10927 matches found
CVE-2022-49525
In the Linux kernel, the following vulnerability has been resolved: media: cx25821: Fix the warning when removing the module When removing the module, we will get the following warning: [ 14.746697] remove_proc_entry: removing non-empty directory 'irq/21', leaking at least 'cx25821[1]'[ 14.747449] ...
CVE-2022-49581
In the Linux kernel, the following vulnerability has been resolved: be2net: Fix buffer overflow in be_get_module_eeprom be_cmd_read_port_transceiver_data assumes that it is given a buffer thatis at least PAGE_DATA_LEN long, or twice that if the module supports SFF8472. However, this is not always t...
CVE-2022-49617
In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: sof_sdw: handle errors on card registration If the card registration fails, typically because of deferred probes,the device properties added for headset codecs are not removed, whichleads to kernel oopses in driver bin...
CVE-2022-49652
In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate of_parse_phandle() returns a node pointer with refcountincremented, we should use of_node_put() on it when not needed anymore. Add missing of_node_put() in to fix this...
CVE-2022-49670
In the Linux kernel, the following vulnerability has been resolved: linux/dim: Fix divide by 0 in RDMA DIM Fix a divide 0 error in rdma_dim_stats_compare() when prev->cpe_ratio ==0. CallTrace:Hardware name: H3C R4900 G3/RS33M2C9S, BIOS 2.00.37P21 03/12/2020task: ffff880194b78000 task.stack: ffff...
CVE-2022-49674
In the Linux kernel, the following vulnerability has been resolved: dm raid: fix accesses beyond end of raid member array On dm-raid table load (using raid_ctr), dm-raid allocates an arrayrs->devs[rs->raid_disks] for the raid device members. rs->raid_disksis defined by the number of raid m...
CVE-2022-49722
In the Linux kernel, the following vulnerability has been resolved: ice: Fix memory corruption in VF driver Disable VF's RX/TX queues, when it's disabled. VF can have queues enabled,when it requests a reset. If PF driver assumes that VF is disabled,while VF still has queues configured, VF may unmap...
CVE-2023-39180
A flaw was found within the handling of SMB2_READ commands in the kernel ksmbd module. The issue results from not releasing memory after its effective lifetime. An attacker can leverage this to create a denial-of-service condition on affected installations of Linux. Authentication is not required t...
CVE-2023-52512
In the Linux kernel, the following vulnerability has been resolved: pinctrl: nuvoton: wpcm450: fix out of bounds write Write into 'pctrl->gpio_bank' happens before the check for GPIO indexvalidity, so out of bounds write may happen. Found by Linux Verification Center (linuxtesting.org) with SVAC...
CVE-2023-52742
In the Linux kernel, the following vulnerability has been resolved: net: USB: Fix wrong-direction WARNING in plusb.c The syzbot fuzzer detected a bug in the plusb network driver: Azero-length control-OUT transfer was treated as a read instead of awrite. In modern kernels this error provokes a WARNI...
CVE-2023-52816
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix shift out-of-bounds issue [ 567.613292] shift exponent 255 is too large for 64-bit type 'long unsigned int'[ 567.614498] CPU: 5 PID: 238 Comm: kworker/5:1 Tainted: G OE 6.2.0-34-generic #34~22.04.1-Ubuntu[ 567.61450...
CVE-2023-52856
In the Linux kernel, the following vulnerability has been resolved: drm/bridge: lt8912b: Fix crash on bridge detach The lt8912b driver, in its bridge detach function, callsdrm_connector_unregister() and drm_connector_cleanup(). drm_connector_unregister() should be called only for connectorsexplicit...
CVE-2023-52916
In the Linux kernel, the following vulnerability has been resolved: media: aspeed: Fix memory overwrite if timing is 1600x900 When capturing 1600x900, system could crash when system memory usage istight. The way to reproduce this issue: Use 1600x900 to display on host Mount ISO through 'Virtual med...
CVE-2023-53110
In the Linux kernel, the following vulnerability has been resolved: net/smc: fix NULL sndbuf_desc in smc_cdc_tx_handler() When performing a stress test on SMC-R by rmmod mlx5_ib driverduring the wrk/nginx test, we found that there is a probabilityof triggering a panic while terminating all link gro...
CVE-2023-6238
A buffer overflow vulnerability was found in the NVM Express (NVMe) driver in the Linux kernel. Only privileged user could specify a small meta buffer and let the device perform larger Direct Memory Access (DMA) into the same buffer, overwriting unrelated kernel memory, causing random kernel crashe...
CVE-2024-26721
In the Linux kernel, the following vulnerability has been resolved: drm/i915/dsc: Fix the macro that calculates DSCC_/DSCA_ PPS reg address Commit bd077259d0a9 ("drm/i915/vdsc: Add function to read any PPSregister") defines a new macro to calculate the DSC PPS registeraddresses with PPS number as a...
