Linux Kernel Security Vulnerabilities
In the Linux kernel, the following vulnerability has been resolved: fbcon: always restore the old font data in fbcon_do_set_font() Commit a5a923038d70 (fbdev: fbcon: Properly revert changes whenvc_resize() failed) started restoring old font data upon failure (ofvc_resize()). But it performs so only...
6.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: Fix uninitialized pointer dmactl In the case where __lpass_get_dmactl_handle is called and the driverid dai_id is invalid the pointer dmactl is not being assigned a value,and dmactl contains a garbage value since it has...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: tls: fix use-after-free on failed backlog decryption When the decrypt request goes to the backlog and crypto_aead_decryptreturns -EBUSY, tls_do_decryption will wait until all asyncdecryptions have completed. If one of them fails, t...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Avoid potential use-after-free in hci_error_reset While handling the HCI_EV_HARDWARE_ERROR event, if the underlyingBT controller is not responding, the GPIO reset mechanism wouldfree the hci_dev and lead to a use-after-f...
6.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: stmmac: Clear variable when destroying workqueue Currently when suspending driver and stopping workqueue it is checked whetherworkqueue is not NULL and if so, it is destroyed.Function destroy_workqueue() does drain queue and does c...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: veth: clear GRO when clearing XDP even when down veth sets NETIF_F_GRO automatically when XDP is enabled,because both features use the same NAPI machinery. The logic to clear NETIF_F_GRO sits in veth_disable_xdp() whichis call...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: ip_tunnel: prevent perpetual headroom growth syzkaller triggered following kasan splat:BUG: KASAN: use-after-free in __skb_flow_dissect+0x19d1/0x7a50 net/core/flow_dissector.c:1170Read of size 1 at addr ffff88812fb4000e by tas...
6.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter syzbot reported the following uninit-value access issue [1]: netlink_to_full_skb() creates a new skb and puts the skb->datapassed as a 1st arg of netlink_to_full_skb...
6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: spi: cadence-qspi: remove system-wide suspend helper calls from runtime PM hooks The ->runtime_suspend() and ->runtime_resume() callbacks are notexpected to call spi_controller_suspend() and spi_controller_resume().Remove cal...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: Both cadence-quadspi ->runtime_suspend() and ->runtime_resume()implementations start with: struct cqspi_st *cqspi = dev_get_drvdata(dev); struct spi_controller *host = dev_get_drvdata(dev); This obviously cannot be correct, u...
7.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain Remove netdevice from inet/ingress basechain in case NETDEV_UNREGISTERevent is reported, otherwise a stale reference to netdevice remains inthe hook l...
6.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: release elements in clone only from destroy path Clone already always provides a current view of the lookup table, use itto destroy the set, otherwise it is possible to destroy elements twice. This fix re...
6.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Lock external INTx masking ops Mask operations through config space changes to DisINTx may race INTxconfiguration changes via ioctl. Create wrappers that add locking forpaths outside of the core interrupt code. In particu...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate payload size in ipc response If installing malicious ksmbd-tools, ksmbd.mountd can return invalid ipcresponse to ksmbd kernel server. ksmbd should validate payload size ofipc response from ksmbd.mountd to avoid memo...
6.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Create persistent INTx handler A vulnerability exists where the eventfd for INTx signaling can bedeconfigured, which unregisters the IRQ handler but still allowseventfds to be signaled with a NULL context through the SET_...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: vfio/platform: Create persistent IRQ handlers The vfio-platform SET_IRQS ioctl currently allows loopback triggering ofan interrupt before a signaling eventfd has been configured by the user,which thereby allows a NULL pointer deref...
6.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: vfio/fsl-mc: Block calling interrupt handler without trigger The eventfd_ctx trigger pointer of the vfio_fsl_mc_irq object isinitially NULL and may become NULL if the user sets the triggereventfd to -1. The interrupt handler itself...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: proper TCA_TAPRIO_TC_ENTRY_INDEX check taprio_parse_tc_entry() is not correctly checkingTCA_TAPRIO_TC_ENTRY_INDEX attribute: int tc; // Signed value tc = nla_get_u32(tb[TCA_TAPRIO_TC_ENTRY_INDEX]); if (tc >= T...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: x86, relocs: Ignore relocations in .notes section When building with CONFIG_XEN_PV=y, .text symbols are emitted intothe .notes section so that Xen can find the "startup_xen" entry point.This information is used prior to booting the...
5.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: amdkfd: use calloc instead of kzalloc to avoid integer overflow This uses calloc instead of doing the multiplication which mightoverflow.
6.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: tools/rtla: Fix clang warning about mount_point var size clang is reporting this warning: $ make HOSTCC=clang CC=clang LLVM_IAS=1[...]clang -O -g -DVERSION="6.8.0-rc3" -flto=auto -fexceptions-fstack-protector-strong -fasynchronous-...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed If hv_netvsc driver is unloaded and reloaded, the NET_DEVICE_REGISTERhandler cannot perform VF register successfully as the register callis received before netvsc...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: smb: client: set correct id, uid and cruid for multiuser automounts When uid, gid and cruid are not specified, we need to dynamicallyset them into the filesystem context used for automounting otherwisethey'll end up reusing the val...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Restore quirk probing for ACPI-based systems While refactoring the way the ITSs are probed, the handling of quirksapplicable to ACPI-based platforms was lost. As a result, systems such asHIP07 lose their GICv4 f...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: crypto: algif_hash - Remove bogus SGL free on zero-length error path When a zero-length message is hashed by algif_hash, and an erroris triggered, it tries to free an SG list that was never allocatedin the first place. Fix this by ...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: nfc: nci: free rx_data_reassembly skb on NCI device cleanup rx_data_reassembly skb is stored during NCI data exchange for processingfragmented packets. It is dropped only when the last fragment is processedor when an NTF packet wit...
