14330 matches found
CVE-2026-46240
The CVE-2026-46240 issue affects the Linux kernel iris driver. A use-after-free occurs when iris_release_internal_buffers() accesses a buffer after session_release_buf() frees it, caused by a regression from a change that destroys internal buffers after FW releases. The documented fix sets BUF_AT...
CVE-2026-46251
The CVE-2026-46251 issue is a Linux kernel Btrfs vulnerability where, when EXTENT_TREE_V2 is enabled, the block_group_tree may be added to switch_commits while still on the dirty_list, causing invalid list manipulation and corruption of block_group_root->dirty_list. This corruption can propaga...
CVE-2026-46278
CVE-2026-46278 : In the Linux kernel, the drm/imagination driver fixes a segfault when updating the ftrace mask and corrects invalid data handling for a debugfs entry. The vulnerability manifested as a NULL pointer dereference leading to an Oops under kernel memory access, with a trace citing pvr...
CVE-2026-46286
CVE-2026-46286 describes a Linux kernel issue in leds: qcom-lpg, where selecting high-resolution values from a 5-entry array uses FIELD_GET() to pull from a 3-bit register, risking out-of-bounds reads. The referenced fix adds a bounds check before indexing, preventing overflow and potential incor...
CVE-2026-46297
CVE-2026-46297 corresponds to a Linux kernel issue in net: libwx regarding VF misc interrupts. The vulnerability arose from using request_threaded_irq() with a primary handler and a NULL threaded handler while setting IRQF_ONESHOT, which triggers a kernel warning (genirq: Warn about using IRQF_ON...
CVE-2026-46309
The CVE-2026-46309 entry describes a Linux kernel issue in drm/xe/uapi where PAT indices with XE_COH_NONE coherency are rejected for CPU cached memory in madvise. The fix adds validation in xe_vm_madvise_ioctl() to prevent using coh_none on CPU cached buffers, as such usage could allow a GPU to b...
CVE-2026-53148
The CVE affects the Linux kernel Thunderbolt driver (tb_xdp_properties_request) where per-packet copy length is derived from the response header without bounds checking against the allocated data buffer, causing a potential out-of-bounds memcpy and memory corruption. The issue can lead to denial ...
CVE-2026-53193
CVE-2026-53193 concerns the Linux kernel ALSA timer component. When a snd_timer object is freed via snd_timer_free() while there are still pending snd_timer_instance entries linked to it, slave instances may continue to point at the freed timer, creating a use-after-free condition. The vulnerabil...
CVE-2026-53215
CVE-2026-53215 affects the Linux kernel mvpp2 driver: the RX path could return a descriptor buffer to the hardware Buffer Manager after it had been handed to XDP or an skb, allowing DMA into memory no longer owned by the RX ring. Root cause is improper handling of RX buffers in mvpp2_rx_refill() ...
CVE-2026-53253
CVE-2026-53253 affects the Linux kernel Bluetooth BNEP stack. The vulnerability arises when a BNEP peer sends a short SDU and the kernel bnep_rx_frame() reads the packet type, then bnep_rx_control() dereferences the control opcode or setup UUID-size byte before ensuring those bytes are present. T...
CVE-2026-53274
CVE-2026-53274 affects the Linux kernel net/smc code. A logic flaw in __smc_setsockopt() allowed a local unprivileged user to cause a Denial of Service by keeping the socket lock held during a copy_from_sockptr() operation. The vulnerability occurs because the copy is performed while holding lock...
CVE-2026-53281
The CVE-2026-53281 entries describe a Linux kernel IOMMU VT-d issue where NULL pointer dereference or refcount corruption could occur during teardown if dev_pasid was not found in the dev_pasids list or if domain was never attached. The root cause was improper teardown execution after potential N...
CVE-2026-53322
CVE-2026-53322 affects the Linux kernel’s vfio/pci subsystem. The issue occurs during device shutdown when vfio_pci_core_close_device() disables a function before calling vfio_pci_dma_buf_cleanup(), allowing a small window where the function’s MSE is cleared while DMABUF-access to BARs may still ...
