Linux Kernel Security Vulnerabilities
In the Linux kernel, the following vulnerability has been resolved: misc: alcor_pci: fix null-ptr-deref when there is no PCI bridge There is an issue with the ASPM(optional) capability checking function.A device might be attached to root complex directly, in this case,bus->self(bridge) will be N...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: misc/libmasm/module: Fix two use after free in ibmasm_init_one In ibmasm_init_one, it calls ibmasm_init_remote_input_dev().Inside ibmasm_init_remote_input_dev, mouse_dev and keybd_dev areallocated by input_allocate_device(), and as...
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid racing on fsync_entry_slab by multi filesystem instances As syzbot reported, there is an use-after-free issue during f2fs recovery: Use-after-free write at 0xffff88823bc16040 (in kfence-#10):kmem_cache_destroy+0x...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: smackfs: restrict bytes count in smk_set_cipso() Oops, I failed to update subject line. From 07571157c91b98ce1a4aa70967531e64b78e8346 Mon Sep 17 00:00:00 2001Date: Mon, 12 Apr 2021 22:25:06 +0900Subject: [PATCH] smackfs: restrict b...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix bad pointer dereference when ehandler kthread is invalid Commit 66a834d09293 ("scsi: core: Fix error handling of scsi_host_alloc()")changed the allocation logic to call put_device() to perform host cleanupwith the a...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: fbmem: Do not delete the mode that is still in use The execution of fb_delete_videomode() is not based on the result of theprevious fbcon_mode_deleted(). As a result, the mode is directly deleted,regardless of whether it is still i...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: media: v4l2-core: explicitly clear ioctl input data As seen from a recent syzbot bug report, mistakes in the compat ioctlimplementation can lead to uninitialized kernel stack data getting usedas input for driver ioctl handlers. The...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: jfs: fix GPF in diFree Avoid passing inode withJFS_SBI(inode->i_sb)->ipimap == NULL todiFree()[1]. GFP will appear: struct inode *ipimap = JFS_SBI(ip->i_sb)->ipimap; struct inomap *imap = JFS_IP(ipimap)->i_imap; JFS_...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: KVM: mmio: Fix use-after-free Read in kvm_vm_ioctl_unregister_coalesced_mmio BUG: KASAN: use-after-free in kvm_vm_ioctl_unregister_coalesced_mmio+0x7c/0x1ec arch/arm64/kvm/../../../virt/kvm/coalesced_mmio.c:183Read of size 8 at add...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ext4: fix possible UAF when remounting r/o a mmp-protected file system After commit 618f003199c6 ("ext4: fix memory leak inext4_fill_super"), after the file system is remounted read-only, thereis a race where the kmmpd thread can e...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: dm btree remove: assign new_root only when removal succeeds remove_raw() in dm_btree_remove() may fail due to IO read error(e.g. read the content of origin block fails during shadowing),and the value of shadow_spine::root is uninit...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: media: zr364xx: fix memory leak in zr364xx_start_readpipe syzbot reported memory leak in zr364xx driver.The problem was in non-freed urb in case ofusb_submit_urb() fail. backtrace:[<ffffffff82baedf6>] kmalloc include/linux/sl...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: RDMA/cma: Fix rdma_resolve_route() memory leak Fix a memory leak when "mda_resolve_route() is called more than once onthe same "rdma_cm_id". This is possible if cma_query_handler() triggers theRDMA_CM_EVENT_ROUTE_ERROR flow which p...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: coresight: tmc-etf: Fix global-out-of-bounds in tmc_update_etf_buffer() commit 6f755e85c332 ("coresight: Add helper for inserting synchronizationpackets") removed trailing '\0' from barrier_pkt array and updated thecall sites like ...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: wl1251: Fix possible buffer overflow in wl1251_cmd_scan Function wl1251_cmd_scan calls memcpy without checking the length.Harden by checking the length is within the maximum allowed size.
7.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid HDCP over-read and corruption Instead of reading the desired 5 bytes of the actual target field,the code was reading 8. This could result in a corrupted value if thetrailing 3 bytes were non-zero, so instead ...
9.1CVSS
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mwifiex: bring down link before deleting interface We can deadlock when rmmod'ing the driver or going through firmwarereset, because the cfg80211_unregister_wdev() has to bring down the linkfor us, ... which then grab the same wiph...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: powerpc/mm: Fix lockup on kernel exec fault The powerpc kernel is not prepared to handle exec faults from kernel.Especially, the function is_exec_fault() will return 'false' when anexec fault is taken by kernel, because the check i...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ubifs: Fix races between xattr_{set|get} and listxattr operations UBIFS may occur some problems with concurrent xattr_{set|get} andlistxattr operations, such as assertion failure, memory corruption,stale xattr value[1]. Fix it by i...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: virtio-net: Add validation for used length This adds validation for used length (might comefrom an untrusted device) to avoid data corruptionor loss.
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: udf: Fix NULL pointer dereference in udf_symlink function In function udf_symlink, epos.bh is assigned with the value returnedby udf_tgetblk. The function udf_tgetblk is defined in udf/misc.cand returns the value of sb_getblk funct...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/sched: Avoid data corruptions Wait for all dependencies of a job to complete beforekilling it to avoid data corruptions.
9.1CVSS
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: atm: nicstar: Fix possible use-after-free in nicstar_cleanup() This module's remove path calls del_timer(). However, that functiondoes not wait until the timer handler finishes. This means that thetimer handler may still be running...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mISDN: fix possible use-after-free in HFC_cleanup() This module's remove path calls del_timer(). However, that functiondoes not wait until the timer handler finishes. This means that thetimer handler may still be running after the ...
