14330 matches found
CVE-2026-46332
The CVE-2026-46332 issue affects the Linux kernel Greybus subsystem (gb-beagleplay) where cc1352_bootloader_rx() appends serdev data into a fixed rx_buffer without validating the chunk size against remaining space. This can allow an overflow when multiple packets arrive in one callback, leading t...
CVE-2026-52905
CVE-2026-52905 (Linux kernel) involves the DAMON subsystem where the min_region_sz value was not guaranteed to be a power of two, potentially allowing unaligned DAMON region address ranges via damon_start(). The issue originated from code in mm/damon/core and was partially addressed previously, b...
CVE-2026-53175
The CVE-2026-53175 entries describe a use-after-free in the Linux kernel’s fragment reassembly during netns teardown. Root cause: fqdir_pre_exit() flushes fragment queues but may leave freed skbs referenced by fragment queue state (fragments_tail/last_run_head) before INET_FRAG_COMPLETE is set, a...
CVE-2022-50056
CVE-2022-50056 concerns the Linux kernel’s ntfs3 code: ntfs_read_mft can dereference a NULL i_op for records in $Extend, caused by i_op not being initialized. The vulnerability affects the Linux kernel (fs/ntfs3) and has been resolved by patches referenced in the connected documents (e.g., kernel...
CVE-2022-50082
CVE-2022-50082 affects the Linux kernel ext4 subsystem. The issue arises in ext4_iomap_begin due to a race between bmap and write, which can trigger a WARN_ON_ONCE path during file writes, evidenced by a kernel warning trace through iomap_apply → iomap_bmap → ext4_bmap → bmap. The consequence is ...
CVE-2022-50195
The CVE-2022-50195 entry concerns the Linux kernel (ARM) where the device tree for Qualcomm clocks declared a fixed-clock pxo_board, replacing the gcc PXO phandle. The gcc driver does not provide PXO_SRC because it’s a fixed clock, which could lead to a kernel panic if a driver tries to use it. T...
CVE-2022-50262
CVE-2022-50262 concerns the Linux kernel NTFS handling in the ntfs3 file system. Technical details in the connected documents show that when the NTFS BOOT record_size is negative (treated as a shift value), there is no validation of the resulting shift. This allows an invalid size to propagate in...
CVE-2022-50381
CVE-2022-50381 targets the Linux kernel mempool_free crash observed during mdend/mempool usage in environments such as EulerOS and Unity Linux. The root cause is a race between wake-up of pending_writes and the subsequent free of bios (bio) in mempool_free, where bio_put could race with other act...
CVE-2022-50390
The CVE-2022-50390 issue is in the Linux kernel DRM TTM code. It fixes an undefined behavior when shifting a signed 32-bit value by 31 bits in TTM_TT_FLAG_PRIV_POPULATED, by changing the operation to unsigned to avoid UBSAN/shift-out-of-bounds warnings observed during framebuffer/VM operations. T...
CVE-2022-50411
CVE-2022-50411 concerns the Linux kernel. A use-after-free vulnerability occurs in the ACPI sub-system: after a failed invocation of acpi_ds_call_control_method(), the thread’s next_walk_state is freed but not popped, causing acpi_ps_parse_aml() to obtain an invalid current walk state. The fix ma...
CVE-2022-50413
CVE-2022-50413 describes a Linux kernel issue in wifi/mac80211 where the assoc_data is freed and another copy of the AP (MLD) address must be used. The vulnerability is described in multiple sources as resolved, with the core problem being a use-after-free in mac80211 that can impact confidential...
CVE-2022-50416
CVE-2022-50416 concerns the Linux kernel’s irqchip/wpcm450 module. The vulnerability is a memory leak in wpcm450_aic_of_init(): if of_iomap() fails, the allocated memory for 'aic' must be freed before return. The issue is resolved in the provided documents; the root cause is the missing free path...
