Linux Security Vulnerabilities
In the Linux kernel, the following vulnerability has been resolved: efi/capsule-loader: fix incorrect allocation size gcc-14 notices that the allocation with sizeof(void) on 32-bit architecturesis not enough for a 64-bit phys_addr_t: drivers/firmware/efi/capsule-loader.c: In function 'efi_capsule_o...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back In the commit d73ef2d69c0d ("rtnetlink: let rtnl_bridge_setlink checksIFLA_BRIDGE_MODE length"), an adjustment was made to the old loop logicin the function rtnl_bridge_s...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: netfilter: bridge: confirm multicast packets before passing them up the stack conntrack nf_confirm logic cannot handle cloned skbs referencingthe same nf_conn entry, which will happen for multicast (broadcast)frames on bridges. Exa...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST If we received HCI_EV_IO_CAPA_REQUEST whileHCI_OP_READ_REMOTE_EXT_FEATURES is yet to be responded assume the remotedoes support SSP since otherwise this event shouldn't b...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ipv6: fix potential "struct net" leak in inet6_rtm_getaddr() It seems that if userspace provides a correct IFA_TARGET_NETNSID valuebut no IFA_ADDRESS and IFA_LOCAL attributes, inet6_rtm_getaddr()returns -EINVAL with an elevated "st...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: mctp: take ownership of skb in mctp_local_output Currently, mctp_local_output only takes ownership of skb on success, andwe may leak an skb if mctp_local_output fails in specific states; theskb ownership isn't transferred unti...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: netrom: Fix data-races around sysctl_net_busy_read We need to protect the reader reading the sysctl value because thevalue can be changed concurrently.
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: cpumap: Zero-initialise xdp_rxq_info struct before running XDP program When running an XDP program that is attached to a cpumap entry, we don'tinitialise the xdp_rxq_info data structure being used in the xdp_buffthat backs the XDP ...
5.5CVSS
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk_eth_soc: fix PPE hanging issue A patch to resolve an issue was found in MediaTek's GPL-licensed SDK:In the mtk_ppe_stop() function, the PPE scan mode is not disabled beforedisabling the PPE. This can potentially ...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: mt7622-apmixedsys: Fix an error handling path in clk_mt8135_apmixed_probe() 'clk_data' is allocated with mtk_devm_alloc_clk_data(). So callingmtk_free_clk_data() explicitly in the remove function would lead to adoubl...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't set the MFP flag for the GTK The firmware doesn't need the MFP flag for the GTK, it can even make thefirmware crash. in case the AP is configured with: group cipher TKIP andMFPC. We would send the GTK with...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: nvme: fix reconnection fail due to reserved tag allocation We found a issue on production environment while using NVMe over RDMA,admin_q reconnect failed forever while remote target and network is ok.After dig into it, we found it ...
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Stop parsing channels bits when all channels are found. If a usb audio device sets more bits than the amount of channelsit could write outside of the map array.
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Disable auto-enable of exclusive INTx IRQ Currently for devices requiring masking at the irqchip for INTx, ie.devices without DisINTx support, the IRQ is enabled in request_irq()and subsequently disabled as necessary to a...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline The absence of IRQD_MOVE_PCNTXT prevents immediate effectiveness ofinterrupt affinity reconfiguration via procfs. Instead, the change isdeferred until the next i...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: media: ti: j721e-csi2rx: Fix races while restarting DMA After the frame is submitted to DMA, it may happen that the submittedlist is not updated soon enough, and the DMA callback is triggeredbefore that. This can lead to kernel cra...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: efi: libstub: only free priv.runtime_map when allocated priv.runtime_map is only allocated when efi_novamap is not set.Otherwise, it is an uninitialized value. In the error path, it is freedunconditionally. Avoid passing an uniniti...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound Raw packet from PF_PACKET socket ontop of an IPv6-backed ipvlan device willhit WARN_ON_ONCE() in sk_mc_loop() through sch_direct_xmit() path. WARNING: CPU: 2 PID: 0 at n...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: don't allow unaligned truncation on released compress inode f2fs image may be corrupted after below testcase: mkfs.f2fs -O extra_attr,compression -f /dev/vdb mount /dev/vdb /mnt/f2fs touch /mnt/f2fs/file f2fs_io set...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix to cover {reserve,release}_compress_blocks() w/ cp_rwsem lock It needs to cover {reserve,release}_compress_blocks() w/ cp_rwsem lockto avoid racing with checkpoint, otherwise, filesystem metadata includingblkadd...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: PCI: of_property: Return error for int_map allocation failure Return -ENOMEM from of_pci_prop_intr_map() if kcalloc() fails to prevent aNULL pointer dereference in this case. [bhelgaas: commit log]
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: dma-mapping: benchmark: fix node id validation While validating node ids in map_benchmark_ioctl(), node_possible() maybe provided with invalid argument outside of [0,MAX_NUMNODES-1] rangeleading to: BUG: KASAN: wild-memory-access i...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: fpga: region: add owner module and take its refcount The current implementation of the fpga region assumes that the low-levelmodule registers a driver for the parent device and uses its owner pointerto take the module's refcount. T...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock with fiemap and extent locking While working on the patchset to remove extent locking I got a lockdepsplat with fiemap and pagefaulting with my new extent lock replacementlock. This deadlock exists with our norm...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: tee: optee: Fix kernel panic caused by incorrect error handling The error path while failing to register devices on the TEE bus has abug leading to kernel panic as follows: [ 15.398930] Unable to handle kernel paging request at vir...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix stale locked mutex in nouveau_gem_ioctl_pushbuf If VM_BIND is enabled on the client the legacy submission ioctl can't beused, however if a client tries to do so regardless it will return anerror. In this case the c...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: md/md-bitmap: fix incorrect usage for sb_index Commit d7038f951828 ("md-bitmap: don't use ->index for pages backing thebitmap file") removed page->index from bitmap code, but left wrong codelogic for clustered-md. current cod...
