CVE-2017-0568

An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.1...

CVE-2017-0630

An information disclosure vulnerability in the kernel trace subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Ker...

CVE-2017-17856

kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the lack of stack-pointer alignment enforcement.

CVE-2019-18810

A memory leak in the komeda_wb_connector_add() function in drivers/gpu/drm/arm/display/komeda/komeda_wb_connector.c in the Linux kernel before 5.3.8 allows attackers to cause a denial of service (memory consumption) by triggering drm_writeback_connector_init() failures, aka CID-a0ecd6fdbf5d.

CVE-2019-18812

A memory leak in the sof_dfsentry_write() function in sound/soc/sof/debug.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-c0a333d842ef.

CVE-2020-36791

In the Linux kernel, the following vulnerability has been resolved: net_sched: keep alloc_hash updated after hash allocation In commit 599be01ee567 ("net_sched: fix an OOB access in cls_tcindex")I moved cp->hash calculation before the firsttcindex_alloc_perfect_hash(), but cp->alloc_hash is l...

CVE-2021-47117

In the Linux kernel, the following vulnerability has been resolved: ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed We got follow bug_on when run fsstress with injecting IO fault:[130747.323114] kernel BUG at fs/ext4/extents_status.c:762![130747.323117] Internal error: Oops ...

CVE-2021-47158

In the Linux kernel, the following vulnerability has been resolved: net: dsa: sja1105: add error handling in sja1105_setup() If any of sja1105_static_config_load(), sja1105_clocking_setup() orsja1105_devlink_setup() fails, we can't just return in the middle ofsja1105_setup() or memory will leak. Ad...

CVE-2021-47187

In the Linux kernel, the following vulnerability has been resolved: arm64: dts: qcom: msm8998: Fix CPU/L2 idle state latency and residency The entry/exit latency and minimum residency in state for the idlestates of MSM8998 were ..bad: first of all, for all of them thetimings were written for CPU sl...

CVE-2021-47205

In the Linux kernel, the following vulnerability has been resolved: clk: sunxi-ng: Unregister clocks/resets when unbinding Currently, unbinding a CCU driver unmaps the device's MMIO region, whileleaving its clocks/resets and their providers registered. This can causea page fault later when some clo...

CVE-2021-47254

In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix use-after-free in gfs2_glock_shrink_scan The GLF_LRU flag is checked under lru_lock in gfs2_glock_remove_from_lru() toremove the glock from the lru list in __gfs2_glock_put(). On the shrink scan path, the same flag is cle...

CVE-2021-47275

In the Linux kernel, the following vulnerability has been resolved: bcache: avoid oversized read request in cache missing code path In the cache missing code path of cached device, if a proper locationfrom the internal B+ tree is matched for a cache miss range, functioncached_dev_cache_miss() will ...

CVE-2021-47291

In the Linux kernel, the following vulnerability has been resolved: ipv6: fix another slab-out-of-bounds in fib6_nh_flush_exceptions While running the self-tests on a KASAN enabled kernel, I observed aslab-out-of-bounds splat very similar to the one reported incommit 821bbf79fe46 ("ipv6: Fix KASAN:...

CVE-2021-47376

In the Linux kernel, the following vulnerability has been resolved: bpf: Add oversize check before call kvcalloc() Commit 7661809d493b ("mm: don't allow oversized kvmalloc() calls") add theoversize check. When the allocation is larger than what kmalloc() supports,the following warning triggered: WA...

CVE-2021-47419

In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_taprio: properly cancel timer from taprio_destroy() There is a comment in qdisc_create() about us not calling ops->reset()in some cases. err_out4:/** Any broken qdiscs that would require a ops->reset() here?* T...

CVE-2021-47425

In the Linux kernel, the following vulnerability has been resolved: i2c: acpi: fix resource leak in reconfiguration device addition acpi_i2c_find_adapter_by_handle() calls bus_find_device() which takes areference on the adapter which is never released which will result in areference count leak and ...

CVE-2021-47478

In the Linux kernel, the following vulnerability has been resolved: isofs: Fix out of bound access for corrupted isofs image When isofs image is suitably corrupted isofs_read_inode() can read databeyond the end of buffer. Sanity-check the directory entry length beforeusing it.

