2926 matches found
CVE-2022-49361
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check for inline inode Yanming reported a kernel bug in Bugzilla kernel [1], which can bereproduced. The bug message is: The kernel message is shown below: kernel BUG at fs/inode.c:611!Call Trace:evict+0x282/...
CVE-2022-49391
In the Linux kernel, the following vulnerability has been resolved: remoteproc: mtk_scp: Fix a potential double free 'scp->rproc' is allocated using devm_rproc_alloc(), so there is no needto free it explicitly in the remove function.
CVE-2022-49452
In the Linux kernel, the following vulnerability has been resolved: dpaa2-eth: retrieve the virtual address before dma_unmap The TSO header was DMA unmapped before the virtual address was retrievedand then used to free the buffer. This meant that we were actuallyremoving the DMA map and then trying...
CVE-2022-49528
In the Linux kernel, the following vulnerability has been resolved: media: i2c: dw9714: Disable the regulator when the driver fails to probe When the driver fails to probe, we will get the following splat: [ 59.305988] ------------[ cut here ]------------[ 59.306417] WARNING: CPU: 2 PID: 395 at dri...
CVE-2022-49554
In the Linux kernel, the following vulnerability has been resolved: zsmalloc: fix races between asynchronous zspage free and page migration The asynchronous zspage free worker tries to lock a zspage's entire pagelist without defending against page migration. Since pages which haven'tyet been locked...
CVE-2022-49755
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_fs: Prevent race during ffs_ep0_queue_wait While performing fast composition switch, there is a possibility that theprocess of ffs_ep0_write/ffs_ep0_read get into a race conditiondue to ep0req being freed up from fun...
CVE-2022-49890
In the Linux kernel, the following vulnerability has been resolved: capabilities: fix potential memleak on error path from vfs_getxattr_alloc() In cap_inode_getsecurity(), we will use vfs_getxattr_alloc() tocomplete the memory allocation of tmpbuf, if we have completedthe memory allocation of tmpbu...
CVE-2022-49909
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del() When l2cap_recv_frame() is invoked to receive data, and the cid isL2CAP_CID_A2MP, if the channel does not exist, it will create a channel.However, after a channel is created,...
CVE-2022-49921
In the Linux kernel, the following vulnerability has been resolved: net: sched: Fix use after free in red_enqueue() We can't use "skb" again after passing it to qdisc_enqueue(). This isbasically identical to commit 2f09707d0c97 ("sch_sfb: Also store skblen before calling child enqueue").
CVE-2023-52930
In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix potential bit_17 double-free A userspace with multiple threads racing I915_GEM_SET_TILING to set thetiling to I915_TILING_NONE could trigger a double free of the bit_17bitmask. (Or conversely leak memory on the transi...
CVE-2023-52985
In the Linux kernel, the following vulnerability has been resolved: arm64: dts: imx8mm-verdin: Do not power down eth-phy Currently if suspending using either freeze or memory state, the fecdriver tries to power down the phy which leads to crash of the kerneland non-responsible kernel with the follo...
CVE-2023-53032
In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function. When first_ip is 0, last_ip is 0xFFFFFFFF, and netmask is 31, the value ofan arithmetic expression 2 <
CVE-2023-53087
In the Linux kernel, the following vulnerability has been resolved: drm/i915/active: Fix misuse of non-idle barriers as fence trackers Users reported oopses on list corruptions when using i915 perf with anumber of concurrently running graphics applications. Root cause analysispointed at an issue in...
CVE-2023-53112
In the Linux kernel, the following vulnerability has been resolved: drm/i915/sseu: fix max_subslices array-index-out-of-bounds access It seems that commit bc3c5e0809ae ("drm/i915/sseu: Don't try to store EUmask internally in UAPI format") exposed a potential out-of-boundsaccess, reported by UBSAN a...
CVE-2023-53117
In the Linux kernel, the following vulnerability has been resolved: fs: prevent out-of-bounds array speculation when closing a file descriptor Google-Bug-Id: 114199369
CVE-2024-57993
In the Linux kernel, the following vulnerability has been resolved: HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check syzbot has found a type mismatch between a USB pipe and the transferendpoint, which is triggered by the hid-thrustmaster driver[1].There is a number ...
CVE-2024-58012
In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params Each cpu DAI should associate with a widget. However, the topology mightnot create the right number of DAI widgets for aggregated amps. And itwill cause NULL point...
CVE-2025-21720
In the Linux kernel, the following vulnerability has been resolved: xfrm: delete intermediate secpath entry in packet offload mode Packets handled by hardware have added secpath as a way to inform XFRMcore code that this path was already handled. That secpath is not neededat all after policy is che...
