Linux Kernel Security Vulnerabilities
In the Linux kernel, the following vulnerability has been resolved: ALSA: seq: Fix race of snd_seq_timer_open() The timer instance per queue is exclusive, and snd_seq_timer_open()should have managed the concurrent accesses. It looks as if it'schecking the already existing timer instance at the begi...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: spi: bcm2835: Fix out-of-bounds access with more than 4 slaves Commit 571e31fa60b3 ("spi: bcm2835: Cache CS register value for->prepare_message()") limited the number of slaves to 3 at compile-time.The limitation was necessitate...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net:sfc: fix non-freed irq in legacy irq mode SFC driver can be configured via modparam to work using MSI-X, MSI orlegacy IRQ interrupts. In the last one, the interrupt was not properlyreleased on module remove. It was not freed be...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: isdn: mISDN: netjet: Fix crash in nj_probe: 'nj_setup' in netjet.c might fail with -EIO and in this case'card->irq' is initialized and is bigger than zero. A subsequent call to'nj_release' will free the irq that has not been req...
4.7CVSS
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: bus: mhi: core: Validate channel ID when processing command completions MHI reads the channel ID from the event ring element sent by thedevice which can be any value between 0 and 255. In order toprevent any out of bound accesses, ...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: driver core: auxiliary bus: Fix memory leak when driver_register() fail If driver_register() returns with error we need to free the memoryallocated for auxdrv->driver.name before returning from__auxiliary_driver_register()
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf() Fix an 11-year old bug in ngene_command_config_free_buf() whileaddressing the following warnings caught with -Warray-bounds: arch/alpha/include/asm/string.h:22:...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ACPI: fix NULL pointer dereference Commit 71f642833284 ("ACPI: utils: Fix reference counting infor_each_acpi_dev_match()") started doing "acpi_dev_put()" on a pointerthat was possibly NULL. That fails miserably, because that helper...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix NULL dereference on XCOPY completion CPU affinity control added with commit 39ae3edda325 ("scsi: target: core:Make completion affinity configurable") makes target_complete_cmd() queuework on a CPU based on se_tpg-...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ipv6: fix another slab-out-of-bounds in fib6_nh_flush_exceptions While running the self-tests on a KASAN enabled kernel, I observed aslab-out-of-bounds splat very similar to the one reported incommit 821bbf79fe46 ("ipv6: Fix KASAN:...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: io_uring: fix memleak in io_init_wq_offload() I got memory leak report when doing fuzz test: BUG: memory leakunreferenced object 0xffff888107310a80 (size 96):comm "syz-executor.6", pid 4610, jiffies 4295140240 (age 20.135s)hex dump...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net/sched: act_skbmod: Skip non-Ethernet packets Currently tcf_skbmod_act() assumes that packets use Ethernet as their L2protocol, which is not always the case. As an example, for CAN devices: $ ip link add dev vcan0 type vcan $ ip...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: netrom: Decrease sock refcount when sock timers expire Commit 63346650c1a9 ("netrom: switch to sock timer API") switched to usesock timer API. It replaces mod_timer() by sk_reset_timer(), anddel_timer() by sk_stop_timer(). Function...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: sched: fix memory leak in tcindex_partial_destroy_work Syzbot reported memory leak in tcindex_set_parms(). The problem was innon-freed perfect hash in tcindex_partial_destroy_work(). In tcindex_set_parms() new tcindex_data is ...
7.5CVSS
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak vcpu_put is not called if the user copy fails. This can result in preemptnotifier corruption and crashes, among other issues.
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: fix uninit-value in caif_seqpkt_sendmsg When nr_segs equal to zero in iovec_from_user, the objectmsg->msg_iter.iov is uninit stack memory in caif_seqpkt_sendmsgwhich is defined in ___sys_sendmsg. So we cann't just judgemsg-...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix potential memory leak on unlikely error case If skb_linearize is needed and fails we could leak a msg on the errorhandling. To fix ensure we kfree the msg block before returning error.Found during code review.
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: xdp, net: Fix use-after-free in bpf_xdp_link_release The problem occurs between dev_get_by_index() and dev_xdp_attach_link().At this point, dev_xdp_uninstall() is called. Then xdp link will not bedetached automatically when dev is ...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix tail_call_reachable rejection for interpreter when jit failed During testing of f263a81451c1 ("bpf: Track subprog poke descriptors correctlyand fix use-after-free") under various failure conditions, for example, whenjit_su...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: igb: Fix use-after-free error during reset Cleans the next descriptor to watch (next_to_watch) when cleaning theTX ring. Failure to do so can cause invalid memory accesses. If igb_poll() runswhile the controller is reset this can l...
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: igc: Fix use-after-free error during reset Cleans the next descriptor to watch (next_to_watch) when cleaning theTX ring. Failure to do so can cause invalid memory accesses. If igc_poll() runswhile the controller is being reset this...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: bpf: Track subprog poke descriptors correctly and fix use-after-free Subprograms are calling map_poke_track(), but on program release there is nohook to call map_poke_untrack(). However, on program release, the aux memory(and poke ...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: tcp: fix tcp_init_transfer() to not reset icsk_ca_initialized This commit fixes a bug (found by syzkaller) that could cause spuriousdouble-initializations for congestion control modules, which could causememory leaks or other probl...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: dma-buf/sync_file: Don't leak fences on merge failure Each add_fence() call does a dma_fence_get() on the relevant fence. Inthe error path, we weren't calling dma_fence_put() so all those fencesgot leaked. Also, in the krealloc_arr...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: fddi: fix UAF in fza_probe fp is netdev private data and it cannot beused after free_netdev() call. Using fp after free_netdev()can cause UAF bug. Fix it by moving free_netdev() after error message. TURBOchannel adapter")
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: cifs: prevent NULL deref in cifs_compose_mount_options() The optional @ref parameter might contain an NULL node_name, soprevent dereferencing it in cifs_compose_mount_options(). Addresses-Coverity: 1476408 ("Explicit null dereferen...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: scsi: libfc: Fix array index out of bound exception Fix array index out of bound exception in fc_rport_prli_resp().
