CVE-2023-52918

In the Linux kernel, the following vulnerability has been resolved: media: pci: cx23885: check cx23885vdevinit return cx23885vdevinit can return a NULL pointer, but that pointer is used in the next line without a check. Add a NULL pointer check and go to the error unwind if it is NULL...

CVE-2024-50030

In the Linux kernel, the following vulnerability has been resolved: drm/xe/ct: prevent UAF in sendrecv Ensure we serialize with completion side to prevent UAF with fence going out of scope on the stack, since we have no clue if it will fire after the timeout before we can erase from the xa. Also ...

CVE-2022-49005

In the Linux kernel, the following vulnerability has been resolved: ASoC: ops: Fix bounds check for sx controls For sx controls the semantics of the max field is not the usual one, max is the number of steps rather than the maximum value. This means that our check in sndsocputvolswsx needs to jus...

CVE-2024-50032

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2024-50039

In the Linux kernel, the following vulnerability has been resolved: net/sched: accept TCASTAB only for root qdisc Most qdiscs maintain their backlog using qdiscpktlenskb on the assumption it is invariant between the enqueue and dequeue handlers. Unfortunately syzbot can crash a host rather easily...

CVE-2022-48977

In the Linux kernel, the following vulnerability has been resolved: can: afcan: fix NULL pointer dereference in canrcvfilter Analogue to commit 8aa59e355949 "can: afcan: fix NULL pointer dereference in canrxregister" we need to check for a missing initialization of mlpriv in the receive path of C...

CVE-2022-49018

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix sleep in atomic at close time Matt reported a splat at msk close time: BUG: sleeping function called from invalid context at net/mptcp/protocol.c:2877 inatomic: 1, irqsdisabled: 0, nonblock: 0, pid: 155, name:...

CVE-2024-50056

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: Fix ERRPTR dereference in uvcv4l2.c Fix potential dereferencing of ERRPTR in findformatbypix and uvcv4l2enumformat. Fix the following smatch errors: drivers/usb/gadget/function/uvcv4l2.c:124 findformatbypix erro...

CVE-2024-50044

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: FIX possible deadlock in rfcommskstatechange rfcommskstatechange attempts to use socklock so it must never be called with it locked but rfcommsockioctl always attempt to lock it causing the following trace:...

CVE-2024-50011

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: soc-acpi-intel-rpl-match: add missing empty item There is no linksnum in struct sndsocacpimach , and we test !link-numadr as a condition to end the loop in hdasdwmachineselect. So an empty item in struct...

CVE-2024-49973

In the Linux kernel, the following vulnerability has been resolved: r8169: add tally counter fields added with RTL8125 RTL8125 added fields to the tally counter, what may result in the chip dma'ing these new fields to unallocated memory. Therefore make sure that the allocated memory area is big...

CVE-2024-49933

In the Linux kernel, the following vulnerability has been resolved: blkiocost: fix more out of bound shifts Recently running UBSAN caught few out of bound shifts in the iocforgivedebts function: UBSAN: shift-out-of-bounds in block/blk-iocost.c:2142:38 shift exponent 80 is too large for 64-bit typ...

CVE-2024-49972

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Deallocate DML memory if allocation fails Why When DC state create DML memory allocation fails, memory is not deallocated subsequently, resulting in uninitialized structure that is not NULL. How Deallocate memory...

CVE-2024-49908

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null check for 'afb' in amdgpudmupdatecursor v2 This commit adds a null check for the 'afb' variable in the amdgpudmupdatecursor function. Previously, 'afb' was assumed to be null at line 8388, but was used...

CVE-2024-49937

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: Set correct chandef when starting CAC When starting CAC in a mode other than AP mode, it return a "WARNING: CPU: 0 PID: 63 at cfg80211chandefdfsusable+0x20/0xaf cfg80211" caused by the chandef.chan being null at t...

CVE-2024-49897

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check phantomstream before it is used dcn32enablephantomstream can return null, so returned value must be checked before used. This fixes 1 NULLRETURNS issue reported by Coverity...

CVE-2024-49942

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Prevent null pointer access in xemigratecopy xemigratecopy designed to copy content of TTM resources. When source resource is null, it will trigger a NULL pointer dereference in xemigratecopy. To avoid this situation,...

CVE-2024-50002

In the Linux kernel, the following vulnerability has been resolved: staticcall: Handle module init failure correctly in staticcalldelmodule Module insertion invokes staticcalladdmodule to initialize the static calls in a module. staticcalladdmodule invokes staticcallinit, which allocates a struct...

CVE-2024-49960

In the Linux kernel, the following vulnerability has been resolved: ext4: fix timer use-after-free on failed mount Syzbot has found an ODEBUG bug in ext4fillsuper The deltimersync function cancels the serrreport timer, which reminds about filesystem errors daily. We should guarantee the timer is ...

CVE-2024-49948

In the Linux kernel, the following vulnerability has been resolved: net: add more sanity checks to qdiscpktleninit One path takes care of SKBGSODODGY, assuming skb-len is bigger than hdrlen. virtionethdrtoskb does not fully dissect TCP headers, it only make sure it is at least 20 bytes. It is...