CVE-2024-56708

In the Linux kernel, the following vulnerability has been resolved: EDAC/igen6: Avoid segmentation fault on module unload The segmentation fault happens because: During modprobe: 1. In igen6probe, igen6pvt will be allocated with kzalloc 2. In igen6registermci, mci-pvtinfo will point to...

CVE-2024-56708 EDAC/igen6: Avoid segmentation fault on module unload

In the Linux kernel, the following vulnerability has been resolved: EDAC/igen6: Avoid segmentation fault on module unload The segmentation fault happens because: During modprobe: 1. In igen6probe, igen6pvt will be allocated with kzalloc 2. In igen6registermci, mci-pvtinfo will point to...

CVE-2024-56546

In the Linux kernel, the following vulnerability has been resolved: drivers: soc: xilinx: add the missing kfree in xlnxaddcbforsuspend If we fail to allocate memory for cbdata by kmalloc, the memory allocation for evedata is never freed, add the missing kfree in the error handling path...

CVE-2024-56546

In the Linux kernel, the following vulnerability has been resolved: drivers: soc: xilinx: add the missing kfree in xlnxaddcbforsuspend If we fail to allocate memory for cbdata by kmalloc, the memory allocation for evedata is never freed, add the missing kfree in the error handling path...

CVE-2024-56546 drivers: soc: xilinx: add the missing kfree in xlnx_add_cb_for_suspend()

In the Linux kernel, the following vulnerability has been resolved: drivers: soc: xilinx: add the missing kfree in xlnxaddcbforsuspend If we fail to allocate memory for cbdata by kmalloc, the memory allocation for evedata is never freed, add the missing kfree in the error handling path...

DEBIAN-CVE-2024-53117

In the Linux kernel, the following vulnerability has been resolved: virtio/vsock: Improve MSGZEROCOPY error handling Add a missing kfreeskb to prevent memory leaks...

DEBIAN-CVE-2024-50212

In the Linux kernel, the following vulnerability has been resolved: lib: alloctagmoduleunload must wait for pending kfreercu calls Ben Greear reports following splat: ------------ cut here ------------ net/netfilter/nfnatcore.c:1114 module nfnat func:nfnatregisterfn has 256 allocated at module...

CVE-2024-50257 netfilter: Fix use-after-free in get_info()

In the Linux kernel, the following vulnerability has been resolved: netfilter: Fix use-after-free in getinfo ip6tablenat module unload has refcnt warning for UAF. call trace is: WARNING: CPU: 1 PID: 379 at kernel/module/main.c:853 moduleput+0x6f/0x80 Modules linked in: ip6tablenat- CPU: 1 UID: 0...

CVE-2024-50215 nvmet-auth: assign dh_key to NULL after kfree_sensitive

In the Linux kernel, the following vulnerability has been resolved: nvmet-auth: assign dhkey to NULL after kfreesensitive ctrl-dhkey might be used across multiple calls to nvmetsetupdhgroup for the same controller. So it's better to nullify it after release on error path in order to avoid double...

CVE-2024-50073

In the Linux kernel, the following vulnerability has been resolved: tty: ngsm: Fix use-after-free in gsmcleanupmux BUG: KASAN: slab-use-after-free in gsmcleanupmux+0x77b/0x7b0 drivers/tty/ngsm.c:3160 ngsm Read of size 8 at addr ffff88815fe99c00 by task poc/3379 CPU: 0 UID: 0 PID: 3379 Comm: poc N...

SUSE CVE-2022-48958

In the Linux kernel, the following vulnerability has been resolved: ethernet: aeroflex: fix potential skb leak in grethinitrings The grethinitrings function won't free the newly allocated skb when dmamappingerror returns error, so add devkfreeskb to fix it. Compile tested only...

CVE-2022-48975

CVE-2022-48975 concerns a memory leak in Linux kernel GPIO handling. The backtrace shows the leak occurs during gpiochip_setup_dev() when registering GPIO devices, with resources allocated in device_private_init() not released on error paths. The fix moves the release logic to use put_device() to...

CVE-2024-49981

In the Linux kernel, the following vulnerability has been resolved: media: venus: fix use after free bug in venusremove due to race condition in venusprobe, core-work is bound with venussyserrorhandler, which is used to handle error. The code use core-syserrdone to make sync work. The core-work i...

CVE-2024-47691 f2fs: fix to avoid use-after-free in f2fs_stop_gc_thread()

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid use-after-free in f2fsstopgcthread syzbot reports a f2fs bug as below: dumpstack lib/dumpstack.c:88 inline dumpstacklvl+0x241/0x360 lib/dumpstack.c:114 printreport+0xe8/0x550 mm/kasan/report.c:491...

CVE-2024-47691 f2fs: fix to avoid use-after-free in f2fs_stop_gc_thread()

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid use-after-free in f2fsstopgcthread syzbot reports a f2fs bug as below: dumpstack lib/dumpstack.c:88 inline dumpstacklvl+0x241/0x360 lib/dumpstack.c:114 printreport+0xe8/0x550 mm/kasan/report.c:491...

CVE-2022-48914

In the Linux kernel, the following vulnerability has been resolved: xen/netfront: destroy queues before realnumtxqueues is zeroed xennetdestroyqueues relies on info-netdev-realnumtxqueues to delete queues. Since d7dac083414eb5bb99a6d2ed53dc2c1b405224e5 "net-sysfs: update the queue counts in the...

CVE-2022-48914

In the Linux kernel, the following vulnerability has been resolved: xen/netfront: destroy queues before realnumtxqueues is zeroed xennetdestroyqueues relies on info-netdev-realnumtxqueues to delete queues. Since d7dac083414eb5bb99a6d2ed53dc2c1b405224e5 "net-sysfs: update the queue counts in the...

UBUNTU-CVE-2022-48924

In the Linux kernel, the following vulnerability has been resolved: thermal: int340x: fix memory leak in int3400notify It is easy to hit the below memory leaks in my TigerLake platform: unreferenced object 0xffff927c8b91dbc0 size 32: comm "kworker/0:2", pid 112, jiffies 4294893323 age 83.604s hex...

CVE-2022-48924

CVE-2022-48924 relates to the Linux kernel, describing a memory-leak in the int340x thermal driver during int3400_notify() on Tiger Lake, leading to unreferenced objects and potential memory pressure. The provided documents consistently show the root cause as a leak in the int3400_notify path and...

CVE-2022-48924 thermal: int340x: fix memory leak in int3400_notify()

In the Linux kernel, the following vulnerability has been resolved: thermal: int340x: fix memory leak in int3400notify It is easy to hit the below memory leaks in my TigerLake platform: unreferenced object 0xffff927c8b91dbc0 size 32: comm "kworker/0:2", pid 112, jiffies 4294893323 age 83.604s hex...