2811 matches found
CVE-2023-53024
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation To mitigate Spectre v4, 2039f26f3aca ("bpf: Fix leakage due toinsufficient speculative store bypass mitigation") inserts lfenceinstructions after 1) init...
CVE-2024-48881
In the Linux kernel, the following vulnerability has been resolved: bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again Commit 028ddcac477b ("bcache: Remove unnecessary NULL point check innode allocations") leads a NULL pointer deference in cache_set_flush(). 1721 if (!IS_ERR_OR_NULL(c->ro...
CVE-2024-55641
In the Linux kernel, the following vulnerability has been resolved: xfs: unlock inodes when erroring out of xfs_trans_alloc_dir Debugging a filesystem patch with generic/475 caused the system to hangafter observing the following sequences in dmesg: XFS (dm-0): metadata I/O error in "xfs_imap_to_bp+...
CVE-2024-56369
In the Linux kernel, the following vulnerability has been resolved: drm/modes: Avoid divide by zero harder in drm_mode_vrefresh() drm_mode_vrefresh() is trying to avoid divide by zeroby checking whether htotal or vtotal are zero. But we maystill end up with a div-by-zero of vtotalhtotal ...
CVE-2024-57880
In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: sof_sdw: Add space for a terminator into DAIs array The code uses the initialised member of the asoc_sdw_dailink struct todetermine if a member of the array is in use. However in the case thearray is completely full th...
CVE-2024-58020
In the Linux kernel, the following vulnerability has been resolved: HID: multitouch: Add NULL check in mt_input_configured devm_kasprintf() can return a NULL pointer on failure,but thisreturned value in mt_input_configured() is not checked.Add NULL check in mt_input_configured(), to handle kernel N...
CVE-2025-21677
In the Linux kernel, the following vulnerability has been resolved: pfcp: Destroy device along with udp socket's netns dismantle. pfcp_newlink() links the device to a list in dev_net(dev) insteadof net, where a udp tunnel socket is created. Even when net is removed, the device stays alive on dev_ne...
CVE-2025-21802
In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix oops when unload drivers paralleling When unload hclge driver, it tries to disable sriov first for eachae_dev node from hnae3_ae_dev_list. If user unloads hns3 driver atthe time, because it removes all the ae_dev nod...
CVE-2025-21804
In the Linux kernel, the following vulnerability has been resolved: PCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region() The rcar_pcie_parse_outbound_ranges() uses the devm_request_mem_region()macro to request a needed resource. A string variable that lives on thestack i...
CVE-2025-21839
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop Move the conditional loading of hardware DR6 with the guest's DR6 valueout of the core .vcpu_run() loop to fix a bug where KVM can load hardwarewith a stale ...
CVE-2025-21914
In the Linux kernel, the following vulnerability has been resolved: slimbus: messaging: Free transaction ID in delayed interrupt scenario In case of interrupt delay for any reason, slim_do_transfer()returns timeout error but the transaction ID (TID) is not freed.This results into invalid memory acc...
CVE-2025-22020
In the Linux kernel, the following vulnerability has been resolved: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove This fixes the following crash: ==================================================================BUG: KASAN: slab-use-after-free in rtsx_usb_ms_poll_card+0x1...
CVE-2021-47633
In the Linux kernel, the following vulnerability has been resolved: ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 The bug was found during fuzzing. Stacktrace locates it inath5k_eeprom_convert_pcal_info_5111.When none of the curve is selected in the loop, idx can goup to AR5K_EEPROM_N_PD_CURVE...
CVE-2022-49053
In the Linux kernel, the following vulnerability has been resolved: scsi: target: tcmu: Fix possible page UAF tcmu_try_get_data_page() looks up pages under cmdr_lock, but it does nottake refcount properly and just returns page pointer. Whentcmu_try_get_data_page() returns, the returned page may hav...
CVE-2022-49057
In the Linux kernel, the following vulnerability has been resolved: block: null_blk: end timed out poll request When poll request is timed out, it is removed from the poll list,but not completed, so the request is leaked, and never get chanceto complete. Fix the issue by ending it in timeout handle...
CVE-2022-49223
In the Linux kernel, the following vulnerability has been resolved: cxl/port: Hold port reference until decoder release KASAN + DEBUG_KOBJECT_RELEASE reports a potential use-after-free incxl_decoder_release() where it goes to reference its parent, a cxl_port,to free its id back to port->decoder_...
CVE-2022-49326
In the Linux kernel, the following vulnerability has been resolved: rtl818x: Prevent using not initialized queues Using not existing queues can panic the kernel with rtl8180/rtl8185 cards.Ignore the skb priority for those cards, they only have one tx queue. PierreAsselin ([email protected]) reported the...
