14330 matches found
CVE-2023-53324
CVE-2023-53324 affects the Linux kernel DRM MSM MDP5: it fixes a leak of plane_state state (plane_state->commit refcount) that could degrade availability. The root cause was plane_state reference counting; the patch uses the correct helpers to prevent leakage. Affected component: drm/msm/mdp5....
CVE-2022-50317
CVE-2022-50317 affects the Linux kernel, specifically the DRM bridge driver for Megachips (stdp2690 and stdp4028). The issue is a null-pointer dereference that occurs when removing the module because the two bridges are not probed concurrently, causing ge_b850v3_register() not to be called for in...
CVE-2022-50319
CVE-2022-50319 affects the Linux kernel’s coresight/trbe path. The vulnerability stems from cpuhp_state_add_instance() and cpuhp_state_remove_instance() not being used in proper pairs, which can trigger a warning in cpuhp_remove_multi_state() due to a non-empty cpuhp_step list, potentially leavin...
CVE-2022-50325
CVE-2022-50325 (Linux kernel) is detailed in connected documents as an ASoC: Intel avs issue, where firmware may return an invalid RX size for LARGE_CONFIG_GET, causing memcpy_fromio() to copy too many bytes. Root cause: RX size handling overflow in the RX buffer due to missing bounds check. Miti...
CVE-2022-50341
CVE-2022-50341 is a Linux kernel CIFS vulnerability where an oops could occur during encryption due to writing into a vmalloc-backed stack buffer in scatterwalk_copychunks. The issue was fixed by adjusting how buffers are mapped and used during SMB3 encryption (cifs_sg_set_buf and crypt_message f...
CVE-2022-50354
The CVE-2022-50354 issue concerns the Linux kernel’s drm/amdkfd component (kfd_process_device_init_vm error handling). The provided description states that the fix involved destroying ib_mem only and letting the process cleanup worker free outstanding BOs, and resetting pdd->qpd to prevent a N...
CVE-2022-50368
CVE-2022-50368 affects the Linux kernel component drm/msm/dsi. The issue is memory corruption that occurs if there are more than eight bridges, due to a missing sanity check on the bridge counter which can cause writes beyond the fixed-size bridge array. The vulnerability was fixed by adding the ...
CVE-2022-50370
The provided documents describe a Linux kernel issue (CVE-2022-50370) in the i2c designware driver where an interrupt occurring during resume from S3 could trigger a NULL pointer dereference in i2c_dw_xfer_msg() on certain Alder Lake‑S platforms. Root cause: an interrupt from i2c_designware.0 (PC...
CVE-2022-50371
CVE-2022-50371 concerns the Linux kernel, specifically the qcom-lpg LED driver. The issue arises because lpg_brighness_set() could sleep while the brightness_set() callback for the LED must be non-blocking, leading to sleeping in atomic context (as shown by the stack trace and in_atomic/irq state...
CVE-2022-50374
CVE-2022-50374 affects the Linux kernel Bluetooth stack (hci_ldisc/hci_serdev). The issue is a missing handling of percpu_init_rwsem() failure, leading to a NULL pointer dereference in hci_uart_tty_close() because rcu_sync_enter() can be called without rcu_sync_init() after hci_uart_tty_open() ig...
CVE-2022-50376
CVE-2022-50376 is a Linux kernel security issue describing a memory leak in the orangefs driver (orangefs_kernel/orangefs_client_debug_init) when loading/unloading the module. The root cause is a kmemleak-related allocation path that leaks memory on module insert/remove. The fix uses a global buf...
CVE-2022-50388
CVE-2022-50388 affects the Linux kernel where a flush request initialized by blk_kick_flush can carry a NULL bio. With blktrace and multipath enabled, nvme_trace_bio_complete may dereference this NULL bio during io completion, leading to kernel NULL pointer dereference (crash) as shown by an OOPS...
