CVE-2022-50064

CVE-2022-50064 involves a use-after-free in the Linux kernel’s virtio-blk path. The issue arises because hctx->user_data is assigned to vq in virtblk_init_hctx(), but vq is freed during suspend and reallocated on resume, making hctx->user_data invalid after resume and capable of causing a k...

CVE-2022-50170

CVE-2022-50170 concerns a memory-leak in the Linux kernel KunIt testing framework (kunit). Specifically, when allocation for 'filtered' fails during kunit_filter_tests, the copied suite could be leaked. The fix ensures 'copy' is freed in the error path for allocation of 'filtered'. Note that a si...

CVE-2022-50217

CVE-2022-50217 affects the Linux kernel’s fuse_release path. A race between write(2) and close(2) can cause pages to be dirtied after fuse_flush → write_inode_now(), potentially leaving writable pages unflushed and risking file state on release. The description across connected sources indicates ...

CVE-2022-50244

CVE-2022-50244 affects the Linux kernel code path in cxl_pci_init_afu|adapter() where a failed device_register() leaves a not-added device and leads to a potential null pointer dereference if device_unregister() is called in the error path. The fix splits unregister logic into device_del() and pu...

CVE-2022-50248

CVE-2022-50248 is a Linux kernel vulnerability affecting the iwlwifi/iwl mvm TX path where a double-free of skb can occur. The issue arises when iwl_mvm_tx_skb_sta returns non-zero and the skb is freed, but a TSO skb buffer may also be freed in an error path; the fix is to return 0 in that error ...

CVE-2022-50262

CVE-2022-50262 concerns the Linux kernel NTFS handling in the ntfs3 file system. Technical details in the connected documents show that when the NTFS BOOT record_size is negative (treated as a shift value), there is no validation of the resulting shift. This allows an invalid size to propagate in...

CVE-2022-50298

CVE-2022-50298 refers to a Linux kernel issue in the slimbus: qcom-ngd driver where probe error handling failed to clean up resources, leading to a warning path and potential resource leakage. The fix adds proper cleanup in probe() to unwind resources acquired during probe, as documented in the i...

CVE-2022-50313

Summary: CVE-2022-50313 affects the Linux kernel (EROF S subsystem). The root cause is that the i_size field is signed; crafted negative i_size can be interpreted as a fast symlink, triggering an order = MAX_ORDER warning. The fix changes the handling to fall back to the generic path for such unu...

CVE-2022-50322

CVE-2022-50322 affects the Linux kernel RTC driver (msc313) where a function prototype mismatch in msc313_rtc_probe() was exposed under Clang with kCFI (CONFIG_CFI_CLANG). The indirect call validation failed when clk_disable_unprepare() did not match devm_add_action_or_reset() callback prototypes...

CVE-2022-50325

CVE-2022-50325 (Linux kernel) is detailed in connected documents as an ASoC: Intel avs issue, where firmware may return an invalid RX size for LARGE_CONFIG_GET, causing memcpy_fromio() to copy too many bytes. Root cause: RX size handling overflow in the RX buffer due to missing bounds check. Miti...

CVE-2022-50335

CVE-2022-50335 concerns the Linux kernel 9p client path where a new request’s refcount could remain uninitialized when allocated from slab and then added to idr, risking use-after-free/bad request data. The connected sources describe the root cause and a proposed fix: initialize the request’s ref...

CVE-2022-50368

CVE-2022-50368 affects the Linux kernel component drm/msm/dsi. The issue is memory corruption that occurs if there are more than eight bridges, due to a missing sanity check on the bridge counter which can cause writes beyond the fixed-size bridge array. The vulnerability was fixed by adding the ...

CVE-2022-50374

CVE-2022-50374 affects the Linux kernel Bluetooth stack (hci_ldisc/hci_serdev). The issue is a missing handling of percpu_init_rwsem() failure, leading to a NULL pointer dereference in hci_uart_tty_close() because rcu_sync_enter() can be called without rcu_sync_init() after hci_uart_tty_open() ig...

