14330 matches found
CVE-2013-4516
CVE-2013-4516 affects the Linux kernel: the mp_get_count function in drivers/staging/sb105x/sb_pci_mp.c before 3.12 does not initialize a data structure, enabling local users to read sensitive data from kernel stack memory via a TIOCGICOUNT ioctl. Reports reference the specific vulnerable code pa...
CVE-2013-4588
CVE-2013-4588: In the Linux kernel, before 2.6.33 with CONFIG_IP_VS enabled, multiple stack-based buffer overflows in net/netfilter/ipvs/ip_vs_ctl.c (via do_ip_vs_get_ctl and do_ip_vs_set_ctl) permit a local user with CAP_NET_ADMIN to gain privileges through getsockopt/setsockopt. Impact is local...
CVE-2014-7207
CVE-2014-7207 affects the Linux kernel IPv6 implementation (3.2.x–3.2.63). The issue stems from improper validation in ipv6_select_ident function calls, permitting local users to trigger a NULL pointer dereference and system crash via tun or macvtap device access. Connected advisories confirm Deb...
CVE-2014-7284
CVE-2014-7284 affects the Linux kernel’s net_get_random_once in net/core/utils.c for 3.13.x and 3.14.x before 3.14.5 on certain Intel CPUs. The issue is that the slow-path to seed randomness is not executed, increasing predictability of TCP sequence numbers, TCP/UDP port numbers, and IP ID values...
CVE-2016-6516
The CVE-2016-6516 issue is a race condition in the Linux kernel’s ioctl_file_dedupe_range implementation (fs/ioctl.c) present in kernels up to 4.7. It can allow local users to cause a denial of service via a heap-based buffer overflow, or potentially gain privileges by altering a count value (a d...
CVE-2021-4454
CVE-2021-4454 - Linux kernel CAN/j1939 session deactivation race : The issue, resolved in Linux kernel CAN/j1939 transport, concerns j1939_session_deactivate() which can be invoked with a session ref-count below 2 in some concurrently-executed paths. The description notes that this is not a fatal...
CVE-2021-47128
CVE-2021-47128 affects the Linux kernel’s SELinux lockdown integration (locked_down LSM hook). The vulnerability stems from buggy SELinux lockdown permission checks in the interaction between bpf/audit pathways and the lockdown checks, which can trigger problematic audit logging and deadlocks. Ex...
CVE-2021-47147
CVE-2021-47147 affects the Linux kernel (ptp: ocp). The issue is a resource leak in an error path after a successful pci_ioremap_bar() unless a corresponding pci_iounmap() is invoked, as implemented in the remove path. The connected documents confirm the vulnerability and its fix in the kernel, w...
CVE-2021-47234
CVE-2021-47234 (Linux kernel) : The issue concerns the phy-mtk-tphy driver, specifically in the mtk_phy_init() error path, where resources could leak. The fix adds a call to clk_disable_unprepare() in the error handling to release resources and prevent leaks. The vulnerability description and con...
CVE-2021-47363
The CVE-2021-47363 issue is a Linux kernel vulnerability in the nexthop path where a resilient nexthop group could cause a division by zero when a stub nh_res_table with zero buckets is assigned during replacement while traffic is flowing. Roots cause: the data path could still reference the old ...
CVE-2021-47524
CVE-2021-47524 : In the Linux kernel, the serial driver (liteuart) leaked a minor number on probe errors. The fix ensures the allocated minor number is released before returning from probe errors. This entry is tied to kernel versions affected by the liteuart minor-number leak and has been resolv...
CVE-2021-47531
Mode C CVE-2021-47531: Linux kernel MSM DRM mmap handling fixed. The issue occurred when switching to the new mmap path (drm/msm: Implement mmap as GEM object function) and skipping the default mmap code. This caused missing VM_FLAGS and page-prot setup, contributing to crashes on ARC++ Chromeboo...
