14330 matches found
CVE-2022-3103
Technical details about CVE-2022-3103 are not publicly provided in the supplied documents. Monitor for updates from vendors and security advisories; current sources only note an off-by-one issue in the io_uring module without specifics.
CVE-2022-48713
The CVE-2022-48713 issue concerns the Linux kernel perf/x86/intel/pt path where a PT stop filter in single-range output mode could crash the kernel. The root cause was a missing check for buf->single before calling pt_buffer_region_size, leading to a NULL pointer dereference when ToPA is not c...
CVE-2022-48714
Summary of CVE-2022-48714 : The Linux kernel vulnerability arises in the ringbuffer mapping used by BPF. The root cause is a Kasan-related mislabeling where mappings created from allocated pages were treated as VM_ALLOC, triggering out-of-bounds reports after vmap() when KASAN is enabled. The fix...
CVE-2022-48862
The CVE-2022-48862 vulnerability is in the Linux kernel vhost/vhost.c and related vhost/vsock.c handling of IOTLB entries. The root cause is a range-size overflow in vhost_iotlb_add_range_ctx(): when start = 0 and last = ULONG_MAX, an entry with size = 0 is created, and subsequent packet processi...
CVE-2022-48908
CVE-2022-48908 is a Linux kernel issue affecting the arcnet com20020 PCI driver. The root cause is a null pointer dereference during com20020pci_probe() because the com20020pci_id_table may leave the card-info field empty for some devices, causing a null dereference on initialization. The provide...
CVE-2022-48945
CVE-2022-48945 is associated with a Linux kernel vulnerability in the media/vivid driver where the compose height adjustment could cause a boundary overrun in V4L2_SEL_TGT_CROP handling. The root cause is a missing boundary check after adjust compose->height, which could lead to memory access ...
CVE-2022-49255
CVE-2022-49255 concerns the Linux kernel’s F2FS filesystem. The connected advisories/documentation confirm a root cause: a missing free nid in f2fs_handle_failed_inode, corrected by a patch that fixes xfstests/generic/475 failure. The impact described in the sources includes potential orphan inod...
CVE-2022-49361
The CVE-2022-49361 entry concerns a Linux kernel issue in f2fs where inline inode sanity checks were strengthened. The bug arose when a fuzzed inode had both inline_data and encrypted flags, and during f2fs_evict_inode() invoked by a rename(), inline data could be converted due to flag conflicts,...
CVE-2022-49417
CVE-2022-49417 involves the Linux kernel component iwlwifi/mei. The issue is a potential NULL-ptr dereference that could occur when SKB allocation fails; the fix was to skip using the NULL pointer instead of dereferencing it. This vulnerability is described as resolved in multiple sources and is ...
CVE-2022-49743
CVE-2022-49743 affects the Linux kernel's overlay filesystem (ovl). The fix changes memcpy destination to use the root_buf/“buf” flexible array to avoid Fortify_SOURCE warnings. Root cause: copying into a flexible array that wasn’t the memcpy destination previously triggered a false positive warn...
CVE-2022-49780
The CVE-2022-49780 entry concerns a Linux kernel vulnerability in SCSI target tcm_loop where a name leak can occur if device_register() fails in tcm_loop_setup_hba_bus(). The root cause is improper error-path handling: the memory/name allocated by dev_set_name() is not freed, and put_device() sho...
CVE-2022-49784
CVE-2022-49784 affects the Linux kernel perf/x86/amd/uncore subsystem. The issue is a memory leak where the events array in per-CPU NB/LLC uncore contexts is freed late, after the uncore context is freed when a CPU comes online. The documented fix is to free the events array before freeing the un...
CVE-2022-49796
The CVE-2022-49796 issue affects the Linux kernel tracing/kprobe path. It concerns a potential NULL pointer dereference in trace_array if test_gen_kprobe_cmd() fails after kprobe_event_gen_cmd_end(), where gen_kretprobe_test could reference an invalid trace_array after kprobe_event_delete(). The ...
