CVE-2023-52570

In the Linux kernel, the following vulnerability has been resolved: vfio/mdev: Fix a null-ptr-deref bug for mdev_unregister_parent() Inject fault while probing mdpy.ko, if kstrdup() of create_dir() fails inkobject_add_internal() in kobject_init_and_add() in mdev_type_add()in parent_create_sysfs_fil...

CVE-2023-52613

In the Linux kernel, the following vulnerability has been resolved: drivers/thermal/loongson2_thermal: Fix incorrect PTR_ERR() judgment PTR_ERR() returns -ENODEV when thermal-zones are undefined, and we need-ENODEV as the right value for comparison. Otherwise, tz->type is NULL when thermal-zones...

CVE-2023-52678

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Confirm list is non-empty before utilizing list_first_entry in kfd_topology.c Before using list_first_entry, make sure to check that list is notempty, if list is empty return -ENODATA. Fixes the below:drivers/gpu/drm/am...

CVE-2023-52829

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix possible out-of-bound write in ath12k_wmi_ext_hal_reg_caps() reg_cap.phy_id is extracted from WMI event and could be an unexpected valuein case some errors happen. As a result out-of-bound write may occur tosoc-&g...

CVE-2023-52844

In the Linux kernel, the following vulnerability has been resolved: media: vidtv: psi: Add check for kstrdup Add check for the return value of kstrdup() and return the errorif it fails in order to avoid NULL pointer dereference.

CVE-2023-52853

In the Linux kernel, the following vulnerability has been resolved: hid: cp2112: Fix duplicate workqueue initialization Previously the cp2112 driver called INIT_DELAYED_WORK withincp2112_gpio_irq_startup, resulting in duplicate initilizations of theworkqueue on subsequent IRQ startups following an ...

CVE-2023-52871

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: llcc: Handle a second device without data corruption Usually there is only one llcc device. But if there were a second, evena failed probe call would modify the global drv_data pointer. So checkif drv_data is valid befor...

CVE-2023-52883

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix possible null pointer dereference abo->tbo.resource may be NULL in amdgpu_vm_bo_update.

CVE-2023-52999

In the Linux kernel, the following vulnerability has been resolved: net: fix UaF in netns ops registration error path If net_assign_generic() fails, the current error path in ops_init() triesto clear the gen pointer slot. Anyway, in such error path, the gen pointeritself has not been modified yet, ...

CVE-2024-26784

In the Linux kernel, the following vulnerability has been resolved: pmdomain: arm: Fix NULL dereference on scmi_perf_domain removal On unloading of the scmi_perf_domain module got the below splat, when inthe DT provided to the system under test the '#power-domain-cells' propertywas missing. Indeed,...

CVE-2024-26806

In the Linux kernel, the following vulnerability has been resolved: spi: cadence-qspi: remove system-wide suspend helper calls from runtime PM hooks The ->runtime_suspend() and ->runtime_resume() callbacks are notexpected to call spi_controller_suspend() and spi_controller_resume().Remove cal...

CVE-2024-26854

In the Linux kernel, the following vulnerability has been resolved: ice: fix uninitialized dplls mutex usage The pf->dplls.lock mutex is initialized too late, after its first use.Move it to the top of ice_dpll_init.Note that the "err_exit" error path destroys the mutex. And the mutex isthe last ...

CVE-2024-35247

In the Linux kernel, the following vulnerability has been resolved: fpga: region: add owner module and take its refcount The current implementation of the fpga region assumes that the low-levelmodule registers a driver for the parent device and uses its owner pointerto take the module's refcount. T...

CVE-2024-35889

In the Linux kernel, the following vulnerability has been resolved: idpf: fix kernel panic on unknown packet types In the very rare case where a packet type is unknown to the driver,idpf_rx_process_skb_fields would return early without callingeth_type_trans to set the skb protocol / the network lay...

CVE-2024-35916

In the Linux kernel, the following vulnerability has been resolved: dma-buf: Fix NULL pointer dereference in sanitycheck() If due to a memory allocation failure mock_chain() returns NULL, it ispassed to dma_fence_enable_sw_signaling() resulting in NULL pointerdereference there. Call dma_fence_enabl...

CVE-2024-35996

In the Linux kernel, the following vulnerability has been resolved: cpu: Re-enable CPU mitigations by default for !X86 architectures Rename x86's to CPU_MITIGATIONS, define it in generic code, and force iton for all architectures exception x86. A recent commit to turnmitigations off by default if S...

CVE-2024-38546

In the Linux kernel, the following vulnerability has been resolved: drm: vc4: Fix possible null pointer dereference In vc4_hdmi_audio_init() of_get_address() may returnNULL which is later dereferenced. Fix this bug by adding NULL check. Found by Linux Verification Center (linuxtesting.org) with SVA...

