13804 matches found
CVE-2022-48997
CVE-2022-48997 affects the Linux kernel TPM subsystem, where tpm transactions during suspend were not guarded and could race with other TPM accessors inside tpm_pm_suspend. The referenced fixes call tpm_try_get_ops(), a wrapper around tpm_chip_start() that acquires the appropriate mutex, to seria...
CVE-2022-49401
CVE-2022-49401 pertains to the Linux kernel, where a fault in mm/page_owner handling was fixed: current->comm[] is not guaranteed to be a proper string, and using strlcpy(s1, s2, l) may call strlen(s2) and trigger out-of-bounds access. The fix replaces strlcpy with strscpy() in mm/page_owner.c...
CVE-2022-49632
CVE-2022-49632 is a Linux kernel data-race vulnerability in icmp: reading sysctl_icmp_errors_use_inbound_ifaddr can race with concurrent writes. The fix adds READ_ONCE() to the reader. CVSSv3.1 indicates a Local access requirement, High attack complexity, Low privileges, no user interaction, with...
CVE-2023-26606
The CVE-2023-26606 issue affects the Linux kernel (6.0.8) with a use-after-free in ntfs_trim_fs (fs/ntfs3/bitmap.c). Affects Linux kernel components related to NTFS handling; impact is high (confidentiality, integrity, availability) with local privileges required and no user interaction. Root cau...
CVE-2023-52697
CVE-2023-52697: Linux kernel ASoC/Intel sof_sdw_rt_sdca_jack_common issue fixes double put of headset codec device. The root cause was multiple codecs sharing the same dai name (e.g., rt712-sdca-aif1) causing sof_sdw_rt_sdca_jack_exit() to be invoked twice via mc_dailink_exit_loop(). The fix ensu...
CVE-2023-52798
CVE-2023-52798 concerns the Linux kernel’s ath11k wifi DFS radar event handling. The fix marks the DFS radar event locking code (calling ath11k_mac_get_ar_by_pdev_id()) as an RCU read-side critical section to prevent potential use-after-free in active pdev protection. Document notes indicate comp...
CVE-2024-26757
CVE-2024-26757 is a Linux kernel vulnerability affecting the md/mdadm dm-raid path. The root cause: read-only array handling allowed a race between read/write state transitions and sync-thread registration, leading to a potential hang in the recovery/sync flow when the array is toggled between re...
CVE-2024-26766
CVE-2024-26766 affects the Linux kernel’s IB/hfi1 path. The root cause is an off-by-one error in the sdma.h tx descriptor handling that, when a send consists of six descriptors and requires a seventh-dword padding, prevents proper expansion of the sdma_txreq descriptor array. This overflow can co...
CVE-2024-35894
CVE-2024-35894: In the Linux kernel, a mitigation for a subflow-level BPF access issue was implemented in mptcp by preventing BPF from accessing mptcp-level proto_ops from a subflow scope. The root cause was a misconfigured interaction where BPF could reach mptcp proto_ops through a tcp subflow, ...
CVE-2024-36030
CVE-2024-36030 refers to a Linux kernel vulnerability in the octeontx2-af driver where a double free could occur in rvu_npc_freemem() due to an extra free of memory previously released (npc_mcam_rsrcs_deinit() freed mcam->counters.bmap). The fix, as noted in the connected documents, was to del...
CVE-2024-39506
CVE-2024-39506 (Linux kernel) : The issue arises in the liquidio driver path within lio_vf_rep_copy_packet(), where pg_info->page is compared to NULL but then unconditionally passed to skb_add_rx_frag(), risking a NULL pointer dereference. The problem trace shows the path from octeon_droq_proc...
CVE-2024-40903
The CVE-2024-40903 issue affects the Linux kernel in the USB Type-C Power Delivery path. Specifically, a use-after-free could occur in tcpm_register_source_caps when new (potentially invalid) source capabilities are advertised, existing source caps are unregistered, and an error occurs in usb_pow...
