Lucene search
K
LinuxLinux Kernel5.9

115 matches found

CVE
CVE
added 2024/05/20 9:47 a.m.114 views

CVE-2024-35990

CVE-2024-35990 (Linux kernel) involves a locking fix for the xilinx_dpdma DMA channel to address not-held locks in chan->lock and chan->vchan.lock. The attached Astra Linux bulletin and initial entry describe a fix that prevents lockdep warnings by adding missing locks around xilinx_dpdma_c...

5.5CVSS6.8AI score0.00205EPSS
CVE
CVE
added 2024/08/21 6:10 a.m.113 views

CVE-2022-48879

CVE-2022-48879 concerns a Linux kernel vulnerability within the EFI/Runtime Services path. The issue arises when runtime services are not supported or disabled, causing the runtime services workqueue to never be allocated, which could lead to a NULL pointer dereference if the code attempts to des...

5.5CVSS6.5AI score0.0024EPSS
CVE
CVE
added 2024/04/03 2:55 p.m.111 views

CVE-2024-26727

CVE-2024-26727 (Linux kernel, btrfs subvolume creation) Concrete details are present in connected Astra/Linux advisory. The issue arises when creating a new subvolume under btrfs: after inserting the root item, a backref/read could access the subvolume before a preallocated anonymous device (anon...

5.5CVSS6.1AI score0.00228EPSS
CVE
CVE
added 2024/03/25 9:7 a.m.104 views

CVE-2021-47136

CVE-2021-47136 (Linux kernel) arises from not zero‑initializing the TC_SKB_EXT skb extension on allocation, causing use of uninitialized memory when the extension gained new fields. The UBSAN log shows invalid loads in openvswitch flow key extraction paths (ovs_flow_key_extract.cold, ovs_vport_re...

5.5CVSS6.4AI score0.00232EPSS
CVE
CVE
added 2025/06/18 11:0 a.m.101 views

CVE-2022-49966

The CVE-2022-49966 issue is in the Linux kernel DRM AMD PM subsystem, where the fini_microcode interface for the Sienna Cichlid platform was missing. The root cause is the missing ->fini_microcode hook, which could contribute to memory leaks. The vulnerability is described as locally exploitab...

5.5CVSS6.6AI score0.00197EPSS
CVE
CVE
added 2025/06/18 11:3 a.m.96 views

CVE-2022-50212

CVE-2022-50212 affects the Linux kernel netfilter nf_tables subsystem. The vulnerability arises when looking up chains by ID without ensuring the chain belongs to the same table; a chain from another table can be linked in, and removing the source table can leave a rule connected to the wrong cha...

7.8CVSS6.5AI score0.00188EPSS
CVE
CVE
added 2025/02/26 2:12 a.m.92 views

CVE-2022-49446

CVE-2022-49446 affects the Linux kernel’s NVDIMM path, describing deadlock risks in CXL/NVDIMM interactions. The advisory notes possible unsafe locking scenarios involving nd_region keys, nvdimm_bus->reconfig_mutex, system_transition_mutex, and cxl_root/acpi_scan_lock chains, triggered by hold...

5.5CVSS5.4AI score0.00191EPSS
CVE
CVE
added 2025/02/26 1:54 a.m.91 views

CVE-2021-47647

CVE-2021-47647 relates to the Linux kernel on Qualcomm IPQ8074 PCIe clock driver. The root cause is a missing clock parent setup in pcie0_rchng_clk_src: there were two declared parents but only one was actually provided via parent_hws, and the fix introduces the use of clk_parent_data to supply t...

5.5CVSS5.2AI score0.00238EPSS
CVE
CVE
added 2025/02/26 1:54 a.m.90 views

CVE-2021-47643

CVE-2021-47643 is a Linux kernel issue in the media/ ir_toy area; it fixes a leak in the error path by freeing a resource before exiting on error. Affected component is the kernel’s ir_toy driver code, where an error exit path could leak memory. The vulnerability is local in scope with a CVSS v3....

5.5CVSS5.4AI score0.00231EPSS
CVE
CVE
added 2025/02/26 2:13 a.m.90 views

CVE-2022-49473

The CVE-2022-49473 entry concerns the Linux kernel ASoC: ti: j721e-evm area. The issue is described as a refcount leak in j721e_soc_probe_* where of_parse_phandle() returns a node pointer with an incremented refcount; the fix adds a missing of_node_put() to release it when no longer needed. Conne...

