2496 matches found
CVE-2024-56659
In the Linux kernel, the following vulnerability has been resolved: net: lapb: increase LAPBHEADERLEN It is unclear if net/lapb code is supposed to be ready for 8021q. We can at least avoid crashes like the following : skbuff: skbunderpanic: text:ffffffff8aabe1f6 len:24 put:20 head:ffff88802824a4...
CVE-2024-56646
In the Linux kernel, the following vulnerability has been resolved: ipv6: avoid possible NULL deref in modifyprefixroute syzbot found a NULL deref 1 in modifyprefixroute, caused by one fib6info without a fib6table pointer set. This can happen for net-ipv6.fib6nullentry 1 Oops: general protection...
CVE-2024-56629
In the Linux kernel, the following vulnerability has been resolved: HID: wacom: fix when get product name maybe null pointer Due to incorrect dev-product reporting by certain devices, null pointer dereferences occur when dev-product is empty, leading to potential system crashes. This issue was...
CVE-2024-56627
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix Out-of-Bounds Read in ksmbdvfsstreamread An offset from client could be a negative value, It could lead to an out-of-bounds read from the streambuf. Note that this issue is coming when setting 'vfs objects = streamsxat...
CVE-2024-56597
In the Linux kernel, the following vulnerability has been resolved: jfs: fix shift-out-of-bounds in dbSplit When dmtbudmin is less than zero, it causes errors in the later stages. Added a check to return an error beforehand in dbAllocCtl itself...
CVE-2024-56592
In the Linux kernel, the following vulnerability has been resolved: bpf: Call freehtabelem after htabunlockbucket For htab of maps, when the map is removed from the htab, it may hold the last reference of the map. bpfmapfdputptr will invoke bpfmapfreeid to free the id of the removed map element...
CVE-2024-56584
In the Linux kernel, the following vulnerability has been resolved: iouring/tctx: work around xastore allocation error issue syzbot triggered the following WARNON: WARNING: CPU: 0 PID: 16 at iouring/tctx.c:51 iouringfree+0xfa/0x140 iouring/tctx.c:51 which is the WARNONONCE!xaempty&tctx-xa; sanity...
CVE-2024-56577
In the Linux kernel, the following vulnerability has been resolved: media: mtk-jpeg: Fix null-ptr-deref during unload module The workqueue should be destroyed in mtkjpegcore.c since commit 09aea13ecf6f "media: mtk-jpeg: refactor some variables", otherwise the below calltrace can be easily...
CVE-2024-56569
In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix regression with module command in stacktracefilter When executing the following command: echo "write:mod:ext3" /sys/kernel/tracing/stacktracefilter The current mod command causes a null pointer dereference. While comm...
CVE-2024-56563
In the Linux kernel, the following vulnerability has been resolved: ceph: fix cred leak in cephmdscheckaccess getcurrentcred increments the reference counter, but the putcred call was missing...
CVE-2024-56553
In the Linux kernel, the following vulnerability has been resolved: binder: fix memleak of proc-deliveredfreeze If a freeze notification is cleared with BCCLEARFREEZENOTIFICATION before calling binderfreezenotificationdone, then it is detached from its reference e.g. ref-freeze but the work remai...
CVE-2024-56551
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix usage slab after free +0.000021 BUG: KASAN: slab-use-after-free in drmschedentityflush+0x6cb/0x7a0 gpusched +0.000027 Read of size 8 at addr ffff8881b8605f88 by task amdpciunplug/2147 +0.000023 CPU: 6 PID: 2147...
CVE-2024-56539
In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Fix memcpy field-spanning write warning in mwifiexconfigscan Replace one-element array with a flexible-array member in struct mwifiexietypeswildcardssidparams to fix the following warning on a MT8173 Chromebook...
CVE-2024-53177
In the Linux kernel, the following vulnerability has been resolved: smb: prevent use-after-free due to opencacheddir error paths If opencacheddir encounters an error parsing the lease from the server, the error handling may race with receiving a lease break, resulting in opencacheddir freeing the...
CVE-2024-53227
In the Linux kernel, the following vulnerability has been resolved: scsi: bfa: Fix use-after-free in bfadimmoduleexit BUG: KASAN: slab-use-after-free in lockacquire+0x2aca/0x3a20 Read of size 8 at addr ffff8881082d80c8 by task modprobe/25303 Call Trace: dumpstacklvl+0x95/0xe0 printreport+0xcb/0x6...
CVE-2024-53197
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices A bogus device can provide a bNumConfigurations value that exceeds the initial value used in usbgetconfiguration for allocating dev-config. This can...
CVE-2024-53237
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix use-after-free in deviceforeachchild Syzbot has reported the following KASAN splat: BUG: KASAN: slab-use-after-free in deviceforeachchild+0x18f/0x1a0 Read of size 8 at addr ffff88801f605308 by task kbnepd bnep0/498...
CVE-2024-53236
In the Linux kernel, the following vulnerability has been resolved: xsk: Free skb when TX metadata options are invalid When a new skb is allocated for transmitting an xsk descriptor, i.e., for every non-multibuf descriptor or the first frag of a multibuf descriptor, but the descriptor is later...
CVE-2024-53220
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to account dirty data in getsecsrequired It will trigger system panic w/ testcase in 1: ------------ cut here ------------ kernel BUG at fs/f2fs/segment.c:2752! RIP: 0010:newcurseg+0xc81/0x2110 Call Trace:...
CVE-2024-53203
In the Linux kernel, the following vulnerability has been resolved: usb: typec: fix potential array underflow in ucsiccgsynccontrol The "command" variable can be controlled by the user via debugfs. The worry is that if conindex is zero then "&uc-ucsi-connectorconindex - 1" would be an array...