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix bounds check for dcn35 DcfClocks [Why]NumFclkLevelsEnabled is used for DcfClocks bounds checkinstead of designated NumDcfClkLevelsEnabled.That can cause array index out-of-bounds access. [How]Use designated var...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes When moving a station out of a VLAN and deleting the VLAN afterwards, thefast_rx entry still holds a pointer to the VLAN's netdev, which can causeuse-after-free bug...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group The DisplayPort driver's sysfs nodes may be present to the userspace beforetypec_altmode_set_drvdata() completes in dp_altmode_probe. T...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() Do the cache flush of converted pages in svm_register_enc_region() beforedropping kvm->lock to fix use-after-free issues where region and/or itsarr...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: crypto: rk3288 - Fix use after free in unprepare The unprepare call must be carried out before the finalize callas the latter can free the request.
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: debugfs: fix wait/cancellation handling during remove Ben Greear further reports deadlocks during concurrent debugfsremove while files are being accessed, even though the code inquestion now uses debugfs cancellations. Turns out th...
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: dm-raid: really frozen sync_thread during suspend commit f52f5c71f3d4 ("md: fix stopping sync thread") removeMD_RECOVERY_FROZEN from __md_stop_writes() and doesn't realize thatdm-raid relies on __md_stop_writes() to frozen sync_thr...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix deadlock while reading mqd from debugfs An errant disk backup on my desktop got into debugfs and triggered thefollowing deadlock scenario in the amdgpu debugfs files. The machinealso hard-resets immediately after th...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: ll_temac: platform_get_resource replaced by wrong function The function platform_get_resource was replaced withdevm_platform_ioremap_resource_byname and is called using 0 as name. This eventually ends up in platform_get_resour...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mm: cachestat: fix two shmem bugs When cachestat on shmem races with swapping and invalidation, thereare two possible bugs: A swapin error can have resulted in a poisoned swap entry in theshmem inode's xarray. Calling get_shadow_fr...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race in read_extent_buffer_pages() There are reports from tree-checker that detects corrupted nodes,without any obvious pattern so possibly an overwrite in memory.After some debugging it turns out there's a race when rea...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Prevent crash when disable stream [Why]Disabling stream encoder invokes a function that no longer exists. [How]Check if the function declaration is NULL in disable stream encoder.
6.2CVSS
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: efi: fix panic in kdump kernel Check if get_next_variable() is actually valid pointer beforecalling it. In kdump kernel this method is set to NULL that causespanic during the kexec-ed kernel boot. Tested with QEMU and OVMF firmware...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD Commit 672365477ae8 ("x86/fpu: Update XFD state where required") andcommit 8bf26758ca96 ("x86/fpu: Add XFD state to fpstate") introduced aper CPU variable xfd_state to keep the MSR_...
7.8CVSS
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: x86/efistub: Call mixed mode boot services on the firmware's stack Normally, the EFI stub calls into the EFI boot services using the stackthat was live when the stub was entered. According to the UEFI spec,this stack needs to be at...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Mark target gfn of emulated atomic instruction as dirty When emulating an atomic access on behalf of the guest, mark the targetgfn dirty if the CMPXCHG by KVM is attempted and doesn't fault. Thisfixes a bug where KVM effe...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: dm snapshot: fix lockup in dm_exception_table_exit There was reported lockup when we exit a snapshot with many exceptions.Fix this by adding "cond_resched" to the loop that frees the exceptions.
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: soc: fsl: qbman: Always disable interrupts when taking cgr_lock smp_call_function_single disables IRQs when executing the callback. Toprevent deadlocks, we must disable IRQs when taking cgr_lock elsewhere.This is already done by qm...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ext4: fix corruption during on-line resize We observed a corruption during on-line resize of a file system that islarger than 16 TiB with 4k block size. With having more then 2^32 blocksresize_inode is turned off by default by mke2...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: md/dm-raid: don't call md_reap_sync_thread() directly Currently md_reap_sync_thread() is called from raid_message() directlywithout holding 'reconfig_mutex', this is definitely unsafe becausemd_reap_sync_thread() can change many fi...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: PCI/PM: Drain runtime-idle callbacks before driver removal A race condition between the .runtime_idle() callback and the .remove()callback in the rtsx_pcr PCI driver leads to a kernel crash due to anunhandled page fault [1]. The pr...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix the lifetime of the bo cursor memory The cleanup can be dispatched while the atomic update is still active,which means that the memory acquired in the atomic update needs tonot be invalidated by the cleanup. The buf...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach This is the candidate patch of CVE-2023-47233 :https://nvd.nist.gov/vuln/detail/CVE-2023-47233 In brcm80211 driver,it starts with the following invoking chainto start ...
6.1AI Score
0.0004EPSS