Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the Bluetooth:HCI module removing HCIAMP support...

The vulnerability of the QEMU hardware emulation software, related to the cycle with an unreachable exit condition, allows a hacker to trigger a service failure.

The vulnerability of the QEMU hardware emulator is related to an infinite loop error in the emulation of the USB xHCI controller during the calculation of the TRB ring length. Exploiting this vulnerability can allow a hacker to cause a system failure...

SUSE CVE-2023-52766

In the Linux kernel, the following vulnerability has been resolved: i3c: mipi-i3c-hci: Fix out of bounds access in hcidmairqhandler Do not loop over ring headers in hcidmairqhandler that are not allocated and enabled in hcidmainit. Otherwise out of bounds access will occur from rings-headersi...

kernel: usb: xhci: Add error handling in xhci_map_urb_for_dma

In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Add error handling in xhcimapurbfordma The Linux kernel CVE team has assigned CVE-2024-26964 to this issue. Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024050130-CVE-2024-26964-54c8@gregkh/T...

UBUNTU-CVE-2024-36950

In the Linux kernel, the following vulnerability has been resolved: firewire: ohci: mask bus reset interrupts between ISR and bottom half In the FireWire OHCI interrupt handler, if a bus reset interrupt has occurred, mask bus reset interrupts until busresetwork has serviced and cleared the...

Bluetooth: Fix memory leak in hci_req_sync_complete()

...

DEBIAN-CVE-2024-36011

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Fix potential null-ptr-deref Fix potential null-ptr-deref in hcilebigsyncestablishedevt...

kernel: usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe

In the Linux kernel, the following vulnerability has been resolved: usb: host: Fix refcount leak in ehcihcdppcofprobe offindcompatiblenode returns a node pointer with refcount incremented, we should use ofnodeput on it when done. Add missing ofnodeput to avoid refcount leak...

UBUNTU-CVE-2021-47434

In the Linux kernel, the following vulnerability has been resolved: xhci: Fix command ring pointer corruption while aborting a command The command ring pointer is located at 6:63 bits of the command ring control register CRCR. All the control bits like command stop, abort are located at 0:3 bits...

PT-2024-14767 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A double free issue in the Bluetooth component of the Linux kernel has been identified, specifically in the hci conn cleanup function. This issue can lead to a slab use-after-free in t...

UBUNTU-CVE-2024-26964

In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Add error handling in xhcimapurbfordma Currently xhcimapurbfordma creates a temporary buffer and copies the SG list to the new linear buffer. But if the kzallocnode fails, then the following sgpcopytobuffer can lead to...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel, which stems from a security flaw in xhcimapurbfordma...

kernel: Bluetooth: hci_conn: Fix memory leaks

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: Fix memory leaks When hcicmdsyncqueue failed in hcileterminatebig or hcilebigterminate, the memory pointed by variable d is not freed, which will cause memory leak. Add release process to error path...

kernel: Bluetooth: hci_sync: fix memory leak in hci_update_adv_data()

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: fix memory leak in hciupdateadvdata When hcicmdsyncqueue failed in hciupdateadvdata, instptr is not freed, which will cause memory leak, convert to use ERRPTR/PTRERR to pass the instance to callback so no memo...

kernel: Bluetooth: HCI: global out-of-bounds access in net/bluetooth/hci_sync.c

An out-of-bounds OOB memory access flaw was found in net/bluetooth/hcisync.c due to a missing exit patch while in loop in ampinit1 and ampinit2. This issue could allow an attacker to leak internal kernel information...

Kernel: bluetooth: Unauthorized management command execution

A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hcisock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth...

DEBIAN-CVE-2024-26659

In the Linux kernel, the following vulnerability has been resolved: xhci: handle isoc Babble and Buffer Overrun events properly xHCI 4.9 explicitly forbids assuming that the xHC has released its ownership of a multi-TRB TD when it reports an error on one of the early TRBs. Yet the driver makes su...

Qualcomm Chipsets Security Vulnerability

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets due to a memory corruption when processing IOCTL FM HCI WRITE requests...

SUSE CVE-2023-52454

In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length If the host sends an H2CData command with an invalid DATAL, the kernel may crash in nvmettcpbuildpduiovec. Unable to handle kernel NULL pointer dereference a...

kernel: Bluetooth: L2CAP: Fix memory leak in vhci_write

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix memory leak in vhciwrite Syzkaller reports a memory leak as follows: ==================================== BUG: memory leak unreferenced object 0xffff88810d81ac00 size 240: ... hex dump first 32 bytes: 00 00 ...