6.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix data re-injection from stale subflow When the MPTCP PM detects that a subflow is stale, all the packetscheduler must re-inject all the mptcp-level unacked data. To avoidacquiring unneeded locks, it first try to check if ...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: cifs: fix underflow in parse_server_interfaces() In this loop, we step through the buffer and after each item we checkif the size_left is greater than the minimum size we need. However,the problem is that "bytes_left" is type ssize...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: media: ir_toy: fix a memleak in irtoy_tx When irtoy_command fails, buf should be freed since it is allocated byirtoy_tx, or there is a memleak.
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: i40e: Do not allow untrusted VF to remove administratively set MAC Currently when PF administratively sets VF's MAC address and the VFis put down (VF tries to delete all MACs) then the MAC is removedfrom MAC filters and primary VF ...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net/handshake: Fix handshake_req_destroy_test1 Recently, handshake_req_destroy_test1 started failing: Expected handshake_req_destroy_test == req, buthandshake_req_destroy_test == 0000000000000000req == 0000000060f99b40not ok 11 req...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mm: zswap: fix missing folio cleanup in writeback race path In zswap_writeback_entry(), after we get a folio from__read_swap_cache_async(), we grab the tree lock again to check that theswap entry was not invalidated and recycled. I...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix memory leak in dm_sw_fini() After destroying dmub_srv, the memory associated with it isnot freed, causing a memory leak: unreferenced object 0xffff896302b45800 (size 1024):comm "(udev-worker)", pid 222, jiffies...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_flow_offload: release dst in case direct xmit path is used Direct xmit does not use it since it calls dev_queue_xmit() to sendpackets, hence it calls dst_release(). kmemleak reports: unreferenced object 0xffff88814f4...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: set dormant flag on hook register failure We need to set the dormant flag again if we fail to registerthe hooks. During memory pressure hook registration can fail and we end upwith a table marked as active but...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: platform/x86: think-lmi: Fix password opcode ordering for workstations The Lenovo workstations require the password opcode to be run beforethe attribute value is changed (if Admin password is enabled). Tested on some Thinkpads to c...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: bridge: switchdev: Skip MDB replays of deferred events on offload Before this change, generation of the list of MDB events to replaywould race against the creation of new group memberships, either fromthe IGMP/MLD snooping log...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix KASAN issue with tasklet KASAN testing revealed the following issue assocated with freeing an IRQ. [50006.466686] Call Trace:[50006.466691] <IRQ>[50006.489538] dump_stack+0x5c/0x80[50006.493475] print_address_...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix a memleak in init_credit_return When dma_alloc_coherent fails to allocate dd->cr_base[i].va,init_credit_return should deallocate dd->cr_base anddd->cr_base[i] that allocated before. Or those resourceswould be ...
6.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix memory leak in cachefiles_add_cache() The following memory leak was reported after unbinding /dev/cachefiles: ==================================================================unreferenced object 0xffff9b674176e3c0 ...
6.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: LoongArch: Update cpu_sibling_map when disabling nonboot CPUs Update cpu_sibling_map when disabling nonboot CPUs by defining & callingclear_cpu_sibling_map(), otherwise we get such errors on SMT systems: jump label: negative count!...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix shift issue in ufshcd_clear_cmd() When task_tag >= 32 (in MCQ mode) and sizeof(unsigned int) == 4, 1U <<task_tag will out of bounds for a u32 mask. Fix this up to preventSHIFT_ISSUE (bitwise shifts tha...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: efi: runtime: Fix potential overflow of soft-reserved region size md_size will have been narrowed if we have >= 4GB worth of pages in asoft-reserved region.
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: block: Fix WARNING in _copy_from_iter Syzkaller reports a warning in _copy_from_iter because aniov_iter is supposedly used in the wrong direction. The reasonis that syzcaller managed to generate a request witha transfer direction o...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: scsi: target: core: Add TMF to tmr_list handling An abort that is responded to by iSCSI itself is added to tmr_list but doesnot go to target core. A LUN_RESET that goes through tmr_list takes arefcounter on the abort and waits for ...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: nvme-fc: do not wait in vain when unloading module The module exit path has race between deleting all controllers andfreeing 'left over IDs'. To prevent double free a synchronizationbetween nvme_delete_ctrl and ida_destroy has been...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: use correct function name for resetting TCE tables The PAPR spec spells the function name as "ibm,reset-pe-dma-windows" but in practice firmware uses the singular form: "ibm,reset-pe-dma-window" in the device tree. Si...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: afs: Fix endless loop in directory parsing If a directory has a block with only ".__afsXXXX" files in it (fromuncompleted silly-rename), these .__afsXXXX files are skipped but withoutadvancing the file position in the dir_context. ...
6.6AI Score
0.0005EPSS
In the Linux kernel, the following vulnerability has been resolved: netlink: add nla be16/32 types to minlen array BUG: KMSAN: uninit-value in nla_validate_range_unsigned lib/nlattr.c:222 [inline]BUG: KMSAN: uninit-value in nla_validate_int_range lib/nlattr.c:336 [inline]BUG: KMSAN: uninit-value in...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mm/debug_vm_pgtable: fix BUG_ON with pud advanced test Architectures like powerpc add debug checks to ensure we find only devmapPUD pte entries. These debug checks are only done with CONFIG_DEBUG_VM.This patch marks the ptes used f...
6.6AI Score
0.0004EPSS