CVE-2026-43420

CVE-2026-43420 describes a race in Ceph/Linux kernel unlink handling where i_nlink is decremented before completion of async unlink, risking underrun if the updated i_nlink becomes zero. The root cause is updating i_nlink without proper synchronization between ceph_unlink() and MDS responses; the...

CVE-2026-43425

The CVE-2026-43425 issue affects the Linux kernel mdc800 USB image driver. mdC800_device_read() submits a download URB and waits for completion; if a timeout occurs and the device is unresponsive, the URB may remain active. A subsequent read() can resubmit the still-active URB, triggering the ker...

CVE-2026-43426

The CVE pertains to the Linux kernel Renesas USBHS driver. A use-after-free occurs in usbhs_remove() when resources (including the pipe array) are freed while the interrupt handler (usbhs_interrupt) is still registered, allowing a potentially concurrent ISR to access freed memory. The documented ...

CVE-2026-43428

CVE-2026-43428 affects the Linux kernel USB core. The vulnerability arises from usb_control_msg(), usb_bulk_msg(), and usb_interrupt_msg() allowing unbounded, uninterruptible timeouts, which could hang a task indefinitely. The fix enforces a maximum timeout of 60 seconds and treats negative timeo...

CVE-2026-43429

CVE-2026-43429 (Linux kernel, USB usbtmc): The vulnerability arises from the usbtmc driver accepting user-specified timeouts that can be arbitrarily long for usb_bulk_msg() calls, potentially causing kernel threads to hang indefinitely. The issue is resolved by using usb_bulk_msg_killable() with ...

CVE-2026-43438

CVE-2026-43438 involves a Linux kernel sched_ext issue where a redundant css_put() call in scx_cgroup_init() can trigger a refcount underflow during iterations of css_for_each_descendant_pre(). The iterator walks the cgroup hierarchy under cgroup_lock() and does not acquire references with css_ge...

CVE-2026-43446

CVE-2026-43446 affects the Linux kernel in the accel/amdxdna driver. A runtime suspend deadlock could occur if a running job calls pm_runtime_resume_and_get() while the system is suspending; the deadlock arises between the runtime suspend path and the job execution flow. The fix moves pm_runtime_...

CVE-2026-43458

The CVE affects the Linux kernel’s caif_serial line discipline. A use-after-free (KASAN slab UAF) could be triggered in pty_write_room() when the caif_serial TX path invokes tty_write_room(), accessing tty->link->port. Root cause: improper management of the tty->link reference during ldi...

CVE-2026-43473

CVE-2026-43473 affects the Linux kernel's mpi3mr SCSI driver. The vulnerability occurs when the driver cleans up resources and the reply/request queues are NULL due to memory being freed after a failed queue creation. The cleanup code may then dereference or mem-set freed memory, causing a system...

CVE-2026-46182

The CVE-2026-46182 issue affects the Linux kernel component pseries/papr-hvpipe . The root cause is that a local kernel stack variable hdr (papr_hvpipe_hdr) is allocated on the stack and only hdr.version and hdr.flags are initialized, leaving reserved padding bytes uninitialized. When copied to u...

CVE-2026-46199

CVE-2026-46199 affects the Linux kernel drm/amdgpu/vcn4 component. The root cause is missing bounds checking when parsing decoder messages, allowing out-of-bounds reads. The issue is resolved by adding checks against the end of the BO whenever the message is accessed. Impact is information disclo...

CVE-2026-46248

CVE-2026-46248 pertains to the Linux kernel ath12k Wi‑Fi driver. When an arvif (Access Point Virtual Interface) is initialized in non-AP STA mode and MLO connection setup fails before arvif->is_created becomes true, the error path can leave a stale ahvif->links_map entry and, on reusing the...

CVE-2026-46250

The CVE-2026-46250 entries describe a Linux kernel issue on MIPS where LLVM erroneously restores the global gp register when it is used as a global register variable (__current_thread_info), causing the gp pointer to point to the unrelocated kernel after relocate_kernel. This leads to a crash dur...

