Lucene search

K

4367 matches found

CVE
CVE
added 2024/06/19 2:15 p.m.89 views

CVE-2024-38586

In the Linux kernel, the following vulnerability has been resolved: r8169: Fix possible ring buffer corruption on fragmented Tx packets. An issue was found on the RTL8125b when transmitting small fragmentedpackets, whereby invalid entries were inserted into the transmit ringbuffer, subsequently lea...

6.8AI score0.00301EPSS
CVE
CVE
added 2024/07/05 7:15 a.m.89 views

CVE-2024-39475

In the Linux kernel, the following vulnerability has been resolved: fbdev: savage: Handle err return when savagefb_check_var failed The commit 04e5eac8f3ab("fbdev: savage: Error out if pixclock equals zero")checks the value of pixclock to avoid divide-by-zero error. Howeverthe function savagefb_pro...

5.5CVSS7.4AI score0.00064EPSS
CVE
CVE
added 2024/07/05 7:15 a.m.89 views

CVE-2024-39480

In the Linux kernel, the following vulnerability has been resolved: kdb: Fix buffer overflow during tab-complete Currently, when the user attempts symbol completion with the Tab key, kdbwill use strncpy() to insert the completed symbol into the command buffer.Unfortunately it passes the size of the...

7.8CVSS9AI score0.00036EPSS
CVE
CVE
added 2024/07/05 7:15 a.m.89 views

CVE-2024-39485

In the Linux kernel, the following vulnerability has been resolved: media: v4l: async: Properly re-initialise notifier entry in unregister The notifier_entry of a notifier is not re-initialised after unregisteringthe notifier. This leads to dangling pointers being left there so uselist_del_init() t...

5.5CVSS6.9AI score0.00033EPSS
CVE
CVE
added 2024/07/12 1:15 p.m.89 views

CVE-2024-40902

In the Linux kernel, the following vulnerability has been resolved: jfs: xattr: fix buffer overflow for invalid xattr When an xattr size is not what is expected, it is printed out to thekernel log in hex format as a form of debugging. But when that xattrsize is bigger than the expected size, printi...

7.8CVSS8.4AI score0.00026EPSS
CVE
CVE
added 2024/07/12 1:15 p.m.89 views

CVE-2024-41000

In the Linux kernel, the following vulnerability has been resolved: block/ioctl: prefer different overflow check Running syzkaller with the newly reintroduced signed integer overflowsanitizer shows this report: [ 62.982337] ------------[ cut here ]------------[ 62.985692] cgroup: Invalid name[ 62.9...

7.8CVSS8.4AI score0.00046EPSS
CVE
CVE
added 2024/08/21 12:15 a.m.89 views

CVE-2024-43863

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix a deadlock in dma buf fence polling Introduce a version of the fence ops that on release doesn't removethe fence from the pending list, and thus doesn't require a lock tofix poll->fence wait->fence unref deadl...

5.5CVSS6.5AI score0.00037EPSS
CVE
CVE
added 2024/09/18 8:15 a.m.89 views

CVE-2024-46761

In the Linux kernel, the following vulnerability has been resolved: pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv The hotplug driver for powerpc (pci/hotplug/pnv_php.c) causes a kernelcrash when we try to hot-unplug/disable the PCIe switch/bridge fromthe PHB. The crash occurs because alt...

5.5CVSS6.2AI score0.00066EPSS
CVE
CVE
added 2024/09/27 1:15 p.m.89 views

CVE-2024-46854

In the Linux kernel, the following vulnerability has been resolved: net: dpaa: Pad packets to ETH_ZLEN When sending packets under 60 bytes, up to three bytes of the bufferfollowing the data may be leaked. Avoid this by extending all packets toETH_ZLEN, ensuring nothing is leaked in the padding. Thi...

7.1CVSS6.8AI score0.00052EPSS
CVE
CVE
added 2024/09/27 1:15 p.m.89 views

CVE-2024-46858

In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: Fix uaf in __timer_delete_sync There are two paths to access mptcp_pm_del_add_timer, result in a racecondition: CPU1 CPU2 ==== ==== net_rx_action napi_poll netlink_sendmsg __napi_poll netlink_unicast process_backlog netl...

