Lucene search
K
LinuxLinux Kernel

14105 matches found

CVE
CVE
added 2025/10/01 11:45 a.m.17 views

CVE-2022-50451

CVE-2022-50451 involves a memory leak in the Linux kernel’s ntfs3 module, specifically in the ntfs_fill_super() error path. The provided documents consistently describe a bug where an unreferenced kmemleak object is leaked during mounting, traced to the error handling path of ntfs_fill_super(). T...

5.5CVSS6.1AI score0.00151EPSS
CVE
CVE
added 2025/10/01 11:45 a.m.17 views

CVE-2022-50453

CVE-2022-50453 affects the Linux kernel (gpiolib: cdev). The vulnerability arises from NULL-pointer dereferences when userspace can trigger GPIO syscalls on a hot-unplugged GPIO device, allowing races where a device is removed after a NULL check. The fix partially mitigates by verifying gdev->...

5.5CVSS6AI score0.00149EPSS
CVE
CVE
added 2025/10/01 11:45 a.m.17 views

CVE-2022-50461

CVE-2022-50461 affects the Linux kernel net: ethernet: ti: am65-cpsw driver. The root cause was PM runtime leakage in am65_cpsw_nuss_ndo_slave_open(), due to an omitted pm_runtime_put() on error paths. The vulnerability has been resolved in the kernel by ensuring pm_runtime_put() is issued in the...

5.5CVSS6.2AI score0.00143EPSS
CVE
CVE
added 2025/10/04 3:16 p.m.17 views

CVE-2022-50481

CVE-2022-50481 pertains to the Linux kernel; the issue is a potential null pointer dereference in cxl_guest_init_afu|adapter() when device_register() fails in cxl_register_afu|adapter(). The error path could dereference a removed-but-not-added device unless the reference is properly released. The...

5.5CVSS6.1AI score0.00149EPSS
CVE
CVE
added 2025/10/04 3:43 p.m.17 views

CVE-2022-50489

CVE-2022-50489 : In the Linux kernel, the drm/mipi-dsi subsystem detaches devices when removing the host. The mitigation: the vulnerability is resolved by fixes in the kernel’s host unregister path (mipi_dsi_host_unregister), which previously could unregister devices without detaching them from t...

5.5CVSS6.3AI score0.0015EPSS
CVE
CVE
added 2025/10/04 3:43 p.m.17 views

CVE-2022-50493

CVE-2022-50493 is a Linux kernel vulnerability affecting the qla2xxx SCSI path. The issue caused a crash during CPU hotplug when an I/O abort timed out, where completion could be invoked without confirming the I/O’s completion. The advisory fixes to ensure I/O and abort requests are still outstan...

5.5CVSS6.1AI score0.00145EPSS
CVE
CVE
added 2025/10/04 3:43 p.m.17 views

CVE-2022-50498

CVE-2022-50498 : In the Linux kernel, the alx ethernet driver vulnerability stems from not taking the rtnl_lock during resume, allowing an rtnl assertion to trip in net/core/dev.c when reopening on resume. The issue is localized to the alx driver’s suspend/resume path and is triggered during devi...

5.5CVSS6.1AI score0.00145EPSS
CVE
CVE
added 2025/10/07 3:19 p.m.17 views

CVE-2022-50520

CVE-2022-50520 affects the Linux kernel's DRM Radeon path, where radeon_atrm_get_bios() leaked a PCI device refcount due to a missing pci_dev_put() when breaking the loop. The issue arises because pci_get_class() may return a pci_device with a retained reference, and if the loop is exited with pd...

5.5CVSS6AI score0.00153EPSS
CVE
CVE
added 2025/10/07 3:19 p.m.17 views

CVE-2022-50528

CVE-2022-50528 affects the Linux kernel (drm/amdkfd) with a memory leak and potential segfault in _gpuvm_import_dmabuf(). A patch fixes memory leakage and segfaults. The CVSS 3.1 vector indicates a Local attack with Low complexity and Low privileges required, impacting Availability (High) while C...

5.5CVSS6.2AI score0.00146EPSS
CVE
CVE
added 2025/10/07 3:21 p.m.17 views

CVE-2022-50535

CVE-2022-50535 affects the Linux kernel DRM/AMD display code. It is a potential NULL pointer dereference in dm_resume within drm/amd/display, caused by assuming 'aconnector->dc_link' is non-null. The fix adds a null check at the loop's start to avoid dereferencing a NULL dc_link. Reported CVSS...