CVE-2022-49333
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: E-Switch, pair only capable devices OFFLOADS paring using devcom is possible only on devicesthat support LAG. Filter based on lag capabilities. This fixes an issue where mlx5_get_next_phys_dev() wascalled without holding ...
CVE-2022-49335
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/cs: make commands with 0 chunks illegal behaviour. Submitting a cs with 0 chunks, causes an oops later, found tryingto execute the wrong userspace driver. MESA_LOADER_DRIVER_OVERRIDE=v3d glxinfo [172536.665184] BUG: kern...
CVE-2022-49340
In the Linux kernel, the following vulnerability has been resolved: ip_gre: test csum_start instead of transport header GRE with TUNNEL_CSUM will apply local checksum offload onCHECKSUM_PARTIAL packets. ipgre_xmit must validate csum_start after an optional skb_pull,else lco_csum may trigger an over...
CVE-2022-49395
In the Linux kernel, the following vulnerability has been resolved: um: Fix out-of-bounds read in LDT setup syscall_stub_data() expects the data_count parameter to be the number oflongs, not bytes. ==================================================================BUG: KASAN: stack-out-of-bounds in ...
CVE-2022-49478
In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init Syzbot reported that -1 is used as array index. The problem was inmissing validation check. hdw->unit_number is initialized with -1 and then if init table walk ...
CVE-2022-49508
In the Linux kernel, the following vulnerability has been resolved: HID: elan: Fix potential double free in elan_input_configured 'input' is a managed resource allocated with devm_input_allocate_device(),so there is no need to call input_free_device() explicitly orthere will be a double free. Accor...
CVE-2022-49697
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix request_sock leak in sk lookup helpers A customer reported a request_socket leak in a Calico cloud environment. Wefound that a BPF program was doing a socket lookup with takes a refcnt onthe socket and that it was finding ...
CVE-2024-57951
In the Linux kernel, the following vulnerability has been resolved: hrtimers: Handle CPU state correctly on hotplug Consider a scenario where a CPU transitions from CPUHP_ONLINE to halfwaythrough a CPU hotunplug down to CPUHP_HRTIMERS_PREPARE, and then back toCPUHP_ONLINE: Since hrtimers_prepare_cp...
CVE-2024-58237
In the Linux kernel, the following vulnerability has been resolved: bpf: consider that tail calls invalidate packet pointers Tail-called programs could execute any of the helpers that invalidatepacket pointers. Hence, conservatively assume that each tail callinvalidates packet pointers. Making the ...
CVE-2025-21674
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix inversion dependency warning while enabling IPsec tunnel Attempt to enable IPsec packet offload in tunnel mode in debug kernelgenerates the following kernel panic, which is happening due to twoissues: In SA add secti...
CVE-2025-21758
In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: add RCU protection to mld_newpack() mld_newpack() can be called without RTNL or RCU being held. Note that we no longer can use sock_alloc_send_skb() becauseipv6.igmp_sk uses GFP_KERNEL allocations which can sleep. Inst...
CVE-2025-21759
In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: extend RCU protection in igmp6_send() igmp6_send() can be called without RTNL or RCU being held. Extend RCU protection so that we can safely fetch the net pointerand avoid a potential UAF. Note that we no longer can us...
CVE-2025-21995
In the Linux kernel, the following vulnerability has been resolved: drm/sched: Fix fence reference count leak The last_scheduled fence leaks when an entity is being killed and addingthe cleanup callback fails. Decrement the reference count of prev when dma_fence_add_callback()fails, ensuring proper...
CVE-2025-22021
In the Linux kernel, the following vulnerability has been resolved: netfilter: socket: Lookup orig tuple for IPv6 SNAT nf_sk_lookup_slow_v4 does the conntrack lookup for IPv4 packets torestore the original 5-tuple in case of SNAT, to be able to find theright socket (if any). Then socket_match() can...
CVE-2025-22027
In the Linux kernel, the following vulnerability has been resolved: media: streamzap: fix race between device disconnection and urb callback Syzkaller has reported a general protection fault at functionir_raw_event_store_with_filter(). This crash is caused by a NULL pointerdereference of dev->ra...
CVE-2025-22035
In the Linux kernel, the following vulnerability has been resolved: tracing: Fix use-after-free in print_graph_function_flags during tracer switching Kairui reported a UAF issue in print_graph_function_flags() duringftrace stress testing [1]. This issue can be reproduced if puting a'mdelay(10)' aft...
CVE-2025-22089
In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Don't expose hw_counters outside of init net namespace Commit 467f432a521a ("RDMA/core: Split port and device counter sysfsattributes") accidentally almost exposed hw counters to non-init netnamespaces. It didn't expose ...
