Linux Kernel Security Vulnerabilities
In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Avoid unnecessary destruction of file_ida file_ida is allocated during cdev open and is freed accordinglyduring cdev release. This sequence is guaranteed by driver fileoperations. Therefore, there is no need to des...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger When the cpu5wdt module is removing, the origin code uses del_timer() tode-activate the timer. If the timer handler is running, del_timer() couldnot stop it and ...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: iio: adc: PAC1934: fix accessing out of bounds array index Fix accessing out of bounds array index for averagecurrent and voltage measurements. The device itself hasonly 4 channels, but in sysfs there are "fake"channels for the ave...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: vfio/pci: fix potential memory leak in vfio_intx_enable() If vfio_irq_ctx_alloc() failed will lead to 'name' memory leak.
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: serial: max3100: Update uart_driver_registered on driver removal The removal of the last MAX3100 device triggers the removal ofthe driver. However, code doesn't update the respective globalvariable and after insmod — rmmod — insmod...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: serial: max3100: Lock port->lock when calling uart_handle_cts_change() uart_handle_cts_change() has to be called with port lock taken,Since we run it in a separate work, the lock may not be taken atthe time of running. Make sure...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: soundwire: cadence: fix invalid PDI offset For some reason, we add an offset to the PDI, presumably to skip thePDI0 and PDI1 which are reserved for BPT. This code is however completely wrong and leads to an out-of-boundsaccess. We ...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: f2fs: multidev: fix to recognize valid zero block address As reported by Yi Zhang in mailing list [1], kernel warning was catchedduring zbd/010 test as below: ./check zbd/010zbd/010 (test gap zone support with F2FS) [failed]runtime...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: greybus: lights: check return of get_channel_from_mode If channel for the given node is not found we return null fromget_channel_from_mode. Make sure we validate the return pointerbefore using it in two of the missing places. This ...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: enic: Validate length of nl attributes in enic_set_vf_port enic_set_vf_port assumes that the nl attribute IFLA_PORT_PROFILEis of length PORT_PROFILE_MAX and that the nl attributesIFLA_PORT_INSTANCE_UUID, IFLA_PORT_HOST_UUID are of ...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: s390/ap: Fix crash in AP internal function modify_bitmap() A system crash like this Failing address: 200000cb7df6f000 TEID: 200000cb7df6f403Fault in home space mode while using kernel ASCE.AS:00000002d71bc007 R3:00000003fe5b8007 S:...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: bpf: Allow delete from sockmap/sockhash only if update is allowed We have seen an influx of syzkaller reports where a BPF program attached toa tracepoint triggers a locking rule violation by performing a map_deleteon a sockmap/sock...
4.7CVSS
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix list corruption from resetting io stat Since commit 3b8cc6298724 ("blk-cgroup: Optimize blkcg_rstat_flush()"),each iostat instance is added to blkcg percpu list, so blkcg_reset_stats()can't reset the stat instance b...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm: zynqmp_dpsub: Always register bridge We must always register the DRM bridge, since zynqmp_dp_hpd_work_funccalls drm_bridge_hpd_notify, which in turn expects hpd_mutex to beinitialized. We do this before zynqmp_dpsub_drm_init s...
7.8CVSS
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: riscv: prevent pt_regs corruption for secondary idle threads Top of the kernel thread stack should be reserved for pt_regs. Howeverthis is not the case for the idle threads of the secondary boot harts.Their stacks overlap with thei...
7.8CVSS
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: dma-buf/sw-sync: don't enable IRQ from sync_print_obj() Since commit a6aa8fca4d79 ("dma-buf/sw-sync: Reduce irqsave/irqrestore fromknown context") by error replaced spin_unlock_irqrestore() withspin_unlock_irq() for both sync_debug...
5.5CVSS
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() Syzbot reports a warning as follows: ============================================WARNING: CPU: 0 PID: 5075 at fs/mbcache.c:419 mb_cache_destroy+0x224/0x290Mo...