CVE-2026-46271

CVE-2026-46271 concerns the Linux kernel ath12k Wi‑Fi driver. When a multi‑link connection is active, WoW offloads were enabled on both the primary and secondary links, potentially crashing firmware on WCN7850 devices (denial of service). The fix changes WoW offloads to run only on the primary li...

CVE-2022-50305

CVE-2022-50305 is a Linux kernel ASoC issue: sof_es8336_remove() could cause use-after-free because cancel_delayed_work() may not wait for the work function to finish. The fix uses cancel_delayed_work_sync() to ensure the work is cancelled, not running, and cannot be re-scheduled. Affected compon...

CVE-2022-50428

CVE-2022-50428 affects the Linux kernel ext4 fast-commit journaling, caused by multiple off-by-one errors in filling tlv blocks. The issues constrain where tlvs start and end within a block, risking replay problems and memory leakage in last-byte handling. The fixed patch corrects block-filling o...

CVE-2022-50430

CVE-2022-50430 affects the Linux kernel mmc vub300 driver. The fix prevents calling blocking operations when the current task is not TASK_RUNNING by ensuring vub300_enable_sdio_irq() uses proper mutex usage and marks the current task as TASK_RUNNING in a sleepable context. This reduces a potentia...

CVE-2022-50431

CVE-2022-50431 : Linux kernel patch fixes a memory-leak in ALSA aoa i2sbus handling. The issue stems from dev_set_name() allocating memory for the name in soundbus_add_one() and not freeing it if of_device_register() fails; the fix adds soundbus_dev_put() and frees resources in i2sbus_release_dev...

CVE-2022-50440

The CVE-2022-50440 issue in the Linux kernel affects the drm/vmwgfx subsystem. It describes a check that could fail to validate the box size when snooped cursor data is copied from a DMA surface, potentially overflowing memcpy and causing crashes. The fix is to validate the dimensions of the copy...

CVE-2022-50459

CVE-2022-50459 affects the Linux kernel’s iSCSI TCP path (scsi: iscsi: iscsi_tcp) where a NULL pointer dereference can occur if a socket is freed while accessed via sysfs. Details describe the sequence: sock_hold() on struct sock, then sockfd_put() frees the socket, __sock_release() clears sock-&...

CVE-2022-50460

The CVE-2022-50460 issue is in the Linux kernel CIFS logic: an xid leak in cifs_flock() when flock is used can leak xid on early return (-ENOLCK). Multiple connected advisories (Astra Linux, Unity Linux, EulerOS, SUSE) cite the same description and confirm a fix in the kernel. The vulnerability i...

CVE-2022-50468

CVE-2022-50468 affects the Linux kernel, specifically the Cros USB PD notifier driver (platform/chrome: cros_usbpd_notify). The issue arises because cros_usbpd_notify_init() does not check the return value of platform_driver_register(), allowing cros_usbpd_notify to install even if registration f...

CVE-2022-50469

Technical details about CVE-2022-50469 (affected product/component/impact/remediation) are not provided in the supplied connected documents. Monitor for updates from vendors and security advisories.

CVE-2022-50478

The CVE-2022-50478 issue affects the Linux kernel nilfs2 code. When an on-disk superblock block size exponent is corrupted, nilfs_sb2_bad_offset can trigger a shift-out-of-bounds warning and a kernel panic at mount time. The fix series adds preliminary sanity checks and changes the risky computat...

CVE-2022-50479

In the Linux kernel, the drm/amd driver had a potential memory leak in clk_src when a function hits the last return NULL. The patch fixes this leak by adjusting cleanup paths (s/free/kfree/), per the commit notes. Affected product: Linux kernel with drm/amd component; impact is memory leak (avail...

