Linux Kernel Security Vulnerabilities
In the Linux kernel, the following vulnerability has been resolved: do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak syzbot identified a kernel information leak vulnerability indo_sys_name_to_handle() and issued the following report [1]. [1]"BUG: KMSAN: kernel-infoleak in instrument_co...
5.5CVSS
5.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: perf: RISCV: Fix panic on pmu overflow handler (1 << idx) of int is not desired when setting bits in unsigned longoverflowed_ctrs, use BIT() instead. This panic happens when running'perf record -e branches' on sophgo sg2042. ...
5.5CVSS
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security During our fuzz testing of the connection and disconnection process at theRFCOMM layer, we discovered this bug. By comparing the packets from anormal connection and dis...
5.5CVSS
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault() When trying to use copy_from_kernel_nofault() to read vsyscall pagethrough a bpf program, the following oops was reported: BUG: unable to handle page fault for addr...
5.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix fortify source warning while accessing Eth segment ------------[ cut here ]------------memcpy: detected field-spanning write (size 56) of single field "eseg->inline_hdr.start" at /var/lib/dkms/mlnx-ofed-kernel/5.8...
7.8CVSS
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pmic_glink_altmode: fix drm bridge use-after-free A recent DRM series purporting to simplify support for "transparentbridges" and handling of probe deferrals ironically exposed ause-after-free issue on pmic_glink_altmode...
5.5CVSS
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: fix performance regression in swap operation The patch "netfilter: ipset: fix race condition between swap/destroyand kernel side add/del/test", commit 28628fa9 fixes a race condition.But the synchronize_rcu() adde...
4.7CVSS
6.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/buddy: Fix alloc_range() error handling code Few users have observed display corruption when they bootthe machine to KDE Plasma or playing games. We have rootcaused the problem that whenever alloc_range() couldn'tfind the requi...
3.3CVSS
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix several DMA buffer leaks Nouveau manages GSP-RM DMA buffers with nvkm_gsp_mem objects. Several ofthese buffers are never dealloced. Some of them can be deallocatedright after GSP-RM is initialized, but the rest nee...
5.5CVSS
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix dcn35 8k30 Underflow/Corruption Issue [why]odm calculation is missing for pipe split policy determinationand cause Underflow/Corruption issue. [how]Add the odm calculation.
7.8CVSS
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix incorrect mpc_combine array size [why]MAX_SURFACES is per stream, while MAX_PLANES is per asic. Thempc_combine is an array that records all the planes per asic. ThereforeMAX_PLANES should be used as the array s...
7.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Reset IH OVERFLOW_CLEAR bit Allows us to detect subsequent IH ring buffer overflows as well.
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: Revert "drm/amd: flush any delayed gfxoff on suspend entry" commit ab4750332dbe ("drm/amdgpu/sdma5.2: add begin/end_use ringcallbacks") caused GFXOFF control to be used more heavily and thecodepath that was removed from commit 0dee...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock" This reverts commit 1a1975551943f681772720f639ff42fbaa746212. This commit causes interrupts to be lost for FCoE devices, since it changedsping locks from "bh" ...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: PCI: Fix active state requirement in PME polling The commit noted in fixes added a bogus requirement that runtime PM manageddevices need to be in the RPM_ACTIVE state for PME polling. In fact, onlydevices in low power states should...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: usb: ulpi: Fix debugfs directory leak The ULPI per-device debugfs root is named after the ulpi device'sparent, but ulpi_unregister_interface tries to remove a debugfsdirectory named after the ulpi device itself. This results in the...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: tracing/trigger: Fix to return error if failed to alloc snapshot Fix register_snapshot_trigger() to return error code if it failed toallocate a snapshot instead of 0 (success). Unless that, it will registersnapshot trigger without ...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: inet: inet_defrag: prevent sk release while still in use ip_local_out() and other functions can pass skb->sk as function argument. If the skb is a fragment and reassembly happens before such function callreturns, the sk must not...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly Verify the parameters ofamdgpu_vm_bo_(map/replace_map/clearing_mappings) in one common place.
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix garbage collector racing against connect() Garbage collector does not take into account the risk of embryo gettingenqueued during the garbage collection. If such embryo has a peer thatcarries SCM_RIGHTS, two consecutiv...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: do not free live element Pablo reports a crash with large batches of elements with aback-to-back add/remove pattern. Quoting Pablo: add_elem("00000000") timeout 100 ms...add_elem("0000000X") timeout 100 m...
5.9CVSS
6.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path The commit mutex should not be released during the critical sectionbetween nft_gc_seq_begin() and nft_gc_seq_end(), otherwise, async GCworker could collect ex...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: binder: check offset alignment in binder_get_object() Commit 6d98eb95b450 ("binder: avoid potential data leakage when copyingtxn") introduced changes to how binder objects are copied. In doing so,it unintentionally removed an offse...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Add some bounds checking to firmware data Smatch complains about "head->full_size - head->header_size" canunderflow. To some extent, we're always going to have to trust thefirmware a bit. However, it's easy enough ...
8.4CVSS
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in cifs_debug_files_proc_show() Skip sessions that are being teared down (status == SES_EXITING) toavoid UAF.