5.5CVSS6.1AI score0.00147EPSS
CVE
CVE
added 2025/10/07 3:21 p.m.17 views

CVE-2022-50540

CVE-2022-50540 affects the Linux kernel’s dmaengine qcom-adm driver. The root cause is a faulty slave_config implementation that compared peripheral_size against the size of the config pointer instead of the config struct, causing the crci value to be ignored and potentially triggering a kernel p...

5.5CVSS6AI score0.00143EPSS
CVE
CVE
added 2025/10/07 3:21 p.m.17 views

CVE-2022-50547

The CVE affects the Linux kernel, specifically the solo6x10 driver’s solo_sysfs_init() path. When device_register() errors during initialization, memory allocated by dev_set_name() was not freed, leading to a memory leak. The fix, implemented in the upstream kernel and reflected in related adviso...

5.5CVSS6.1AI score0.0019EPSS
CVE
CVE
added 2025/10/07 3:21 p.m.17 views

CVE-2022-50553

CVE-2022-50553 : In the Linux kernel tracing hist code, an out-of-bounds write occurs in action_data.var_ref_idx when synthesizing events with many params (n_params up to SYNTH_FIELDS_MAX) and a smaller TRACING_MAP_VARS_MAX caused writes beyond the array. The issue is fixed by enlarging data->...

5.5CVSS6AI score0.00192EPSS
CVE
CVE
added 2025/09/15 2:3 p.m.17 views

CVE-2023-53167

CVE-2023-53167: In the Linux kernel, tracing_err_log_open() can dereference file->private_data if opened with write permissions and then lseek is used, causing a kernel panic via mutex_lock -> seq_lseek. A fix was applied to tracing: Fix null pointer dereference in tracing_err_log_open() fo...

5.5CVSS6.1AI score0.00146EPSS
CVE
CVE
added 2025/09/15 2:4 p.m.17 views

CVE-2023-53177

CVE-2023-53177 affects the Linux kernel, specifically the media: hi846 driver, where pm_runtime_get_if_in_use() can return -EAGAIN during system resume, risking a refcount underflow after a subsequent pm_runtime_put(). The issue is mitigated by the patch that fixes system-resume handling for -EAG...

5.5CVSS6.1AI score0.00143EPSS
CVE
CVE
added 2025/09/16 8:11 a.m.17 views

CVE-2023-53274

Technical details about CVE-2023-53274 are not provided in the connected documents; no product/vendor/version specifics or exploit information are included. Monitor for updates.

7.8CVSS6.2AI score0.00143EPSS
CVE
CVE
added 2025/09/18 1:33 p.m.17 views

CVE-2023-53395

The CVE-2023-53395 entry refers to ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer. The issue arises from ASL Timer instructions that require no argument; without AML_NO_OPERAND_RESOLVE, interpreting the Timer instruction could produce an error, and the fix adds AML_NO_OPERAND_RESOLVE to the Tim...

7.8CVSS6.1AI score0.00143EPSS
CVE
CVE
added 2025/10/01 11:42 a.m.17 views

CVE-2023-53448

CVE-2023-53448 is a Linux kernel issue in fbdev/imxfb where an unnecessary release_mem_region was removed on the error path to prevent releasing the mem region twice, which could lead to a resource leak or other issues. The connected advisories confirm that the Linux kernel has been updated to ad...

5.5CVSS6.1AI score0.00143EPSS
CVE
CVE
added 2025/10/01 11:42 a.m.17 views

CVE-2023-53453

The CVE-2023-53453 issue affects the Linux kernel’s Radeon driver (drm/radeon/atombios) where iio objects allocated during atom_index_iio() were not freed on driver shutdown, causing a kmemleak reference and a potential leak. The fix releases the iio in radeon_atombios_fini() to prevent the kmeml...

5.5CVSS6.2AI score0.00146EPSS
CVE
CVE
added 2025/10/01 11:42 a.m.17 views

CVE-2023-53457

CVE-2023-53457 : In Linux kernel, JFS txBegin can NULL-deref when called on a read-only superblock; fix adds a read-only filesystem check before txBegin and returns an appropriate error code. Exploitation status and exact patch details beyond this description are not provided in the supplied docu...

