10926 matches found
CVE-2021-47199
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: CT, Fix multiple allocations and memleak of mod acts CT clear action offload adds additional mod hdr actions to theflow's original mod actions in order to clear the registers whichhold ct_state.When such flow also includ...
CVE-2021-47292
In the Linux kernel, the following vulnerability has been resolved: io_uring: fix memleak in io_init_wq_offload() I got memory leak report when doing fuzz test: BUG: memory leakunreferenced object 0xffff888107310a80 (size 96):comm "syz-executor.6", pid 4610, jiffies 4295140240 (age 20.135s)hex dump...
CVE-2021-47336
In the Linux kernel, the following vulnerability has been resolved: smackfs: restrict bytes count in smk_set_cipso() Oops, I failed to update subject line. From 07571157c91b98ce1a4aa70967531e64b78e8346 Mon Sep 17 00:00:00 2001Date: Mon, 12 Apr 2021 22:25:06 +0900Subject: [PATCH] smackfs: restrict b...
CVE-2021-47524
In the Linux kernel, the following vulnerability has been resolved: serial: liteuart: fix minor-number leak on probe errors Make sure to release the allocated minor number before returning onprobe errors.
CVE-2021-47530
In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix wait_fence submitqueue leak We weren't dropping the submitqueue reference in all paths. Inparticular, when the fence has already been signalled. Split outa helper to simplify handling this in the various different retu...
CVE-2021-47532
In the Linux kernel, the following vulnerability has been resolved: drm/msm/devfreq: Fix OPP refcnt leak
CVE-2021-47607
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix kernel address leakage in atomic cmpxchg's r0 aux reg The implementation of BPF_CMPXCHG on a high level has the following parameters: .-[old-val] .-[new-val]BPF_R0 = cmpxchg{32,64}(DST_REG + insn->off, BPF_R0, SRC_REG)-...
CVE-2021-47608
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix kernel address leakage in atomic fetch The change in commit 37086bfdc737 ("bpf: Propagate stack bounds to registersin atomics w/ BPF_FETCH") around check_mem_access() handling is buggy sincethis would allow for unprivilege...
CVE-2021-47613
In the Linux kernel, the following vulnerability has been resolved: i2c: virtio: fix completion handling The driver currently assumes that the notify callback is only receivedwhen the device is done with all the queued buffers. However, this is not true, since the notify callback could be calledwit...
CVE-2022-3170
An out-of-bounds access issue was found in the Linux kernel sound subsystem. It could occur when the 'id->name' provided by the user did not end with '\0'. A privileged local user could pass a specially crafted name through ioctl() interface and crash the system or potentially escalate their pri...
CVE-2022-3636
A vulnerability, which was classified as critical, was found in Linux Kernel. This affects the function __mtk_ppe_check_skb of the file drivers/net/ethernet/mediatek/mtk_ppe.c of the component Ethernet Handler. The manipulation leads to use after free. It is recommended to apply a patch to fix this...
CVE-2022-48722
In the Linux kernel, the following vulnerability has been resolved: net: ieee802154: ca8210: Stop leaking skb's Upon error the ieee802154_xmit_complete() helper is not called. Onlyieee802154_wake_queue() is called manually. We then leak the skbstructure. Free the skb structure upon error before ret...
CVE-2022-48749
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: invalid parameter check in dpu_setup_dspp_pcc The function performs a check on the "ctx" input parameter, however, itis used before the check. Initialize the "base" variable after the sanity check to avoid apossible NU...
CVE-2022-48753
In the Linux kernel, the following vulnerability has been resolved: block: fix memory leak in disk_register_independent_access_ranges kobject_init_and_add() takes reference even when it fails.According to the doc of kobject_init_and_add() If this function returns an error, kobject_put() must be cal...
CVE-2022-48801
In the Linux kernel, the following vulnerability has been resolved: iio: buffer: Fix file related error handling in IIO_BUFFER_GET_FD_IOCTL If we fail to copy the just created file descriptor to userland, wetry to clean up by putting back 'fd' and freeing 'ib'. The code usesput_unused_fd() for the ...
CVE-2022-48815
In the Linux kernel, the following vulnerability has been resolved: net: dsa: bcm_sf2: don't use devres for mdiobus As explained in commits:74b6d7d13307 ("net: dsa: realtek: register the MDIO bus under devres")5135e96a3dd2 ("net: dsa: don't allocate the slave_mii_bus using devres") mdiobus_free() w...
CVE-2022-48831
In the Linux kernel, the following vulnerability has been resolved: ima: fix reference leak in asymmetric_verify() Don't leak a reference to the key if its algorithm is unknown.
