14330 matches found
CVE-2023-53255
CVE-2023-53255 : Linux kernel vulnerability in firmware: stratix10-svc caused a potential resource leak in svc_create_memory_pool (invoked from stratix10_svc_drv_probe). The memremap() call was not paired with memunmap(), risking leakage. The fix switches to devm_memremap() to ensure proper resou...
CVE-2023-53257
CVE-2023-53257 is a Linux kernel vulnerability in wifi/mac80211: check S1G action frame size. The fix ensures the action frame exists before inspecting its code, addressing a potential improper memory handling in the frame processing path. The CVSS v3.1 base score is 7.8 (HIGH), with LOCAL attack...
CVE-2023-53264
Technical details beyond the initial description are not provided in the connected documents; monitor for updates.
CVE-2023-53275
CVE-2023-53275: In Linux kernel ALSA HDA code, a data race around snd_hdac_regmap_sync() can lead to a null-pointer dereference of codec->regmap if it is NULL after an if check. The root cause is accessing codec->regmap without holding the regmap_lock, which could race with regcache_sync() ...
CVE-2023-53279
CVE-2023-53279 concerns a Linux kernel issue in the misc: vmw_balloon path where calling debugfs_lookup() left the result undereferenced (no dput), causing a memory leak over time. The published fixes replace the single-lookup path with debugfs_lookup_and_remove(), which performs the necessary cl...
CVE-2023-53280
CVE-2023-53280 affects the Linux kernel’s scsi/qla2xxx path. The issue stems from removing the unused nvme_ls_waitq wait queue, which could lead to a NULL pointer dereference when qla2x00_start_sp returns an error and wake_up is invoked for an uninitialized sp->nvme_ls_waitq. The connected adv...
CVE-2023-53304
CVE-2023-53304 concerns the Linux kernel netfilter nft_set_rbtree code. The advisory describes three concrete issues resolved by patching: 1) a lazy garbage-collection on insert that may fail to release the other half of an interval, impacting interval timing expiration walks; 2) incorrect use of...
CVE-2023-53314
CVE-2023-53314 affects the Linux kernel fbdev/ep93xx-fb driver. The vulnerability stems from assigning the Linux device to struct fb_info.dev; register_framebuffer() already initializes this field, and drivers must not override it. The bug could cause a leak by incorrectly decreasing the hardware...
CVE-2023-53326
CVE-2023-53326 affects the PowerPC Linux kernel. It stems from PF_KTHREAD/PF_IO_WORKER tasks with a NULL pt_regs, causing a NULL pointer dereference during core dump (kernel crash). The fix adds pt_regs validity checks in ppc_get/ppr_set and returns -EINVAL if pt_regs are not set. Remediation is ...
CVE-2023-53332
CVE-2023-53332: In the Linux kernel, a missing NULL pointer check in ipi_send_verify() can allow NULL dereference in irq_data_get_affinity_mask() when ipi_send_{mask|single}() is called with an invalid interrupt number, causing a kernel oops. The fix adds the NULL pointer check in ipi_send_verify...
CVE-2023-53349
CVE-2023-53349 concerns the Linux kernel media driver ov2740. The vulnerability stems from a memleak in ov2740_init_controls() where resources allocated in the failure path are not fully freed, causing a kmemleak when testing media/i2c/ov2740.c with a BPF mock device. The advisory notes an unrefe...
CVE-2023-53362
CVE-2023-53362 : Linux kernel fix for bus: fsl-mc – do not assume all child devices are fsl-mc devices. The fix adds a device-type check when enumerating fsl-mc child devices to prevent a VFIO binding crash caused by a mis-created pseudo-device. Affected: Linux kernel (fsl-mc VFIO path); Root cau...
CVE-2023-53363
Conclusive details show CVE-2023-53363 is a Linux kernel PCI subsystem use-after-free in pci_bus_release_domain_nr() caused by the sequence in bus removal: pci_remove_root_bus()/pci_remove_bus frees the pci_bus struct, then pci_bus_release_domain_nr() dereferences it. Root cause: after Commit c14...
