115 matches found
CVE-2022-50337
The CVE-2022-50337 issue affects the Linux kernel OCXL path: get_function_0() calls pci_get_domain_bus_and_slot(), which returns a PCI device with an incremented refcount. If pci_dev_put() is not called, a refcount leak can occur. The fixes add device reference handling and ensure calls to pci_de...
CVE-2026-43153
CVE-2026-43153 affects the Linux kernel’s XFS attribute handling: the function xfs_attr_leaf_hasname has an problematic calling convention that can mishandle buffers. The fix is to open-code xfs_attr_leaf_hasname in callers so each caller of xfs_attr3_leaf_read manages buffer release. The issue i...
CVE-2023-53492
The CVE-2023-53492 entry describes a Linux kernel nf_tables issue: when adding a rule that refers to a chain by ID, Genmask was ignored if the chain had been deleted in the same batch, causing the rule to reference a deleted chain and trigger a warning. The root cause is nf_tables_lookup_byid ign...
CVE-2023-53610
The CVE-2023-53610 issue affects the Linux kernel and is tied to irqchip/refcount handling in platform_irqchip_probe. Specifically, of_irq_find_parent() returns a node pointer with an incremented refcount, and the advisory notes that of_node_put() must be invoked when the node is no longer needed...
CVE-2025-40005
The CVE-2025-40005 entry concerns the Linux kernel’s cadence-quadspi driver. Technical detail from connected documents shows that the vulnerability arises when the indirect read/write path and force device removal (unbind) could crash the kernel during operation. The fix implements a refcount to ...
CVE-2026-31454
Summary: CVE-2026-31454 affects the Linux kernel's XFS code. In xfs_inode_item_push() and xfs_qm_dquot_logitem_push(), the AIL lock is dropped to perform buffer IO, which can allow a log item to be freed during reclaim. A subsequent spin_lock() may dereference lip->li_ailp, causing a use-after...
CVE-2026-31455
CVE-2026-31455 pertains to the Linux kernel, specific to the XFS unmount path. During unmount, in xfs_unmount_flush_inodes(), the AIL is pushed while background reclaim and inodegc may still be running, which can lead to inodes being dirtied or re-queued into the AIL. The provided fix reorders th...
CVE-2026-31617
CVE-2026-31617 in the Linux kernel Usb Gadget CDC-NCM path (f_ncm) allowed a host to supply a too-small NTB block_len, triggering an underflow in block_len - ndp_size/dpe_size checks and enabling memory exposure during skb_copy. The fix clamps block_len to only those values that can hold the NTB ...
CVE-2023-53462
CVE-2023-53462 affects the Linux kernel with the HSR driver. The issue was an uninitialized value access in fill_frame_info() that could occur during VLAN handling. The provided fix states that VLAN (ETH_P_8021Q) is not yet supported by the hsr driver and instructs returning an error from fill_fr...
CVE-2023-53600
CVE-2023-53600 relates to the Linux kernel, where a KASAN slab-out-of-bounds condition could occur when the kernel emits an ICMP error in response to a nonlinear skb in tunnels (e.g., VXLAN PMTU path). The root cause is that ip_compute_csum() cannot handle nonlinear skbs, leading to a read of siz...
CVE-2026-53216
The CVE-2026-53216 issue affects the Linux kernel mvpp2 XDP path. Short pool buffers can be smaller than PAGE_SIZE, yet XDP initially sets every xdp_buff frame size to PAGE_SIZE. The XDP helpers then use frame_sz to validate tail growth, which, with an oversized frame, can allow bpf_xdp_adjust_ta...
CVE-2026-31453
The CVE-2026-31453 issue affects the Linux kernel XFS path. The root cause is use-after-free-like behavior: after xfsaild_push_item() calls iop_push(), the log item could be freed if the AIL lock is dropped, allowing a freed log item to be dereferenced by tracepoints in the switch that follow. Th...
CVE-2026-43143
In the Linux kernel, CVE-2026-43143 fixes a concurrency issue in the multi-function device (mfd) core: access/modification of the mfd_of_node_list was not mutex-protected, risking unsafe list manipulation and potential crashes. The fix adds a mutex to guard this list, reducing crash likelihood. P...
CVE-2022-50459
CVE-2022-50459 affects the Linux kernel’s iSCSI TCP path (scsi: iscsi: iscsi_tcp) where a NULL pointer dereference can occur if a socket is freed while accessed via sysfs. Details describe the sequence: sock_hold() on struct sock, then sockfd_put() frees the socket, __sock_release() clears sock-&...
CVE-2026-31590
The CVE-2026-31590 issue affects the Linux kernel KVM SEV path: sev_pin_memory() would WARN when npages overflowed an int due to KVM_MEMORY_ENCRYPT_REG_REGION with a large size, enabling a local user to trigger a harmless warning via userspace input (e.g., addr=0, size=-1ul). The root cause is th...