68528 matches found
CVE-2022-50759
In the Linux kernel, the following vulnerability has been resolved: media: i2c: ov5648: Free V4L2 fwnode data on unbind The V4L2 fwnode data structure doesn't get freed on unbind, which leads to a memleak...
CVE-2023-54070
In the Linux kernel, the following vulnerability has been resolved: igb: clean up in all error paths when enabling SR-IOV After commit 50f303496d92 "igb: Enable SR-IOV after reinit", removing the igb module could hang or crash depending on the machine when the module has been loaded with the maxv...
CVE-2023-54060
In the Linux kernel, the following vulnerability has been resolved: iommufd: Set end correctly when doing batch carry Even though the test suite covers this it somehow became obscured that this wasn't working. The test iommufdioas.mockdomain.accessdomaindestory would blow up rarely. end should be...
CVE-2023-54154
In the Linux kernel, the following vulnerability has been resolved: scsi: target: core: Fix targetcmdcounter leak The targetcmdcounter struct allocated via targetalloccmdcounter is never freed, resulting in leaks across various transport types, e.g.: unreferenced object 0xffff88801f920120 size 96...
CVE-2022-50747
In the Linux kernel, the following vulnerability has been resolved: hfs: Fix OOB Write in hfsasc2mac Syzbot reported a OOB Write bug: loop0: detected capacity change from 0 to 64 ================================================================== BUG: KASAN: slab-out-of-bounds in...
CVE-2023-54094
In the Linux kernel, the following vulnerability has been resolved: net: prevent skb corruption on frag list segmentation Ian reported several skb corruptions triggered by rx-gro-list, collecting different oops alike: 62.624003 BUG: kernel NULL pointer dereference, address: 00000000000000c0...
CVE-2023-54111
In the Linux kernel, the following vulnerability has been resolved: pinctrl: rockchip: Fix refcount leak in rockchippinctrlparsegroups offindnodebyphandle returns a node pointer with refcount incremented, We should use ofnodeput on it when not needed anymore. Add missing ofnodeput to avoid refcou...
CVE-2022-50739
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add null pointer check for inode operations This adds a sanity check for the iop pointer of the inode which is returned after reading Root directory MFT record. We should check the iop is valid before trying to create t...
CVE-2023-54120
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix race condition in hidpsessionthread There is a potential race condition in hidpsessionthread that may lead to use-after-free. For instance, the timer is active while hidpdeltimer is called in hidpsessionthread. Aft...
CVE-2025-68739
In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: hisi: Fix potential UAF in OPP handling Ensure all required data is acquired before calling devpmoppputopp to maintain correct resource acquisition and release order...
CVE-2023-54138
In the Linux kernel, the following vulnerability has been resolved: drm/msm: fix NULL-deref on irq uninstall In case of early initialisation errors and on platforms that do not use the DPU controller, the deinitilisation code can be called with the kms pointer set to NULL. Patchwork:...
CVE-2023-54132
In the Linux kernel, the following vulnerability has been resolved: erofs: stop parsing non-compact HEAD index if clusterofs is invalid Syzbot generated a crafted image 1 with a non-compact HEAD index of clusterofs 33024 while valid numbers should be 0 lclustersize-1, which causes the following...
CVE-2023-54150
In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix an out of bounds error in BIOS parser The array is hardcoded to 8 in atomfirmware.h, but firmware provides a bigger one sometimes. Deferencing the larger array causes an out of bounds error. commit 4fc1ba4aa589...
CVE-2025-68748
In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix UAF race between device unplug and FW event processing The function panthorfwunplug will free the FW memory sections. The problem is that there could still be pending FW events which are yet not handled at this...
CVE-2023-54095
In the Linux kernel, the following vulnerability has been resolved: powerpc/iommu: Fix notifiers being shared by PCI and VIO buses failiommusetup registers the failiommubusnotifier struct to both PCI and VIO buses. struct notifierblock is a linked list node, so this causes any notifiers later...
CVE-2022-50758
In the Linux kernel, the following vulnerability has been resolved: staging: vt6655: fix potential memory leak In function deviceinittd0ring, memory is allocated for member tdinfo of priv-apTD0Ringsi, with i increasing from 0. In case of allocation failure, the memory is freed in reversed order,...
