Linux Kernel Security Vulnerabilities
In the Linux kernel, the following vulnerability has been resolved: ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super() In the following concurrency we will access the uninitialized rs->lock: ext4_fill_superext4_register_sysfs// sysfs registered msg_ratelimit_interval_...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: ena: Add validation for completion descriptors consistency Validate that first flag is set only for the firstdescriptor in multi-buffer packets.In case of an invalid descriptor, a reset will occur.A new reset reason for RX dat...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: block/ioctl: prefer different overflow check Running syzkaller with the newly reintroduced signed integer overflowsanitizer shows this report: [ 62.982337] ------------[ cut here ]------------[ 62.985692] cgroup: Invalid name[ 62.9...
7.8CVSS
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: io_uring/sqpoll: work around a potential audit memory leak kmemleak complains that there's a memory leak related to connecthandling: unreferenced object 0xffff0001093bdf00 (size 128):comm "iou-sqp-455", pid 457, jiffies 4294894164h...
5.5CVSS
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/sec - Fix memory leak for sec resource release The AIV is one of the SEC resources. When releasing resources,it need to release the AIV resources at the same time.Otherwise, memory leakage occurs. The aiv resource...
5.5CVSS
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix reg_set_min_max corruption of fake_reg Juan reported that after doing some changes to buzzer [0] and implementinga new fuzzing strategy guided by coverage, they noticed the following inone of the probes: [...]13: (79) r6 =...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: tracing: Build event generation tests only as modules The kprobes and synth event generation test modules add events and lock(get a reference) those event file reference in module init function,and unlock and delete it in module ex...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: netpoll: Fix race condition in netpoll_owner_active KCSAN detected a race condition in netpoll: BUG: KCSAN: data-race in net_rx_action / netpoll_send_skb write (marked) to 0xffff8881164168b0 of 4 bytes by interrupt on cpu 10: net_r...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: netrom: Fix a memory leak in nr_heartbeat_expiry() syzbot reported a memory leak in nr_create() 0 . Commit 409db27e3a2e ("netrom: Fix use-after-free of a listening socket.")added sock_hold() to the nr_heartbeat_expiry() function, w...
5.5CVSS
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: tcp: avoid too many retransmit packets If a TCP socket is using TCP_USER_TIMEOUT, and the other peerretracted its window to zero, tcp_retransmit_timer() canretransmit a packet every two jiffies (2 ms for HZ=1000),for about 4 minute...
3.3CVSS
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: change vm->task_info handling This patch changes the handling and lifecycle of vm->task_info object.The major changes are: vm->task_info is a dynamically allocated ptr now, and its uasge isreference counted. in...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix overrunning reservations in ringbuf The BPF ring buffer internally is implemented as a power-of-2 sized circularbuffer, with two logical and ever-increasing counters: consumer_pos is theconsumer counter to show which logic...
5.5CVSS
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix too early release of tcx_entry Pedro Pinto and later independently also Hyunwoo Kim and Wongi Lee reportedan issue that the tcx_entry can be released too early leading to a useafter free (UAF) when an active old-style ingr...
5.5CVSS
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: don't allow mapping the MMIO HDP page with large pages We don't get the right offset in that case. The GPU hasan unused 4K area of the register BAR space into which you canremap registers. We remap the HDP flush registe...
7.8CVSS
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: filelock: Remove locks reliably when fcntl/close race is detected When fcntl_setlk() races with close(), it removes the created lock withdo_lock_file_wait().However, LSMs can allow the first do_lock_file_wait() that created the loc...
6.3CVSS
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: xfs: don't walk off the end of a directory data block This adds sanity checks for xfs_dir2_data_unused and xfs_dir2_data_entryto make sure don't stray beyond valid memory region. Before patching, theloop simply checks that the star...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: xfs: add bounds checking to xlog_recover_process_data There is a lack of verification of the space occupied by fixed membersof xlog_op_header in the xlog_recover_process_data. We can create a crafted image to trigger an out of boun...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ocfs2: add bounds checking to ocfs2_check_dir_entry() This adds sanity checks for ocfs2_dir_entry to make sure all members ofocfs2_dir_entry don't stray beyond valid memory region.
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() xattr in ocfs2 maybe 'non-indexed', which saved with additional spacerequested. It's better to check if the memory is out of bound beforememcmp, although this poss...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: jfs: don't walk off the end of ealist Add a check before visiting the members of ea tomake sure each ea stays within the ealist.
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add a check for attr_names and oatbl Added out-of-bound checking for *ane (ATTR_NAME_ENTRY).
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validate ff offset This adds sanity checks for ff offset. There is a checkon rt->first_free at first, but walking through by ffwithout any check. If the second ff is a large offset.We may encounter an out-of-bound read...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: filelock: Fix fcntl/close race recovery compat path When I wrote commit 3cad1bc01041 ("filelock: Remove locks reliably whenfcntl/close race is detected"), I missed that there are two copies of thecode I was patching: The normal ver...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: s390/mm: Fix VM_FAULT_HWPOISON handling in do_exception() There is no support for HWPOISON, MEMORY_FAILURE, or ARCH_HAS_COPY_MC ons390. Therefore we do not expect to see VM_FAULT_HWPOISON indo_exception(). However, since commit af1...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() The "instance" variable needs to be signed for the error handling to work.
