78 matches found
CVE-2021-46933
The CVE-2021-46933 issue affects the Linux kernel USB gadget f_fs component. It occurred when ffs_data_clear was invoked indirectly via ffs_fs_kill_sb/ffs_ep0_release, causing eventfd_ctx_put to be called multiple times and leading to a refcount underflow. The documented fix zeroes out ffs_eventf...
CVE-2021-46928
CVE-2021-46928 affects the Linux kernel on parisc: a trap7 (Instruction access rights) could leave the cr19 IIR register with a stale value. The patch fixes this by overwriting the stale IIR with the constant 0xbaadf00d when the trap occurs, preventing confusing dump values. The issue arises beca...
CVE-2021-46934
CVE-2021-46934 affects the Linux kernel i2c subsystem, specifically the compat ioctl path. The issue was that wrong user data could cause warnings in i2c_transfer(); userspace might trigger warnings through the compat ioctl. The patch adds validation of user data in the compat ioctl to prevent re...
CVE-2021-46913
CVE-2021-46913 affects the Linux kernel nf_tables/nftables clone set element expressions. The root cause is memcpy() corruption when using a connlimit in set elements, which crashes the connlimit garbage collector during list-walk. The documented fix is to initialize the connlimit expression list...
CVE-2021-46924
CVE-2021-46924 affects the Linux kernel NFC driver st21nfca. The issue is a memory leak caused by phy->pending_skb being allocated during device probe but not freed on error or remove paths. The connected Astra Linux bulletin and referenced kernel commits confirm the root cause and the remedia...
CVE-2021-46932
CVE-2021-46932 affects the Linux kernel’s input subsystem (Input: appletouch). The root cause is that input_dev->close() can cancel_work_sync(&dev->work) before dev->work is initialized (initialized after input_register_device()), causing a risk of a NULL work function in __flush_work()....
CVE-2021-46943
CVE-2021-46943 : Linux kernel vulnerability in media: staging/intel-ipu3 where a faulty set_fmt error handling could cause mis-updated sizes, enabling a local exploit path that, without the fix, could trigger excessive RAM use (up to 4 GiB) and an OOPS. The issue stems from overwriting previous v...
CVE-2021-46920
CVE-2021-46920 concerns the Linux kernel DMAengine idxd; the bug is a clobber of the SWERR overflow bit during writeback where the code overwrites SWERR/OVERFLOW instead of restoring the bits read. Affected: Linux kernel with idxd component; root cause: writeback path writes read values back, pre...
CVE-2021-46916
CVE-2021-46916 affects the ixgbe driver in the Linux kernel, where a NULL pointer dereference can occur during the ethtool loopback test due to a missing q_vector for the test ring. The fix adds a check for a q_vector and, if absent, returns a napi_id value of 0. This resolves a potential crash/D...
CVE-2021-46914
CVE-2021-46914 concerns the Linux kernel ixgbe driver, where suspend/resume code caused an unbalanced device enable/disable sequence. The root cause was a removal of pci_enable_device_mem() from ixgbe_resume(), which in combination with pci_disable_device() in __ixgbe_shutdown() could over- or un...
CVE-2021-46911
CVE-2021-46911 affects the Linux kernel; the issue is a kernel-panic condition caused by how page refcount is handled during ch_ktls transmit. The documented fix modifies the transmit path to take the tx_ctx lock for the complete skb transmit, preventing page cleanup when an ACK is received mid-t...
CVE-2023-52451
CVE-2023-52451 affects the Linux kernel on POWER architectures, where a bounds check oversight in pseries hot-add/hot-remove memory logic allowed potential out-of-bounds access in the drmem lmb array when a DRC index lookup failed. The issue manifested as a dereference of a cursor pointing past t...
CVE-2023-52448
CVE-2023-52448 affects the Linux kernel gfs2 subsystem. Syzkaller reported a NULL pointer dereference in gfs2_rgrp_dump when rgd->rd_rgl is accessed, potentially after rgd->rd_gl creation fails in read_rindex_entry(). The fix adds a NULL pointer check in gfs2_rgrp_dump() to prevent derefere...
CVE-2021-46951
CVE-2021-46951 (Linux kernel) concerns a local vulnerability in TPM support where tpm_read_log_efi could trigger integer underflow of efi_tpm_final_log_size when a TPM2 driver is loaded/unloaded repeatedly. The issue arises from subtracting final_events_preboot_size from a global final log size, ...
