CVE-2026-46046

The CVE reports a refcount leak in ext4_xattr_inode_dec_ref_all() due to not releasing iloc with brelse() after ext4_get_inode_loc(), fixed by commit c8e008b6. OSV entries show patches in Root:Ubuntu 22.04/24.04, Debian, Debian-based RootIO builds, and openSUSE kernel-devel 7.0.11-1.1 for GA medi...

CVE-2026-46052

The CVE-2026-46052 issue concerns the Linux kernel Ceph filesystem where a negative dentry that is already hashed can be re-added to the dcache, corrupting the d_hash bucket and leading to an RCU stall or system hang. The root cause is that d_add() can rehash and reinstate a dentry that is alread...

CVE-2026-46157

The CVE-2026-46157 entry concerns the ALSA PCM OSS subsystem in the Linux kernel, where runtime.oss.trigger could be accessed concurrently without protection, causing a data race on a bit field and risking corruption of adjacent fields. The issue is addressed by extending the existing params_lock...

CVE-2026-46197

The CVE-2026-46197 issue affects the Linux kernel DRM/AMDKFD component, where the nattr field validation for SVM ioctl was insufficient against the reported buffer size, enabling out-of-bounds access via a user-controlled attribute count. The root cause is input size validation failure in the SVM...

CVE-2026-46202

CVE-2026-46202 concerns the Linux kernel HID driver for the Apple Touch Bar (hid-appletb-kbd). The issue arises when inactivity autodim uses backlight_device_set_brightness() from two atomic contexts (a timer_list callback and input/event paths), causing a mutex lock from an atomic context bug an...

CVE-2026-46203

The CVE-2026-46203 issue affects the Linux kernel, specifically the spi: cadence-quadspi driver. The root cause is unclocked register access that can occur if the controller is not runtime-resumed before being disabled during driver unbind. The fix ensures the controller is runtime resumed prior ...

CVE-2026-46220

CVE-2026-46220 affects the Linux kernel’s drm/amdgpu sdma4 fence emission. The vulnerability stems from two BUG_ON(addr & 0x3) assertions in sdma_v4_0_ring_emit_fence(), which could be triggered by unprivileged userspace submissions via DRM_IOCTL_AMDGPU_CS, causing a kernel panic in a scheduler w...

CVE-2026-46227

CVE-2026-46227 describes a race in the Linux kernel SCTP SENDALL path. The sctp_sendmsg() loop over ep->asocs caches the next entry in @tmp, then calls sctp_sendmsg_to_asoc() after dropping the socket lock, allowing a second thread to peel off the cached association and migrate it to a new end...

CVE-2022-50242

CVE-2022-50242 pertains to the Linux kernel driver in the qlcnic SR-IOV path. The vulnerability arises in the function qlcnic_sriov_init() when allocating virtual ports (vp); if vp allocation fails, previously allocated vps are not freed, creating a potential memory leak. The connected advisories...

CVE-2022-50252

CVE-2022-50252 affects the Linux kernel igb driver. The issue arises when memory pressure triggers kzalloc() failure: q_vector is freed but not cleared from adapter->q_vector[v_idx], risking a use-after-free. The available connected advisories confirm the fix was implemented to ensure that q_v...

CVE-2022-50263

CVE-2022-50263 concerns the Linux kernel component vdpasim. The vulnerability stems from a memory leak when freeing IOTLBs: after the commit that added control virtqueue support, vdpasim->iommu became an array of IOTLBs, and mappings must be cleaned for each free IOTLB rather than deleting onl...

CVE-2022-50271

CVE-2022-50271 affects the Linux kernel’s vhost/vsock code. The issue arises when copying large files over SFTP over vsock, where data sizes commonly reach 32 kB and kmalloc may allocate many 32 kB chunks, leading to a page allocation failure (example: vhost-5837). The root cause is an inefficien...

