CVE-2024-26755

In the Linux kernel, the following vulnerability has been resolved: md: Don't suspend the array for interrupted reshape md_start_sync() will suspend the array if there are spares that can beadded or removed from conf, however, if reshape is still in progress,this won't happen at all or data will be...

CVE-2024-26867

In the Linux kernel, the following vulnerability has been resolved: comedi: comedi_8255: Correct error in subdevice initialization The refactoring done in commit 5c57b1ccecc7 ("comedi: comedi_8255: Reworksubdevice initialization functions") to the initialization of the iofield of struct subdev_8255...

CVE-2024-35858

In the Linux kernel, the following vulnerability has been resolved: net: bcmasp: fix memory leak when bringing down interface When bringing down the TX rings we flush the rings but forget toreclaimed the flushed packets. This leads to a memory leak since wedo not free the dma mapped buffers. This a...

CVE-2024-38572

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix out-of-bound access of qmi_invoke_handler() Currently, there is no terminator entry for ath12k_qmi_msg_handlers hencefacing below KASAN warning, ==================================================================BU...

CVE-2024-38577

In the Linux kernel, the following vulnerability has been resolved: rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow There is a possibility of buffer overflow inshow_rcu_tasks_trace_gp_kthread() if counters, passedto sprintf() are huge. Counter numbers, needed for thisare unrealistica...

CVE-2024-38591

In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix deadlock on SRQ async events. xa_lock for SRQ table may be required in AEQ. Use xa_store_irq()/xa_erase_irq() to avoid deadlock.

CVE-2024-40899

In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix slab-use-after-free in cachefiles_ondemand_get_fd() We got the following issue in a fuzz test of randomly issuing the restorecommand: ==================================================================BUG: KASAN: sla...

CVE-2024-40971

In the Linux kernel, the following vulnerability has been resolved: f2fs: remove clear SB_INLINECRYPT flag in default_options In f2fs_remount, SB_INLINECRYPT flag will be clear and re-set.If create new file or open file during this gap, these fileswill not use inlinecrypt. Worse case, it may lead t...

CVE-2024-40993

In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: Fix suspicious rcu_dereference_protected() When destroying all sets, we are either in pernet exit phase orare executing a "destroy all sets command" from userspace. The latterwas taken into account in ip_set_deref...

CVE-2024-41018

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add a check for attr_names and oatbl Added out-of-bound checking for *ane (ATTR_NAME_ENTRY).

CVE-2024-41069

In the Linux kernel, the following vulnerability has been resolved: ASoC: topology: Fix references to freed memory Most users after parsing a topology file, release memory used by it, sohaving pointer references directly into topology file contents is wrong.Use devm_kmemdup(), to allocate memory as...

CVE-2024-42264

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Prevent out of bounds access in performance query extensions Check that the number of perfmons userspace is passing in the copy andreset extensions is not greater than the internal kernel storage wherethe ids will be copie...

CVE-2024-43832

In the Linux kernel, the following vulnerability has been resolved: s390/uv: Don't call folio_wait_writeback() without a folio reference folio_wait_writeback() requires that no spinlocks are held and thata folio reference is held, as documented. After we dropped the PTL, thefolio could get freed co...

CVE-2024-43852

In the Linux kernel, the following vulnerability has been resolved: hwmon: (ltc2991) re-order conditions to fix off by one bug LTC2991_T_INT_CH_NR is 4. The st->temp_en[] array has LTC2991_MAX_CHANNEL(4) elements. Thus if "channel" is equal to LTC2991_T_INT_CH_NR then wehave read one element bey...

CVE-2024-43891

In the Linux kernel, the following vulnerability has been resolved: tracing: Have format file honor EVENT_FILE_FL_FREED When eventfs was introduced, special care had to be done to coordinate thefreeing of the file meta data with the files that are exposed to userspace. The file meta data would have...

CVE-2024-44953

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix deadlock during RTC update There is a deadlock when runtime suspend waits for the flush of RTC work,and the RTC work calls ufshcd_rpm_get_sync() to wait for runtime resume. Here is deadlock backtrace: kworker/0...

CVE-2024-44994

In the Linux kernel, the following vulnerability has been resolved: iommu: Restore lost return in iommu_report_device_fault() When iommu_report_device_fault gets called with a partial fault it issupposed to collect the fault into the group and then return. Instead the return was accidently deleted ...

CVE-2024-46779

In the Linux kernel, the following vulnerability has been resolved: drm/imagination: Free pvr_vm_gpuva after unlink This caused a measurable memory leak. Although the individualallocations are small, the leaks occurs in a high-usage codepath(remapping or unmapping device memory) so they add up quic...