CVE-2022-50482

CVE-2022-50482 is a Linux kernel vulnerability in the iommu/vt-d path. The issue is a memory leak of si_domain that occurs when init_dmars() fails, due to domain objects still lingering in the iommu_domain cache. The description states that this memory leak could occur in kernel builds prior to a...

CVE-2022-50486

The CVE-2022-50486 issue affects the Linux kernel TI Ethernet driver (net: ethernet: ti) where netcp_ndo_start_xmit() returns int but the net_device_ops field .ndo_start_xmit expects netdev_tx_t. This mismatch can trigger runtime failures (kernel panic or thread termination) when kCFI (clang, CON...

CVE-2022-50496

CVE-2022-50496 is a Linux kernel use-after-free in the dm-cache component, triggered by concurrent destroy() with dm_resume() and dm_destroy(). The fix is to cancel the timer in destroy() to prevent the UAF, as described in the advisory and the related kernel commits referenced in the sources.

CVE-2022-50512

CVE-2022-50512 affects the Linux kernel ext4 filesystem. The root cause is a potential memory leak in ext4_fc_record_regions(): krealloc may return NULL, leaving state->fc_regions NULL but not freeing the previous allocation, causing a memory leak. Multiple connected sources (NVD, OSV, OpenVAS...

CVE-2022-50516

The CVE-2022-50516 issue in the Linux kernel’s fs: dlm was fixed by a patch that ensures sb_lvbptr is not dereferenced when DLM_LKF_VALBLK is involved, avoiding a potential NULL/dangling pointer dereference in memcpy paths. The fix copies lvbptr arrays only when DLM_LKF_VALBLK is set (not merely ...

CVE-2022-50523

The CVE-2022-50523 issue affects the Linux kernel, specifically the Rockchip clock driver (clk: rockchip). The vulnerability arises in rockchip_clk_register_pll() where, on clk_register() failure, pll->rate_table may have been allocated via kmemdup() and is not freed, causing a memory leak. Th...

CVE-2022-50526

Summary of CVE-2022-50526 : In the Linux kernel, the drm/msm/dp bridge handling was fixed to prevent memory corruption when there are more than eight bridges. The root cause was a missing sanity check on the bridge counter, which could corrupt data beyond the fixed-sized bridge array. The fix add...

CVE-2022-50532

CVE-2022-50532 concerns the Linux kernel SCSI MPT3sas driver. The vulnerability occurs in mpt3sas_transport_port_add(): if sas_rphy_add() returns an error, the resource allocated in sas_end_device_alloc() must be freed via sas_rphy_free(); otherwise a NULL pointer dereference can occur during dev...

CVE-2022-50533

CVE-2022-50533 concerns a Linux kernel issue in the wifi/mac80211 mlme handling where a failed association to an AP without a link 0 could trigger a null-pointer dereference in tracing. The observed root cause was that sdata->vif.valid_links is cleared and then ap_mld_addr or link 0 BSS may be...

CVE-2022-50535

CVE-2022-50535 affects the Linux kernel DRM/AMD display code. It is a potential NULL pointer dereference in dm_resume within drm/amd/display, caused by assuming 'aconnector->dc_link' is non-null. The fix adds a null check at the loop's start to avoid dereferencing a NULL dc_link. Reported CVSS...

CVE-2022-50540

CVE-2022-50540 affects the Linux kernel’s dmaengine qcom-adm driver. The root cause is a faulty slave_config implementation that compared peripheral_size against the size of the config pointer instead of the config struct, causing the crci value to be ignored and potentially triggering a kernel p...

CVE-2022-50542

CVE-2022-50542 affects the Linux kernel media/si470x driver. A use-after-free occurs in si470x_int_in_callback() when urb->context (holding a si470x_device) is freed if si470x_start_usb() has submitted a URB but the subsequent si470x_start() path fails. The fix ensures URBs are destroyed when ...

CVE-2023-53291

CVE-2023-53291 concerns a Linux kernel regression where kfree_scale_thread(s) could continue running after unloading the rcuscale module, risking a page fault. The root cause is the threads not being stopped during module removal, and the fix adds a cleanup call by invoking kfree_scale_cleanup() ...

