2330 matches found
CVE-2021-47324
CVE-2021-47324 relates to the Linux kernel watchdog driver. The issue is a use-after-free risk in wdt_startup() caused by the remove path calling del_timer() instead of waiting for the timer handler to finish. The timer handler could still be running after the driver’s remove function returns, po...
CVE-2022-48790
CVE-2022-48790 concerns a use-after-free in the Linux kernel nvme controller reset path during load, caused by a race in AER submission where drivers may not check ctrl readiness before processing an AEN. The issue can occur when teardown of admin queue and AEN handling overlap, leading to a free...
CVE-2022-48791
The CVE-2022-48791 issue in the Linux kernel relates to scsi: pm8001 use-after-free for aborted TMF sas_task. The problem occurs when a TMF sas_task is aborted due to a timeout and the task is freed in pm8001_exec_internal_tmf_task() while IO completion occurs later. The IO completion may still t...
CVE-2022-49115
CVE-2022-49115 is a Linux kernel vulnerability in the PCI: endpoint subsystem where a misused goto label could lead to a memory leak. The description across connected advisories reiterates the same root cause and states that a fix was applied in the kernel (commit history referenced in the linked...
CVE-2022-49119
In the Linux kernel, CVE-2022-49119 concerns a memory leak in the SCSI pm8001 path: in pm8001_chip_fw_flash_update_build(), if the build fails, the previously allocated fw_control_ex must be freed. The issue is resolved by applying the fix in the pm8001_chip_fw_flash_update_req/build flow. Affect...
CVE-2022-49178
CVE-2022-49178 concerns the Linux kernel memstick/mspro_block code. The vulnerability stems from leaking a reference when a read-only device is encountered and from how read-only state was checked. The fix propagates the read-only state to the block layer by using set_disk_ro, instead of performi...
CVE-2022-49526
CVE-2022-49526 - Linux kernel md/bitmap issue : In clustered MD (md-cluster) setups, the code path md_bitmap_read_sb can permit a faulty bitmap to pass sanity checks, allowing the chunksize to be assigned even when the bitmap data is invalid. This leads to a division error (DIV_ROUND_UP_SECTOR_T)...
CVE-2022-49544
CVE-2022-49544 affects the Linux kernel IPW2X00 stack. The issue is a potential NULL dereference in libipw_xmit() when crypt and crypt->ops could be null. The fix adds null checks before dereferencing these fields. The vulnerability is local with likely crash/denial impact; exploitation status...
CVE-2022-49622
CVE-2022-49622 (Linux kernel) describes a use-after-free risk in nf_tables when verdict is NF_STOLEN in netfilter, where skb freeing may have occurred. The fix prevents illegal skb access by: (1) caching skb->nf_trace in the trace state and refreshing it when verdict != STOLEN; (2) skipping sk...
CVE-2022-50211
CVE-2022-50211 : Linux kernel md-raid10 path had a slab-out-of-bounds KASAN warning in raid10_remove_disk during an lvm-based reshape test. The fix verifies that the value “number” is valid to prevent an out-of-bounds read (Read of size 8) from 256-byte kmalloc slab. The issue is tied to KASAN re...
CVE-2024-35803
CVE-2024-35803 affects the Linux kernel, specifically the x86 efistub in mixed-mode boot handling. The root cause is that EFI boot service calls were made using the decompressor’s 16k boot stack during 32‑bit firmware entry paths, while EFI boot services require a larger (128k) stack. This mismat...
CVE-2024-37354
CVE-2024-37354 affects the Linux kernel with a btrfs crash when racing between fsync and size-extending writes into preallocated extents. Concrete details from connected docs show a BUG triggered in btrfs_set_item_key_safe() during a log/commit sequence (duplicate keys for prealloc extents), lead...
CVE-2024-46808
CVE-2024-46808 affects the Linux kernel component drm/amd/display, where a missing NULL pointer check in dpcd_extend_address_range can lead to an assertion if kcalloc returns NULL. The connected Nessus entry confirms the vulnerability exists in Linux distros without a vendor patch and cites the s...
