CVE-2024-36925 swiotlb: initialise restricted pool list_head when SWIOTLB_DYNAMIC=y

In the Linux kernel, the following vulnerability has been resolved: swiotlb: initialise restricted pool listhead when SWIOTLBDYNAMIC=y Using restricted DMA pools CONFIGDMARESTRICTEDPOOL=y in conjunction with dynamic SWIOTLB CONFIGSWIOTLBDYNAMIC=y leads to the following crash when initialising the...

CVE-2024-36884 iommu/arm-smmu: Use the correct type in nvidia_smmu_context_fault()

In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Use the correct type in nvidiasmmucontextfault This was missed because of the function pointer indirection. nvidiasmmucontextfault is also installed as a irq function, and the 'void ' was changed to a struct...

UBUNTU-CVE-2024-36014

In the Linux kernel, the following vulnerability has been resolved: drm/arm/malidp: fix a possible null pointer dereference In malidpmwconnectorreset, new memory is allocated with kzalloc, but no check is performed. In order to prevent null pointer dereferencing, ensure that mwstate is checked...

CVE-2021-47507

In the Linux kernel, the following vulnerability has been resolved: nfsd: Fix nsfd startup race again Commit bd5ae9288d64 "nfsd: register pernet ops last, unregister first" has re-opened rpcpipefsevent race against nfsdnetid registration registerpernetsubsys which has been fixed by commit...

CVE-2023-52808

In the Linux kernel, the following vulnerability has been resolved: scsi: hisisas: Set debugfsdir pointer to NULL after removing debugfs If init debugfs failed during device registration due to memory allocation failure, debugfsremoverecursive is called, after which debugfsdir is not set to NULL...

CVE-2023-52849

In the Linux kernel, the following vulnerability has been resolved: cxl/mem: Fix shutdown order Ira reports that removing cxlmockmem causes a crash with the following trace: BUG: kernel NULL pointer dereference, address: 0000000000000044 .. RIP: 0010:cxlregiondecodereset+0x7f/0x180 cxlcore .. Cal...

DEBIAN-CVE-2023-52817

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix a null pointer access when the smcrreg pointer is NULL In certain types of chips, such as VEGA20, reading the amdgpuregssmc file could result in an abnormal null pointer access when the smcrreg pointer is NULL...

CVE-2023-52745

In the Linux kernel, the following vulnerability has been resolved: IB/IPoIB: Fix legacy IPoIB due to wrong number of queues The cited commit creates child PKEY interfaces over netlink will multiple tx and rx queues, but some devices doesn't support more than 1 tx and 1 rx queues. This causes to ...

CVE-2023-52738 drm/amdgpu/fence: Fix oops due to non-matching drm_sched init/fini

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/fence: Fix oops due to non-matching drmsched init/fini Currently amdgpu calls drmschedfini from the fence driver sw fini routine - such function is expected to be called only after the respective init function -...

CVE-2021-47384

In the Linux kernel, the following vulnerability has been resolved: hwmon: w83793 Fix NULL pointer dereference by removing unnecessary structure field If driver read tmp value sufficient for tmp & 0x08 && !tmp & 0x80 && tmp & 0x7 == tmp 4 & 0x7 from device then Null pointer dereference occurs. It...

CVE-2021-47337

In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix bad pointer dereference when ehandler kthread is invalid Commit 66a834d09293 "scsi: core: Fix error handling of scsihostalloc" changed the allocation logic to call putdevice to perform host cleanup with the...

CVE-2021-47418

In the Linux kernel, the following vulnerability has been resolved: netsched: fix NULL deref in fifosetlimit syzbot reported another NULL deref in fifosetlimit 1 I could repro the issue with : unshare -n tc qd add dev lo root handle 1:0 tbf limit 200000 burst 70000 rate 100Mbit tc qd replace dev ...

CVE-2021-47418 net_sched: fix NULL deref in fifo_set_limit()

In the Linux kernel, the following vulnerability has been resolved: netsched: fix NULL deref in fifosetlimit syzbot reported another NULL deref in fifosetlimit 1 I could repro the issue with : unshare -n tc qd add dev lo root handle 1:0 tbf limit 200000 burst 70000 rate 100Mbit tc qd replace dev ...

CVE-2021-47337

The CVE-2021-47337 issue is in the Linux kernel SCSI core path: when an error arises during scsi_host_alloc() and the error-handling ehandler thread fails to spawn, shost->ehandler may be set to ERR_PTR(-ENOMEM) and scsi_host_dev_release() would call kthread_stop() on a NULL/invalid pointer, r...

CVE-2022-48692 RDMA/srp: Set scmnd->result only when scmnd is not NULL

In the Linux kernel, the following vulnerability has been resolved: RDMA/srp: Set scmnd-result only when scmnd is not NULL This change fixes the following kernel NULL pointer dereference which is reproduced by blktests srp/007 occasionally. BUG: kernel NULL pointer dereference, address:...

CVE-2022-48692 RDMA/srp: Set scmnd->result only when scmnd is not NULL

In the Linux kernel, the following vulnerability has been resolved: RDMA/srp: Set scmnd-result only when scmnd is not NULL This change fixes the following kernel NULL pointer dereference which is reproduced by blktests srp/007 occasionally. BUG: kernel NULL pointer dereference, address:...

CVE-2024-27061

In the Linux kernel, the following vulnerability has been resolved: crypto: sun8i-ce - Fix use after free in unprepare sun8icecipherunprepare should be called before cryptofinalizeskcipherrequest, because client callbacks may immediately free memory, that isn't needed anymore. But it will be used...

CVE-2024-27061

In the Linux kernel, the following vulnerability has been resolved: crypto: sun8i-ce - Fix use after free in unprepare sun8icecipherunprepare should be called before cryptofinalizeskcipherrequest, because client callbacks may immediately free memory, that isn't needed anymore. But it will be used...

CVE-2024-27061 crypto: sun8i-ce - Fix use after free in unprepare

In the Linux kernel, the following vulnerability has been resolved: crypto: sun8i-ce - Fix use after free in unprepare sun8icecipherunprepare should be called before cryptofinalizeskcipherrequest, because client callbacks may immediately free memory, that isn't needed anymore. But it will be used...

CVE-2024-27061

CVE-2024-27061 affects the Linux kernel crypto sun8i-ce path (sun8i_ce_cipher_do_one) due to a use-after-free in unprepare. The root cause is use-after-free of memory when client callbacks may free memory before sun8i_ce_cipher_unprepare is called, leading to a potential pointer dereference and a...