10926 matches found
CVE-2022-49656
In the Linux kernel, the following vulnerability has been resolved: ARM: meson: Fix refcount leak in meson_smp_prepare_cpus of_find_compatible_node() returns a node pointer with refcountincremented, we should use of_node_put() on it when done.Add missing of_node_put() to avoid refcount leak.
CVE-2022-49667
In the Linux kernel, the following vulnerability has been resolved: net: bonding: fix use-after-free after 802.3ad slave unbind commit 0622cab0341c ("bonding: fix 802.3ad aggregator reselection"),resolve case, when there is several aggregation groups in the same bond.bond_3ad_unbind_slave will inva...
CVE-2022-49719
In the Linux kernel, the following vulnerability has been resolved: irqchip/gic/realview: Fix refcount leak in realview_gic_of_init of_find_matching_node_and_match() returns a node pointer with refcountincremented, we should use of_node_put() on it when not need anymore.Add missing of_node_put() to...
CVE-2022-49740
In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Check the count value of channel spec to prevent out-of-bounds reads This patch fixes slab-out-of-bounds reads in brcmfmac that occur inbrcmf_construct_chaninfo() and brcmf_enable_bw40_2g() when the countvalue of ch...
CVE-2023-52573
In the Linux kernel, the following vulnerability has been resolved: net: rds: Fix possible NULL-pointer dereference In rds_rdma_cm_event_handler_cmn() check, if conn pointer existsbefore dereferencing it as rdma_set_service_type() argument Found by Linux Verification Center (linuxtesting.org) with ...
CVE-2023-52677
In the Linux kernel, the following vulnerability has been resolved: riscv: Check if the code to patch lies in the exit section Otherwise we fall through to vmalloc_to_page() which panics since theaddress does not lie in the vmalloc region.
CVE-2023-52692
In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Add missing error check to scarlett2_usb_set_config() scarlett2_usb_set_config() calls scarlett2_usb_get() but was notchecking the result. Return the error if it fails rather thancontinuing with an invalid value.
CVE-2023-52737
In the Linux kernel, the following vulnerability has been resolved: btrfs: lock the inode in shared mode before starting fiemap Currently fiemap does not take the inode's lock (VFS lock), it only locksa file range in the inode's io tree. This however can lead to a deadlockif we have a concurrent fs...
CVE-2023-52804
In the Linux kernel, the following vulnerability has been resolved: fs/jfs: Add validity check for db_maxag and db_agpref Both db_maxag and db_agpref are used as the index of thedb_agfree array, but there is currently no validity check fordb_maxag and db_agpref, which can lead to errors. The follow...
CVE-2023-52861
In the Linux kernel, the following vulnerability has been resolved: drm: bridge: it66121: Fix invalid connector dereference Fix the NULL pointer dereference when no monitor is connected, and thesound card is opened from userspace. Instead return an empty buffer (of zeroes) as the EDID information t...
CVE-2023-52862
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix null pointer dereference in error message This patch fixes a null pointer dereference in the error message that isprinted when the Display Core (DC) fails to initialize. The originalmessage includes the DC vers...
CVE-2023-53044
In the Linux kernel, the following vulnerability has been resolved: dm stats: check for and propagate alloc_percpu failure Check alloc_precpu()'s return value and return an error fromdm_stats_init() if it fails. Update alloc_dev() to fail ifdm_stats_init() does. Otherwise, a NULL pointer dereferenc...
CVE-2024-26658
In the Linux kernel, the following vulnerability has been resolved: bcachefs: grab s_umount only if snapshotting When I was testing mongodb over bcachefs with compression,there is a lockdep warning when snapshotting mongodb data volume. $ cat test.shprog=bcachefs $prog subvolume create /mnt/data$pr...
CVE-2024-35818
In the Linux kernel, the following vulnerability has been resolved: LoongArch: Define the __io_aw() hook as mmiowb() Commit fb24ea52f78e0d595852e ("drivers: Remove explicit invocations ofmmiowb()") remove all mmiowb() in drivers, but it says: "NOTE: mmiowb() has only ever guaranteed ordering in con...
CVE-2024-35882
In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix a slow server-side memory leak with RPC-over-TCP Jan Schunk reports that his small NFS servers suffer from memoryexhaustion after just a few days. A bisect shows that commite18e157bb5c8 ("SUNRPC: Send RPC message on TCP...
CVE-2024-35903
In the Linux kernel, the following vulnerability has been resolved: x86/bpf: Fix IP after emitting call depth accounting Adjust the IP passed to emit_patch so it calculates the correct offsetfor the CALL instruction if x86_call_depth_emit_accounting emits code.Otherwise we will skip some instructio...