CVE-2025-21798
In the Linux kernel, the following vulnerability has been resolved: firewire: test: Fix potential null dereference in firewire kunit test kunit_kzalloc() may return a NULL pointer, dereferencing it withoutNULL check may lead to NULL dereference.Add a NULL check for test_state.
CVE-2025-21985
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix out-of-bound accesses [WHAT & HOW]hpo_stream_to_link_encoder_mapping has size MAX_HPO_DP2_ENCODERS(=4),but location can have size up to 6. As a result, it is necessary tocheck location against MAX_HPO_DP2_ENCOD...
CVE-2025-22000
In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: drop beyond-EOF folios with the right number of refs When an after-split folio is large and needs to be dropped due to EOF,folio_put_refs(folio, folio_nr_pages(folio)) should be used to drop allpage cache refs. Othe...
CVE-2025-22017
In the Linux kernel, the following vulnerability has been resolved: devlink: fix xa_alloc_cyclic() error handling In case of returning 1 from xa_alloc_cyclic() (wrapping) ERR_PTR(1) willbe returned, which will cause IS_ERR() to be false. Which can lead todereference not allocated pointer (rel). Fix...
CVE-2025-22031
In the Linux kernel, the following vulnerability has been resolved: PCI/bwctrl: Fix NULL pointer dereference on bus number exhaustion When BIOS neglects to assign bus numbers to PCI bridges, the kernelattempts to correct that during PCI device enumeration. If it runs outof bus numbers, no pci_bus i...
CVE-2025-22034
In the Linux kernel, the following vulnerability has been resolved: mm/gup: reject FOLL_SPLIT_PMD with hugetlb VMAs Patch series "mm: fixes for device-exclusive entries (hmm)", v2. Discussing the PageTail() call in make_device_exclusive_range() withWilly, I recently discovered [1] that device-exclu...
CVE-2025-22082
In the Linux kernel, the following vulnerability has been resolved: iio: backend: make sure to NULL terminate stack buffer Make sure to NULL terminate the buffer iniio_backend_debugfs_write_reg() before passing it to sscanf(). It is astack variable so we should not assume it will 0 initialized.
CVE-2025-23155
In the Linux kernel, the following vulnerability has been resolved: net: stmmac: Fix accessing freed irq affinity_hint The cpumask should not be a local variable, since its pointer is savedto irq_desc and may be accessed from procfs.To fix it, use the persistent mask cpumask_of(cpu#).
CVE-2025-23160
In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix a resource leak related to the scp device in FW initialization On Mediatek devices with a system companion processor (SCP) the mtk_scpstructure has to be removed explicitly to avoid a resource leak.Free...
CVE-2025-37784
In the Linux kernel, the following vulnerability has been resolved: net: ti: icss-iep: Fix possible NULL pointer dereference for perout request The ICSS IEP driver tracks perout and pps enable state with flags.Currently when disabling pps and perout signals during icss_iep_exit(),results in NULL po...
CVE-2025-37809
In the Linux kernel, the following vulnerability has been resolved: usb: typec: class: Fix NULL pointer access Concurrent calls to typec_partner_unlink_device can lead to a NULL pointerdereference. This patch adds a mutex to protect USB device pointers andprevent this issue. The same mutex protects...
CVE-2025-37811
In the Linux kernel, the following vulnerability has been resolved: usb: chipidea: ci_hdrc_imx: fix usbmisc handling usbmisc is an optional device property so it is totally valid for thecorresponding data->usbmisc_data to have a NULL value. Check that before dereferencing the pointer. Found by L...
CVE-2025-37812
In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: Fix deadlock when using NCM gadget The cdns3 driver has the same NCM deadlock as fixed in cdnsp by commit58f2fcb3a845 ("usb: cdnsp: Fix deadlock issue during using NCM gadget"). Under PREEMPT_RT the deadlock can be read...
CVE-2025-37834
In the Linux kernel, the following vulnerability has been resolved: mm/vmscan: don't try to reclaim hwpoison folio Syzkaller reports a bug as follows: Injecting memory failure for pfn 0x18b00e at process virtual address 0x20ffd000Memory failure: 0x18b00e: dirty swapcache page still referenced by 2 ...
CVE-2025-37871
In the Linux kernel, the following vulnerability has been resolved: nfsd: decrease sc_count directly if fail to queue dl_recall A deadlock warning occurred when invoking nfs4_put_stid following a faileddl_recall queue operation:T1 T2nfs4_laundromatnfs4_get_client_reaplistnfs4_anylock_blockers__brea...
CVE-2022-49069
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix by adding FPU protection for dcn30_internal_validate_bw [Why]Below general protection fault observed when WebGL Aquarium is run forlonger duration. If drm debug logs are enabled and set to 0x1f then theissue is...
