25 matches found
CVE-2024-56709
CVE-2024-56709 — Linux kernel io_uring race condition : The vulnerability arises when a task’s work is queued after the task has gone through io_uring termination, potentially finding the io_wq pointer already killed and null. The fix adds a guard so that io_queue_iowq() will fail in this scenari...
CVE-2024-56707
The connected Astra Linux and MS/ENISA/Nessus entries confirm CVE-2024-56707 affects the Linux kernel octeontx2-pf driver and states the root cause as missing error pointer checks after otx2_mbox_get_rsp in otx2_dmac_flt.c. A fix adds error pointer validation after the call. The remediation is th...
CVE-2022-49333
Consolidated from multiple sources: CVE-2022-49333 affects Linux kernels with Mellanox mlx5 E-Switch offloads on pair-only capable devices. Root cause: mlx5_get_next_phys_dev() could be invoked without holding the interface lock, after an assert introduced by the Lag/filter changes. This conditio...
CVE-2025-37833
CVE-2025-37833 affects the Linux kernel NIC driver net/niu, where an MSIX ENTRY_DATA read-before-write on an msix entry can trigger a fatal trap. The fix ensures niu_try_msix() does not cause a trap on SPARC and adds a workaround flag PCI_DEV_FLAGS_MSIX_TOUCH_ENTRY_DATA_FIRST on the pci_dev to pr...
CVE-2023-53024
The CVE-2023-53024 entry concerns the Linux kernel BPF subsystem. Root cause: speculative store bypass (SSB) can cause a stack slot initially containing a pointer to be overwritten by a scalar without a subsequent lfence, enabling a potential speculative-pointer‑as‑scalar leak. The mitigation add...
CVE-2025-21924
The CVE affects the Linux kernel net/ hns3/ hclge_ptp code path. During ptp initialization, if hclge_ptp_get_cycle returns an error, the clock could remain unregistered and not freed. The fix adds a call to hclge_ptp_destroy_clock to unregister and free the clock when ptp_cycle acquisition fails,...
CVE-2022-49229
CVE-2022-49229 affects the Linux kernel: when unregistering a physical PTP clock that has attached virtual clocks, the kernel now unregisters the virtual clocks as well to prevent a fault. The issue could trigger a page fault in ptp_vclock_read and lead to an OOPs trace, as shown in the provided ...
CVE-2025-38499
CVE-2025-38499 affects the Linux kernel. The issue arises in clone_private_mnt() where CAP_SYS_ADMIN is checked in the wrong user namespace, potentially allowing a local attacker with low privileges to influence mount handling and affect availability. The referenced advisories show this CVE is tr...
CVE-2024-38594
CVE-2024-38594 concerns the Linux kernel net: stmmac subsystem where the EST lock was moved from the EST structure into struct stmmac_priv to avoid reinitializing the mutex when reinitializing the EST. The underlying issue was that reinitializing the EST could reset the embedded mutex lock, trigg...
CVE-2022-50076
CVE-2022-50076 concerns the Linux kernel CIFS implementation: a memory leak in the deferred close path has been fixed. The description from multiple sources (NVD entry and connected advisories) shows the issue manifests as a kmemleak report during SMB2/xfstests (xfstests on smb21 report kmemleak)...
CVE-2021-4454
CVE-2021-4454 - Linux kernel CAN/j1939 session deactivation race : The issue, resolved in Linux kernel CAN/j1939 transport, concerns j1939_session_deactivate() which can be invoked with a session ref-count below 2 in some concurrently-executed paths. The description notes that this is not a fatal...
CVE-2025-38305
CVE-2025-38305 affects the Linux kernel: the advisory describes removing the ptp->n_vclocks check logic in ptp_vclock_in_use() to avoid a recursive locking scenario. The trigger involves reading ptp->n_vclocks under the n_vclocks_mux while another path holds the same mutex, causing a potent...
CVE-2022-49048
CVE-2022-49048 (Linux kernel) : The vulnerability relates to the IPv6 forwarding path where a kernel panic can occur in ip6_forward() if the input interface has no in6 device. The issue has been resolved in the Linux kernel (as described in multiple advisories), with reproduction steps involving ...