CVE-2024-35988
In the Linux kernel, the following vulnerability has been resolved: riscv: Fix TASK_SIZE on 64-bit NOMMU On NOMMU, userspace memory can come from anywhere in physical RAM. Thecurrent definition of TASK_SIZE is wrong if any RAM exists above 4G,causing spurious failures in the userspace access routin...
CVE-2024-35993
In the Linux kernel, the following vulnerability has been resolved: mm: turn folio_test_hugetlb into a PageType The current folio_test_hugetlb() can be fooled by a concurrent folio splitinto returning true for a folio which has never belonged to hugetlbfs.This can't happen if the caller holds a ref...
CVE-2024-36888
In the Linux kernel, the following vulnerability has been resolved: workqueue: Fix selection of wake_cpu in kick_pool() With cpu_possible_mask=0-63 and cpu_online_mask=0-7 the followingkernel oops was observed: smp: Bringing up secondary CPUs ...smp: Brought up 1 node, 8 CPUsUnable to handle kernel...
CVE-2024-36890
In the Linux kernel, the following vulnerability has been resolved: mm/slab: make __free(kfree) accept error pointers Currently, if an automatically freed allocation is an error pointer thatwill lead to a crash. An example of this is in wm831x_gpio_dbg_show(). 171 char *label __free(kfree) = gpioch...
CVE-2024-38591
In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix deadlock on SRQ async events. xa_lock for SRQ table may be required in AEQ. Use xa_store_irq()/xa_erase_irq() to avoid deadlock.
CVE-2024-39296
In the Linux kernel, the following vulnerability has been resolved: bonding: fix oops during rmmod "rmmod bonding" causes an oops ever since commit cc317ea3d927 ("bonding:remove redundant NULL check in debugfs function"). Here are the relevantfunctions being called: bonding_exit()bond_destroy_debug...
CVE-2024-39467
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode() syzbot reports a kernel bug as below: F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 BUG: KASAN: slab-out-of-bounds in f2fs_test_bit fs/f2fs/f2fs.h:29...
CVE-2024-40934
In the Linux kernel, the following vulnerability has been resolved: HID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode() Fix a memory leak on logi_dj_recv_send_report() error path.
CVE-2024-41067
In the Linux kernel, the following vulnerability has been resolved: btrfs: scrub: handle RST lookup error correctly [BUG]When running btrfs/060 with forced RST feature, it would crash thefollowing ASSERT() inside scrub_read_endio(): ASSERT(sector_nr nr_sectors); Before that, we would have tree dump...
CVE-2024-42071
In the Linux kernel, the following vulnerability has been resolved: ionic: use dev_consume_skb_any outside of napi If we're not in a NAPI softirq context, we need to be carefulabout how we call napi_consume_skb(), specifically we need tocall it with budget==0 to signal to it that we're not in asafe...
CVE-2024-42076
In the Linux kernel, the following vulnerability has been resolved: net: can: j1939: Initialize unused data in j1939_send_one() syzbot reported kernel-infoleak in raw_recvmsg() [1]. j1939_send_one()creates full frame including unused data, but it doesn't initializeit. This causes the kernel-infolea...
CVE-2024-42091
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Check pat.ops before dumping PAT settings We may leave pat.ops unset when running on brand new platform orwhen running as a VF. While the former is unlikely, the latteris valid (future) use case and will cause NPD when some...
CVE-2024-42144
In the Linux kernel, the following vulnerability has been resolved: thermal/drivers/mediatek/lvts_thermal: Check NULL ptr on lvts_data Verify that lvts_data is not NULL before using it.
CVE-2024-42249
In the Linux kernel, the following vulnerability has been resolved: spi: don't unoptimize message in spi_async() Calling spi_maybe_unoptimize_message() in spi_async() is wrong becausethe message is likely to be in the queue and not transferred yet. Thiscan corrupt the message while it is being used...
CVE-2024-42274
In the Linux kernel, the following vulnerability has been resolved: Revert "ALSA: firewire-lib: operate for period elapse event in process context" Commit 7ba5ca32fe6e ("ALSA: firewire-lib: operate for period elapse eventin process context") removed the process context workqueue fromamdtp_domain_st...
CVE-2024-42314
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix extent map use-after-free when adding pages to compressed bio At add_ra_bio_pages() we are accessing the extent map to calculate'add_size' after we dropped our reference on the extent map, resultingin a use-after-free. F...
CVE-2024-42320
In the Linux kernel, the following vulnerability has been resolved: s390/dasd: fix error checks in dasd_copy_pair_store() dasd_add_busid() can return an error via ERR_PTR() if an allocationfails. However, two callsites in dasd_copy_pair_store() do not checkthe result, potentially resulting in a NUL...
