CVE-2026-46174

In CVE-2026-46174, the Linux kernel vulnerability affects x86/CPU/AMD Zen2 by allowing improper isolation of shared resources in the Zen2 op cache, potentially leading to instruction corruption. The issue has been resolved in the Linux kernel, with Debian and Root packaging advisories noting fixe...

CVE-2026-46184

CVE-2026-46184 relates to the Linux kernel sound/ua101 driver. The root cause is a missing sanity check for bNrChannels in detect_usb_format(), which can lead to a division by zero in playback_urb_complete() and capture_urb_complete() when a device reports bNrChannels = 0. The USB core does not v...

CVE-2026-46189

CVE-2026-46189 affects the Linux kernel RDMA pvrdma component (pvrdma_alloc_ucontext). The issue is a double free: pvrdma_uar_free() is invoked in pvrdma_dealloc_ucontext() and is erroneously called before, creating a double free condition. Concrete fixes exist in OSV entries for multiple distrib...

CVE-2026-46192

CVE-2026-46192 concerns the Linux kernel spi: microchip-core-qspi driver, where transmitting garbage data during emulated read-only dual/quad operations could brick the QSPI transfer. The issue was resolved in the kernel, with reads handled by the core via clock cycles, removing the need to emit ...

CVE-2026-46201

CVE-2026-46201 affects the Linux kernel drm/xe: an error path in xe_gem_prime_import() leaks a dma_buf attachment when xe_dma_buf_init_obj() fails, because the attachment from dma_buf_dynamic_attach() is not detached. The fix explicitly detaches via dma_buf_detach() before returning an error, avo...

CVE-2026-46208

In the Linux kernel, batman-adv has a vulnerability where tp_meter sessions are not stopped during mesh teardown in batadv_mesh_free(). This allows a running sender thread or late tp_meter packets to keep operating against a mesh instance that is shutting down, potentially causing system instabil...

CVE-2026-46213

The CVE-2026-46213 issue affects the Linux kernel HID Apple keyboard driver (appletb-kbd). A use-after-free (UAF) in the inactivity-timer cleanup path during driver tear-down was fixed by reordering teardown: (1) call hid_hw_close()/hid_hw_stop() before backlight cleanup to prevent late callbacks...

CVE-2026-46224

The CVE-2026-46224 issue affects the Linux kernel drm/xe driver. The bug is a lifecycle/ownership problem in xe_dma_buf_init_obj() where a pre-allocated storage bo is not freed when drm_gpuvm_resv_object_alloc() fails, leading to a potential resource leak. The kernel now ensures that, on failure,...

CVE-2026-46229

The CVE-2026-46229 issue affects the Linux kernel’s DRM/AMDKFD path: KFD VRAM allocations could leave stale data because AMDGPU_GEM_CREATE_VRAM_CLEARED was not applied in the KFD code path, unlike the GEM/user paths which already set VRAM_CLEARED. This allowed stale page-table remnants to leak in...

CVE-2026-46231

CVE-2026-46231 concerns the Linux kernel’s batman-adv code. When batadv_bla_add_claim() fails to insert a new claim into its hash, a reference to the target backbone_gw could be leaked. The vulnerability arises from not releasing that reference on the error path, potentially allowing a backbone_g...

CVE-2026-46233

CVE-2026-46233 affects the Linux kernel batman-adv component (batadv_bla_purge_claims). The issue arises when iterating the claims list with an rcu_read_lock() and encountering a claim being released, potentially setting backbone_gw to NULL before the delayed kfree, making batadv_bla_claim_get_ba...

CVE-2022-50254

The CVE-2022-50254 issue concerns the Linux kernel component for ov8865 support. The vulnerability arises from an error handling path in ov8865_probe() where new error handling could bypass existing cleanup, risking resource leaks. The connected documents indicate this was fixed in the Linux kern...

CVE-2022-50258

CVE-2022-50258 – Linux kernel wifi/brcmfmac stack-out-of-bounds fix The vulnerability is in brcmfmac when handling a non‑null‑terminated firmware version string passed to strsep() via brcmf_c_preinit_dcmds(). The code path writes the firmware version into a buffer via memcpy() and previously coul...

