Linux Kernel Security Vulnerabilities
In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix unconditional security_locked_down() call Currently, the lockdown state is queried unconditionally, even thoughits result is used only if the PERF_SAMPLE_REGS_INTR bit is set inattr.sample_type. While that doesn't ma...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ovl: fix leaked dentry Since commit 6815f479ca90 ("ovl: use only uppermetacopy state inovl_lookup()"), overlayfs doesn't put temporary dentry when there is ametacopy error, which leads to dentry leaks when shutting down the related...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: qrtr: Avoid potential use after free in MHI send It is possible that the MHI ul_callback will be invoked immediatelyfollowing the queueing of the skb for transmission, leading to thecallback decrementing the refcount of the as...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix masking negation logic upon negative dst register The negation logic for the case where the off_reg is sitting in thedst register is not correct given then we cannot just invert the addto a sub or vice versa. As a fix, per...
6.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix crash in auto_retire The retire logic uses the 2 lower bits of the pointer to the retirefunction to store flags. However, the auto_retire function is notguaranteed to be aligned to a multiple of 4, which causes crashe...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Disable preemption when probing user return MSRs Disable preemption when probing a user return MSR via RDSMR/WRMSR. Ifthe MSR holds a different value per logical CPU, the WRMSR could corruptthe host's value if KVM is pree...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: KVM: nVMX: Always make an attempt to map eVMCS after migration When enlightened VMCS is in use and nested state is migrated withvmx_get_nested_state()/vmx_set_nested_state() KVM can't map evmcspage right away: evmcs gpa is not 'str...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: iio: core: fix ioctl handlers removal Currently ioctl handlers are removed twice. For the first time duringiio_device_unregister() then later on insideiio_device_unregister_eventset() and iio_buffers_free_sysfs_and_mask().Double fr...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Retrieve all the PDOs instead of just the first 4 commit 4dbc6a4ef06d ("usb: typec: ucsi: save power data objectsin PD mode") introduced retrieval of the PDOs when connected to aPD-capable source. But only the fir...
6.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: nbd: Fix NULL pointer in flush_workqueue Open /dev/nbdX first, the config_refs will be 1 andthe pointers in nbd_device are still null. Disconnect/dev/nbdX, then reference a null recv_workq. Theprotection by config_refs in nbd_genl_...
5.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix race condition of overwrite vs truncate pos_fsstress testcase complains a panic as belew: ------------[ cut here ]------------kernel BUG at fs/f2fs/compress.c:1082!invalid opcode: 0000 [#1] SMP PTICPU: 4 PID: 27...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: nvmet-rdma: Fix NULL deref when SEND is completed with error When running some traffic and taking down the link on peer, aretry counter exceeded error is received. This leads tonvmet_rdma_error_comp which tried accessing the cq_con...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: kyber: fix out of bounds access when preempted __blk_mq_sched_bio_merge() gets the ctx and hctx for the current CPU andpasses the hctx to ->bio_merge(). kyber_bio_merge() then gets the ctxfor the current CPU again and uses that ...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ACPI: scan: Fix a memory leak in an error handling path If 'acpi_device_set_name()' fails, we must free'acpi_device_bus_id->bus_id' or there is a (potential) memory leak.
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Free gadget structure only after freeing endpoints As part of commit e81a7018d93a ("usb: dwc3: allocate gadget structuredynamically") the dwc3_gadget_release() was added which will freethe dwc->gadget structur...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock when cloning inline extents and using qgroups There are a few exceptional cases where cloning an inline extent needs tocopy the inline extent data into a page of the destination inode. When this happens, we end ...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: userfaultfd: release page in error path to avoid BUG_ON Consider the following sequence of events: Userspace issues a UFFD ioctl, which ends up calling intoshmem_mfill_atomic_pte(). We successfully account the blocks, weshmem_alloc...
6.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: hfsplus: prevent corruption in shrinking truncate I believe there are some issues introduced by commit 31651c607151("hfsplus: avoid deadlock on file truncation") HFS+ has extent records which always contains 8 extents. In case thef...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: Fix crashes when toggling entry flush barrier The entry flush mitigation can be enabled/disabled at runtime via adebugfs file (entry_flush), which causes the kernel to patch itself toenable/disable the relevant mitigat...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: i40e: Fix use-after-free in i40e_client_subtask() Currently the call to i40e_client_del_instance frees the objectpf->cinst, however pf->cinst->lan_info is being accessed afterthe free. Fix this by adding the missing return...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: avoid overflows in nft_hash_buckets() Number of buckets being stored in 32bit variables, we have toensure that no overflows occur in nft_hash_buckets() syzbot injected a size == 0x40000000 and reported: UBSAN: ...
6.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: sched: Fix out-of-bound access in uclamp Util-clamp places tasks in different buckets based on their clamp valuesfor performance reasons. However, the size of buckets is currentlycomputed using a rounding division, which can lead t...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: can: mcp251x: fix resume from sleep before interface was brought up Since 8ce8c0abcba3 the driver queues work via priv->restart_work whenresuming after suspend, even when the interface was not previouslyenabled. This causes a nu...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: can: mcp251xfd: mcp251xfd_probe(): fix an error pointer dereference in probe When we converted this code to use dev_err_probe() we accidentallyremoved a return. It means that if devm_clk_get() it will lead to anOops when we call cl...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: Fix a memleak from userdata error path in new objects Release object name if userdata allocation fails.