CVE-2022-49976
CVE-2022-49976 relates to Linux kernel code for x86 Android tablet handling, specifically the Chuwi Hi8 touchscreen issue. The vulnerability stems from the x86_android_tablets path calling x86_acpi_irq_helper_get() which may invoke acpi_unregister_gsi(), leading to touchscreen malfunctions and ke...
CVE-2022-50043
CVE-2022-50043 is a Linux kernel vulnerability in ndisc_router_discovery where, on certain paths after grabbing rt and neigh, a nonzero lifetime with a metric change causes the code to delete the route and potentially reacquire rt/neigh without decrementing the previous neigh reference count, lea...
CVE-2022-50089
CVE-2022-50089 affects the Linux kernel with the btrfs file system. The issue occurs when cow_file_range() fails mid-allocation (unlock=0) and may leave pages locked, potentially causing a hung task in zoned btrfs setups (as described in the provided reports). The included details show that the f...
CVE-2022-50113
The connected sources indicate CVE-2022-50113 affects the Linux kernel ASoc audio-graph-card2 component, where a refcount leak occurred in __graph_get_type() due to not calling of_node_put() before replacement and before return. The root cause is improper refcount management related to of_get_par...
CVE-2022-50182
CVE-2022-50182 concerns a Linux kernel issue in the media: imx-jpeg driver. The flaw involved aligning upwards the buffer size for both encoder and decoder, allowing arbitrary image dimensions (WxH) while leaving the picture resolution unchanged. The documented impact indicates the decoder risk o...
CVE-2022-50263
CVE-2022-50263 concerns the Linux kernel component vdpasim. The vulnerability stems from a memory leak when freeing IOTLBs: after the commit that added control virtqueue support, vdpasim->iommu became an array of IOTLBs, and mappings must be cleaned for each free IOTLB rather than deleting onl...
CVE-2022-50278
CVE-2022-50278 : In the Linux kernel, a memory leak was introduced in the PNP path by deferring the dynamic allocation of the device name until after pnp_add_id() (the fix was to move dev_set_name() after pnp_add_id()) following commit 1fa5ae857bb1. The vulnerability affects the PNP device naming...
CVE-2022-50288
The CVE-2022-50288 issue affects the Linux kernel qlcnic driver: under OOM, qlcnic_dcb_attach() can fail inside qlcnic_dcb_enable(), leading to adapter->dcb being freed while callers still use it via qlcnic_dcb_get_info(), causing a use-after-free. The fix propagates errors from qlcnic_dcb_ena...
CVE-2022-50295
CVE-2022-50295: In the Linux kernel io_uring/msg_ring path, a NULL pointer dereference occurs in io_msg_send_fd() when file_ptr is NULL, causing src_file to be NULL and get_file() to dereference a NULL pointer and trigger a crash. The issue was fixed by adding a NULL check in io_msg_send_fd(), pr...
CVE-2022-50322
CVE-2022-50322 affects the Linux kernel RTC driver (msc313) where a function prototype mismatch in msc313_rtc_probe() was exposed under Clang with kCFI (CONFIG_CFI_CLANG). The indirect call validation failed when clk_disable_unprepare() did not match devm_add_action_or_reset() callback prototypes...
CVE-2022-50323
CVE-2022-50323 (Linux kernel) : The vulnerability stems from skb_append_pagefrags() sensing pfmemalloc status for pages owned by user space, triggering a data race reported by KCSAN in the swap/LRU paths. The fix/mitigation is to stop sensing pfmemalloc status for these pages and to use skb_fill_...
CVE-2022-50335
CVE-2022-50335 concerns the Linux kernel 9p client path where a new request’s refcount could remain uninitialized when allocated from slab and then added to idr, risking use-after-free/bad request data. The connected sources describe the root cause and a proposed fix: initialize the request’s ref...
