Linux Kernel Security Vulnerabilities
In the Linux kernel, the following vulnerability has been resolved: io_uring: drop any code related to SCM_RIGHTS This is dead code after we dropped support for passing io_uring fdsover SCM_RIGHTS, get rid of it.
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: Revert "drm/amd/pm: resolve reboot exception for si oland" This reverts commit e490d60a2f76bff636c68ce4fe34c1b6c34bbd86. This causes hangs on SI when DC is enabled and errors on driverreboot and power off cycles.
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: Revert "net/mlx5: Block entering switchdev mode with ns inconsistency" This reverts commit 662404b24a4c4d839839ed25e3097571f5938b9b.The revert is required due to the suspicion it is not good for anythingand cause crash.
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: x86/mm: Ensure input to pfn_to_kaddr() is treated as a 64-bit type On 64-bit platforms, the pfn_to_kaddr() macro requires that the inputvalue is 64 bits in order to ensure that valid address bits don't getlost when shifting that in...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: media: rkisp1: Fix IRQ handling due to shared interrupts The driver requests the interrupts as IRQF_SHARED, so the interrupthandlers can be called at any time. If such a call happens while the ISPis powered down, the SoC will hang ...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/tegra: rgb: Fix missing clk_put() in the error handling paths of tegra_dc_rgb_probe() If clk_get_sys(..., "pll_d2_out0") fails, the clk_get_sys() call must beundone. Add the missing clk_put and a new 'put_pll_d_out0' label in t...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node When ida_alloc_max fails, resources allocated before should be freed,including *res allocated by kmalloc and ttm_resource_init.
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: amd: Fix memory leak in amd_sof_acp_probe() Driver uses kasprintf() to initialize fw_{code,data}_bin members ofstruct acp_dev_data, but kfree() is never called to deallocate thememory, which results in a memory leak. Fix...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: atlantic: eliminate double free in error handling logic Driver has a logic leak in ring data allocation/free,where aq_ring_free could be called multiple times on same ring,if system is under stress and got memory allocation er...
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: fix a potential double-free in fs_any_create_groups When kcalloc() for ft->g succeeds but kvzalloc() for in fails,fs_any_create_groups() will free ft->g. However, its callerfs_any_create_table() will free ft->g ...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: fix lock ordering in btrfs_zone_activate() The btrfs CI reported a lockdep warning as follows by running genericgeneric/129. WARNING: possible circular locking dependency detected6.7.0-rc5+ #1 Not tainted kworker/u5:5...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: crypto: s390/aes - Fix buffer overread in CTR mode When processing the last block, the s390 ctr code will always reada whole block, even if there isn't a whole block of data left. Fixthis by using the actual length left and copy it...
7.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: rpmsg: virtio: Free driver_override when rpmsg_remove() Free driver_override when rpmsg_remove(), otherwisethe following memory leak will occur: unreferenced object 0xffff0000d55d7080 (size 128):comm "kworker/u8:2", pid 56, jiffies...
6.6CVSS
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix hang/underflow when transitioning to ODM4:1 [Why]Under some circumstances, disabling an OPTC and attempting to reclaimits OPP(s) for a different OPTC could cause a hang/underflow due to OPPsnot being properly d...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: pipe: wakeup wr_wait after setting max_usage Commit c73be61cede5 ("pipe: Add general notification queue support") aregression was introduced that would lock up resized pipes under certainconditions. See the reproducer in [1]. The c...
7CVSS
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix a debugfs null pointer error [WHY & HOW]Check whether get_subvp_en() callback exists before calling it.
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Add clamp() in scarlett2_mixer_ctl_put() Ensure the value passed to scarlett2_mixer_ctl_put() is between 0 andSCARLETT2_MIXER_MAX_VALUE so we don't attempt to access outsidescarlett2_mixer_values[].
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: powerpc/imc-pmu: Add a null pointer check in update_events_in_group() kasprintf() returns a pointer to dynamically allocated memorywhich can be NULL upon failure.
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: bpf: Guard stack limits against 32bit overflow This patch promotes the arithmetic around checking stack bounds to bedone in the 64-bit domain, instead of the current 32bit. The arithmeticimplies adding together a 64-bit register wi...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: riscv: Check if the code to patch lies in the exit section Otherwise we fall through to vmalloc_to_page() which panics since theaddress does not lie in the vmalloc region.
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Confirm list is non-empty before utilizing list_first_entry in kfd_topology.c Before using list_first_entry, make sure to check that list is notempty, if list is empty return -ENODATA. Fixes the below:drivers/gpu/drm/am...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: of: Fix double free in of_parse_phandle_with_args_map In of_parse_phandle_with_args_map() the inner loop thatiterates through the map entries calls of_node_put(new)to free the reference acquired by the previous iterationof the inne...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Add missing error checks to *_ctl_get() The ctl_get() functions which call scarlett2_update () were notchecking the return value. Fix to check the return value and pass tothe caller.
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: efivarfs: Free s_fs_info on unmount Now that we allocate a s_fs_info struct on fs context creation, weshould ensure that we free it again when the superblock goes away.
