CVE-2017-8070

drivers/net/usb/catc.c in the Linux kernel 4.9.x before 4.9.11 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page...

CVE-2021-47279

In the Linux kernel, the following vulnerability has been resolved: usb: misc: brcmstb-usb-pinmap: check return value after calling platform_get_resource() It will cause null-ptr-deref if platform_get_resource() returns NULL,we need check the return value.

CVE-2021-47349

In the Linux kernel, the following vulnerability has been resolved: mwifiex: bring down link before deleting interface We can deadlock when rmmod'ing the driver or going through firmwarereset, because the cfg80211_unregister_wdev() has to bring down the linkfor us, ... which then grab the same wiph...

CVE-2021-47533

In the Linux kernel, the following vulnerability has been resolved: drm/vc4: kms: Clear the HVS FIFO commit pointer once done Commit 9ec03d7f1ed3 ("drm/vc4: kms: Wait on previous FIFO users before acommit") introduced a wait on the previous commit done on a given HVSFIFO. However, we never cleared ...

CVE-2022-48719

In the Linux kernel, the following vulnerability has been resolved: net, neigh: Do not trigger immediate probes on NUD_FAILED from neigh_managed_work syzkaller was able to trigger a deadlock for NTF_MANAGED entries [0]: kworker/0:16/14617 is trying to acquire lock:ffffffff8d4dd370 (&tbl->lock){+...

CVE-2022-48795

In the Linux kernel, the following vulnerability has been resolved: parisc: Fix data TLB miss in sba_unmap_sg Rolf Eike Beer reported the following bug: [1274934.746891] Bad Address (null pointer deref?): Code=15 (Data TLB miss fault) at addr 0000004140000018[1274934.746891] CPU: 3 PID: 5549 Comm: ...

CVE-2022-48966

In the Linux kernel, the following vulnerability has been resolved: net: mvneta: Prevent out of bounds read in mvneta_config_rss() The pp->indir[0] value comes from the user. It is passed to: if (cpu_online(pp->rxq_def)) inside the mvneta_percpu_elect() function. It needs bounds checkedingto ...

CVE-2022-49403

In the Linux kernel, the following vulnerability has been resolved: lib/string_helpers: fix not adding strarray to device's resource list Add allocated strarray to device's resource list. This is a must toautomatically release strarray when the device disappears. Without this fix we have a memory l...

CVE-2022-49500

In the Linux kernel, the following vulnerability has been resolved: wl1251: dynamically allocate memory used for DMA With introduction of vmap'ed stacks, stack parameters can nolonger be used for DMA and now leads to kernel panic. It happens at several places for the wl1251 (e.g. whenaccessed throu...

CVE-2022-49809

In the Linux kernel, the following vulnerability has been resolved: net/x25: Fix skb leak in x25_lapb_receive_frame() x25_lapb_receive_frame() using skb_copy() to get a private copy ofskb, the new skb should be freed in the undersized/fragmented skberror handling path. Otherwise there is a memory l...

CVE-2022-49875

In the Linux kernel, the following vulnerability has been resolved: bpftool: Fix NULL pointer dereference when pin {PROG, MAP, LINK} without FILE When using bpftool to pin {PROG, MAP, LINK} without FILE,segmentation fault will occur. The reson is that the lackof FILE will cause strlen to trigger NU...

CVE-2022-49878

In the Linux kernel, the following vulnerability has been resolved: bpf, verifier: Fix memory leak in array reallocation for stack state If an error (NULL) is returned by krealloc(), callers of realloc_array()were setting their allocation pointers to NULL, but on error krealloc()does not touch the ...

CVE-2022-49881

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: fix memory leak in query_regdb_file() In the function query_regdb_file() the alpha2 parameter is duplicatedusing kmemdup() and subsequently freed in regdb_fw_cb(). However,request_firmware_nowait() can fail without ...

CVE-2023-20715

In wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07796900; Issue ID: ALPS07796900.

CVE-2023-23002

In the Linux kernel before 5.16.3, drivers/bluetooth/hci_qca.c misinterprets the devm_gpiod_get_index_optional return value (expects it to be NULL in the error case, whereas it is actually an error pointer).

CVE-2023-52770

In the Linux kernel, the following vulnerability has been resolved: f2fs: split initial and dynamic conditions for extent_cache Let's allocate the extent_cache tree without dynamic conditions to avoid amissing condition causing a panic as below. create a file w/ a compressed flag disable the compre...

CVE-2023-52807

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix out-of-bounds access may occur when coalesce info is read via debugfs The hns3 driver define an array of string to show the coalesceinfo, but if the kernel adds a new mode or a new state,out-of-bounds access may occu...