CVE-2023-53366
CVE-2023-53366 (Linux kernel)修正了在轮询时未正确检查 bio->bi_bdev 是否为 NULL 的漏洞,根本原因是在两任务共用轮询队列时,任务 B 可能在任务 A 仍在轮询时将 IO 重新分配给 bio,导致崩溃(kernel oops)。影响点在块层的 bio_poll/io_do_iopoll/io_uring_enter 路径,已通过内核修复在对 NULL bdev 的检查中加强保护。CVSSv3.1 向量为 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H,基线分数 5.5(中等),局部可利用且无需用户交互,影响的为可用...
CVE-2023-53368
CVE-2023-53368 – Linux kernel tracing race : A race between writing to the per-CPU tracing buffer and swapping the buffer via per_cpu/cpu0/snapshot can cause a false “committing” state in rb_end_commit(), leading to a WARN and potential commit inconsistencies. The issue manifests in the tracing r...
CVE-2023-53375
The CVE refers to a Linux kernel tracing issue: when a tracing instance is removed, the error logs from that instance were not freed, causing a memory leak reported by kmemleak. The problem statement and example trace are provided in the initial document, and connected advisories (EulerOS kernel ...
CVE-2023-53386
The CVE-2023-53386 entry corresponds to a Linux kernel Bluetooth vulnerability: a potential use-after-free when clear keys could lead to accessing k after kfree_rcu(). The description notes this is resolved in the Linux kernel with fixes similar to earlier use-after-free fixes (e.g., in hci_remov...
CVE-2023-53405
CVE-2023-53405 concerns the Linux kernel USB gadget gr_udc: a memory leak that occurs when debugfs_lookup() is used without proper cleanup. The vulnerability arises because the result of debugfs_lookup() must be released with dput(), else memory leaks accumulate over time. The fixed approach in t...
CVE-2023-53409
The CVE-2023-53409 issue concerns the Linux kernel: when using debugfs_lookup(), the returned object must be released with dput() to prevent a memory leak. The advisories state a fix by using debugfs_lookup_and_remove(), which handles the necessary logic in one step, mitigating the memory leak. A...
CVE-2023-53411
CVE-2023-53411 affects the Linux kernel. The issue is a memory leak when using debugfs_lookup(), because the returned object must be released with dput(). The documented fix is to use debugfs_lookup_and_remove() which handles the required cleanup in one step. Exploitation details are not provided...
CVE-2023-53422
Technical details about CVE-2023-53422 (affected product, root cause, impact, remediation) are not publicly provided in the supplied documents. The description mentions a memory-leak fix in wifi: iwlwifi: fw: debugfs, but contains no vendor/version/patch specifics. Monitor for updates.
CVE-2023-53433
CVE-2023-53433 affects the Linux kernel’s VLAN handling. The issue arises from the change to add a new helper, vlan_get_protocol_and_depth(), to fix callers that relied on skb->head for MAC header data. Before the fix, code paths used pskb_may_pull() instead of skb_header_pointer() in __vlan_g...
CVE-2023-53444
CVE-2023-53444 — Linux kernel / drm/ttm bulk_move bug The vulnerability arises in the TTM bulk_move path: when the resource is the first entry in a bulk_move range, re-adding it moves it to the tail but does not move the first pointer, corrupting the list and potentially leading to a null pointer...
CVE-2023-53527
CVE-2023-53527: In the Linux kernel Thunderbolt code, tb_handle_dp_bandwidth_request() leaks memory allocated in tb_queue_dp_bandwidth_request() if not freed after the request, with a fix that ensures memory is released. References point to kernel commits 596a5123cc... and 0752bb32ae... (no explo...
CVE-2023-53631
CVE-2023-53631 — In Linux kernel, platform/x86 dell-sysman reference leak: if kset_find_obj() finds a duplicate attribute, a reference to that attribute can be returned and may not be disposed, potentially leaking references. Patch note: use kobject_put() to dispose the duplicate attribute. Affec...
