14062 matches found
CVE-2026-46162
CVE-2026-46162 affects the Linux kernel ice driver. The vulnerability is a double free in the error path of ice_sf_eth_activate() : when auxiliary_device_add() fails, execution jumps to the auxiliary device uninit path, the device release callback frees the device, but the code then falls through...
CVE-2026-46172
** CWE-XXXX**: CVE-2026-46172 affects the Linux kernel IPv6 xfrm6 path. The issue occurs in xfrm6_rcv_encap() during an IPv6 route lookup when a dst is not yet attached; ip6_route_input_lookup() can return a dst with an error, and if dst->error is set, the skb is dropped without attaching/rele...
CVE-2026-46199
CVE-2026-46199 affects the Linux kernel drm/amdgpu/vcn4 component. The root cause is missing bounds checking when parsing decoder messages, allowing out-of-bounds reads. The issue is resolved by adding checks against the end of the BO whenever the message is accessed. Impact is information disclo...
CVE-2026-46210
The CVE-2026-46210 issue affects the Linux kernel Iris media driver. A race between per-instance locks (inst->lock) and the core list lock (core->lock) allows a use-after-free during MBPF checks: MBPF iterates the core list and reads fields like fmt_src->width/height while iris_close() m...
CVE-2026-46216
The CVE-2026-46216 issue affects the Linux kernel drm/xe/hdcp module. When media GT is disabled via configfs, media_gt may be NULL, causing intel_hdcp_gsc_check_status() to dereference an invalid address and trigger a kernel pagefault. The fix adds a NULL check on media_gt and returns early if NU...
CVE-2026-46261
CVE-2026-46261 relates to the Linux kernel wpcm-fiu SPI driver. The issue is a potential NULL pointer dereference when platform_get_resource_byname() returns NULL, if the NULL is dereferenced by resource_size(). The patch moves the fiu->memory_size assignment to occur after the error check for...
CVE-2026-46263
CVE-2026-46263 is a Linux kernel issue in drm/amd/display where eng_id may index stream_enc_regs beyond its 5-element size, causing out-of-bounds access. The fix adds an explicit bounds check (using ARRAY_SIZE) before indexing stream_enc_regs[eng_id], preventing access when eng_id is ENGINE_ID_DI...
CVE-2022-50235
Mode C: CVE-2022-50235 affects the Linux kernel NFSD implementation for NFSv2 READDIR. The vulnerability arises from an excessive @count leading to a buffer overflow; the fix restores the previous limit on count to prevent overflow attacks. Impact is high (local, with high confidentiality, integr...
CVE-2022-50247
CVE-2022-50247 concerns a Linux kernel USB xHCI MTK driver issue: if wakeup IRQ setup fails, the shared HCD is leaked because usb_put_hcd() may not NULL the @shared_hcd before decreasing usage. The patch (referenced in the description) fixes leakage by ensuring shared_hcd is NULLed prior to decre...
CVE-2022-50249
CVE-2022-50249 : Linux kernel memory subsystem flaw in the OF (Open Firmware) tree. The bug is a refcount leak in of_get_ddr_timings() caused by missing of_node_put() when exiting for_each_child_of_node(). The description states the fix is to add of_node_put() on exit, addressing refcount mismana...
CVE-2022-50261
Summary (CVE-2022-50261) : Linux kernel drivers for STI DRM (sti_hda.c, sti_dvo.c, sti_hdmi.c) used an int return type for mode_valid(), but the drm_connector_helper_funcs prototype requires returning an enum drm_mode_status. This mismatch can trigger a CFI (kCFI) failure and runtime problems (ke...
CVE-2022-50274
CVE-2022-50274 : In the Linux kernel, a use-after-free in dvb_unregister_device() was mitigated by adding a reference counter to struct dvb_device and delaying deallocation until no pointers reference the object. The vulnerability stemmed from cleanup releasing the dvb_device while file->priva...