CVE-2021-47569
CVE-2021-47569 : In the Linux kernel io_uring path, cancellation of tasks can fail for EXITING tasks when the callback runs in a fallback path. The issue is triggered during io_uring cancellation logic in fs/io_uring.c (recorded at io_try_cancel_userdata+0x3c5/0x640). The call chain shows timeout...
CVE-2022-48641
CVE-2022-48641 (Linux kernel) affects netfilter ebtables where a malformed blob can cause a memory leak. The fix corrected an incomplete patch that replaced a crash with a leak; the code path incorrectly embedded an assignment to ret in the conditional and this was not properly restored. Affected...
CVE-2022-48741
Technical details (affected product/component/versions/root cause/impact/fix) are not publicly provided in the supplied documents. Monitor for updates; no concrete technical specifics are available here.
CVE-2022-48746
In CVE-2022-48746, the Linux kernel mlx5e bond netevent path incorrectly verified netdev origin: the code only checked for a VF representor and lacked a check that the VF representor was on the same physical device as the bond handling the netevent. The fix adds the missing check and optimizes th...
CVE-2022-48774
CVE-2022-48774 affects the Linux kernel dmaengine/ptdma path. The issue is in pt_core_init() where resource freeing in the error path could leak resources or release unallocated items. The fix switches two goto targets in the error handling path to ensure proper resource cleanup, and relocates a ...
CVE-2022-48778
CVE-2022-48778 concerns a Linux kernel issue in mtd: rawnand gpmi where a PM runtime reference could leak in the error path if gpmi_nfc_apply_timings() fails. The provided documents consistently describe the vulnerability and its resolution, noting that the PM runtime usage counter must be droppe...
CVE-2022-48784
CVE-2022-48784 : In the Linux kernel’s cfg80211 code, a race can occur during netlink owner interface destruction. The previous fix for a deadlock left a race when cfg80211_destroy_ifaces() runs while nl80211_netlink_notify() marks interfaces as nl_owner_dead. The issue arises from two loops: fir...
CVE-2022-48831
CVE-2022-48831 : In the Linux kernel, the IMA path (asymmetric_verify) fixes a reference-leak vulnerability. The patch ensures that a reference to the key is not leaked if the key’s algorithm is unknown. The description currently notes only that this resolves the leak and does not provide additio...
CVE-2022-48833
CVE-2022-48833 involves the btrfs code in the Linux kernel. After patches addressing: (1) btrfs: clear extent buffer uptodate when we fail to write it and (2) btrfs: check WRITE_ERR when reading an extent buffer, unmounts could leave space reservations in block groups/log tree extents uncleared i...
CVE-2022-49064
CVE-2022-49064 affects the Linux kernel's cachefiles code. The issue is an in-use flag leakage in error paths: in cachefiles_open_file(), an in-use flag could leak and cause the system to log “Inode already in use” on subsequent lookups; in cachefiles_create_tmpfile() this leakage could occur wit...
CVE-2022-49665
CVE-2022-49665 affects the Linux kernel (platform/x86: thinkpad_acpi) and is caused by a memory leak in EFCH MMIO resource handling: release_resource() does not free the resource as release_mem_region() would, so the resource must be freed explicitly to avoid leaks. The issue is addressed by a ke...
CVE-2022-49780
The CVE-2022-49780 entry concerns a Linux kernel vulnerability in SCSI target tcm_loop where a name leak can occur if device_register() fails in tcm_loop_setup_hba_bus(). The root cause is improper error-path handling: the memory/name allocated by dev_set_name() is not freed, and put_device() sho...
CVE-2022-49898
CVE-2022-49898 affects the Linux kernel’s Btrfs tree-mod-log path. The issue arises in tree_mod_log_rewind() when replaying log entries for a block that should not have been replayed, triggering BUG_ON(tm->slot
CVE-2022-49978
In the Linux kernel, CVE-2022-49978 concerns the fbdev subsystem (fb_pm2fb) where, during do_fb_ioctl() handling of FBIOPUT_VSCREENINFO, a freely copied var may propagate to fb_set_var()/fb_check_var() and reach pm2fb_check_var(). If var->pixclock is zero, the reciprocal check can trigger a di...
