3274 matches found
kernel: net: fix refcount bug in sk_psock_get (2)
In the Linux kernel, the following vulnerability has been resolved: net: fix refcount bug in skpsockget 2 Syzkaller reports refcount bug as follows: ------------ cut here ------------ refcountt: saturated; leaking memory. WARNING: CPU: 1 PID: 3605 at lib/refcount.c:19...
kernel: net/sunrpc: fix potential memory leaks in rpc_sysfs_xprt_state_change()
A flaw was found in the sunrpc module in the Linux kernel. A missing decrement of the reference count when an error occurs can cause a memory leak, and a missing check can cause a NULL pointer dereference, potentially resulting in a denial of service...
kernel: powerpc/64s: Don't use DSISR for SLB faults
In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: Don't use DSISR for SLB faults Since commit 46ddcb3950a2 "powerpc/mm: Show if a bad page fault on data is read or write." we use pagefaultiswriteregs-dsisr in badpagefault to determine if the fault is for a read or...
kernel: scsi: sg: Allow waiting for commands to complete on removed device
In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Allow waiting for commands to complete on removed device When a SCSI device is removed while in active use, currently sg will immediately return -ENODEV on any attempt to wait for active commands that were sent before t...
kernel: tcp: Fix data-races around sysctl_tcp_mtu_probing.
In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctltcpmtuprobing. While reading sysctltcpmtuprobing, it can be changed concurrently. Thus, we need to add READONCE to its readers...
kernel: ipv4: Fix a data-race around sysctl_fib_multipath_use_neigh.
In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix a data-race around sysctlfibmultipathuseneigh. While reading sysctlfibmultipathuseneigh, it can be changed concurrently. Thus, we need to add READONCE to its reader...
kernel: bpf: Fix potential array overflow in bpf_trampoline_get_progs()
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix potential array overflow in bpftrampolinegetprogs The cnt value in the 'cnt = BPFMAXTRAMPPROGS' check does not include BPFTRAMPMODIFYRETURN bpf programs, so the number of the attached BPFTRAMPMODIFYRETURN bpf programs in...
kernel: perf/x86/intel/uncore: Fix reference count leak in snr_uncore_mmio_map()
In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel/uncore: Fix reference count leak in snruncoremmiomap pcigetdevice will increase the reference count for the returned pcidev, so snruncoregetmcdev will return a pcidev with its reference count increased. We need to...
kernel: blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping()
In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix null pointer dereference in blkmqclearrqmapping Our syzkaller report a null pointer dereference, root cause is following: blkmqallocmapandrqs set-tagshctxidx = blkmqallocmapandrqs blkmqallocmapandrqs blkmqallocrqs //...
kernel: net/sched: sch_taprio: fix possible use-after-free
In the Linux kernel, the following vulnerability has been resolved: net/sched: schtaprio: fix possible use-after-free syzbot reported a nasty crash 1 in nettxaction which made little sense until we got a repro. This repro installs a taprio qdisc, but providing an invalid TCARATE attribute...
kernel: ice: xsk: prohibit usage of non-balanced queue id
In the Linux kernel, the following vulnerability has been resolved: ice: xsk: prohibit usage of non-balanced queue id Fix the following scenario: 1. ethtool -L $IFACE rx 8 tx 96 2. xdpsock -q 10 -t -z Above refers to a case where user would like to attach XSK socket in txonly mode at a queue id...
PT-2025-40694
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the drm/i915 subsystem related to handling requests for GuC virtual engines. Specifically, references to i915 requests could be held indefinitely acro...
PT-2025-49646
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to device mapper dm flakey functionality. A specific command involving dmsetup create flakey with a crafted table can cause a NULL pointer...
SUSE CVE-2019-11479
Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kerne...
PT-2025-37875
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's ext4 filesystem implementation where the i disksize can exceed i size during partial write operations. This condition can trigger a warning and...
PT-2025-54071
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.2.1-1280.native Description The Linux kernel contains a flaw within the block, bfq subsystem. Specifically, a division by zero error can occur when the weighted sum is zero during limit calculations. This issue...
GSD-2022-1008212 kcm: avoid potential race in kcm_tx_work
kcm: avoid potential race in kcmtxwork This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.267 by commit...
PT-2025-49468
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.1.0-rc5-wt-ath-656295-gef907406320c-dirty 6 Description The Linux kernel contains a flaw within the ath11k module related to monitor mode bringup. When an interface is activated in monitor mode, a NULL pointer...
CLSA-2022-1669919330 kernel: Fix of CVE-2021-22543
KVM: do not allow mapping valid but non-reference-counted pages CVE-2021-22543...
Design/Logic Flaw
SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.18 Kernel 5.1: version 05.17.18...