10983 matches found
CVE-2024-26654
In the Linux kernel, the following vulnerability has been resolved: ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs The dreamcastcard->timer could schedule the spu_dma_work and thespu_dma_work could also arm the dreamcastcard->timer. When the snd_pcm_substream is closing, the aic...
CVE-2024-27080
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race when detecting delalloc ranges during fiemap For fiemap we recently stopped locking the target extent range for thewhole duration of the fiemap call, in order to avoid a deadlock in ascenario where the fiemap buffer...
CVE-2024-27389
In the Linux kernel, the following vulnerability has been resolved: pstore: inode: Only d_invalidate() is needed Unloading a modular pstore backend with records in pstorefs wouldtrigger the dput() double-drop warning: WARNING: CPU: 0 PID: 2569 at fs/dcache.c:762 dput.part.0+0x3f3/0x410 Using the co...
CVE-2021-46964
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Reserve extra IRQ vectors Commit a6dcfe08487e ("scsi: qla2xxx: Limit interrupt vectors to number ofCPUs") lowers the number of allocated MSI-X vectors to the number of CPUs. That breaks vector allocation assumptions ...
CVE-2024-27039
In the Linux kernel, the following vulnerability has been resolved: clk: hisilicon: hi3559a: Fix an erroneous devm_kfree() 'p_clk' is an array allocated just before the for loop for all clk thatneed to be registered.It is incremented at each loop iteration. If a clk_register() call fails, 'p_clk' m...
CVE-2024-38629
In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Avoid unnecessary destruction of file_ida file_ida is allocated during cdev open and is freed accordinglyduring cdev release. This sequence is guaranteed by driver fileoperations. Therefore, there is no need to des...
CVE-2021-46972
In the Linux kernel, the following vulnerability has been resolved: ovl: fix leaked dentry Since commit 6815f479ca90 ("ovl: use only uppermetacopy state inovl_lookup()"), overlayfs doesn't put temporary dentry when there is ametacopy error, which leads to dentry leaks when shutting down the related...
CVE-2024-27391
In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: do not realloc workqueue everytime an interface is added Commit 09ed8bfc5215 ("wilc1000: Rename workqueue from "WILC_wq" to"NETDEV-wq"") moved workqueue creation in wilc_netdev_ifc_init in order toset the interface ...
CVE-2024-27390
In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: remove one synchronize_net() barrier in ipv6_mc_down() As discussed in the past (commit 2d3916f31891 ("ipv6: fix skb dropsin igmp6_event_query() and igmp6_event_report()")) I think thesynchronize_net() call in ipv6_mc_...
CVE-2023-52648
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Unmap the surface before resetting it on a plane state Switch to a new plane state requires unreferencing of all held surfaces.In the work required for mob cursors the mapped surfaces started beingcached but the variabl...
CVE-2023-52442
In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate session id and tree id in compound request smb2_get_msg() in smb2_get_ksmbd_tcon() and smb2_check_user_session()will always return the first request smb2 header in a compound request.if SMB2_TREE_CONNECT_HE is the f...
CVE-2024-26959
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btnxpuart: Fix btnxpuart_close Fix scheduling while atomic BUG in btnxpuart_close(), properlypurge the transmit queue and free the receive skb. [ 10.973809] BUG: scheduling while atomic: kworker/u9:0/80/0x00000002...[ 10...
CVE-2024-27034
In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix to cover normal cluster write with cp_rwsem When we overwrite compressed cluster w/ normal cluster, we shouldnot unlock cp_rwsem during f2fs_write_raw_pages(), otherwise datawill be corrupted if partial blocks w...
CVE-2024-27007
In the Linux kernel, the following vulnerability has been resolved: userfaultfd: change src_folio after ensuring it's unpinned in UFFDIO_MOVE Commit d7a08838ab74 ("mm: userfaultfd: fix unexpected change to src_foliowhen UFFDIO_MOVE fails") moved the src_folio->{mapping, index} changing toafter c...
CVE-2024-26948
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add a dc_state NULL check in dc_state_release [How]Check wheather state is NULL before releasing it.
CVE-2024-26656
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix use-after-free bug The bug can be triggered by sending a single amdgpu_gem_userptr_ioctlto the AMDGPU DRM driver on any ASICs with an invalid address and size.The bug was reported by Joonkyo Jung [email protected]....
CVE-2024-35938
In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: decrease MHI channel buffer length to 8KB Currently buf_len field of ath11k_mhi_config_qca6390 is assignedwith 0, making MHI use a default size, 64KB, to allocate channelbuffers. This is likely to fail in some scenari...
