53 matches found
CVE-2024-26584
CVE-2024-26584 is a Linux kernel TLS backlogging vulnerability where setting CRYPTO_TFM_REQ_MAY_BACKLOG on crypto_api requests can cause crypto_aead_encrypt/decrypt to return -EBUSY in valid cases. If the cryptd AES-NI queue is full, requests are enqueued to backlog and may be processed, triggeri...
CVE-2023-52456
CVE-2023-52456 affects the Linux kernel, specifically the imx serial driver used for RS-485 when the TX state machine can deadlock if the TTY is closed mid-transmission. In that scenario, imx_uart_shutdown disables the interface and the Transmission Complete interrupt, causing imx_uart_stop_tx to...
CVE-2024-26592
CVE-2024-26592 is a Linux kernel vulnerability in ksmbd where a race between handling a new TCP connection and its disconnection can cause a use-after-free on ksmbd_tcp_new_connection()’s tcp_transport. The issue is fixed in the kernel code path that manages new connections for ksmbd, eliminating...
CVE-2023-52436
CVE-2023-52436 affects the Linux kernel in the f2fs file system. The issue arises when setting an extended attribute (xattr) because the xattr list was not guaranteed to be zeroed in unused space; the fix explicitly terminates the xattr list to avoid relying on zeroed unused space. The descriptio...
CVE-2023-52455
Mode C: CVE-2023-52455 relates to the Linux kernel IOMMU handling where a 0-length IOVA region in the iommu-addresses property could lead to IOVA rbtree corruption and display IOMMU mapping failures when framebuffer is absent. The documented fix adds a kernel check to skip IOVA reservation when t...
CVE-2024-26593
CVE-2024-26593: In the Linux kernel, i2c: i801: Fix block process call transactions. The issue was that the driver did not reset the block buffer index a second time before reading the incoming data, per Intel datasheets, causing reading the wrong portion of the block buffer. The advisory notes t...
CVE-2023-52464
CVE-2023-52464 affects the Linux kernel EDAC/thunderx driver. The issue is a potential out-of-bounds string access in thunderx_ocx_com_threaded_isr due to repeated use of strncat with an incorrect buffer size, which mimics a strlcat-like pattern but uses the wrong bound. The root cause is the mis...
CVE-2024-26597
CVE-2024-26597 affects the Linux kernel, specifically the Qualcomm RMNET netlink policy driver. The vulnerability arises from assigning a larger maxtype to rmnet_link_ops, causing a global out-of-bounds read when parsing netlink attributes. The bug is mapped to the rmnet_policy variable and is fi...
CVE-2024-26601
CVE-2024-26601 : Technical details are not publicly available in the provided connected documents. Initial description contains basic context but no affected products/versions, root cause, impact, or fix specifics. Monitor for updates from official advisories.
CVE-2023-52460
The CVE affects the Linux kernel’s DRM/AMD display path. The issue is a NULL pointer dereference in the AMD display driver during hibernate when the source context might not have a clk_mgr, leading to incorrect use of clk_mgr to query DML2 support. The vulnerability has been resolved by the patch...
CVE-2024-26603
CVE-2024-26603 – Linux kernel vulnerability in x86/fpu handling: prior to the fix, faulting XRSTOR could loop if fx_sw->xstate_size (user-controlled) was smaller than required by fx_sw->xfeatures and parts of the sigrame were unmapped. The patch stops relying on userspace for the initial xs...
CVE-2023-52469
CVE-2023-52469 : The Linux kernel vulnerability resides in drivers/amd/pm where a use-after-free occurs in kv_parse_power_table. When kzalloc returns NULL, kv_parse_power_table frees adev->pm.dpm.ps and the object is then (incorrectly) used in kv_dpm_fini, causing a use-after-free. This is doc...