CVE-2022-50261

Summary (CVE-2022-50261) : Linux kernel drivers for STI DRM (sti_hda.c, sti_dvo.c, sti_hdmi.c) used an int return type for mode_valid(), but the drm_connector_helper_funcs prototype requires returning an enum drm_mode_status. This mismatch can trigger a CFI (kCFI) failure and runtime problems (ke...

CVE-2022-50281

CVE-2022-50281 concerns a leak in the Linux kernel’s SGI-IP27 mips platform-bridge handling. The vulnerability occurs in bridge_platform_create() where, on error after calling platform_device_add()/platform_device_add_data()/platform_device_add_resources(), the failed device (pdev) must be releas...

CVE-2022-50286

In Linux kernel ext4, a delayed allocation bug occurs when converting files with inline data to extents on filesystems using both bigalloc and inline. The code path in ext4_clu_mapped() can search a non-existent extent tree (due to inline data) and cache invalid/garbage entries in the extent stat...

CVE-2022-50292

The CVE-2022-50292 entry concerns the Linux kernel DRM MSM DP bridge lifetime issue. Device-managed resources allocated after component bind must be tied to the lifetime of the aggregate DRM device; if not, resources may leak or binding may fail on retry. For DP bridges, bridges allocated earlier...

CVE-2022-50297

CVE-2022-50297 concerns the Linux kernel driver for ath9k USB wireless devices. The issue arises when a USB device claims to be ATH9K but does not expose the endpoints the driver expects; specifically, an interrupt endpoint is presented where a bulk endpoint is anticipated. This mismatch can caus...

CVE-2022-50300

CVE-2022-50300 affects the Linux kernel's btrfs code, where an extent_map use-after-free can occur in read_one_chunk when handling a missing device and the degraded mount option is absent. The root cause is freeing the extent_map before storing the error code, despite the structure being referenc...

CVE-2022-50320

The CVE-2022-50320 issue is a Linux kernel ACPI FPDT FPDT table bug where invalid physical addresses trigger ioremap warnings and an oops. The root cause is calling acpi_os_map_memory() on an invalid phys address; a fix adds a validation step to prevent mapping invalid addresses. The description ...

CVE-2022-50328

CVE-2022-50328 affects the Linux kernel component jbd2. It describes a use-after-free in jbd2_fc_wait_bufs caused by using bh after releasing the buffer head reference, with the recommended fix: validate uptodate status of the buffer before putting the buffer head reference count. The incident is...

CVE-2022-50346

CVE-2022-50346 is a Linux kernel ext4 issue where ext4_rename may modify old.inode’s ctime and trigger quota/extra_isize expansion, potentially allocating blocks and emitting a quota-related warning. The root cause involves ext4_xattr handling during a rename, with syzbot traces showing s_want_ex...

CVE-2022-50347

In CVE-2022-50347, the Linux kernel vulnerability is in mmc: rtsx_usb_sdmmc where mmc_add_host() return value was not checked. If mmc_add_host() fails and the code ignores the error, memory allocated by mmc_alloc_host() can be leaked, causing a kernel crash from deleting a non-added device in the...

CVE-2022-50351

CVE-2022-50351 affects the Linux kernel CIFS subsystem. The issue stems from leaking an xid in cifs_create() when the CIFS session is shutdown, as the xid is not freed before returning. The vulnerability results in an xid leak (resource exhaustion potential) and has a fixed in the Linux kernel vi...

CVE-2022-50379

CVE-2022-50379 involves the Linux kernel btrfs quota handling. The issue occurs during quota enabling: after committing the transaction, the quota_root is assigned and BTRFS_FS_QUOTA_ENABLED is set, then the code starts the qgroup rescan worker via qgroup_rescan_init(). If that init fails, the qu...

CVE-2022-50395

CVE-2022-50395 is a Linux kernel vulnerability where a memory leak occurs if keyring allocation fails in the integrity subsystem. The issue is triggered in integrity_init_keyring() when a keyring allocation error path is taken and the allocated key restriction is not freed. The connected advisori...