CVE-2022-48847
In the Linux kernel, the following vulnerability has been resolved: watch_queue: Fix filter limit check In watch_queue_set_filter(), there are a couple of places where we checkthat the filter type value does not exceed what the type_filter bitmapcan hold. One place calculates the number of bits by:...
CVE-2022-48872
In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix use-after-free race condition for maps It is possible that in between calling fastrpc_map_get() untilmap->fl->lock is taken in fastrpc_free_map(), another thread can callfastrpc_map_lookup() and get a refer...
CVE-2022-48889
In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: sof-nau8825: fix module alias overflow The maximum name length for a platform_device_id entry is 20 charactersincluding the trailing NUL byte. The sof_nau8825.c file exceeds that,which causes an obscure error message: ...
CVE-2022-48937
In the Linux kernel, the following vulnerability has been resolved: io_uring: add a schedule point in io_add_buffers() Looping ~65535 times doing kmalloc() calls can trigger soft lockups,especially with DEBUG features (like KASAN). [ 253.536212] watchdog: BUG: soft lockup - CPU#64 stuck for 26s! [b...
CVE-2022-48945
In the Linux kernel, the following vulnerability has been resolved: media: vivid: fix compose size exceed boundary syzkaller found a bug: BUG: unable to handle page fault for address: ffffc9000a3b1000#PF: supervisor write access in kernel mode#PF: error_code(0x0002) - not-present pagePGD 100000067 ...
CVE-2022-48948
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: Prevent buffer overflow in setup handler Setup function uvc_function_setup permits control transferrequests with up to 64 bytes of payload (UVC_MAX_REQUEST_SIZE),data stage handler for OUT transfer uses memcpy to ...
CVE-2022-48955
In the Linux kernel, the following vulnerability has been resolved: net: thunderbolt: fix memory leak in tbnet_open() When tb_ring_alloc_rx() failed in tbnet_open(), ida that allocated intb_xdomain_alloc_out_hopid() is not released. Addtb_xdomain_release_out_hopid() to the error path to release ida...
CVE-2022-48977
In the Linux kernel, the following vulnerability has been resolved: can: af_can: fix NULL pointer dereference in can_rcv_filter Analogue to commit 8aa59e355949 ("can: af_can: fix NULL pointerdereference in can_rx_register()") we need to check for a missinginitialization of ml_priv in the receive pa...
CVE-2022-49017
In the Linux kernel, the following vulnerability has been resolved: tipc: re-fetch skb cb after tipc_msg_validate As the call trace shows, the original skb was freed in tipc_msg_validate(),and dereferencing the old skb cb would cause an use-after-free crash. BUG: KASAN: use-after-free in tipc_crypt...
CVE-2022-49047
In the Linux kernel, the following vulnerability has been resolved: ep93xx: clock: Fix UAF in ep93xx_clk_register_gate() arch/arm/mach-ep93xx/clock.c:154:2: warning: Use of memory after it is freed [clang-analyzer-unix.Malloc]arch/arm/mach-ep93xx/clock.c:151:2: note: Taking true branchif (IS_ERR(cl...
CVE-2022-49069
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix by adding FPU protection for dcn30_internal_validate_bw [Why]Below general protection fault observed when WebGL Aquarium is run forlonger duration. If drm debug logs are enabled and set to 0x1f then theissue is...
CVE-2022-49094
In the Linux kernel, the following vulnerability has been resolved: net/tls: fix slab-out-of-bounds bug in decrypt_internal The memory size of tls_ctx->rx.iv for AES128-CCM is 12 setting intls_set_sw_offload(). The return value of crypto_aead_ivsize()for "ccm(aes)" is 16. So memcpy() require 16 ...
CVE-2022-49127
In the Linux kernel, the following vulnerability has been resolved: ref_tracker: implement use-after-free detection Whenever ref_tracker_dir_init() is called, mark the struct ref_tracker_diras dead. Test the dead status from ref_tracker_alloc() and ref_tracker_free() This should detect buggy dev_pu...
CVE-2022-49141
In the Linux kernel, the following vulnerability has been resolved: net: dsa: felix: fix possible NULL pointer dereference As the possible failure of the allocation, kzalloc() may return NULLpointer.Therefore, it should be better to check the 'sgi' in order to preventthe dereference of NULL pointer...
CVE-2022-49361
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check for inline inode Yanming reported a kernel bug in Bugzilla kernel [1], which can bereproduced. The bug message is: The kernel message is shown below: kernel BUG at fs/inode.c:611!Call Trace:evict+0x282/...
CVE-2022-49364
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to clear dirty inode in f2fs_evict_inode() As Yanming reported in bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=215904 The kernel message is shown below: kernel BUG at fs/f2fs/inode.c:825!Call Trace:evict+0x282/0x...