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to wait on block writeback for post_read case If inode is compressed, but not encrypted, it missed to callf2fs_wait_on_block_writeback() to wait for GCed page writebackin IPU write path. Thread A GC-Thread- f2fs_gc- do_ga...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ACPI: LPIT: Avoid u32 multiplication overflow In lpit_update_residency() there is a possibility of overflowin multiplication, if tsc_khz is large enough (> UINT_MAX/1000). Change multiplication to mul_u32_u32(). Found by Linux V...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: qseecom: fix memory leaks in error paths Fix instances of returning error codes directly instead of jumping tothe relevant labels where memory allocated for the SCM calls would befreed.
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv: Add a null pointer check in opal_event_init() kasprintf() returns a pointer to dynamically allocated memorywhich can be NULL upon failure.
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: crypto: safexcel - Add error handling for dma_map_sg() calls Macro dma_map_sg() may return 0 on error. This patch enableschecks in case of the macro failure and ensures unmapping ofpreviously mapped buffers with dma_unmap_sg(). Fou...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix the error handler of rfkill config When the core rfkill config throws error, it should free theallocated resources. Currently it is not freeing the core pdevcreate resources. Avoid this issue by calling the core p...
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Add missing mutex lock around get meter levels As scarlett2_meter_ctl_get() uses meter_level_map[], the data_mutexshould be locked while accessing it.
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv: Add a null pointer check to scom_debug_init_one() kasprintf() returns a pointer to dynamically allocated memorywhich can be NULL upon failure.Add a null pointer check, and release 'ent' to avoid memory leaks.
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix a double-free in si_dpm_init When the allocation ofadev->pm.dpm.dyn_state.vddc_dependency_on_dispclk.entries fails,amdgpu_free_extended_power_table is called to free some fields of adev.However, when the control ...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Add missing error check to scarlett2_usb_set_config() scarlett2_usb_set_config() calls scarlett2_usb_get() but was notchecking the result. Return the error if it fails rather thancontinuing with an invalid value.
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ACPI: video: check for error while searching for backlight device parent If acpi_get_parent() called in acpi_video_dev_register_backlight()fails, for example, because acpi_ut_acquire_mutex() fails insideacpi_get_parent), this can l...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/bridge: tpd12s015: Drop buggy __exit annotation for remove function With tpd12s015_remove() marked with __exit this function is discardedwhen the driver is compiled as a built-in. The result is that when thedriver unbinds there...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check writeback connectors in create_validate_stream_for_sink [WHY & HOW]This is to check connector type to avoidunhandled null pointer for writeback connectors.
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv: Add a null pointer check in opal_powercap_init() kasprintf() returns a pointer to dynamically allocated memorywhich can be NULL upon failure.
7.5CVSS
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: sof_sdw_rt_sdca_jack_common: ctx->headset_codec_dev = NULL sof_sdw_rt_sdca_jack_exit() are used by different codecs, and some ofthem use the same dai name.For example, rt712 and rt713 both use "rt712-sdca-aif1" ands...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: calipso: fix memory leak in netlbl_calipso_add_pass() If IPv6 support is disabled at boot (ipv6.disable=1),the calipso_init() -> netlbl_calipso_ops_register() function isn't called,and the netlbl_calipso_ops_get() function alway...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: sysv: don't call sb_bread() with pointers_lock held syzbot is reporting sleep in atomic context in SysV filesystem [1], forsb_bread() is called with rw_spinlock held. A "write_lock(&pointers_lock) => read_lock(&pointers_lock) de...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: tipc: fix kernel warning when sending SYN message When sending a SYN message, this kernel stack trace is observed: ...[ 13.396352] RIP: 0010:_copy_from_iter+0xb4/0x550...[ 13.398494] Call Trace:[ 13.398630] <TASK>[ 13.398630]...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: use a bounce buffer for copying skb->mark syzbot found arm64 builds would crash in sock_recv_mark()when CONFIG_HARDENED_USERCOPY=y x86 and powerpc are not detecting the issue becausethey define user_access_begin.This will b...
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix possible memory leak in ovs_meter_cmd_set() old_meter needs to be free after it is detached regardless of whetherthe new meter is successfully attached.
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path syzbot reported that act_len in kalmia_send_init_packet() isuninitialized when passing it to the first usb_bulk_msg error path. JiriPirko noted that it's pointless to p...
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: freezer,umh: Fix call_usermode_helper_exec() vs SIGKILL Tetsuo-San noted that commit f5d39b020809 ("freezer,sched: Rewritecore freezer logic") broke call_usermodehelper_exec() for the KILLABLEcase. Specifically it was missed that t...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix underflow in second superblock position calculations Macro NILFS_SB2_OFFSET_BYTES, which computes the position of the secondsuperblock, underflows when the argument device size is less than 4096bytes. Therefore, when us...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: gpio: sim: fix a memory leak Fix an inverted logic bug in gpio_sim_remove_hogs() that leads to GPIOhog structures never being freed.
6.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: sched/psi: Fix use-after-free in ep_remove_wait_queue() If a non-root cgroup gets removed when there is a thread that registeredtrigger and is polling on a pressure file within the cgroup, the pollingwaitqueue gets freed in the fol...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: mmc: mmc_spi: fix error handling in mmc_spi_probe() If mmc_add_host() fails, it doesn't need to call mmc_remove_host(),or it will cause null-ptr-deref, because of deleting a not addeddevice in mmc_remove_host(). To fix this, goto l...
6.6AI Score
0.0004EPSS