CVE-2022-50394
CVE-2022-50394 affects the Linux kernel i2c subsystem (specifically the ismt ioctl path in the ismt_access() function). The vulnerability arises when the driver does not validate user-supplied data, allowing an oversized data->block[0] to trigger an out-of-bounds read, as demonstrated by the k...
CVE-2022-50405
CVE-2022-50405 affects the Linux kernel VXLAN path. A race in net/tunnel when deleting a vxlan device during packet reception could release the sock before sk_user_data readers finish, leading to a NULL pointer dereference in vxlan_ecn_decapsulate() / vxlan_get_sk_family(). The advisory notes thi...
CVE-2022-50410
CVE-2022-50410 is a Linux kernel vulnerability in NFSD/NFSv2 READ where a large RPC Call can cause the send buffer to shrink, enabling a client to trigger a buffer overflow on TCP. The entry notes a local-attack potential with high impact (CVSS v3.1: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, base scor...
CVE-2022-50503
CVE-2022-50503 affects the Linux kernel component mtd: lpddr2_nvm. The vulnerability is a possible null-ptr-deref in resource_size(add_range) when platform_get_resource() returns NULL. This is triggered in the lpddr2_nvm code path and can lead to a crash/local impact as described. The issue has b...
CVE-2022-50538
CVE-2022-50538 pertains to the Linux kernel VME subsystem. In fake_init(), __root_device_register() may fail and the error is not handled, which can cause unregistering vme_root during exit to fail, potentially yielding a general protection fault and a null-ptr-deref (non-canonical address 0xdfff...
CVE-2023-53173
In CVE-2023-53173, the Linux kernel tty pcn_uart driver had a memory leak when using debugfs_lookup() because the returned object wasn’t always released with dput(). The recommended fix is to call debugfs_lookup_and_remove() to perform the lookup and cleanup in one step, mitigating the leak.
CVE-2023-53175
CVE-2023-53175 — Linux kernel hv_pci_restore_msi_msg() panic during hibernation (Hyper-V guest). Affected component: Linux kernel PCI Hyper-V integration. Root cause: when a VM with an assigned PCI device hibernates and MSI-X/MSI is not yet enabled, hv_pci_restore_msi_msg() panics because pdev-&g...
CVE-2023-53188
CVE-2023-53188: In the Linux kernel, net: openvswitch: fix race on port output. The vulnerability arises when an Open vSwitch vport is racing with netns/namespace deletion, potentially triggering an infinite loop in skb_tx_hash in dev_queue_xmit if dev->real_num_tx_queues becomes 0 during unre...
CVE-2023-53206
CVE-2023-53206 : In the Linux kernel, a NULL pointer dereference in hwmon: (pmbus_core) was fixed by removing the assumption that a regulator device is passed. The fix involves passing the i2c_client to _pmbus_is_enabled to avoid dereferencing a NULL regulator during _pmbus_get_flags, addressing ...
CVE-2023-53256
CVE-2023-53256 resolves a Linux kernel issue in the firmware/arm_ffa path where device names for logical partitions could collide. The root cause was that the device name used by FFA partitions included only the VM ID, while UUIDs were kept in partition info, causing sysfs errors like “cannot cre...
CVE-2023-53271
CVE-2023-53271 concerns the Linux kernel UBI layer. The issue arises from a mismatch between create and destroy interfaces where the object created by ubi_eba_create_table() is freed via kfree(), leaving ubi_eba_table->entries potentially not freed, leading to a kmemleak-reported unreferenced ...
CVE-2023-53286
CVE-2023-53286 affects the Linux kernel’s RDMA mlx5 path. The issue is: when destroying QP/RQ, the firmware destruction result was ignored, so upper layers could proceed as if destruction succeeded, potentially triggering kernel WARNs. The description specifies that the kernel now returns the fir...
CVE-2023-53308
The CVE-2023-53308 issue is in the Linux kernel net: fec driver handling of pm_runtime_get() failures during removal. When pm_runtime_get() (as pm_runtime_resume_and_get()) fails, the remove callback may return an error, but the driver core ignores it and continues removing the device, causing a ...
