14330 matches found
CVE-2022-48769
In CVE-2022-48769, the Linux kernel vulnerability concerns Apple x86 EFI runtime services. The issue stems from a call to QueryVariableInfo() (added with EFI 2.00) used at runtime, which could crash firmware on certain Apple machines when managing NVRAM variables. The mitigation described is to a...
CVE-2022-48770
CVE-2022-48770 affects the Linux kernel vulnerability in the BPF stack trace code: bpf_get_task_stack() could dereference NULL pt_regs because task_pt_regs() may return NULL for kernel threads on powerpc. The patch adds a NULL check on the return value of task_pt_regs() before inspecting the call...
CVE-2022-48812
CVE-2022-48812 concerns the Linux kernel: the net: dsa: lantiq_gswip code should not use devres for mdiobus allocation/registration. The root cause is that mdiobus_free() can panic when invoked via devm_mdiobus_free() because devres_release_all() may free a bus that is still registered, especiall...
CVE-2022-48861
CVE-2022-48861 is a Linux kernel use-after-free vulnerability in the vdpa/vp_vdpa path. When the vp_vdpa driver is unbound, vp_vdpa is freed in vdpa_unregister_device, after which vp_vdpa->mdev.pci_dev is dereferenced in vp_modern_remove, causing a use-after-free. The provided call traces show...
CVE-2022-48926
CVE-2022-48926 affects the Linux kernel USB gadget rndis path. The vulnerability arises from a missing spinlock protecting the rndis response list, enabling potential list corruption when two list_add operations occur concurrently. The provided traces show corruption of next->prev and a corres...
CVE-2022-48930
CVE-2022-48930 corresponds to a deadlock in the Linux kernel RDMA/ib_srp path. The fix removes the flush_workqueue(system_long_wq) call, which was deadlock‑prone and redundant with a preceding cancel_work_sync(). The associated Nessus entries reproduce the advisory text and reference kernel-stabl...
CVE-2022-49169
CVE-2022-49169 concerns the Linux kernel’s f2fs module and a race/lock issue that could cause a hang. The connected advisories document that the fix is to replace a mutex-based path with a spin_lock, specifically to avoid hang scenarios in f2fs when handling certain task reads and statistics oper...
CVE-2022-49202
CVE-2022-49202 concerns a missing NULL check in Linux kernel Bluetooth hci_uart path (h5_enqueue), where a Syzbot general protection fault occurred in __pm_runtime_resume() due to blindly passing a possibly NULL serdev pointer (hu->serdev). The issue could lead to GPF if hu->serdev is NULL....
CVE-2022-49363
CVE-2022-49363 – Linux kernel (F2FS): A bug in the F2FS file system allowed a panic due to inconsistent inode SIT/block mapping after fuzzing, fixed by adding a sanity check on block addresses before updating the SIT table in f2fs_fallocate/f2fs_do_zero_range. Affected component is the F2FS imple...
CVE-2022-49496
The CVE-2022-49496 entry concerns the Linux kernel Mediatek vcodec driver (mtk_vcodec_dec). If the driver runs in subdev mode, dev->pm.dev can be NULL during mtk_vcodec_dec_remove, causing a kernel crash on rmmod mtk-vcodec-dec.ko. All connected documents describe the crash scenario and indica...
CVE-2022-49499
CVE-2022-49499 relates to the Linux kernel, in the drm/msm path. The issue is a null pointer dereference that occurs when the code accesses the per- process address space (aspace) without verifying it is set, which can be null on systems without an IOMMU (e.g., msm8974). The fix adds a check for ...
CVE-2022-49696
CVE-2022-49696 is a Linux kernel use-after-free in tipc_named_reinit, triggered by a race with workqueue finalization. The issue arises because cancel_work_sync() ordering could allow a destroyed TipC namespace to be accessed by a work item enqueuing later, leading to a read of freed memory (KASA...
CVE-2022-49812
CVE-2022-49812 describes a Linux kernel vulnerability in the bridge driver’s VLAN offload path. When VLANs are offloaded via switchdev, the bridge marks them with BR_VLFLAG_ADDED_BY_SWITCHDEV. Changing the VLAN protocol triggers notifications to switchdev drivers and also to the 8021q driver, whi...
