10868 matches found
CVE-2022-3533
A vulnerability was found in Linux Kernel. It has been rated as problematic. This issue affects the function parse_usdt_arg of the file tools/lib/bpf/usdt.c of the component BPF. The manipulation of the argument reg_name leads to memory leak. It is recommended to apply a patch to fix this issue. Th...
CVE-2022-48666
In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix a use-after-free There are two .exit_cmd_priv implementations. Both implementations useresources associated with the SCSI host. Make sure that these resources arestill available when .exit_cmd_priv is called by wait...
CVE-2022-48689
In the Linux kernel, the following vulnerability has been resolved: tcp: TX zerocopy should not sense pfmemalloc status We got a recent syzbot report [1] showing a possible misuseof pfmemalloc page status in TCP zerocopy paths. Indeed, for pages coming from user space or other layers,using page_is_...
CVE-2022-48775
In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj kobject_init_and_add() takes reference even when it fails.According to the doc of kobject_init_and_add(): If this function returns an error, kobject_put() must be called...
CVE-2022-48790
In the Linux kernel, the following vulnerability has been resolved: nvme: fix a possible use-after-free in controller reset during load Unlike .queue_rq, in .submit_async_event drivers may not check the ctrlreadiness for AER submission. This may lead to a use-after-freecondition that was observed w...
CVE-2022-49044
In the Linux kernel, the following vulnerability has been resolved: dm integrity: fix memory corruption when tag_size is less than digest size It is possible to set up dm-integrity in such a way that the"tag_size" parameter is less than the actual digest size. In thissituation, a part of the digest...
CVE-2022-49085
In the Linux kernel, the following vulnerability has been resolved: drbd: Fix five use after free bugs in get_initial_state In get_initial_state, it calls notify_initial_state_done(skb,..) ifcb->args[5]==1. If genlmsg_put() failed in notify_initial_state_done(),the skb will be freed by nlmsg_fre...
CVE-2022-49103
In the Linux kernel, the following vulnerability has been resolved: NFSv4.2: fix reference count leaks in _nfs42_proc_copy_notify() [You don't often get email from [email protected]. Learn why this is important at http://aka.ms/LearnAboutSenderIdentification.] The reference counting issue happe...
CVE-2022-49131
In the Linux kernel, the following vulnerability has been resolved: ath11k: fix kernel panic during unload/load ath11k modules Call netif_napi_del() from ath11k_ahb_free_ext_irq() to fixthe following kernel panic when unload/load ath11k modulesfor few iterations. [ 971.201365] Unable to handle kern...
CVE-2022-49151
In the Linux kernel, the following vulnerability has been resolved: can: mcba_usb: properly check endpoint type Syzbot reported warning in usb_submit_urb() which is caused by wrongendpoint type. We should check that in endpoint is actually present toprevent this warning. Found pipes are now saved t...
CVE-2022-49154
In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: fix panic on out-of-bounds guest IRQ As guest_irq is coming from KVM_IRQFD API call, it may triggercrash in svm_update_pi_irte() due to out-of-bounds: crash> btPID: 22218 TASK: ffff951a6ad74980 CPU: 73 COMMAND: "vcpu8"...
CVE-2022-49201
In the Linux kernel, the following vulnerability has been resolved: ibmvnic: fix race between xmit and reset There is a race between reset and the transmit paths that can lead toibmvnic_xmit() accessing an scrq after it has been freed in the resetpath. It can result in a crash like: Kernel attempte...
CVE-2022-49209
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix memleak in tcp_bpf_sendmsg while sk msg is full If tcp_bpf_sendmsg() is running while sk msg is full. When sk_msg_alloc()returns -ENOMEM error, tcp_bpf_sendmsg() goes to wait_for_memory. If partialmemory has been ...
CVE-2022-49248
In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction AV/C deferred transaction was supported at a commit 00a7bb81c20f ("ALSA:firewire-lib: Add support for deferred transaction") while 'deferrable'flag can be uni...
CVE-2022-49259
In the Linux kernel, the following vulnerability has been resolved: block: don't delete queue kobject before its children kobjects aren't supposed to be deleted before their child kobjects aredeleted. Apparently this is usually benign; however, a WARN will betriggered if one of the child kobjects h...
CVE-2022-49308
In the Linux kernel, the following vulnerability has been resolved: extcon: Modify extcon device to be created after driver data is set Currently, someone can invoke the sysfs such as state_show()intermittently before dev_set_drvdata() is done.And it can be a cause of kernel Oops because of edev is...
