CVE-2024-23372

CVE-2024-23372 is a memory corruption issue described as occurring when invoking an IOCTL for GPU memory allocation with a size parameter larger than expected. Multiple sources identify it in Qualcomm components and related display subsystems, with a high-impact profile (local attack, low privile...

CVE-2024-23368

CVE-2024-23368 is a memory corruption issue in Qualcomm’s embedded platform concerning the SMEM Partition Handler. The vulnerability arises when allocating and accessing an entry in an SMEM partition, effectively a classic buffer copy without proper input size checking, which can lead to memory c...

CVE-2024-38549

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Add 0 size check to mtkdrmgemobj Add a check to mtkdrmgeminit if we attempt to allocate a GEM object of 0 bytes. Currently, no such check exists and the kernel will panic if a userspace application attempts to...

CVE-2022-48726

In the Linux kernel, the following vulnerability has been resolved: RDMA/ucma: Protect mc during concurrent multicast leaves Partially revert the commit mentioned in the Fixes line to make sure that allocation and erasing multicast struct are locked. BUG: KASAN: use-after-free in...

CVE-2024-38543

In the Linux kernel, the following vulnerability has been resolved: lib/testhmm.c: handle srcpfns and dstpfns allocation failure The kcalloc in dmirrordeviceevictchunk will return null if the physical memory has run out. As a result, if srcpfns or dstpfns is dereferenced, the null pointer...

CVE-2024-38575

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: pcie: handle randbuf allocation failure The kzalloc in brcmfpciedownloadfwnvram will return null if the physical memory has run out. As a result, if we use getrandombytes to generate random bytes in the randbuf, t...

CVE-2024-38575

In CVE-2024-38575, the Linux kernel wifi: brcmfmac: pcie: handle randbuf allocation failure fixes a NULL pointer dereference that could occur when get_random_bytes() is used after kzalloc() returns NULL in brcmf_pcie_download_fw_nvram(). The patch adds a kernel-stack based buffer approach to gene...

CVE-2024-38556

CVE-2024-38556 affects the Linux kernel net/mlx5 code. The vulnerability arises from how the command queue semaphore timeout handling can allow an entry to be processed before an index is allocated, risking an out-of-bounds access at idx = -22 if the completion path proceeds without proper synchr...

CVE-2024-38543 lib/test_hmm.c: handle src_pfns and dst_pfns allocation failure

In the Linux kernel, the following vulnerability has been resolved: lib/testhmm.c: handle srcpfns and dstpfns allocation failure The kcalloc in dmirrordeviceevictchunk will return null if the physical memory has run out. As a result, if srcpfns or dstpfns is dereferenced, the null pointer...

CVE-2024-38543

CVE-2024-38543 : In the Linux kernel, a vulnerability in lib/test_hmm.c arose from allocation failures for src_pfns/dst_pfns. If kcalloc() returns NULL, dereferencing these pointers could trigger a null pointer dereference, especially as the device could be evicted. Remediation implemented: add a...

CVE-2024-5695

If an out-of-memory condition occurs at a specific point using allocations in the probabilistic heap checker, an assertion could have been triggered, and in rarer situations, memory corruption could have occurred. This vulnerability affects Firefox 127...

CVE-2024-36959

In the Linux kernel, the following vulnerability has been resolved: pinctrl: devicetree: fix refcount leak in pinctrldttomap If we fail to allocate propname buffer, we need to drop the reference count we just took. Because the pinctrldtfreemaps includes the droping operation, here we call it...

CVE-2023-43543

Memory corruption in Audio during a playback or a recording due to race condition between allocation and deallocation of graph object...

CVE-2024-36898

In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: fix uninitialised kfifo If a line is requested with debounce, and that results in debouncing in software, and the line is subsequently reconfigured to enable edge detection then the allocation of the kfifo to conta...

CVE-2024-36898 gpiolib: cdev: fix uninitialised kfifo

In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: fix uninitialised kfifo If a line is requested with debounce, and that results in debouncing in software, and the line is subsequently reconfigured to enable edge detection then the allocation of the kfifo to conta...

CVE-2021-47535

In the Linux kernel, the following vulnerability has been resolved: drm/msm/a6xx: Allocate enough space for GMU registers In commit 142639a52a01 "drm/msm/a6xx: fix crashstate capture for A650" we changed a6xxgetgmuregisters to read 3 sets of registers. Unfortunately, we didn't change the memory...

CVE-2021-47523

In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix leak of rcvhdrtaildummykvaddr This buffer is currently allocated in hfi1init: if reinit ret = initafterresetdd; else ret = loadtimeinitdd; if ret goto done; / allocate dummy tail memory for all receive contexts /...

CVE-2021-47518

In the Linux kernel, the following vulnerability has been resolved: nfc: fix potential NULL pointer deref in nfcgenldumpsesdone The done netlink callback nfcgenldumpsesdone should check if received argument is non-NULL, because its allocation could fail earlier in dumpit nfcgenldumpses...

CVE-2021-47508

In the Linux kernel, the following vulnerability has been resolved: btrfs: free exchange changeset on failures Fstests runs on my VMs have show several kmemleak reports like the following. unreferenced object 0xffff88811ae59080 size 64: comm "xfsio", pid 12124, jiffies 4294987392 age 6.368s hex...

CVE-2021-47544 tcp: fix page frag corruption on page fault

In the Linux kernel, the following vulnerability has been resolved: tcp: fix page frag corruption on page fault Steffen reported a TCP stream corruption for HTTP requests served by the apache web-server using a cifs mount-point and memory mapping the relevant file. The root cause is quite similar...