2926 matches found
CVE-2022-49865
In the Linux kernel, the following vulnerability has been resolved: ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network When copying a struct ifaddrlblmsg to the network, __ifal_reservedremained uninitialized, resulting in a 1-byte infoleak: BUG: KMSAN: kernel-network-infoleak...
CVE-2022-49868
In the Linux kernel, the following vulnerability has been resolved: phy: ralink: mt7621-pci: add sentinel to quirks table With mt7621 soc_dev_attr fixed to register the soc as a device,kernel will experience an oops in soc_device_match_attr This quirk test was introduced in the staging driver incom...
CVE-2022-49891
In the Linux kernel, the following vulnerability has been resolved: tracing: kprobe: Fix memory leak in test_gen_kprobe/kretprobe_cmd() test_gen_kprobe_cmd() only free buf in fail path, hence buf will leakwhen there is no failure. Move kfree(buf) from fail path to common pathto prevent the memleak....
CVE-2022-49900
In the Linux kernel, the following vulnerability has been resolved: i2c: piix4: Fix adapter not be removed in piix4_remove() In piix4_probe(), the piix4 adapter will be registered in: piix4_probe()piix4_add_adapters_sb800() / piix4_add_adapter()i2c_add_adapter() Based on the probed device type, pii...
CVE-2022-49919
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: release flow rule object from commit path No need to postpone this to the commit release path, since no packetsare walking over this object, this is accessed from control plane only.This helped uncovered UAF t...
CVE-2022-49929
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix mr leak in RESPST_ERR_RNR rxe_recheck_mr() will increase mr's ref_cnt, so we should call rxe_put(mr)to drop mr's ref_cnt in RESPST_ERR_RNR to avoid below warning: WARNING: CPU: 0 PID: 4156 at drivers/infiniband/sw/rxe...
CVE-2023-52941
In the Linux kernel, the following vulnerability has been resolved: can: isotp: split tx timer into transmission and timeout The timer for the transmission of isotp PDUs formerly had two functions: send two consecutive frames with a given time gap monitor the timeouts for flow control frames and th...
CVE-2023-53022
In the Linux kernel, the following vulnerability has been resolved: net: enetc: avoid deadlock in enetc_tx_onestep_tstamp() This lockdep splat says it better than I could: ================================WARNING: inconsistent lock state6.2.0-rc2-07010-ga9b9500ffaac-dirty #967 Not tainted inconsiste...
CVE-2023-53093
In the Linux kernel, the following vulnerability has been resolved: tracing: Do not let histogram values have some modifiers Histogram values can not be strings, stacktraces, graphs, symbols,syscalls, or grouped in buckets or log. Give an error if a value is set todo so. Note, the histogram code wa...
CVE-2023-53125
In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc75xx: Limit packet length to skb->len Packet length retrieved from skb data may be larger thanthe actual socket buffer length (up to 9026 bytes). In suchcase the cloned skb passed up the network stack will leakkern...
CVE-2023-53144
In the Linux kernel, the following vulnerability has been resolved: erofs: fix wrong kunmap when using LZMA on HIGHMEM platforms As the call trace shown, the root cause is kunmap incorrect pages: BUG: kernel NULL pointer dereference, address: 00000000CPU: 1 PID: 40 Comm: kworker/u5:0 Not tainted 6....
CVE-2025-21783
In the Linux kernel, the following vulnerability has been resolved: gpiolib: Fix crash on error in gpiochip_get_ngpios() The gpiochip_get_ngpios() uses chip_() macros to print messages.However these macros rely on gpiodev to be initialised and set,which is not the case when called via bgpio_init()....
CVE-2025-21797
In the Linux kernel, the following vulnerability has been resolved: HID: corsair-void: Add missing delayed work cancel for headset status The cancel_delayed_work_sync() call was missed, causing a use-after-freein corsair_void_remove().
CVE-2025-21901
In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Add sanity checks on rdev validity There is a possibility that ulp_irq_stop and ulp_irq_startcallbacks will be called when the device is in detached state.This can cause a crash due to NULL pointer dereference asthe r...
CVE-2025-23154
In the Linux kernel, the following vulnerability has been resolved: io_uring/net: fix io_req_post_cqe abuse by send bundle [ 114.987980][ T5313] WARNING: CPU: 6 PID: 5313 at io_uring/io_uring.c:872 io_req_post_cqe+0x12e/0x4f0[ 114.991597][ T5313] RIP: 0010:io_req_post_cqe+0x12e/0x4f0[ 115.001880][ ...
CVE-2025-37816
In the Linux kernel, the following vulnerability has been resolved: mei: vsc: Fix fortify-panic caused by invalid counted_by() use gcc 15 honors the __counted_by(len) attribute on vsc_tp_packet.buf[]and the vsc-tp.c code is using this in a wrong way. len does not containthe available size in the bu...