CVE-2021-47113
CVE-2021-47113 affects the Linux kernel, in the btrfs code path for rename_exchange. A failure to insert the second inode ref during a rename could leave the first ref dangling and corrupt the filesystem. The root cause is an error injection stress that may abort after the first successful inode-...
CVE-2021-47183
CVE-2021-47183 affects the Linux kernel’s SCSI lpfc driver where a link-down transition with outstanding ABTS/ELS requests could trigger a NULL pointer dereference and, in some cases, driver unload hangs. The fix adds a flag to Abort handling to prevent link-traffic during failure conditions, avo...
CVE-2021-47229
CVE-2021-47229 concerns the Linux kernel PCI aardvark driver. A kernel panic could occur when a new PIO transfer is started before the previous one finished; the kernel will issue an External Abort/SSeror interrupt leading to a reboot. The root cause analysis noted a previously added Trusted Firm...
CVE-2021-47380
The CVE-2021-47380 entry describes a NULL pointer dereference in the Linux kernel related to HID amd_sfh: the function devm_add_action_or_reset() could call amd_mp2_pci_remove() before data was initialized. The fix moves the data initialization prior to devm_add_action_or_reset() to prevent deref...
CVE-2021-47600
The CVE-2021-47600 entry concerns a Linux kernel vulnerability in the dm btree code where a use-after-free occurs during rebalance_children. The root cause is described as a use-after-free in the btree remove path, with the fix specified as moving dm_tm_unlock() after dm_tm_dec(). The vulnerabili...
CVE-2021-47612
CVE-2021-47612 (Linux kernel) — A vulnerability in nf cGenl dump paths can cause a null-pointer dereference and kernel crash when kmalloc in nfc_genl_dump_devices() fails, leading to a segfault in nfc_genl_dump_devices_done and related netlink/worker threads. The issue is fixed in the Linux kerne...
CVE-2021-47641
CVE-2021-47641 (Linux kernel) affects the video fbdev Cirrus driver (cirrusfb) within the kernel’s fbdev subsystem. The issue arises in cirrusfb_check_pixclock when pixclock can be zero, causing a divide by zero that Syzkaller reported. The driver then rounds up pixclock to approximate maxclock, ...
CVE-2022-48875
CVE-2022-48875 affects the Linux kernel’s wireless stack (mac80211). The vulnerability arises when AMPDU start handling in the driver path can encounter a NULL sdata during deauthentication, leading to a NULL dereference. Specifically, ieee80211_tx_ba_session_handle_start() may receive NULL for s...
CVE-2022-49104
CVE-2022-49104 affects the Linux kernel, specifically the staging/vchiq_core code path. The issue is triggered when find_service_by_handle is given an invalid handle, which can return NULL and lead to a NULL pointer dereference. The description in the provided documents confirms this root cause a...
CVE-2022-49106
CVE-2022-49106 affects the Linux kernel (staging: vchiq_arm). The root cause is a potential NULL pointer dereference in vchiq_dump_platform_instances when vchiq_get_state() may return NULL. The vulnerability could impact kernel availability with local access required. A fix is included in upstrea...
CVE-2022-49176
CVE-2022-49176: Linux kernel fix for a use-after-free in bfq_dispatch_request (bfq) causing potential memory corruption in SCSI-mq paths. The issue is addressed by kernel patches referenced in the linked advisories (Unity Linux UTSA updates and Astra/Linux advisories). Exploitation status is not ...
CVE-2022-49318
CVE-2022-49318 pertains to the Linux kernel f2fs subsystem. The vulnerability arises when Syzbot-triggered WARN_ONs in f2fs_is_valid_blkaddr (and __is_bitmap_valid) are triggered for DATA_GENERIC_ENHANCE or DATA_GENERIC_ENHANCE_READ when blkaddr is out of the expected range. The issue was resolve...