CVE-2023-53315
CVE-2023-53315 affects the Linux kernel with ath11k Wi‑Fi where RX descriptors from the REO destination ring can be value 0, causing an incorrect SKB to be fetched from the IDR lookup and leading to SKB memory corruption and eventual crash. The fix changes the IDR allocation to start at 1 and res...
CVE-2023-53391
CVE-2023-53391 patches the Linux kernel shmem:ramfs-based tmpfs memory leak by replacing kill_sb with ramfs_kill_sb() in ramfs-based tmpfs, freeing fc->s_fs_info during init_fs_context() cleanup. Affected: Linux kernel ramfs/tmpfs shmem path; root cause: memory leak in kill_sb/init_fs_context ...
CVE-2023-53402
CVE-2023-53402 affects the Linux kernel, specifically the printk debugfs path. The root cause is a memory leak in kernel/printk/index.c when using debugfs_lookup() without a matching dput(). The documented fix replaces the sequence with debugfs_lookup_and_remove(), handling the logic and preventi...
CVE-2023-53407
CVE-2023-53407 refers to a Linux kernel issue in USB gadget support for pxa27x_udc where memory leaks occur if debugfs_lookup() results are not released (dput). The resolution, as described in multiple sources, is to call debugfs_lookup_and_remove() which handles the lookup and cleanup in one ste...
CVE-2023-53410
CVE-2023-53410 (Linux kernel) : The issue is a memory leak in USB ULPI related to using debugfs_lookup() without proper dput() on the result. The recommended remediation is to replace the call with debugfs_lookup_and_remove(), which handles lookup and cleanup in one step. Affected context and ref...
CVE-2023-53420
CVE-2023-53420 affects the Linux kernel NTFS code path. The issue arises in ntfs_listxattr() (fs/ntfs3/xattr.c) where slab-out-of-bounds access could occur due to incorrect handling in the ea_all iteration when aea->name_len is 0, potentially reading invalid memory during listxattr(). The vend...
CVE-2023-53423
CVE-2023-53423 is a Linux kernel vulnerability resolved by a fix in objtool. The issue is a memory leak: strdup() allocates memory for key_name and the code path handling errors does not free it, leading to leaks in create_static_call_sections(). The connected advisories (EulerOS/Nessus entries) ...
CVE-2023-53428
CVE-2023-53428 affects the Linux kernel powercap subsystem, specifically the arm_scmi implementation. The issue arises when powercap zones are retrieved from platforms and registered in a hierarchical tree; the current recursive walk can cause kernel stack overflow for large trees. The fix replac...
CVE-2023-53436
CVE-2023-53436 : In the Linux kernel, the scsi: snic path had a memory leak when device_add() fails because the name allocated by dev_set_name() wasn’t freed. The fix releases the reference in the error path by calling put_device(), allowing kobject_cleanp() to free the name. The vulnerability’s ...
CVE-2023-53443
CVE-2023-53443 affects the Linux kernel mfd Arizona driver. The root cause is a refcount leak in arizona_clk32k_enable() caused by using pm_runtime_get_sync(), which can increase the refcount even on error. The fix is to use pm_runtime_resume_and_get() to avoid leaking references. Impact per advi...
CVE-2023-53454
CVE-2023-53454 - Linux kernel HID multitouch fix : The issue arises from using the input_dev name in a devm-allocated string, which can cause a use-after-free when input_dev is unregistered and a uevent referencing the name fires. The patch changes the reference to the HID device for devm allocat...
CVE-2025-38150
The CVE-2025-38150 entries describe a Linux kernel fix for af_packet where the notifier call path (packet_dev_mc) was moved out of an RCU critical section. The root cause involved a sleeping function being called from an invalid context in a chain of net/packet/af_packet.c and related code paths ...
CVE-2025-38522
CVE-2025-38522 fixes a Linux kernel issue in sched/ext where update_locked_rq() could be called with a NULL runqueue (rq). The patch ensures update_locked_rq() is invoked only when rq is non-NULL, preventing unsafe __this_cpu_write() usage in preemptible contexts. The vulnerability description no...
