14097 matches found
CVE-2026-53225
The CVE-2026-53225 entry describes a Linux kernel SCTP vulnerability in __sctp_rcv_asconf_lookup() where an unauthenticated peer can send a truncated ASCONF chunk; the code may read 16 bytes of uninitialized memory past the address parameter when the chunk’s length is misdeclared. Affected compon...
CVE-2022-50234
CVE-2022-50234 concerns the Linux kernel’s io_uring/af_unix subsystem. The vulnerability arises from deferring the garbage-collection of registered files to the io_uring release path rather than performing it via unix_gc(), coupled with using these registered files for cycle-detection without act...
CVE-2022-50277
CVE-2022-50277 concerns the Linux kernel ext4 subsystem. When mounting a filesystem with the journal inode having the encrypt flag, a NULL dereference can occur in fscrypt_limit_io_blocks() via the path jbd2_journal_init_inode() → ext4_iomap_begin() → fscrypt_limit_io_blocks(). The issue arises b...
CVE-2022-50286
In Linux kernel ext4, a delayed allocation bug occurs when converting files with inline data to extents on filesystems using both bigalloc and inline. The code path in ext4_clu_mapped() can search a non-existent extent tree (due to inline data) and cache invalid/garbage entries in the extent stat...
CVE-2022-50318
The CVE-2022-50318 issue is in the Linux kernel perf/x86/intel/uncore: hswep_has_limit_sbox reference-count leak. The root cause is that pci_get_device() increments the reference count of the dev object, and pci_read_config_dword() uses it without decrementing; the fix adds pci_dev_put() immediat...
CVE-2022-50320
The CVE-2022-50320 issue is a Linux kernel ACPI FPDT FPDT table bug where invalid physical addresses trigger ioremap warnings and an oops. The root cause is calling acpi_os_map_memory() on an invalid phys address; a fix adds a validation step to prevent mapping invalid addresses. The description ...
CVE-2022-50331
CVE-2022-50331 refers to a Linux kernel vulnerability in the wwan_hwsim subsystem. The description documents a memory leak in wwan_hwsim_dev_new() that can occur when probing a module if device_register() fails and the kobject refcount is not decremented to zero, leaking the name allocated in dev...
CVE-2022-50347
In CVE-2022-50347, the Linux kernel vulnerability is in mmc: rtsx_usb_sdmmc where mmc_add_host() return value was not checked. If mmc_add_host() fails and the code ignores the error, memory allocated by mmc_alloc_host() can be leaked, causing a kernel crash from deleting a non-added device in the...
CVE-2022-50353
The CVE-2022-50353 issue is in the Linux kernel driver mmc/wmt-sdmmc: the return value of mmc_add_host() was not checked. If mmc_add_host() returns an error, allocated memory from mmc_alloc_host() could be leaked, leading to a kernel crash when removing the device. The advisory states the fix is ...
CVE-2022-50420
CVE-2022-50420 affects the Linux kernel crypto driver crypto: hisilicon/hpre. The root cause is in hpre_remove(): if the disable operation of qm sriov fails, the function previously returned early, causing resource leakage. The fix ensures the remaining resources allocated are released (preventin...
CVE-2022-50421
The CVE-2022-50421 entry concerns the Linux kernel rpmsg subsystem. The root cause is a double-destroy path for the default rpmsg endpoint: rpmsg_chrdev_eptdev_destroy() may destroy the default endpoint again after rpmsg_dev_remove() releases it, causing refcount underflow and use-after-free. Rep...
CVE-2022-50433
CVE-2022-50433 : Linux kernel vulnerability in the EFI/ACPI SSDT handling. Amadeusz reported KASAN use-after-free caused by unconditional kfree() of the new ACPI table when loading SSDTs from variables. Root cause: memory freed on both success and failure, mishandling ACPI core load result. Fix: ...
CVE-2022-50438
CVE-2022-50438 : In the Linux kernel, the hinic driver leaks memory when reading the function table if the input index matches a certain case in hinic_dbg_get_func_table(), where read_data is not released. A fix was applied to release the memory, resolving the issue. The connected sources referen...
CVE-2022-50440
The CVE-2022-50440 issue in the Linux kernel affects the drm/vmwgfx subsystem. It describes a check that could fail to validate the box size when snooped cursor data is copied from a DMA surface, potentially overflowing memcpy and causing crashes. The fix is to validate the dimensions of the copy...
CVE-2022-50445
Summary: CVE-2022-50445 is a Linux kernel vulnerability where an attacker could trigger reinjection of transport-mode packets through a workqueue in the XFRM path, potentially leading to system instability. The issue is associated with the 6.x kernel series (example shown: 6.0.0-rc6+ #39) and is ...
CVE-2022-50446
CVE-2022-50446 : In the Linux kernel, ARC CPUs are affected by a memory leak in page table entries (PTEs) due to the pmd_pgtable macro returning a direct virtual address after the pgtable_t switch back to struct page *. The leak occurs during process termination and can degrade available memory o...
