72 matches found
CVE-2025-37813
In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Fix invalid pointer dereference in Etron workaround This check is performed before preparetransfer and preparering, so enqueue can already point at the final link TRB of a segment. And indeed it will, some 0.4% of time...
CVE-2023-53099
In the Linux kernel, the following vulnerability has been resolved: firmware: xilinx: don't make a sleepable memory allocation from an atomic context The following issue was discovered using lockdep: 6.691371 BUG: sleeping function called from invalid context at include/linux/sched/mm.h:209...
CVE-2023-53090
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix an illegal memory access In the kfdwaitonevents function, the kfdeventwaiter structure is allocated by alloceventwaiters, but the event field of the waiter structure is not initialized; When copyfromuser fails in...
CVE-2023-53065
In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix perfoutputbegin parameter is incorrectly invoked in perfeventbpfoutput syzkaller reportes a KASAN issue with stack-out-of-bounds. The call trace is as follows: dumpstack+0x9c/0xd3...
CVE-2023-53056
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Synchronize the IOCB count to be in order A system hang was observed with the following call trace: BUG: kernel NULL pointer dereference, address: 0000000000000000 PGD 0 P4D 0 Oops: 0000 1 PREEMPT SMP NOPTI CPU: 15...
CVE-2023-53037
In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Bad drive in topology results kernel crash When the SAS Transport Layer support is enabled and a device exposed to the OS by the driver fails INQUIRY commands, the driver frees up the memory allocated for an interna...
CVE-2025-39728
In the Linux kernel, the following vulnerability has been resolved: clk: samsung: Fix UBSAN panic in samsungclkinit With UBSANARRAYBOUNDS=y, I'm hitting the below panic due to dereferencing ctx-clkdata.hws before setting ctx-clkdata.num = nrclks. Move that up to fix the crash. UBSAN: array index...
CVE-2025-38479
In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-edma: free irq correctly in remove path Add fsledma-txirq/errirq check to avoid below warning because no errirq at i.MX9 platform. Otherwise there will be kernel dump: WARNING: CPU: 0 PID: 11 at...
CVE-2025-37860
In the Linux kernel, the following vulnerability has been resolved: sfc: fix NULL dereferences in ef100processdesignparam Since cited commit, ef100probemain and hence also ef100checkdesignparams run before efx-netdev is created; consequently, we cannot netifsettsomaxsize or segs at this point. Mo...
CVE-2025-22015
In the Linux kernel, the following vulnerability has been resolved: mm/migrate: fix shmem xarray update during migration A shmem folio can be either in page cache or in swap cache, but not at the same time. Namely, once it is in swap cache, folio-mapping should be NULL, and the folio is no longer...
CVE-2025-21762 arp: use RCU protection in arp_xmit()
In the Linux kernel, the following vulnerability has been resolved: arp: use RCU protection in arpxmit arpxmit can be called without RTNL or RCU protection. Use RCU protection to avoid potential UAF...
CVE-2024-57904
In the Linux kernel, the following vulnerability has been resolved: iio: adc: at91: call inputfreedevice on allocated iiodev Current implementation of at91tsregister calls inputfreedeivce on st-tsinput, however, the err label can be reached before the allocated iiodev is stored to st-tsinput. Thu...
CVE-2024-39282
In the Linux kernel, the following vulnerability has been resolved: net: wwan: t7xx: Fix FSM command timeout issue When driver processes the internal state change command, it use an asynchronous thread to process the command operation. If the main thread detects that the task has timed out, the...
CVE-2024-56766
In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: fix double free in atmelpmecccreateuser The "user" pointer was converted from being allocated with kzalloc to being allocated by devmkzalloc. Calling kfreeuser will lead to a double free...
CVE-2024-50090
In the Linux kernel, the following vulnerability has been resolved: drm/xe/oa: Fix overflow in oa batch buffer By default xebbcreatejob appends a MIBATCHBUFFEREND to batch buffer, this is not a problem if batch buffer is only used once but oa reuses the batch buffer for the same metric and at eac...
CVE-2022-49028 ixgbevf: Fix resource leak in ixgbevf_init_module()
In the Linux kernel, the following vulnerability has been resolved: ixgbevf: Fix resource leak in ixgbevfinitmodule ixgbevfinitmodule won't destroy the workqueue created by createsinglethreadworkqueue when pciregisterdriver failed. Add destroyworkqueue in fail path to prevent the resource leak...
CVE-2022-49002
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix PCI device refcount leak in dmardevscopeinit foreachpcidev is implemented by pcigetdevice. The comment of pcigetdevice says that it will increase the reference count for the returned pcidev and also decrease the...
CVE-2024-49952 netfilter: nf_tables: prevent nf_skb_duplicated corruption
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: prevent nfskbduplicated corruption syzbot found that nfdupipv4 or nfdupipv6 could write per-cpu variable nfskbduplicated in an unsafe way 1. Disabling preemption as hinted by the splat is not enough, we have ...
CVE-2024-49878
In the Linux kernel, the following vulnerability has been resolved: resource: fix regionintersects vs addmemorydrivermanaged On a system with CXL memory, the resource tree /proc/iomem related to CXL memory may look like something as follows. 490000000-50fffffff : CXL Window 0 490000000-50fffffff ...
CVE-2024-46852 dma-buf: heaps: Fix off-by-one in CMA heap fault handler
In the Linux kernel, the following vulnerability has been resolved: dma-buf: heaps: Fix off-by-one in CMA heap fault handler Until VMDONTEXPAND was added in commit 1c1914d6e8c6 "dma-buf: heaps: Don't track CMA dma-buf pages under RssFile" it was possible to obtain a mapping larger than the buffer...