7CVSS7AI score0.00056EPSS
CVE
CVE
added 2024/09/27 1:15 p.m.89 views

CVE-2024-46864

In the Linux kernel, the following vulnerability has been resolved: x86/hyperv: fix kexec crash due to VP assist page corruption commit 9636be85cc5b ("x86/hyperv: Fix hyperv_pcpu_input_arg handling whenCPUs go online/offline") introduces a new cpuhp state for hypervinitialization. cpuhp_setup_state...

5.5CVSS6.8AI score0.00039EPSS
CVE
CVE
added 2024/10/21 6:15 p.m.89 views

CVE-2024-49896

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check stream before comparing them [WHAT & HOW]amdgpu_dm can pass a null stream to dc_is_stream_unchanged. It isnecessary to check for null before dereferencing them. This fixes 1 FORWARD_NULL issue reported by Cov...

5.5CVSS5.2AI score0.00033EPSS
CVE
CVE
added 2024/10/21 6:15 p.m.89 views

CVE-2024-49935

In the Linux kernel, the following vulnerability has been resolved: ACPI: PAD: fix crash in exit_round_robin() The kernel occasionally crashes in cpumask_clear_cpu(), which is calledwithin exit_round_robin(), because when executing clear_bit(nr, addr) withnr set to 0xffffffff, the address calculati...

5.5CVSS5.1AI score0.00035EPSS
CVE
CVE
added 2024/10/21 8:15 p.m.89 views

CVE-2024-50022

In the Linux kernel, the following vulnerability has been resolved: device-dax: correct pgoff align in dax_set_mapping() pgoff should be aligned using ALIGN_DOWN() instead of ALIGN(). Otherwise,vmf->address not aligned to fault_size will be aligned to the nextalignment, that can result in memory...

5.5CVSS5.3AI score0.00046EPSS
CVE
CVE
added 2024/10/21 8:15 p.m.89 views

CVE-2024-50029

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync This checks if the ACL connection remains valid as it could be destroyedwhile hci_enhanced_setup_sync is pending on cmd_sync leading to thefollowing trace: BUG: KASAN: slab-us...

7.8CVSS7.1AI score0.00046EPSS
CVE
CVE
added 2024/10/21 8:15 p.m.89 views

CVE-2024-50059

In the Linux kernel, the following vulnerability has been resolved: ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition In the switchtec_ntb_add function, it can call switchtec_ntb_init_sndevfunction, then &sndev->check_link_status_work is bound ...

7CVSS6.6AI score0.00036EPSS
CVE
CVE
added 2024/11/05 6:15 p.m.89 views

CVE-2024-50106

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix race between laundromat and free_stateid There is a race between laundromat handling of revoked delegationsand a client sending free_stateid operation. Laundromat threadfinds that delegation has expired and needs to be re...

7.8CVSS6.2AI score0.00037EPSS
CVE
CVE
added 2024/11/07 10:15 a.m.89 views

CVE-2024-50168

In the Linux kernel, the following vulnerability has been resolved: net/sun3_82586: fix potential memory leak in sun3_82586_send_packet() The sun3_82586_send_packet() returns NETDEV_TX_OK without freeing skbin case of skb->len being too long, add dev_kfree_skb() to fix it.

5.5CVSS5.2AI score0.00032EPSS
CVE
CVE
added 2024/11/09 11:15 a.m.89 views

CVE-2024-50233

In the Linux kernel, the following vulnerability has been resolved: staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg() In the ad9832_write_frequency() function, clk_get_rate() might return 0.This can lead to a division by zero when calling ad9832_calc_freqreg().The check...

5.5CVSS5.1AI score0.00058EPSS
CVE
CVE
added 2024/11/19 6:15 p.m.89 views

CVE-2024-53070

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: fix fault at system suspend if device was already runtime suspended If the device was already runtime suspended then during system suspendwe cannot access the device registers else it will crash. Also we cannot access an...

