2926 matches found
CVE-2025-23143
In the Linux kernel, the following vulnerability has been resolved: net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod. When I ran the repro 0 and waited a few seconds, I observed twoLOCKDEP splats: a warning immediately followed by a null-ptr-deref. 1 Reproduction Steps: Mount CI...
CVE-2025-37762
In the Linux kernel, the following vulnerability has been resolved: drm/virtio: Fix missed dmabuf unpinning in error path of prepare_fb() Correct error handling in prepare_fb() to fix leaking resources whenerror happens.
CVE-2025-37779
In the Linux kernel, the following vulnerability has been resolved: lib/iov_iter: fix to increase non slab folio refcount When testing EROFS file-backed mount over v9fs on qemu, I encountered afolio UAF issue. The page sanity check reports the following call trace.The root cause is that pages in bv...
CVE-2025-37783
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Fix error pointers in dpu_plane_virtual_atomic_check The function dpu_plane_virtual_atomic_check was dereferencing pointersreturned by drm_atomic_get_plane_state without checking for errors. Thiscould lead to undefined...
CVE-2025-37813
In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Fix invalid pointer dereference in Etron workaround This check is performed before prepare_transfer() and prepare_ring(), soenqueue can already point at the final link TRB of a segment. And indeedit will, some 0.4% of ti...
CVE-2025-37847
In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix deadlock in ivpu_ms_cleanup() Fix deadlock in ivpu_ms_cleanup() by preventing runtime resume afterfile_priv->ms_lock is acquired. During a failure in runtime resume, a cold boot is executed, whichcalls ivpu_ms_cl...
CVE-2025-37869
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Use local fence in error path of xe_migrate_clear The intent of the error path in xe_migrate_clear is to wait on locallygenerated fence and then return. The code is waiting on m->fence whichcould be the local fence but t...
CVE-2021-47668
In the Linux kernel, the following vulnerability has been resolved: can: dev: can_restart: fix use after free bug After calling netif_rx_ni(skb), dereferencing skb is unsafe.Especially, the can_frame cf which aliases skb memory is accessedafter the netif_rx_ni() in:stats->rx_bytes += cf->len;...
CVE-2022-49770
In the Linux kernel, the following vulnerability has been resolved: ceph: avoid putting the realm twice when decoding snaps fails When decoding the snaps fails it maybe leaving the 'first_realm'and 'realm' pointing to the same snaprealm memory. And then it'llput it twice and could cause random use-...
CVE-2022-49790
In the Linux kernel, the following vulnerability has been resolved: Input: iforce - invert valid length check when fetching device IDs syzbot is reporting uninitialized value at iforce_init_device() [1], forcommit 6ac0aec6b0a6 ("Input: iforce - allow callers supply data bufferwhen fetching device I...
CVE-2022-49807
In the Linux kernel, the following vulnerability has been resolved: nvmet: fix a memory leak in nvmet_auth_set_key When changing dhchap secrets we need to release the oldsecrets as well. kmemleak complaint: unreferenced object 0xffff8c7f44ed8180 (size 64):comm "check", pid 7304, jiffies 4295686133 ...
CVE-2022-49810
In the Linux kernel, the following vulnerability has been resolved: netfs: Fix missing xas_retry() calls in xarray iteration netfslib has a number of places in which it performs iteration of an xarraywhilst being under the RCU read lock. It should call xas_retry() as thefirst thing inside of the lo...
CVE-2022-49813
In the Linux kernel, the following vulnerability has been resolved: net: ena: Fix error handling in ena_init() The ena_init() won't destroy workqueue created bycreate_singlethread_workqueue() when pci_register_driver() failed.Call destroy_workqueue() when pci_register_driver() failed to prevent the...
CVE-2022-49832
In the Linux kernel, the following vulnerability has been resolved: pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map Here is the BUG report by KASAN about null pointer dereference: BUG: KASAN: null-ptr-deref in strcmp+0x2e/0x50Read of size 1 at addr 0000000000000000 by task ...
CVE-2022-49844
In the Linux kernel, the following vulnerability has been resolved: can: dev: fix skb drop check In commit a6d190f8c767 ("can: skb: drop tx skb if in listen onlymode") the priv->ctrlmode element is read even on virtual CANinterfaces that do not create the struct can_priv at startup. Thisout-of-b...
CVE-2022-49863
In the Linux kernel, the following vulnerability has been resolved: can: af_can: fix NULL pointer dereference in can_rx_register() It causes NULL pointer dereference when testing as following:(a) use syscall(__NR_socket, 0x10ul, 3ul, 0) to create netlink socket.(b) use syscall(__NR_sendmsg, ...) to...
CVE-2022-49873
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix wrong reg type conversion in release_reference() Some helper functions will allocate memory. To avoid memory leaks, theverifier requires the eBPF program to release these memories by callingthe corresponding helper functio...