CVE-2025-37827
In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: return EIO on RAID1 block group write pointer mismatch There was a bug report about a NULL pointer dereference in__btrfs_add_free_space_zoned() that ultimately happens because aconversion from the default metadata pro...
CVE-2025-37845
In the Linux kernel, the following vulnerability has been resolved: tracing: fprobe events: Fix possible UAF on modules Commit ac91052f0ae5 ("tracing: tprobe-events: Fix leakage of modulerefcount") moved try_module_get() from __find_tracepoint_module_cb()to find_tracepoint() caller, but that introd...
CVE-2025-37856
In the Linux kernel, the following vulnerability has been resolved: btrfs: harden block_group::bg_list against list_del() races As far as I can tell, these calls of list_del_init() on bg_list cannotrun concurrently with btrfs_mark_bg_unused() or btrfs_mark_bg_to_reclaim(),as they are in transaction...
CVE-2025-37872
In the Linux kernel, the following vulnerability has been resolved: net: txgbe: fix memory leak in txgbe_probe() error path When txgbe_sw_init() is called, memory is allocated for wx->rss_keyin wx_init_rss_key(). However, in txgbe_probe() function, the subsequenterror paths after txgbe_sw_init()...
CVE-2025-37932
In the Linux kernel, the following vulnerability has been resolved: sch_htb: make htb_qlen_notify() idempotent htb_qlen_notify() always deactivates the HTB class and in fact couldtrigger a warning if it is already deactivated. Therefore, it is notidempotent and not friendly to its callers, like fq_...
CVE-2025-37944
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process Currently, ath12k_dp_mon_srng_process uses ath12k_hal_srng_src_get_next_entryto fetch the next entry from the destination ring. This is incorrect becauseath12k_hal...
CVE-2020-36790
In the Linux kernel, the following vulnerability has been resolved: nvmet: fix a memory leak We forgot to free new_model_number
CVE-2022-49743
In the Linux kernel, the following vulnerability has been resolved: ovl: Use "buf" flexible array for memcpy() destination The "buf" flexible array needs to be the memcpy() destination to avoidfalse positive run-time warning from the recent FORTIFY_SOURCEhardening: memcpy: detected field-spanning w...
CVE-2022-49767
In the Linux kernel, the following vulnerability has been resolved: 9p/trans_fd: always use O_NONBLOCK read/write syzbot is reporting hung task at p9_fd_close() [1], for p9_mux_poll_stop()from p9_conn_destroy() from p9_fd_close() is failing to interrupt alreadystarted kernel_read() from p9_fd_read(...
CVE-2022-49772
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() snd_usbmidi_output_open() has a check of the NULL port withsnd_BUG_ON(). snd_BUG_ON() was used as this shouldn't have happened,but in reality, the NULL port may be s...
CVE-2022-49780
In the Linux kernel, the following vulnerability has been resolved: scsi: target: tcm_loop: Fix possible name leak in tcm_loop_setup_hba_bus() If device_register() fails in tcm_loop_setup_hba_bus(), the name allocatedby dev_set_name() need be freed. As comment of device_register() says, itshould us...
CVE-2022-49796
In the Linux kernel, the following vulnerability has been resolved: tracing: kprobe: Fix potential null-ptr-deref on trace_array in kprobe_event_gen_test_exit() When test_gen_kprobe_cmd() failed after kprobe_event_gen_cmd_end(), itwill goto delete, which will call kprobe_event_delete() and release ...
CVE-2022-49818
In the Linux kernel, the following vulnerability has been resolved: mISDN: fix misuse of put_device() in mISDN_register_device() We should not release reference by put_device() before calling device_initialize().
CVE-2022-49869
In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix possible crash in bnxt_hwrm_set_coal() During the error recovery sequence, the rtnl_lock is not held for theentire duration and some datastructures may be freed during the sequence.Check for the BNXT_STATE_OPEN flag in...
CVE-2022-49875
In the Linux kernel, the following vulnerability has been resolved: bpftool: Fix NULL pointer dereference when pin {PROG, MAP, LINK} without FILE When using bpftool to pin {PROG, MAP, LINK} without FILE,segmentation fault will occur. The reson is that the lackof FILE will cause strlen to trigger NU...
CVE-2022-49878
In the Linux kernel, the following vulnerability has been resolved: bpf, verifier: Fix memory leak in array reallocation for stack state If an error (NULL) is returned by krealloc(), callers of realloc_array()were setting their allocation pointers to NULL, but on error krealloc()does not touch the ...
CVE-2022-49913
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix inode list leak during backref walking at find_parent_nodes() During backref walking, at find_parent_nodes(), if we are dealing with adata extent and we get an error while resolving the indirect backrefs, atresolve_indir...