CVE-2023-52449
The CVE refers to a Linux kernel issue where, if both ftl.ko and gluebi.ko are loaded, the ftl notifier may dereference gluebi->desc during gluebi_read(), causing a NULL pointer dereference in the MTD/UBI gluebi flow. Root cause described: gluebi_get_device() is not invoked early enough in the...
CVE-2023-52445
The CVE-2023-52445 vulnerability (Linux kernel, media: pvrusb2) stems from a use-after-free when a context is disconnected during module load; a kthread may call pvr2_context_destroy and free the context before usb hub_event notification. The patch adds a sanity check to prevent the invalid read ...
CVE-2021-28038
CVE-2021-28038 is a Linux kernel issue (through 5.11.3 with Xen PV) where the netback driver mishandles grant mapping errors, leaving memory allocation/error conditions untreated. In a Xen PV setup, a misbehaving networking frontend driver can trigger a host OS denial of service (Dom0 crash) from...
CVE-2021-46944
CVE-2021-46944 : Linux kernel vulnerability in media: staging/intel-ipu3 where a memory reference leak in imu_fmt occurs due to misordered checks; patch fixes memory leak by changing check order. Impact limited to memory leak; no exploitation details provided in the documents. Remediation: apply ...
CVE-2021-46930
CVE-2021-46930 details from connected docs: In the Linux kernel, the usb mtu3 subsystem had a fix for a list_head check warning caused by uninitialized list_head, leading to a KASAN use-after-free in __list_del_entry_valid and an observed call trace through mtu3, mtu3_req_complete, mtu3_gadget_st...
CVE-2023-52443
CVE-2023-52443 affects the Linux kernel AppArmor parser. A packed profile containing a name like ":samba-dcerpcd" can be treated as only a namespace, causing tmpname to be NULL while tmpns remains non-NULL, which leads to a NULL dereference in aa_alloc_profile during unpack_profile/a a_unpack pat...
CVE-2024-26934
CVE-2024-26934: Linux kernel USB core deadlock in usb_deauthorize_interface() when sysfs attribute callbacks hold a parent device lock. Affected: drivers/usb/core/sysfs.c (interface_authorized_store) acquiring parent device lock; fix uses sysfs_break_active_protection() to avoid waiting for the c...
CVE-2023-52429
CVE-2023-52429 affects the Linux kernel driver path drivers/md/dm-table.c. The issue arises in dm_table_create’s alloc_targets path where, due to a missing check for struct dm_ioctl.target_count, it can allocate more than INT_MAX bytes and crash. Public sources in connected Nessus plugins confirm...
CVE-2021-38201
The CVE affects the Linux kernel, specifically net/sunrpc/xdr.c, where an out-of-bounds slab access (xdr_set_page_base) could be triggered by many NFS 4.2 READ_PLUS operations, allowing remote denial-of-service. Affected: Linux kernel versions prior to 5.13.4. Root cause: slab-out-of-bounds acces...
CVE-2023-52438
CVE-2023-52438 concerns a Linux kernel use-after-free in the binder shrinker path. The issue arises because the mmap read lock is held during the shrinker’s callback, making alloc->vma unsafe to access when munmap races with shrink. The fix downgrades or avoids the unsafe path by isolating the...
CVE-2023-52444
CVE-2023-52444 : In Linux kernel f2fs, a dirent corruption risk during cross-directory rename (dir/.. links) was fixed. The issue arose in f2fs_rename() when the sourceDir and targetDir differ and a whiteout is not present; a missing f2fs_set_link() could fail to update the ".." inumber, causing ...
CVE-2021-47194
CVE-2021-47194 : Linux kernel vulnerability in cfg80211 where switching from P2P_GO to ADHOC via NL80211_CMD_SET_INTERFACE failed to call cfg80211_stop_ap, allowing in-use data to be re-initialized (e.g., sdata->assigned_chanctx_list) while still in assigned_vifs, corrupting the linked list. D...
CVE-2022-48656
CVE-2022-48656 relates to a refcount leak in Linux kernel dmaengine: ti: k3-udma-private (of_xudma_dev_get). The issue stems from a missing of_node_put() in the error/fail path, causing a reference leak. The fix moves of_node_put() before the check to ensure proper reference handling. Impact is m...
CVE-2022-48654
The CVE-2022-48654 entry concerns a Linux kernel netfilter issue: nfnetlink_osf (nf_osf_find) could incorrectly return true on a mismatch, causing copying of uninitialized memory in nft_osf and leaking stale kernel stack data to userspace. Connected Astra Linux advisory mirrors this vulnerability...