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: dma-mapping: benchmark: handle NUMA_NO_NODE correctly cpumask_of_node() can be called for NUMA_NO_NODE inside do_map_benchmark()resulting in the following sanitizer report: UBSAN: array-index-out-of-bounds in ./arch/x86/include/asm...
7.8CVSS
6.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix buffer size in gfx_v9_4_3_init_ cp_compute_microcode() and rlc_microcode() The function gfx_v9_4_3_init_microcode in gfx_v9_4_3.c was generatingabout potential truncation of output when using the snprintf function.T...
7.8CVSS
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: um: Add winch to winch_handlers before registering winch IRQ Registering a winch IRQ is racy, an interrupt may occur before the winch isadded to the winch_handlers list. If that happens, register_winch_irq() adds to that list a win...
5.5CVSS
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: Revert "xsk: Support redirect to any socket bound to the same umem" This reverts commit 2863d665ea41282379f108e4da6c8a2366ba66db. This patch introduced a potential kernel crash when multiple napi instancesredirect to the same AF_XD...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: bonding: fix oops during rmmod "rmmod bonding" causes an oops ever since commit cc317ea3d927 ("bonding:remove redundant NULL check in debugfs function"). Here are the relevantfunctions being called: bonding_exit()bond_destroy_debug...
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mm/memory-failure: fix handling of dissolved but not taken off from buddy pages When I did memory failure tests recently, below panic occurs: page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8cee00flags: 0x6fffe...
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net/9p: fix uninit-value in p9_client_rpc() Syzbot with the help of KMSAN reported the following error: BUG: KMSAN: uninit-value in trace_9p_client_res include/trace/events/9p.h:146 [inline]BUG: KMSAN: uninit-value in p9_client_rpc...
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: io_uring: check for non-NULL file pointer in io_file_can_poll() In earlier kernels, it was possible to trigger a NULL pointerdereference off the forced async preparation path, if no file hadbeen assigned. The trace leading to that ...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: clk: bcm: rpi: Assign ->num before accessing ->hws Commit f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with__counted_by") annotated the hws member of 'struct clk_hw_onecell_data'with __counted_by, which informs the...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: clk: bcm: dvp: Assign ->num before accessing ->hws Commit f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with__counted_by") annotated the hws member of 'struct clk_hw_onecell_data'with __counted_by, which informs the...
9.8CVSS
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: 9p: add missing locking around taking dentry fid list Fix a use-after-free on dentry's d_fsdata fid list when a threadlooks up a fid through dentry while another thread unlinks it: UAF thread:refcount_t: addition on 0; use-after-fr...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: media: v4l: async: Fix notifier list entry init struct v4l2_async_notifier has several list_head members, but onlywaiting_list and done_list are initialized. notifier_entry was kept'zeroed' leading to an uninitialized list_head.Thi...
7.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: media: mgb4: Fix double debugfs remove Fixes an error where debugfs_remove_recursive() is called first on a parentdirectory and then again on a child which causes a kernel panic. [hverkuil: added Fixes/Cc tags]
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: thermal/drivers/qcom/lmh: Check for SCM availability at probe Up until now, the necessary scm availability check has not beenperformed, leading to possible null pointer dereferences (which didhappen for me on RB1). Fix that.
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode() syzbot reports a kernel bug as below: F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 BUG: KASAN: slab-out-of-bounds in f2fs_test_bit fs/f2fs/f2fs.h:29...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix deadlock in smb2_find_smb_tcon() Unlock cifs_tcp_ses_lock before calling cifs_put_smb_ses() to avoid suchdeadlock.
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors The error handling in nilfs_empty_dir() when a directory folio/page readfails is incorrect, as in the old ext2 implementation, and if thefolio/page cannot be rea...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: eventfs: Fix a possible null pointer dereference in eventfs_find_events() In function eventfs_find_events,there is a potential null pointerthat may be caused by calling update_events_attr which will performsome operations on the me...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: add error handle to avoid out-of-bounds if the sdma_v4_0_irq_id_to_seq return -EINVAL, the process shouldbe stop to avoid out-of-bounds read, so directly return -EINVAL.
7AI Score
0.0004EPSS