CVE-2022-49914
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix inode list leak during backref walking at resolve_indirect_refs() During backref walking, at resolve_indirect_refs(), if we get an errorwe jump to the 'out' label and call ulist_free() on the 'parents' ulist,which frees ...
CVE-2023-52928
In the Linux kernel, the following vulnerability has been resolved: bpf: Skip invalid kfunc call in backtrack_insn The verifier skips invalid kfunc call in check_kfunc_call(), whichwould be captured in fixup_kfunc_call() if such insn is not eliminatedby dead code elimination. However, this can lead...
CVE-2023-53044
In the Linux kernel, the following vulnerability has been resolved: dm stats: check for and propagate alloc_percpu failure Check alloc_precpu()'s return value and return an error fromdm_stats_init() if it fails. Update alloc_dev() to fail ifdm_stats_init() does. Otherwise, a NULL pointer dereferenc...
CVE-2023-53097
In the Linux kernel, the following vulnerability has been resolved: powerpc/iommu: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it,otherwise the memory will leak over time. To make things simpler, justcall debugfs_lookup_and_remove(...
CVE-2023-53133
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix an infinite loop error when len is 0 in tcp_bpf_recvmsg_parser() When the buffer length of the recvmsg system call is 0, we got theflollowing soft lockup problem: watchdog: BUG: soft lockup - CPU#3 stuck for 27s! ...
CVE-2023-53143
In the Linux kernel, the following vulnerability has been resolved: ext4: fix another off-by-one fsmap error on 1k block filesystems Apparently syzbot figured out that issuing this FSMAP call: struct fsmap_head cmd = {.fmh_count = ...;.fmh_keys = {{ .fmr_device = /* ext4 dev /, .fmr_physical = 0, }...
CVE-2024-41149
In the Linux kernel, the following vulnerability has been resolved: block: avoid to reuse hctx not removed from cpuhp callback list If the 'hctx' isn't removed from cpuhp callback list, we can't reuse it,otherwise use-after-free may be triggered.
CVE-2024-57878
In the Linux kernel, the following vulnerability has been resolved: arm64: ptrace: fix partial SETREGSET for NT_ARM_FPMR Currently fpmr_set() doesn't initialize the temporary 'fpmr' variable,and a SETREGSET call with a length of zero will leave thisuninitialized. Consequently an arbitrary value wil...
CVE-2024-57919
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix divide error in DM plane scale calcs dm_get_plane_scale doesn't take into account plane scaled size equal tozero, leading to a kernel oops due to division by zero. Fix by settingout-scale size as zero when the ...
CVE-2024-58018
In the Linux kernel, the following vulnerability has been resolved: nvkm: correctly calculate the available space of the GSP cmdq buffer r535_gsp_cmdq_push() waits for the available page in the GSP cmdqbuffer when handling a large RPC request. When it sees at least oneavailable page in the cmdq, it...
CVE-2024-58089
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix double accounting race when btrfs_run_delalloc_range() failed [BUG]When running btrfs with block size (4K) smaller than page size (64K,aarch64), there is a very high chance to crash the kernel atgeneric/750, with the fol...
CVE-2025-21841
In the Linux kernel, the following vulnerability has been resolved: cpufreq/amd-pstate: Fix cpufreq_policy ref counting amd_pstate_update_limits() takes a cpufreq_policy reference but doesn'tdecrement the refcount in one of the exit paths, fix that.
CVE-2025-21879
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free on inode when scanning root during em shrinking At btrfs_scan_root() we are accessing the inode's root (and fs_info) in acall to btrfs_fs_closing() after we have scheduled the inode for a delayediput, and ...
CVE-2025-21933
In the Linux kernel, the following vulnerability has been resolved: arm: pgtable: fix NULL pointer dereference issue When update_mmu_cache_range() is called by update_mmu_cache(), the vmfparameter is NULL, which will cause a NULL pointer dereference issue inadjust_pte(): Unable to handle kernel NUL...
CVE-2025-37760
In the Linux kernel, the following vulnerability has been resolved: mm/vma: add give_up_on_oom option on modify/merge, use in uffd release Currently, if a VMA merge fails due to an OOM condition arising on commitmerge or a failure to duplicate anon_vma's, we report this so the callercan handle it. ...
CVE-2025-37825
In the Linux kernel, the following vulnerability has been resolved: nvmet: fix out-of-bounds access in nvmet_enable_port When trying to enable a port that has no transport configured yet,nvmet_enable_port() uses NVMF_TRTYPE_MAX (255) to query the transportsarray, causing an out-of-bounds access: [ ...
