Linux Kernel Security Vulnerabilities
In the Linux kernel, the following vulnerability has been resolved: can: mcp251x: fix resume from sleep before interface was brought up Since 8ce8c0abcba3 the driver queues work via priv->restart_work whenresuming after suspend, even when the interface was not previouslyenabled. This causes a nu...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: can: mcp251xfd: mcp251xfd_probe(): fix an error pointer dereference in probe When we converted this code to use dev_err_probe() we accidentallyremoved a return. It means that if devm_clk_get() it will lead to anOops when we call cl...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: Fix a memleak from userdata error path in new objects Release object name if userdata allocation fails.
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: arm64: entry: always set GIC_PRIO_PSR_I_SET during entry Zenghui reports that booting a kernel with "irqchip.gicv3_pseudo_nmi=1"on the command line hits a warning during kernel entry, due to the waywe manipulate the PMR. Early in t...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ethernet:enic: Fix a use after free bug in enic_hard_start_xmit In enic_hard_start_xmit, it calls enic_queue_wq_skb(). Insideenic_queue_wq_skb, if some error happens, the skb will be freedby dev_kfree_skb(skb). But the freed skb is...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: sctp: do asoc update earlier in sctp_sf_do_dupcook_a There's a panic that occurs in a few of envs, the call trace is as below: [] general protection fault, ... 0x29acd70f1000a: 0000 [#1] SMP PTI[] RIP: 0010:sctp_ulpevent_notify_pee...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ceph: fix inode leak on getattr error in __fh_to_dentry
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: xprtrdma: Fix cwnd update ordering After a reconnect, the reply handler is opening the cwnd (and thusenabling more RPC Calls to be sent) /before/ rpcrdma_post_recvs()can post enough Receive WRs to receive their replies. This causes...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix null pointer dereference in svc_rqst_free() When alloc_pages_node() returns null in svc_rqst_alloc(), thenull rq_scratch_page pointer will be dereferenced when callingput_page() in svc_rqst_free(). Fix it by adding a nu...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix potential null dereference on pointer status There are calls to idxd_cmd_exec that pass a null status pointer howevera recent commit has added an assignment to *status that can end upwith a null pointer derefer...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid touching checkpointed data in get_victim() In CP disabling mode, there are two issues when using LFS or SSR | AT_SSRmode to select victim: LFS is set to find source section during GC, the victim should haveno che...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Fix NULL pointer dereference for ->get_features() get_features ops of pci_epc_ops may return NULL, causing NULL pointerdereference in pci_epf_test_alloc_space function. Let us add a check forpci_epc_feature pointe...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ARM: 9064/1: hw_breakpoint: Do not directly check the event's overflow_handler hook The commit 1879445dfa7b ("perf/core: Set event's default::overflow_handler()") set a default event->overflow_handler inperf_event_alloc(), and r...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix panic during f2fs_resize_fs() f2fs_resize_fs() hangs in below callstack with testcase: mkfs 16GB image & mount image dd 8GB fileA dd 8GB fileB sync rm fileA sync resize filesystem to 8GB kernel BUG at segment.c:2484!Call ...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Make sure GHCB is mapped before updating Access to the GHCB is mainly in the VMGEXIT path and it is known that theGHCB will be mapped. But there are two paths where it is possible the GHCBmight not be mapped. The sev_vcpu...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Fix memory leak on object td Two error return paths are neglecting to free allocated object td,causing a memory leak. Fix this by returning via the error returnpath that securely kfree's td. Fixes clang scan-build wa...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: Only allow init netns to set default tcp cong to a restricted algo tcp_set_default_congestion_control() is netns-safe in that it writesto &net->ipv4.tcp_congestion_control, but it also setsca->flags |= TCP_CONG_NON_RESTR...
7.8CVSS
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mm: memcontrol: slab: fix obtain a reference to a freeing memcg Patch series "Use obj_cgroup APIs to charge kmem pages", v5. Since Roman's series "The new cgroup slab memory controller" applied.All slab objects are charged with the...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix a use after free in siw_alloc_mr Our code analyzer reported a UAF. In siw_alloc_mr(), it calls siw_mr_add_mem(mr,..). In the implementation ofsiw_mr_add_mem(), mem is assigned to mr->mem and then mem is freed viakf...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send In emac_mac_tx_buf_send, it calls emac_tx_fill_tpd(..,skb,..).If some error happens in emac_tx_fill_tpd(), the skb will be freed viadev_kfree_skb(skb) in error branch ...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net/sched: act_ct: fix wild memory access when clearing fragments while testing re-assembly/re-fragmentation using act_ct, it's possible toobserve a crash like the following one: KASAN: maybe wild-memory-access in range [0x00010000...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix RX consumer index logic in the error path. In bnxt_rx_pkt(), the RX buffers are expected to complete in order.If the RX consumer index indicates an out of order buffer completion,it means we are hitting a hardware bug ...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: m68k: mvme147,mvme16x: Don't wipe PCC timer config bits Don't clear the timer 1 configuration bits when clearing the interrupt flagand counter overflow. As Michael reported, "This results in no timerinterrupts being delivered after...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ath10k: Fix a use after free in ath10k_htc_send_bundle In ath10k_htc_send_bundle, the bundle_skb could be freed bydev_kfree_skb_any(bundle_skb). But the bundle_skb is used laterby bundle_skb->len. As skb_len = bundle_skb->len...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: powerpc/64: Fix the definition of the fixmap area At the time being, the fixmap area is defined at the top ofthe address space or just below KASAN. This definition is not valid for PPC64. For PPC64, use the top of the I/O space. Be...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mt76: mt7921: fix possible invalid register access Disable the interrupt and synchronze for the pending irq handlers to ensurethe irq tasklet is not being scheduled after the suspend to avoid thepossible invalid register access act...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: soundwire: stream: fix memory leak in stream config error path When stream config is failed, master runtime will release allslave runtime in the slave_rt_list, but slave runtime is notadded to the list at this time. This patch free...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mt76: mt7915: fix memleak when mt7915_unregister_device() mt7915_tx_token_put() should get call before mt76_free_pending_txwi().