CVE-2024-26891
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Don't issue ATS Invalidation request when device is disconnected For those endpoint devices connect to system via hotplug capable ports,users could request a hot reset to the device by flapping device's linkthrough sett...
CVE-2024-27066
In the Linux kernel, the following vulnerability has been resolved: virtio: packed: fix unmap leak for indirect desc table When use_dma_api and premapped are true, then the do_unmap is false. Because the do_unmap is false, vring_unmap_extra_packed is not called bydetach_buf_packed. if (unlikely(vq-...
CVE-2024-26985
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix bo leak in intel_fb_bo_framebuffer_init Add a unreference bo in the error path, to prevent leaking a bo ref. Return 0 on success to clarify the success path. (cherry picked from commit a2f3d731be3893e730417ae3190760fcaf...
CVE-2024-26946
In the Linux kernel, the following vulnerability has been resolved: kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address Read from an unsafe address with copy_from_kernel_nofault() inarch_adjust_kprobe_addr() because this function is used before checkingthe address is in text or ...
CVE-2024-26947
In the Linux kernel, the following vulnerability has been resolved: ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses Since commit a4d5613c4dc6 ("arm: extend pfn_valid to take into accountfreed memory map alignment") changes the semantics of pfn_valid() to checkpresence of...
CVE-2024-26990
In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Write-protect L2 SPTEs in TDP MMU when clearing dirty status Check kvm_mmu_page_ad_need_write_protect() when deciding whether towrite-protect or clear D-bits on TDP MMU SPTEs, so that the TDP MMUaccounts for any role-...
CVE-2024-26963
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3-am62: fix module unload/reload behavior As runtime PM is enabled, the module can be runtimesuspended when .remove() is called. Do a pm_runtime_get_sync() to make sure module is activebefore doing any register operations. ...
CVE-2024-26938
In the Linux kernel, the following vulnerability has been resolved: drm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode() If we have no VBT, or the VBT didn't declare the encoderin question, we won't have the 'devdata' for the encoder.Instead of oopsing just bail early...
CVE-2024-26870
In the Linux kernel, the following vulnerability has been resolved: NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102 A call to listxattr() with a buffer size = 0 returns the actualsize of the buffer needed for a subsequent call. When size > 0,nfs4_listxattr() does not return an error ...
CVE-2024-27069
In the Linux kernel, the following vulnerability has been resolved: ovl: relax WARN_ON in ovl_verify_area() syzbot hit an assertion in copy up data loop which looks like it isthe result of a lower file whose size is being changed underneathoverlayfs. This type of use case is documented to cause und...
CVE-2024-27006
In the Linux kernel, the following vulnerability has been resolved: thermal/debugfs: Add missing count increment to thermal_debug_tz_trip_up() The count field in struct trip_stats, representing the number of timesthe zone temperature was above the trip point, needs to be incrementedin thermal_debug...
CVE-2024-27067
In the Linux kernel, the following vulnerability has been resolved: xen/evtchn: avoid WARN() when unbinding an event channel When unbinding a user event channel, the related handler might becalled a last time in case the kernel was built withCONFIG_DEBUG_SHIRQ. This might cause a WARN() in the hand...
CVE-2024-27027
In the Linux kernel, the following vulnerability has been resolved: dpll: fix dpll_xa_ref_*_del() for multiple registrations Currently, if there are multiple registrations of the same pin on thesame dpll device, following warnings are observed:WARNING: CPU: 5 PID: 2212 at drivers/dpll/dpll_core.c:1...
CVE-2021-47035
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Remove WO permissions on second-level paging entries When the first level page table is used for IOVA translation, it onlysupports Read-Only and Read-Write permissions. The Write-Only permissionis not supported as the P...
CVE-2021-47029
In the Linux kernel, the following vulnerability has been resolved: mt76: connac: fix kernel warning adding monitor interface Fix the following kernel warning adding a monitor interface inmt76_connac_mcu_uni_add_dev routine. [ 507.984882] ------------[ cut here ]------------[ 507.989515] WARNING: C...
CVE-2021-47040
In the Linux kernel, the following vulnerability has been resolved: io_uring: fix overflows checks in provide buffers Colin reported before possible overflow and sign extension problems inio_provide_buffers_prep(). As Linus pointed out previous attempt did nothinguseful, see d81269fecb8ce ("io_urin...
CVE-2021-47055
In the Linux kernel, the following vulnerability has been resolved: mtd: require write permissions for locking and badblock ioctls MEMLOCK, MEMUNLOCK and OTPLOCK modify protection bits. Thus requirewrite permission. Depending on the hardware MEMLOCK might even bewrite-once, e.g. for SPI-NOR flashes...
