2926 matches found
CVE-2025-37853
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: debugfs hang_hws skip GPU with MES debugfs hang_hws is used by GPU reset test with HWS, for MES this crashthe kernel with NULL pointer access because dqm->packet_mgr is not setupfor MES path. Skip GPU with MES for no...
CVE-2025-37873
In the Linux kernel, the following vulnerability has been resolved: eth: bnxt: fix missing ring index trim on error path Commit under Fixes converted tx_prod to be free running but missedmasking it on the Tx error path. This crashes on error conditions,for example when DMA mapping fails.
CVE-2025-37874
In the Linux kernel, the following vulnerability has been resolved: net: ngbe: fix memory leak in ngbe_probe() error path When ngbe_sw_init() is called, memory is allocated for wx->rss_keyin wx_init_rss_key(). However, in ngbe_probe() function, the subsequenterror paths after ngbe_sw_init() don'...
CVE-2025-37878
In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix WARN_ON(!ctx) in __free_event() for partial init Move the get_ctx(child_ctx) call and the child_event->ctx assignment tooccur immediately after the child event is allocated. Ensure thatchild_event->ctx is non-N...
CVE-2022-49403
In the Linux kernel, the following vulnerability has been resolved: lib/string_helpers: fix not adding strarray to device's resource list Add allocated strarray to device's resource list. This is a must toautomatically release strarray when the device disappears. Without this fix we have a memory l...
CVE-2022-49500
In the Linux kernel, the following vulnerability has been resolved: wl1251: dynamically allocate memory used for DMA With introduction of vmap'ed stacks, stack parameters can nolonger be used for DMA and now leads to kernel panic. It happens at several places for the wl1251 (e.g. whenaccessed throu...
CVE-2022-49809
In the Linux kernel, the following vulnerability has been resolved: net/x25: Fix skb leak in x25_lapb_receive_frame() x25_lapb_receive_frame() using skb_copy() to get a private copy ofskb, the new skb should be freed in the undersized/fragmented skberror handling path. Otherwise there is a memory l...
CVE-2022-49881
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: fix memory leak in query_regdb_file() In the function query_regdb_file() the alpha2 parameter is duplicatedusing kmemdup() and subsequently freed in regdb_fw_cb(). However,request_firmware_nowait() can fail without ...
CVE-2023-52992
In the Linux kernel, the following vulnerability has been resolved: bpf: Skip task with pid=1 in send_signal_common() The following kernel panic can be triggered when a task with pid=1 attachesa prog that attempts to send killing signal to itself, also see [1] for moredetails: Kernel panic - not sy...
CVE-2023-52996
In the Linux kernel, the following vulnerability has been resolved: ipv4: prevent potential spectre v1 gadget in fib_metrics_match() if (!type)continue;if (type > RTAX_MAX)return false;...fi_val = fi->fib_metrics->metrics[type - 1]; @type being used as an array index, we need to preventcpu...
CVE-2023-53031
In the Linux kernel, the following vulnerability has been resolved: powerpc/imc-pmu: Fix use of mutex in IRQs disabled section Current imc-pmu code triggers a WARNING with CONFIG_DEBUG_ATOMIC_SLEEPand CONFIG_PROVE_LOCKING enabled, while running a thread_imc event. Command to trigger the warning: pe...
CVE-2023-53042
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Do not set DRR on pipe Commit [WHY]Writing to DRR registers such as OTG_V_TOTAL_MIN on the same frame as apipe commit can cause underflow.
CVE-2023-53046
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix race condition in hci_cmd_sync_clear There is a potential race condition in hci_cmd_sync_work andhci_cmd_sync_clear, and could lead to use-after-free. For instance,hci_cmd_sync_work is added to the 'req_workqueue' af...
CVE-2023-53084
In the Linux kernel, the following vulnerability has been resolved: drm/shmem-helper: Remove another errant put in error path drm_gem_shmem_mmap() doesn't own reference in error code path, resultingin the dma-buf shmem GEM object getting prematurely freed leading to alater use-after-free.
CVE-2023-53086
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: connac: do not check WED status for non-mmio devices WED is supported just for mmio devices, so do not check it for usb orsdio devices. This patch fixes the crash reported below: [ 21.946627] wlp0s3u1i3: authenticate wi...
CVE-2023-53095
In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Fix a NULL pointer dereference The LRU mechanism may look up a resource in the process of being removedfrom an object. The locking rules here are a bit unclear but it lookscurrently like res->bo assignment is protected ...
CVE-2024-57799
In the Linux kernel, the following vulnerability has been resolved: phy: rockchip: samsung-hdptx: Set drvdata before enabling runtime PM In some cases, rk_hdptx_phy_runtime_resume() may be invoked beforeplatform_set_drvdata() is executed in ->probe(), leading to a NULLpointer dereference when us...
