15 matches found
CVE-2024-53106
CVE-2024-53106 concerns the Linux kernel ima subsystem: a buffer overrun in ima_eventdigest_init_common triggered by HASH_ALGO__LAST indexing hash_digest_size[]. Root cause is inadequate handling of HASH_ALGO__LAST; a conditional prevents the overread. A fix is included in kernel updates (commit ...
CVE-2025-38003
CVE-2025-38003 affects the Linux kernel: the bcm subsystem generates procfs content for bcm_op objects, and removal without proper rcu protection could expose use-after-free data. The patch adds missing rcu_read_lock() and ensures list entries are removed under RCU, addressing UAF in procfs outpu...
CVE-2022-50035
CVE-2022-50035 affects the Linux kernel DRM AMDGPU path. The issue is a use-after-free in amdgpu_bo_list mutex handling caused by double-unlocking of bo_list_mutex when amdgpu_cs_vm_handling returns non-zero, which can lead to a refcount underflow (as shown in the trace). The vulnerability is dem...
CVE-2022-48652
In CVE-2022-48652, the Linux kernel ICE driver fixes a crash when TC/channels are updated beyond allocated queues. The issue occurred when less queues were configured than TCs and later more TCs were added (e.g., via LLDP), leaving dirty num_txq/rxq and tc_cfg in the VSI and risking invalid point...
CVE-2022-50041
CVE-2022-50041 (Linux kernel, ice driver) : The issue arises from a WARN_ON() checking for a null VSI in ice_reset_vf during VF reset, which can trigger a call trace under stress (VF attach/detach with spoofcheck/trust changes). The connected advisories and Nessus/NVL references confirm the fix: ...
CVE-2025-38393
CVE-2025-38393 affects the Linux kernel (NFSv4/pNFS) where a race to wake on NFS_LAYOUT_DRAIN could occur. The issue occurs when multiple tasks wait for a page lock during writeback and a waiter/waker race with pnfs_update_layout() occurs while pnfs_layout_hdr’s plh_outstanding count is zero. The...
CVE-2023-53088
CVE-2023-53088 affects the Linux kernel’s mptcp subsystem, specifically a use-after-free (UaF) in the listener shutdown path caused by a refactor of passive socket initialization. The issue could manifest during shutdown of msk (multipath TCP) listener sockets, with a stack trace involving _raw_s...
CVE-2025-38520
In CVE-2025-38520, the Linux kernel’s DRM/AMDKFD path could deadlock during MMU notifier callbacks when a process exits, potentially leaking VRAM. The root cause was calling mmput from the MMU notifier callback, risking release of the mm struct and exit_mmap/free_pgtable. The fix takes a non-zero...
CVE-2022-50302
CVE-2022-50302: Linux kernel vulnerability where lockd/vfs_lock_file() assumes a fully initialised struct file_lock; if fl_file is NULL (notably with re-exported NFSv3), the caller may Oops. Affected: Linux kernel (details describe the unlocking path in lockd and vfs_lock_file). Impact per source...
CVE-2025-71189
Technical details for CVE-2025-71189 are not provided in the connected documents; the available sources only reference the vulnerability and fix at a high level. Monitor for updates.
CVE-2025-71138
CVE-2025-71138 pertains to the Linux kernel DRM MSM DPU, where a missing NULL pointer check for the pingpong interface was fixed. The vulnerability is addressed by upstream patch 693860, with the issue occurring in dpu_encoder_phys_wb_setup_ctl() and related code paths. Affected environments refe...
CVE-2022-50257
The CVE-2022-50257 issue is in the Linux kernel Xen grant handling (xen/gntdev) where partial grant mapping failures could leak grants. In paravirtualized domains (use_ptemod = true), alloced was not updated for all successful map_ops or kmap_ops, risking incorrect live_grants and leaks. The fix ...
CVE-2026-43239
The CVE-2026-43239 issue concerns the Linux kernel SMB client where two concurrent operations could race while updating network interfaces via query_interfaces(), risking an inconsistent state. The root cause is improper synchronization of iface_last_update under iface_lock. Public advisories con...
CVE-2022-50517
CVE-2022-50517 relates to the Linux kernel THP handling in mm/huge_memory, where a swap page entry (swp_entry_t) could be clobbered during THP split if the head page wasn’t swapped, a bug identified and fixed by the commit b653db77350c. Affected behavior was observed under stress-ng mmap workload...
CVE-2026-23327
The CVE-2026-23327 issue is a Linux kernel vulnerability in the CXL mailbox driver (cxl/mbox). The root cause is that cxl_payload_from_user_allowed() casts and dereferences the user payload without validating its size, allowing an undersized mailbox command to trigger a read past the allocated bu...