7.7CVSS
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: atm: iphase: fix possible use-after-free in ia_module_exit() This module's remove path calls del_timer(). However, that functiondoes not wait until the timer handler finishes. This means that thetimer handler may still be running a...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: staging: greybus: uart: fix tty use after free User space can hold a tty open indefinitely and tty drivers must notrelease the underlying structures until the last user is gone. Switch to using the tty-port reference counter to man...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix soft lockup during fsstress Below traces are observed during fsstress and system got hung.[ 130.698396] watchdog: BUG: soft lockup - CPU#6 stuck for 26s!
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: binder: make sure fd closes complete During BC_FREE_BUFFER processing, the BINDER_TYPE_FDA objectcleanup may close 1 or more fds. The close operations arecompleted using the task work mechanism -- which means the threadneeds to ret...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mcb: fix error handling in mcb_alloc_bus() There are two bugs: If ida_simple_get() fails then this code calls put_device(carrier)but we haven't yet called get_device(carrier) and probably thatleads to a use after free. After device...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Update intermediate power state for SI Update the current state as boot state during dpm initialization.During the subsequent initialization, set_power_state gets called totransition to the final power state. set_power_...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: nexthop: Fix division by zero while replacing a resilient group The resilient nexthop group torture tests in fib_nexthop.sh exposed apossible division by zero while replacing a resilient group [1]. Thedivision by zero occurs when t...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: comedi: Fix memory leak in compat_insnlist() compat_insnlist() handles the 32-bit version of the COMEDI_INSNLISTioctl (whenwhen CONFIG_COMPAT is enabled). It allocates memory totemporarily hold an array of struct comedi_insn conver...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: afs: Fix page leak There's a loop in afs_extend_writeback() that adds extra pages to a writewe want to make to improve the efficiency of the writeback by making itlarger. This loop stops, however, if we hit a page we can't write ba...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS server AFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, andLinux's afs client switches between them when talking to a non-YFS serverif the read size,...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: virtio-net: fix pages leaking when building skb in big mode We try to use build_skb() if we had sufficient tailroom. But we forgetto release the unused pages chained via private in big mode which willleak pages. Fixing this by rele...
5.5CVSS
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: enetc: Fix illegal access when reading affinity_hint irq_set_affinity_hit() stores a reference to the cpumask_tparameter in the irq descriptor, and that reference can beaccessed later from irq_affinity_hint_proc_show(). Sincethe cp...
8.1CVSS
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: s390/qeth: fix NULL deref in qeth_clear_working_pool_list() When qeth_set_online() calls qeth_clear_working_pool_list() to rollback after an error exit from qeth_hardsetup_card(), we are at risk ofaccessing card->qdio.in_q befor...
5.5CVSS
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure tx skbs always have the MPTCP ext Due to signed/unsigned comparison, the expression: info->size_goal - skb->len > 0 evaluates to true when the size goal is smaller than theskb size. That results in lack of tx...
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: nexthop: Fix memory leaks in nexthop notification chain listeners syzkaller discovered memory leaks [1] that can be reduced to thefollowing commands: ip nexthop add id 1 blackhole devlink dev reload pci/0000:06:00.0 As part of the ...
7.1CVSS
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: macb: fix use after free on rmmod plat_dev->dev->platform_data is released by platform_device_unregister(),use of pclk and hclk is a use-after-free. Since device unregister won'tneed a clk device we adjust the function c...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Fix potential VPE leak on error In its_vpe_irq_domain_alloc, when its_vpe_init() returns an error,there is an off-by-one in the number of VPEs to be freed. Fix it by simply passing the number of VPEs allocated, ...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: dma-debug: prevent an error message from causing runtime problems For some drivers, that use the DMA API. This error message can be reachedseveral millions of times per second, causing spam to the kernel's printkbuffer and bringing...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: blktrace: Fix uaf in blk_trace access after removing by sysfs There is an use-after-free problem triggered by following process: P1(sda) P2(sdb) echo 0 > /sys/block/sdb/trace/enable blk_trace_remove_queue synchronize_rcu blk_tra...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: bpf: Add oversize check before call kvcalloc() Commit 7661809d493b ("mm: don't allow oversized kvmalloc() calls") add theoversize check. When the allocation is larger than what kmalloc() supports,the following warning triggered: WA...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: nvme-rdma: destroy cm id before destroy qp to avoid use after free We should always destroy cm_id before destroy qp to avoid to get cmaevent after qp was destroyed, which may lead to use after free.In RDMA connection establishment ...
9.8CVSS
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix UAF by grabbing blkcg lock before destroying blkg pd KASAN reports a use-after-free report when doing fuzz test: [693354.104835] ==================================================================[693354.105094] BUG:...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: HID: amd_sfh: Fix potential NULL pointer dereference devm_add_action_or_reset() can suddenly invoke amd_mp2_pci_remove() atregistration that will cause NULL pointer dereference sincecorresponding data is not initialized yet. The pa...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Fix DSP oops stack dump output contents Fix @buf arg given to hex_dump_to_buffer() and stack address usedin dump error output.
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: s390/qeth: fix deadlock during failing recovery Commit 0b9902c1fcc5 ("s390/qeth: fix deadlock during recovery") removedtaking discipline_mutex inside qeth_do_reset(), fixing potentialdeadlocks. An error path was missed though, that...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: tty: Fix out-of-bound vmalloc access in imageblit This issue happens when a userspace program does an ioctlFBIOPUT_VSCREENINFO passing the fb_var_screeninfo structcontaining only the fields xres, yres, and bits_per_pixelwith values...
6.6AI Score
0.0004EPSS