CVE-2024-38603

In the Linux kernel, the following vulnerability has been resolved: drivers/perf: hisi: hns3: Actually use devm_add_action_or_reset() pci_alloc_irq_vectors() allocates an irq vector. When devm_add_action()fails, the irq vector is not freed, which leads to a memory leak. Replace the devm_add_action ...

CVE-2024-39504

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_inner: validate mandatory meta and payload Check for mandatory netlink attributes in payload and meta expressionwhen used embedded from the inner expression, otherwise NULL pointerdereference is possible from userspa...

CVE-2024-40915

In the Linux kernel, the following vulnerability has been resolved: riscv: rewrite __kernel_map_pages() to fix sleeping in invalid context __kernel_map_pages() is a debug function which clears the valid bit in pagetable entry for deallocated pages to detect illegal memory accesses tofreed pages. Th...

CVE-2024-40920

In the Linux kernel, the following vulnerability has been resolved: net: bridge: mst: fix suspicious rcu usage in br_mst_set_state I converted br_mst_set_state to RCU to avoid a vlan use-after-freebut forgot to change the vlan group dereference helper. Switch to vlangroup RCU deref helper to fix th...

CVE-2024-40921

In the Linux kernel, the following vulnerability has been resolved: net: bridge: mst: pass vlan group directly to br_mst_vlan_set_state Pass the already obtained vlan group pointer to br_mst_vlan_set_state()instead of dereferencing it again. Each caller has already correctlydereferenced it for thei...

CVE-2024-40935

In the Linux kernel, the following vulnerability has been resolved: cachefiles: flush all requests after setting CACHEFILES_DEAD In ondemand mode, when the daemon is processing an open request, if thekernel flags the cache as CACHEFILES_DEAD, the cachefiles_daemon_write()will always return -EIO, so...

CVE-2024-40947

In the Linux kernel, the following vulnerability has been resolved: ima: Avoid blocking in RCU read-side critical section A panic happens in ima_match_policy: BUG: unable to handle kernel NULL pointer dereference at 0000000000000010PGD 42f873067 P4D 0Oops: 0000 [#1] SMP NOPTICPU: 5 PID: 1286325 Com...

CVE-2024-41004

In the Linux kernel, the following vulnerability has been resolved: tracing: Build event generation tests only as modules The kprobes and synth event generation test modules add events and lock(get a reference) those event file reference in module init function,and unlock and delete it in module ex...

CVE-2024-41051

In the Linux kernel, the following vulnerability has been resolved: cachefiles: wait for ondemand_object_worker to finish when dropping object When queuing ondemand_object_worker() to re-open the object,cachefiles_object is not pinned. The cachefiles_object may be freed whenthe pending read request...

CVE-2024-42162

In the Linux kernel, the following vulnerability has been resolved: gve: Account for stopped queues when reading NIC stats We now account for the fact that the NIC might send us stats for asubset of queues. Without this change, gve_get_ethtool_stats might makean invalid access on the priv->stats...

CVE-2024-42267

In the Linux kernel, the following vulnerability has been resolved: riscv/mm: Add handling for VM_FAULT_SIGSEGV in mm_fault_error() Handle VM_FAULT_SIGSEGV in the page fault path so that we correctlykill the process and we don't BUG() the kernel.

CVE-2024-43864

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix CT entry update leaks of modify header context The cited commit allocates a new modify header to replace the oldone when updating CT entry. But if failed to allocate a new one, eg.exceed the max number firmware can s...

CVE-2024-43868

In the Linux kernel, the following vulnerability has been resolved: riscv/purgatory: align riscv_kernel_entry When alignment handling is delegated to the kernel, everything must beword-aligned in purgatory, since the trap handler is then set to thekexec one. Without the alignment, hitting the excep...

CVE-2024-44996

In the Linux kernel, the following vulnerability has been resolved: vsock: fix recursive ->recvmsg calls After a vsock socket has been added to a BPF sockmap, its prot->recvmsghas been replaced with vsock_bpf_recvmsg(). Thus the followingrecursiion could happen: vsock_bpf_recvmsg()-> __vso...

CVE-2024-46710

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Prevent unmapping active read buffers The kms paths keep a persistent map active to read and compare the cursorbuffer. These maps can race with each other in simple scenario where:a) buffer "a" mapped for updateb) buffe...

CVE-2024-46778

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check UnboundedRequestEnabled's value CalculateSwathAndDETConfiguration_params_st's UnboundedRequestEnabledis a pointer (i.e. dml_bool_t *UnboundedRequestEnabled), and thusif (p->UnboundedRequestEnabled) checks ...

