10868 matches found
CVE-2017-18550
An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. There is potential exposure of kernel stack memory because aac_get_hba_info does not initialize the hbainfo structure.
CVE-2018-11412
In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode.
CVE-2018-12904
In arch/x86/kvm/vmx.c in the Linux kernel before 4.17.2, when nested virtualization is used, local attackers could cause L1 KVM guests to VMEXIT, potentially allowing privilege escalations and denial of service attacks due to lack of checking of CPL.
CVE-2018-6559
The Linux kernel, as used in Ubuntu 18.04 LTS and Ubuntu 18.10, allows local users to obtain names of files in which they would not normally be able to access via an overlayfs mount inside of a user namespace.
CVE-2021-47086
In the Linux kernel, the following vulnerability has been resolved: phonet/pep: refuse to enable an unbound pipe This ioctl() implicitly assumed that the socket was already bound toa valid local socket name, i.e. Phonet object. If the socket was notbound, two separate problems would occur: We'd sen...
CVE-2021-47112
In the Linux kernel, the following vulnerability has been resolved: x86/kvm: Teardown PV features on boot CPU as well Various PV features (Async PF, PV EOI, steal time) work through memoryshared with hypervisor and when we restore from hibernation we mustproperly teardown all these features to make...
CVE-2021-47194
In the Linux kernel, the following vulnerability has been resolved: cfg80211: call cfg80211_stop_ap when switch from P2P_GO type If the userspace tools switch from NL80211_IFTYPE_P2P_GO toNL80211_IFTYPE_ADHOC via send_msg(NL80211_CMD_SET_INTERFACE), itdoes not call the cleanup cfg80211_stop_ap(), t...
CVE-2021-47323
In the Linux kernel, the following vulnerability has been resolved: watchdog: sc520_wdt: Fix possible use-after-free in wdt_turnoff() This module's remove path calls del_timer(). However, that functiondoes not wait until the timer handler finishes. This means that thetimer handler may still be runn...
CVE-2021-47342
In the Linux kernel, the following vulnerability has been resolved: ext4: fix possible UAF when remounting r/o a mmp-protected file system After commit 618f003199c6 ("ext4: fix memory leak inext4_fill_super"), after the file system is remounted read-only, thereis a race where the kmmpd thread can e...
CVE-2021-47434
In the Linux kernel, the following vulnerability has been resolved: xhci: Fix command ring pointer corruption while aborting a command The command ring pointer is located at [6:63] bits of the commandring control register (CRCR). All the control bits like command stop,abort are located at [0:3] bit...
CVE-2021-47622
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: Fix a deadlock in the error handler The following deadlock has been observed on a test setup: All tags allocated The SCSI error handler calls ufshcd_eh_host_reset_handler() ufshcd_eh_host_reset_handler() queues work that...
CVE-2021-47634
In the Linux kernel, the following vulnerability has been resolved: ubi: Fix race condition between ctrl_cdev_ioctl and ubi_cdev_ioctl Hulk Robot reported a KASAN report about use-after-free: BUG: KASAN: use-after-free in __list_del_entry_valid+0x13d/0x160Read of size 8 at addr ffff888035e37d98 by ...
CVE-2021-47645
In the Linux kernel, the following vulnerability has been resolved: media: staging: media: zoran: calculate the right buffer number for zoran_reap_stat_com On the case tmp_dcim=1, the index of buffer is miscalculated.This generate a NULL pointer dereference later. So let's fix the calcul and add a ...
CVE-2022-48424
In the Linux kernel before 6.1.3, fs/ntfs3/inode.c does not validate the attribute name offset. An unhandled page fault may occur.
CVE-2022-48816
In the Linux kernel, the following vulnerability has been resolved: SUNRPC: lock against ->sock changing during sysfs read ->sock can be set to NULL asynchronously unless ->recv_mutex is held.So it is important to hold that mutex. Otherwise a sysfs read cantrigger an oops.Commit 17f09d3f61...
CVE-2022-48829
In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes iattr::ia_size is a loff_t, so these NFSv3 procedures must becareful to deal with incoming client size values that are largerthan s64_max without corrupting the value. S...
CVE-2022-48904
In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Fix I/O page table memory leak The current logic updates the I/O page table mode for the domainbefore calling the logic to free memory used for the page table.This results in IOMMU page table memory leak, and can be obse...