CVE-2022-50376

CVE-2022-50376 is a Linux kernel security issue describing a memory leak in the orangefs driver (orangefs_kernel/orangefs_client_debug_init) when loading/unloading the module. The root cause is a kmemleak-related allocation path that leaks memory on module insert/remove. The fix uses a global buf...

CVE-2022-50382

CVE-2022-50382 refers to a Linux kernel fix for a deadlock involving padata parallelization when BHs are enabled during the serial path. The issue occurs in padata_do_serial where a spin_lock on reorder->lock could be taken with BHs still on, enabling a deadlock on overload. The fix ensures BH...

CVE-2022-50386

CVE-2022-50386 is a Linux kernel Bluetooth L2CAP use‑after‑free vulnerability. The fix adds a guard by calling l2cap_chan_hold_unless_zero() after __l2cap_get_chan_blah() to prevent a use‑after‑free in l2cap_chan_destroy. Affected: Linux kernel Bluetooth L2CAP path; impact per sources is high (CV...

CVE-2022-50387

The CVE-2022-50387 entry concerns a Linux kernel net: hinic issue where CMDQ memory leaks occur if hinic_set_cmdq_depth() fails during hinic_init_cmdqs(); the kernel patch fixes memory not being released. Affected component is the hinic CMDQ initialization path; remediation is the applied fix in ...

CVE-2022-50390

The CVE-2022-50390 issue is in the Linux kernel DRM TTM code. It fixes an undefined behavior when shifting a signed 32-bit value by 31 bits in TTM_TT_FLAG_PRIV_POPULATED, by changing the operation to unsigned to avoid UBSAN/shift-out-of-bounds warnings observed during framebuffer/VM operations. T...

CVE-2022-50391

CVE-2022-50391 concerns the Linux kernel memory management path mm/mempolicy, where set_mempolicy_home_node could leak memory. The root cause is that when scanning VMA ranges, if a policy differs from MPOL_BIND or MPOL_PREFERRED_MANY, the allocated policy via mpol_dup() was not released with mpol...

CVE-2022-50398

The CVE-2022-50398 entry affects the Linux kernel DRM MSM display path (drm/msm/dp). A race in commit_tail/drm_release could allow an extra frame to be pushed downstream when the display interface is down, causing dp_bridge_disable() to access the main link register with clocks disabled and trigg...

CVE-2022-50410

CVE-2022-50410 is a Linux kernel vulnerability in NFSD/NFSv2 READ where a large RPC Call can cause the send buffer to shrink, enabling a client to trigger a buffer overflow on TCP. The entry notes a local-attack potential with high impact (CVSS v3.1: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, base scor...

CVE-2022-50413

CVE-2022-50413 describes a Linux kernel issue in wifi/mac80211 where the assoc_data is freed and another copy of the AP (MLD) address must be used. The vulnerability is described in multiple sources as resolved, with the core problem being a use-after-free in mac80211 that can impact confidential...

CVE-2023-53149

CVE-2023-53149 concerns the Linux kernel ext4 filesystem. The issue arises from a filesystem-wide lock protecting ext4_writepages() that can deadlock during fs reclaim initiated by page writeback, due to a recursion scenario where ext4_writepages() attempts to acquire sbi->s_writepages_rwsem w...

CVE-2023-53150

CVE-2023-53150 is a Linux kernel issue reported as resolved, affecting the kernel’s SCSI qla2xxx path. The vulnerability arises when a NULL pointer rport may be dereferenced in fc_bsg_to_rport(); the fix adds a validation step to ensure rport is non-NULL before dereferencing. EulerOS security adv...

CVE-2023-53173

In CVE-2023-53173, the Linux kernel tty pcn_uart driver had a memory leak when using debugfs_lookup() because the returned object wasn’t always released with dput(). The recommended fix is to call debugfs_lookup_and_remove() to perform the lookup and cleanup in one step, mitigating the leak.