CVE-2024-40919
CVE-2024-40919 discusses a Linux kernel bnxt_en issue where a released token (token->state == BNXT_HWRM_DEFERRED) could be logged while the token pointer had already been NULL, risking a NULL pointer dereference. The fix implemented is to add a token pointer check before using the token in log...
CVE-2024-43826
CVE-2024-43826 : In the Linux kernel, the nfs trace points can expose a safety issue in nfs_folio_length when folio locking or NULL ->f_mapping checks are missing, risking kernel crashes under certain NFS trace configurations (e.g., xfstests generic/065). The root cause is unsafe handling of f...
CVE-2024-45005
CVE-2024-45005 affects the Linux kernel KVM on s390. The issue is a validity interception in the SIE path when gisa is disabled, caused by passing an uninitialized gisa origin to virt_to_phys() and then writing it into the gisa designation. The fix returns 0 in kvm_s390_get_gisa_desc() if origin ...
CVE-2024-46754
CVE-2024-46754 : Linux kernel BPF local vulnerability fixed by removing tst_run from lwt_seg6local_prog_ops. Syzbot showed lwt_seg6 BPF ops could be invoked via bpf_test_run() without entering input_action_end_bpf() first. Patch removes test_run for BPF_PROG_TYPE_LWT_SEG6LOCAL; root cause involve...
CVE-2024-46761
CVE-2024-46761 affects the Linux kernel’s PCI hotplug driver for PowerPC (pci/hotplug/pnv_php.c). The issue caused a kernel crash during hot-unplug/disable of a PCIe switch/bridge from the PHB, due to a NULL dereference when the MSI data structure had already been released and set to NULL, yet un...
CVE-2024-46783
CVE-2024-46783 : Linux kernel vulnerability in tcp_bpf_sendmsg() where corking in psock->cork could cause the last flushing to send a sk_msg larger than the current message, making ‘copied’ negative in tcp_bpf_send_verdict() and triggering a kernel BUG (net/socket.c:733). Connected Astra Linux...
CVE-2024-46858
CVE-2024-46858 in the Linux kernel fixes a local UAF race in mptcp_pm_del_add_timer. Two paths can access mptcp_pm_del_add_timer concurrently (CPU1 in PM code path vs CPU2 in netlink/ip stack path), leading to use-after-free when a timer entry is freed after leaving the critical region. The patch...
CVE-2024-47718
CVE-2024-47718 affects the Linux kernel wireless stack (rtw88) used by the wifi subsystem. The issue arises in wifi: rtw88 where firmware loading requires two attempts (regular and wowlan). In rtw_wait_firmware_completion(), the code now always waits for both attempts; previously, if rtw_usb_intf...
CVE-2024-50075
CVE-2024-50075 affects the Linux kernel (Tegrа Tegra XUSB) where USB virtualization enables sharing USB2 ports across VFs. The vulnerability arises from using the total USB2 phy number as the port index when checking PORTSC values, which can lead to invalid memory access in the VF context. A patc...
CVE-2024-50077
CVE-2024-50077: The Miracle/Linux kernel advisory and linked sources confirm a fix in the Linux kernel Bluetooth ISO path. The bug was caused by an early return in iso_init() when bt_debugfs failed to initialize (CONFIG_DEBUG_FS or CONFIG_DEBUG_FS_ALLOW_ALL unset). This could lead to iso_inited r...
CVE-2024-50078
CVE-2024-50078 affects the Linux kernel Bluetooth ISO path. If iso_init() has been called, iso_exit() must be invoked on module unload; failing to do so makes the proto registered with proto_register() invalid, which can lead to list corruption and a kernel BUG (example: list_add corruption and a...
CVE-2024-50171
CVE-2024-50171 affects the Linux kernel BCM SYSPORT driver: bcm_sysport_xmit() can leak memory because skb is not freed when dma_map_single() fails, with a fix that frees the skb via dev_kfree_skb() and returns NETDEV_TX_OK. Public records indicate the issue is resolved in patched kernel releases...
CVE-2024-53042
CVE-2024-53042 affects the Linux kernel’s ipv4/ip_tunnel code. The issue arises from paths where ip_tunnel_init_flow() is invoked without holding the RCU read lock, triggering a suspicious RCU usage warning. The fix uses l3mdev_master_upper_ifindex_by_index() to acquire the RCU read lock before c...