5.5CVSS5.3AI score0.00245EPSS
CVE
CVE
added 2024/07/16 11:44 a.m.87 views

CVE-2022-48814

CVE-2022-48814 affects the Linux kernel DSA seville driver (VSC9959) where mdiobus was allocated/registered with devres. The root cause is a devres interaction causing mdiobus to be freed without prior unregistration, leading to mdiobus_free() panics when invoked from devm_mdiobus_free(). The pro...

5.5CVSS6.7AI score0.00268EPSS
CVE
CVE
added 2025/02/26 2:23 a.m.87 views

CVE-2022-49591

CVE-2022-49591 relates to the Linux kernel, specifically the DSA Microchip ksz_common path. The root cause is a refcount leak in ksz_switch_register(): the reference returned by of_get_child_by_name() is not released. The fix is to call of_node_put() on that reference (which has increased the ref...

5.5CVSS5.4AI score0.00243EPSS
CVE
CVE
added 2025/06/18 9:33 a.m.87 views

CVE-2025-38059

The CVE-2025-38059 entry documents a Linux kernel data integrity issue in btrfs: when using rescue=idatacsums, scrub can trigger a NULL pointer dereference due to not loading the csum tree. Concrete root cause: scrub path may call btrfs_search_slot() on a NULL pointer because the NO_DATA_CSUMS fl...

5.5CVSS6AI score0.00155EPSS
CVE
CVE
added 2024/05/21 3:4 p.m.86 views

CVE-2021-47422

CVE-2021-47422 affects the Linux kernel’s drm/nouveau/kms/nv50- component. The issue is a memory leak where an op allocated by single_open() is not freed if single_release() is not called. The vulnerability is described as a local-privilege context with a potential availability impact, with CVSS ...

5.5CVSS6.8AI score0.00222EPSS
CVE
CVE
added 2024/07/16 11:44 a.m.86 views

CVE-2022-48818

The CVE-2022-48818 entry refers to a Linux kernel issue in the MDIO/MV88E6xxx DSA path where devres usage around mdiobus led to a kernel OOPS during shutdown. The root cause is interaction between devm_mdiobus_free() and devres_release_all() if the MDIO bus is unregistered late due to a shutdown‑...

5.5CVSS6.5AI score0.00273EPSS
CVE
CVE
added 2024/05/24 3:9 p.m.84 views

CVE-2021-47535

CVE-2021-47535 concerns the Linux kernel DRM MSM A6XX driver. The issue arises in a6xx_get_gmu_registers() where three sets of GMU registers are read but the allocation for the array wasn’t updated, triggering a KASAN slab-out-of-bounds write (Write of size 8) in _a6xx_get_gmu_registers. Public n...

6.2CVSS6.5AI score0.00234EPSS
CVE
CVE
added 2025/07/25 12:53 p.m.84 views

CVE-2025-38399

CVE-2025-38399 affects the Linux kernel’s SCSI target subsystem, specifically the function core_scsi3_decode_spec_i_port() in target_core_mod. In the error path, it unconditionally calls core_scsi3_lunacl_undepend_item() with dest_se_deve, which may be NULL, risking a NULL pointer dereference and...

5.5CVSS6.3AI score0.00156EPSS
CVE
CVE
added 2025/02/26 2:13 a.m.82 views

CVE-2022-49477

CVE-2022-49477 affects the Linux kernel’s ASoC Samsung code for aries_audio_probe. The vulnerability arises from a refcount leak: of_parse_phandle() returns a node pointer with an incremented refcount, and of_node_put() must be called on it when done. If extcon_find_edev_by_node() fails, of_node_...

5.5CVSS5.3AI score0.00245EPSS
CVE
CVE
added 2025/02/26 2:13 a.m.82 views

CVE-2022-49509

CVE-2022-49509 : In the Linux kernel, the vulnerability arises when removing the max9286 I2C driver, causing a kernel oops due to the I2C client data potentially pointing to a freed v4l2_subdev instead of max9286_priv. The fix updates max9286_remove/max9286_probe/max9286_init so that the driver n...

7.1CVSS6.3AI score0.00276EPSS
CVE
CVE
added 2024/04/28 1:1 p.m.81 views

CVE-2022-48660

CVE-2022-48660 is a Linux kernel vulnerability affecting gpiolib: cdev on certain platforms (ex: nxp-ls1028). The issue occurred when the IRQ for lineevent_state was set before the IRQ was successfully registered, leading to a warning trace from free_irq() during gpio tests and a resource release...

