CVE-2022-49797

CVE-2022-49797 concerns the Linux kernel tracing subsystem. The vulnerability is a potential NULL pointer dereference in the kprobe path: when trace_get_event_file() fails, gen_kretprobe_test may be marked as the error code, and if the kprobe_event_gen_test module is removed, a dereference can oc...

CVE-2022-49801

CVE-2022-49801 is a Linux kernel vulnerability tied to the tracing subsystem, specifically a memory leak in tracing_read_pipe() that can trigger a kmemleak-unreferenced-object issue. The linked OpenVAS/Nessus entries and EulerOS advisories (EulerOS-SA-2025-2546, EulerOS-SA-2025-2296, etc.) list t...

CVE-2022-49834

CVE-2022-49834 concerns a use-after-free in nilfs2 when downgrading to read-only and remounting read/write, risking access to a freed nilfs_writer. The issue arises during a race between log-writer detachment and remount/downgrade, potentially allowing a Task1 thread to dereference a freed pointe...

CVE-2022-49836

The CVE-2022-49836 issue in the Linux kernel concerns a memory leak in siox_device_add() if device_register() fails. The fix ensures proper reference handling: after an error, the name allocated by dev_set_name() is freed by freeing the reference with put_device(), allowing kobject_cleanup() to f...

CVE-2022-49858

The CVE-2022-49858 issue affects the Linux kernel in the octeontx2-pf driver. The vulnerability arose from an incorrect SQE (submission queue entry) availability check: the current method used HW-updated SQB count, which could allow submitting an SQE before the previously transmitted CQE was proc...

CVE-2022-49868

CVE-2022-49868 relates to a Linux kernel quirk involving the mt7621 PCI PHY/staging driver. The issue arises when mt7621_soc_dev_attr registers the SoC as a device, causing an oops in soc_device_match_attr. The quirk was introduced in the staging driver (staging: mt7621-pci-phy) and was later re-...

CVE-2022-49917

CVE-2022-49917 affects the Linux kernel IPVS subsystem (ip_vs_app_net_cleanup and ip_vs_app_net_init). If ip_vs_app fails to be created during init, removal still proceeds, causing the ip_vs_app entry to be missing and a WARNING in fs/proc/generic.c: remove_proc_entry. The issue is demonstrated b...

CVE-2022-49945

The CVE-2022-49945 issue affects the Linux kernel hwmon gpio-fan driver. The vulnerability occurs because gpio_fan_set_cur_state() does not validate the cooling state against fan_data->num_speeds, allowing an out-of-bounds index in set_fan_speed(). Practical impact is potential kernel oops or ...

CVE-2022-49946

CVE-2022-49946 affects the Linux kernel component handling Raspberry Pi clocks (clk: bcm: rpi). The vulnerability arises in raspberrypi_discover_clocks() where the loop relies on the last clock element’s id being zero, a property not guaranteed by Videocore firmware, which could lead to an out-of...

CVE-2022-50065

CVE-2022-50065 entry is rejected and does not represent an active vulnerability.

CVE-2022-50110

The CVE-2022-50110 issue affects the Linux kernel watchdog sp5100_tco path, where a memory leak of EFCH MMIO resource occurred because release_resource() was not freeing the resource as release_mem_region() does; the leak is fixed by explicitly freeing the resource. The vulnerability details and ...

CVE-2022-50221

CVE-2022-50221 : In the Linux kernel, the drm/fb-helper deferred I/O damage handling could compute an clipping range that allowed an out-of-bounds access when the fbdev screen buffer ended near the start of a page. The patch clamps the maximum memory range to the screen buffer size and also renam...

CVE-2023-52526

The CVE-2023-52526 issue affects the Linux kernel’s erofs memory handling during global compressed deduplication. The vulnerability is a memory leak related to LZMA global deduplication under stress (enabled with -Ededupe) that could cause transient pages not to be released, potentially leading t...