CVE-2023-53187

CVE-2023-53187 pertains to the Linux kernel’s btrfs code. The vulnerability arises when a task creates a new block group that later becomes unused during the creation window. In btrfs_create_pending_block_groups(), if btrfs_mark_bg_unused() runs and moves the group out of the ‘new’ list into ‘unu...

CVE-2023-53196

CVE-2023-53196 affects the Linux kernel USB subsystem (dwc3 on Qualcomm platforms). The issue was a memory leak in dwc3_qcom_probe(), where allocated memory for the resource structure pointed to by parent_res was not freed. The fix replaces that dynamic allocation with stack-allocated memory to p...

CVE-2023-53222

CVE-2023-53222 pertains to the Linux kernel, specifically the JFS filesystem code (jfs_dmap). The issue is a mounting-time validation flaw in db_l2nbperpage: BLKTODMAP uses db_l2nbperpage to shift, and an unchecked large value can trigger a shift-out-of-bounds crash. The root cause is that db_l2n...

CVE-2023-53223

The CVE-2023-53223 issue affects the Linux kernel component drm/msm/dsi where alloc_ordered_workqueue may return NULL. The vulnerability arises from a missing check of the return value, potentially leading to a NULL pointer dereference. A patch addressing this check has been published (Patchwork:...

CVE-2023-53264

Technical details beyond the initial description are not provided in the connected documents; monitor for updates.

CVE-2023-53275

CVE-2023-53275: In Linux kernel ALSA HDA code, a data race around snd_hdac_regmap_sync() can lead to a null-pointer dereference of codec->regmap if it is NULL after an if check. The root cause is accessing codec->regmap without holding the regmap_lock, which could race with regcache_sync() ...

CVE-2023-53296

CVE-2023-53296 affects the Linux kernel SCTP stack. The issue arises when a client’s out-stream count is temporarily higher than the server’s, allowing a thread waiting for sndbuf to send a message on a stream that may no longer exist after INIT_ACK processing, potentially triggering a crash. The...

CVE-2023-53326

CVE-2023-53326 affects the PowerPC Linux kernel. It stems from PF_KTHREAD/PF_IO_WORKER tasks with a NULL pt_regs, causing a NULL pointer dereference during core dump (kernel crash). The fix adds pt_regs validity checks in ppc_get/ppr_set and returns -EINVAL if pt_regs are not set. Remediation is ...

CVE-2023-53349

CVE-2023-53349 concerns the Linux kernel media driver ov2740. The vulnerability stems from a memleak in ov2740_init_controls() where resources allocated in the failure path are not fully freed, causing a kmemleak when testing media/i2c/ov2740.c with a BPF mock device. The advisory notes an unrefe...

CVE-2023-53353

The CVE concerns the Linux kernel in accel/habanalabs where the memory manager IDR destruction is postponed from the memory manager fini to hpriv_release(). The issue arises because destroying the IDR while a user context may still hold memory buffers could cause release calls to fail later, crea...

CVE-2023-53365

CVE-2023-53365 is documented across multiple advisories as a Linux kernel vulnerability affecting IPv6 multicast report handling. The issue arises in the ip6mr_cache_report path, where skb_push may move data backwards by a signed length (skb_network_offset(pkt) equals 4), leading to an invalid sk...

CVE-2023-53366

CVE-2023-53366 (Linux kernel)修正了在轮询时未正确检查 bio->bi_bdev 是否为 NULL 的漏洞，根本原因是在两任务共用轮询队列时，任务 B 可能在任务 A 仍在轮询时将 IO 重新分配给 bio，导致崩溃（kernel oops）。影响点在块层的 bio_poll/io_do_iopoll/io_uring_enter 路径，已通过内核修复在对 NULL bdev 的检查中加强保护。CVSSv3.1 向量为 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H，基线分数 5.5（中等），局部可利用且无需用户交互，影响的为可用...