5.5CVSS6.4AI score0.00236EPSS
CVE
CVE
added 2025/02/26 1:54 a.m.81 views

CVE-2022-49050

CVE-2022-49050 maps to a Linux kernel issue in memory: renesas-rpc-if where a flash platform-device leak could occur in the error path if registration fails during probe. The fixed code ensures the flash platform device is freed on probe error. The vulnerability is local in scope with a medium ba...

5.5CVSS5.4AI score0.00252EPSS
CVE
CVE
added 2025/07/03 8:36 a.m.81 views

CVE-2025-38160

CVE-2025-38160 affects the Linux kernel due to a NULL pointer dereference in the Raspberry Pi clock registration path. Specifically, raspberrypi_clk_register() does not handle a NULL return from devm_kasprintf(), which can occur if memory allocation fails. A fix has added a NULL check after devm_...

5.5CVSS7.1AI score0.00147EPSS
CVE
CVE
added 2025/02/26 1:56 a.m.80 views

CVE-2022-49278

CVE-2022-49278: Linux kernel remoteproc vulnerability in rproc_coredump_write() where a count underflow was possible. The fix adds a count check for zero, mirroring the validation in rproc_recovery_write(), to prevent underflow. This is resolved in the kernel codebase; patch references are in the...

7.1CVSS5.3AI score0.00252EPSS
CVE
CVE
added 2025/07/03 8:35 a.m.80 views

CVE-2025-38148

CVE-2025-38148 affects the Linux kernel network driver path: net: phy: mscc. The issue is a memory leak when using one-step timestamping, where frames (skb) were not freed because the hardware may not generate an interrupt to signal timestamping. The described fix frees the frame in the one-step ...

5.5CVSS7AI score0.00145EPSS
CVE
CVE
added 2024/03/04 6:10 p.m.79 views

CVE-2021-47093

CVE-2021-47093: SUSE advisories SIG- Linux kernel (SUSE SLES/openSUSE) notes a memleak in intel_pmc_core during module init when platform device registration fails. The fix frees the platform device with platform_device_put() to release resources (e.g., device name). Connected documents confirm t...

5.5CVSS6.3AI score0.00259EPSS
CVE
CVE
added 2024/07/16 11:44 a.m.79 views

CVE-2022-48812

CVE-2022-48812 concerns the Linux kernel: the net: dsa: lantiq_gswip code should not use devres for mdiobus allocation/registration. The root cause is that mdiobus_free() can panic when invoked via devm_mdiobus_free() because devres_release_all() may free a bus that is still registered, especiall...

5.5CVSS6.7AI score0.00268EPSS
CVE
CVE
added 2025/06/18 11:0 a.m.79 views

CVE-2022-49946

CVE-2022-49946 affects the Linux kernel component handling Raspberry Pi clocks (clk: bcm: rpi). The vulnerability arises in raspberrypi_discover_clocks() where the loop relies on the last clock element’s id being zero, a property not guaranteed by Videocore firmware, which could lead to an out-of...

7.1CVSS6.5AI score0.00191EPSS
CVE
CVE
added 2024/06/20 11:13 a.m.78 views

CVE-2022-48770

CVE-2022-48770 affects the Linux kernel vulnerability in the BPF stack trace code: bpf_get_task_stack() could dereference NULL pt_regs because task_pt_regs() may return NULL for kernel threads on powerpc. The patch adds a NULL check on the return value of task_pt_regs() before inspecting the call...

5.5CVSS6.3AI score0.00216EPSS
CVE
CVE
added 2024/07/16 11:44 a.m.77 views

CVE-2022-48813

CVE-2022-48813 concerns the Linux kernel’s DSA Felix support. The advisory notes that using devres for the MDIO bus caused mdiobus_free() to panic when freed via devm_mdiobus_free(), unless the bus was unregistered first. For the Felix VSC9959 switch (PCI device), the recommended remediation is t...

5.5CVSS6.7AI score0.00273EPSS
CVE
CVE
added 2024/07/16 11:43 a.m.76 views

CVE-2022-48797

CVE-2022-48797: Linux kernel vulnerability where NUMA balancing could affect COW page writability. Root cause: change_pte_range() tests page_mapcount(page) to enable NUMA faults, which is nonsensical; patch fixes to use page_count(). Oded Gabbay’s report linked a Gaudi accelerator workload; apply...

