CVE-2022-50307

In CVE-2022-50307, the Linux kernel s390/cio subsystem had an out-of-bounds read during cio_ignore free scans. The bug arose from an optimization that excluded online devices from scans, incorrectly assuming I/O-subchannel drvdata pointed to a private struct, which is invalid for devices bound to...

CVE-2022-50327

CVE-2022-50327 in the Linux kernel concerns ACPI: processor: idle where acpi_fetch_acpi_dev() could return NULL, causing a NULL pointer dereference in acpi_device_hid(). The connected Nessus/SUSE advisories confirm this CVE is addressed in kernel live patches for SUSE SLES15 SP5 (multiple patches...

CVE-2022-50364

The CVE-2022-50364 issue in the Linux kernel concerns i2c mux: reg: an IPv4? actually resource handling in platform_get_resource() returning NULL leading to NULL pointer dereference in resource_size(). The documented fix moves the call to resource_size() to after devm_ioremap_resource() which che...

CVE-2022-50370

The provided documents describe a Linux kernel issue (CVE-2022-50370) in the i2c designware driver where an interrupt occurring during resume from S3 could trigger a NULL pointer dereference in i2c_dw_xfer_msg() on certain Alder Lake‑S platforms. Root cause: an interrupt from i2c_designware.0 (PC...

CVE-2022-50375

CVE-2022-50375 affects the Linux kernel: the fix ensures that in lpuart_dma_shutdown the flags for lpuart_dma_tx_use and lpuart_dma_rx_use are set to false. Without this, lpuart_flush_buffer could access DMA APIs after DMA teardown, causing aborts. The patch prevents DMA access after relinquishme...

CVE-2022-50378

CVE-2022-50378 is a Linux kernel issue in the DRM Meson driver where unloading the driver could trigger a use-after-free (observed as a KASAN warning on __list_del_entry_valid). The description attributes the bug to the driver deinit sequence and notes that a reorder of the deinitialization steps...

CVE-2022-50388

CVE-2022-50388 affects the Linux kernel where a flush request initialized by blk_kick_flush can carry a NULL bio. With blktrace and multipath enabled, nvme_trace_bio_complete may dereference this NULL bio during io completion, leading to kernel NULL pointer dereference (crash) as shown by an OOPS...

CVE-2022-50392

CVE-2022-50392 is a Linux kernel vulnerability affecting ASoC: mediatek mt8183. The issue is a refcount leak in the mt8183_mt6358_ts3a227_max98357_dev_probe() path caused by not calling of_node_put() on the phandle node returned by of_parse_phandle() when finishing usage. The connected advisories...

CVE-2022-50394

CVE-2022-50394 affects the Linux kernel i2c subsystem (specifically the ismt ioctl path in the ismt_access() function). The vulnerability arises when the driver does not validate user-supplied data, allowing an oversized data->block[0] to trigger an out-of-bounds read, as demonstrated by the k...

CVE-2023-53179

The CVE-2023-53179 entry concerns the Linux kernel netfilter ipset component. Issue: the missing IP_SET_HASH_WITH_NET0 macro in ip_set_hash_netportnet.c caused an incorrect CIDR_POS(c) calculation, risking slab-out-of-bounds access due to integer underflow. Root cause: absence of IP_SET_HASH_WITH...

CVE-2023-53190

CVE-2023-53190 relates to a Linux kernel issue: a memory leak in the vxlan error path due to missing vxlan_vnigroup_uninit() when completion fails in vxlan_vnigroup_init(). The vulnerability affects vxlan initialization under certain error-injection/recovery scenarios, leading to memory leaks and...

CVE-2023-53224

CVE-2023-53224 details (Linux kernel): The issue arises in ext4 where the release handler was set to kfree, which had an incompatible function prototype under clang KFIs. A wrapper with the correct prototype fixes the mismatch. The root cause is a function-prototype mismatch surfaced by Clang’s -...