CVE-2021-47482

In the Linux kernel, the following vulnerability has been resolved: net: batman-adv: fix error handling Syzbot reported ODEBUG warning in batadv_nc_mesh_free(). The problem wasin wrong error handling in batadv_mesh_init(). Before this patch batadv_mesh_init() was calling batadv_mesh_free() in caseo...

CVE-2021-47578

In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_debug: Don't call kcalloc() if size arg is zero If the size arg to kcalloc() is zero, it returns ZERO_SIZE_PTR. Because ofthat, for a following NULL pointer check to work on the returned pointer,kcalloc() must not be cal...

CVE-2021-47619

In the Linux kernel, the following vulnerability has been resolved: i40e: Fix queues reservation for XDP When XDP was configured on a system with large number of CPUsand X722 NIC there was a call trace with NULL pointer dereference. i40e 0000:87:00.0: failed to get tracking for 256 queues for VSI 0...

CVE-2021-47635

In the Linux kernel, the following vulnerability has been resolved: ubifs: Fix to add refcount once page is set private MM defined the rule [1] very clearly that once page was set with PG_privateflag, we should increment the refcount in that page, also main flows likepageout(), migrate_page() will ...

CVE-2022-48635

In the Linux kernel, the following vulnerability has been resolved: fsdax: Fix infinite loop in dax_iomap_rw() I got an infinite loop and a WARNING report when executing a tail commandin virtiofs. WARNING: CPU: 10 PID: 964 at fs/iomap/iter.c:34 iomap_iter+0x3a2/0x3d0Modules linked in:CPU: 10 PID: 9...

CVE-2022-48654

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() nf_osf_find() incorrectly returns true on mismatch, this leads tocopying uninitialized memory area in nft_osf which can be used to leakstale kernel stack data to u...

CVE-2022-48693

In the Linux kernel, the following vulnerability has been resolved: soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs In brcmstb_pm_probe(), there are two kinds of leak bugs: (1) we need to add of_node_put() when for_each__matching_node() breaks(2) we need to add iounmap() for each ioma...

CVE-2022-48698

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix memory leak when using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it,otherwise the memory will leak over time. Fix this up by properlycalling dput().

CVE-2022-48708

In the Linux kernel, the following vulnerability has been resolved: pinctrl: single: fix potential NULL dereference Added checking of pointer "function" in pcs_set_mux().pinmux_generic_get_function() can return NULL and the pointer"function" was dereferenced without checking against NULL. Found by ...

CVE-2022-48711

In the Linux kernel, the following vulnerability has been resolved: tipc: improve size validations for received domain records The function tipc_mon_rcv() allows a node to receive and processdomain_record structs from peer nodes to track their views of thenetwork topology. This patch verifies that ...

CVE-2022-48850

In the Linux kernel, the following vulnerability has been resolved: net-sysfs: add check for netdevice being present to speed_show When bringing down the netdevice or system shutdown, a panic can betriggered while accessing the sysfs path because the device is alreadyremoved. [ 755.549084] mlx5_cor...

CVE-2022-48852

In the Linux kernel, the following vulnerability has been resolved: drm/vc4: hdmi: Unregister codec device on unbind On bind we will register the HDMI codec device but we don't unregisterit on unbind, leading to a device leakage. Unregister our device atunbind.

CVE-2022-48879

In the Linux kernel, the following vulnerability has been resolved: efi: fix NULL-deref in init error path In cases where runtime services are not supported or have been disabled,the runtime services workqueue will never have been allocated. Do not try to destroy the workqueue unconditionally in th...

CVE-2022-49021

In the Linux kernel, the following vulnerability has been resolved: net: phy: fix null-ptr-deref while probe() failed I got a null-ptr-deref report as following when doing fault injection test: BUG: kernel NULL pointer dereference, address: 0000000000000058Oops: 0000 [#1] PREEMPT SMP KASAN PTICPU: ...

CVE-2022-49025

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix use-after-free when reverting termination table When having multiple dests with termination tables and second oneor afterwards fails the driver reverts usage of term tables butdoesn't reset the assignment in attr-&gt...

CVE-2022-49051

In the Linux kernel, the following vulnerability has been resolved: net: usb: aqc111: Fix out-of-bounds accesses in RX fixup aqc111_rx_fixup() contains several out-of-bounds accesses that can betriggered by a malicious (or defective) USB device, in particular: The metadata array (desc_offset..desc_...

CVE-2022-49059

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: add flush_workqueue to prevent uaf Our detector found a concurrent use-after-free bug when detaching anNCI device. The main reason for this bug is the unexpected schedulingbetween the used delayed mechanism (timer and wor...