CVE-2022-49814
CVE-2022-49814 concerns a race condition in the Linux kernel KCM RX path. The issue arises because sk_receive_queue is protected by the skb queue lock, but KCM sockets’ RX path uses mux->rx_lock to protect more than just the skb queue, while kcm_recvmsg() continued to only grab the skb queue l...
CVE-2022-49840
CVE-2022-49840 affects the Linux kernel's BPF test_run path (bpf_prog_test_run_skb) where an odd-sized user-supplied BPF program could trigger an alignment fault on aarch64 leading to use-after-free in skb handling. The issue is caused by unaligned access to skb_shared_info when KFENCE is enabled...
CVE-2022-49907
CVE-2022-49907 is a Linux kernel issue in net: mdio related to undefined behavior from shifting a signed 32-bit value by 31 bits in __mdiobus_register. The root cause is an out-of-bounds bit shift in mdiobus initialization; the code was changed to use an unsigned type to avoid UB. A UBSAN warning...
CVE-2022-49957
CVE-2022-49957 concerns a Linux kernel issue in the kcm path where strp_init() is invoked before the csk->sk_user_data check. The vulnerability arises because strp_init() initializes strp->work (and others); calling strp_done() to cancel it is unnecessary if sk_user_data isn’t checked yet. ...
CVE-2022-50026
CVE-2022-50026 concerns a Linux kernel vulnerability where the NIC queue offset calculation could shift out of bounds during NIC queue validation. The root cause is related to how habanalabs/gaudi handling interacts with NIC queues, leading to potential out-of-bounds access. The CVSS metrics indi...
CVE-2022-50061
CVE-2022-50061 concerns the Linux kernel pinctrl nomadik path. The root cause is a refcount leak in nmk_pinctrl_dt_subnode_to_map: of_parse_phandle() returns a node pointer with incremented refcount, and of_node_put() was not called when the node is no longer needed. The issue is resolved by addi...
CVE-2022-50175
CVE-2022-50175 affects the Linux kernel media driver for tw686x. The vulnerability is a memory leak in tw686x_video_init: video_device_alloc() allocates memory for vdev, and if video_register_device() fails, the memory is not released, causing a leak. The fix is to call video_device_release() to ...
CVE-2022-50226
CVE-2022-50226 affects the Linux kernel crypto: ccp subsystem, where sev ioctl interfaces could allocate memory with kmalloc to handle input up to SEV_FW_BLOB_MAX_SIZE but were not fully overwritten by PSP firmware, risking uninitialized slab memory. The issue is resolved by changing ioctl memory...
CVE-2023-20846
CVE-2023-20846 concerns MediaTek chips where the vulnerability resides in the imgsys_cmdq path, caused by missing valid range checking that enables an out-of-bounds read. The documented impact is local information disclosure with system-level execution privileges required, and exploitation report...
CVE-2023-20850
The CVE concerns the imgsys_cmdq component in MediaTek chips, where an out-of-bounds write can occur due to missing valid range checking. This could permit local escalation of privilege with system execution privileges required, and user interaction is needed for exploitation. Documented impact i...
CVE-2023-52688
CVE-2023-52688 affects the Linux kernel wifi driver ath12k, where an error path in the core rfkill config fail path did not free allocated resources. The issue could cause resource leaks by not destroying the core pdev when rfkill config initialization fails. The accompanying fix adds a call to c...
CVE-2023-52930
The CVE-2023-52930 issue affects the Linux kernel’s i915 driver: a race between multiple threads calling I915_GEM_SET_TILING to switch tiling to I915_TILING_NONE could cause a double-free (or memory leak on transitions). The fix moves allocation/free’ing of the bit_17 mask inside the section prot...