5.5CVSS5.3AI score0.00041EPSS
CVE
CVE
added 2024/11/19 6:15 p.m.89 views

CVE-2024-53072

In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd/pmc: Detect when STB is not available Loading the amd_pmc module as: amd_pmc enable_stb=1 ...can result in the following messages in the kernel ring buffer: amd_pmc AMDI0009:00: SMU cmd failed. err: 0xff ioremap on...

5.5CVSS5.4AI score0.00037EPSS
CVE
CVE
added 2024/11/19 6:15 p.m.89 views

CVE-2024-53084

In the Linux kernel, the following vulnerability has been resolved: drm/imagination: Break an object reference loop When remaining resources are being cleaned up on driver close,outstanding VM mappings may result in resources being leaked, dueto an object reference loop, as shown below, with each o...

5.5CVSS6.6AI score0.00024EPSS
CVE
CVE
added 2024/12/27 3:15 p.m.89 views

CVE-2024-56568

In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Defer probe of clients after smmu device bound Null pointer dereference occurs due to a race between smmudriver probe and client driver probe, when of_dma_configure()for client is called after the iommu_device_regis...

4.7CVSS6.5AI score0.00029EPSS
CVE
CVE
added 2024/12/27 3:15 p.m.89 views

CVE-2024-56603

In the Linux kernel, the following vulnerability has been resolved: net: af_can: do not leave a dangling sk pointer in can_create() On error can_create() frees the allocated sk object, but sock_init_data()has already attached it to the provided sock object. This will leave adangling sk pointer in t...

7.8CVSS6.5AI score0.00038EPSS
CVE
CVE
added 2024/12/27 3:15 p.m.89 views

CVE-2024-56611

In the Linux kernel, the following vulnerability has been resolved: mm/mempolicy: fix migrate_to_node() assuming there is at least one VMA in a MM We currently assume that there is at least one VMA in a MM, which isn'ttrue. So we might end up having find_vma() return NULL, to then de-referenceNULL....

5.5CVSS6.4AI score0.00023EPSS
CVE
CVE
added 2024/02/28 9:15 a.m.88 views

CVE-2020-36786

In the Linux kernel, the following vulnerability has been resolved: media: [next] staging: media: atomisp: fix memory leak of object flash In the case where the call to lm3554_platform_data_func returns anerror there is a memory leak on the error return path of objectflash. Fix this by adding an er...

5.5CVSS6.4AI score0.00035EPSS
CVE
CVE
added 2024/02/29 11:15 p.m.88 views

CVE-2021-47066

In the Linux kernel, the following vulnerability has been resolved: async_xor: increase src_offs when dropping destination page Now we support sharing one page if PAGE_SIZE is not equal stripe size. Tosupport this, it needs to support calculating xor value with differentoffsets for each r5dev. One ...

5.5CVSS6.7AI score0.00018EPSS
CVE
CVE
added 2024/05/21 3:15 p.m.88 views

CVE-2021-47311

In the Linux kernel, the following vulnerability has been resolved: net: qcom/emac: fix UAF in emac_remove adpt is netdev private data and it cannot beused after free_netdev() call. Using adpt after free_netdev()can cause UAF bug. Fix it by moving free_netdev() at the end of thefunction.

7.8CVSS6.7AI score0.00014EPSS
CVE
CVE
added 2024/05/21 3:15 p.m.88 views

CVE-2021-47412

In the Linux kernel, the following vulnerability has been resolved: block: don't call rq_qos_ops->done_bio if the bio isn't tracked rq_qos framework is only applied on request based driver, so: rq_qos_done_bio() needn't to be called for bio based driver rq_qos_done_bio() needn't to be called for...

6.5AI score0.00031EPSS
CVE
CVE
added 2024/05/24 3:15 p.m.88 views

CVE-2021-47501

In the Linux kernel, the following vulnerability has been resolved: i40e: Fix NULL pointer dereference in i40e_dbg_dump_desc When trying to dump VFs VSI RX/TX descriptorsusing debugfs there was a crashdue to NULL pointer dereference in i40e_dbg_dump_desc.Added a check to i40e_dbg_dump_desc that che...

