10741 matches found
CVE-2024-39296
In the Linux kernel, the following vulnerability has been resolved: bonding: fix oops during rmmod "rmmod bonding" causes an oops ever since commit cc317ea3d927 ("bonding:remove redundant NULL check in debugfs function"). Here are the relevantfunctions being called: bonding_exit()bond_destroy_debug...
CVE-2024-40909
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a potential use-after-free in bpf_link_free() After commit 1a80dbcb2dba, bpf_link can be freed bylink->ops->dealloc_deferred, but the code still tests and useslink->ops->dealloc afterward, which leads to a use-...
CVE-2024-40916
In the Linux kernel, the following vulnerability has been resolved: drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found When reading EDID fails and driver reports no modes available, the DRMcore adds an artificial 1024x786 mode to the connector. Unfortunatelysome variants of...
CVE-2024-40920
In the Linux kernel, the following vulnerability has been resolved: net: bridge: mst: fix suspicious rcu usage in br_mst_set_state I converted br_mst_set_state to RCU to avoid a vlan use-after-freebut forgot to change the vlan group dereference helper. Switch to vlangroup RCU deref helper to fix th...
CVE-2024-40921
In the Linux kernel, the following vulnerability has been resolved: net: bridge: mst: pass vlan group directly to br_mst_vlan_set_state Pass the already obtained vlan group pointer to br_mst_vlan_set_state()instead of dereferencing it again. Each caller has already correctlydereferenced it for thei...
CVE-2024-40994
In the Linux kernel, the following vulnerability has been resolved: ptp: fix integer overflow in max_vclocks_store On 32bit systems, the "4 * max" multiply can overflow. Use kcalloc()to do the allocation to prevent this.
CVE-2024-41027
In the Linux kernel, the following vulnerability has been resolved: Fix userfaultfd_api to return EINVAL as expected Currently if we request a feature that is not set in the Kernel config wefail silently and return all the available features. However, the manpage indicates we should return an EINVA...
CVE-2024-41068
In the Linux kernel, the following vulnerability has been resolved: s390/sclp: Fix sclp_init() cleanup on failure If sclp_init() fails it only partially cleans up: if there are multiplefailing calls to sclp_init() sclp_state_change_event will be added severaltimes to sclp_reg_list, which results in...
CVE-2024-42072
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix may_goto with negative offset. Zac's syzbot crafted a bpf prog that exposed two bugs in may_goto.The 1st bug is the way may_goto is patched. When offset is negativeit should be patched differently.The 2nd bug is in the ver...
CVE-2024-42120
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check pipe offset before setting vblank pipe_ctx has a size of MAX_PIPES so checking its index before accessingthe array. This fixes an OVERRUN issue reported by Coverity.
CVE-2024-42151
In the Linux kernel, the following vulnerability has been resolved: bpf: mark bpf_dummy_struct_ops.test_1 parameter as nullable Test case dummy_st_ops/dummy_init_ret_value passes NULL as the firstparameter of the test_1() function. Mark this parameter as nullable tomake verifier aware of such possi...
CVE-2024-42281
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a segment issue when downgrading gso_size Linearize the skb when downgrading gso_size because it may trigger aBUG_ON() later when the skb is segmented as described in [1,2].
CVE-2024-42286
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: validate nvme_local_port correctly The driver load failed with error message, qla2xxx [0000:04:00.0]-ffff:0: register_localport failed: ret=ffffffef and with a kernel crash, BUG: unable to handle kernel NULL pointer ...
CVE-2024-42287
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Complete command early within lock A crash was observed while performing NPIV and FW reset, BUG: kernel NULL pointer dereference, address: 000000000000001c#PF: supervisor read access in kernel mode#PF: error_code(0x0...
CVE-2024-42306
In the Linux kernel, the following vulnerability has been resolved: udf: Avoid using corrupted block bitmap buffer When the filesystem block bitmap is corrupted, we detect the corruptionwhile loading the bitmap and fail the allocation with error. However thenext allocation from the same bitmap will...
CVE-2024-42313
In the Linux kernel, the following vulnerability has been resolved: media: venus: fix use after free in vdec_close There appears to be a possible use after free with vdec_close().The firmware will add buffer release work to the work queue throughHFI callbacks as a normal part of decoding. Randomly ...
CVE-2024-44969
In the Linux kernel, the following vulnerability has been resolved: s390/sclp: Prevent release of buffer in I/O When a task waiting for completion of a Store Data operation isinterrupted, an attempt is made to halt this operation. If this attemptfails due to a hardware or firmware problem, there is...
