10983 matches found
CVE-2024-36004
In the Linux kernel, the following vulnerability has been resolved: i40e: Do not use WQ_MEM_RECLAIM flag for workqueue Issue reported by customer during SRIOV testing, call trace:When both i40e and the i40iw driver are loaded, a warningin check_flush_dependency is being triggered. This seemsto be b...
CVE-2024-26615
In the Linux kernel, the following vulnerability has been resolved: net/smc: fix illegal rmb_desc access in SMC-D connection dump A crash was found when dumping SMC-D connections. It can be reproducedby following steps: run nginx/wrk test:smc_run nginxsmc_run wrk -t 16 -c 1000 -d -H 'Connection: C...
CVE-2023-52498
In the Linux kernel, the following vulnerability has been resolved: PM: sleep: Fix possible deadlocks in core system-wide PM code It is reported that in low-memory situations the system-wide resume corecode deadlocks, because async_schedule_dev() executes its argumentfunction synchronously if it ca...
CVE-2024-35900
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: reject new basechain after table flag update When dormant flag is toggled, hooks are disabled in the commit phase byiterating over current chains in table (existing and new). The following configuration allows...
CVE-2024-26611
In the Linux kernel, the following vulnerability has been resolved: xsk: fix usage of multi-buffer BPF helpers for ZC XDP Currently when packet is shrunk via bpf_xdp_adjust_tail() and memorytype is set to MEM_TYPE_XSK_BUFF_POOL, null ptr dereference happens: [1136314.192256] BUG: kernel NULL pointe...
CVE-2024-35842
In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: sof-common: Add NULL check for normal_link string It's not granted that all entries of struct sof_conn_stream declarea normal_link (a non-SOF, direct link) string, and this is the casefor SoCs that support only SOF ...
CVE-2024-26617
In the Linux kernel, the following vulnerability has been resolved: fs/proc/task_mmu: move mmu notification mechanism inside mm lock Move mmu notification mechanism inside mm lock to prevent race conditionin other components which depend on it. The notifier will invalidatememory range. Depending up...
CVE-2024-35844
In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix reserve_cblocks counting error when out of space When a file only needs one direct_node, performing the followingoperations will cause the file to be unrepairable: unisoc # ./f2fs_io compress test.apkunisoc #df ...
CVE-2024-27398
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout When the sco connection is established and then, the sco socketis releasing, timeout_work will be scheduled to judge whetherthe sco disconnection is timeout. The sock wi...
CVE-2023-52482
In the Linux kernel, the following vulnerability has been resolved: x86/srso: Add SRSO mitigation for Hygon processors Add mitigation for the speculative return stack overflow vulnerabilitywhich exists on Hygon processors too.
CVE-2024-26616
In the Linux kernel, the following vulnerability has been resolved: btrfs: scrub: avoid use-after-free when chunk length is not 64K aligned [BUG]There is a bug report that, on a ext4-converted btrfs, scrub leads tovarious problems, including: "unable to find chunk map" errorsBTRFS info (device vdb)...
CVE-2023-52493
In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: Drop chan lock before queuing buffers Ensure read and write locks for the channel are not taken in succession bydropping the read lock from parse_xfer_event() such that a callback givento client can potentially queu...
CVE-2024-27401
In the Linux kernel, the following vulnerability has been resolved: firewire: nosy: ensure user_length is taken into account when fetching packet contents Ensure that packet_buffer_get respects the user_length provided. Ifthe length of the head packet exceeds the user_length, packet_buffer_getwill ...
CVE-2023-52491
In the Linux kernel, the following vulnerability has been resolved: media: mtk-jpeg: Fix use after free bug due to error path handling in mtk_jpeg_dec_device_run In mtk_jpeg_probe, &jpeg->job_timeout_work is bound withmtk_jpeg_job_timeout_work. In mtk_jpeg_dec_device_run, if error happens inmtk_...
CVE-2023-52487
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix peer flow lists handling The cited change refactored mlx5e_tc_del_fdb_peer_flow() to only clear DUPflag when list of peer flows has become empty. However, if any concurrentuser holds a reference to a peer flow (for e...
CVE-2021-46979
In the Linux kernel, the following vulnerability has been resolved: iio: core: fix ioctl handlers removal Currently ioctl handlers are removed twice. For the first time duringiio_device_unregister() then later on insideiio_device_unregister_eventset() and iio_buffers_free_sysfs_and_mask().Double fr...