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: validate lwtstate->data before returning from skb_tunnel_info() skb_tunnel_info() returns pointer of lwtstate->data as ip_tunnel_infotype without validation. lwtstate->data can have various types such asmpls_iptunnel_...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: ti: fix UAF in tlan_remove_one priv is netdev private data and it cannot beused after free_netdev() call. Using priv after free_netdev()can cause UAF bug. Fix it by moving free_netdev() at the end of thefunction.
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: qcom/emac: fix UAF in emac_remove adpt is netdev private data and it cannot beused after free_netdev() call. Using adpt after free_netdev()can cause UAF bug. Fix it by moving free_netdev() at the end of thefunction.
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: Fix dereference of null pointer flow In the case where chain->flags & NFT_CHAIN_HW_OFFLOAD is false thennft_flow_rule_create is not called and flow is NULL. The subsequenterror handling execution via label ...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: cpufreq: CPPC: Fix potential memleak in cppc_cpufreq_cpu_init It's a classic example of memleak, we allocate something, we fail andnever free the resources. Make sure we free all resources on policy ->init() failures.
8.4CVSS
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: memory: fsl_ifc: fix leak of private memory on probe failure On probe error the driver should free the memory allocated for privatestructure. Fix this by using resource-managed allocation.
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: memory: fsl_ifc: fix leak of IO mapping on probe failure On probe error the driver should unmap the IO memory. Smatch reports: drivers/memory/fsl_ifc.c:298 fsl_ifc_ctrl_probe() warn: 'fsl_ifc_ctrl_dev->gregs' not released on lin...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: nfsd: fix NULL dereference in nfs3svc_encode_getaclres In error cases the dentry may be NULL. Before 20798dfe249a, the encoder also checked dentry andd_really_is_positive(dentry), but that looks like overkill to me--zerostatus shou...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: powerpc/bpf: Fix detecting BPF atomic instructions Commit 91c960b0056672 ("bpf: Rename BPF_XADD and prepare to encode otheratomics in .imm") converted BPF_XADD to BPF_ATOMIC and added a way todistinguish instructions based on the i...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: arch_topology: Avoid use-after-free for scale_freq_data Currently topology_scale_freq_tick() (which gets called fromscheduler_tick()) may end up using a pointer to "structscale_freq_data", which was previously cleared bytopology_cl...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: virtio-blk: Fix memory leak among suspend/resume procedure The vblk->vqs should be freed before we call init_vqs()in virtblk_restore().
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: nfs: fix acl memory leak of posix_acl_create() When looking into another nfs xfstests report, I found acl anddefault_acl in nfs3_proc_create() and nfs3_proc_mknod() errorpaths are possibly leaked. Fix them in advance.
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: watchdog: Fix possible use-after-free by calling del_timer_sync() This driver's remove path calls del_timer(). However, that functiondoes not wait until the timer handler finishes. This means that thetimer handler may still be runn...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix an Oops in pnfs_mark_request_commit() when doing O_DIRECT Fix an Oopsable condition in pnfs_mark_request_commit() when we'reputting a set of writes on the commit list to reschedule them after afailed pNFS attempt.
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: watchdog: sc520_wdt: Fix possible use-after-free in wdt_turnoff() This module's remove path calls del_timer(). However, that functiondoes not wait until the timer handler finishes. This means that thetimer handler may still be runn...
8.8CVSS
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: watchdog: Fix possible use-after-free in wdt_startup() This module's remove path calls del_timer(). However, that functiondoes not wait until the timer handler finishes. This means that thetimer handler may still be running after t...
8.8CVSS
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Fix arm_smmu_device refcount leak in address translation The reference counting issue happens in several exception handling pathsof arm_smmu_iova_to_phys_hard(). When those error scenarios occur, thefunction forgets...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Fix arm_smmu_device refcount leak when arm_smmu_rpm_get fails arm_smmu_rpm_get() invokes pm_runtime_get_sync(), which increases therefcount of the "smmu" even though the return value is less than 0. The reference co...
7.1CVSS
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: scsi: iscsi: Fix conn use after free during resets If we haven't done a unbind target call we can race whereiscsi_conn_teardown wakes up the EH thread and then frees the conn whilethose threads are still accessing the conn ehwait. ...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: scsi: megaraid_sas: Fix resource leak in case of probe failure The driver doesn't clean up all the allocated resources properly whenscsi_add_host(), megasas_start_aen() function fails during the PCI deviceprobe. Clean up all those ...
6.2CVSS
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: tty: serial: 8250: serial_cs: Fix a memory leak in error handling path In the probe function, if the final 'serial_config()' fails, 'info' isleaking. Add a resource handling path to free this memory.
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: usb: common: usb-conn-gpio: fix NULL pointer dereference of charger When power on system with OTG cable, IDDIG's interrupt arises beforethe charger registration, it will cause a NULL pointer dereference,fix the issue by registering...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ALSA: usx2y: Don't call free_pages_exact() with NULL address Unlike some other functions, we can't pass NULL pointer tofree_pages_exact(). Add a proper NULL check for avoiding possibleOops.
6.8AI Score
0.0004EPSS