68528 matches found
CVE-2023-54027
In the Linux kernel, the following vulnerability has been resolved: iio: core: Prevent invalid memory access when there is no parent Commit 813665564b3d "iio: core: Convert to use firmware node handle instead of OF node" switched the kind of nodes to use for label retrieval in device registration...
CVE-2025-68355
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix exclusive map memory leak When exclproghash is 0 and exclproghashsize is non-zero, the map also needs to be freed. Otherwise, the map memory will not be reclaimed, just like the memory leak problem reported by syzbot 1...
CVE-2022-50708
In the Linux kernel, the following vulnerability has been resolved: HSI: ssiprotocol: fix potential resource leak in ssippnopen ssippnopen claims the HSI client's port with hsiclaimport. When hsiregisterportevent gets some error and returns a negetive value, the HSI client's port should be releas...
CVE-2025-68348
In the Linux kernel, the following vulnerability has been resolved: block: fix memory leak in blkdevissuezeropages Move the fatal signal check before bioalloc to prevent a memory leak when BLKDEVZEROKILLABLE is set and a fatal signal is pending. Previously, the bio was allocated before checking f...
CVE-2025-68361
In the Linux kernel, the following vulnerability has been resolved: erofs: limit the level of fs stacking for file-backed mounts Otherwise, it could cause potential kernel stack overflow e.g., EROFS mounting itself...
CVE-2022-50697
In the Linux kernel, the following vulnerability has been resolved: mrp: introduce active flags to prevent UAF when applicant uninit The caller of deltimersync must prevent restarting of the timer, If we have no this synchronization, there is a small probability that the cancellation will not be...
CVE-2023-53997
In the Linux kernel, the following vulnerability has been resolved: thermal: of: fix double-free on unregistration Since commit 3d439b1a2ad3 "thermal/core: Alloc-copy-free the thermal zone parameters structure", thermalzonedeviceregister allocates a copy of the tzp argument and frees it when...
CVE-2023-54035
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: fix underflow in chain reference counter Set element addition error path decrements reference counter on chains twice: once on element release and again via nftdatarelease. Then, d6b478666ffa "netfilter:...
CVE-2023-53986
In the Linux kernel, the following vulnerability has been resolved: mips: bmips: BCM6358: disable RAC flush for TP1 RAC flush causes kernel panics on BCM6358 with EHCI/OHCI when booting from TP1: 3.881739 usb 1-1: new high-speed USB device number 2 using ehci-platform 3.895011 Reserved instructio...
CVE-2022-50700
In the Linux kernel, the following vulnerability has been resolved: wifi: ath10k: Delay the unmapping of the buffer On WCN3990, we are seeing a rare scenario where copy engine hardware is sending a copy complete interrupt to the host driver while still processing the buffer that the driver has...
CVE-2023-53990
In the Linux kernel, the following vulnerability has been resolved: SMB3: Add missing locks to protect deferred close file list cifsdeldeferredclose function has a critical section which modifies the deferred close file list. We must acquire deferredlock before calling cifsdeldeferredclose functi...
CVE-2023-54028
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix the error "trying to register non-static key in rxecleanuptask" In the function rxecreateqp, rxeqpfrominit is called to initialize qp, internally things like rxeinittask are not setup until rxeqpinitreq. If an error...
CVE-2022-50705
In the Linux kernel, the following vulnerability has been resolved: iouring/rw: defer fsnotify calls to task context We can't call these off the kiocb completion as that might be off soft/hard irq context. Defer the calls to when we process the taskwork for this request. That avoids valid...
CVE-2023-54034
In the Linux kernel, the following vulnerability has been resolved: iommufd: Make sure to zero vfioiommutype1info before copying to user Missed a zero initialization here. Most of the struct is filled with a copyfromuser, however minsz for that copy is smaller than the actual struct by 8 bytes,...
CVE-2022-50702
In the Linux kernel, the following vulnerability has been resolved: vdpasim: fix possible memory leak in vdpasimnetinit and vdpasimblkinit Inject fault while probing module, if deviceregister fails in vdpasimnetinit or vdpasimblkinit, but the refcount of kobject is not decreased to 0, the name...
CVE-2023-54006
In the Linux kernel, the following vulnerability has been resolved: afunix: Fix data-race around unixtotinflight. unixtotinflight is changed under spinlockunixgclock, but unixreleasesock reads it locklessly. Let's use READONCE for unixtotinflight. Note that the writer side was marked by commit...
