2330 matches found
CVE-2022-49035
CVE-2022-49035 in the Linux kernel affects media: s5p_cec by not consistently limiting msg.len to CEC_MAX_MSG_SIZE. Root cause is the len check not enforced in all code paths, potentially enabling a corner-case that could impact availability (per CVSS: LOCAL, HIGH impact to availability; I/I/C = ...
CVE-2022-49135
CVE-2022-49135 : In the Linux kernel, the vulnerability related to a memory leak in the drm/amd/display path has been resolved. The root cause was failure to release resources on the error handling path, leading to a memory leak. The fix adds a kfree call on the error path to ensure proper resour...
CVE-2022-49168
The CVE-2022-49168 entry concerns a Linux kernel bug in the btrfs repair path. The issue occurred when the repair submission failed and the code attempted to clean up the repair bio simultaneously with endio, creating potential use-after-free and NULL dereference conditions due to racing with bio...
CVE-2022-49314
The CVE-2022-49314 issue is a Linux kernel resource leak in tty/icom_probe: if pci_read_config_dword fails, resources allocated earlier are recycled by pci_release_regions() and pci_disable_device(). The connected Astra Linux advisory reiterates the fix for linux-5.10/5.15 series kernels and mirr...
CVE-2023-0240
CVE-2023-0240 relates to a logic error in Linux kernel io_uring that can trigger a use-after-free, enabling local privilege escalation. Specifically, in io_prep_async_work, the code may incorrectly use the init_cred or a previous identity if the final io_grab_identity returns false, causing refer...
CVE-2023-53146
The CVE-2023-53146 issue affects the Linux kernel’s media driver for the dw2102 I2C transfer path. In dw2102_i2c_transfer, the code can read msg[i].buf even when it is null if msg[i].len is zero, allowing a null pointer dereference before the fix. The vulnerability is mitigated by adding a check ...
CVE-2024-35998
The CVE-2024-35998 entry corresponds to a Linux kernel fix for a potential deadlock in CIFS (smb3) related to lock ordering in cifs_sync_mid_result. Coverity identified a thread deadlock caused by acquiring TCP_Server_Info.srv_lock while holding TCP_Server_Info.mid_lock. The connected Astra/Tence...
CVE-2024-39468
CVE-2024-39468 affects the Linux kernel CIFS/SMB client: a deadlock in smb2_find_smb_tcon() can occur due to holding the cifs_tcp_ses_lock when invoking cifs_put_smb_ses(). The fix releases/correctly unlocks cifs_tcp_ses_lock before calling cifs_put_smb_ses(), avoiding the deadlock. References in...
CVE-2024-39485
The CVE-2024-39485 issue affects the Linux kernel media: v4l subsystem, specifically the async notifier: the notifier_entry was not re-initialised after unregister, leaving dangling pointers. The documented fix is to reinitialise the notifier_entry (e.g., via list_del_init()) so the notifier_entr...
CVE-2024-39495
The CVE-2024-39495 issue is a Linux kernel use-after-free in greybus gb_interface_release caused by a race with gb_interface_mode_switch_work. The fix, confirmed by multiple sources (e.g., Astra Linux advisory reflecting the same description), is to cancel the scheduled work before freeing the ob...
CVE-2024-40981
CVE-2024-40981 – Linux kernel batman-adv : The vulnerability centers on batman-adv’s originator handling in batadv_purge_orig_ref(), where empty buckets can lead to soft lockups (CPU 0 stuck for long periods). The root cause is not publicly disclosed in the provided documents, but the fix is desc...
CVE-2024-42076
The CVE-2024-42076 entry relates to the Linux kernel net/can/j1939 path, where j1939_send_one() allocated a full frame but did not initialize unused data, enabling a kernel-infoleak via raw_recvmsg() paths observed by syzbot. The root cause is uninitialized memory in the frame allocation (Bytes 1...