CVE-2023-53402

CVE-2023-53402 affects the Linux kernel, specifically the printk debugfs path. The root cause is a memory leak in kernel/printk/index.c when using debugfs_lookup() without a matching dput(). The documented fix replaces the sequence with debugfs_lookup_and_remove(), handling the logic and preventi...

CVE-2023-53405

CVE-2023-53405 concerns the Linux kernel USB gadget gr_udc: a memory leak that occurs when debugfs_lookup() is used without proper cleanup. The vulnerability arises because the result of debugfs_lookup() must be released with dput(), else memory leaks accumulate over time. The fixed approach in t...

CVE-2023-53424

Technical details for CVE-2023-53424 are not publicly provided in the connected documents; only the fix note (mediatk clk memory leak) is echoed. Monitor upstream advisories for specifics on affected products, versions, and remediation.

CVE-2023-53430

CVE-2023-53430 affects the Linux kernel with the mt76 Wi‑Fi driver. The issue is a memory leak in the DMA cleanup path (mt76_dma_tx_cleanup) that could impact system availability. The vulnerability is resolved by fixing the device unregister memory leak and ensuring all configured RX queues are c...

CVE-2023-53435

CVE-2023-53435 affects the Linux kernel, addressing a memory leak in the error handling path of cas_init_one(). The vuln is tied to cas_saturn_firmware_init(), which allocates memory with vmalloc() that is freed in the .remove() path but not in error handling. The patch adds a missing vfree() to ...

CVE-2023-53444

CVE-2023-53444 — Linux kernel / drm/ttm bulk_move bug The vulnerability arises in the TTM bulk_move path: when the resource is the first entry in a bulk_move range, re-adding it moves it to the tail but does not move the first pointer, corrupting the list and potentially leading to a null pointer...

CVE-2023-53445

CVE-2023-53445 corresponds to a Linux kernel fix for a refcount bug in the qrtr_recvmsg() path, implicated in a use-after-free scenario during concurrent qrtr_recvmsg() and qrtr_endpoint_unregister() operations. The issue involves refcount_t handling and kref/qrtr node references in net/qrtr/af_q...

CVE-2023-53446

CVE-2023-53446 is a Linux kernel issue affecting PCI/ASPM handling for multi-function devices (MFD). The root cause is a use-after-free: pcie_link_state->downstream pointed to the function’s pci_dev and was not cleared when function 0 was removed, leading to dereference during ASPM policy chan...

CVE-2023-53612

CVE-2023-53612 affects the Linux kernel hwmon subsystem, specifically the coretemp platform driver. The vulnerability arises from unconventional platform-device handling where work is done globally by initcalls and CPU hotplugnotifiers, while the driver mainly wraps allocation and hwmon interface...

CVE-2025-38271

CVE-2025-38271 affects the Linux kernel where a NULL dereference could occur in rtnl_create_link() when dev->netdev_ops is NULL. The fix removes usage of netdev_lock_ops() and replaces dev_set_group() with netif_set_group() to avoid the dereference during rtnl_create_link() execution. The issu...

CVE-2025-38378

CVE-2025-38378 affects the Linux kernel HID path for appletb-kbd. The defect is a slab use-after-free caused when a timer (kbd->inactivity_timer) is armed after probe failure and later expires, accessing memory (kbd) that has been freed. Root cause: failure paths do not disarm the timer. Fixes...

CVE-2025-38522

CVE-2025-38522 fixes a Linux kernel issue in sched/ext where update_locked_rq() could be called with a NULL runqueue (rq). The patch ensures update_locked_rq() is invoked only when rq is non-NULL, preventing unsafe __this_cpu_write() usage in preemptible contexts. The vulnerability description no...

CVE-2025-38570

CVE-2025-38570 is described in the initial document as a Linux kernel issue in the fbnic AF_XDP path, where a UaF occurs in xsk_bind() due to NAPI handling: NAPI is freed and the NAPI pointer is not cleared from the queue after a device open failure. The report indicates a local attack vector wit...