CVE-2013-4483

The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service (memory consumption or system crash) via a crafted application.

CVE-2014-2038

The nfs_can_extend_write function in fs/nfs/write.c in the Linux kernel before 3.13.3 relies on a write delegation to extend a write operation without a certain up-to-date verification, which allows local users to obtain sensitive information from kernel memory in opportunistic circumstances by wri...

CVE-2016-2085

The evm_verify_hmac function in security/integrity/evm/evm_main.c in the Linux kernel before 4.5 does not properly copy data, which makes it easier for local users to forge MAC values via a timing side-channel attack.

CVE-2020-36788

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: avoid a use-after-free when BO init fails nouveau_bo_init() is backed by ttm_bo_init() and ferries its return codeback to the caller. On failures, ttm_bo_init() invokes the provideddestructor which should de-initialize...

CVE-2021-47162

In the Linux kernel, the following vulnerability has been resolved: tipc: skb_linearize the head skb when reassembling msgs It's not a good idea to append the frag skb to a skb's frag_list ifthe frag_list already has skbs from elsewhere, such as this skb wascreated by pskb_copy() where the frag_lis...

CVE-2021-47165

In the Linux kernel, the following vulnerability has been resolved: drm/meson: fix shutdown crash when component not probed When main component is not probed, by example when the dw-hdmi module isnot loaded yet or in probe defer, the following crash appears on shutdown: Unable to handle kernel NULL...

CVE-2021-47202

In the Linux kernel, the following vulnerability has been resolved: thermal: Fix NULL pointer dereferences in of_thermal_ functions of_parse_thermal_zones() parses the thermal-zones node and registers athermal_zone device for each subnode. However, if a thermal zone isconsuming a thermal sensor and...

CVE-2021-47267

In the Linux kernel, the following vulnerability has been resolved: usb: fix various gadget panics on 10gbps cabling usb_assign_descriptors() is called with 5 parameters,the last 4 of which are the usb_descriptor_header for:full-speed (USB1.1 - 12Mbps [including USB1.0 low-speed @ 1.5Mbps),high-spe...

CVE-2021-47344

In the Linux kernel, the following vulnerability has been resolved: media: zr364xx: fix memory leak in zr364xx_start_readpipe syzbot reported memory leak in zr364xx driver.The problem was in non-freed urb in case ofusb_submit_urb() fail. backtrace:[] kmalloc include/linux/slab.h:561 [inline][] usb_...

CVE-2021-47354

In the Linux kernel, the following vulnerability has been resolved: drm/sched: Avoid data corruptions Wait for all dependencies of a job to complete beforekilling it to avoid data corruptions.

CVE-2021-47372

In the Linux kernel, the following vulnerability has been resolved: net: macb: fix use after free on rmmod plat_dev->dev->platform_data is released by platform_device_unregister(),use of pclk and hclk is a use-after-free. Since device unregister won'tneed a clk device we adjust the function c...

CVE-2021-47589

In the Linux kernel, the following vulnerability has been resolved: igbvf: fix double free in igbvf_probe In igbvf_probe, if register_netdev() fails, the program will go tolabel err_hw_init, and then to label err_ioremap. In free_netdev() whichis just below label err_ioremap, there is list_for_each...

CVE-2022-2590

A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only shared memory mappings. This flaw allows an unprivileged, local user to gain write access to read-only memory mappings, increasing their privileges on the system.

CVE-2022-48425

In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs.

CVE-2022-48631

In the Linux kernel, the following vulnerability has been resolved: ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0 When walking through an inode extents, the ext4_ext_binsearch_idx() functionassumes that the extent header has been previously validated. However, thereare n...

CVE-2022-49134

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum: Guard against invalid local ports When processing events generated by the device's firmware, the driverprotects itself from events reported for non-existent local ports, butnot for the CPU port (local port 0), whic...

CVE-2022-49367

In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register of_get_child_by_name() returns a node pointer with refcountincremented, we should use of_node_put() on it when done. mv88e6xxx_mdio_register() pass the device node ...

CVE-2022-49411

In the Linux kernel, the following vulnerability has been resolved: bfq: Make sure bfqg for which we are queueing requests is online Bios queued into BFQ IO scheduler can be associated with a cgroup thatwas already offlined. This may then cause insertion of this bfq_groupinto a service tree. But th...

