73 matches found
CVE-2021-47268
In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: cancel vdm and state machine hrtimer when unregister tcpm port A pending hrtimer may expire after the kthreadworker of tcpm port is destroyed, see below kernel dump when do module unload, fix it by cancel the 2...
CVE-2021-47368 enetc: Fix illegal access when reading affinity_hint
In the Linux kernel, the following vulnerability has been resolved: enetc: Fix illegal access when reading affinityhint irqsetaffinityhit stores a reference to the cpumaskt parameter in the irq descriptor, and that reference can be accessed later from irqaffinityhintprocshow. Since the cpumask...
CVE-2021-47368
CVE-2021-47368 concerns a Linux kernel vulnerability in enetc where irq_set_affinity_hit() stores a cpumask_t reference in an irq descriptor, referencing memory on the stack. This leads to illegal accesses when the affinity_hint is read via procfs, potentially causing paging oops. The issue is mi...
CVE-2021-47368 enetc: Fix illegal access when reading affinity_hint
In the Linux kernel, the following vulnerability has been resolved: enetc: Fix illegal access when reading affinityhint irqsetaffinityhit stores a reference to the cpumaskt parameter in the irq descriptor, and that reference can be accessed later from irqaffinityhintprocshow. Since the cpumask...
CVE-2022-48704
In the Linux kernel, the following vulnerability has been resolved: drm/radeon: add a force flush to delay work when radeon Although radeon card fence and wait for gpu to finish processing current batch rings, there is still a corner case that radeon lockup work queue may not be fully flushed, an...
CVE-2022-48704 drm/radeon: add a force flush to delay work when radeon
In the Linux kernel, the following vulnerability has been resolved: drm/radeon: add a force flush to delay work when radeon Although radeon card fence and wait for gpu to finish processing current batch rings, there is still a corner case that radeon lockup work queue may not be fully flushed, an...
CVE-2024-27055
A vulnerability was found in the wqupdatenodemaxactive function in the Linux Kernel, where improper handling of a special CPU identifier -1 when used in the call cpumasktestcpu function can result in a kernel panic. This issue can result in system instability or crashes...
CVE-2024-26989
In the Linux kernel, the following vulnerability has been resolved: arm64: hibernate: Fix level3 translation fault in swsuspsave On arm64 machines, swsuspsave faults if it attempts to access MEMBLOCKNOMAP memory ranges. This can be reproduced in QEMU using UEFI when booting with rodata=off...
CVE-2024-26996 usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport error
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fncm: Fix UAF ncm object at re-bind after usb ep transport error When ncm function is working and then stop usb0 interface for link down, ethstop is called. At this piont, accidentally if usb transport error should...
CVE-2024-26996
Summary: CVE-2024-26996 relates to a use-after-free in the Linux kernel USB gadget NCM implementation. When the NCM function is active and the usb0 interface is brought down, an error in usb_ep_enable() may cause in_ep/out_ep to remain disabled. During ncm_disable(), gether_disconnect() is not ca...
CVE-2024-26989 arm64: hibernate: Fix level3 translation fault in swsusp_save()
In the Linux kernel, the following vulnerability has been resolved: arm64: hibernate: Fix level3 translation fault in swsuspsave On arm64 machines, swsuspsave faults if it attempts to access MEMBLOCKNOMAP memory ranges. This can be reproduced in QEMU using UEFI when booting with rodata=off...
CVE-2024-26989 arm64: hibernate: Fix level3 translation fault in swsusp_save()
In the Linux kernel, the following vulnerability has been resolved: arm64: hibernate: Fix level3 translation fault in swsuspsave On arm64 machines, swsuspsave faults if it attempts to access MEMBLOCKNOMAP memory ranges. This can be reproduced in QEMU using UEFI when booting with rodata=off...
CVE-2024-26947 ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses
In the Linux kernel, the following vulnerability has been resolved: ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses Since commit a4d5613c4dc6 "arm: extend pfnvalid to take into account freed memory map alignment" changes the semantics of pfnvalid to check presence of t...
CVE-2024-26947 ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses
In the Linux kernel, the following vulnerability has been resolved: ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses Since commit a4d5613c4dc6 "arm: extend pfnvalid to take into account freed memory map alignment" changes the semantics of pfnvalid to check presence of t...
CVE-2022-48640
In the Linux kernel, the following vulnerability has been resolved: bonding: fix NULL deref in bondrrgenslaveid Fix a NULL dereference of the struct bonding.rrtxcounter member because if a bond is initially created with an initial mode != zero Round Robin the memory required for the counter is...
CVE-2022-48645 net: enetc: deny offload of tc-based TSN features on VF interfaces
In the Linux kernel, the following vulnerability has been resolved: net: enetc: deny offload of tc-based TSN features on VF interfaces TSN features on the ENETC taprio, cbs, gate, police are configured through a mix of command BD ring messages and port registers: enetcportrd, enetcportwr. Port...
CVE-2022-48640 bonding: fix NULL deref in bond_rr_gen_slave_id
In the Linux kernel, the following vulnerability has been resolved: bonding: fix NULL deref in bondrrgenslaveid Fix a NULL dereference of the struct bonding.rrtxcounter member because if a bond is initially created with an initial mode != zero Round Robin the memory required for the counter is...
CVE-2022-48640 bonding: fix NULL deref in bond_rr_gen_slave_id
In the Linux kernel, the following vulnerability has been resolved: bonding: fix NULL deref in bondrrgenslaveid Fix a NULL dereference of the struct bonding.rrtxcounter member because if a bond is initially created with an initial mode != zero Round Robin the memory required for the counter is...
CVE-2023-52635
A flaw was found in the Linux kernel resulting from race conditions and a lack of synchronization in handling the delayed work timers in the devfreq component. This issue can lead to inconsistencies and a corruption of the timer list...
CVE-2023-52635
In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Synchronize devfreqmonitorstart/stop There is a chance if a frequent switch of the governor done in a loop result in timer list corruption where timer cancel being done from two place one from canceldelayedworksync...