10926 matches found
CVE-2021-47640
In the Linux kernel, the following vulnerability has been resolved: powerpc/kasan: Fix early region not updated correctly The shadow's page table is not updated when PTE_RPN_SHIFT is 24and PAGE_SHIFT is 12. It not only causes false positives butalso false negative as shown the following text. Fix i...
CVE-2022-3595
A vulnerability was found in Linux Kernel. It has been rated as problematic. Affected by this issue is the function sess_free_buffer of the file fs/cifs/sess.c of the component CIFS Handler. The manipulation leads to double free. It is recommended to apply a patch to fix this issue. The identifier ...
CVE-2022-48660
In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: Set lineevent_state::irq after IRQ register successfully When running gpio test on nxp-ls1028 platform with below commandgpiomon --num-events=3 --rising-edge gpiochip1 25There will be a warning trace as below:Call tr...
CVE-2022-48663
In the Linux kernel, the following vulnerability has been resolved: gpio: mockup: fix NULL pointer dereference when removing debugfs We now remove the device's debugfs entries when unbinding the driver.This now causes a NULL-pointer dereference on module exit because theplatform devices are unregis...
CVE-2022-48667
In the Linux kernel, the following vulnerability has been resolved: smb3: fix temporary data corruption in insert range insert range doesn't discard the affected cached regionso can risk temporarily corrupting file data. Also includes some minor cleanup (avoiding rereadinginode size repeatedly unne...
CVE-2022-48723
In the Linux kernel, the following vulnerability has been resolved: spi: uniphier: fix reference count leak in uniphier_spi_probe() The issue happens in several error paths in uniphier_spi_probe().When either dma_get_slave_caps() or devm_spi_register_master() returnsan error code, the function forg...
CVE-2022-48806
In the Linux kernel, the following vulnerability has been resolved: eeprom: ee1004: limit i2c reads to I2C_SMBUS_BLOCK_MAX Commit effa453168a7 ("i2c: i801: Don't silently correct invalid transfersize") revealed that ee1004_eeprom_read() did not properly limit howmany bytes to read at once. In parti...
CVE-2022-48812
In the Linux kernel, the following vulnerability has been resolved: net: dsa: lantiq_gswip: don't use devres for mdiobus As explained in commits:74b6d7d13307 ("net: dsa: realtek: register the MDIO bus under devres")5135e96a3dd2 ("net: dsa: don't allocate the slave_mii_bus using devres") mdiobus_fre...
CVE-2022-48834
In the Linux kernel, the following vulnerability has been resolved: usb: usbtmc: Fix bug in pipe direction for control transfers The syzbot fuzzer reported a minor bug in the usbtmc driver: usb 5-1: BOGUS control dir, pipe 80001e80 doesn't match bRequestType 0WARNING: CPU: 0 PID: 3813 at drivers/us...
CVE-2022-48856
In the Linux kernel, the following vulnerability has been resolved: gianfar: ethtool: Fix refcount leak in gfar_get_ts_info The of_find_compatible_node() function returns a node pointer withrefcount incremented, We should use of_node_put() on it when doneAdd the missing of_node_put() to release the...
CVE-2022-48861
In the Linux kernel, the following vulnerability has been resolved: vdpa: fix use-after-free on vp_vdpa_remove When vp_vdpa driver is unbind, vp_vdpa is freed in vdpa_unregister_deviceand then vp_vdpa->mdev.pci_dev is dereferenced in vp_modern_remove,triggering use-after-free. Call Trace of unbi...
CVE-2022-48864
In the Linux kernel, the following vulnerability has been resolved: vdpa/mlx5: add validation for VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET command When control vq receives a VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET commandrequest from the driver, presently there is no validation against thenumber of queue pairs to c...
CVE-2022-48933
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix memory leak during stateful obj update stateful objects can be updated from the control plane.The transaction logic allocates a temporary object for this purpose. The ->init function was called for this...
CVE-2022-49088
In the Linux kernel, the following vulnerability has been resolved: dpaa2-ptp: Fix refcount leak in dpaa2_ptp_probe This node pointer is returned by of_find_compatible_node() withrefcount incremented. Calling of_node_put() to aovid the refcount leak.
CVE-2022-49254
In the Linux kernel, the following vulnerability has been resolved: media: ti-vpe: cal: Fix a NULL pointer dereference in cal_ctx_v4l2_init_formats() In cal_ctx_v4l2_init_formats(), devm_kzalloc() is assigned toctx->active_fmt and there is a dereference of it after that, which couldlead to NULL ...
CVE-2022-49289
In the Linux kernel, the following vulnerability has been resolved: uaccess: fix integer overflow on access_ok() Three architectures check the end of a user access against theaddress limit without taking a possible overflow into account.Passing a negative length or another overflow in here returnss...