CVE-2022-49443

In the Linux kernel, the following vulnerability has been resolved: list: fix a data-race around ep->rdllist ep_poll() first calls ep_events_available() with no lock held and checksif ep->rdllist is empty by list_empty_careful(), which readsrdllist->prev. Thus all accesses to it need some ...

CVE-2022-49532

In the Linux kernel, the following vulnerability has been resolved: drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes drm_cvt_mode may return NULL and we should check it. This bug is found by syzkaller: FAULT_INJECTION stacktrace:[ 168.567394] FAULT_INJECTION: forcing a failure....

CVE-2022-49855

In the Linux kernel, the following vulnerability has been resolved: net: wwan: iosm: fix memory leak in ipc_pcie_read_bios_cfg ipc_pcie_read_bios_cfg() is using the acpi_evaluate_dsm() toobtain the wwan power state configuration from BIOS but isnot freeing the acpi_object. The acpi_evaluate_dsm() r...

CVE-2022-49930

In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix NULL pointer problem in free_mr_init() Lock grab occurs in a concurrent scenario, resulting in stepping on a NULLpointer. It should be init mutex_init() first before use the lock. Unable to handle kernel NULL pointer ...

CVE-2023-20849

In imgsys_cmdq, there is a possible use after free due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340350.

CVE-2023-52510

In the Linux kernel, the following vulnerability has been resolved: ieee802154: ca8210: Fix a potential UAF in ca8210_probe If of_clk_add_provider() fails in ca8210_register_ext_clock(),it calls clk_unregister() to release priv->clk and returns anerror. However, the caller ca8210_probe() then ca...

CVE-2023-52519

In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit The EHL (Elkhart Lake) based platforms provide a OOB (Out of band)service, which allows to wakup device when the system is in S5 (Soft-Offstate). This OOB service can be en...

CVE-2023-52857

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Fix coverity issue with unintentional integer overflow Instead of multiplying 2 variable of different types. Change toassign a value of one variable and then multiply the other variable. Add a int variable for multipl...

CVE-2023-53078

In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate() If alua_rtpg_queue() failed from alua_activate(), then 'qdata' is notfreed, which will cause following memleak: unreferenced object 0xffff88810b2c6980 (size 32):comm "k...

CVE-2023-53100

In the Linux kernel, the following vulnerability has been resolved: ext4: fix WARNING in ext4_update_inline_data Syzbot found the following issue:EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none.fscrypt: AES-256-CTS-CBC using implementation ...

CVE-2024-26714

In the Linux kernel, the following vulnerability has been resolved: interconnect: qcom: sc8180x: Mark CO0 BCM keepalive The CO0 BCM needs to be up at all times, otherwise some hardware (likethe UFS controller) loses its connection to the rest of the SoC,resulting in a hang of the platform, accompan...

CVE-2024-26844

In the Linux kernel, the following vulnerability has been resolved: block: Fix WARNING in _copy_from_iter Syzkaller reports a warning in _copy_from_iter because aniov_iter is supposedly used in the wrong direction. The reasonis that syzcaller managed to generate a request witha transfer direction o...

CVE-2024-26871

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix NULL pointer dereference in f2fs_submit_page_write() BUG: kernel NULL pointer dereference, address: 0000000000000014RIP: 0010:f2fs_submit_page_write+0x6cf/0x780 [f2fs]Call Trace:? show_regs+0x6e/0x80? __die+0x29/0x70? pag...

CVE-2024-27407

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fixed overflow check in mi_enum_attr()

CVE-2024-35922

In the Linux kernel, the following vulnerability has been resolved: fbmon: prevent division by zero in fb_videomode_from_videomode() The expression htotal * vtotal can have a zero value onoverflow. It is necessary to prevent division by zero like infb_var_to_videomode(). Found by Linux Verification...

CVE-2024-35936

In the Linux kernel, the following vulnerability has been resolved: btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() The unhandled case in btrfs_relocate_sys_chunks() loop is a corruption,as it could be caused only by two impossible conditions: at first the search key is set up ...

CVE-2024-35992

In the Linux kernel, the following vulnerability has been resolved: phy: marvell: a3700-comphy: Fix out of bounds read There is an out of bounds read access of 'gbe_phy_init_fix[fix_idx].addr'every iteration after 'fix_idx' reaches 'ARRAY_SIZE(gbe_phy_init_fix)'. Make sure 'gbe_phy_init[addr]' is u...

