Linux Security Vulnerabilities
In the Linux kernel, the following vulnerability has been resolved: mm/memory-failure: fix handling of dissolved but not taken off from buddy pages When I did memory failure tests recently, below panic occurs: page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8cee00flags: 0x6fffe...
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net/9p: fix uninit-value in p9_client_rpc() Syzbot with the help of KMSAN reported the following error: BUG: KMSAN: uninit-value in trace_9p_client_res include/trace/events/9p.h:146 [inline]BUG: KMSAN: uninit-value in p9_client_rpc...
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: io_uring: check for non-NULL file pointer in io_file_can_poll() In earlier kernels, it was possible to trigger a NULL pointerdereference off the forced async preparation path, if no file hadbeen assigned. The trace leading to that ...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: clk: bcm: rpi: Assign ->num before accessing ->hws Commit f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with__counted_by") annotated the hws member of 'struct clk_hw_onecell_data'with __counted_by, which informs the...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: clk: bcm: dvp: Assign ->num before accessing ->hws Commit f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with__counted_by") annotated the hws member of 'struct clk_hw_onecell_data'with __counted_by, which informs the...
9.8CVSS
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: 9p: add missing locking around taking dentry fid list Fix a use-after-free on dentry's d_fsdata fid list when a threadlooks up a fid through dentry while another thread unlinks it: UAF thread:refcount_t: addition on 0; use-after-fr...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: media: v4l: async: Fix notifier list entry init struct v4l2_async_notifier has several list_head members, but onlywaiting_list and done_list are initialized. notifier_entry was kept'zeroed' leading to an uninitialized list_head.Thi...
7.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: media: mgb4: Fix double debugfs remove Fixes an error where debugfs_remove_recursive() is called first on a parentdirectory and then again on a child which causes a kernel panic. [hverkuil: added Fixes/Cc tags]
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: thermal/drivers/qcom/lmh: Check for SCM availability at probe Up until now, the necessary scm availability check has not beenperformed, leading to possible null pointer dereferences (which didhappen for me on RB1). Fix that.
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode() syzbot reports a kernel bug as below: F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 BUG: KASAN: slab-out-of-bounds in f2fs_test_bit fs/f2fs/f2fs.h:29...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix deadlock in smb2_find_smb_tcon() Unlock cifs_tcp_ses_lock before calling cifs_put_smb_ses() to avoid suchdeadlock.
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors The error handling in nilfs_empty_dir() when a directory folio/page readfails is incorrect, as in the old ext2 implementation, and if thefolio/page cannot be rea...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: eventfs: Fix a possible null pointer dereference in eventfs_find_events() In function eventfs_find_events,there is a potential null pointerthat may be caused by calling update_events_attr which will performsome operations on the me...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: add error handle to avoid out-of-bounds if the sdma_v4_0_irq_id_to_seq return -EINVAL, the process shouldbe stop to avoid out-of-bounds read, so directly return -EINVAL.
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: xfs: fix log recovery buffer allocation for the legacy h_size fixup Commit a70f9fe52daa ("xfs: detect and handle invalid iclog size set bymkfs") added a fixup for incorrect h_size values used for the initialumount record in old xfs...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-topology: Fix input format query of process modules without base extension If a process module does not have base config extension then the sameformat applies to all of it's inputs and the process->base_config_ex...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: fix vmalloc which may return null if called with __GFP_NOFAIL commit a421ef303008 ("mm: allow !GFP_KERNEL allocations for kvmalloc")includes support for __GFP_NOFAIL, but it presents a conflict with commitdd544141b9eb (...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: fbdev: savage: Handle err return when savagefb_check_var failed The commit 04e5eac8f3ab("fbdev: savage: Error out if pixclock equals zero")checks the value of pixclock to avoid divide-by-zero error. Howeverthe function savagefb_pro...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING Xiao reported that lvm2 test lvconvert-raid-takeover.sh can hang withsmall possibility, the root cause is exactly the same as commitbed9e27baf52 ("R...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: do not call vma_add_reservation upon ENOMEM sysbot reported a splat [1] on __unmap_hugepage_range(). This is becausevma_needs_reservation() can return -ENOMEM ifallocate_file_region_entries() fails to allocate the file_...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: crypto: starfive - Do not free stack buffer RSA text data uses variable length buffer allocated in software stack.Calling kfree on it causes undefined behaviour in subsequent operations.
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/i915/hwmon: Get rid of devm When both hwmon and hwmon drvdata (on which hwmon depends) are devicemanaged resources, the expectation, on device unbind, is that hwmon will bereleased before drvdata. However, in i915 there are two...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: kdb: Fix buffer overflow during tab-complete Currently, when the user attempts symbol completion with the Tab key, kdbwill use strncpy() to insert the completed symbol into the command buffer.Unfortunately it passes the size of the...
7.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: media: mc: Fix graph walk in media_pipeline_start The graph walk tries to follow all links, even if they are not betweenpads. This causes a crash with, e.g. a MEDIA_LNK_FL_ANCILLARY_LINK link. Fix this by allowing the walk to proce...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: bcache: fix variable length array abuse in btree_iter btree_iter is used in two ways: either allocated on the stack with afixed size MAX_BSETS, or from a mempool with a dynamic size based on thespecific cache set. Previously, the s...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked When requesting an NMI window, WARN on vNMI support being enabled if andonly if NMIs are actually masked, i.e. if the vCPU is already handling anNMI. KVM's ABI for NM...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mmc: davinci: Don't strip remove function when driver is builtin Using __exit for the remove function results in the remove callback beingdiscarded with CONFIG_MMC_DAVINCI=y. When such a device gets unbound (e.g.using sysfs or hotp...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: media: v4l: async: Properly re-initialise notifier entry in unregister The notifier_entry of a notifier is not re-initialised after unregisteringthe notifier. This leads to dangling pointers being left there so uselist_del_init() t...
6.4AI Score
0.0004EPSS