77 matches found
CVE-2024-49952 netfilter: nf_tables: prevent nf_skb_duplicated corruption
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: prevent nfskbduplicated corruption syzbot found that nfdupipv4 or nfdupipv6 could write per-cpu variable nfskbduplicated in an unsafe way 1. Disabling preemption as hinted by the splat is not enough, we have ...
CVE-2024-49878
In the Linux kernel, the following vulnerability has been resolved: resource: fix regionintersects vs addmemorydrivermanaged On a system with CXL memory, the resource tree /proc/iomem related to CXL memory may look like something as follows. 490000000-50fffffff : CXL Window 0 490000000-50fffffff ...
CVE-2024-46852 dma-buf: heaps: Fix off-by-one in CMA heap fault handler
In the Linux kernel, the following vulnerability has been resolved: dma-buf: heaps: Fix off-by-one in CMA heap fault handler Until VMDONTEXPAND was added in commit 1c1914d6e8c6 "dma-buf: heaps: Don't track CMA dma-buf pages under RssFile" it was possible to obtain a mapping larger than the buffer...
CVE-2024-46701 libfs: fix infinite directory reads for offset dir
In the Linux kernel, the following vulnerability has been resolved: libfs: fix infinite directory reads for offset dir After we switch tmpfs dir operations from simplediroperations to simpleoffsetdiroperations, every rename happened will fill new dentry to dest dir's maple...
CVE-2024-46682 nfsd: prevent panic for nfsv4.0 closed files in nfs4_show_open
In the Linux kernel, the following vulnerability has been resolved: nfsd: prevent panic for nfsv4.0 closed files in nfs4showopen Prior to commit 3f29cc82a84c "nfsd: split scstatus out of sctype" statesshow relied on sctype field to be of valid type before calling into a subfunction to show conten...
CVE-2024-44943
In the Linux kernel, the following vulnerability has been resolved: mm: gup: stop abusing trygrabfolio A kernel warning was reported when pinning folio in CMA memory when launching SEV virtual machine. The splat looks like: 464.325306 WARNING: CPU: 13 PID: 6734 at mm/gup.c:1313...
CVE-2024-43908
The CVE-2024-43908 issue is confirmed in the Linux kernel’s DRM/AMDGPU code: a null pointer dereference in ras_manager that can arise when ras_manager is consulted. The published fix is to check ras_manager before using it, preventing dereference of a null pointer. The connected Nessus advisories...
CVE-2022-48912 netfilter: fix use-after-free in __nf_register_net_hook()
In the Linux kernel, the following vulnerability has been resolved: netfilter: fix use-after-free in nfregisternethook We must not dereference @newhooks after nfhookmutex has been released, because other threads might have freed our allocated hooks already. BUG: KASAN: use-after-free in...
CVE-2022-48888
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Fix memory leak in msmmdssparsedatabusiccpath oficcget alloc resources for path1, we should release it when not need anymore. Early return when ISERRORNULLpath0 may leak path1. Defer getting path1 to fix this...
CVE-2023-52904 ALSA: usb-audio: Fix possible NULL pointer dereference in snd_usb_pcm_has_fixed_rate()
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix possible NULL pointer dereference in sndusbpcmhasfixedrate The subs function argument may be NULL, so do not use it before the NULL check...
CVE-2024-42294
In the Linux kernel, the following vulnerability has been resolved: block: fix deadlock between sdremove & sdrelease Our test report the following hung task: 2538.459400 INFO: task "kworker/0:0":7 blocked for more than 188 seconds. 2538.459427 Call trace: 2538.459430 switchto+0x174/0x338...
CVE-2024-42269 netfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init().
In the Linux kernel, the following vulnerability has been resolved: netfilter: iptables: Fix potential null-ptr-deref in ip6tablenattableinit. ip6tablenattableinit accesses net-gen-ptrip6tablenatnetops.id, but the function is exposed to user space before the entry is allocated via...
CVE-2024-42269 netfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init().
In the Linux kernel, the following vulnerability has been resolved: netfilter: iptables: Fix potential null-ptr-deref in ip6tablenattableinit. ip6tablenattableinit accesses net-gen-ptrip6tablenatnetops.id, but the function is exposed to user space before the entry is allocated via...
CVE-2024-40987 drm/amdgpu: fix UBSAN warning in kv_dpm.c
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix UBSAN warning in kvdpm.c Adds bounds check for sumovidmappingentry...
CVE-2024-39491
In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: cs35l56: Fix lifetime of csdsp instance The csdsp instance is initialized in the driver probe so it should be freed in the driver remove. Also fix a missing call to csdspremove in the error path of cs35l56hdacommonprob...
CVE-2022-48772 media: lgdt3306a: Add a check against null-pointer-def
In the Linux kernel, the following vulnerability has been resolved: media: lgdt3306a: Add a check against null-pointer-def The driver should check whether the client provides the platformdata. The following log reveals it: 29.610324 BUG: KASAN: null-ptr-deref in kmemdup+0x30/0x40 29.610730 Read o...
CVE-2024-38559
In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Ensure the copied buf is NUL terminated Currently, we allocate a count-sized kernel buffer and copy count from userspace to that buffer. Later, we use kstrtouint on this buffer but we don't ensure that the string is...
CVE-2021-47590
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix deadlock in mptcppushpending mptcppushpending may call mptcpflushjoinlist with subflow socket lock held. If such call hits mptcpsockoptsyncall then subsequently mptcpsockoptsync could try to lock the subflow socket for...
CVE-2024-38588 ftrace: Fix possible use-after-free issue in ftrace_location()
In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix possible use-after-free issue in ftracelocation KASAN reports a bug: BUG: KASAN: use-after-free in ftracelocation+0x90/0x120 Read of size 8 at addr ffff888141d40010 by task insmod/424 CPU: 8 PID: 424 Comm: insmod...
CVE-2024-36903
In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix potential uninit-value access in ip6makeskb As it was done in commit fc1092f51567 "ipv4: Fix uninit-value access in ipmakeskb" for IPv4, check FLOWIFLAGKNOWNNH on fl6-flowi6flags instead of testing HDRINCL on the socket...