CVE-2023-52906

CVE-2023-52906 affects the Linux kernel’s net/sched code (act_mpls). The TCA_MPLS_LABEL attribute is NLA_U32 but uses NLA_POLICY_VALIDATE_FN, causing nla_get_range_unsigned() warnings due to negative min/max values. The fix changes the attribute type to NLA_BINARY and relocates length validation ...

CVE-2023-52930

The CVE-2023-52930 issue affects the Linux kernel’s i915 driver: a race between multiple threads calling I915_GEM_SET_TILING to switch tiling to I915_TILING_NONE could cause a double-free (or memory leak on transitions). The fix moves allocation/free’ing of the bit_17 mask inside the section prot...

CVE-2023-53133

CVE-2023-53133 affects the Linux kernel’s BPF sockmap path (tcp_bpf_recvmsg_parser) where a 0-length recvmsg can loop indefinitely. The description and connected advisories confirm the root cause is an infinite loop when len is 0 and that the fix is to return 0 for length 0 in tcp_bpf_recvmsg_par...

CVE-2023-53135

The CVE-2023-53135 entry describes a Linux kernel vulnerability in riscv where, if CONFIG_FRAME_POINTER is unset, the stack unwinding function walk_stackframe may read the stack non-atomically in imprecise unwinding mode, enabling a KASAN-detected stack-out-of-bounds condition. The identified fix...

CVE-2024-27409

The CVE-2024-27409 entry concerns the Linux kernel HDMA path of the dmaengine (dw-edma). The vulnerability stems from a race: the Linked list element/pointer may be written to memory and the doorbell register toggled before the full write completes, because the linked list and controller register...

CVE-2024-35792

CVE-2024-35792 refers to a Linux kernel issue in the crypto/rk3288 path where a use-after-free could occur due to an incorrect call order. The description in the connected documents states: the unprepare call must be carried out before the finalize call, as the finalize can free the request. The ...

CVE-2024-36027

CVE-2024-36027 affects the Linux kernel’s BTRFS zoned write path. The issue arises when btrfs_clear_buffer_dirty() marks an extent buffer as EXTENT_BUFFER_ZONED_ZEROOUT and a write IO is in progress (WRITEBACK, not DIRTY); a ZEROOUT flag could be added just before bio submission, potentially clea...

CVE-2024-36033

CVE-2024-36033 refers to a vulnerability in the Linux kernel where the Bluetooth: qca driver could leak slab data when fetching the board id. The issue was fixed by adding a missing sanity check during the board-id fetch, preventing leakage of slab data when firmware is subsequently requested. Th...

CVE-2024-42072

Summary of CVE-2024-42072 (Linux kernel, bpf may_goto with negative offset) The issue, reported through the Linux kernel, stems from two bugs exposed by a syzbot-facilitated bpf program: (1) the patching of may_goto when the offset is negative, which requires a different handling; and (2) a verif...

CVE-2024-42088

CVE-2024-42088 affects Linux kernel ASoC: Mediatek mt8195, where a platform entry for ETDM1_OUT_BE dai link was removed inadvertently, causing a KASAN OOB warning in mtk_soundcard_common_probe() due to an empty platforms array. The fix adds a COMP_EMPTY() entry to ensure dai_link->platforms ha...

CVE-2024-43896

CVE-2024-43896 affects the Linux kernel ASoC cs-amp-lib. Root cause: a NULL pointer crash when efi.get_variable is NULL due to calling it without checking existence. The fix calls efi_rt_services_supported() to verify that efi.get_variable exists before use. CVSS: 5.5 (LOCAL, LOW attack complexit...

CVE-2024-44997

CVE-2024-44997 affects the Linux kernel’s net: ethernet: mtk_wed component. The issue is a use-after-free/panic in MT798X when turning down an interface on a band with multiple AP interfaces and WED enabled. The root cause: cb_priv was freed in mtk_wed_setup_tc_block() without nulling the pointer...

