669 matches found
CVE-2024-26808 netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftchainfilter: handle NETDEVUNREGISTER for inet/ingress basechain Remove netdevice from inet/ingress basechain in case NETDEVUNREGISTER event is reported, otherwise a stale reference to netdevice remains in the hook...
CVE-2024-26806 spi: cadence-qspi: remove system-wide suspend helper calls from runtime PM hooks
In the Linux kernel, the following vulnerability has been resolved: spi: cadence-qspi: remove system-wide suspend helper calls from runtime PM hooks The -runtimesuspend and -runtimeresume callbacks are not expected to call spicontrollersuspend and spicontrollerresume. Remove calls to those in the...
CVE-2024-26782 mptcp: fix double-free on socket dismantle
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix double-free on socket dismantle when MPTCP server accepts an incoming connection, it clones its listener socket. However, the pointer to 'inetopt' for the new socket has the same value as the original one: as a...
CVE-2024-26773 ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found()
In the Linux kernel, the following vulnerability has been resolved: ext4: avoid allocating blocks from corrupted group in ext4mbtrybestfound Determine if the group block bitmap is corrupted before using acbex in ext4mbtrybestfound to avoid allocating blocks from a group with a corrupted block...
CVE-2024-26709 powerpc/iommu: Fix the missing iommu_group_put() during platform domain attach
In the Linux kernel, the following vulnerability has been resolved: powerpc/iommu: Fix the missing iommugroupput during platform domain attach The function spaprtceplatformiommuattachdev is missing to call iommugroupput when the domain is already set. This refcount leak shows up with BUGON during...
CVE-2024-26683 wifi: cfg80211: detect stuck ECSA element in probe resp
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: detect stuck ECSA element in probe resp We recently added some validation that we don't try to connect to an AP that is currently in a channel switch process, since that might want the channel to be quiet or we...
CVE-2023-52621 bpf: Check rcu_read_lock_trace_held() before calling bpf map helpers
In the Linux kernel, the following vulnerability has been resolved: bpf: Check rcureadlocktraceheld before calling bpf map helpers These three bpfmaplookup,update,deleteelem helpers are also available for sleepable bpf program, so add the corresponding lock assertion for sleepable bpf program,...
CVE-2021-47140
In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Clear DMA ops when switching domain Since commit 08a27c1c3ecf "iommu: Add support to change default domain of an iommu group" a user can switch a device between IOMMU and direct DMA through sysfs. This doesn't work for...
CVE-2023-52589 media: rkisp1: Fix IRQ disable race issue
In the Linux kernel, the following vulnerability has been resolved: media: rkisp1: Fix IRQ disable race issue In rkisp1ispstop and rkisp1csidisable the driver masks the interrupts and then apparently assumes that the interrupt handler won't be running, and proceeds in the stop procedure. This is...
CVE-2021-47097
In the Linux kernel, the following vulnerability has been resolved: Input: elantech - fix stack out of bound access in elantechchangereportid The array param in elantechchangereportid must be at least 3 bytes, because elantechreadregparams is calling ps2command with PSMOUSECMDGETINFO, that is goi...
The vulnerability of the tls_decrypt_done() function in the net/tls/tls_sw.c module of the TLS (Transport Layer Security) protocol implementation in the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the tlsdecryptdone function in the net/tls/tlssw.c module of the TLS Transport Layer Security protocol implementation in the Linux operating system is related to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to compromise the...
CVE-2023-52582
In the Linux kernel, the following vulnerability has been resolved: netfs: Only call foliostartfscache one time for each folio If a network filesystem using netfs implements a clamplength function, it can set subrequest lengths smaller than a page size. When we loop through the folios in...
CVE-2023-52560 mm/damon/vaddr-test: fix memory leak in damon_do_test_apply_three_regions()
In the Linux kernel, the following vulnerability has been resolved: mm/damon/vaddr-test: fix memory leak in damondotestapplythreeregions When CONFIGDAMONVADDRKUNITTEST=y and making CONFIGDEBUGKMEMLEAK=y and CONFIGDEBUGKMEMLEAKAUTOSCAN=y, the below memory leak is detected. Since commit 9f86d624292...
CVE-2023-52519 HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit
In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit The EHL Elkhart Lake based platforms provide a OOB Out of band service, which allows to wakup device when the system is in S5 Soft-Off state. This OOB service can be...
CVE-2021-46959
In the Linux kernel, the following vulnerability has been resolved: spi: Fix use-after-free with devmspialloc We can't rely on the contents of the devres list during spiunregistercontroller, as the list is already torn down at the time we perform devresfind for devmspireleasecontroller. This caus...
CVE-2024-26618 arm64/sme: Always exit sme_alloc() early with existing storage
In the Linux kernel, the following vulnerability has been resolved: arm64/sme: Always exit smealloc early with existing storage When smealloc is called with existing storage and we are not flushing we will always allocate new storage, both leaking the existing storage and corrupting the state. Fi...
CVE-2023-52458 block: add check that partition length needs to be aligned with block size
In the Linux kernel, the following vulnerability has been resolved: block: add check that partition length needs to be aligned with block size Before calling add partition or resize partition, there is no check on whether the length is aligned with the logical block size. If the logical block siz...
CVE-2024-26582 net: tls: fix use-after-free with partial reads and async decrypt
In the Linux kernel, the following vulnerability has been resolved: net: tls: fix use-after-free with partial reads and async decrypt tlsdecryptsg doesn't take a reference on the pages from clearskb, so the putpage in tlsdecryptdone releases them, and we trigger a use-after-free in processrxlist...
CVE-2024-0641
A denial of service vulnerability was found in tipccryptokeyrevoke in net/tipc/crypto.c in the Linux kernel’s TIPC subsystem. This flaw allows guests with local user privileges to trigger a deadlock and potentially crash the system...
CVE-2023-6817
A use-after-free vulnerability in the Linux kernel's netfilter: nftables component can be exploited to achieve local privilege escalation. The function nftpipapowalk did not skip inactive elements during set walk which could lead double deactivations of PIPAPO Pile Packet Policies elements, leadi...