11047 matches found
CVE-2017-0580
An elevation of privilege vulnerability in the Synaptics Touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Ker...
CVE-2022-49785
In the Linux kernel, the following vulnerability has been resolved: x86/sgx: Add overflow check in sgx_validate_offset_length() sgx_validate_offset_length() function verifies "offset" and "length"arguments provided by userspace, but was missing an overflow check ontheir addition. Add it.
CVE-2022-49791
In the Linux kernel, the following vulnerability has been resolved: io_uring: fix multishot accept request leaks Having REQ_F_POLLED set doesn't guarantee that the request isexecuted as a multishot from the polling path. Fortunately for us, ifthe code thinks it's multishot issue when it's not, it c...
CVE-2022-49806
In the Linux kernel, the following vulnerability has been resolved: net: microchip: sparx5: Fix potential null-ptr-deref in sparx_stats_init() and sparx5_start() sparx_stats_init() calls create_singlethread_workqueue() and notchecked the ret value, which may return NULL. And a null-ptr-deref mayhap...
CVE-2022-49817
In the Linux kernel, the following vulnerability has been resolved: net: mhi: Fix memory leak in mhi_net_dellink() MHI driver registers network device without setting theneeds_free_netdev flag, and does NOT call free_netdev() whenunregisters network device, which causes a memory leak. This patch ca...
CVE-2022-49849
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix match incorrectly in dev_args_match_device syzkaller found a failed assertion: assertion failed: (args->devid != (u64)-1) || args->missing, in fs/btrfs/volumes.c:6921 This can be triggered when we set devid to (u64...
CVE-2022-49852
In the Linux kernel, the following vulnerability has been resolved: riscv: process: fix kernel info leakage thread_struct's s[12] may contain random kernel memory content, whichmay be finally leaked to userspace. This is a security hole. Fix itby clearing the s[12] array in thread_struct when fork....
CVE-2022-49973
In the Linux kernel, the following vulnerability has been resolved: skmsg: Fix wrong last sg check in sk_msg_recvmsg() Fix one kernel NULL pointer dereference as below: [ 224.462334] Call Trace:[ 224.462394] __tcp_bpf_recvmsg+0xd3/0x380[ 224.462441] ? sock_has_perm+0x78/0xa0[ 224.462463] tcp_bpf_re...
CVE-2022-50023
In the Linux kernel, the following vulnerability has been resolved: dmaengine: dw-axi-dmac: ignore interrupt if no descriptor If the channel has no descriptor and the interrupt is raised then thekernel will OOPS. Check the result of vchan_next_desc() in the handleraxi_chan_block_xfer_complete() to ...
CVE-2022-50036
In the Linux kernel, the following vulnerability has been resolved: drm/sun4i: dsi: Prevent underflow when computing packet sizes Currently, the packet overhead is subtracted using unsigned arithmetic.With a short sync pulse, this could underflow and wrap around to nearthe maximal u16 value. Fix th...
CVE-2022-50047
In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6060: prevent crash on an unused port If the port isn't a CPU port nor a user port, 'cpu_dp'is a null pointer and a crash happened on dereferencingit in mv88e6060_setup_port(): [ 9.575872] Unable to handle kernel NUL...
CVE-2022-50060
In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Fix mcam entry resource leak The teardown sequence in FLR handler returns if no NIX LFis attached to PF/VF because it indicates that gracefulshutdown of resources already happened. But there is achance of all allocate...
CVE-2022-50062
In the Linux kernel, the following vulnerability has been resolved: net: bgmac: Fix a BUG triggered by wrong bytes_compl On one of our machines we got: kernel BUG at lib/dynamic_queue_limits.c:27!Internal error: Oops - BUG: 0 [#1] PREEMPT SMP ARMCPU: 0 PID: 1166 Comm: irq/41-bgmac Tainted: G W O 4....
CVE-2022-50077
In the Linux kernel, the following vulnerability has been resolved: apparmor: fix reference count leak in aa_pivotroot() The aa_pivotroot() function has a reference counting bug in a specificpath. When aa_replace_current_label() returns on success, the functionforgets to decrement the reference cou...
CVE-2022-50141
In the Linux kernel, the following vulnerability has been resolved: mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch of_find_matching_node() returns a node pointer with refcountincremented, we should use of_node_put() on it when not need anymore.Add missing of_node_put() to avo...
CVE-2022-50143
In the Linux kernel, the following vulnerability has been resolved: intel_th: Fix a resource leak in an error handling path If an error occurs after calling 'pci_alloc_irq_vectors()','pci_free_irq_vectors()' must be called as already done in the removefunction.
