68528 matches found
CVE-2022-50781
In the Linux kernel, the following vulnerability has been resolved: amdgpu/pm: prevent array underflow in vega20odneditdpmtable In the PPODEDITVDDCCURVE case the "inputindex" variable is capped at 2 but not checked for negative values so it results in an out of bounds read. This value comes from...
CVE-2022-50756
In the Linux kernel, the following vulnerability has been resolved: nvme-pci: fix mempool alloc size Convert the max size to bytes to match the units of the divisor that calculates the worst-case number of PRP entries. The result is used to determine how many PRP Lists are required. The code was...
CVE-2022-50748
In the Linux kernel, the following vulnerability has been resolved: ipc: mqueue: fix possible memory leak in initmqueuefs commit db7cfc380900 "ipc: Free mqsysctls if ipc namespace creation failed" Here's a similar memory leak to the one fixed by the patch above. retiremqsysctls need to be called...
CVE-2023-54110
In the Linux kernel, the following vulnerability has been resolved: usb: rndishost: Secure rndisquery check against int overflow Variables off and len typed as uint32 in rndisquery function are controlled by incoming RNDIS response message thus their value may be manipulated. Setting off to a...
CVE-2022-50740
In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: hifusb: fix memory leak of urbs in ath9khifusbdealloctxurbs Syzkaller reports a long-known leak of urbs in ath9khifusbdealloctxurbs. The cause of the leak is that usbgeturb is called but usbfreeurb or usbputurb is no...
CVE-2022-50752
In the Linux kernel, the following vulnerability has been resolved: md/raid5: Remove unnecessary bioput in raid5readonechunk When running chunk-sized reads on disks with badblocks duplicate bio free/puts are observed: ============================================================================= B...
CVE-2023-54088
In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: hold queuelock when removing blkg-qnode When blkg is removed from q-blkglist from blkgfreeworkfn, queuelock has to be held, otherwise, all kinds of bugslist corruption, hard lockup, .. can be triggered from...
CVE-2023-54161
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2023-54143
In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: fix resource leaks in vdecmsgqueueinit If we encounter any error in the vdecmsgqueueinit then we need to set "msgqueue-wdmaaddr.size = 0;". Normally, this is done inside the vdecmsgqueuedeinit function...
CVE-2025-68743
In the Linux kernel, the following vulnerability has been resolved: mshv: Fix create memory region overlap check The current check is incorrect; it only checks if the beginning or end of a region is within an existing region. This doesn't account for userspace specifying a region that begins befo...
CVE-2025-68736
In the Linux kernel, the following vulnerability has been resolved: landlock: Fix handling of disconnected directories Disconnected files or directories can appear when they are visible and opened from a bind mount, but have been renamed or moved from the source of the bind mount in a way that...
CVE-2023-54104
In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: fslupm: Fix an off-by one test in funexecop 'op-cs' is copied in 'fun-mchipnumber' which is used to access the 'mchipoffsets' and the 'rnbgpio' arrays. These arrays have NANDMAXCHIPS elements, so the index must be...
CVE-2023-54149
In the Linux kernel, the following vulnerability has been resolved: net: dsa: avoid suspicious RCU usage for synced VLAN-aware MAC addresses When using the felix driver the only one which supports UC filtering and MC filtering as a DSA master for a random other DSA switch, one can see the followi...
CVE-2023-54140
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix WARNING in markbufferdirty due to discarded buffer reuse A syzbot stress test using a corrupted disk image reported that markbufferdirty called from nilfsmarkinodedirty or nilfspalloccommitallocentry may output a kern...
CVE-2023-54133
In the Linux kernel, the following vulnerability has been resolved: nfp: clean mc addresses in application firmware when closing port When moving devices from one namespace to another, mc addresses are cleaned in software while not removed from application firmware. Thus the mc addresses are...
CVE-2023-54131
In the Linux kernel, the following vulnerability has been resolved: wifi: rt2x00: Fix memory leak when handling surveys When removing a rt2x00 device, its associated channel surveys are not freed, causing a memory leak observable with kmemleak: unreferenced object 0xffff9620f0881a00 size 512: com...
CVE-2022-50738
In the Linux kernel, the following vulnerability has been resolved: vhost-vdpa: fix an iotlb memory leak Before commit 3d5698793897 "vhost-vdpa: introduce asid based IOTLB" we called vhostvdpaiotlbunmapv, iotlb, 0ULL, 0ULL - 1 during release to free all the resources allocated when processing use...