CVE-2023-54083
In the Linux kernel, the following vulnerability has been resolved: phy: tegra: xusb: Clear the driver reference in usb-phy dev For the dual-role port, it will assign the phy dev to usb-phy dev and use the port dev driver as the dev driver of usb-phy. When we try to destroy the port dev, it will...
CVE-2023-54121
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix incorrect splitting in btrfsdropextentmaprange In production we were seeing a variety of WARNON's in the extentmap code, specifically in btrfsdropextentmaprange when we have to call addextentmapping for our second spli...
CVE-2023-54059
In the Linux kernel, the following vulnerability has been resolved: soc: mediatek: mtk-svs: Enable the IRQ later If the system does not come from reset like when is booted via kexec, the peripheral might triger an IRQ before the data structures are initialised. 0.227710 Unable to handle kernel NU...
CVE-2023-54117
In the Linux kernel, the following vulnerability has been resolved: s390/dcssblk: fix kernel crash with listadd corruption Commit fb08a1908cb1 "dax: simplify the daxdevice gendisk association" introduced new logic for gendisk association, requiring drivers to explicitly call daxaddhost and...
CVE-2025-67621
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in 10up Eight Day Week Print Workflow eight-day-week-print-workflow allows Retrieve Embedded Sensitive Data.This issue affects Eight Day Week Print Workflow: from n/a through = 1.2.5...
CVE-2023-54085
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix NULL pointer dereference on fastopen early fallback In case of early fallback to TCP, subflowsynrecvsock deletes the subflow context before returning the newly allocated sock to the caller. The fastopen path does not...
CVE-2022-50760
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix PCI device refcount leak in amdgpuatrmgetbios As comment of pcigetclass says, it returns a pcidevice with its refcount increased and decreased the refcount for the input parameter @from if it is not NULL. If we...
CVE-2022-50750
In the Linux kernel, the following vulnerability has been resolved: drm/panel/panel-sitronix-st7701: Remove panel on DSI attach failure In case mipidsiattach fails, call drmpanelremove to avoid memory leak...
CVE-2022-50763
In the Linux kernel, the following vulnerability has been resolved: crypto: marvell/octeontx - prevent integer overflows The "codelength" value comes from the firmware file. If your firmware is untrusted realistically there is probably very little you can do to protect yourself. Still we try to...
CVE-2022-50771
In the Linux kernel, the following vulnerability has been resolved: rcu: Fix thiscpuread lockdep warning in rcuforcequiescentstate Running rcutorture with non-zero fqsduration module parameter in a kernel built with CONFIGPREEMPTION=y results in the following splat: BUG: using thiscpuread in...
CVE-2022-50766
In the Linux kernel, the following vulnerability has been resolved: btrfs: set generation before calling btrfscleantreeblock in btrfsinitnewbuffer syzbot is reporting uninit-value in btrfscleantreeblock 1, for commit bc877d285ca3dba2 "btrfs: Deduplicate extentbuffer init code" missed that...
CVE-2022-50768
In the Linux kernel, the following vulnerability has been resolved: scsi: smartpqi: Correct device removal for multi-actuator devices Correct device count for multi-actuator drives which can cause kernel panics...
CVE-2023-54101
In the Linux kernel, the following vulnerability has been resolved: driver: soc: xilinx: use safe loop iterator to avoid a use after free The hashforeachpossible loop dereferences "evedata" to get the next item on the list. However the loop frees evedata so it leads to a use after free. Use...
CVE-2022-50783
In the Linux kernel, the following vulnerability has been resolved: mptcp: use proper req destructor for IPv6 Before, only the destructor from TCP request sock in IPv4 was called even if the subflow was IPv6. It is important to use the right destructor to avoid memory leaks with some advanced IPv...
CVE-2023-54105
In the Linux kernel, the following vulnerability has been resolved: can: isotp: check CAN address family in isotpbind Add missing check to block non-AFCAN binds. Syzbot created some code which matched the right sockaddr struct size but used AFXDP 0x2C instead of AFCAN 0x1D in the address family...
CVE-2022-50777
In the Linux kernel, the following vulnerability has been resolved: net: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmiiprobe ofphyfinddevice return device node with refcount incremented. Call putdevice to relese it when not needed anymore...
CVE-2022-50744
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix hard lockup when reading the rxmonitor from debugfs During I/O and simultaneous cat of /sys/kernel/debug/lpfc/fnX/rxmonitor, a hard lockup similar to the call trace below may occur. The spinlockbh in...