CVE-2022-50275

The CVE-2022-50275 issue affects the Linux kernel Radeon driver: the radeon_acpi_vfct_bios() path failed to call acpi_put_table() after ACPI BIOS parsing, causing an ACPI memory leak. The vulnerability is addressed by adding the missing acpi_put_table() call to release ACPI memory post-init, as d...

CVE-2022-50294

CVE-2022-50294 affects the Linux kernel’s libertas wifi driver (lbs_init_adapter). The root cause is a memory leak when kfifo_alloc() fails, where the cmd buffer is not freed, with remediation by adding memory free handling in the error path. The vulnerability yields a local attacker against a de...

CVE-2022-50296

CVE-2022-50296 affects the Linux kernel where cpu_max_bits_warn() would warn when CONFIG_CPUMASK_OFFSTACK and CONFIG_DEBUG_PER_CPU_MAPS are enabled while displaying /proc/cpuinfo. The root cause is using NR_CPUS to iterate CPUs instead of the runtime limit nr_cpu_ids, which leads to a runtime war...

CVE-2022-50302

CVE-2022-50302: Linux kernel vulnerability where lockd/vfs_lock_file() assumes a fully initialised struct file_lock; if fl_file is NULL (notably with re-exported NFSv3), the caller may Oops. Affected: Linux kernel (details describe the unlocking path in lockd and vfs_lock_file). Impact per source...

CVE-2022-50310

Summary: CVE-2022-50310 affects the Linux kernel and describes a use-after-free (UAF) in ip6mr_sk_done() when addrconf_init_net() fails during net initialization. The vulnerability arises because devconf_all is freed during addrconf_init_net() failure, but ip6mr_sk_done() later accesses devconf-&...

CVE-2022-50312

CVE-2022-50312 affects the Linux kernel driver for serial jsm: leaks in probe due to incomplete unwind in error paths. The advisory notes that the error path must unwind instead of returning directly, and a fix was applied in the kernel source (commit referenced in the CVE description). Impact is...

CVE-2022-50319

CVE-2022-50319 affects the Linux kernel’s coresight/trbe path. The vulnerability stems from cpuhp_state_add_instance() and cpuhp_state_remove_instance() not being used in proper pairs, which can trigger a warning in cpuhp_remove_multi_state() due to a non-empty cpuhp_step list, potentially leavin...

CVE-2022-50333

CVE-2022-50333 concerns the Linux kernel: fs/jfs contains a shift-out-of-bounds bug in dbDiscardAG, addressed by guarding the dbMount to mitigate URSAN-generated issues. The connected Nessus/SUSE advisories reproduce the same description and confirm a kernel-level fix, without detailing affected ...

CVE-2022-50336

CVE-2022-50336 – Linux kernel (fs/ntfs3) Root cause: a missing null pointer check in attr_load_runs_vcn when parsing certain NTFS metadata before MFT could permit a kernel NULL pointer dereference on malformed images. Impact: kernel crash/free crash (NPD) resulting from NULL dereference in ntfs-r...

CVE-2022-50340

CVE-2022-50340 affects the vimc hardware-media driver in the Linux kernel. The issue arises in vimc_init(): if platform_driver_register(&vimc_pdrv) fails, the code incorrectly calls platform_driver_unregister(&vimc_pdrv) instead of platform_device_unregister(&vimc_pdev), causing a kernel warning ...

CVE-2022-50341

CVE-2022-50341 is a Linux kernel CIFS vulnerability where an oops could occur during encryption due to writing into a vmalloc-backed stack buffer in scatterwalk_copychunks. The issue was fixed by adjusting how buffers are mapped and used during SMB3 encryption (cifs_sg_set_buf and crypt_message f...

CVE-2022-50344

CVE-2022-50344 - Linux kernel ext4 null-ptr-deref Affects: Linux kernel ext4 subsystem (ext4_write_info) in quota handling during umount/shutdown paths. Root cause: A null pointer dereference can occur in ext4_write_info when the superblock root inode is no longer valid during unmount, leading to...

