49 matches found
CVE-2025-21964
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix integer overflow while processing acregmax mount option User-provided mount parameter acregmax of type u32 is intended to have an upper limit, but before it is validated, the value is converted from seconds to jiffies...
CVE-2022-49761
In the Linux kernel, the following vulnerability has been resolved: btrfs: always report error in runonedelayedref Currently we have a btrfsdebug for runonedelayedref failure, but if end users hit such problem, there will be no chance that btrfsdebug is enabled. This can lead to very little usefu...
CVE-2025-21875
In the Linux kernel, the following vulnerability has been resolved: mptcp: always handle address removal under msk socket lock Syzkaller reported a lockdep splat in the PM control path: WARNING: CPU: 0 PID: 6693 at ./include/net/sock.h:1711 sockownedbyme include/net/sock.h:1711 inline WARNING: CP...
CVE-2025-24801
GLPI is a free asset and IT management software package. An authenticated user can upload and force the execution of .php files located on the GLPI server. This vulnerability is fixed in 10.0.18...
CVE-2024-58075
In the Linux kernel, the following vulnerability has been resolved: crypto: tegra - do not transfer req when tegra init fails The tegracmacinit or tegrashainit function may return an error when memory is exhausted. It should not transfer the request when they return an error...
CVE-2025-21736
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix possible int overflows in nilfsfiemap Since nilfsbmaplookupcontig in nilfsfiemap calculates its result by being prepared to go through potentially maxblocks == INTMAX blocks, the value in n may experience an overflow...
CVE-2025-21731
In the Linux kernel, the following vulnerability has been resolved: nbd: don't allow reconnect after disconnect Following process can cause nbdconfig UAF: 1 grab nbdconfig temporarily; 2 nbdgenldisconnect flush all recvwork and release the initial reference: nbdgenldisconnect nbddisconnectandput...
CVE-2022-49493
In the Linux kernel, the following vulnerability has been resolved: ASoC: rt5645: Fix errorenous cleanup order There is a logic error when removing rt5645 device as the function rt5645i2cremove first cancel the &rt5645-jackdetectwork and delete the &rt5645-btnchecktimer latter. However, since the...
CVE-2022-49456
In the Linux kernel, the following vulnerability has been resolved: bonding: fix missed rcu protection When removing the rcureadlock in bondethtoolgettsinfo as discussed 1, I didn't notice it could be called via setsockopt, which doesn't hold rcu lock, as syzbot pointed: stack backtrace: CPU: 0...
CVE-2022-49731
In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: fix NULL pointer deref in atahostallocpinfo In an unlikely and probably wrong? case that the 'ppi' parameter of atahostallocpinfo points to an array starting with a NULL pointer, there's going to be a kernel oop...
CVE-2022-49647
In the Linux kernel, the following vulnerability has been resolved: cgroup: Use separate src/dst nodes when preloading csssets for migration Each cset cssset is pinned by its tasks. When we're moving tasks around across csets for a migration, we need to hold the source and destination csets to...
CVE-2021-47639
In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Zap all roots when unmapping gfn range in TDP MMU Zap both valid and invalid roots when zapping/unmapping a gfn range, as KVM must ensure it holds no references to the freed page after returning from the unmap...
CVE-2021-47654
In the Linux kernel, the following vulnerability has been resolved: samples/landlock: Fix pathlist memory leak Clang static analysis reports this error sandboxer.c:134:8: warning: Potential leak of memory pointed to by 'pathlist' ret = 0; ^ pathlist is allocated in parsepath but never freed...
CVE-2025-21693
In the Linux kernel, the following vulnerability has been resolved: mm: zswap: properly synchronize freeing resources during CPU hotunplug In zswapcompress and zswapdecompress, the per-CPU acompctx of the current CPU at the beginning of the operation is retrieved and used throughout. However, sin...
CVE-2024-56586
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix f2fsbugon when uninstalling filesystem call f2fsevictinode. creating a large files during checkpoint disable until it runs out of space and then delete it, then remount to enable checkpoint again, and then unmount the...
CVE-2024-53177
In the Linux kernel, the following vulnerability has been resolved: smb: prevent use-after-free due to opencacheddir error paths If opencacheddir encounters an error parsing the lease from the server, the error handling may race with receiving a lease break, resulting in opencacheddir freeing the...
CVE-2024-53197
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices A bogus device can provide a bNumConfigurations value that exceeds the initial value used in usbgetconfiguration for allocating dev-config. This can...
CVE-2024-53105
In the Linux kernel, the following vulnerability has been resolved: mm: pagealloc: move mlocked flag clearance into freepagesprepare Syzbot reported a bad page state problem caused by a page being freed using freepage still having a mlocked flag at freepagesprepare stage: BUG: Bad page state in...
CVE-2024-52867
guix-daemon in GNU Guix before 5ab3c4c allows privilege escalation because build outputs are accessible by local users before file metadata concerns e.g., for setuid and setgid programs are properly addressed. The vulnerability can be remediated within the product via certain pull, reconfigure, a...
CVE-2024-50232
In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad7124: fix division by zero in ad7124setchannelodr In the ad7124writeraw function, parameter val can potentially be zero. This may lead to a division by zero when DIVROUNDCLOSEST is called within ad7124setchannelodr. T...