CVE-2023-53187
CVE-2023-53187 pertains to the Linux kernel’s btrfs code. The vulnerability arises when a task creates a new block group that later becomes unused during the creation window. In btrfs_create_pending_block_groups(), if btrfs_mark_bg_unused() runs and moves the group out of the ‘new’ list into ‘unu...
CVE-2023-53198
CVE-2023-53198 affects the Linux kernel raw socket handling (net/ipv4/raw.c). The vulnerability is a NULL dereference in raw_get_next(), triggered by races where a socket in one netns is freed while another thread iterates SOCK_RAW sockets. The root cause involves using RCU-based iteration with h...
CVE-2023-53208
CVE-2023-53208 : Linux kernel KVM nested virtualization flaw where L1’s TSC multiplier is loaded based on L1 state instead of L2, causing a mismatch that userspace can trigger via MSR writes and guest CPUID changes. The fix ensures L1’s multiplier is loaded when exiting nested VM, preventing the ...
CVE-2023-53209
CVE-2023-53209 : In the Linux kernel, the wifi mac80211_hwsim subsystem could dereference a NULL sta pointer in mac80211_hwsim_select_tx_link(), leading to a NULL pointer dereference. The vulnerability is fixed by explicitly checking that the sta pointer is not NULL before use. Affected component...
CVE-2023-53213
The CVE-2023-53213 issue affects the Linux kernel brcmfmac driver, causing a slab-out-of-bounds read in kmemdup called from brcmf_get_assoc_ies when assoc_info->req_len (from a USB URB) exceeds WL_EXTRA_BUF_MAX. The advisory states this was fixed by adding a size check for req_len/resp_len in ...
CVE-2023-53223
The CVE-2023-53223 issue affects the Linux kernel component drm/msm/dsi where alloc_ordered_workqueue may return NULL. The vulnerability arises from a missing check of the return value, potentially leading to a NULL pointer dereference. A patch addressing this check has been published (Patchwork:...
CVE-2023-53225
The connected details describe CVE-2023-53225 as a Linux kernel issue in the SPI IMX driver where the remove path could skip cleanup of DMA resources on error. The root cause is returning early from a platform driver’s remove callback, leading to a permanent resource leak because DMA resources ma...
CVE-2023-53235
CVE-2023-53235: In the Linux kernel, a use-after-free can occur in drm_dev_put() during device-managed cleanup when a driver is freed after kunit-managed resources. The root cause is dereferencing a driver that has become freed due to mismatched resource lifetimes (driver allocated as kunit-manag...
CVE-2023-53262
Mode C: Affected software/issue details: CVE-2023-53262 concerns the Linux kernel with f2fs: fix scheduling while atomic in decompression path. The connected sources describe a root cause in the decompression path related to scheduling during atomic operations, evidenced by a long call trace endi...
CVE-2023-53268
The CVE-2023-53268 entry concerns the Linux kernel ASoC: fsl_mqs component. A use-after-success reference leak occurred due to of_node_put() not being invoked at the correct point after mqs_priv->regmap = syscon_node_to_regmap(gpr_np). The fix moves of_node_put() to the proper location and con...
CVE-2023-53270
Technical details about CVE-2023-53270 are not publicly provided in the supplied documents. Monitor upstream advisories and vendor notices for updates.
CVE-2023-53281
Technical details for CVE-2023-53281 (affected product, root cause, impact, or mitigation) are not provided in the connected documents. Monitor for updates from vendors or advisories.
CVE-2023-53334
CVE-2023-53334 affects the Linux kernel USB: chipidea subsystem. The issue was a memory leak that occurred when using debugfs_lookup(); the returned object must be paired with dput(), otherwise memory leaks over time. The fix simplifies handling by using debugfs_lookup_and_remove(), which perform...