CVE-2024-56587
CVE-2024-56587: In the Linux kernel, a NULL pointer dereference can occur in the LEDs class when brightness_show() accesses led->cdev attributes without proper synchronization. The issue arises during inter-process interaction when a HID device creates a led and a subsequent access from anothe...
CVE-2024-56650
CVE-2024-56650 - Linux kernel netfilter x_tables led_tg_check() . The connected documents confirm a fix in the Linux kernel addressing an issue where an invalid LED ID check could lead to a recallable problem during ID processing. The root cause, as described, is insufficient validation of an ID ...
CVE-2024-56654
CVE-2024-56654 — Linux kernel Bluetooth hci_event fix : Addresses unsafe use of rcu_read_lock/unlock inside list_for_each_entry_rcu, where entries dereferenced with rcu_dereference must be accessed only within an RCU read-side critical section. The patch resolves a safety issue by ensuring correc...
CVE-2024-56663
CVE-2024-56663 describes a Linux kernel vulnerability in wifi nl80211 where NL80211_ATTR_MLO_LINK_ID could be misvalidated due to an off-by-one error in the attribute range. The issue manifests as a potential out-of-bounds access (demonstrated by a KASAN wild-memory-access bug in ieee80211_tx_con...
CVE-2024-57902
CVE-2024-57902 affects the Linux kernel AF_PACKET path. The bug arose in vlan_get_tci() where the code touched the skb when handling MSG_PEEK, allowing a crash. The fix reworks vlan_get_tci() to avoid touching the skb entirely and adds a const qualifier to the skb argument. The crash trace involv...
CVE-2025-21681
Open vSwitch issue CVE-2025-21681 in the Linux kernel caused a lockup in skb_tx_hash when a netdev is unregistering with carrier reported as ON. The root cause was a loop in skb_tx_hash that could spin when dev->real_num_tx_queues goes to zero, especially for devices that report carrier state ...
CVE-2025-37797
CVE-2025-37797 affects the Linux kernel HFSC qdisc. A Use-After-Free can occur in hfsc_change_class() when handling certain child qdiscs (e.g., netem, codel) due to a time-of-check/time-of-use race: hfsc_change_class() may add a class to vttree after qdisc_peek_len() potentially clears the queue....
CVE-2025-38000
CVE-2025-38000 affects the Linux kernel HFSC scheduler qlen accounting: when enqueuing the first packet, hfsc_enqueue() previously used child qdisc peek() before updating sch->q.qlen and sch->qstats.backlog, which could trigger a dequeue and leave the HFSC class in an inconsistent state (po...
CVE-2016-10147
CVE-2016-10147 affects the Linux kernel’s crypto/mcryptd.c. An local attacker can cause a denial of service by using an AF_ALG socket with an incompatible algorithm (demonstrated by mcryptd(md5)), triggering a NULL pointer dereference and system crash. The description notes the issue exists in ke...
CVE-2016-5828
CVE-2016-5828 affects the Linux kernel on powerpc platforms (up to 4.6.3). The start_thread function mishandles transactional memory, allowing local users to cause a denial of service (invalid process state or TM Bad Thing exception, and system crash) by starting and suspending a transaction befo...
CVE-2016-9685
CVE-2016-9685 affects the Linux kernel’s XFS filesystem: multiple memory leaks in error paths within fs/xfs/xfs_attr_list.c can cause local denial of service through memory consumption. Affects kernel versions before 4.5.1; patch released in 4.5.1. References indicate remediation via upgrading to...
CVE-2018-14612
CVE-2018-14612 affects the Linux kernel (through 4.17.10) with an invalid pointer dereference in btrfs_root_node() when mounting a crafted btrfs image. The root cause is lack of validation in btrfs_read_block_groups (fs/btrfs/extent-tree.c) and missing empty-tree checks in check_leaf (fs/btrfs/tr...