5.5CVSS6AI score0.00146EPSS
CVE
CVE
added 2025/10/01 11:42 a.m.17 views

CVE-2023-53460

CVE-2023-53460 describes a memory-leak in the Linux kernel wifi driver rt w88 (rtw_usb_probe) in drivers/net/wireless/realtek/rtw88/usb.c:876, where an allocated hw structure may not be released on a path, reported as the line 811 release issue. The root cause is a leak in the USB probe path (rtw...

5.5CVSS6AI score0.00128EPSS
CVE
CVE
added 2025/10/01 11:42 a.m.17 views

CVE-2023-53461

CVE-2023-53461 pertains to the Linux kernel’s io_uring exit path. The vulnerability comes from io_ring_exit_work, invoked by kworker, waiting on request completions in a way that could interact with signal handling. The patch changes the wait state from TASK_UNINTERRUPTIBLE to TASK_INTERRUPTIBLE ...

5.5CVSS5.8AI score0.00145EPSS
CVE
CVE
added 2025/10/01 11:42 a.m.17 views

CVE-2023-53463

CVE-2023-53463 relates to the Linux kernel ibmvnic driver. The bug occurs when a NON_FATAL reset is performed: batched skb (xmit) data increments num_queued but not fully accounted for until the batch is sent, causing a mismatch where num_completed can exceed num_queued, which triggers a kernel B...

5.5CVSS5.7AI score0.00145EPSS
CVE
CVE
added 2025/10/01 11:45 a.m.17 views

CVE-2023-53506

CVE-2023-53506 : Linux kernel udf merging long extents. The merge logic that pushes as much length as possible to the first extent caused risk of extents corruption; the patch resolves the behavior by not merging overly long extents. Reported impact is high (local attack, no user interaction) wit...

7.8CVSS6AI score0.00153EPSS
CVE
CVE
added 2025/10/04 3:16 p.m.17 views

CVE-2023-53540

CVE-2023-53540 covers a Linux kernel wifi issue in cfg80211 where a station will reject auth/assoc to an AP if the AP uses the station’s own address as MLD address or BSSID. The advisory states this should be rejected to avoid a later failure, with impact described as a high availability risk but...

5.5CVSS6.2AI score0.00145EPSS
CVE
CVE
added 2025/10/04 3:16 p.m.17 views

CVE-2023-53542

The CVE-2023-53542 issue affects the Linux kernel (ARM/Exynos) where the MIPI video PHY support for Exynos5420 was not using the correct Exynos5420 compatible, leading to a kernel panic. The description states that the fix is to use the proper compatible for Exynos5420, effectively patching the d...

5.5CVSS6AI score0.00146EPSS
CVE
CVE
added 2025/10/04 3:17 p.m.17 views

CVE-2023-53557

CVE-2023-53557 is a Linux kernel local vulnerability in fprobe where the rethook release could race with unregistration of ftrace_ops, potentially triggering a general protection fault during bpf selftests. The root cause is releasing fp->rethook while users on other CPUs may still be executin...

5.5CVSS6AI score0.00134EPSS
CVE
CVE
added 2025/10/04 3:17 p.m.17 views

CVE-2023-53563

CVE-2023-53563 relates to the Linux kernel amd-pstate-ut driver. The root cause is that after calling amd_pstate_ut_check_perf() and amd_pstate_ut_check_freq(), the code uses cpufreq_cpu_get() to obtain the CPU policy but fails to release it with cpufreq_policy_put, causing the policy to remain b...

5.5CVSS6.1AI score0.00135EPSS
CVE
CVE
added 2025/10/04 3:17 p.m.17 views

CVE-2023-53574

CVE-2023-53574 affects the Linux kernel wifi/rtw88 driver. The issue arises when unloading the driver, where the TX purge timer is not properly deleted and the C2H queue is not freed, risking a crash and a memory leak. The documented root cause is improper cleanup in the rtw_core_deinit() path, w...

5.5CVSS6.1AI score0.0012EPSS
CVE
CVE
added 2025/10/04 3:17 p.m.17 views

CVE-2023-53575

In CVE-2023-53575, the Linux kernel wifi driver (iwlwifi, mvm) fixes a potential array out-of-bounds access by accounting for IWL_SEC_WEP_KEY_OFFSET when verifying key_len in iwl_mvm_sec_key_add(). The fix is implemented in the kernel code referenced in the stable commits: https://git.kernel.org/...