CVE-2022-49127
In the Linux kernel, the following vulnerability has been resolved: ref_tracker: implement use-after-free detection Whenever ref_tracker_dir_init() is called, mark the struct ref_tracker_diras dead. Test the dead status from ref_tracker_alloc() and ref_tracker_free() This should detect buggy dev_pu...
CVE-2022-49360
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on total_data_blocks As Yanming reported in bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=215916 The kernel message is shown below: kernel BUG at fs/f2fs/segment.c:2560!Call Trace:allocate_segme...
CVE-2022-49425
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix dereference of stale list iterator after loop body The list iterator variable will be a bogus pointer if no break was hit.Dereferencing it (cur->page in this case) could load an out-of-bounds/undefinedvalue making it u...
CVE-2022-49692
In the Linux kernel, the following vulnerability has been resolved: net: phy: at803x: fix NULL pointer dereference on AR9331 PHY Latest kernel will explode on the PHY interrupt config, since it dependsnow on allocated priv. So, run probe to allocate priv to fix it. ar9331_switch ethernet.1:10 lan0 ...
CVE-2022-49777
In the Linux kernel, the following vulnerability has been resolved: Input: i8042 - fix leaking of platform device on module removal Avoid resetting the module-wide i8042_platform_device pointer ini8042_probe() or i8042_remove(), so that the device can be properlydestroyed by i8042_exit() on module ...
CVE-2022-49794
In the Linux kernel, the following vulnerability has been resolved: iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger() If iio_trigger_register() returns error, it should call iio_trigger_free()to give up the reference that hold in iio_trigger_alloc(), so that it cancall iio...
CVE-2022-49887
In the Linux kernel, the following vulnerability has been resolved: media: meson: vdec: fix possible refcount leak in vdec_probe() v4l2_device_unregister need to be called to put the refcount got byv4l2_device_register when vdec_probe fails or vdec_remove is called.
CVE-2022-49916
In the Linux kernel, the following vulnerability has been resolved: rose: Fix NULL pointer dereference in rose_send_frame() The syzkaller reported an issue: KASAN: null-ptr-deref in range [0x0000000000000380-0x0000000000000387]CPU: 0 PID: 4069 Comm: kworker/0:15 Not tainted 6.0.0-syzkaller-02734-g0...
CVE-2023-52940
In the Linux kernel, the following vulnerability has been resolved: mm: multi-gen LRU: fix crash during cgroup migration lru_gen_migrate_mm() assumes lru_gen_add_mm() runs prior to itself. Thisisn't true for the following scenario: CPU 1 CPU 2 clone()cgroup_can_fork()cgroup_procs_write()cgroup_post...
CVE-2023-52979
In the Linux kernel, the following vulnerability has been resolved: squashfs: harden sanity check in squashfs_read_xattr_id_table While mounting a corrupted filesystem, a signed integer '*xattr_ids' canbecome less than zero. This leads to the incorrect computation of 'len'and 'indexes' values which...
CVE-2023-52983
In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix uaf for bfqq in bic_set_bfqq() After commit 64dc8c732f5c ("block, bfq: fix possible uaf for 'bfqq->bic'"),bic->bfqq will be accessed in bic_set_bfqq(), however, in some contextbic->bfqq will be freed, and b...
CVE-2023-53029
In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix the use of GFP_KERNEL in atomic context on rt The commit 4af1b64f80fb ("octeontx2-pf: Fix lmtst ID used in aurafree") uses the get/put_cpu() to protect the usage of percpu pointerin ->aura_freeptr() callback, b...
CVE-2023-53047
In the Linux kernel, the following vulnerability has been resolved: tee: amdtee: fix race condition in amdtee_open_session There is a potential race condition in amdtee_open_session that maylead to use-after-free. For instance, in amdtee_open_session() aftersess->sess_mask is set, and before set...
CVE-2023-53062
In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc95xx: Limit packet length to skb->len Packet length retrieved from descriptor may be larger thanthe actual socket buffer length. In such case the clonedskb passed up the network stack will leak kernel memory conten...
CVE-2023-53075
In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix invalid address access in lookup_rec() when index is 0 KASAN reported follow problem: BUG: KASAN: use-after-free in lookup_recRead of size 8 at addr ffff000199270ff0 by task modprobeCPU: 2 Comm: modprobeCall trace:kasan...
CVE-2023-53103
In the Linux kernel, the following vulnerability has been resolved: bonding: restore bond's IFF_SLAVE flag if a non-eth dev enslave fails syzbot reported a warning[1] where the bond device itself is a slave andwe try to enslave a non-ethernet device as the first slave which failsbut then in the err...