Linux Kernel Security Vulnerabilities
In the Linux kernel, the following vulnerability has been resolved: hwmon: (w83793) Fix NULL pointer dereference by removing unnecessary structure field If driver read tmp value sufficient for(tmp & 0x08) && (!(tmp & 0x80)) && ((tmp & 0x7) == ((tmp >> 4) & 0x7))from device then Null pointer d...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: hwmon: (w83792d) Fix NULL pointer dereference by removing unnecessary structure field If driver read val value sufficient for(val & 0x08) && (!(val & 0x80)) && ((val & 0x7) == ((val >> 4) & 0x7))from device then Null pointer ...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: hwmon: (w83791d) Fix NULL pointer dereference by removing unnecessary structure field If driver read val value sufficient for(val & 0x08) && (!(val & 0x80)) && ((val & 0x7) == ((val >> 4) & 0x7))from device then Null pointer ...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: cpufreq: schedutil: Use kobject release() method to free sugov_tunables The struct sugov_tunables is protected by the kobject, so we can't freeit directly. Otherwise we would get a call trace like this:ODEBUG: free active (active s...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mac80211: fix use-after-free in CCMP/GCMP RX When PN checking is done in mac80211, for fragmentation we needto copy the PN to the RX struct so we can later use it to do acomparison, since commit bf30ca922a0c ("mac80211: check defra...
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: fix missing sev_decommission in sev_receive_start DECOMMISSION the current SEV context if binding an ASID fails afterRECEIVE_START. Per AMD's SEV API, RECEIVE_START generates a new guestcontext and thus needs to be paired...
5.1CVSS
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix stack-out-of-bounds memory access from ioapic_write_indirect() KASAN reports the following issue: BUG: KASAN: stack-out-of-bounds in kvm_make_vcpus_request_mask+0x174/0x440 [kvm]Read of size 8 at addr ffffc9001364f638...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: RDMA/cma: Ensure rdma_addr_cancel() happens before issuing more requests The FSM can run in a circle allowing rdma_resolve_ip() to be called twiceon the same id_priv. While this cannot happen without going through thework, it viola...
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: RDMA/cma: Fix listener leak in rdma_cma_listen_on_all() failure If cma_listen_on_all() fails it leaves the per-device ID still on thelisten_list but the state is not set to RDMA_CM_ADDR_BOUND. When the cmid is eventually destroyed ...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs Fan speed minimum can be enforced from sysfs. For example, settingcurrent fan speed to 20 is used to enforce fan speed to be at 100%speed, 19 -...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: unlink table before deleting it syzbot reports following UAF:BUG: KASAN: use-after-free in memcmp+0x18f/0x1c0 lib/string.c:955nla_strcmp+0xf2/0x130 lib/nlattr.c:836nft_table_lookup.part.0+0x1a2/0x460 net/netfi...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap Limit max values for vht mcs and nss in ieee80211_parse_tx_radiotaproutine in order to fix the following warning reported by syzbot: WARNING: CPU: 0 PID: 10717 at ...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mac80211-hwsim: fix late beacon hrtimer handling Thomas explained in https://lore.kernel.org/r/87mtoeb4hb.ffs@tglxthat our handling of the hrtimer here is wrong: If the timer fireslate (e.g. due to vCPU scheduling, as reported by D...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: sctp: break out if skb_header_pointer returns NULL in sctp_rcv_ootb We should always check if skb_header_pointer's return is NULL beforeusing it, otherwise it may cause null-ptr-deref, as syzbot reported: KASAN: null-ptr-deref in r...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: RDMA/hfi1: Fix kernel pointer leak Pointers should be printed with %p or %px rather than cast to 'unsignedlong long' and printed with %llx. Change %llx to %p to print the securedpointer.
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup The ixgbe driver currently generates a NULL pointer dereference withsome machine (online cpus < 63). This is due to the fact that themaximum value of num_xdp_queues is nr_cp...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: hns3: do not allow call hns3_nic_net_open repeatedly hns3_nic_net_open() is not allowed to called repeatly, but thereis no checking for this. When doing device reset and setup tcconcurrently, there is a small oppotunity to cal...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ipack: ipoctal: fix stack information leak The tty driver name is used also after registering the driver and mustspecifically not be allocated on the stack to avoid leaking informationto user space (or triggering an oops). Drivers ...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: sched: flower: protect fl_walk() with rcu Patch that refactored fl_walk() to use idr_for_each_entry_continue_ul()also removed rcu protection of individual filters which causes followinguse-after-free when filter is deleted con...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ipack: ipoctal: fix module reference leak A reference to the carrier module was taken on every open but was onlyreleased once when the final reference to the tty struct was dropped. Fix this by taking the module reference and initi...
7.1CVSS
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: HID: betop: fix slab-out-of-bounds Write in betop_probe Syzbot reported slab-out-of-bounds Write bug in hid-betopff driver.The problem is the driver assumes the device must have an input report butsome malicious devices violate thi...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: HID: usbhid: free raw_report buffers in usbhid_stop Free the unsent raw_report buffers when the device is removed. Fixes a memory leak reported by syzbot at:https://syzkaller.appspot.com/bug?id=7b4fa7cb1a7c2d3342a2a8a6c53371c8c418a...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ext4: add error checking to ext4_ext_replay_set_iblocks() If the call to ext4_map_blocks() fails due to an corrupted filesystem, ext4_ext_replay_set_iblocks() can get stuck in an infiniteloop. This could be reproduced by running ge...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Handle SRCU initialization failure during page track init Check the return of init_srcu_struct(), which can fail due to OOM, wheninitializing the page track mechanism. Lack of checking leads to a NULLpointer deref found b...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: serialize hash resizes and cleanups Syzbot was able to trigger the following warning [1] No repro found by syzbot yet but I was able to trigger similar issueby having 2 scripts running in parallel, changing co...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: check return value after calling platform_get_resource() It will cause null-ptr-deref if platform_get_resource() returns NULL,we need check the return value.
