Linux Kernel Security Vulnerabilities
In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Fix a memleak bug in rvu_mbox_init() In rvu_mbox_init(), mbox_regions is not freed or passed outunder the switch-default region, which could lead to a memory leak. Fix this bug by changing 'return err' to 'goto free_r...
5.5CVSS
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer() Need to call rxrpc_put_local() for peer candidate before kfree() as itholds a ref to rxrpc_local. [DH: v2: Changed to abstract the peer freeing code out into a function]
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix rxrpc_peer leak in rxrpc_look_up_bundle() Need to call rxrpc_put_peer() for bundle candidate before kfree() as itholds a ref to rxrpc_peer. [DH: v2: Changed to abstract out the bundle freeing code into a function]
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mt76: mt7915: fix NULL pointer dereference in mt7915_get_phy_mode Fix the following NULL pointer dereference in mt7915_get_phy_moderoutine adding an ibss interface to the mt7915 driver. [ 101.137097] wlan0: Trigger new scan to find...
5.5CVSS
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources() In mlx4_en_try_alloc_resources(), mlx4_en_copy_priv() is called andtmp->tx_cq will be freed on the error path of mlx4_en_copy_priv().After that mlx4_en_allo...
7.8CVSS
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() In qlcnic_83xx_add_rings(), the indirect function ofahw->hw_ops->alloc_mbx_args will be called to allocate memory forcmd.req.arg, and there is a d...
5.5CVSS
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: tcp: fix page frag corruption on page fault Steffen reported a TCP stream corruption for HTTP requestsserved by the apache web-server using a cifs mount-pointand memory mapping the relevant file. The root cause is quite similar to ...
7.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ipv6: fix memory leak in fib6_rule_suppress The kernel leaks memory when a fib rule is present in IPv6 nftablesfirewall rules and a suppress_prefix rule is present in the IPv6 routingrules (used by certain tools such as wg-quick). ...
5.5CVSS
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: tulip: de4x5: fix the problem that the array 'lp->phy[8]' may be out of bound In line 5001, if all id in the array 'lp->phy[8]' is not 0, when the'for' end, the 'k' is 8. At this time, the array 'lp->phy[8]' may be ou...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() The if statement:if (port >= DSAF_GE_NUM)return; limits the value of port less than DSAF_GE_NUM (i.e., 8).However, if the value...
9.8CVSS
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl When the rmmod sata_fsl.ko command is executed in the PPC64 GNU/Linux,a bug is reported: BUG: Unable to handle kernel data access on read at 0x80000800805b502cOops: Kernel...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amd/amdgpu: fix potential memleak In function amdgpu_get_xgmi_hive, when kobject_init_and_add failedThere is a potential memleak if not call kobject_put.
5.5CVSS
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amd/amdkfd: Fix kernel panic when reset failed and been triggered again In SRIOV configuration, the reset may failed to bring asic back to normal but stop cpschalready been called, the start_cpsch will not be called since there...
6.5CVSS
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: blk-mq: cancel blk-mq dispatch work in both blk_cleanup_queue and disk_release() For avoiding to slow down queue destroy, we don't callblk_mq_quiesce_queue() in blk_cleanup_queue(), instead of delaying tocancel dispatch work in blk...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: sched/scs: Reset task stack state in bringup_cpu() To hot unplug a CPU, the idle task on that CPU calls a few layers of Ccode before finally leaving the kernel. When KASAN is in use, poisonedshadow is left around for each of the ac...
7.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: vdpa_sim: avoid putting an uninitialized iova_domain The system will crash if we put an uninitialized iova_domain, thiscould happen when an error occurs before initializing the iova_domainin vdpasim_create(). BUG: kernel NULL point...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: vlan: fix underflow for the real_dev refcnt Inject error before dev_hold(real_dev) in register_vlan_dev(),and execute the following testcase: ip link add dev dummy1 type dummyip link add name dummy1.100 link dummy1 type vlan i...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ethtool: ioctl: fix potential NULL deref in ethtool_set_coalesce() ethtool_set_coalesce() now uses both the .get_coalesce() and.set_coalesce() callbacks. But the check for their availability isbuggy, so changing the coalesce settin...
5.5CVSS
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_ets: don't peek at classes beyond 'nbands' when the number of DRR classes decreases, the round-robin active list cancontain elements that have already been freed in ets_qdisc_change(). As aconsequence, it's possible ...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: stmmac: Disable Tx queues when reconfiguring the interface The Tx queues were not disabled in situations where the driver needed tostop the interface to apply a new configuration. This could result in akernel panic when doing ...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net/smc: Fix NULL pointer dereferencing in smc_vlan_by_tcpsk() Coverity reports a possible NULL dereferencing problem: in smc_vlan_by_tcpsk():6. returned_null: netdev_lower_get_next returns NULL (checked 29 out of 30 times).7. var_...
