Linux Kernel Security Vulnerabilities
In the Linux kernel, the following vulnerability has been resolved: mt76: mt7615: fix memleak when mt7615_unregister_device() mt7615_tx_token_put() should get call before mt76_free_pending_txwi().
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: marvell: prestera: fix port event handling on init For some reason there might be a crash during ports creation if portevents are handling at the same time because fw may send initialport event with down state. The crash point...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: free queued packets when closing socket As reported by syzbot [1], there is a memory leak while closing thesocket. We partially solved this issue with commit ac03046ece2b("vsock/virtio: free packets during the socket ...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: iommu/mediatek: Always enable the clk on resume In mtk_iommu_runtime_resume always enable the clk, evenif m4u_dom is null. Otherwise the 'suspend' cb mightdisable the clk which is already disabled causing the warning: [ 1.586104] i...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: RDMA/rtrs-clt: destroy sysfs after removing session from active list A session can be removed dynamically by sysfs interface "remove_path" thateventually calls rtrs_clt_remove_path_from_sysfs function. The currentrtrs_clt_remove_pa...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mt76: mt7921: fix kernel crash when the firmware fails to download Fix kernel crash when the firmware is missing or fails to download. [ 9.444758] kernel BUG at drivers/pci/msi.c:375![ 9.449363] Internal error: Oops - BUG: 0 [#1] P...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mt76: mt7915: fix txrate reporting Properly check rate_info to fix unexpected reporting. [ 1215.161863] Call trace:[ 1215.164307] cfg80211_calculate_bitrate+0x124/0x200 [cfg80211][ 1215.170139] ieee80211s_update_metric+0x80/0xc0 [m...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mt76: connac: fix kernel warning adding monitor interface Fix the following kernel warning adding a monitor interface inmt76_connac_mcu_uni_add_dev routine. [ 507.984882] ------------[ cut here ]------------[ 507.989515] WARNING: C...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mt76: mt7615: fix memory leak in mt7615_coredump_work Similar to the issue fixed in mt7921_coredump_work, fix a possible memoryleak in mt7615_coredump_work routine.
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mt76: mt7921: fix memory leak in mt7921_coredump_work Fix possible memory leak in mt7921_coredump_work.
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mt76: mt7915: fix tx skb dma unmap The first pointer in the txp needs to be unmapped as well, otherwise it willleak DMA mapping entries
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mt76: mt7615: fix tx skb dma unmap The first pointer in the txp needs to be unmapped as well, otherwise it willleak DMA mapping entries
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: Fix pte update for kernel memory on radix When adding a PTE a ptesync is needed to order the update of the PTEwith subsequent accesses otherwise a spurious fault may be raised. radix__set_pte_at() does not do this for ...
6.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Remove WO permissions on second-level paging entries When the first level page table is used for IOVA translation, it onlysupports Read-Only and Read-Write permissions. The Write-Only permissionis not supported as the P...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: udp: skip L4 aggregation for UDP tunnel packets If NETIF_F_GRO_FRAGLIST or NETIF_F_GRO_UDP_FWD are enabled, and thereare UDP tunnels available in the system, udp_gro_receive() could end-updoing L4 aggregation (either SKB_GSO_UDP_L4...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ASoC: q6afe-clocks: fix reprobing of the driver Q6afe-clocks driver can get reprobed. For example if the APR servicesare restarted after the firmware crash. However currently Q6afe-clocksdriver will oops because hw.init will get cl...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: avoid deadlock between hci_dev->lock and socket lock Commit eab2404ba798 ("Bluetooth: Add BT_PHY socket option") added adependency between socket lock and hci_dev->lock that could lead todeadlock. It turns out that...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ataflop: potential out of bounds in do_format() The function uses "type" as an array index: q = unit[drive].disk[type]->queue; Unfortunately the bounds check on "type" isn't done until later in thefunction. Fix this by moving th...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: io_uring: fix overflows checks in provide buffers Colin reported before possible overflow and sign extension problems inio_provide_buffers_prep(). As Linus pointed out previous attempt did nothinguseful, see d81269fecb8ce ("io_urin...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: fix incorrect locking in state_change sk callback We are not changing anything in the TCP connection state sowe should not take a write_lock but rather a read lock. This caused a deadlock when running nvmet-tcp and nvme-...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Free local data after use Fixes the following memory leak in dc_link_construct(): unreferenced object 0xffffa03e81471400 (size 1024):comm "amd_module_load", pid 2486, jiffies 4294946026 (age 10.544s)hex dump (first...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: media: venus: core: Fix some resource leaks in the error path of 'venus_probe()' If an error occurs after a successful 'of_icc_get()' call, it must beundone. Use 'devm_of_icc_get()' instead of 'of_icc_get()' to avoid the leak.Updat...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix shift-out-of-bounds in load_balance() Syzbot reported a handful of occurrences where an sd->nr_balance_failed cangrow to much higher values than one would expect. A successful load_balance() resets it to 0; a fai...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix null pointer dereference in lpfc_prep_els_iocb() It is possible to call lpfc_issue_els_plogi() passing a did for which nomatching ndlp is found. A call is then made to lpfc_prep_els_iocb() with anull pointer to a lp...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix off by one in hdmi_14_process_transaction() The hdcp_i2c_offsets[] array did not have an entry forHDCP_MESSAGE_ID_WRITE_CONTENT_STREAM_TYPE so it led to an off by oneread overflow. I added an entry and copied t...