CVE-2022-50145
In the Linux kernel, the following vulnerability has been resolved: dmaengine: sf-pdma: Add multithread support for a DMA channel When we get a DMA channel and try to use it in multiple threads itwill cause oops and hanging the system. % echo 64 > /sys/module/dmatest/parameters/threads_per_chan%...
CVE-2022-50189
In the Linux kernel, the following vulnerability has been resolved: tools/power turbostat: Fix file pointer leak Currently if a fscanf fails then an early return leaks an openfile pointer. Fix this by fclosing the file before the return.Detected using static analysis with cppcheck: tools/power/x86/...
CVE-2022-50192
In the Linux kernel, the following vulnerability has been resolved: spi: tegra20-slink: fix UAF in tegra_slink_remove() After calling spi_unregister_master(), the refcount of master willbe decrease to 0, and it will be freed in spi_controller_release(),the device data also will be freed, so it will...
CVE-2022-50199
In the Linux kernel, the following vulnerability has been resolved: ARM: OMAP2+: Fix refcount leak in omapdss_init_of omapdss_find_dss_of_node() calls of_find_compatible_node() to get devicenode. of_find_compatible_node() returns a node pointer with refcountincremented, we should use of_node_put() ...
CVE-2022-50202
In the Linux kernel, the following vulnerability has been resolved: PM: hibernate: defer device probing when resuming from hibernation syzbot is reporting hung task at misc_open() [1], for there is a racewindow of AB-BA deadlock which involves probe_count variable. Currentlywait_for_device_probe() ...
CVE-2022-50207
In the Linux kernel, the following vulnerability has been resolved: ARM: bcm: Fix refcount leak in bcm_kona_smc_init of_find_matching_node() returns a node pointer with refcountincremented, we should use of_node_put() on it when not need anymore.Add missing of_node_put() to avoid refcount leak.
CVE-2022-50226
In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent kernel memory leak For some sev ioctl interfaces, input may be passed that is less than orequal to SEV_FW_BLOB_MAX_SIZE, but larger than the data that PSPfirmware return...
CVE-2023-20682
In wlan, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07441605; Issue ID: ALPS07441605.
CVE-2024-56612
In the Linux kernel, the following vulnerability has been resolved: mm/gup: handle NULL pages in unpin_user_pages() The recent addition of "pofs" (pages or folios) handling to gup has aflaw: it assumes that unpin_user_pages() handles NULL pages in the pages**array. That's not the case, as I discove...
CVE-2024-58008
In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: dcp: fix improper sg use with CONFIG_VMAP_STACK=y With vmalloc stack addresses enabled (CONFIG_VMAP_STACK=y) DCP trustedkeys can crash during en- and decryption of the blob encryption key viathe DCP crypto driver. Th...
CVE-2025-21952
In the Linux kernel, the following vulnerability has been resolved: HID: corsair-void: Update power supply values with a unified work handler corsair_void_process_receiver can be called from an interrupt context,locking battery_mutex in it was causing a kernel panic.Fix it by moving the critical se...
CVE-2025-38037
In the Linux kernel, the following vulnerability has been resolved: vxlan: Annotate FDB data races The 'used' and 'updated' fields in the FDB entry structure can beaccessed concurrently by multiple threads, leading to reports such as[1]. Can be reproduced using [2]. Suppress these reports by annota...
CVE-2025-38058
In the Linux kernel, the following vulnerability has been resolved: __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock ... or we risk stealing final mntput from sync umount - raising mnt_countafter umount(2) has verified that victim is not busy, but before ithas set MNT_SYNC_U...
CVE-2025-38097
In the Linux kernel, the following vulnerability has been resolved: espintcp: remove encap socket caching to avoid reference leak The current scheme for caching the encap socket can lead to referenceleaks when we try to delete the netns. The reference chain is: xfrm_state -> enacp_sk -> netns...
CVE-2025-38151
In the Linux kernel, the following vulnerability has been resolved: RDMA/cma: Fix hang when cma_netevent_callback fails to queue_work The cited commit fixed a crash when cma_netevent_callback was called fora cma_id while work on that id from a previous call had not yet started.The work item was re-...
CVE-2025-38204
In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds read in add_missing_indices stbl is s8 but it must contain offsets into slot which can go from 0 to127. Added a bound check for that error and return -EIO if the check fails.Also make jfs_readdir ...
CVE-2025-38244
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential deadlock when reconnecting channels Fix cifs_signal_cifsd_for_reconnect() to take the correct lock orderand prevent the following deadlock from happening ==================================================...