5.5CVSS6.6AI score0.00009EPSS
CVE
CVE
added 2024/05/24 3:15 p.m.88 views

CVE-2021-47559

In the Linux kernel, the following vulnerability has been resolved: net/smc: Fix NULL pointer dereferencing in smc_vlan_by_tcpsk() Coverity reports a possible NULL dereferencing problem: in smc_vlan_by_tcpsk():6. returned_null: netdev_lower_get_next returns NULL (checked 29 out of 30 times).7. var_...

5.5CVSS6.1AI score0.00019EPSS
CVE
CVE
added 2024/06/19 3:15 p.m.88 views

CVE-2021-47576

In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() In resp_mode_select() sanity check the block descriptor len to avoid UAF. BUG: KASAN: use-after-free in resp_mode_select+0xa4c/0xb40 drivers/scsi/scsi_deb...

7.8CVSS8.2AI score0.00039EPSS
CVE
CVE
added 2024/06/20 12:15 p.m.88 views

CVE-2022-48738

In the Linux kernel, the following vulnerability has been resolved: ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() We don't currently validate that the values being set are within the rangewe advertised to userspace as being valid, do so and reject any valuesthat are out of range.

6.5AI score0.00145EPSS
CVE
CVE
added 2024/10/21 8:15 p.m.88 views

CVE-2022-49028

In the Linux kernel, the following vulnerability has been resolved: ixgbevf: Fix resource leak in ixgbevf_init_module() ixgbevf_init_module() won't destroy the workqueue created bycreate_singlethread_workqueue() when pci_register_driver() failed. Adddestroy_workqueue() in fail path to prevent the r...

5.5CVSS5.2AI score0.00068EPSS
CVE
CVE
added 2024/01/29 11:15 a.m.88 views

CVE-2023-46838

Transmit requests in Xen's virtual network protocol can consist ofmultiple parts. While not really useful, except for the initial partany of them may be of zero length, i.e. carry no data at all. Besides acertain initial portion of the to be transferred data, these parts aredirectly translated into...

7.5CVSS7.7AI score0.00092EPSS
CVE
CVE
added 2024/03/02 10:15 p.m.88 views

CVE-2023-52564

In the Linux kernel, the following vulnerability has been resolved: Revert "tty: n_gsm: fix UAF in gsm_cleanup_mux" This reverts commit 9b9c8195f3f0d74a826077fc1c01b9ee74907239. The commit above is reverted as it did not solve the original issue. gsm_cleanup_mux() tries to free up the virtual ttys ...

5.5CVSS6.2AI score0.00009EPSS
CVE
CVE
added 2024/05/17 3:15 p.m.88 views

CVE-2023-52689

In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Add missing mutex lock around get meter levels As scarlett2_meter_ctl_get() uses meter_level_map[], the data_mutexshould be locked while accessing it.

6.8AI score0.00036EPSS
CVE
CVE
added 2024/05/21 4:15 p.m.88 views

CVE-2023-52740

In the Linux kernel, the following vulnerability has been resolved: powerpc/64s/interrupt: Fix interrupt exit race with security mitigation switch The RFI and STF security mitigation options can flip theinterrupt_exit_not_reentrant static branch condition concurrently withthe interrupt exit code wh...

6.8AI score0.00187EPSS
CVE
CVE
added 2024/05/30 4:15 p.m.88 views

CVE-2024-36925

In the Linux kernel, the following vulnerability has been resolved: swiotlb: initialise restricted pool list_head when SWIOTLB_DYNAMIC=y Using restricted DMA pools (CONFIG_DMA_RESTRICTED_POOL=y) in conjunctionwith dynamic SWIOTLB (CONFIG_SWIOTLB_DYNAMIC=y) leads to the followingcrash when initialis...

5.5CVSS6.8AI score0.00021EPSS
CVE
CVE
added 2024/07/12 1:15 p.m.88 views

CVE-2024-39496

In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: fix use-after-free due to race with dev replace While loading a zone's info during creation of a block group, we can racewith a device replace operation and then trigger a use-after-free on thedevice that was just rep...

