Linux Kernel Security Vulnerabilities
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix memory leak in create_process failure Fix memory leak due to a leaked mmget reference on an error handlingcode path that is triggered when attempting to create KFD processeswhile a GPU reset is in progress.
5.5CVSS
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled When I did hard offline test with hugetlb pages, below deadlock occurs: ======================================================WARNING: possible circular locki...
5.5CVSS
6.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: init/main.c: Fix potential static_command_line memory overflow We allocate memory of size 'xlen + strlen(boot_command_line) + 1' forstatic_command_line, but the strings copied into static_command_line areextra_command_line and comm...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: arm64: hibernate: Fix level3 translation fault in swsusp_save() On arm64 machines, swsusp_save() faults if it attempts to accessMEMBLOCK_NOMAP memory ranges. This can be reproduced in QEMU using UEFIwhen booting with rodata=off deb...
5.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Write-protect L2 SPTEs in TDP MMU when clearing dirty status Check kvm_mmu_page_ad_need_write_protect() when deciding whether towrite-protect or clear D-bits on TDP MMU SPTEs, so that the TDP MMUaccounts for any role-...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: x86: Don't overflow lpage_info when checking attributes Fix KVM_SET_MEMORY_ATTRIBUTES to not overflow lpage_info array and triggerKASAN splat, as seen in the private_mem_conversions_test selftest. When memory attribut...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: KVM: x86/pmu: Disable support for adaptive PEBS Drop support for virtualizing adaptive PEBS, as KVM's implementation isarchitecturally broken without an obvious/easy path forward, and becauseexposing adaptive PEBS can leak host LBR...
5.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: fs: sysfs: Fix reference leak in sysfs_break_active_protection() The sysfs_break_active_protection() routine has an obvious referenceleak in its error path. If the call to kernfs_find_and_get() fails thenkn will be NULL, so the com...
6.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: speakup: Avoid crash on very long word In case a console is set up really large and contains a really long word(> 256 characters), we have to stop before the length of the word buffer.
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: Correct the PDO counting in pd_set Off-by-one errors happen because nr_snk_pdo and nr_src_pdo areincorrectly added one. The index of the loop is equal to the number ofPDOs to be updated when leaving the loop and i...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport error When ncm function is working and then stop usb0 interface for link down,eth_stop() is called. At this piont, accidentally if usb transport errorshould h...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: host: Fix dereference issue in DDMA completion flow. Fixed variable dereference issue in DDMA completion flow.
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: serial: core: Clearing the circular buffer before NULLifying it The circular buffer is NULLified in uart_tty_port_shutdown()under the spin lock. However, the PM or other timer based callbacksmay still trigger after this event witho...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: serial/pmac_zilog: Remove flawed mitigation for rx irq flood The mitigation was intended to stop the irq completely. That may bebetter than a hard lock-up but it turns out that you get a crash anywayif you're using pmac_zilog as a ...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: serial: mxs-auart: add spinlock around changing cts state The uart_handle_cts_change() function in serial_core expects the callerto hold uport->lock. For example, I have seen the below kernel splat,when the Bluetooth driver is l...
6.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: comedi: vmk80xx: fix incomplete endpoint checking While vmk80xx does have endpoint checking implemented, some thingscan fall through the cracks. Depending on the hardware model,URBs can have either bulk or interrupt type, and curre...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: Do a runtime PM get on controllers during probe mt8183-mfgcfg has a mutual dependency with genpd during the probingstage, which leads to a deadlock in the following call stack: CPU0: genpd_lock --> clk_prepare_loc...
6.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: clk: Get runtime PM before walking tree for clk_summary Similar to the previous commit, we should make sure that all devices areruntime resumed before printing the clk_summary through debugfs. Failureto do so would result in a dead...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: clk: Get runtime PM before walking tree during disable_unused Doug reported [1] the following hung task: INFO: task swapper/0:1 blocked for more than 122 seconds.Not tainted 5.15.149-21875-gf795ebc40eb8 #1"echo 0 > /proc/sys/ker...
6.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: interconnect: Don't access req_list while it's being manipulated The icc_lock mutex was split into separate icc_lock and icc_bw_lockmutexes in [1] to avoid lockdep splats. However, this didn't adequatelyprotect access to icc_node::...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: thermal/debugfs: Add missing count increment to thermal_debug_tz_trip_up() The count field in struct trip_stats, representing the number of timesthe zone temperature was above the trip point, needs to be incrementedin thermal_debug...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: userfaultfd: change src_folio after ensuring it's unpinned in UFFDIO_MOVE Commit d7a08838ab74 ("mm: userfaultfd: fix unexpected change to src_foliowhen UFFDIO_MOVE fails") moved the src_folio->{mapping, index} changing toafter c...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm: nv04: Fix out of bounds access When Output Resource (dcb->or) value is assigned infabricate_dcb_output(), there may be out of bounds access todac_users array in case dcb->or is zero because ffs(dcb->or) isused as inde...
6.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: s390/cio: fix race condition during online processing A race condition exists in ccw_device_set_online() that can cause theonline process to fail, leaving the affected device in an inconsistentstate. As a result, subsequent attempt...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix mirred deadlock on device recursion When the mirred action is used on a classful egress qdisc and a packet ismirrored or redirected to self we hit a qdisc lock deadlock.See trace below. [..... other info removed for ...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix memleak in map from abort path The delete set command does not rely on the transaction object forelement removal, therefore, a combination of delete element + delete setfrom the abort path could result in ...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: restore set elements when delete set fails From abort path, nft_mapelem_activate() needs to restore refcounters tothe original state. Currently, it uses the set->ops->walk() to iterateover these set elem...