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: fix svm_migrate_fini warning Device manager releases device-specific resources when a driverdisconnects from a device, devm_memunmap_pages anddevm_release_mem_region calls in svm_migrate_fini are redundant. It causes be...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: block: don't call rq_qos_ops->done_bio if the bio isn't tracked rq_qos framework is only applied on request based driver, so: rq_qos_done_bio() needn't to be called for bio based driver rq_qos_done_bio() needn't to be called for...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: usb: chipidea: ci_hdrc_imx: Also search for 'phys' phandle When passing 'phys' in the devicetree to describe the USB PHY phandle(which is the recommended way according toDocumentation/devicetree/bindings/usb/ci-hdrc-usb2.txt) thefo...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: riscv: Flush current cpu icache before other cpus On SiFive Unmatched, I recently fell onto the following BUG when booting: [ 0.000000] ftrace: allocating 36610 entries in 144 pages[ 0.000000] Oops - illegal instruction [#1][ 0.000...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: iwlwifi: mvm: Fix possible NULL dereference In __iwl_mvm_remove_time_event() check that 'te_data->vif' is NULLbefore dereferencing it.
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: phy: mdio: fix memory leak Syzbot reported memory leak in MDIO bus interface, the problem was inwrong state logic. MDIOBUS_ALLOCATED indicates 2 states:1. Bus is only allocated2. Bus allocated and __mdiobus_register() fails, butdev...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: libbpf: Fix memory leak in strset Free struct strset itself, not just its internal parts.
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net_sched: fix NULL deref in fifo_set_limit() syzbot reported another NULL deref in fifo_set_limit() [1] I could repro the issue with : unshare -ntc qd add dev lo root handle 1:0 tbf limit 200000 burst 70000 rate 100Mbittc qd repla...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_taprio: properly cancel timer from taprio_destroy() There is a comment in qdisc_create() about us not calling ops->reset()in some cases. err_out4:/** Any broken qdiscs that would require a ops->reset() here?* T...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: fix a potential ttm->sg memory leak Memory is allocated for ttm->sg by kmalloc in kfd_mem_dmamap_userptr,but isn't freed by kfree in kfd_mem_dmaunmap_userptr. Free it!
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: handle the case of pci_channel_io_frozen only in amdgpu_pci_resume In current code, when a PCI error state pci_channel_io_normal is detectd,it will report PCI_ERS_RESULT_CAN_RECOVER status to PCI driver, and PCIdriver w...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/kms/nv50-: fix file release memory leak When using single_open() for opening, single_release() should becalled, otherwise the 'op' allocated in single_open() will be leaked.
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/debugfs: fix file release memory leak When using single_open() for opening, single_release() should becalled, otherwise the 'op' allocated in single_open() will be leaked.
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: i40e: Fix freeing of uninitialized misc IRQ vector When VSI set up failed in i40e_probe() as part of PF switch set updriver was trying to free misc IRQ vectors ini40e_clear_interrupt_scheme and produced a kernel Oops: Trying to fre...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: i2c: acpi: fix resource leak in reconfiguration device addition acpi_i2c_find_adapter_by_handle() calls bus_find_device() which takes areference on the adapter which is never released which will result in areference count leak and ...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: bpf, s390: Fix potential memory leak about jit_data Make sure to free jit_data through kfree() in the error path.
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: scsi: iscsi: Fix iscsi_task use after free Commit d39df158518c ("scsi: iscsi: Have abort handler get ref to conn")added iscsi_get_conn()/iscsi_put_conn() calls during abort handling butthen also changed the handling of the case whe...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: fix program check interrupt emergency stack path Emergency stack path was jumping into a 3: label inside the__GEN_COMMON_BODY macro for the normal path after it had finished,rather than jumping over it. By a small mira...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: Fix unrecoverable MCE calling async handler from NMI The machine check handler is not considered NMI on 64s. The earlyhandler is the true NMI handler, and then it schedules themachine_check_exception handler to run whe...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: x86/entry: Clear X86_FEATURE_SMAP when CONFIG_X86_SMAP=n Commit 3c73b81a9164 ("x86/entry, selftests: Further improve user entry sanity checks") added a warning if AC is set when in the kernel. Commit 662a0221893a3d ("x86/entry: Fix...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix gart.bo pin_count leak gmc_v{9,10}_0_gart_disable() isn't called matched withcorrespoding gart_enbale function in SRIOV case. This willlead to gart.bo pin_count leak on driver unload.
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: lib/generic-radix-tree.c: Don't overflow in peek() When we started spreading new inode numbers throughout most of the 64bit inode space, that triggered some corner case bugs, in particularsome integer overflows related to the radix...
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix abort logic in btrfs_replace_file_extents Error injection testing uncovered a case where we'd end up with acorrupt file system with a missing extent in the middle of a file. Thisoccurs because the if statement to decide ...
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: xhci: Fix command ring pointer corruption while aborting a command The command ring pointer is located at [6:63] bits of the commandring control register (CRCR). All the control bits like command stop,abort are located at [0:3] bit...
6.9AI Score
0.0004EPSS