CVE-2024-26789
In the Linux kernel, the following vulnerability has been resolved: crypto: arm64/neonbs - fix out-of-bounds access on short input The bit-sliced implementation of AES-CTR operates on blocks of 128bytes, and will fall back to the plain NEON version for tail blocks orinputs that are shorter than 128...
CVE-2024-26902
In the Linux kernel, the following vulnerability has been resolved: perf: RISCV: Fix panic on pmu overflow handler (1 << idx) of int is not desired when setting bits in unsigned longoverflowed_ctrs, use BIT() instead. This panic happens when running'perf record -e branches' on sophgo sg2042. ...
CVE-2024-35785
In the Linux kernel, the following vulnerability has been resolved: tee: optee: Fix kernel panic caused by incorrect error handling The error path while failing to register devices on the TEE bus has abug leading to kernel panic as follows: [ 15.398930] Unable to handle kernel paging request at vir...
CVE-2024-35825
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ncm: Fix handling of zero block length packets While connecting to a Linux host with CDC_NCM_NTB_DEF_SIZE_TXset to 65536, it has been observed that we receive short packets,which come at interval of 5-10 seconds someti...
CVE-2024-35837
In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: clear BM pool before initialization Register value persist after booting the kernel usingkexec which results in kernel panic. Thus clear theBM pool registers before initialisation to fix the issue.
CVE-2024-35994
In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: uefisecapp: Fix memory related IO errors and crashes It turns out that while the QSEECOM APP_SEND command has specific fieldsfor request and response buffers, uefisecapp expects them both to be ina single memory reg...
CVE-2024-36887
In the Linux kernel, the following vulnerability has been resolved: e1000e: change usleep_range to udelay in PHY mdic access This is a partial revert of commit 6dbdd4de0362 ("e1000e: Workaroundfor sporadic MDI error on Meteor Lake systems"). The referenced commitused usleep_range inside the PHY acc...
CVE-2024-36892
In the Linux kernel, the following vulnerability has been resolved: mm/slub: avoid zeroing outside-object freepointer for single free Commit 284f17ac13fe ("mm/slub: handle bulk and single object freeingseparately") splits single and bulk object freeing in two functionsslab_free() and slab_free_bulk...
CVE-2024-36949
In the Linux kernel, the following vulnerability has been resolved: amd/amdkfd: sync all devices to wait all processes being evicted If there are more than one device doing reset in parallel, the firstdevice will call kfd_suspend_all_processes() to evict all processeson all devices, this call takes...
CVE-2024-36951
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: range check cp bad op exception interrupts Due to a CP interrupt bug, bad packet garbage exception codes are raised.Do a range check so that the debugger and runtime do not receive garbagecodes.Update the user api to gu...
CVE-2024-37021
In the Linux kernel, the following vulnerability has been resolved: fpga: manager: add owner module and take its refcount The current implementation of the fpga manager assumes that the low-levelmodule registers a driver for the parent device and uses its owner pointerto take the module's refcount....
CVE-2024-37354
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix crash on racing fsync and size-extending write into prealloc We have been seeing crashes on duplicate keys inbtrfs_set_item_key_safe(): BTRFS critical (device vdb): slot 4 key (450 108 8192) new key (450 108 8192)-------...
CVE-2024-38385
In the Linux kernel, the following vulnerability has been resolved: genirq/irqdesc: Prevent use-after-free in irq_find_at_or_after() irq_find_at_or_after() dereferences the interrupt descriptor which isreturned by mt_find() while neither holding sparse_irq_lock nor RCU readlock, which means the des...
CVE-2024-38593
In the Linux kernel, the following vulnerability has been resolved: net: micrel: Fix receiving the timestamp in the frame for lan8841 The blamed commit started to use the ptp workqueue to get the secondpart of the timestamp. And when the port was set down, then thisworkqueue is stopped. But if the ...
CVE-2024-38607
In the Linux kernel, the following vulnerability has been resolved: macintosh/via-macii: Fix "BUG: sleeping function called from invalid context" The via-macii ADB driver calls request_irq() after disabling hardinterrupts. But disabling interrupts isn't necessary here because theVIA shift register ...
CVE-2024-38620
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Remove HCI_AMP support Since BT_HS has been remove HCI_AMP controllers no longer has any use soremove it along with the capability of creating AMP controllers. Since we no longer need to differentiate between AMP an...
CVE-2024-40909
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a potential use-after-free in bpf_link_free() After commit 1a80dbcb2dba, bpf_link can be freed bylink->ops->dealloc_deferred, but the code still tests and useslink->ops->dealloc afterward, which leads to a use-...