CVE-2022-50404

CVE-2022-50404 is a Linux kernel vulnerability affecting fbdev/fbcon where a memory leak could occur in fbcon_do_set_font() due to buffer handling when vc_resize() fails; the buffer might be newly allocated by fbcon_set_font() and released only partially. The issue was fixed in the kernel (as not...

CVE-2022-50424

CVE-2022-50424 affects the Linux kernel WiFi driver for MT7921 (mt76/mt7921). The issue is a resource leak in mt7921_check_offload_capability() where a fw/allocated storage goes out of scope, leaking memory. The vulnerability is described as resolved/fixed via a Coverity-related fix (Addresses-Co...

CVE-2022-50427

CVE-2022-50427 is confirmed as fixed in the provided connected documents. The issue was in the Linux kernel ALSA: ac97 path, where in snd_ac97_dev_register() a failure of device_register() could leak the name allocated by dev_set_name() if put_device() was not invoked to drop the reference. The d...

CVE-2022-50442

The CVE-2022-50442 entry describes a Linux kernel NTFS3 issue where indx_read did not sufficiently validate index buffer length during parsing, enabling a potential out-of-bounds memory access (observed as a slab-out-of-bounds read under KASAN). The vulnerability is tied to NTFS directory operati...

CVE-2022-50448

CVE-2022-50448 involves the Linux kernel mm/uffd path where PTE_MARKER_UFFD_WP was not guarded, allowing a reachable warning when PTE_MARKER_UFFD_WP was not configured. The fix adds CONFIG_PTE_MARKER_UFFD_WP specific ifdefs to ensure the code is not executed in builds without the option. Impact d...

CVE-2022-50462

The CVE-2022-50462 issue affects the Linux kernel (MIPS vpe-mt) where a device name allocated dynamically during module exit could leak memory. root cause: after commit 1fa5ae…, vpe_device release removed kfree, freeing was needed at module exit; the static vpe_device now requires proper freeing ...

CVE-2022-50463

In the Linux kernel, CVE-2022-50463 is due to a resource leak in the mpc52xx_lpbfifo_probe() error path on powerpc/52xx where a request_irq() is not balanced by a free_irq(). The patch adds the missing free_irq() call (matching behavior already present in the remove path). This affects the error-...

CVE-2022-50480

CVE-2022-50480 pertains to the Linux kernel memory handling for pl353-smc, where a refcount leak in pl353_smc_probe() was fixed. The issue stems from the break path of for_each_available_child_of_node() not balancing a reference when the child is no longer used; the fix adds a corresponding of_no...

CVE-2022-50483

CVE-2022-50483 affects the Linux kernel ENETC path handling XDP redirects. The vulnerability arises from race conditions and incorrect page reference counting in enetc_flip_rx_buff() around xdp_do_redirect() failure, which could cause buffer leaks when processing RX descriptors. The fixed approac...

CVE-2022-50497

CVE-2022-50497 affects the Linux kernel’s binfmt_misc subsystem. The provided documents indicate a fix for a shift-out-of-bounds issue in check_special_flags, with UBSAN warning about left shift of 1 by 31 in an unsigned int context. The vulnerability arises from how Node flags/macros are typed, ...

CVE-2022-50500

CVE-2022-50500 – Linux kernel (netdevsim): The vulnerability is a memory leak in nsim_drv_probe() when nsim_dev_resources_register() fails, as reported in the initial document. Unreferenced object and backtrace indicate leak of 128-byte allocation in that failure path. The issue is fixed in the L...

CVE-2022-50511

CVE-2022-50511 : In the Linux kernel, the vulnerability is fixed in the fonts code path. Specifically, the issue arises from shifting a signed 32-bit value by 31 bits in get_default_font within lib/fonts, which is undefined behavior. The patch converts the operation to an unsigned branch to avoid...