CVE-2023-53069
CVE-2023-53069 concerns the Linux kernel octeontx2-vf driver: missing free for alloc_percpu leading to a memory leak in vf->hw.lmt_info. The fix adds free_percpu for the allocated structure, mirroring the existing pf->hw.lmt_info cleanup in otx2_pf.c. This change reduces a local memory leak...
CVE-2025-71094
CVE-2025-71094: In the Linux kernel, the ASIX USB Ethernet driver (net: usb: asix) could read an invalid PHY address from a USB device (address >= PHY_MAX_ADDR), triggering a warning in mdiobus_get_phy. The fix validates the PHY address in asix_read_phy_addr() and removes the now-redundant che...
CVE-2026-31480
CVE-2026-31480 concerns a Linux kernel deadlock in CPU hotplug when tracing with osnoise. The vulnerability arises from a lock-ordering issue: a mutex_lock on interface_lock is taken while osnoise_sleep() and subsequent actions hold cpu hotplug state, followed by cpus_read_lock(), which can cause...
CVE-2026-43161
CVE-2026-43161 is a Linux kernel IOMMU VT-d vulnerability related to ATS invalidation when a PCIe endpoint loses connection. In scalable-mode-disabled/unsupported systems, an endpoint link drop can cause the IOMMU to wait indefinitely for an ATS invalidation, leading to a host hard-lock (notably ...
CVE-2022-50243
CVE-2022-50243 – Linux kernel SCTP use-after-free (summary from connected advisories) The vulnerability arises in SCTP when an error is returned from sctp_auth_asoc_init_active_key(): the old sh_key could be freed while still in use as the active key, leading to a use-after-free during packet sen...
CVE-2026-31489
This CVE (CVE-2026-31489) affects the Linux kernel meson-spicc SPI controller driver. The vulnerability arises from a double-put: meson_spicc_probe() registers the controller with devm_spi_register_controller(), and the removal path erroneously calls spi_controller_put() again in meson_spicc_remo...
CVE-2026-31492
The CVE-2026-31492 entry concerns the Linux kernel RDMA irdma driver. Root cause: in irdma_create_qp, if ib_copy_to_udata fails, irdma_destroy_qp cleanup waits on free_qp completion that has not been initialized yet. The fix is to initialize the free_qp completion before the ib_copy_to_udata call...
CVE-2025-71133
The CVE-2025-71133 entry concerns the Linux kernel RDMA/irdma path, where irdma_net_event could dereference neigh (ptr) data before confirming NETEVENT_NEIGH_UPDATE. The code fix moves neigh->dev access under the NETEVENT_NEIGH_UPDATE case, preventing a potential out-of-bounds read reported by...
CVE-2026-23335
CVE-2026-23335: Linux kernel RDMA/irdma create_user_ah() leak resolved. Root cause: the irdma_create_ah_resp struct contained 4 bytes (rsvd) that were never zeroed, leaking stack memory prior to ib_respond_udata(). Affected code paths thus exposed uninitialized stack content (4 bytes) in the resp...
CVE-2026-23348
Summary of a Linux kernel CVE (CVE-2026-23348) : The issue is a race condition in the CXL/NVDIMM subsystem where NVDIMM objects reprobe after cxl_acpi removal can occur with the nvdimm_bus object missing, leading to a NULL pointer dereference and potential system crash (DoS). Affected area center...
CVE-2023-53549
CVE-2023-53549 is a Linux kernel vulnerability affecting netfilter ipset long task execution when adding/deleting large numbers of elements in one step. The issue arose because a prior patch to limit batch size was insufficient, risking hung tasks. The fix reworks the batching by saving state and...
CVE-2023-53649
CVE-2023-53649 concerns a memory-leak in the Linux kernel related to perf trace. The described fix corrects how the evsel->priv area is freed: previously, freeing occurred only when evsel->tp_format->system compared to 'syscalls' yielded zero, but evsel->priv could be non-zero in othe...