7 matches found
CVE-2024-26798
CVE-2024-26798 : Linux kernel fbcon font restore regression fix. The commit a5a923038d70 initially restored old font data on vc_resize() failure but only for user fonts; system/internal fonts were left unreverted, causing a subsequent fbcon_do_set_font() to fail restoration and potentially crash ...
CVE-2022-49916
CVE-2022-49916 covers a NULL pointer dereference in the Linux kernel’s Rose protocol path (rose_send_frame). The issue surfaces when rose_loopback_neigh's neigh->dev is NULL, causing access to neigh->dev->dev_addr and triggering a NULL dereference in rose_send_frame (rose_link.c: rose_se...
CVE-2022-48641
CVE-2022-48641 (Linux kernel) affects netfilter ebtables where a malformed blob can cause a memory leak. The fix corrected an incomplete patch that replaced a crash with a leak; the code path incorrectly embedded an assignment to ret in the conditional and this was not properly restored. Affected...
CVE-2022-48643
The CVE-2022-48643 issue in the Linux kernel concerns nf_tables counters underflow when nft_counters_enabled is decremented in the error path of nft_basechain_init during nf_tables_addchain(). Syzbot reported an underflow after adding a chain; the root cause was nf_tables_chain_destroy() decremen...
CVE-2026-43309
The CVE-2026-43309 issue affects the Linux kernel’s md raid and device-mapper (dm-raid) components. When stopping a RAID array managed by dm-raid, the system could hang because md_stop() attempted to flush the write-intent bitmap to metadata sub-devices that were already suspended. The fix preven...
CVE-2022-49947
CVE-2022-49947: Linux kernel binder null-ptr dereference in alloc->vma_vm_mm. Connected reports confirm a fix: initialize alloc->vma_vm_mm during open() and cache from current->mm to guarantee safe mmap_lock usage when a binder_proc has not mmap’d to set up alloc space. Descriptions deta...
CVE-2022-50404
CVE-2022-50404 is a Linux kernel vulnerability affecting fbdev/fbcon where a memory leak could occur in fbcon_do_set_font() due to buffer handling when vc_resize() fails; the buffer might be newly allocated by fbcon_set_font() and released only partially. The issue was fixed in the kernel (as not...