CVE-2023-52996

In the Linux kernel, the following vulnerability has been resolved: ipv4: prevent potential spectre v1 gadget in fib_metrics_match() if (!type)continue;if (type > RTAX_MAX)return false;...fi_val = fi->fib_metrics->metrics[type - 1]; @type being used as an array index, we need to preventcpu...

CVE-2023-53031

In the Linux kernel, the following vulnerability has been resolved: powerpc/imc-pmu: Fix use of mutex in IRQs disabled section Current imc-pmu code triggers a WARNING with CONFIG_DEBUG_ATOMIC_SLEEPand CONFIG_PROVE_LOCKING enabled, while running a thread_imc event. Command to trigger the warning: pe...

CVE-2023-53043

In the Linux kernel, the following vulnerability has been resolved: arm64: dts: qcom: sc7280: Mark PCIe controller as cache coherent If the controller is not marked as cache coherent, then kernel willtry to ensure coherency during dma-ops and that may cause data corruption.So, mark the PCIe node as...

CVE-2023-53044

In the Linux kernel, the following vulnerability has been resolved: dm stats: check for and propagate alloc_percpu failure Check alloc_precpu()'s return value and return an error fromdm_stats_init() if it fails. Update alloc_dev() to fail ifdm_stats_init() does. Otherwise, a NULL pointer dereferenc...

CVE-2023-53097

In the Linux kernel, the following vulnerability has been resolved: powerpc/iommu: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it,otherwise the memory will leak over time. To make things simpler, justcall debugfs_lookup_and_remove(...

CVE-2024-26762

In the Linux kernel, the following vulnerability has been resolved: cxl/pci: Skip to handle RAS errors if CXL.mem device is detached The PCI AER model is an awkward fit for CXL error handling. While theexpectation is that a PCI device can escalate to link reset to recoverfrom an AER event, the same...

CVE-2024-35836

In the Linux kernel, the following vulnerability has been resolved: dpll: fix pin dump crash for rebound module When a kernel module is unbound but the pin resources were not entirelyfreed (other kernel module instance of the same PCI device have had keptthe reference to that pin), and kernel modul...

CVE-2024-42111

In the Linux kernel, the following vulnerability has been resolved: btrfs: always do the basic checks for btrfs_qgroup_inherit structure [BUG]Syzbot reports the following regression detected by KASAN: BUG: KASAN: slab-out-of-bounds in btrfs_qgroup_inherit+0x42e/0x2e20 fs/btrfs/qgroup.c:3277Read of ...

CVE-2024-42112

In the Linux kernel, the following vulnerability has been resolved: net: txgbe: free isb resources at the right time When using MSI/INTx interrupt, the shared interrupts are still beinghandled in the device remove routine, before free IRQs. So isb memoryis still read after it is freed. Thus move wx...

CVE-2024-42303

In the Linux kernel, the following vulnerability has been resolved: media: imx-pxp: Fix ERR_PTR dereference in pxp_probe() devm_regmap_init_mmio() can fail, add a check and bail out in case oferror.

CVE-2024-42317

In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: avoid PMD-size page cache if needed xarray can't support arbitrary page cache size. the largest and supportedpage cache size is defined as MAX_PAGECACHE_ORDER by commit 099d90642a71("mm/filemap: make MAX_PAGECACHE_O...

CVE-2024-43827

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null check before access structs In enable_phantom_plane, we should better check null pointer beforeaccessing various structs.

CVE-2024-44968

In the Linux kernel, the following vulnerability has been resolved: tick/broadcast: Move per CPU pointer access into the atomic section The recent fix for making the take over of the broadcast timer morereliable retrieves a per CPU pointer in preemptible context. This went unnoticed as compilers ho...

CVE-2024-44976

In the Linux kernel, the following vulnerability has been resolved: ata: pata_macio: Fix DMA table overflow Kolbjørn and Jonáš reported that their 32-bit PowerMacs were crashingin pata-macio since commit 09fe2bfa6b83 ("ata: pata_macio: Fixmax_segment_size with PAGE_SIZE == 64K"). For example: kerne...

CVE-2024-45017

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix IPsec RoCE MPV trace call Prevent the call trace below from happening, by not allowing IPseccreation over a slave, if master device doesn't support IPsec. WARNING: CPU: 44 PID: 16136 at kernel/locking/rwsem.c:240 down...

CVE-2024-45029

In the Linux kernel, the following vulnerability has been resolved: i2c: tegra: Do not mark ACPI devices as irq safe On ACPI machines, the tegra i2c module encounters an issue due to amutex being called inside a spinlock. This leads to the following bug: BUG: sleeping function called from invalid c...

