10741 matches found
CVE-2021-47640
In the Linux kernel, the following vulnerability has been resolved: powerpc/kasan: Fix early region not updated correctly The shadow's page table is not updated when PTE_RPN_SHIFT is 24and PAGE_SHIFT is 12. It not only causes false positives butalso false negative as shown the following text. Fix i...
CVE-2022-48648
In the Linux kernel, the following vulnerability has been resolved: sfc: fix null pointer dereference in efx_hard_start_xmit Trying to get the channel from the tx_queue variable here is wrongbecause we can only be here if tx_queue is NULL, so we shouldn'tdereference it. As the above comment in the ...
CVE-2022-48673
In the Linux kernel, the following vulnerability has been resolved: net/smc: Fix possible access to freed memory in link clear After modifying the QP to the Error state, all RX WR would be completedwith WC in IB_WC_WR_FLUSH_ERR status. Current implementation does notwait for it is done, but destroy...
CVE-2022-48740
In the Linux kernel, the following vulnerability has been resolved: selinux: fix double free of cond_list on error paths On error path from cond_read_list() and duplicate_policydb_cond_list()the cond_list_destroy() gets called a second time in caller functions,resulting in NULL pointer deref. Fix t...
CVE-2022-48741
In the Linux kernel, the following vulnerability has been resolved: ovl: fix NULL pointer dereference in copy up warning This patch is fixing a NULL pointer dereference to get a recentlyintroduced warning message working.
CVE-2022-48848
In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Do not unregister events twice Nicolas reported that using: trace-cmd record -e all -M 10 -p osnoise --poll Resulted in the following kernel warning: ------------[ cut here ]------------WARNING: CPU: 0 PID: 1217 at...
CVE-2022-48857
In the Linux kernel, the following vulnerability has been resolved: NFC: port100: fix use-after-free in port100_send_complete Syzbot reported UAF in port100_send_complete(). The root case is inmissing usb_kill_urb() calls on error handling path of ->probe function. port100_send_complete() access...
CVE-2022-48868
In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Let probe fail when workqueue cannot be enabled The workqueue is enabled when the appropriate driver is loaded anddisabled when the driver is removed. When the driver is removed itassumes that the workqueue was ena...
CVE-2022-48875
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: sdata can be NULL during AMPDU start ieee80211_tx_ba_session_handle_start() may get NULL for sdata when adeauthentication is ongoing. Here a trace triggering the race with the hostapd testmulti_ap_fronthaul_on_ap: (...
CVE-2022-48879
In the Linux kernel, the following vulnerability has been resolved: efi: fix NULL-deref in init error path In cases where runtime services are not supported or have been disabled,the runtime services workqueue will never have been allocated. Do not try to destroy the workqueue unconditionally in th...
CVE-2022-48901
In the Linux kernel, the following vulnerability has been resolved: btrfs: do not start relocation until in progress drops are done We hit a bug with a recovering relocation on mount for one of our filesystems in production. I reproduced this locally by injecting errorsinto snapshot delete with bal...
CVE-2022-49021
In the Linux kernel, the following vulnerability has been resolved: net: phy: fix null-ptr-deref while probe() failed I got a null-ptr-deref report as following when doing fault injection test: BUG: kernel NULL pointer dereference, address: 0000000000000058Oops: 0000 [#1] PREEMPT SMP KASAN PTICPU: ...
CVE-2022-49025
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix use-after-free when reverting termination table When having multiple dests with termination tables and second oneor afterwards fails the driver reverts usage of term tables butdoesn't reset the assignment in attr->...
CVE-2022-49051
In the Linux kernel, the following vulnerability has been resolved: net: usb: aqc111: Fix out-of-bounds accesses in RX fixup aqc111_rx_fixup() contains several out-of-bounds accesses that can betriggered by a malicious (or defective) USB device, in particular: The metadata array (desc_offset..desc_...
CVE-2022-49062
In the Linux kernel, the following vulnerability has been resolved: cachefiles: Fix KASAN slab-out-of-bounds in cachefiles_set_volume_xattr Use the actual length of volume coherency data when setting thexattr to avoid the following KASAN report. BUG: KASAN: slab-out-of-bounds in cachefiles_set_volu...
CVE-2022-49091
In the Linux kernel, the following vulnerability has been resolved: drm/imx: Fix memory leak in imx_pd_connector_get_modes Avoid leaking the display mode variable if of_get_drm_display_modefails. Addresses-Coverity-ID: 1443943 ("Resource leak")
CVE-2022-49170
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on curseg->alloc_type As Wenqing Liu reported in bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=215657 OverviewUBSAN: array-index-out-of-bounds in fs/f2fs/segment.c:3460:2 when mount and opera...