CVE-2024-40999
In the Linux kernel, the following vulnerability has been resolved: net: ena: Add validation for completion descriptors consistency Validate that first flag is set only for the firstdescriptor in multi-buffer packets.In case of an invalid descriptor, a reset will occur.A new reset reason for RX dat...
CVE-2024-41045
In the Linux kernel, the following vulnerability has been resolved: bpf: Defer work in bpf_timer_cancel_and_free Currently, the same case as previous patch (two timer callbacks tryingto cancel each other) can be invoked through bpf_map_update_elem aswell, or more precisely, freeing map elements con...
CVE-2024-41087
In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: Fix double free on error If e.g. the ata_port_alloc() call in ata_host_alloc() fails, we will jumpto the err_out label, which will call devres_release_group().devres_release_group() will trigger a call to ata_host...
CVE-2024-42151
In the Linux kernel, the following vulnerability has been resolved: bpf: mark bpf_dummy_struct_ops.test_1 parameter as nullable Test case dummy_st_ops/dummy_init_ret_value passes NULL as the firstparameter of the test_1() function. Mark this parameter as nullable tomake verifier aware of such possi...
CVE-2024-42241
In the Linux kernel, the following vulnerability has been resolved: mm/shmem: disable PMD-sized page cache if needed For shmem files, it's possible that PMD-sized page cache can't besupported by xarray. For example, 512MB page cache on ARM64 when the basepage size is 64KB can't be supported by xarr...
CVE-2024-43825
In the Linux kernel, the following vulnerability has been resolved: iio: Fix the sorting functionality in iio_gts_build_avail_time_table The sorting in iio_gts_build_avail_time_table is not working as intended.It could result in an out-of-bounds access when the time is zero. Here are more details: ...
CVE-2024-43829
In the Linux kernel, the following vulnerability has been resolved: drm/qxl: Add check for drm_cvt_mode Add check for the return value of drm_cvt_mode() and return the error ifit fails in order to avoid NULL pointer dereference.
CVE-2024-44988
In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: Fix out-of-bound access If an ATU violation was caused by a CPU Load operation, the SPID couldbe larger than DSA_MAX_PORTS (the size of mv88e6xxx_chip.ports[] array).
CVE-2024-45011
In the Linux kernel, the following vulnerability has been resolved: char: xillybus: Check USB endpoints when probing device Ensure, as the driver probes the device, that all endpoints that thedriver may attempt to access exist and are of the correct type. All XillyUSB devices must have a Bulk IN an...
CVE-2024-46674
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: st: fix probed platform device ref count on probe error path The probe function never performs any paltform device allocation, thuserror path "undo_platform_dev_alloc" is entirely bogus. It drops thereference count from ...
CVE-2024-46680
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btnxpuart: Fix random crash seen while removing driver This fixes the random kernel crash seen while removing the driver, whenrunning the load/unload test over multiple iterations. modprobe btnxpuart hciconfig hci0 reset...
CVE-2024-46729
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix incorrect size calculation for loop [WHY]fe_clk_en has size of 5 but sizeof(fe_clk_en) has byte size 20 which islager than the array size. [HOW]Divide byte size 20 by its element size. This fixes 2 OVERRUN issu...
CVE-2024-46796
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix double put of @cfile in smb2_set_path_size() If smb2_compound_op() is called with a valid @cfile and returned-EINVAL, we need to call cifs_get_writable_path() before retrying itas the reference of @cfile was alread...
CVE-2024-46798
In the Linux kernel, the following vulnerability has been resolved: ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object When using kernel with the following extra config, CONFIG_KASAN=y CONFIG_KASAN_GENERIC=y CONFIG_KASAN_INLINE=y CONFIG_KASAN_VMALLOC=y CONFIG_FRAME_WARN=4096 kernel detects that snd...
CVE-2024-46829
In the Linux kernel, the following vulnerability has been resolved: rtmutex: Drop rt_mutex::wait_lock before scheduling rt_mutex_handle_deadlock() is called with rt_mutex::wait_lock held. In thegood case it returns with the lock held and in the deadlock case it emits awarning and goes into an endle...
CVE-2024-47751
In the Linux kernel, the following vulnerability has been resolved: PCI: kirin: Fix buffer overflow in kirin_pcie_parse_port() Within kirin_pcie_parse_port(), the pcie->num_slots is compared topcie->gpio_id_reset size (MAX_PCI_SLOTS) which is correct and would leadto an overflow. Thus, fix co...
CVE-2024-50020
In the Linux kernel, the following vulnerability has been resolved: ice: Fix improper handling of refcount in ice_sriov_set_msix_vec_count() This patch addresses an issue with improper reference count handling in theice_sriov_set_msix_vec_count() function. First, the function calls ice_get_vf_by_id...