5.5CVSS6.8AI score0.00239EPSS
CVE
CVE
added 2025/02/26 1:55 a.m.76 views

CVE-2022-49210

The CVE-2022-49210 issue is a Linux-kernel memory-leak in the MIPS pgalloc path. The generic pgd_free() freed only one pgd page, but on 64‑bit systems with PAGE_SIZE_4KB and without MIPS_VA_BITS_48 the PGD_TABLE spans two pages; this mismatch leaks memory. MemFree behavior can reveal the leak. Ro...

5.5CVSS5.4AI score0.00245EPSS
CVE
CVE
added 2024/07/16 11:44 a.m.73 views

CVE-2022-48815

CVE-2022-48815 affects the Linux kernel bcm_sf2 DSA/MDIO path. The root cause is unsafe interaction between devres-managed mdiobus allocation/registration and manual mdiobus unregistering, where mdiobus_free() may panic if devm_mdiobus_free() triggers devres_release_all() before the bus is unregi...

5.5CVSS6.7AI score0.00268EPSS
CVE
CVE
added 2025/02/26 1:55 a.m.71 views

CVE-2022-49211

CVE-2022-49211 concerns a Linux kernel issue in the MIPS CDMM code path where of_find_compatible_node() returns a node pointer with an incremented refcount and the code omits of_node_put() to release it. The fixed description states: add the missing of_node_put() to release the refcount. Affected...

5.5CVSS6.4AI score0.00245EPSS
CVE
CVE
added 2024/05/21 2:35 p.m.70 views

CVE-2021-47299

CVE-2021-47299 affects the Linux kernel XDP/BPF path: use-after-free in bpf_xdp_link_release between dev_get_by_index() and dev_xdp_attach_link(). Affected in-kernel code; patches are referenced (ca9ba1de8f09976b45ccc8e655c51c6201992139, a7537dc73e69ad9c0b67ad24ad3ebee954ed0af6, 5acc7d3e8d3428584...

5.5CVSS6.6AI score0.00226EPSS
CVE
CVE
added 2025/02/26 2:23 a.m.68 views

CVE-2022-49654

CVE-2022-49654 pertains to the Linux kernel, specifically the net: dsa: qca8k component. The issue occurs when MAX_FRAME_SIZE (MTU) is changed while the CPU port is enabled, causing the switch to panic and stop sending packets, which can render the device unreachable; a switch reset may be requir...

5.5CVSS5.4AI score0.00243EPSS
CVE
CVE
added 2024/08/22 1:32 a.m.67 views

CVE-2022-48922

CVE-2022-48922 (Linux kernel, riscv) : Root cause is a NULL pointer dereference when irqsoff latency tracer is enabled because trace_hardirqs_on/off rely on the frame pointer (CALLER_ADDR1). If the frame pointer is repurposed, memory access faults can occur during boot. The issue was mitigated by...

5.5CVSS6.5AI score0.00207EPSS
CVE
CVE
added 2025/05/01 2:9 p.m.62 views

CVE-2020-36790

The CVE-2020-36790 entry refers to a Linux kernel issue where a memory leak in nvmet was fixed: specifically, the code failed to free the new_model_number. The connected documents consistently identify this as a resolved kernel vulnerability (nvmet: fix a memory leak) with no additional exploit d...

5.5CVSS6.5AI score0.0014EPSS
CVE
CVE
added 2025/09/15 2:21 p.m.54 views

CVE-2022-50266

The CVE-2022-50266 issue is in the Linux kernel kprobes path: kill_kprobe() incorrectly disarms a probe because KPROBE_FLAG_GONE is set before checking the probe’s enabled state, causing !kprobe_disabled(p) to evaluate to false and bypass necessary disarm handling. The fix adds the enabled-check ...

5.5CVSS6AI score0.00143EPSS
CVE
CVE
added 2025/08/16 9:34 a.m.53 views

CVE-2025-38502

Technical details beyond the initial description are not provided in the connected documents; no explicit product/version, impact specifics, or remediation are present here. Monitor for updates.

7.1CVSS6.4AI score0.00146EPSS
CVE
CVE
added 2025/08/19 5:3 p.m.49 views

CVE-2025-38590

CVE-2025-38590 is a Linux kernel vulnerability in the Mellanox mlx5e path. The issue occurs when a hardware decrypted packet’s xfrm state is not found in an xarray, leaving the skb secpath (sp) extension intact. Downstream code may dereference an invalid secpath, causing a crash in __xfrm_policy_...