7.1CVSS6.2AI score0.0013EPSS
CVE
CVE
added 2025/10/04 3:17 p.m.17 views

CVE-2023-53576

CVE-2023-53576 affects the Linux kernel’s null_blk driver. The patch ensures queue mode is always validated from configfs by checking queue_mode in null_validate_conf() and returning an error for NULL_Q_RQ to prevent a NULL I/O path OOPs when queue_mode is set to 1. Reproduction steps are provide...

5.5CVSS6AI score0.00135EPSS
CVE
CVE
added 2025/10/04 3:43 p.m.17 views

CVE-2023-53584

CVE-2023-53584 pertains to the Linux kernel ubifs_releasepage path, where an assertion ubifs_assert(0) can fail during page release, potentially triggering UBIFS read-only mode and faulting I/O. Public docs show this was fixed in vendor-specific patches: Root:Ubuntu-22.04 advised patches (ROOT-OS...

5.5CVSS6.1AI score0.00145EPSS
CVE
CVE
added 2025/10/04 3:44 p.m.17 views

CVE-2023-53587

The CVE-2023-53587 issue is in the Linux kernel ring-buffer handling where IRQ work can run after the ring buffer is destructed. The vulnerability description shows a use-after-free path in irq_work_run_list (KASAN report) when data is written to the buffer just before destruction, potentially le...

7.8CVSS6.2AI score0.00153EPSS
CVE
CVE
added 2025/10/04 3:44 p.m.17 views

CVE-2023-53594

CVE-2023-53594 is a Linux kernel driver-core resource leak in device_add(): if kobject_add() fails, dev->kobj.parent is set to NULL, causing a leak in resource cleanup and potentially insmod failure for mac80211_hwsim. The initial description and EulerOS/SUSE advisories confirm the vulnerabili...

5.5CVSS6.1AI score0.00135EPSS
CVE
CVE
added 2025/10/04 3:44 p.m.17 views

CVE-2023-53601

CVE-2023-53601 is a Linux kernel vulnerability in the bonding driver where code could assume skb_mac_header is set in ndo_start_xmit, risking invalid skb handling. The fixed description states that skb->data is sufficient and bonding must not rely on mac_header. Concrete details appear in conn...

5.5CVSS6.1AI score0.00136EPSS
CVE
CVE
added 2025/10/04 3:44 p.m.17 views

CVE-2023-53603

CVE-2023-53603 affects the Linux kernel SCSI QLA2XXX path. The issue is a potential NULL pointer dereference where a fcport pointer may be dereferenced if sa_ctl is NULL and fcport is allocated after an exit path. The documented fix is to exit the routine when sa_ctl is NULL, preventing the NULL ...

5.5CVSS6.1AI score0.00136EPSS
CVE
CVE
added 2025/10/04 3:44 p.m.17 views

CVE-2023-53604

CVE-2023-53604: In the Linux kernel, the dm_integrity component may leak journal_io_cache if dm_register_target() fails due to an error path that calls kmem_cache_destroy() in dm_integrity_init(). This root cause is documented in the initial report as a resolution for the leak in journal_io_cache...

7.8CVSS6.1AI score0.00145EPSS
CVE
CVE
added 2025/10/04 3:44 p.m.17 views

CVE-2023-53615

CVE-2023-53615 : In the Linux kernel, a race in the qla2xxx SCSI session deletion path could allow a session to be queued for deletion twice, leading to a link-list corruption and a system crash when using a debug kernel. The root cause is double-queuing of the same port for deletion on different...

4.7CVSS6.1AI score0.001EPSS
CVE
CVE
added 2025/10/07 3:19 p.m.17 views

CVE-2023-53619

Summary (CVE-2023-53619): Linux kernel netfilter conntrack may use a freed nf_ct_helper_hash when nf_conntrack_init_start() fails and nf_conntrack_helpers_register() runs later, leading to a use-after-free and potential memory corruption. The issue occurs on builds with NF_CONNTRACK enabled and c...

7.8CVSS6.2AI score0.00202EPSS
CVE
CVE
added 2025/10/07 3:21 p.m.17 views

CVE-2023-53671

The CVE-2023-53671 issue affects the Linux kernel and is tied to SRCU behavior: when using SRCU_SIZE_SMALL, code assumed CPU 0 is always online. If a different CPU is the boot CPU (e.g., kdump with maxcpus=1), the system can hang, as observed on PowerPC where long task hangs were reported. The ro...