CVE-2025-38247
CVE-2025-38247 concerns the Linux kernel: a leak of user namespaces and possibly mnt_idmap in open_tree_attr(2) due to not releasing ->mnt_userns after a positive result from want_mount_setattr(). The root cause is that finish_mount_kattr() must release the namespace, and if do_mount_setattr()...
CVE-2025-38358
CVE-2025-38358 relates to a race in Linux kernel’s btrfs async reclaim path. The bug occurs when an ordered iput is delayed while BTRFS_FS_STATE_NO_DELAYED_IPUT is already set, triggering an assertion in btrfs_add_delayed_iput during close_ctree. The described scenario: async reclaim schedules wr...
CVE-2025-38504
Summary: CVE-2025-38504 relates to the Linux kernel, specifically the io_uring/zcrx component. The connected documents describe a code-level fix in the destruction path for page pools, where a misplaced warning could trigger during destruction and affect niovs handling. The root cause is that nio...
CVE-2025-38525
CVE-2025-38525 concerns the Linux kernel RXRPC path. The vulnerability arises when accepting an incoming RXRPC call: rxrpc_assess_MTU_size() traverses to the IP layer to determine MTU while interrupts are disabled, and the IP layer may call local_bh_enable(), which can trigger a warning if IRQs a...
CVE-2025-38594
CVE-2025-38594 pertains to the Linux kernel (iommu/vt-d) and fixes a use-after-free (UAF) in sva unbind with pending IOPFs. The root cause was a wrong removal of a device from the IOMMU IOPF queue when the last IOPF-capable domain detaches, occurring before intel_pasid_tear_down_entry() completed...
CVE-2025-38620
The CVE-2025-38620 vulnerability affects the Linux kernel’s zloop (zoned loop) device. It arises from a use-after-free in blk_mq_free_tag_set() during zloop removal: zloop_ctl_remove() frees zlo memory (via zloop_free_disk()) and then accesses zlo->tag_set, which now points to freed memory. Th...
CVE-2025-38628
CVE-2025-38628 affects the Linux kernel mlx5 vdpa path. The issue was a resource cleanup bug where cleanup paths could operate on uninitialized resources, triggering a splat when adding a vdpa device without a MAC address. The fixes ensure mlx5_vdpa_free() is the single entrypoint for removing vd...
CVE-2025-38649
In the Linux kernel fix for CVE-2025-38649 (arm64, qcom, qcs615), an infinite loop in Coresight tracing caused a stack overflow and system crash when only a source device was enabled. The root cause is a recursive invocation of coresight_find_activated_sysfs_sink while locating an active sink, le...
CVE-2025-38655
The CVE-2025-38655 issue in the Linux kernel affects pinctrl for canaan: k230 where the group parser retrieved the device-tree property "pinmux" without validating the of_get_property() return. The root cause is a missing NULL check, leading to a potential NULL pointer dereference if the property...
CVE-2025-38658
Summary (CVE-2025-38658) : In the Linux kernel nvmet PCIe target, a failure path in nvmet_req_init() could cause a command to be completed twice (one via __nvmet_req_complete() -> queue_response, and another via nvmet_pci_epf_exec_iod_work()), potentially sending two completions to the host an...
CVE-2025-38686
CVE-2025-38686 describes a Linux kernel local crash in userfaultfd’s UFFDIO_MOVE when encountering a migration PMD entry. The fix adds a missing check and delegates migration-entry handling to split_huge_pmd(), and removes an unnecessary folio check. Upstream commits (e.g., 7f1101a0a181243ad587ec...
CVE-2025-38726
CVE-2025-38726 affects the Linux kernel driver net ftgmac100. The issue arises in ftgmac100_phy_disconnect: after phy_disconnect(), netdev->phydev is reset to NULL, which could cause fixed_phy_unregister() to be invoked with a NULL pointer. The connected documents confirm this NULL-pointer use...