CVE-2022-50458
CVE-2022-50458 : In the Linux kernel, the clk/tegra path (tegra210_clock_init) leaked a refcount. The bug was that of_find_matching_node() returned a node with a refcount that was not released with of_node_put(). The fix adds the missing of_node_put() to avoid the leak and resolve the vulnerabili...
CVE-2022-50470
The CVE-2022-50470 vulnerability is a Linux kernel issue in the xHCI host controller code. It occurs when freeing a virtual device if the xHCI host controller dies or is removed; endpoints may not be dropped from the bandwidth list due to early returns, triggering a list_del corruption and kernel...
CVE-2022-50472
CVE-2022-50472 – Linux kernel IB/mad path : The issue arises when ib_query_pkey() is invoked in atomic context, which may sleep and triggers a trace/“splat” in the ring buffer, leading to a kernel warning. The description in the sources notes a sleep-prone call in atomic context and a generated t...
CVE-2022-50477
CVE-2022-50477 (Linux kernel): A memory leak in the RTC device management was fixed. During devm_rtc_allocate_device(), a rtc_device is allocated before calling dev_set_name(). If dev_set_name() fails, the rtc_device could leak. The fix reorders actions by moving devm_add_action_or_reset() in fro...
CVE-2022-50479
In the Linux kernel, the drm/amd driver had a potential memory leak in clk_src when a function hits the last return NULL. The patch fixes this leak by adjusting cleanup paths (s/free/kfree/), per the commit notes. Affected product: Linux kernel with drm/amd component; impact is memory leak (avail...
CVE-2022-50482
CVE-2022-50482 is a Linux kernel vulnerability in the iommu/vt-d path. The issue is a memory leak of si_domain that occurs when init_dmars() fails, due to domain objects still lingering in the iommu_domain cache. The description states that this memory leak could occur in kernel builds prior to a...
CVE-2022-50518
CVE-2022-50518 relates to the Linux kernel parisc/firmware path: the fix locks in pdc_iodc_print() to protect parallel modifications of iodc_dbuf[], validates length to prevent iodc_dbuf[] overflow, drops iodc_retbuf[], and corrects indentation. This resolves a local-impact issue on parisc system...
CVE-2022-50532
CVE-2022-50532 concerns the Linux kernel SCSI MPT3sas driver. The vulnerability occurs in mpt3sas_transport_port_add(): if sas_rphy_add() returns an error, the resource allocated in sas_end_device_alloc() must be freed via sas_rphy_free(); otherwise a NULL pointer dereference can occur during dev...
CVE-2022-50546
The CVE-2022-50546 issue affects the Linux kernel ext4 subsystem, specifically ext4_alloc_inode() and the __ext4_new_inode() path. Syzbot reported a KMSAN uninitialized value in ext4_evict_inode, caused by not initializing ei->i_flags during ext4_alloc_inode() when a new inode creation fails b...
CVE-2022-50555
CVE-2022-50555 (Linux kernel tipc_topsrv_accept) has a concrete fix across multiple advisories. The issue allowed a null pointer dereference when srv->listener could be NULL if tipc_topsrv_stop() ran concurrently with tipc_topsrv_accept. The patch adds a protection: check srv->listener unde...
CVE-2023-53170
CVE-2023-53170 relates to the Linux kernel where the patch eliminates an unnecessary of_node_put in felix_parse_ports_node (net: dsa). The fix removes the of_node_put from the continue path to prevent the child node from being released twice, which could otherwise lead to resource leaks or other ...
CVE-2023-53182
Technical details about CVE-2023-53182 are not publicly provided in the supplied documents. Monitor for updates.
CVE-2023-53207
CVE-2023-53207 applies to the Linux kernel ublk subsystem. The issue arises in ublk_ctrl_end_recovery: if wait_for_completion_interruptible() is interrupted by a signal, queues aren’t yet fully set up, so the kernel must fail UBLK_CMD_END_USER_RECOVERY to avoid a kernel oops. The CVSS 3.1 data in...
CVE-2023-53216
CVE-2023-53216 affects the Linux kernel on ARM64 where EFI runtime services could sleep in an invalid context due to the new efi_rt_lock spinlock. The root cause is the addition of a spinlock (efi_rt_lock) introduced by commit ff7a167961d1 to execute EFI runtime services from a dedicated stack, w...
CVE-2023-53239
CVE-2023-53239 affects the Linux kernel component drm/msm/mdp5. The vulnerability arises because kzalloc() may return NULL and code did not reliably handle this, risking a NULL pointer dereference. The advisories indicate a patch was added to validate the kzalloc return value to avoid dereferenci...
CVE-2023-53246
CVE-2023-53246 (Linux kernel, CIFS DFS upcall) : When CONFIG_CIFS_DFS_UPCALL is disabled, cifs_dfs_d_automount becomes NULL and the CIFS DFS referral handling can trigger a NULL pointer dereference in VFS follow_automount() while traversing a DFS referral. The fix adds an inline cifs_dfs_d_automo...
CVE-2023-53278
CVE-2023-53278 affects the Linux kernel in the ubifs subsystem, specifically a memory leak in ubifs_sysfs_init() that occurs when insmod ubifs.ko is loaded. The entry states the vulnerability has been resolved via a fix for the memory leak, with the observable kmemleak report and backtrace indica...