CVE-2022-50282
CVE-2022-50282: Linux kernel vulnerability in chardev handling where error paths in cdev_device_add() could leave kobject state inconsistent during fault injection tests. Connected advisories (Unity Linux UTSA entries and related EulerOS/SUSE notices) confirm the issue and describe the fix as add...
CVE-2022-50283
In the Linux kernel, CVE-2022-50283 is due to a missing of_node_get() in the dynamic partitions code, causing an unbalanced of_node_put() and a use-after-free in refcount handling during MTD partition parsing on gpmi-nand. The issue manifested in traces such as refcount_t: addition on 0; use-afte...
CVE-2022-50285
CVE-2022-50285 tracks a Linux kernel vulnerability in the hugetlb subsystem where resv_huge_pages could be decremented outside the hugetlb_lock, risking a corrupted counter. The issue arises in alloc_huge_page’s corner case, creating a local (unprivileged) attack surface with a low attack complex...
CVE-2022-50299
CVE-2022-50299 is a Linux kernel issue in the md (multiple device) module where snprintf() could wrap around when the total length of the block device names with slashes exceeds 200, leading to incorrect buffer sizing. The vulnerability arises from using snprintf; the fix is to replace snprintf w...
CVE-2022-50321
CVE-2022-50321 corresponds to a Linux kernel wifi flaw in brcmfmac where brcmf_netdev_start_xmit() could leak memory when pskb_expand_head() fails, returning NETDEV_TX_OK without freeing the skb. The fix adds dev_kfree_skb() to properly free skb and was compile-tested; multiple Unity/Linux adviso...
CVE-2022-50330
CVE-2022-50330: In the Linux kernel, the cavium crypto path has an overflow when loading firmware. The overflow arises from the code_length value sourced from the firmware file; multiplying ntohl(ucode->code_length) by 2 can overflow, potentially enabling local impact per the advisory. The des...
CVE-2022-50351
CVE-2022-50351 affects the Linux kernel CIFS subsystem. The issue stems from leaking an xid in cifs_create() when the CIFS session is shutdown, as the xid is not freed before returning. The vulnerability results in an xid leak (resource exhaustion potential) and has a fixed in the Linux kernel vi...
CVE-2022-50355
CVE-2022-50355 affects the Linux kernel staging vt6655 driver. In some initialization paths, memory is allocated with an index variable i, and the subsequent reverse-order cleanup on allocation failure can miss the case i=0 (memory leak) and can start with i=-1 (access to invalid memory). One loo...
CVE-2022-50360
The CVE-2022-50360 entry concerns a Linux kernel flaw in drm/msm/dp where device-managed resources allocated after component binding could outlive the aggregate DRM device, risking resource leaks or failed binding if binding is retried. The root cause is improper lifetime management: EP (DP AUX) ...
CVE-2022-50362
CVE-2022-50362 pertains to the Linux kernel DMA engine (hisilicon) where multi-thread access to a DMA channel could cause an OOPS and system hang. The issue arises when multiple threads race to rewrite a channel descriptor after device_issue_pending is called, leading the interrupt handler to pro...
CVE-2022-50389
CVE-2022-50389 : In the Linux kernel, tpm_crb memory leak fix involves adding a call to acpi_put_table() in crb_acpi_add() after retrieving TPM2 table info. This prevents leaking the TPM2 ACPI table after init. The connected advisory explicitly states the root cause and the remediation (acpi_put_...
CVE-2022-50436
CVE-2022-50436 : Linux kernel ext4 had a deadlock risk when ext4_unlink() extended the jbd2 transaction scope, because ext4_find_entry() could require setting up the directory encryption key inside a transaction. The fix restores the transaction to its original scope, preventing the deadlock. The...
CVE-2022-50442
The CVE-2022-50442 entry describes a Linux kernel NTFS3 issue where indx_read did not sufficiently validate index buffer length during parsing, enabling a potential out-of-bounds memory access (observed as a slab-out-of-bounds read under KASAN). The vulnerability is tied to NTFS directory operati...
