10741 matches found
CVE-2024-46802
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: added NULL check at start of dc_validate_stream [Why]prevent invalid memory access [How]check if dc and stream are NULL
CVE-2024-46689
In the Linux kernel, the following vulnerability has been resolved: soc: qcom: cmd-db: Map shared memory as WC, not WB Linux does not write into cmd-db region. This region of memory is writeprotected by XPU. XPU may sometime falsely detect clean cache evictionas "write" into the write protected reg...
CVE-2024-46697
In the Linux kernel, the following vulnerability has been resolved: nfsd: ensure that nfsd4_fattr_args.context is zeroed out If nfsd4_encode_fattr4 ends up doing a "goto out" before we get tochecking for the security label, then args.context will be set touninitialized junk on the stack, which we'l...
CVE-2024-46720
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix dereference after null check check the pointer hive before use.
CVE-2024-46729
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix incorrect size calculation for loop [WHY]fe_clk_en has size of 5 but sizeof(fe_clk_en) has byte size 20 which islager than the array size. [HOW]Divide byte size 20 by its element size. This fixes 2 OVERRUN issu...
CVE-2024-46733
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix qgroup reserve leaks in cow_file_range In the buffered write path, the dirty page owns the qgroup reserve untilit creates an ordered_extent. Therefore, any errors that occur before the ordered_extent is createdmust free ...
CVE-2024-46739
In the Linux kernel, the following vulnerability has been resolved: uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind For primary VM Bus channels, primary_channel pointer is always NULL. Thispointer is valid only for the secondary channels. Also, rescind callbackis meant for pri...
CVE-2024-46804
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add array index check for hdcp ddc access [Why]Coverity reports OVERRUN warning. Do not check if arrayindex valid. [How]Check msg_id valid and valid array index.
CVE-2024-46863
In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: soc-acpi-intel-lnl-match: add missing empty item There is no links_num in struct snd_soc_acpi_mach {}, and we test!link->num_adr as a condition to end the loop in hda_sdw_machine_select().So an empty item in struct ...
CVE-2024-47734
In the Linux kernel, the following vulnerability has been resolved: bonding: Fix unnecessary warnings and logs from bond_xdp_get_xmit_slave() syzbot reported a WARNING in bond_xdp_get_xmit_slave. To reproducethis[1], one bond device (bond1) has xdpdrv, which increasesbpf_master_redirect_enabled_key...
CVE-2024-48875
In the Linux kernel, the following vulnerability has been resolved: btrfs: don't take dev_replace rwsem on task already holding it Running fstests btrfs/011 with MKFS_OPTIONS="-O rst" to force the usage ofthe RAID stripe-tree, we get the following splat from lockdep: BTRFS info (device sdd): dev_re...
CVE-2024-49861
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix helper writes to read-only maps Lonial found an issue that despite user- and BPF-side frozen BPF map(like in case of .rodata), it was still possible to write into it froma BPF program side through specific helpers having A...
CVE-2024-49911
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add NULL check for function pointer in dcn20_set_output_transfer_func This commit adds a null check for the set_output_gamma function pointerin the dcn20_set_output_transfer_func function. Previously,set_output_gam...
CVE-2024-50026
In the Linux kernel, the following vulnerability has been resolved: scsi: wd33c93: Don't use stale scsi_pointer value A regression was introduced with commit dbb2da557a6a ("scsi: wd33c93:Move the SCSI pointer to private command data") which results in an oopsin wd33c93_intr(). That commit added the...
CVE-2024-50111
In the Linux kernel, the following vulnerability has been resolved: LoongArch: Enable IRQ if do_ale() triggered in irq-enabled context Unaligned access exception can be triggered in irq-enabled context suchas user mode, in this case do_ale() may call get_user() which may causesleep. Then we will ge...
CVE-2024-50145
In the Linux kernel, the following vulnerability has been resolved: octeon_ep: Add SKB allocation failures handling in __octep_oq_process_rx() build_skb() returns NULL in case of a memory allocation failure so handleit inside __octep_oq_process_rx() to avoid NULL pointer dereference. __octep_oq_pro...
CVE-2024-50207
In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Fix reader locking when changing the sub buffer order The function ring_buffer_subbuf_order_set() updates eachring_buffer_per_cpu and installs new sub buffers that match the requestedpage order. This operation may be i...
CVE-2024-50274
In the Linux kernel, the following vulnerability has been resolved: idpf: avoid vport access in idpf_get_link_ksettings When the device control plane is removed or the platformrunning device control plane is rebooted, a reset is detectedon the driver. On driver reset, it releases the resources andw...
