10741 matches found
CVE-2022-48977
In the Linux kernel, the following vulnerability has been resolved: can: af_can: fix NULL pointer dereference in can_rcv_filter Analogue to commit 8aa59e355949 ("can: af_can: fix NULL pointerdereference in can_rx_register()") we need to check for a missinginitialization of ml_priv in the receive pa...
CVE-2022-48979
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix array index out of bound error in DCN32 DML [Why&How]LinkCapacitySupport array is indexed with the number of voltage states andnot the number of max DPPs. Fix the error by changing the arraydeclaration to use t...
CVE-2022-48986
In the Linux kernel, the following vulnerability has been resolved: mm/gup: fix gup_pud_range() for dax For dax pud, pud_huge() returns true on x86. So the function works as longas hugetlb is configured. However, dax doesn't depend on hugetlb.Commit 414fd080d125 ("mm/gup: fix gup_pmd_range() for da...
CVE-2022-49013
In the Linux kernel, the following vulnerability has been resolved: sctp: fix memory leak in sctp_stream_outq_migrate() When sctp_stream_outq_migrate() is called to release stream out resources,the memory pointed to by prio_head in stream out is not released. The memory leak information is as follo...
CVE-2022-49017
In the Linux kernel, the following vulnerability has been resolved: tipc: re-fetch skb cb after tipc_msg_validate As the call trace shows, the original skb was freed in tipc_msg_validate(),and dereferencing the old skb cb would cause an use-after-free crash. BUG: KASAN: use-after-free in tipc_crypt...
CVE-2022-49032
In the Linux kernel, the following vulnerability has been resolved: iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw KASAN report out-of-bounds read as follows: BUG: KASAN: global-out-of-bounds in afe4404_read_raw+0x2ce/0x380Read of size 4 at addr ffffffffc00e4658 by task cat/278 Call...
CVE-2022-49423
In the Linux kernel, the following vulnerability has been resolved: rtla: Avoid record NULL pointer dereference Fix the following null/deref_null.cocci errors:./tools/tracing/rtla/src/osnoise_hist.c:870:31-36: ERROR: record is NULL but dereferenced../tools/tracing/rtla/src/osnoise_top.c:650:31-36: ...
CVE-2022-49789
In the Linux kernel, the following vulnerability has been resolved: scsi: zfcp: Fix double free of FSF request when qdio send fails We used to use the wrong type of integer in 'zfcp_fsf_req_send()' to cachethe FSF request ID when sending a new FSF request. This is used in case thesending fails and ...
CVE-2022-49801
In the Linux kernel, the following vulnerability has been resolved: tracing: Fix memory leak in tracing_read_pipe() kmemleak reports this issue: unreferenced object 0xffff888105a18900 (size 128):comm "test_progs", pid 18933, jiffies 4336275356 (age 22801.766s)hex dump (first 32 bytes):25 73 00 90 8...
CVE-2022-49802
In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix null pointer dereference in ftrace_add_mod() The @ftrace_mod is allocated by kzalloc(), so both the members {prev,next}of @ftrace_mode->list are NULL, it's not a valid state to call list_del().If kstrdup() for @ftrac...
CVE-2022-49824
In the Linux kernel, the following vulnerability has been resolved: ata: libata-transport: fix error handling in ata_tlink_add() In ata_tlink_add(), the return value of transport_add_device() isnot checked. As a result, it causes null-ptr-deref while removingthe module, because transport_remove_dev...
CVE-2022-49826
In the Linux kernel, the following vulnerability has been resolved: ata: libata-transport: fix double ata_host_put() in ata_tport_add() In the error path in ata_tport_add(), when calling put_device(),ata_tport_release() is called, it will put the refcount of 'ap->host'. And then ata_host_put() i...
CVE-2022-49870
In the Linux kernel, the following vulnerability has been resolved: capabilities: fix undefined behavior in bit shift for CAP_TO_MASK Shifting signed 32-bit value by 31 bits is undefined, so changingsignificant bit to unsigned. The UBSAN warning calltrace like below: UBSAN: shift-out-of-bounds in s...
CVE-2022-49879
In the Linux kernel, the following vulnerability has been resolved: ext4: fix BUG_ON() when directory entry has invalid rec_len The rec_len field in the directory entry has to be a multiple of 4. Acorrupted filesystem image can be used to hit a BUG() inext4_rec_len_to_disk(), called from make_index...
CVE-2022-49880
In the Linux kernel, the following vulnerability has been resolved: ext4: fix warning in 'ext4_da_release_space' Syzkaller report issue as follows:EXT4-fs (loop0): Free/Dirty block detailsEXT4-fs (loop0): free_blocks=0EXT4-fs (loop0): dirty_blocks=0EXT4-fs (loop0): Block reservation detailsEXT4-fs ...
CVE-2023-20845
In imgsys, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07197795; Issue ID: ALPS07340357.
