel NFC PN533 USB flow. A use-after-free occurs when in_urb completes before out_urb, freeing the transfer buffer skb in pn533_send_async_complete() earlier than the out_urb callback. The fix delays in_urb submission until the out_urb callback runs an...

CVE-2023-53040

CVE-2023-53040 (Linux kernel) is a local-bypass buffer-overflow vulnerability caused by the ca8210 patch: it fixes a negative mac_len array access that could overflow skb->data when ieee802154_hdr_peek_addrs() fails. Affected: Linux kernel code handling ieee802.154 headers. Impact per provided...

CVE-2023-53049

CVE-2023-53049 – Linux kernel USB-C/UCSI pointer dereference . A NULL pointer dereference in ucsi_connector_change() could occur if ucsi_init() failed and an event arrives via ucsi_acpi, dereferencing unable ucsi->connector. The fix prevents ntfy from being set until ucsi_init() succeeds, so e...

CVE-2023-53074

CVE-2023-53074 relates to Linux kernel AMDGPU code: a calltrace warning in ttm_bo during psp_hw_fini when amdgpu is removed after mode1 reset. The issue arises because the ta firmware buffer reinitialization is unnecessary during mode1 reset, causing an extra bo pin_count increment. The vulnerabi...

CVE-2024-26732

CVE-2024-26732 affects the Linux kernel where SO_PEEK_OFF for sockets could cause a lockdep violation in af_unix, due to per-socket uio lock usage. The vulnerability arises because SO_PEEK_OFF was previously protected by kernel locks; a patch implemented lockless behavior for setsockopt(SO_PEEK_O...

CVE-2024-26765

CVE-2024-26765 concerns the Linux kernel on LoongArch. The issue arises when hotplugging nonboot CPUs: IRQs are disabled before calling init_fn(), intended to silence warnings and avoid interrupts, but this is tied to the rcu_cpu_starting warning path (CPU: 1, pid: 0). The result is a race where ...

CVE-2024-27060

The CVE-2024-27060 issue affects the Linux kernel Thunderbolt driver, specifically a NULL pointer dereference in tb_port_update_credits() when handling Thunderbolt 1 devices with a single lane. The crash path traces to tb_port_do_update_credits and related hotplug/scan routines, leading to kernel...

CVE-2024-34030

CVE-2024-34030 is a Linux kernel local vulnerability affecting PCI property handling. The issue occurs in pci/of_property code where int_map allocation can fail, potentially leading to a NULL pointer dereference. The fix returns -ENOMEM from of_pci_prop_intr_map() on allocation failure to prevent...

CVE-2024-35873

CVE-2024-35873 is a Linux kernel vulnerability affecting the RISC-V vector state handling during rt_sigreturn. A bug in the restoration path with vector state discard could cause the live vector state and vstate to diverge, and when the vectorized path of user_from_copy() is chosen (CONFIG_RISCV_...

CVE-2024-38592

CVE-2024-38592 relates to the Linux kernel’s drm/mediatek code: when conn_routes is true an extra slot is allocated for ddp_comp but mtk_drm_crtc_create() didn’t initialize it in a test path, causing a crash while traversing the ddp_comp array in mtk_drm_crtc_mode_valid(). The issue appears mitig...