CVE-2022-49841
CVE-2022-49841 affects the Linux kernel serial/imx driver. The root cause is a missing .thaw_noirq hook during hibernation, causing an unbalanced clock disable sequence and a warning like “uart3_root_clk already disabled” during resume. The documented fix is to add the missing .thaw_noirq hook im...
CVE-2022-49863
CVE-2022-49863 affects the Linux kernel CAN stack (af_can) where can_rx_register() dereferences ml_priv when dev_rcv_lists is NULL, leading to a NULL pointer dereference during CAN socket binding. The issue occurs during a sequence that binds a vxcan/bond setup to a CAN socket via netlink/socket ...
CVE-2022-49891
CVE-2022-49891 concerns a Linux kernel memory-leak in tracing/kprobe handling. The root cause is that test_gen_kprobe_cmd() frees buf only on the fail path, causing a leak when no failure occurs; the patch moves kfree(buf) from the fail path to the common path, and applies the same fix to test_ge...
CVE-2022-49918
CVE-2022-49918 concerns the Linux kernel IPVS subsystem. The vulnerability arises from the initialization path in ip_vs_conn_net_init() where failure to create ip_vs_conn or ip_vs_conn_sync files still leaves initialization “successful by default.” As a result, during removal, the proc entries ma...
CVE-2022-50037
CVE-2022-50037 concerns the Linux kernel: the drm/i915/ttm path could leak CCS state between users. The issue is resolved by applying the patch that prevents leaking CCS state (cherry-picked from commit 353819d85f87be46aeb9c1dd929d445a006fc6ec). Affected product is the Linux kernel (ttm subsystem...
CVE-2022-50112
The CVE-2022-50112 issue concerns the Linux kernel: a refcount leak in rpmsg qcom_smd parsing logic. Specifically, of_parse_phandle() returns a node pointer with an incremented refcount, which must be balanced with of_node_put() when the node is no longer needed. The vulnerability affects the ker...
CVE-2022-50137
CVE-2022-50137 (Linux kernel) affects RDMA/irdma by a window for use-after-free during CQ destruction. An interrupt could cause CQE processing after CQ resources are freed by irdma_cq_free_rsrc(). The fix moves irdma_cq_free_rsrc() to run after irdma_sc_cleanup_ceqes() (which executes under cq_lo...
CVE-2022-50158
CVE-2022-50158 relates to the Linux kernel vulnerability in mtd: partitions where of_get_child_by_name() returns a node pointer with an incremented refcount and is not put back, leading to a refcount leak. The issue is fixed by adding a missing of_node_put() when the pointer is no longer needed. ...
CVE-2023-3359
CVE-2023-3359 concerns the Linux kernel’s brcm_nvram_parse in drivers/nvmem/brcm_nvram.c, where the return value of kzalloc() is not checked, potentially causing a NULL pointer dereference. The issue is listed with a local attack vector and a high availability impact (CVSS v3.1: AV:L/AC:L/PR:L/UI...
CVE-2023-52743
CVE-2023-52743 involves the Linux kernel. The issue arises when both the ice and irdma drivers are loaded: ice’s workqueue is created with the WQ_MEM_RECLAIM flag while irdma’s is not, triggering a warning in check_flush_dependency during memory reclamation. The root cause, per the advisory, is t...
CVE-2023-52748
CVE-2023-52748 is a Linux kernel vulnerability related to f2fs. The issue stems from a format-overflow during a call to sprintf in fs/f2fs/compress.c within f2fs_init_page_array_cache, triggered when formatting the string "f2fs_page_array_entry-%u:%u" with MAJOR(dev) and MINOR(dev). The computed ...
CVE-2023-52776
The CVE-2023-52776 issue affects the Linux kernel’s wifi/ath12k path. The DFS-radar and temperature event handling code calling ath12k_mac_get_ar_by_pdev_id() was not marked as an RCU read-side critical section, risking use-after-free in active pdev contexts. The fix marks the implicated code as ...
