10926 matches found
CVE-2011-3619
The apparmor_setprocattr function in security/apparmor/lsm.c in the Linux kernel before 3.0 does not properly handle invalid parameters, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact by writing to a /proc/#####/at...
CVE-2012-6536
net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not verify that the actual Netlink message length is consistent with a certain header field, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability and providing a (1) new o...
CVE-2013-4512
Buffer overflow in the exitcode_proc_write function in arch/um/kernel/exitcode.c in the Linux kernel before 3.12 allows local users to cause a denial of service or possibly have unspecified other impact by leveraging root privileges for a write operation.
CVE-2016-9120
Race condition in the ion_ioctl function in drivers/staging/android/ion/ion.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) by calling ION_IOC_FREE on two CPUs at the same time.
CVE-2017-0433
An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the touchscreen chipset. This issue is rated as High because it first requires compromising a privileged process. Product: Android. ...
CVE-2017-0443
An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.1...
CVE-2017-0524
An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Ker...
CVE-2017-0531
An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kern...
CVE-2021-47121
In the Linux kernel, the following vulnerability has been resolved: net: caif: fix memory leak in cfusbl_device_notify In case of caif_enroll_dev() fail, allocatedlink_support won't be assigned to the correspondingstructure. So simply free allocated pointer in caseof error.
CVE-2021-47282
In the Linux kernel, the following vulnerability has been resolved: spi: bcm2835: Fix out-of-bounds access with more than 4 slaves Commit 571e31fa60b3 ("spi: bcm2835: Cache CS register value for->prepare_message()") limited the number of slaves to 3 at compile-time.The limitation was necessitate...
CVE-2021-47507
In the Linux kernel, the following vulnerability has been resolved: nfsd: Fix nsfd startup race (again) Commit bd5ae9288d64 ("nfsd: register pernet ops last, unregister first")has re-opened rpc_pipefs_event() race against nfsd_net_id registration(register_pernet_subsys()) which has been fixed by co...
CVE-2021-47508
In the Linux kernel, the following vulnerability has been resolved: btrfs: free exchange changeset on failures Fstests runs on my VMs have show several kmemleak reports like the following. unreferenced object 0xffff88811ae59080 (size 64):comm "xfs_io", pid 12124, jiffies 4294987392 (age 6.368s)hex ...
CVE-2021-47519
In the Linux kernel, the following vulnerability has been resolved: can: m_can: m_can_read_fifo: fix memory leak in error branch In m_can_read_fifo(), if the second call to m_can_fifo_read() fails,the function jump to the out_fail label and returns without callingm_can_receive_skb(). This means tha...
CVE-2021-47569
In the Linux kernel, the following vulnerability has been resolved: io_uring: fail cancellation for EXITING tasks WARNING: CPU: 1 PID: 20 at fs/io_uring.c:6269 io_try_cancel_userdata+0x3c5/0x640 fs/io_uring.c:6269CPU: 1 PID: 20 Comm: kworker/1:0 Not tainted 5.16.0-rc1-syzkaller #0Workqueue: events ...
CVE-2021-47593
In the Linux kernel, the following vulnerability has been resolved: mptcp: clear 'kern' flag from fallback sockets The mptcp ULP extension relies on sk->sk_sock_kern being set correctly:It prevents setsockopt(fd, IPPROTO_TCP, TCP_ULP, "mptcp", 6); fromworking for plain tcp sockets (any userspace...
CVE-2022-3541
A vulnerability classified as critical has been found in Linux Kernel. This affects the function spl2sw_nvmem_get_mac_address of the file drivers/net/ethernet/sunplus/spl2sw_driver.c of the component BPF. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue...
CVE-2022-48643
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix nft_counters_enabled underflow at nf_tables_addchain() syzbot is reporting underflow of nft_counters_enabled counter atnf_tables_addchain() [1], for commit 43eb8949cfdffa76 ("netfilter:nf_tables: do not le...
CVE-2022-48649
In the Linux kernel, the following vulnerability has been resolved: mm/slab_common: fix possible double free of kmem_cache When doing slub_debug test, kfence's 'test_memcache_typesafe_by_rcu'kunit test case cause a use-after-free error: BUG: KASAN: use-after-free in kobject_del+0x14/0x30Read of siz...
CVE-2022-48731
In the Linux kernel, the following vulnerability has been resolved: mm/kmemleak: avoid scanning potential huge holes When using devm_request_free_mem_region() and devm_memremap_pages() toadd ZONE_DEVICE memory, if requested free mem region's end pfn werehuge(e.g., 0x400000000), the node_end_pfn() w...