CVE-2022-50348

CVE-2022-50348 affects the Linux kernel’s NFS server (nfsd). The vulnerability is a memory leak in an error-path: if memdup_user() fails, memory allocated earlier is not freed, causing a leak. The connected sources confirm the issue and state that it has been resolved in the kernel, but do not pr...

CVE-2022-50352

CVE-2022-50352 affects the Linux kernel’s net/hns driver (hnae_ae_register). If device_register() fails during probing and the kobject refcount isn’t decremented to 0, the name allocated in dev_set_name() is leaked. The fix calls put_device() so the name can be freed in kobject_cleanup(). The con...

CVE-2022-50354

The CVE-2022-50354 issue concerns the Linux kernel’s drm/amdkfd component (kfd_process_device_init_vm error handling). The provided description states that the fix involved destroying ib_mem only and letting the process cleanup worker free outstanding BOs, and resetting pdd->qpd to prevent a N...

CVE-2022-50371

CVE-2022-50371 concerns the Linux kernel, specifically the qcom-lpg LED driver. The issue arises because lpg_brighness_set() could sleep while the brightness_set() callback for the LED must be non-blocking, leading to sleeping in atomic context (as shown by the stack trace and in_atomic/irq state...

CVE-2022-50396

CVE-2022-50396 affects the Linux kernel’s net/sched tcindex code. The root cause is in tcindex_change when old_r is taken from p->perfect: the code allocates a new filter result via tcindex_alloc_perfect_hash() and then calls tcindex_filter_result_init() to clear the old result without destroy...

CVE-2022-50402

CVE-2022-50402 concerns Linux kernel’s md-bitmap code. The vulnerability arises from not validating the return value of md_bitmap_get_counter(), which can lead to a NULL pointer dereference. The issue was resolved by updating the code to check the return value and guard against NULL dereferences;...

CVE-2022-50409

CVE-2022-50409 is a Linux kernel vulnerability affecting networking code. The issue occurs when a socket is dead but code paths access the socket’s wait queue (sk_wq) during sk_stream_wait_memory, which can lead to a NULL dereference or use-after-free scenario when the socket is released while me...

CVE-2022-50419

CVE-2022-50419 concerns the Linux kernel Bluetooth subsystem, specifically the hci_sysfs path. The public description states that the issue arises from attempting to call device_add multiple times for a single device structure, violating documented expectations that device_add() (and device_regis...

CVE-2022-50537

CVE-2022-50537 affects the Linux kernel through a memory-leak in the Raspberry Pi firmware path. The flaw occurs in rpi_firmware_probe(): when mbox_request_channel() fails, the allocated fw was not freed, leading to a leak. The fix, as described in the vulnerability notes, frees the fw via kfree(...

CVE-2023-53169

CVE-2023-53169 concerns the Linux kernel resctrl path (x86/resctrl) where the rdt_domain’s staged_config[] was not cleared before/after use, allowing stale values to cause an MSR access error (WRMSR to 0xca0) when creating resource groups under CDP. The report describes resctrl_arch_update_domain...

CVE-2023-53171

CVE-2023-53171 affects the Linux kernel’s vfio/type1 path. The issue occurs when a vfio container is preserved across execs: the task’s mm can change to a new mm with locked_vm=0, causing undercounted DMA mappings and a later unmap to underflow locked_vm, leading to ENOMEM on a subsequent dma map...

CVE-2023-53191

The CVE-2023-53191 vulnerability affects the Linux kernel code path irqchip/alpine-msi in alpine_msix_init_domains. The root cause is a refcount leak caused by not calling of_node_put() on the node returned by of_irq_find_parent() after it is no longer needed. A fix adds the missing of_node_put()...

CVE-2023-53203

CVE-2023-53203 concerns the Linux kernel MT7996/MT76 WiFi driver. A NULL pointer dereference in mt7996_mac_write_txwi() of the vif pointer is mitigated by exporting and reusing the mt76_connac2_mac_tx_rate_val utility, applied in the mt7996 driver. The fix is kernel-side (export utility and integ...