CVE-2022-49527
In CVE-2022-49527, the Linux kernel media/venus/hfi path was fixed to avoid a null-dereference during deinitialization. If venus_probe fails at pm_runtime_put_sync, the error path previously called hfi_destroy (which sets core->ops to NULL) and then attempted hfi_core_deinit, which would deref...
CVE-2022-49936
Summary (CVE-2022-49936) In the Linux kernel, the USB core vulnerable path is “Prevent nested device-reset calls.” The accompanying analysis shows a recursive locking violation in usb-storage when a nested reset occurs during device removal, caused by a reset being invoked while another is in pro...
CVE-2023-22996
CVE-2023-22996 affects the Linux kernel prior to 5.17.2. In drivers/soc/qcom/qcom_aoss.c, an of_find_device_by_node reference is not released after use (e.g., via put_device), which can lead to a lingering reference. The practical impact and exploitability are not described in the provided docume...
CVE-2023-52516
CVE-2023-52516 affects the Linux kernel’s dma-debug path. The root cause is that __dma_entry_alloc_check_leak() could be invoked while holding free_entries_lock and then call printk/serial console while port->lock is held, creating a reverse locking dependency chain: console_owner -> port_l...
CVE-2023-52921
The CVE-2023-52921 entry affects the Linux kernel’s DRM/amdgpu path, where a use-after-free (UAF) can occur in amdgpu_cs_pass1. The root cause is that the gang_size check is outside the chunk parsing loop, so i must be reset before freeing the chunk data. This vulnerability has been addressed by ...
CVE-2024-36909
CVE-2024-36909 affects the Linux kernel hv (Hyper-V) vmbus ring buffers. The vulnerability arises when set_memory_decrypted() fails in CoCo VMs, causing memory to be shared instead of properly encrypted. The VMBus ring buffer code could free decrypted/shared pages if set_memory_decrypted() fails....
CVE-2025-37834
CVE-2025-37834 affects the Linux kernel, specifically the mm/vmscan path. When a dirty swapcache page labeled hwpoison is isolated during reclaim and not locked, a memory failure can lead to the page being returned to the LRU and later cause a VM_BUG_ON_FOLIO during a subsequent reclaim. The issu...
CVE-2025-37882
CVE-2025-37882 relates to a Linux kernel isochronous xHCI Ring handling race. The fix changes how xrun events are processed so that a TD queued at a ring position isn’t prematurely completed or warned about when the event TRB pointer can be NULL or a no-op. Triggering conditions include higher IR...
CVE-2010-4529
CVE-2010-4529 refers to an integer underflow in the irda_getsockopt function (net/irda/af_irda.c) of the Linux kernel prior to 2.6.37 on non-x86 platforms. This underflow could allow a local attacker to obtain potentially sensitive information from kernel heap memory via an IRLMP_ENUMDEVICES gets...
CVE-2011-1173
CVE-2011-1173 affects the Linux kernel on x86_64 prior to 2.6.39. The vulnerability is in the econet_sendmsg function (net/econet/af_econet.c) and allows a remote attacker to read uninitialized data from kernel stack memory via an Acorn Universal Networking (AUN) packet, enabling information disc...
CVE-2014-3182
CVE-2014-3182 affects the Linux kernel up to version 3.16.1, where an array index error in the logi_dj_raw_event function of drivers/hid/hid-logitech-dj.c can be exploited by a physically proximate attacker using a malformed REPORT_TYPE_NOTIF_DEVICE_UNPAIRED value to execute arbitrary code or cau...
CVE-2015-8955
CVE-2015-8955 affects the Linux kernel on arm64 (arch/arm64/kernel/perf_event.c) prior to 4.1. The issue arises from events across multiple HW PMUs being mishandled, allowing local users to gain privileges or trigger a denial of service via an invalid pointer dereference. Impact is limited to loc...
CVE-2022-49113
CVE-2022-49113 — In the Linux kernel, a refcount leak in powerpc/secvar, specifically in format_show(), is fixed. The leak can occur when format_show returns failure in multiple paths. The mitigation is the unified management of of_node_put to correct the leak. The available connected sources con...
