CVE-2022-48713

The CVE-2022-48713 issue concerns the Linux kernel perf/x86/intel/pt path where a PT stop filter in single-range output mode could crash the kernel. The root cause was a missing check for buf->single before calling pt_buffer_region_size, leading to a NULL pointer dereference when ToPA is not c...

CVE-2022-48722

CVE-2022-48722 affects the Linux kernel, specifically the net/ieee802154: ca8210 path. On error, the helper ieee802154_xmit_complete() is not invoked and only ieee802154_wake_queue() is called, which can leak an skb. The remediation is to free the skb structure upon error before returning. Multip...

CVE-2022-48731

CVE-2022-48731 is a Linux kernel vulnerability affecting mm/kmemleak: when using devm_request_free_mem_region() and devm_memremap_pages() to add ZONE_DEVICE memory, an excessively large end_pfn (e.g., 0x400000000) can make node_end_pfn() oversized, creating a huge hole between node_start_pfn() an...

CVE-2022-48830

CVE-2022-48830 affects the Linux kernel CAN stack (isotp). The issue was a race during CAN frame reception where isotp_rcv_ff()/isotp_rcv_cf() could modify so->rx.len concurrently, causing skb_put to panic (skb_over_panic). The fix introduces a spin_lock around isotp_rcv to ensure state/data s...

CVE-2022-48847

CVE-2022-48847 concerns the Linux kernel: a fix for watch_queue_set_filter() where a type check used BITS_PER_LONG could overflow the type_filter bitmap, enabling out-of-bounds writes to wfilter->type_filter and to wfilter->filters[]. The issue arises from two separate checks; one uses 8* s...

CVE-2022-48892

CVE-2022-48892 : Linux kernel sched/core fix for a use-after-free in dup_user_cpus_ptr(). The vulnerability existed due to dup_user_cpus_ptr() accessing user_cpus_ptr without proper locking, racing with fork() and the clearing of user_cpus_ptr during set_cpus_allowed_ptr_locked(), primarily affec...

CVE-2022-48908

CVE-2022-48908 is a Linux kernel issue affecting the arcnet com20020 PCI driver. The root cause is a null pointer dereference during com20020pci_probe() because the com20020pci_id_table may leave the card-info field empty for some devices, causing a null dereference on initialization. The provide...

CVE-2022-48914

CVE-2022-48914 affects the Linux kernel’s xen_netfront/xennet_destroy_queues path. The vulnerability arises because xennet_destroy_queues() relies on netdev->real_num_tx_queues, which is cleared after unregister_netdev() due to net-sysfs changes, causing a NULL dereference when freeing queues ...

CVE-2022-49127

CVE-2022-49127 is a Linux kernel vulnerability fix where the ref_tracker use-after-free detection was added. The patch marks the ref_tracker_dir as dead during ref_tracker_dir_init() and checks this dead status from ref_tracker_alloc() and ref_tracker_free(), aiming to detect buggy dev_put()/dev_...

CVE-2022-49161

The CVE-2022-49161 entry pertains to the Linux kernel ASoC: mediatek mt8183_da7219_max98357_dev_probe. The vulnerability root cause is a refcount leak caused by not calling of_node_put() in error paths after of_parse_phandle() returns a device_node with incremented refcount. The description indic...

CVE-2022-49167

The CVE-2022-49167 entry concerns a Linux kernel issue in btrfs where the compression path could cause a bio to be completed twice on error. The connected documents describe the root cause as the path that handles compressed reads potentially ending the bio both in the compression path and again ...

CVE-2022-49186

CVE-2022-49186 describes a Linux kernel vulnerability in the Visconti clock driver where a -1 sentinel used to indicate no reset function is stored in an unsigned 8-bit field. This caused the check if (clks[i].rs_id >= 0) to always be true, leading to an out-of-bounds access in visconti_clk_re...