CVE-2024-43837
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix null pointer dereference in resolve_prog_type() for BPF_PROG_TYPE_EXT When loading a EXT program without specifying attr->attach_prog_fd,the prog->aux->dst_prog will be null. At this time, callingresolve_prog_type...
CVE-2024-43886
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null check in resource_log_pipe_topology_update [WHY]When switching from "Extend" to "Second Display Only" we sometimescall resource_get_otg_master_for_stream on a stream for the eDP,which is disconnected. This...
CVE-2024-44949
In the Linux kernel, the following vulnerability has been resolved: parisc: fix a possible DMA corruption ARCH_DMA_MINALIGN was defined as 16 - this is too small - it may bepossible that two unrelated 16-byte allocations share a cache line. Ifone of these allocations is written using DMA and the ot...
CVE-2024-44983
In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: validate vlan header Ensure there is sufficient room to access the protocol field of theVLAN header, validate it once before the flowtable lookup. =====================================================BUG: KMSA...
CVE-2024-46676
In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: Add poll mod list filling check In case of im_protocols value is 1 and tm_protocols value is 0 thiscombination successfully passes the check'if (!im_protocols && !tm_protocols)' in the nfc_start_poll().But then after pn...
CVE-2024-46749
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btnxpuart: Fix Null pointer dereference in btnxpuart_flush() This adds a check before freeing the rx->skb in flush and closefunctions to handle the kernel crash seen while removing driver after FWdownload fails or bef...
CVE-2024-46760
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: usb: schedule rx work after everything is set up Right now it's possible to hit NULL pointer dereference inrtw_rx_fill_rx_status on hw object and/or its fields becauseinitialization routine can start getting USB replie...
CVE-2024-46811
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box [Why]Coverity reports OVERRUN warning. soc.num_states couldbe 40. But array range of bw_params->clk_table.entries is 8. [How]Assert if soc.num_s...
CVE-2024-46830
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS Grab kvm->srcu when processing KVM_SET_VCPU_EVENTS, as KVM will forciblyleave nested VMX/SVM if SMM mode is being toggled, and leaving nested VMXreads guest memory...
CVE-2024-46834
In the Linux kernel, the following vulnerability has been resolved: ethtool: fail closed if we can't get max channel used in indirection tables Commit 0d1b7d6c9274 ("bnxt: fix crashes when reducing ring count withactive RSS contexts") proves that allowing indirection table to containchannels with o...
CVE-2024-47746
In the Linux kernel, the following vulnerability has been resolved: fuse: use exclusive lock when FUSE_I_CACHE_IO_MODE is set This may be a typo. The comment has said shared locks arenot allowed when this bit is set. If using shared lock, thewait in fuse_file_cached_io_open may be forever.
CVE-2024-49916
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add NULL check for clk_mgr and clk_mgr->funcs in dcn401_init_hw This commit addresses a potential null pointer dereference issue in thedcn401_init_hw function. The issue could occur when dc->clk_mgr ordc->...
CVE-2024-49953
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix crash caused by calling __xfrm_state_delete() twice The km.state is not checked in driver's delayed work. Whenxfrm_state_check_expire() is called, the state can be reset toXFRM_STATE_EXPIRED, even if it is XFRM_STATE...
CVE-2024-50004
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: update DML2 policy EnhancedPrefetchScheduleAccelerationFinal DCN35 [WHY & HOW]Mismatch in DCN35 DML2 cause bw validation failed to acquire unexpected DPP pipe to causegrey screen and system hang. Remove EnhancedPre...
CVE-2024-50118
In the Linux kernel, the following vulnerability has been resolved: btrfs: reject ro->rw reconfiguration if there are hard ro requirements [BUG]Syzbot reports the following crash: BTRFS info (device loop0 state MCS): disabling free space treeBTRFS info (device loop0 state MCS): clearing compat-r...
CVE-2024-50295
In the Linux kernel, the following vulnerability has been resolved: net: arc: fix the device for dma_map_single/dma_unmap_single The ndev->dev and pdev->dev aren't the same device, use ndev->dev.parentwhich has dma_mask, ndev->dev.parent is just pdev->dev.Or it would cause the follow...
CVE-2024-53109
In the Linux kernel, the following vulnerability has been resolved: nommu: pass NULL argument to vma_iter_prealloc() When deleting a vma entry from a maple tree, it has to pass NULL tovma_iter_prealloc() in order to calculate internal state of the tree, butit passed a wrong argument. As a result, n...