4814 matches found
CVE-2022-50768 scsi: smartpqi: Correct device removal for multi-actuator devices
In the Linux kernel, the following vulnerability has been resolved: scsi: smartpqi: Correct device removal for multi-actuator devices Correct device count for multi-actuator drives which can cause kernel panics...
CVE-2022-50741
CVE-2022-50741 affects the Linux kernel’s imx-jpeg driver. The root cause is a hardware bug where the STMBUF_HALF interrupt (and STMBUF_RTND) can trigger after/while disabling interrupts, risking an unexpected kernel panic. Mitigation implemented: disable STMBUF_HALF/STMBUF_RTND and the unused in...
CVE-2022-50741 media: imx-jpeg: Disable useless interrupt to avoid kernel panic
In the Linux kernel, the following vulnerability has been resolved: media: imx-jpeg: Disable useless interrupt to avoid kernel panic There is a hardware bug that the interrupt STMBUFHALF may be triggered after or when disable interrupt. It may led to unexpected kernel panic. And interrupt...
CVE-2022-50741 media: imx-jpeg: Disable useless interrupt to avoid kernel panic
In the Linux kernel, the following vulnerability has been resolved: media: imx-jpeg: Disable useless interrupt to avoid kernel panic There is a hardware bug that the interrupt STMBUFHALF may be triggered after or when disable interrupt. It may led to unexpected kernel panic. And interrupt...
CVE-2023-54048 RDMA/bnxt_re: Prevent handling any completions after qp destroy
In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxtre: Prevent handling any completions after qp destroy HW may generate completions that indicates QP is destroyed. Driver should not be scheduling any more completion handlers for this QP, after the QP is destroyed. Since...
CVE-2022-50721 dmaengine: qcom-adm: fix wrong calling convention for prep_slave_sg
In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom-adm: fix wrong calling convention for prepslavesg The calling convention for preslavesg is to return NULL on error and provide an error log to the system. Qcom-adm instead provide error pointer when an error occur...
CVE-2022-50721
CVE-2022-50721 affects the Linux kernel via the dmaengine: qcom-adm module. The vulnerability stems from the function prep_slave_sg returning an error pointer on error instead of NULL, while consumers (e.g., nandc) expect NULL to indicate failure. This mismatch can lead to a kernel panic later in...
CVE-2022-50721 dmaengine: qcom-adm: fix wrong calling convention for prep_slave_sg
In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom-adm: fix wrong calling convention for prepslavesg The calling convention for preslavesg is to return NULL on error and provide an error log to the system. Qcom-adm instead provide error pointer when an error occur...
CVE-2025-68362
In the Linux kernel, the following vulnerability has been resolved: wifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187rxcb The rtl8187rxcb calculates the rx descriptor header address by subtracting its size from the skb tail pointer. However, it does not validate if the received...
CVE-2023-53986
In the Linux kernel, the following vulnerability has been resolved: mips: bmips: BCM6358: disable RAC flush for TP1 RAC flush causes kernel panics on BCM6358 with EHCI/OHCI when booting from TP1: 3.881739 usb 1-1: new high-speed USB device number 2 using ehci-platform 3.895011 Reserved instructio...
CVE-2023-54023
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race between balance and cancel/pause Syzbot reported a panic that looks like this: assertion failed: fsinfo-exclusiveoperation == BTRFSEXCLOPBALANCEPAUSED, in fs/btrfs/ioctl.c:465 ------------ cut here ------------...
UBUNTU-CVE-2025-68362
In the Linux kernel, the following vulnerability has been resolved: wifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187rxcb The rtl8187rxcb calculates the rx descriptor header address by subtracting its size from the skb tail pointer. However, it does not validate if the received...
CVE-2022-50700
In the Linux kernel, the following vulnerability has been resolved: wifi: ath10k: Delay the unmapping of the buffer On WCN3990, we are seeing a rare scenario where copy engine hardware is sending a copy complete interrupt to the host driver while still processing the buffer that the driver has...
UBUNTU-CVE-2022-50700
In the Linux kernel, the following vulnerability has been resolved: wifi: ath10k: Delay the unmapping of the buffer On WCN3990, we are seeing a rare scenario where copy engine hardware is sending a copy complete interrupt to the host driver while still processing the buffer that the driver has...
CVE-2023-53988
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix slab-out-of-bounds read in hdrdeletede Here is a BUG report from syzbot: BUG: KASAN: slab-out-of-bounds in hdrdeletede+0xe0/0x150 fs/ntfs3/index.c:806 Read of size 16842960 at addr ffff888079cc0600 by task...
CVE-2023-54023
The CVE-2023-54023 entry concerns a Linux kernel bug in Btrfs where a race between balance and cancel/pause could trigger a kernel panic. The provided docs describe a fix that ensures proper cleanup of balance state when balance completes, even if a pause/cancel was requested, preventing the ASSE...
CVE-2023-54023 btrfs: fix race between balance and cancel/pause
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race between balance and cancel/pause Syzbot reported a panic that looks like this: assertion failed: fsinfo-exclusiveoperation == BTRFSEXCLOPBALANCEPAUSED, in fs/btrfs/ioctl.c:465 ------------ cut here ------------...
CVE-2023-53988 fs/ntfs3: Fix slab-out-of-bounds read in hdr_delete_de()
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix slab-out-of-bounds read in hdrdeletede Here is a BUG report from syzbot: BUG: KASAN: slab-out-of-bounds in hdrdeletede+0xe0/0x150 fs/ntfs3/index.c:806 Read of size 16842960 at addr ffff888079cc0600 by task...
CVE-2023-53986 mips: bmips: BCM6358: disable RAC flush for TP1
In the Linux kernel, the following vulnerability has been resolved: mips: bmips: BCM6358: disable RAC flush for TP1 RAC flush causes kernel panics on BCM6358 with EHCI/OHCI when booting from TP1: 3.881739 usb 1-1: new high-speed USB device number 2 using ehci-platform 3.895011 Reserved instructio...
CVE-2022-50704 USB: gadget: Fix use-after-free during usb config switch
In the Linux kernel, the following vulnerability has been resolved: USB: gadget: Fix use-after-free during usb config switch In the process of switching USB config from rndis to other config, if the hardware does not support the -pullup callback, or the hardware encounters a low probability fault...