CVE-2023-53225

The connected details describe CVE-2023-53225 as a Linux kernel issue in the SPI IMX driver where the remove path could skip cleanup of DMA resources on error. The root cause is returning early from a platform driver’s remove callback, leading to a permanent resource leak because DMA resources ma...

CVE-2023-53228

Summary: CVE-2023-53228 corresponds to a Linux kernel regression in the AMDGPU driver where, on command submission failure due to userptr invalidation, legacy code would redundantly clean up a scheduler job. The cleanup was unnecessary because the job cleanup logic was integrated into the existin...

CVE-2023-53255

CVE-2023-53255 : Linux kernel vulnerability in firmware: stratix10-svc caused a potential resource leak in svc_create_memory_pool (invoked from stratix10_svc_drv_probe). The memremap() call was not paired with memunmap(), risking leakage. The fix switches to devm_memremap() to ensure proper resou...

CVE-2023-53271

CVE-2023-53271 concerns the Linux kernel UBI layer. The issue arises from a mismatch between create and destroy interfaces where the object created by ubi_eba_create_table() is freed via kfree(), leaving ubi_eba_table->entries potentially not freed, leading to a kmemleak-reported unreferenced ...

CVE-2023-53314

CVE-2023-53314 affects the Linux kernel fbdev/ep93xx-fb driver. The vulnerability stems from assigning the Linux device to struct fb_info.dev; register_framebuffer() already initializes this field, and drivers must not override it. The bug could cause a leak by incorrectly decreasing the hardware...

CVE-2023-53317

CVE-2023-53317 is a Linux kernel vulnerability in the ext4 subsystem, specifically the mb_find_extent path. The provided description shows a fix for a WARNING triggered in mb_find_extent and associated traces involving ext4_mb_complex_scan_group and ext4_ext_map_blocks, indicating a misbehavior i...

CVE-2023-53332

CVE-2023-53332: In the Linux kernel, a missing NULL pointer check in ipi_send_verify() can allow NULL dereference in irq_data_get_affinity_mask() when ipi_send_{mask|single}() is called with an invalid interrupt number, causing a kernel oops. The fix adds the NULL pointer check in ipi_send_verify...

CVE-2023-53334

CVE-2023-53334 affects the Linux kernel USB: chipidea subsystem. The issue was a memory leak that occurred when using debugfs_lookup(); the returned object must be paired with dput(), otherwise memory leaks over time. The fix simplifies handling by using debugfs_lookup_and_remove(), which perform...

CVE-2023-53355

The CVE-2023-53355 entry concerns the Linux kernel (staging: pi433) where a memory leak occurs when using debugfs_lookup() because the returned object is not paired with dput(). The recommended fix is to use debugfs_lookup_and_remove(), which handles the necessary dput() logic and related cleanup...

CVE-2023-53359

CVE-2023-53359 affects the Linux kernel and fixes a memory-leak in debugfs_lookup(). The issue occurs when the result of debugfs_lookup() is not paired with a dput(), allowing memory to leak over time. The workaround introduced in the patch is to call debugfs_lookup_and_remove(), which handles al...

CVE-2023-53400

CVE-2023-53400 : In the Linux kernel, ALSA: hda: Fix Oops by 9.1 surround channel names. The root cause is get_line_out_pfx() overflowing a static array when more than 8 channels are present (reported on MacBookPro 12,1 with Cirrus codec). The fix extends the code paths to accommodate 9.1 channel...

CVE-2023-53413

CVE-2023-53413 concerns a memory leak in the Linux kernel USB isp116x driver triggered by debugfs_lookup() usage. The issue arises because the result from debugfs_lookup() must be released with dput(), and if not, memory leaks accrue over time. The referenced fix replaces the call path with debug...

CVE-2023-53420

CVE-2023-53420 affects the Linux kernel NTFS code path. The issue arises in ntfs_listxattr() (fs/ntfs3/xattr.c) where slab-out-of-bounds access could occur due to incorrect handling in the ea_all iteration when aea->name_len is 0, potentially reading invalid memory during listxattr(). The vend...