CVE-2024-44972
In the Linux kernel, the following vulnerability has been resolved: btrfs: do not clear page dirty inside extent_write_locked_range() [BUG]For subpage + zoned case, the following workload can lead to rsv dataleak at unmount time: mkfs.btrfs -f -s 4k $dev mount $dev $mnt fsstress -w -n 8 -d $mnt -s ...
CVE-2024-45007
In the Linux kernel, the following vulnerability has been resolved: char: xillybus: Don't destroy workqueue from work item running on it Triggered by a kref decrement, destroy_workqueue() may be called fromwithin a work item for destroying its own workqueue. This illegalsituation is averted by addi...
CVE-2024-46726
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Ensure index calculation will not overflow [WHY & HOW]Make sure vmid0p72_idx, vnom0p8_idx and vmax0p9_idx calculation willnever overflow and exceess array size. This fixes 3 OVERRUN and 1 INTEGER_OVERFLOW issues re...
CVE-2024-47695
In the Linux kernel, the following vulnerability has been resolved: RDMA/rtrs-clt: Reset cid to con_num - 1 to stay in bounds In the function init_conns(), after the create_con() and create_cm() forloop if something fails. In the cleanup for loop after the destroy tag, weaccess out of bound memory ...
CVE-2024-47711
In the Linux kernel, the following vulnerability has been resolved: af_unix: Don't return OOB skb in manage_oob(). syzbot reported use-after-free in unix_stream_recv_urg(). [0] The scenario is send(MSG_OOB) recv(MSG_OOB)-> The consumed OOB remains in recv queue send(MSG_OOB) recv()-> manage_o...
CVE-2024-49874
In the Linux kernel, the following vulnerability has been resolved: i3c: master: svc: Fix use after free vulnerability in svc_i3c_master Driver Due to Race Condition In the svc_i3c_master_probe function, &master->hj_work is bound withsvc_i3c_master_hj_work, &master->ibi_work is bound withsvc_...
CVE-2024-49880
In the Linux kernel, the following vulnerability has been resolved: ext4: fix off by one issue in alloc_flex_gd() Wesley reported an issue: ==================================================================EXT4-fs (dm-5): resizing filesystem from 7168 to 786432 blocks------------[ cut here ]-------...
CVE-2024-53187
In the Linux kernel, the following vulnerability has been resolved: io_uring: check for overflows in io_pin_pages WARNING: CPU: 0 PID: 5834 at io_uring/memmap.c:144 io_pin_pages+0x149/0x180 io_uring/memmap.c:144CPU: 0 UID: 0 PID: 5834 Comm: syz-executor825 Not tainted 6.12.0-next-20241118-syzkaller...
CVE-2024-56621
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Cancel RTC work during ufshcd_remove() Currently, RTC work is only cancelled during __ufshcd_wl_suspend(). Whenufshcd is removed in ufshcd_remove(), RTC work is not cancelled. Due tothis, any further trigger of the...
CVE-2024-56628
In the Linux kernel, the following vulnerability has been resolved: LoongArch: Add architecture specific huge_pte_clear() When executing mm selftests run_vmtests.sh, there is such an error: BUG: Bad page state in process uffd-unit-tests pfn:00000page: refcount:0 mapcount:0 mapping:0000000000000000 ...
CVE-2024-56632
In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix the memleak while create new ctrl failed Now while we create new ctrl failed, we have not free thetagset occupied by admin_q, here try to fix it.
CVE-2024-56652
In the Linux kernel, the following vulnerability has been resolved: drm/xe/reg_sr: Remove register pool That pool implementation doesn't really work: if the krealloc happens tomove the memory and return another address, the entries in the xarraybecome invalid, leading to use-after-free later: BUG: ...
CVE-2024-56698
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Fix looping of queued SG entries The dwc3_request->num_queued_sgs is decremented on completion. If apartially completed request is handled, then thedwc3_request->num_queued_sgs no longer reflects the total ...
CVE-2024-57926
In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Set private->all_drm_private[i]->drm to NULL if mtk_drm_bind returns err The pointer need to be set to NULL, otherwise KASAN complains aboutuse-after-free. Because in mtk_drm_bind, all private's drm are setas fo...
CVE-2024-58054
In the Linux kernel, the following vulnerability has been resolved: staging: media: max96712: fix kernel oops when removing module The following kernel oops is thrown when trying to remove the max96712module: Unable to handle kernel paging request at virtual address 00007375746174dbMem abort info:E...
