Lucene search
K
LinuxLinux Kernel

14097 matches found

CVE
CVE
added 2026/06/25 8:39 a.m.19 views

CVE-2026-53225

The CVE-2026-53225 entry describes a Linux kernel SCTP vulnerability in __sctp_rcv_asconf_lookup() where an unauthenticated peer can send a truncated ASCONF chunk; the code may read 16 bytes of uninitialized memory past the address parameter when the chunk’s length is misdeclared. Affected compon...

9.1CVSS5.7AI score0.00544EPSS
CVE
CVE
added 2025/09/15 2:1 p.m.18 views

CVE-2022-50234

CVE-2022-50234 concerns the Linux kernel’s io_uring/af_unix subsystem. The vulnerability arises from deferring the garbage-collection of registered files to the io_uring release path rather than performing it via unix_gc(), coupled with using these registered files for cycle-detection without act...

7.8CVSS6.1AI score0.00153EPSS
CVE
CVE
added 2025/09/15 2:21 p.m.18 views

CVE-2022-50277

CVE-2022-50277 concerns the Linux kernel ext4 subsystem. When mounting a filesystem with the journal inode having the encrypt flag, a NULL dereference can occur in fscrypt_limit_io_blocks() via the path jbd2_journal_init_inode() → ext4_iomap_begin() → fscrypt_limit_io_blocks(). The issue arises b...

5.5CVSS6AI score0.00093EPSS
CVE
CVE
added 2025/09/15 2:21 p.m.18 views

CVE-2022-50286

In Linux kernel ext4, a delayed allocation bug occurs when converting files with inline data to extents on filesystems using both bigalloc and inline. The code path in ext4_clu_mapped() can search a non-existent extent tree (due to inline data) and cache invalid/garbage entries in the extent stat...

5.5CVSS6.1AI score0.00146EPSS
CVE
CVE
added 2025/09/15 2:48 p.m.18 views

CVE-2022-50318

The CVE-2022-50318 issue is in the Linux kernel perf/x86/intel/uncore: hswep_has_limit_sbox reference-count leak. The root cause is that pci_get_device() increments the reference count of the dev object, and pci_read_config_dword() uses it without decrementing; the fix adds pci_dev_put() immediat...

5.5CVSS6.1AI score0.00146EPSS
CVE
CVE
added 2025/09/15 2:48 p.m.18 views

CVE-2022-50320

The CVE-2022-50320 issue is a Linux kernel ACPI FPDT FPDT table bug where invalid physical addresses trigger ioremap warnings and an oops. The root cause is calling acpi_os_map_memory() on an invalid phys address; a fix adds a validation step to prevent mapping invalid addresses. The description ...

7.8CVSS5.9AI score0.00153EPSS
CVE
CVE
added 2025/09/15 2:49 p.m.18 views

CVE-2022-50331

CVE-2022-50331 refers to a Linux kernel vulnerability in the wwan_hwsim subsystem. The description documents a memory leak in wwan_hwsim_dev_new() that can occur when probing a module if device_register() fails and the kobject refcount is not decremented to zero, leaking the name allocated in dev...

5.5CVSS6.1AI score0.00143EPSS
CVE
CVE
added 2025/09/16 4:11 p.m.18 views

CVE-2022-50347

In CVE-2022-50347, the Linux kernel vulnerability is in mmc: rtsx_usb_sdmmc where mmc_add_host() return value was not checked. If mmc_add_host() fails and the code ignores the error, memory allocated by mmc_alloc_host() can be leaked, causing a kernel crash from deleting a non-added device in the...

5.5CVSS6.1AI score0.0015EPSS
CVE
CVE
added 2025/09/17 2:56 p.m.18 views

CVE-2022-50353

The CVE-2022-50353 issue is in the Linux kernel driver mmc/wmt-sdmmc: the return value of mmc_add_host() was not checked. If mmc_add_host() returns an error, allocated memory from mmc_alloc_host() could be leaked, leading to a kernel crash when removing the device. The advisory states the fix is ...

5.5CVSS6.1AI score0.00185EPSS
CVE
CVE
added 2025/10/01 11:41 a.m.18 views

CVE-2022-50420

CVE-2022-50420 affects the Linux kernel crypto driver crypto: hisilicon/hpre. The root cause is in hpre_remove(): if the disable operation of qm sriov fails, the function previously returned early, causing resource leakage. The fix ensures the remaining resources allocated are released (preventin...

