4826 matches found
CVE-2022-50159
CVE-2022-50159 concerns the Linux kernel: the function that restores ima-kexec-buffer may read outside the addressable RAM if the previous kernel’s buffer lies beyond the new kernel’s memory map, risking kernel panic when booting with mem=X. A fix was implemented to validate the returned PFN rang...
CVE-2022-50159 of: check previous kernel's ima-kexec-buffer against memory bounds
In the Linux kernel, the following vulnerability has been resolved: of: check previous kernel's ima-kexec-buffer against memory bounds Presently imagetkexecbuffer doesn't check if the previous kernel's ima-kexec-buffer lies outside the addressable memory range. This can result in a kernel panic i...
CVE-2022-50159 of: check previous kernel's ima-kexec-buffer against memory bounds
In the Linux kernel, the following vulnerability has been resolved: of: check previous kernel's ima-kexec-buffer against memory bounds Presently imagetkexecbuffer doesn't check if the previous kernel's ima-kexec-buffer lies outside the addressable memory range. This can result in a kernel panic i...
CVE-2022-50096 x86/kprobes: Update kcb status flag after singlestepping
In the Linux kernel, the following vulnerability has been resolved: x86/kprobes: Update kcb status flag after singlestepping Fix kprobes to update kcb kprobes control block status flag to KPROBEHITSSDONE even if the kp-posthandler is not set. This bug may cause a kernel panic if another INT3 user...
CVE-2022-50096 x86/kprobes: Update kcb status flag after singlestepping
In the Linux kernel, the following vulnerability has been resolved: x86/kprobes: Update kcb status flag after singlestepping Fix kprobes to update kcb kprobes control block status flag to KPROBEHITSSDONE even if the kp-posthandler is not set. This bug may cause a kernel panic if another INT3 user...
CVE-2022-50096
CVE-2022-50096 – Linux kernel (x86/kprobes) : The issue arises from kprobes not correctly updating the kcb status flag after single-stepping, which could cause a kernel panic if another INT3 user runs immediately after due to misinterpretation of INT3 as kprobe single-stepping. The connected docu...
CVE-2022-50062
The CVE-2022-50062 issue concerns the Linux kernel net: bgmac path. A bug triggered by wrong bytes_compl can cause a kernel BUG_ON inside bgmac_dma_tx_free() when called from bgmac_poll(), due to a race between setting ring->end and netdev_sent_queue() and an RX interrupt. Reported on an ARM 4...
CVE-2022-50058 vdpa_sim_blk: set number of address spaces and virtqueue groups
In the Linux kernel, the following vulnerability has been resolved: vdpasimblk: set number of address spaces and virtqueue groups Commit bda324fd037a "vdpasim: control virtqueue support" added two new fields nas, ngroups to vdpasimdevattr, but we forgot to initialize them for vdpasimblk. When...
CVE-2022-50044
CVE-2022-50044 stems from a race in the Linux kernel’s net: qrtr MHI channel handling. After enabling, an MHI event/interrupt can occur either before dev_set_drvdata is completed (causing qrtr-ns to fail service enumeration) or after dev_set_drvdata but before qrtr_endpoint_register (potential ke...
CVE-2022-49960 drm/i915: fix null pointer dereference
In the Linux kernel, the following vulnerability has been resolved: drm/i915: fix null pointer dereference Asus chromebook CX550 crashes during boot on v5.17-rc1 kernel. The root cause is null pointer defeference of binext in tglgetbwinfo in drivers/gpu/drm/i915/display/intelbw.c. BUG: kernel NUL...
CVE-2025-38033
In the Linux kernel, the following vulnerability has been resolved: x86/Kconfig: make CFIAUTODEFAULT depend on !RUST or Rust = 1.88 Calling core::fmt::write from rust code while FineIBT is enabled results in a kernel panic: 4614.199779 kernel BUG at arch/x86/kernel/cet.c:132! 4614.205343 Oops:...
DEBIAN-CVE-2025-38018
In the Linux kernel, the following vulnerability has been resolved: net/tls: fix kernel panic when allocpage failed We cannot set fraglist to NULL pointer when allocpage failed. It will be used in tlsstrpcheckqueueok when the next time tlsstrpreadsock is called. This is because we don't reset...
CVE-2025-38018
In the Linux kernel, the following vulnerability has been resolved: net/tls: fix kernel panic when allocpage failed We cannot set fraglist to NULL pointer when allocpage failed. It will be used in tlsstrpcheckqueueok when the next time tlsstrpreadsock is called. This is because we don't reset...
UBUNTU-CVE-2025-38018
In the Linux kernel, the following vulnerability has been resolved: net/tls: fix kernel panic when allocpage failed We cannot set fraglist to NULL pointer when allocpage failed. It will be used in tlsstrpcheckqueueok when the next time tlsstrpreadsock is called. This is because we don't reset...
CVE-2025-38033 x86/Kconfig: make CFI_AUTO_DEFAULT depend on !RUST or Rust >= 1.88
In the Linux kernel, the following vulnerability has been resolved: x86/Kconfig: make CFIAUTODEFAULT depend on !RUST or Rust = 1.88 Calling core::fmt::write from rust code while FineIBT is enabled results in a kernel panic: 4614.199779 kernel BUG at arch/x86/kernel/cet.c:132! 4614.205343 Oops:...
CVE-2025-38033
CVE-2025-38033 affects the Linux kernel (x86) where FineIBT and Rust integration triggers a kernel panic when core::fmt::write() is invoked from Rust with FineIBT enabled. Root cause is that core::fmt::rt::Argument::fmt() has CFI-disabled code (no_sanitize(cfi, kcfi)), causing a Control Protectio...
CVE-2025-38033 x86/Kconfig: make CFI_AUTO_DEFAULT depend on !RUST or Rust >= 1.88
In the Linux kernel, the following vulnerability has been resolved: x86/Kconfig: make CFIAUTODEFAULT depend on !RUST or Rust = 1.88 Calling core::fmt::write from rust code while FineIBT is enabled results in a kernel panic: 4614.199779 kernel BUG at arch/x86/kernel/cet.c:132! 4614.205343 Oops:...
CVE-2025-38018
In the Linux kernel, the following vulnerability has been resolved: net/tls: fix kernel panic when allocpage failed We cannot set fraglist to NULL pointer when allocpage failed. It will be used in tlsstrpcheckqueueok when the next time tlsstrpreadsock is called. This is because we don't reset...
CVE-2025-38018 net/tls: fix kernel panic when alloc_page failed
In the Linux kernel, the following vulnerability has been resolved: net/tls: fix kernel panic when allocpage failed We cannot set fraglist to NULL pointer when allocpage failed. It will be used in tlsstrpcheckqueueok when the next time tlsstrpreadsock is called. This is because we don't reset...
CVE-2025-38018
CVE-2025-38018 affects the Linux kernel TLS stack. The vulnerability triggers a kernel NULL pointer dereference and panic when alloc_page fails in the TLS receive path, because frag_list handling (and full_len) isn’t reset, leading to use of a detached rcvq. The issue was fixed in the kernel; Ubu...