CVE-2022-50444
The CVE-2022-50444 issue is a Linux kernel refcount leak in the Tegra20 clock init path. Root cause: of_find_matching_node() returns a node pointer with a refcount incremented; missing of_node_put() on termination leads to leaks. A fix in clk: tegra20: Fix refcount leak in tegra20_clock_init adds...
CVE-2022-50474
CVE-2022-50474 is a Linux kernel issue affecting the macintosh/macio path, where a device name allocated dynamically after a driver-core change was not freed on of_device_register() failure, causing a memory leak. The fix introduces a put_device() reference release to balance device_initialize() ...
CVE-2022-50478
The CVE-2022-50478 issue affects the Linux kernel nilfs2 code. When an on-disk superblock block size exponent is corrupted, nilfs_sb2_bad_offset can trigger a shift-out-of-bounds warning and a kernel panic at mount time. The fix series adds preliminary sanity checks and changes the risky computat...
CVE-2022-50486
The CVE-2022-50486 issue affects the Linux kernel TI Ethernet driver (net: ethernet: ti) where netcp_ndo_start_xmit() returns int but the net_device_ops field .ndo_start_xmit expects netdev_tx_t. This mismatch can trigger runtime failures (kernel panic or thread termination) when kCFI (clang, CON...
CVE-2022-50500
CVE-2022-50500 – Linux kernel (netdevsim): The vulnerability is a memory leak in nsim_drv_probe() when nsim_dev_resources_register() fails, as reported in the initial document. Unreferenced object and backtrace indicate leak of 128-byte allocation in that failure path. The issue is fixed in the L...
CVE-2022-50505
CVE-2022-50505 (Linux kernel) fixes a refcount leak in iommu/amd by correcting usage of pci_get_domain_bus_and_slot() which increments the PCI device refcount. The caller must call pci_dev_put() when finished; the patch ensures pci_dev_put() is invoked before returning from ppr_notifier() to avoi...
CVE-2022-50548
CVE-2022-50548 affects the Linux kernel (media: i2c: hi846) with a memory leak in hi846_parse_dt. The issue occurs when checks related to supported link frequencies fail, causing V4L2 fwnode resources not to be released, leading to a leak. The fix provided releases and frees the V4L2 fwnode data ...
CVE-2022-50552
CVE-2022-50552 : In the Linux kernel, the blk-mq path had a race where hctx->run_work could race with the elevator switch during reinitialization of hardware queues, potentially leading to use-after-free and kernel panics. The fix switches to a quiesced elevator switch and makes the previous e...
CVE-2023-53147
The CVE-2023-53147 entry maps to a Linux kernel vulnerability in the IPsec XFRM subsystem: a NULL pointer dereference via xfrm_new_ae that could crash the kernel. The root cause is a missing NULL check when updating AE parameters; xfrm_update_ae_params could dereference a NULL x->replay_esn/x-...
CVE-2023-53164
CVE-2023-53164 concerns a Linux kernel issue in the TI-SCI IRQ domain handling. The vulnerability arises from a refcount leak in ti_sci_intr_irq_domain_probe: of_irq_find_parent() returns a node pointer with an incremented refcount, and a missing of_node_put() could prevent proper release. The pr...
CVE-2023-53166
CVE-2023-53166 is a Linux kernel race in the bq25890 charger driver. The external_power_changed callback dereferenced bq->charger before it was guaranteed to be set during power_supply_init, creating a potential NULL pointer dereference in early boot when the extcon power is detected. The vuln...
CVE-2023-53192
The CVE-2023-53192 issue is a Linux kernel bug in vxlan nexthop hashing. The nexthop code expected a 31-bit hash, but skb_get_hash() can return a 32-bit value which becomes negative in a signed int. This can trigger incorrect nexthop selection (nexthop_select_path_hthr) or out-of-bounds access in...
CVE-2023-53205
CVE-2023-53205 affects the Linux kernel KVM on s390, specifically the diag 9c handler where a race exists around the target CPU value (-1). The fix stores the physical target CPU in a local variable to prevent out-of-bounds accesses to CPU arrays. The CVE’s risk is described as high (CVSS v3.1: A...
