2330 matches found
CVE-2024-46810
CVE-2024-46810 affects the Linux kernel UI path for displays: the drm/bridge tc358767 code may signal HPD events via IRQ before the connector is fully initialized, risking a NULL pointer dereference. The connected documents confirm a fix was applied by ensuring the connector is fully initialized ...
CVE-2024-47658
CVE-2024-47658 affects the Linux kernel crypto: stm32/cryp. The issue occurs when finalize is called with BH disabled in interrupt mode, causing a spinlock recursion warning and a potential reliability impact. The documented root cause is BH must be disabled during finalize, with the vulnerabilit...
CVE-2025-22022
CVE-2025-22022 concerns the Linux kernel USB xHCI driver, where NEC isochronous endpoints with NEC uPD720200 controllers could trigger IOMMU faults due to mis-handling of missed service errors. The description notes a faulty behavior involving transfer descriptors around isochronous rings and a c...
CVE-2010-0410
CVE-2010-0410 affects the Linux kernel up to version 2.6.32.7, via drivers/connector/connector.c, allowing local users to cause memory exhaustion and a system crash by flooding NETLINK_CONNECTOR messages. The MiracleLinux advisories (AXSA:2010-285:05 and AXSA:2010-323:11) explicitly include CVE-2...
CVE-2022-48994
CVE-2022-48994 affects the Linux kernel ALSA sequencing path. The issue arises from a prototype mismatch: seq_copy_in_user() and seq_copy_in_kernel() did not match snd_seq_dump_func_t, leading to -Wcast-function-type-strict checks with Clang. The patch fixes the function prototypes and removes ca...
CVE-2022-49532
CVE-2022-49532 affects the Linux kernel DRM virtio driver (virtio_gpu_conn_get_modes) where drm_cvt_mode may return NULL, leading to a NULL pointer dereference. The issue is demonstrated by a KASAN report showing a null deref while reading a 4-byte value from a NULL pointer. The connected advisor...
CVE-2022-49623
CVE-2022-49623 : In the Linux kernel, the powerpc/xive/spapr path allocated a bitmap using bits units instead of the required long-sized units, causing a KASAN slab-out-of-bounds access on the 8-byte bitmap. The stack trace shows the access occurs during CPU setup for SMP, with the fault tied to ...
CVE-2023-52561
CVE-2023-52561 : Linux kernel (arm64) vulnerability affecting DB845c boards with Qualcomm sdm845-db845c DTs. The issue stems from not reserving the cont splash memory region (framebuffer memory used by the bootloader), which could trigger a kernel panic (arm-smmu: Unhandled context fault) on v5.1...
CVE-2024-36910
CVE-2024-36910 affects the Linux kernel uio_hv_generic code used by CoCo VMs. If set_memory_encrypted() or set_memory_decrypted() fails, memory could be returned as decrypted/shared to the page allocator, causing functional or security issues. The VMBus device UIO driver could free decrypted/shar...
CVE-2024-46749
CVE-2024-46749 affects the Linux kernel Bluetooth driver btnxpuart. The vulnerability stems from a NULL pointer dereference in btnxpuart_flush(), which could crash the kernel when removing the driver after a failed or incomplete firmware download. The fix adds a guard before freeing rx->skb in...
CVE-2024-46778
The CVE-2024-46778 entry describes a Linux kernel defect in drm/amd/display where UnboundedRequestEnabled was checked as a pointer (dml_bool_t *UnboundedRequestEnabled) instead of its boolean value, causing address-based checks rather than dereferenced value. This was fixed to address a reverse N...
CVE-2024-50091
CVE-2024-50091 is a Linux kernel vulnerability involving the dm vdo dedupe_context pointer. The official fixes clear the dedupe_context pointer in a data_vio once ownership of the context is lost, preventing vdo from accessing it after release. Root cause: dereferencing a freed or relinquished de...