CVE-2023-52998
CVE-2023-52998 — In the Linux kernel’s fec driver, freeing RX buffers used page_pool_release_page, which unmaps but doesn’t recycle pages, enabling memory exhaustion after repeated eth0 up/down. A fix replaces it with page_pool_put_full_page, recycling the page when refcnt == 1. The vulnerability...
CVE-2024-26847
CVE-2024-26847 concerns the Linux kernel on POWER platforms where RTAS function names were spelled inconsistently. The PAPR-specified name is ibm,reset-pe-dma-windows, but firmware in practice used ibm,reset-pe-dma-window in the device tree. This mismatch caused reverse lookups (token -> name)...
CVE-2024-39492
CVE-2024-39492 : The Linux kernel fix targets mailbox: mtk-cmdq where pm_runtime_get_sync() could warn during mbox shutdown. Root cause: return value of pm_runtime_get_sync() could be 1 when runtime is active, leading to a WARN_ON() trigger. The patch changes the conditional to treat WARN_ON() ca...
CVE-2024-46789
CVE-2024-46789 (Linux kernel) details from connected documents show a concrete fix: in mm/slub, the tagging logic now checks s->flags in alloc_tagging_slab_free_hook to avoid calling alloc_tag_add when SLAB_NO_OBJ_EXT or SLAB_NOLEAKTRACE are set. This prevents the NULL ref (ref->ct) and the...
CVE-2025-21774
CVE-2025-21774 affects the Linux kernel in the Rockchip RKCANFD code path. The issue is addressed by fixing can: rkcanfd_handle_rx_fifo_overflow_int() to bail out when skb allocation fails, via a NULL pointer check. The vulnerability vulnerable path leads to a potential failure to handle RX FIFO ...
CVE-2025-21824
Technical details about CVE-2025-21824 are not publicly available in the provided connected documents; no vendor/product specifics or mitigations are provided. Monitor for updates.
CVE-2025-37895
The CVE affects the Linux kernel BNXT Ethernet driver (bnxt_en). The root cause is in bnxt_init_chip() where a failure path triggers cancel_work_sync() on uninitialized dim work because BNXT_STATE_NAPI_DISABLED is not set during bnxt_open(). The fix sets BNXT_STATE_NAPI_DISABLED during initializa...
CVE-2025-37981
CVE-2025-37981 – Linux kernel (scsi: smartpqi) vulnerability : The smartpqi driver used the reset_devices flag to detect kdump, causing inappropriate adjustments after a regular kexec reboot. This led to abnormally low parameters (e.g., max_transfer_size) and, more seriously, memory corruption fr...
CVE-2025-38006
CVE-2025-38006 affects the Linux kernel MCTP path: in net/mctp, mctp_dump_addrinfo may read uninitialized memory from ifaddrmsg when filtering by ifa_index if the struct isaddrmsg is not provided. This can occur during certain netlink dumps (e.g., from syzkaller/busybox ip addr show). The issue i...
CVE-2025-38048
CVE-2025-38048 is a Linux kernel data-race in virtio_ring related to event_triggered. The issue, observed as a KCSAN data race between virtqueue_enable_cb_delayed() and virtqueue_disable_cb_split/packed() when the event_triggered flag is read/written, could cause an unreliable hint about interrup...
CVE-2025-38474
CVE-2025-38474 affects the Linux kernel USB Sierra network driver. The issue arises from not verifying that the driver’s third USB endpoint is an interrupt input, since the code only checked for three endpoints and bulk in/out. The fix “rectifies the omission” by validating the endpoint type. Ups...
CVE-2025-38490
CVE-2025-38490 affects the Linux kernel (net: libwx) where page_pool_put_full_page() could be invoked in contexts other than freeing Rx buffers or building skb when the page size is too short. The documented root cause is that pages could be double-freed, leading to kernel panics. The fix removes...
CVE-2025-38496
CVE-2025-38496 concerns the Linux kernel and relates to the dm-bufio component. The issue occurs when the DM_BUFIO client is configured with NO_SLEEP and verity integration, where buffer eviction could trigger scheduling in spin_lock_bh, potentially leading to a sleeping operation in an atomic co...