CVE-2022-48800
In the Linux kernel, the following vulnerability has been resolved: mm: vmscan: remove deadlock due to throttling failing to make progress A soft lockup bug in kcompactd was reported in a private bugzilla withthe following visible in dmesg; watchdog: BUG: soft lockup - CPU#33 stuck for 26s! [kcompa...
CVE-2022-48830
In the Linux kernel, the following vulnerability has been resolved: can: isotp: fix potential CAN frame reception race in isotp_rcv() When receiving a CAN frame the current code logic does not considerconcurrently receiving processes which do not show up in real worldusage. Ziyang Xuan writes: The ...
CVE-2022-48832
In the Linux kernel, the following vulnerability has been resolved: audit: don't deref the syscall args when checking the openat2 open_how::flags As reported by Jeff, dereferencing the openat2 syscall argument inaudit_match_perm() to obtain the open_how::flags can result in anoops/page-fault. This ...
CVE-2022-48873
In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Don't remove map on creater_process and device_release Do not remove the map from the list on error path infastrpc_init_create_process, instead call fastrpc_map_put, to avoiduse-after-free. Do not remove it on fastrp...
CVE-2022-48877
In the Linux kernel, the following vulnerability has been resolved: f2fs: let's avoid panic if extent_tree is not created This patch avoids the below panic. pc : __lookup_extent_tree+0xd8/0x760lr : f2fs_do_write_data_page+0x104/0x87csp : ffffffc010cbb3c0x29: ffffffc010cbb3e0 x28: 0000000000000000x2...
CVE-2022-48922
In the Linux kernel, the following vulnerability has been resolved: riscv: fix oops caused by irqsoff latency tracer The trace_hardirqs_{on,off}() require the caller to setup frame pointerproperly. This because these two functions use macro 'CALLER_ADDR1' (aka.__builtin_return_address(1)) to acquir...
CVE-2022-48932
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: DR, Fix slab-out-of-bounds in mlx5_cmd_dr_create_fte When adding a rule with 32 destinations, we hit the following out-of-bandaccess issue: BUG: KASAN: slab-out-of-bounds in mlx5_cmd_dr_create_fte+0x18ee/0x1e70 This patch...
CVE-2022-48995
In the Linux kernel, the following vulnerability has been resolved: Input: raydium_ts_i2c - fix memory leak in raydium_i2c_send() There is a kmemleak when test the raydium_i2c_ts with bpf mock device: unreferenced object 0xffff88812d3675a0 (size 8):comm "python3", pid 349, jiffies 4294741067 (age 9...
CVE-2022-49016
In the Linux kernel, the following vulnerability has been resolved: net: mdiobus: fix unbalanced node reference count I got the following report while doing device(mscc-miim) load testwith CONFIG_OF_UNITTEST and CONFIG_OF_DYNAMIC enabled: OF: ERROR: memory leak, expected refcount 1 instead of 2,of_...
CVE-2022-49067
In the Linux kernel, the following vulnerability has been resolved: powerpc: Fix virt_addr_valid() for 64-bit Book3E & 32-bit mpe: On 64-bit Book3E vmalloc space starts at 0x8000000000000000. Because of the way __pa() works we have:__pa(0x8000000000000000) == 0, and thereforevirt_to_pfn(0x800000000...
CVE-2022-49146
In the Linux kernel, the following vulnerability has been resolved: virtio: use virtio_device_ready() in virtio_device_restore() After waking up a suspended VM, the kernel prints the following tracefor virtio drivers which do not directly call virtio_device_ready() inthe .restore: PM: suspend exit ...
CVE-2022-49387
In the Linux kernel, the following vulnerability has been resolved: watchdog: rzg2l_wdt: Fix 32bit overflow issue The value of timer_cycle_us can be 0 due to 32bit overflow.For eg:- If we assign the counter value "0xfff" for computingmaxval. This patch fixes this issue by appending ULL to 1024, so ...
CVE-2022-49582
In the Linux kernel, the following vulnerability has been resolved: net: dsa: fix NULL pointer dereference in dsa_port_reset_vlan_filtering The "ds" iterator variable used in dsa_port_reset_vlan_filtering() ->dsa_switch_for_each_port() overwrites the "dp" received as argument,which is later used...
CVE-2022-49633
In the Linux kernel, the following vulnerability has been resolved: icmp: Fix data-races around sysctl_icmp_echo_enable_probe. While reading sysctl_icmp_echo_enable_probe, it can be changedconcurrently. Thus, we need to add READ_ONCE() to its readers.
CVE-2022-49662
In the Linux kernel, the following vulnerability has been resolved: ipv6: fix lockdep splat in in6_dump_addrs() As reported by syzbot, we should not use rcu_dereference()when rcu_read_lock() is not held. WARNING: suspicious RCU usage5.19.0-rc2-syzkaller #0 Not tainted net/ipv6/addrconf.c:5175 suspi...