CVE-2024-41090
In the Linux kernel, the following vulnerability has been resolved: tap: add missing verification for short frame The cited commit missed to check against the validity of the frame lengthin the tap_get_user_xdp() path, which could cause a corrupted skb to besent downstack. Even before the skb is tr...
CVE-2024-27399
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout There is a race condition between l2cap_chan_timeout() andl2cap_chan_del(). When we use l2cap_chan_del() to delete thechannel, the chan->conn will be set to null. But th...
CVE-2024-39508
In the Linux kernel, the following vulnerability has been resolved: io_uring/io-wq: Use set_bit() and test_bit() at worker->flags Utilize set_bit() and test_bit() on worker->flags within io_uring/io-wqto address potential data races. The structure io_worker->flags may be accessed through v...
CVE-2021-46963
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand() RIP: 0010:kmem_cache_free+0xfa/0x1b0 Call Trace: qla2xxx_mqueuecommand+0x2b5/0x2c0 [qla2xxx] scsi_queue_rq+0x5e2/0xa40 __blk_mq_try_issue_directly+0x128/0x1d0 blk_mq_request_issue...
CVE-2024-26939
In the Linux kernel, the following vulnerability has been resolved: drm/i915/vma: Fix UAF on destroy against retire race Object debugging tools were sporadically reporting illegal attempts tofree a still active i915 VMA object when parking a GT believed to be idle. [161.359441] ODEBUG: free active ...
CVE-2021-46960
In the Linux kernel, the following vulnerability has been resolved: cifs: Return correct error code from smb2_get_enc_key Avoid a warning if the error percolates back up: [440700.376476] CIFS VFS: \otters.example.com crypt_message: Could not get encryption key[440700.386947] ------------[ cut here ...
CVE-2024-26817
In the Linux kernel, the following vulnerability has been resolved: amdkfd: use calloc instead of kzalloc to avoid integer overflow This uses calloc instead of doing the multiplication which mightoverflow.
CVE-2021-46961
In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3: Do not enable irqs when handling spurious interrups We triggered the following error while running our 4.19 kernelwith the pseudo-NMI patches backported to it: [ 14.816231] ------------[ cut here ]------------[ 14.8...
CVE-2021-46990
In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: Fix crashes when toggling entry flush barrier The entry flush mitigation can be enabled/disabled at runtime via adebugfs file (entry_flush), which causes the kernel to patch itself toenable/disable the relevant mitigat...
CVE-2021-46962
In the Linux kernel, the following vulnerability has been resolved: mmc: uniphier-sd: Fix a resource leak in the remove function A 'tmio_mmc_host_free()' call is missing in the remove function, in orderto balance a 'tmio_mmc_host_alloc()' call in the probe.This is done in the error handling path of...
CVE-2021-46955
In the Linux kernel, the following vulnerability has been resolved: openvswitch: fix stack OOB read while fragmenting IPv4 packets running openvswitch on kernels built with KASAN, it's possible to see thefollowing splat while testing fragmentation of IPv4 packets: BUG: KASAN: stack-out-of-bounds in...
CVE-2021-46966
In the Linux kernel, the following vulnerability has been resolved: ACPI: custom_method: fix potential use-after-free issue In cm_write(), buf is always freed when reaching the end of thefunction. If the requested count is less than table.length, theallocated buffer will be freed but subsequent cal...
CVE-2021-46967
In the Linux kernel, the following vulnerability has been resolved: vhost-vdpa: fix vm_flags for virtqueue doorbell mapping The virtqueue doorbell is usually implemented via registeres but wedon't provide the necessary vma->flags like VM_PFNMAP. This may causeseveral issues e.g when userspace tr...
CVE-2024-41091
In the Linux kernel, the following vulnerability has been resolved: tun: add missing verification for short frame The cited commit missed to check against the validity of the frame lengthin the tun_xdp_one() path, which could cause a corrupted skb to be sentdownstack. Even before the skb is transmi...
CVE-2023-52644
In the Linux kernel, the following vulnerability has been resolved: wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled When QoS is disabled, the queue priority value will not map to the correctieee80211 queue since there is only one queue. Stop/wake queue 0 when QoSis disabled t...
CVE-2023-52433
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction New elements in this transaction might expired before such transactionends. Skip sync GC for such elements otherwise commit path might walkover an already...
CVE-2023-52587
In the Linux kernel, the following vulnerability has been resolved: IB/ipoib: Fix mcast list locking Releasing the priv->lock while iterating the priv->multicast_list inipoib_mcast_join_task() opens a window for ipoib_mcast_dev_flush() toremove the items while in the middle of iteration. If t...