CVE-2022-49102
In the Linux kernel, the following vulnerability has been resolved: habanalabs: fix possible memory leak in MMU DR fini This patch fixes what seems to be copy paste error. We will have a memory leak if the host-resident shadow is NULL (whichwill likely happen as the DR and HR are not dependent).
CVE-2022-49247
In the Linux kernel, the following vulnerability has been resolved: media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED If the callback 'start_streaming' fails, then allqueued buffers in the driver should be returned withstate 'VB2_BUF_STATE_QUEUED'. Currently, they arer...
CVE-2022-49326
In the Linux kernel, the following vulnerability has been resolved: rtl818x: Prevent using not initialized queues Using not existing queues can panic the kernel with rtl8180/rtl8185 cards.Ignore the skb priority for those cards, they only have one tx queue. PierreAsselin ([email protected]) reported the...
CVE-2022-49358
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: memleak flow rule from commit path Abort path release flow rule object, however, commit path does not.Update code to destroy these objects before releasing the transaction.
CVE-2022-49414
In the Linux kernel, the following vulnerability has been resolved: ext4: fix race condition between ext4_write and ext4_convert_inline_data Hulk Robot reported a BUG_ON: EXT4-fs error (device loop3): ext4_mb_generate_buddy:805: group 0,block bitmap and bg descriptor inconsistent: 25 vs 31513 free ...
CVE-2022-49478
In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init Syzbot reported that -1 is used as array index. The problem was inmissing validation check. hdw->unit_number is initialized with -1 and then if init table walk ...
CVE-2022-49860
In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: k3-udma-glue: fix memory leak when register device fail If device_register() fails, it should call put_device() to giveup reference, the name allocated in dev_set_name() can be freedin callback function kobject_clean...
CVE-2023-52561
In the Linux kernel, the following vulnerability has been resolved: arm64: dts: qcom: sdm845-db845c: Mark cont splash memory region as reserved Adding a reserved memory region for the framebuffer memory(the splash memory region set up by the bootloader). It fixes a kernel panic (arm-smmu: Unhandled...
CVE-2023-52693
In the Linux kernel, the following vulnerability has been resolved: ACPI: video: check for error while searching for backlight device parent If acpi_get_parent() called in acpi_video_dev_register_backlight()fails, for example, because acpi_ut_acquire_mutex() fails insideacpi_get_parent), this can l...
CVE-2023-52875
In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data Add the check for the return value of mtk_alloc_clk_data() in order toavoid NULL pointer dereference.
CVE-2023-53120
In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix config page DMA memory leak A fix for: DMA-API: pci 0000:83:00.0: device driver has pending DMA allocations while released from device [count=1]
CVE-2024-26699
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix array-index-out-of-bounds in dcn35_clkmgr [Why]There is a potential memory access violation whileiterating through array of dcn35 clks. [How]Limit iteration per array size.
CVE-2024-26705
In the Linux kernel, the following vulnerability has been resolved: parisc: BTLB: Fix crash when setting up BTLB at CPU bringup When using hotplug and bringing up a 32-bit CPU, ask the firmware about theBTLB information to set up the static (block) TLB entries. For that write access to the static b...
CVE-2024-26745
In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV When kdump kernel tries to copy dump data over SR-IOV, LPAR panics dueto NULL pointer exception: Kernel attempted to read user page (0) - exploit attempt? ...
CVE-2024-26833
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix memory leak in dm_sw_fini() After destroying dmub_srv, the memory associated with it isnot freed, causing a memory leak: unreferenced object 0xffff896302b45800 (size 1024):comm "(udev-worker)", pid 222, jiffies...
CVE-2024-26869
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to truncate meta inode pages forcely Below race case can cause data corruption: Thread A GC thread- gc_data_segment- ra_data_block- locked meta_inode page f2fs_inplace_write_data invalidate_mapping_pages: fail to invalida...
CVE-2024-27021
In the Linux kernel, the following vulnerability has been resolved: r8169: fix LED-related deadlock on module removal Binding devm_led_classdev_register() to the netdev is problematicbecause on module removal we get a RTNL-related deadlock. Fix thisby avoiding the device-managed LED functions. Note...