CVE-2025-38282
In the Linux kernel, the following vulnerability has been resolved: kernfs: Relax constraint in draining guard The active reference lifecycle provides the break/unbreak mechanism butthe active reference is not truly active after unbreak -- callers don'tuse it afterwards but it's important for prope...
CVE-2025-38298
In the Linux kernel, the following vulnerability has been resolved: EDAC/skx_common: Fix general protection fault After loading i10nm_edac (which automatically loads skx_edac_common), ifunload only i10nm_edac, then reload it and perform error injection testing,a general protection fault may occur: ...
CVE-2025-38305
In the Linux kernel, the following vulnerability has been resolved: ptp: remove ptp->n_vclocks check logic in ptp_vclock_in_use() There is no disagreement that we should check both ptp->is_virtual_clockand ptp->n_vclocks to check if the ptp virtual clock is in use. However, when we acquire...
CVE-2025-38354
In the Linux kernel, the following vulnerability has been resolved: drm/msm/gpu: Fix crash when throttling GPU immediately during boot There is a small chance that the GPU is already hot during boot. In thatcase, the call to of_devfreq_cooling_register() will immediately try toapply devfreq cooling...
CVE-2025-38364
In the Linux kernel, the following vulnerability has been resolved: maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate() Temporarily clear the preallocation flag when explicitly requestingallocations. Pre-existing allocations are already counted against therequest through mas_node_count_gfp(...
CVE-2025-38371
In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Disable interrupts before resetting the GPU Currently, an interrupt can be triggered during a GPU reset, which canlead to GPU hangs and NULL pointer dereference in an interrupt contextas shown in the following trace: [ 314...
CVE-2025-38376
In the Linux kernel, the following vulnerability has been resolved: usb: chipidea: udc: disconnect/reconnect from host when do suspend/resume Shawn and John reported a hang issue during system suspend as below: USB gadget is enabled as Ethernet There is data transfer over USB Ethernet (scp a big fi...
CVE-2025-38399
In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() The function core_scsi3_decode_spec_i_port(), in its error code path,unconditionally calls core_scsi3_lunacl_undepend_item() passing thedest_se_deve poin...
CVE-2025-38400
In the Linux kernel, the following vulnerability has been resolved: nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. syzbot reported a warning below [1] following a fault injection innfs_fs_proc_net_init(). [0] When nfs_fs_proc_net_init() fails, /proc/net/rpc/nfs is not removed. L...
CVE-2025-38418
In the Linux kernel, the following vulnerability has been resolved: remoteproc: core: Release rproc->clean_table after rproc_attach() fails When rproc->state = RPROC_DETACHED is attached to remote processorthrough rproc_attach(), if rproc_handle_resources() returns failure,then the clean tabl...
CVE-2025-38419
In the Linux kernel, the following vulnerability has been resolved: remoteproc: core: Cleanup acquired resources when rproc_handle_resources() fails in rproc_attach() When rproc->state = RPROC_DETACHED and rproc_attach() is usedto attach to the remote processor, if rproc_handle_resources()return...
CVE-2025-38429
In the Linux kernel, the following vulnerability has been resolved: bus: mhi: ep: Update read pointer only after buffer is written Inside mhi_ep_ring_add_element, the read pointer (rd_offset) is updatedbefore the buffer is written, potentially causing race conditions wherethe host sees an updated r...
CVE-2025-38496
In the Linux kernel, the following vulnerability has been resolved: dm-bufio: fix sched in atomic context If "try_verify_in_tasklet" is set for dm-verity, DM_BUFIO_CLIENT_NO_SLEEPis enabled for dm-bufio. However, when bufio tries to evict buffers, thereis a chance to trigger scheduling in spin_lock...
CVE-2025-38499
In the Linux kernel, the following vulnerability has been resolved: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns What we want is to verify there is that clone won't expose somethinghidden by a mount we wouldn't be able to undo. "Wouldn't be able to undo"may be a ...
CVE-1999-0782
KDE kppp allows local users to create a directory in an arbitrary location via the HOME environmental variable.
CVE-1999-1441
Linux 2.0.34 does not properly prevent users from sending SIGIO signals to arbitrary processes, which allows local users to cause a denial of service by sending SIGIO to processes that do not catch it.
CVE-2005-3810
ip_conntrack_proto_icmp.c in ctnetlink in Linux kernel 2.6.14 up to 2.6.14.3 allows attackers to cause a denial of service (kernel oops) via a message without ICMP ID (ICMP_ID) information, which leads to a null dereference.