14138 matches found
CVE-2023-53458
In CVE-2023-53458, Linux kernel media cx23885 driver may encounter a null pointer dereference in buffer_prepare() and buffer_finish() when dma_alloc_coherent fails during cx23885_risc_buffer() setup, causing risc->cpu to be empty. The vulnerability can be triggered when freeing or accessing th...
CVE-2023-53475
CVE-2023-53475 affects the Linux kernel USB xHCI Tegra implementation. Root cause: sleep/alloc that can sleep (kasprintf) is invoked from an atomic context via tegra_xusb_padctl_get_usb3_companion -> tegra_xusb_find_port -> kasprintf, which is invalid in atomic contexts. Impact: potential c...
CVE-2023-53480
CVE-2023-53480 : In the Linux kernel, a o bject-level NULL-dereference can occur when registering a kset if its embedded kobject’s ktype is not initialized. The described scenario initializes a kset and its kobject name but omits kset.kobj.ktype, leading to a NULL pointer dereference in kobject_a...
CVE-2023-53486
CVE-2023-53486 affects the Linux kernel ntfs3 implementation. The fixed issue is a combined overflow/boundary check in attribute size validation during NTFS attribute enumeration, which could lead to slab-out-of-bounds access (KASAN) when mounting or reading NTFS volumes. The description and conn...
CVE-2023-53493
The CVE-2023-53493 entry describes a Linux kernel issue in accel/qaic where bounds checking in decode_message() was tightened to mirror encode_message() bounds checks. The fix ensures there is space for at least one header (checking msg_hdr_len), validates that the next header can be read (msg_le...
CVE-2023-53507
CVE-2023-53507 affects the Linux kernel mlx5 driver. When an interface is down, the mlx5 driver did not unregister its devlink parameters, which could trigger a kernel WARN during shutdown. The fix unregisters devlink params in the interface-down path as well, mitigating the WARN and potential in...
CVE-2023-53525
CVE-2023-53525 affects the Linux kernel RDMA CMA component. The issue is that multicast join logic previously allowed non-UD qp_type modes; the patch updates behavior to permit multicast joins only for UD qp_type and ensures qkey is set to a default when not provided, addressing an uninitialized ...
CVE-2023-53526
CVE-2023-53526 (Linux kernel) fixes a jbd2 checkpoint removal race in ext4 by adding a check for jh->b_transaction before removing a journal handle from the checkpoint list. The issue could cause corruption of an ext4 image during power loss if trans2 commits before trans1; in particular, __jb...
CVE-2023-53528
CVE-2023-53528 affects the Linux kernel RDMA/rxe subsystem. The vulnerability arises from an unsafe drain-work-queue path in qp cleanup when create_qp does not fully complete; cleanup could attempt to drain send/recv queues before the queues exist, leading to a segfault. The fixed patch adds a gu...
CVE-2023-53556
CVE-2023-53556 is a Linux kernel use-after-free in the iavf driver (free_netdev) when removing virtual functions during SR-IOV handling. The connected Nessus/SUSE advisories enumerate this CVE among a large set of kernel issues and indicate the vulnerability is addressed by kernel updates in Eule...
CVE-2023-53568
Vulnerability (CVE-2023-53568) in the Linux kernel affects s390/zcrypt: when dev_set_name() fails, zcdn_create() leaks newly allocated resources instead of freeing them. The issue has been resolved by ensuring proper cleanup. The provided description notes the root cause and fix, and linked refer...
CVE-2023-53580
CVE-2023-53580 : In the Linux kernel, a deadlock could occur when unbinding a UVC gadget driver because gadget_unbind_driver() holds udc->connect_lock while invoking the driver’s unbind(), while usb_gadget_deactivate() also tries to acquire that lock. The fix removes the mutex around the unbin...
CVE-2023-53582
Concrete details found: CVE-2023-53582 affects the Linux kernel’s brcmfmac wifi driver. The issue is a stack-out-of-bounds read that occurs when a CLM version string, filled via memcpy() in brcmf_fil_iovar_data_get(), is passed as an argument to strreplace() in brcmf_c_preinit_dcmds() without bei...