CVE-2024-58084
In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: scm: Fix missing read barrier in qcom_scm_get_tzmem_pool() Commit 2e4955167ec5 ("firmware: qcom: scm: Fix __scm and waitqcompletion variable initialization") introduced a write barrier in probefunction to store glob...
CVE-2025-21840
In the Linux kernel, the following vulnerability has been resolved: thermal/netlink: Prevent userspace segmentation fault by adjusting UAPI header The intel-lpmd tool [1], which uses the THERMAL_GENL_ATTR_CPU_CAPABILITYattribute to receive HFI events from kernel space, encounters asegmentation faul...
CVE-2025-21874
In the Linux kernel, the following vulnerability has been resolved: dm-integrity: Avoid divide by zero in table status in Inline mode In Inline mode, the journal is unused, and journal_sectors is zero. Calculating the journal watermark requires dividing by journal_sectors,which should be done only ...
CVE-2025-21902
In the Linux kernel, the following vulnerability has been resolved: acpi: typec: ucsi: Introduce a ->poll_cci method For the ACPI backend of UCSI the UCSI "registers" are just a memory copyof the register values in an opregion. The ACPI implementation in theBIOS ensures that the opregion content...
CVE-2025-21929
In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: Fix use-after-free issue in hid_ishtp_cl_remove() During the rmmod operation for the intel_ishtp_hid driver, ause-after-free issue can occur in the hid_ishtp_cl_remove() function.The function hid_ishtp_cl_deinit...
CVE-2025-21946
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix out-of-bounds in parse_sec_desc() If osidoffset, gsidoffset and dacloffset could be greater than smb_ntsdstruct size. If it is smaller, It could cause slab-out-of-bounds.And when validating sid, It need to check it inclu...
CVE-2025-21949
In the Linux kernel, the following vulnerability has been resolved: LoongArch: Set hugetlb mmap base address aligned with pmd size With ltp test case "testcases/bin/hugefork02", there is a dmesg errorreport message such as: kernel BUG at mm/hugetlb.c:5550!Oops - BUG[#1]:CPU: 0 UID: 0 PID: 1517 Comm...
CVE-2025-21955
In the Linux kernel, the following vulnerability has been resolved: ksmbd: prevent connection release during oplock break notification ksmbd_work could be freed when after connection release.Increment r_count of ksmbd_conn to indicate that requestsare not finished yet and to not release the connect...
CVE-2025-21989
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix missing .is_two_pixels_per_container Starting from 6.11, AMDGPU driver, while being loaded with amdgpu.dc=1,due to lack of .is_two_pixels_per_container function in dce60_tg_funcs,causes a NULL pointer dereferen...
CVE-2025-22048
In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Don't override subprog's return value The verifier test calls: div by 0 in subprog triggers a panic at theld.bu instruction. The ld.bu insn is trying to load byte from memoryaddress returned by the subprog. The subp...
CVE-2025-22092
In the Linux kernel, the following vulnerability has been resolved: PCI: Fix NULL dereference in SR-IOV VF creation error path Clean up when virtfn setup fails to prevent NULL pointer dereferenceduring device removal. The kernel oops below occurred due to incorrecterror handling flow when pci_setup...
CVE-2025-22100
In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix race condition when gathering fdinfo group samples Commit e16635d88fa0 ("drm/panthor: add DRM fdinfo support") failed toprotect access to groups with an xarray lock, which could lead touse-after-free errors.
CVE-2025-22112
In the Linux kernel, the following vulnerability has been resolved: eth: bnxt: fix out-of-range access of vnic_info array The bnxt_queue_{start | stop}() access vnic_info as much as allocated,which indicates bp->nr_vnics.So, it should not reach bp->vnic_info[bp->nr_vnics].
CVE-2025-37763
In the Linux kernel, the following vulnerability has been resolved: drm/imagination: take paired job reference For paired jobs, have the fragment job take a reference on thegeometry job, so that the geometry job cannot be freed untilthe fragment job has finished with it. The geometry job structure ...
CVE-2025-37821
In the Linux kernel, the following vulnerability has been resolved: sched/eevdf: Fix se->slice being set to U64_MAX and resulting crash There is a code path in dequeue_entities() that can set the slice of asched_entity to U64_MAX, which sometimes results in a crash. The offending case is when de...
CVE-2025-37844
In the Linux kernel, the following vulnerability has been resolved: cifs: avoid NULL pointer dereference in dbg call cifs_server_dbg() implies server to be non-NULL somove call under condition to avoid NULL pointer dereference. Found by Linux Verification Center (linuxtesting.org) with SVACE.
CVE-2025-37852
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: handle amdgpu_cgs_create_device() errors in amd_powerplay_create() Add error handling to propagate amdgpu_cgs_create_device() failuresto the caller. When amdgpu_cgs_create_device() fails, release hwmgrand return -ENOMEM...
