68528 matches found
CVE-2023-53388
In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Clean dangling pointer on bind error path mtkdrmbind can fail, in which case drmdevput is called, destroying the drmdevice object. However a pointer to it was still being held in the private object, and that pointer...
CVE-2022-50399
In the Linux kernel, the following vulnerability has been resolved: media: atomisp: prevent integer overflow in shcsssetblackframe The "height" and "width" values come from the user so the "height width" multiplication can overflow...
CVE-2023-53415
In the Linux kernel, the following vulnerability has been resolved: USB: dwc3: fix memory leak with using debugfslookup When calling debugfslookup the result must have dput called on it, otherwise the memory will leak over time. To make things simpler, just call debugfslookupandremove instead whi...
CVE-2022-50395
In the Linux kernel, the following vulnerability has been resolved: integrity: Fix memory leakage in keyring allocation error path Key restriction is allocated in integrityinitkeyring. However, if keyring allocation failed, it is not freed, causing memory leaks...
CVE-2025-30187
In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to cause a denial of service by crafting a DoH exchange that triggers an unbounded I/O read loop, causing an unexpected consumption of CPU resources...
CVE-2025-58767
REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. The REXML gem 3.4.2 or later include the patches to fix these...
CVE-2022-50355
In the Linux kernel, the following vulnerability has been resolved: staging: vt6655: fix some erroneous memory clean-up loops In some initialization functions of this driver, memory is allocated with 'i' acting as an index variable and increasing from 0. The commit in "Fixes" introduces some...
CVE-2023-53364
In the Linux kernel, the following vulnerability has been resolved: regulator: da9063: better fix null deref with partial DT Two versions of the original patch were sent but V1 was merged instead of V2 due to a mistake. So update to V2. The advantage of V2 is that it completely avoids dereferenci...
CVE-2022-50374
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcildisc,serdev: check percpuinitrwsem failure syzbot is reporting NULL pointer dereference at hciuartttyclose 1, for rcusyncenter is called without rcusyncinit due to hciuartttyopen ignoring percpuinitrwsem failure...
CVE-2023-53367
In the Linux kernel, the following vulnerability has been resolved: accel/habanalabs: fix mem leak in capture user mappings This commit fixes a memory leak caused when clearing the usermappings info when a new context is opened immediately after usermapping is captured and a hard reset is perform...
CVE-2022-50373
In the Linux kernel, the following vulnerability has been resolved: fs: dlm: fix race in lowcomms This patch fixes a race between queuework in dlmlowcommscommitmsg and srcureadunlock. The queuework can take the final reference of a dlmmsg and so msg-idx can contain garbage which is signaled by th...
CVE-2022-50359
In the Linux kernel, the following vulnerability has been resolved: media: cx88: Fix a null-ptr-deref bug in bufferprepare When the driver calls cx88riscbuffer to prepare the buffer, the function call may fail, resulting in a empty buffer and null-ptr-deref later in bufferqueue. The following log...
CVE-2022-50365
In the Linux kernel, the following vulnerability has been resolved: skbuff: Account for tail adjustment during pull operations Extending the tail can have some unexpected side effects if a program uses a helper like BPFFUNCskbpulldata to read partial content beyond the head skb headlen when all t...
CVE-2022-50362
In the Linux kernel, the following vulnerability has been resolved: dmaengine: hisilicon: Add multi-thread support for a DMA channel When we get a DMA channel and try to use it in multiple threads it will cause oops and hanging the system. % echo 100 /sys/module/dmatest/parameters/threadsperchan ...
CVE-2023-53355
In the Linux kernel, the following vulnerability has been resolved: staging: pi433: fix memory leak with using debugfslookup When calling debugfslookup the result must have dput called on it, otherwise the memory will leak over time. To make things simpler, just call debugfslookupandremove instea...
CVE-2023-53340
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Collect command failures data only for known commands DEVX can issue a general command, which is not used by mlx5 driver. In case such command is failed, mlx5 is trying to collect the failure data, However, mlx5 doesn't...
CVE-2022-50354
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix kfdprocessdeviceinitvm error handling Should only destroy the ibmem and let process cleanup worker to free the outstanding BOs. Reset the pointer in pdd-qpd structure, to avoid NULL pointer access in process destr...
CVE-2023-53360
In the Linux kernel, the following vulnerability has been resolved: NFSv4.2: Rework scratch handling for READPLUS again I found that the read code might send multiple requests using the same nfspgioheader, but nfs4procreadsetup is only called once. This is how we ended up occasionally...
