CVE-2024-46803

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Check debug trap enable before write dbg_ev_file In interrupt context, write dbg_ev_file will be run by work queue. Itwill cause write dbg_ev_file execution after debug_trap_disable, whichwill cause NULL pointer access....

CVE-2024-46809

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check BIOS images before it is used BIOS images may fail to load and null checks are added before they areused. This fixes 6 NULL_RETURNS issues reported by Coverity.

CVE-2024-46829

In the Linux kernel, the following vulnerability has been resolved: rtmutex: Drop rt_mutex::wait_lock before scheduling rt_mutex_handle_deadlock() is called with rt_mutex::wait_lock held. In thegood case it returns with the lock held and in the deadlock case it emits awarning and goes into an endle...

CVE-2024-46862

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: soc-acpi-intel-mtl-match: add missing empty item There is no links_num in struct snd_soc_acpi_mach {}, and we test!link->num_adr as a condition to end the loop in hda_sdw_machine_select().So an empty item in struct ...

CVE-2024-47686

In the Linux kernel, the following vulnerability has been resolved: ep93xx: clock: Fix off by one in ep93xx_div_recalc_rate() The psc->div[] array has psc->num_div elements. These values come fromwhen we call clk_hw_register_div(). It's adc_divisors andARRAY_SIZE(adc_divisors)) and so on. So ...

CVE-2024-47714

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: use hweight16 to get correct tx antenna The chainmask is u16 so using hweight8 cannot get correct tx_ant.Without this patch, the tx_ant of band 2 would be -1 and lead to thefollowing issue:BUG: KASAN: stack-out-...

CVE-2024-49871

In the Linux kernel, the following vulnerability has been resolved: Input: adp5589-keys - fix NULL pointer dereference We register a devm action to call adp5589_clear_config() and then passthe i2c client as argument so that we can call i2c_get_clientdata() inorder to get our device object. However,...

CVE-2024-49901

In the Linux kernel, the following vulnerability has been resolved: drm/msm/adreno: Assign msm_gpu->pdev earlier to avoid nullptrs There are some cases, such as the one uncovered by Commit 46d4efcccc68("drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails")where msm_gpu_cleanup(...

CVE-2024-49998

In the Linux kernel, the following vulnerability has been resolved: net: dsa: improve shutdown sequence Alexander Sverdlin presents 2 problems during shutdown with thelan9303 driver. One is specific to lan9303 and the other just happensto reproduce there. The first problem is that lan9303 is unique...

CVE-2024-50030

In the Linux kernel, the following vulnerability has been resolved: drm/xe/ct: prevent UAF in send_recv() Ensure we serialize with completion side to prevent UAF with fence goingout of scope on the stack, since we have no clue if it will fire afterthe timeout before we can erase from the xa. Also w...

CVE-2024-50231

In the Linux kernel, the following vulnerability has been resolved: iio: gts-helper: Fix memory leaks in iio_gts_build_avail_scale_table() modprobe iio-test-gts and rmmod it, then the following memory leakoccurs: unreferenced object 0xffffff80c810be00 (size 64): comm "kunit_try_catch", pid 1654, ji...

CVE-2024-50283

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab-use-after-free in smb3_preauth_hash_rsp ksmbd_user_session_put should be called under smb3_preauth_hash_rsp().It will avoid freeing session before calling smb3_preauth_hash_rsp().

CVE-2024-53132

In the Linux kernel, the following vulnerability has been resolved: drm/xe/oa: Fix "Missing outer runtime PM protection" warning Fix the following drm_WARN: [953.586396] xe 0000:00:02.0: [drm] Missing outer runtime PM protection... [953.587090] ? xe_pm_runtime_get_noresume+0x8d/0xa0 [xe] [953.58720...

CVE-2024-57801

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Skip restore TC rules for vport rep without loaded flag During driver unload, unregister_netdev is called after unloadingvport rep. So, the mlx5e_rep_priv is already freed while trying to getrpriv->netdev, or walk rpr...

CVE-2024-57923

In the Linux kernel, the following vulnerability has been resolved: btrfs: zlib: fix avail_in bytes for s390 zlib HW compression path Since the input data length passed to zlib_compress_folios() can bearbitrary, always setting strm.avail_in to a multiple of PAGE_SIZE maycause read-in bytes to excee...