CVE-2022-49423
In the Linux kernel, the following vulnerability has been resolved: rtla: Avoid record NULL pointer dereference Fix the following null/deref_null.cocci errors:./tools/tracing/rtla/src/osnoise_hist.c:870:31-36: ERROR: record is NULL but dereferenced../tools/tracing/rtla/src/osnoise_top.c:650:31-36: ...
CVE-2022-49789
In the Linux kernel, the following vulnerability has been resolved: scsi: zfcp: Fix double free of FSF request when qdio send fails We used to use the wrong type of integer in 'zfcp_fsf_req_send()' to cachethe FSF request ID when sending a new FSF request. This is used in case thesending fails and ...
CVE-2022-49801
In the Linux kernel, the following vulnerability has been resolved: tracing: Fix memory leak in tracing_read_pipe() kmemleak reports this issue: unreferenced object 0xffff888105a18900 (size 128):comm "test_progs", pid 18933, jiffies 4336275356 (age 22801.766s)hex dump (first 32 bytes):25 73 00 90 8...
CVE-2022-49802
In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix null pointer dereference in ftrace_add_mod() The @ftrace_mod is allocated by kzalloc(), so both the members {prev,next}of @ftrace_mode->list are NULL, it's not a valid state to call list_del().If kstrdup() for @ftrac...
CVE-2022-49824
In the Linux kernel, the following vulnerability has been resolved: ata: libata-transport: fix error handling in ata_tlink_add() In ata_tlink_add(), the return value of transport_add_device() isnot checked. As a result, it causes null-ptr-deref while removingthe module, because transport_remove_dev...
CVE-2022-49826
In the Linux kernel, the following vulnerability has been resolved: ata: libata-transport: fix double ata_host_put() in ata_tport_add() In the error path in ata_tport_add(), when calling put_device(),ata_tport_release() is called, it will put the refcount of 'ap->host'. And then ata_host_put() i...
CVE-2022-49870
In the Linux kernel, the following vulnerability has been resolved: capabilities: fix undefined behavior in bit shift for CAP_TO_MASK Shifting signed 32-bit value by 31 bits is undefined, so changingsignificant bit to unsigned. The UBSAN warning calltrace like below: UBSAN: shift-out-of-bounds in s...
CVE-2022-49879
In the Linux kernel, the following vulnerability has been resolved: ext4: fix BUG_ON() when directory entry has invalid rec_len The rec_len field in the directory entry has to be a multiple of 4. Acorrupted filesystem image can be used to hit a BUG() inext4_rec_len_to_disk(), called from make_index...
CVE-2022-49880
In the Linux kernel, the following vulnerability has been resolved: ext4: fix warning in 'ext4_da_release_space' Syzkaller report issue as follows:EXT4-fs (loop0): Free/Dirty block detailsEXT4-fs (loop0): free_blocks=0EXT4-fs (loop0): dirty_blocks=0EXT4-fs (loop0): Block reservation detailsEXT4-fs ...
CVE-2023-53039
In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: ipc: Fix potential use-after-free in work function When a reset notify IPC message is received, the ISR schedules a workfunction and passes the ISHTP device to it via a global pointerishtp_dev. If ish_probe() fa...
CVE-2023-53043
In the Linux kernel, the following vulnerability has been resolved: arm64: dts: qcom: sc7280: Mark PCIe controller as cache coherent If the controller is not marked as cache coherent, then kernel willtry to ensure coherency during dma-ops and that may cause data corruption.So, mark the PCIe node as...
CVE-2023-53057
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Fix global-out-of-bounds To loop a variable-length array, hci_init_stage_sync(stage) considersthat stage[i] is valid as long as stage[i-1].func is valid.Thus, the last element of stage[].func should be intentionally...
CVE-2023-53091
In the Linux kernel, the following vulnerability has been resolved: ext4: update s_journal_inum if it changes after journal replay When mounting a crafted ext4 image, s_journal_inum may change after journalreplay, which is obviously unreasonable because we have successfully loadedand replayed the j...
CVE-2023-53135
In the Linux kernel, the following vulnerability has been resolved: riscv: Use READ_ONCE_NOCHECK in imprecise unwinding stack mode When CONFIG_FRAME_POINTER is unset, the stack unwinding functionwalk_stackframe randomly reads the stack and then, when KASAN is enabled,it can lead to the following ba...
CVE-2024-52559
In the Linux kernel, the following vulnerability has been resolved: drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() The "submit->cmd[i].size" and "submit->cmd[i].offset" variables are u32values that come from the user via the submit_lookup_cmds() function.This addition could l...
CVE-2024-55642
In the Linux kernel, the following vulnerability has been resolved: block: Prevent potential deadlocks in zone write plug error recovery Zone write plugging for handling writes to zones of a zoned blockdevice always execute a zone report whenever a write BIO to a zonefails. The intent of this is to...