CVE-2022-49245

CVE-2022-49245 affects the Linux kernel ASoC Rockchip implementation, specifically the rockchip_i2s_tdm_resume path. The root cause is that pm_runtime_get_sync would increment the PM usage counter even when the operation failed, leading to a reference counter leak. The documented fix replaces the...

CVE-2022-49255

CVE-2022-49255 concerns the Linux kernel’s F2FS filesystem. The connected advisories/documentation confirm a root cause: a missing free nid in f2fs_handle_failed_inode, corrected by a patch that fixes xfstests/generic/475 failure. The impact described in the sources includes potential orphan inod...

CVE-2022-49361

The CVE-2022-49361 entry concerns a Linux kernel issue in f2fs where inline inode sanity checks were strengthened. The bug arose when a fuzzed inode had both inline_data and encrypted flags, and during f2fs_evict_inode() invoked by a rename(), inline data could be converted due to flag conflicts,...

CVE-2022-49380

The CVE-2022-49380 entry concerns a Linux kernel F2FS bug where total_valid_block_count/total_valid_node_count could fuzz to zero, leading to a BUG_ON() during dec_valid_node_count() in f2fs_remove_inode_page()/f2fs_evict_inode(). The issue was fixed by printing a warning and changing behavior to...

CVE-2022-49417

CVE-2022-49417 involves the Linux kernel component iwlwifi/mei. The issue is a potential NULL-ptr dereference that could occur when SKB allocation fails; the fix was to skip using the NULL pointer instead of dereferencing it. This vulnerability is described as resolved in multiple sources and is ...

CVE-2022-49718

CVE-2022-49718 concerns a Linux kernel issue in the irqchip/apple-aic path. The root cause is a refcount leak in aic_of_ic_init: of_get_child_by_name() returns a node pointer with an incremented refcount, and the patch adds a missing of_node_put() to release it when no longer needed. The connecte...

CVE-2022-49756

CVE-2022-49756 is about a Linux kernel issue in the USB sunplus PHY path. A null pointer dereference could occur in sp_usb_phy_probe() because platform_get_resource_byname() may fail and yield NULL, and devm_ioremap() could then use usbphy->moon4_res_mem->start as input. The fixes described...

CVE-2022-49833

The CVE-2022-49833 issue affects the Linux kernel's btrfs zoned handling: when cloning a btrfs_device, the associated btrfs_zoned_device_info is not cloned for zoned filesystems, which can lead to a NULL pointer dereference when accessing the device’s zone_info (e.g., when activating a zone). The...

CVE-2022-49978

In the Linux kernel, CVE-2022-49978 concerns the fbdev subsystem (fb_pm2fb) where, during do_fb_ioctl() handling of FBIOPUT_VSCREENINFO, a freely copied var may propagate to fb_set_var()/fb_check_var() and reach pm2fb_check_var(). If var->pixclock is zero, the reciprocal check can trigger a di...

CVE-2022-49989

CVE-2022-49989 concerns the Linux kernel’s xen/privcmd code. The vulnerability stems from: (1) error exit handling in privcmd_ioctl_dm_op() calling unlock_pages() with NULL pages, risking a NULL dereference, and (2) lock_pages() not verifying pin_user_pages_fast() success, potentially leaving som...

CVE-2022-50011

The CVE-2022-50011 issue affects the Linux kernel code path used by the Venus driver, where the OPP (Operating Performance Points) core warns during probe due to misordered configuration options. The root cause is that the OPP core expects all configuration options to be provided before the OPP t...

CVE-2022-50067

Concretely, CVE-2022-50067 affects Linux kernel’s btrfs relocation logic: if prepare_to_relocate() triggers a failure during a transaction, the code frees the relocation control (rc) but does not clear fs_info->reloc_ctl, leading to a use-after-free when btrfs_init_reloc_root() later reads rc....

CVE-2022-50097

CVE-2022-50097 affects the Linux kernel’s video fbdev s3fb driver. The bug arises in s3fb_set_par() where the code computes screen_size from user input and can exceed info->screen_size, leading to a kernel PAGE_FAULT on write (local access) during memset_io. The issue is mitigated by the docum...

