Lucene search

K
LinuxLinux Kernel

10741 matches found

CVE
CVE
added 2025/02/26 7:0 a.m.55 views

CVE-2022-49149

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix call timer start racing with call destruction The rxrpc_call struct has a timer used to handle various timed eventsrelating to a call. This timer can get started from the packet inputroutines that are run in softirq mode...

5.3AI score0.00046EPSS
CVE
CVE
added 2025/02/26 7:1 a.m.55 views

CVE-2022-49231

In the Linux kernel, the following vulnerability has been resolved: rtw88: fix memory overrun and memory leak during hw_scan Previously we allocated less memory than actual required, overwriteto the buffer causes the mm module to complaint and raise accessviolation faults. Along with potential memo...

5.5CVSS5.5AI score0.00022EPSS
CVE
CVE
added 2025/02/26 7:1 a.m.55 views

CVE-2022-49338

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: CT: Fix cleanup of CT before cleanup of TC ct rules CT cleanup assumes that all tc rules were deleted first, and sois free to delete the CT shared resources (e.g the dr_actionfwd_action which is shared for all tuples). B...

5.4AI score0.00041EPSS
CVE
CVE
added 2025/02/26 7:1 a.m.55 views

CVE-2022-49420

In the Linux kernel, the following vulnerability has been resolved: net: annotate races around sk->sk_bound_dev_if UDP sendmsg() is lockless, and reads sk->sk_bound_dev_if whilethis field can be changed by another thread. Adds minimal annotations to avoid KCSAN splats for UDP.Following patche...

5.3AI score0.00041EPSS
CVE
CVE
added 2025/02/26 7:1 a.m.55 views

CVE-2022-49576

In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix data-races around sysctl_fib_multipath_hash_fields. While reading sysctl_fib_multipath_hash_fields, it can be changedconcurrently. Thus, we need to add READ_ONCE() to its readers.

4.7CVSS6.5AI score0.00083EPSS
CVE
CVE
added 2025/02/26 7:1 a.m.55 views

CVE-2022-49635

In the Linux kernel, the following vulnerability has been resolved: drm/i915/selftests: fix subtraction overflow bug On some machines hole_end can be small enough to cause subtractionoverflow. On the other side (addr + 2 * min_alignment) can overflowin case of mock tests. This patch should handle b...

6.7AI score0.00041EPSS
CVE
CVE
added 2025/02/26 7:1 a.m.55 views

CVE-2022-49684

In the Linux kernel, the following vulnerability has been resolved: iio: adc: aspeed: Fix refcount leak in aspeed_adc_set_trim_data of_find_node_by_name() returns a node pointer with refcountincremented, we should use of_node_put() on it when done.Add missing of_node_put() to avoid refcount leak.

5.5CVSS6.4AI score0.00022EPSS
CVE
CVE
added 2023/02/28 9:15 p.m.55 views

CVE-2023-22996

In the Linux kernel before 5.17.2, drivers/soc/qcom/qcom_aoss.c does not release an of_find_device_by_node reference after use, e.g., with put_device.

5.5CVSS5.2AI score0.00016EPSS
CVE
CVE
added 2023/03/01 8:15 p.m.55 views

CVE-2023-23003

In the Linux kernel before 5.16, tools/perf/util/expr.c lacks a check for the hashmap__new return value.

4CVSS4AI score0.00023EPSS
CVE
CVE
added 2023/07/18 12:15 a.m.55 views

CVE-2023-38428

An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/smb2pdu.c in ksmbd does not properly check the UserName value because it does not consider the address of security buffer, leading to an out-of-bounds read.

9.1CVSS8.8AI score0.00063EPSS
CVE
CVE
added 2024/05/21 4:15 p.m.55 views

CVE-2023-52776

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix dfs-radar and temperature event locking The ath12k active pdevs are protected by RCU but the DFS-radar andtemperature event handling code calling ath12k_mac_get_ar_by_pdev_id()was not marked as a read-side critica...