CVE-2025-21786
CVE-2025-21786 concerns a Linux kernel workqueue use-after-free. The issue arises from a patch that reap workers via kthread_stop() and detaches the rescuer, but incorrectly does not preserve the rescuer’s reference to the pool and removes the code waiting for the rescuer in put_unbound_pool(). T...
CVE-2009-1633
The CVE-2009-1633 issue affects the Linux kernel CIFS subsystem prior to 2.6.29.4. It describes multiple buffer overflows in CIFS that can be triggered by a malformed Unicode string (Unicode string area alignment in fs/cifs/sess.c) or long Unicode characters (fs/cifs/cifssmb.c and fs/cifs/readdir...
CVE-2010-2066
CVE-2010-2066 affects the Linux kernel up to version 2.6.34. The flaw is in fs/ext4/move_extent.c: the mext_check_arguments routine, which can allow a local attacker to overwrite an append-only file when using the MOVE_EXT ioctl and designating that file as the donor. The issue arises from insuff...
CVE-2010-2803
CVE-2010-2803 affects the Linux kernel DRM subsystem. The drm_ioctl path in drivers/gpu/drm/drm_drv.c allows a local user to request a large memory allocation and may leak kernel memory contents. Affected trees/versions include 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2...
CVE-2021-47142
CVE-2021-47142 concerns the Linux kernel’s DRM/AMDGPU stack. The vulnerability stems from a use-after-free in the AMDGPU TTM memory backend when cleaning up objects, specifically due to not clearing ttm->sg (the sg table) which can lead to a general protection fault during teardown. The connec...
CVE-2021-47354
CVE-2021-47354 affects the Linux kernel’s DRM scheduler. The issue arises from not waiting for all dependencies of a job to complete before terminating it, which could lead to data corruption. The published notes describe the vulnerable component as the kernel’s DRM/sched path and the fix as ensu...
CVE-2022-48946
CVE-2022-48946 concerns a Linux kernel issue in udf preallocation handling. When the first preallocation extent is the first in an extent block, the code could corrupt the extent tree header. The fix changes the behavior to discard or correctly manage preallocation at the indirect extent boundary...
CVE-2022-49516
CVE-2022-49516 affects the Linux kernel: the ice network driver could dereference a VSI pointer returned by ice_get_vf_vsi without validating it, which could be NULL in scenarios such as resets when a VSI is removed and recreated. The published fix is to check the return value of ice_get_vf_vsi e...
CVE-2023-2430
CVE-2023-2430 concerns the Linux kernel io_uring IOPOLL path. The root cause is a missing lock in io_cqring_event_overflow(), allowing a locally privileged user to trigger a Denial of Service via the io_uring subsystem. Public advisories (Debian, SUSE, Amazon Linux) indicate patches exist in upda...
CVE-2024-26648
CVE-2024-26648 affects the Linux kernel’s drm/amd/display path (AMDGPU) where in edp_setup_replay() a dereference of “struct dc *dc” and “struct dmub_replay *replay” occurred before validating NULL pointers for “link” and the replay, leading to a potential crash. The fix updates the AMD display c...
CVE-2024-26771
Linux kernel CVE-2024-26771Fix: The TI edma (dmaengine) driver now includes null-pointer checks in edma_probe to guard against NULL from devm_kasprintf() (which can return NULL on failure). This prevents a potential NULL dereference in the kasprintf allocation path. Patch references in the Linux ...
CVE-2024-35932
CVE-2024-35932 affects the Linux kernel DRM VC4 driver. The issue is in non-blocking commits where the check plane->state->fb == state->fb is not reliably protected, causing potential refcount underflow across prepare_fb/cleanup_fb. The root cause is that drm_plane.state should not be ac...
CVE-2024-46727
CVE-2024-46727 detail (mode C): Affects Linux kernel’s drm/amd/display path, specifically resource_log_pipe_topology_update. The issue arises from a missing NULL check on otg_master, which could trigger a NULL_RETURN path. A fix was implemented by adding an otg_master NULL check to prevent the NU...