CVE-2024-46690

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix nfsd4_deleg_getattr_conflict in presence of third party lease It is not safe to dereference fl->c.flc_owner without first confirmingfl->fl_lmops is the expected manager. nfsd4_deleg_getattr_conflict()tests fl_lmops ...

CVE-2024-46712

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Disable coherent dumb buffers without 3d Coherent surfaces make only sense if the host renders to them usingaccelerated apis. Without 3d the entire content of dumb buffers staysin the guest making all of the extra work ...

CVE-2024-46850

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid race between dcn35_set_drr() and dc_state_destruct() dc_state_destruct() nulls the resource context of the DC state. The pipecontext passed to dcn35_set_drr() is a member of this resource context. If dc_state...

CVE-2024-49876

In the Linux kernel, the following vulnerability has been resolved: drm/xe: fix UAF around queue destruction We currently do stuff like queuing the final destruction step on arandom system wq, which will outlive the driver instance. With badtiming we can teardown the driver with one or more work wo...

CVE-2024-49984

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Prevent out of bounds access in performance query extensions Check that the number of perfmons userspace is passing in the copy andreset extensions is not greater than the internal kernel storage wherethe ids will be copie...

CVE-2024-49990

In the Linux kernel, the following vulnerability has been resolved: drm/xe/hdcp: Check GSC structure validity Sometimes xe_gsc is not initialized when checked at HDCP capabilitycheck. Add gsc structure check to avoid null pointer error.

CVE-2024-50034

In the Linux kernel, the following vulnerability has been resolved: net/smc: fix lacks of icsk_syn_mss with IPPROTO_SMC Eric report a panic on IPPROTO_SMC, and give the factsthat when INET_PROTOSW_ICSK was set, icsk->icsk_sync_mss must be set too. Bug: Unable to handle kernel NULL pointer derefe...

CVE-2024-50161

In the Linux kernel, the following vulnerability has been resolved: bpf: Check the remaining info_cnt before repeating btf fields When trying to repeat the btf fields for array of nested struct, itdoesn't check the remaining info_cnt. The following splat will bereported when the value of ret * nele...

CVE-2024-50174

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix race when converting group handle to group object XArray provides it's own internal lock which protects the internal arraywhen entries are being simultaneously added and removed. However thereis still a race betwee...

CVE-2024-50294

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix missing locking causing hanging calls If a call gets aborted (e.g. because kafs saw a signal) between it beingqueued for connection and the I/O thread picking up the call, the abortwill be prioritised over the connection...

CVE-2024-56537

In the Linux kernel, the following vulnerability has been resolved: drm: xlnx: zynqmp_disp: layer may be null while releasing layer->info can be null if we have an error on the first layer inzynqmp_disp_create_layers

CVE-2024-56682

In the Linux kernel, the following vulnerability has been resolved: irqchip/riscv-aplic: Prevent crash when MSI domain is missing If the APLIC driver is probed before the IMSIC driver, the parent MSIdomain will be missing, which causes a NULL pointer dereference inmsi_create_device_irq_domain(). Av...

CVE-2024-57799

In the Linux kernel, the following vulnerability has been resolved: phy: rockchip: samsung-hdptx: Set drvdata before enabling runtime PM In some cases, rk_hdptx_phy_runtime_resume() may be invoked beforeplatform_set_drvdata() is executed in ->probe(), leading to a NULLpointer dereference when us...

CVE-2024-57998

In the Linux kernel, the following vulnerability has been resolved: OPP: add index check to assert to avoid buffer overflow in _read_freq() Pass the freq index to the assert function to make surewe do not read a freq out of the opp->rates[] table when calledfrom the indexed variants:dev_pm_opp_f...

CVE-2024-58006

In the Linux kernel, the following vulnerability has been resolved: PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar() In commit 4284c88fff0e ("PCI: designware-ep: Allow pci_epc_set_bar() updateinbound map address") set_bar() was modified to support dynamicallychanging the backing p...

CVE-2024-58084

In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: scm: Fix missing read barrier in qcom_scm_get_tzmem_pool() Commit 2e4955167ec5 ("firmware: qcom: scm: Fix __scm and waitqcompletion variable initialization") introduced a write barrier in probefunction to store glob...

CVE-2025-21801

In the Linux kernel, the following vulnerability has been resolved: net: ravb: Fix missing rtnl lock in suspend/resume path Fix the suspend/resume path by ensuring the rtnl lock is held whererequired. Calls to ravb_open, ravb_close and wol operations must beperformed under the rtnl lock to prevent ...