CVE-2016-10154

The smbhash function in fs/cifs/smbencrypt.c in the Linux kernel 4.9.x before 4.9.1 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more ...

CVE-2016-8400

An information disclosure vulnerability in the NVIDIA librm library (libnvrm) could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions:...

CVE-2016-8432

An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the ope...

CVE-2017-0430

An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the...

CVE-2017-0521

An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3....

CVE-2017-0574

An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.1...

CVE-2017-0581

An elevation of privilege vulnerability in the Synaptics Touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Ker...

CVE-2021-47349

In the Linux kernel, the following vulnerability has been resolved: mwifiex: bring down link before deleting interface We can deadlock when rmmod'ing the driver or going through firmwarereset, because the cfg80211_unregister_wdev() has to bring down the linkfor us, ... which then grab the same wiph...

CVE-2021-47533

In the Linux kernel, the following vulnerability has been resolved: drm/vc4: kms: Clear the HVS FIFO commit pointer once done Commit 9ec03d7f1ed3 ("drm/vc4: kms: Wait on previous FIFO users before acommit") introduced a wait on the previous commit done on a given HVSFIFO. However, we never cleared ...

CVE-2021-47668

In the Linux kernel, the following vulnerability has been resolved: can: dev: can_restart: fix use after free bug After calling netif_rx_ni(skb), dereferencing skb is unsafe.Especially, the can_frame cf which aliases skb memory is accessedafter the netif_rx_ni() in:stats->rx_bytes += cf->len;...

CVE-2022-48719

In the Linux kernel, the following vulnerability has been resolved: net, neigh: Do not trigger immediate probes on NUD_FAILED from neigh_managed_work syzkaller was able to trigger a deadlock for NTF_MANAGED entries [0]: kworker/0:16/14617 is trying to acquire lock:ffffffff8d4dd370 (&tbl->lock){+...

CVE-2022-48795

In the Linux kernel, the following vulnerability has been resolved: parisc: Fix data TLB miss in sba_unmap_sg Rolf Eike Beer reported the following bug: [1274934.746891] Bad Address (null pointer deref?): Code=15 (Data TLB miss fault) at addr 0000004140000018[1274934.746891] CPU: 3 PID: 5549 Comm: ...

CVE-2022-48803

In the Linux kernel, the following vulnerability has been resolved: phy: ti: Fix missing sentinel for clk_div_table _get_table_maxdiv() tries to access "clk_div_table" array out of bounddefined in phy-j721e-wiz.c. Add a sentinel entry to preventthe following global-out-of-bounds error reported by e...

CVE-2022-48876

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix initialization of rx->link and rx->link_sta There are some codepaths that do not initialize rx->link_sta properly. Thiscauses a crash in places which assume that rx->link_sta is valid if rx->stais...

CVE-2022-48957

In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: Fix memory leak in dpaa2_switch_acl_entry_add() and dpaa2_switch_acl_entry_remove() The cmd_buff needs to be freed when error happened indpaa2_switch_acl_entry_add() and dpaa2_switch_acl_entry_remove().

CVE-2022-48998

In the Linux kernel, the following vulnerability has been resolved: powerpc/bpf/32: Fix Oops on tail call tests test_bpf tail call tests end up as: test_bpf: #0 Tail call leaf jited:1 85 PASStest_bpf: #1 Tail call 2 jited:1 111 PASStest_bpf: #2 Tail call 3 jited:1 145 PASStest_bpf: #3 Tail call 4 j...

CVE-2022-49013

In the Linux kernel, the following vulnerability has been resolved: sctp: fix memory leak in sctp_stream_outq_migrate() When sctp_stream_outq_migrate() is called to release stream out resources,the memory pointed to by prio_head in stream out is not released. The memory leak information is as follo...

CVE-2022-49024

In the Linux kernel, the following vulnerability has been resolved: can: m_can: pci: add missing m_can_class_free_dev() in probe/remove methods In m_can_pci_remove() and error handling path of m_can_pci_probe(),m_can_class_free_dev() should be called to free resource allocated bym_can_class_allocat...

CVE-2022-49068

In the Linux kernel, the following vulnerability has been resolved: btrfs: release correct delalloc amount in direct IO write path Running generic/406 causes the following WARNING in btrfs_destroy_inode()which tells there are outstanding extents left. In btrfs_get_blocks_direct_write(), we reserve ...