5.9CVSS7.3AI score0.00308EPSS
CVE
CVE
added 2024/05/21 4:15 p.m.55 views

CVE-2023-52785

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix racing issue between ufshcd_mcq_abort() and ISR If command timeout happens and cq complete IRQ is raised at the same time,ufshcd_mcq_abort clears lprb->cmd and a NULL pointer deref happens in theISR. Error l...

4.7CVSS6.7AI score0.00094EPSS
CVE
CVE
added 2024/05/21 4:15 p.m.55 views

CVE-2023-52826

In the Linux kernel, the following vulnerability has been resolved: drm/panel/panel-tpo-tpg110: fix a possible null pointer dereference In tpg110_get_modes(), the return value of drm_mode_duplicate() isassigned to mode, which will lead to a NULL pointer dereference onfailure of drm_mode_duplicate()...

5.5CVSS6.7AI score0.00043EPSS
CVE
CVE
added 2024/05/21 4:15 p.m.55 views

CVE-2023-52853

In the Linux kernel, the following vulnerability has been resolved: hid: cp2112: Fix duplicate workqueue initialization Previously the cp2112 driver called INIT_DELAYED_WORK withincp2112_gpio_irq_startup, resulting in duplicate initilizations of theworkqueue on subsequent IRQ startups following an ...

6.7AI score0.00023EPSS
CVE
CVE
added 2024/05/21 4:15 p.m.55 views

CVE-2023-52874

In the Linux kernel, the following vulnerability has been resolved: x86/tdx: Zero out the missing RSI in TDX_HYPERCALL macro In the TDX_HYPERCALL asm, after the TDCALL instruction returns from theuntrusted VMM, the registers that the TDX guest shares to the VMM needto be cleared to avoid speculativ...

6.7AI score0.00155EPSS
CVE
CVE
added 2024/08/21 7:15 a.m.55 views

CVE-2023-52893

In the Linux kernel, the following vulnerability has been resolved: gsmi: fix null-deref in gsmi_get_variable We can get EFI variables without fetching the attribute, so we mustallow for that in gsmi. commit 859748255b43 ("efi: pstore: Omit efivars caching EFI varstoreaccess layer") added a new get...

5.5CVSS6.5AI score0.00048EPSS
CVE
CVE
added 2024/08/21 7:15 a.m.55 views

CVE-2023-52910

In the Linux kernel, the following vulnerability has been resolved: iommu/iova: Fix alloc iova overflows issue In __alloc_and_insert_iova_range, there is an issue that retry_pfnoverflows. The value of iovad->anchor.pfn_hi is ~0UL, then wheniovad->cached_node is iovad->anchor, curr_iova-&gt...

5.5CVSS6.6AI score0.00047EPSS
CVE
CVE
added 2025/05/02 4:15 p.m.55 views

CVE-2023-53039

In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: ipc: Fix potential use-after-free in work function When a reset notify IPC message is received, the ISR schedules a workfunction and passes the ISHTP device to it via a global pointerishtp_dev. If ish_probe() fa...

6.5AI score0.00026EPSS
CVE
CVE
added 2024/02/05 8:15 a.m.55 views

CVE-2024-22386

A race condition was found in the Linux kernel's drm/exynos device driver in exynos_drm_crtc_atomic_disable() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.

5.3CVSS4.6AI score0.0001EPSS
CVE
CVE
added 2024/02/05 8:15 a.m.55 views

CVE-2024-23196

A race condition was found in the Linux kernel's sound/hda device driver in snd_hdac_regmap_sync() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.

5.3CVSS4.6AI score0.00018EPSS
CVE
CVE
added 2024/04/03 5:15 p.m.55 views

CVE-2024-26728

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix null-pointer dereference on edid reading Use i2c adapter when there isn't aux_mode in dc_link to fix anull-pointer derefence that happens when runningigt@kms_force_connector_basic in a system with DCN2.1 and HD...