CVE-2024-26600
CVE-2024-26600 details (Linux kernel): A NULL pointer dereference in the TI PHY/OMAP USB2 PHY driver could be triggered when an external phy does not implement send_srp(), causing a wakeup path to call a NULL function. The issue manifests during idle Ethernet gadget wakeups and leads to a kernel ...
CVE-2023-52470
CVE-2023-52470: Linux kernel vulnerability fixed in drm/radeon driver. The issue was a potential NULL pointer dereference in radeon_crtc_init() if the alloc_workqueue call failed. The published fix adds a check for the alloc_workqueue return value to avoid dereferencing a NULL pointer. Affected c...
CVE-2023-52467
CVE-2023-52467 : Linux kernel vulnerability in mfd: syscon addressing a NULL pointer dereference in of_syscon_register() and a potential NULL return from kasprintf(). Connected advisory evidence (e.g., RHSA-2024:9315) confirms the issue and its fix in kernel code. Impact is localized (LOCAL) with...
CVE-2024-26605
CVE-2024-26605 relates to a Linux kernel issue where a last‑minute revert in 6.7-final could deadlock when enabling ASPM during probe of Qualcomm PCIe controllers. The root cause is a potential recursive locking of pci_bus_sem between a read lock and a write/lock path, leading to a deadlock, evid...
CVE-2023-52458
CVE-2023-52458 affects the Linux kernel block subsystem where partition length must be aligned to the disk’s logical block size. The issue arises before adding or resizing partitions when length isn’t checked for LBS alignment; if LBS > 512 bytes, the partition size may not be a multiple of LB...
CVE-2023-52473
CVE-2023-52473 – Linux kernel (thermal/core): The vulnerability is a NULL pointer dereference in the thermal zone registration error path. Specifically, if device_register() in thermal_zone_device_register_with_trips() fails, code previously dereferenced a tz pointer. A NULL assignment to tz was ...
CVE-2024-26595
The CVE 2024-26595 affects the Linux kernel mlxsw spectrum ACL TCAM handling. Root cause: NULL pointer dereference in mlxsw_sp_acl_tcam_region_destroy() when region->group->tcam is accessed from an error path after a failed region attachment. Fix implemented: obtain the tcam pointer via mlx...
CVE-2023-52462
CVE-2023-52462 concerns the Linux kernel BPF spill-pointer bug. Technical details in connected docs indicate the vulnerability arises when a register is spilled onto the stack as 1/2/4-byte registers, leading to incorrect checking of spilled slots via slot_type and the need to consult slot_type[7...
CVE-2023-52471
CVE-2023-52471 affects the Linux kernel component ice, involving NULL pointer dereferences in ice_ptp.c and a NULL pointer return risk in devm_kasprintf(). The issue is addressed by a kernel fix (see stable kernel references); exploitation details are not provided in the documents. Remediation is...
CVE-2023-52459
CVE-2023-52459 concerns the Linux kernel, specifically the media: v4l: async path. The vulnerability is caused by a duplicated list deletion: a second list_del() is performed after the list item was already removed, which can lead to list_del corruption (LIST_POISON) when CONFIG_DEBUG_LIST is ena...
CVE-2023-52454
CVE-2023-52454 affects the Linux kernel nvmet-tcp component; a host data command H2CData with invalid DATAL could crash nvmet_tcp_build_pdu_iovec(), risking a kernel NULL pointer dereference. The fix raises a fatal error when DATAL is not coherent with the packet size and ensures PDU length never...
CVE-2024-26594
CVE-2024-26594 affects the Linux kernel ksmbd component, where invalid mech tokens in session setup are validated and result in an error. The vulnerability is described as a local issue with high impact on confidentiality/availability (per the CVSS data in the initial document). The connected Ast...
CVE-2023-52463
CVE-2023-52463 affects the Linux kernel efivarfs: when SetVariable support is missing at runtime, the code remounts efivarfs RO but fails to validate remount flags, allowing a NULL or improper access leading to a crash. The issue is demonstrated by remounting /sys/firmware/efi/efivars RW and issu...