CVE-2023-52900
CVE-2023-52900: Linux kernel nilfs2 vulnerability in nilfs_btree_insert() can cause a general protection fault when a corrupted disk image leads __nilfs_btree_get_block() to return -ENOENT. The patch changes this to -EINVAL, causing subsequent b-tree operations to report corruption and return -EI...
CVE-2023-52901
The CVE-2023-52901 entry affects the Linux kernel USB xHCI host controller handling. The vulnerability arises when URBs are queued to all endpoints while the host is unresponsive, risking a NULL pointer dereference and kernel panic if an endpoint is dereferenced after becoming invalid. The fix ad...
CVE-2023-52983
The CVE-2023-52983 issue affects the Linux kernel’s bfq (multiqueue block I/O) subsystem. It describes a use-after-free (UAF) where bic_set_bfqq() could access a bfqq after it had been freed in certain contexts. The root cause was that bfqq was freed in the wrong place relative to bic_set_bfqq(),...
CVE-2023-53049
CVE-2023-53049 – Linux kernel USB-C/UCSI pointer dereference . A NULL pointer dereference in ucsi_connector_change() could occur if ucsi_init() failed and an event arrives via ucsi_acpi, dereferencing unable ucsi->connector. The fix prevents ntfy from being set until ucsi_init() succeeds, so e...
CVE-2023-53099
CVE-2023-53099 concerns a Linux kernel issue where a sleepable memory allocation was performed from an atomic context in the Xilinx firmware driver, triggering a lockdep-detected “sleeping function called from invalid context” condition. The advisory notes the root cause is in firmware: xilinx an...
CVE-2023-53133
CVE-2023-53133 affects the Linux kernel’s BPF sockmap path (tcp_bpf_recvmsg_parser) where a 0-length recvmsg can loop indefinitely. The description and connected advisories confirm the root cause is an infinite loop when len is 0 and that the fix is to return 0 for length 0 in tcp_bpf_recvmsg_par...
CVE-2023-53138
CVE-2023-53138 corresponds to a Linux kernel vulnerability in the net/caif stack (cfusbl_device_notify). When NETDEV_UNREGISTER is delivered multiple times during device teardown, a use-after-free can occur and there can be an imbalance in the module’s reference count, potentially freeing the par...
CVE-2024-26732
CVE-2024-26732 affects the Linux kernel where SO_PEEK_OFF for sockets could cause a lockdep violation in af_unix, due to per-socket uio lock usage. The vulnerability arises because SO_PEEK_OFF was previously protected by kernel locks; a patch implemented lockless behavior for setsockopt(SO_PEEK_O...
CVE-2024-27060
The CVE-2024-27060 issue affects the Linux kernel Thunderbolt driver, specifically a NULL pointer dereference in tb_port_update_credits() when handling Thunderbolt 1 devices with a single lane. The crash path traces to tb_port_do_update_credits and related hotplug/scan routines, leading to kernel...
CVE-2024-35786
The CVE-2024-35786 issue affects the Linux kernel’s DRM Nouveau driver, specifically a stale locked mutex in nouveau_gem_ioctl_pushbuf that can cause a deadlock if VM_BIND is enabled and a legacy submission ioctl is attempted. The vulnerability is resolved by a kernel fix; the provided connected ...
CVE-2024-35793
CVE-2024-35793 affects the Linux kernel debugfs remove path. The issue was a logic error in the removal cancelation flow: if a refcount is non-zero, cancellations must be triggered; otherwise, removal can finish without cancellations, but the existing loop could never run. The fix adjusts wait/ca...
CVE-2024-38551
CVE-2024-38551 : In the Linux kernel, the ASoC Mediatek path assigns a dummy codec to a DAI link if no real codec is present, to avoid NULL pointer errors during string comparisons. This vulnerability was resolved by the kernel fix described in the initial document, with MediaTek sound card drive...
CVE-2024-38561
CVE-2024-38561 is a Linux kernel vulnerability in kunit: Fix kthread reference. A race exists where a kthread finishes after the deadline but before kthread_stop(), which may lead to a use-after-free. The connected Nessus/NASL entry confirms a patch addressing the kunit kthread reference issue (C...