CVE-2023-53291
CVE-2023-53291 concerns a Linux kernel regression where kfree_scale_thread(s) could continue running after unloading the rcuscale module, risking a page fault. The root cause is the threads not being stopped during module removal, and the fix adds a cleanup call by invoking kfree_scale_cleanup() ...
CVE-2023-53294
Summary (CVE-2023-53294): A Linux kernel issue in the ntfs3 path caused a null pointer dereference when inode->i_op could be NULL if the MFT record is not base, leading to a crash during d_splice_alias via d_flags_for_inode. The identified root cause is an unconditional call path through ntfs_...
CVE-2023-53344
In CVE-2023-53344, the Linux kernel patch addresses a KMSAN uninitialized-value issue in bcm_tx_setup triggered by uninitialized memory during aio_write handling after a memcpy_from_msg call. The vulnerability chain involves can/bcm code allocating an op frame and copying data, with a comparison ...
CVE-2023-53350
Technical details beyond the summary are not provided in the supplied documents. Monitor for updated advisories or vendor advisories for affected products, versions, and mitigation.
CVE-2023-53364
Technical details about CVE-2023-53364 are not publicly available in the provided documents; no affected products, impact, or fixes are specified here. Monitor for updates.
CVE-2023-53376
CVE-2023-53376 affects the Linux kernel scsi mpi3mr driver, where bitmap sizing used bytes instead of bits caused slab-out-of-bounds access (notably during firmware download to eHBA-9600) via find_first_zero_bit() in mpi3mr_send_event_ack(). The fix switches bitmap management to number-of-bits ar...
CVE-2023-53398
The CVE-2023-53398 entry describes a Linux kernel vulnerability in the mlx5 driver where fifo pop operations did not validate indices, enabling a potential use-after-free when popping from an empty queue during resync. The root cause was out-of-order CQEs that could drain the FIFO, allowing a SKB...
CVE-2023-53458
In CVE-2023-53458, Linux kernel media cx23885 driver may encounter a null pointer dereference in buffer_prepare() and buffer_finish() when dma_alloc_coherent fails during cx23885_risc_buffer() setup, causing risc->cpu to be empty. The vulnerability can be triggered when freeing or accessing th...
CVE-2023-53475
CVE-2023-53475 affects the Linux kernel USB xHCI Tegra implementation. Root cause: sleep/alloc that can sleep (kasprintf) is invoked from an atomic context via tegra_xusb_padctl_get_usb3_companion -> tegra_xusb_find_port -> kasprintf, which is invalid in atomic contexts. Impact: potential c...
CVE-2023-53480
CVE-2023-53480 : In the Linux kernel, a o bject-level NULL-dereference can occur when registering a kset if its embedded kobject’s ktype is not initialized. The described scenario initializes a kset and its kobject name but omits kset.kobj.ktype, leading to a NULL pointer dereference in kobject_a...
CVE-2023-53486
CVE-2023-53486 affects the Linux kernel ntfs3 implementation. The fixed issue is a combined overflow/boundary check in attribute size validation during NTFS attribute enumeration, which could lead to slab-out-of-bounds access (KASAN) when mounting or reading NTFS volumes. The description and conn...
CVE-2023-53493
The CVE-2023-53493 entry describes a Linux kernel issue in accel/qaic where bounds checking in decode_message() was tightened to mirror encode_message() bounds checks. The fix ensures there is space for at least one header (checking msg_hdr_len), validates that the next header can be read (msg_le...
CVE-2023-53507
CVE-2023-53507 affects the Linux kernel mlx5 driver. When an interface is down, the mlx5 driver did not unregister its devlink parameters, which could trigger a kernel WARN during shutdown. The fix unregisters devlink params in the interface-down path as well, mitigating the WARN and potential in...
CVE-2023-53525
CVE-2023-53525 affects the Linux kernel RDMA CMA component. The issue is that multicast join logic previously allowed non-UD qp_type modes; the patch updates behavior to permit multicast joins only for UD qp_type and ensures qkey is set to a default when not provided, addressing an uninitialized ...
CVE-2023-53526
CVE-2023-53526 (Linux kernel) fixes a jbd2 checkpoint removal race in ext4 by adding a check for jh->b_transaction before removing a journal handle from the checkpoint list. The issue could cause corruption of an ext4 image during power loss if trans2 commits before trans1; in particular, __jb...
CVE-2023-53528
CVE-2023-53528 affects the Linux kernel RDMA/rxe subsystem. The vulnerability arises from an unsafe drain-work-queue path in qp cleanup when create_qp does not fully complete; cleanup could attempt to drain send/recv queues before the queues exist, leading to a segfault. The fixed patch adds a gu...
CVE-2023-53556
CVE-2023-53556 is a Linux kernel use-after-free in the iavf driver (free_netdev) when removing virtual functions during SR-IOV handling. The connected Nessus/SUSE advisories enumerate this CVE among a large set of kernel issues and indicate the vulnerability is addressed by kernel updates in Eule...