CVE-2021-47507

In the Linux kernel, the following vulnerability has been resolved: nfsd: Fix nsfd startup race again Commit bd5ae9288d64 "nfsd: register pernet ops last, unregister first" has re-opened rpcpipefsevent race against nfsdnetid registration registerpernetsubsys which has been fixed by commit...

CVE-2023-52808

In the Linux kernel, the following vulnerability has been resolved: scsi: hisisas: Set debugfsdir pointer to NULL after removing debugfs If init debugfs failed during device registration due to memory allocation failure, debugfsremoverecursive is called, after which debugfsdir is not set to NULL...

CVE-2023-52849

In the Linux kernel, the following vulnerability has been resolved: cxl/mem: Fix shutdown order Ira reports that removing cxlmockmem causes a crash with the following trace: BUG: kernel NULL pointer dereference, address: 0000000000000044 .. RIP: 0010:cxlregiondecodereset+0x7f/0x180 cxlcore .. Cal...

DEBIAN-CVE-2023-52817

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix a null pointer access when the smcrreg pointer is NULL In certain types of chips, such as VEGA20, reading the amdgpuregssmc file could result in an abnormal null pointer access when the smcrreg pointer is NULL...

CVE-2023-52745

In the Linux kernel, the following vulnerability has been resolved: IB/IPoIB: Fix legacy IPoIB due to wrong number of queues The cited commit creates child PKEY interfaces over netlink will multiple tx and rx queues, but some devices doesn't support more than 1 tx and 1 rx queues. This causes to ...

CVE-2023-52738 drm/amdgpu/fence: Fix oops due to non-matching drm_sched init/fini

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/fence: Fix oops due to non-matching drmsched init/fini Currently amdgpu calls drmschedfini from the fence driver sw fini routine - such function is expected to be called only after the respective init function -...

CVE-2021-47384

In the Linux kernel, the following vulnerability has been resolved: hwmon: w83793 Fix NULL pointer dereference by removing unnecessary structure field If driver read tmp value sufficient for tmp & 0x08 && !tmp & 0x80 && tmp & 0x7 == tmp 4 & 0x7 from device then Null pointer dereference occurs. It...

CVE-2021-47337

In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix bad pointer dereference when ehandler kthread is invalid Commit 66a834d09293 "scsi: core: Fix error handling of scsihostalloc" changed the allocation logic to call putdevice to perform host cleanup with the...

CVE-2021-47418

In the Linux kernel, the following vulnerability has been resolved: netsched: fix NULL deref in fifosetlimit syzbot reported another NULL deref in fifosetlimit 1 I could repro the issue with : unshare -n tc qd add dev lo root handle 1:0 tbf limit 200000 burst 70000 rate 100Mbit tc qd replace dev ...

CVE-2021-47418 net_sched: fix NULL deref in fifo_set_limit()

In the Linux kernel, the following vulnerability has been resolved: netsched: fix NULL deref in fifosetlimit syzbot reported another NULL deref in fifosetlimit 1 I could repro the issue with : unshare -n tc qd add dev lo root handle 1:0 tbf limit 200000 burst 70000 rate 100Mbit tc qd replace dev ...

CVE-2021-47337

The CVE-2021-47337 issue is in the Linux kernel SCSI core path: when an error arises during scsi_host_alloc() and the error-handling ehandler thread fails to spawn, shost->ehandler may be set to ERR_PTR(-ENOMEM) and scsi_host_dev_release() would call kthread_stop() on a NULL/invalid pointer, r...

CVE-2022-48692 RDMA/srp: Set scmnd->result only when scmnd is not NULL

In the Linux kernel, the following vulnerability has been resolved: RDMA/srp: Set scmnd-result only when scmnd is not NULL This change fixes the following kernel NULL pointer dereference which is reproduced by blktests srp/007 occasionally. BUG: kernel NULL pointer dereference, address:...

CVE-2022-48692 RDMA/srp: Set scmnd->result only when scmnd is not NULL

In the Linux kernel, the following vulnerability has been resolved: RDMA/srp: Set scmnd-result only when scmnd is not NULL This change fixes the following kernel NULL pointer dereference which is reproduced by blktests srp/007 occasionally. BUG: kernel NULL pointer dereference, address:...

CVE-2024-27061

In the Linux kernel, the following vulnerability has been resolved: crypto: sun8i-ce - Fix use after free in unprepare sun8icecipherunprepare should be called before cryptofinalizeskcipherrequest, because client callbacks may immediately free memory, that isn't needed anymore. But it will be used...

CVE-2024-27061

In the Linux kernel, the following vulnerability has been resolved: crypto: sun8i-ce - Fix use after free in unprepare sun8icecipherunprepare should be called before cryptofinalizeskcipherrequest, because client callbacks may immediately free memory, that isn't needed anymore. But it will be used...

CVE-2024-27061 crypto: sun8i-ce - Fix use after free in unprepare

In the Linux kernel, the following vulnerability has been resolved: crypto: sun8i-ce - Fix use after free in unprepare sun8icecipherunprepare should be called before cryptofinalizeskcipherrequest, because client callbacks may immediately free memory, that isn't needed anymore. But it will be used...

CVE-2024-27061

CVE-2024-27061 affects the Linux kernel crypto sun8i-ce path (sun8i_ce_cipher_do_one) due to a use-after-free in unprepare. The root cause is use-after-free of memory when client callbacks may free memory before sun8i_ce_cipher_unprepare is called, leading to a potential pointer dereference and a...

CVE-2024-26868

A vulnerability was found in the fflayoutcancelio function in the Linux kernel. Improper error checking with the mirrords structure fails to check if it is NULL, leading to a potential NULL pointer dereference. This issue could lead to crashes. Mitigation Mitigation for this issue is either not...

CVE-2024-26867

In the Linux kernel, the following vulnerability has been resolved: comedi: comedi8255: Correct error in subdevice initialization The refactoring done in commit 5c57b1ccecc7 "comedi: comedi8255: Rework subdevice initialization functions" to the initialization of the io field of struct...

CVE-2024-26868 nfs: fix panic when nfs4_ff_layout_prepare_ds() fails

In the Linux kernel, the following vulnerability has been resolved: nfs: fix panic when nfs4fflayoutprepareds fails We've been seeing the following panic in production BUG: kernel NULL pointer dereference, address: 0000000000000065 PGD 2f485f067 P4D 2f485f067 PUD 2cc5d8067 PMD 0 RIP:...