5.5CVSS6.1AI score0.00146EPSS
CVE
CVE
added 2025/10/01 11:41 a.m.18 views

CVE-2022-50421

The CVE-2022-50421 entry concerns the Linux kernel rpmsg subsystem. The root cause is a double-destroy path for the default rpmsg endpoint: rpmsg_chrdev_eptdev_destroy() may destroy the default endpoint again after rpmsg_dev_remove() releases it, causing refcount underflow and use-after-free. Rep...

7.8CVSS6.1AI score0.00147EPSS
CVE
CVE
added 2025/10/01 11:42 a.m.18 views

CVE-2022-50433

CVE-2022-50433 : Linux kernel vulnerability in the EFI/ACPI SSDT handling. Amadeusz reported KASAN use-after-free caused by unconditional kfree() of the new ACPI table when loading SSDTs from variables. Root cause: memory freed on both success and failure, mishandling ACPI core load result. Fix: ...

7.8CVSS6.1AI score0.00143EPSS
CVE
CVE
added 2025/10/01 11:42 a.m.18 views

CVE-2022-50438

CVE-2022-50438 : In the Linux kernel, the hinic driver leaks memory when reading the function table if the input index matches a certain case in hinic_dbg_get_func_table(), where read_data is not released. A fix was applied to release the memory, resolving the issue. The connected sources referen...

5.5CVSS6.2AI score0.00145EPSS
CVE
CVE
added 2025/10/01 11:42 a.m.18 views

CVE-2022-50440

The CVE-2022-50440 issue in the Linux kernel affects the drm/vmwgfx subsystem. It describes a check that could fail to validate the box size when snooped cursor data is copied from a DMA surface, potentially overflowing memcpy and causing crashes. The fix is to validate the dimensions of the copy...

5.5CVSS6.1AI score0.00149EPSS
CVE
CVE
added 2025/10/01 11:45 a.m.18 views

CVE-2022-50445

Summary: CVE-2022-50445 is a Linux kernel vulnerability where an attacker could trigger reinjection of transport-mode packets through a workqueue in the XFRM path, potentially leading to system instability. The issue is associated with the 6.x kernel series (example shown: 6.0.0-rc6+ #39) and is ...

5.5CVSS6.1AI score0.00146EPSS
CVE
CVE
added 2025/10/01 11:45 a.m.18 views

CVE-2022-50446

CVE-2022-50446 : In the Linux kernel, ARC CPUs are affected by a memory leak in page table entries (PTEs) due to the pmd_pgtable macro returning a direct virtual address after the pgtable_t switch back to struct page *. The leak occurs during process termination and can degrade available memory o...

5.5CVSS6AI score0.00143EPSS
CVE
CVE
added 2025/10/01 11:45 a.m.18 views

CVE-2022-50458

CVE-2022-50458 : In the Linux kernel, the clk/tegra path (tegra210_clock_init) leaked a refcount. The bug was that of_find_matching_node() returned a node with a refcount that was not released with of_node_put(). The fix adds the missing of_node_put() to avoid the leak and resolve the vulnerabili...

5.5CVSS6AI score0.00149EPSS
CVE
CVE
added 2025/10/04 3:16 p.m.18 views

CVE-2022-50470

The CVE-2022-50470 vulnerability is a Linux kernel issue in the xHCI host controller code. It occurs when freeing a virtual device if the xHCI host controller dies or is removed; endpoints may not be dropped from the bandwidth list due to early returns, triggering a list_del corruption and kernel...

7.8CVSS6.1AI score0.00158EPSS
CVE
CVE
added 2025/10/04 3:16 p.m.18 views

CVE-2022-50472

CVE-2022-50472 – Linux kernel IB/mad path : The issue arises when ib_query_pkey() is invoked in atomic context, which may sleep and triggers a trace/“splat” in the ring buffer, leading to a kernel warning. The description in the sources notes a sleep-prone call in atomic context and a generated t...

5.5CVSS6.1AI score0.00146EPSS
CVE
CVE
added 2025/10/04 3:16 p.m.18 views

CVE-2022-50477

CVE-2022-50477 (Linux kernel): A memory leak in the RTC device management was fixed. During devm_rtc_allocate_device(), a rtc_device is allocated before calling dev_set_name(). If dev_set_name() fails, the rtc_device could leak. The fix reorders actions by moving devm_add_action_or_reset() in fro...