CVE-2024-46726
CVE-2024-46726 (Linux kernel, drm/amd/display) fixes overflow/overrun in index calculations (vmid0p72_idx, vnom0p8_idx, vmax0p9_idx) to prevent array size overflow. The patch resolves 3 OVERRUNs and 1 INTEGER_OVERFLOW reported by Coverity; affected AMD display path. Remediation is to apply the up...
CVE-2024-46732
CVE-2024-46732 affects the Linux kernel DRM/AMD display path. The root cause was failing to assign linear_pitch_alignment in VM environments, which could lead to a divide-by-zero error. The fix is to assign linear_pitch_alignment in VM contexts; multiple stable-kernel commits (c984debc133e and re...
CVE-2024-46823
CVE-2024-46823 is a Linux kernel issue resolved by removing a locally scoped device_name array used as a driver name in kunit_device_register, which caused a KASAN-enabled kernel panic. The fix passes the device name directly into kunit_device_register as an ASCII string, addressing an out-of-sco...
CVE-2024-46843
CVE-2024-46843 concerns the Linux kernel SCSI/UFS path. The issue arises when removing the ufshcd driver from a UFS device, potentially causing a kernel panic if ufshcd_async_scan fails during ufshcd_probe_hba before a SCSI host is added. The fix is to guarantee the SCSI host is removed only if i...
CVE-2024-50243
CVE-2024-50243 affects the Linux kernel ntfs3 path; the issue is a general protection fault in run_is_mapped_full leading to a local denial of service. The fix (and related NTFS attribute handling fix) was committed in the kernel; affected advisories reference kernel 6.1.x updates. Remediation is...
CVE-2025-21738
CVE-2025-21738 affects the Linux kernel, specifically the SFF/ATA path in libata. The issue can allow a write beyond the allocated buffer in ata_pio_sector() when handling a SCSI_IOCTL_SEND_COMMAND with an ATA_NOP and related conditions, potentially overwriting memory. The description notes that ...
CVE-2012-0207
CVE-2012-0207 affects the Linux kernel before 3.2.1, where igmp_heard_query in net/ipv4/igmp.c can be triggered by IGMP packets to cause a divide-by-zero leading to a kernel panic (DoS). The vulnerability is addressed in Linux 3.2.1 (as per ChangeLog-3.2.1). Connected advisories/Nessus entries re...
CVE-2017-18224
CVE-2017-18224 : The Linux kernel before 4.15 contains a race condition in the ocfs2 extent-tree path. Specifically, in fs/ocfs2/aops.c, a semaphore is omitted during read operations in DIRECT mode, enabling a local attacker to trigger a denial of service by modifying the e_cpos field. The connec...
CVE-2021-47347
CVE-2021-47347 affects the Linux kernel component related to the wl1251 driver. The vulnerability arises from a buffer overflow in wl1251_cmd_scan where memcpy is invoked without validating the input length. The issue is fixed by adding a length check to ensure the copied data stays within the ma...
CVE-2021-47379
The CVE-2021-47379 entry describes a kernel vulnerability in the Linux blk-cgroup subsystem related to a use-after-free (UAF) in the block I/O scheduler. The issue arises when destroying the blkcg policy hierarchy, where the BFQ/BLK MQ path can trigger a use-after-free during queue initialization...
CVE-2022-48982
CVE-2022-48982 affects the Linux kernel Bluetooth subsystem, specifically CSR fake controllers. The issue arises when a CSR 5.0 clone causes the suspend notifier to be registered twice, which can lead to a kernel panic during Bluetooth device probing (btusb/hci stack). The connected advisories an...
CVE-2022-49301
CVE-2022-49301 : In the Linux kernel, the staging rtl8712 USB driver has a bug where, if r8712_usbctrl_vendorreq() returns a negative value, data in usb_read8/16/32 is not initialized, triggering KMSAN uninitialized-value reports. Connected advisories reference fixes in the kernel (e.g., commits ...
CVE-2022-49564
CVE-2022-49564 : Linux kernel crypto qat flaw where DH parameter handling could underflow. The fix rejects requests when the source buffer is larger than the key, preventing an underflow when copying the source scatterlist into a linear buffer. Documents/refs show the fix being incorporated in ke...
