25 matches found
CVE-2024-49868
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix a NULL pointer dereference when failed to start a new trasacntion BUG Syzbot reported a NULL pointer dereference with the following crash: FAULTINJECTION: forcing a failure. starttransaction+0x830/0x1670...
CVE-2024-44939
In the Linux kernel, the following vulnerability has been resolved: jfs: fix null ptr deref in dtInsertEntry syzbot reported general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 1 PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range...
CVE-2024-41059 hfsplus: fix uninit-value in copy_name
In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix uninit-value in copyname syzbot reported BUG: KMSAN: uninit-value in sizedstrscpy+0xc4/0x160 sizedstrscpy+0xc4/0x160 copyname+0x2af/0x320 fs/hfsplus/xattr.c:411 hfspluslistxattr+0x11e9/0x1a50 fs/hfsplus/xattr.c:750...
CVE-2022-48836
In the Linux kernel, the following vulnerability has been resolved: Input: aiptek - properly check endpoint type Syzbot reported warning in usbsubmiturb which is caused by wrong endpoint type. There was a check for the number of endpoints, but not for the type of endpoint. Fix it by replacing old...
CVE-2024-39301 net/9p: fix uninit-value in p9_client_rpc()
In the Linux kernel, the following vulnerability has been resolved: net/9p: fix uninit-value in p9clientrpc Syzbot with the help of KMSAN reported the following error: BUG: KMSAN: uninit-value in trace9pclientres include/trace/events/9p.h:146 inline BUG: KMSAN: uninit-value in...
CVE-2021-47588
In the Linux kernel, the following vulnerability has been resolved: sit: do not call ipip6devfree from sitinitnet ipip6devfree is sit dev-privdestructor, already called by registernetdevice if something goes wrong. Alternative would be to make ipip6devfree robust against multiple invocations, but...
CVE-2021-47588
In the Linux kernel, the following vulnerability has been resolved: sit: do not call ipip6devfree from sitinitnet ipip6devfree is sit dev-privdestructor, already called by registernetdevice if something goes wrong. Alternative would be to make ipip6devfree robust against multiple invocations, but...
CVE-2021-47602
In the Linux kernel, the following vulnerability has been resolved: mac80211: track only QoS data frames for admission control For admission control, obviously all of that only works for QoS data frames, otherwise we cannot even access the QoS field in the header. Syzbot reported see below an...
CVE-2021-47583
In the Linux kernel, the following vulnerability has been resolved: media: mxl111sf: change mutexinit location Syzbot reported, that mxl111sfctrlmsg uses uninitialized mutex. The problem was in wrong mutexinit location. Previous mutexinit&state-msglock call was in -init function, but dvbusbv2init...
CVE-2024-36938
In the Linux kernel, the following vulnerability has been resolved: bpf, skmsg: Fix NULL pointer dereference in skpsockskbingressenqueue Fix NULL pointer data-races in skpsockskbingressenqueue which syzbot reported 1. 1 BUG: KCSAN: data-race in skpsockdrop / skpsockskbingressenqueue write to...
CVE-2021-47404
In the Linux kernel, the following vulnerability has been resolved: HID: betop: fix slab-out-of-bounds Write in betopprobe Syzbot reported slab-out-of-bounds Write bug in hid-betopff driver. The problem is the driver assumes the device must have an input report but some malicious devices violate...
CVE-2021-47397 sctp: break out if skb_header_pointer returns NULL in sctp_rcv_ootb
In the Linux kernel, the following vulnerability has been resolved: sctp: break out if skbheaderpointer returns NULL in sctprcvootb We should always check if skbheaderpointer's return is NULL before using it, otherwise it may cause null-ptr-deref, as syzbot reported: KASAN: null-ptr-deref in rang...
CVE-2021-47249
In the Linux kernel, the following vulnerability has been resolved: net: rds: fix memory leak in rdsrecvmsg Syzbot reported memory leak in rds. The problem was in unputted refcount in case of error. int rdsrecvmsgstruct socket sock, struct msghdr msg, sizet size, int msgflags ... if...
CVE-2024-35915 nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet
In the Linux kernel, the following vulnerability has been resolved: nfc: nci: Fix uninit-value in ncidevup and ncintfpacket syzbot reported the following uninit-value access issue 12: ncirxwork parses and processes received packet. When the payload length is zero, each message type handler reads...
CVE-2024-26875
In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix uaf in pvr2contextsetnotify Syzbot reported BUG: KASAN: slab-use-after-free in pvr2contextsetnotify+0x2c4/0x310 drivers/media/usb/pvrusb2/pvrusb2-context.c:35 Read of size 4 at addr ffff888113aeb0d8 by task...
CVE-2024-26815
The CVE-2024-26815 entry concerns the Linux kernel taprio qdisc: taprio_parse_tc_entry() fails to validate TCA_TAPRIO_TC_ENTRY_INDEX, allowing negative values to be fed and triggering a UBSAN shift-out-of-bounds in net/sched/sch_taprio.c. The patch fixes the check by ensuring the index is within ...
CVE-2024-26624
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2023-52577
An out-of-bounds access flaw was found in dccpv4err and dccpv6err in the Linux kernel. This may lead to a crash...
CVE-2021-47106 netfilter: nf_tables: fix use-after-free in nft_set_catchall_destroy()
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: fix use-after-free in nftsetcatchalldestroy We need to use listforeachentrysafe iterator because we can not access @catchall after kfreercu call. syzbot reported: BUG: KASAN: use-after-free in...
CVE-2021-47103
In the Linux kernel, the following vulnerability has been resolved: inet: fully convert sk-skrxdst to RCU rules syzbot reported various issues around early demux, one being included in this changelog 1 sk-skrxdst is using RCU protection without clearly documenting it. And following sequences in...