CVE-2022-49092

In the Linux kernel, the following vulnerability has been resolved: net: ipv4: fix route with nexthop object delete warning FRR folks have hit a kernel warning[1] while deleting routes[2] which iscaused by trying to delete a route pointing to a nexthop id withoutspecifying nhid but matching on an i...

CVE-2022-49095

In the Linux kernel, the following vulnerability has been resolved: scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one() The error handling path of the probe releases a resource that is not freedin the remove function. In some cases, a ioremap() must be undone. Add the missing iounmap() cal...

CVE-2022-49138

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Ignore multiple conn complete events When one of the three connection complete events is received multipletimes for the same handle, the device is registered multiple times whichleads to memory corruptions. Th...

CVE-2022-49144

In the Linux kernel, the following vulnerability has been resolved: io_uring: fix memory leak of uid in files registration When there are no files for __io_sqe_files_scm() to process in therange, it'll free everything and return. However, it forgets to put uid.

CVE-2022-49193

In the Linux kernel, the following vulnerability has been resolved: ice: fix 'scheduling while atomic' on aux critical err interrupt There's a kernel BUG splat on processing aux critical errorinterrupts in ice_misc_intr(): [ 2100.917085] BUG: scheduling while atomic: swapper/15/0/0x00010000...[ 210...

CVE-2022-49218

In the Linux kernel, the following vulnerability has been resolved: drm/dp: Fix OOB read when handling Post Cursor2 register The link_status array was not large enough to read the Adjust RequestPost Cursor2 register, so remove the common helper function to avoidan OOB read, found with a -Warray-bou...

CVE-2022-49337

In the Linux kernel, the following vulnerability has been resolved: ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock When user_dlm_destroy_lock failed, it didn't clean up the flags it setbefore exit. For USER_LOCK_IN_TEARDOWN, if this function fails because oflock is still in used, next ti...

CVE-2022-49392

In the Linux kernel, the following vulnerability has been resolved: serial: 8250_aspeed_vuart: Fix potential NULL dereference in aspeed_vuart_probe platform_get_resource() may fail and return NULL, so we shouldbetter check it's return value to avoid a NULL pointer dereference.

CVE-2022-49424

In the Linux kernel, the following vulnerability has been resolved: iommu/mediatek: Fix NULL pointer dereference when printing dev_name When larbdev is NULL (in the case I hit, the node is incorrectly setiommus = ), it will cause device_link_add() fail andkernel crashes when we try to print dev_nam...

CVE-2022-49446

In the Linux kernel, the following vulnerability has been resolved: nvdimm: Fix firmware activation deadlock scenarios Lockdep reports the following deadlock scenarios for CXL root devicepower-management, device_prepare(), operations, and device_shutdown()operations for 'nd_region' devices: Chain e...

CVE-2022-49476

In the Linux kernel, the following vulnerability has been resolved: mt76: mt7921: fix kernel crash at mt7921_pci_remove The crash log shown it is possible that mt7921_irq_handler is called whiledevm_free_irq is being handled so mt76_free_device need to be postponeduntil devm_free_irq is completed t...

CVE-2022-49488

In the Linux kernel, the following vulnerability has been resolved: drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected There is a possibility for mdp5_get_global_state to return-EDEADLK when acquiring the modeset lock, but currently global_state inmdp5_mixer_release doe...

CVE-2022-49529

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/pm: fix the null pointer while the smu is disabled It needs to check if the pp_funcs is initialized while release thecontext, otherwise it will trigger null pointer panic while the softwaresmu is not enabled. [ 1109.4045...

CVE-2022-49530

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix double free in si_parse_power_table() In function si_parse_power_table(), array adev->pm.dpm.ps and its memberis allocated. If the allocation of each member fails, the array itselfis freed and returned with an er...

CVE-2022-49555

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_qca: Use del_timer_sync() before freeing While looking at a crash report on a timer list being corrupted, whichusually happens when a timer is freed while still active. This iscommonly triggered by code calling del_t...

CVE-2022-49613

In the Linux kernel, the following vulnerability has been resolved: serial: 8250: Fix PM usage_count for console handover When console is enabled, univ8250_console_setup() callsserial8250_console_setup() before .dev is set to uart_port. Therefore,it will not call pm_runtime_get_sync(). Later, when ...