CVE-2024-57933

In the Linux kernel, the following vulnerability has been resolved: gve: guard XSK operations on the existence of queues This patch predicates the enabling and disabling of XSK pools on theexistence of queues. As it stands, if the interface is down, disablingor enabling XSK pools would result in a ...

CVE-2024-57941

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix the (non-)cancellation of copy when cache is temporarily disabled When the caching for a cookie is temporarily disabled (e.g. due to a DIOwrite on that file), future copying to the cache for that file is disableduntil al...

CVE-2024-58068

In the Linux kernel, the following vulnerability has been resolved: OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized If a driver calls dev_pm_opp_find_bw_ceil/floor() the retrieve bandwidthfrom the OPP table but the bandwidth table was not created because theinterconnect propert...

CVE-2025-21696

In the Linux kernel, the following vulnerability has been resolved: mm: clear uffd-wp PTE/PMD state on mremap() When mremap()ing a memory region previously registered with userfaultfd aswrite-protected but without UFFD_FEATURE_EVENT_REMAP, an inconsistency inflag clearing leads to a mismatch betwee...

CVE-2025-21705

In the Linux kernel, the following vulnerability has been resolved: mptcp: handle fastopen disconnect correctly Syzbot was able to trigger a data stream corruption: WARNING: CPU: 0 PID: 9846 at net/mptcp/protocol.c:1024 __mptcp_clean_una+0xddb/0xff0 net/mptcp/protocol.c:1024Modules linked in:CPU: 0...

CVE-2025-21816

In the Linux kernel, the following vulnerability has been resolved: hrtimers: Force migrate away hrtimers queued after CPUHP_AP_HRTIMERS_DYING hrtimers are migrated away from the dying CPU to any online target atthe CPUHP_AP_HRTIMERS_DYING stage in order not to delay bandwidth timershandling tasks ...

CVE-2025-21847

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() The nullity of sps->cstream should be checked similarly as it is done insof_set_stream_data_offset() function.Assuming that it is not NULL if sps->stream ...

CVE-2025-21854

In the Linux kernel, the following vulnerability has been resolved: sockmap, vsock: For connectible sockets allow only connected sockmap expects all vsocks to have a transport assigned, which is expressedin vsock_proto::psock_update_sk_prot(). However, there is an edge casewhere an unconnected (con...

CVE-2025-21856

In the Linux kernel, the following vulnerability has been resolved: s390/ism: add release function for struct device According to device_release() in /drivers/base/core.c,a device without a release function is a broken deviceand must be fixed. The current code directly frees the device after callin...

CVE-2025-21936

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() Add check for the return value of mgmt_alloc_skb() inmgmt_device_connected() to prevent null pointer dereference.

CVE-2025-22036

In the Linux kernel, the following vulnerability has been resolved: exfat: fix random stack corruption after get_block When get_block is called with a buffer_head allocated on the stack, suchas do_mpage_readpage, stack corruption due to buffer_head UAF may occur inthe following race condition situa...

CVE-2025-22085

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fix use-after-free when rename device name Syzbot reported a slab-use-after-free with the following call trace: ==================================================================BUG: KASAN: slab-use-after-free in nla_put...

CVE-2025-22087

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix array bounds error with may_goto may_goto uses an additional 8 bytes on the stack, which causes theinterpreters[] array to go out of bounds when calculating index bystack_size. If a BPF program is rewritten, re-evaluate th...

CVE-2025-22108

In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Mask the bd_cnt field in the TX BD properly The bd_cnt field in the TX BD specifies the total number of BDs forthe TX packet. The bd_cnt field has 5 bits and the maximum numbersupported is 32 with the value 0. CONFIG_MAX_S...

CVE-2025-22111

In the Linux kernel, the following vulnerability has been resolved: net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF. SIOCBRDELIF is passed to dev_ioctl() first and later forwarded tobr_ioctl_call(), which causes unnecessary RTNL dance and the splatbelow [0] under RTNL pressure. Let's say Thr...

CVE-2025-22113

In the Linux kernel, the following vulnerability has been resolved: ext4: avoid journaling sb update on error if journal is destroying Presently we always BUG_ON if trying to start a transaction on a journal markedwith JBD2_UNMOUNT, since this should never happen. However, while ltp runningstress t...

CVE-2025-22115

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix block group refcount race in btrfs_create_pending_block_groups() Block group creation is done in two phases, which results in a slightlyunintuitive property: a block group can be allocated/deallocated fromafter btrfs_mak...