CVE-2023-53335
CVE-2023-53335 is a Linux kernel vulnerability in the RDMA/cxgb4 path. The issue is a potential NULL pointer dereference in pass_establish() when get_ep_from_tid() fails to yield a non-NULL ep, leading to dereference of ep. A patch introduced a sanity check to prevent this NULL dereference. The d...
CVE-2023-53357
CVE-2023-53357 affects the Linux kernel md/raid10 code. The slab-out-of-bounds occurs in md_bitmap_get_counter when a large value is written to md/bitmap_set_bits, causing -EINVAL if page >= bitmap->pages and the result isn’t checked promptly. The fix moves the page-boundary check into md_b...
CVE-2023-53382
CVE-2023-53382 affects net/smc in the Linux kernel. The issue occurs during the CLC handshake when the server first tries SMCRv2 and then SMCRv1; if SMCRv2 buffer/RMB setup fails and the code then proceeds to SMCRv1, the connection structure can retain an incorrect link (conn->lnk) while lgr i...
CVE-2023-53396
The CVE-2023-53396 issue affects the Linux kernel ubifs: memory leak in do_rename when renaming a file in an encrypted directory. The leak stems from fscrypt_setup_filename allocating memory for the file name, which is never used and is not freed before returning. kmemleak shows the unreferenced ...
CVE-2023-53415
CVE-2023-53415 concerns the Linux kernel USB-DWC3 subsystem. The vulnerability arises from not freeing memory obtained via debugfs_lookup(): the returned object must be released with dput(), otherwise a memory leak occurs over time. The fixed approach consolidates the logic by using debugfs_looku...
CVE-2023-53418
The CVE-2023-53418 issue affects the Linux kernel USB gadget driver, specifically the lpc32xx_udc in the USB subsystem. The root cause was a memory leak when using debugfs_lookup() because the returned object was not paired with a dput(), leaving memory allocated over time. The provided fixes sim...
CVE-2023-53440
In CVE-2023-53440, the Linux kernel nilfs2 sysfs interface had lifetime timing issues that could lead to inode NULL pointer dereferences or use-after-free, and lockdep warnings. Specifically, nilfs_sysfs_create_device_group creates sysfs attributes for per-filesystem metadata (cpfile, sufile, dat...
CVE-2023-53445
CVE-2023-53445 corresponds to a Linux kernel fix for a refcount bug in the qrtr_recvmsg() path, implicated in a use-after-free scenario during concurrent qrtr_recvmsg() and qrtr_endpoint_unregister() operations. The issue involves refcount_t handling and kref/qrtr node references in net/qrtr/af_q...
CVE-2023-53555
CVE-2023-53555 relates to the Linux kernel (Damon/DAMON subsystem). The issue: in damos_new_filter(), the newly allocated filter object’s list field was not initialized, and the sysfs DAMON interface and DAMON_RECLAIM path did not reinitialize it after calling damos_new_filter(). This allowed acc...
CVE-2023-53634
CVE-2023-53634 (bpf, arm64 BTI) : Technical details across multiple feeds show a Linux kernel BTI-related flaw in BPF trampoline handling. When BPF_TRAMP_F_CALL_ORIG is set, trampolines jump back to the patched function via BLR. In BTI-enabled kernels, the instruction after the call site is typic...
CVE-2025-38171
CVE-2025-38171 concerns a Linux kernel issue in the power: supply: max77705 path. The vulnerability arises because create_singlethread_workqueue() can return NULL instead of an error pointer, with missing or inadequate cleanup on error paths during probe. The remediation implemented fixes the wor...
CVE-2025-38252
The CVE-2025-38252 entry concerns the Linux kernel (cxl/ras) where CPER handler device confusion could lead to crashes. The fix, as described across connected sources, is to validate that a PCIe endpoint is actually a cxl_memdev before relying on driver data formats and to relocate the lock to th...
CVE-2025-38366
Summary: CVE-2025-38366 pertains to the Linux kernel (LoongArch KVM) where the number of CPUs requested from user space could exceed the supported limit, risking an array pointer overflow. The fixed condition adds validation for the cpu number in the LoongArch KVM path, aligning the checked range...
