12977 matches found
EUVD-2022-54723
In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Add vblank register/unregister callback functions We encountered a kernel panic issue that callback data will be NULL when it's using in ovl irq handler. There is a timing issue between mtkdispovlirqhandler and...
EUVD-2022-54824
In the Linux kernel, the following vulnerability has been resolved: staging: r8188eu: prevent -Ssid overflow in rtwwxsetscan This code has a check to prevent read overflow but it needs another check to prevent writing beyond the end of the -Ssid array...
EUVD-2022-54830
In the Linux kernel, the following vulnerability has been resolved: tty: goldfish: Use ttyportdestroy to destroy port In goldfishttyprobe, the port initialized through ttyportinit should be destroyed in error paths.In goldfishttyremove, qtty-port also should be destroyed or else might leak...
EUVD-2022-54726
In the Linux kernel, the following vulnerability has been resolved: ath9khtc: fix potential out of bounds access with invalid rxstatus-rskeyix The "rxstatus-rskeyix" eventually gets passed to testbit so we need to ensure that it is within the bitmap. drivers/net/wireless/ath/ath9k/common.c:46...
EUVD-2022-54702
In the Linux kernel, the following vulnerability has been resolved: media: i2c: dw9714: Disable the regulator when the driver fails to probe When the driver fails to probe, we will get the following splat: 59.305988 ------------ cut here ------------ 59.306417 WARNING: CPU: 2 PID: 395 at...
EUVD-2022-54716
In the Linux kernel, the following vulnerability has been resolved: cpufreq: governor: Use kobject release method to free dbsdata The struct dbsdata embeds a struct govattrset and the struct govattrset embeds a kobject. Since every kobject must have a release method and we can't use kfree to free...
EUVD-2022-54725
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Inhibit aborts if external loopback plug is inserted After running a short external loopback test, when the external loopback is removed and a normal cable inserted that is directly connected to a target device, the...
EUVD-2022-54704
In the Linux kernel, the following vulnerability has been resolved: md/bitmap: don't set sb values if can't pass sanity check If bitmap area contains invalid data, kernel will crash then mdadm triggers "Segmentation fault". This is cluster-md speical bug. In non-clustered env, mdadm will handle...
EUVD-2022-54866
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on block address in f2fsdozerorange As Yanming reported in bugzilla: https://bugzilla.kernel.org/showbug.cgi?id=215894 I have encountered a bug in F2FS file system in kernel v5.17. I have uploaded the...
EUVD-2022-54887
In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Clear prog-jitedlen along prog-jited syzbot reported an illegal copytouser attempt from bpfproggetinfobyfd 1 There was no repro yet on this bug, but I think that commit 0aef499f3172 "mm/usercopy: Detect vmalloc...
EUVD-2022-54888
In the Linux kernel, the following vulnerability has been resolved: ipgre: test csumstart instead of transport header GRE with TUNNELCSUM will apply local checksum offload on CHECKSUMPARTIAL packets. ipgrexmit must validate csumstart after an optional skbpull, else lcocsum may trigger an overflow...
EUVD-2022-54890
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: CT: Fix cleanup of CT before cleanup of TC ct rules CT cleanup assumes that all tc rules were deleted first, and so is free to delete the CT shared resources e.g the draction fwdaction which is shared for all tuples. B...
EUVD-2022-54872
In the Linux kernel, the following vulnerability has been resolved: efi: Do not import certificates from UEFI Secure Boot for T2 Macs On Apple T2 Macs, when Linux attempts to read the db and dbx efi variables at early boot to load UEFI Secure Boot certificates, a page fault occurs in Apple firmwa...
EUVD-2022-54849
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid f2fsbugon in decvalidnodecount As Yanming reported in bugzilla: https://bugzilla.kernel.org/showbug.cgi?id=215897 I have encountered a bug in F2FS file system in kernel v5.17. The kernel should enable...
EUVD-2022-54885
In the Linux kernel, the following vulnerability has been resolved: ext4: avoid cycles in directory h-tree A maliciously corrupted filesystem can contain cycles in the h-tree stored inside a directory. That can easily lead to the kernel corrupting tree nodes that were already verified under its...
EUVD-2022-54892
In the Linux kernel, the following vulnerability has been resolved: drm/etnaviv: check for reaped mapping in etnaviviommuunmapgem When the mapping is already reaped the unmap must be a no-op, as we would otherwise try to remove the mapping twice, corrupting the involved data structures...
EUVD-2022-54873
In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Trap RDMA segment overflows Prevent svcrdmabuildwrites from walking off the end of a Write chunk's segment array. Caught with KASAN. The test that this fix replaces is invalid, and might have been left over from an earlie...
EUVD-2022-54857
In the Linux kernel, the following vulnerability has been resolved: tcp: tcprtxsynack can be called from process context Laurent reported the enclosed report 1 This bug triggers with following coditions: 0 Kernel built with CONFIGDEBUGPREEMPT=y 1 A new passive FastOpen TCP socket is created. This...
EUVD-2022-54880
In the Linux kernel, the following vulnerability has been resolved: ext4: filter out EXT4FCREPLAY from on-disk superblock field sstate The EXT4FCREPLAY bit in sbi-smountstate is used to indicate that we are in the middle of replay the fast commit journal. This was actually a mistake, since the...
EUVD-2022-54895
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: E-Switch, pair only capable devices OFFLOADS paring using devcom is possible only on devices that support LAG. Filter based on lag capabilities. This fixes an issue where mlx5getnextphysdev was called without holding th...