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mt76: mt7615: fix memleak when mt7615_unregister_device() mt7615_tx_token_put() should get call before mt76_free_pending_txwi().
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: marvell: prestera: fix port event handling on init For some reason there might be a crash during ports creation if portevents are handling at the same time because fw may send initialport event with down state. The crash point...
8.2CVSS
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: free queued packets when closing socket As reported by syzbot [1], there is a memory leak while closing thesocket. We partially solved this issue with commit ac03046ece2b("vsock/virtio: free packets during the socket ...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: iommu/mediatek: Always enable the clk on resume In mtk_iommu_runtime_resume always enable the clk, evenif m4u_dom is null. Otherwise the 'suspend' cb mightdisable the clk which is already disabled causing the warning: [ 1.586104] i...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: RDMA/rtrs-clt: destroy sysfs after removing session from active list A session can be removed dynamically by sysfs interface "remove_path" thateventually calls rtrs_clt_remove_path_from_sysfs function. The currentrtrs_clt_remove_pa...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mt76: mt7921: fix kernel crash when the firmware fails to download Fix kernel crash when the firmware is missing or fails to download. [ 9.444758] kernel BUG at drivers/pci/msi.c:375![ 9.449363] Internal error: Oops - BUG: 0 [#1] P...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mt76: mt7915: fix txrate reporting Properly check rate_info to fix unexpected reporting. [ 1215.161863] Call trace:[ 1215.164307] cfg80211_calculate_bitrate+0x124/0x200 [cfg80211][ 1215.170139] ieee80211s_update_metric+0x80/0xc0 [m...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mt76: connac: fix kernel warning adding monitor interface Fix the following kernel warning adding a monitor interface inmt76_connac_mcu_uni_add_dev routine. [ 507.984882] ------------[ cut here ]------------[ 507.989515] WARNING: C...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mt76: mt7615: fix memory leak in mt7615_coredump_work Similar to the issue fixed in mt7921_coredump_work, fix a possible memoryleak in mt7615_coredump_work routine.
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mt76: mt7921: fix memory leak in mt7921_coredump_work Fix possible memory leak in mt7921_coredump_work.
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mt76: mt7915: fix tx skb dma unmap The first pointer in the txp needs to be unmapped as well, otherwise it willleak DMA mapping entries
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mt76: mt7615: fix tx skb dma unmap The first pointer in the txp needs to be unmapped as well, otherwise it willleak DMA mapping entries
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: Fix pte update for kernel memory on radix When adding a PTE a ptesync is needed to order the update of the PTEwith subsequent accesses otherwise a spurious fault may be raised. radix__set_pte_at() does not do this for ...
6.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Remove WO permissions on second-level paging entries When the first level page table is used for IOVA translation, it onlysupports Read-Only and Read-Write permissions. The Write-Only permissionis not supported as the P...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: udp: skip L4 aggregation for UDP tunnel packets If NETIF_F_GRO_FRAGLIST or NETIF_F_GRO_UDP_FWD are enabled, and thereare UDP tunnels available in the system, udp_gro_receive() could end-updoing L4 aggregation (either SKB_GSO_UDP_L4...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ASoC: q6afe-clocks: fix reprobing of the driver Q6afe-clocks driver can get reprobed. For example if the APR servicesare restarted after the firmware crash. However currently Q6afe-clocksdriver will oops because hw.init will get cl...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: avoid deadlock between hci_dev->lock and socket lock Commit eab2404ba798 ("Bluetooth: Add BT_PHY socket option") added adependency between socket lock and hci_dev->lock that could lead todeadlock. It turns out that...
6.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ataflop: potential out of bounds in do_format() The function uses "type" as an array index: q = unit[drive].disk[type]->queue; Unfortunately the bounds check on "type" isn't done until later in thefunction. Fix this by moving th...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: io_uring: fix overflows checks in provide buffers Colin reported before possible overflow and sign extension problems inio_provide_buffers_prep(). As Linus pointed out previous attempt did nothinguseful, see d81269fecb8ce ("io_urin...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: fix incorrect locking in state_change sk callback We are not changing anything in the TCP connection state sowe should not take a write_lock but rather a read lock. This caused a deadlock when running nvmet-tcp and nvme-...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Free local data after use Fixes the following memory leak in dc_link_construct(): unreferenced object 0xffffa03e81471400 (size 1024):comm "amd_module_load", pid 2486, jiffies 4294946026 (age 10.544s)hex dump (first...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: media: venus: core: Fix some resource leaks in the error path of 'venus_probe()' If an error occurs after a successful 'of_icc_get()' call, it must beundone. Use 'devm_of_icc_get()' instead of 'of_icc_get()' to avoid the leak.Updat...
6.4AI Score
0.0004EPSS