CVE-2023-53448

CVE-2023-53448 is a Linux kernel issue in fbdev/imxfb where an unnecessary release_mem_region was removed on the error path to prevent releasing the mem region twice, which could lead to a resource leak or other issues. The connected advisories confirm that the Linux kernel has been updated to ad...

CVE-2023-53458

In CVE-2023-53458, Linux kernel media cx23885 driver may encounter a null pointer dereference in buffer_prepare() and buffer_finish() when dma_alloc_coherent fails during cx23885_risc_buffer() setup, causing risc->cpu to be empty. The vulnerability can be triggered when freeing or accessing th...

CVE-2023-53463

CVE-2023-53463 relates to the Linux kernel ibmvnic driver. The bug occurs when a NON_FATAL reset is performed: batched skb (xmit) data increments num_queued but not fully accounted for until the batch is sent, causing a mismatch where num_completed can exceed num_queued, which triggers a kernel B...

CVE-2023-53475

CVE-2023-53475 affects the Linux kernel USB xHCI Tegra implementation. Root cause: sleep/alloc that can sleep (kasprintf) is invoked from an atomic context via tegra_xusb_padctl_get_usb3_companion -> tegra_xusb_find_port -> kasprintf, which is invalid in atomic contexts. Impact: potential c...

CVE-2023-53480

CVE-2023-53480 : In the Linux kernel, a o bject-level NULL-dereference can occur when registering a kset if its embedded kobject’s ktype is not initialized. The described scenario initializes a kset and its kobject name but omits kset.kobj.ktype, leading to a NULL pointer dereference in kobject_a...

CVE-2023-53507

CVE-2023-53507 affects the Linux kernel mlx5 driver. When an interface is down, the mlx5 driver did not unregister its devlink parameters, which could trigger a kernel WARN during shutdown. The fix unregisters devlink params in the interface-down path as well, mitigating the WARN and potential in...

CVE-2023-53516

The CVE-2023-53516 entry corresponds to a Linux kernel macvlan netlink policy issue. A new attribute IFLA_MACVLAN_BC_CUTOFF was added, but the nla_policy in macvlan_policy (drivers/net/macvlan.c) was not described, allowing a 4-byte integer (NLA_S32) to be faked as empty and potentially cause an ...

CVE-2023-53525

CVE-2023-53525 affects the Linux kernel RDMA CMA component. The issue is that multicast join logic previously allowed non-UD qp_type modes; the patch updates behavior to permit multicast joins only for UD qp_type and ensures qkey is set to a default when not provided, addressing an uninitialized ...

CVE-2023-53536

CVE-2023-53536 affects the Linux kernel in the blk-crypto subsystem. The issue stems from blk_crypto_evict_key() sometimes returning early without unlinking the key from the keyslot management structures, while the caller proceeds to free the blk_crypto_key. This mismatch can cause a use-after-fr...

CVE-2023-53540

CVE-2023-53540 covers a Linux kernel wifi issue in cfg80211 where a station will reject auth/assoc to an AP if the AP uses the station’s own address as MLD address or BSSID. The advisory states this should be rejected to avoid a later failure, with impact described as a high availability risk but...

CVE-2023-53544

CVE-2023-53544 affects the Linux kernel cpufreq implementation for the davinci platform. The issue arises from a use-after-free: the remove function frees the clks before calling cpufreq_unregister_driver(), so a cpufreq callback that runs just before driver teardown may access freed clks. Public...

CVE-2023-53547

CVE-2023-53547 concerns the Linux kernel DRM/AMDGPU SDMA v4 component. The fixed issue is a sw_fini error in SDMA 4.2.2 that could trigger a general protection fault (likely address 0xd5e5a4ae79d24a32) during firmware release, as shown in the stack trace including release_firmware and amdgpu_ucod...