CVE-2023-46343
CVE-2023-46343 concerns the Linux kernel up to version 6.5.9, with a NULL pointer dereference in send_acknowledge (net/nfc/nci/spi.c). Affected component: kernel. Root cause: NULL pointer dereference in send_acknowledge. Explicit impact details in the provided metrics show Confidentiality and Int...
CVE-2024-35940
CVE-2024-35940 affects the Linux kernel. The vulnerability stems from pstore/zone: missing NULL pointer check in psz_kmsg_read after kasprintf() can return NULL on allocation failure. The impact is a potential NULL pointer dereference in kernel code paths involving kasprintf results, with publicl...
CVE-2024-40987
Mode C: The CVE-2024-40987 issue affects the Linux kernel's DRM/amdgpu driver, where a UBSAN warning in kv_dpm.c is fixed by adding a bounds check for sumo_vid_mapping_entry. The patch targets the root cause (bounds check failure) and reports the fix as part of the kernel update. Public reference...
CVE-2024-41069
CVE-2024-41069 is a Linux kernel vulnerability in ASoC topology where references to freed memory were fixed. The changelog entries indicate root cause was pointers into topology file contents after parsing and releasing memory; the fix allocates memory via devm_kmemdup() to avoid dereferencing fr...
CVE-2024-42129
CVE-2024-42129 – Linux kernel (mlxreg LED driver) : The vulnerability arose because leds: mlxreg registered LEDs with devm_led_classdev_register(), but led_classdev_unregister() invoked a brightness callback that used a mutex already destroyed during module removal. The fix uses the devm API for ...
CVE-2024-46717
The CVE-2024-46717 entry concerns a Linux kernel net/mlx5e SHAMPO defect: an incorrect SHAMPO header page release could cause SHAMPO header pages to be released more than once. The description specifies the root cause: when no skb has been created yet, header_size is 0 and the last SHAMPO header ...
CVE-2024-49910
CVE-2024-49910 concerns the Linux kernel DRM/AMD display path. The root cause was a null dereference risk in drm/amd/display's dcn401_set_output_transfer_func: set_output_gamma could be non-null checked, then dereferenced. The fix adds a null check for set_output_gamma before invoking it, elimina...
CVE-2024-50286
CVE-2024-50286 describes a slab-use-after-free race in the Linux kernel’s ksmbd subsystem, between ksmbd_smb2_session_create and ksmbd_expire_session. The patch adds the missing sessions_table_lock when adding/deleting a session from the global session table, addressing the race. The issue is roo...
CVE-2010-4165
CVE-2010-4165 affects the Linux kernel prior to 2.6.37-rc2. The do_tcp_setsockopt function does not properly constrain TCP_MAXSEG (MSS) values, allowing a local user to trigger a denial of service via a setsockopt with a small value, leading to a divide-by-zero or signed-integer misuse. Evidence ...
CVE-2010-4527
The CVE-2010-4527 entry concerns the Linux kernel OSS sound driver (load_mixer_volumes in sound/oss/soundcard.c). It arises because a name field is not guaranteed to end with a NUL, enabling a local user to trigger a buffer overflow via SOUND_MIXER_SETLEVELS, with potential to escalate privileges...
CVE-2011-3353
CVE-2011-3353 : In the Linux kernel, a buffer/length handling issue in fuse_notify_inval_entry (fs/fuse/dev.c) before 3.1 can allow a local attacker mounting a FUSE filesystem to trigger a BUG_ON and system crash, i.e., local denial of service. Public advisories (e.g., OpenSUSE, Red Hat/Oracle/Li...
CVE-2014-4667
CVE-2014-4667 affects the Linux kernel: the sctp_association_free function in net/sctp/associola.c before version 3.15.2 fails to properly manage a specific backlog value, enabling remote attackers to trigger a denial of service (socket outage) via a crafted SCTP packet. The vulnerability is root...
