CVE-2023-52839

In the Linux kernel, the following vulnerability has been resolved: drivers: perf: Do not broadcast to other cpus when starting a counter This command: $ perf record -e cycles:k -e instructions:k -c 10000 -m 64M dd if=/dev/zero of=/dev/null count=1000 gives rise to this kernel warning: [ 444.364395...

CVE-2023-53041

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Perform lockless command completion in abort path While adding and removing the controller, the following call trace wasobserved: WARNING: CPU: 3 PID: 623596 at kernel/dma/mapping.c:532 dma_free_attrs+0x33/0x50CPU: 3...

CVE-2023-53067

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Only call get_timer_irq() once in constant_clockevent_init() Under CONFIG_DEBUG_ATOMIC_SLEEP=y and CONFIG_DEBUG_PREEMPT=y, we can seethe following messages on LoongArch, this is because using might_sleep()in preemption d...

CVE-2023-53081

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix data corruption after failed write When buffered write fails to copy data into underlying page cache page,ocfs2_write_end_nolock() just zeroes out and dirties the page. This canleave dirty page beyond EOF and if page wri...

CVE-2023-53118

In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix a procfs host directory removal regression scsi_proc_hostdir_rm() decreases a reference counter and hence must only becalled once per host that is removed. This change does not require ascsi_add_host_with_dma() chan...

CVE-2024-26762

In the Linux kernel, the following vulnerability has been resolved: cxl/pci: Skip to handle RAS errors if CXL.mem device is detached The PCI AER model is an awkward fit for CXL error handling. While theexpectation is that a PCI device can escalate to link reset to recoverfrom an AER event, the same...

CVE-2024-32936

In the Linux kernel, the following vulnerability has been resolved: media: ti: j721e-csi2rx: Fix races while restarting DMA After the frame is submitted to DMA, it may happen that the submittedlist is not updated soon enough, and the DMA callback is triggeredbefore that. This can lead to kernel cra...

CVE-2024-40949

In the Linux kernel, the following vulnerability has been resolved: mm: shmem: fix getting incorrect lruvec when replacing a shmem folio When testing shmem swapin, I encountered the warning below on my machine.The reason is that replacing an old shmem folio with a new one causesmem_cgroup_migrate()...

CVE-2024-40955

In the Linux kernel, the following vulnerability has been resolved: ext4: fix slab-out-of-bounds in ext4_mb_find_good_group_avg_frag_lists() We can trigger a slab-out-of-bounds with the following commands: mkfs.ext4 -F /dev/$disk 10G mount /dev/$disk /tmp/test echo 2147483647 > /sys/fs/ext4/$dis...

CVE-2024-40986

In the Linux kernel, the following vulnerability has been resolved: dmaengine: xilinx: xdma: Fix data synchronisation in xdma_channel_isr() Requests the vchan lock before using xdma->stop_request.

CVE-2024-41043

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_queue: drop bogus WARN_ON Happens when rules get flushed/deleted while packet is out, so removethis WARN_ON. This WARN exists in one form or another since v4.14, no need to backportthis to older releases, hence...

CVE-2024-41086

In the Linux kernel, the following vulnerability has been resolved: bcachefs: Fix sb_field_downgrade validation bch2_sb_downgrade_validate() wasn't checking for a downgrade entryextending past the end of the superblock section for_each_downgrade_entry() is used in to_text() and needs to work onmalf...

CVE-2024-42100

In the Linux kernel, the following vulnerability has been resolved: clk: sunxi-ng: common: Don't call hw_to_ccu_common on hw without common In order to set the rate range of a hw sunxi_ccu_probe callshw_to_ccu_common() assuming all entries in desc->ccu_clks are containedin a ccu_common struct. T...

CVE-2024-42251

In the Linux kernel, the following vulnerability has been resolved: mm: page_ref: remove folio_try_get_rcu() The below bug was reported on a non-SMP kernel: [ 275.267158][ T4335] ------------[ cut here ]------------[ 275.267949][ T4335] kernel BUG at include/linux/page_ref.h:275![ 275.268526][ T433...

CVE-2024-42257

In the Linux kernel, the following vulnerability has been resolved: ext4: use memtostr_pad() for s_volume_name As with the other strings in struct ext4_super_block, s_volume_name isnot NUL terminated. The other strings were marked in commit 072ebb3bffe6("ext4: add nonstring annotations to ext4.h")....

CVE-2024-42317

In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: avoid PMD-size page cache if needed xarray can't support arbitrary page cache size. the largest and supportedpage cache size is defined as MAX_PAGECACHE_ORDER by commit 099d90642a71("mm/filemap: make MAX_PAGECACHE_O...

