2926 matches found
CVE-2024-57984
In the Linux kernel, the following vulnerability has been resolved: i3c: dw: Fix use-after-free in dw_i3c_master driver due to race condition In dw_i3c_common_probe, &master->hj_work is bound withdw_i3c_hj_work. And dw_i3c_master_irq_handler can calldw_i3c_master_irq_handle_ibis function to star...
CVE-2022-49847
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ti: am65-cpsw: Fix segmentation fault at module unload Move am65_cpsw_nuss_phylink_cleanup() call to afteram65_cpsw_nuss_cleanup_ndev() so phylink is still validto prevent the below Segmentation fault on module remov...
CVE-2022-49858
In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix SQE threshold checking Current way of checking available SQE count which is based onHW updated SQB count could result in driver submitting an SQEeven before CQE for the previously transmitted SQE at the sameindex ...
CVE-2022-49876
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix general-protection-fault in ieee80211_subif_start_xmit() When device is running and the interface status is changed, the gpf issueis triggered. The problem triggering process is as follows:Thread A: Thread Bieee...
CVE-2022-49898
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix tree mod log mishandling of reallocated nodes We have been seeing the following panic in production kernel BUG at fs/btrfs/tree-mod-log.c:677!invalid opcode: 0000 [#1] SMPRIP: 0010:tree_mod_log_rewind+0x1b4/0x200RSP: 000...
CVE-2022-49905
In the Linux kernel, the following vulnerability has been resolved: net/smc: Fix possible leaked pernet namespace in smc_init() In smc_init(), register_pernet_subsys(&smc_net_stat_ops) is calledwithout any error handling.If it fails, registering of &smc_net_ops won't be reverted.And if smc_nl_init(...
CVE-2023-52986
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Check for any of tcp_bpf_prots when cloning a listener A listening socket linked to a sockmap has its sk_prot overridden. Itpoints to one of the struct proto variants in tcp_bpf_prots. The variantdepends on the socket...
CVE-2023-53053
In the Linux kernel, the following vulnerability has been resolved: erspan: do not use skb_mac_header() in ndo_start_xmit() Drivers should not assume skb_mac_header(skb) == skb->data in theirndo_start_xmit(). Use skb_network_offset() and skb_transport_offset() whichbetter describe what is needed...
CVE-2023-53054
In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: fix a devres leak in hw_enable upon suspend resume Each time the platform goes to low power, PM suspend / resume routinescall: __dwc2_lowlevel_hw_enable -> devm_add_action_or_reset().This adds a new devres each time.T...
CVE-2023-53092
In the Linux kernel, the following vulnerability has been resolved: interconnect: exynos: fix node leak in probe PM QoS error path Make sure to add the newly allocated interconnect node to the providerbefore adding the PM QoS request so that the node is freed on errors.
CVE-2023-53116
In the Linux kernel, the following vulnerability has been resolved: nvmet: avoid potential UAF in nvmet_req_complete() An nvme target ->queue_response() operation implementation may free therequest passed as argument. Such implementation potentially could resultin a use after free of the request...
CVE-2023-53127
In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix expander node leak in mpi3mr_remove() Add a missing resource clean up in .remove.
CVE-2024-57852
In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: scm: smc: Handle missing SCM device Commit ca61d6836e6f ("firmware: qcom: scm: fix a NULL-pointerdereference") makes it explicit that qcom_scm_get_tzmem_pool() canreturn NULL, therefore its users should handle this.
CVE-2024-58059
In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Fix deadlock during uvc_probe If uvc_probe() fails, it can end up calling uvc_status_unregister() beforeuvc_status_init() is called. Fix this by checking if dev->status is NULL or not inuvc_status_unregister().
CVE-2024-58062
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: avoid NULL pointer dereference When iterating over the links of a vif, we need to make sure that thepointer is valid (in other words - that the link exists) beforedereferncing it.Use for_each_vif_active_link tha...
CVE-2025-21769
In the Linux kernel, the following vulnerability has been resolved: ptp: vmclock: Add .owner to vmclock_miscdev_fops Without the .owner field, the module can be unloaded while /dev/vmclock0is open, leading to an oops.
CVE-2025-21958
In the Linux kernel, the following vulnerability has been resolved: Revert "openvswitch: switch to per-action label counting in conntrack" Currently, ovs_ct_set_labels() is only called for confirmed conntrackentries (ct) within ovs_ct_commit(). However, if the conntrack entrydoes not have the label...
CVE-2025-21974
In the Linux kernel, the following vulnerability has been resolved: eth: bnxt: return fail if interface is down in bnxt_queue_mem_alloc() The bnxt_queue_mem_alloc() is called to allocate new queue memory whena queue is restarted.It internally accesses rx buffer descriptor corresponding to the index...