CVE-2023-53351
In the Linux kernel, the following vulnerability has been resolved: drm/sched: Check scheduler work queue before calling timeout handling During an IGT GPU reset test we see again oops despite of commit 0c8c901aaaebc9 drm/sched: Check scheduler ready before calling timeout handling. It uses ready...
CVE-2023-53353
In the Linux kernel, the following vulnerability has been resolved: accel/habanalabs: postpone memmgr IDR destruction to hprivrelease The memory manager IDR is currently destroyed when user releases the file descriptor. However, at this point the user context might be still held, and memory buffe...
CVE-2022-50372
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix memory leak when build ntlmssp negotiate blob failed There is a memory leak when mount cifs: unreferenced object 0xffff888166059600 size 448: comm "mount.cifs", pid 51391, jiffies 4295596373 age 330.596s hex dump first ...
CVE-2022-50358
In the Linux kernel, the following vulnerability has been resolved: brcmfmac: return error when getting invalid maxflowrings from dongle When firmware hit trap at initialization, host will read abnormal maxflowrings number from dongle, and it will cause kernel panic when doing iowrite to initiali...
CVE-2023-53350
In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Fix slicing memory leak The temporary buffer storing slicing configuration data from user is only freed on error. This is a memory leak. Free the buffer unconditionally...
CVE-2023-53363
In the Linux kernel, the following vulnerability has been resolved: PCI: Fix use-after-free in pcibusreleasedomainnr Commit c14f7ccc9f5d "PCI: Assign PCI domain IDs by idaalloc" introduced a use-after-free bug in the bus removal cleanup. The issue was found with kfence: 19.293351 BUG: KFENCE:...
CVE-2023-53366
In the Linux kernel, the following vulnerability has been resolved: block: be a bit more careful in checking for NULL bdev while polling Wei reports a crash with an application using polled IO: PGD 14265e067 P4D 14265e067 PUD 47ec50067 PMD 0 Oops: 0000 1 SMP CPU: 0 PID: 21915 Comm: iocore0 Kdump:...
CVE-2023-53349
In the Linux kernel, the following vulnerability has been resolved: media: ov2740: Fix memleak in ov2740initcontrols There is a kmemleak when testing the media/i2c/ov2740.c with bpf mock device: unreferenced object 0xffff8881090e19e0 size 16: comm "51-i2c-ov2740", pid 278, jiffies 4294781584 age...
CVE-2022-50356
In the Linux kernel, the following vulnerability has been resolved: net: sched: sfb: fix null pointer access issue when sfbinit fails When the default qdisc is sfb, if the qdisc of devqueue fails to be inited during mqprioinit, sfbreset is invoked to clear resources. In this case, the q-qdisc is...
CVE-2022-50357
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: core: fix some leaks in probe The dwc3getproperties function calls: dwc-usbpsy = powersupplygetbynameusbpsyname; so there is some additional clean up required on these error paths...
CVE-2023-53335
In the Linux kernel, the following vulnerability has been resolved: RDMA/cxgb4: Fix potential null-ptr-deref in passestablish If getepfromtid fails to lookup non-NULL value for ep, ep is dereferenced later regardless of whether it is empty. This patch adds a simple sanity check to fix the issue...
CVE-2022-50367
In the Linux kernel, the following vulnerability has been resolved: fs: fix UAF/GPF bug in nilfsmdtdestroy In allocinode, inodeinitalways could return -ENOMEM if securityinodealloc fails, which causes inode-iprivate uninitialized. Then nilfsismetadatafileinode returns true and nilfsfreeinode...
CVE-2023-53341
In the Linux kernel, the following vulnerability has been resolved: of/fdt: run soc memory setup when earlyinitdtscanmemory fails If memory has been found earlyinitdtscanmemory now returns 1. If it hasn't found any memory it will return 0, allowing other memory setup mechanisms to carry on...
CVE-2022-50366
In the Linux kernel, the following vulnerability has been resolved: powercap: intelrapl: fix UBSAN shift-out-of-bounds issue When value timeunit, the parameter of ilog2 will be zero and the return value is -1. u64-1 is too large for shift exponent and then will trigger shift-out-of-bounds: shift...
CVE-2022-50369
In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Fix null-ptr-deref in vkmsrelease A null-ptr-deref is triggered when it tries to destroy the workqueue in vkms-output.composerworkq in vkmsrelease. KASAN: null-ptr-deref in range 0x0000000000000118-0x000000000000011f CP...
CVE-2022-50363
In the Linux kernel, the following vulnerability has been resolved: skmsg: pass gfp argument to allocskmsg syzbot found that allocskmsg could be called from a non sleepable context. skpsockverdictrecv uses rcureadlock protection. We need the callers to pass a gfpt argument to avoid issues. syzbot...