CVE-2024-46794

In the Linux kernel, the following vulnerability has been resolved: x86/tdx: Fix data leak in mmio_read() The mmio_read() function makes a TDVMCALL to retrieve MMIO data for anaddress from the VMM. Sean noticed that mmio_read() unintentionally exposes the value of aninitialized variable (val) on th...

CVE-2024-46830

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS Grab kvm->srcu when processing KVM_SET_VCPU_EVENTS, as KVM will forciblyleave nested VMX/SVM if SMM mode is being toggled, and leaving nested VMXreads guest memory...

CVE-2024-46834

In the Linux kernel, the following vulnerability has been resolved: ethtool: fail closed if we can't get max channel used in indirection tables Commit 0d1b7d6c9274 ("bnxt: fix crashes when reducing ring count withactive RSS contexts") proves that allowing indirection table to containchannels with o...

CVE-2024-46845

In the Linux kernel, the following vulnerability has been resolved: tracing/timerlat: Only clear timer if a kthread exists The timerlat tracer can use user space threads to check for osnoise andtimer latency. If the program using this is killed via a SIGTERM, thethreads are shutdown one at a time a...

CVE-2024-47732

In the Linux kernel, the following vulnerability has been resolved: crypto: iaa - Fix potential use after free bug The free_device_compression_mode(iaa_device, device_mode) function frees"device_mode" but it iss passed to iaa_compression_modes[i]->free() a fewlines later resulting in a use after...

CVE-2024-49940

In the Linux kernel, the following vulnerability has been resolved: l2tp: prevent possible tunnel refcount underflow When a session is created, it sets a backpointer to its tunnel. Whenthe session refcount drops to 0, l2tp_session_free drops the tunnelrefcount if session->tunnel is non-NULL. How...

CVE-2024-50021

In the Linux kernel, the following vulnerability has been resolved: ice: Fix improper handling of refcount in ice_dpll_init_rclk_pins() This patch addresses a reference count handling issue in theice_dpll_init_rclk_pins() function. The function calls ice_dpll_get_pins(),which increments the referen...

CVE-2024-50157

In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Avoid CPU lockups due fifo occupancy check loop Driver waits indefinitely for the fifo occupancy to go below a thresholdas soon as the pacing interrupt is received. This can cause soft lockup onone of the processors, ...

CVE-2024-50239

In the Linux kernel, the following vulnerability has been resolved: phy: qcom: qmp-usb-legacy: fix NULL-deref on runtime suspend Commit 413db06c05e7 ("phy: qcom-qmp-usb: clean up probe initialisation")removed most users of the platform device driver data from theqcom-qmp-usb driver, but mistakenly ...

CVE-2024-50263

In the Linux kernel, the following vulnerability has been resolved: fork: only invoke khugepaged, ksm hooks if no error There is no reason to invoke these hooks early against an mm that is in anincomplete state. The change in commit d24062914837 ("fork: use __mt_dup() to duplicatemaple tree in dup_...

CVE-2024-50297

In the Linux kernel, the following vulnerability has been resolved: net: xilinx: axienet: Enqueue Tx packets in dql before dmaengine starts Enqueue packets in dql after dma engine starts causes race condition.Tx transfer starts once dma engine is started and may execute dql dequeuein completion bef...

CVE-2024-53115

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: avoid null_ptr_deref in vmw_framebuffer_surface_create_handle The 'vmw_user_object_buffer' function may return NULL with incorrectinputs. To avoid possible null pointer dereference, add a check whetherthe 'bo' is NULL i...

CVE-2024-53200

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix null check for pipe_ctx->plane_state in hwss_setup_dpp This commit addresses a null pointer dereference issue inhwss_setup_dpp(). The issue could occur when pipe_ctx->plane_state isnull. The fix adds a ch...

CVE-2024-56579

In the Linux kernel, the following vulnerability has been resolved: media: amphion: Set video drvdata before register video device The video drvdata should be set before the video device is registered,otherwise video_drvdata() may return NULL in the open() file ops, and ledto oops.

CVE-2024-56618

In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx: gpcv2: Adjust delay after power up handshake The udelay(5) is not enough, sometimes below kernel panicstill be triggered: [ 4.012973] Kernel panic - not syncing: Asynchronous SError Interrupt[ 4.012976] CPU: 2 UID: 0...

CVE-2024-56671

In the Linux kernel, the following vulnerability has been resolved: gpio: graniterapids: Fix vGPIO driver crash Move setting irq_chip.name from probe() function to the initializationof "irq_chip" struct in order to fix vGPIO driver crash during bootup. Crash was caused by unauthorized modification ...