5.5CVSS6.4AI score0.00083EPSS
CVE
CVE
added 2024/04/03 5:15 p.m.55 views

CVE-2024-26729

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential null pointer dereference in dc_dmub_srv Fixes potential null pointer dereference warnings in thedc_dmub_srv_cmd_list_queue_execute() and dc_dmub_srv_is_hw_pwr_up()functions. In both functions, the 'dc...

5.5CVSS6.6AI score0.00083EPSS
CVE
CVE
added 2024/04/17 10:15 a.m.55 views

CVE-2024-26834

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_flow_offload: release dst in case direct xmit path is used Direct xmit does not use it since it calls dev_queue_xmit() to sendpackets, hence it calls dst_release(). kmemleak reports: unreferenced object 0xffff88814f4...

5.5CVSS6.6AI score0.00026EPSS
CVE
CVE
added 2024/05/01 1:15 p.m.55 views

CVE-2024-27061

In the Linux kernel, the following vulnerability has been resolved: crypto: sun8i-ce - Fix use after free in unprepare sun8i_ce_cipher_unprepare should be called beforecrypto_finalize_skcipher_request, because client callbacks mayimmediately free memory, that isn't needed anymore. But it will beuse...

7.8CVSS6.6AI score0.00042EPSS
CVE
CVE
added 2024/05/17 12:15 p.m.55 views

CVE-2024-27409

In the Linux kernel, the following vulnerability has been resolved: dmaengine: dw-edma: HDMA: Add sync read before starting the DMA transfer in remote setup The Linked list element and pointer are not stored in the same memory asthe HDMA controller register. If the doorbell register is toggled befo...

6.5AI score0.00079EPSS
CVE
CVE
added 2024/06/21 12:15 p.m.55 views

CVE-2024-34777

In the Linux kernel, the following vulnerability has been resolved: dma-mapping: benchmark: fix node id validation While validating node ids in map_benchmark_ioctl(), node_possible() maybe provided with invalid argument outside of [0,MAX_NUMNODES-1] rangeleading to: BUG: KASAN: wild-memory-access i...

6.3AI score0.00054EPSS
CVE
CVE
added 2024/05/17 1:15 p.m.55 views

CVE-2024-35784

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock with fiemap and extent locking While working on the patchset to remove extent locking I got a lockdepsplat with fiemap and pagefaulting with my new extent lock replacementlock. This deadlock exists with our norm...

5.5CVSS6.5AI score0.00026EPSS
CVE
CVE
added 2024/05/17 1:15 p.m.55 views

CVE-2024-35786

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix stale locked mutex in nouveau_gem_ioctl_pushbuf If VM_BIND is enabled on the client the legacy submission ioctl can't beused, however if a client tries to do so regardless it will return anerror. In this case the c...

5.5CVSS6.6AI score0.00026EPSS
CVE
CVE
added 2024/05/17 1:15 p.m.55 views

CVE-2024-35793

In the Linux kernel, the following vulnerability has been resolved: debugfs: fix wait/cancellation handling during remove Ben Greear further reports deadlocks during concurrent debugfsremove while files are being accessed, even though the code inquestion now uses debugfs cancellations. Turns out th...

7AI score0.00055EPSS
CVE
CVE
added 2024/05/19 9:15 a.m.55 views

CVE-2024-35879

In the Linux kernel, the following vulnerability has been resolved: of: dynamic: Synchronize of_changeset_destroy() with the devlink removals In the following sequence: of_platform_depopulate() of_overlay_remove() During the step 1, devices are destroyed and devlinks are removed.During the step 2, ...

