54 matches found
CVE-2023-52488
CVE-2023-52488 concerns the Linux kernel driver for SC16IS7XX UARTs. In burst mode, the SC16IS7XX can read/write FIFO data with an initial register address, and regmap_raw_read()/regmap_raw_write() do not increment the register in this path. This could corrupt the regmap cache when multi-byte tra...
CVE-2024-26961
CVE-2024-26961 affects the Linux kernel, related to mac802154_llsec_key_del freeing key resources outside the required RCU grace period. The issue can lead to a use-after-free when llsec_lookup_key() traverses the key list in parallel with a deletion. The provided connected documents describe the...
CVE-2024-53144
CVE-2024-53144 corresponds to a Linux kernel Bluetooth issue: “Bluetooth: hci_event: Align BR/EDR JUST_WORKS pairing with LE” which aligns BR/EDR JUST_WORKS with LE and interacts with policy that now requires user confirmation. Connected items show concrete detail for CVE-2024-8805 (BlueZ HID ove...
CVE-2024-57904
CVE-2024-57904 affects the Linux kernel’s IIO subsystem for at91: the at91_ts_register path frees the wrong object during error handling. The code currently calls input_free_device() on st->ts_input, but the err path can run before iio_dev is assigned to st->ts_input. The fix is to call inp...
CVE-2022-48626
CVE-2022-48626 affects the Linux kernel moxart MMC host driver. A use-after-free occurs when the mmc host structure is accessed after being freed in moxart_remove(). The fix saves the device’s base register and uses it instead of dereferencing the freed pointer. Connected sources confirm this is ...
CVE-2021-33909
CVE-2021-33909 affects the Linux kernel’s filesystem layer (fs/seq_file.c) across 3.16–5.13.x, with fixed releases in 5.13.4 and via patches noted in downstream advisories. The root cause is a size_t-to-int conversion that permits an integer overflow during seq buffer allocations, enabling an Out...
CVE-2018-13405
CVE-2018-13405 involves the Linux kernel inode_init_owner() logic where, in a scenario with an SGID directory and a writably user who is not in that group, a local user could create a plain file with the SGID group ownership and executable bits, effectively escalating privileges. Connected docume...
CVE-2019-14821
CVE-2019-14821 is a Linux kernel KVM issue: an out-of-bounds access in the Coalesced MMIO write path can occur if a host user controls the MMIO ring buffer indices (ring->first/ring->last). A local attacker with /dev/kvm access could crash the host kernel or potentially escalate privileges ...
CVE-2020-13143
CVE-2020-13143 affects the Linux kernel USB gadget/configfs (drivers/usb/gadget/configfs.c) from 3.16 to 5.6.13. The flaw arises when gadget_dev_desc_UDC_store uses kstrdup and may encounter an internal NUL value, leading to potential out-of-bounds memory access (reported as heap out-of-bounds wr...
CVE-2023-3390
CVE-2023-3390 is a local-use-after-free vulnerability in Linux kernel nftables (net/netfilter/nf_tables_api.c) caused by mishandled NFT_MSG_NEWRULE error paths, enabling a local attacker with CAP_SYS_ADMIN to trigger a privilege escalation. Public advisories (Amazon Linux 2/ALAS, Astra Linux, Deb...
CVE-2020-11494
The CVE-2020-11494 issue affects the Linux kernel slcan (serial line CAN) driver: in slcan.c, CAN headers for received packets may not be fully initialised when receiving data, enabling local attackers to read uninitialised can_frame data from kernel memory (information leak). Root cause is incom...
CVE-2018-17182
Summary : CVE-2018-17182 is a Linux kernel use-after-free vulnerability in the vmacache subsystem. The root cause is that the function vmacache_flush_all mishandles sequence number overflows, allowing a local attacker to trigger a use-after-free via certain thread creation/map/unmap/invalidation/...
