CVE-2026-31772

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: fix stack buffer overflow in hcilebigcreatesync hcilebigcreatesync uses DEFINEFLEX to allocate a struct hcicplebigcreatesync on the stack with room for 0x11 17 BIS entries. However, conn-numbis can hold up to...

PT-2026-6169

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel bonding driver has a flaw where the BOND MODE 8023AD mode is not limited to Ethernet devices. This can lead to a global out-of-bounds read in the hw addr create function...

CVE-2023-54203 ksmbd: fix slab-out-of-bounds in init_smb2_rsp_hdr

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab-out-of-bounds in initsmb2rsphdr When smb1 mount fails, KASAN detect slab-out-of-bounds in initsmb2rsphdr like the following one. For smb1 negotiate56bytes , initsmb2rsphdr for smb2 is called. The issue occurs whil...

kernel: security/keys: fix slab-out-of-bounds in key_task_permission

In the Linux kernel, the following vulnerability has been resolved: security/keys: fix slab-out-of-bounds in keytaskpermission KASAN reports an out of bounds read: BUG: KASAN: slab-out-of-bounds in kuidval include/linux/uidgid.h:36 BUG: KASAN: slab-out-of-bounds in uideq include/linux/uidgid.h:63...

CVE-2025-38329 firmware: cs_dsp: Fix OOB memory read access in KUnit test (wmfw info)

In the Linux kernel, the following vulnerability has been resolved: firmware: csdsp: Fix OOB memory read access in KUnit test wmfw info KASAN reported out of bounds access - csdspmockwmfwaddinfo, because the source string length was rounded up to the allocation size...

CVE-2023-53052

In the Linux kernel, the following vulnerability has been resolved: cifs: fix use-after-free bug in refreshcacheworker The UAF bug occurred because we were putting DFS root sessions in cifsumount while DFS cache refresher was being executed. Make DFS root sessions have same lifetime as DFS tcons ...

CVE-2022-49763

In the Linux kernel, the following vulnerability has been resolved: ntfs: fix use-after-free in ntfsattrfind Patch series "ntfs: fix bugs about Attribute", v2. This patchset fixes three bugs relative to Attribute in record: Patch 1 adds a sanity check to ensure that, attrsoffset field in first mf...

CVE-2022-49763 ntfs: fix use-after-free in ntfs_attr_find()

In the Linux kernel, the following vulnerability has been resolved: ntfs: fix use-after-free in ntfsattrfind Patch series "ntfs: fix bugs about Attribute", v2. This patchset fixes three bugs relative to Attribute in record: Patch 1 adds a sanity check to ensure that, attrsoffset field in first mf...

CVE-2022-49763 ntfs: fix use-after-free in ntfs_attr_find()

In the Linux kernel, the following vulnerability has been resolved: ntfs: fix use-after-free in ntfsattrfind Patch series "ntfs: fix bugs about Attribute", v2. This patchset fixes three bugs relative to Attribute in record: Patch 1 adds a sanity check to ensure that, attrsoffset field in first mf...

CVE-2022-49763

Summary (CVE-2022-49763) In the Linux kernel NTFS code, the use-after-free issue in ntfs_attr_find() stems from missing bounds checks on the attrs_offset field after loading the first MFT record. The vulnerability was exposed by KASAN reports (use-after-free read) during NTFS attribute handling, ...

DEBIAN-CVE-2022-49623

In the Linux kernel, the following vulnerability has been resolved: powerpc/xive/spapr: correct bitmap allocation size kasan detects access beyond the end of the xibm-bitmap allocation: BUG: KASAN: slab-out-of-bounds in findfirstzerobit+0x40/0x140 Read of size 8 at addr c00000001d1d0118 by task...

CVE-2022-49623 powerpc/xive/spapr: correct bitmap allocation size

In the Linux kernel, the following vulnerability has been resolved: powerpc/xive/spapr: correct bitmap allocation size kasan detects access beyond the end of the xibm-bitmap allocation: BUG: KASAN: slab-out-of-bounds in findfirstzerobit+0x40/0x140 Read of size 8 at addr c00000001d1d0118 by task...

UBUNTU-CVE-2024-47718

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: always wait for both firmware loading attempts In 'rtwwaitfirmwarecompletion', always wait for both regular and wowlan firmware loading attempts. Otherwise if 'rtwusbintfinit' has failed in 'rtwusbprobe',...

SUSE CVE-2024-46743

In the Linux kernel, the following vulnerability has been resolved: of/irq: Prevent device address out-of-bounds read in interrupt map walk When ofirqparseraw is invoked with a device address smaller than the interrupt parent node from address-cells property, KASAN detects the following...

CVE-2024-46743 of/irq: Prevent device address out-of-bounds read in interrupt map walk

In the Linux kernel, the following vulnerability has been resolved: of/irq: Prevent device address out-of-bounds read in interrupt map walk When ofirqparseraw is invoked with a device address smaller than the interrupt parent node from address-cells property, KASAN detects the following...

DEBIAN-CVE-2023-52803

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix RPC client cleaned up the freed pipefs dentries RPC client pipefs dentries cleanup is in separated rpcremovepipedir workqueue,which takes care about pipefs superblock locking. In some special scenarios, when kernel...

CVE-2024-26890 Bluetooth: btrtl: fix out of bounds memory access

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btrtl: fix out of bounds memory access The problem is detected by KASAN. btrtl driver uses private hci data to store 'struct btrealtekdata'. If btrtl driver is used with btusb, then memory for private hci data is...

PT-2024-29172 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A slab-out-of-bounds issue has been resolved in the Linux kernel, specifically in the ext4 file system. This issue can be triggered by setting an oversized value for s mb group preallo...

kernel: SUNRPC: Trap RDMA segment overflows

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Trap RDMA segment overflows Prevent svcrdmabuildwrites from walking off the end of a Write chunk's segment array. Caught with KASAN. The test that this fix replaces is invalid, and might have been left over from an earlie...

PT-2024-11845 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to an out-of-bounds access in the sja1105 init l2 policing function. This function initializes L2 policers to prevent interference with normal packet reception. Th...