5.5CVSS6AI score0.00134EPSS
CVE
CVE
added 2025/10/07 3:21 p.m.17 views

CVE-2023-53677

CVE-2023-53677 is associated with a Linux kernel issue in the drm/i915 area. The affected component is the i915 selftests code path, where the patch fixes memory leaks on error escapes in function fake_get_pages (cherry-picked from a kernel commit). The vulnerability was resolved in the kernel, a...

5.5CVSS6.2AI score0.00119EPSS
CVE
CVE
added 2025/08/22 4:2 p.m.17 views

CVE-2025-38667

CVE-2025-38667 relates to the Linux kernel iio path, where a potential out-of-bounds write occurred when writing to a 20-character buffer. The fix adds a size check to ensure input fits the buffer and appends a zero terminator after copying the data, preventing OoB access. Impact is described as ...

7.8CVSS6.7AI score0.00133EPSS
CVE
CVE
added 2025/09/11 4:52 p.m.17 views

CVE-2025-39740

The CVE-2025-39740 entry concerns a Linux kernel vulnerability in the DRM XE migration path. It describes a potential use-after-free (UAF) scenario if a fence_wait is performed after the previous fence has already been put(), on the error path. The fix changes the control flow so that the put() i...

7.8CVSS5.9AI score0.00143EPSS
CVE
CVE
added 2025/09/11 4:56 p.m.17 views

CVE-2025-39769

The CVE refers to a Linux kernel issue in the bnxt_en driver where a lockdep warning could trigger during rmmod (bnxt_remove_one) due to an assertion on the netdev lock. The fix adds netdev_assert_locked_or_invisible() in bnxt_free_ntp_fltrs() so the assertion does not fire if the netdev is alrea...

5.5CVSS6AI score0.00093EPSS
CVE
CVE
added 2025/09/11 4:56 p.m.17 views

CVE-2025-39777

The CVE-2025-39777 entry concerns the Linux kernel crypto: acomp component, where a control flow integrity (CFI) failure was caused by type punning. The issue could lead to a crash when CFG is enabled. The documented fix uses a consistent type for the workspace free function and ensures it is inv...

5.5CVSS6.1AI score0.00119EPSS
CVE
CVE
added 2025/09/15 12:36 p.m.17 views

CVE-2025-39802

CVE-2025-39802 affects the Linux kernel’s poly1305 implementation (lib/crypto: arm/poly1305). The root cause is register corruption when SIMD is unusable; the patch restores a cheap SIMD usability check (may_use_simd) that was removed by a prior commit and ensures poly1305 code behaves safely rat...

7.8CVSS6.5AI score0.00133EPSS
CVE
CVE
added 2025/09/15 12:36 p.m.17 views

CVE-2025-39803

CVE-2025-39803 affects the Linux kernel in the SCSI/UFShCD UFS path. The vulnerability arises from a warning path in the UIC command completion: when the UIC completion interrupt is re-enabled mid-processing, an interrupt could trigger and hit WARN_ON_ONCE(!cmd). The fix is a patch that removes t...

7.8CVSS6.2AI score0.00133EPSS
CVE
CVE
added 2025/09/16 1:0 p.m.17 views

CVE-2025-39814

In CVE-2025-39814, the Linux kernel ice driver contains a NULL pointer dereference when resetting a device without RDMA support. Specifically, ice_unplug_aux_dev() dereferences pf->cdev_info->adev, and pf->cdev_info may be NULL, leading to a crash during reset described in the trace. A f...

5.5CVSS6AI score0.0012EPSS
CVE
CVE
added 2025/09/19 3:26 p.m.17 views

CVE-2025-39837

The CVE-2025-39837 entry concerns the Linux kernel, specifically the platform/x86 asus-wmi subsystem. The issue stems from racey driver registrations where asus_wmi_register_driver() could be invoked concurrently by multiple drivers, causing unsafe list operations and potential memory corruption ...

7.8CVSS6.2AI score0.00143EPSS
CVE
CVE
added 2025/10/01 7:42 a.m.17 views

CVE-2025-39894

CVE-2025-39894 affects the Linux kernel netfilter bridge path (br_netfilter) specifically br_nf_local_in(). The issue arises when a broadcast packet to a tap device added to a bridge triggers br_nf_local_in() to confirm a conntrack; if another conntrack with the same hash is added, a warning may ...

5.5CVSS5.8AI score0.0014EPSS
Total number of security vulnerabilities14105