CVE-2010-4256

CVE-2010-4256 affects the Linux kernel: the pipe_fcntl code in fs/pipe.c before 2.6.37 may misidentify named pipes, enabling a local user to cause a denial of service via an F_SETPIPE_SZ fcntl call. The issue is tracked across multiple advisories (e.g., Ubuntu USN-1083-1, RH advisories) and was f...

CVE-2011-4080

CVE-2011-4080 affects the Linux kernel: sysrq_sysctl_handler in kernel/sysctl.c did not require CAP_SYS_ADMIN to modify dmesg_restrict, enabling local users (e.g., in LXC) to bypass restrictions and read the kernel ring buffer with root privileges. Public sources (Red Hat, SUSE, NVD) cite impact ...

CVE-2011-4611

The CVE-2011-4611 entry relates to the Linux kernel on POWERPC where an integer overflow in perf_event_interrupt (arch/powerpc/kernel/perf_event.c) before version 2.6.39 can allow a local user to trigger a denial of service via performance-event handling. Affected: Linux kernel releases prior to ...

CVE-2012-6541

The CVE-2012-6541 flaw affects the Linux kernel prior to version 3.6. The vulnerability resides in ccid3_hc_tx_getsockopt within net/dccp/ccids/ccid3.c, where an internal structure is not initialized, enabling local attackers to read sensitive information from kernel stack memory via a crafted ap...

CVE-2013-0290

The vulnerability CVE-2013-0290 affects the Linux kernel up to version 3.7.x (fixed in 3.8) and is due to how __skb_recv_datagram() in net/core/datagram.c handles MSG_PEEK when data length is zero. A local unprivileged user can trigger an infinite loop, causing a denial of service (system hang). ...

CVE-2013-2548

The CVE-2013-2548 entry concerns the Linux kernel crypto user configuration API (the report API). Specifically, in crypto_report_one (crypto/crypto_user.c), an incorrect length value during a copy operation in the report path allows a local user with CAP_NET_ADMIN to leak kernel memory. The descr...

CVE-2013-2896

The CVE-2013-2896 issue affects the Linux kernel HID driver: drivers/hid/hid-ntrig.c, applicable when CONFIG_HID_NTRIG is enabled, up to kernel version 3.11. It allows physically proximate attackers to trigger a denial of service (NULL pointer dereference and OOPS) via a crafted HID device. Explo...

CVE-2014-7207

CVE-2014-7207 affects the Linux kernel IPv6 implementation (3.2.x–3.2.63). The issue stems from improper validation in ipv6_select_ident function calls, permitting local users to trigger a NULL pointer dereference and system crash via tun or macvtap device access. Connected advisories confirm Deb...

CVE-2015-1339

CVE-2015-1339 affects the Linux kernel: memory leak in cuse_channel_release (fs/fuse/cuse.c) can be triggered by opening /dev/cuse many times, leading to local denial of service via memory consumption (unbounded memory use). The vulnerability is reported as present in kernel versions before 4.4. ...

CVE-2015-4178

Technical details about CVE-2015-4178 are not publicly provided in the connected documents. The materials reference the vulnerability generally; monitor for updates from official advisories.

CVE-2016-5342

The CVE-2016-5342 entry describes a heap-based buffer overflow in the wcnss_wlan_write function of the Linux kernel 3.x wcnss_wlan driver (drivers/net/wireless/wcnss/wcnss_wlan.c) used in Qualcomm QuIC MSM Android contributions. An attacker could trigger a denial of service or potentially other i...

CVE-2017-0525

CVE-2017-0525 is an elevation-of-privilege issue in the Qualcomm IPA driver on Android, enabling a local attacker to execute code in kernel context. Affected: Android devices using Kernel-3.10 or Kernel-3.18 with the Qualcomm IPA driver. Impact per sources: local privilege escalation requiring pr...

CVE-2017-1000377

CVE-2017-1000377 concerns a vulnerability in PAX Linux where the default stack guard page is too small and can be bypassed, allowing a bypass of stack protections. The core details indicate this affects PAX Linux kernel versions as of 19 June 2017, originally from GRSecurity and shipped by other ...

