4828 matches found
UBUNTU-CVE-2024-50045
In the Linux kernel, the following vulnerability has been resolved: netfilter: brnetfilter: fix panic with metadatadst skb Fix a kernel panic in the brnetfilter module when sending untagged traffic via a VxLAN device. This happens during the check for fragmentation in brnfdevqueuexmit. It is...
CVE-2022-49007 nilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry()
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix NULL pointer dereference in nilfspalloccommitfreeentry Syzbot reported a null-ptr-deref bug: NILFS loop0: segctord starting. Construction interval = 5 seconds, CP frequency 3c 02 00 0f 85 26 05 00 00 49 8b 46 10 be a6...
CVE-2022-49004 riscv: Sync efi page table's kernel mappings before switching
In the Linux kernel, the following vulnerability has been resolved: riscv: Sync efi page table's kernel mappings before switching The EFI page table is initially created as a copy of the kernel page table. With VMAPSTACK enabled, kernel stacks are allocated in the vmalloc area: if the stack is...
CVE-2022-49004 riscv: Sync efi page table's kernel mappings before switching
In the Linux kernel, the following vulnerability has been resolved: riscv: Sync efi page table's kernel mappings before switching The EFI page table is initially created as a copy of the kernel page table. With VMAPSTACK enabled, kernel stacks are allocated in the vmalloc area: if the stack is...
CVE-2022-49004 riscv: Sync efi page table's kernel mappings before switching
In the Linux kernel, the following vulnerability has been resolved: riscv: Sync efi page table's kernel mappings before switching The EFI page table is initially created as a copy of the kernel page table. With VMAPSTACK enabled, kernel stacks are allocated in the vmalloc area: if the stack is...
CVE-2022-48994 ALSA: seq: Fix function prototype mismatch in snd_seq_expand_var_event
In the Linux kernel, the following vulnerability has been resolved: ALSA: seq: Fix function prototype mismatch in sndseqexpandvarevent With clang's kernel control flow integrity kCFI, CONFIGCFICLANG, indirect call targets are validated against the expected function pointer prototype to make sure...
CVE-2022-48986 mm/gup: fix gup_pud_range() for dax
In the Linux kernel, the following vulnerability has been resolved: mm/gup: fix guppudrange for dax For dax pud, pudhuge returns true on x86. So the function works as long as hugetlb is configured. However, dax doesn't depend on hugetlb. Commit 414fd080d125 "mm/gup: fix guppmdrange for dax" fixed...
CVE-2022-48986
CVE-2022-48986 targets the Linux kernel memory management path for dax. The issue arises because pud_huge() returns true on x86 for dax puds, allowing the gup_pud_range path to behave unexpectedly when hugetlb is not in use, which can trigger a general protection fault and kernel panic in get_use...
CVE-2022-48986 mm/gup: fix gup_pud_range() for dax
In the Linux kernel, the following vulnerability has been resolved: mm/gup: fix guppudrange for dax For dax pud, pudhuge returns true on x86. So the function works as long as hugetlb is configured. However, dax doesn't depend on hugetlb. Commit 414fd080d125 "mm/gup: fix guppmdrange for dax" fixed...
CVE-2022-48986 mm/gup: fix gup_pud_range() for dax
In the Linux kernel, the following vulnerability has been resolved: mm/gup: fix guppudrange for dax For dax pud, pudhuge returns true on x86. So the function works as long as hugetlb is configured. However, dax doesn't depend on hugetlb. Commit 414fd080d125 "mm/gup: fix guppmdrange for dax" fixed...
CVE-2022-48982
CVE-2022-48982 affects the Linux kernel Bluetooth subsystem, specifically CSR fake controllers. The issue arises when a CSR 5.0 clone causes the suspend notifier to be registered twice, which can lead to a kernel panic during Bluetooth device probing (btusb/hci stack). The connected advisories an...
CVE-2022-48982 Bluetooth: Fix crash when replugging CSR fake controllers
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix crash when replugging CSR fake controllers It seems fake CSR 5.0 clones can cause the suspend notifier to be registered twice causing the following kernel panic: 71.986122 Call Trace: 71.986124 71.986125...
CVE-2024-50048 fbcon: Fix a NULL pointer dereference issue in fbcon_putcs
In the Linux kernel, the following vulnerability has been resolved: fbcon: Fix a NULL pointer dereference issue in fbconputcs syzbot has found a NULL pointer dereference bug in fbcon. Here is the simplified C reproducer: struct param uint8t type; struct tioclselection ts; ; int main struct...
CVE-2024-50048 fbcon: Fix a NULL pointer dereference issue in fbcon_putcs
In the Linux kernel, the following vulnerability has been resolved: fbcon: Fix a NULL pointer dereference issue in fbconputcs syzbot has found a NULL pointer dereference bug in fbcon. Here is the simplified C reproducer: struct param uint8t type; struct tioclselection ts; ; int main struct...
CVE-2024-50048
CVE-2024-50048 (Linux kernel fbcon NULL pointer dereference) : A NULL pointer dereference in fbcon_putcs was triggered after using fbcon via FBIOPUT_CON2FBMAP and TIOCLINUX, due to an uninitialized ops->putcs path. Reproducer shows set_con2fb_map -> con2fb_init_display -> fbcon_set_disp ...
CVE-2024-50048 fbcon: Fix a NULL pointer dereference issue in fbcon_putcs
In the Linux kernel, the following vulnerability has been resolved: fbcon: Fix a NULL pointer dereference issue in fbconputcs syzbot has found a NULL pointer dereference bug in fbcon. Here is the simplified C reproducer: struct param uint8t type; struct tioclselection ts; ; int main struct...
CVE-2024-50045
The CVE-2024-50045 entry concerns a Linux kernel vulnerability in br_netfilter that can panic (crash) when forwarding untagged frames via a VxLAN bridge port, due to an invalid skb_dst handling during fragmentation checks. The root cause is a metadata_dst tunnel destination being treated as valid...
CVE-2024-50045 netfilter: br_netfilter: fix panic with metadata_dst skb
In the Linux kernel, the following vulnerability has been resolved: netfilter: brnetfilter: fix panic with metadatadst skb Fix a kernel panic in the brnetfilter module when sending untagged traffic via a VxLAN device. This happens during the check for fragmentation in brnfdevqueuexmit. It is...
CVE-2024-50031
CVE-2024-50031 affects the Linux kernel DRM V3D component (Raspberry Pi) where closing the kmscube fd does not stop the active perfmon, leaving v3d->active_perfmon as a stale pointer. This can lead to a kernel panic (Oops) when a new kmscube runs and attempts to stop the perfmon. The root caus...
CVE-2024-50031 drm/v3d: Stop the active perfmon before being destroyed
In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Stop the active perfmon before being destroyed When running kmscube with one or more performance monitors enabled via GALLIUMHUD, the following kernel panic can occur: 55.008324 Unable to handle kernel paging request at...