Linux Security Vulnerabilities
In the Linux kernel, the following vulnerability has been resolved: s390/bpf: Fix bpf_plt pointer arithmetic Kui-Feng Lee reported a crash on s390x triggered by thedummy_st_ops/dummy_init_ptr_arg test [1]: [<0000000000000002>] 0x2[<00000000009d5cde>] bpf_struct_ops_test_run+0x156/0x250[...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: randomize_kstack: Improve entropy diffusion The kstack_offset variable was really only ever using the low bits forkernel stack offset entropy. Add a ror32() to increase bit diffusion.
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: adding lock to protect encoder context list Add a lock for the ctx_list, to avoid accessing a NULL pointerwithin the 'vpu_enc_ipi_handler' function when the ctx_list hasbeen deleted due to an unexpected beh...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: adding lock to protect decoder context list Add a lock for the ctx_list, to avoid accessing a NULL pointerwithin the 'vpu_dec_ipi_handler' function when the ctx_list hasbeen deleted due to an unexpected beh...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix oops when HEVC init fails The stateless HEVC decoder saves the instance pointer in the contextregardless if the initialization worked or not. This caused a use afterfree, when the pointer is freed in ca...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: fbmon: prevent division by zero in fb_videomode_from_videomode() The expression htotal * vtotal can have a zero value onoverflow. It is necessary to prevent division by zero like infb_var_to_videomode(). Found by Linux Verification...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Limit read size on v1.2 Between UCSI 1.2 and UCSI 2.0, the size of the MESSAGE_IN region wasincreased from 16 to 256. In order to avoid overflowing reads for oldersystems, add a mechanism to use the read UCSI vers...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: block: prevent division by zero in blk_rq_stat_sum() The expression dst->nr_samples + src->nr_samples mayhave zero value on overflow. It is necessary to adda check to avoid division by zero. Found by Linux Verification Center...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: crypto: iaa - Fix async_disable descriptor leak The disable_async paths of iaa_compress/decompress() don't free idxddescriptors in the async_disable case. Currently this only happens inthe testcases where req->dst is set to null...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm: Check output polling initialized before disabling In drm_kms_helper_poll_disable() check if output pollingsupport is initialized before disabling polling. If not flagthis as a warning.Additionally in drm_mode_config_helper_sus...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init() This ensures that the memory mapped by ioremap for adev->rmmio, isproperly handled in amdgpu_device_init(). If the function exits earlydue to an error,...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: rcu/nocb: Fix WARN_ON_ONCE() in the rcu_nocb_bypass_lock() For the kernels built with CONFIG_RCU_NOCB_CPU_DEFAULT_ALL=y andCONFIG_RCU_LAZY=y, the following scenarios will trigger WARN_ON_ONCE()in the rcu_nocb_bypass_lock() and rcu_...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() The call to lpfc_sli4_resume_rpi() in lpfc_rcv_padisc() may return anunsuccessful status. In such cases, the elsiocb is not issued, thecompletion is not called, and thus the...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Skip do PCI error slot reset during RAS recovery Why:The PCI error slot reset maybe triggered after inject ue to UMC multi times, thiscaused system hang.[ 557.371857] amdgpu 0000:af:00.0: amdgpu: GPU reset succeeded, tr...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/vc4: don't check if plane->state->fb == state->fb Currently, when using non-blocking commits, we can see the followingkernel warning: [ 110.908514] ------------[ cut here ]------------[ 110.908529] refcount_t: underflo...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel: Fix null ptr deref in btintel_read_version If hci_cmd_sync_complete() is triggered and skb is NULL, thenhdev->req_skb is NULL, which will cause this issue.
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() Many syzbot reports show extreme rtnl pressure, and many of them hintthat smc acquires rtnl in netns creation for no good reason [1] This patch returns early from smc_...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: btrfs: send: handle path ref underflow in header iterate_inode_ref() Change BUG_ON to proper error handling if building the path bufferfails. The pointers are not printed so we don't accidentally leak kerneladdresses.
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() The unhandled case in btrfs_relocate_sys_chunks() loop is a corruption,as it could be caused only by two impossible conditions: at first the search key is set up ...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: check A-MSDU format more carefully If it looks like there's another subframe in the A-MSDUbut the header isn't fully there, we can end up readingdata out of bounds, only to discard later. Make this abit more careful...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: decrease MHI channel buffer length to 8KB Currently buf_len field of ath11k_mhi_config_qca6390 is assignedwith 0, making MHI use a default size, 64KB, to allocate channelbuffers. This is likely to fail in some scenari...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: dma-direct: Leak pages on dma_set_decrypted() failure On TDX it is possible for the untrusted host to causeset_memory_encrypted() or set_memory_decrypted() to fail such that anerror is returned and the resulting memory is shared. C...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: pstore/zone: Add a null pointer check to the psz_kmsg_read kasprintf() returns a pointer to dynamically allocated memorywhich can be NULL upon failure. Ensure the allocation was successfulby checking the pointer validity.