CVE-2019-18807

Two memory leaks in the Linux kernel sja1105_static_config_upload() (drivers/net/dsa/sja1105/sja1105_spi.c) before 5.3.5 can cause memory‑based DoS. The leaks arise when static_config_buf_prepare_for_upload() or sja1105_inhibit_tx() fail (CID‑68501df92d11). Affected product is the Linux kernel; v...

CVE-2021-47141

CVE-2021-47141 affects the Linux kernel gve path and is caused by missing NULL checks when freeing IRQ vectors. Specifically, when freeing notification blocks, code indexes priv->msix_vectors, and a failure to allocate priv->msix_vectors (abort_with_msix_vectors) can lead to a NULL pointer ...

CVE-2021-47193

CVE-2021-47193 affects the Linux kernel SCSI PM80XX driver (pm80xx) where memory allocated by the module is not fully freed on rmmod, causing a memory leak during driver removal. The vulnerability is resolved in Linux kernel code by properly freeing memory when the module is removed. The CVE has ...

CVE-2021-47263

CVE-2021-47263 is a Linux kernel issue in the gpio-wcd934x driver where a shift-out-of-bounds UBSAN error occurred due to using BIT(n-1) for pins 0–4, leading to an out-of-bounds shift in gpio-wcd934x.c:34:14. The vulnerability has been resolved by a patch to correct the bit-mask handling (pins 0...

CVE-2021-47332

CVE-2021-47332 affects the Linux kernel’s ALSA usx2y component. The issue arises from calling free_pages_exact() with a NULL address, which could lead to a kernel Oops if not guarded. The description confirms a NULL check was added to prevent this invalid free path, addressing the vulnerability. ...

CVE-2021-47415

CVE-2021-47415 affects the Linux kernel’s iwlwifi mvm code. The vulnerability is a potential NULL pointer dereference in __iwl_mvm_remove_time_event(), mitigated by checking te_data->vif for NULL before dereferencing. The issue is resolved by the kernel patch referenced in the initial descript...

CVE-2021-47437

In CVE-2021-47437, the Linux kernel IIO ADIS16475 driver is affected by a deadlock during frequency setting. The issue arose from two deadlocks introduced by the patch: (1) adis_write_reg_16() path not fully unlocked, and (2) lock not released on the success path. A fix was applied in commit 39c0...

CVE-2021-47447

CVE-2021-47447 : Linux kernel MSM DRM driver (drm/msm/a3xx) fix implemented for incorrect error handling in a3xx_gpu_init. Error paths returned 1 (not a negative errno), risking an Oops; also the ret check for -ENODATA failed since ret could be 1. The connected advisories confirm this as a kernel...

CVE-2021-47507

CVE-2021-47507 concerns the Linux kernel nfsd startup race. The issue stems from the nsfd startup order: an RPC pipefs event race against nfsd_net_id registration, which was re-opened by commit bd5ae9288d64 and fixed by commit bb7ffbf29e76. The patch sequence restores the order между register_per...

CVE-2021-47554

CVE-2021-47554 affects the Linux kernel vdpa_sim code. Root cause: in error paths of vdpasim_create(), an uninitialized iova_domain could be freed, causing a NULL pointer dereference when put_iova_domain is executed, potentially crashing the system. The fix requires iova_domain to be initialized ...

CVE-2021-47611

CVE-2021-47611 affects the Linux kernel (mac80211) where parsing of extended elements could proceed without verifying that the extended element ID is present. The fix Verifies the extended element ID before parsing to prevent malformed element handling. The documented impact is LOCAL, with attack...

CVE-2022-48770

CVE-2022-48770 affects the Linux kernel vulnerability in the BPF stack trace code: bpf_get_task_stack() could dereference NULL pt_regs because task_pt_regs() may return NULL for kernel threads on powerpc. The patch adds a NULL check on the return value of task_pt_regs() before inspecting the call...