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix double free of fcport The server was crashing after LOGO because fcport was getting freed twice. -----------[ cut here ]-----------kernel BUG at mm/slub.c:371!invalid opcode: 0000 1 SMP PTICPU: 35 PID: 4610 Comm:...
7.8CVSS
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix double free of the ha->vp_map pointer Coverity scan reported potential risk of double free of the pointerha->vp_map. ha->vp_map was freed in qla2x00_mem_alloc(), and again freedin function qla2x00_mem_fr...
7.8CVSS
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix command flush on cable pull System crash due to command failed to flush back to SCSI layer. BUG: unable to handle kernel NULL pointer dereference at 0000000000000000PGD 0 P4D 0Oops: 0000 [#1] SMP NOPTICPU: 27 PID...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: fix double-free issue in tcpm_port_unregister_pd() When unregister pd capabilitie in tcpm, KASAN will capture below double-free issue. The root cause is the same capabilitiy will be kfreed twice,the first time is ...
7.8CVSS
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix deadlock in port "disable" sysfs attribute The show and store callback routines for the "disable" sysfs attributefile in port.c acquire the device lock for the port's parent hubdevice. This can cause problems if anot...
7.8CVSS
7.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix deadlock in usb_deauthorize_interface() Among the attribute file callback routines indrivers/usb/core/sysfs.c, the interface_authorized_store() function isthe only one which acquires a device lock on an ancestor devi...
7.8CVSS
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix unremoved procfs host directory regression Commit fc663711b944 ("scsi: core: Remove the /proc/scsi/${proc_name}directory earlier") fixed a bug related to modules loading/unloading, byadding a call to scsi_proc_hostd...
6.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate request buffer size in smb2_allocate_rsp_buf() The response buffer should be allocated in smb2_allocate_rsp_bufbefore validating request. But the fields in payload as well as smb2 headeris used in smb2_allocate_rsp_...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Reset queue_priority_hint on parking Originally, with strict in order execution, we could complete executiononly when the queue was empty. Preempt-to-busy allows replacement of anactive request that may complete before...
6.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode() If we have no VBT, or the VBT didn't declare the encoderin question, we won't have the 'devdata' for the encoder.Instead of oopsing just bail early...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/i915/vma: Fix UAF on destroy against retire race Object debugging tools were sporadically reporting illegal attempts tofree a still active i915 VMA object when parking a GT believed to be idle. [161.359441] ODEBUG: free active ...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed The driver creates /sys/kernel/debug/dri/0/mob_ttm even when thecorresponding ttm_resource_manager is not allocated.This leads to a crash when trying to read from...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/dp: Fix divide-by-zero regression on DP MST unplug with nouveau Fix a regression when using nouveau and unplugging a StarTech MSTDP122DPDisplayPort 1.2 MST hub (the same regression does not appear when usinga Cable Matters Disp...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: phy: qcom: at803x: fix kernel panic with at8031_probe On reworking and splitting the at803x driver, in splitting function ofat803x PHYs it was added a NULL dereference bug where priv is referencedbefore it's actually allocated...
5.5CVSS
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: nouveau/dmem: handle kcalloc() allocation failure The kcalloc() in nouveau_dmem_evict_chunk() will return null ifthe physical memory has run out. As a result, if we dereferencesrc_pfns, dst_pfns or dma_addrs, the null pointer deref...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: fix use-after-free in do_zone_finish() Shinichiro reported the following use-after-free triggered by the devicereplace operation in fstests btrfs/070. BTRFS info (device nullb1): scrub: finished on devid 1 with status...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: crypto: iaa - Fix nr_cpus < nr_iaa case If nr_cpus < nr_iaa, the calculated cpus_per_iaa will be 0, whichcauses a divide-by-0 in rebalance_wq_table(). Make sure cpus_per_iaa is 1 in that case, and also in the nr_iaa == 0case,...
8.4CVSS
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address Read from an unsafe address with copy_from_kernel_nofault() inarch_adjust_kprobe_addr() because this function is used before checkingthe address is in text or ...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses Since commit a4d5613c4dc6 ("arm: extend pfn_valid to take into accountfreed memory map alignment") changes the semantics of pfn_valid() to checkpresence of...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add a dc_state NULL check in dc_state_release [How]Check wheather state is NULL before releasing it.
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/pm: Fix NULL pointer dereference when get power limit Because powerplay_table initialization is skipped undersriov case, We check and set default lower and upper ODvalue if powerplay_table is NULL.
5.5CVSS
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: wireguard: netlink: access device through ctx instead of peer The previous commit fixed a bug that led to a NULL peer->device beingdereferenced. It's actually easier and faster performance-wise toinstead get the device from ctx-...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: wireguard: netlink: check for dangling peer via is_dead instead of empty list If all peers are removed via wg_peer_remove_all(), rather than settingpeer_list to empty, the peer is added to a temporary list with a head onthe stack o...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix potencial out-of-bounds when buffer offset is invalid I found potencial out-of-bounds when buffer offset fields of a few requestsis invalid. This patch set the minimum value of buffer offset field to->Buffer offset to...
7.8CVSS
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: esp: fix bad handling of pages from page_pool When the skb is reorganized during esp_output (!esp->inline), the pagescoming from the original skb fragments are supposed to be released backto the system through put_page. But...
6.3AI Score
0.0004EPSS