CVE-2024-53049
In the Linux kernel, the following vulnerability has been resolved: slub/kunit: fix a WARNING due to unwrapped __kmalloc_cache_noprof 'modprobe slub_kunit' will have a warning as shown below. The root causeis that __kmalloc_cache_noprof was directly used, which resulted in noalloc_tag being allocat...
CVE-2024-53098
In the Linux kernel, the following vulnerability has been resolved: drm/xe/ufence: Prefetch ufence addr to catch bogus address access_ok() only checks for addr overflow so also try to read the addrto catch invalid addr sent from userspace. (cherry picked from commit 9408c4508483ffc60811e910a93d6425...
CVE-2024-53228
In the Linux kernel, the following vulnerability has been resolved: riscv: kvm: Fix out-of-bounds array access In kvm_riscv_vcpu_sbi_init() the entry->ext_idx can contain anout-of-bound index. This is used as a special marker for the baseextensions, that cannot be disabled. However, when travers...
CVE-2024-56540
In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Prevent recovery invocation during probe and resume Refactor IPC send and receive functions to allow correcthandling of operations that should not trigger a recovery process. Expose ivpu_send_receive_internal(), which i...
CVE-2024-56561
In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Fix PCI domain ID release in pci_epc_destroy() pci_epc_destroy() invokes pci_bus_release_domain_nr() to release the PCIdomain ID, but there are two issues: 'epc->dev' is passed to pci_bus_release_domain_nr() which...
CVE-2024-56673
In the Linux kernel, the following vulnerability has been resolved: riscv: mm: Do not call pmd dtor on vmemmap page table teardown The vmemmap's, which is used for RV64 with SPARSEMEM_VMEMMAP, pagetables are populated using pmd (page middle directory) hugetables.However, the pmd allocation is not u...
CVE-2024-56687
In the Linux kernel, the following vulnerability has been resolved: usb: musb: Fix hardware lockup on first Rx endpoint request There is a possibility that a request's callback could be invoked fromusb_ep_queue() (call trace below, supplemented with missing calls): req->complete from usb_gadget_...
CVE-2024-56719
In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix TSO DMA API usage causing oops Commit 66600fac7a98 ("net: stmmac: TSO: Fix unbalanced DMA map/unmapfor non-paged SKB data") moved the assignment of tx_skbuff_dma[]'smembers to be later in stmmac_tso_xmit(). The buf...
CVE-2024-56771
In the Linux kernel, the following vulnerability has been resolved: mtd: spinand: winbond: Fix 512GW, 01GW, 01JW and 02JW ECC information These four chips: W25N512GW W25N01GW W25N01JW W25N02JWall require a single bit of ECC strength and thus feature an on-dieHamming-like ECC engine. There is no poi...
CVE-2024-57872
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: pltfrm: Dellocate HBA during ufshcd_pltfrm_remove() This will ensure that the scsi host is cleaned up properly usingscsi_host_dev_release(). Otherwise, it may lead to memory leaks.
CVE-2024-57895
In the Linux kernel, the following vulnerability has been resolved: ksmbd: set ATTR_CTIME flags when setting mtime David reported that the new warning from setattr_copy_mgtime is cominglike the following. [ 113.215316] ------------[ cut here ]------------[ 113.215974] WARNING: CPU: 1 PID: 31 at fs/...
CVE-2024-57928
In the Linux kernel, the following vulnerability has been resolved: netfs: Fix enomem handling in buffered reads If netfs_read_to_pagecache() gets an error from either ->prepare_read() orfrom netfs_prepare_read_iterator(), it needs to decrement ->nr_outstanding,cancel the subrequest and break...
CVE-2024-58080
In the Linux kernel, the following vulnerability has been resolved: clk: qcom: dispcc-sm6350: Add missing parent_map for a clock If a clk_rcg2 has a parent, it should also have parent_map defined,otherwise we'll get a NULL pointer dereference when calling clk_set_ratelike the following: [ 3.388105]...
CVE-2025-21784
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode() In function psp_init_cap_microcode(), it should bail out when failed toload firmware, otherwise it may cause invalid memory access.
CVE-2025-22019
In the Linux kernel, the following vulnerability has been resolved: bcachefs: bch2_ioctl_subvolume_destroy() fixes bch2_evict_subvolume_inodes() was getting stuck - due to incorrectlypruning the dcache. Also, fix missing permissions checks.