CVE-2024-36029

In the Linux kernel, the following vulnerability has been resolved: mmc: sdhci-msm: pervent access to suspended controller Generic sdhci code registers LED device and uses host->runtime_suspendedflag to protect access to it. The sdhci-msm driver doesn't set this flag,which causes a crash when LE...

CVE-2024-36934

In the Linux kernel, the following vulnerability has been resolved: bna: ensure the copied buf is NUL terminated Currently, we allocate a nbytes-sized kernel buffer and copy nbytes fromuserspace to that buffer. Later, we use sscanf on this buffer but we don'tensure that the string is terminated ins...

CVE-2024-39463

In the Linux kernel, the following vulnerability has been resolved: 9p: add missing locking around taking dentry fid list Fix a use-after-free on dentry's d_fsdata fid list when a threadlooks up a fid through dentry while another thread unlinks it: UAF thread:refcount_t: addition on 0; use-after-fr...

CVE-2024-41015

In the Linux kernel, the following vulnerability has been resolved: ocfs2: add bounds checking to ocfs2_check_dir_entry() This adds sanity checks for ocfs2_dir_entry to make sure all members ofocfs2_dir_entry don't stray beyond valid memory region.

CVE-2024-41048

In the Linux kernel, the following vulnerability has been resolved: skmsg: Skip zero length skb in sk_msg_recvmsg When running BPF selftests (./test_progs -t sockmap_basic) on a Loongarchplatform, the following kernel panic occurs: [...]Oops[#1]:CPU: 22 PID: 2824 Comm: test_progs Tainted: G OE 6.10...

CVE-2024-42098

In the Linux kernel, the following vulnerability has been resolved: crypto: ecdh - explicitly zeroize private_key private_key is overwritten with the key parameter passed in by thecaller (if present), or alternatively a newly generated private key.However, it is possible that the caller provides a ...

CVE-2024-42107

In the Linux kernel, the following vulnerability has been resolved: ice: Don't process extts if PTP is disabled The ice_ptp_extts_event() function can race with ice_ptp_release() andresult in a NULL pointer dereference which leads to a kernel panic. Panic occurs because the ice_ptp_extts_event() fu...

CVE-2024-42272

In the Linux kernel, the following vulnerability has been resolved: sched: act_ct: take care of padding in struct zones_ht_key Blamed commit increased lookup key size from 2 bytes to 16 bytes,because zones_ht_key got a struct net pointer. Make sure rhashtable_lookup() is not using the padding bytes...

CVE-2024-44975

In the Linux kernel, the following vulnerability has been resolved: cgroup/cpuset: fix panic caused by partcmd_update We find a bug as below:BUG: unable to handle page fault for address: 00000003PGD 0 P4D 0Oops: 0000 [#1] PREEMPT SMP NOPTICPU: 3 PID: 358 Comm: bash Tainted: G W I 6.6.0-10893-g60d6H...

CVE-2024-44999

In the Linux kernel, the following vulnerability has been resolved: gtp: pull network headers in gtp_dev_xmit() syzbot/KMSAN reported use of uninit-value in get_dev_xmit() [1] We must make sure the IPv4 or Ipv6 header is pulled in skb->headbefore accessing fields in them. Use pskb_inet_may_pull(...

CVE-2024-46715

In the Linux kernel, the following vulnerability has been resolved: driver: iio: add missing checks on iio_info's callback access Some callbacks from iio_info structure are accessed without any check, soif a driver doesn't implement them trying to access the correspondingsysfs entries produce a ker...

CVE-2024-46780

In the Linux kernel, the following vulnerability has been resolved: nilfs2: protect references to superblock parameters exposed in sysfs The superblock buffers of nilfs2 can not only be overwritten at runtimefor modifications/repairs, but they are also regularly swapped, replacedduring resizing, an...

CVE-2024-46818

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check gpio_id before used as array index [WHY & HOW]GPIO_ID_UNKNOWN (-1) is not a valid value for array index and thereforeshould be checked in advance. This fixes 5 OVERRUN issues reported by Coverity.

CVE-2024-46861

In the Linux kernel, the following vulnerability has been resolved: usbnet: ipheth: do not stop RX on failing RX callback RX callbacks can fail for multiple reasons: Payload too short Payload formatted incorrecly (e.g. bad NCM framing) Lack of memory None of these should cause the driver to seize u...

CVE-2024-49890

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: ensure the fw_info is not null before using it This resolves the dereference null return value warningreported by Coverity.