CVE-2022-49917
In the Linux kernel, the following vulnerability has been resolved: ipvs: fix WARNING in ip_vs_app_net_cleanup() During the initialization of ip_vs_app_net_init(), if file ip_vs_appfails to be created, the initialization is successful by default.Therefore, the ip_vs_app file doesn't be found during...
CVE-2022-49918
In the Linux kernel, the following vulnerability has been resolved: ipvs: fix WARNING in __ip_vs_cleanup_batch() During the initialization of ip_vs_conn_net_init(), if file ip_vs_connor ip_vs_conn_sync fails to be created, the initialization is successfulby default. Therefore, the ip_vs_conn or ip_...
CVE-2023-52978
In the Linux kernel, the following vulnerability has been resolved: riscv: kprobe: Fixup kernel panic when probing an illegal position The kernel would panic when probed for an illegal position. eg: (CONFIG_RISCV_ISA_C=n) echo 'p:hello kernel_clone+0x16 a0=%a0' >> kprobe_eventsecho 1 > eve...
CVE-2023-52987
In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-mtrace: prevent underflow in sof_ipc4_priority_mask_dfs_write() The "id" comes from the user. Change the type to unsigned to preventan array underflow.
CVE-2023-53003
In the Linux kernel, the following vulnerability has been resolved: EDAC/qcom: Do not pass llcc_driv_data as edac_device_ctl_info's pvt_info The memory for llcc_driv_data is allocated by the LLCC driver. But whenit is passed as the private driver info to the EDAC core, it will get freedduring the q...
CVE-2023-53038
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read() If kzalloc() fails in lpfc_sli4_cgn_params_read(), then we rely onlpfc_read_object()'s routine to NULL check pdata. Currently, an early return error is thrown from lpfc_rea...
CVE-2023-53041
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Perform lockless command completion in abort path While adding and removing the controller, the following call trace wasobserved: WARNING: CPU: 3 PID: 623596 at kernel/dma/mapping.c:532 dma_free_attrs+0x33/0x50CPU: 3...
CVE-2023-53049
In the Linux kernel, the following vulnerability has been resolved: usb: ucsi: Fix NULL pointer deref in ucsi_connector_change() When ucsi_init() fails, ucsi->connector is NULL, yet in case ofucsi_acpi we may still get events which cause the ucs_acpi code to callucsi_connector_change(), which th...
CVE-2023-53081
In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix data corruption after failed write When buffered write fails to copy data into underlying page cache page,ocfs2_write_end_nolock() just zeroes out and dirties the page. This canleave dirty page beyond EOF and if page wri...
CVE-2023-53099
In the Linux kernel, the following vulnerability has been resolved: firmware: xilinx: don't make a sleepable memory allocation from an atomic context The following issue was discovered using lockdep:[ 6.691371] BUG: sleeping function called from invalid context at include/linux/sched/mm.h:209[ 6.69...
CVE-2023-53136
In the Linux kernel, the following vulnerability has been resolved: af_unix: fix struct pid leaks in OOB support syzbot reported struct pid leak [1]. Issue is that queue_oob() calls maybe_add_creds() which potentiallyholds a reference on a pid. But skb->destructor is not set (either directly or ...
CVE-2024-57905
In the Linux kernel, the following vulnerability has been resolved: iio: adc: ti-ads1119: fix information leak in triggered buffer The 'scan' local struct is used to push data to user space from atriggered buffer, but it has a hole between the sample (unsigned int)and the timestamp. This hole is ne...
CVE-2024-57994
In the Linux kernel, the following vulnerability has been resolved: ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple() Jakub added a lockdep_assert_no_hardirq() check in __page_pool_put_page()to increase test coverage. syzbot found a splat caused by hard irq blocking inptr_ring_re...
CVE-2024-58075
In the Linux kernel, the following vulnerability has been resolved: crypto: tegra - do not transfer req when tegra init fails The tegra_cmac_init or tegra_sha_init function may return an error whenmemory is exhausted. It should not transfer the request when they returnan error.
CVE-2025-21737
In the Linux kernel, the following vulnerability has been resolved: ceph: fix memory leak in ceph_mds_auth_match() We now free the temporary target path substring allocation on everypossible branch, instead of omitting the default branch. In somecases, a memory leak occured, which could rapidly cra...
CVE-2025-21819
In the Linux kernel, the following vulnerability has been resolved: Revert "drm/amd/display: Use HW lock mgr for PSR1" This reverts commita2b5a9956269 ("drm/amd/display: Use HW lock mgr for PSR1") Because it may cause system hang while connect with two edp panel.
CVE-2025-21842
In the Linux kernel, the following vulnerability has been resolved: amdkfd: properly free gang_ctx_bo when failed to init user queue The destructor of a gtt bo is declared asvoid amdgpu_amdkfd_free_gtt_mem(struct amdgpu_device *adev, void mem_obj);Which takes void as the second parameter. GCC allow...