CVE-2024-43827

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null check before access structs In enable_phantom_plane, we should better check null pointer beforeaccessing various structs.

CVE-2024-44979

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix missing workqueue destroy in xe_gt_pagefault On driver reload we never free up the memory for the pagefault andaccess counter workqueues. Add those destroy calls here. (cherry picked from commit 7586fc52b14e0b8edd0d1f8a...

CVE-2024-45017

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix IPsec RoCE MPV trace call Prevent the call trace below from happening, by not allowing IPseccreation over a slave, if master device doesn't support IPsec. WARNING: CPU: 44 PID: 16136 at kernel/locking/rwsem.c:240 down...

CVE-2024-45023

In the Linux kernel, the following vulnerability has been resolved: md/raid1: Fix data corruption for degraded array with slow disk read_balance() will avoid reading from slow disks as much as possible,however, if valid data only lands in slow disks, and a new normal diskis still in recovery, unrec...

CVE-2024-46708

In the Linux kernel, the following vulnerability has been resolved: pinctrl: qcom: x1e80100: Fix special pin offsets Remove the erroneus 0x100000 offset to prevent the boards from crashingon pin state setting, as well as for the intended state changes to takeeffect.

CVE-2024-46709

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix prime with external buffers Make sure that for external buffers mapping goes through the dma_bufinterface instead of trying to access pages directly. External buffers might not provide direct access to readable/writ...

CVE-2024-46764

In the Linux kernel, the following vulnerability has been resolved: bpf: add check for invalid name in btf_name_valid_section() If the length of the name string is 1 and the value of name[0] is NULLbyte, an OOB vulnerability occurs in btf_name_valid_section() and thereturn value is true, so the inv...

CVE-2024-46785

In the Linux kernel, the following vulnerability has been resolved: eventfs: Use list_del_rcu() for SRCU protected list variable Chi Zhiling reported: We found a null pointer accessing in tracefs[1], the reason is that thevariable 'ei_child' is set to LIST_POISON1, that means the list wasremoved in...

CVE-2024-46793

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: Boards: Fix NULL pointer deref in BYT/CHT boards harder Since commit 13f58267cda3 ("ASoC: soc.h: don't create dummy Componentvia COMP_DUMMY()") dummy codecs declared like this: SND_SOC_DAILINK_DEF(dummy,DAILINK_COMP_AR...

CVE-2024-47721

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: remove unused C2H event ID RTW89_MAC_C2H_FUNC_READ_WOW_CAM to prevent out-of-bounds reading The handler of firmware C2H event RTW89_MAC_C2H_FUNC_READ_WOW_CAM isn'timplemented, but driver expects number of handlers isNU...

CVE-2024-49869

In the Linux kernel, the following vulnerability has been resolved: btrfs: send: fix buffer overflow detection when copying path to cache entry Starting with commit c0247d289e73 ("btrfs: send: annotate structname_cache_entry with __counted_by()") we annotated the variable lengtharray "name" from th...

CVE-2024-50037

In the Linux kernel, the following vulnerability has been resolved: drm/fbdev-dma: Only cleanup deferred I/O if necessary Commit 5a498d4d06d6 ("drm/fbdev-dma: Only install deferred I/O ifnecessary") initializes deferred I/O only if it is used.drm_fbdev_dma_fb_destroy() however calls fb_deferred_io_...

CVE-2024-50094

In the Linux kernel, the following vulnerability has been resolved: sfc: Don't invoke xdp_do_flush() from netpoll. Yury reported a crash in the sfc driver originated fromnetpoll_send_udp(). The netconsole sends a message and then netpollinvokes the driver's NAPI function with a budget of zero. It i...

CVE-2024-50149

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Don't free job in TDR Freeing job in TDR is not safe as TDR can pass the run_job threadresulting in UAF. It is only safe for free job to naturally be called bythe scheduler. Rather free job in TDR, add to pending list. (che...

CVE-2024-50173

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix access to uninitialized variable in tick_ctx_cleanup() The group variable can't be used to retrieve ptdev in our second loop,because it points to the previously iterated list_head, not a validgroup. Get the ptdev o...

CVE-2024-50288

In the Linux kernel, the following vulnerability has been resolved: media: vivid: fix buffer overwrite when using > 32 buffers The maximum number of buffers that can be requested was increased to64 for the video capture queue. But video capture used a must_blankarray that was still sized for 32 ...