CVE-2024-52560

CVE-2024-52560 — Linux kernel ntfs3 handling improved . The vulnerability, resolved in the Linux kernel, involved the NTFS-3G ntfs3 driver marking an inode as bad only after detecting an error in mi_enum_attr(). The fix extends mi_enum_attr()’s interface by adding a new parameter (struct ntfs_ino...

CVE-2024-56730

CVE-2024-56730: In the Linux kernel, a memory allocation failure in net/9p/usbg (trans_usbg.c) was fixed by correcting kzalloc() failure handling to return NULL instead of ERR_PTR. The issue was detected in linux-next (next-20241108, vanilla kernel) and could affect memory exhaustion scenarios. T...

CVE-2025-21713

CVE-2025-21713 affects the PowerPC/ pSeries IOMMU path in the Linux kernel. The issue occurs when reusing the same vfio container across different IOMMU groups, where spapr_tce_set_window() may lead to cleanup that dereferences a null or invalid tbl, causing a kernel crash (NULL pointer dereferen...

CVE-2025-21874

CVE-2025-21874 is a Linux kernel vulnerability in dm-integrity, where in Inline mode the journal is unused and journal_sectors can be zero. Calculating the journal watermark divides by journal_sectors, which can trigger an OOPS during a simple dmsetup table query. The issue was observed on some s...

CVE-2025-38048

CVE-2025-38048 is a Linux kernel data-race in virtio_ring related to event_triggered. The issue, observed as a KCSAN data race between virtqueue_enable_cb_delayed() and virtqueue_disable_cb_split/packed() when the event_triggered flag is read/written, could cause an unreliable hint about interrup...

CVE-2025-38097

CVE-2025-38097 affects the Linux kernel’s espintcp encap socket caching. The current caching scheme creates a reference leak on the encap socket chain: xfrm_state -> encap_sk -> netns. If the espintcp state is deleted before removing the netns, the netns can be leaked; otherwise the netns i...

CVE-2025-38102

The CVE CVE-2025-38102 describes a race in VMCI within the Linux kernel between vmci_host_setup_notify and vmci_ctx_unset_notify. A warning can be triggered in try_grab_folio due to a still-in-progress get_user_pages_fast writing to context->notify_page, which may be observed and mismanaged du...

CVE-2025-38122

In CVE-2025-38122, the Linux kernel vulnerability is due to a missing NULL check in gve_alloc_pending_packet() used by gve_tx_add_skb_dqo(). The function can return NULL, but the caller did not guard against this, risking NULL pointer dereference in low‑memory scenarios. The fix adds the missing ...

CVE-2025-38124

CVE-2025-38124 affects the Linux kernel UDP GSO fraglist handling. The vulnerability arises when a frag_list GSO skb has part of its payload pulled into head_skb, causing the frag_list SKBs to lose their expected geometry and triggering a failure in skb_segment. The description specifies the inva...

CVE-2025-38155

CVE-2025-38155: In the Linux kernel, the wifi mt76/mt7915 driver had a NULL pointer dereference in mt7915_mmio_wed_init() because devm_ioremap() can return NULL and this was not checked. The fix adds a NULL check to prevent the dereference, mitigating an potential crash/vector local to the system...

CVE-2025-38157

Affected software: Linux kernel driver ath9k_htc (wifi). Issue: when an adversarial USB device emits WMI_SWBA_EVENTID before beaconing is enabled, ath9k_htc_swba() may trigger a device-by-zero error causing a crash or out-of-bounds read. Root cause: improper handling of software beacon processing...

CVE-2025-38170

CVE-2025-38170 concerns the Linux kernel (arm64) FPSIMD/SVE/SME state handling. A race during SME trap handling can cause a preemption race where a task ends up with TIF_SME set and TIF_FOREIGN_FPSTATE cleared while the live hardware state is stale. The provided code path shows a trap handler and...

CVE-2025-38204

CVE-2025-38204 affects the Linux kernel’s JFS filesystem. The issue is an array-index-out-of-bounds read in add_missing_indices, where stbl (s8) must map to offsets 0–127. A bound check was added and -EIO is returned if the check fails; jfs_readdir is also updated to propagate errors from add_mis...

