Lucene search
K
LinuxLinux Kernel5.14.1

25 matches found

CVE
CVE
added 2024/12/29 8:42 a.m.2491 views

CVE-2024-56709

CVE-2024-56709 — Linux kernel io_uring race condition : The vulnerability arises when a task’s work is queued after the task has gone through io_uring termination, potentially finding the io_wq pointer already killed and null. The fix adds a guard so that io_queue_iowq() will fail in this scenari...

5.5CVSS6.5AI score0.00211EPSS
CVE
CVE
added 2024/12/28 9:46 a.m.2479 views

CVE-2024-56707

The connected Astra Linux and MS/ENISA/Nessus entries confirm CVE-2024-56707 affects the Linux kernel octeontx2-pf driver and states the root cause as missing error pointer checks after otx2_mbox_get_rsp in otx2_dmac_flt.c. A fix adds error pointer validation after the call. The remediation is th...

5.5CVSS6.5AI score0.00236EPSS
CVE
CVE
added 2025/02/26 2:10 a.m.149 views

CVE-2022-49333

Consolidated from multiple sources: CVE-2022-49333 affects Linux kernels with Mellanox mlx5 E-Switch offloads on pair-only capable devices. Root cause: mlx5_get_next_phys_dev() could be invoked without holding the interface lock, after an assert introduced by the Lag/filter changes. This conditio...

5.5CVSS5.3AI score0.00245EPSS
CVE
CVE
added 2025/05/08 6:26 a.m.149 views

CVE-2025-37833

CVE-2025-37833 affects the Linux kernel NIC driver net/niu, where an MSIX ENTRY_DATA read-before-write on an msix entry can trigger a fatal trap. The fix ensures niu_try_msix() does not cause a trap on SPARC and adds a workaround flag PCI_DEV_FLAGS_MSIX_TOUCH_ENTRY_DATA_FIRST on the pci_dev to pr...

5.5CVSS6.4AI score0.00146EPSS
CVE
CVE
added 2025/03/27 4:43 p.m.135 views

CVE-2023-53024

The CVE-2023-53024 entry concerns the Linux kernel BPF subsystem. Root cause: speculative store bypass (SSB) can cause a stack slot initially containing a pointer to be overwritten by a scalar without a subsequent lfence, enabling a potential speculative-pointer‑as‑scalar leak. The mitigation add...

7.1CVSS6.8AI score0.00189EPSS
CVE
CVE
added 2025/04/01 3:40 p.m.115 views

CVE-2025-21924

The CVE affects the Linux kernel net/ hns3/ hclge_ptp code path. During ptp initialization, if hclge_ptp_get_cycle returns an error, the clock could remain unregistered and not freed. The fix adds a call to hclge_ptp_destroy_clock to unregister and free the clock when ptp_cycle acquisition fails,...

5.5CVSS7.2AI score0.00191EPSS
CVE
CVE
added 2025/02/26 1:55 a.m.114 views

CVE-2022-49229

CVE-2022-49229 affects the Linux kernel: when unregistering a physical PTP clock that has attached virtual clocks, the kernel now unregisters the virtual clocks as well to prevent a fault. The issue could trigger a page fault in ptp_vclock_read and lead to an OOPs trace, as shown in the provided ...

5.5CVSS6.2AI score0.00245EPSS
CVE
CVE
added 2025/08/11 4:1 p.m.108 views

CVE-2025-38499

CVE-2025-38499 affects the Linux kernel. The issue arises in clone_private_mnt() where CAP_SYS_ADMIN is checked in the wrong user namespace, potentially allowing a local attacker with low privileges to influence mount handling and affect availability. The referenced advisories show this CVE is tr...

5.5CVSS7AI score0.00137EPSS
CVE
CVE
added 2024/06/19 1:45 p.m.103 views

CVE-2024-38594

CVE-2024-38594 concerns the Linux kernel net: stmmac subsystem where the EST lock was moved from the EST structure into struct stmmac_priv to avoid reinitializing the mutex when reinitializing the EST. The underlying issue was that reinitializing the EST could reset the embedded mutex lock, trigg...

5.5CVSS6.5AI score0.0021EPSS
CVE
CVE
added 2025/06/18 11:2 a.m.86 views

CVE-2022-50076

CVE-2022-50076 concerns the Linux kernel CIFS implementation: a memory leak in the deferred close path has been fixed. The description from multiple sources (NVD entry and connected advisories) shows the issue manifests as a kmemleak report during SMB2/xfstests (xfstests on smb21 report kmemleak)...

5.5CVSS6.5AI score0.00154EPSS
CVE
CVE
added 2025/03/27 4:37 p.m.76 views

CVE-2021-4454

CVE-2021-4454 - Linux kernel CAN/j1939 session deactivation race : The issue, resolved in Linux kernel CAN/j1939 transport, concerns j1939_session_deactivate() which can be invoked with a session ref-count below 2 in some concurrently-executed paths. The description notes that this is not a fatal...

5.5CVSS6.3AI score0.00226EPSS
CVE
CVE
added 2025/07/10 7:42 a.m.73 views

CVE-2025-38305

CVE-2025-38305 affects the Linux kernel: the advisory describes removing the ptp->n_vclocks check logic in ptp_vclock_in_use() to avoid a recursive locking scenario. The trigger involves reading ptp->n_vclocks under the n_vclocks_mux while another path holds the same mutex, causing a potent...

5.5CVSS6.4AI score0.00145EPSS
CVE
CVE
added 2025/02/26 1:54 a.m.66 views

CVE-2022-49048

CVE-2022-49048 (Linux kernel) : The vulnerability relates to the IPv6 forwarding path where a kernel panic can occur in ip6_forward() if the input interface has no in6 device. The issue has been resolved in the Linux kernel (as described in multiple advisories), with reproduction steps involving ...