CVE-2024-27063
In the Linux kernel, the following vulnerability has been resolved: leds: trigger: netdev: Fix kernel panic on interface rename trig notify Commit d5e01266e7f5 ("leds: trigger: netdev: add additional specific linkspeed mode") in the various changes, reworked the way to set the LINKUPmode in commit ...
CVE-2024-27036
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix writeback data corruption cifs writeback doesn't correctly handle the case wherecifs_extend_writeback() hits a point where it is considering an additionalfolio, but this would overrun the wsize - at which point it drops o...
CVE-2024-27397
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: use timestamp to check for set element timeout Add a timestamp field at the beginning of the transaction, store itin the nftables per-netns area. Update set backend .insert, .deactivate and sync gc path to use...
CVE-2021-47014
In the Linux kernel, the following vulnerability has been resolved: net/sched: act_ct: fix wild memory access when clearing fragments while testing re-assembly/re-fragmentation using act_ct, it's possible toobserve a crash like the following one: KASAN: maybe wild-memory-access in range [0x00010000...
CVE-2021-47036
In the Linux kernel, the following vulnerability has been resolved: udp: skip L4 aggregation for UDP tunnel packets If NETIF_F_GRO_FRAGLIST or NETIF_F_GRO_UDP_FWD are enabled, and thereare UDP tunnels available in the system, udp_gro_receive() could end-updoing L4 aggregation (either SKB_GSO_UDP_L4...
CVE-2023-52453
In the Linux kernel, the following vulnerability has been resolved: hisi_acc_vfio_pci: Update migration data pointer correctly on saving/resume When the optional PRE_COPY support was added to speed up the devicecompatibility check, it failed to update the saving/resuming datapointers based on the f...
CVE-2023-52656
In the Linux kernel, the following vulnerability has been resolved: io_uring: drop any code related to SCM_RIGHTS This is dead code after we dropped support for passing io_uring fdsover SCM_RIGHTS, get rid of it.
CVE-2021-47011
In the Linux kernel, the following vulnerability has been resolved: mm: memcontrol: slab: fix obtain a reference to a freeing memcg Patch series "Use obj_cgroup APIs to charge kmem pages", v5. Since Roman's series "The new cgroup slab memory controller" applied.All slab objects are charged with the...
CVE-2024-27035
In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix to guarantee persisting compressed blocks by CP If data block in compressed cluster is not persisted with metadataduring checkpoint, after SPOR, the data may be corrupted, let'sguarantee to write compressed page...
CVE-2024-36904
In the Linux kernel, the following vulnerability has been resolved: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Anderson Nascimento reported a use-after-free splat in tcp_twsk_unique()with nice analysis. Since commit ec94c2696f0b ("tcp/dccp: avoid one atomic operation fortimewait hashdan...
CVE-2024-35944
In the Linux kernel, the following vulnerability has been resolved: VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() Syzkaller hit 'WARNING in dg_dispatch_as_host' bug. memcpy: detected field-spanning write (size 56) of single field "&dg_info->msg"at drivers/misc/vmw_vmci/vmci_datagr...
CVE-2024-26610
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: fix a memory corruption iwl_fw_ini_trigger_tlv::data is a pointer to a __le32, which means thatif we copy to iwl_fw_ini_trigger_tlv::data + offset while offset is inbytes, we'll write past the buffer.
CVE-2021-47016
In the Linux kernel, the following vulnerability has been resolved: m68k: mvme147,mvme16x: Don't wipe PCC timer config bits Don't clear the timer 1 configuration bits when clearing the interrupt flagand counter overflow. As Michael reported, "This results in no timerinterrupts being delivered after...
CVE-2021-47004
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid touching checkpointed data in get_victim() In CP disabling mode, there are two issues when using LFS or SSR | AT_SSRmode to select victim: LFS is set to find source section during GC, the victim should haveno che...
CVE-2021-46999
In the Linux kernel, the following vulnerability has been resolved: sctp: do asoc update earlier in sctp_sf_do_dupcook_a There's a panic that occurs in a few of envs, the call trace is as below: [] general protection fault, ... 0x29acd70f1000a: 0000 [#1] SMP PTI[] RIP: 0010:sctp_ulpevent_notify_pee...
CVE-2024-26619
In the Linux kernel, the following vulnerability has been resolved: riscv: Fix module loading free order Reverse order of kfree calls to resolve use-after-free error.