CVE-2025-37846
In the Linux kernel, the following vulnerability has been resolved: arm64: mops: Do not dereference src reg for a set operation The source register is not used for SET* and reading it can result ina UBSAN out-of-bounds array access error, specifically when the MOPSexception is taken from a SET* seq...
CVE-2025-37926
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbd_session_rpc_open A UAF issue can occur due to a race condition betweenksmbd_session_rpc_open() and __session_rpc_close().Add rpc_lock to the session to protect it.
CVE-2022-49773
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix optc2_configure warning on dcn314 [Why]dcn314 uses optc2_configure_crc() that wrapsoptc1_configure_crc() + set additional registersnot applicable to dcn314.It's not critical but when used leads to warning like:...
CVE-2022-49781
In the Linux kernel, the following vulnerability has been resolved: perf/x86/amd: Fix crash due to race between amd_pmu_enable_all, perf NMI and throttling amd_pmu_enable_all() does: if (!test_bit(idx, cpuc->active_mask)) continue; amd_pmu_enable_event(cpuc->events[idx]); A perf NMI of anothe...
CVE-2022-49857
In the Linux kernel, the following vulnerability has been resolved: net: marvell: prestera: fix memory leak in prestera_rxtx_switch_init() When prestera_sdma_switch_init() failed, the memory pointed to bysw->rxtx isn't released. Fix it. Only be compiled, not be tested.
CVE-2022-49867
In the Linux kernel, the following vulnerability has been resolved: net: wwan: iosm: fix memory leak in ipc_wwan_dellink IOSM driver registers network device without setting theneeds_free_netdev flag, and does NOT call free_netdev() whenunregisters network device, which causes a memory leak. This p...
CVE-2022-49896
In the Linux kernel, the following vulnerability has been resolved: cxl/pmem: Fix cxl_pmem_region and cxl_memdev leak When a cxl_nvdimm object goes through a ->remove() event (devicephysically removed, nvdimm-bridge disabled, or nvdimm device disabled),then any associated regions must also be di...
CVE-2022-49899
In the Linux kernel, the following vulnerability has been resolved: fscrypt: stop using keyrings subsystem for fscrypt_master_key The approach of fs/crypto/ internally managing the fscrypt_master_keystructs as the payloads of "struct key" objects contained in a"struct key" keyring has outlived its ...
CVE-2023-52929
In the Linux kernel, the following vulnerability has been resolved: nvmem: core: fix cleanup after dev_set_name() If dev_set_name() fails, we leak nvmem->wp_gpio as the cleanup does notput this. While a minimal fix for this would be to add the gpiod_put()call, we can do better if we split device...
CVE-2023-52995
In the Linux kernel, the following vulnerability has been resolved: riscv/kprobe: Fix instruction simulation of JALR Set kprobe at 'jalr 1140(ra)' of vfs_write results in the followingcrash: [ 32.092235] Unable to handle kernel access to user memory without uaccess routines at virtual address 00aaa...
CVE-2023-53048
In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: fix warning when handle discover_identity message Since both source and sink device can send discover_identity message inPD3, kernel may dump below warning: ------------[ cut here ]------------WARNING: CPU: 0 PID:...
CVE-2023-53069
In the Linux kernel, the following vulnerability has been resolved: octeontx2-vf: Add missing free for alloc_percpu Add the free_percpu for the allocated "vf->hw.lmt_info" in order to avoidmemory leak, same as the "pf->hw.lmt_info" indrivers/net/ethernet/marvell/octeontx2/nic/otx2_pf.c.
CVE-2023-53080
In the Linux kernel, the following vulnerability has been resolved: xsk: Add missing overflow check in xdp_umem_reg The number of chunks can overflow u32. Make sure to return -EINVAL onoverflow. Also remove a redundant u32 cast assigning umem->npgs.
CVE-2023-53109
In the Linux kernel, the following vulnerability has been resolved: net: tunnels: annotate lockless accesses to dev->needed_headroom IP tunnels can apparently update dev->needed_headroomin their xmit path. This patch takes care of three tunnels xmit, and also thecore LL_RESERVED_SPACE() and L...
CVE-2024-57975
In the Linux kernel, the following vulnerability has been resolved: btrfs: do proper folio cleanup when run_delalloc_nocow() failed [BUG]With CONFIG_DEBUG_VM set, test case generic/476 has some chance to crashwith the following VM_BUG_ON_FOLIO(): BTRFS error (device dm-3): cow_file_range failed, st...
CVE-2024-57988
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btbcm: Fix NULL deref in btbcm_get_board_name() devm_kstrdup() can return a NULL pointer on failure,but thisreturned value in btbcm_get_board_name() is not checked.Add NULL check in btbcm_get_board_name(), to handle kern...
