Linux Kernel Security Vulnerabilities
In the Linux kernel, the following vulnerability has been resolved: xen-netfront: Add missing skb_mark_for_recycle Notice that skb_mark_for_recycle() is introduced later than fixes tag incommit 6a5bcd84e886 ("page_pool: Allow drivers to hint on SKB recycling"). It is believed that fixes tag were mi...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: tcp: Fix Use-After-Free in tcp_ao_connect_init Since call_rcu, which is called in the hlist_for_each_entry_rcu traversalof tcp_ao_connect_init, is not part of the RCU read critical section, itis possible that the RCU grace period w...
8.1CVSS
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: Fix Use-After-Free in ovs_ct_exit Since kfree_rcu, which is called in the hlist_for_each_entry_rcu traversalof ovs_ct_limit_exit, is not part of the RCU read critical section, itis possible that the RCU grace peri...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: gtp: Fix Use-After-Free in gtp_dellink Since call_rcu, which is called in the hlist_for_each_entry_rcu traversalof gtp_dellink, is not part of the RCU read critical section, itis possible that the RCU grace period will pass du...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: use timestamp to check for set element timeout Add a timestamp field at the beginning of the transaction, store itin the nftables per-netns area. Update set backend .insert, .deactivate and sync gc path to use...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout When the sco connection is established and then, the sco socketis releasing, timeout_work will be scheduled to judge whetherthe sco disconnection is timeout. The sock wi...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout There is a race condition between l2cap_chan_timeout() andl2cap_chan_del(). When we use l2cap_chan_del() to delete thechannel, the chan->conn will be set to null. But th...
6.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2 This reverts drm/amdgpu: fix ftrace event amdgpu_bo_move always moveon same heap. The basic problem here is that after the move the oldlocation is simply not available...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: firewire: nosy: ensure user_length is taken into account when fetching packet contents Ensure that packet_buffer_get respects the user_length provided. Ifthe length of the head packet exceeds the user_length, packet_buffer_getwill ...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: phonet/pep: fix racy skb_queue_empty() use The receive queues are protected by their respective spin-lock, notthe socket lock. This could lead to skb_peek() unexpectedlyreturning NULL or a pointer to an already dequeued socket buff...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_flow_offload: reset dst in route object after setting up flow dst is transferred to the flow object, route object does not own itanymore. Reset dst in route object, otherwise if flow_offload_add()fails, error path re...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix data races on remote_id Similar to the previous patch, address the data race onremote_id, adding the suitable ONCE annotations.
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs It is observed sometimes when tethering is used over NCM with Windows 11as host, at some instances, the gadget_giveback has one byte appended atthe end of a proper ...
7.5CVSS
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: lib/Kconfig.debug: TEST_IOV_ITER depends on MMU Trying to run the iov_iter unit test on a nommu system such as the qemukc705-nommu emulation results in a crash. KTAP version 1 # Subtest: iov_iter # module: kunit_iov_iter 1..9 BUG: ...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fixed overflow check in mi_enum_attr()
8.4CVSS
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: dmaengine: dw-edma: eDMA: Add sync read before starting the DMA transfer in remote setup The Linked list element and pointer are not stored in the same memory asthe eDMA controller register. If the doorbell register is toggled befo...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: dmaengine: dw-edma: HDMA: Add sync read before starting the DMA transfer in remote setup The Linked list element and pointer are not stored in the same memory asthe HDMA controller register. If the doorbell register is toggled befo...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: reject iftype change with mesh ID change It's currently possible to change the mesh ID when theinterface isn't yet in mesh mode, at the same time aschanging it into mesh mode. This leads to an overwriteof data in the...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: keep DMA buffers required for suspend/resume Nouveau deallocates a few buffers post GPU init which are required for GPU suspend/resume to function correctly.This is likely not as big an issue on systems where the NVGPU...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: power: supply: bq27xxx-i2c: Do not free non existing IRQ The bq27xxx i2c-client may not have an IRQ, in which caseclient->irq will be 0. bq27xxx_battery_i2c_probe() already hasan if (client->irq) check wrapping the request_th...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: efi/capsule-loader: fix incorrect allocation size gcc-14 notices that the allocation with sizeof(void) on 32-bit architecturesis not enough for a 64-bit phys_addr_t: drivers/firmware/efi/capsule-loader.c: In function 'efi_capsule_o...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back In the commit d73ef2d69c0d ("rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length"), an adjustment was made to the old loop logicin the function rtnl_bridge_s...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: netfilter: bridge: confirm multicast packets before passing them up the stack conntrack nf_confirm logic cannot handle cloned skbs referencingthe same nf_conn entry, which will happen for multicast (broadcast)frames on bridges. Exa...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST If we received HCI_EV_IO_CAPA_REQUEST whileHCI_OP_READ_REMOTE_EXT_FEATURES is yet to be responded assume the remotedoes support SSP since otherwise this event shouldn't b...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ipv6: fix potential "struct net" leak in inet6_rtm_getaddr() It seems that if userspace provides a correct IFA_TARGET_NETNSID valuebut no IFA_ADDRESS and IFA_LOCAL attributes, inet6_rtm_getaddr()returns -EINVAL with an elevated "st...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: mctp: take ownership of skb in mctp_local_output Currently, mctp_local_output only takes ownership of skb on success, andwe may leak an skb if mctp_local_output fails in specific states; theskb ownership isn't transferred unti...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: netrom: Fix data-races around sysctl_net_busy_read We need to protect the reader reading the sysctl value because thevalue can be changed concurrently.