CVE-2022-50699
In the Linux kernel, the following vulnerability has been resolved: selinux: enable use of both GFPKERNEL and GFPATOMIC in convertcontext The following warning was triggered on a hardware environment: SELinux: Converting 162 SID table entries... BUG: sleeping function called from invalid context ...
CVE-2023-54013
In the Linux kernel, the following vulnerability has been resolved: interconnect: Fix locking for runpm vs reclaim For cases where iccbwset can be called in callbaths that could deadlock against shrinker/reclaim, such as runpm resume, we need to decouple the icc locking. Introduce a new iccbwlock...
CVE-2023-54029
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2023-54008
In the Linux kernel, the following vulnerability has been resolved: virtiovdpa: build affinity masks conditionally We try to build affinity mask via createaffinitymasks unconditionally which may lead several issues: - the affinity mask is not used for parent without affinity support only VDUSE...
CVE-2025-68354
In the Linux kernel, the following vulnerability has been resolved: regulator: core: Protect regulatorsupplyaliaslist with regulatorlistmutex regulatorsupplyaliaslist was accessed without any locking in regulatorsupplyalias, regulatorregistersupplyalias, and regulatorunregistersupplyalias...
CVE-2022-50703
In the Linux kernel, the following vulnerability has been resolved: soc: qcom: smsm: Fix refcount leak bugs in qcomsmsmprobe There are two refcount leak bugs in qcomsmsmprobe: 1 The 'localnode' is escaped out from foreachchildofnode as the break of iteration, we should call ofnodeput for it in...
CVE-2023-54038
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: return ERRPTR instead of NULL when there is no link hciconnectsco currently returns NULL when there is no link i.e. when hciconnlink returns NULL. scoconnect expects an ERRPTR in case of any error see line 266...
CVE-2023-54019
In the Linux kernel, the following vulnerability has been resolved: sched/psi: use kernfs polling functions for PSI trigger polling Destroying psi trigger in cgroupfilerelease causes UAF issues when a cgroup is removed from under a polling process. This is happening because cgroup removal causes ...
CVE-2023-54024
In the Linux kernel, the following vulnerability has been resolved: KVM: Destroy target device if coalesced MMIO unregistration fails Destroy and free the target coalesced MMIO device if unregistering said device fails. As clearly noted in the code, kvmiobusunregisterdev does not destroy the targ...
CVE-2022-50701
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921s: fix slab-out-of-bounds access in sdio host SDIO may need addtional 511 bytes to align bus operation. If the tailroom of this skb is not big enough, we would access invalid memory region. For low level...
CVE-2023-53867
In the Linux kernel, the following vulnerability has been resolved: ceph: fix potential use-after-free bug when trimming caps When trimming the caps and just after the 'session-scaplock' is released in cephiteratesessioncaps the cap maybe removed by another thread, and when using the stale cap...
CVE-2025-68356
In the Linux kernel, the following vulnerability has been resolved: gfs2: Prevent recursive memory reclaim Function newinode returns a new inode with inode-imapping-gfpmask set to GFPHIGHUSERMOVABLE. This value includes the GFPFS flag, so allocations in that address space can recurse into...
CVE-2023-53995
In the Linux kernel, the following vulnerability has been resolved: net: ipv4: fix one memleak in inetdelifa I got the below warning when do fuzzing test: unregisternetdevice: waiting for bond0 to become free. Usage count = 2 It can be repoduced via: ip link add bond0 type bond sysctl -w...
CVE-2025-68351
In the Linux kernel, the following vulnerability has been resolved: exfat: fix refcount leak in exfatfind Fix refcount leaks in exfatfind related to exfatgetdentryset. Function exfatgetdentryset would increase the reference counter of es-bh on success. Therefore, exfatputdentryset must be called...
CVE-2023-53994
In the Linux kernel, the following vulnerability has been resolved: ionic: remove WARNON to prevent paniconwarn Remove unnecessary early code development check and the WARNON that it uses. The irq alloc and free paths have long been cleaned up and this check shouldn't have stuck around so long...
CVE-2023-54017
In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: fix possible memory leak in ibmebusbusinit If deviceregister returns error in ibmebusbusinit, name of kobject which is allocated in devsetname called in deviceadd is leaked. As comment of deviceadd says, it shoul...
CVE-2025-68363
In the Linux kernel, the following vulnerability has been resolved: bpf: Check skb-transportheader is set in bpfskbcheckmtu The bpfskbcheckmtu helper needs to use skb-transportheader when the BPFMTUCHKSEGS flag is used: bpfskbcheckmtuskb, ifindex, &mtulen, 0, BPFMTUCHKSEGS The transportheader is...
