6095 matches found
CVE-2021-46991
In the Linux kernel, the following vulnerability has been resolved: i40e: Fix use-after-free in i40eclientsubtask Currently the call to i40eclientdelinstance frees the object pf-cinst, however pf-cinst-laninfo is being accessed after the free. Fix this by adding the missing return...
CVE-2021-46993
In the Linux kernel, the following vulnerability has been resolved: sched: Fix out-of-bound access in uclamp Util-clamp places tasks in different buckets based on their clamp values for performance reasons. However, the size of buckets is currently computed using a rounding division, which can le...
CVE-2020-36783
In the Linux kernel, the following vulnerability has been resolved: i2c: img-scb: fix reference leak when pmruntimegetsync fails The PM reference count is not expected to be incremented on return in functions imgi2cxfer and imgi2cinit. However, pmruntimegetsync will increment the PM reference cou...
CVE-2021-47018
In the Linux kernel, the following vulnerability has been resolved: powerpc/64: Fix the definition of the fixmap area At the time being, the fixmap area is defined at the top of the address space or just below KASAN. This definition is not valid for PPC64. For PPC64, use the top of the I/O space...
Null pointer dereference
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix null pointer dereference in lpfcprepelsiocb It is possible to call lpfcissueelsplogi passing a did for which no matching ndlp is found. A call is then made to lpfcprepelsiocb with a null pointer to a lpfcnodelist...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock when cloning inline extents and using qgroups There are a few exceptional cases where cloning an inline extent needs to copy the inline extent data into a page of the destination inode. When this happens, we e...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid touching checkpointed data in getvictim In CP disabling mode, there are two issues when using LFS or SSR | ATSSR mode to select victim: 1. LFS is set to find source section during GC, the victim should have no...
CVE-2021-47026
In the Linux kernel, the following vulnerability has been resolved: RDMA/rtrs-clt: destroy sysfs after removing session from active list A session can be removed dynamically by sysfs interface "removepath" that eventually calls rtrscltremovepathfromsysfs function. The current...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: ethernet:enic: Fix a use after free bug in enichardstartxmit In enichardstartxmit, it calls enicqueuewqskb. Inside enicqueuewqskb, if some error happens, the skb will be freed by devkfreeskbskb. But the freed skb is still used in...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: mt76: mt7915: fix memleak when mt7915unregisterdevice mt7915txtokenput should get call before mt76freependingtxwi...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Use after free in vmbusopen The "openinfo" variable is added to the &vmbusconnection.chnmsglist, but the error handling frees "openinfo" without removing it from the list. This will result in a use after free...
CVE-2021-46999
In the Linux kernel, the following vulnerability has been resolved: sctp: do asoc update earlier in sctpsfdodupcooka There's a panic that occurs in a few of envs, the call trace is as below: general protection fault, ... 0x29acd70f1000a: 0000 1 SMP PTI RIP:...
CVE-2021-46998
In the Linux kernel, the following vulnerability has been resolved: ethernet:enic: Fix a use after free bug in enichardstartxmit In enichardstartxmit, it calls enicqueuewqskb. Inside enicqueuewqskb, if some error happens, the skb will be freed by devkfreeskbskb. But the freed skb is still used in...
CVE-2021-47005
In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Fix NULL pointer dereference for -getfeatures getfeatures ops of pciepcops may return NULL, causing NULL pointer dereference in pciepftestallocspace function. Let us add a check for pciepcfeature pointer in...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix a use after free in siwallocmr Our code analyzer reported a UAF. In siwallocmr, it calls siwmraddmemmr,... In the implementation of siwmraddmem, mem is assigned to mr-mem and then mem is freed via kfreemem if...
CVE-2021-47037
In the Linux kernel, the following vulnerability has been resolved: ASoC: q6afe-clocks: fix reprobing of the driver Q6afe-clocks driver can get reprobed. For example if the APR services are restarted after the firmware crash. However currently Q6afe-clocks driver will oops because hw.init will ge...
CVE-2021-46986
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Free gadget structure only after freeing endpoints As part of commit e81a7018d93a "usb: dwc3: allocate gadget structure dynamically" the dwc3gadgetrelease was added which will free the dwc-gadget structure upon...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: mt76: connac: fix kernel warning adding monitor interface Fix the following kernel warning adding a monitor interface in mt76connacmcuuniadddev routine. 507.984882 ------------ cut here ------------ 507.989515 WARNING: CPU: 1 PID...
Design/Logic Flaw
In the Linux kernel, the following vulnerability has been resolved: iouring: fix overflows checks in provide buffers Colin reported before possible overflow and sign extension problems in ioprovidebuffersprep. As Linus pointed out previous attempt did nothing useful, see d81269fecb8ce "iouring: f...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: mt76: mt7615: fix memleak when mt7615unregisterdevice mt7615txtokenput should get call before mt76freependingtxwi...