CVE-2024-58066
In the Linux kernel, the following vulnerability has been resolved: clk: mmp: pxa1908-apbcp: Fix a NULL vs IS_ERR() check The devm_kzalloc() function doesn't return error pointers, it returnsNULL on error. Update the check to match.
CVE-2024-58073
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: check dpu_plane_atomic_print_state() for valid sspp Similar to the r_pipe sspp protect, add a check to protectthe pipe state prints to avoid NULL ptr dereference for cases whenthe state is dumped without a correspondin...
CVE-2025-21896
In the Linux kernel, the following vulnerability has been resolved: fuse: revert back to __readahead_folio() for readahead In commit 3eab9d7bc2f4 ("fuse: convert readahead to use folios"), thelogic was converted to using the new folio readahead code, which dropsthe reference on the folio once it is...
CVE-2025-21921
In the Linux kernel, the following vulnerability has been resolved: net: ethtool: netlink: Allow NULL nlattrs when getting a phy_device ethnl_req_get_phydev() is used to lookup a phy_device, in the case anethtool netlink command targets a specific phydev within a netdev'stopology. It takes as a par...
CVE-2025-37848
In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix PM related deadlocks in MS IOCTLs Prevent runtime resume/suspend while MS IOCTLs are in progress.Failed suspend will call ivpu_ms_cleanup() that would try to acquirefile_priv->ms_lock, which is already held by th...
CVE-2025-37863
In the Linux kernel, the following vulnerability has been resolved: ovl: don't allow datadir only In theory overlayfs could support upper layer directly referring to a datalayer, but there's no current use case for this. Originally, when data-only layers were introduced, this wasn't allowed,only in...
CVE-2025-37968
In the Linux kernel, the following vulnerability has been resolved: iio: light: opt3001: fix deadlock due to concurrent flag access The threaded IRQ function in this driver is reading the flag twice: once tolock a mutex and once to unlock it. Even though the code setting the flagis designed to prev...
CVE-2022-49744
In the Linux kernel, the following vulnerability has been resolved: mm/uffd: fix pte marker when fork() without fork event Patch series "mm: Fixes on pte markers". Patch 1 resolves the syzkiller report from Pengfei. Patch 2 further harden pte markers when used with the recent swapin errormarkers. T...
CVE-2022-49745
In the Linux kernel, the following vulnerability has been resolved: fpga: m10bmc-sec: Fix probe rollback Handle probe error rollbacks properly to avoid leaks.
CVE-2022-49760
In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix PTE marker handling in hugetlb_change_protection() Patch series "mm/hugetlb: uffd-wp fixes for hugetlb_change_protection()". Playing with virtio-mem and background snapshots (using uffd-wp) onhugetlb in QEMU, I mana...
CVE-2022-49762
In the Linux kernel, the following vulnerability has been resolved: ntfs: check overflow when iterating ATTR_RECORDs Kernel iterates over ATTR_RECORDs in mft record in ntfs_attr_find().Because the ATTR_RECORDs are next to each other, kernel can get the nextATTR_RECORD from end address of current AT...
CVE-2022-49765
In the Linux kernel, the following vulnerability has been resolved: net/9p: use a dedicated spinlock for trans_fd Shamelessly copying the explanation from Tetsuo Handa's suggestedpatch[1] (slightly reworded):syzbot is reporting inconsistent lock state in p9_req_put()[2],for p9_tag_remove() from p9_...
CVE-2022-49784
In the Linux kernel, the following vulnerability has been resolved: perf/x86/amd/uncore: Fix memory leak for events array When a CPU comes online, the per-CPU NB and LLC uncore contexts arefreed but not the events array within the context structure. Thiscauses a memory leak as identified by the kme...
CVE-2022-49808
In the Linux kernel, the following vulnerability has been resolved: net: dsa: don't leak tagger-owned storage on switch driver unbind In the initial commit dc452a471dba ("net: dsa: introduce tagger-ownedstorage for private and shared data"), we had a call totag_ops->disconnect(dst) issued from d...
CVE-2022-49814
In the Linux kernel, the following vulnerability has been resolved: kcm: close race conditions on sk_receive_queue sk->sk_receive_queue is protected by skb queue lock, but for KCMsockets its RX path takes mux->rx_lock to protect more than justskb queue. However, kcm_recvmsg() still only grabs...
CVE-2022-49854
In the Linux kernel, the following vulnerability has been resolved: mctp: Fix an error handling path in mctp_init() If mctp_neigh_init() return error, the routes resources shouldbe released in the error handling path. Otherwise some resourcesleak.