CVE-2024-35813
In the Linux kernel, the following vulnerability has been resolved: mmc: core: Avoid negative index with array access Commit 4d0c8d0aef63 ("mmc: core: Use mrq.sbc in close-ended ffu") assignsprev_idata = idatas[i - 1], but doesn't check that the iterator i isgreater than zero. Let's fix this by add...
CVE-2024-35815
In the Linux kernel, the following vulnerability has been resolved: fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion The first kiocb_set_cancel_fn() argument may point at a struct kiocbthat is not embedded inside struct aio_kiocb. With the current code,depending on the compiler, the...
CVE-2024-35826
In the Linux kernel, the following vulnerability has been resolved: block: Fix page refcounts for unaligned buffers in __bio_release_pages() Fix an incorrect number of pages being released for buffers that do notstart at the beginning of a page.
CVE-2024-35851
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix NULL-deref on non-serdev suspend Qualcomm ROME controllers can be registered from the Bluetooth linediscipline and in this case the HCI UART serdev pointer is NULL. Add the missing sanity check to prevent a NULL...
CVE-2024-35949
In the Linux kernel, the following vulnerability has been resolved: btrfs: make sure that WRITTEN is set on all metadata blocks We previously would call btrfs_check_leaf() if we had the checkintegrity code enabled, which meant that we could only run the extendedleaf checks if we had WRITTEN set on ...
CVE-2024-35970
In the Linux kernel, the following vulnerability has been resolved: af_unix: Clear stale u->oob_skb. syzkaller started to report deadlock of unix_gc_lock after commit4090fa373f0e ("af_unix: Replace garbage collection algorithm."), butit just uncovers the bug that has been there since commit 3140...
CVE-2024-38637
In the Linux kernel, the following vulnerability has been resolved: greybus: lights: check return of get_channel_from_mode If channel for the given node is not found we return null fromget_channel_from_mode. Make sure we validate the return pointerbefore using it in two of the missing places. This ...
CVE-2024-40939
In the Linux kernel, the following vulnerability has been resolved: net: wwan: iosm: Fix tainted pointer delete is case of region creation fail In case of region creation fail in ipc_devlink_create_region(), previouslycreated regions delete process starts from tainted pointer which actuallyholds er...
CVE-2024-41034
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix kernel bug on rename operation of broken directory Syzbot reported that in rename directory operation on broken directory onnilfs2, __block_write_begin_int() called to prepare block write may failBUG_ON check for access...
CVE-2024-41072
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: wext: add extra SIOCSIWSCAN data check In 'cfg80211_wext_siwscan()', add extra check whether number ofchannels passed via 'ioctl(sock, SIOCSIWSCAN, ...)' doesn't exceedIW_MAX_FREQUENCIES and reject invalid request w...
CVE-2024-42065
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Add a NULL check in xe_ttm_stolen_mgr_init Add an explicit check to ensure that the mgr is not NULL.
CVE-2024-42087
In the Linux kernel, the following vulnerability has been resolved: drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep The ilitek-ili9881c controls the reset GPIO using the non-sleepinggpiod_set_value() function. This complains loudly when the GPIOcontroller needs to sleep. As...
CVE-2024-42160
In the Linux kernel, the following vulnerability has been resolved: f2fs: check validation of fault attrs in f2fs_build_fault_attr() It missed to check validation of fault attrs in parse_options(),let's fix to add check condition in f2fs_build_fault_attr(). Use f2fs_build_fault_attr() in __sbi_stor...
CVE-2024-42285
In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix a use-after-free related to destroying CM IDs iw_conn_req_handler() associates a new struct rdma_id_private (conn_id) withan existing struct iw_cm_id (cm_id) as follows: conn_id->cm_id.iw = cm_id; cm_id->contex...
CVE-2024-43861
In the Linux kernel, the following vulnerability has been resolved: net: usb: qmi_wwan: fix memory leak for not ip packets Free the unused skb when not ip packets arrive.
CVE-2024-43895
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Skip Recompute DSC Params if no Stream on Link [why]Encounter NULL pointer dereference uner mst + dsc setup. BUG: kernel NULL pointer dereference, address: 0000000000000008PGD 0 P4D 0Oops: 0000 [#1] PREEMPT SMP NOP...