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: spi: spi-zynqmp-gqspi: return -ENOMEM if dma_map_single fails The spi controller supports 44-bit address space on AXI in DMA mode,so set dma_addr_t width to 44-bit to avoid using a swiotlb mapping.In addition, if dma_map_single fai...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: spi: spi-zynqmp-gqspi: fix use-after-free in zynqmp_qspi_exec_op When handling op->addr, it is using the buffer "tmpbuf" which has beenfreed. This will trigger a use-after-free KASAN warning. Let's usetemporary variables to stor...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Use after free in __vmbus_open() The "open_info" variable is added to the &vmbus_connection.chn_msg_list,but the error handling frees "open_info" without removing it from thelist. This will result in a use after...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: memory: renesas-rpc-if: fix possible NULL pointer dereference of resource The platform_get_resource_byname() can return NULL which would beimmediately dereferenced by resource_size(). Instead dereference itafter validating the reso...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: spi: fsl-lpspi: Fix PM reference leak in lpspi_prepare_xfer_hardware() pm_runtime_get_sync will increment pm usage counter even it failed.Forgetting to putting operation will result in reference leak here.Fix it by replacing it wit...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: crypto: sa2ul - Fix memory leak of rxd There are two error return paths that are not freeing rxd and causingmemory leaks. Fix these. Addresses-Coverity: ("Resource leak")
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: crypto: sun8i-ss - Fix memory leak of pad It appears there are several failure return paths that don't seemto be free'ing pad. Fix these. Addresses-Coverity: ("Resource leak")
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: bus: qcom: Put child node before return Put child node before return to fix potential reference count leak.Generally, the reference count of child is incremented and decrementedautomatically in the macro for_each_available_child_of...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mtd: require write permissions for locking and badblock ioctls MEMLOCK, MEMUNLOCK and OTPLOCK modify protection bits. Thus requirewrite permission. Depending on the hardware MEMLOCK might even bewrite-once, e.g. for SPI-NOR flashes...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init ADF_STATUS_PF_RUNNING is (only) used and checked by adf_vf2pf_shutdown()before calling adf_iov_putmsg()->mutex_lock(vf2pf_lock), however thevf2pf_lock is initi...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: crypto: sun8i-ss - Fix memory leak of object d when dma_iv fails to map In the case where the dma_iv mapping fails, the return error path leaksthe memory allocated to object d. Fix this by adding a new error returnlabel and jumping...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: regmap: set debugfs_name to NULL after it is freed There is a upstream commit cffa4b2122f5("regmap:debugfs:Fix a memory leak when calling regmap_attach_dev") thatadds a if condition when create name for debugfs_name.With below func...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: crypto: sun8i-ss - fix result memory leak on error path This patch fixes a memory leak on an error path.
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: KVM: Stop looking for coalesced MMIO zones if the bus is destroyed Abort the walk of coalesced MMIO zones if kvm_io_bus_unregister_dev()fails to allocate memory for the new instance of the bus. If it can'tinstantiate a new bus, unr...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: KVM: Destroy I/O bus devices on unregister failure after sync'ing SRCU If allocating a new instance of an I/O bus fails when unregistering adevice, wait to destroy the device until after all readers are guaranteedto see the new nul...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Use online_vcpus, not created_vcpus, to iterate over vCPUs Use the kvm_for_each_vcpu() helper to iterate over vCPUs when encryptingVMSAs for SEV, which effectively switches to use online_vcpus instead ofcreated_vcpus. Thi...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm: bridge/panel: Cleanup connector on bridge detach If we don't call drm_connector_cleanup() manually inpanel_bridge_detach(), the connector will be cleaned up with the otherDRM objects in the call to drm_mode_config_cleanup(). H...
6.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mt76: fix potential DMA mapping leak With buf uninitialized in mt76_dma_tx_queue_skb_raw, its field skip_unmapcould potentially inherit a non-zero value from stack garbage.If this happens, it will cause DMA mappings for MCU command...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: rtw88: Fix array overrun in rtw_get_tx_power_params() Using a kernel with the Undefined Behaviour Sanity Checker (UBSAN) enabled, thefollowing array overrun is logged: ===============================================================...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: async_xor: increase src_offs when dropping destination page Now we support sharing one page if PAGE_SIZE is not equal stripe size. Tosupport this, it needs to support calculating xor value with differentoffsets for each r5dev. One ...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: soc/tegra: regulators: Fix locking up when voltage-spread is out of range Fix voltage coupler lockup which happens when voltage-spread is outof range due to a bug in the code. The max-spread requirement shall beaccounted when CPU r...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net/nfc: fix use-after-free llcp_sock_bind/connect Commits 8a4cd82d ("nfc: fix refcount leak in llcp_sock_connect()")and c33b1cc62 ("nfc: fix refcount leak in llcp_sock_bind()")fixed a refcount leak bug in bind/connect but introduc...
7.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry do_mq_timedreceive calls wq_sleep with a stack local address. Thesender (do_mq_timedsend) uses this address to later call pipelined_send. This leads to a very...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: uio_hv_generic: Fix another memory leak in error handling paths Memory allocated by 'vmbus_alloc_ring()' at the beginning of the probefunction is never freed in the error handling path. Add the missing 'vmbus_free_ring()' call. Not...
6.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: uio_hv_generic: Fix a memory leak in error handling paths If 'vmbus_establish_gpadl()' fails, the (recv|send)_gpadl will not beupdated and 'hv_uio_cleanup()' in the error handling path will not beable to free the corresponding buff...
6.4AI Score
0.0004EPSS