7.8CVSS8.3AI score0.00039EPSS
CVE
CVE
added 2024/07/12 1:15 p.m.88 views

CVE-2024-40956

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list Use list_for_each_entry_safe() to allow iterating through the list anddeleting the entry in the iteration process. The descriptor is freed viaidxd_desc_complete(...

7.8CVSS8.2AI score0.0005EPSS
CVE
CVE
added 2024/07/12 1:15 p.m.88 views

CVE-2024-40961

In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent possible NULL deref in fib6_nh_init() syzbot reminds us that in6_dev_get() can return NULL. fib6_nh_init()ip6_validate_gw( &idev )ip6_route_check_nh( idev )*idev = in6_dev_get(dev); // can be NULL Oops: general protec...

5.5CVSS7.3AI score0.00063EPSS
CVE
CVE
added 2024/07/29 4:15 p.m.88 views

CVE-2024-41084

In the Linux kernel, the following vulnerability has been resolved: cxl/region: Avoid null pointer dereference in region lookup cxl_dpa_to_region() looks up a region based on a memdev and DPA.It wrongly assumes an endpoint found mapping the DPA is also ofa fully assembled region. When not true it l...

5.5CVSS6.4AI score0.00039EPSS
CVE
CVE
added 2024/08/17 9:15 a.m.88 views

CVE-2024-42263

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Fix potential memory leak in the timestamp extension If fetching of userspace memory fails during the main loop, all drm syncobjs looked up until that point will be leaked because of the missingdrm_syncobj_put. Fix it by e...

5.5CVSS6.5AI score0.00047EPSS
CVE
CVE
added 2024/08/17 9:15 a.m.88 views

CVE-2024-42305

In the Linux kernel, the following vulnerability has been resolved: ext4: check dot and dotdot of dx_root before making dir indexed Syzbot reports a issue as follows: BUG: unable to handle page fault for address: ffffed11022e24fePGD 23ffee067 P4D 23ffee067 PUD 0Oops: Oops: 0000 [#1] PREEMPT SMP KAS...

6.6AI score0.00327EPSS
CVE
CVE
added 2024/09/18 7:15 a.m.88 views

CVE-2024-46731

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix the Out-of-bounds read warning using index i - 1U may beyond element indexfor mc_data[] when i = 0.

7.1CVSS6.8AI score0.00037EPSS
CVE
CVE
added 2024/09/18 8:15 a.m.88 views

CVE-2024-46750

In the Linux kernel, the following vulnerability has been resolved: PCI: Add missing bridge lock to pci_bus_lock() One of the true positives that the cfg_access_lock lockdep effortidentified is this sequence: WARNING: CPU: 14 PID: 1 at drivers/pci/pci.c:4886 pci_bridge_secondary_bus_reset+0x5d/0x70...

5.5CVSS6.2AI score0.00051EPSS
CVE
CVE
added 2024/10/21 12:15 p.m.88 views

CVE-2024-47718

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: always wait for both firmware loading attempts In 'rtw_wait_firmware_completion()', always wait for both (regular andwowlan) firmware loading attempts. Otherwise if 'rtw_usb_intf_init()'has failed in 'rtw_usb_probe()',...

7.8CVSS8.2AI score0.00045EPSS
CVE
CVE
added 2024/11/07 10:15 a.m.88 views

CVE-2024-50153

In the Linux kernel, the following vulnerability has been resolved: scsi: target: core: Fix null-ptr-deref in target_alloc_device() There is a null-ptr-deref issue reported by KASAN: BUG: KASAN: null-ptr-deref in target_alloc_device+0xbc4/0xbe0 [target_core_mod]...kasan_report+0xb9/0xf0target_alloc...

5.5CVSS5.1AI score0.00019EPSS
CVE
CVE
added 2024/11/08 6:15 a.m.88 views

CVE-2024-50182

In the Linux kernel, the following vulnerability has been resolved: secretmem: disable memfd_secret() if arch cannot set direct map Return -ENOSYS from memfd_secret() syscall if !can_set_direct_map(). Thisis the case for example on some arm64 configurations, where marking 4kPTEs in the direct map n...

5.5CVSS6.4AI score0.0003EPSS
Total number of security vulnerabilities4367