CVE-2022-50361
In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: add missing unregisternetdev in wilcnetdevifcinit Fault injection test reports this issue: kernel BUG at net/core/dev.c:10731! invalid opcode: 0000 1 PREEMPT SMP KASAN PTI Call Trace: wilcnetdevifcinit+0x19f/0x220...
CVE-2023-53346
In the Linux kernel, the following vulnerability has been resolved: kernel/failfunction: fix memory leak with using debugfslookup When calling debugfslookup the result must have dput called on it, otherwise the memory will leak over time. To make things simpler, just call debugfslookupandremove...
CVE-2022-50370
In the Linux kernel, the following vulnerability has been resolved: i2c: designware: Fix handling of real but unexpected device interrupts Commit c7b79a752871 "mfd: intel-lpss: Add Intel Alder Lake PCH-S PCI IDs" caused a regression on certain Gigabyte motherboards for Intel Alder Lake-S where...
CVE-2022-50364
In the Linux kernel, the following vulnerability has been resolved: i2c: mux: reg: check return value after calling platformgetresource It will cause null-ptr-deref in resourcesize, if platformgetresource returns NULL, move calling resourcesize after devmioremapresource that will check 'res' to...
CVE-2023-53354
In the Linux kernel, the following vulnerability has been resolved: skbuff: skbsegment, Call zero copy functions before using skbuff frags Commit bf5c25d60861 "skbuff: in skbsegment, call zerocopy functions once per nskb" added the call to zero copy functions in skbsegment. The change introduced ...
CVE-2023-53345
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix potential data race in rxrpcwaittobeconnected Inside the loop in rxrpcwaittobeconnected it checks call-error to see if it should exit the loop without first checking the call state. This is probably safe as if call-err...
CVE-2023-53357
In the Linux kernel, the following vulnerability has been resolved: md/raid10: check slab-out-of-bounds in mdbitmapgetcounter If we write a large number to md/bitmapsetbits, mdbitmapcheckpage will return -EINVAL because 'page = bitmap-pages', but the return value was not checked immediately in...
CVE-2023-53337
In the Linux kernel, the following vulnerability has been resolved: nilfs2: do not write dirty data after degenerating to read-only According to syzbot's report, markbufferdirty called from nilfssegctordoconstruct outputs a warning with some patterns after nilfs2 detects metadata corruption and...
CVE-2023-53343
In the Linux kernel, the following vulnerability has been resolved: icmp6: Fix null-ptr-deref of ip6nullentry-rt6iidev in icmp6dev. With some IPv6 Ext Hdr RPL, SRv6, etc., we can send a packet that has the link-local address as src and dst IP and will be forwarded to an external IP in the IPv6 Ex...
CVE-2023-53339
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix BUGON condition in btrfscancelbalance Pausing and canceling balance can race to interrupt balance lead to BUGON panic in btrfscancelbalance. The BUGON condition in btrfscancelbalance does not take this race scenario in...
CVE-2023-53358
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix racy issue under cocurrent smb2 tree disconnect There is UAF issue under cocurrent smb2 tree disconnect. This patch introduce TREECONNEXPIRE flags for tcon to avoid cocurrent access...
CVE-2023-53344
In the Linux kernel, the following vulnerability has been resolved: can: bcm: bcmtxsetup: fix KMSAN uninit-value in vfswrite Syzkaller reported the following issue: ===================================================== BUG: KMSAN: uninit-value in aiorwdone fs/aio.c:1520 inline BUG: KMSAN:...
CVE-2023-53362
In the Linux kernel, the following vulnerability has been resolved: bus: fsl-mc: don't assume child devices are all fsl-mc devices Changes in VFIO caused a pseudo-device to be created as child of fsl-mc devices causing a crash 1 when trying to bind a fsl-mc device to VFIO. Fix this by checking th...
CVE-2023-53352
In the Linux kernel, the following vulnerability has been resolved: drm/ttm: check null pointer before accessing when swapping Add a check to avoid null pointer dereference as below: 90.002283 general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 1 PREEMPT SMP KASA...
CVE-2023-53356
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: userial: Add null pointer check in gserialsuspend Consider a case where gserialdisconnect has already cleared gser-ioport. And if gserialsuspend gets called afterwards, it will lead to accessing of gser-ioport and th...
CVE-2023-53342
In the Linux kernel, the following vulnerability has been resolved: net: marvell: prestera: fix handling IPv4 routes with nhid Fix handling IPv4 routes referencing a nexthop via its id by replacing calls to fibinfonh with fibinfonhc. Trying to add an IPv4 route referencing a nextop via nhid: $ ip...