Linux Kernel Security Vulnerabilities
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Always drain health in shutdown callback There is no point in recovery during device shutdown. if healthwork started need to wait for it to avoid races and NULL pointeraccess. Hence, drain health WQ on shutdown callback.
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: prime: fix refcount underflow Calling nouveau_bo_ref() on a nouveau_bo without initializing it (andhence the backing ttm_bo) leads to a refcount underflow. Instead of calling nouveau_bo_ref() in the unwind path ofdrm_g...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: riscv/purgatory: align riscv_kernel_entry When alignment handling is delegated to the kernel, everything must beword-aligned in purgatory, since the trap handler is then set to thekexec one. Without the alignment, hitting the excep...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: perf: Fix event leak upon exec and file release The perf pending task work is never waited upon the matching eventrelease. In the case of a child event, released via free_event()directly, this can potentially result in a leaked eve...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: perf: Fix event leak upon exit When a task is scheduled out, pending sigtrap deliveries are deferredto the target task upon resume to userspace via task_work. However failures while adding an event's callback to the task_workengine...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: devres: Fix memory leakage caused by driver API devm_free_percpu() It will cause memory leakage when use driver API devm_free_percpu()to free memory allocated by devm_alloc_percpu(), fixed by usingdevres_release() instead of devres...
5.5CVSS
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix soft lockup under heavy CEQE load CEQEs are handled in interrupt handler currently. This may cause theCPU core staying in interrupt context too long and lead to soft lockupunder heavy load. Handle CEQEs in BH workqueu...
5.5CVSS
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: vhost/vsock: always initialize seqpacket_allow There are two issues around seqpacket_allow: seqpacket_allow is not initialized when socket iscreated. Thus if features are never set, it will beread uninitialized. if VIRTIO_VSOCK_F_S...
7.8CVSS
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix null pointer dereference in __sev_snp_shutdown_locked Fix a null pointer dereference induced by DEBUG_TEST_DRIVER_REMOVE.Return from __sev_snp_shutdown_locked() if the psp_device or thesev_device structs are not i...
5.5CVSS
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Clean up error handling in vpci_scan_bus() Smatch complains about inconsistent NULL checking in vpci_scan_bus(): drivers/pci/endpoint/functions/pci-epf-vntb.c:1024 vpci_scan_bus() error: we previously assumed 'vpci_b...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: PCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup() Avoid large backtrace, it is sufficient to warn the user that there hasbeen a link problem. Either the link has failed and the system is in needof maintenance...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: media: pci: ivtv: Add check for DMA map result In case DMA fails, 'dma->SG_length' is 0. This value is later used toaccess 'dma->SGarray[dma->SG_length - 1]', which will cause out ofbounds access. Add check to return early...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: xfrm: Fix input error path memory access When there is a misconfiguration of input state slow pathKASAN report error. Fix this error.west login:[ 52.987278] eth1: renamed from veth11[ 53.078814] eth1: renamed from veth21[ 53.181355...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() Currently NL80211_RATE_INFO_HE_RU_ALLOC_2x996 is not handled incfg80211_calculate_bitrate_he(), leading to below warning: kernel: invalid HE MCS: bw:6, r...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_erp: Fix object nesting warning ACLs in Spectrum-2 and newer ASICs can reside in the algorithmic TCAM(A-TCAM) or in the ordinary circuit TCAM (C-TCAM). The former cancontain more ACLs (i.e., tc filters), but the...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: change DMA direction while mapping reinjected packets For fragmented packets, ath12k reassembles each fragment as a normalpacket and then reinjects it into HW ring. In this case, the DMAdirection should be DMA_TO_DEVI...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: exec: Fix ToCToU between perm check and set-uid/gid usage When opening a file for exec via do_filp_open(), permission checking isdone against the file's metadata at that moment, and on success, a filepointer is passed back. Much la...
7CVSS
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: usb: vhci-hcd: Do not drop references before new references are gained At a few places the driver carries stale pointersto references that can still be used. Make sure that does not happen.This strictly speaking closes ZDI-CAN-2227...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Add error handling to pair_device() hci_conn_params_add() never checks for a NULL value and could lead to a NULLpointer dereference causing a crash. Fixed by adding error handling in the function.
5.5CVSS
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix double inode unlock for direct IO sync writes If we do a direct IO sync write, at btrfs_sync_file(), and we need to skipinode logging or we get an error starting a transaction or an error whenflushing delalloc, we end up...
5.5CVSS
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null check in resource_log_pipe_topology_update [WHY]When switching from "Extend" to "Second Display Only" we sometimescall resource_get_otg_master_for_stream on a stream for the eDP,which is disconnected. This...
5.5CVSS
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net/tcp: Disable TCP-AO static key after RCU grace period The lifetime of TCP-AO static_key is the same as the lasttcp_ao_info. On the socket destruction tcp_ao_info ceases to bewith RCU grace period, while tcp-ao static branch is ...
4.7CVSS
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mm: list_lru: fix UAF for memory cgroup The mem_cgroup_from_slab_obj() is supposed to be called under rcu lock orcgroup_mutex or others which could prevent returned memcg from beingfreed. Fix it by adding missing rcu read lock. Fou...
7.8CVSS
7.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: padata: Fix possible divide-by-0 panic in padata_mt_helper() We are hit with a not easily reproducible divide-by-0 panic in padata.c atbootup time. [ 10.017908] Oops: divide error: 0000 1 PREEMPT SMP NOPTI[ 10.017908] CPU: 26 PID: ...
5.5CVSS
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: tracing: Fix overflow in get_free_elt() "tracing_map->next_elt" in get_free_elt() is at risk of overflowing. Once it overflows, new elements can still be inserted into the tracing_mapeven though the maximum number of elements (m...