CVE-2022-49217
In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix abort all task initialization In pm80xx_send_abort_all(), the n_elem field of the ccb used is notinitialized to 0. This missing initialization sometimes lead to the taskcompletion path seeing the ccb with a non-ze...
CVE-2022-49218
In the Linux kernel, the following vulnerability has been resolved: drm/dp: Fix OOB read when handling Post Cursor2 register The link_status array was not large enough to read the Adjust RequestPost Cursor2 register, so remove the common helper function to avoidan OOB read, found with a -Warray-bou...
CVE-2022-49221
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: populate connector of struct dp_panel DP CTS test case 4.2.2.6 has valid edid with bad checksum on purposeand expect DP source return correct checksum. During drm edid read,correct edid checksum is calculated and stored...
CVE-2022-49252
In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: rx-macro: fix accessing array out of bounds for enum type Accessing enums using integer would result in array out of bounds accesson platforms like aarch64 where sizeof(long) is 8 compared to enum sizewhich is 4 bytes...
CVE-2022-49261
In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: add missing boundary check in vm_access A missing bounds check in vm_access() can lead to an out-of-bounds reador write in the adjacent memory area, since the len attribute is notvalidated before the memcpy later in t...
CVE-2022-49357
In the Linux kernel, the following vulnerability has been resolved: efi: Do not import certificates from UEFI Secure Boot for T2 Macs On Apple T2 Macs, when Linux attempts to read the db and dbx efi variablesat early boot to load UEFI Secure Boot certificates, a page fault occursin Apple firmware c...
CVE-2022-49400
In the Linux kernel, the following vulnerability has been resolved: md: Don't set mddev private to NULL in raid0 pers->free In normal stop process, it does like this:do_md_stop|__md_stop (pers->free(); mddev->private=NULL)|md_free (free mddev)__md_stop sets mddev->private to NULL after ...
CVE-2022-49421
In the Linux kernel, the following vulnerability has been resolved: video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup of_parse_phandle() returns a node pointer with refcount incremented, we shoulduse of_node_put() on it when not need anymore. Add missing of_node_put() toavoid refcount...
CVE-2022-49439
In the Linux kernel, the following vulnerability has been resolved: powerpc/fsl_rio: Fix refcount leak in fsl_rio_setup of_parse_phandle() returns a node pointer with refcountincremented, we should use of_node_put() on it when not need anymore.Add missing of_node_put() to avoid refcount leak.
CVE-2022-49440
In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: Keep MSR[RI] set when calling RTAS RTAS runs in real mode (MSR[DR] and MSR[IR] unset) and in 32-bit bigendian mode (MSR[SF,LE] unset). The change in MSR is done in enter_rtas() in a relatively complex way,since the MS...
CVE-2022-49444
In the Linux kernel, the following vulnerability has been resolved: module: fix [e_shstrndx].sh_size=0 OOB access It is trivial to craft a module to trigger OOB access in this line: if (info->secstrings[strhdr->sh_size - 1] != '\0') { BUG: unable to handle page fault for address: ffffc90000aa...
CVE-2022-49556
In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Use kzalloc for sev ioctl interfaces to prevent kernel data leak For some sev ioctl interfaces, the length parameter that is passed maybeless than or equal to SEV_FW_BLOB_MAX_SIZE, but larger than the datathat PSP firmwar...
CVE-2022-49560
In the Linux kernel, the following vulnerability has been resolved: exfat: check if cluster num is valid Syzbot reported slab-out-of-bounds read in exfat_clear_bitmap.This was triggered by reproducer calling truncute with size 0,which causes the following trace: BUG: KASAN: slab-out-of-bounds in ex...
CVE-2022-49591
In the Linux kernel, the following vulnerability has been resolved: net: dsa: microchip: ksz_common: Fix refcount leak bug In ksz_switch_register(), we should call of_node_put() for thereference returned by of_get_child_by_name() which has increasedthe refcount.
CVE-2022-49613
In the Linux kernel, the following vulnerability has been resolved: serial: 8250: Fix PM usage_count for console handover When console is enabled, univ8250_console_setup() callsserial8250_console_setup() before .dev is set to uart_port. Therefore,it will not call pm_runtime_get_sync(). Later, when ...
CVE-2022-49622
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: avoid skb access on nf_stolen When verdict is NF_STOLEN, the skb might have been freed. When tracing is enabled, this can result in a use-after-free: access to skb->nf_trace access to skb->mark computati...
CVE-2022-49667
In the Linux kernel, the following vulnerability has been resolved: net: bonding: fix use-after-free after 802.3ad slave unbind commit 0622cab0341c ("bonding: fix 802.3ad aggregator reselection"),resolve case, when there is several aggregation groups in the same bond.bond_3ad_unbind_slave will inva...