CVE-2025-37758
In the Linux kernel, the following vulnerability has been resolved: ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe() devm_ioremap() returns NULL on error. Currently, pxa_ata_probe() doesnot check for this case, which can result in a NULL pointer dereference. Add NULL check a...
CVE-2025-37992
In the Linux kernel, the following vulnerability has been resolved: net_sched: Flush gso_skb list too during ->change() Previously, when reducing a qdisc's limit via the ->change() operation, onlythe main skb queue was trimmed, potentially leaving packets in the gso_skblist. This could result...
CVE-2021-47637
In the Linux kernel, the following vulnerability has been resolved: ubifs: Fix deadlock in concurrent rename whiteout and inode writeback Following hung tasks:[ 77.028764] task:kworker/u8:4 state:D stack: 0 pid: 132[ 77.028820] Call Trace:[ 77.029027] schedule+0x8c/0x1b0[ 77.029067] mutex_lock+0x50...
CVE-2021-47644
In the Linux kernel, the following vulnerability has been resolved: media: staging: media: zoran: move videodev alloc Move some code out of zr36057_init() and create new functions for handlingzr->video_dev. This permit to ease code reading and fix a zr->video_devmemory leak.
CVE-2022-49055
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Check for potential null return of kmalloc_array() As the kmalloc_array() may return null, the 'event_waiters[i].wait' would lead to null-pointer dereference.Therefore, it is better to check the return value of kmalloc_...
CVE-2022-49102
In the Linux kernel, the following vulnerability has been resolved: habanalabs: fix possible memory leak in MMU DR fini This patch fixes what seems to be copy paste error. We will have a memory leak if the host-resident shadow is NULL (whichwill likely happen as the DR and HR are not dependent).
CVE-2022-49124
In the Linux kernel, the following vulnerability has been resolved: x86/mce: Work around an erratum on fast string copy instructions A rare kernel panic scenario can happen when the following conditionsare met due to an erratum on fast string copy instructions: An uncorrected error. That error must...
CVE-2022-49183
In the Linux kernel, the following vulnerability has been resolved: net/sched: act_ct: fix ref leak when switching zones When switching zones or network namespaces without doing a ct clear inbetween, it is now leaking a reference to the old ct entry. That'sbecause tcf_ct_skb_nfct_cached() returns f...
CVE-2022-49284
In the Linux kernel, the following vulnerability has been resolved: coresight: syscfg: Fix memleak on registration failure in cscfg_create_device device_register() calls device_initialize(),according to doc of device_initialize: Use put_device() to give up your reference instead of freeing * @dev d...
CVE-2022-49306
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: host: Stop setting the ACPI companion It is no longer needed. The sysdev pointer is now used whenassigning the ACPI companions to the xHCI ports and USBdevices. Assigning the ACPI companion here resulted in thefwnode->...
CVE-2022-49325
In the Linux kernel, the following vulnerability has been resolved: tcp: add accessors to read/set tp->snd_cwnd We had various bugs over the years with codebreaking the assumption that tp->snd_cwnd is greaterthan zero. Lately, syzbot reported the WARN_ON_ONCE(!tp->prior_cwnd) addedin commi...
CVE-2022-49467
In the Linux kernel, the following vulnerability has been resolved: drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() drm_gem_object_lookup will call drm_gem_object_get inside. So cursor_boneeds to be put when msm_gem_get_and_pin_iova fails.
CVE-2022-49561
In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: re-fetch conntrack after insertion In case the conntrack is clashing, insertion can free skb->_nfct andset skb->_nfct to the already-confirmed entry. This wasn't found before because the conntrack entry ...
CVE-2022-49612
In the Linux kernel, the following vulnerability has been resolved: power: supply: core: Fix boundary conditions in interpolation The functions power_supply_temp2resist_simple and power_supply_ocv2cap_simplehandle boundary conditions incorrectly.The change was introduced in a4585ba2050f460f749bbaf2...
CVE-2023-52935
In the Linux kernel, the following vulnerability has been resolved: mm/khugepaged: fix ->anon_vma race If an ->anon_vma is attached to the VMA, collapse_and_free_pmd() requiresit to be locked. Page table traversal is allowed under any one of the mmap lock, theanon_vma lock (if the VMA is asso...
CVE-2023-53020
In the Linux kernel, the following vulnerability has been resolved: l2tp: close all race conditions in l2tp_tunnel_register() The code in l2tp_tunnel_register() is racy in several ways: It modifies the tunnel socket after publishing it. It calls setup_udp_tunnel_sock() on an existing socket without...