CVE-2022-50513

CVE-2022-50513 affects Linux kernel staging/rtl8723bs: in the rtw_init_cmd_priv() error paths, pcmdpriv->cmd_allocated_buf was not freed when rsp_allocated_buf was allocated, causing a memory leak. The fix adds kfree(pcmdpriv->cmd_allocated_buf) on the error path and simplifies the return l...

CVE-2022-50524

CVE-2022-50524 affects the Linux kernel in the iommu/mediatek path: if platform_get_resource() returns NULL and its value isn’t checked, a NULL pointer dereference can occur in resource_size(). The vulnerability has concrete fixes in kernel updates; SUSE’s SUSE-SU-2025:4320-1 (SLES15 SP5 kernel u...

CVE-2022-50531

The CVE-2022-50531 issue is in the Linux kernel Tipc subsystem where an 4-byte portion of sub.usr_handle remained uninitialized when handling setsockopt for SOL_TIPC, causing a kernel infoleak detected by KMSAN. The fixed version initializes sub.usr_handle with an 8-byte write in tipc_topsrv_kern...

CVE-2022-50536

CVE-2022-50536 affects the Linux kernel’s BPF sockmap path. In tcp_bpf_send_verdict() redirection, the eval variable is set to __SK_REDIRECT after sending apply_bytes data; if msg.has_more_data, sock_put() can be called multiple times, risking a use-after-free via refcount misuse. The issue is fi...

CVE-2022-50551

CVE-2022-50551 refers to a Linux kernel vulnerability in the brcmfmac wireless driver where a shift-out-of-bounds could occur during firmware allocation due to an oversized chiprev value used in BIT(chiprev). The patch adds a guard so the function brcmf_fw_alloc_request() returns NULL if chiprev ...

CVE-2023-53165

CVE-2023-53165 is a Linux kernel vulnerability in the UDF filesystem code. The issue is an uninitialized array read in the UDF charset conversion when processing filenames that begin with a dot and are 2–5 characters long, which can cause the output name to be prepended with a “unification hash” ...

CVE-2023-53166

CVE-2023-53166 is a Linux kernel race in the bq25890 charger driver. The external_power_changed callback dereferenced bq->charger before it was guaranteed to be set during power_supply_init, creating a potential NULL pointer dereference in early boot when the extcon power is detected. The vuln...

CVE-2023-53193

CVE-2023-53193 – Linux kernel (amdgpu): The issue is in the drm/amdgpu driver, specifically gmc_v10_0_hw_fini calling amdgpu_irq_put. The firmware enables gmc.ecc_irq and the host driver is not privileged to enable/disable it, making amdgpu_irq_put in gmc_v10_0_hw_fini meaningless and causing a c...

CVE-2023-53207

CVE-2023-53207 applies to the Linux kernel ublk subsystem. The issue arises in ublk_ctrl_end_recovery: if wait_for_completion_interruptible() is interrupted by a signal, queues aren’t yet fully set up, so the kernel must fail UBLK_CMD_END_USER_RECOVERY to avoid a kernel oops. The CVSS 3.1 data in...

CVE-2023-53216

CVE-2023-53216 affects the Linux kernel on ARM64 where EFI runtime services could sleep in an invalid context due to the new efi_rt_lock spinlock. The root cause is the addition of a spinlock (efi_rt_lock) introduced by commit ff7a167961d1 to execute EFI runtime services from a dedicated stack, w...

CVE-2023-53244

In Linux kernel, the media: pci: tw68 driver vulnerability CVE-2023-53244 fixes a null pointer dereference in buffer handling: if dma_alloc_coherent fails during tw68_risc_buffer(), buf->cpu may be null and later accesses/free could crash. The fix adds checks on the return value of tw68_risc_b...

CVE-2023-53246

CVE-2023-53246 (Linux kernel, CIFS DFS upcall) : When CONFIG_CIFS_DFS_UPCALL is disabled, cifs_dfs_d_automount becomes NULL and the CIFS DFS referral handling can trigger a NULL pointer dereference in VFS follow_automount() while traversing a DFS referral. The fix adds an inline cifs_dfs_d_automo...