CVE-2019-19052
CVE-2019-19052 is a memory-leak vulnerability in the Linux kernel, specifically in drivers/net/can/usb/gs_usb.c within the gs_can_open() function. The issue allows a denial of service through memory consumption when usb_submit_urb() fails, affecting the kernel up to version before 5.3.11. The rea...
CVE-2020-9383
CVE-2020-9383 affects the Linux kernel floppy driver (set_fdc in drivers/block/floppy.c) where the FDC index is not checked for errors before assignment, causing a wait_til_ready out-of-bounds read. Impact per the CVE description: local attacker could cause a denial of service or privilege escala...
CVE-2015-3288
CVE-2015-3288 affects the Linux kernel prior to 4.1.4. It arises from mishandling anonymous pages in mm/memory.c, allowing a local user to gain privileges or cause a denial of service by writing to page zero. The issue is fixed in 4.1.4 (per ChangeLog-4.1.4 and related advisories referenced in th...
CVE-2021-38300
CVE-2021-38300 affects the Linux kernel on MIPS through arch/mips/net/bpf_jit.c, where the BPF JIT can emit incorrect machine code when transforming unprivileged cBPF programs. Root cause: conditional branches can exceed the 128 KB limit, enabling a local user to execute arbitrary code in kernel ...
CVE-2022-49647
CVE-2022-49647 affects the Linux kernel cgroups migration code. The vulnerability stems from overloading cset->mg_preload_node for both src and dst preload lists during task migrations, which could allow a cset to be simultaneously sourced and destined, risking a use-after-free if all tasks le...
CVE-2024-47737
CVE-2024-47737 is a Linux kernel vulnerability in NFSD where, when xdr_reserve_space returns NULL due to insufficient buffer, a missing cache_put after a successful cache_get can occur if idmap_lookup triggers lookup_fn. This can create a mismatch in the nfsd cache handling. The CVE has a CVSSv3....
CVE-2024-40911
CVE-2024-40911 affects the Linux kernel WiFi stack: linux wifi cfg80211_get_station may dereference a NULL pointer if the wiphy is not locked, leading to an Unable to handle kernel NULL pointer dereference. The fix locks the wiphy before rdev_get_station() (see ieee80211_get_station lockdep asser...
CVE-2024-50036
CVE-2024-50036 is a Linux kernel vulnerability where dst_entries_add() uses per-CPU data that can be freed during netns dismantle, making dst_entries_destroy() race with dst_release() and potentially causing a use-after-free. The issue arises because the count of dsts must be decremented earlier,...
CVE-2022-49602
The CVE-2022-49602 entry refers to a data race in the Linux kernel’s sysctl_fwmark_reflect reader. The race occurs while reading sysctl_fwmark_reflect, which could be changed concurrently; the fix is to apply READ_ONCE() to the reader to ensure a consistent read. Connected advisories (EulerOS/Ope...
CVE-2022-49601
CVE-2022-49601 is a Linux kernel vulnerability where a data race occurs in the tcp/dccp path around reading the sysctl_fwmark_accept value. The root cause is concurrent modification of the reader while sysctl_tcp_fwmark_accept is being read, leading to potential inconsistency. The documented fix ...
CVE-2019-17052
CVE-2019-17052 affects Linux kernel 3.16–5.3.2 where several AF_NET_RAW-bound protocols (AX.25) do not enforce CAP_NET_RAW in socket creation, allowing unprivileged users to create raw sockets. Related entries mention additional interfaces (IEEE802.154, Appletalk, ISDN, NFC) with the same CAP_NET...
CVE-2024-57981
CVE-2024-57981 affects the Linux kernel USB xHCI code. When a command is queued to the final usable TRB and later aborted, the abort path could dereference a NULL cur_cmd, crashing due to a timer-setup path. The fix prevents timer setup if cur_cmd is NULL, and keeps the doorbell sequence safe. Af...
CVE-2025-37781
CVE-2025-37781 affects the Linux kernel involving the i2c Cros EC tunnel. When i2c-cros-ec-tunnel and the EC driver are built-in, the EC parent device may not be found, causing a NULL pointer dereference. The issue can be reproduced by unbinding the controller driver and re-loading the i2c-cros-e...