CVE-2022-49386
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ti: am65-cpsw-nuss: Fix some refcount leaks of_get_child_by_name() returns a node pointer with refcountincremented, we should use of_node_put() on it when not need anymore.am65_cpsw_init_cpts() and am65_cpsw_nuss_pro...
CVE-2022-49499
In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix null pointer dereferences without iommu Check if 'aspace' is set before using it as it will stay null withoutIOMMU, such as on msm8974.
CVE-2022-49506
In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Add vblank register/unregister callback functions We encountered a kernel panic issue that callback data will be NULL whenit's using in ovl irq handler. There is a timing issue betweenmtk_disp_ovl_irq_handler() and mt...
CVE-2022-49509
In the Linux kernel, the following vulnerability has been resolved: media: i2c: max9286: fix kernel oops when removing module When removing the max9286 module we get a kernel oops: Unable to handle kernel paging request at virtual address 000000aa00000094Mem abort info:ESR = 0x96000004EC = 0x25: DA...
CVE-2022-49510
In the Linux kernel, the following vulnerability has been resolved: drm/omap: fix NULL but dereferenced coccicheck error Fix the following coccicheck warning:./drivers/gpu/drm/omapdrm/omap_overlay.c:89:22-25: ERROR: r_ovl is NULLbut dereferenced. Here should be ovl->idx rather than r_ovl->idx...
CVE-2022-49635
In the Linux kernel, the following vulnerability has been resolved: drm/i915/selftests: fix subtraction overflow bug On some machines hole_end can be small enough to cause subtractionoverflow. On the other side (addr + 2 * min_alignment) can overflowin case of mock tests. This patch should handle b...
CVE-2022-49741
In the Linux kernel, the following vulnerability has been resolved: fbdev: smscufx: fix error handling code in ufx_usb_probe The current error handling code in ufx_usb_probe have many unmatchingissues, e.g., missing ufx_free_usb_list, destroy_modedb label shouldonly include framebuffer_release, fb_...
CVE-2023-22996
In the Linux kernel before 5.17.2, drivers/soc/qcom/qcom_aoss.c does not release an of_find_device_by_node reference after use, e.g., with put_device.
CVE-2023-22999
In the Linux kernel before 5.16.3, drivers/usb/dwc3/dwc3-qcom.c misinterprets the dwc3_qcom_create_urs_usb_platdev return value (expects it to be NULL in the error case, whereas it is actually an error pointer).
CVE-2023-23003
In the Linux kernel before 5.16, tools/perf/util/expr.c lacks a check for the hashmap__new return value.
CVE-2023-38428
An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/smb2pdu.c in ksmbd does not properly check the UserName value because it does not consider the address of security buffer, leading to an out-of-bounds read.
CVE-2023-52526
In the Linux kernel, the following vulnerability has been resolved: erofs: fix memory leak of LZMA global compressed deduplication When stressing microLZMA EROFS images with the new global compresseddeduplication feature enabled (-Ededupe), I found some short-livedtemporary pages weren't properly r...
CVE-2023-52687
In the Linux kernel, the following vulnerability has been resolved: crypto: safexcel - Add error handling for dma_map_sg() calls Macro dma_map_sg() may return 0 on error. This patch enableschecks in case of the macro failure and ensures unmapping ofpreviously mapped buffers with dma_unmap_sg(). Fou...
CVE-2023-52786
In the Linux kernel, the following vulnerability has been resolved: ext4: fix racy may inline data check in dio write syzbot reports that the following warning from ext4_iomap_begin()triggers as of the commit referenced below: if (WARN_ON_ONCE(ext4_has_inline_data(inode))) return -ERANGE; This occu...
CVE-2023-52797
In the Linux kernel, the following vulnerability has been resolved: drivers: perf: Check find_first_bit() return value We must check the return value of find_first_bit() before using thereturn value as an index array since it happens to overflow the arrayand then panic: [ 107.318430] Kernel BUG [#1...
CVE-2023-52828
In the Linux kernel, the following vulnerability has been resolved: bpf: Detect IP == ksym.end as part of BPF program Now that bpf_throw kfunc is the first such call instruction that hasnoreturn semantics within the verifier, this also kicks in dead codeelimination in unprecedented ways. For one, a...
CVE-2023-52849
In the Linux kernel, the following vulnerability has been resolved: cxl/mem: Fix shutdown order Ira reports that removing cxl_mock_mem causes a crash with the followingtrace: BUG: kernel NULL pointer dereference, address: 0000000000000044[..]RIP: 0010:cxl_region_decode_reset+0x7f/0x180 [cxl_core][....