CVE-2022-49383

In the Linux kernel, the following vulnerability has been resolved: watchdog: rzg2l_wdt: Fix 'BUG: Invalid wait context' This patch fixes the issue 'BUG: Invalid wait context' during restart()callback by using clk_prepare_enable() instead of pm_runtime_get_sync()for turning on the clocks during res...

CVE-2022-49403

In the Linux kernel, the following vulnerability has been resolved: lib/string_helpers: fix not adding strarray to device's resource list Add allocated strarray to device's resource list. This is a must toautomatically release strarray when the device disappears. Without this fix we have a memory l...

CVE-2022-49553

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: validate BOOT sectors_per_clusters When the NTFS BOOT sectors_per_clusters field is > 0x80, it represents ashift value. Make sure that the shift value is not too large before usingit (NTFS max cluster size is 2MB). Ret...

CVE-2022-49772

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() snd_usbmidi_output_open() has a check of the NULL port withsnd_BUG_ON(). snd_BUG_ON() was used as this shouldn't have happened,but in reality, the NULL port may be s...

CVE-2022-49792

In the Linux kernel, the following vulnerability has been resolved: iio: adc: mp2629: fix potential array out of bound access Add sentinel at end of maps to avoid potential array out ofbound access in iio core.

CVE-2022-49796

In the Linux kernel, the following vulnerability has been resolved: tracing: kprobe: Fix potential null-ptr-deref on trace_array in kprobe_event_gen_test_exit() When test_gen_kprobe_cmd() failed after kprobe_event_gen_cmd_end(), itwill goto delete, which will call kprobe_event_delete() and release ...

CVE-2022-49812

In the Linux kernel, the following vulnerability has been resolved: bridge: switchdev: Fix memory leaks when changing VLAN protocol The bridge driver can offload VLANs to the underlying hardware eithervia switchdev or the 8021q driver. When the former is used, the VLAN ismarked in the bridge driver...

CVE-2022-49834

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix use-after-free bug of ns_writer on remount If a nilfs2 filesystem is downgraded to read-only due to metadatacorruption on disk and is remounted read/write, or if emergency read-onlyremount is performed, detaching a log ...

CVE-2022-49858

In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix SQE threshold checking Current way of checking available SQE count which is based onHW updated SQB count could result in driver submitting an SQEeven before CQE for the previously transmitted SQE at the sameindex ...

CVE-2022-49913

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix inode list leak during backref walking at find_parent_nodes() During backref walking, at find_parent_nodes(), if we are dealing with adata extent and we get an error while resolving the indirect backrefs, atresolve_indir...

CVE-2022-49917

In the Linux kernel, the following vulnerability has been resolved: ipvs: fix WARNING in ip_vs_app_net_cleanup() During the initialization of ip_vs_app_net_init(), if file ip_vs_appfails to be created, the initialization is successful by default.Therefore, the ip_vs_app file doesn't be found during...

CVE-2022-49918

In the Linux kernel, the following vulnerability has been resolved: ipvs: fix WARNING in __ip_vs_cleanup_batch() During the initialization of ip_vs_conn_net_init(), if file ip_vs_connor ip_vs_conn_sync fails to be created, the initialization is successfulby default. Therefore, the ip_vs_conn or ip_...

CVE-2022-49929

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix mr leak in RESPST_ERR_RNR rxe_recheck_mr() will increase mr's ref_cnt, so we should call rxe_put(mr)to drop mr's ref_cnt in RESPST_ERR_RNR to avoid below warning: WARNING: CPU: 0 PID: 4156 at drivers/infiniband/sw/rxe...

CVE-2022-49951

In the Linux kernel, the following vulnerability has been resolved: firmware_loader: Fix use-after-free during unregister In the following code within firmware_upload_unregister(), the call todevice_unregister() could result in the dev_release function freeing thefw_upload_priv structure before it ...

CVE-2023-20810

In IOMMU, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03692061; Issue ID: DTV03692061.

CVE-2023-53040

In the Linux kernel, the following vulnerability has been resolved: ca8210: fix mac_len negative array access This patch fixes a buffer overflow access of skb->data ifieee802154_hdr_peek_addrs() fails.