CVE-2025-21783

In the Linux kernel, the following vulnerability has been resolved: gpiolib: Fix crash on error in gpiochip_get_ngpios() The gpiochip_get_ngpios() uses chip_() macros to print messages.However these macros rely on gpiodev to be initialised and set,which is not the case when called via bgpio_init()....

CVE-2025-21843

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: avoid garbage value in panthor_ioctl_dev_query() 'priorities_info' is uninitialized, and the uninitialized value is copiedto user object when calling PANTHOR_UOBJ_SET(). Using memset to initialize'priorities_info' to a...

CVE-2025-21900

In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix a deadlock when recovering state on a sillyrenamed file If the file is sillyrenamed, and slated for delete on close, it ispossible for a server reboot to triggeer an open reclaim, with can againrace with the application ...

CVE-2025-21988

In the Linux kernel, the following vulnerability has been resolved: fs/netfs/read_collect: add to next->prev_donated If multiple subrequests donate data to the same "next" request(depending on the subrequest completion order), each of them wouldoverwrite the prev_donated field, causing data corr...

CVE-2025-22006

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ti: am65-cpsw: Fix NAPI registration sequence Registering the interrupts for TX or RX DMA Channels prior to registeringtheir respective NAPI callbacks can result in a NULL pointer dereference.This is seen in practice...

CVE-2025-22048

In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Don't override subprog's return value The verifier test calls: div by 0 in subprog triggers a panic at theld.bu instruction. The ld.bu insn is trying to load byte from memoryaddress returned by the subprog. The subp...

CVE-2025-22096

In the Linux kernel, the following vulnerability has been resolved: drm/msm/gem: Fix error code msm_parse_deps() The SUBMIT_ERROR() macro turns the error code negative. This extra '-'operation turns it back to positive EINVAL again. The error code ispassed to ERR_PTR() and since positive values are...

CVE-2025-37779

In the Linux kernel, the following vulnerability has been resolved: lib/iov_iter: fix to increase non slab folio refcount When testing EROFS file-backed mount over v9fs on qemu, I encountered afolio UAF issue. The page sanity check reports the following call trace.The root cause is that pages in bv...

CVE-2025-37783

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Fix error pointers in dpu_plane_virtual_atomic_check The function dpu_plane_virtual_atomic_check was dereferencing pointersreturned by drm_atomic_get_plane_state without checking for errors. Thiscould lead to undefined...

CVE-2025-37826

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Add NULL check in ufshcd_mcq_compl_pending_transfer() Add a NULL check for the returned hwq pointer by ufshcd_mcq_req_to_hwq(). This is similar to the fix in commit 74736103fb41 ("scsi: ufs: core: Fixufshcd_abort_o...

CVE-2025-37837

In the Linux kernel, the following vulnerability has been resolved: iommu/tegra241-cmdqv: Fix warnings due to dmam_free_coherent() Two WARNINGs are observed when SMMU driver rolls back upon failure:arm-smmu-v3.9.auto: Failed to register iommuarm-smmu-v3.9.auto: probe with driver arm-smmu-v3 failed ...

CVE-2025-37843

In the Linux kernel, the following vulnerability has been resolved: PCI: pciehp: Avoid unnecessary device replacement check Hot-removal of nested PCI hotplug ports suffers from a long-standing racecondition which can lead to a deadlock: A parent hotplug port acquirespci_lock_rescan_remove(), then w...

CVE-2025-37938

In the Linux kernel, the following vulnerability has been resolved: tracing: Verify event formats that have "%*p.." The trace event verifier checks the formats of trace events to make surethat they do not point at memory that is not in the trace event itself orin data that will never be freed. If a...

CVE-2025-37948

In the Linux kernel, the following vulnerability has been resolved: arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs A malicious BPF program may manipulate the branch history to influencewhat the hardware speculates will happen next. On exit from a BPF program, emit the BHB mititgat...

CVE-2025-37963

In the Linux kernel, the following vulnerability has been resolved: arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users Support for eBPF programs loaded by unprivileged users is typicallydisabled. This means only cBPF programs need to be mitigated for BHB. In addition, only mitigat...

CVE-2025-38002

In the Linux kernel, the following vulnerability has been resolved: io_uring/fdinfo: grab ctx->uring_lock around io_uring_show_fdinfo() Not everything requires locking in there, which is why the 'has_lock'variable exists. But enough does that it's a bit unwieldy to manage.Wrap the whole thing in...

CVE-1999-0400

Denial of service in Linux 2.2.0 running the ldd command on a core file.

CVE-1999-0401

A race condition in Linux 2.2.1 allows local users to read arbitrary memory from /proc files.