5 matches found
CVE-2022-49266
CVE-2022-49266 (Linux kernel) : The vulnerability arises in the block layer where the patch that prevents calling rq_qos_done_bio() for untracked bios caused blk-iocost to mis-handle merged bios, leaving them “in-flight.” The fix adds a new flag BIO_QOS_MERGED to mark merged bios and ensures rq_q...
CVE-2025-38656
CVE-2025-38656 affects the Linux kernel’s wifi iwlwifi path (iwl_op_mode_dvm_start). The vulnerability stems from preserving the error code when iwl_setup_deferred_work() fails; the code previously returned ERR_PTR(0) (NULL), which could cause a use-after-free involving debugfs. A patch has been ...
CVE-2025-40082
CVE-2025-40082 targets the Linux kernel’s hfsplus code and causes a slab-out-of-bounds read in hfsplus_uni2asc() when listing extended attributes. The issue arises because the expected unicode buffer structure size varies (hfsplus_attr_unistr vs hfsplus_unistr), so a previous fix was insufficient...
CVE-2026-45904
The CVE-2026-45904 issue affects the Linux kernel’s PowerPC EEH driver, where a restructuring workaround caused a recursive lock scenario around pci_lock_rescan_remove. The problem arose when EEH event handling briefly acquired the PCI bus lock while eeh_pe_bus_get() could also attempt the same l...
CVE-2026-46146
CVE-2026-46146 affects the Linux kernel's ALSA USB audio stack, specifically the convert_chmap_v3() routine. A loop uses cs_desc->wLength for increment but this value isn’t validated, allowing a potential endless loop with malformed descriptors. The issue is resolved by adding a proper size ch...