CVE-2004-1071
The CVE-2004-1071 issue affects the Linux kernel’s binfmt_elf loader (binfmt_elf.c) in kernels 2.4.x up to 2.4.27 and 2.6.x up to 2.6.8. A failed mmap is not handled correctly, leading to an incorrectly mapped image and potential local code execution by unauthorized users. The connected SUSE advi...
CVE-2005-0136
Technical details for CVE-2005-0136 are not publicly available in the provided documents. Please monitor for updates in the connected feeds for affected products, components, and remediation information; no concrete exploit vectors, affected versions, or fixes are specified here.
CVE-2005-3108
CVE-2005-3108 affects the Linux kernel 2.6 on AMD64 (and a bug in the ioremap() path). Local users could trigger a denial of service or information leak by performing an ioremap on a memory map and causing iounmap to look up a non-existent page. Public advisories from Debian, Ubuntu, Red Hat/Cent...
CVE-2005-3274
CVE-2005-3274 is a race condition in the Linux kernel’s SMP path for ip_vs_conn_flush, where a connection timer can expire while the connection table is being flushed before the correct lock is held. Affects Linux 2.6.x (before 2.6.13) and 2.4.x (before 2.4.32-pre2). Local users could trigger a n...
CVE-2005-3783
CVE-2005-3783 affects the Linux kernel 2.6 before 2.6.14.2. The vulnerability lies in the ptrace.c implementation (ptrace functionality) where CLONE_THREAD can attach to a process without validating the thread group ID, allowing a local user to trigger a crash (Denial of Service). The issue is lo...
CVE-2006-0558
CVE-2006-0558 affects the Linux kernel perfmon subsystem on IA-64. The vulnerability enables local users to trigger a denial of service (crash) by interrupting a task while another process is accessing the mm_struct, causing a BUG_ON in put_page_testzero. Public context across connected documents...
CVE-2006-5754
CVE-2006-5754 is a Linux kernel local vulnerability in the aio_setup_ring path where an incorrect initialization of nr_pages can lead to a local DoS (crash). The issue is described in multiple advisories and open‑source scanning feeds as part of a broader set of kernel flaws resolved by kernel up...
CVE-2007-3513
CVE-2007-3513 : In the Linux kernel, the lcd_write function in drivers/usb/misc/usblcd.c does not limit memory used by a caller, allowing a local user to exhaust memory and cause a denial of service. Affected until 2.6.22-rc7; remediation is upgrading to 2.6.22-rc7 or later where the issue is fix...
CVE-2007-3719
CVE-2007-3719 concerns the Linux kernel scheduler around version 2.6.16, which gives preference to “interactive” processes that perform voluntary sleeps. This bias can be exploited by a local user to trigger a denial of service via CPU consumption. The connected documents reiterate the vulnerabil...
CVE-2007-5498
The CVE-2007-5498 issue affects the Xen hypervisor block backend driver for Linux kernel 2.6.18. When running on a 64-bit host with a 32-bit paravirtualized guest, a local privileged user in the guest can trigger a denial of service (host OS crash) by issuing a request that specifies a very large...
CVE-2008-4113
The vulnerability CVE-2008-4113 affects the Linux kernel prior to 2.6.26.4 with SCTP-AUTH enabled. In sctp_getsockopt_hmac_ident (net/sctp/socket.c), an untrusted length value is used to bound data copied from kernel memory, allowing a local unprivileged user to disclose sensitive kernel memory c...
CVE-2008-5395
CVE-2008-5395 is a Linux kernel vulnerability affecting PA-RISC where parisc_show_stack in arch/parisc/kernel/traps.c can be triggered by unwinding a stack containing userspace addresses, allowing local users to crash the system (denial of service). The issue is fixed in the 2.6.28-rc7 kernel (an...