CVE-2025-38225

CVE-2025-38225 is a Linux kernel issue affecting the media: imx-jpeg driver, where failures to clean up after an allocation error can cause buffers to remain uninitialized and lead to NULL pointer dereferences. The vulnerability is resolved in upstream kernel fixes, with Debian and other vendors ...

CVE-2025-38244

The CVE-2025-38244 entry concerns a deadlock in the Linux kernel CIFS/SMB client when reconnecting channels. The issue stems from improper lock ordering in cifs_signal_cifsd_for_reconnect(), introducing a circular dependency between three locks: tcp_ses->srv_lock, ret_buf->ses_lock, and ret...

CVE-2025-38298

CVE-2025-38298 corresponds to a Linux kernel EDAC issue (EDAC/skx_common) where reloading i10nm_edac after unloading and reloading can trigger a general protection fault. The root cause was that the adxl_component_count variable, which tracks ADXL components, was not reset during the reload seque...

CVE-2025-38299

CVE-2025-38299 affects the Linux kernel ASoC Mediatek mt8195 driver. Root cause: ETDM1/2 IN/OUT were set to COMP_DUMMY/COMP_EMPTY when codec dai_name is null, leading to a NULL pointer dereference and kernel crash during probe. The fix initializes or guards these links to safe dummy/empty compone...

CVE-2025-38313

CVE-2025-38313 affects the Linux kernel in the bus: fsl-mc path. The issue is a double-free of mc_dev on error paths when the MC device is a DPRC, where mc_bus is allocated and mc_dev points to one field; only the mc_bus should be freed in that path. The description notes a fix/workaround impleme...

CVE-2025-38344

CVE-2025-38344 relates to ACPICA in the Linux kernel where ACPI cache leaks were fixed. Technical details in connected docs show memory leaks in Acpi-State, Acpi-Parse, and Acpi-parse_ext caches due to merging of slabs and use of KMEM cache flags (SLAB_NEVER_MERGE). The root cause was leaks in ea...

CVE-2025-38419

In CVE-2025-38419, Linux kernel remoteproc core fixes a resource leak: when rproc_attach() runs with rproc->state = RPROC_DETACHED and rproc_handle_resources() fails, resources allocated by imx_rproc_prepare() were not released. The mitigation is a code change in rproc_attach() to route to cle...

CVE-2025-38467

CVE-2025-38467 affects the Linux kernel DRM/Exynos driver (exynos7_drm_decon). A race condition could cause a kernel NULL pointer dereference during boot when a secondary console device (e.g., TTY serial) is present, leading to a panic. The fix adds a guard to validate that the DRM device can han...

CVE-2025-38470

Summary: CVE-2025-38470 affects the Linux kernel’s VLAN handling (net: vlan) where VLAN 0 is auto-managed when rx-vlan-filter is enabled. The root cause is a refcount imbalance during runtime toggling of VLAN filtering, which can cause a memory leak for VLAN 0 if the feature is disabled while a d...

CVE-2025-38475

CVE-2025-38475 : Linux kernel SMC sockets suffered from inet_sock type confusion causing oops/double-free behavior when freeing inet_opt due to smc_sock hijacking AF_INET/AF_INET6 fields. Root cause: smc_sock did not place inet_sock as the first member, allowing misinterpretation of function poin...

CVE-2004-1071

The CVE-2004-1071 issue affects the Linux kernel’s binfmt_elf loader (binfmt_elf.c) in kernels 2.4.x up to 2.4.27 and 2.6.x up to 2.6.8. A failed mmap is not handled correctly, leading to an incorrectly mapped image and potential local code execution by unauthorized users. The connected SUSE advi...

CVE-2004-1234

The CVE-2004-1234 entry refers to a vulnerability in the Linux kernel where load_elf_binary for ELF binaries with a NULL interpreter can trigger a denial of service (system crash) on local attackers. This affects Linux kernels prior to 2.4.26. The SUSE security page and related OpenVAS/DSA entrie...