238 matches found
CVE-2023-53041
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Perform lockless command completion in abort path While adding and removing the controller, the following call trace was observed: WARNING: CPU: 3 PID: 623596 at kernel/dma/mapping.c:532 dmafreeattrs+0x33/0x50 CPU:...
CVE-2022-49932
In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Do all initialization before exposing /dev/kvm to userspace Call kvminit only after all setup is complete, as kvminit exposes /dev/kvm to userspace and thus allows userspace to create VMs and call other ioctls. E.g. KVM...
CVE-2025-37761
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix an out-of-bounds shift when invalidating TLB When the size of the range invalidated is larger than rounddownpowoftwoULONGMAX, The function macro rounduppowoftwolength will hit an out-of-bounds shift 1. Use a full TLB...
CVE-2022-49886
CVE-2022-49886 affects the Linux kernel (x86/tdx) where bad configurations can cause a panic if a #VE is delivered on private memory access. The fix/policy requires ATTR_SEPT_VE_DISABLE to be set during early boot; if it is unset, the kernel panics. There is no public exploit detail provided in t...
CVE-2022-49813
In the Linux kernel, the following vulnerability has been resolved: net: ena: Fix error handling in enainit The enainit won't destroy workqueue created by createsinglethreadworkqueue when pciregisterdriver failed. Call destroyworkqueue when pciregisterdriver failed to prevent the resource leak...
CVE-2022-49782 perf: Improve missing SIGTRAP checking
In the Linux kernel, the following vulnerability has been resolved: perf: Improve missing SIGTRAP checking To catch missing SIGTRAP we employ a WARN in perfeventoverflow, which fires if pendingsigtrap was already set: returning to user space without consuming pendingsigtrap, and then having the...
CVE-2022-49767 9p/trans_fd: always use O_NONBLOCK read/write
In the Linux kernel, the following vulnerability has been resolved: 9p/transfd: always use ONONBLOCK read/write syzbot is reporting hung task at p9fdclose 1, for p9muxpollstop from p9conndestroy from p9fdclose is failing to interrupt already started kernelread from p9fdread from p9readwork and/or...
CVE-2025-23151
CVE-2025-23151 concerns a race in the Linux kernel’s bus: mhi: host path. A client driver quiesces via mhi_unprepare_from_transfer() while data may still be processed, potentially causing a call to mhi_queue_buf() that triggers mhi_gen_tre(). If mhi_gen_tre() runs after the channel teardown, an i...
CVE-2025-39735
In the Linux kernel, the following vulnerability has been resolved: jfs: fix slab-out-of-bounds read in eaget During the "sizecheck" label in eaget, the code checks if the extended attribute list xattr size matches easize. If not, it logs "eaget: invalid extended attribute" and calls printhexdump...
CVE-2025-38637
In the Linux kernel, the following vulnerability has been resolved: netsched: skbprio: Remove overly strict queue assertions In the current implementation, skbprio enqueue/dequeue contains an assertion that fails under certain conditions when SKBPRIO is used as a child qdisc under TBF with specif...
CVE-2025-38240
In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: dp: drmerr = deverr in HPD path to avoid NULL ptr The function mtkdpwaithpdasserted may be called before the mtkdp-drmdev pointer is assigned in mtkdpbridgeattach. Specifically it can be called via this callpath: -...
CVE-2021-47669
In the Linux kernel, the following vulnerability has been resolved: can: vxcan: vxcanxmit: fix use after free bug After calling netifrxniskb, dereferencing skb is unsafe. Especially, the canfdframe cfd which aliases skb memory is accessed after the netifrxni...
CVE-2025-23134
In the Linux kernel, the following vulnerability has been resolved: ALSA: timer: Don't take registermutex with copyfrom/touser The infamous mmaplock taken in copyfrom/touser can be often problematic when it's called inside another mutex, as they might lead to deadlocks. In the case of ALSA timer...
CVE-2025-22069
In the Linux kernel, the following vulnerability has been resolved: riscv: fgraph: Fix stack layout to match archftraceregs argument of ftracereturntohandler Naresh Kamboju reported a "Bad frame pointer" kernel warning while running LTP trace ftracestresstest.sh in riscv. We can reproduce the sam...
CVE-2025-22063
In the Linux kernel, the following vulnerability has been resolved: netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets When calling netlblconnsetattr, addr-safamily is used to determine the function behavior. If sk is an IPv4 socket, but the connect function is called with an...
CVE-2025-22056
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfttunnel: fix geneveopt type confusion addition When handling multiple NFTATUNNELKEYOPTSGENEVE attributes, the parsing logic should place every geneveopt structure one by one compactly. Hence, when deciding the next...
CVE-2025-22046
In the Linux kernel, the following vulnerability has been resolved: uprobes/x86: Harden uretprobe syscall trampoline check Jann reported a possible issue when trampolinecheckip returns address near the bottom of the address space that is allowed to call into the syscall if uretprobes are not set...
CVE-2025-22033
In the Linux kernel, the following vulnerability has been resolved: arm64: Don't call NULL in docompatalignmentfixup doalignmentt32tohandler only fixes up alignment faults for specific instructions; it returns NULL otherwise e.g. LDREX. When that's the case, signal to the caller that it needs to...
CVE-2025-22111 net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF.
In the Linux kernel, the following vulnerability has been resolved: net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF. SIOCBRDELIF is passed to devioctl first and later forwarded to brioctlcall, which causes unnecessary RTNL dance and the splat below 0 under RTNL pressure. Let's say Thread A...
CVE-2025-22045 x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs
In the Linux kernel, the following vulnerability has been resolved: x86/mm: Fix flushtlbrange when used for zapping normal PMDs On the following path, flushtlbrange can be used for zapping normal PMD entries PMD entries that point to page tables together with the PTE entries in the pointed-to pag...