CVE-2021-47458
CVE-2021-47458 affects the ocfs2 mount path in the Linux kernel. It occurs when mounting ocfs2 with o2cb or pcmk on kernels built with Fortify Source, due to non-null-terminated strings in the disk representation being treated as null-terminated by strlcpy, triggering a buffer overflow and a fort...
CVE-2021-47576
CVE-2021-47576 concerns the Linux kernel SCSI subsystem, specifically the scsi_debug driver. The issue is a use-after-free (UAF) caused by insufficient validation of the block descriptor length in resp_mode_select(), leading to a KASAN crash (Read of size 1) in resp_mode_select() and related SCSI...
CVE-2022-48829
CVE-2022-48829 affects the Linux kernel NFSD (NFSv3) and concerns how SETATTR/CREATE handle large file sizes. The issue stems from ia_size being a loff_t and the risk of client sizes exceeding s64_max; silently capping caused mismatches. The fix removes the min_t() check in decode_sattr3(), preve...
CVE-2022-48938
CVE-2022-48938 affects the Linux kernel CDC-NCM path. The issue arises when a broken device provides an extreme offset (e.g., 0xFFF0) with a plausible fragment length, allowing an integer overflow in the existing sanity check. The description states that both offset and offset + len must be check...
CVE-2022-49308
The CVE-2022-49308 entry describes a Linux kernel extcon overflow/NULL dereference vulnerability that could cause an Oops when sysfs state_show() runs before driver data is set. The root cause is extcon device creation occurring before drvdata is initialized, leading to an edev NULL dereference d...
CVE-2023-2019
CVE-2023-2019 : A flaw in the Linux kernel netdevsim device driver’s event scheduling due to improper management of a reference count. This can enable a local attacker to cause a denial-of-service on the system. The description and references in the connected docs point to a kernel-level issue; n...
CVE-2023-23001
CVE-2023-23001 affects Linux kernel prior to 5.16.3, where a misinterpretation of regulator_get’s return value in drivers/scsi/ufs/ufs-mediatek.c treats an error pointer as NULL in the error case. This may lead to improper handling in that path. The vulnerability is addressed by the Linux kernel ...
CVE-2023-52642
CVE-2023-52642 concerns a Linux kernel issue in the media: rc subsystem where attaching/detaching BPF programs could require write permission, with an auxiliary CAP_NET_ADMIN requirement. The main impact described across multiple advisories is a locally exploitable condition in kernel space that ...
CVE-2024-40968
CVE-2024-40968 affects the Linux kernel on MIPS/Octeon systems. The issue was that after a PCIe link surprise down, the standard PCIe config interface could be abused to cause a kernel panic (“Data bus error”) when accessing peripheral PCIe devices. The fix adds a PCIe link status check and, when...
CVE-2024-42147
CVE-2024-42147 affects the Linux kernel crypto: hisilicon/debugfs path. During zip probe, debugfs initialization failure could cause the error branch to release_regs, and the regs uninitialization could release multiple times. The root cause is an uninitialized regs path when debugfs init fails, ...
CVE-2024-44963
CVE-2024-44963 — Linux kernel (btrfs): The issue occurs in btrfs_free_tree_block() when freeing a tree block and an error occurs creating a delayed reference. Instead of handling the error, a BUG_ON() could trigger, causing space leakage if memory allocation fails or other errors propagate via bt...
CVE-2024-44969
CVE-2024-44969 affects the Linux kernel, specifically the s390/sclp path. If a task waiting for a Store Data operation is interrupted and the halt attempt fails due to hardware/firmware issues, the SCLP facility might later store data into buffers referenced by the original operation. The fix pre...
CVE-2024-46720
CVE-2024-46720 affects the Linux kernel; the issue is in the DRM AMDGPU path where a dereference after a null pointer check was fixed. The description from the initial document notes “drm/amdgpu: fix dereference after null check” and “check the pointer hive before use.” The connected Azure Linux ...