Linux Security Vulnerabilities
In the Linux kernel, the following vulnerability has been resolved: mmc: core: Avoid negative index with array access Commit 4d0c8d0aef63 ("mmc: core: Use mrq.sbc in close-ended ffu") assignsprev_idata = idatas[i - 1], but doesn't check that the iterator i isgreater than zero. Let's fix this by add...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: swiotlb: Fix double-allocation of slots due to broken alignment handling Commit bbb73a103fbb ("swiotlb: fix a braino in the alignment check fix"),which was a fix for commit 0eee5ae10256 ("swiotlb: fix slot alignmentchecks"), causes...
7.1CVSS
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion The first kiocb_set_cancel_fn() argument may point at a struct kiocbthat is not embedded inside struct aio_kiocb. With the current code,depending on the compiler, the...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: firewire: ohci: prevent leak of left-over IRQ on unbind Commit 5a95f1ded28691e6 ("firewire: ohci: use devres for requested IRQ")also removed the call to free_irq() in pci_remove(), leading to aleftover irq of devm_request_irq() at ...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag Otherwise after the GTT bo is released, the GTT and gart space is freedbut amdgpu_ttm_backend_unbind will not clear the gart page table entryand leave valid mapping entry pointing...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: LoongArch: Define the __io_aw() hook as mmiowb() Commit fb24ea52f78e0d595852e ("drivers: Remove explicit invocations ofmmiowb()") remove all mmiowb() in drivers, but it says: "NOTE: mmiowb() has only ever guaranteed ordering in con...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: soc: fsl: qbman: Use raw spinlock for cgr_lock smp_call_function always runs its callback in hard IRQ context, even onPREEMPT_RT, where spinlocks can sleep. So we need to use a raw spinlockfor cgr_lock to ensure we aren't waiting o...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ubifs: Set page uptodate in the correct place Page cache reads are lockless, so setting the freshly allocated pageuptodate before we've overwritten it with the data it's supposed to havein it will allow a simultaneous reader to see...
7.5CVSS
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: usb: udc: remove warning when queue disabled ep It is possible trigger below warning message from mass storage function, WARNING: CPU: 6 PID: 3839 at drivers/usb/gadget/udc/core.c:294 usb_ep_queue+0x7c/0x104pc : usb_ep_queue+0x7c/0...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: vt: fix unicode buffer corruption when deleting characters This is the same issue that was fixed for the VGA text buffer in commit39cdb68c64d8 ("vt: fix memory overlapping when deleting chars in thebuffer"). The cure is also the sa...
7.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: misc: lis3lv02d_i2c: Fix regulators getting en-/dis-abled twice on suspend/resume When not configured for wakeup lis3lv02d_i2c_suspend() will calllis3lv02d_poweroff() even if the device has already been turned offby the runtime-sus...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ncm: Fix handling of zero block length packets While connecting to a Linux host with CDC_NCM_NTB_DEF_SIZE_TXset to 65536, it has been observed that we receive short packets,which come at interval of 5-10 seconds someti...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: block: Fix page refcounts for unaligned buffers in __bio_release_pages() Fix an incorrect number of pages being released for buffers that do notstart at the beginning of a page.
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: io_uring/net: fix overflow check in io_recvmsg_mshot_prep() The "controllen" variable is type size_t (unsigned long). Casting itto int could lead to an integer underflow. The check_add_overflow() function considers the type of the ...
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer() In the for statement of lbs_allocate_cmd_buffer(), if the allocation ofcmdarray[i].cmdbuf fails, both cmdarray and cmdarray[i].cmdbuf needs tobe freed. Otherwise, there...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/lima: fix a memleak in lima_heap_alloc When lima_vm_map_bo fails, the resources need to be deallocated, orthere will be memleaks.
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: media: tc358743: register v4l2 async device only after successful setup Ensure the device has been setup correctly before registering the v4l2async device, thus allowing userspace to access.
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: io_uring: Fix release of pinned pages when __io_uaddr_map fails Looking at the error path of __io_uaddr_map, if we fail after pinningthe pages for any reasons, ret will be set to -EINVAL and the errorhandler won't properly release ...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: bcachefs: kvfree bch_fs::snapshots in bch2_fs_snapshots_exit bch_fs::snapshots is allocated by kvzalloc in __snapshot_t_mut.It should be freed by kvfree not kfree.Or umount will triger: [ 406.829178 ] BUG: unable to handle page fau...
6.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA This dma_alloc_coherent() is undone neither in the remove function, nor inthe error handling path of fsl_qdma_probe(). Switch to the managed version to fix bot...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: xsk: recycle buffer in case Rx queue was full Add missing xsk_buff_free() call when __xsk_rcv_zc() failed to producedescriptor to XSK Rx queue.
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: fix a double-free in arfs_create_groups When in allocated by kvzalloc fails, arfs_create_groups will freeft->g and return an error. However, arfs_create_table, the only caller ofarfs_create_groups, will hold this erro...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: dpll: fix pin dump crash for rebound module When a kernel module is unbound but the pin resources were not entirelyfreed (other kernel module instance of the same PCI device have had keptthe reference to that pin), and kernel modul...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: clear BM pool before initialization Register value persist after booting the kernel usingkexec which results in kernel panic. Thus clear theBM pool registers before initialisation to fix the issue.