CVE-2022-50774
In the Linux kernel, the following vulnerability has been resolved: crypto: qat - fix DMA transfer direction When CONFIGDMAAPIDEBUG is selected, while running the crypto self test on the QAT crypto algorithms, the function adddmaentry reports a warning similar to the one below, saying that...
CVE-2022-50746
In the Linux kernel, the following vulnerability has been resolved: erofs: validate the extent length for uncompressed pclusters syzkaller reported a KASAN use-after-free: https://syzkaller.appspot.com/bug?extid=2ae90e873e97f1faf6f2 The referenced fuzzed image actually has two issues: - mpa == 0 ...
CVE-2023-54122
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Add check for cstate As kzalloc may fail and return NULL pointer, it should be better to check cstate in order to avoid the NULL pointer dereference in drmatomichelpercrtcreset. Patchwork:...
CVE-2023-54147
In the Linux kernel, the following vulnerability has been resolved: media: platform: mtk-mdp3: Add missing check and free for idaalloc Add the check for the return value of the idaalloc in order to avoid NULL pointer dereference. Moreover, free allocated "ctx-id" if mdpm2mopen fails later in orde...
CVE-2022-50773
In the Linux kernel, the following vulnerability has been resolved: ALSA: mts64: fix possible null-ptr-defer in sndmts64interrupt I got a null-ptr-defer error report when I do the following tests on the qemu platform: make defconfig and CONFIGPARPORT=m, CONFIGPARPORTPC=m, CONFIGSNDMTS64=m Then...
CVE-2025-68738
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: fix null pointer deref in mt7996conftx If a link does not have an assigned channel yet, mt7996viflink returns NULL. We still need to store the updated queue settings in that case, and apply them later. Move th...
CVE-2022-50745
In the Linux kernel, the following vulnerability has been resolved: staging: media: tegra-video: fix devicenode use after free At probe time this code path is followed: tegracsiinit tegracsichannelsalloc foreachchildofnodenode, channel -- iterates over channels automatically gets 'channel'...
CVE-2023-54082
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2023-54130
In the Linux kernel, the following vulnerability has been resolved: hfs/hfsplus: avoid WARNON for sanity check, use proper error handling Commit 55d1cbbbb29e "hfs/hfsplus: use WARNON for sanity check" fixed a build warning by turning a comment into a WARNON, but it turns out that syzbot then...
CVE-2023-54125
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Return error for inconsistent extended attributes ntfsreadea is called when we want to read extended attributes. There are some sanity checks for the validity of the EAs. However, it fails to return a proper error code...
CVE-2022-50767
In the Linux kernel, the following vulnerability has been resolved: fbdev: smscufx: Fix several use-after-free bugs Several types of UAFs can occur when physically removing a USB device. Adds ufxopsdestroy function to .fbdestroy of fbops, and in this function, there is krefput that finally calls...
CVE-2023-54050
In the Linux kernel, the following vulnerability has been resolved: ubifs: Fix memleak when insertoldidx failed Following process will cause a memleak for copied up znode: dirtycowznode zn = copyznodec, znode; err = insertoldidxc, zbr-lnum, zbr-offs; if unlikelyerr return ERRPTRerr; // No one...
CVE-2023-54053
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: pcie: fix possible NULL pointer dereference It is possible that iwlpciprobe will fail and free the trans, then afterwards iwlpciremove will be called and crash by trying to access trans which is already freed, fix...
CVE-2023-54072
In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix potential data race at PCM memory allocation helpers The PCM memory allocation helpers have a sanity check against too many buffer allocations. However, the check is performed without a proper lock and the allocati...
CVE-2023-54052
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921: fix skb leak by txs missing in AMSDU txs may be dropped if the frame is aggregated in AMSDU. When the problem shows up, some SKBs would be hold in driver to cause network stopped temporarily. Even if the probl...
CVE-2023-54099
In the Linux kernel, the following vulnerability has been resolved: fs: Protect reconfiguration of sb read-write from racing writes The reconfigure / remount code takes a lot of effort to protect filesystem's reconfiguration code from racing writes on remounting read-only. However during remounti...
CVE-2023-54074
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Use correct encap attribute during invalidation With introduction of post action infrastructure most of the users of encap attribute had been modified in order to obtain the correct attribute by calling...