7807 matches found
CVE-2021-47390
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix stack-out-of-bounds memory access from ioapic_write_indirect() KASAN reports the following issue: BUG: KASAN: stack-out-of-bounds in kvm_make_vcpus_request_mask+0x174/0x440 [kvm]Read of size 8 at addr ffffc9001364f638...
CVE-2021-47394
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: unlink table before deleting it syzbot reports following UAF:BUG: KASAN: use-after-free in memcmp+0x18f/0x1c0 lib/string.c:955nla_strcmp+0xf2/0x130 lib/nlattr.c:836nft_table_lookup.part.0+0x1a2/0x460 net/netfi...
CVE-2021-47476
In the Linux kernel, the following vulnerability has been resolved: comedi: ni_usb6501: fix NULL-deref in command paths The driver uses endpoint-sized USB transfer buffers but had no sanitychecks on the sizes. This can lead to zero-size-pointer dereferences oroverflowed transfer buffers in ni6501_p...
CVE-2022-48692
In the Linux kernel, the following vulnerability has been resolved: RDMA/srp: Set scmnd->result only when scmnd is not NULL This change fixes the following kernel NULL pointer dereferencewhich is reproduced by blktests srp/007 occasionally. BUG: kernel NULL pointer dereference, address: 00000000...
CVE-2022-48748
In the Linux kernel, the following vulnerability has been resolved: net: bridge: vlan: fix memory leak in __allowed_ingress When using per-vlan state, if vlan snooping and stats are disabled,untagged or priority-tagged ingress frame will go to check pvid state.If the port state is forwarding and th...
CVE-2022-48793
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: nSVM: fix potential NULL derefernce on nested migration Turns out that due to review feedback and/or rebasesI accidentally moved the call to nested_svm_load_cr3 to be too early,before the NPT is enabled, which is very wro...
CVE-2022-48838
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: Fix use-after-free bug by not setting udc->dev.driver The syzbot fuzzer found a use-after-free bug: BUG: KASAN: use-after-free in dev_uevent+0x712/0x780 drivers/base/core.c:2320Read of size 8 at addr ffff88802b93409...
CVE-2022-48935
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: unregister flowtable hooks on netns exit Unregister flowtable hooks before they are releases vianf_tables_flowtable_destroy() otherwise hook core reports UAF. BUG: KASAN: use-after-free in nf_hook_entries_grow...
CVE-2022-49024
In the Linux kernel, the following vulnerability has been resolved: can: m_can: pci: add missing m_can_class_free_dev() in probe/remove methods In m_can_pci_remove() and error handling path of m_can_pci_probe(),m_can_class_free_dev() should be called to free resource allocated bym_can_class_allocat...
CVE-2022-49082
In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix use after free in _scsih_expander_node_remove() The function mpt3sas_transport_port_remove() called in_scsih_expander_node_remove() frees the port field of the sas_expanderstructure, leading to the following use-...
CVE-2022-49208
In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Prevent some integer underflows My static checker complains that: drivers/infiniband/hw/irdma/ctrl.c:3605 irdma_sc_ceq_init() warn: can subtract underflow 'info->dev->hmc_fpm_misc.max_ceqs'? It appears that "info-...
CVE-2022-49221
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: populate connector of struct dp_panel DP CTS test case 4.2.2.6 has valid edid with bad checksum on purposeand expect DP source return correct checksum. During drm edid read,correct edid checksum is calculated and stored...
CVE-2022-49369
In the Linux kernel, the following vulnerability has been resolved: amt: fix possible memory leak in amt_rcv() If an amt receives packets and it finds socket.If it can't find a socket, it should free a received skb.But it doesn't.So, a memory leak would possibly occur.
CVE-2022-49480
In the Linux kernel, the following vulnerability has been resolved: ASoC: imx-hdmi: Fix refcount leak in imx_hdmi_probe of_find_device_by_node() takes reference, we should use put_device()to release it. when devm_kzalloc() fails, it doesn't have aput_device(), it will cause refcount leak.Add missin...
CVE-2022-49676
In the Linux kernel, the following vulnerability has been resolved: memory: samsung: exynos5422-dmc: Fix refcount leak in of_get_dram_timings of_parse_phandle() returns a node pointer with refcountincremented, we should use of_node_put() on it when not need anymore.This function doesn't call of_nod...
CVE-2022-49704
In the Linux kernel, the following vulnerability has been resolved: 9p: fix fid refcount leak in v9fs_vfs_get_link we check for protocol version later than required, after a fid hasbeen obtained. Just move the version check earlier.