CVE-2025-37842
In the Linux kernel, the following vulnerability has been resolved: spi: fsl-qspi: use devm function instead of driver remove Driver use devm APIs to manage clk/irq/resources and register the spicontroller, but the legacy remove function will be called first duringdevice detach and trigger kernel p...
CVE-2025-37877
In the Linux kernel, the following vulnerability has been resolved: iommu: Clear iommu-dma ops on cleanup If iommu_device_register() encounters an error, it can end up tearingdown already-configured groups and default domains, however thiscurrently still leaves devices hooked up to iommu-dma (and e...
CVE-2025-37888
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix null-ptr-deref in mlx5_create_{inner_,}ttc_table() Add NULL check for mlx5_get_flow_namespace() returns inmlx5_create_inner_ttc_table() and mlx5_create_ttc_table() to preventNULL pointer dereference.
CVE-2025-37892
In the Linux kernel, the following vulnerability has been resolved: mtd: inftlcore: Add error check for inftl_read_oob() In INFTL_findwriteunit(), the return value of inftl_read_oob()need to be checked. A proper implementation can befound in INFTL_deleteblock(). The status will be set asSECTOR_IGNO...
CVE-2025-37967
In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: displayport: Fix deadlock This patch introduces the ucsi_con_mutex_lock / ucsi_con_mutex_unlockfunctions to the UCSI driver. ucsi_con_mutex_lock ensures the connectormutex is only locked if a connection is establi...
CVE-2025-38002
In the Linux kernel, the following vulnerability has been resolved: io_uring/fdinfo: grab ctx->uring_lock around io_uring_show_fdinfo() Not everything requires locking in there, which is why the 'has_lock'variable exists. But enough does that it's a bit unwieldy to manage.Wrap the whole thing in...
CVE-2022-49757
In the Linux kernel, the following vulnerability has been resolved: EDAC/highbank: Fix memory leak in highbank_mc_probe() When devres_open_group() fails, it returns -ENOMEM without freeing memoryallocated by edac_mc_alloc(). Call edac_mc_free() on the error handling path to avoid a memory leak. [ b...
CVE-2022-49771
In the Linux kernel, the following vulnerability has been resolved: dm ioctl: fix misbehavior if list_versions races with module loading __list_versions will first estimate the required space using the"dm_target_iterate(list_version_get_needed, &needed)" call and then willfill the space using the "...
CVE-2022-49779
In the Linux kernel, the following vulnerability has been resolved: kprobes: Skip clearing aggrprobe's post_handler in kprobe-on-ftrace case In __unregister_kprobe_top(), if the currently unregistered probe haspost_handler but other child probes of the aggrprobe do not havepost_handler, the post_ha...
CVE-2022-49799
In the Linux kernel, the following vulnerability has been resolved: tracing: Fix wild-memory-access in register_synth_event() In register_synth_event(), if set_synth_event_print_fmt() failed, thenboth trace_remove_event_call() and unregister_trace_event() will becalled, which means the trace_event_...
CVE-2022-49822
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix connections leak when tlink setup failed If the tlink setup failed, lost to put the connections, thenthe module refcnt leak since the cifsd kthread not exit. Also leak the fscache info, and for next mount with fsc, it wil...
CVE-2022-49823
In the Linux kernel, the following vulnerability has been resolved: ata: libata-transport: fix error handling in ata_tdev_add() In ata_tdev_add(), the return value of transport_add_device() isnot checked. As a result, it causes null-ptr-deref while removingthe module, because transport_remove_devic...
CVE-2022-49829
In the Linux kernel, the following vulnerability has been resolved: drm/scheduler: fix fence ref counting We leaked dependency fences when processes were beeing killed. Additional to that grab a reference to the last scheduled fence.
CVE-2022-49830
In the Linux kernel, the following vulnerability has been resolved: drm/drv: Fix potential memory leak in drm_dev_init() drm_dev_init() will add drm_dev_init_release() as a callback. Whendrmm_add_action() failed, the release function won't be added. As theresult, the ref cnt added by device_get() i...
CVE-2022-49836
In the Linux kernel, the following vulnerability has been resolved: siox: fix possible memory leak in siox_device_add() If device_register() returns error in siox_device_add(),the name allocated by dev_set_name() need be freed. Ascomment of device_register() says, it should use put_device()to give ...
CVE-2022-49841
In the Linux kernel, the following vulnerability has been resolved: serial: imx: Add missing .thaw_noirq hook The following warning is seen with non-console UART instance whensystem hibernates. [ 37.371969] ------------[ cut here ]------------[ 37.376599] uart3_root_clk already disabled[ 37.380810]...
CVE-2022-49845
In the Linux kernel, the following vulnerability has been resolved: can: j1939: j1939_send_one(): fix missing CAN header initialization The read access to struct canxl_frame::len inside of a j1939 createdskbuff revealed a missing initialization of reserved and later filledelements in struct can_fra...