5.5CVSS6.1AI score0.00143EPSS
CVE
CVE
added 2025/10/04 3:16 p.m.18 views

CVE-2022-50479

In the Linux kernel, the drm/amd driver had a potential memory leak in clk_src when a function hits the last return NULL. The patch fixes this leak by adjusting cleanup paths (s/free/kfree/), per the commit notes. Affected product: Linux kernel with drm/amd component; impact is memory leak (avail...

5.5CVSS6.2AI score0.00128EPSS
CVE
CVE
added 2025/10/04 3:16 p.m.18 views

CVE-2022-50482

CVE-2022-50482 is a Linux kernel vulnerability in the iommu/vt-d path. The issue is a memory leak of si_domain that occurs when init_dmars() fails, due to domain objects still lingering in the iommu_domain cache. The description states that this memory leak could occur in kernel builds prior to a...

5.5CVSS6.2AI score0.0015EPSS
CVE
CVE
added 2025/10/07 3:19 p.m.18 views

CVE-2022-50518

CVE-2022-50518 relates to the Linux kernel parisc/firmware path: the fix locks in pdc_iodc_print() to protect parallel modifications of iodc_dbuf[], validates length to prevent iodc_dbuf[] overflow, drops iodc_retbuf[], and corrects indentation. This resolves a local-impact issue on parisc system...

7.8CVSS6.6AI score0.00128EPSS
CVE
CVE
added 2025/10/07 3:19 p.m.18 views

CVE-2022-50532

CVE-2022-50532 concerns the Linux kernel SCSI MPT3sas driver. The vulnerability occurs in mpt3sas_transport_port_add(): if sas_rphy_add() returns an error, the resource allocated in sas_end_device_alloc() must be freed via sas_rphy_free(); otherwise a NULL pointer dereference can occur during dev...

5.5CVSS6AI score0.00147EPSS
CVE
CVE
added 2025/10/07 3:21 p.m.18 views

CVE-2022-50546

The CVE-2022-50546 issue affects the Linux kernel ext4 subsystem, specifically ext4_alloc_inode() and the __ext4_new_inode() path. Syzbot reported a KMSAN uninitialized value in ext4_evict_inode, caused by not initializing ei->i_flags during ext4_alloc_inode() when a new inode creation fails b...

7.8CVSS6AI score0.00202EPSS
CVE
CVE
added 2025/10/07 3:21 p.m.18 views

CVE-2022-50555

CVE-2022-50555 (Linux kernel tipc_topsrv_accept) has a concrete fix across multiple advisories. The issue allowed a null pointer dereference when srv->listener could be NULL if tipc_topsrv_stop() ran concurrently with tipc_topsrv_accept. The patch adds a protection: check srv->listener unde...

5.5CVSS6AI score0.00192EPSS
CVE
CVE
added 2025/09/15 2:4 p.m.18 views

CVE-2023-53170

CVE-2023-53170 relates to the Linux kernel where the patch eliminates an unnecessary of_node_put in felix_parse_ports_node (net: dsa). The fix removes the of_node_put from the continue path to prevent the child node from being released twice, which could otherwise lead to resource leaks or other ...

5.5CVSS6.1AI score0.00128EPSS
CVE
CVE
added 2025/09/15 2:4 p.m.18 views

CVE-2023-53182

Technical details about CVE-2023-53182 are not publicly provided in the supplied documents. Monitor for updates.

5.5CVSS6.3AI score0.00146EPSS
CVE
CVE
added 2025/09/15 2:21 p.m.18 views

CVE-2023-53207

CVE-2023-53207 applies to the Linux kernel ublk subsystem. The issue arises in ublk_ctrl_end_recovery: if wait_for_completion_interruptible() is interrupted by a signal, queues aren’t yet fully set up, so the kernel must fail UBLK_CMD_END_USER_RECOVERY to avoid a kernel oops. The CVSS 3.1 data in...

5.5CVSS6.1AI score0.00143EPSS
CVE
CVE
added 2025/09/15 2:21 p.m.18 views

CVE-2023-53216

CVE-2023-53216 affects the Linux kernel on ARM64 where EFI runtime services could sleep in an invalid context due to the new efi_rt_lock spinlock. The root cause is the addition of a spinlock (efi_rt_lock) introduced by commit ff7a167961d1 to execute EFI runtime services from a dedicated stack, w...