CVE-2025-22022
In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Apply the link chain quirk on NEC isoc endpoints Two clearly different specimens of NEC uPD720200 (one with start/stopbug, one without) were seen to cause IOMMU faults after some MissedService Errors. Faulting address is...
CVE-2025-22042
In the Linux kernel, the following vulnerability has been resolved: ksmbd: add bounds check for create lease context Add missing bounds check for create lease context.
CVE-2025-22053
In the Linux kernel, the following vulnerability has been resolved: net: ibmveth: make veth_pool_store stop hanging v2: Created a single error handling unlock and exit in veth_pool_store Greatly expanded commit message with previous explanatory-only text Summary: Use rtnl_mutex to synchronize veth_...
CVE-2025-22070
In the Linux kernel, the following vulnerability has been resolved: fs/9p: fix NULL pointer dereference on mkdir When a 9p tree was mounted with option 'posixacl', parent directory had adefault ACL set for its subdirectories, e.g.: setfacl -m default:group:simpsons:rwx parentdir then creating a sub...
CVE-2025-22074
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix r_count dec/increment mismatch r_count is only increased when there is an oplock break wait,so r_count inc/decrement are not paired. This can cause r_countto become negative, which can lead to a problem where the ksmbdth...
CVE-2025-22106
In the Linux kernel, the following vulnerability has been resolved: vmxnet3: unregister xdp rxq info in the reset path vmxnet3 does not unregister xdp rxq info in thevmxnet3_reset_work() code path as vmxnet3_rq_destroy()is not invoked in this code path. So, we get below message with abacktrace. Mis...
CVE-2025-22107
In the Linux kernel, the following vulnerability has been resolved: net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105_table_delete_entry() There are actually 2 problems: deleting the last element doesn't require the memmove of elements[i + 1, end) over it. Actually, element i+1 is out o...
CVE-2025-22127
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix potential deadloop in prepare_compress_overwrite() Jan Prusakowski reported a kernel hang issue as below: When running xfstests on linux-next kernel (6.14.0-rc3, 6.12) Iencountered a problem in generic/475 test where fsst...
CVE-2025-23156
In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi_parser: refactor hfi packet parsing logic words_count denotes the number of words in total payload, while datapoints to payload of various property within it. When words_countreaches last word, data can access mem...
CVE-2025-23159
In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi: add a check to handle OOB in sfr region sfr->buf_size is in shared memory and can be modified by malicious user.OOB write is possible when the size is made higher than actual sfr databuffer. Cap the size to al...
CVE-2025-37742
In the Linux kernel, the following vulnerability has been resolved: jfs: Fix uninit-value access of imap allocated in the diMount() function syzbot reports that hex_dump_to_buffer is using uninit-value: =====================================================BUG: KMSAN: uninit-value in hex_dump_to_buf...
CVE-2025-37766
In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Prevent division by zero The user can set any speed value.If speed is greater than UINT_MAX/8, division by zero is possible. Found by Linux Verification Center (linuxtesting.org) with SVACE.
CVE-2025-37769
In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm/smu11: Prevent division by zero The user can set any speed value.If speed is greater than UINT_MAX/8, division by zero is possible. Found by Linux Verification Center (linuxtesting.org) with SVACE. (cherry picked from co...
CVE-2025-37773
In the Linux kernel, the following vulnerability has been resolved: virtiofs: add filesystem context source name check In certain scenarios, for example, during fuzz testing, the sourcename may be NULL, which could lead to a kernel panic. Therefore, anextra check for the source name should be added...
CVE-2025-37775
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix the warning from __kernel_write_iter [ 2110.972290] ------------[ cut here ]------------[ 2110.972301] WARNING: CPU: 3 PID: 735 at fs/read_write.c:599 __kernel_write_iter+0x21b/0x280 This patch doesn't allow writing to d...
CVE-2025-37831
In the Linux kernel, the following vulnerability has been resolved: cpufreq: apple-soc: Fix null-ptr-deref in apple_soc_cpufreq_get_rate() cpufreq_cpu_get_raw() can return NULL when the target CPU is not presentin the policy->cpus mask. apple_soc_cpufreq_get_rate() does not checkfor this case, w...
CVE-2025-37862
In the Linux kernel, the following vulnerability has been resolved: HID: pidff: Fix null pointer dereference in pidff_find_fields This function triggered a null pointer dereference if used to search fora report that isn't implemented on the device. This happened both foroptional and required report...