3262 matches found
kernel: cifs: Fix xid leak in cifs_ses_add_channel()
A transaction ID xid leak was found in the CIFS/SMB filesystem. When adding a new channel fails, the allocated xid is not freed, leading to gradual exhaustion of the xid pool...
kernel: nvme-pci: fix mempool alloc size
A flaw was addressed in the Linux kernel’s nvme-pci driver related to how the driver calculated the worst-case number of PRP Physical Region Page lists required for a given I/O request. The implementation previously rounded the allocation to one list instead of correctly converting the maximum si...
kernel: cifs: Fix xid leak in cifs_copy_file_range()
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix xid leak in cifscopyfilerange If the file is used by swap, before return -EOPNOTSUPP, should free the xid, otherwise, the xid will be leaked...
kernel: scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests The following message and call trace was seen with debug kernels: DMA-API: qla2xxx 0000:41:00.0: device driver failed to check map error device address=0x00000002a3ff38d8...
kernel: tcp: fix skb_copy_ubufs() vs BIG TCP
In the Linux kernel, the following vulnerability has been resolved: tcp: fix skbcopyubufs vs BIG TCP David Ahern reported crashes in skbcopyubufs caused by TCP tx zerocopy using hugepages, and skb length bigger than 68 KB. skbcopyubufs assumed it could copy all payload using up to MAXSKBFRAGS...
kernel: drm/amdkfd: fix potential kgd_mem UAFs
A flaw was found in the Linux kernel related to improper synchronization in a filesystem allocation path. Under certain conditions, concurrent operations may access and modify shared kernel data structures without adequate locking. This race condition can result in inconsistent internal state,...
kernel: memcg: fix possible use-after-free in memcg_write_event_control()
In the Linux kernel, the following vulnerability has been resolved: memcg: fix possible use-after-free in memcgwriteeventcontrol memcgwriteeventcontrol accesses the dentry-dname of the specified control fd to route the write call. As a cgroup interface file can't be renamed, it's safe to access...
kernel: wifi: ath9k: verify the expected usb_endpoints are present
In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: verify the expected usbendpoints are present The bug arises when a USB device claims to be an ATH9K but doesn't have the expected endpoints. In this case there was an interrupt endpoint where the driver expected a bu...
kernel: wifi: rtlwifi: Fix global-out-of-bounds bug in _rtl8812ae_phy_set_txpower_limit()
In the Linux kernel, the following vulnerability has been resolved: wifi: rtlwifi: Fix global-out-of-bounds bug in rtl8812aephysettxpowerlimit There is a global-out-of-bounds reported by KASAN: BUG: KASAN: global-out-of-bounds in rtl8812aeeqnbyte.part.0+0x3d/0x84 rtl8821ae Read of size 1 at addr...
kernel: scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param()
In the Linux kernel, the following vulnerability has been resolved: scsi: iscsitcp: Check that sock is valid before iscsisetparam The validity of sock should be checked before assignment to avoid incorrect values. Commit 57569c37f0ad "scsi: iscsi: iscsitcp: Fix null-ptr-deref while calling...
kernel: mt76: mt7921: fix kernel panic by accessing unallocated eeprom.data
In the Linux kernel, the following vulnerability has been resolved: mt76: mt7921: fix kernel panic by accessing unallocated eeprom.data The MT7921 driver no longer uses eeprom.data, but the relevant code has not been removed completely since commit 16d98b548365 "mt76: mt7921: rely on...
kernel: nvmet: avoid potential UAF in nvmet_req_complete()
In the Linux kernel, the following vulnerability has been resolved: nvmet: avoid potential UAF in nvmetreqcomplete An nvme target -queueresponse operation implementation may free the request passed as argument. Such implementation potentially could result in a use after free of the request pointe...
kernel: drm/shmem-helper: Remove another errant put in error path
In the Linux kernel, the following vulnerability has been resolved: drm/shmem-helper: Remove another errant put in error path drmgemshmemmmap doesn't own reference in error code path, resulting in the dma-buf shmem GEM object getting prematurely freed leading to a later use-after-free...
kernel: bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Don't let sockmapclose,destroy,unhash call itself sockmap proto callbacks should never call themselves by design. Protect against bugs like 1 and break out of the recursive loop to avoid a stack overflow in favor of...
kernel: selinux: fix memleak in security_read_state_kernel()
In the Linux kernel, the following vulnerability has been resolved: selinux: fix memleak in securityreadstatekernel In this function, it directly returns the result of securityreadpolicy without freeing the allocated memory in data, cause memory leak issue, so free the memory if securityreadpolic...
kernel: RDMA/rxe: Fix error unwind in rxe_create_qp()
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix error unwind in rxecreateqp In the function rxecreateqp, rxeqpfrominit is called to initialize qp, internally things like the spin locks are not setup until rxeqpinitreq. If an error occures before this point then t...
kernel: cifs: Fix memory leak on the deferred close
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix memory leak on the deferred close xfstests on smb21 report kmemleak as below: unreferenced object 0xffff8881767d6200 size 64: comm "xfsio", pid 1284, jiffies 4294777434 age 20.789s hex dump first 32 bytes: 80 5a d0 11 8...
PT-2025-41115
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.1.0-rc1 Description The Linux kernel contains a flaw related to SRCU Sub Read Copy Update. A commit assumed that CPU 0 is always online, but this is not always the case, particularly when booting a kdump kernel...
PT-2025-53198
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue within the btrfs file system related to incorrect splitting in the btrfs drop extent map range function. This can lead to invalid extent maps being...
USN-6152-1: Linux kernel (GKE) regression
It was discovered that NFS client's access cache implementation in the Linux kernel caused a severe NFS performance degradation in certain conditions. This updated makes the NFS file-access stale cache behavior to be optional...