CVE-2024-46823

In the Linux kernel, the following vulnerability has been resolved: kunit/overflow: Fix UB in overflow_allocation_test The 'device_name' array doesn't exist out of the'overflow_allocation_test' function scope. However, it is being used asa driver name when calling 'kunit_driver_create' from'kunit_d...

CVE-2024-47682

In the Linux kernel, the following vulnerability has been resolved: scsi: sd: Fix off-by-one error in sd_read_block_characteristics() Ff the device returns page 0xb1 with length 8 (happens with qemu v2.x, forexample), sd_read_block_characteristics() may attempt an out-of-boundsmemory access when ac...

CVE-2024-50157

In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Avoid CPU lockups due fifo occupancy check loop Driver waits indefinitely for the fifo occupancy to go below a thresholdas soon as the pacing interrupt is received. This can cause soft lockup onone of the processors, ...

CVE-2024-56559

In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: combine all TLB flush operations of KASAN shadow virtual address into one operation When compiling kernel source 'make -j $(nproc)' with the up-and-runningKASAN-enabled kernel on a 256-core machine, the following soft l...

CVE-2024-56680

In the Linux kernel, the following vulnerability has been resolved: media: intel/ipu6: do not handle interrupts when device is disabled Some IPU6 devices have shared interrupts. We need to handle properlycase when interrupt is triggered from other device on shared irq lineand IPU6 itself disabled. ...

CVE-2024-56689

In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: epf-mhi: Avoid NULL dereference if DT lacks 'mmio' If platform_get_resource_byname() fails and returns NULL because DT lacksan 'mmio' property for the MHI endpoint, dereferencing res->start willcause a NULL pointe...

CVE-2024-58012

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params Each cpu DAI should associate with a widget. However, the topology mightnot create the right number of DAI widgets for aggregated amps. And itwill cause NULL point...

CVE-2024-58088

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix deadlock when freeing cgroup storage The following commitbc235cdb423a ("bpf: Prevent deadlock from recursive bpf_task_storage_[get|delete]")first introduced deadlock prevention for fentry/fexit programs attachingon bpf_tas...

CVE-2024-58095

In the Linux kernel, the following vulnerability has been resolved: jfs: add check read-only before txBeginAnon() call Added a read-only check before calling txBeginAnon in extAllocand extRecord. This prevents modification attempts on a read-onlymounted filesystem, avoiding potential errors or cras...

CVE-2025-21695

In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-uart-backlight: fix serdev race The dell_uart_bl_serdev_probe() function calls devm_serdev_device_open()before setting the client ops via serdev_device_set_client_ops(). Thisordering can trigger a NULL pointer de...

CVE-2025-21720

In the Linux kernel, the following vulnerability has been resolved: xfrm: delete intermediate secpath entry in packet offload mode Packets handled by hardware have added secpath as a way to inform XFRMcore code that this path was already handled. That secpath is not neededat all after policy is che...

CVE-2025-21733

In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Fix resetting of tracepoints If a timerlat tracer is started with the osnoise option OSNOISE_WORKLOADdisabled, but then that option is enabled and timerlat is removed, thetracepoints that were enabled on timerlat r...

CVE-2025-21850

In the Linux kernel, the following vulnerability has been resolved: nvmet: Fix crash when a namespace is disabled The namespace percpu counter protects pending I/O, and we canonly safely diable the namespace once the counter drop to zero.Otherwise we end up with a crash when running blktests/nvme/0...

CVE-2025-21873

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: bsg: Fix crash when arpmb command fails If the device doesn't support arpmb we'll crash due to copying user data inbsg_transport_sg_io_fn(). In the case where ufs_bsg_exec_advanced_rpmb_req() returns an error, do n...

CVE-2025-21908

In the Linux kernel, the following vulnerability has been resolved: NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback Add PF_KCOMPACTD flag and current_is_kcompactd() helper to check for it sonfs_release_folio() can skip calling nfs_wb_folio() from kcompactd. Otherwise NFS can de...

CVE-2025-21972

In the Linux kernel, the following vulnerability has been resolved: net: mctp: unshare packets when reassembling Ensure that the frag_list used for reassembly isn't shared with otherpackets. This avoids incorrect reassembly when packets are cloned, andprevents a memory leak due to circular referenc...

CVE-2025-22030

In the Linux kernel, the following vulnerability has been resolved: mm: zswap: fix crypto_free_acomp() deadlock in zswap_cpu_comp_dead() Currently, zswap_cpu_comp_dead() calls crypto_free_acomp() while holdingthe per-CPU acomp_ctx mutex. crypto_free_acomp() then holds scomp_lock(through crypto_exit...