CVE-2025-21714
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix implicit ODP use after free Prevent double queueing of implicit ODP mr destroy work by using__xa_cmpxchg() to make sure this is the only time we are destroying thisspecific mr. Without this change, we could try to in...
CVE-2025-21723
In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix possible crash when setting up bsg fails If bsg_setup_queue() fails, the bsg_queue is assigned a non-NULL value.Consequently, in mpi3mr_bsg_exit(), the condition "if(!mrioc->bsg_queue)"will not be satisfied, pr...
CVE-2025-21725
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix oops due to unset link speed It isn't guaranteed that NETWORK_INTERFACE_INFO::LinkSpeed will alwaysbe set by the server, so the client must handle any values and thenprevent oopses like below from happening: Oops: ...
CVE-2025-21821
In the Linux kernel, the following vulnerability has been resolved: fbdev: omap: use threaded IRQ for LCD DMA When using touchscreen and framebuffer, Nokia 770 crashes easily with: BUG: scheduling while atomic: irq/144-ads7846/82/0x00010000 Modules linked in: usb_f_ecm g_ether usb_f_rndis u_ether l...
CVE-2025-21875
In the Linux kernel, the following vulnerability has been resolved: mptcp: always handle address removal under msk socket lock Syzkaller reported a lockdep splat in the PM control path: WARNING: CPU: 0 PID: 6693 at ./include/net/sock.h:1711 sock_owned_by_me include/net/sock.h:1711 [inline]WARNING: ...
CVE-2025-22040
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix session use-after-free in multichannel connection There is a race condition between session setup andksmbd_sessions_deregister. The session can be freed before the connectionis added to channel list of session.This patch...
CVE-2025-22090
In the Linux kernel, the following vulnerability has been resolved: x86/mm/pat: Fix VM_PAT handling when fork() fails in copy_page_range() If track_pfn_copy() fails, we already added the dst VMA to the mapletree. As fork() fails, we'll cleanup the maple tree, and stumble overthe dst VMA for which w...
CVE-2025-22119
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: init wiphy_work before allocating rfkill fails syzbort reported a uninitialize wiphy_work_lock in cfg80211_dev_free. [1] After rfkill allocation fails, the wiphy release process will be performed,which will cause cf...
CVE-2025-23137
In the Linux kernel, the following vulnerability has been resolved: cpufreq/amd-pstate: Add missing NULL ptr check in amd_pstate_update Check if policy is NULL before dereferencing it in amd_pstate_update.
CVE-2025-23163
In the Linux kernel, the following vulnerability has been resolved: net: vlan: don't propagate flags on open With the device instance lock, there is now a possibility of a deadlock: [ 1.211455] ============================================[ 1.211571] WARNING: possible recursive locking detected[ 1.2...
CVE-2025-37792
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btrtl: Prevent potential NULL dereference The btrtl_initialize() function checks that rtl_load_file() eitherhad an error or it loaded a zero length file. However, if it loadeda zero length file then the error code is not...
CVE-2025-37819
In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() With ACPI in place, gicv2m_get_fwnode() is registered with the pcisubsystem as pci_msi_get_fwnode_cb(), which may get invoked at runtimeduring a PCI host bridge probe. ...
CVE-2025-37860
In the Linux kernel, the following vulnerability has been resolved: sfc: fix NULL dereferences in ef100_process_design_param() Since cited commit, ef100_probe_main() and hence alsoef100_check_design_params() run before efx->net_dev is created;consequently, we cannot netif_set_tso_max_size() or _...
CVE-1999-0183
Linux implementations of TFTP would allow access to files outside the restricted directory.
CVE-2003-0246
The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports.
CVE-2004-0138
The ELF loader in Linux kernel 2.4 before 2.4.25 allows local users to cause a denial of service (crash) via a crafted ELF file with an interpreter with an invalid arch (architecture), which triggers a BUG() when an invalid VMA is unmapped.
CVE-2004-0565
Floating point information leak in the context switch code for Linux 2.4.x only checks the MFH bit but does not verify the FPH owner, which allows local users to read register values of other processes by setting the MFH bit.
CVE-2004-1137
Multiple vulnerabilities in the IGMP functionality for Linux kernel 2.4.22 to 2.4.28, and 2.6.x to 2.6.9, allow local and remote attackers to cause a denial of service or execute arbitrary code via (1) the ip_mc_source function, which decrements a counter to -1, or (2) the igmp_marksources function...