CVE-2025-22118

In the Linux kernel, the following vulnerability has been resolved: ice: validate queue quanta parameters to prevent OOB access Add queue wraparound prevention in quanta configuration.Ensure end_qid does not overflow by validating start_qid and num_queues.

CVE-2025-23134

In the Linux kernel, the following vulnerability has been resolved: ALSA: timer: Don't take register_mutex with copy_from/to_user() The infamous mmap_lock taken in copy_from/to_user() can be oftenproblematic when it's called inside another mutex, as they might leadto deadlocks. In the case of ALSA ...

CVE-2025-23135

In the Linux kernel, the following vulnerability has been resolved: RISC-V: KVM: Teardown riscv specific bits after kvm_exit During a module removal, kvm_exit invokes arch specific disablecall which disables AIA. However, we invoke aia_exit before kvm_exitresulting in the following warning. KVM ker...

CVE-2025-23161

In the Linux kernel, the following vulnerability has been resolved: PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type The access to the PCI config space via pci_ops::read and pci_ops::write isa low-level hardware access. The functions can be accessed with disabledinterrupts even on PREEMPT_RT....

CVE-2025-37748

In the Linux kernel, the following vulnerability has been resolved: iommu/mediatek: Fix NULL pointer deference in mtk_iommu_device_group Currently, mtk_iommu calls during probe iommu_device_register beforethe hw_list from driver data is initialized. Since iommu probing issuefix, it leads to NULL po...

CVE-2025-37771

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Prevent division by zero The user can set any speed value.If speed is greater than UINT_MAX/8, division by zero is possible. Found by Linux Verification Center (linuxtesting.org) with SVACE.

CVE-2025-37943

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi In certain cases, hardware might provide packets with alength greater than the maximum native Wi-Fi header length.This can lead to accessing and modifying fields...

CVE-2025-39930

In the Linux kernel, the following vulnerability has been resolved: ASoC: simple-card-utils: Don't use __free(device_node) at graph_util_parse_dai() commit 419d1918105e ("ASoC: simple-card-utils: use __free(device_node) fordevice node") uses __free(device_node) for dlc->of_node, but we need toke...

CVE-2004-0177

The ext3 code in Linux 2.4.x before 2.4.26 does not properly initialize journal descriptor blocks, which causes an information leak in which in-memory data is written to the device for the ext3 file system, which allows privileged users to obtain portions of kernel memory by reading the raw device.

CVE-2004-0178

The OSS code for the Sound Blaster (sb16) driver in Linux 2.4.x before 2.4.26, when operating in 16 bit mode, does not properly handle certain sample sizes, which allows local users to cause a denial of service (crash) via a sample with an odd number of bytes.

CVE-2004-0986

Iptables before 1.2.11, under certain conditions, does not properly load the required modules at system startup, which causes the firewall rules to fail to load and protect the system from remote attackers.

CVE-2004-1058

Race condition in Linux kernel 2.6 allows local users to read the environment variables of another process that is still spawning via /proc/.../cmdline.

CVE-2004-2302

Race condition in the sysfs_read_file and sysfs_write_file functions in Linux kernel before 2.6.10 allows local users to read kernel memory and cause a denial of service (crash) via large offsets in sysfs files.

CVE-2005-0178

Race condition in the setsid function in Linux before 2.6.8.1 allows local users to cause a denial of service (crash) and possibly access portions of kernel memory, related to TTY changes, locking, and semaphores.

CVE-2005-0815

Multiple "range checking flaws" in the ISO9660 filesystem handler in Linux 2.6.11 and earlier may allow attackers to cause a denial of service or corrupt memory via a crafted filesystem.

CVE-2005-1041

The fib_seq_start function in fib_hash.c in Linux kernel allows local users to cause a denial of service (system crash) via /proc/net/route.

CVE-2005-2492

The raw_sendmsg function in the Linux kernel 2.6 before 2.6.13.1 allows local users to cause a denial of service (change hardware state) or read from arbitrary memory via crafted input.

CVE-2005-2553

The find_target function in ptrace32.c in the Linux kernel 2.4.x before 2.4.29 does not properly handle a NULL return value from another function, which allows local users to cause a denial of service (kernel crash/oops) by running a 32-bit ltrace program with the -i option on a 64-bit executable p...