CVE-2010-5331
CVE-2010-5331 affects the Linux kernel prior to 2.6.34, due to a range-check off-by-one issue in drivers/gpu/drm/radeon/atombios.c that can cause a buffer overflow. The vulnerability is rooted in how a value is used in that path; at least one Linux maintainer believes the CVE may be incorrectly a...
CVE-2012-1146
The vulnerability CVE-2012-1146 affects the Linux kernel, specifically mem_cgroup_usage_unregister_event in mm/memcontrol.c, when running versions before 3.2.10. The issue arises from how multiple events attached to the same eventfd are handled, enabling a local attacker to trigger a NULL pointer...
CVE-2012-6704
CVE-2012-6704 affects the Linux kernel prior to 3.5. The sock_setsockopt path in net/core/sock.c mishandles negative values for sk_sndbuf/sk_rcvbuf, enabling a local attacker with CAP_NET_ADMIN to trigger memory corruption and a possible denial of service (memory corruption/system crash). Affecte...
CVE-2021-47112
CVE-2021-47112 affects the Linux kernel’s x86/kvm PV features (Async PF, PV EOI, steal time) used with hypervisors. The issue is that these PV features share memory with the hypervisor, and after hibernation the kernel must teardown all such features to prevent the hypervisor from writing to stal...
CVE-2023-52818
CVE-2023-52818 affects the Linux kernel: drm/amd/ SMU7 UBSAN array-index-out-of-bounds due to pptable structs with flexible array sizes. The fix changes pptable structs to use flexible arrays. Impact is high with local, low-privilege exploitation potential as per the description. Remediation: app...
CVE-2024-22705
The CVE CVE-2024-22705 affects ksmbd in the Linux kernel prior to 6.6.10. It is caused by an issue in smb2_get_data_area_len (fs/smb/server/smb2misc.c) where the relationship between Name data and CreateContexts data can lead to an out-of-bounds access in smb_strndup_from_utf16. This is a local i...
CVE-2024-42115
CVE-2024-42115 involves the Linux kernel jffs2 subsystem. The issue stems from a memory-detection pattern in jffs_inode_info where fields (except sem) could remain uninitialized, causing a NULL/dangling target being freed in jffs2_free_inode during iget_locked/destroy_inode races under high press...
CVE-2024-46752
CVE-2024-46752 - Mode C (detailed, verified): The vulnerability is in the Linux kernel’s btrfs code path; specifically, update_ref_for_cow() previously used BUG_ON() and now returns an error, logs an error, and aborts the transaction when an extent buffer in the relocation tree lacks the full bac...
CVE-2024-49932
CVE-2024-49932 affects the Linux kernel’s btrfs relocation path. The issue arises when relocating data extents on RAID stripe trees: readahead on the relocation inode may receive ENOENT from a RAID-based lookup, but the code does not handle the error, leading to invalid reads and a kernel bug in ...
CVE-2010-2955
The CVE-2010-2955 issue affects the Linux kernel before 2.6.36-rc3-next-20100831, specifically the cfg80211_wext_giwessid function in net/wireless/wext-compat.c, which fails to initialize certain structure members. This enables a local attacker to exploit an off-by-one error in ioctl_standard_iw_...
CVE-2011-3359
CVE-2011-3359 affects the Linux kernel (pre-2.6.39), specifically the b43 wireless driver. The dma_rx path does not allocate receive buffers properly, enabling remote attackers to crash the system via a crafted frame (DoS). Affected code is in drivers/net/wireless/b43/dma.c. Remediation: upgrade ...
CVE-2014-9710
CVE-2014-9710 affects the Linux kernel’s Btrfs xattr handling prior to 3.19. The vulnerability arises because the visible xattr state may not be consistent with a requested replacement, enabling local attackers to bypass ACLs and gain privileges through standard filesystem operations during an xa...
CVE-2021-47267
CVE-2021-47267 affects the Linux kernel USB gadget code: if a gadget driver calls usb_assign_descriptors() with a NULL super-speed-plus descriptor and the system runs at 10Gbps, a null pointer dereference can crash the kernel when a 10Gbps device port, cable, and host port are detected. The docum...