CVE-2022-49311
In the Linux kernel, the following vulnerability has been resolved: drivers: staging: rtl8192bs: Fix deadlock in rtw_joinbss_event_prehandle() There is a deadlock in rtw_joinbss_event_prehandle(), which is shownbelow: (Thread 1) | (Thread 2)| _set_timer()rtw_joinbss_event_prehandle()| mod_timer()sp...
CVE-2022-49327
In the Linux kernel, the following vulnerability has been resolved: bcache: avoid journal no-space deadlock by reserving 1 journal bucket The journal no-space deadlock was reported time to time. Such deadlockcan happen in the following situation. When all journal buckets are fully filled by active ...
CVE-2022-49331
In the Linux kernel, the following vulnerability has been resolved: nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling Error paths do not free previously allocated memory. Add devm_kfree() tothose failure paths.
CVE-2022-49514
In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe Call of_node_put(platform_node) to avoid refcount leak inthe error path.
CVE-2022-49657
In the Linux kernel, the following vulnerability has been resolved: usbnet: fix memory leak in error case usbnet_write_cmd_async() mixed up which buffersneed to be freed in which error case. v2: add Fixes tagv3: fix uninitialized buf pointer
CVE-2022-49694
In the Linux kernel, the following vulnerability has been resolved: block: disable the elevator int del_gendisk The elevator is only used for file system requests, which are stopped indel_gendisk. Move disabling the elevator and freeing the scheduler tagsto the end of del_gendisk instead of doing t...
CVE-2022-49788
In the Linux kernel, the following vulnerability has been resolved: misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() struct vmci_event_qp allocated by qp_notify_peer() contains padding,which may carry uninitialized data to the userspace, as observed byKMSAN: BUG: KMSAN: kernel-info...
CVE-2022-49862
In the Linux kernel, the following vulnerability has been resolved: tipc: fix the msg->req tlv len check in tipc_nl_compat_name_table_dump_header This is a follow-up for commit 974cb0e3e7c9 ("tipc: fix uninit-valuein tipc_nl_compat_name_table_dump") where it should have type castedsizeof(..) to ...
CVE-2023-0240
There is a logic error in io_uring's implementation which can be used to trigger a use-after-free vulnerability leading to privilege escalation. In the io_prep_async_work function the assumption that the last io_grab_identity call cannot return false is not true, and in this case the function will ...
CVE-2023-20844
In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07354058; Issue ID: ALPS07340121.
CVE-2023-32252
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_LOGOFF commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this vulnerability to create...
CVE-2023-32257
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_SESSION_SETUP and SMB2_LOGOFF commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage t...
CVE-2023-52500
In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Avoid leaking tags when processing OPC_INB_SET_CONTROLLER_CONFIG command Tags allocated for OPC_INB_SET_CONTROLLER_CONFIG command need to be freedwhen we receive the response.
CVE-2023-52568
In the Linux kernel, the following vulnerability has been resolved: x86/sgx: Resolves SECS reclaim vs. page fault for EAUG race The SGX EPC reclaimer (ksgxd) may reclaim the SECS EPC page for anenclave and set secs.epc_page to NULL. The SECS page is used for EAUGand ELDU in the SGX page fault handl...
CVE-2023-52611
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: sdio: Honor the host max_req_size in the RX path Lukas reports skb_over_panic errors on his Banana Pi BPI-CM4 which comeswith an Amlogic A311D (G12B) SoC and a RTL8822CS SDIO wifi/Bluetoothcombo card. The error he obse...
CVE-2023-52654
In the Linux kernel, the following vulnerability has been resolved: io_uring/af_unix: disable sending io_uring over sockets File reference cycles have caused lots of problems for io_uringin the past, and it still doesn't work exactly right and races withunix_stream_read_generic(). The safest fix wo...
CVE-2023-52778
In the Linux kernel, the following vulnerability has been resolved: mptcp: deal with large GSO size After the blamed commit below, the TCP sockets (and the MPTCP subflows)can build egress packets larger than 64K. That exceeds the maximum DSSdata size, the length being misrepresent on the wire and t...
CVE-2023-52818
In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 For pptable structs that use flexible array sizes, use flexible arrays.