CVE-2023-53423

CVE-2023-53423 is a Linux kernel vulnerability resolved by a fix in objtool. The issue is a memory leak: strdup() allocates memory for key_name and the code path handling errors does not free it, leading to leaks in create_static_call_sections(). The connected advisories (EulerOS/Nessus entries) ...

CVE-2023-53472

CVE-2023-53472 affects the Linux kernel PWM driver for LPC32xx. The patch removes handling of PWM channels because LPC32xx PWM controllers expose a single output, so pwm->hwpwm is always 0. This simplifies the code and, per the description, fixes a NULL pointer dereference by ensuring lpc32xx-...

CVE-2023-53516

The CVE-2023-53516 entry corresponds to a Linux kernel macvlan netlink policy issue. A new attribute IFLA_MACVLAN_BC_CUTOFF was added, but the nla_policy in macvlan_policy (drivers/net/macvlan.c) was not described, allowing a 4-byte integer (NLA_S32) to be faked as empty and potentially cause an ...

CVE-2025-38357

CVE-2025-38357 concerns the Linux kernel fuse implementation emitting a runtime warning during truncate_folio_batch_exceptionals(). Public details indicate the WARN_ON_ONCE path was added in truncate_folio_batch_exceptionals() and that fixes were already applied to xfs and ext4 via commit 0e2f80a...

CVE-2025-38358

CVE-2025-38358 relates to a race in Linux kernel’s btrfs async reclaim path. The bug occurs when an ordered iput is delayed while BTRFS_FS_STATE_NO_DELAYED_IPUT is already set, triggering an assertion in btrfs_add_delayed_iput during close_ctree. The described scenario: async reclaim schedules wr...

CVE-2025-38411

CVE-2025-38411 affects the Linux kernel netfs code. The issue is a double put of the netfs request during cleanup: when a request finishes in the pause loop, the ref for IN_PROGRESS is removed, but the final wait loop may also call the collector if IN_PROGRESS is clear. The fix makes netfs_collec...

CVE-2025-38504

Summary: CVE-2025-38504 relates to the Linux kernel, specifically the io_uring/zcrx component. The connected documents describe a code-level fix in the destruction path for page pools, where a misplaced warning could trigger during destruction and affect niovs handling. The root cause is that nio...

CVE-2025-38536

CVE-2025-38536 affects the Linux kernel in the net:airoha path, where np->name could be used after a call to of_node_put(np). This release-after-check pattern could cause a use-after-free if pdev is NULL. The documented fix moves of_node_put(np) to execute only after both the error and success...

CVE-2025-38596

The CVE-2025-38596 entry concerns a Linux kernel UAF in the panthor_gem_create_with_handle() debugfs path. The issue stems from handling drm_gem_object life cycle where an object could be considered initialized or added to debugfs after it was potentially released via drm_gem_object_put(). The fi...

CVE-2025-38620

The CVE-2025-38620 vulnerability affects the Linux kernel’s zloop (zoned loop) device. It arises from a use-after-free in blk_mq_free_tag_set() during zloop removal: zloop_ctl_remove() frees zlo memory (via zloop_free_disk()) and then accesses zlo->tag_set, which now points to freed memory. Th...

CVE-2025-38649

In the Linux kernel fix for CVE-2025-38649 (arm64, qcom, qcs615), an infinite loop in Coresight tracing caused a stack overflow and system crash when only a source device was enabled. The root cause is a recursive invocation of coresight_find_activated_sysfs_sink while locating an active sink, le...

CVE-2025-38655

The CVE-2025-38655 issue in the Linux kernel affects pinctrl for canaan: k230 where the group parser retrieved the device-tree property "pinmux" without validating the of_get_property() return. The root cause is a missing NULL check, leading to a potential NULL pointer dereference if the property...

CVE-2025-38657

CVE-2025-38657 affects the Linux kernel’s wifi/rtw89 MCC path. The vulnerability arises because the user-controlled link_id parsed via debugfs can exceed BITS_PER_LONG, causing shift wrapping and potentially an out-of-bounds access. The issue is mitigated by capping the value to IEEE80211_MLD_MAX...