CVE-2022-49892
In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix use-after-free for dynamic ftrace_ops KASAN reported a use-after-free with ftrace ops [1]. It was found fromvmcore that perf had registered two ops with the same contentsuccessively, both dynamic. After unregistering th...
CVE-2023-52505
In the Linux kernel, the following vulnerability has been resolved: phy: lynx-28g: serialize concurrent phy_set_mode_ext() calls to shared registers The protocol converter configuration registers PCC8, PCCC, PCCD(implemented by the driver), as well as others, control protocolconverters from multipl...
CVE-2023-52559
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Avoid memory allocation in iommu_suspend() The iommu_suspend() syscore suspend callback is invoked with IRQ disabled.Allocating memory with the GFP_KERNEL flag may re-enable IRQs duringthe suspend callback, which can ca...
CVE-2023-52702
In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix possible memory leak in ovs_meter_cmd_set() old_meter needs to be free after it is detached regardless of whetherthe new meter is successfully attached.
CVE-2023-52860
In the Linux kernel, the following vulnerability has been resolved: drivers/perf: hisi: use cpuhp_state_remove_instance_nocalls() for hisi_hns3_pmu uninit process When tearing down a 'hisi_hns3' PMU, we mistakenly run the CPU hotplugcallbacks after the device has been unregistered, leading to firew...
CVE-2023-52894
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate() In Google internal bug 265639009 we've received an (as yet) unreproduciblecrash report from an aarch64 GKI 5.10.149-android13 running device. AFAICT the source code ...
CVE-2024-26652
In the Linux kernel, the following vulnerability has been resolved: net: pds_core: Fix possible double free in error handling path When auxiliary_device_add() returns error and then callsauxiliary_device_uninit(), Callback function pdsc_auxbus_dev_releasecalls kfree(padev) to free memory. We should...
CVE-2024-26724
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: DPLL, Fix possible use after free after delayed work timer triggers I managed to hit following use after free warning recently: [ 2169.711665] ==================================================================[ 2169.71400...
CVE-2024-26849
In the Linux kernel, the following vulnerability has been resolved: netlink: add nla be16/32 types to minlen array BUG: KMSAN: uninit-value in nla_validate_range_unsigned lib/nlattr.c:222 [inline]BUG: KMSAN: uninit-value in nla_validate_int_range lib/nlattr.c:336 [inline]BUG: KMSAN: uninit-value in...
CVE-2024-35920
In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: adding lock to protect decoder context list Add a lock for the ctx_list, to avoid accessing a NULL pointerwithin the 'vpu_dec_ipi_handler' function when the ctx_list hasbeen deleted due to an unexpected beh...
CVE-2024-35948
In the Linux kernel, the following vulnerability has been resolved: bcachefs: Check for journal entries overruning end of sb clean section Fix a missing bounds check in superblock validation. Note that we don't yet have repair code for this case - repair code forindividual items is generally low pr...
CVE-2024-40969
In the Linux kernel, the following vulnerability has been resolved: f2fs: don't set RO when shutting down f2fs Shutdown does not check the error of thaw_super due to readonly, whichcauses a deadlock like below. f2fs_ioc_shutdown(F2FS_GOING_DOWN_FULLSYNC) issue_discard_thread bdev_freeze freeze_supe...
CVE-2024-44968
In the Linux kernel, the following vulnerability has been resolved: tick/broadcast: Move per CPU pointer access into the atomic section The recent fix for making the take over of the broadcast timer morereliable retrieves a per CPU pointer in preemptible context. This went unnoticed as compilers ho...
CVE-2024-46687
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix a use-after-free when hitting errors inside btrfs_submit_chunk() [BUG]There is an internal report that KASAN is reporting use-after-free, withthe following backtrace: BUG: KASAN: slab-use-after-free in btrfs_check_read_b...
CVE-2024-47708
In the Linux kernel, the following vulnerability has been resolved: netkit: Assign missing bpf_net_context During the introduction of struct bpf_net_context handling forXDP-redirect, the netkit driver has been missed, which also requires itbecause NETKIT_REDIRECT invokes skb_do_redirect() which is ...
CVE-2024-49979
In the Linux kernel, the following vulnerability has been resolved: net: gso: fix tcp fraglist segmentation after pull from frag_list Detect tcp gso fraglist skbs with corrupted geometry (see below) andpass these to skb_segment instead of skb_segment_list, as the firstcan segment them correctly. Va...
CVE-2024-50113
In the Linux kernel, the following vulnerability has been resolved: firewire: core: fix invalid port index for parent device In a commit 24b7f8e5cd65 ("firewire: core: use helper functions for selfID sequence"), the enumeration over self ID sequence was refactored withsome helper functions with KUn...