CVE-2025-68344
In the Linux kernel, the following vulnerability has been resolved: ALSA: wavefront: Fix integer overflow in sample size validation The wavefrontsendsample function has an integer overflow issue when validating sample size. The header-size field is u32 but gets cast to int for comparison with...
CVE-2025-68346
In the Linux kernel, the following vulnerability has been resolved: ALSA: dice: fix buffer overflow in detectstreamformats The function detectstreamformats reads the streamcount value directly from a FireWire device without validating it. This can lead to out-of-bounds writes when a malicious...
CVE-2022-50706
In the Linux kernel, the following vulnerability has been resolved: net/ieee802154: don't warn zero-sized rawsendmsg syzbot is hitting skbassertlen warning at devqueuexmit 1, for PFIEEE802154 socket's zero-sized rawsendmsg request is hitting devqueuexmit with skb-len == 0. Since PFIEEE802154...
CVE-2025-68347
In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events The DSP event handling code in hwdepread could write more bytes to the user buffer than requested, when a user provides a buffer smaller than the event header...
CVE-2023-54023
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race between balance and cancel/pause Syzbot reported a panic that looks like this: assertion failed: fsinfo-exclusiveoperation == BTRFSEXCLOPBALANCEPAUSED, in fs/btrfs/ioctl.c:465 ------------ cut here ------------...
CVE-2025-68362
In the Linux kernel, the following vulnerability has been resolved: wifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187rxcb The rtl8187rxcb calculates the rx descriptor header address by subtracting its size from the skb tail pointer. However, it does not validate if the received...
CVE-2023-53991
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Disallow unallocated resources to be returned In the event that the topology requests resources that have not been created by the system because they are typically not represented in dpumdsscfg ^1, the resources in...
CVE-2022-50698
In the Linux kernel, the following vulnerability has been resolved: ASoC: da7219: Fix an error handling path in da7219registerdaiclks If clkhwregister fails, the corresponding clk should not be unregistered. To handle errors from loops, clean up partial iterations before doing the goto. So add a...
CVE-2023-54014
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Check valid rport returned by fcbsgtorport Klocwork reported warning of rport maybe NULL and will be dereferenced. rport returned by call to fcbsgtorport could be NULL and dereferenced. Check valid rport returned b...
CVE-2023-54000
In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix deadlock issue when externellb and reset are executed together When externellb and reset are executed together, a deadlock may occur: 3147.217009 INFO: task kworker/u321:0:7 blocked for more than 120 seconds...
CVE-2022-50710
In the Linux kernel, the following vulnerability has been resolved: ice: set txtstamps when creating new Tx rings via ethtool When the user changes the number of queues via ethtool, the driver allocates new rings. This allocation did not initialize txtstamps. This results in the txtstamps field...
CVE-2023-54007
In the Linux kernel, the following vulnerability has been resolved: vmcihost: fix a race condition in vmcihostpoll causing GPF During fuzzing, a general protection fault is observed in vmcihostpoll. general protection fault, probably for non-canonical address 0xdffffc0000000019: 0000 1 PREEMPT SM...
CVE-2023-54018
In the Linux kernel, the following vulnerability has been resolved: drm/msm/hdmi: Add missing check for allocorderedworkqueue Add check for the return value of allocorderedworkqueue as it may return NULL pointer and cause NULL pointer dereference in hdmihdcp.c and hdmihpd.c. Patchwork:...
CVE-2025-68353
In the Linux kernel, the following vulnerability has been resolved: net: vxlan: prevent NULL deref in vxlanxmitone Neither sock4 nor sock6 pointers are guaranteed to be non-NULL in vxlanxmitone, e.g. if the iface is brought down. This can lead to the following NULL dereference: BUG: kernel NULL...
CVE-2025-68345
In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41hdareadacpi The acpigetfirstphysicalnode function can return NULL, in which case the getdevice function also returns NULL, but this value is then dereferenced without...
CVE-2025-68349
In the Linux kernel, the following vulnerability has been resolved: NFSv4/pNFS: Clear NFSINOLAYOUTCOMMIT in pnfsmarklayoutstateidinvalid Fixes a crash when layout is null during this call stack: writeinode - nfs4writeinode - pnfslayoutcommitinode pnfssetlayoutcommit relies on the lseg refcount to...
CVE-2025-68358
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix racy bitfield write in btrfsclearspaceinfofull From the memory-barriers.txt document regarding memory barrier ordering guarantees: These guarantees do not apply to bitfields, because compilers often generate code to...