CVE-2025-38398
The CVE-2025-38398 issue concerns the Linux kernel driver for spi-qpic-snand. The root cause is out-of-bounds memory access in BAM transactions due to allocating BAM memory for only a single codeword during probe; as a result, operations can exceed allocated space, causing memory corruption, NULL...
CVE-2025-38613
CVE-2025-38613 affects the Linux kernel (staging gpib). The issue is that a padding field in the gpib_board_info_ioctl struct was copied back to userspace uninitialized, risking leakage of stack data. The fix initializes the entire struct to zero before copying back to userspace. Affected compone...
CVE-2025-38657
CVE-2025-38657 affects the Linux kernel’s wifi/rtw89 MCC path. The vulnerability arises because the user-controlled link_id parsed via debugfs can exceed BITS_PER_LONG, causing shift wrapping and potentially an out-of-bounds access. The issue is mitigated by capping the value to IEEE80211_MLD_MAX...
CVE-2025-38688
CVE-2025-38688: In the Linux kernel’s iommufd code, ALIGN() overflow could occur while allocating IOVA ranges near ULONG_MAX, risking overlapping mappings or mapping against reserved ranges. The fix uses get_add_overflow() to guard ALIGN() and consolidates the checks under a single helper. Public...
CVE-2025-39699
CVE-2025-39699 affects the Linux kernel (iommu/riscv) with a fix to prevent NULL dereference in iova_to_phys. The issue arises because riscv_iommu_pte_fetch() may return NULL for unmapped/never-mapped IO virtual addresses, and riscv_iommu_iova_to_phys() did not handle NULL, leading to a potential...
CVE-2025-39731
CVE-2025-39731 concerns the Linux kernel, specifically the F2FS file system, where vm_unmap_ram() may be invoked from an invalid context. The connected documents confirm a patch that changes the in_task() check inside f2fs_read_end_io() to also verify that interrupts are disabled, ensuring pages ...
CVE-2025-39734
CVE-2025-39734 affects the Linux kernel component fs/ntfs3 in the NTFS file-system path. The issue stems from a revert of the inode_trylock versus inode_lock handling (commit 69505fe98f198ee813898cbcaf6770949636430b). The description notes that previously conditional lock acquisition was removed ...
CVE-2025-39738
CVE-2025-39738 affects the Linux kernel (btrfs) and is triggered during relocation of partially dropped subvolumes. The root cause is a missing orphan item for a subvolume, causing a delayed-ref transaction abort when relocating, with an offender inside a dropped subvolume. Upstream fixes exist (...
CVE-2025-39781
CVE-2025-39781 concerns the Linux kernel on the PA-RISC (parisc) architecture. The issue is described as the removal of a WARN_ON_ONCE() from flush_cache_vmap in the parisc code path, with observed warnings that could occasionally trigger. The available documents do not detail any exploit vectors...
CVE-2025-39790
CVE-2025-39790 : In the Linux kernel, the bus: mhi: host implementation could mis-handle completion events when a device points a TRE pointer ahead of the host’s ring read pointer, enabling a window where a stale TRE is read and its buffer freed twice. The published description documents that thi...
CVE-2025-39794
CVE-2025-39794 affects the Linux kernel on ARM Tegra platforms. The root cause is an incorrect use of memcpy when writing to IRAM, causing Kasan to crash due to boundary checks failing under normal memcpy. The vulnerability is local with a high impact on availability, and the description notes th...
CVE-2025-39811
In CVE-2025-39811, the Linux kernel fixes a local-denial of-service risk in the DRM subsystem (xe) by clearing the scratch_pt error pointer in xe_vm_free_scratch() to prevent dereferencing an error pointer during cleanup. Root cause: potential dereference of an error pointer on error cleanup. Aff...