CVE-2022-48784

CVE-2022-48784 : In the Linux kernel’s cfg80211 code, a race can occur during netlink owner interface destruction. The previous fix for a deadlock left a race when cfg80211_destroy_ifaces() runs while nl80211_netlink_notify() marks interfaces as nl_owner_dead. The issue arises from two loops: fir...

CVE-2022-48813

CVE-2022-48813 concerns the Linux kernel’s DSA Felix support. The advisory notes that using devres for the MDIO bus caused mdiobus_free() to panic when freed via devm_mdiobus_free(), unless the bus was unregistered first. For the Felix VSC9959 switch (PCI device), the recommended remediation is t...

CVE-2022-49184

The CVE-2022-49184 issue affects the Linux kernel under net: sparx5: switchdev, where a NULL pointer dereference could occur if devm_kzalloc() returns NULL and the code dereferences the pointer. The description across connected sources indicates the vulnerability was resolved in the Linux kernel ...

CVE-2022-49202

CVE-2022-49202 concerns a missing NULL check in Linux kernel Bluetooth hci_uart path (h5_enqueue), where a Syzbot general protection fault occurred in __pm_runtime_resume() due to blindly passing a possibly NULL serdev pointer (hu->serdev). The issue could lead to GPF if hu->serdev is NULL....

CVE-2022-49363

CVE-2022-49363 – Linux kernel (F2FS): A bug in the F2FS file system allowed a panic due to inconsistent inode SIT/block mapping after fuzzing, fixed by adding a sanity check on block addresses before updating the SIT table in f2fs_fallocate/f2fs_do_zero_range. Affected component is the F2FS imple...

CVE-2022-49419

The CVE-2022-49419 issue affects the Linux kernel vesafb (video: fbdev) where use-after-free can occur if the fb_info is freed in the .remove path before or after .fb_destroy. The underlying cause is an ordering bug: the code previously freed fb_info in .remove, which could reference freed memory...

CVE-2022-49479

CVE-2022-49479 corresponds to a Linux kernel vulnerability in the mt76 driver: a race condition (use-after-free) during station removal can cause a skb to be added to a status-tracking idr after the idr has been cleaned, leaving a wcid linked in the status poll list. The root cause is a race betw...

CVE-2022-49547

CVE-2022-49547 relates to a Linux kernel issue in btrfs where deadlocks can occur when reserving data space for direct IO writes under low free space. The deadlock involves concurrent writes to overlapping file ranges ([0,128K) and [128K,256K)) contending for the inode lock and for ordered extent...

CVE-2022-49681

The CVE-2022-49681 issue in the Linux kernel concerns xtensa: xtfpga setup where of_find_compatible_node() may return a node with an incremented refcount. The fix is to call of_node_put() when the node is no longer in use to prevent a refcount leak. Public advisories (Tencent/Unity Linux integrat...

CVE-2022-49682

CVE-2022-49682 is a Linux kernel issue: in xtensa, a refcount leak bug in time.c occurred where calibrate_ccount() could return a node with an incremented refcount. The fix requires using of_node_put() when the node is no longer used (to avoid a leak). Connected advisories (Astra Linux and Unity/...

CVE-2022-49763

Summary (CVE-2022-49763) In the Linux kernel NTFS code, the use-after-free issue in ntfs_attr_find() stems from missing bounds checks on the attrs_offset field after loading the first MFT record. The vulnerability was exposed by KASAN reports (use-after-free read) during NTFS attribute handling, ...

CVE-2022-49779

CVE-2022-49779 affects the Linux kernel kprobes subsystem, specifically the kprobe-on-ftrace path. Description: when unregistering an aggrprobe, if the currently unregistered probe has a post_handler but sibling probes do not, the aggrprobe’s post_handler may be cleared. If the probe is ftrace-ba...

