498 matches found
CVE-2022-50235
In the Linux kernel, the following vulnerability has been resolved: NFSD: Protect against send buffer overflow in NFSv2 READDIR Restore the previous limit on the @count argument to prevent a buffer overflow attack...
CVE-2022-50257
In the Linux kernel, the following vulnerability has been resolved: xen/gntdev: Prevent leaking grants Prior to this commit, if a grant mapping operation failed partially, some of the entries in the mapops array would be invalid, whereas all of the entries in the kmapops array would be valid. Thi...
CVE-2022-50243
In the Linux kernel, the following vulnerability has been resolved: sctp: handle the error returned from sctpauthasocinitactivekey When it returns an error from sctpauthasocinitactivekey, the activekey is actually not updated. The old shkey will be freeed while it's still used as active key in...
CVE-2025-39796
In the Linux kernel, the following vulnerability has been resolved: net: lapbether: ignore ops-locked netdevs Syzkaller managed to trigger lock dependency in xsknotify via registernetdevice. As discussed in 0, using registernetdevice in the notifiers is problematic so skip adding lapbeth for...
CVE-2025-39797
In the Linux kernel, the following vulnerability has been resolved: xfrm: Duplicate SPI Handling The issue originates when Strongswan initiates an XFRMMSGALLOCSPI Netlink message, which triggers the kernel function xfrmallocspi. This function is expected to ensure uniqueness of the Security...
CVE-2025-39786
In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad7173: fix channels index for syscalibmode Fix the index used to look up the channel when accessing the syscalibmode attribute. The address field is a 0-based index same as scanindex that it used to access the channel ...
CVE-2025-39754
In the Linux kernel, the following vulnerability has been resolved: mm/smaps: fix race between smapshugetlbrange and migration smapshugetlbrange handles the pte without holdling ptl, and may be concurrenct with migration, leaing to BUGON in pfnswapentrytopage. The race is as follows...
CVE-2025-39753
In the Linux kernel, the following vulnerability has been resolved: gfs2: Set .migratefolio in gfs2rgrp,metaaops Clears up the warning added in 7ee3647243e5 "migrate: Remove call to -writepage" that occurs in various xfstests, causing "something found in dmesg" failures. 341.136573 gfs2metaaops...
CVE-2025-39783
In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Fix configfs group list head handling Doing a listdel on the epfgroup field of struct pciepfdriver in pciepfremovecfs is not correct as this field is a list head, not a list entry. This listdel call triggers a KASA...
CVE-2025-39769
In the Linux kernel, the following vulnerability has been resolved: bnxten: Fix lockdep warning during rmmod The commit under the Fixes tag added a netdevassertlocked in bnxtfreentpfltrs. The lock should be held during normal run-time but the assert will be triggered see below during bnxtremoveon...
CVE-2025-39697
In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a race when updating an existing write After nfslockandjoinrequests tests for whether the request is still attached to the mapping, nothing prevents a call to nfsinoderemoverequest from succeeding until we actually lock...
CVE-2025-39698
In the Linux kernel, the following vulnerability has been resolved: iouring/futex: ensure iofutexwait cleans up properly on failure The iofutexdata is allocated upfront and assigned to the iokiocb asyncdata field, but the request isn't marked with REQFASYNCDATA at that point. Those two should...
CVE-2025-38694
In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090prwonapb In dib7090prwonapb, msg is controlled by user. When msg0.buf is null and msg0.len is zero, former checks on msg0.buf would be passed. If accessing msg0.buf2...
CVE-2025-38699
In the Linux kernel, the following vulnerability has been resolved: scsi: bfa: Double-free fix When the bfadimprobe function fails during initialization, the memory pointed to by bfad-im is freed without setting bfad-im to NULL. Subsequently, during driver uninstallation, when the state machine...
CVE-2025-38630
In the Linux kernel, the following vulnerability has been resolved: fbdev: imxfb: Check fbaddvideomode to prevent null-ptr-deref fbaddvideomode can fail with -ENOMEM when its internal kmalloc cannot allocate a struct fbmodelist. If that happens, the modelist stays empty but the driver continues t...
CVE-2025-38603
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2025-38584
In the Linux kernel, the following vulnerability has been resolved: padata: Fix pd UAF once and for all There is a race condition/UAF in padatareorder that goes back to the initial commit. A reference count is taken at the start of the process in padatadoparallel, and released at the end in...
CVE-2025-38564
In the Linux kernel, the following vulnerability has been resolved: perf/core: Handle buffer mapping fail correctly in perfmmap After successful allocation of a buffer or a successful attachment to an existing buffer perfmmap tries to map the buffer read only into the page table. If that fails, t...
CVE-2025-38612
In the Linux kernel, the following vulnerability has been resolved: staging: fbtft: fix potential memory leak in fbtftframebufferalloc In the error paths after fbinfo structure is successfully allocated, the memory allocated in fbdeferredioinit for info-pagerefs is not freed. Fix that by adding t...
CVE-2025-38576
In the Linux kernel, the following vulnerability has been resolved: powerpc/eeh: Make EEH driver device hotplug safe Multiple race conditions existed between the PCIe hotplug driver and the EEH driver, leading to a variety of kernel oopses of the same general nature: A second class of oops is als...