CVE-2022-49676
In the Linux kernel, the following vulnerability has been resolved: memory: samsung: exynos5422-dmc: Fix refcount leak in of_get_dram_timings of_parse_phandle() returns a node pointer with refcountincremented, we should use of_node_put() on it when not need anymore.This function doesn't call of_nod...
CVE-2022-49704
In the Linux kernel, the following vulnerability has been resolved: 9p: fix fid refcount leak in v9fs_vfs_get_link we check for protocol version later than required, after a fid hasbeen obtained. Just move the version check earlier.
CVE-2022-49722
In the Linux kernel, the following vulnerability has been resolved: ice: Fix memory corruption in VF driver Disable VF's RX/TX queues, when it's disabled. VF can have queues enabled,when it requests a reset. If PF driver assumes that VF is disabled,while VF still has queues configured, VF may unmap...
CVE-2022-49724
In the Linux kernel, the following vulnerability has been resolved: tty: goldfish: Fix free_irq() on remove Pass the correct dev_id to free_irq() to fix this splat when the driveris unbound: WARNING: CPU: 0 PID: 30 at kernel/irq/manage.c:1895 free_irqTrying to free already-free IRQ 65Call Trace:war...
CVE-2022-49804
In the Linux kernel, the following vulnerability has been resolved: s390: avoid using global register for current_stack_pointer Commit 30de14b1884b ("s390: current_stack_pointer shouldn't be afunction") made current_stack_pointer a global register variable likeon many other architectures. Unfortuna...
CVE-2022-49827
In the Linux kernel, the following vulnerability has been resolved: drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker() drm_vblank_init() call drmm_add_action_or_reset() withdrm_vblank_init_release() as action. If __drmm_add_action() failed, willdirectly call drm_vblank_init_release() ...
CVE-2022-49837
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix memory leaks in __check_func_call kmemleak reports this issue: unreferenced object 0xffff88817139d000 (size 2048):comm "test_progs", pid 33246, jiffies 4307381979 (age 45851.820s)hex dump (first 32 bytes):01 00 00 00 00 00...
CVE-2023-52768
In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: use vmm_table as array in wilc struct Enabling KASAN and running some iperf tests raises some memory issues withvmm_table: BUG: KASAN: slab-out-of-bounds in wilc_wlan_handle_txq+0x6ac/0xdb4Write of size 4 at addr c3...
CVE-2023-52844
In the Linux kernel, the following vulnerability has been resolved: media: vidtv: psi: Add check for kstrdup Add check for the return value of kstrdup() and return the errorif it fails in order to avoid NULL pointer dereference.
CVE-2023-52850
In the Linux kernel, the following vulnerability has been resolved: media: hantro: Check whether reset op is defined before use The i.MX8MM/N/P does not define the .reset op since reset of the VPU isdone by genpd. Check whether the .reset op is defined before calling itto avoid NULL pointer derefer...
CVE-2023-52852
In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix to avoid use-after-free on dic Call trace:__memcpy+0x128/0x250f2fs_read_multi_pages+0x940/0xf7cf2fs_mpage_readpages+0x5a8/0x624f2fs_readahead+0x5c/0x110page_cache_ra_unbounded+0x1b8/0x590do_sync_mmap_readahead+0...
CVE-2023-52866
In the Linux kernel, the following vulnerability has been resolved: HID: uclogic: Fix user-memory-access bug in uclogic_params_ugee_v2_init_event_hooks() When CONFIG_HID_UCLOGIC=y and CONFIG_KUNIT_ALL_TESTS=y, launch kernel andthen the below user-memory-access bug occurs. In hid_test_uclogic_params...
CVE-2023-52925
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: don't fail inserts if duplicate has expired nftables selftests fail:run-tests.sh testcases/sets/0044interval_overlap_0Expected: 0-2 . 0-3, got:W: [FAILED] ./testcases/sets/0044interval_overlap_0: got 1 Inserti...
CVE-2023-52999
In the Linux kernel, the following vulnerability has been resolved: net: fix UaF in netns ops registration error path If net_assign_generic() fails, the current error path in ops_init() triesto clear the gen pointer slot. Anyway, in such error path, the gen pointeritself has not been modified yet, ...
CVE-2023-53060
In the Linux kernel, the following vulnerability has been resolved: igb: revert rtnl_lock() that causes deadlock The commit 6faee3d4ee8b ("igb: Add lock to avoid data race") addsrtnl_lock to eliminate a false data race shown below (FREE from device detaching) | (USE from netdev core)igb_remove | ig...
CVE-2023-53085
In the Linux kernel, the following vulnerability has been resolved: drm/edid: fix info leak when failing to get panel id Make sure to clear the transfer buffer before fetching the EDID toavoid leaking slab data to the logs on errors that leave the bufferunchanged.