CVE-2023-53204

CVE-2023-53204 affects the Linux kernel af_unix subsystem. The root cause is a data race on the unix_inflight field: user->unix_inflight is modified under spin_lock(unix_gc_lock), while too_many_unix_fds() reads it locklessly, enabling a race between unix_attach_fds and the unix_inflight acces...

CVE-2023-53208

CVE-2023-53208 : Linux kernel KVM nested virtualization flaw where L1’s TSC multiplier is loaded based on L1 state instead of L2, causing a mismatch that userspace can trigger via MSR writes and guest CPUID changes. The fix ensures L1’s multiplier is loaded when exiting nested VM, preventing the ...

CVE-2023-53219

CVE-2023-53219 affects the Linux kernel media: netup_unidvb code, where detaching a Universal DVB card could lead to a use-after-free because del_timer() could not stop an active timer in netup_unidvb_dma_timeout() while the timer runs. The fix replaces del_timer() with del_timer_sync() to ensure...

CVE-2023-53220

CVE-2023-53220 affects the Linux kernel, specifically the media/az6007 driver. The vulnerability arises in az6007_i2c_xfer where user-controlled msg[i].buf could be dereferenced if msg[i].buf is null and msg[i].len is zero, bypassing previous checks and potentially crashing. The root cause is mis...

CVE-2023-53231

The CVE-2023-53231 entry concerns the Linux kernel erofs subsystem. The vulnerability stems from incorrect detection of atomic context when z_erofs_decompressqueue_endio can be invoked under an RCU/lock context (e.g., from blk_mq_flush_plug_list). The patch updates the context check to rcu_read_l...

CVE-2023-53262

Mode C: Affected software/issue details: CVE-2023-53262 concerns the Linux kernel with f2fs: fix scheduling while atomic in decompression path. The connected sources describe a root cause in the decompression path related to scheduling during atomic operations, evidenced by a long call trace endi...

CVE-2023-53280

CVE-2023-53280 affects the Linux kernel’s scsi/qla2xxx path. The issue stems from removing the unused nvme_ls_waitq wait queue, which could lead to a NULL pointer dereference when qla2x00_start_sp returns an error and wake_up is invoked for an uninitialized sp->nvme_ls_waitq. The connected adv...

CVE-2023-53303

CVE-2023-53303 affects the Linux kernel in the net: microchip: vcap API. The vulnerability is a memory leak in vcap_dup_rule() when kmemdup() fails after kzalloc() succeeds under CONFIG_VCAP_KUNIT_TEST. The leak can leave allocated resources (duprule, ckf, caf) unreleased, as shown by the unrefer...

CVE-2023-53304

CVE-2023-53304 concerns the Linux kernel netfilter nft_set_rbtree code. The advisory describes three concrete issues resolved by patching: 1) a lazy garbage-collection on insert that may fail to release the other half of an interval, impacting interval timing expiration walks; 2) incorrect use of...

CVE-2023-53322

CVE-2023-53322 in the Linux kernel affects the scsi qla2xxx driver. The issue arises when terminate_rport_io does not wait for all IOs to return, risking a use-after-free and potential resource leakage leading to a system crash. The connected advisories (EulerOS/RHEL) list this CVE among kernel f...

CVE-2023-53323

CVE-2023-53323 affects the Linux kernel ext2 with DAX on pmem: ext2/dax: Fix ext2_setsize when len is page aligned. The bug arises when PAGE_ALIGN(x) returns x for already-aligned x, causing dax_zero_range() to pass length 0 to iomap_begin(), which makes ext2_get_blocks() see max_blocks = 0 and t...

CVE-2023-53325

Technical details for CVE-2023-53325 are not provided in the supplied documents. Monitor for updates in connected sources.

CVE-2023-53353

The CVE concerns the Linux kernel in accel/habanalabs where the memory manager IDR destruction is postponed from the memory manager fini to hpriv_release(). The issue arises because destroying the IDR while a user context may still hold memory buffers could cause release calls to fail later, crea...