CVE-2019-19814
CVE-2019-19814 affects Linux kernel 5.0.21 when mounting a crafted f2fs filesystem image. The bug is in the __remove_dirty_segment slab code: an array is bounded by 8 dirty types, but an index can exceed this bound, causing a slab-out-of-bounds write and potential memory corruption. The provided ...
CVE-2021-47385
CVE-2021-47385 is a Linux kernel hwmon issue affecting the w83792d driver (and related subclients) where a NULL pointer dereference could occur if a value read from the device matches certain bit patterns. The root cause is dereferencing a NULL after reading val; the advisory notes that the patch...
CVE-2022-44034
The CVE-2022-44034 issue affects the Linux kernel (through 6.0.6) in the PCMCIA driver path, specifically drivers/char/pcmcia/scr24x_cs.c, where a race between scr24x_open() and scr24x_remove() can cause a use-after-free if a physically proximate attacker removes a PCMCIA device while open() is i...
CVE-2022-48786
CVE-2022-48786 – summary The issue is in the Linux kernel’s vsock path: if a connect() is interrupted by a signal while a socket is in the TCP_ESTABLISHED state, the socket may remain in the vsock connected table and could be re-added, corrupting the list. The patch fixes this by calling vsock_re...
CVE-2022-48978
CVE-2022-48978 is a Linux kernel vulnerability in HID core (hid_report_raw_event) causing a shift-out-of-bounds when processing HID reports. The issue is triggered by syzbot reports and UBSAN shows shift-out-of-bounds in hid-core.c:1323 while computing snto32; fix patches add bounds checks (limit...
CVE-2022-49010
CVE-2022-49010 (Linux kernel) has concrete technical details in connected advisories. The issue arises in hwmon coretemp handling: if coretemp_add_core() fails, pdata->core_data[indx] may already be NULL and freed, and passing that to sysfs_remove_group() could crash. The fix is to check for N...
CVE-2022-49028
CVE-2022-49028 concerns the Linux kernel ixgbevf driver. The advisory notes a resource leak in ixgbevf_init_module(): when pci_register_driver() fails, the workqueue created by create_singlethread_workqueue() is not destroyed. The fix adds destroy_workqueue() in the failure path to prevent the le...
CVE-2022-49207
CVE-2022-49207 is a Linux kernel vulnerability in the bpf/sockmap path (sk_psock_queue_msg memleak). The issue occurs when tcp_bpf_sendmsg runs during tear down, causing memory charged by sk_mem_charge to remain outstanding as messages are queued, potentially leading to memory leaks. The provided...
CVE-2022-49236
CVE-2022-49236 concerns a Linux kernel use-after-free in BPF/BTF handling: a race between module init and module reuse could allow BTF IDs to be published before a module is fully live. The fix, as described in the related documentation, is to set a BTF_MODULE_F_LIVE flag at MODULE_STATE_LIVE so ...
CVE-2022-49579
CVE-2022-49579: In the Linux kernel, a data race around ipv4_fib_multipath_hash_policy was resolved by adding READ_ONCE() guards to readers of sysctl_fib_multipath_hash_policy. Affected component: kernel IPv4 multipath hash policy reader; root cause: concurrent modification during reads; impact: ...
CVE-2022-49604
CVE-2022-49604 is a Linux kernel vulnerability involving a data race in the sysctl_ip_fwd_use_pmtu path. The issue occurs when reading the sysctl while it can be modified concurrently, creating a race condition that can lead to inconsistent reads. The documented fix is to guard readers with READ_...
CVE-2022-49644
CVE-2022-49644 affects the Linux kernel's DRM/I915 component, addressing a possible refcount leak in intel_dp_add_mst_connector. If drm_connector_init fails, the driver must drop the port refcount before calling intel_connector_free to avoid leaks. The issue is tied to a cherry-picked commit (cea...
CVE-2023-3777
CVE-2023-3777 is a use-after-free in Linux kernel nf_tables (netfilter). When nf_tables_delrule() flushes table rules, it may release objects if the chain is bound, enabling local privilege escalation. Mitigation: upgrade past commit 6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8 (Linux kernel versions...