CVE-2021-47405
CVE-2021-47405 affects the Linux kernel HID usbhid subsystem. The issue is a memory leak from unsent raw_report buffers when a USB HID device is removed; a patch/fix has been released in the kernel to address this. The CVSS metrics in the initial record show a MEDIUM base score (5.5) with LOCAL a...
CVE-2021-47599
CVE-2021-47599 covers a Linux kernel bug in btrfs: during pruning/moving devices, btrfs_show_devname() could fail to find devices and emit a warning. The fix updates the device list handling so latest_dev->name is shown reliably in /proc/self/mounts, with devices kept alive under RCU protectio...
CVE-2021-47623
CVE-2021-47623 affects the PowerPC path in the Linux kernel where unmapping a fixmap entry via __set_fixmap() (FIXMAP_PAGE_CLEAR) ends up calling map_kernel_page(), which fails if invoked a second time for the same page. The connected documents confirm the root cause in arch/powerpc/mm/pgtable.c ...
CVE-2021-47644
CVE-2021-47644 affects the Linux kernel where the “media: staging: media: zoran” code path was updated to move videodev allocation out of zr36057_init() and create new handling functions for zr->video_dev. The change fixes a memory leak in zr->video_dev and improves code readability. The vu...
CVE-2021-47645
CVE-2021-47645 affects the Linux kernel media subsystem (staging: media: zoran). The root cause is a miscalculated buffer index in zoran_reap_stat_com when tmp_dcim=1, which can lead to a NULL pointer dereference. Patches were applied to correct the calculation and add a defensive check to preven...
CVE-2022-48631
The CVE-2022-48631 issue affects the Linux kernel’s ext4 extents parsing. Specifically, ext4_ext_binsearch_idx() could operate on an extent header with eh_depth > 0 when eh_entries is 0, leading to garbage indices and kernel crash (BUG at fs/ext4/extents.c:2258) observed in the provided traces...
CVE-2022-49292
CVE-2022-49292 is tied to the Linux kernel ALSA oss PCM buffer allocation overflow. The vulnerability occurs when snd_pcm_plug_alloc() may allocate an oversized temporary buffer during data conversion if hardware parameters allow larger-than-expected period/buffer sizes, risking an INT_MAX overfl...
CVE-2022-49733
CVE-2022-49733 affects the Linux kernel ALSA: oss subsystem (snd_pcm_oss) with a race in snd_pcm_oss_sync() triggered via SNDCTL_DSP_SYNC. The issue arises because snd_pcm_oss_make_ready() is invoked before acquiring the params_lock, creating a window where another thread can reconfigure the stre...
CVE-2023-52825
CVE-2023-52825 — Linux kernel (drm/amdkfd) race condition fix . A race in vram buffer unref (prange->svm_bo) could occur in both the MMU callback and a callback after migrating to system RAM, across async tasks. The issue allowed a potential use-after-free in the AMDGPU SVM path. The vulnerabi...
CVE-2024-26770
CVE-2024-26770 concerns the Linux kernel HID for the Nvidia Shield: a missing null-pointer check in LED initialization (led init path) could dereference NULL after devm_kasprintf() returns NULL. The issue arises during LED initialization within the Nvidia Shield HID handling; the CVSSv3.1 vector ...
CVE-2024-43886
The connected Astra Linux bulletin confirms CVE-2024-43886 affects the Linux kernel in the DRM/AMD display path, specifically a risk in resource_log_pipe_topology_update within dc_resource.c. The root cause is a potential null pointer dereference when switching from “Extend” to “Second Display On...
CVE-2024-49970
CVE-2024-49970 affects the Linux kernel DRM AMD display path. The issue is a bounds check failure in dcn401_stream_encoder_create for the DCN401 encoder: the stream_enc_regs array, sized for indices 0–3, could be accessed with eng_id = 5, causing a buffer overflow and undefined behavior. The vuln...