CVE-2024-44950
CVE-2024-44950 affects the Linux kernel serial driver for sc16is7xx. When enabling the special register set, Receiver time-out and RHR interrupts could cause the IRQ handler to read the FIFO via RHR at address 0x00, which is actually DLL, leading to erroneous FIFO reads. Root cause: invalid FIFO ...
CVE-2025-21634
CVE-2025-21634 concerns the Linux kernel cpuset/cgroup path where kernfs active protection can be broken during concurrent cpuset writes, triggering a warning and potential deadlock risk. The root cause involved a sequence of hotplug-related changes that async/sync cpuset processing and previousl...
CVE-2024-46829
The CVE-2024-46829 entry affects the Linux kernel and concerns a deadlock condition in rtmutex handling. Root cause: rt_mutex_handle_deadlock() is invoked with rt_mutex::wait_lock still held; in the deadlock path this could lead to an endless scheduling loop while the lock remains held and trigge...
CVE-2022-48960
The CVE-2022-48960 issue is a Linux kernel use-after-free in net: hisilicon/hix5hd2_rx(), where a skb may be freed by napi_gro_receive() and later dereferenced. The connected sources confirm a fix was applied in the kernel (via stable tree commits referenced in the CVE entry). The vulnerability a...
CVE-2022-50213
CVE-2022-50213 is a Linux kernel nf_tables/use-after-free vulnerability. When looking up NFT sets by ID within a batch, a set from a different table could be returned, and after the table was freed, a dangling reference could be exploited. The issue is in the cross-table handling of SET_ID and is...
CVE-2022-49248
CVE-2022-49248 relates to the Linux kernel ALSA: firewire-lib, where the deferrable AV/C transaction flag could be left uninitialized for non-control/notify AV/C transactions. UBSAN reported an invalid-load in fcp.c when handling AV/C responses, with the status flag being read as a boolean. The i...
CVE-2022-49661
Affected component: Linux kernel, gs_usb driver (USB CAN adapter). Issue: memory leak in gs_usb_open/close where RX URBs allocated with usb_alloc_coherent() were not freed by usb_kill_anchored_urbs() and DMA memory leaked. Root cause: improper freeing pattern; the fix explicitly frees RX URBs and...
CVE-2022-49189
CVE-2022-49189 : In the Linux kernel (clk-rcg2, Qualcomm display pixel clock), final D calculation for the M/N ratio could fall outside the accepted range, causing underflow. The fix updates the D-value calculation to respect the valid range for given M and N, preventing underflow. Affected compo...
CVE-2021-47587
CVE-2021-47587 concerns Linux kernel net: systemport descriptor lifecycle. The vulnerability arises from a shared descriptor list across multiple TX queues where the existing per-queue locking fails to serialize writes to WRITE_PORT_{HI,LO}, allowing concurrent producers to corrupt descriptors. C...
CVE-2022-49679
The CVE-2022-49679 entry concerns a Linux kernel ARM refcount leak in axxia_boot_secondary. The flaw arises because of_find_compatible_node() returns a node pointer with an incremented refcount and is not paired with a corresponding of_node_put(). The connected Astra Linux and Unity/OSV entries r...
CVE-2022-48715
CVE-2022-48715 is a Linux kernel vulnerability related to the SCSI driver bn x2fc. The issue stems from bnx2fc_recv_frame() modifying per-CPU lport stats counters in a non-MP-safe way, which could occur in a preemptible context when SMP features are enabled. The resolved fix restores the old get_...
CVE-2025-38497
CVE-2025-38497 (Linux kernel) affects usb gadget configfs: writing an empty string to the qw_sign or landingPage sysfs attributes can dereference page[l-1] before length validation, causing an OOB read. The fix adds an early length check in os_desc_qw_sign_store() and webusb_landingPage_store() t...