CVE-2023-53583
CVE-2023-53583 concerns the Linux kernel RISC‑V PMU driver. The issue arises from the perf subsystem: after perf_event_overflow(), the RISC‑V PMU driver did not update PERF_HES_STOPPED, and the unthrottle path could trigger riscv_pmu_start(), emitting a WARN_ON_ONCE. The fixed change removes the ...
CVE-2023-53593
CVE-2023-53593 – Linux kernel (CIFS): The issue arises in the CIFS readpath when fscache cache hits occur, leaking a folio lock. The fix releases the folio lock after read completion in cifs_readpage_worker. The problem occurred because the callee was expected to unlock the folio, but in certain ...
CVE-2023-53598
The CVE-2023-53598 issue affects the Linux kernel in the MHI bus host path (CHDBOFF/ERDBOFF range checks). The root cause is inadequate range validation of CHDBOFF and ERDBOFF values, which could lead to an invalid address calculation and a kernel panic. Affected firmware/hardware behavior is imp...
CVE-2023-53609
CVE-2023-53609 affects Linux kernel’s SCSI subsystem. The vulnerability stems from atomic_inc(&cmd->device->iorequest_cnt) in scsi_queue_rq(), which could access a freed scsi_device after scsi_dispatch_cmd() returns, risking kernel panic. The patch reverts the changes introduced by commit c...
CVE-2023-53613
CVE-2023-53613 : Local, kernel-level use-after-free in the dax subsystem of the Linux kernel (dax_mapping_release) during removal of a device-dax region. The issue arises from freeing ida objects and releasing a parent object, risking use-after-free on dax_mapping_release timing. A fix is provide...
CVE-2023-53622
Summary of CVE-2023-53622 (Linux kernel, gfs2): A data race can occur in gfs2_show_options() when accessing fields of gfs2_tune (eg, gt_logd_secs) without holding the gt_spin lock, allowing concurrent execution with gfs2_reconfigure() to race. The fix acquires the lock (sdp->sd_tune.gt_spin) b...
CVE-2023-53628
CVE-2023-53628 affects the Linux kernel drm/amdgpu path. The issue arises from the gfx_v11_0_cp_ecc_error_irq_funcs being retired in gfx11; gfx_v11_0_hw_fini still called amdgpu_irq_put to disable the interrupt, which led to a call trace during suspend/reset. The patch history (v2–v5) shows separ...
CVE-2023-53632
Technical details for CVE-2023-53632 are not provided in the supplied documents. The connected sources reference other CVEs/advisories but do not include product/version/root-cause or fixes for this CVE. Monitor for updates.
CVE-2023-53636
CVE-2023-53636 : Linux kernel vulnerability in clk: microchip auxdev handling causes a use-after-free. If auxiliary_device_add() fails, the release callback can be invoked twice, leading to a UAF. The fix moves auxiliary_device_uninit() to the unregister callback to ensure proper teardown. Exploi...
CVE-2023-53652
CVE-2023-53652 is tied to the Linux kernel vulnerability where the vdpa_nl_policy lacked a proper nla_policy validation for the vdpa features attribute, creating a risk of parsing an invalid nlattr and potential OOB reads as described in related CVEs (e.g., CVE-2023-3773). The connected documents...
CVE-2023-53654
CVE-2023-53654 affects the Linux kernel’s octeontx2-af/RVU initialization. The issue occurs because CN10K RPM and CN10KB RPM_USX LMAC blocks are noncontiguous, and CGX blocks are noncontiguous, but RVU initialization assumed contiguity and accessed cgx/lmac by id, causing kernel panic. A patch ad...
CVE-2023-53659
CVE-2023-53659 : Linux kernel iavf driver fix for an out-of-bounds write when setting channels during remove. The issue could cause the number of active queues to exceed allocated tx/rx_rings on iavf_remove(), leading to an OOB condition. Reproduction in the report shows a KASAN slab-out-of-bound...