CVE-2024-56689

In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: epf-mhi: Avoid NULL dereference if DT lacks 'mmio' If platform_get_resource_byname() fails and returns NULL because DT lacksan 'mmio' property for the MHI endpoint, dereferencing res->start willcause a NULL pointe...

CVE-2024-57952

In the Linux kernel, the following vulnerability has been resolved: Revert "libfs: fix infinite directory reads for offset dir" The current directory offset allocator (based on mtree_alloc_cyclic)stores the next offset value to return in octx->next_offset. Thismechanism typically returns values ...

CVE-2024-58077

In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-pcm: don't use soc_pcm_ret() on .prepare callback commit 1f5664351410 ("ASoC: lower "no backend DAIs enabled for ... Port"log severity") ignores -EINVAL error message on common soc_pcm_ret().It is used from many functions...

CVE-2024-58098

In the Linux kernel, the following vulnerability has been resolved: bpf: track changes_pkt_data property for global functions When processing calls to certain helpers, verifier invalidates allpacket pointers in a current state. For example, consider thefollowing program: __attribute__((__noinline__...

CVE-2025-21644

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix tlb invalidation when wedging If GuC fails to load, the driver wedges, but in the process it tries todo stuff that may not be initialized yet. This moves thexe_gt_tlb_invalidation_init() to be done earlier: as its own d...

CVE-2025-21750

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Check the return value of of_property_read_string_index() Somewhen between 6.10 and 6.11 the driver started to crash on myMacBookPro14,3. The property doesn't exist and 'tmp' remainsuninitialized, so we pass a rando...

CVE-2025-21775

In the Linux kernel, the following vulnerability has been resolved: can: ctucanfd: handle skb allocation failure If skb allocation fails, the pointer to struct can_frame is NULL. Thisis actually handled everywhere inside ctucan_err_interrupt() except forthe only place. Add the missed NULL check. Fo...

CVE-2025-21857

In the Linux kernel, the following vulnerability has been resolved: net/sched: cls_api: fix error handling causing NULL dereference tcf_exts_miss_cookie_base_alloc() calls xa_alloc_cyclic() which canreturn 1 if the allocation succeeded after wrapping. This was treated asan error, with value 1 retur...

CVE-2025-21918

In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Fix NULL pointer access Resources should be released only after all threads that utilize themhave been destroyed.This commit ensures that resources are not released prematurely by waitingfor the associated workque...

CVE-2025-21953

In the Linux kernel, the following vulnerability has been resolved: net: mana: cleanup mana struct after debugfs_remove() When on a MANA VM hibernation is triggered, as part of hibernate_snapshot(),mana_gd_suspend() and mana_gd_resume() are called. If during thismana_gd_resume(), a failure occurs w...

CVE-2025-21960

In the Linux kernel, the following vulnerability has been resolved: eth: bnxt: do not update checksum in bnxt_xdp_build_skb() The bnxt_rx_pkt() updates ip_summed value at the end if checksum offloadis enabled.When the XDP-MB program is attached and it returns XDP_PASS, thebnxt_xdp_build_skb() is ca...

CVE-2025-22059

In the Linux kernel, the following vulnerability has been resolved: udp: Fix multiple wraparounds of sk->sk_rmem_alloc. __udp_enqueue_schedule_skb() has the following condition: if (atomic_read(&sk->sk_rmem_alloc) > sk->sk_rcvbuf)goto drop; sk->sk_rcvbuf is initialised by net.core.rm...

CVE-2025-22101

In the Linux kernel, the following vulnerability has been resolved: net: libwx: fix Tx L4 checksum The hardware only supports L4 checksum offload for TCP/UDP/SCTP protocol.There was a bug to set Tx checksum flag for the other protocol that resultsin Tx ring hang. Fix to compute software checksum fo...

CVE-2025-22128

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path If a shared IRQ is used by the driver due to platform limitation, then theIRQ affinity hint is set right after the allocation of IRQ vectors inath...

CVE-2025-23130

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid panic once fallocation fails for pinfile syzbot reports a f2fs bug as below: ------------[ cut here ]------------kernel BUG at fs/f2fs/segment.c:2746!CPU: 0 UID: 0 PID: 5323 Comm: syz.0.0 Not tainted 6.13.0-rc2-s...

CVE-2025-23149

In the Linux kernel, the following vulnerability has been resolved: tpm: do not start chip while suspended Checking TPM_CHIP_FLAG_SUSPENDED after the call to tpm_find_get_ops() canlead to a spurious tpm_chip_start() call: [35985.503771] i2c i2c-1: Transfer while suspended[35985.503796] WARNING: CPU...