CVE-2021-47256
CVE-2021-47256 stems from a Linux kernel memory_failure fix where a missing wait for page writeback could leave inode i_wb_list in an inconsistent state, triggering a BUG_ON in clear_inode and kernel panic. Connected advisories describe the root cause: after end_page_writeback, inode->i_wb_lis...
CVE-2022-50229
CVE-2022-50229 is a Linux kernel vulnerability in the ALSA bcd2000 driver. The issue is a use-after-free (UAF) bug that occurs on the error path during probing: when snd_card_register() fails, the driver frees midi_out_urb before it is killed, enabling a UAF condition. The observed log pattern me...
CVE-2022-50197
In CVE-2022-50197, the Linux kernel vulnerability affects the cpufreq: zynq component. The root cause is a refcount leak when retrieving a device node: of_find_compatible_node() returns a node pointer with an incremented refcount, and missing of_node_put() on cleanup leads to a leak. The fix adds...
CVE-2025-38555
The CVE CVE-2025-38555 is a use-after-free in Linux kernel USB gadget driver during composite_dev_cleanup, arising when configfs_composite_bind() frees cdev->os_desc_req on kmalloc failure but doesn’t NULL it, leading to a subsequent use of non-NULL pointer. The issue affects the usb gadget’s ...
CVE-2026-23231
CVE-2026-23231 affects the Linux kernel nf_tables code. The root cause is a use-after-free in nf_tables_addchain(), where a new chain is published to a table via list_add_tail_rcu() before hooks are registered; on failure the error path frees the chain without an RCU grace period, creating use-af...
CVE-2025-71221
CVE-2025-71221: The Linux kernel mmp_pdma driver contained a race in mmp_pdma_residue() that could cause use-after-free when descriptors are freed while tx_status() iterates the descriptor list. The race occurs as CPU0 unwinds the descriptor list without proper locking while CPU1's tasklet can fr...
CVE-2022-50503
CVE-2022-50503 affects the Linux kernel component mtd: lpddr2_nvm. The vulnerability is a possible null-ptr-deref in resource_size(add_range) when platform_get_resource() returns NULL. This is triggered in the lpddr2_nvm code path and can lead to a crash/local impact as described. The issue has b...
CVE-2026-45890
The CVE-2026-45890 issue affects the Linux kernel xen-netback in Xen environments. The backend validated the upper bound of multi-queue config but did not reject zero, allowing a guest to set multi-queue-num-queues to 0. This leads to vzalloc(array_size(0, sizeof(struct xenvif_queue))) and WARN_O...
CVE-2026-31619
The CVE-2026-31619 vulnerability affects the Linux kernel ALSA fireworks driver where a 32-bit status value from a FireWire device could be looked up in a 17-entry efr_status_names[] array, potentially indexing outside the array and causing incorrect string formatting. The issue could interpret E...
CVE-2023-53667
CVE-2023-53667 affects the Linux kernel net/cdc_ncm path. The vulnerability arises when dwNtbOutMaxSize is lower than the calculated minimum but greater than zero, causing skb allocation in cdc_ncm_fill_tx_frame() to run out of space and potentially panic due to skb bounds checks. The patch/clamp...
CVE-2022-50347
In CVE-2022-50347, the Linux kernel vulnerability is in mmc: rtsx_usb_sdmmc where mmc_add_host() return value was not checked. If mmc_add_host() fails and the code ignores the error, memory allocated by mmc_alloc_host() can be leaked, causing a kernel crash from deleting a non-added device in the...
CVE-2022-50434
CVE-2022-50434: Technical details (affected product/component, root cause, impact, versions, fix) are not present in the connected documents. Monitor for updates.
CVE-2026-31773
The CVE-2026-31773 entry concerns the Linux kernel Bluetooth SMP implementation. The root cause is that the legacy responder path in smp_random() marks the STK as authenticated whenever pending_sec_level is BT_SECURITY_HIGH, which reflects the requested security level rather than the actual pairi...