CVE-2025-38705

CVE-2025-38705: In the Linux kernel, writing a string without delimiters to gpu_od/fan_ctrl or pp_power_profile_mode for the CUSTOM profile can cause a NULL pointer dereference in drm/amd/pm. SUSE/OpenSUSE advisories (e.g., SUSE-SU-2025:03600-1) list this alongside many other kernel fixes and ind...

CVE-2025-38709

CVE-2025-38709 affects the Linux kernel loop device where changing the loop block size while a filesystem is mounted can cause a block-size mismatch between the loop device and the superblock, triggering warnings such as in __getblk_slow(). The issue is remedied by obtaining an exclusive hold on ...

CVE-2025-38733

CVE-2025-38733 is a Linux kernel vulnerability affecting s390/mapping of lowcore pages. The issue stems from the identity mapping pinning to address zero, causing the lowcore to be mapped at zero even when relocate_lowcore is used; this can lead to NULL pointer accesses succeeding where they shou...

CVE-2025-39674

CVE-2025-39674 affects the Linux kernel scsi: ufs: ufs-qcom path. Root cause: a regression from removing MSI descriptor abuse caused a NULL pointer dereference when Platform MSI allocation fails while configuring ESI, due to cleanup using __free() on resources that were never allocated. The issue...

CVE-2025-39695

CVE-2025-39695 affects the Linux kernel RDMA/rxe path. The issue arises when skb packets that depend on RXE resources (e.g., QP, sk) are destroyed while RXE resources are being released, causing call traces. The patch adds a timestamp when skb packets are created to avoid skb packets hanging in s...

CVE-2025-39699

CVE-2025-39699 affects the Linux kernel (iommu/riscv) with a fix to prevent NULL dereference in iova_to_phys. The issue arises because riscv_iommu_pte_fetch() may return NULL for unmapped/never-mapped IO virtual addresses, and riscv_iommu_iova_to_phys() did not handle NULL, leading to a potential...

CVE-2025-39717

CVE-2025-39717 concerns the Linux kernel and is described as resolved. The issue centers on open_tree_attr(2) and id-mapping changes: a bug in a previous commit allowed bypassing the restriction by calling open_tree_attr(2) without OPEN_TREE_CLONE, potentially enabling detached mounts to alter id...

CVE-2025-39719

CVE-2025-39719 reports a Linux kernel vulnerability in iio: imu: bno055 where an out-of-bounds access could occur due to iterating the hw_xlate array with the length of vals instead of hw_xlate. The fix adds a hw_xlate_len field to the bno055_sysfs_attr to ensure correct bounds during bno055_get_...

CVE-2025-39729

CVE-2025-39729 affects the Linux kernel crypto CCP implementation. The issue arises from dereferencing an uninitialized error pointer in sev-dev.c:1312, previously allowing an assumption that the variable could be NULL and leading to a potential crash or instability. The vulnerability was address...

CVE-2025-39736

CVE-2025-39736 : In the Linux kernel, a deadlock can occur in kmemleak when netpoll is enabled because pr_warn_once() may be called while holding kmemleak_lock, potentially triggering netpoll and reacquiring the lock. The fix moves the pr_warn_once() call out of the locked region by setting a fla...

CVE-2025-39738

CVE-2025-39738 affects the Linux kernel (btrfs) and is triggered during relocation of partially dropped subvolumes. The root cause is a missing orphan item for a subvolume, causing a delayed-ref transaction abort when relocating, with an offender inside a dropped subvolume. Upstream fixes exist (...

CVE-2025-39749

The CVE-2025-39749 issue is in the Linux kernel’s RCU read-side handling: when IRQ work is used (CONFIG_IRQ_WORK=y) and rcu_read_unlock() runs in an interrupts-disabled region, irq-work can interrupt rcu_read_unlock_special(), creating a data race on the per-CPU defer_qs_iw_pending field. The fix...