CVE-2024-26604
CVE-2024-26604 concerns the Linux kernel. The issue arises from reverting the change that removed redundant NULL checks for ktype in kobject handling. The description and connected docs indicate this revert was done because of reported problems, and there is no publicly provided fix or patch deta...
CVE-2023-52472
CVE-2023-52472 : Linux kernel vulnerability in crypto: rsa where a NULL dereference could occur if mpi_alloc() allocation fails. The fix adds a check for allocation failure to satisfy static analyzers; current small allocations are unlikely to fail, but the patch is implemented to prevent NULL de...
CVE-2023-52468
The CVE-2023-52468 entry describes a Linux kernel use-after-free in class_register. The issue arises because lock_class_key remains registered in lock_keys_hash after subsys_private is freed in an error path, so a task iterating the hash later may trigger a use-after-free. The fix unregisters the...
CVE-2023-52465
CVE-2023-52465 concerns the Linux kernel where the power: supply component fixed a null pointer dereference in smb2_probe. The root cause involved devm_kasprintf and devm_kzalloc potentially returning NULL on allocation failure. The vulnerability is documented with a local attack vector and a hig...
CVE-2024-26599
CVE-2024-26599 affects the Linux kernel PWM OF layer: an out-of-bounds access in of_pwm_single_xlate() when args_count == 2, where args[2] is used although only args[0] and args[1] are defined; the flags are in args[1]. The bug is fixed in a kernel patch (commit referenced in sources). Impact is ...
CVE-2024-26606
CVE-2024-26606 affects the Linux kernel binder subsystem. In (e)poll mode, a binder thread that issues a BINDER_WRITE_READ without a read buffer may later rely on epoll_wait to process responses, but if the epoll/wakeup signaling is not triggered for the thread’s own enqueued work, the thread can...
CVE-2024-26589
CVE-2024-26589 pertains to a Linux kernel flaw in the BPF flow keys handling. For PTR_TO_FLOW_KEYS, check_flow_keys_access() used a fixed offset while the code allowed a variable offset ALU operation, enabling an out-of-bounds access when the program loaded flow_keys and added a variable offset. ...
CVE-2024-26602
CVE-2024-26602 affects the Linux kernel’s membarrier path. The fix targets the sys_membarrier interface by introducing a lock on the path to serialize accesses and prevent extremely high call frequency, which could otherwise cause global slowdowns. Affected component: sched/membarrier. Root cause...
CVE-2024-26586
CVE-2024-26586 (Linux kernel) : The issue is a stack corruption risk in mlxsw spectrum ACL TCAM handling when there are more than 16 ACLs in an ACL group. In Spectrum-2+ ASICs, firmware reports a larger ACL count than the PAGT register can hold, risking stack corruption during forwarding. The fix...
CVE-2024-26583
CVE-2024-26583 affects the Linux kernel TLS path. The issue is a race between async crypto notify completion and socket close, where the submitting thread could exit before the crypto handler finishes, risking touching data after it has been freed. The fix routes around this by reducing complex l...
CVE-2023-52439
CVE-2023-52439 is a Linux kernel UIO subsystem use-after-free vulnerability. The issue occurs in a race between core-1 (uio_unregister_device) and core-2 (uio_open) where device_unregister frees idev, then core-2 may still access idev, leading to use-after-free and potential double free of idev v...
CVE-2024-26582
CVE-2024-26582 (Linux kernel) : The vulnerability lies in the TLS path where tls_decrypt_sg does not take a reference on the pages from clear_skb. Consequently, the put_page() in tls_decrypt_done can free those pages, enabling a use-after-free when reading from a partially read skb in process_rx_...
CVE-2024-26585
CVE-2024-26585 — Linux kernel TLS race : The vulnerability arises from a race between scheduling crypto work and socket close in TLS handling. The submitter thread (recvmsg/sendmsg) may exit as soon as the async crypto handler calls complete; the fix reorders scheduling the work before complete()...