CVE-2023-54058
In the Linux kernel, the following vulnerability has been resolved: firmware: armffa: Check if ffadriver remove is present before executing Currently ffadrv-remove is called unconditionally from ffadeviceremove. Since the driver registration doesn't check for it and allows it to be registered...
CVE-2023-54063
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix OOB read in indxinsertintobuffer Syzbot reported a OOB read bug: BUG: KASAN: slab-out-of-bounds in indxinsertintobuffer+0xaa3/0x13b0 fs/ntfs3/index.c:1755 Read of size 17168 at addr ffff8880255e06c0 by task...
CVE-2023-54067
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race when deleting free space root from the dirty cow roots list When deleting the free space tree we are deleting the free space root from the list fsinfo-dirtycowonlyroots without taking the lock that protects it,...
CVE-2023-54126
In the Linux kernel, the following vulnerability has been resolved: crypto: safexcel - Cleanup ring IRQ workqueues on load failure A failure loading the safexcel driver results in the following warning on boot, because the IRQ affinity has not been correctly cleaned up. Ensure we clean up the...
CVE-2022-50764
In the Linux kernel, the following vulnerability has been resolved: ipv6/sit: use DEVSTATSINC to avoid data-races syzbot/KCSAN reported that multiple cpus are updating dev-stats.txerror concurrently. This is because sit tunnels are NETIFFLLTX, meaning their ndostartxmit is not protected by a...
CVE-2023-54115
In the Linux kernel, the following vulnerability has been resolved: pcmcia: rsrcnonstatic: Fix memory leak in nonstaticreleaseresourcedb When nonstaticreleaseresourcedb frees all resources associated with an PCMCIA socket, it forgets to free socketdata too, causing a memory leak observable with...
CVE-2022-50775
In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix refcount leak in hnsrocemmap rdmausermmapentrygetpgoff takes the reference. Add missing rdmausermmapentryput to release the reference. Acked-by Haoyue Xu...
CVE-2023-54080
In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: skip splitting and logical rewriting on pre-alloc write When doing a relocation, there is a chance that at the time of btrfsrelocclonecsums, there is no checksum for the corresponding region. In this case,...
CVE-2022-50737
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validate index root when initialize NTFS security This enhances the sanity check for $SDH and $SII while initializing NTFS security, guarantees these index root are legit. 162.459513 BUG: KASAN: use-after-free in...
CVE-2023-54100
In the Linux kernel, the following vulnerability has been resolved: scsi: qedi: Fix use after free bug in qediremove In qediprobe we call qediprobe which initializes &qedi-recoverywork with qedirecoveryhandler and &qedi-boarddisablework with qediboarddisablework. When qedischedulerecoveryhandler ...
CVE-2023-54077
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix memory leak if ntfsreadmft failed Label ATTRROOT in ntfsreadmft sets isroot = true and ni-niflags |= NIFLAGDIR, then next attr will goto label ATTRALLOC and alloc ni-dir.allocrun. However two states are not always...
CVE-2023-54127
In the Linux kernel, the following vulnerability has been resolved: fs/jfs: prevent double-free in dbUnmount after failed jfsremount Syzkaller reported the following issue: ================================================================== BUG: KASAN: double-free in slabfree mm/slub.c:3787 inline...
CVE-2023-54049
In the Linux kernel, the following vulnerability has been resolved: rpmsg: glink: Add check for kstrdup Add check for the return value of kstrdup and return the error if it fails in order to avoid NULL pointer dereference...
CVE-2023-54069
In the Linux kernel, the following vulnerability has been resolved: ext4: fix BUG in ext4mbnewinodepa due to overflow When we calculate the end position of ext4freeextent, this position may be exactly where ext4lblkt i.e. uint overflows. For example, if acgex.felogical is 4294965248 and...
CVE-2023-54091
In the Linux kernel, the following vulnerability has been resolved: drm/client: Fix memory leak in drmclienttargetcloned dmtmode is allocated and never freed in this function. It was found with the ast driver, but most drivers using generic fbdev setup are probably affected. This fixes the...
CVE-2023-54113
In the Linux kernel, the following vulnerability has been resolved: rcu: dump vmalloc memory info safely Currently, for double invoke callrcu, will dump rcuhead objects memory info, if the objects is not allocated from the slab allocator, the vmallocdumpobj will be invoke and the vmaparealock...
CVE-2025-68737
In the Linux kernel, the following vulnerability has been resolved: arm64/pageattr: Propagate return value from changememorycommon The rodata=on security measure requires that any code path which does vmalloc - setmemoryro/setmemoryrox must protect the linear map alias too. Therefore, if such a...