CVE-2022-49807

CVE-2022-49807 affects the Linux kernel nvmet subsystem, addressing a memory leak in nvmet_auth_set_key when changing dhchap secrets. The fix releases the old secrets to prevent unreferenced memory leaks (kmemleak). Impact details in the provided sources indicate a local issue within nvmet key ma...

CVE-2022-49830

CVE-2022-49830 affects the Linux kernel’s DRM subsystem. The issue occurs in drm_dev_init(), which adds drm_dev_init_release() as a callback; if drmm_add_action() fails, the release callback isn’t registered, causing the refcnt from device_get() in drm_dev_init() to leak instead of being released...

CVE-2022-49841

CVE-2022-49841 affects the Linux kernel serial/imx driver. The root cause is a missing .thaw_noirq hook during hibernation, causing an unbalanced clock disable sequence and a warning like “uart3_root_clk already disabled” during resume. The documented fix is to add the missing .thaw_noirq hook im...

CVE-2022-49914

CVE-2022-49914 involves the Linux kernel btrfs backref walk leak in resolve_indirect_refs(). When an error occurs, code previously freed the parents list with ulist_free(), but attached inode lists via the aux field were not freed, causing a leak. The fix replaces ulist_free() with free_leaf_list...

CVE-2022-49944

CVE-2022-49944 concerns the Linux kernel where a regression from the commit 87d0e2f41b8c in usb: typec: ucsi: add a common function ucsi_unregister_connectors() left a stale sysfs entry with NULL ops, causing a NULL dereference while reading the power supply sysfs and leaving the power device unr...

CVE-2022-49993

CVE-2022-49993 affects the Linux kernel loop subsystem. The vulnerability stems from overflow when configuring a loop via ioctl: the code copies info->lo_offset (loop_info64) into lo_offset (loff_t), enabling an overflow that can trigger a warning in iomap_iter() (via iomap_iter_done). The iss...

CVE-2022-50010

CVE-2022-50010 affects the Linux kernel’s fbdev i740fb driver. If a user space ioctl supplies a pixclock value causing the argument to i740_calc_vclk() to be less than I740_RFREQ_FIX, a divide-by-zero can occur in p_best calculation (drivers/video/fbdev/i740fb.c:353). The vulnerability arises bec...

CVE-2022-50016

CVE-2022-50016 concerns the Linux kernel ASoC SOF Intel cnl driver. The issue arises when an IPC reply is processed before the FW_READY message, risking a NULL pointer dereference because reply_data is allocated only after FW_READY. The description notes this condition was observed with IPC4 firm...

CVE-2022-50045

CVE-2022-50045 is a Linux kernel issue affecting the powerpc/pci path. The vulnerability arose from a locking interaction in get_phb_number(), which could cause a DEBUG_ATOMIC_SLEEP warning when sleep-prone OF routines are called while a hose_spinlock is held. The resolution involves modifying ge...

CVE-2022-50112

The CVE-2022-50112 issue concerns the Linux kernel: a refcount leak in rpmsg qcom_smd parsing logic. Specifically, of_parse_phandle() returns a node pointer with an incremented refcount, which must be balanced with of_node_put() when the node is no longer needed. The vulnerability affects the ker...

CVE-2022-50159

CVE-2022-50159 concerns the Linux kernel: the function that restores ima-kexec-buffer may read outside the addressable RAM if the previous kernel’s buffer lies beyond the new kernel’s memory map, risking kernel panic when booting with mem=X. A fix was implemented to validate the returned PFN rang...

CVE-2022-50166

CVE-2022-50166 affects the Linux kernel Bluetooth HCI subsystem. When the HCI work queue is drained, a delayed command could still be queued to the drained workqueue, triggering a timeout in hci_cmd_timeout and a kernel warning. The root cause is the draining of the command/event/data processing ...

CVE-2022-50187

CVE-2022-50187 involves the ath11k driver netdev open race in the Linux kernel. The issue occurs when ath11k_mac_op_start() runs before mon_reap_timer is set up, leading to a racing open() that can trigger a BUG_ON() in mod_timer(). The fixed advisory notes allocate necessary resources before dev...