5.5CVSS
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: tun: limit printing rate when illegal packet received by tun dev vhost_worker will call tun call backs to receive packets. If too manyillegal packets arrives, tun_do_read will keep dumping packet contents.When console is enabled, i...
5.5CVSS
6.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Prevent deadlock while disabling aRFS When disabling aRFS under the priv->state_lock, any scheduledaRFS works are canceled using the cancel_work_sync function,which waits for the work to end if it has already started....
5.5CVSS
6.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: incorrect pppoe tuple pppoe traffic reaching ingress path does not match the flowtable entrybecause the pppoe header is expected to be at the network header offset.This bug causes a mismatch in the flow table ...
5.5CVSS
6.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: validate pppoe header Ensure there is sufficient room to access the protocol field of thePPPoe header. Validate it once before the flowtable lookup, then use ahelper function to access protocol field.
5.5CVSS
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: walk over current view on netlink dump The generation mask can be updated while netlink dump is in progress.The pipapo set backend walk iterator cannot rely on it to infer whatview of the datastructure is...
5.5CVSS
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: netfilter: br_netfilter: skip conntrack input hook for promisc packets For historical reasons, when bridge device is in promisc mode, packetsthat are directed to the taps follow bridge input hook path. This patchadds a workaround t...
7.8CVSS
6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() nft_unregister_obj() can concurrent with __nft_obj_type_get(),and there is not any protection when iterate over nf_tables_objectslist in __nft_obj_type_get(). Th...
4.7CVSS
6.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() nft_unregister_expr() can concurrent with __nft_expr_type_get(),and there is not any protection when iterate over nf_tables_expressionslist in __nft_expr_type_g...
7CVSS
6.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: r8169: fix LED-related deadlock on module removal Binding devm_led_classdev_register() to the netdev is problematicbecause on module removal we get a RTNL-related deadlock. Fix thisby avoiding the device-managed LED functions. Note...
7.8CVSS
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: fork: defer linking file vma until vma is fully initialized Thorvald reported a WARNING [1]. And the root cause is below race: CPU 1 CPU 2fork hugetlbfs_fallocatedup_mmap hugetlbfs_punch_holei_mmap_lock_write(mapping);vma_interval_...
7.8CVSS
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: md: Fix missing release of 'active_io' for flush submit_flushesatomic_set(&mddev->flush_pending, 1);rdev_for_each_rcu(rdev, mddev)atomic_inc(&mddev->flush_pending);bi->bi_end_io = md_end_flushsubmit_bio(bi);/* flush io is ...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net/rds: fix WARNING in rds_conn_connect_if_down If connection isn't established yet, get_mr() will fail, trigger connection afterget_mr().
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: nbd: null check for nla_nest_start nla_nest_start() may fail and return NULL. Insert a check and set errnobased on other call sites within the same source code.
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: vmxnet3: Fix missing reserved tailroom Use rbi->len instead of rcd->len for non-dataring packet. Found issue:XDP_WARN: xdp_update_frame_from_buff(line:278): Driver BUG: missing reserved tailroomWARNING: CPU: 0 PID: 0 at net/c...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: dpll: fix dpll_xa_ref_*_del() for multiple registrations Currently, if there are multiple registrations of the same pin on thesame dpll device, following warnings are observed:WARNING: CPU: 5 PID: 2212 at drivers/dpll/dpll_core.c:1...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: spi: spi-mt65xx: Fix NULL pointer access in interrupt handler The TX buffer in spi_transfer can be a NULL pointer, so the interrupthandler may end up writing to the invalid memory and cause crashes. Add a check to trans->tx_buf ...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix mmhub client id out-of-bounds access Properly handle cid 0x140.
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Use separate handlers for interrupts For PF to AF interrupt vector and VF to AF vector sameinterrupt handler is registered which is causing race condition.When two interrupts are raised to two CPUs at same timethen tw...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: NFS: Fix nfs_netfs_issue_read() xarray locking for writeback interrupt The loop inside nfs_netfs_issue_read() currently does not disableinterrupts while iterating through pages in the xarray to submitfor NFS read. This is not safe ...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid potential panic during recovery During recovery, if FAULT_BLOCK is on, it is possible thatf2fs_reserve_new_block() will return -ENOSPC during recovery,then it may trigger panic. Also, if fault injection rate is 1...
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to remove unnecessary f2fs_bug_on() to avoid panic verify_blkaddr() will trigger panic once we inject fault intof2fs_is_valid_blkaddr(), fix to remove this unnecessary f2fs_bug_on().
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix to cover normal cluster write with cp_rwsem When we overwrite compressed cluster w/ normal cluster, we shouldnot unlock cp_rwsem during f2fs_write_raw_pages(), otherwise datawill be corrupted if partial blocks w...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix to guarantee persisting compressed blocks by CP If data block in compressed cluster is not persisted with metadataduring checkpoint, after SPOR, the data may be corrupted, let'sguarantee to write compressed page...
6.6AI Score
0.0004EPSS