CVE-2023-54068
In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix to call f2fswaitonpagewriteback in f2fswriterawpages BUGON will be triggered when writing files concurrently, because the same page is writtenback multiple times. 1597 void folioendwritebackstruct folio folio...
CVE-2023-54056
In the Linux kernel, the following vulnerability has been resolved: kheaders: Use array declaration instead of char Under CONFIGFORTIFYSOURCE, memcpy will check the size of destination and source buffers. Defining kernelheadersdata as "char" would trip this check. Since these addresses are treate...
CVE-2023-54075
In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: common: Fix refcount leak in parsedailinkinfo Add missing ofnodeputs before the returns to balance ofnodegets and ofnodeputs, which may get unbalanced in case the for loop 'foreachavailablechildofnode' returns ear...
CVE-2022-50741
In the Linux kernel, the following vulnerability has been resolved: media: imx-jpeg: Disable useless interrupt to avoid kernel panic There is a hardware bug that the interrupt STMBUFHALF may be triggered after or when disable interrupt. It may led to unexpected kernel panic. And interrupt...
CVE-2023-54137
In the Linux kernel, the following vulnerability has been resolved: vfio/type1: fix capmigration information leak Fix an information leak where an uninitialized hole in struct vfioiommutype1infocapmigration on the stack is exposed to userspace. The definition of struct...
CVE-2022-50765
In the Linux kernel, the following vulnerability has been resolved: RISC-V: kexec: Fix memory leak of elf header buffer This is reported by kmemleak detector: unreferenced object 0xff2000000403d000 size 4096: comm "kexec", pid 146, jiffies 4294900633 age 64.792s hex dump first 32 bytes: 7f 45 4c ...
CVE-2023-54062
In the Linux kernel, the following vulnerability has been resolved: ext4: fix invalid free tracking in ext4xattrmovetoblock In ext4xattrmovetoblock, the value of the extended attribute which we need to move to an external block may be allocated by kvmalloc if the value is stored in an external...
CVE-2022-50754
In the Linux kernel, the following vulnerability has been resolved: apparmor: fix a memleak in multitransactionnew In multitransactionnew, the variable t is not freed or passed out on the failure of copyfromusert-data, buf, size, which could lead to a memleak. Fix this bug by adding a...
CVE-2023-54106
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: fix potential memory leak in mlx5einitreprx The memory pointed to by the priv-rxres pointer is not freed in the error path of mlx5einitreprx, which can lead to a memory leak. Fix by freeing the memory in the error path,...
CVE-2023-54092
In the Linux kernel, the following vulnerability has been resolved: KVM: s390: pv: fix index value of replaced ASCE The index field of the struct page corresponding to a guest ASCE should be 0. When replacing the ASCE in s390replaceasce, the index of the new ASCE should also be set to 0. Having t...
CVE-2023-54118
In the Linux kernel, the following vulnerability has been resolved: serial: sc16is7xx: setup GPIO controller later in probe The GPIO controller component of the sc16is7xx driver is setup too early, which can result in a race condition where another device tries to utilise the GPIO lines before th...
CVE-2023-54116
In the Linux kernel, the following vulnerability has been resolved: drm/fbdev-generic: prohibit potential out-of-bounds access The fbdev test of IGT may write after EOF, which lead to out-of-bound access for drm drivers with fbdev-generic. For example, run fbdev test on a x86+ast2400 platform, wi...
CVE-2023-54051
In the Linux kernel, the following vulnerability has been resolved: net: do not allow gsosize to be set to GSOBYFRAGS One missing check in virtionethdrtoskb allowed syzbot to crash kernels again 1 Do not allow gsosize to be set to GSOBYFRAGS 0xffff, because this magic value is used by the kernel....
CVE-2022-50757
In the Linux kernel, the following vulnerability has been resolved: media: camss: Clean up received buffers on failed start of streaming It is required to return the received buffers, if streaming can not be started. For instance mediapipelinestart may fail with EPIPE, if a link validation betwee...
CVE-2023-54146
In the Linux kernel, the following vulnerability has been resolved: x86/kexec: Fix double-free of elf header buffer After b3e34a47f989 "x86/kexec: fix memory leak of elf header buffer", freeing image-elfheaders in the error path of crashloadsegments is not needed because kimagefilepostloadcleanup...
CVE-2022-50751
In the Linux kernel, the following vulnerability has been resolved: configfs: fix possible memory leak in configfscreatedir kmemleak reported memory leaks in configfscreatedir: unreferenced object 0xffff888009f6af00 size 192: comm "modprobe", pid 3777, jiffies 4295537735 age 233.784s backtrace:...