CVE-2022-50011
The CVE-2022-50011 issue affects the Linux kernel code path used by the Venus driver, where the OPP (Operating Performance Points) core warns during probe due to misordered configuration options. The root cause is that the OPP core expects all configuration options to be provided before the OPP t...
CVE-2022-50019
CVE-2022-50019 concerns the Linux kernel tty: serial path, specifically the ucc_uart.c refcount leak. In soc_info(), of_find_node_by_type() may return a node pointer with an incremented refcount that is not released, leading to a resource leak. The documented fix is to call of_node_put() when the...
CVE-2022-50060
The CVE-2022-50060 entry concerns the Linux kernel and relates to octeontx2-af. The issue is a resource leak of MCAM entries during teardown in the FLR path: if a PF/VF detaches, the graceful shutdown may leave MCAM entries allocated. The fix ensures MCAM entries are freed even when LF is detache...
CVE-2022-50067
Concretely, CVE-2022-50067 affects Linux kernel’s btrfs relocation logic: if prepare_to_relocate() triggers a failure during a transaction, the code frees the relocation control (rc) but does not clear fs_info->reloc_ctl, leading to a use-after-free when btrfs_init_reloc_root() later reads rc....
CVE-2022-50070
CVE-2022-50070 affects the Linux kernel and relates to the mptcp datapath: a transmit could race with mptcp_close(), causing a closed subflow (ssk) to be re-transmitted. The root cause is a subflow-state check performed before acquiring the socket lock, enabling re-transmission on an already clos...
CVE-2022-50098
CVE-2022-50098: Linux kernel SCSI qla2xxx crash due to stale SRB access during I/O timeouts; fix ensures SRB is returned during timeout escalation or fails escalation path if not possible. Connected advisories list the CVE but provide no technical details or patch specifics.
CVE-2022-50118
CVE-2022-50118 describes a Linux kernel issue in the PowerPC perf PMU path. A new pmi_irq_pending check in hw_irq.h is used by power_pmu_disable to warn if PMI is pending when no counter overflows. The patch set removes the WARN_ON for PMI in this scenario and adds an optimization to clear pendin...
CVE-2022-50140
CVE-2022-50140 affects the Linux kernel memstick/ms_block subsystem. The root cause is a memory leak where erased_blocks_bitmap is allocated with used_blocks_bitmap but not freed; the patch adds bitmap_free() in msb_data_clear() to free erased_blocks_bitmap. The CVSS 3.1 base score is 5.5 (MEDIUM...
CVE-2022-50156
CVE-2022-50156 affects the Linux kernel HID cp2112 driver (cp2112_xfer). The issue is a potential buffer overflow in memcpy when read_length (taken from data->block[0], user-controlled, 0-255) is not bounded, causing overflow of data->block[1] and buf. Patches have added an upper bound to r...
CVE-2022-50160
CVE-2022-50160 affects the Linux kernel mtd maps code. The root cause is a refcount leak from of_find_matching_node(): the returned node pointer’s refcount isn’t decremented when no longer needed. The fixed code adds a of_node_put() to avoid the leak, and related patches are documented in kernel ...
CVE-2022-50202
CVE-2022-50202 maps to a Linux kernel vulnerability in the PM: hibernate flow where resuming from hibernation defers device probing. The described race involves probe_count, with wait_for_device_probe() potentially sleeping indefinitely while misc_mtx is held, due to three conditions (a device no...
CVE-2022-50218
The CVE-2022-50218 entry describes a Linux kernel vulnerability in the iio: light: isl29028 driver where isl29028_remove() used a non-managed register function, breaking the release order relative to probe and causing a fault trace (null pointer dereference and a general protection fault) during ...