CVE-2024-50144
In the Linux kernel, the following vulnerability has been resolved: drm/xe: fix unbalanced rpm put() with fence_fini() Currently we can call fence_fini() twice if something goes wrong whensending the GuC CT for the tlb request, since we signal the fence andreturn an error, leading to the caller als...
CVE-2024-50204
In the Linux kernel, the following vulnerability has been resolved: fs: don't try and remove empty rbtree node When copying a namespace we won't have added the new copy into thenamespace rbtree until after the copy succeeded. Calling free_mnt_ns()will try to remove the copy from the rbtree which is...
CVE-2024-53182
In the Linux kernel, the following vulnerability has been resolved: Revert "block, bfq: merge bfq_release_process_ref() into bfq_put_cooperator()" This reverts commit bc3b1e9e7c50e1de0f573eea3871db61dd4787de. The bic is associated with sync_bfqq, and bfq_release_process_ref cannotbe put into bfq_pu...
CVE-2024-53192
In the Linux kernel, the following vulnerability has been resolved: clk: clk-loongson2: Fix potential buffer overflow in flexible-array member access Flexible-array member hws in struct clk_hw_onecell_data is annotatedwith the counted_by() attribute. This means that when memory isallocated for this...
CVE-2024-53199
In the Linux kernel, the following vulnerability has been resolved: ASoC: imx-audmix: Add NULL check in imx_audmix_probe devm_kasprintf() can return a NULL pointer on failure,but thisreturned value in imx_audmix_probe() is not checked.Add NULL check in imx_audmix_probe(), to handle kernel NULLpoint...
CVE-2024-57943
In the Linux kernel, the following vulnerability has been resolved: exfat: fix the new buffer was not zeroed before writing Before writing, if a buffer_head marked as new, its data mustbe zeroed, otherwise uninitialized data in the page cache willbe written. So this commit uses folio_zero_new_buffe...
CVE-2025-21695
In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-uart-backlight: fix serdev race The dell_uart_bl_serdev_probe() function calls devm_serdev_device_open()before setting the client ops via serdev_device_set_client_ops(). Thisordering can trigger a NULL pointer de...
CVE-2025-22000
In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: drop beyond-EOF folios with the right number of refs When an after-split folio is large and needs to be dropped due to EOF,folio_put_refs(folio, folio_nr_pages(folio)) should be used to drop allpage cache refs. Othe...
CVE-2025-22067
In the Linux kernel, the following vulnerability has been resolved: spi: cadence: Fix out-of-bounds array access in cdns_mrvl_xspi_setup_clock() If requested_clk > 128, cdns_mrvl_xspi_setup_clock() iterates over theentire cdns_mrvl_xspi_clk_div_list array without breaking out early,causing 'i' t...
CVE-2003-0018
Linux kernel 2.4.10 through 2.4.21-pre4 does not properly handle the O_DIRECT feature, which allows local attackers with write privileges to read portions of previously deleted files, or cause file system corruption.
CVE-2005-2456
Array index overflow in the xfrm_sk_policy_insert function in xfrm_user.c in Linux kernel 2.6 allows local users to cause a denial of service (oops or deadlock) and possibly execute arbitrary code via a p->dir value that is larger than XFRM_POLICY_OUT, which is used as an index in the sock->s...
CVE-2005-3055
Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a denial of service (kernel OOPS) via a userspace process that issues a USB Request Block (URB) to a USB device and terminates before the URB is finished, which leads to a stale pointer reference.
CVE-2005-3272
Linux kernel before 2.6.12 allows remote attackers to poison the bridge forwarding table using frames that have already been dropped by filtering, which can cause the bridge to forward spoofed packets.
CVE-2005-3273
The rose_rt_ioctl function in rose_route.c for Radionet Open Source Environment (ROSE) in Linux 2.6 kernels before 2.6.12, and 2.4 before 2.4.29, does not properly verify the ndigis argument for a new route, which allows attackers to trigger array out-of-bounds errors with a large number of digipea...
CVE-2005-3276
The sys_get_thread_area function in process.c in Linux 2.6 before 2.6.12.4 and 2.6.13 does not clear a data structure before copying it to userspace, which might allow a user process to obtain sensitive information.
CVE-2005-3356
The mq_open system call in Linux kernel 2.6.9, in certain situations, can decrement a counter twice ("double decrement") as a result of multiple calls to the mntput function when the dentry_open function call fails, which allows local users to cause a denial of service (panic) via unspecified attac...
CVE-2006-1525
ip_route_input in Linux kernel 2.6 before 2.6.16.8 allows local users to cause a denial of service (panic) via a request for a route for a multicast IP address, which triggers a null dereference.