5.5CVSS5.4AI score0.00253EPSS
CVE
CVE
added 2025/05/02 3:55 p.m.58 views

CVE-2023-53069

CVE-2023-53069 concerns the Linux kernel octeontx2-vf driver: missing free for alloc_percpu leading to a memory leak in vf->hw.lmt_info. The fix adds free_percpu for the allocated structure, mirroring the existing pf->hw.lmt_info cleanup in otx2_pf.c. This change reduces a local memory leak...

5.5CVSS6.6AI score0.00165EPSS
CVE
CVE
added 2026/01/13 3:34 p.m.30 views

CVE-2025-71094

CVE-2025-71094: In the Linux kernel, the ASIX USB Ethernet driver (net: usb: asix) could read an invalid PHY address from a USB device (address >= PHY_MAX_ADDR), triggering a warning in mdiobus_get_phy. The fix validates the PHY address in asix_read_phy_addr() and removes the now-redundant che...

5.5CVSS6.1AI score0.00114EPSS
CVE
CVE
added 2026/04/22 1:54 p.m.25 views

CVE-2026-31480

CVE-2026-31480 concerns a Linux kernel deadlock in CPU hotplug when tracing with osnoise. The vulnerability arises from a lock-ordering issue: a mutex_lock on interface_lock is taken while osnoise_sleep() and subsequent actions hold cpu hotplug state, followed by cpus_read_lock(), which can cause...

5.5CVSS5.6AI score0.00095EPSS
CVE
CVE
added 2026/05/06 11:27 a.m.22 views

CVE-2026-43161

CVE-2026-43161 is a Linux kernel IOMMU VT-d vulnerability related to ATS invalidation when a PCIe endpoint loses connection. In scalable-mode-disabled/unsupported systems, an endpoint link drop can cause the IOMMU to wait indefinitely for an ATS invalidation, leading to a host hard-lock (notably ...

5.5CVSS5.8AI score0.00122EPSS
CVE
CVE
added 2025/09/15 2:1 p.m.21 views

CVE-2022-50243

CVE-2022-50243 – Linux kernel SCTP use-after-free (summary from connected advisories) The vulnerability arises in SCTP when an error is returned from sctp_auth_asoc_init_active_key(): the old sh_key could be freed while still in use as the active key, leading to a use-after-free during packet sen...

7.8CVSS6.1AI score0.0015EPSS
CVE
CVE
added 2026/04/22 1:54 p.m.21 views

CVE-2026-31489

This CVE (CVE-2026-31489) affects the Linux kernel meson-spicc SPI controller driver. The vulnerability arises from a double-put: meson_spicc_probe() registers the controller with devm_spi_register_controller(), and the removal path erroneously calls spi_controller_put() again in meson_spicc_remo...

7.8CVSS5.6AI score0.00129EPSS
CVE
CVE
added 2026/04/22 1:54 p.m.21 views

CVE-2026-31492

The CVE-2026-31492 entry concerns the Linux kernel RDMA irdma driver. Root cause: in irdma_create_qp, if ib_copy_to_udata fails, irdma_destroy_qp cleanup waits on free_qp completion that has not been initialized yet. The fix is to initialize the free_qp completion before the ib_copy_to_udata call...

5.5CVSS5.6AI score0.00123EPSS
CVE
CVE
added 2026/01/14 3:7 p.m.20 views

CVE-2025-71133

The CVE-2025-71133 entry concerns the Linux kernel RDMA/irdma path, where irdma_net_event could dereference neigh (ptr) data before confirming NETEVENT_NEIGH_UPDATE. The code fix moves neigh->dev access under the NETEVENT_NEIGH_UPDATE case, preventing a potential out-of-bounds read reported by...

7.1CVSS6AI score0.00153EPSS
CVE
CVE
added 2026/03/25 10:27 a.m.15 views

CVE-2026-23335

CVE-2026-23335: Linux kernel RDMA/irdma create_user_ah() leak resolved. Root cause: the irdma_create_ah_resp struct contained 4 bytes (rsvd) that were never zeroed, leaking stack memory prior to ib_respond_udata(). Affected code paths thus exposed uninitialized stack content (4 bytes) in the resp...

5.5CVSS5.7AI score0.00123EPSS
CVE
CVE
added 2026/03/25 10:27 a.m.14 views

CVE-2026-23348

Summary of a Linux kernel CVE (CVE-2026-23348) : The issue is a race condition in the CXL/NVDIMM subsystem where NVDIMM objects reprobe after cxl_acpi removal can occur with the nvdimm_bus object missing, leading to a NULL pointer dereference and potential system crash (DoS). Affected area center...

4.7CVSS5.7AI score0.00088EPSS
CVE
CVE
added 2025/10/04 3:16 p.m.13 views

CVE-2023-53549

CVE-2023-53549 is a Linux kernel vulnerability affecting netfilter ipset long task execution when adding/deleting large numbers of elements in one step. The issue arose because a prior patch to limit batch size was insufficient, risking hung tasks. The fix reworks the batching by saving state and...

5.5CVSS6.3AI score0.00117EPSS
CVE
CVE
added 2025/10/07 3:19 p.m.13 views

CVE-2023-53649

CVE-2023-53649 concerns a memory-leak in the Linux kernel related to perf trace. The described fix corrects how the evsel->priv area is freed: previously, freeing occurred only when evsel->tp_format->system compared to 'syscalls' yielded zero, but evsel->priv could be non-zero in othe...

5.5CVSS6.1AI score0.00184EPSS