CVE-2023-53217
Summary (CVE-2023-53217): Linux kernel vulnerability affecting the nubus subsystem where reading files under /proc/bus/nubus could segfault. The issue stems from a regression introduced during the conversion of proc_create_single_data() usage, making single_open() calls with nubus_proc_rsrc_show(...
CVE-2023-53233
CVE-2023-53233 is associated with a Linux kernel issue related to the net/smc deadlock: cancel_delayed_work_syn() deadlock detected via lockdep in the smc path. The connected Nessus/OSV entries (Unity Linux UTSA advisories UTSA-2025-993266 and UTSA-2025-992554; Debian Ubuntu OSVs) confirm a fix h...
CVE-2023-53237
Summary: CVE-2023-53237 relates to the AMDGPU driver in the Linux kernel, where an improper call to amdgpu_irq_put during gmc_v11_0_hw_fini led to an unnecessary call trace. The root cause is that gmc.ecc_irq is enabled by firmware via IFWI, and the host driver isn’t privileged to enable/disable ...
CVE-2023-53242
Summary of CVE-2023-53242 : In the Linux kernel, the hi3660 thermal sensor path (thermal/drivers/hisi) could panic due to a misbehaving allocation in hi3660_thermal_probe. The root cause: memory allocated for one sensors[] entry was attempted to be filled for a second entry, triggering a BRK hand...
CVE-2023-53243
CVE-2023-53243 : In the Linux kernel’s btrfs code, the function btrfs_reduce_alloc_profile was not updated to include new allocation flags (DUP, RAID1C34); it can return multiple flags when blocks have mixed/unknown profiles, risking a WARN_ON and a remount-ro during new block allocations. The is...
CVE-2023-53251
The CVE-2023-53251 issue affects the Linux kernel (wicwifi/iwlwifi PCIe path) where a NULL pointer dereference could occur in iwl_pcie_irq_rx_msix_handler due to rxq becoming NULL when trans_pcie->rxq is NULL and entry->entry is zero; the patch adds a proper check for trans_pcie->rxq. Re...
CVE-2023-53252
The CVE-2023-53252 entry applies to the Linux kernel Bluetooth stack. The vulnerability arises in hci_update_accept_list_sync where hci_conn_params/hci_sync lists are iterated while the lists can be modified (e.g., by le_scan_cleanup) without holding the device lock, risking an invalid list curso...
CVE-2023-53277
CVE-2023-53277 is a Linux kernel vulnerability in the wifi iwl3945 driver. The issue arises from missing validation of the return value of create_singlethread_workqueue, which can lead to a NULL pointer dereference. Public advisories (Unity Linux UTSA-2025-992797/992386/992212; SUSE-SU-2025:03615...
CVE-2023-53297
CVE-2023-53297 — Linux kernel Bluetooth L2CAP vulnerability : The issue arises in the L2CAP disconnect response path where conn->chan_lock is not held before calling l2cap_get_chan_by_scid; if that function returns NULL, a “bad unlock balance” condition can be triggered, potentially impacting ...
CVE-2023-53300
The CVE-2023-53300 issue is in the Linux kernel media hi846 driver: hi846_init_controls allocated a ctrl_hdlr but failed to free it on error, causing a memory leak. The fix adds v4l2_ctrl_handler_free to properly release the allocated resources when initialization fails. Affected area: kernel med...
CVE-2023-53302
CVE-2023-53302 affects the Linux kernel wifi iwl4965 driver. The vulnerability stems from a missing check of the return value of create_singlethread_workqueue(), which can lead to a NULL pointer dereference. The provided connected documents confirm the fix was applied in the kernel to add the nec...
CVE-2023-53305
The CVE-2023-53305 entry refers to a Linux kernel vulnerability in Bluetooth L2CAP that fixes a use-after-free condition in l2cap_le_command_rej. The issue is described as a use-after-free (UAF) in Bluetooth code, leading to potential impact with a CVSSv3.1 score of 7.8 (HIGH) and a LOCAL attack ...