Linux Security Vulnerabilities
In the Linux kernel, the following vulnerability has been resolved: regmap: maple: Fix cache corruption in regcache_maple_drop() When keeping the upper end of a cache block entry, the entry[] arraymust be indexed by the offset from the base register of the block,i.e. max - mas.index. The code was i...
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: i40e: fix vf may be used uninitialized in this function warning To fix the regression introduced by commit 52424f974bc5, which causesservers hang in very hard to reproduce conditions with resets races.Using two sources for the info...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix kernel crash when devlink reload during pf initialization The devlink reload process will access the hardware resources,but the register operation is done before the hardware is initialized.So, processing the devlink...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Init zone device and drm client after mode-1 reset on reload In passthrough environment, when amdgpu is reloaded after unload, mode-1is triggered after initializing the necessary IPs, That init does notinclude KFD, and ...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: Julia Lawall reported this null pointer dereference, this should fix it.
5.5CVSS
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Disable idle reallow as part of command/gpint execution [Why]Workaroud for a race condition where DMCUB is in the process ofcommitting to IPS1 during the handshake causing us to miss thetransition into IPS2 and tou...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix off by one in qla_edif_app_getstats() The app_reply->elem[] array is allocated earlier in this function and ithas app_req.num_ports elements. Thus this > comparison needs to be >= toprevent memory corrup...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11 While doing multiple S4 stress tests, GC/RLC/PMFW get intoan invalid state resulting into hard hangs. Adding a GFX reset as workaround just before sending theMP1_UNLOAD messa...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: do not flag ZEROOUT on non-dirty extent buffer Btrfs clears the content of an extent buffer marked asEXTENT_BUFFER_ZONED_ZEROOUT before the bio submission. This mechanism isintroduced to prevent a write hole of an ext...
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio() When I did memory failure tests recently, below warning occurs: DEBUG_LOCKS_WARN_ON(1)WARNING: CPU: 8 PID: 1011 at kernel/locking/lockdep.c:232 __lock_acquir...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mmc: sdhci-msm: pervent access to suspended controller Generic sdhci code registers LED device and uses host->runtime_suspendedflag to protect access to it. The sdhci-msm driver doesn't set this flag,which causes a crash when LE...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: fix the double free in rvu_npc_freemem() Clang static checker(scan-build) warning:drivers/net/ethernet/marvell/octeontx2/af/rvu_npc.c:line 2184, column 2Attempt to free released memory. npc_mcam_rsrcs_deinit() has rel...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: keys: Fix overwrite of key expiration on instantiation The expiry time of a key is unconditionally overwritten duringinstantiation, defaulting to turn it permanent. This causes a problemfor DNS resolution as the expiration set by u...
9.8CVSS
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix info leak when fetching fw build id Add the missing sanity checks and move the 255-byte build-id buffer offthe stack to avoid leaking stack data through debugfs in case thebuild-info reply is malformed.
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix info leak when fetching board id Add the missing sanity check when fetching the board id to avoid leakingslab data when later requesting the firmware.
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: extend minimum interval restriction to entire cycle too It is possible for syzbot to side-step the restriction imposed by theblamed commit in the Fixes: tag, because the taprio UAPI permits acycle-time different ...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: netfilter: tproxy: bail out if IP has been disabled on the device syzbot reports:general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN PTIKASAN: null-ptr-deref in range [0x0000...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Use mlx5_ipsec_rx_status_destroy to correctly delete status rules rx_create no longer allocates a modify_hdr instance that needs to becleaned up. The mlx5_modify_header_dealloc call will lead to a NULL pointerdereference....
6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() syzbot reported that nf_reinject() could be called without rcu_read_lock() : WARNING: suspicious RCU usage6.9.0-rc7-syzkaller-02060-g5c1672705a1a #0 Not ...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix loop termination condition in gss_free_in_token_pages() The in_token->pages[] array is not NULL terminated. This results inthe following KASAN splat: KASAN: maybe wild-memory-access in range [0x04a2013400000008-0x04a...
5.5CVSS
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer The TPM SPI transfer mechanism uses MAX_SPI_FRAMESIZE for computing themaximum transfer length and the size of the transfer buffer. As such, itdoes not account...
7.8CVSS
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues' Writing 'power' and 'submit_queues' concurrently will trigger kernelpanic: Test script: modprobe null_blk nr_devices=0mkdir -p /sys/kernel/config/null...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: fpga: bridge: add owner module and take its refcount The current implementation of the fpga bridge assumes that the low-levelmodule registers a driver for the parent device and uses its owner pointerto take the module's refcount. T...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: tracing/probes: fix error check in parse_btf_field() btf_find_struct_member() might return NULL or an error via theERR_PTR() macro. However, its caller in parse_btf_field() only checksfor the NULL condition. Fix this by using IS_ER...
5.5CVSS
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: relax socket state check at accept time. Christoph reported the following splat: WARNING: CPU: 1 PID: 772 at net/ipv4/af_inet.c:761 __inet_accept+0x1f4/0x4a0Modules linked in:CPU: 1 PID: 772 Comm: syz-executor510 Not tainted 6...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: tls: fix missing memory barrier in tls_init In tls_init(), a write memory barrier is missing, and store-storereordering may cause NULL dereference in tls_{setsockopt,getsockopt}. CPU0 CPU1 // In tls_init()// In tls_ctx_create()ctx ...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: add missing firmware sanity checks Add the missing sanity checks when parsing the firmware files beforedownloading them to avoid accessing and corrupting memory beyond thevmalloced buffer.