6.6AI score0.00021EPSS
CVE
CVE
added 2024/05/30 4:15 p.m.55 views

CVE-2024-36931

In the Linux kernel, the following vulnerability has been resolved: s390/cio: Ensure the copied buf is NUL terminated Currently, we allocate a lbuf-sized kernel buffer and copy lbuf fromuserspace to that buffer. Later, we use scanf on this buffer but we don'tensure that the string is terminated ins...

7.1CVSS6.7AI score0.00031EPSS
CVE
CVE
added 2024/05/30 4:15 p.m.55 views

CVE-2024-36935

In the Linux kernel, the following vulnerability has been resolved: ice: ensure the copied buf is NUL terminated Currently, we allocate a count-sized kernel buffer and copy count bytesfrom userspace to that buffer. Later, we use sscanf on this buffer but wedon't ensure that the string is terminated...

7.1CVSS6.7AI score0.00011EPSS
CVE
CVE
added 2024/05/30 4:15 p.m.55 views

CVE-2024-36943

In the Linux kernel, the following vulnerability has been resolved: fs/proc/task_mmu: fix loss of young/dirty bits during pagemap scan make_uffd_wp_pte() was previously doing: pte = ptep_get(ptep);ptep_modify_prot_start(ptep);pte = pte_mkuffd_wp(pte);ptep_modify_prot_commit(ptep, pte); But if anoth...

6.7AI score0.00037EPSS
CVE
CVE
added 2024/06/19 2:15 p.m.55 views

CVE-2024-38563

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: fix potential memory leakage when reading chip temperature Without this commit, reading chip temperature will cause memory leakage.

5.5CVSS7AI score0.00046EPSS
CVE
CVE
added 2024/06/19 2:15 p.m.55 views

CVE-2024-38568

In the Linux kernel, the following vulnerability has been resolved: drivers/perf: hisi: hns3: Fix out-of-bound access when valid event group The perf tool allows users to create event groups through followingcmd [1], but the driver does not check whether the array index is outof bounds when writing...

7.8CVSS8.6AI score0.00027EPSS
CVE
CVE
added 2024/06/19 2:15 p.m.55 views

CVE-2024-38571

In the Linux kernel, the following vulnerability has been resolved: thermal/drivers/tsens: Fix null pointer dereference compute_intercept_slope() is called from calibrate_8960() (in tsens-8960.c)as compute_intercept_slope(priv, p1, NULL, ONE_PT_CALIB) which lead to nullpointer dereference (if DEBUG...

5.5CVSS7.1AI score0.0001EPSS
CVE
CVE
added 2024/06/19 2:15 p.m.55 views

CVE-2024-38595

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix peer devlink set for SF representor devlink port The cited patch change register devlink flow, and neglect to reflectthe changes for peer devlink set logic. Peer devlink set istriggering a call trace if done after dev...

6.4AI score0.00053EPSS
CVE
CVE
added 2024/06/19 2:15 p.m.55 views

CVE-2024-38617

In the Linux kernel, the following vulnerability has been resolved: kunit/fortify: Fix mismatched kvalloc()/vfree() usage The kv*() family of tests were accidentally freeing with vfree() insteadof kvfree(). Use kvfree() instead.

6.7AI score0.00052EPSS
CVE
CVE
added 2024/06/21 11:15 a.m.55 views

CVE-2024-38625

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Check 'folio' pointer for NULL It can be NULL if bmap is called.

5.5CVSS6.7AI score0.00019EPSS
CVE
CVE
added 2024/07/12 1:15 p.m.55 views

CVE-2024-40996

In the Linux kernel, the following vulnerability has been resolved: bpf: Avoid splat in pskb_pull_reason syzkaller builds (CONFIG_DEBUG_NET=y) frequently trigger a debughint in pskb_may_pull. We'd like to retain this debug check because it might hint at integeroverflows and other issues (kernel cod...

7.8CVSS8.4AI score0.00046EPSS
CVE
CVE
added 2024/07/30 8:15 a.m.55 views

CVE-2024-42115

In the Linux kernel, the following vulnerability has been resolved: jffs2: Fix potential illegal address access in jffs2_free_inode During the stress testing of the jffs2 file system,the followingabnormal printouts were found:[ 2430.649000] Unable to handle kernel paging request at virtual address ...