CVE-2025-38736
Technical details about CVE-2025-38736 are not provided in the connected documents. The initial description notes a Linux kernel MDIO PHY address masking fix (mask with 0x1f) in net: usb: asix_devices to prevent OOB/invalid MDIO addresses. Connected advisories reference the CVE, but do not supply...
CVE-2025-39680
The CVE-2025-39680 entry concerns the Linux kernel I2C RTL9300 driver. Vulnerable code path is rtl9300_i2c_smbus_xfer where data->block[0] is sourced from user input and could be very large, enabling an out-of-bounds access. The issue is remedied by validating data->block[0] before use. Aff...
CVE-2025-39705
The CVE-2025-39705 entry concerns a NULL pointer dereference in the AMD display driver (DC module) for the Linux kernel. Root cause: during cleanup in dc_destruct(), if dc->ctx construction failed, dc->ctx is NULL but code dereferenced dc->ctx->perf_trace. The fix added a NULL check f...
CVE-2025-39714
CVE-2025-39714 is a Linux kernel issue affecting the media: usbtv path. When a streaming application (e.g., ffplay) is active and another process changes the TV standard from NTSC to PAL, the kernel can crash due to copying into unmapped memory. The root cause is that increasing the usbtv struct’...
CVE-2025-39727
The CVE-2025-39727 entry concerns a Linux kernel vulnerability in memory management swap code. The issue is a potential buffer overflow in setup_clusters() triggered when setup_swap_map() validates badpages only up to (0, last_page], and maxpages may be less than last_page, causing setup_clusters...
CVE-2025-39753
CVE-2025-39753 relates to the Linux kernel’s gfs2 code. The vulnerability is resolved by a patch that adds the .migrate_folio flag in gfs2_{rgrp,meta}_aops, addressing a warning: gfs2_meta_aops does not implement migrate_folio, triggering messages during xfstests. The described impact is the supp...
CVE-2025-39775
CVE-2025-39775: In the Linux kernel, mm/mremap: fix WARN with uffd that has remap events disabled. Root cause: during an mremap recovery, recursion recurses on the original page-table move but not the recovery move, triggering a WARN in mremap.c. The fix adds a double-VMAs PMD/PUD level check (be...
CVE-2025-39877
The CVE-2025-39877 issue is a Linux kernel use-after-free in mm/damon/sysfs: state_show() reads kdamond->damon_ctx without holding damon_sysfs_lock, allowing a UAF when damon_ctx is freed under damon_sysfs_lock. A fix mirrors pid_show() by taking damon_sysfs_lock before dereferencing the conte...
CVE-2025-39907
Technical details about CVE-2025-39907 are not publicly provided in the supplied connected documents. Monitor for updates from vendors/security advisories; the initial description mentions a Linux kernel fix related to overlapping ECC buffer mappings in stm32_fmc2.
CVE-2025-39912
This CVE (CVE-2025-39912) affects the Linux kernel nfs/localio path. The issue occurs when the nfsd filecache code releases the nfsd_file before creds are properly handled, triggering a BUG_ON in __put_cred via current->cred. The vulnerability is resolved by restoring credentials before releas...
CVE-2025-39927
CVE-2025-39927 is addressed in the Linux kernel via a Ceph client race fix. The issue occurred when validating r_parent before applying MDS replies, risking stale parent inode references and applying state changes to the wrong directory inode. The fix adds validation to ensure the cached parent i...
CVE-2025-39953
CVE-2025-39953 (Linux kernel) : The issue arises in cgroup destruction where root destruction can hang during repeated perf_event/net_prio unmounts with systemd.unified_cgroup_hierarchy=1. Root cause shows root destruction enqueues, while offline work is blocked by the same wq, causing a hang. Th...
CVE-2025-39965
CVE-2025-39965 concerns the Linux kernel where xfrm_alloc_spi incorrectly treated 0 as a valid SPI. A state with x->id.spi == 0 was added to the byspi list, and __xfrm_state_delete failed to remove such states, leading to a use-after-free vulnerability on list traversal. The issue is resolved ...