CVE-2022-49420
CVE-2022-49420 documents a data race in the Linux kernel involving UDP path: UDP sendmsg() reads sk->sk_bound_dev_if while it can be changed by another thread, and UDP wake/receive paths around __ip6_datagram_connect and udpv6_sendmsg. The issue is in net/ipv6/udp.c and related dgram/connect c...
CVE-2022-49502
CVE-2022-49502 relates to the Linux kernel, specifically the media driver component for the rga (graphics) device. The issue was a memory leak in rga_probe where the rga->m2m_dev could remain allocated if rga_probe failed, and the resolution requires freeing m2m_dev on probe failure. The vulne...
CVE-2022-49620
CVE-2022-49620 (Linux kernel, net: tipc) Affects the Tipc subsystem: a potential refcount leak in tipc_sk_create() when tipc_sk_insert() fails. The fix ensures the sk is freed on failure, preventing a leak. The public description notes local attack vector with low privileges required and no user ...
CVE-2022-49727
CVE-2022-49727 : In the Linux kernel, the vulnerability affects the IPv6 L2TP send path (ipv6_sendmsg) where a signed integer overflow can occur when len >= INT_MAX - transhdrlen, causing ulen = len + transhdrlen to overflow. The fix mirrors the approach used in udpv6 by subtracting transhdrle...
CVE-2022-50029
CVE-2022-50029 affects the Linux kernel “clk: qcom: ipq8074: dont disable gcc_sleep_clk_src” issue where the USB sleep clock is disabled while the clock framework tries to disable the sleep clock source, causing a failure. The connected advisories (Unity Linux / Astra Linux / SUSE entries) descri...
CVE-2023-22999
The CVE-2023-22999 issue affects the Linux kernel prior to 5.16.3, specifically the drivers/usb/dwc3/dwc3-qcom.c path. The root cause is that dwc3_qcom_create_urs_usb_platdev’s return value is misinterpreted in error cases (expected NULL but it is an error pointer), leading to an incorrect handli...
CVE-2023-4394
CVE-2023-4394 is a local-use-after-free in the Linux kernel’s btrfs subsystem, specifically in btrfs_get_dev_args_from_path (fs/btrfs/volumes.c). The flaw allows a local attacker with special privileges to crash the system or leak internal kernel information. The vulnerability is documented acros...
CVE-2023-52517
CVE-2023-52517 affects the Linux kernel SPI sun6i driver where a race between DMA RX completion and RX FIFO drain could corrupt data. The fix separates RX FIFO drain from DMA mode by draining RX FIFO only in interrupt mode and by waiting for RX DMA completion before returning when DMA is used, en...
CVE-2023-52805
CVE-2023-52805 affects the Linux kernel/JFS inode allocation. The issue is an array-index-out-of-bounds in diAlloc caused by lack of validation of the iag’s agno during new inode allocation, which could lead to fragmentation. A fix was added to perform the necessary check, and multiple connected ...
CVE-2023-53038
CVE-2023-53038 concerns the Linux kernel: in scsi lpfc, the function lpfc_sli4_cgn_params_read() may encounter a kzalloc() failure, after which lpfc_read_object() dereferences pdata without a NULL check. The published fix changes the error code path from -ENODEV to -ENOMEM to reflect allocation f...
CVE-1999-0656
The CVE-1999-0656 issue affects the ugidd RPC interface and allows remote enumeration of valid usernames by querying arbitrary UIDs mapped to local user/group names. Connected documents indicate affected kernel packages in Linux distributions (e.g., CBL Mariner and Red Hat-sourced advisories) wit...
CVE-2014-0203
CVE-2014-0203 affects the Linux kernel up to version 2.6.32.x, where the __do_follow_link function in fs/namei.c mishandles the last pathname component for certain filesystems, enabling a local attacker to trigger a denial of service (incorrect free operations and system crash) via an open() call...