CVE-2021-46956
In the Linux kernel, the following vulnerability has been resolved: virtiofs: fix memory leak in virtio_fs_probe() When accidentally passing twice the same tag to qemu, kmemleak ended upreporting a memory leak in virtiofs. Also, looking at the log I saw thefollowing error (that's when I realised th...
CVE-2024-26861
In the Linux kernel, the following vulnerability has been resolved: wireguard: receive: annotate data-race around receiving_counter.counter Syzkaller with KCSAN identified a data-race issue when accessingkeypair->receiving_counter.counter. Use READ_ONCE() and WRITE_ONCE()annotations to mark the ...
CVE-2024-26816
In the Linux kernel, the following vulnerability has been resolved: x86, relocs: Ignore relocations in .notes section When building with CONFIG_XEN_PV=y, .text symbols are emitted intothe .notes section so that Xen can find the "startup_xen" entry point.This information is used prior to booting the...
CVE-2024-26809
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: release elements in clone only from destroy path Clone already always provides a current view of the lookup table, use itto destroy the set, otherwise it is possible to destroy elements twice. This fix re...
CVE-2021-47013
In the Linux kernel, the following vulnerability has been resolved: net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send In emac_mac_tx_buf_send, it calls emac_tx_fill_tpd(..,skb,..).If some error happens in emac_tx_fill_tpd(), the skb will be freed viadev_kfree_skb(skb) in error branch ...
CVE-2021-47068
In the Linux kernel, the following vulnerability has been resolved: net/nfc: fix use-after-free llcp_sock_bind/connect Commits 8a4cd82d ("nfc: fix refcount leak in llcp_sock_connect()")and c33b1cc62 ("nfc: fix refcount leak in llcp_sock_bind()")fixed a refcount leak bug in bind/connect but introduc...
CVE-2021-47017
In the Linux kernel, the following vulnerability has been resolved: ath10k: Fix a use after free in ath10k_htc_send_bundle In ath10k_htc_send_bundle, the bundle_skb could be freed bydev_kfree_skb_any(bundle_skb). But the bundle_skb is used laterby bundle_skb->len. As skb_len = bundle_skb->len...
CVE-2021-47005
In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Fix NULL pointer dereference for ->get_features() get_features ops of pci_epc_ops may return NULL, causing NULL pointerdereference in pci_epf_test_alloc_space function. Let us add a check forpci_epc_feature pointe...
CVE-2020-36787
In the Linux kernel, the following vulnerability has been resolved: media: aspeed: fix clock handling logic Video engine uses eclk and vclk for its clock sources and its resetcontrol is coupled with eclk so the current clock enabling sequence workslike below. Enable eclkDe-assert Video Engine reset...
CVE-2021-47009
In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Fix memory leak on object td Two error return paths are neglecting to free allocated object td,causing a memory leak. Fix this by returning via the error returnpath that securely kfree's td. Fixes clang scan-build wa...
CVE-2021-47022
In the Linux kernel, the following vulnerability has been resolved: mt76: mt7615: fix memleak when mt7615_unregister_device() mt7615_tx_token_put() should get call before mt76_free_pending_txwi().
CVE-2021-47042
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Free local data after use Fixes the following memory leak in dc_link_construct(): unreferenced object 0xffffa03e81471400 (size 1024):comm "amd_module_load", pid 2486, jiffies 4294946026 (age 10.544s)hex dump (first...
CVE-2024-26957
In the Linux kernel, the following vulnerability has been resolved: s390/zcrypt: fix reference counting on zcrypt card objects Tests with hot-plugging crytpo cards on KVM guests with debugkernel build revealed an use after free for the load field ofthe struct zcrypt_card. The reason was an incorrec...
CVE-2021-47003
In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix potential null dereference on pointer status There are calls to idxd_cmd_exec that pass a null status pointer howevera recent commit has added an assignment to *status that can end upwith a null pointer derefer...
CVE-2023-52583
In the Linux kernel, the following vulnerability has been resolved: ceph: fix deadlock or deadcode of misusing dget() The lock order is incorrect between denty and its parent, we shouldalways make sure that the parent get the lock first. But since this deadcode is never used and the parent dir will...
CVE-2021-46987
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock when cloning inline extents and using qgroups There are a few exceptional cases where cloning an inline extent needs tocopy the inline extent data into a page of the destination inode. When this happens, we end ...
CVE-2021-47030
In the Linux kernel, the following vulnerability has been resolved: mt76: mt7615: fix memory leak in mt7615_coredump_work Similar to the issue fixed in mt7921_coredump_work, fix a possible memoryleak in mt7615_coredump_work routine.