CVE-2025-38567
The CVE-2025-38567 vulnerability affects the Linux kernel NFS server (nfsd) where racing calls to nfsd_open_local_fh() can cause an extra reference to the net to be leaked if both calls succeed in nfsd_file_acquire_local(). One instance will fail to store the file reference yet keep the extra net...
CVE-2025-38570
CVE-2025-38570 is described in the initial document as a Linux kernel issue in the fbnic AF_XDP path, where a UaF occurs in xsk_bind() due to NAPI handling: NAPI is freed and the NAPI pointer is not cleared from the queue after a device open failure. The report indicates a local attack vector wit...
CVE-2025-38592
CVE-2025-38592 affects the Linux kernel Bluetooth subsystem. The issue arises in hci_devcd_dump where dev_coredumpv and skb_put_data both use hdev->dump.head, allowing a freed vmalloc buffer to be accessed and causing vmalloc-out-of-bounds access. The documented root cause is that dev_coredump...
CVE-2025-38598
CVE-2025-38598 : Affected component is the Linux kernel amdgpudriver (AMDGPU) code; the issue is a use-after-free in amdgpu_userq_suspend (addressing a slab-use-after-free). The vulnerability is reported with a read of size 8 during pci_unplug/remove flow, as part of a KASAN report. The entry ind...
CVE-2025-38638
CVE-2025-38638: In the Linux kernel IPv6 stack, inet6_rt_notify() could be invoked under RCU protection, allowing concurrent route changes and rt6_fill_node() returning -EMSGSIZE. The fix adds retry logic: when this situation is detected, the skb is resized and the operation retried, and a previo...
CVE-2025-38654
CVE-2025-38654 concerns the Linux kernel pinctrl path for canaan k230. The vulnerability arises from the ordering of device-tree parsing and pinctrl registration, where device-tree parsing must complete before devm_pinctrl_register() is called to avoid using uninitialized pin resources. The provi...
CVE-2025-38672
CVE-2025-38672 concerns a Linux kernel issue where the dma_buf field in struct drm_gem_object is not stable over a GEM object’s lifetime, leading to NULL-pointer dereference when the final GEM handle is released. The fix reverts the earlier change by reverting drm/gem-dma: Use dma_buf from GEM ob...
CVE-2025-38722
CVE-2025-38722: Linux kernel HABANA Labs export_dmabuf() UAF due to race between descriptor table fd_install() and object destruction in ->release(). Root cause: a descriptor in dma_buf_fd() may be installed and used while the referenced file/object could be freed, leading to use-after-free. M...
CVE-2025-38731
CVE-2025-38731: In the Linux kernel, the drm/xe driver fixes a double-free in xe_vm_bind_ioctl when an array bind argument check fails. The bug freed bind_ops twice; the fix nulls bind_ops after freeing to prevent a second free. Root cause: double-free in xe_vm_bind_ioctl+0x1b2/0x21f0 (KASAN repo...
CVE-2025-39719
CVE-2025-39719 reports a Linux kernel vulnerability in iio: imu: bno055 where an out-of-bounds access could occur due to iterating the hw_xlate array with the length of vals instead of hw_xlate. The fix adds a hw_xlate_len field to the bno055_sysfs_attr to ensure correct bounds during bno055_get_...
CVE-2025-39750
Technical details for CVE-2025-39750 are not provided in the supplied documents. No affected products, root cause, or fixes are disclosed here. Monitor for updates in forthcoming advisories or vendor bulletins.
CVE-2025-39779
Summary: CVE-2025-39779 is a Linux kernel vulnerability in btrfs subpage handling. The issue occurs when btrfs_subpage_set_writeback() clears the PAGECACHE_TAG_TOWRITE tag on a folio that still has dirty blocks, breaking WB_SYNC_ALL/ordering guarantees and potentially causing a failure (e.g., an ...