7.8CVSS6.2AI score0.00153EPSS
CVE
CVE
added 2025/09/15 2:22 p.m.18 views

CVE-2023-53239

CVE-2023-53239 affects the Linux kernel component drm/msm/mdp5. The vulnerability arises because kzalloc() may return NULL and code did not reliably handle this, risking a NULL pointer dereference. The advisories indicate a patch was added to validate the kzalloc return value to avoid dereferenci...

5.5CVSS6.1AI score0.00146EPSS
CVE
CVE
added 2025/09/15 2:46 p.m.18 views

CVE-2023-53246

CVE-2023-53246 (Linux kernel, CIFS DFS upcall) : When CONFIG_CIFS_DFS_UPCALL is disabled, cifs_dfs_d_automount becomes NULL and the CIFS DFS referral handling can trigger a NULL pointer dereference in VFS follow_automount() while traversing a DFS referral. The fix adds an inline cifs_dfs_d_automo...

5.5CVSS6AI score0.00136EPSS
CVE
CVE
added 2025/09/16 8:11 a.m.18 views

CVE-2023-53278

CVE-2023-53278 affects the Linux kernel in the ubifs subsystem, specifically a memory leak in ubifs_sysfs_init() that occurs when insmod ubifs.ko is loaded. The entry states the vulnerability has been resolved via a fix for the memory leak, with the observable kmemleak report and backtrace indica...

5.5CVSS6.1AI score0.00143EPSS
CVE
CVE
added 2025/09/16 8:11 a.m.18 views

CVE-2023-53291

CVE-2023-53291 concerns a Linux kernel regression where kfree_scale_thread(s) could continue running after unloading the rcuscale module, risking a page fault. The root cause is the threads not being stopped during module removal, and the fix adds a cleanup call by invoking kfree_scale_cleanup() ...

5.5CVSS5.9AI score0.00136EPSS
CVE
CVE
added 2025/09/16 8:11 a.m.18 views

CVE-2023-53294

Summary (CVE-2023-53294): A Linux kernel issue in the ntfs3 path caused a null pointer dereference when inode->i_op could be NULL if the MFT record is not base, leading to a crash during d_splice_alias via d_flags_for_inode. The identified root cause is an unconditional call path through ntfs_...

5.5CVSS6.1AI score0.00135EPSS
CVE
CVE
added 2025/09/17 2:56 p.m.18 views

CVE-2023-53344

In CVE-2023-53344, the Linux kernel patch addresses a KMSAN uninitialized-value issue in bcm_tx_setup triggered by uninitialized memory during aio_write handling after a memcpy_from_msg call. The vulnerability chain involves can/bcm code allocating an op frame and copying data, with a comparison ...

5.5CVSS6AI score0.00185EPSS
CVE
CVE
added 2025/09/17 2:56 p.m.18 views

CVE-2023-53350

Technical details beyond the summary are not provided in the supplied documents. Monitor for updated advisories or vendor advisories for affected products, versions, and mitigation.

5.5CVSS6.3AI score0.00168EPSS
CVE
CVE
added 2025/09/17 2:56 p.m.18 views

CVE-2023-53364

Technical details about CVE-2023-53364 are not publicly available in the provided documents; no affected products, impact, or fixes are specified here. Monitor for updates.

5.5CVSS6AI score0.00152EPSS
CVE
CVE
added 2025/09/18 1:33 p.m.18 views

CVE-2023-53376

CVE-2023-53376 affects the Linux kernel scsi mpi3mr driver, where bitmap sizing used bytes instead of bits caused slab-out-of-bounds access (notably during firmware download to eHBA-9600) via find_first_zero_bit() in mpi3mr_send_event_ack(). The fix switches bitmap management to number-of-bits ar...

7.1CVSS6.1AI score0.00147EPSS
CVE
CVE
added 2025/09/18 1:33 p.m.18 views

CVE-2023-53398

The CVE-2023-53398 entry describes a Linux kernel vulnerability in the mlx5 driver where fifo pop operations did not validate indices, enabling a potential use-after-free when popping from an empty queue during resync. The root cause was out-of-order CQEs that could drain the FIFO, allowing a SKB...