CVE-2022-49718
In the Linux kernel, the following vulnerability has been resolved: irqchip/apple-aic: Fix refcount leak in aic_of_ic_init of_get_child_by_name() returns a node pointer with refcountincremented, we should use of_node_put() on it when not need anymore.Add missing of_node_put() to avoid refcount leak...
CVE-2022-49769
In the Linux kernel, the following vulnerability has been resolved: gfs2: Check sb_bsize_shift after reading superblock Fuzzers like to scribble over sb_bsize_shift but in reality it's veryunlikely that this field would be corrupted on its own. Nevertheless itshould be checked to avoid the possibil...
CVE-2022-49779
In the Linux kernel, the following vulnerability has been resolved: kprobes: Skip clearing aggrprobe's post_handler in kprobe-on-ftrace case In __unregister_kprobe_top(), if the currently unregistered probe haspost_handler but other child probes of the aggrprobe do not havepost_handler, the post_ha...
CVE-2022-49800
In the Linux kernel, the following vulnerability has been resolved: tracing: Fix memory leak in test_gen_synth_cmd() and test_empty_synth_event() test_gen_synth_cmd() only free buf in fail path, hence buf will leakwhen there is no failure. Add kfree(buf) to prevent the memleak. Thesame reason and s...
CVE-2022-49801
In the Linux kernel, the following vulnerability has been resolved: tracing: Fix memory leak in tracing_read_pipe() kmemleak reports this issue: unreferenced object 0xffff888105a18900 (size 128):comm "test_progs", pid 18933, jiffies 4336275356 (age 22801.766s)hex dump (first 32 bytes):25 73 00 90 8...
CVE-2022-49810
In the Linux kernel, the following vulnerability has been resolved: netfs: Fix missing xas_retry() calls in xarray iteration netfslib has a number of places in which it performs iteration of an xarraywhilst being under the RCU read lock. It should call xas_retry() as thefirst thing inside of the lo...
CVE-2022-49813
In the Linux kernel, the following vulnerability has been resolved: net: ena: Fix error handling in ena_init() The ena_init() won't destroy workqueue created bycreate_singlethread_workqueue() when pci_register_driver() failed.Call destroy_workqueue() when pci_register_driver() failed to prevent the...
CVE-2022-49825
In the Linux kernel, the following vulnerability has been resolved: ata: libata-transport: fix error handling in ata_tport_add() In ata_tport_add(), the return value of transport_add_device() isnot checked. As a result, it causes null-ptr-deref while removingthe module, because transport_remove_dev...
CVE-2022-49832
In the Linux kernel, the following vulnerability has been resolved: pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map Here is the BUG report by KASAN about null pointer dereference: BUG: KASAN: null-ptr-deref in strcmp+0x2e/0x50Read of size 1 at addr 0000000000000000 by task ...
CVE-2022-49869
In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix possible crash in bnxt_hwrm_set_coal() During the error recovery sequence, the rtnl_lock is not held for theentire duration and some datastructures may be freed during the sequence.Check for the BNXT_STATE_OPEN flag in...
CVE-2022-49888
In the Linux kernel, the following vulnerability has been resolved: arm64: entry: avoid kprobe recursion The cortex_a76_erratum_1463225_debug_handler() function is called whenhandling debug exceptions (and synchronous exceptions from BRKinstructions), and so is called when a probed function execute...
CVE-2022-50066
In the Linux kernel, the following vulnerability has been resolved: net: atlantic: fix aq_vec index out of range error The final update statement of the for loop exceeds the array range, thedereference of self->aq_vec[i] is not checked and then leads to theindex out of range error.Also fixed thi...
CVE-2022-50100
In the Linux kernel, the following vulnerability has been resolved: sched/core: Do not requeue task on CPU excluded from cpus_mask The following warning was triggered on a large machine early in boot ona distribution kernel but the same problem should also affect mainline. WARNING: CPU: 439 PID: 10...
CVE-2023-20846
In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07354023; Issue ID: ALPS07340098.
CVE-2023-52645
In the Linux kernel, the following vulnerability has been resolved: pmdomain: mediatek: fix race conditions with genpd If the power domains are registered first with genpd and after that the driver attempts to power them on in the probe sequence, then it ispossible that a race condition occurs if g...
CVE-2023-52744
In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix potential NULL-ptr-dereference in_dev_get() can return NULL which will cause a failure once idev isdereferenced in in_dev_for_each_ifa_rtnl(). This patch adds acheck for NULL value in idev beforehand. Found by Linux...