17 matches found
CVE-2022-28388
CVE-2022-28388 affects the Linux kernel driver usb_8dev_start_xmit (drivers/net/can/usb/usb_8dev.c). The vulnerability is a double free in the function usb_8dev_start_xmit, present up to kernel versions including 5.17.1. Documents reference a commit addressing the issue and mention downstream adv...
CVE-2022-28390
CVE-2022-28390 is a Linux kernel vulnerability: a double-free in ems_usb_start_xmit() implemented in drivers/net/can/usb/ems_usb.c, affecting kernels up to 5.17.1. Connected advisories (Astra Linux, ALMAS/AL2, Debian DSA) reference this CVE and include it among kernel fixes; they indicate patchin...
CVE-2022-28389
CVE-2022-28389 : In the Linux kernel up to version 5.17.1, mcba_usb_start_xmit implemented in drivers/net/can/usb/mcba_usb.c has a double free vulnerability. The issue is documented in multiple advisories linked to this CVE, including Astra Linux and Amazon Linux 2 ALAS advisories, which explicit...
CVE-2022-49565
CVE-2022-49565 concerns the Linux kernel, specifically perf/x86/intel/lbr, where unchecked MSR writes (WRMSR to 0x689) can occur due to an absent TSX quirk application when accessing LBR data. The issue manifests on systems with LBR_FORMAT_EIP_FLAGS2 and, if TSX is disabled, requires a quirk to a...
CVE-2022-49272
CVE-2022-49272 affects the Linux kernel in ALSA: pcm code. The root cause is a potential AB/BA deadlock between PCM runtime→buffer_mutex and mm→mmap_lock triggered by concurrent access via ALSA and OSS during read/write and mmap/path IOCTLs. The fix replaces the buffer_mutex protection in read/wr...
CVE-2025-21832
Summary: CVE-2025-21832 concerns a Linux kernel block layer issue where blkdev_read_iter() could incorrectly revert an iterator for certain I/O results. The underlying problem was gating position/count adjustments on a comparison that treated negative results as zero or positive, and not validati...
CVE-2024-46830
CVE-2024-46830 affects the Linux kernel KVM for x86. The vulnerability arises when acquiring kvm->srcu while handling KVM_SET_VCPU_EVENTS, because KVM will forcibly leave nested VMX/SVM during SMM toggling and leaving nested VMX can read guest memory. The described fix: grab SRCU unconditional...
CVE-2024-41047
CVE-2024-41047 affects the Linux kernel i40e driver handling of XDP programs during driver removal. The root cause was a PF state flag (__I40E_IN_REMOVE) intended to block XDP program changes, which proved insufficient when .ndo_bpf() was invoked outside rmmod context, risking a kernel warning wh...
CVE-2023-53064
Summary (CVE-2023-53064) : In the Linux kernel, the iavf driver could hang during reboot when E810 VF devices were present and ice is used. Root cause: iavf_remove() may be invoked while the adapter state is already __IAVF_REMOVE, causing the reboot/shutdown path to sleep indefinitely. The fix re...
CVE-2024-36009
CVE-2024-36009: Linux kernel ax25 netdev refcount issue in ax25_bind() caused by mismatch of dev_tracker ownership between ax25_dev and ax25_cb. The mitigation updates the ax25_dev->dev_tracker to the dev_tracker of ax25_cb to ensure proper lifecycle management during detach, preventing a refe...
CVE-2022-49456
CVE-2022-49456 affects the Linux kernel bonding path. The root cause was removal of the rcu_read_lock in bond_ethtool_get_ts_info(), which could be invoked via setsockopt (not holding the RCU lock), enabling a local-privilege/ information-exposure risk as demonstrated by the syzbot trace. The fix...
CVE-2022-50107
CVE-2022-50107 concerns a Linux kernel vulnerability in the CIFS/fscache path where, if the index == next_cached case is hit, a refcount on the struct page could leak. The fix implemented is to switch to readahead_folio(), which manages the refcount automatically. Affected component: Linux kernel...
CVE-2022-50163
CVE-2022-50163 concerns a Linux kernel fix for ax25: fix incorrect dev_tracker usage. The root cause was that an ax25_dev could be used by one or more ax25_cb structures, requiring separate dev_tracker per ax25_cb. The patch introduces per-structure tracking to prevent reference tracker mismanage...
CVE-2026-31505
The CVE-2026-31505 issue affects the Linux kernel iavf driver: out-of-bounds writes occur because iavf_get_ethtool_stats() uses real_num_tx_queues for ETH_SS_STATS while other paths use num_tx_queues, enabling memory corruption when ethtool -L and ethtool -S run concurrently. The fix is to use im...
CVE-2022-49976
CVE-2022-49976 relates to Linux kernel code for x86 Android tablet handling, specifically the Chuwi Hi8 touchscreen issue. The vulnerability stems from the x86_android_tablets path calling x86_acpi_irq_helper_get() which may invoke acpi_unregister_gsi(), leading to touchscreen malfunctions and ke...
CVE-2026-23005
CVE-2026-23005 is a Linux kernel issue where XSTATE_BV bits for features disabled by XFD can be out of sync with XFD during guest XSAVE/XRSTOR handling. The fix clears XSTATE_BV[i] when XFD[i]=1 during KVM_SET_XSAVE loading of guest state and related WRMSR updates, preventing XRSTOR from #NM and ...
CVE-2023-53593
CVE-2023-53593 – Linux kernel (CIFS): The issue arises in the CIFS readpath when fscache cache hits occur, leaking a folio lock. The fix releases the folio lock after read completion in cifs_readpage_worker. The problem occurred because the callee was expected to unlock the folio, but in certain ...