375 matches found
UBUNTU-CVE-2021-47616
In the Linux kernel, the following vulnerability has been resolved: RDMA: Fix use-after-free in rxequeuecleanup On error handling path in rxeqpfrominit qp-sq.queue is freed and then rxecreateqp will drop last reference to this object. qp clean up function will try to free this queue one time and ...
UBUNTU-CVE-2021-47612
In the Linux kernel, the following vulnerability has been resolved: nfc: fix segfault in nfcgenldumpdevicesdone When kmalloc in nfcgenldumpdevices fails then nfcgenldumpdevicesdone segfaults as below KASAN: null-ptr-deref in range 0x0000000000000008-0x000000000000000f CPU: 0 PID: 25 Comm:...
UBUNTU-CVE-2024-38540
In the Linux kernel, the following vulnerability has been resolved: bnxtre: avoid shift undefined behavior in bnxtqpliballocinithwq Undefined behavior is triggered when bnxtqpliballocinithwq is called with hwqattr-auxdepth != 0 and hwqattr-auxstride == 0. In that case,...
UBUNTU-CVE-2024-38615
In the Linux kernel, the following vulnerability has been resolved: cpufreq: exit callback is optional The exit callback is optional and shouldn't be called without checking a valid pointer first. Also, we must clear freqtable pointer even if the exit callback isn't present...
UBUNTU-CVE-2021-47510
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix re-dirty process of tree-log nodes There is a report of a transaction abort of -EAGAIN with the following script. !/bin/sh for d in sda sdb; do mkfs.btrfs -d single -m single -f /dev/$d done mount /dev/sda /mnt/test...
UBUNTU-CVE-2021-47521
In the Linux kernel, the following vulnerability has been resolved: can: sja1000: fix use after free in emspcmciaaddcard If the last channel is not available then "dev" is freed. Fortunately, we can just use "pdev-irq" instead. Also we should check if at least one channel was set up...
UBUNTU-CVE-2021-47512
In the Linux kernel, the following vulnerability has been resolved: net/sched: fqpie: prevent dismantle issue For some reason, fqpiedestroy did not copy working code from piedestroy and other qdiscs, thus causing elusive bug. Before calling deltimersync&q-adapttimer, we need to ensure timer will...
UBUNTU-CVE-2023-52840
In the Linux kernel, the following vulnerability has been resolved: Input: synaptics-rmi4 - fix use after free in rmiunregisterfunction The putdevice calls rmireleasefunction which frees "fn" so the dereference on the next line "fn-numofirqs" is a use after free. Move the putdevice to the end to...
UBUNTU-CVE-2023-52768
In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: use vmmtable as array in wilc struct Enabling KASAN and running some iperf tests raises some memory issues with vmmtable: BUG: KASAN: slab-out-of-bounds in wilcwlanhandletxq+0x6ac/0xdb4 Write of size 4 at addr...
UBUNTU-CVE-2023-52789
In the Linux kernel, the following vulnerability has been resolved: tty: vcc: Add check for kstrdup in vccprobe Add check for the return value of kstrdup and return the error, if it fails in order to avoid NULL pointer dereference...
UBUNTU-CVE-2021-47409
In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: check return value after calling platformgetresource It will cause null-ptr-deref if platformgetresource returns NULL, we need check the return value...
UBUNTU-CVE-2021-47271
In the Linux kernel, the following vulnerability has been resolved: usb: cdnsp: Fix deadlock issue in cdnspthreadirqhandler Patch fixes the following critical issue caused by deadlock which has been detected during testing NCM class: smp: csd: Detected non-responsive CSD lock 1 on CPU0 smp: csd:...
UBUNTU-CVE-2021-47330
In the Linux kernel, the following vulnerability has been resolved: tty: serial: 8250: serialcs: Fix a memory leak in error handling path In the probe function, if the final 'serialconfig' fails, 'info' is leaking. Add a resource handling path to free this memory...
UBUNTU-CVE-2024-35894
In the Linux kernel, the following vulnerability has been resolved: mptcp: prevent BPF accessing lowat from a subflow socket. Alexei reported the following splat: WARNING: CPU: 32 PID: 3276 at net/mptcp/subflow.c:1430 subflowdataready+0x147/0x1c0 Modules linked in: dummy bpftestmodO last unloaded...
UBUNTU-CVE-2024-35856
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: mediatek: Fix double free of skb in coredump hcidevcdappend would free the skb on error so the caller don't have to free it again otherwise it would cause the double free of skb. Reported-by : Dan Carpenter...
UBUNTU-CVE-2024-27412
In the Linux kernel, the following vulnerability has been resolved: power: supply: bq27xxx-i2c: Do not free non existing IRQ The bq27xxx i2c-client may not have an IRQ, in which case client-irq will be 0. bq27xxxbatteryi2cprobe already has an if client-irq check wrapping the requestthreadedirq. B...
UBUNTU-CVE-2022-48633
In the Linux kernel, the following vulnerability has been resolved: drm/gma500: Fix WARNONlock-magic != lock error psbgemunpin calls dmaresvlock but the underlying wwmutex gets destroyed by drmgemobjectrelease move the drmgemobjectrelease call in psbgemfreeobject to after the unpin to fix the bel...
UBUNTU-CVE-2024-26907
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix fortify source warning while accessing Eth segment ------------ cut here ------------ memcpy: detected field-spanning write size 56 of single field "eseg-inlinehdr.start" at...
UBUNTU-CVE-2024-26726
In the Linux kernel, the following vulnerability has been resolved: btrfs: don't drop extentmap for free space inode on write error While running the CI for an unrelated change I hit the following panic with generic/648 on btrfsholesspacecache. assertion failed: blockstart != EXTENTMAPHOLE, in...
UBUNTU-CVE-2021-47142
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix a use-after-free looks like we forget to set ttm-sg to NULL. Hit panic below 1235.844104 general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b7b4b: 0000 1 SMP DEBUGPAGEALLOC NOPTI 1235.989074...