CVE-2023-53660
The CVE-2023-53660 issue affects the Linux kernel’s BPF/CPUMAP path and skb handling in ptr_ring during XDP. Root cause: __cpu_map_ring_cleanup() did not correctly handle skb mode, causing incorrect memory type usage warnings and premature CPU map kthread stoppage; fix implemented by patches to t...
CVE-2023-53666
CVE-2023-53666 relates to the Linux kernel ASoC codecs (snd_soc_wcd_mbhc, wcd938x) where MBHC initialisation could fail and lead to a NULL/error pointer dereference while configuring the jack. The patch fixes missing error handling to prevent dereferencing an error pointer, addressing an issue th...
CVE-2023-53678
CVE-2023-53678 concerns the Linux kernel, specifically the drm/i915 driver, where system suspend could crash on platforms without fbdev initialized. The root cause described in the documents is a suspend path involving intel_fbdev_set_suspend during device suspend, leading to a NULL pointer deref...
CVE-2025-38661
In the Linux kernel (platform/x86), CVE-2025-38661 is resolved by fixing the alienware-wmi-wmax path: the dmi_system_id array was corrected by adding a missing empty member to awcc_dmi_table. The vulnerability arises from this array misconfiguration, and the CVSSv3.1 vector indicates a LOCAL, LOW...
CVE-2025-38690
The CVE-2025-38690 entry applies to the Linux kernel code path drm/xe/migrate. The vulnerability concerns incorrect handling of alignment for a bounce buffer when buf+offset is not aligned to XE_CACHELINE_BYTES, which could lead to recursive retries and a stack/recursion risk. The root cause desc...
CVE-2025-39690
The CVE-2025-39690 issue affects the Linux kernel: iio: accel: sca3300, where uninitialized iio scan data could leak via the channels array. The root cause is that the channels array was not zeroed before use, potentially exposing stack data to userspace. A fix was applied in the Linux kernel (公开...
CVE-2025-39696
CVE-2025-39696 affects the Linux kernel ALSA HDA path for tas2781. The root cause was a wrong reference assignment during calibration data management: tasdevice_priv was set to h->hda_priv instead of h->priv, causing memory corruption and crashes due to a void pointer. The issue is resolved...
CVE-2025-39820
CVE-2025-39820 affects the Linux kernel DRM MSM DPU path (drm/msm/dpu). Root cause: drm_atomic_get_new_connector_state() may return NULL if the connector isn’t part of the atomic state, risking a NULL pointer dereference. The fix adds a NULL check in dpu_encoder_needs_modeset (mirroring the patte...
CVE-2025-39856
CVE-2025-39856 concerns the Linux kernel network driver for TI am65 CPSW-NUSS (CPSW2G) where, in the TX completion path, the variable ndev may be accessed before initialization if no TX packets have been processed. This can cause a null pointer dereference and kernel crash. Affected component: ne...
CVE-2025-39874
CVE-2025-39874 - Linux kernel macsec feature synchronization race : The issue occurs in macsec feature updates where lower (real) and upper device feature states can become out of sync during ETHTOOL_SFEATURES handling, potentially causing a lock in the lower device while updating features. The r...
CVE-2025-39878
CVE-2025-39878 involves a Linux kernel issue related to ceph code: move_dirty_folio_in_page_array() incorrectly returns 0 (PTR_ERR(NULL)) after NULLing the pointer, causing errors to be silently ignored and leaving NULL entries in the page array, potentially crashing the kernel. The documented fi...
CVE-2025-39920
CVE-2025-39920 : In the Linux kernel, pcmcia: add error handling for add_interval() in do_validate_mem(). If kmalloc() fails in add_interval(), a null pointer could be inserted into a linked list, leading to illegal memory access when sub_interval() is called next. The patch adds error handling s...