CVE-2024-38592
CVE-2024-38592 relates to the Linux kernel’s drm/mediatek code: when conn_routes is true an extra slot is allocated for ddp_comp but mtk_drm_crtc_create() didn’t initialize it in a test path, causing a crash while traversing the ddp_comp array in mtk_drm_crtc_mode_valid(). The issue appears mitig...
CVE-2024-38624
CVE-2024-38624 affects the Linux kernel NTFS3 file system code. The issue arises from using 32-bit arithmetic in a computing expression (for example, vbo = 2 * vbo + skip), risking overflow; the fix is to switch to a 64-bit variable to prevent 32-bit overflow. Multiple advisories (e.g., Ubuntu US...
CVE-2024-39461
In Linux kernel CVE-2024-39461, the Raspberry Pi clock code (clk/bcm/clk-raspberrypi.c) accessed the hws array before initializing hws->num, triggering UBSAN array-index-out-of-bounds warnings. The fix moves the initialization of ->num ahead of the first access to ->hws, removing the out...
CVE-2024-40926
CVE-2024-40926 affects the Linux kernel DRM Nouveau driver. The issue occurs when runtime PM resumes on headless cards that lack display hardware, where hpd_work and hpd_lock are left uninitialized and scheduling hpd_work triggers a BUG. The patch adds a headless flag to DRM and instructs the sys...
CVE-2024-41037
CVE-2024-41037 affects the Linux kernel ASoC: SOF Intel ASoC HDA path. The vulnerability arises during system suspend entry when a stream is active: the core calls hw_params_upon_resume(), and on Intel platforms using HDA DMA this leads to a call chain that hits a null dereference. Specifically, ...
CVE-2024-42071
CVE-2024-42071 is a Linux kernel issue related to the ionic driver where napi_consume_skb() is invoked outside a safe NAPI context. The root cause described in the sources is that a non-NAPI/softirq path should call napi_consume_skb with budget=0, as indicated by the code notes and stack traces (...
CVE-2024-42088
CVE-2024-42088 affects Linux kernel ASoC: Mediatek mt8195, where a platform entry for ETDM1_OUT_BE dai link was removed inadvertently, causing a KASAN OOB warning in mtk_soundcard_common_probe() due to an empty platforms array. The fix adds a COMP_EMPTY() entry to ensure dai_link->platforms ha...
CVE-2024-42234
CVE-2024-42234 affects the Linux kernel in the area of memory management, specifically the deferred split and large folio migration path. The root cause is a race during deferred_split_scan() where folios are moved to a local list without proper synchronization, risking double frees and related B...
CVE-2024-42242
In CVE-2024-42242, the Linux kernel mmc: sdhci driver had a mismatch between two checks for max_segment_size. max_size was forced to PAGE_SIZE by blk_queue_max_segment_size() when it was below PAGE_SIZE, while blk_validate_limits() treated a max_segment_size below PAGE_SIZE as an error (returning...
CVE-2024-43844
CVE-2024-43844 affects the Linux kernel’s wifi rt w89 GTK offload path. The issue stems from rtw89_fw_h2c_wow_gtk_ofld handling, where a sk_buff could be oversized, causing skb_panic in net/core/skbuff.c and a kernel crash (BUG at skbuff.c:192). Affected data path: wow GTK offload H2C, leading to...
CVE-2024-44997
CVE-2024-44997 affects the Linux kernel’s net: ethernet: mtk_wed component. The issue is a use-after-free/panic in MT798X when turning down an interface on a band with multiple AP interfaces and WED enabled. The root cause: cb_priv was freed in mtk_wed_setup_tc_block() without nulling the pointer...
CVE-2024-46764
CVE-2024-46764 affects Linux kernel’s BPF/BTF handling: btf_name_valid_section() can pass an invalid 1-byte name if name[0] is a NULL byte, enabling an out-of-bounds condition. The fix adds a check for a NULL first byte and that the first character is printable. The initial entry indicates the vu...