CVE-2022-50336
CVE-2022-50336 – Linux kernel (fs/ntfs3) Root cause: a missing null pointer check in attr_load_runs_vcn when parsing certain NTFS metadata before MFT could permit a kernel NULL pointer dereference on malformed images. Impact: kernel crash/free crash (NPD) resulting from NULL dereference in ntfs-r...
CVE-2022-50387
The CVE-2022-50387 entry concerns a Linux kernel net: hinic issue where CMDQ memory leaks occur if hinic_set_cmdq_depth() fails during hinic_init_cmdqs(); the kernel patch fixes memory not being released. Affected component is the hinic CMDQ initialization path; remediation is the applied fix in ...
CVE-2022-50398
The CVE-2022-50398 entry affects the Linux kernel DRM MSM display path (drm/msm/dp). A race in commit_tail/drm_release could allow an extra frame to be pushed downstream when the display interface is down, causing dp_bridge_disable() to access the main link register with clocks disabled and trigg...
CVE-2022-50409
CVE-2022-50409 is a Linux kernel vulnerability affecting networking code. The issue occurs when a socket is dead but code paths access the socket’s wait queue (sk_wq) during sk_stream_wait_memory, which can lead to a NULL dereference or use-after-free scenario when the socket is released while me...
CVE-2022-50418
CVE-2022-50418 concerns the Linux kernel wifi path, specifically the ath11k MHI workflow. The issue: when mhi_alloc_controller() allocates mhi_ctrl and ath11k_mhi_read_addr_from_dt() fails, the code path returns without freeing the allocated controller, causing a memory leak. The documented fix a...
CVE-2022-50465
The CVE-2022-50465 issue is a Linux kernel ext4 fast-commit journal memory-leak: when the end of fast-commit journal blocks is unfinished, the unused tail space could leak uninitialized memory to disk. The published description states the fix is to zero out that unused space to prevent leakage. T...
CVE-2022-50490
Summary: CVE-2022-50490 affects the Linux kernel bpf path in __htab_map_lookup_and_delete_batch, where a failed htab_lock_bucket() returning -EBUSY could cause silent bucket-skips, out-of-bounds memory access, or kernel memory exposure to userspace. Root cause: error from htab_lock_bucket() not p...
CVE-2022-50521
The CVE-2022-50521 issue affects the Linux kernel (platform/x86 mxm-wmi) with a memleak in mxm_wmi_call_mx[ds|mx]. The ACPI buffer (out.pointer) returned by wmi_evaluate_method() was not freed after the call, causing a memory leak. The patch fixes this by passing NULL to wmi_evaluate_method(), pr...
CVE-2022-50531
The CVE-2022-50531 issue is in the Linux kernel Tipc subsystem where an 4-byte portion of sub.usr_handle remained uninitialized when handling setsockopt for SOL_TIPC, causing a kernel infoleak detected by KMSAN. The fixed version initializes sub.usr_handle with an 8-byte write in tipc_topsrv_kern...
CVE-2022-50537
CVE-2022-50537 affects the Linux kernel through a memory-leak in the Raspberry Pi firmware path. The flaw occurs in rpi_firmware_probe(): when mbox_request_channel() fails, the allocated fw was not freed, leading to a leak. The fix, as described in the vulnerability notes, frees the fw via kfree(...
CVE-2022-50539
In the Linux kernel, CVE-2022-50539 concerns the ARM OMAP2+ platform, specifically omap4-common. The issue arises in omap4_sram_init() where of_find_compatible_node() can return a node pointer with its refcount already incremented. The underlying root cause is a refcount leak related to node hand...
CVE-2022-50551
CVE-2022-50551 refers to a Linux kernel vulnerability in the brcmfmac wireless driver where a shift-out-of-bounds could occur during firmware allocation due to an oversized chiprev value used in BIT(chiprev). The patch adds a guard so the function brcmf_fw_alloc_request() returns NULL if chiprev ...
CVE-2023-53149
CVE-2023-53149 concerns the Linux kernel ext4 filesystem. The issue arises from a filesystem-wide lock protecting ext4_writepages() that can deadlock during fs reclaim initiated by page writeback, due to a recursion scenario where ext4_writepages() attempts to acquire sbi->s_writepages_rwsem w...