CVE-2023-53043

In the Linux kernel, the following vulnerability has been resolved: arm64: dts: qcom: sc7280: Mark PCIe controller as cache coherent If the controller is not marked as cache coherent, then kernel willtry to ensure coherency during dma-ops and that may cause data corruption.So, mark the PCIe node as...

CVE-2023-53054

In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: fix a devres leak in hw_enable upon suspend resume Each time the platform goes to low power, PM suspend / resume routinescall: __dwc2_lowlevel_hw_enable -> devm_add_action_or_reset().This adds a new devres each time.T...

CVE-2023-53082

In the Linux kernel, the following vulnerability has been resolved: vp_vdpa: fix the crash in hot unplug with vp_vdpa While unplugging the vp_vdpa device, it triggers a kernel panicThe root cause is: vdpa_mgmtdev_unregister() will accesses moderndevices which will cause a use after free.So need to ...

CVE-2023-53099

In the Linux kernel, the following vulnerability has been resolved: firmware: xilinx: don't make a sleepable memory allocation from an atomic context The following issue was discovered using lockdep:[ 6.691371] BUG: sleeping function called from invalid context at include/linux/sched/mm.h:209[ 6.69...

CVE-2024-38626

In the Linux kernel, the following vulnerability has been resolved: fuse: clear FR_SENT when re-adding requests into pending list The following warning was reported by lee bruce: ------------[ cut here ]------------WARNING: CPU: 0 PID: 8264 at fs/fuse/dev.c:300fuse_request_end+0x685/0x7e0 fs/fuse/d...

CVE-2024-42112

In the Linux kernel, the following vulnerability has been resolved: net: txgbe: free isb resources at the right time When using MSI/INTx interrupt, the shared interrupts are still beinghandled in the device remove routine, before free IRQs. So isb memoryis still read after it is freed. Thus move wx...

CVE-2024-45027

In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Check for xhci->interrupters being allocated in xhci_mem_clearup() If xhci_mem_init() fails, it calls into xhci_mem_cleanup() to mopup the damage. If it fails early enough, before xhci->interruptersis allocated but...

CVE-2024-46712

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Disable coherent dumb buffers without 3d Coherent surfaces make only sense if the host renders to them usingaccelerated apis. Without 3d the entire content of dumb buffers staysin the guest making all of the extra work ...

CVE-2024-46768

In the Linux kernel, the following vulnerability has been resolved: hwmon: (hp-wmi-sensors) Check if WMI event data exists The BIOS can choose to return no event data in response to aWMI event, so the ACPI object passed to the WMI notify handlercan be NULL. Check for such a situation and ignore the...

CVE-2024-46790

In the Linux kernel, the following vulnerability has been resolved: codetag: debug: mark codetags for poisoned page as empty When PG_hwpoison pages are freed they are treated differently infree_pages_prepare() and instead of being released they are isolated. Page allocation tag counters are decreme...

CVE-2024-47694

In the Linux kernel, the following vulnerability has been resolved: IB/mlx5: Fix UMR pd cleanup on error flow of driver init The cited commit moves the pd allocation from functionmlx5r_umr_resource_cleanup() to a new function mlx5r_umr_cleanup().So the fix in commit [1] is broken. In error flow, wi...

CVE-2024-47724

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: use work queue to process beacon tx event Commit 3a415daa3e8b ("wifi: ath11k: add P2P IE in beacon template")from Feb 28, 2024 (linux-next), leads to the following Smatch staticchecker warning: drivers/net/wireless/at...

CVE-2024-49956

In the Linux kernel, the following vulnerability has been resolved: gfs2: fix double destroy_workqueue error When gfs2_fill_super() fails, destroy_workqueue() is called withingfs2_gl_hash_clear(), and the subsequent code path callsdestroy_workqueue() on the same work queue again. This issue can be ...

CVE-2024-50123

In the Linux kernel, the following vulnerability has been resolved: bpf: Add the missing BPF_LINK_TYPE invocation for sockmap There is an out-of-bounds read in bpf_link_show_fdinfo() for the sockmaplink fd. Fix it by adding the missing BPF_LINK_TYPE invocation forsockmap link Also add comments for ...

CVE-2024-50204

In the Linux kernel, the following vulnerability has been resolved: fs: don't try and remove empty rbtree node When copying a namespace we won't have added the new copy into thenamespace rbtree until after the copy succeeded. Calling free_mnt_ns()will try to remove the copy from the rbtree which is...