CVE-2022-50222
CVE-2022-50222 affects the Linux kernel in the VT/TTY subsystem, specifically the Unicode screen buffer initialization. According to the provided description, a kernel infoleak could occur in vcs_read() when the screen buffer is read immediately after a resize. The remediation implemented is to i...
CVE-2023-20843
CVE-2023-20843 involves an out-of-bounds read in the imgsys_cmdq component caused by missing valid range checking. Impact: local information disclosure with the potential for system-level execution privileges required, and exploitation reportedly needs user interaction. Affected context is MediaT...
CVE-2023-52797
CVE-2023-52797 is a Linux kernel vulnerability resolved by ensuring find_first_bit() return values are checked before using them as an index (prevents overflow and panic). Affected component: drivers perf in the kernel. The fix (cited in connected advisories) adds a check on the return value to a...
CVE-2023-52906
CVE-2023-52906 affects the Linux kernel’s net/sched code (act_mpls). The TCA_MPLS_LABEL attribute is NLA_U32 but uses NLA_POLICY_VALIDATE_FN, causing nla_get_range_unsigned() warnings due to negative min/max values. The fix changes the attribute type to NLA_BINARY and relocates length validation ...
CVE-2023-53082
CVE-2023-53082 affects the Linux kernel’s VP_VDPA/VDPA path. The root cause is a use-after-free when unplugging a vp_vdpa device, caused by vdpa_mgmtdev_unregister() accessing modern devices during removal, leading to a crash observed as a kernel panic. The patches fix the crash by changing the s...
CVE-2024-38542
CVE-2024-38542: In the Linux kernel’s RDMA mana_ib driver, a boundary check was added inside mana_ib_install_cq_cb to prevent index overflow. Affected component: mana_ib_install_cq_cb (RDMA). Potential impact is local with high confidentiality and availability implications (CVSSv3.1: 7.1, HIGH). ...
CVE-2024-39492
CVE-2024-39492 : The Linux kernel fix targets mailbox: mtk-cmdq where pm_runtime_get_sync() could warn during mbox shutdown. Root cause: return value of pm_runtime_get_sync() could be 1 when runtime is active, leading to a WARN_ON() trigger. The patch changes the conditional to treat WARN_ON() ca...
CVE-2024-41054
CVE-2024-41054 is a Linux kernel vulnerability in the SCSI/UFS subsystem (ufshcd_clear_cmd racing with the completion ISR). The race can lead to a NULL pointer dereference when the ISR completes a request, with a backtrace showing blk_mq_unique_tag and ufshcd_clear_cmd paths in the ufshc_mediatek...
CVE-2024-42251
CVE-2024-42251 is a Linux kernel vulnerability that was resolved by removing folio_try_get_rcu() from mm: page_ref. The issue manifested as a kernel bug (invalid opcode) in non-SMP builds and was fixed in the upstream kernel (mm/gup.c) with the change in include/linux/page_ref.h:275. Affected com...
CVE-2024-42293
The CVE-2024-42293 entry describes an arm64 Linux kernel vulnerability in the mm subsystem related to lockless page-table walks when static and dynamic folding occur in a 4-level page table. The issue could cause random oops due to the p4d_offset_lockless() helper returning a stack-based address ...
CVE-2024-43896
CVE-2024-43896 affects the Linux kernel ASoC cs-amp-lib. Root cause: a NULL pointer crash when efi.get_variable is NULL due to calling it without checking existence. The fix calls efi_rt_services_supported() to verify that efi.get_variable exists before use. CVSS: 5.5 (LOCAL, LOW attack complexit...
CVE-2024-44936
CVE-2024-44936 pertains to the Linux kernel driver for rt5033 power supply. The issue arose after reworking the driver to use devm_power_supply_register(), which dropped i2c_set_clientdata (and the remove callback), while other parts of the driver still relied on i2c clientdata, leading to kernel...