CVE-2023-53176
CVE-2023-53176 affects the Linux kernel serial subsystem (8250) where unbinding a port-specific 8250 driver leaves port->pm in use; serial8250_pm() then calls the now-gone driver, causing a hang/oops roughly 10 seconds later. The fix implements serial8250_set_defaults() in serial8250_unregiste...
CVE-2023-53199
CVE-2023-53199 – Linux kernel, wifi: ath9k: hif_usb memory leak in rx stream . Syzkaller reported that when processing skbs in ath9k_hif_usb_rx_stream(), allocated skbs in skb_pool could be leaked if the function fails (e.g., due to an incorrect pkt_len or pkt_tag causing an input skb to be inval...
CVE-2023-53220
CVE-2023-53220 affects the Linux kernel, specifically the media/az6007 driver. The vulnerability arises in az6007_i2c_xfer where user-controlled msg[i].buf could be dereferenced if msg[i].buf is null and msg[i].len is zero, bypassing previous checks and potentially crashing. The root cause is mis...
CVE-2023-53222
CVE-2023-53222 pertains to the Linux kernel, specifically the JFS filesystem code (jfs_dmap). The issue is a mounting-time validation flaw in db_l2nbperpage: BLKTODMAP uses db_l2nbperpage to shift, and an unchecked large value can trigger a shift-out-of-bounds crash. The root cause is that db_l2n...
CVE-2023-53253
CVE-2023-53253 affects the Linux kernel HID path for nvidia-shield. The underlying issue is a use-after-free caused by freeing the input_dev name during input_dev unregister, when the name is freed by devres cleanup via input_unregister_device. The mitigation described in the public records is to...
CVE-2023-53317
CVE-2023-53317 is a Linux kernel vulnerability in the ext4 subsystem, specifically the mb_find_extent path. The provided description shows a fix for a WARNING triggered in mb_find_extent and associated traces involving ext4_mb_complex_scan_group and ext4_ext_map_blocks, indicating a misbehavior i...
CVE-2023-53327
CVE-2023-53327 concerns a Linux kernel iommufd selftest issue where an overflow of uptr and length near UINTPTR_MAX could trigger a WARN_ON in drivers/iommu/iommufd/selftest.c. The vulnerability is described as resolved, with the notable consequence being user memory range checks that must not ov...
CVE-2023-53347
CVE-2023-53347 (Linux kernel, net/mlx5e offloads): The issue arises from incorrect ordering between E-switch unpairing and uplink vport unload when switching modes or removing devices, causing a use-after-free during peer-flow cleanup and a kernel oops. The fix is to handle pairing of the E-switc...
CVE-2023-53353
The CVE concerns the Linux kernel in accel/habanalabs where the memory manager IDR destruction is postponed from the memory manager fini to hpriv_release(). The issue arises because destroying the IDR while a user context may still hold memory buffers could cause release calls to fail later, crea...
CVE-2023-53356
CVE-2023-53356 affects the Linux kernel’s USB gadget stack (usb: gadget: u_serial). The issue is a potential null pointer dereference in gserial_suspend if gserial_disconnect has cleared gser->ioport and suspend is invoked afterwards. The fix adds a null pointer check in gserial_suspend and in...
CVE-2023-53365
CVE-2023-53365 is documented across multiple advisories as a Linux kernel vulnerability affecting IPv6 multicast report handling. The issue arises in the ip6mr_cache_report path, where skb_push may move data backwards by a signed length (skb_network_offset(pkt) equals 4), leading to an invalid sk...
CVE-2023-53369
CVE-2023-53369 affects the Linux kernel’s DCB BCN parsing (net: dcb) where dcbnl_bcn_setcfg erroneously parsed tb[DCB_ATTR_BCN] attributes using the dcbnl_pfc_up_nest policy. This mismatch could cause parsing to overflow the intended policy bounds and read attributes (DCB_BCN_ATTR_BCNA_0..DCB_BCN...