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: sched/deadline: Fix task_struct reference leak During the execution of the following stress test with linux-rt: stress-ng --cyclic 30 --timeout 30 --minimize --quiet kmemleak frequently reported a memory leak concerning the task_st...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Restrict untrusted app to attach to privileged PD Untrusted application with access to only non-secure fastrpc devicenode can attach to root_pd or static PDs if it can make the respectiveinit request. This can cause ...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix memory leak in audio daemon attach operation Audio PD daemon send the name as part of the init IOCTL call. Thisname needs to be copied to kernel for which memory is allocated.This memory is never freed which migh...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mmc: davinci_mmc: Prevent transmitted data size from exceeding sgm's length No check is done on the size of the data to be transmiited. This causesa kernel panic when this size exceeds the sg_miter's length. Limit the number of tra...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: Fix userfaultfd_api to return EINVAL as expected Currently if we request a feature that is not set in the Kernel config wefail silently and return all the available features. However, the manpage indicates we should return an EINVA...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: platform/x86: toshiba_acpi: Fix array out-of-bounds access In order to use toshiba_dmi_quirks[] together with the standard DMImatching functions, it must be terminated by a empty entry. Since this entry is missing, an array out-of-...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: nvmem: core: limit cell sysfs permissions to main attribute ones The cell sysfs attribute should not provide more access to the nvmemdata than the main attribute itself.For example if nvme_config::root_only was set, the cell attrib...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ksmbd: discard write access to the directory open may_open() does not allow a directory to be opened with the write access.However, some writing flags set by client result in adding write accesson server, making ksmbd incompatible ...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mm/filemap: skip to create PMD-sized page cache if needed On ARM64, HPAGE_PMD_ORDER is 13 when the base page size is 64KB. ThePMD-sized page cache can't be supported by xarray as the following errormessages indicate. ------------[ ...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mm: vmalloc: check if a hash-index is in cpu_possible_mask The problem is that there are systems where cpu_possible_mask has gapsbetween set CPUs, for example SPARC. In this scenario addr_to_vb_xa()hash function can return an index...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: cachestat: do not flush stats in recency check syzbot detects that cachestat() is flushing stats, which can sleep, in itsRCU read section (see 1 ). This is done in the workingset_test_recent()step (which checks if the folio's evict...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix kernel bug on rename operation of broken directory Syzbot reported that in rename directory operation on broken directory onnilfs2, __block_write_begin_int() called to prepare block write may failBUG_ON check for access...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor Syzbot has identified a bug in usbcore (see the Closes: tag below)caused by our assumption that the reserved bits in an endpointdescriptor's bEndpoin...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: ks8851: Fix deadlock with the SPI chip variant When SMP is enabled and spinlocks are actually functional then there isa deadlock with the 'statelock' spinlock between ks8851_start_xmit_spiand ks8851_irq: watchdog: BUG: soft lo...
5.5CVSS
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda: fix null deref on system suspend entry When system enters suspend with an active stream, SOF corecalls hw_params_upon_resume(). On Intel platforms with HDA DMA usedto manage the link DMA, this leads to call c...
5.5CVSS
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers Check that all fields of a V2 algorithm header fit into the availablefirmware data buffer. The wmfw V2 format introduced variable-length strings in the algorit...
5.5CVSS
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Fix overflow checking of wmfw header Fix the checking that firmware file buffer is large enough for thewmfw header, to prevent overrunning the buffer. The original code tested that the firmware data buffer contain...
7.8CVSS
7.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix UAF when resolving a clash KASAN reports the following UAF: BUG: KASAN: slab-use-after-free in tcf_ct_flow_table_process_conn+0x12b/0x380 [act_ct]Read of size 1 at addr ffff888c07603600 by task handler130/6469 Call T...
7CVSS
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port(). syzkaller triggered the warning [0] in udp_v4_early_demux(). In udp_v[46]_early_demux() and sk_lookup(), we do not touch the refcountof the looked-up sk and use sock_pfree() as ...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: prefer nft_chain_validate nft_chain_validate already performs loop detection because a cycle willresult in a call stack overflow (ctx->level >= NFT_JUMP_STACK_SIZE). It also follows maps via ->validat...
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_queue: drop bogus WARN_ON Happens when rules get flushed/deleted while packet is out, so removethis WARN_ON. This WARN exists in one form or another since v4.14, no need to backportthis to older releases, hence...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ppp: reject claimed-as-LCP but actually malformed packets Since 'ppp_async_encode()' assumes valid LCP packets (with codefrom 1 to 7 inclusive), add 'ppp_check_packet()' to ensure thatLCP packet has an actual body beyond PPP_LCP he...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: bpf: Defer work in bpf_timer_cancel_and_free Currently, the same case as previous patch (two timer callbacks tryingto cancel each other) can be invoked through bpf_map_update_elem aswell, or more precisely, freeing map elements con...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: lantiq_etop: fix double free in detach The number of the currently released descriptor is never incrementedwhich results in the same skb being released multiple times.
7.8CVSS
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: i40e: Fix XDP program unloading while removing the driver The commit 6533e558c650 ("i40e: Fix reset path while removingthe driver") introduced a new PF state "__I40E_IN_REMOVE" to blockmodifying the XDP program while the driver is ...
6.5AI Score
0.0004EPSS