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mm/userfaultfd: reset ptes when close() for wr-protected ones Userfaultfd unregister includes a step to remove wr-protect bits from allthe relevant pgtable entries, but that only covered an explicitUFFDIO_UNREGISTER ioctl, not a cl...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mm: use memalloc_nofs_save() in page_cache_ra_order() See commit f2c817bed58d ("mm: use memalloc_nofs_save in readahead path"),ensure that page_cache_ra_order() do not attempt to reclaim file-backedpages too, or it leads to a deadl...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: fix out-of-bounds access in ops_init net_alloc_generic is called by net_alloc, which is called without anylocking. It reads max_gen_ptrs, which is changed under pernet_ops_rwsem. Itis read twice, first to allocate an array, th...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Use the correct type in nvidia_smmu_context_fault() This was missed because of the function pointer indirection. nvidia_smmu_context_fault() is also installed as a irq function, and the'void *' was changed to a stru...
5.5CVSS
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor() Currently, enabling SG_DEBUG in the kernel will cause nouveau to hit aBUG() on startup: kernel BUG at include/linux/scatterlist.h:187!invalid opcode: 0000 [#1] PREE...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: tipc: fix UAF in error path Sam Page (sam4k) working with Trend Micro Zero Day Initiative reporteda UAF in the tipc_buf_append() error path: BUG: KASAN: slab-use-after-free in kfree_skb_list_reason+0x47e/0x4c0linux/net/core/skbuff....
8.1CVSS
6.4AI Score
0.0005EPSS
In the Linux kernel, the following vulnerability has been resolved: e1000e: change usleep_range to udelay in PHY mdic access This is a partial revert of commit 6dbdd4de0362 ("e1000e: Workaroundfor sporadic MDI error on Meteor Lake systems"). The referenced commitused usleep_range inside the PHY acc...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: workqueue: Fix selection of wake_cpu in kick_pool() With cpu_possible_mask=0-63 and cpu_online_mask=0-7 the followingkernel oops was observed: smp: Bringing up secondary CPUs ...smp: Brought up 1 node, 8 CPUsUnable to handle kernel...
6.2CVSS
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure snd_nxt is properly initialized on connect Christoph reported a splat hinting at a corrupted snd_una: WARNING: CPU: 1 PID: 38 at net/mptcp/protocol.c:1005 __mptcp_clean_una+0x4b3/0x620 net/mptcp/protocol.c:1005Modules...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mm/slab: make __free(kfree) accept error pointers Currently, if an automatically freed allocation is an error pointer thatwill lead to a crash. An example of this is in wm831x_gpio_dbg_show(). 171 char *label __free(kfree) = gpioch...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: maple_tree: fix mas_empty_area_rev() null pointer dereference Currently the code calls mas_start() followed by mas_data_end() if themaple state is MA_START, but mas_start() may return with the maple statenode == NULL. This will lea...
5.5CVSS
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mm/slub: avoid zeroing outside-object freepointer for single free Commit 284f17ac13fe ("mm/slub: handle bulk and single object freeingseparately") splits single and bulk object freeing in two functionsslab_free() and slab_free_bulk...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: Check for port partner validity before consuming it typec_register_partner() does not guarantee partner registrationto always succeed. In the event of failure, port->partner is setto the error value or NULL. Gi...
5.5CVSS
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete FFS based applications can utilize the aio_cancel() callback to dequeuepending USB requests submitted to the UDC. There is a scenario where theFFS applicatio...
5.6CVSS
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: use correct buffer size when parsing configfs lists This commit fixes uvc gadget support on 32-bit platforms. Commit 0df28607c5cb ("usb: gadget: uvc: Generalise helper functions forreuse") introduced a helper func...
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix access violation during port device removal Testing with KASAN and syzkaller revealed a bug in port.c:disable_store():usb_hub_to_struct_hub() can return NULL if the hub that the port belongs tois concurrently removed...
9.1CVSS
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Atom Integrated System Info v2_2 for DCN35 New request from KMD/VBIOS in order to support new UMA carveoutmodel. This fixes a null dereference from accessingCtx->dc_bios->integrated_info while it was NULL. DA...
5.5CVSS
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: fix uninitialised kfifo If a line is requested with debounce, and that results in debouncingin software, and the line is subsequently reconfigured to enable edgedetection then the allocation of the kfifo to contain e...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: Fix use after free in lineinfo_changed_notify The use-after-free issue occurs as follows: when the GPIO chip device fileis being closed by invoking gpio_chrdev_release(), watched_lines is freedby bitmap_free(), but t...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix kernel crash when devlink reload during initialization The devlink reload process will access the hardware resources,but the register operation is done before the hardware is initialized.So, processing the devlink re...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent NULL dereference in ip6_output() According to syzbot, there is a chance that ip6_dst_idev()returns NULL in ip6_output(). Most places in IPv6 stackdeal with a NULL idev just fine, but not here. syzbot reported: general...
5.5CVSS
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() syzbot is able to trigger the following crash [1],caused by unsafe ip6_dst_idev() use. Indeed ip6_dst_idev() can return NULL, and must always be checked. [1] O...
5.5CVSS
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix potential uninit-value access in __ip6_make_skb() As it was done in commit fc1092f51567 ("ipv4: Fix uninit-value access in__ip_make_skb()") for IPv4, check FLOWI_FLAG_KNOWN_NH on fl6->flowi6_flagsinstead of testing HDR...
6.6AI Score
0.0004EPSS