7.8CVSS6.1AI score0.00137EPSS
CVE
CVE
added 2025/10/01 11:42 a.m.18 views

CVE-2023-53458

In CVE-2023-53458, Linux kernel media cx23885 driver may encounter a null pointer dereference in buffer_prepare() and buffer_finish() when dma_alloc_coherent fails during cx23885_risc_buffer() setup, causing risc->cpu to be empty. The vulnerability can be triggered when freeing or accessing th...

5.5CVSS6.2AI score0.00151EPSS
CVE
CVE
added 2025/10/01 11:42 a.m.18 views

CVE-2023-53475

CVE-2023-53475 affects the Linux kernel USB xHCI Tegra implementation. Root cause: sleep/alloc that can sleep (kasprintf) is invoked from an atomic context via tegra_xusb_padctl_get_usb3_companion -> tegra_xusb_find_port -> kasprintf, which is invalid in atomic contexts. Impact: potential c...

5.5CVSS6AI score0.00145EPSS
CVE
CVE
added 2025/10/01 11:42 a.m.18 views

CVE-2023-53480

CVE-2023-53480 : In the Linux kernel, a o bject-level NULL-dereference can occur when registering a kset if its embedded kobject’s ktype is not initialized. The described scenario initializes a kset and its kobject name but omits kset.kobj.ktype, leading to a NULL pointer dereference in kobject_a...

5.5CVSS6AI score0.00146EPSS
CVE
CVE
added 2025/10/01 11:42 a.m.18 views

CVE-2023-53486

CVE-2023-53486 affects the Linux kernel ntfs3 implementation. The fixed issue is a combined overflow/boundary check in attribute size validation during NTFS attribute enumeration, which could lead to slab-out-of-bounds access (KASAN) when mounting or reading NTFS volumes. The description and conn...

7.1CVSS6AI score0.00149EPSS
CVE
CVE
added 2025/10/01 11:45 a.m.18 views

CVE-2023-53493

The CVE-2023-53493 entry describes a Linux kernel issue in accel/qaic where bounds checking in decode_message() was tightened to mirror encode_message() bounds checks. The fix ensures there is space for at least one header (checking msg_hdr_len), validates that the next header can be read (msg_le...

7.8CVSS6AI score0.00143EPSS
CVE
CVE
added 2025/10/01 11:45 a.m.18 views

CVE-2023-53507

CVE-2023-53507 affects the Linux kernel mlx5 driver. When an interface is down, the mlx5 driver did not unregister its devlink parameters, which could trigger a kernel WARN during shutdown. The fix unregisters devlink params in the interface-down path as well, mitigating the WARN and potential in...

7.8CVSS6.1AI score0.00143EPSS
CVE
CVE
added 2025/10/01 11:46 a.m.18 views

CVE-2023-53525

CVE-2023-53525 affects the Linux kernel RDMA CMA component. The issue is that multicast join logic previously allowed non-UD qp_type modes; the patch updates behavior to permit multicast joins only for UD qp_type and ensures qkey is set to a default when not provided, addressing an uninitialized ...

5.5CVSS6.1AI score0.00135EPSS
CVE
CVE
added 2025/10/01 11:46 a.m.18 views

CVE-2023-53526

CVE-2023-53526 (Linux kernel) fixes a jbd2 checkpoint removal race in ext4 by adding a check for jh->b_transaction before removing a journal handle from the checkpoint list. The issue could cause corruption of an ext4 image during power loss if trans2 commits before trans1; in particular, __jb...

5.5CVSS6.2AI score0.00135EPSS
CVE
CVE
added 2025/10/01 11:46 a.m.18 views

CVE-2023-53528

CVE-2023-53528 affects the Linux kernel RDMA/rxe subsystem. The vulnerability arises from an unsafe drain-work-queue path in qp cleanup when create_qp does not fully complete; cleanup could attempt to drain send/recv queues before the queues exist, leading to a segfault. The fixed patch adds a gu...

5.5CVSS6.1AI score0.00134EPSS
CVE
CVE
added 2025/10/04 3:17 p.m.18 views

CVE-2023-53556

CVE-2023-53556 is a Linux kernel use-after-free in the iavf driver (free_netdev) when removing virtual functions during SR-IOV handling. The connected Nessus/SUSE advisories enumerate this CVE among a large set of kernel issues and indicate the vulnerability is addressed by kernel updates in Eule...

7.8CVSS6AI score0.00139EPSS
Total number of security vulnerabilities14097