CVE-2023-52704
In the Linux kernel, the following vulnerability has been resolved: freezer,umh: Fix call_usermode_helper_exec() vs SIGKILL Tetsuo-San noted that commit f5d39b020809 ("freezer,sched: Rewritecore freezer logic") broke call_usermodehelper_exec() for the KILLABLEcase. Specifically it was missed that t...
CVE-2023-52795
In the Linux kernel, the following vulnerability has been resolved: vhost-vdpa: fix use after free in vhost_vdpa_probe() The put_device() calls vhost_vdpa_release_dev() which callsida_simple_remove() and frees "v". So this call toida_simple_remove() is a use after free and a double free.
CVE-2023-53072
In the Linux kernel, the following vulnerability has been resolved: mptcp: use the workqueue to destroy unaccepted sockets Christoph reported a UaF at token lookup time after havingrefactored the passive socket initialization part: BUG: KASAN: use-after-free in __token_bucket_busy+0x253/0x260Read o...
CVE-2023-53091
In the Linux kernel, the following vulnerability has been resolved: ext4: update s_journal_inum if it changes after journal replay When mounting a crafted ext4 image, s_journal_inum may change after journalreplay, which is obviously unreasonable because we have successfully loadedand replayed the j...
CVE-2023-53135
In the Linux kernel, the following vulnerability has been resolved: riscv: Use READ_ONCE_NOCHECK in imprecise unwinding stack mode When CONFIG_FRAME_POINTER is unset, the stack unwinding functionwalk_stackframe randomly reads the stack and then, when KASAN is enabled,it can lead to the following ba...
CVE-2024-35816
In the Linux kernel, the following vulnerability has been resolved: firewire: ohci: prevent leak of left-over IRQ on unbind Commit 5a95f1ded28691e6 ("firewire: ohci: use devres for requested IRQ")also removed the call to free_irq() in pci_remove(), leading to aleftover irq of devm_request_irq() at ...
CVE-2024-38390
In the Linux kernel, the following vulnerability has been resolved: drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails Calling a6xx_destroy() before adreno_gpu_init() leads to a null pointerdereference on: msm_gpu_cleanup() : platform_set_drvdata(gpu->pdev, NULL); as gpu->p...
CVE-2024-38585
In the Linux kernel, the following vulnerability has been resolved: tools/nolibc/stdlib: fix memory error in realloc() Pass user_p_len to memcpy() instead of heap->len to prevent realloc()from copying an extra sizeof(heap) bytes from beyond the allocatedregion.
CVE-2024-38609
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: connac: check for null before dereferencing The wcid can be NULL. It should be checked for validity beforedereferencing it to avoid crash.
CVE-2024-43822
In the Linux kernel, the following vulnerability has been resolved: ASoc: PCM6240: Return directly after a failed devm_kzalloc() in pcmdevice_i2c_probe() The value “-ENOMEM” was assigned to the local variable “ret”in one if branch after a devm_kzalloc() call failed at the beginning.This error code ...
CVE-2024-43848
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix TTLM teardown work The worker calculates the wrong sdata pointer, so if it everruns, it'll crash. Fix that.
CVE-2024-44973
In the Linux kernel, the following vulnerability has been resolved: mm, slub: do not call do_slab_free for kfence object In 782f8906f805 the freeing of kfence objects was moved from deepinside do_slab_free to the wrapper functions outside. This is a nicechange, but unfortunately it missed one spot ...
CVE-2024-46701
In the Linux kernel, the following vulnerability has been resolved: libfs: fix infinite directory reads for offset dir After we switch tmpfs dir operations from simple_dir_operations tosimple_offset_dir_operations, every rename happened will fill new dentryto dest dir's maple tree(&SHMEM_I(inode)-&...
CVE-2024-46709
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix prime with external buffers Make sure that for external buffers mapping goes through the dma_bufinterface instead of trying to access pages directly. External buffers might not provide direct access to readable/writ...
CVE-2024-46776
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Run DC_LOG_DC after checking link->link_enc [WHAT]The DC_LOG_DC should be run after link->link_enc is checked, not before. This fixes 1 REVERSE_INULL issue reported by Coverity.
CVE-2024-46838
In the Linux kernel, the following vulnerability has been resolved: userfaultfd: don't BUG_ON() if khugepaged yanks our page table Since khugepaged was changed to allow retracting page tables in filemappings without holding the mmap lock, these BUG_ON()s are wrong - getrid of them. We could also re...
CVE-2024-50011
In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: soc-acpi-intel-rpl-match: add missing empty item There is no links_num in struct snd_soc_acpi_mach {}, and we test!link->num_adr as a condition to end the loop in hda_sdw_machine_select().So an empty item in struct ...
CVE-2024-50071
In the Linux kernel, the following vulnerability has been resolved: pinctrl: nuvoton: fix a double free in ma35_pinctrl_dt_node_to_map_func() 'new_map' is allocated using devm_* which takes care of freeing theallocated data on device removal, call to .dt_free_map = pinconf_generic_dt_free_map doubl...