CVE-2025-39951
CVE-2025-39951 is a Linux kernel use-after-free issue in virtio_uml during probe, fixed by virtio_uml_probe() logic (vu_dev->registered set only after successful registration). Connected advisories show Debian LTS updates addressing this CVE in linux packages (5.10.247-1 for Debian 11 and linu...
CVE-2025-68214
Summary (CVE-2025-68214): The Linux kernel timer subsystem had a race between timer_shutdown_sync() and timer_expire() that could trigger a WARN_ON_ONCE when a timer’s function pointer was cleared to NULL while the timer was still running. The root cause: timer_shutdown_sync() could detach the ti...
CVE-2025-71078
CVE-2025-71078 describes a Linux kernel fix for a SLB multihit issue on hash MMU POWERPC 64s. The root cause is a mismatch between the hardware SLB and the software preload cache when the kernel optimizes switch_mm_irqs_off by not calling switch_mmu_context() if prev and next mm_struct are the sa...
CVE-2025-71108
CVE-2025-71108 refers to a Linux kernel vulnerability in the USB Type-C UCSI handling. The underlying issue is that the 8th bit of the num_connectors field is reserved and should be zero, but some buggy firmware sets it, which can cause a system to fail to boot. The description notes that the ker...
CVE-2025-71118
CVE-2025-71118 : The connected documents confirm a Linux kernel/ACPICA issue where walking the ACPI Namespace with a NULL start_node could dereference a NULL pointer in acpi_ns_get_next_node. The root cause is an access to a member of parent_node when start_node is NULL, which could crash the sys...
CVE-2025-71127
Mode C: CVE-2025-71127 affects the Linux kernel’s wifi/mac80211 beacon handling: unicast Beacon frames sent to non-broadcast addresses could bypass beacon protection when Protected Frame bit is 1. The public description states that such frames can be dropped by a generic check on A1=unicast, prev...
CVE-2025-71135
CVE-2025-71135 (Linux kernel md/raid5): The issue is a possible NULL pointer dereference in raid5_store_group_thread_cnt() when mddev->private (conf) is NULL. The fix prevents using conf by returning early/unlocking before raid5_quiesce() if conf is NULL, as described in the Astra Linux and re...
CVE-2025-71145
CVE-2025-71145 (Linux kernel) fixes a use-after-free-like race by correcting usb: phy: isp1301 to increment the I2C device reference count for non-OF (Open Firmware) paths as well as OF paths. The bug was a device reference imbalance in isp1301_get_client() where non-OF callers could not reliably...
CVE-2025-71184
CVE-2025-71184 affects the Linux kernel’s btrfs subsystem. The issue is a NULL dereference in btrfs_evict_inode() when tracing inode eviction because the root may be NULL. The fix ensures root is treated as 0 or delays tracing until the root is non-NULL, preventing a NULL dereference during evict...
CVE-2025-71201
CVE-2025-71201 concerns the Linux kernel netfs subsystem, specifically a race/logic issue in buffered reads where read results could be collected beyond the intended EOF due to an end-check that used the file end rather than the folio end. The vulnerability manifests during asynchronous subreques...
CVE-2025-71202
CVE-2025-71202 affects the Linux kernel IOMMU SVA coherency. A new IOMMU interface flushes IOTLB paging cache entries for the CPU kernel address space, invoked from x86 code before freeing and reusing kernel page tables. The issue allows an unprivileged local user to trigger stale IOTLB translati...
CVE-2025-71227
The CVE-2025-71227 entry relates to the Linux kernel wifi/mac80211 warning handling for connections on invalid channels. The Connected OSV records show the vulnerability has been patched in the Root:Rootio-Linux family (Root Debian/Ubuntu variants), with multiple fixed versions available across D...
CVE-2025-71230
CVE-2025-71230 in Linux kernel concerns a leak of filesystem-specific data (sb->s_fs_info) when using the new mount API for hfs. The root cause is that if setup_bdev_super() fails after a new superblock is allocated by sget_fc() but before hfs_fill_super() takes ownership, sb->s_fs_info cou...