CVE-2023-52901
In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Check endpoint is valid before dereferencing it When the host controller is not responding, all URBs queued to allendpoints need to be killed. This can cause a kernel panic if wedereference an invalid endpoint. Fix this ...
CVE-2023-52998
In the Linux kernel, the following vulnerability has been resolved: net: fec: Use page_pool_put_full_page when freeing rx buffers The page_pool_release_page was used when freeing rx buffers, and thisfunction just unmaps the page (if mapped) and does not recycle the page.So after hundreds of down/up...
CVE-2023-53023
In the Linux kernel, the following vulnerability has been resolved: net: nfc: Fix use-after-free in local_cleanup() Fix a use-after-free that occurs in kfree_skb() called fromlocal_cleanup(). This could happen when killing nfc daemon (e.g. neard)after detaching an nfc device.When detaching an nfc d...
CVE-2023-53094
In the Linux kernel, the following vulnerability has been resolved: tty: serial: fsl_lpuart: fix race on RX DMA shutdown From time to time DMA completion can come in the middle of DMA shutdown: : :lpuart32_shutdown()lpuart_dma_shutdown()del_timer_sync()lpuart_dma_rx_complete()lpuart_copy_rx_to_tty(...
CVE-2023-53146
In the Linux kernel, the following vulnerability has been resolved: media: dw2102: Fix null-ptr-deref in dw2102_i2c_transfer() In dw2102_i2c_transfer, msg is controlled by user. When msg[i].bufis null and msg[i].len is zero, former checks on msg[i].buf would bepassed. Malicious data finally reach d...
CVE-2024-26690
In the Linux kernel, the following vulnerability has been resolved: net: stmmac: protect updates of 64-bit statistics counters As explained by a comment in , write side of structu64_stats_sync must ensure mutual exclusion, or one seqcount update couldbe lost on 32-bit platforms, thus blocking reade...
CVE-2024-35985
In the Linux kernel, the following vulnerability has been resolved: sched/eevdf: Prevent vlag from going out of bounds in reweight_eevdf() It was possible to have pick_eevdf() return NULL, which then causes aNULL-deref. This turned out to be due to entity_eligible() returningfalsely negative becaus...
CVE-2024-36909
In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Don't free ring buffers that couldn't be re-encrypted In CoCo VMs it is possible for the untrusted host to causeset_memory_encrypted() or set_memory_decrypted() to fail such that anerror is returned and the resu...
CVE-2024-36931
In the Linux kernel, the following vulnerability has been resolved: s390/cio: Ensure the copied buf is NUL terminated Currently, we allocate a lbuf-sized kernel buffer and copy lbuf fromuserspace to that buffer. Later, we use scanf on this buffer but we don'tensure that the string is terminated ins...
CVE-2024-36935
In the Linux kernel, the following vulnerability has been resolved: ice: ensure the copied buf is NUL terminated Currently, we allocate a count-sized kernel buffer and copy count bytesfrom userspace to that buffer. Later, we use sscanf on this buffer but wedon't ensure that the string is terminated...
CVE-2024-38563
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: fix potential memory leakage when reading chip temperature Without this commit, reading chip temperature will cause memory leakage.
CVE-2024-38568
In the Linux kernel, the following vulnerability has been resolved: drivers/perf: hisi: hns3: Fix out-of-bound access when valid event group The perf tool allows users to create event groups through followingcmd [1], but the driver does not check whether the array index is outof bounds when writing...
CVE-2024-38595
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix peer devlink set for SF representor devlink port The cited patch change register devlink flow, and neglect to reflectthe changes for peer devlink set logic. Peer devlink set istriggering a call trace if done after dev...
CVE-2024-39466
In the Linux kernel, the following vulnerability has been resolved: thermal/drivers/qcom/lmh: Check for SCM availability at probe Up until now, the necessary scm availability check has not beenperformed, leading to possible null pointer dereferences (which didhappen for me on RB1). Fix that.
CVE-2024-40899
In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix slab-use-after-free in cachefiles_ondemand_get_fd() We got the following issue in a fuzz test of randomly issuing the restorecommand: ==================================================================BUG: KASAN: sla...
CVE-2024-40926
In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: don't attempt to schedule hpd_work on headless cards If the card doesn't have display hardware, hpd_work and hpd_lock areleft uninitialized which causes BUG when attempting to schedule hpd_workon runtime PM resume. Fix...
CVE-2024-41037
In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda: fix null deref on system suspend entry When system enters suspend with an active stream, SOF corecalls hw_params_upon_resume(). On Intel platforms with HDA DMA usedto manage the link DMA, this leads to call c...