18 matches found
CVE-2024-26926
CVE-2024-26926 : The Linux kernel vulnerability concerns the binder subsystem. After commit 6d98eb95, an offset alignment check was removed from binder_alloc_copy_from_buffer()/check_buffer(), and answers were copied in binder_get_object() via copy_from_user(), which now requires an explicit offs...
CVE-2024-26897
CVE-2024-26897 — Linux kernel (ath9k/ath9k_htc): A race in the ath9k_wmi_event_tasklet can occur due to init-order data-structure initialization exposed to USB before driver init completes. This may cause NULL-pointer dereferences under certain WMI commands. A partial fix existed (aborting WMI_TX...
CVE-2024-38556
CVE-2024-38556 affects the Linux kernel net/mlx5 code. The vulnerability arises from how the command queue semaphore timeout handling can allow an entry to be processed before an index is allocated, risking an out-of-bounds access at idx = -22 if the completion path proceeds without proper synchr...
CVE-2022-48705
CVE-2022-48705 concerns the Linux kernel WiFi driver mt76 mt7921e. When a device driver fails during a chip reset, the reset sequence may loop, leaving tx_napi disabled/waiting for a state change and potentially causing a system crash. The fix changes the reset flow to avoid waiting on napi state...
CVE-2022-48752
CVE-2022-48752 affects the Linux kernel on PowerPC power_pmu_disable handling. The fix (commit 2c9ac51b850d) calls clear_pmi_irq_pending only if PMI is pending to avoid clearing PMI when an overflown PMC is detected, addressing a PMI/PMC race in power_pmu_disable triggered under CONFIG_PPC_IRQ_SO...
CVE-2022-48806
The CVE-2022-48806 issue is confirmed in the Linux kernel under ee1004 EEPROM reads. The root cause was that ee1004_eeprom_read() could read more than the i2c block data limit because i2c_smbus_read_i2c_block_data_or_emulated() uses an unsigned 8-bit length; if the requested read spanned a 256-by...
CVE-2022-49400
CVE-2022-49400 concerns a Linux kernel RAID subsystem issue where in reshape the code path freed the mddev and set mddev->private to NULL, causing NULL dereference when a new raid tried to reuse mddev. The fix is to remove the code path that sets mddev->private to NULL in raid0_free, preven...
CVE-2022-48787
The CVE-2022-48787 vulnerability concerns iwlwifi use-after-free in the Linux kernel. When no firmware is present or parsing fails, device_release_driver()/remove()/iwl_drv_stop() may free the drv struct, but the code can still access it. The fix involves avoiding the access after the object is f...
CVE-2022-49384
CVE-2022-49384 is a Linux kernel vulnerability in the md (memory descriptor) subsystem where io_acct_set bioset could be freed twice. The fix relocates allocation/free of io_acct_set to the personality path and removes freeing in md_free and md_stop. Connected advisories (Astra Linux SUSE securit...
CVE-2022-49244
CVE-2022-49244 concerns the Linux kernel ASoC path for the mediatek mt8192-mt6359 driver. The issue arises from improper reference counting of the device_node returned by of_parse_phandle(): the code increments the refcount, but only calls of_node_put() on the success path, creating a refcount le...
CVE-2022-48778
CVE-2022-48778 concerns a Linux kernel issue in mtd: rawnand gpmi where a PM runtime reference could leak in the error path if gpmi_nfc_apply_timings() fails. The provided documents consistently describe the vulnerability and its resolution, noting that the PM runtime usage counter must be droppe...
CVE-2022-50118
CVE-2022-50118 describes a Linux kernel issue in the PowerPC perf PMU path. A new pmi_irq_pending check in hw_irq.h is used by power_pmu_disable to warn if PMI is pending when no counter overflows. The patch set removes the WARN_ON for PMI in this scenario and adds an optimization to clear pendin...
CVE-2022-48914
CVE-2022-48914 affects the Linux kernel’s xen_netfront/xennet_destroy_queues path. The vulnerability arises because xennet_destroy_queues() relies on netdev->real_num_tx_queues, which is cleared after unregister_netdev() due to net-sysfs changes, causing a NULL dereference when freeing queues ...
CVE-2022-48764
CVE-2022-48764 concerns the Linux kernel KVM x86 CPUID handling. The provided documents consistently describe a memory-leak issue where the kernel did not free the kvm_cpuid_entry2 array after successful post-KVM_RUN KVM_SET_CPUID{,2} calls, potentially leaving an unreferenced 2048-byte object (e...
CVE-2026-31419
Summary of CVE-2026-31419 : A use-after-free in the Linux kernel bonding driver is caused by a race in bond_xmit_broadcast() where the last slave determination can change during RCUs, leading to double-free of the original skb and a potential crash. The fix replaces the racy bond_is_last_slave() ...
CVE-2026-46092
CVE-2026-46092 relates to the Linux kernel's wifi rtw88 driver (8821CE) where pci_upstream_bridge() returns NULL for devices on a root bus, risking a crash during probe on certain PCI topologies. The fix is to explicitly check for the PCI upstream bridge before applying the workaround. A patch wa...
CVE-2022-50317
CVE-2022-50317 affects the Linux kernel, specifically the DRM bridge driver for Megachips (stdp2690 and stdp4028). The issue is a null-pointer dereference that occurs when removing the module because the two bridges are not probed concurrently, causing ge_b850v3_register() not to be called for in...
CVE-2026-31522
CVE-2026-31522 affects the Linux kernel HID magicmouse driver. The root cause is in magicmouse_report_fixup(), which allocated a new buffer via kmemdup and failed to free it, while the caller does not own the returned pointer. This memory leak can enable local resource exhaustion, with the CVSS i...