5.5CVSS
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum: Protect driver from buggy firmware When processing port up/down events generated by the device's firmware,the driver protects itself from events reported for non-existent localports, but not the CPU port (local por...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: i2c: virtio: disable timeout handling If a timeout is hit, it can result is incorrect data on the I2C busand/or memory corruptions in the guest since the device can still beoperating on the buffers it was given while the guest has ...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ice: fix vsi->txq_map sizing The approach of having XDP queue per CPU regardless of user's settingexposed a hidden bug that could occur in case when Rx queue count differfrom Tx queue count. Currently vsi->txq_map's size is e...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ice: avoid bpf_prog refcount underflow Ice driver has the routines for managing XDP resources that are sharedbetween ndo_bpf op and VSI rebuild flow. The latter takes place forexample when user changes queue count on an interface v...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: marvell: prestera: fix double free issue on err path fix error path handling in prestera_bridge_port_join() thatcases prestera driver to crash (see below). Trace:Internal error: Oops: 96000044 [#1] SMPModules linked in: preste...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix kernel panic during drive powercycle test While looping over shost's sdev list it is possible that oneof the drives is getting removed and its sas_target object isfreed but its sdev object remains intact. Consequ...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: proc/vmcore: fix clearing user buffer by properly using clear_user() To clear a user buffer we cannot simply use memset, we have to useclear_user(). With a virtio-mem device that registers a vmcore_cb andhas some logically unplugge...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: powerpc/32: Fix hardlockup on vmap stack overflow Since the commit c118c7303ad5 ("powerpc/32: Fix vmap stack - Do notactivate MMU before reading task struct") a vmap stack overflowresults in a hard lockup. This is because emergency...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix memleak in get_file_stream_info() Fix memleak in get_file_stream_info()
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: io_uring: fail cancellation for EXITING tasks WARNING: CPU: 1 PID: 20 at fs/io_uring.c:6269 io_try_cancel_userdata+0x3c5/0x640 fs/io_uring.c:6269CPU: 1 PID: 20 Comm: kworker/1:0 Not tainted 5.16.0-rc1-syzkaller #0Workqueue: events ...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: staging: r8188eu: fix a memory leak in rtw_wx_read32() Free "ptmp" before returning -EINVAL.
5.5CVSS
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() The free_rtllib() function frees the "dev" pointer so there is useafter free on the next line. Re-arrange things to avoid that.
7.8CVSS
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: nexthop: fix null pointer dereference when IPv6 is not enabled When we try to add an IPv6 nexthop and IPv6 is not enabled(!CONFIG_IPV6) we'll hit a NULL pointer dereference[1] in the error pathof nh_create_ipv6() due to callin...
5.5CVSS
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() In resp_mode_select() sanity check the block descriptor len to avoid UAF. BUG: KASAN: use-after-free in resp_mode_select+0xa4c/0xb40 drivers/scsi/scsi_deb...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: io-wq: check for wq exit after adding new worker task_work We check IO_WQ_BIT_EXIT before attempting to create a new worker, andwq exit cancels pending work if we have any. But it's possible to havea race between the two, where cre...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_debug: Don't call kcalloc() if size arg is zero If the size arg to kcalloc() is zero, it returns ZERO_SIZE_PTR. Because ofthat, for a following NULL pointer check to work on the returned pointer,kcalloc() must not be cal...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ovl: fix warning in ovl_create_real() Syzbot triggered the following warning in ovl_workdir_create() ->ovl_create_real(): if (!err && WARN_ON(!newdentry->d_inode)) { The reason is that the cgroup2 filesystem returns from mkdi...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_debug: Fix type in min_t to avoid stack OOB Change min_t() to use type "u32" instead of type "int" to avoid stack outof bounds. With min_t() type "int" the values get sign extended and thelarger value gets used causing s...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: USB: core: Make do_proc_control() and do_proc_bulk() killable The USBDEVFS_CONTROL and USBDEVFS_BULK ioctls invokeusb_start_wait_urb(), which contains an uninterruptible wait with auser-specified timeout value. If timeout value is ...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: media: mxl111sf: change mutex_init() location Syzbot reported, that mxl111sf_ctrl_msg() uses uninitializedmutex. The problem was in wrong mutex_init() location. Previous mutex_init(&state->msg_lock) call was in ->init() funct...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: iocost: Fix divide-by-zero on donation from low hweight cgroup The donation calculation logic assumes that the donor has non-zeroafter-donation hweight, so the lowest active hweight a donating cgroup canhave is 2 so that it can don...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix memory leak in __add_inode_ref() Line 1169 (#3) allocates a memory chunk for victim_name by kmalloc(),but when the function returns in line 1184 (#4) victim_name allocatedby line 1169 (#3) is not freed, which will lead t...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: stmmac: dwmac-rk: fix oob read in rk_gmac_setup KASAN reports an out-of-bounds read in rk_gmac_setup on the line: while (ops->regs[i]) { This happens for most platforms since the regs flexible array member isempty, so the m...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: systemport: Add global locking for descriptor lifecycle The descriptor list is a shared resource across all of the transmit queues, andthe locking mechanism used today only protects concurrency across a giventransmit queue bet...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: sit: do not call ipip6_dev_free() from sit_init_net() ipip6_dev_free is sit dev->priv_destructor, already calledby register_netdevice() if something goes wrong. Alternative would be to make ipip6_dev_free() robust againstmultipl...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: igbvf: fix double free in igbvf_probe In igbvf_probe, if register_netdev() fails, the program will go tolabel err_hw_init, and then to label err_ioremap. In free_netdev() whichis just below label err_ioremap, there is list_for_each...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix deadlock in __mptcp_push_pending() __mptcp_push_pending() may call mptcp_flush_join_list() with subflowsocket lock held. If such call hits mptcp_sockopt_sync_all() thensubsequently __mptcp_sockopt_sync() could try to loc...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mptcp: remove tcp ulp setsockopt support TCP_ULP setsockopt cannot be used for mptcp because its alreadyused internally to plumb subflow (tcp) sockets to the mptcp layer. syzbot managed to trigger a crash for mptcp connections that...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix tc flower deletion for VLAN priority Rx steering To replicate the issue:- Add 1 flower filter for VLAN Priority based frame steering:-$ IFDEVNAME=eth0$ tc qdisc add dev $IFDEVNAME ingress$ tc qdisc add dev $IFDEVNA...
6.2AI Score
0.0004EPSS