17 matches found
CVE-2024-26977
CVE-2024-26977 — Linux kernel MMIO leak due to broken guarding of iounmap(). The vulnerability arises because the ARCH_HAS_GENERIC_IOPORT_MAP guard was applied to iounmap() in pci_iounmap(), causing MMIO mappings to leak. The fix relocates the guard so iounmap() is called for MMIO mappings, preve...
CVE-2025-21802
CVE-2025-21802 is a Linux kernel issue affecting the networking driver path for hns3. The vulnerability arises during driver unload when the hclge path attempts to disable SR-IOV for each ae_dev in hnae3_ae_dev_list while the ae_dev list is being modified, which can cause an oops. The root cause ...
CVE-2022-49266
CVE-2022-49266 (Linux kernel) : The vulnerability arises in the block layer where the patch that prevents calling rq_qos_done_bio() for untracked bios caused blk-iocost to mis-handle merged bios, leaving them “in-flight.” The fix adds a new flag BIO_QOS_MERGED to mark merged bios and ensures rq_q...
CVE-2022-48807
CVE-2022-48807 concerns the Linux kernel ice driver and the LAG NETDEV_UNREGISTER notifier path. The issue arises because the same notifier handler was invoked for both NETDEV_BONDING_INFO LAG unlink and NETDEV_UNREGISTER events, passing a netdev_notifier_info structure that differs between event...
CVE-2022-49195
The CVE-2022-49195 entry documents a Linux kernel issue in the DSA driver: during multi-chip probing, all switches must probe, but up to N-1 may bind and later shutdown since the Nth switch initializes the tree. If that Nth initialization fails, shutdown on the other switches dereferences uniniti...
CVE-2026-45997
CVE-2026-45997 concerns the Linux kernel SCSI disk driver (sd). The issue arises when device_add(&sdkp->disk_dev) fails during sd_probe; as a result, put_device() calls lead to scsi_disk_release() freeing the scsi_disk but leaving the gendisk referenced. The fix adds a missing put_disk(gd) in ...
CVE-2022-50307
In CVE-2022-50307, the Linux kernel s390/cio subsystem had an out-of-bounds read during cio_ignore free scans. The bug arose from an optimization that excluded online devices from scans, incorrectly assuming I/O-subchannel drvdata pointed to a private struct, which is invalid for devices bound to...
CVE-2025-39943
CVE-2025-39943 affects the Linux kernel’s ksmbd smb_direct_data_transfer path. The vulnerability arises if data_offset or data_length in smb_direct_data_transfer are invalid, enabling an out-of-bounds condition. The cited patch adds validation in recv_done to guard against invalid offsets/lengths...
CVE-2026-23364
CVE-2026-23364 concerns the Linux kernel’s ksmbd path, where MAC comparisons were not performed in constant time. The underlying issue is a timing-attack-prone memcmp() usage; the recommended fix is to replace memcmp() with crypto_memneq() to ensure constant-time comparisons. The vulnerability is...
CVE-2025-39942
CVE-2025-39942 is a Linux kernel vulnerability affecting the ksmbd smbdirect component. The issue, described as: “verify remaining_data_length respects max_fragmented_recv_size,” is a refinement inspired by the existing check for data_offset + data_length. The connected sources identify this CVE ...
CVE-2025-71266
The CVE-2025-71266 entry concerns the Linux kernel ntfs3 filesystem. A malformed directory entry in NTFS3 could trigger an infinite loop in indx_find during lookups, repeatedly reading the same block and allocating 4 KB per iteration, causing memory exhaustion and potential DoS. The vulnerability...
CVE-2026-23359
CVE-2026-23359 stems from a Linux kernel bug in BPF devmap handling. get_upper_ifindexes() could write upper-device indices beyond the allocated stack, because the code assumed MAX_NEST_DEV (8) bounds, but the number of upper devices (e.g., many macvlan) could exceed that. The result is a stack-o...
CVE-2022-50536
CVE-2022-50536 affects the Linux kernel’s BPF sockmap path. In tcp_bpf_send_verdict() redirection, the eval variable is set to __SK_REDIRECT after sending apply_bytes data; if msg.has_more_data, sock_put() can be called multiple times, risking a use-after-free via refcount misuse. The issue is fi...
CVE-2026-31476
In the Linux kernel component ksmbd, CVE-2026-31476 describes a logic flaw where a multichannel session binding request that fails (for example, due to a wrong password) could cause the targeted session to be marked SMB2_SESSION_EXPIRED. Because the failed binding may reference a session from ano...
CVE-2025-71132
CVE-2025-71132 affects the Linux kernel’s smc91x driver when built with PREEMPT_RT, causing a workqueue/RCU leak due to smc_special_trylock() disabling IRQs without restoring them. The root cause is that smc_special_unlock() uses spin_unlock_irqrestore() but cannot invoke rcu_read_unlock() via __...
CVE-2026-31477
In CVE-2026-31477, the Linux kernel ksmbd component smb2_lock() had three error-handling issues after detaching smb_lock from lock_list: (1) non-UNLOCK path leaks smb_lock and its flock when vfs_lock_file() returns an unexpected error, (2) UNLOCK path leaks on -ENOENT with stale error code, and (...
CVE-2026-43015
The CVE-2026-43015 issue is in the Linux kernel macb PCI glue driver where clk handling during platform_device_unregister() can be used after the device is unregistered. The root cause is that platform_device_unregister may still use registered clks during a runtime resume callback, leading to a ...