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8mp-blk-ctrl: imx8mp_blk: Add fdcc clock to hdmimix domain According to i.MX8MP RM and HDMI ADD, the fdcc clock is part ofhdmi rx verification IP that should not enable for HDMI TX.But actually if the clock is disabled...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: pmdomain: ti: Add a null pointer check to the omap_prm_domain_init devm_kasprintf() returns a pointer to dynamically allocated memorywhich can be NULL upon failure. Ensure the allocation was successfulby checking the pointer validi...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() Syzkaller hit 'WARNING in dg_dispatch_as_host' bug. memcpy: detected field-spanning write (size 56) of single field "&dg_info->msg"at drivers/misc/vmw_vmci/vmci_datagr...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: phy: phy_device: Prevent nullptr exceptions on ISR If phydev->irq is set unconditionally, checkfor valid interrupt handler or fall back to polling mode to preventnullptr exceptions in interrupt service routine.
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: fix null pointer access when abort scan During cancel scan we might use vif that weren't scanning.Fix this by using the actual scanning vif.
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: dyndbg: fix old BUG_ON in >control parser Fix a BUG_ON from 2009. Even if it looks "unreachable" (I didn'treally look), lets make sure by removing it, doing pr_err and return-EINVAL instead.
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: bcachefs: Check for journal entries overruning end of sb clean section Fix a missing bounds check in superblock validation. Note that we don't yet have repair code for this case - repair code forindividual items is generally low pr...
8.4CVSS
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: btrfs: make sure that WRITTEN is set on all metadata blocks We previously would call btrfs_check_leaf() if we had the checkintegrity code enabled, which meant that we could only run the extendedleaf checks if we had WRITTEN set on ...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/client: Fully protect modes[] with dev->mode_config.mutex The modes[] array contains pointers to modes on the connectors'mode lists, which are protected by dev->mode_config.mutex.Thus we need to extend modes[] the same pr...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/panfrost: Fix the error path in panfrost_mmu_map_fault_addr() Subject: [PATCH] drm/panfrost: Fix the error path inpanfrost_mmu_map_fault_addr() If some the pages or sgt allocation failed, we shouldn't release thepages ref we go...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/ast: Fix soft lockup There is a while-loop in ast_dp_set_on_off() that could lead toinfinite-loop. This is because the register, VGACRI-Dx, checked inthis API is a scratch register actually controlled by a MCU, namedDPMCU, in B...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix deadlock in context_xa ivpu_device->context_xa is locked both in kernel thread and IRQ context.It requires XA_FLAGS_LOCK_IRQ flag to be passed during initializationotherwise the lock could be acquired from a thre...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Avoid sg device teardown race sg_remove_sfp_usercontext() must not use sg_device_destroy() after callingscsi_device_put(). sg_device_destroy() is accessing the parent scsi_device request_queue whichwill already be set to ...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: kprobes: Fix possible use-after-free issue on kprobe registration When unloading a module, its state is changing MODULE_STATE_LIVE ->MODULE_STATE_GOING -> MODULE_STATE_UNFORMED. Each change will takea time. is_module_text_add...
8.8CVSS
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: btrfs: qgroup: fix qgroup prealloc rsv leak in subvolume operations Create subvolume, create snapshot and delete subvolume all usebtrfs_subvolume_reserve_metadata() to reserve metadata for the changesdone to the parent subvolume's ...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix WARN_ON in iommu probe path Commit 1a75cc710b95 ("iommu/vt-d: Use rbtree to track iommu probeddevices") adds all devices probed by the iommu driver in a rbtreeindexed by the source ID of each device. It assumes that...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: ena: Fix incorrect descriptor free behavior ENA has two types of TX queues: queues which only process TX packets arriving from the network stack queues which only process TX packets forwarded to it by XDP_REDIRECTor XDP_TX ins...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix mlx5e_priv_init() cleanup flow When mlx5e_priv_init() fails, the cleanup flow calls mlx5e_selq_cleanup whichcalls mlx5e_selq_apply() that assures that the priv->state_lock is held usinglockdep_is_held(). Acquire t...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Properly link new fs rules into the tree Previously, add_rule_fg would only add newly created rules from thehandle into the tree when they had a refcount of 1. On the other hand,create_flow_handle tries hard to find and r...
9.1CVSS
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Register devlink first under devlink lock In case device is having a non fatal FW error during probe, thedriver will report the error to user via devlink. This will triggera WARN_ON, since mlx5 is calling devlink_register...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: netfilter: complete validation of user input In my recent commit, I missed that do_replace() handlersuse copy_from_sockptr() (which I fixed), followedby unsafe copy_from_sockptr_offset() calls. In all functions, we can perform the ...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sock: Fix not validating setsockopt user input Check user input length before copying data.
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix not validating setsockopt user input Check user input length before copying data.
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix not validating setsockopt user input Check user input length before copying data.
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: Fix not validating setsockopt user input syzbot reported rfcomm_sock_setsockopt_old() is copying data withoutchecking user input length. BUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offsetinclude/linux/soc...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix not validating setsockopt user input syzbot reported sco_sock_setsockopt() is copying data withoutchecking user input length. BUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offsetinclude/linux/sockptr.h:49 ...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: pds_core: Fix pdsc_check_pci_health function to use work thread When the driver notices fw_status == 0xff it tries to perform a PCIreset on itself via pci_reset_function() in the context of the driver'shealth thread. However, pdsc_...
6.6AI Score
0.0004EPSS