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: cpumap: Zero-initialise xdp_rxq_info struct before running XDP program When running an XDP program that is attached to a cpumap entry, we don'tinitialise the xdp_rxq_info data structure being used in the xdp_buffthat backs the XDP ...
5.5CVSS
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk_eth_soc: fix PPE hanging issue A patch to resolve an issue was found in MediaTek's GPL-licensed SDK:In the mtk_ppe_stop() function, the PPE scan mode is not disabled beforedisabling the PPE. This can potentially ...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: mt7622-apmixedsys: Fix an error handling path in clk_mt8135_apmixed_probe() 'clk_data' is allocated with mtk_devm_alloc_clk_data(). So callingmtk_free_clk_data() explicitly in the remove function would lead to adoubl...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't set the MFP flag for the GTK The firmware doesn't need the MFP flag for the GTK, it can even make thefirmware crash. in case the AP is configured with: group cipher TKIP andMFPC. We would send the GTK with...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: nvme: fix reconnection fail due to reserved tag allocation We found a issue on production environment while using NVMe over RDMA,admin_q reconnect failed forever while remote target and network is ok.After dig into it, we found it ...
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Stop parsing channels bits when all channels are found. If a usb audio device sets more bits than the amount of channelsit could write outside of the map array.
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Disable auto-enable of exclusive INTx IRQ Currently for devices requiring masking at the irqchip for INTx, ie.devices without DisINTx support, the IRQ is enabled in request_irq()and subsequently disabled as necessary to a...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline The absence of IRQD_MOVE_PCNTXT prevents immediate effectiveness ofinterrupt affinity reconfiguration via procfs. Instead, the change isdeferred until the next i...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: media: ti: j721e-csi2rx: Fix races while restarting DMA After the frame is submitted to DMA, it may happen that the submittedlist is not updated soon enough, and the DMA callback is triggeredbefore that. This can lead to kernel cra...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: efi: libstub: only free priv.runtime_map when allocated priv.runtime_map is only allocated when efi_novamap is not set.Otherwise, it is an uninitialized value. In the error path, it is freedunconditionally. Avoid passing an uniniti...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound Raw packet from PF_PACKET socket ontop of an IPv6-backed ipvlan device willhit WARN_ON_ONCE() in sk_mc_loop() through sch_direct_xmit() path. WARNING: CPU: 2 PID: 0 at n...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: don't allow unaligned truncation on released compress inode f2fs image may be corrupted after below testcase: mkfs.f2fs -O extra_attr,compression -f /dev/vdb mount /dev/vdb /mnt/f2fs touch /mnt/f2fs/file f2fs_io set...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix to cover {reserve,release}_compress_blocks() w/ cp_rwsem lock It needs to cover {reserve,release}_compress_blocks() w/ cp_rwsem lockto avoid racing with checkpoint, otherwise, filesystem metadata includingblkadd...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: PCI: of_property: Return error for int_map allocation failure Return -ENOMEM from of_pci_prop_intr_map() if kcalloc() fails to prevent aNULL pointer dereference in this case. [bhelgaas: commit log]
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: dma-mapping: benchmark: fix node id validation While validating node ids in map_benchmark_ioctl(), node_possible() maybe provided with invalid argument outside of [0,MAX_NUMNODES-1] rangeleading to: BUG: KASAN: wild-memory-access i...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: fpga: region: add owner module and take its refcount The current implementation of the fpga region assumes that the low-levelmodule registers a driver for the parent device and uses its owner pointerto take the module's refcount. T...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock with fiemap and extent locking While working on the patchset to remove extent locking I got a lockdepsplat with fiemap and pagefaulting with my new extent lock replacementlock. This deadlock exists with our norm...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: tee: optee: Fix kernel panic caused by incorrect error handling The error path while failing to register devices on the TEE bus has abug leading to kernel panic as follows: [ 15.398930] Unable to handle kernel paging request at vir...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix stale locked mutex in nouveau_gem_ioctl_pushbuf If VM_BIND is enabled on the client the legacy submission ioctl can't beused, however if a client tries to do so regardless it will return anerror. In this case the c...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: md/md-bitmap: fix incorrect usage for sb_index Commit d7038f951828 ("md-bitmap: don't use ->index for pages backing thebitmap file") removed page->index from bitmap code, but left wrong codelogic for clustered-md. current cod...
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix bounds check for dcn35 DcfClocks [Why]NumFclkLevelsEnabled is used for DcfClocks bounds checkinstead of designated NumDcfClkLevelsEnabled.That can cause array index out-of-bounds access. [How]Use designated var...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes When moving a station out of a VLAN and deleting the VLAN afterwards, thefast_rx entry still holds a pointer to the VLAN's netdev, which can causeuse-after-free bug...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group The DisplayPort driver's sysfs nodes may be present to the userspace beforetypec_altmode_set_drvdata() completes in dp_altmode_probe. T...
6.6AI Score
0.0004EPSS