CVE-2023-3317

CVE-2023-3317 is a use-after-free flaw in the Linux kernel’s MediaTek MT7921E WiFi driver (mt7921_check_offload_capability in drivers/net/wireless/mediatek/mt76/mt7921/init.c). The defect can crash the system after releasing the internal memory for device features and may enable a kernel informat...

CVE-2023-52941

CVE-2023-52941 affects the Linux kernel can:isotp subsystem. The bug arose from the tx timer handling for isotp PDUs, where the timer served two roles: sending two consecutive frames with a gap and monitoring timeouts for flow control and echo frames. This caused more complex txstate checks and e...

CVE-2023-52981

The CVE-2023-52981 entry concerns the Linux kernel's DRM/i915 path, where GuC-enabled error capture and debugfs dump handling introduced incorrect reference counting for the request object. The issue affects the context-based search and execlist-based search paths, requiring proper get/put refere...

CVE-2024-38306

Summary (CVE-2024-38306) A race in the Linux kernel’s Btrfs path: during allocation/attachment of an extent buffer, the code previously used page-private ownership under a lock, but a refactor (alloc_extent_buffer) enabled an allocate-then-attach sequence that may allow a competing release to und...

CVE-2024-38542

CVE-2024-38542: In the Linux kernel’s RDMA mana_ib driver, a boundary check was added inside mana_ib_install_cq_cb to prevent index overflow. Affected component: mana_ib_install_cq_cb (RDMA). Potential impact is local with high confidentiality and availability implications (CVSSv3.1: 7.1, HIGH). ...

CVE-2024-40962

CVE-2024-40962 affects the Linux kernel btrfs zoning code. The issue is a NULL pointer dereference in btrfs_zone_finish_endio() when handling zoned NODATASUM writes under zoned emulation for conventional zones. The fix, as described in the disclosure, is to allocate dummy checksums for zoned NODA...

CVE-2024-42300

The CVE concerns the Linux kernel’s erofs subsystem, specifically a race in z_erofs_get_gbuf() that can migrate the current task between z_erofs_gbuf_id() and spin_lock(&gbuf->lock). This race can cause z_erofs_put_gbuf() to trigger a kernel BUG in fs/erofs/zutil.c, as observed during stress t...

CVE-2024-45004

CVE-2024-45004 affects the Linux kernel KEYS: trusted: dcp path. The bug leaks the blob encryption key (BEK) plaintext on export because BEK decryption occurs in-place in the key blob; subsequent reads output the BEK in plain text. The issue arises when importing a DCP-based trusted key and expor...

CVE-2025-21778

CVE-2025-21778 : In the Linux kernel, a fault occurs when mmap() is used on a trace ring buffer attached to reserve_mem. The mapping relied on virt_to_page() which does not work with vmap’d memory, causing a kernel oops during access. The fix disables mmap() for such persistent ring buffers (rese...

CVE-2025-21882

CVE-2025-21882 concerns the Linux kernel code path net/mlx5: Fix vport QoS cleanup on error. When enabling vport QoS fails, the scheduling node was never freed, causing a leak. The fix adds the missing free and resets the vport scheduling node pointer to NULL. Other connected advisories reference...

CVE-2025-38268

CVE-2025-38268: In the Linux kernel, a deadlock window existed in the USB Type‑C/TCPM Alt Mode interaction due to an unprotected state check in tcpm_queue_vdm_unlocked, which could allow the Alt Mode driver to grab the TCPM lock while state changes occurred. The fix moves tcpm_queue_vdm_unlocked ...

CVE-2025-38303

CVE-2025-38303: In the Linux kernel, Bluetooth eir_create_adv_data could crash when trying to add EIR_FLAGS and EIR_TX_POWER without ensuring they fit. The issue is fixed in the kernel (referenced commits in the connected documents) and affects the Bluetooth/EIR data path; remediation is applying...

