131 matches found
mm/damon/sysfs: fix use-after-free in state_show()
...
CVE-2025-39883
CVE-2025-39883 affects the Linux kernel memory-management path mm/memory-failure, where unpoisoning memory can trigger VM_BUG_ON_PAGE(PagePoisoned(page)) due to checking PG_HWPoison flags on an uninitialized page. The root cause described in the initial and connected advisories is the uninitializ...
CVE-2025-39858 eth: mlx4: Fix IS_ERR() vs NULL check bug in mlx4_en_create_rx_ring
In the Linux kernel, the following vulnerability has been resolved: eth: mlx4: Fix ISERR vs NULL check bug in mlx4encreaterxring Replace NULL check with ISERR check after calling pagepoolcreate since this function returns error pointers ERRPTR. Using NULL check could lead to invalid pointer...
CVE-2023-53323 ext2/dax: Fix ext2_setsize when len is page aligned
In the Linux kernel, the following vulnerability has been resolved: ext2/dax: Fix ext2setsize when len is page aligned PAGEALIGNx macro gives the next highest value which is multiple of pagesize. But if x is already page aligned then it simply returns x. So, if x passed is 0 in daxzerorange...
CVE-2022-50343
In the Linux kernel, the following vulnerability has been resolved: rapidio: fix possible name leaks when rioadddevice fails Patch series "rapidio: fix three possible memory leaks". This patchset fixes three name leaks in error handling. - patch 1 fixes two name leaks while rioadddevice fails. -...
CVE-2025-39818 HID: intel-thc-hid: intel-thc: Fix incorrect pointer arithmetic in I2C regs save
In the Linux kernel, the following vulnerability has been resolved: HID: intel-thc-hid: intel-thc: Fix incorrect pointer arithmetic in I2C regs save Improper use of secondary pointer &dev-i2csubipregs caused kernel crash and out-of-bounds error: BUG: KASAN: slab-out-of-bounds in...
CVE-2023-53260 ovl: fix null pointer dereference in ovl_permission()
In the Linux kernel, the following vulnerability has been resolved: ovl: fix null pointer dereference in ovlpermission Following process: P1 P2 pathlookupat linkpathwalk inodepermission ovlpermission ovlipathrealinode, &realpath path-dentry = ovlidentryupperinode dropcache dentrykillovldentry...
SUSE CVE-2025-39744
In the Linux kernel, the following vulnerability has been resolved: rcu: Fix rcureadunlock deadloop due to IRQ work During rcureadunlockspecial, if this happens during irqexit, we can lockup if an IPI is issued. This is because the IPI itself triggers the irqexit path causing a recursive lock up...
UBUNTU-CVE-2025-38620
In the Linux kernel, the following vulnerability has been resolved: zloop: fix KASAN use-after-free of tag set When a zoned loop device, or zloop device, is removed, KASAN enabled kernel reports "BUG KASAN use-after-free" in blkmqfreetagset. The BUG happens because zloopctlremove calls putdisk,...
CVE-2025-38598 drm/amdgpu: fix use-after-free in amdgpu_userq_suspend+0x51a/0x5a0
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix use-after-free in amdgpuuserqsuspend+0x51a/0x5a0 +0.000020 BUG: KASAN: slab-use-after-free in amdgpuuserqsuspend+0x51a/0x5a0 amdgpu +0.000817 Read of size 8 at addr ffff88812eec8c58 by task amdpciunplug/1733...
DEBIAN-CVE-2025-38544
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix bug due to prealloc collision When userspace is using AFRXRPC to provide a server, it has to preallocate incoming calls and assign to them call IDs that will be used to thread related recvmsg and sendmsg together. The...
kernel: powerpc/pseries: Whitelist dtl slub object for copying to userspace
In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Whitelist dtl slub object for copying to userspace Reading the dispatch trace log from /sys/kernel/debug/powerpc/dtl/cpu- results in a BUG when the config CONFIGHARDENEDUSERCOPY is enabled as shown below. kernel...
CVE-2025-38415 Squashfs: check return result of sb_min_blocksize
In the Linux kernel, the following vulnerability has been resolved: Squashfs: check return result of sbminblocksize Syzkaller reports an "UBSAN: shift-out-of-bounds in squashfsbioread" bug. Syzkaller forks multiple processes which after mounting the Squashfs filesystem, issues an ioctl"/dev/loop0...
UBUNTU-CVE-2025-38263
In the Linux kernel, the following vulnerability has been resolved: bcache: fix NULL pointer in cachesetflush 1. LINE1794 - LINE1887 is some codes about function of bchcachesetalloc. 2. LINE2078 - LINE2142 is some codes about function of registercacheset. 3. registercacheset will call...
DEBIAN-CVE-2025-38223
In the Linux kernel, the following vulnerability has been resolved: ceph: avoid kernel BUG for encrypted inode with unaligned file size The generic/397 test hits a BUGON for the case of encrypted inode with unaligned file size for example, 33K or 1K: 877.737811 run fstests generic/397 at 2025-01-...
PT-2025-27998 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.13.0-rc5+ Description: A vulnerability in the Linux kernel has been resolved, which caused a kernel BUG when handling encrypted inodes with unaligned file sizes. The issue was identified by the generic/397 tes...
CVE-2022-49970
In the Linux kernel, the following vulnerability has been resolved: bpf, cgroup: Fix kernel BUG in purgeeffectiveprogs Syzkaller reported a triggered kernel BUG as follows: ------------ cut here ------------ kernel BUG at kernel/bpf/cgroup.c:925! invalid opcode: 0000 1 PREEMPT SMP NOPTI CPU: 1 PI...
CVE-2025-37904 btrfs: fix the inode leak in btrfs_iget()
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix the inode leak in btrfsiget BUG There is a bug report that a syzbot reproducer can lead to the following busy inode at unmount time: BTRFS info device loop1: last unmount of filesystem...
CVE-2023-53144
CVE-2023-53144 concerns the Linux kernel erofs subsystem. The connected documentation describes an identified issue where kunmap could be applied to incorrect pages during LZMA decompression on HIGHMEM platforms, leading to a NULL pointer dereference in z_erofs_lzma_decompress and related call ch...
UBUNTU-CVE-2022-49898
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix tree mod log mishandling of reallocated nodes We have been seeing the following panic in production kernel BUG at fs/btrfs/tree-mod-log.c:677! invalid opcode: 0000 1 SMP RIP: 0010:treemodlogrewind+0x1b4/0x200 RSP:...