6.5AI score0.00263EPSS
CVE
CVE
added 2024/08/08 9:15 a.m.55 views

CVE-2024-42254

In the Linux kernel, the following vulnerability has been resolved: io_uring: fix error pbuf checking Syz reports a problem, which boils down to NULL vs IS_ERR inconsistenterror handling in io_alloc_pbuf_ring(). KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]RIP: 0010:__io_re...

5.5CVSS6.5AI score0.00053EPSS
CVE
CVE
added 2024/08/17 9:15 a.m.55 views

CVE-2024-42260

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Validate passed in drm syncobj handles in the performance extension If userspace provides an unknown or invalid handle anywhere in the handlearray the rest of the driver will not handle that well. Fix it by checking handle...

6.6AI score0.00057EPSS
CVE
CVE
added 2024/08/17 9:15 a.m.55 views

CVE-2024-42298

In the Linux kernel, the following vulnerability has been resolved: ASoC: fsl: fsl_qmc_audio: Check devm_kasprintf() returned value devm_kasprintf() can return a NULL pointer on failure but this returnedvalue is not checked. Fix this lack and check the returned value.

5.5CVSS6.6AI score0.00039EPSS
CVE
CVE
added 2024/08/17 10:15 a.m.55 views

CVE-2024-43816

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages On big endian architectures, it is possible to run into a memory out ofbounds pointer dereference when FCP targets are zoned. In lpfc_prep_embed_io, the ...

6.5AI score0.00109EPSS
CVE
CVE
added 2024/08/17 10:15 a.m.55 views

CVE-2024-43844

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: wow: fix GTK offload H2C skbuff issue We mistakenly put skb too large and that may exceed skb->end.Therefore, we fix it. skbuff: skb_over_panic: text:ffffffffc09e9a9d len:416 put:204 head:ffff8fba04eca780 data:ffff8...

5.5CVSS6.6AI score0.00036EPSS
CVE
CVE
added 2024/08/26 11:15 a.m.55 views

CVE-2024-43887

In the Linux kernel, the following vulnerability has been resolved: net/tcp: Disable TCP-AO static key after RCU grace period The lifetime of TCP-AO static_key is the same as the lasttcp_ao_info. On the socket destruction tcp_ao_info ceases to bewith RCU grace period, while tcp-ao static branch is ...

4.7CVSS6.6AI score0.00035EPSS
CVE
CVE
added 2024/09/04 8:15 p.m.55 views

CVE-2024-44991

In the Linux kernel, the following vulnerability has been resolved: tcp: prevent concurrent execution of tcp_sk_exit_batch Its possible that two threads call tcp_sk_exit_batch() concurrently,once from the cleanup_net workqueue, once from a task that failed to clonea new netns. In the latter case, e...

5.5CVSS6.1AI score0.00094EPSS
CVE
CVE
added 2024/09/04 8:15 p.m.55 views

CVE-2024-45001

In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix RX buf alloc_size alignment and atomic op panic The MANA driver's RX buffer alloc_size is passed into napi_build_skb() tocreate SKB. skb_shinfo(skb) is located at the end of skb, and its alignmentis affected by the a...

5.5CVSS6.1AI score0.00049EPSS
CVE
CVE
added 2024/10/21 12:15 p.m.55 views

CVE-2024-47682

In the Linux kernel, the following vulnerability has been resolved: scsi: sd: Fix off-by-one error in sd_read_block_characteristics() Ff the device returns page 0xb1 with length 8 (happens with qemu v2.x, forexample), sd_read_block_characteristics() may attempt an out-of-boundsmemory access when ac...

7.8CVSS8.2AI score0.00053EPSS
Total number of security vulnerabilities10741