CVE-2024-36476

In the Linux kernel, the following vulnerability has been resolved: RDMA/rtrs: Ensure 'ibsge list' is accessible Move the declaration of the 'ibsge list' variable outside the 'alwaysinvalidate' block to ensure it remains accessible for use throughout the function. Previously, 'ibsge list' was...

CVE-2024-36476 RDMA/rtrs: Ensure 'ib_sge list' is accessible

In the Linux kernel, the following vulnerability has been resolved: RDMA/rtrs: Ensure 'ibsge list' is accessible Move the declaration of the 'ibsge list' variable outside the 'alwaysinvalidate' block to ensure it remains accessible for use throughout the function. Previously, 'ibsge list' was...

CVE-2024-36476

CVE-2024-36476 affects the Linux kernel (RDMA/rtrs path). The bug arises from declaring the ib_sge list inside the always_invalidate block, making it inaccessible later in the function and enabling a potential kernel NULL pointer dereference. The vulnerability is addressed by moving the ib_sge li...

CVE-2024-56577

In the Linux kernel, the following vulnerability has been resolved: media: mtk-jpeg: Fix null-ptr-deref during unload module The workqueue should be destroyed in mtkjpegcore.c since commit 09aea13ecf6f "media: mtk-jpeg: refactor some variables", otherwise the below calltrace can be easily...

PT-2025-3659 · Linux +3 · Linux Kernel +3

The Linux kernel has resolved a NULL Pointer Dereference issue in its fgraph component. The problem occurred in the ftrace return to handler function, where a loop iterates over fgraph array elements. If the compiler reloads fgraph array after checking for a fgraph stub, it may conflict with an...

CVE-2024-56549

In the Linux kernel, the following vulnerability has been resolved: cachefiles: Fix NULL pointer dereference in object-file At present, the object-file has the NULL pointer dereference problem in ondemand-mode. The root cause is that the allocated fd and object-file lifetime are inconsistent, and...

CVE-2024-56711

CVE-2024-56711 is a Linux kernel vulnerability affecting the DRM panel driver for himax-hx83102. The issue arises when drm_mode_duplicate() can return NULL due to memory allocation failure, after which code may dereference NULL pointers. The fix adds a explicit NULL check to prevent a NULL pointe...

CVE-2024-56587 leds: class: Protect brightness_show() with led_cdev->led_access mutex

In the Linux kernel, the following vulnerability has been resolved: leds: class: Protect brightnessshow with ledcdev-ledaccess mutex There is NULL pointer issue observed if from Process A where hid device being added which results in adding a ledcdev addition and later a another call to access of...

CVE-2024-56577 media: mtk-jpeg: Fix null-ptr-deref during unload module

In the Linux kernel, the following vulnerability has been resolved: media: mtk-jpeg: Fix null-ptr-deref during unload module The workqueue should be destroyed in mtkjpegcore.c since commit 09aea13ecf6f "media: mtk-jpeg: refactor some variables", otherwise the below calltrace can be easily...

CVE-2024-53231 cpufreq: CPPC: Fix possible null-ptr-deref for cpufreq_cpu_get_raw()

In the Linux kernel, the following vulnerability has been resolved: cpufreq: CPPC: Fix possible null-ptr-deref for cpufreqcpugetraw cpufreqcpugetraw may return NULL if the cpu is not in policy-cpus cpu mask and it will cause null pointer dereference...

SUSE CVE-2024-53092

In the Linux kernel, the following vulnerability has been resolved: virtiopci: Fix admin vq cleanup by using correct info pointer vpmodernavqcleanup and vpdelvqs clean up admin vq resources by virtiopcivqinfo pointer. The info pointer of admin vq is stored in vpdev-adminvq.info instead of...

SAP NetWeaver Application Server和SAP ABAP Platform 代码问题漏洞

SAP NetWeaver Application Server and SAP ABAP Platform are both products of SAP, Germany.SAP NetWeaver Application Server is an application server.SAP ABAP Platform is an ABAP based SAP ABAP Platform is an ABAP-based SAP solution. A code issue vulnerability exists in SAP NetWeaver Application...

CVE-2024-50034

In the Linux kernel, the following vulnerability has been resolved: net/smc: fix lacks of icsksynmss with IPPROTOSMC Eric report a panic on IPPROTOSMC, and give the facts that when INETPROTOSWICSK was set, icsk-icsksyncmss must be set too. Bug: Unable to handle kernel NULL pointer dereference at...

CVE-2022-49003 nvme: fix SRCU protection of nvme_ns_head list

In the Linux kernel, the following vulnerability has been resolved: nvme: fix SRCU protection of nvmenshead list Walking the nvmenshead siblings list is protected by the head's srcu in nvmensheadsubmitbio but not nvmempathrevalidatepaths. Removing namespaces from the list also fails to synchroniz...

CVE-2024-50034

CVE-2024-50034 affects the Linux kernel net/smc, where INET_PROTOSW_ICSK can leave icsk_sync_mss unset for IPPROTO_SMC, triggering a NULL pointer dereference panic. The provided trace indicates a kernel oops when handling IPPROTO_SMC, with a failed icsk_mss synchronization. A patch sequence in st...

CVE-2024-50034 net/smc: fix lacks of icsk_syn_mss with IPPROTO_SMC

In the Linux kernel, the following vulnerability has been resolved: net/smc: fix lacks of icsksynmss with IPPROTOSMC Eric report a panic on IPPROTOSMC, and give the facts that when INETPROTOSWICSK was set, icsk-icsksyncmss must be set too. Bug: Unable to handle kernel NULL pointer dereference at...

CVE-2024-49987 bpftool: Fix undefined behavior in qsort(NULL, 0, ...)

In the Linux kernel, the following vulnerability has been resolved: bpftool: Fix undefined behavior in qsortNULL, 0, ... When netfilter has no entry to display, qsort is called with qsortNULL, 0, .... This results in undefined behavior, as UBSan reports: net.c:827:2: runtime error: null pointer...

CVE-2024-47687

In the Linux kernel, the following vulnerability has been resolved: vdpa/mlx5: Fix invalid mr resource destroy Certain error paths from mlx5vdpadevadd can end up releasing mr resources which never got initialized in the first place. This patch adds the missing check in mlx5vdpadestroymrresources ...

SUSE CVE-2024-46721

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix possible NULL pointer dereference profile-parent-dentsAAFSPROFDIR could be NULL only if its parent is made from createmissingancestors.. and 'ent-old' is NULL in aareplaceprofiles... In that case, it must return an...

CVE-2024-46755 wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id()

In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Do not return unused priv in mwifiexgetprivbyid mwifiexgetprivbyid returns the priv pointer corresponding to the bssnum and bsstype, but without checking if the priv is actually currently in use. Unused priv pointe...