CVE-2024-50129
In the Linux kernel, the following vulnerability has been resolved: net: pse-pd: Fix out of bound for loop Adjust the loop limit to prevent out-of-bounds access when iterating overPI structures. The loop should not reach the index pcdev->nr_lines sincewe allocate exactly pcdev->nr_lines numbe...
CVE-2024-52559
In the Linux kernel, the following vulnerability has been resolved: drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() The "submit->cmd[i].size" and "submit->cmd[i].offset" variables are u32values that come from the user via the submit_lookup_cmds() function.This addition could l...
CVE-2024-55642
In the Linux kernel, the following vulnerability has been resolved: block: Prevent potential deadlocks in zone write plug error recovery Zone write plugging for handling writes to zones of a zoned blockdevice always execute a zone report whenever a write BIO to a zonefails. The intent of this is to...
CVE-2024-58018
In the Linux kernel, the following vulnerability has been resolved: nvkm: correctly calculate the available space of the GSP cmdq buffer r535_gsp_cmdq_push() waits for the available page in the GSP cmdqbuffer when handling a large RPC request. When it sees at least oneavailable page in the cmdq, it...
CVE-2025-21713
In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/iommu: Don't unset window if it was never set On pSeries, when user attempts to use the same vfio container used bydifferent iommu group, the spapr_tce_set_window() returns -EPERMand the subsequent cleanup leads to ...
CVE-2025-21770
In the Linux kernel, the following vulnerability has been resolved: iommu: Fix potential memory leak in iopf_queue_remove_device() The iopf_queue_remove_device() helper removes a device from the per-iommuiopf queue when PRI is disabled on the device. It responds to alloutstanding iopf's with an IOM...
CVE-2025-21824
In the Linux kernel, the following vulnerability has been resolved: gpu: host1x: Fix a use of uninitialized mutex commit c8347f915e67 ("gpu: host1x: Fix boot regression for Tegra")caused a use of uninitialized mutex leading to below warning whenCONFIG_DEBUG_MUTEXES and CONFIG_DEBUG_LOCK_ALLOC are e...
CVE-2025-21845
In the Linux kernel, the following vulnerability has been resolved: mtd: spi-nor: sst: Fix SST write failure 'commit 18bcb4aa54ea ("mtd: spi-nor: sst: Factor out common write operationto sst_nor_write_data()")' introduced a bug where only one byte of datais written, regardless of the number of byte...
CVE-2025-21903
In the Linux kernel, the following vulnerability has been resolved: mctp i3c: handle NULL header address daddr can be NULL if there is no neighbour table entry present,in that case the tx packet should be dropped. saddr will usually be set by MCTP core, but check for NULL in case apacket is transmi...
CVE-2025-21911
In the Linux kernel, the following vulnerability has been resolved: drm/imagination: avoid deadlock on fence release Do scheduler queue fence release processing on a workqueue, ratherthan in the release function itself. Fixes deadlock issues such as the following: [ 607.400437] ====================...
CVE-2025-21940
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix NULL Pointer Dereference in KFD queue Through KFD IOCTL Fuzzing we encountered a NULL pointer derefrencewhen calling kfd_queue_acquire_buffers. (cherry picked from commit 049e5bf3c8406f87c3d8e1958e0a16804fa1d530)
CVE-2025-21977
In the Linux kernel, the following vulnerability has been resolved: fbdev: hyperv_fb: Fix hang in kdump kernel when on Hyper-V Gen 2 VMs Gen 2 Hyper-V VMs boot via EFI and have a standard EFI framebufferdevice. When the kdump kernel runs in such a VM, loading the efifbdriver may hang because of acc...
CVE-2025-21983
In the Linux kernel, the following vulnerability has been resolved: mm/slab/kvfree_rcu: Switch to WQ_MEM_RECLAIM wq Currently kvfree_rcu() APIs use a system workqueue which is"system_unbound_wq" to driver RCU machinery to reclaim a memory. Recently, it has been noted that the following kernel warni...
CVE-2025-23152
In the Linux kernel, the following vulnerability has been resolved: arm64/crc-t10dif: fix use of out-of-scope array in crc_t10dif_arch() Fix a silly bug where an array was used outside of its scope.
CVE-2025-37849
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Tear down vGIC on failed vCPU creation If kvm_arch_vcpu_create() fails to share the vCPU page with thehypervisor, we propagate the error back to the ioctl but leave thevGIC vCPU data initialised. Note only does this lea...
CVE-2025-37876
In the Linux kernel, the following vulnerability has been resolved: netfs: Only create /proc/fs/netfs with CONFIG_PROC_FS When testing a special config: CONFIG_NETFS_SUPPORTS=yCONFIG_PROC_FS=n The system crashes with something like: [ 3.766197] ------------[ cut here ]------------[ 3.766484] kernel...