5.5CVSS6.7AI score0.00146EPSS
CVE
CVE
added 2025/08/16 11:34 a.m.47 views

CVE-2025-38548

CVE-2025-38548 affects the Linux kernel hwmon driver for Corsair Corsair-CPro. The root cause is improper validation of the input buffer size received by the USB command path, allowing potential mismatches between the reported and actual buffer lengths. The fix, as documented in the connected Ast...

7.8CVSS6.5AI score0.00153EPSS
CVE
CVE
added 2026/06/08 2:30 p.m.41 views

CVE-2026-46274

CVE-2026-46274 (Linux kernel, io_wq) has concrete details: a bug in io_wq_remove_pending() allowed a non-hashed predecessor to be treated as hashed, causing a stale pointer in wq->hash_tail[] to persist and be dereferenced by future hashed bucket-0 enqueues. The root cause is that io_get_work_...

7.8CVSS5.4AI score0.00138EPSS
CVE
CVE
added 2025/09/16 1:8 p.m.40 views

CVE-2025-39835

In CVE-2025-39835, the Linux kernel XFS xattr code could leak ENODATA (ENOATTR) disk errors as a misleading “attribute not found,” potentially leading to an oops in xfs_attr_leaf_get() when a disk error returns ENODATA/ENOATTR with bp being NULL. The fix modifies lower IO error handling so disk e...

7.8CVSS6.2AI score0.00157EPSS
CVE
CVE
added 2025/09/05 5:20 p.m.38 views

CVE-2025-38732

CVE-2025-38732 refers to a Linux kernel vulnerability in netfilter nf_reject where loopback packets could cause a dst refcount leak. The issue arises from a patch that added a WARN during skb dst entry replacement but forgot that loopback packets already have a dst_entry attached (even at PRE_ROU...

5.5CVSS5.8AI score0.0016EPSS
CVE
CVE
added 2026/02/18 2:21 p.m.38 views

CVE-2026-23213

CVE-2026-23213 affects the Linux kernel’s DRM/AMD/PM path. During an SMU Mode 1 reset, the ASIC goes through a reset cycle and becomes temporarily inaccessible via PCIe, risking uncompleted PCIe transactions that can trigger NMI panics or system hangs. The fix disables MMIO access during the offl...

5.5CVSS5.2AI score0.00113EPSS
CVE
CVE
added 2025/09/11 4:56 p.m.33 views

CVE-2025-39788

CVE-2025-39788 affects the Linux kernel SCSI/ufs Exynos driver (gs101). The issue is in the USB/UFS host path where the left shift to set UTRL_NEXUS_TYPE is performed on an int, causing an out-of-bounds shift and writing an incorrect value (0xffffffff on gs101). The fix switches to the BIT() macr...

7.8CVSS6AI score0.00155EPSS
CVE
CVE
added 2025/09/18 1:33 p.m.32 views

CVE-2023-53401

CVE-2023-53401 pertains to the Linux kernel memory.c mm subsystem. KCSAN detected a data race in obj_stock_flush_required() where stock->cached_objcg could be reset between a check and a dereference, potentially causing a NULL pointer dereference. The associated fix implemented in the kernel i...

4.7CVSS6.1AI score0.00126EPSS
CVE
CVE
added 2026/05/27 12:56 p.m.32 views

CVE-2026-46032

Summary: CVE-2026-46032 relates to Linux kernel KVM nSVM, where a failed restore of L1 host CR3 during a nested VMEXIT could leave L1 with corrupted state and trigger a triple fault instead of a clean recovery. The fix removes the nested_svm_vmexit return value and ensures proper cleanup, resulti...

5.5CVSS6AI score0.00116EPSS
CVE
CVE
added 2025/10/15 7:55 a.m.25 views

CVE-2025-39967

CVE-2025-39967 affects the Linux kernel, specifically a vulnerability in fbcon_do_set_font where integer overflow in font size calculations could occur when processing user-controlled parameters. The issue stems from unsafe size calculations in CALC_FONTSZ(h, pitch, charcount) and related allocat...

7.8CVSS6.7AI score0.00156EPSS
CVE
CVE
added 2025/09/15 2:2 p.m.23 views

CVE-2022-50260

CVE-2022-50260 concerns the Linux kernel DRM MSM driver where .remove and .shutdown callbacks run via different code paths, creating a risk of calling drm_atomic_helper_shutdown() on an uninitialized DRM device. The initial description explains this mismatch can trigger kernel panics, especially ...

5.5CVSS6AI score0.00143EPSS
Total number of security vulnerabilities115