CVE-2022-49393
In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix list iterator in fastrpc_req_mem_unmap_impl This is another instance of incorrect use of list iterator andchecking it for NULL. The list iterator value 'map' will always be set and non-NULLby list_for_each_entry(...
CVE-2022-49558
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: double hook unregistration in netns path __nft_release_hooks() is called from pre_netns exit path whichunregisters the hooks, then the NETDEV_UNREGISTER event is triggeredwhich unregisters the hooks again. [ 5...
CVE-2022-49654
In the Linux kernel, the following vulnerability has been resolved: net: dsa: qca8k: reset cpu port on MTU change It was discovered that the Documentation lacks of a fundamental detailon how to correctly change the MAX_FRAME_SIZE of the switch. In fact if the MAX_FRAME_SIZE is changed while the cpu...
CVE-2022-49702
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix hang during unmount when block group reclaim task is running When we start an unmount, at close_ctree(), if we have the reclaim taskrunning and in the middle of a data block group relocation, we can triggera deadlock whe...
CVE-2022-49706
In the Linux kernel, the following vulnerability has been resolved: zonefs: fix zonefs_iomap_begin() for reads If a readahead is issued to a sequential zone file with an offsetexactly equal to the current file size, the iomap type is set toIOMAP_UNWRITTEN, which will prevent an IO, but the iomap le...
CVE-2022-49755
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_fs: Prevent race during ffs_ep0_queue_wait While performing fast composition switch, there is a possibility that theprocess of ffs_ep0_write/ffs_ep0_read get into a race conditiondue to ep0req being freed up from fun...
CVE-2022-49776
In the Linux kernel, the following vulnerability has been resolved: macvlan: enforce a consistent minimal mtu macvlan should enforce a minimal mtu of 68, even at link creation. This patch avoids the current behavior (which could lead to crashesin ipv6 stack if the link is brought up) $ ip link add ...
CVE-2022-49789
In the Linux kernel, the following vulnerability has been resolved: scsi: zfcp: Fix double free of FSF request when qdio send fails We used to use the wrong type of integer in 'zfcp_fsf_req_send()' to cachethe FSF request ID when sending a new FSF request. This is used in case thesending fails and ...
CVE-2022-49799
In the Linux kernel, the following vulnerability has been resolved: tracing: Fix wild-memory-access in register_synth_event() In register_synth_event(), if set_synth_event_print_fmt() failed, thenboth trace_remove_event_call() and unregister_trace_event() will becalled, which means the trace_event_...
CVE-2022-49809
In the Linux kernel, the following vulnerability has been resolved: net/x25: Fix skb leak in x25_lapb_receive_frame() x25_lapb_receive_frame() using skb_copy() to get a private copy ofskb, the new skb should be freed in the undersized/fragmented skberror handling path. Otherwise there is a memory l...
CVE-2022-49870
In the Linux kernel, the following vulnerability has been resolved: capabilities: fix undefined behavior in bit shift for CAP_TO_MASK Shifting signed 32-bit value by 31 bits is undefined, so changingsignificant bit to unsigned. The UBSAN warning calltrace like below: UBSAN: shift-out-of-bounds in s...
CVE-2022-49889
In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters() On some machines the number of listed CPUs may be bigger than the actualCPUs that exist. The tracing subsystem allocates a per_cpu directory withaccess to the per...
CVE-2022-49900
In the Linux kernel, the following vulnerability has been resolved: i2c: piix4: Fix adapter not be removed in piix4_remove() In piix4_probe(), the piix4 adapter will be registered in: piix4_probe()piix4_add_adapters_sb800() / piix4_add_adapter()i2c_add_adapter() Based on the probed device type, pii...
CVE-2023-20841
In imgsys, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326441.
CVE-2023-52688
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix the error handler of rfkill config When the core rfkill config throws error, it should free theallocated resources. Currently it is not freeing the core pdevcreate resources. Avoid this issue by calling the core p...
CVE-2023-52779
In the Linux kernel, the following vulnerability has been resolved: fs: Pass AT_GETATTR_NOSEC flag to getattr interface function When vfs_getattr_nosec() calls a filesystem's getattr interface functionthen the 'nosec' should propagate into this function so thatvfs_getattr_nosec() can again be calle...
CVE-2023-52979
In the Linux kernel, the following vulnerability has been resolved: squashfs: harden sanity check in squashfs_read_xattr_id_table While mounting a corrupted filesystem, a signed integer '*xattr_ids' canbecome less than zero. This leads to the incorrect computation of 'len'and 'indexes' values which...