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix potential sta-link leak When a station is allocated, links are added but notset to valid yet (e.g. during connection to an AP MLD),we might remove the station without ever marking linksvalid, and leak them. Fix ...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: netfilter: bridge: replace physindev with physinif in nf_bridge_info An skb can be added to a neigh->arp_queue while waiting for an arpreply. Where original skb's skb->dev can be different to neigh'sneigh->dev. For instanc...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect() subflow_finish_connect() uses four fields (backup, join_id, thmac, none)that may contain garbage unless OPTION_MPTCP_MPJ_SYNACK has been setin mptcp_parse_option()
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: tls, fix WARNIING in __sk_msg_free A splice with MSG_SPLICE_PAGES will cause tls code to use thetls_sw_sendmsg_splice path in the TLS sendmsg code to move the userprovided pages from the msg into the msg_pl. This will loop ove...
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: sof-common: Add NULL check for normal_link string It's not granted that all entries of struct sof_conn_stream declarea normal_link (a non-SOF, direct link) string, and this is the casefor SoCs that support only SOF ...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Use device rbtree in iopf reporting path The existing I/O page fault handler currently locates the PCI device bycalling pci_get_domain_bus_and_slot(). This function searches the listof all PCI devices until the desired ...
6.8CVSS
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix reserve_cblocks counting error when out of space When a file only needs one direct_node, performing the followingoperations will cause the file to be unrepairable: unisoc # ./f2fs_io compress test.apkunisoc #df ...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: dbg-tlv: ensure NUL termination The iwl_fw_ini_debug_info_tlv is used as a string, so we mustensure the string is terminated correctly before using it.
9.1CVSS
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mm: zswap: fix shrinker NULL crash with cgroup_disable=memory Christian reports a NULL deref in zswap that he bisected down to the zswapshrinker. The issue also cropped up in the bug trackers of libguestfs [1]and the Red Hat bugzil...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Prevent double free on error The error handling path in its_vpe_irq_domain_alloc() causes a double freewhen its_vpe_init() fails after successfully allocating at least oneinterrupt. This happens because its_vpe_...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: eeprom: at24: fix memory corruption race condition If the eeprom is not accessible, an nvmem device will be registered, theread will fail, and the device will be torn down. If another driveraccesses the nvmem device after the teard...
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix information leak in btrfs_ioctl_logical_to_ino() Syzbot reported the following information leak for inbtrfs_ioctl_logical_to_ino(): BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 ...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix NULL-deref on non-serdev setup Qualcomm ROME controllers can be registered from the Bluetooth linediscipline and in this case the HCI UART serdev pointer is NULL. Add the missing sanity check to prevent a NULL-p...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix NULL-deref on non-serdev suspend Qualcomm ROME controllers can be registered from the Bluetooth linediscipline and in this case the HCI UART serdev pointer is NULL. Add the missing sanity check to prevent a NULL...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work The rehash delayed work is rescheduled with a delay if the number ofcredits at end of the work is not negative as supposedly it means thatthe migration ended. Oth...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash The rehash delayed work migrates filters from one region to another.This is done by iterating over all chunks (all the filters with the samepriority) in the region and in each...
6.4CVSS
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash The rehash delayed work migrates filters from one region to anotheraccording to the number of available credits. The migrated from region is destroyed at the end o...
8.8CVSS
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update The rule activity update delayed work periodically traverses the list ofconfigured rules and queries their activity from the device. As part of this task ...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: mediatek: Fix double free of skb in coredump hci_devcd_append() would free the skb on error so the caller don'thave to free it again otherwise it would cause the double free of skb. Reported-by : Dan Carpenter dan...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: icmp: prevent possible NULL dereferences from icmp_build_probe() First problem is a double call to __in_dev_get_rcu(), becausethe second one could return NULL. if (__in_dev_get_rcu(dev) && __in_dev_get_rcu(dev)->ifa_list) Second...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: bcmasp: fix memory leak when bringing down interface When bringing down the TX rings we flush the rings but forget toreclaimed the flushed packets. This leads to a memory leak since wedo not free the dma mapped buffers. This a...
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: block: fix module reference leakage from bdev_open_by_dev error path At the time bdev_may_open() is called, module reference is grabbedalready, hence module reference should be released if bdev_may_open()failed. This problem is fou...
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: bpf: support deferring bpf_link dealloc to after RCU grace period BPF link for some program types is passed as a "context" which can beused by those BPF programs to look up additional information. E.g., formulti-kprobes and multi-u...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect() Skip sessions that are being teared down (status == SES_EXITING) toavoid UAF.
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in smb2_is_network_name_deleted() Skip sessions that are being teared down (status == SES_EXITING) toavoid UAF.
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in is_valid_oplock_break() Skip sessions that are being teared down (status == SES_EXITING) toavoid UAF.
6.7AI Score
0.0004EPSS