6095 matches found
CVE-2021-46938 dm rq: fix double free of blk_mq_tag_set in dev remove after table load fails
In the Linux kernel, the following vulnerability has been resolved: dm rq: fix double free of blkmqtagset in dev remove after table load fails When loading a device-mapper table for a request-based mapped device, and the allocation/initialization of the blkmqtagset for the device fails, a followi...
CVE-2020-36776 thermal/drivers/cpufreq_cooling: Fix slab OOB issue
In the Linux kernel, the following vulnerability has been resolved: thermal/drivers/cpufreqcooling: Fix slab OOB issue Slab OOB issue is scanned by KASAN in cpupowertofreq. If power is limited below the power of OPP0 in EM table, it will cause slab out-of-bound issue with negative array index...
CVE-2020-36776 thermal/drivers/cpufreq_cooling: Fix slab OOB issue
In the Linux kernel, the following vulnerability has been resolved: thermal/drivers/cpufreqcooling: Fix slab OOB issue Slab OOB issue is scanned by KASAN in cpupowertofreq. If power is limited below the power of OPP0 in EM table, it will cause slab out-of-bound issue with negative array index...
CVE-2021-46925
A flaw was found in the Linux kernel affecting the net/smc Synchronous Message Channel subsystem. This vulnerability is caused by a race condition between the smccdctxhandler and smcrelease functions and can cause kernel panics. Mitigation There are no known mitigations to the problem and Red Hat...
CVE-2021-46931
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Wrap the tx reporter dump callback to extract the sq Function mlx5etxreporterdumpsq casts its void argument to struct mlx5etxqsq , but in TX-timeout-recovery flow the argument is actually of type struct mlx5etxtimeoutc...
CVE-2021-46933
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ffs: Clear ffseventfd in ffsdataclear. ffsdataclear is indirectly called from both ffsfskillsb and ffsep0release, so it ends up being called twice when userland closes ep0 and then unmounts ffs. If userland provided ...
CVE-2021-46930
In the Linux kernel, the following vulnerability has been resolved: usb: mtu3: fix listhead check warning This is caused by uninitialization of listhead. BUG: KASAN: use-after-free in listdelentryvalid+0x34/0xe4 Call trace: dumpbacktrace+0x0/0x298 showstack+0x24/0x34 dumpstack+0x130/0x1a8...
CVE-2021-46937
In the Linux kernel, the following vulnerability has been resolved: mm/damon/dbgfs: fix 'struct pid' leaks in 'dbgfstargetidswrite' DAMON debugfs interface increases the reference counts of 'struct pid's for targets from the 'targetids' file write callback 'dbgfstargetidswrite', but decreases the...
CVE-2021-46935
In the Linux kernel, the following vulnerability has been resolved: binder: fix asyncfreespace accounting for empty parcels In 4.13, commit 74310e06be4d "android: binder: Move buffer out of area shared with user space" fixed a kernel structure visibility issue. As part of that patch, sizeofvoid w...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: mm/damon/dbgfs: fix 'struct pid' leaks in 'dbgfstargetidswrite' DAMON debugfs interface increases the reference counts of 'struct pid's for targets from the 'targetids' file write callback 'dbgfstargetidswrite', but decreases the...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: fs/mountsetattr: always cleanup mountkattr Make sure that finishmountkattr is called after mountkattr was succesfully built in both the success and failure case to prevent leaking any references we took when we built it. We...
CVE-2021-46931
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Wrap the tx reporter dump callback to extract the sq Function mlx5etxreporterdumpsq casts its void argument to struct mlx5etxqsq , but in TX-timeout-recovery flow the argument is actually of type struct mlx5etxtimeoutc...
CVE-2021-46932 Input: appletouch - initialize work before device registration
In the Linux kernel, the following vulnerability has been resolved: Input: appletouch - initialize work before device registration Syzbot has reported warning in flushwork. This warning is caused by work-func == NULL, which means missing work initialization. This may happen, since inputdev-close...
CVE-2021-46927 nitro_enclaves: Use get_user_pages_unlocked() call to handle mmap assert
In the Linux kernel, the following vulnerability has been resolved: nitroenclaves: Use getuserpagesunlocked call to handle mmap assert After commit 5b78ed24e8ec "mm/pagemap: add mmapassertlocked annotations to findvma", the call to getuserpages will trigger the mmap assert. static inline void...
CVE-2021-46925 net/smc: fix kernel panic caused by race of smc_sock
In the Linux kernel, the following vulnerability has been resolved: net/smc: fix kernel panic caused by race of smcsock A crash occurs when smccdctxhandler tries to access smcsock but smcrelease has already freed it. 4570.695099 BUG: unable to handle page fault for address: 000000002eae9e88...
CVE-2021-46923 fs/mount_setattr: always cleanup mount_kattr
In the Linux kernel, the following vulnerability has been resolved: fs/mountsetattr: always cleanup mountkattr Make sure that finishmountkattr is called after mountkattr was succesfully built in both the success and failure case to prevent leaking any references we took when we built it. We...
CVE-2021-46921
In the Linux kernel, the following vulnerability has been resolved: locking/qrwlock: Fix ordering in queuedwritelockslowpath While this code is executed with the waitlock held, a reader can acquire the lock without holding waitlock. The writer side loops checking the value with the...
CVE-2021-46919
In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix wq size store permission state WQ size can only be changed when the device is disabled. Current code allows change when device is enabled but wq is disabled. Change the check to detect device state...
CVE-2021-46913
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: clone set element expression template memcpy breaks when using connlimit in set elements. Use nftexprclone to initialize the connlimit expression list, otherwise connlimit garbage collector crashes when walki...
CVE-2021-46913
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: clone set element expression template memcpy breaks when using connlimit in set elements. Use nftexprclone to initialize the connlimit expression list, otherwise connlimit garbage collector crashes when walki...