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: arm64: entry: always set GIC_PRIO_PSR_I_SET during entry Zenghui reports that booting a kernel with "irqchip.gicv3_pseudo_nmi=1"on the command line hits a warning during kernel entry, due to the waywe manipulate the PMR. Early in t...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ethernet:enic: Fix a use after free bug in enic_hard_start_xmit In enic_hard_start_xmit, it calls enic_queue_wq_skb(). Insideenic_queue_wq_skb, if some error happens, the skb will be freedby dev_kfree_skb(skb). But the freed skb is...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: sctp: do asoc update earlier in sctp_sf_do_dupcook_a There's a panic that occurs in a few of envs, the call trace is as below: [] general protection fault, ... 0x29acd70f1000a: 0000 [#1] SMP PTI[] RIP: 0010:sctp_ulpevent_notify_pee...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ceph: fix inode leak on getattr error in __fh_to_dentry
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: xprtrdma: Fix cwnd update ordering After a reconnect, the reply handler is opening the cwnd (and thusenabling more RPC Calls to be sent) /before/ rpcrdma_post_recvs()can post enough Receive WRs to receive their replies. This causes...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix null pointer dereference in svc_rqst_free() When alloc_pages_node() returns null in svc_rqst_alloc(), thenull rq_scratch_page pointer will be dereferenced when callingput_page() in svc_rqst_free(). Fix it by adding a nu...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix potential null dereference on pointer status There are calls to idxd_cmd_exec that pass a null status pointer howevera recent commit has added an assignment to *status that can end upwith a null pointer derefer...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid touching checkpointed data in get_victim() In CP disabling mode, there are two issues when using LFS or SSR | AT_SSRmode to select victim: LFS is set to find source section during GC, the victim should haveno che...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Fix NULL pointer dereference for ->get_features() get_features ops of pci_epc_ops may return NULL, causing NULL pointerdereference in pci_epf_test_alloc_space function. Let us add a check forpci_epc_feature pointe...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ARM: 9064/1: hw_breakpoint: Do not directly check the event's overflow_handler hook The commit 1879445dfa7b ("perf/core: Set event's default::overflow_handler()") set a default event->overflow_handler inperf_event_alloc(), and r...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix panic during f2fs_resize_fs() f2fs_resize_fs() hangs in below callstack with testcase: mkfs 16GB image & mount image dd 8GB fileA dd 8GB fileB sync rm fileA sync resize filesystem to 8GB kernel BUG at segment.c:2484!Call ...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Make sure GHCB is mapped before updating Access to the GHCB is mainly in the VMGEXIT path and it is known that theGHCB will be mapped. But there are two paths where it is possible the GHCBmight not be mapped. The sev_vcpu...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Fix memory leak on object td Two error return paths are neglecting to free allocated object td,causing a memory leak. Fix this by returning via the error returnpath that securely kfree's td. Fixes clang scan-build wa...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: Only allow init netns to set default tcp cong to a restricted algo tcp_set_default_congestion_control() is netns-safe in that it writesto &net->ipv4.tcp_congestion_control, but it also setsca->flags |= TCP_CONG_NON_RESTR...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mm: memcontrol: slab: fix obtain a reference to a freeing memcg Patch series "Use obj_cgroup APIs to charge kmem pages", v5. Since Roman's series "The new cgroup slab memory controller" applied.All slab objects are charged with the...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix a use after free in siw_alloc_mr Our code analyzer reported a UAF. In siw_alloc_mr(), it calls siw_mr_add_mem(mr,..). In the implementation ofsiw_mr_add_mem(), mem is assigned to mr->mem and then mem is freed viakf...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send In emac_mac_tx_buf_send, it calls emac_tx_fill_tpd(..,skb,..).If some error happens in emac_tx_fill_tpd(), the skb will be freed viadev_kfree_skb(skb) in error branch ...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net/sched: act_ct: fix wild memory access when clearing fragments while testing re-assembly/re-fragmentation using act_ct, it's possible toobserve a crash like the following one: KASAN: maybe wild-memory-access in range [0x00010000...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix RX consumer index logic in the error path. In bnxt_rx_pkt(), the RX buffers are expected to complete in order.If the RX consumer index indicates an out of order buffer completion,it means we are hitting a hardware bug ...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: m68k: mvme147,mvme16x: Don't wipe PCC timer config bits Don't clear the timer 1 configuration bits when clearing the interrupt flagand counter overflow. As Michael reported, "This results in no timerinterrupts being delivered after...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ath10k: Fix a use after free in ath10k_htc_send_bundle In ath10k_htc_send_bundle, the bundle_skb could be freed bydev_kfree_skb_any(bundle_skb). But the bundle_skb is used laterby bundle_skb->len. As skb_len = bundle_skb->len...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: powerpc/64: Fix the definition of the fixmap area At the time being, the fixmap area is defined at the top ofthe address space or just below KASAN. This definition is not valid for PPC64. For PPC64, use the top of the I/O space. Be...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mt76: mt7921: fix possible invalid register access Disable the interrupt and synchronze for the pending irq handlers to ensurethe irq tasklet is not being scheduled after the suspend to avoid thepossible invalid register access act...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: soundwire: stream: fix memory leak in stream config error path When stream config is failed, master runtime will release allslave runtime in the slave_rt_list, but slave runtime is notadded to the list at this time. This patch free...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mt76: mt7915: fix memleak when mt7915_unregister_device() mt7915_tx_token_put() should get call before mt76_free_pending_txwi().
6.6AI Score
0.0004EPSS