CVE-2025-38414

The CVE-2025-38414 entry concerns the Linux kernel wifi driver ath12k for PCIe devices, where GCC_GCC_PCIE_HOT_RST was misdefined for the WCN7850. The issue caused kernel crashes on certain platforms due to divergent register definitions between WCN7850 and QCN9274; the fix moves GCC_GCC_PCIE_HOT...

CVE-2025-38453

CVE-2025-38453 affects the Linux kernel: the io_uring/msg_ring path can free an io_kiocb at an unsafe time, leading to use-after-free scenarios. The documented fix defers freeing via RC/RCU mechanics by adding an rcU head and switching to kfree_rcu() in both the freeing paths (io_msg_tw_complete(...

CVE-2025-38490

CVE-2025-38490 affects the Linux kernel (net: libwx) where page_pool_put_full_page() could be invoked in contexts other than freeing Rx buffers or building skb when the page size is too short. The documented root cause is that pages could be double-freed, leading to kernel panics. The fix removes...

CVE-2025-38496

CVE-2025-38496 concerns the Linux kernel and relates to the dm-bufio component. The issue occurs when the DM_BUFIO client is configured with NO_SLEEP and verity integration, where buffer eviction could trigger scheduling in spin_lock_bh, potentially leading to a sleeping operation in an atomic co...

CVE-2004-0075

The CVE-2004-0075 issue affects the Linux kernel's Vicam USB driver prior to 2.4.25. The vulnerability arises because data copied from userspace to kernel space does not use copy_from_user, crossing security boundaries and enabling a local attacker to cause a denial of service. Public advisories ...

CVE-2004-0415

The CVE-2004-0415 issue affects the Linux kernel where 64-bit file offset pointers are not reliably converted to 32 bits, enabling a local unprivileged user to access portions of kernel memory. An attacker can leverage this through file I/O paths that manipulate 32/64-bit offset conversions, pote...

CVE-2005-0136

Technical details for CVE-2005-0136 are not publicly available in the provided documents. Please monitor for updates in the connected feeds for affected products, components, and remediation information; no concrete exploit vectors, affected versions, or fixes are specified here.

CVE-2005-0530

CVE-2005-0530 is a signedness error in the copy_from_read_buf function in n_tty.c of the Linux kernel (affected: 2.6.10 and 2.6.11rc1) that allows local users to read kernel memory via a negative argument. The vulnerability is documented across multiple advisories, including Red Hat (RHSA-2005:36...

CVE-2006-0741

CVE-2006-0741 affects the Linux kernel before 2.6.15.5 on Intel EM64T/Intel processors. The issue enables a local denial of service via an endlessly recursive fault caused by a bad ELF entry address. The vulnerability is exploited locally (no authentication required). The documented fixes indicat...

CVE-2006-5754

CVE-2006-5754 is a Linux kernel local vulnerability in the aio_setup_ring path where an incorrect initialization of nr_pages can lead to a local DoS (crash). The issue is described in multiple advisories and open‑source scanning feeds as part of a broader set of kernel flaws resolved by kernel up...

CVE-2007-1497

CVE-2007-1497 affects the Linux kernel nf_conntrack netfilter code prior to 2.6.20.3. During IPv6 fragment reassembly, nfctinfo is not set, leaving the default IP_CT_ESTABLISHED and potentially allowing remote attackers to bypass certain netfilter rulesusing IPv6 fragments. The documented fix is ...

CVE-2007-2480

CVE-2007-2480 affects Linux kernel 2.6.21 and earlier, in net/ipv4/udp.c. The _udp_lib_get_port function allows binding a port with a specific local address even when the port is already bound by a wildcard local address, potentially letting local users intercept local traffic for daemons or othe...

CVE-2008-3535

CVE-2008-3535 is an off-by-one error in the iov_iter_advance function of Linux kernel mm/filemap.c, addressed by multiple advisories. Public disclosures in Debian/Ubuntu indicate this allows local attackers to crash the system (denial of service) via certain sequences of readv/writev/file operati...