5.5CVSS
7.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: tracing: Have format file honor EVENT_FILE_FL_FREED When eventfs was introduced, special care had to be done to coordinate thefreeing of the file meta data with the files that are exposed to userspace. The file meta data would have...
4.7CVSS
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: memcg: protect concurrent access to mem_cgroup_idr Commit 73f576c04b94 ("mm: memcontrol: fix cgroup creation failure aftermany small jobs") decoupled the memcg IDs from the CSS ID space to fix thecgroup creation failures. It introd...
4.7CVSS
7.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: serial: core: check uartclk for zero to avoid divide by zero Calling ioctl TIOCSSERIAL with an invalid baud_base canresult in uartclk being zero, which will result in adivide by zero error in uart_get_divisor(). The check foruartcl...
5.5CVSS
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/client: fix null pointer dereference in drm_client_modeset_probe In drm_client_modeset_probe(), the return value of drm_mode_duplicate() isassigned to modeset->mode, which will lead to a possible NULL pointerdereference on f...
5.5CVSS
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Skip Recompute DSC Params if no Stream on Link [why]Encounter NULL pointer dereference uner mst + dsc setup. BUG: kernel NULL pointer dereference, address: 0000000000000008PGD 0 P4D 0Oops: 0000 [#1] PREEMPT SMP NOP...
5.5CVSS
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ASoC: cs-amp-lib: Fix NULL pointer crash if efi.get_variable is NULL Call efi_rt_services_supported() to check that efi.get_variable existsbefore calling it.
5.5CVSS
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: drop bad gso csum_start and offset in virtio_net_hdr Tighten csum_start and csum_offset checks in virtio_net_hdr_to_skbfor GSO packets. The function already checks that a checksum requested withVIRTIO_NET_HDR_F_NEEDS_CSUM is i...
5.5CVSS
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix null pointer deref in dcn20_resource.c Fixes a hang thats triggered when MPV is run on a DCN401 dGPU: mpv --hwdec=vaapi --vo=gpu --hwdec-codecs=all and then enabling fullscreen playback (double click on the vid...
5.5CVSS
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: media: xc2028: avoid use-after-free in load_firmware_cb() syzkaller reported use-after-free in load_firmware_cb() 1 .The reason is because the module allocated a struct tuner in tuner_probe(),and then the module initialization fail...
7.8CVSS
7.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix NULL pointer dereference for DTN log in DCN401 When users run the command: cat /sys/kernel/debug/dri/0/amdgpu_dm_dtn_log The following NULL pointer dereference happens: [ +0.000003] BUG: kernel NULL pointer der...
5.5CVSS
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null checker before passing variables Checks null pointer before passing variables to functions. This fixes 3 NULL_RETURNS issues reported by Coverity.
5.5CVSS
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add NULL check for 'afb' before dereferencing in amdgpu_dm_plane_handle_cursor_update This commit adds a null check for the 'afb' variable in theamdgpu_dm_plane_handle_cursor_update function. Previously, 'afb' wasa...
5.5CVSS
7.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing This commit adds null checks for the 'stream' and 'plane' variables inthe dcn30_apply_idle_power_optimizations function. These variables werepreviously ...
5.5CVSS
7.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr Check return value and conduct null pointer handling to avoid null pointer dereference.
5.5CVSS
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/admgpu: fix dereferencing null pointer context When user space sets an invalid ta type, the pointer context will be empty.So it need to check the pointer context before using it
5.5CVSS
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules Check the pointer value to fix potential null pointerdereference
5.5CVSS
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix the null pointer dereference to ras_manager Check ras_manager before using it
5.5CVSS
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/pm: Fix the null pointer dereference for smu7 optimize the code to avoid pass a null pointer (hwmgr->backend)to function smu7_update_edc_leakage_table.
5.5CVSS
7.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: bpf: add missing check_func_arg_reg_off() to prevent out-of-bounds memory accesses Currently, it's possible to pass in a modified CONST_PTR_TO_DYNPTR toa global function as an argument. The adverse effects of this is thatBPF helper...
5.5CVSS
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix NULL dereference at band check in starting tx ba session In MLD connection, link_data/link_conf are dynamically allocated. Theydon't point to vif->bss_conf. So, there will be no chanreq assigned tovif->bss...
5.5CVSS
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: disallow setting special AP channel widths Setting the AP channel width is meant for use with the normal20/40/... MHz channel width progression, and switching aroundin S1G or narrow channels isn't supported. Disallow...
5.5CVSS
7.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: nvme: apple: fix device reference counting Drivers must call nvme_uninit_ctrl after a successful nvme_init_ctrl.Split the allocation side out to make the error handling boundary easierto navigate. The apple driver had been doing th...
5.5CVSS
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: md/raid5: avoid BUG_ON() while continue reshape after reassembling Currently, mdadm support --revert-reshape to abort the reshape whilereassembling, as the test 07revert-grow. However, following BUG_ON()can be triggerred by the tes...
5.5CVSS
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: gpio: prevent potential speculation leaks in gpio_device_get_desc() Userspace may trigger a speculative read of an address outside the gpiodescriptor array.Users can do that by calling gpio_ioctl() with an offset out of range.Offse...
5.5CVSS
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: idpf: fix UAFs when destroying the queues The second tagged commit started sometimes (very rarely, but possible)throwing WARNs fromnet/core/page_pool.c:page_pool_disable_direct_recycling().Turned out idpf frees interrupt vectors wi...
7.8CVSS
6.9AI Score
0.0004EPSS