CVE-2023-52843
In the Linux kernel, the following vulnerability has been resolved: llc: verify mac len before reading mac header LLC reads the mac header with eth_hdr without verifying that the skbhas an Ethernet header. Syzbot was able to enter llc_rcv on a tun device. Tun can insertpackets without mac len and w...
CVE-2023-52854
In the Linux kernel, the following vulnerability has been resolved: padata: Fix refcnt handling in padata_free_shell() In a high-load arm64 environment, the pcrypt_aead01 test in LTP can leadto system UAF (Use-After-Free) issues. Due to the lengthy analysis ofthe pcrypt_aead01 function call, I'll d...
CVE-2023-52974
In the Linux kernel, the following vulnerability has been resolved: scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress If during iscsi_sw_tcp_session_create() iscsi_tcp_r2tpool_alloc() fails,userspace could be accessing the host's ipaddress attr. If we then free thesession via...
CVE-2023-52984
In the Linux kernel, the following vulnerability has been resolved: net: phy: dp83822: Fix null pointer access on DP83825/DP83826 devices The probe() function is only used for the DP83822 PHY, leaving theprivate data pointer uninitialized for the smaller DP83825/26 models.While all uses of the priv...
CVE-2023-53065
In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix perf_output_begin parameter is incorrectly invoked in perf_event_bpf_output syzkaller reportes a KASAN issue with stack-out-of-bounds.The call trace is as follows:dump_stack+0x9c/0xd3print_address_description.constpr...
CVE-2023-53073
In the Linux kernel, the following vulnerability has been resolved: perf/x86/amd/core: Always clear status for idx The variable 'status' (which contains the unhandled overflow bits) isnot being properly masked in some cases, displaying the followingwarning: WARNING: CPU: 156 PID: 475601 at arch/x86...
CVE-2023-53121
In the Linux kernel, the following vulnerability has been resolved: tcp: tcp_make_synack() can be called from process context tcp_rtx_synack() now could be called in process context as explained in0a375c822497 ("tcp: tcp_rtx_synack() can be called from processcontext"). tcp_rtx_synack() might call ...
CVE-2023-53132
In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix mpi3mr_hba_port memory leak in mpi3mr_remove() Free mpi3mr_hba_port at .remove.
CVE-2024-35883
In the Linux kernel, the following vulnerability has been resolved: spi: mchp-pci1xxx: Fix a possible null pointer dereference in pci1xxx_spi_probe In function pci1xxxx_spi_probe, there is a potential null pointer thatmay be caused by a failed memory allocation by the function devm_kzalloc.Hence, a...
CVE-2024-35917
In the Linux kernel, the following vulnerability has been resolved: s390/bpf: Fix bpf_plt pointer arithmetic Kui-Feng Lee reported a crash on s390x triggered by thedummy_st_ops/dummy_init_ptr_arg test [1]: [] 0x2[] bpf_struct_ops_test_run+0x156/0x250[] __sys_bpf+0xa1a/0xd00[] __s390x_sys_bpf+0x44/0...
CVE-2024-35981
In the Linux kernel, the following vulnerability has been resolved: virtio_net: Do not send RSS key if it is not supported There is a bug when setting the RSS options in virtio_net that can breakthe whole machine, getting the kernel into an infinite loop. Running the following command in any QEMU v...
CVE-2024-36912
In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl In CoCo VMs it is possible for the untrusted host to causeset_memory_encrypted() or set_memory_decrypted() to fail such that anerror is returned and the resulting memory is ...
CVE-2024-36915
In the Linux kernel, the following vulnerability has been resolved: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies syzbot reported unsafe calls to copy_from_sockptr() [1] Use copy_safe_from_sockptr() instead. [1] BUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset include/linux/sockptr.h...
CVE-2024-36923
In the Linux kernel, the following vulnerability has been resolved: fs/9p: fix uninitialized values during inode evict If an iget fails due to not being able to retrieve informationfrom the server then the inode structure is only partiallyinitialized. When the inode gets evicted, references tounini...
CVE-2024-38552
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential index out of bounds in color transformation function Fixes index out of bounds issue in the color transformation function.The issue could occur when the index 'i' exceeds the number of transferfunctio...
CVE-2024-39293
In the Linux kernel, the following vulnerability has been resolved: Revert "xsk: Support redirect to any socket bound to the same umem" This reverts commit 2863d665ea41282379f108e4da6c8a2366ba66db. This patch introduced a potential kernel crash when multiple napi instancesredirect to the same AF_XD...