CVE-2024-26590
Summary (CVE-2024-26590) : In the Linux kernel, the EROFS filesystem’s per-file compression format handling could become inconsistent when a crafted image uses an algorithm type not listed in sbi->available_compr_algs. This could trigger a NULL pointer dereference if the corresponding decompre...
CVE-2024-26591
CVE-2024-26591: Linux kernel vulnerability in bpf_tracing_prog_attach can crash with NULL pointer dereference due to missing attach_btf when attaching tracing programs (rawtp/fentry chain). The issue arises in a sequence of loading a rawtp program, loading an fentry with rawtp as target, creating...
CVE-2023-52451
CVE-2023-52451 affects the Linux kernel on POWER architectures, where a bounds check oversight in pseries hot-add/hot-remove memory logic allowed potential out-of-bounds access in the drmem lmb array when a DRC index lookup failed. The issue manifested as a dereference of a cursor pointing past t...
CVE-2023-52448
CVE-2023-52448 affects the Linux kernel gfs2 subsystem. Syzkaller reported a NULL pointer dereference in gfs2_rgrp_dump when rgd->rd_rgl is accessed, potentially after rgd->rd_gl creation fails in read_rindex_entry(). The fix adds a NULL pointer check in gfs2_rgrp_dump() to prevent derefere...
CVE-2023-52450
CVE-2023-52450 : In the Linux kernel, a NULL pointer dereference vulnerability exists in perf/x86/intel/uncore when discovering UPI topology. The fix changes topology discovery to obtain the logical socket id rather than the physical id, preventing an out-of-bounds access in upi_fill_topology() v...
CVE-2023-52452
CVE-2023-52452 affects the Linux kernel’s BPF verifier and stack handling. The issue allowed privileged programs to read uninitialized stack memory inconsistently, particularly for accesses near state->allocated_stack when growing the stack was required. The patch fixes these accesses in check...
CVE-2023-52449
The CVE refers to a Linux kernel issue where, if both ftl.ko and gluebi.ko are loaded, the ftl notifier may dereference gluebi->desc during gluebi_read(), causing a NULL pointer dereference in the MTD/UBI gluebi flow. Root cause described: gluebi_get_device() is not invoked early enough in the...
CVE-2024-26587
The CVE-2024-26587 issue in Linux kernel netdevsim could crash when destroying a netdevsim with VFs instantiated. The root cause was that PHC gets initialised in nsim_init_netdevsim() (only called for PF ports), but mock_phc_destroy() was not placed there, leading to a NULL pointer dereference du...
CVE-2023-52445
The CVE-2023-52445 vulnerability (Linux kernel, media: pvrusb2) stems from a use-after-free when a context is disconnected during module load; a kthread may call pvr2_context_destroy and free the context before usb hub_event notification. The patch adds a sanity check to prevent the invalid read ...
CVE-2023-52443
CVE-2023-52443 affects the Linux kernel AppArmor parser. A packed profile containing a name like ":samba-dcerpcd" can be treated as only a namespace, causing tmpname to be NULL while tmpns remains non-NULL, which leads to a NULL dereference in aa_alloc_profile during unpack_profile/a a_unpack pat...
CVE-2024-26934
CVE-2024-26934: Linux kernel USB core deadlock in usb_deauthorize_interface() when sysfs attribute callbacks hold a parent device lock. Affected: drivers/usb/core/sysfs.c (interface_authorized_store) acquiring parent device lock; fix uses sysfs_break_active_protection() to avoid waiting for the c...
CVE-2023-52429
CVE-2023-52429 affects the Linux kernel driver path drivers/md/dm-table.c. The issue arises in dm_table_create’s alloc_targets path where, due to a missing check for struct dm_ioctl.target_count, it can allocate more than INT_MAX bytes and crash. Public sources in connected Nessus plugins confirm...